Wordpress: Quickcode Plugin Update

Filed under: Quick Code — Written by Chrissy on Wednesday, December 13th, 2006 @ 9:47 pm

I made a decently big change tonight to Quickcode so if you use the plugin, you may want to download the updated version.

The change, adding "overflow-x:scroll;" to the CSS file (in two places), stopped IE from hiding the last line of anything that was placed within the quickcode tag. I don't use IE so I didn't notice it would chop off the last line until enough people complained that their code would say "Expected End". After loading up the site in IE, i realized why. Ooops oops (there's some hair in your teeth.)

RA: Pass Workstation and Username Parameters to Offer Remote Assistance

Filed under: Quick Code, Security — Written by Chrissy on Wednesday, December 13th, 2006 @ 12:21 pm

For those of you who successfully use the shortcut for Offer Remote Assistance (ORA), you've probably wanted to automate it just a little more with parameters at some point or another. You may have even come across EdmSaleBoy's Usenet Post titled "Programatically Offer Remote Assistance." I did a few times but it didn't do exactly what I wanted to. Though I appreciated EdmSaleBoy's code extraction skills, I didn't find the solution of overwriting UnsolicitedCUI.htm to be very elegant so I spent some hours looking into alternatives.

ORA is a bit of a programming pain because it requires client-side Javascript and it's picky about what it will and will not let you do. I wanted to find a way to call ORA from a webpage and wondered how I would pass some variables to the script. The command line was not cooperating with me so I thought that perhaps I could hack together something with javascript and Microsoft.XMLHTTP but ORA denied me access. After some hackery, I discovered the joys of objSAFClassFactory.ExtraArgument.

Using objSAFClassFactory.ExtraArgument, I was able to dynamically pass the workstation name and username (note: the username MUST be in the domain\username format or it won't work.) So now I present to you the following code, which you can save as cmdOfferRemoteAdmin.htm under the directory %windir%\pchealth\helpctr\System\.

cmdOfferRemoteAdmin.htm

<html XMLNS:helpcenter>
<head>
<!--
Copyright (c) 2000 Microsoft Corporation
-->
<helpcenter:context id=idCtx />
<title>Remote Assistance</title>
<!-- The SAF class factory object -->
<object classid=CLSID:FC7D9E02-3F9E-11d3-93C0-00C04F72DAF7 height=0 id=objSAFClassFactory width=0></object>
<script LANGUAGE="Javascript">
function onContinue()
{
var g_szWorkstation = null;
var g_szUsername = null;
var c_WorkstationTag = "WORKSTATION=";
var c_UsernameTag = "&USERNAME=";
 
var szArgs = objSAFClassFactory.ExtraArgument;
 
var i = szArgs.indexOf(c_WorkstationTag);
var j = szArgs.indexOf(c_UsernameTag);
g_szWorkstation = szArgs.slice(i+c_WorkstationTag.length, j);
g_szUsername = szArgs.slice(j+c_UsernameTag.length);
 
var i = g_szUsername.indexOf("");
g_szDomainName = g_szUsername.slice(0, i);
g_szUserName = g_szUsername.slice(i+1);
g_szSessionId = -1;
 
g_oSAFRemoteDesktopConnection = objSAFClassFactory.CreateObject_RemoteDesktopConnection();
g_oSAFRemoteConnectionData = g_oSAFRemoteDesktopConnection.ConnectRemoteDesktop(g_szWorkstation);
 
