Saturday, May 27. 2006
The WSUS team made a boo-boo it seems, and the recent release of SQL 2005 SP1 to WSUS ignored language filters.
You can read about it here:
http://blogs.technet.com/wsus/archive/2006/05/25/430136.aspx
Friday, May 26. 2006
Basically the subject line says it all. If you want working AV today, go grab this free copy.
https://www.my-etrust.com/SubscriptCenter/MSTrialRegistration.aspx?cid=1855&lang=en-US
Tuesday, May 23. 2006
This is a handy utility that will patch your XP box from SP2 all the way up to the May 2006 security updates plus a little bit more, if you want. I typically carry a copy around with me wherever I go to avoid updating machines all day long by downloading everything from Windows Update. With one EXE, you can be up to date.
http://www.neowin.net/forum/index.php?showforum=89
Monday, May 22. 2006
Transportable shadow copies previously were reserved for the Enterprise and Datacenter editions, but with this update, even the Web edition can take advantage of them.
This update also seems to fix a lot of other issues people have been seeing with paged pool exhaustion and VSS.
KB 913648
Excellent time saver, and fairly unknown still in the Windows world. Use this tool to migrate old 'hard-coded' server resources to a new consolidated DFS root.
http://www.microsoft.com/downloads/details.aspx?FamilyID=d00e3eae-930a-42b0-b595-66f462f5d87b&DisplayLang=en
Only 3 gotchas that I have run into from time to time is that you have to be running W2K3 Enterprise Edition to support the DFS consolidated roots and the server that is running the consolidated roots cannot be a domain controller. If you are running W2K3 RTM, you will need to download a DFS related fix (KB 829885). If you are running SP1, you are all set.
This goes along with the %0 trick I mentioned previously but if you are still using DOS style scripts for logons, whether to support older clients, or to keep an old setup around for historical purposes, make sure to call out the executable with a complete pathname and/or at least the correct extension.
This might seem like a really minor point but everytime the OS has extra "work" over a starved connection, performance will stall due to directory lookups and such.
So, instead of calling:
notepad newfile.txt
Use:
%windir%\notepad.exe newfile.txt
A side effect of stating 'notepad.exe' instead of 'notepad' is that the command prompt won't go looking for notepad.bat, notepad.com, or notepad.cmd, across the wire.
This makes a difference because any file extension mentioned in %PATHEXT% is cycled through until it finds a match.
This also helps in the case where a virus hijacks 'notepad.bat' somewhere in the path and you end up not running the intended executable. It is a bit of a security 'fixup' if you want to think of it that way.
Some might view this as overkill but when you are stuck logging into a domain over a cell phone data connection, you will thank me later. Ideally, you would want to convert your scripts to a VBScript or a PowerShell script, but that isn't always possible or feasible.
Many times I've seen logon scripts that will directly reference a certain domain controller's SYSVOL or NETLOGON share when running an executable or script that resides in the 'scripts' folder of the SYSVOL.
This defeats the purpose of having geographically located domain controllers if everyone is going to be pointing to a certain server everytime.
For instance if you have a DC in New York and a DC in London, but all your scripts refer to \\wsvr-dc-ny\netlogon\con2prt.exe, you will have a lot of traffic (theoretically) going over the wire to and from New York everytime someone logs in, in London.
So, as an example, if you are still using DOS style scripts, you would want to change:
\\wsvr-dc-ny\netlogon\con2prt.exe /c \\wsvr-ps-london\fax
to something that looks like:
%0\..\con2prt.exe /c \\wsvr-ps-london\fax
Why? It will use the logon server in London, if someone logged in, in London, assuming the system determines that it should use the London server as the logon server. You can always doublecheck by checking the %LOGONSERVER% environment variable.
Most people don't know about the "%0\..\" trick, so that is why I'm writing about this.
It also removes hardcoded server names in your scripts, which I try to do whenever I can, since it makes migrating to different naming schemes and other admin activities a lot easier.
This will basically work with any Windows OS that has the 'systeminfo' command.
systeminfo | find "Up Time"
You can think of 'find' much like 'grep' under Unix.