objInc = objSAFClassFactory.CreateObject_Incident();
objInc.RCTicketEncrypted = false;
objInc.RcTicket = g_oSAFRemoteConnectionData.ConnectionParms( g_szWorkstation, g_szUserName, g_szDomainName, -1, "");
var objDict = objInc.Misc;
var d = new Date();
objDict.add("DtStart", Math.round(Date.parse(d)/1000));
objDict.add("DtLength", "60");
objDict.add("Status", "Active");
objDict.add("URA", 1);
objFSO = new ActiveXObject("Scripting.FileSystemObject");
tempDir = objFSO.GetSpecialFolder( 2 );
szIncidentFile = tempDir + "\UnsolicitedRA" + objFSO.GetTempName();
objInc.GetXML(szIncidentFile);
var oShell = new ActiveXObject("WScript.Shell");
var szRAURL = 'C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe -Mode "hcp://system/Remote Assistance/raura.xml" -url "hcp://system/Remote Assistance/Interaction/Client/RcToolscreen1.htm"' + ' -ExtraArgument "IncidentFile=' + szIncidentFile + '"';
oShell.Run( szRAURL, 1, true );
objFSO.DeleteFile( szIncidentFile );
objSAFClassFactory.close();
return;
}
</script>
</head>
<body onload="onContinue();">
</body>
</html>

Once you saved the file in the proper location, you can call it by going to

%windir%\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe -url hcp://system/cmdOfferRemoteAdmin.htm -ExtraArgument "WORKSTATION=winxpsp2&USERNAME=testlab\chrissy"

The downside to this code is that there's little to no error handling. If just a blank "Windows Help" page appears, you've done something wrong. Make sure the computer you are attempting to connect to is pingable and that the username is in the correct format (domain\user). Also, make sure you can get the regular Offer Remote Assistance to work before calling this more advanced technique. If you are having trouble with ORA, this posting may provide some help.

Remote Assistance: Fixing Offer Remote Assistance

Filed under: Tech Stuff — Written by Chrissy on Wednesday, December 13th, 2006 @ 11:13 am

I'm researching Offer Remote Assistance currently and dang, we had about 54 things to fix before we got the process going. First, we had to take all sorts of steps to enable "Offer Remote Assistance" in Group Policy. Then, we had several SID related issues which created the following events in Event Viewer:

EventID: 2: A XML parsing error for ... occurred when attempting to process a remote assistance ticket.

We fixed that by changing the SID of the machine but soon ran into another issue:

EventID: 5251: The HelpAssistant account is disabled or missing, or the password could not be verified. Remote Assistance will be disabled. Restart the computer in safe mode and type the following text at the command prompt: sessmgr.exe -service.

This was addressed by running that as a startup script in Group Policy instead of running it in Safe Mode. Start -> Run -> gpedit.msc -> Local -> Computer Configuration -> Windows Settings -> Scripts -> Startup

That totally fixed the 5251 error after a reboot BUT then we ran into another error. When we'd attempt to Offer Remote Assistance, there would be a partial login then the following pop-up would appear: Logon Message: You do not have access to logon to this session. In addition, the following error would be generated in the event log:

EventID: 5270: A remote assistance ticket has been created with duration: 0.08hrs for user

This was extremely time consuming to fix as there was no solution to this anywhere on the Internet. There were incredible attempts on usenet as seen here, but none of the solutions worked. So I loaded up the registry for a machine that successfully accepted Remote Assistance offers and a machine that didn't. I noticed a peculiar entry on the machine that didn't seem right:
HKLM\SYSTEM\CurrentControl Set\Control\Terminal Server\fInHelpMode was set to 1 even though the machine was not "in help mode" because it was broken. I deleted the key, restarted the machine and after months of trying, successfully offered remote assistance. This fix worked on all machines which encountered the "You do not have access to logon to this session" error. If you're searching for a fix on Google, I hope this works for you too!

VBScript: Kerberos, Delegation, IIS and User Authentication

Filed under: Active Directory, IIS, Quick Code, VBScript — Written by Chrissy on Wednesday, December 13th, 2006 @ 9:30 am

Recently, I wanted to write a web-based front end to AD User Management for our help desk. The way that I set it up apparently broke some Kerberos delegation rules and even though Microsoft wrote a step-by-step guide on how to get IIS and Kerberos delegation going, the solution didn't work for me. If I turned off Anonymous access and authenticated as myself against a remote webserver (local webserver totally worked), I would get the error 0x80040E37 - Table Does Not Exist. The table does exist, of course, I just don't have the rights to see it. Well, I do but not in the "double hop" manner that I'm attempting it. Kerberos sees that IIS != me.. IIS is only pretending to be me and it doesn't approve.

After a few days of tinkering, this is the solution I decided on. I set the ASP page in IIS to Anonymous Access but ran that access as a user with the privleges to make changes to user accounts. This can be dangerous in more than one way -- if a lesser-privleged user were to somehow have the ability to edit that page, he or she could use it to run any script under the power of that user. So I ensured that unauthorized users were not able to access that file. But now how can I detect who's running that page? Request.servervariables("REMOTE_USER") would be useless since the page is running as that privleged user. I considered what client variables I did have access to and realized that request.servervariables("REMOTE_HOST") would be the handiest. I figured that, using WMI and the IP address, it would be possible to figure out what user is actively logged into the client machine. Sure enough...

Function getLoggedInUser(ipaddr)
  Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!"& ipaddr & "\root\cimv2")
  Set colSessions = objWMIService.ExecQuery("Select * from Win32_LogonSession Where LogonType = 2 OR LogonType = 10" )
 
  For Each objSession in colSessions
   Set colList = objWMIService.ExecQuery("Associators of {Win32_LogonSession.LogonId=" & objSession.LogonId & "} Where AssocClass=Win32_LoggedOnUser Role=Dependent")
    For Each objItem in colList
    getLoggedInUser = lcase(objItem.Name)
    Next
  Next
End Function

This script, which was derived from a tek-tips.com post, worked flawlessly! FWIT, LoginType 2 is console and 10 is remote desktop.

WSUS: Force Registration of Clients That Are Not Showing Up

Filed under: Quick Code — Written by Chrissy on Wednesday, December 13th, 2006 @ 9:18 am

I setup a WSUS server in a test lab and the results of client machines registering themselves with the WSUS server were flaky; especially if they weren't on the same domain as the WSUS server. One of my cloned machines was having trouble until I changed the SID with NewSID from Microsoft. The others didn't appear to have any duplicate SID problems but having them appear in the WSUS administration webpage was still a challenge.

Looking around the web, I found a variety of suggestions to fix the problem; most of them involved changing the registry. Here's a compiled list of those changes:

net stop wuauserv
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v LastWaitTimeout /f
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v DetectionStartTime /f
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v NextDetectionTime /f
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v AUState /f
net start wuauserv

That looked very promising, but it didn't solve my problem. I was so frustrated until I found this command: wuauclt /resetauthorization /detectnow. Running that on the clients that failed to show up in WSUS worked every single time and it even worked on computers that weren't on the same domain as the WSUS server. Awesome.

VBScript: Output Snippet

Filed under: Quick Code, VBScript — Written by Chrissy on Wednesday, December 13th, 2006 @ 8:52 am

This function can be found on Microsoft.com somewhere. I remember once finding some nslookup function where the author wrote the output of nslookup to a file on the hard drive, parsed it then forgot to delete it. I used that script and after a few years, I found that directory full of thousands of text files. Anyway, using StdOut.ReadAll would have been much more efficient. Here's a snippet I've used over and over:

Function PingHost(strComputer)
  Set objShell = CreateObject("WScript.Shell")
  Set objExec = objShell.Exec("ping -n 2 -w 1000 " & strComputer)
  strPingResults = LCase(objExec.StdOut.ReadAll)
    If InStr(strPingResults, "reply from") Then
      PingHost = True
    Else
      PingHost = False
    End If
  Set objExec = Nothing
  Set objShell = Nothing
End Function

For the record, a better way to find out if a machine is pingable is by using WMI and the machine's fully qualified domain name (if you use the netbios name, there is a delay if the host doesn't exist..but DNS reports back immediately)

Set objWMIService = GetObject("winmgmts:\.\root\cimv2")
strComputer =  "myServer.myDomain.net"
Set colItems = objWMIService.ExecQuery("Select * from Win32_PingStatus Where Address = '" & strComputer & "'")
          For Each objItem in colItems
              If objItem.StatusCode = 0 Then 'The Computer is Pingable
              msgbox "Woot"
              End if
         Next
Set objWMIService = Nothing