It will return something that looks like "System Up Time: 4 Days, 1 Hours, 53 Minutes, 36 Seconds"
If you are on an older OS, you can always do "net statistics workstation" and look for the second line which will say something like "Statistics since 5/18/2006 11:17 AM"
It won't be accurate 100% of the time, such as in the case where you have restarted the workstation service, but 9 times out of 10, it will be correct.
Saturday, May 20. 2006
Want to help the Vista team make sure that the Media Center Extender experience on the Xbox 360 is great?
You have an Xbox 360 connected to the Internet?
You have a PC capable of running Vista Ultimate or Home Premium?
You are over the age of 18?
You reside in the US?
If all of those are a "Yes",
Sign up here:
https://mscuillume.smdisp.net/Collector/Survey.ashx?Name=MCE_beta_recruit01
Originally spotted here: http://www.majornelson.com/archive/2006/05/19/Sign-up-for-the-Media-Center-Extender-for-Vista-Beta.aspx
Monday, May 15. 2006
Since I'm on a DFS/RPC kick this morning, this link is very handy to have if you are having problems with DFS replication. The hotfix I linked to earlier this morning has been known to fix a few 'silent' DFS failures, so if you are relying on DFS for your business, I think you should install that fix ASAP to be on the safe side.
http://www.microsoft.com/windowsserver2003/technologies/storage/dfs/hotfixes.mspx
RPCRT4.DLL seems to have a bug that will make it crash under the right conditions. Some places will never see an error, other places will have crashes all day long. Either way, it is worth patching to avoid this error before you see it firsthand.
http://support.microsoft.com/kb/908521
If you are seeing problems, and this patch fixes it, please let me know. I'm personally trying to figure out what exactly triggers this error.
Thursday, May 11. 2006
Ever since Windows Update v6 has gone live, I've seen a lot of systems that had Windows Updates turned off due to one simple fact. I complained about it during the beta but it was too late in the process to get it changed and I don't think it really was on the radar of the developers anyway. The annoying 'Updating your computer is almost complete. You must restart your computer for the updates to take effect." reminder that pops up constantly until you reboot. True, you can set the delay timer in the GPO but the upper bound on the setting is too low for my tastes.
I agree it is important for people to reboot to get the updates fully installed, but if it comes down to people disabling it due to how annoying it is, I think there should be a toggle for it. Today, I patched a Windows XP SP1 machine due to this problem. It had 76 updates waiting for it, including SP2.
You can short circuit the reminder by turning off the Automatic Updates service after you apply updates, but that is a bit of a hassle. A lot of times you have to wait until afterhours to reboot a machine you just updated.
Tuesday, May 9. 2006
Well this is unfortunate. Adaptec basically says "Tough luck!"
The link to their KB article:
http://adaptec-tic.adaptec.com/cgi-bin/adaptec_tic.cfg/php/enduser/std_adp.php?p_faqid=14212
Potential workaround (untested): Setup a Windows server that maps the Snap share, and then share out that resource from the Windows Server and point all your Terminal Server network shares to that machine. I'm surprised Adaptec doesn't mention something like that, but it seems like it would work. I may just find out in the next few weeks at a client site.
Monday, May 8. 2006
Some programs unfortunately rely on this piece of software and I don't believe that MS can distribute it anymore, but here is a good source for the last versions of the JVM before development was halted. I'd advise not installing it unless you have a non-functional application. I'm sure there are security issues with it that are unknown.
http://www.mvps.org/marksxp/WindowsXP/java.php
Tuesday, May 2. 2006
We have a programmer that was having a lot of problems with his XP machine that started around the time that the April patches came out. It acted much like XP acts when it has the April updates along with either a bad nVidia driver or bad HP package. We ended up swapping hard drives so he could keep working and I set aside some time to dig into what was going wrong.
Long story short, a month or so ago, he installed OpenLDAP on the machine and had it setup to start as a service. I'm not sure how or why the system would boot up correctly previously and maybe the April patches changed the order in which various pieces of the OS came online. Either way, when you would try to log in to the machine, you would be stuck for an hour or 2 at 'Applying user settings..."
After it times out, many services failed to start up and OpenLDAP was hung in 'Starting'.
I understand why now - OpenLDAP had stolen the default LDAP ports and effectively killed any useful Active Directory activity. Disable OpenLDAP in safe mode, and the system is happy as a clam.
|