Javascript: Sample Code

Filed under: General — Written by Chrissy on Tuesday, December 12th, 2006 @ 10:42 pm

I won't lie, anytime I need Javascript stuff done, I run to my best friend & fellow programmer, Brandon. We worked on this tonight.. it's some client side javascript ajaxish action. I'll be using it for some Remote Assistance stuff I'm doing. I'm putting it here mainly for my future reference on syntax and stuff as I'm a total noob on Javascript fundamentals.

Quick Code

<html>
<head>
<script TYPE="text/javascript" LANGUAGE="JavaScript">
function grabVars(whichOne)
{
    if (whichOne=='workstation')
    var url = "http://roux/workstation.htm";
    else
    var url = "http://localhost/server.html";
    //multiple lines would go between brackets
    //or you can change up the technique and do
    //var url = "http://roux/grabvars.asp?mode=" + whichOne;
    //but I wanted to throw in an if/else statement there
 
    var xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
    xmlhttp.open("GET", url, 0);
    xmlhttp.send();
    return(xmlhttp.responseText);
    var xmlhttp = null;
}
 
function printThis()
{
  document.open();
  document.write(grabVars('workstation'));
  document.close();
}
</script>
</head>
<body onLoad=printThis();></body>
</html>

One thing...if you attempt to use this code and you try to load up an URL on the Internet (ie. a fully qualified domain name) instead of a local server, you'll receive the error: msxml3.dll error '80070005' Access Denied. There's probably a fix but I'm only calling local servers so it's okay in my case.

Also, I did initially get an IE pop-up that asked me to approve Blocked Content so when I put this out on the Intranet, I'll have to ask for a GPO modification that enables "Allow active content to run in files on My Computer" (usually found in IE -> Tools -> Advanced Settings). Setting IE parameters in GPO, FYI, is set at Start -> Run -> gpedit.msc -> User Config -> Windows Settings -> Internet Explorer Maintenance -> Security -> Security Zones and Content Rating -> Import Current Settings.

MSTSC: Microsoft Terminal Services Client 6.0 Now Available for Download

Filed under: Tech Stuff — Written by Chrissy on Wednesday, December 6th, 2006 @ 2:49 pm

Windows XP and 2003 (SP1) users can now download the RDP client that comes with Vista @ microsoft.com. If you don't like it and need to go back to the original version, you can possibly uninstall it or reinstall RDP 5.2.

The new version supports widescreen/huge resolutions as well as auto-logins. There are a few other features that appear will be cool when Longhorn comes out but till then.. I have no idea what they'll do ;)

Stuff I Use Daily

Filed under: Tech Stuff — Written by Chrissy on Sunday, December 3rd, 2006 @ 6:19 pm

Below is a list of applications I use on a regular basis. I was actually inspired to write this post because I wanted a way to share my excitement for the free tools Virtual CloneDrive and visionapp Remote Desktop. After starting the post, however, I realized that there's actually a lot of really cool applications that I use almost daily.

Media

I didn't realize how many media tools I use until I created this list. It must be the blogging and rampant virtual OS installs..

  • Virtual CloneDrive
    The website for this free software states Virtual CloneDrive works and behaves just like a physical CD/DVD drive, however it exists only virtually. Just double-click any .iso file and it's immediately mounted as a drive. The virtual drive works great on VMware and even more impressive to me, it doesn't just work for CD sized ISOs but DVD sized ISOs as well. You can even mount ISOs located on networked drives.
  • dbPowerAmp Music Converter (dMC)
    Great free media converter. Works on tons of formats: mp3, wmv, m4a, flac, you name it. It's a lightweight, fast media converter that can be accessed by right clicking on the media file and selecting "Convert to..."
  • VLC Media Player
    VLC media player is a highly portable multimedia player (Windows, Mac OS, Linux, BeOS, etc) for various audio and video formats (MPEG-1, MPEG-2, MPEG-4, DivX, mp3, ogg, ...) as well as DVDs, VCDs, and numerous streaming protocols. It can also be used as a server to stream in unicast or multicast in IPv4 or IPv6 on a high-bandwidth network.
  • ISO Recorder
    ISO Recorder is a small, fast application for the few times that you actually need to burn an ISO. Just right click and "Burn ISO.."
  • ImageResizer
    ImageResizer, a Windows Power Toy, is the easiest way to resize images; just right-click and "Resize Image.." The only downside is that sometimes the quality sucks for the web.
  • Paint.NET
    Paint.NET is a great free tool for image manipulation. Lightweight users (such as myself) claim it's a good enough replacement for Photoshop.
  • Quicktime Alternative
    Quicktime from Apple is so damn invasive; from having to search for an iTunes-less install version to adding Quicktime and Quicktime Updater to startup, I can't stand Apple gettin all up in my grill. Quicktime Alternative is a free, lightweight, unintrusive replacement for Quicktime. This software is from the makers of Real Alternative and Media Player Classic.

Networking & Security

  • visionapp Remote Desktop
    Any administrator who uses Remote Desktop often will absolutely love this free tool. I plan to make this application the topic of my next post (or my next-next post).
  • Putty+Pageant
    I stopped using the over-bloated SSH software SecureCRT the day I found putty. I just save putty.exe to my C:\windows directory and run it from any location. Later on when I stopped using password authentication, putty's pageant software was there to help me login automatically.
  • Sam Spade
    I've been using Sam Spade since about 1998. I don't think it's being actively developed any longer but it's a small tool that helps me to find out a ton of stuff from any IP address and it's an easy way to check out HTTP headers. There's probably something better out there; if you know of a small (GUI) tool that can give me things like the owner of an IP block, please let me know!
  • Packetyzer
    Packetyzer is like Ethereal++, recommended to me by a friend at Microsoft. Packetyzer, like Ethereal, is a good tool for sniffing packets. I used it recently when my hosting service's Cacti pages showed that my traffic suddenly tripled. I figured either the new router I was on was misconfigured or someone was hacking me because none of my server logs showed any significant increase in traffic. I sniffed out everything for a few hours and found nothing amiss.
  • TrueCrypt Disk Encryption Software
    I found this while searching for a replacement for Microsoft's EFS file encryption (which sucks..at least in 2k3). It's incredible software: fast, easy-to-use and super secure. You can protect your disk with a password or a keyfile. I use it mostly for encrypting USB thumb drives; if you use this on a USB drive, look into the "Traveller Disk Setup."

Text

  • Foxit Reader
    I hate Adobe Reader! Talk about a dumb, intrusive and bloated (27MB) product. Last I installed it, Reader installs itself as well as an IE plugin. When there is a new update, a window will appear BEHIND the active Reader window which makes Reader (and thus IE) appear to freeze. When you finally do see the Update and tell it to never check for updates again, it never listens. There's a checkbox there but no "OK" button so you can only choose "Cancel." Enter Foxit Reader. Foxit is very lightweight (1.5 MB), fast opening (<1 sec on my Macbook), dependable product which never crashes. Definitely one of my favorite finds in the past few years.
  • notepad++ and crimson editor
    While UltraEdit is probably the defacto standard of what a text-editor should be, it also comes at a small price. Notepad++ is a free text-editor that has many of the features that UltraEdit provides. I've even found in many cases that it's more powerful, especially with its support for plugins. Crimson Editor is another great text editor for coding or searching/replacing.
  • Excel Viewer 2003, PowerPoint Viewer 2003, Visio Viewer 2003, Word Viewer 2003
    If you don't have the money to buy the full versions of these Microsoft Office products, you can still view Office files created by others.

The Internet

Many of the other oft-used applications can fit under this wide-open category but this is how it's organized in my brain so this is how I've organized it in this post ;)

  • w.bloggar
    w.bloggar is what I use to post to each of my Wordpress blogs. It supports about 50 different blogging engines and it's very straightforward and easy to use -- it also doesn't strip your code like some web-based editors do.
  • Firefox + ietab
    In addition to my daily DBAing tasks, I also do program some web applications for our intranet. Since IE is pretty much mandatory on our network, I couldn't seemlessly use my favorite browser, Firefox, to build and test my web apps until the ieView plugin came around. ieView allows you to set entire websites to always be viewed in an IE tab within Firefox (totally seamless). This feature is not only helpful for intranet web development but also for visiting sites that require IE like some parts of Microsoft.com and MSNBC.com. Btw, if you need to enable NTLM authentication in Firefox, you can do so by adding your servers (comma seperated) to network.automatic-ntlm-auth.trusted-uris. AdBlock + Filterset.g is another favorite Firefox extension.
  • eMule
    eMule is one of the best P2P applications available. Most downloads are spyware free but they take forever. However, if you have a machine that is on 24/7 you can just set it and forget it.
  • fileZilla
    FileZilla is available for download as both an FTP client and an FTP server. I haven't tried the server software but the client is solid and easy-to-use. Just Say No to CuteFTP.
  • HydraIRC
    Although I rarey IRC these days, HydraIRC is a nice looking and simple IRC client when I do.

Administration

  • VMWare Server and Player
    VMWware now offers their "GSX" server (now called VMWare Server) for free. For those of you who prefer something toned down, they also offer a free VMWare player which will play pre-built VMWare images. VMware also offers a few hundred "virtual appliances" which are downloadable out-of-the-box solutions for things like SSL VPNs, firewalls, Subversion and all sorts of other stuff. I used all of this to create a virtual lab to play on. And for the record, VMWware Server blows Microsoft's Virtual Server out of the water. Perhaps I was missing something but Microsoft's Virtual Server solution felt super ghetto. Forget being able to use Wizards to select the necessary paths on your server.. you have to type it in yourself! And the console application looks like it was built when Windows 3.1 was in style. If possible, explore what VMware Server has to offer and pass on Microsoft's free Virtual Server until it matures.
  • adminpak
    Adminpak is a must-have for Windows Administrators who use XP as their workstation.
  • Powershell
    Powershell is probably the awesomest shell ever created. It's an object-oriented command line shell created by a bunch of Unix-centric developers at Microsoft. This is #1 at the top of my must-learn list.
  • Windows Services for Unix
    WSU contains all of the unix commands I use often... cat, tail, grep, etc. Actually, GNUWIN32 has the same files as well. The only thing that sucks though is that you have to download each exe you'd like one by one. Ohhh and UnxUtils (mirror on my site) is another great package. That's actually the one I use most.
  • sysinternals
    Sysinternals, now owned by Microsoft, has tons of useful applications such as file and disk utilities, networking utilities, processes and threads utilities, security utilities and other stuff.
  • SQL Server Express with SQL Server 2005 Management Studio Express Edition and Visual Web Developer.
    Not for the faint of heart but has to be mentioned. SQL Server Express is built on the same engine as the Standard and Enterprise versions so it's extremely reliable yet the cost is free. Bill Vaughn, an MVP and talented speaker has taught me a thing or two about just how much SQL Server Express is capable of.. Visual Web Developer is the tool to use for ASP.NET web development. VWD is surprisingly complete in its functionality.. perhaps there are things missing but I haven't noticed them yet.

Windows Command Line

Here, you can find a list of all natively available Windows commands. And here is where you can find more information on some surprising command-line applications for managing Terminal Services.

  • pushd, popd
    pushd and popd are incredibly useful for dos-based shell scripting. While these commands are most often used to navigate the local filesystem, they can also be used to help batch files navigate UNC paths as demonstrated below:
    C:\WINDOWS>pushd \roux\util\ilo
    Z:\ilo>hponcfg add_user.xml
    Script Succeeded
    Z:\ilo>popd
    C:\WINDOWS>
  • mstsc /console
    Behind UltraEdit and Firefox, this is probably my third-used most app when I'm not using visionapp Remote Desktop. If you are having issues that appear to be terminal services related, use /console to connect to the console..sometimes it helps with weird bugs.
  • shutdown -i
    This pops up a super helpful GUI which allows you to shutdown or reboot remote computers on a domain.
  • tasklist, taskkill
    cmd.exe tends to come up faster than Task Manager when a runaway app is using 100% of your CPU. Use tasklist to find the process and taskkill kill it.
  • type
    type is the Windows equivalent of unix's cat
  • subst
    I sometimes use subst as a ghetto replacement for a unix directory symbolic link.
  • findstr
    findstr is somewhat similar to unix's grep
  • nbtstat /R, ipconfig /flushdns
    These two commands are useful when troubleshooting hostname issues. nbtstat /R purges the netbios cache and ipconfig /flushdns flushes the DNS cache.

Affordable Pay Utils That Are Totally Worth It.

UltraEdit is at the top of this list for a great reason... just using it's features for one day can save you $40 worth of your time.

  • UltraEdit (US$40)
    It seems that anytime a text/code editor is reviewed, it's compared to this awesome tool. I'd say, aside from Firefox, this is my most used application. The find & replace is my favorite and has saved me, and I ain't lyin, hundreds of hours of work. The macros are awesome too. Ultra-Edit can be added to your right-click during installation, has a tabbed interface, can easily handle gigantic files and opens in less than a second.
  • WinRAR (US$21)
    I use this exceptional archiver and extracter on a daily basis. I love that it's built into my right-click. Just right click on a file or group of files to instantly zip (or rar) or right click on archive files (ISOs and even some EXEs) and extract. WinRAR supports 14 different types of compression including tar, gunzip, bz2 and ace.
  • Anapod (US$20-US$30 depending on your iPod)
    I can't stand iTunes; it does too much of what I don't want and too little of what I actually do want. It certainly wasn't written with a Windows user in mind and that's why I'm thankful for Anapod; the best iTunes alternative out there. It's got so many features, you really gotta check out the website to see it. Anapod acts exactly how Windows-based iPod software should function. The "Explorer" view and built in streaming web server are cool but my favorite functionality is probably the ability to right click on an MP3 and Send To my iPod.
  • Penton MasterCD (US$60)
    The Penton Press Master CD is a must have for any Windows administrator. It is a CHM file which contains every article from Windows IT Pro, SQL Server Magazine, Exchange & Outlook Adminisrator, Windows Scripting Solutions, Windows IT Security and Windows Web Solutions dating back as far back as September 1995. As of December 2005, the file was a massive 404MB. That's a ton of data but the chm format makes it easily searchable.
  • Active Partition Recovery (US$30 DOS version, US$36 Windows Version)
    This program saved my ass late one night when I accidently deleted the partition information on my 300GB backup drive. Totally worth the measly 30 bucks.
  • eTrust (US$30)
    eTrust is the least invasive anti-virus software I've ever used and it's also Microsoft's preferred anti-virus program.
  • NewsReactor (US$15)
    Newsreactor coupled with easynews.com makes for an awesome combination. I downloaded some binaries at an incredible 800KB/s. Most binary newsreaders suck but Newsreactor is pretty nice.

Web-based Applications

  • meebo
    Meebo is THE BEST web application for the times you want to chat on AIM, Yahoo, or MSN but can't install client-side software. Everyone that has used this website has been impressed.
  • last.fm
    last.fm, "the social music revolution", is a great place to discover new music. Media player (such as Winamp, WMP, iTunes, etc) plug-ins keep track of what you listen to and recommend new music, based on the combined tastes of others who listen to similar music.
  • mozy and xdrive
    Mozy.com offers 2GB of free space and 30GB for $4.95 a month. I like them because they are a small start-up with an emphasis on encryption; only you can decrypt your data. Xdrive offers 5GB of free space but doesn't seem to offer indivudal encryption, they are also owned by AOL. Oh, also.. businesses big and small can use mozypro.com. The pricing is still very fair -- $3.95/mo per account + $0.50/GB.
  • browsrcamp
    If you need to test your websites on MacOSX browsers this is the perfect place for you. Supports a ton of different browsers.
  • Icebrrg
    "Web forms made chillingly simple" As a web developer, this is a helpful tool for making pretty CSS based forms. Oh, CSS Tab Designer is a desktop application but it's also awesome for auto-generating CSS.

And finally, this isn't an application but it's a super useful tip. I learned about during one of my SQL Server 2005 classes and passed it on to my co-workers..of all the scripts I've written to automate stuff for them, THIS is what they're the most thankful for! It's simple but if you haven't encountered it..be prepared to use it 50 times daily!

When a Windows Explorer/MMC/etc column is too small and partially hides long values, you can manually drag the column splitter to see the values or you can simply double click on the splitter's edge and it will automatically expand it to the necessary length. Confused? Check out the animated gif below:

AD: Active Directory Users and Computers Slow to Initialize

Filed under: Active Directory, General — Written by Chrissy on Friday, December 1st, 2006 @ 12:27 am

Recently, two of the network administrators at my firm ran into an issue with with the Active Directory Users and Computers MMC snap-in. ADUC often loaded slowly. Sometimes rebooting would fix the issue, sometimes it wouldn't. I never had an issue but I didn't use ADUC as often on my workstation (I use it primarily on the DCs themselves) and I was also in another city. The two network admins were in San Diego with the operations master, I was in San Francisco with an outer city DC.

We searched the web and found an unhelpful Microsoft KB article promisingly titled "Active Directory MMC Tools Are Slow to Initialize. All of our DNS records appeared just as they should.

Each time one of the network admins, Jeff, would encounter the problem, he would call me to see if my ADUC snap-in would load quickly -- I never had any issues. I wondered if it was an issue with MMC.exe or with LDAP itself. I asked him to run the following script derived from the Active Directory Cookbook when he was having issues and report back to me the time that would pop up:

startTime = timer()
DisplayObjects "LDAP://OU=Users,DC=San Diego,DC=OurDomain,DC=com", ""
Function DisplayObjects( strADsPath, strSpace)
   set objObject = GetObject(strADsPath)
   for each objChildObject in objObject
      DisplayObjects objChildObject.ADsPath, strSpace & " "
   next
End Function
FinishTime = timer()
 
totalTime = finishTime-startTime
msgbox "This script took " &  totalTime & " seconds to execute."

This script, which iterates through each of the users and their child objects in our San Diego Users OU, usually takes about 0.3 seconds to run. When Jeff ran into the issue, it would take up to 40 seconds. After we confirmed that his issue with his network or LDAP connection, not the actual MMC, we began to troubleshoot at a lower level -- this likely isn't an anti-virus+mmc issue that some people have reported.

I then asked Jeff to rerun the script I sent but this time, we would specifically query the San Diego DC. He changed the "LDAP://OU=Users" string to "LDAP://SanDiegoDC/OU=Users". Bingo! The script's time reported finishing in 0.3 seconds as opposed to 20 seconds. I then had him open up ADUC, right click on the domain icon and select "Connect to specific domain controller". The dialog box confirmed that he was connected to an outer office DC and the default was set to "Any Writable Domain Controller." We set that manually to the San Diego DC and ADCU instantly became more responsive.

Finding a way to set the San Diego DC to be the default for the Active Directory Users and Computers MMC snap-in was a challenge. I checked the registry but didn't find much. Finally, I used The Google and found that he could create a shortcut which opens up the proper DC.

dsa.msc /server=sandiegodc.ourdomain.com

I'll admit, that's a bit of a band-aid but it will permanently solve Jeff's ADMC problem. I still need to dig to figure out why his machine thinks that the outer office DC is the closest DC. Time to re-check our AD Sites and Services setup...