Systems administrators can never have enough short cuts or creative troubleshooting ideas. In this series, Mitch Tulloch, a well-known industry expert specializing in Windows server operating systems, provides advice for every day administration as well as more challenging problems. If you don't see your problem covered here, send your Windows question to Mitch.
Windows Tip: Tools for testing for bad memory (04/23/2008)
Got memory problems, or just aren't sure? Here are some favorite techniques from experts in the field.
Read more.
Windows Tip: Managing Remote Desktop settings on a remote computer (04/22/2008)
A simple script that allows you to enable Remote Desktop, perform your work on a remote machine, and then disable Remote Desktop again easily.
Read more.
Windows Tip: Customizing your default Outlook template (04/15/2008)
According to Microsoft insiders, here's how to solve an Outlook formatting problem when the body of your email is centered instead of left-aligned.
Read more.
Windows Tip: Specifying the current directory for an admin-level command prompt in Vista (04/08/2008)
Vista takes some getting used to, doesn't it? Especially User Account Control(UAC) and the effects it has on doing things like running simple tasks. Here's how to open an admin-level command prompt for a specific directory.
Read more.
Windows Tip: Customizing Vista's Instant Search (04/01/2008)Here's how you can
add a "Search Wikipedia" option to the Instant Search box on your Start menu.
Windows Tip: Sizing your event logs (03/18/2008)
The Windows Event Logs are a good thing -- they're a primary source you can mine when troubleshooting server problems or monitoring server security. Because of this, it's a good idea to collect as much information as possible in these logs in order to provide you with a historical baseline of your server's operations to help you troubleshoot difficult issues, and also to create an audit trail for security purposes. The trouble is, can you have too much of a good thing?
Read more.
Windows Tip: Copying email messages using Outlook rules (03/11/2008)
I was messing around with my Outlook rules the other day and discovered something interesting, namely that if you don't watch what you're doing, you might end up with multiple copies of some of your emails! Here's a simple example of how this can happen: Create two rules where the first rule takes messages received from a certain recipient and moves them to Folder 1 and the second rule takes messages received that have a certain word in their subject and moves them to Folder 2. Now ask the recipient to send you a message that has that word in its subject, and when you receive the message you'll find two copies of it, one in Folder 1 and another in Folder 2!
Read more.
Windows Tip: Getting RunAs Back in Vista (03/04/2008)
For the last while I've been on the Service Pack 1 beta for Windows Vista and in my opinion SP1 has fixed most of the issues the original RTM release had, especially performance issues. So I'm confident that enterprises will begin accelerating their deployment plans for Vista now that SP1 is about to be released. One thing is still missing from Vista however, and that's the capability you had in XP to right-click on a program or shortcut on your desktop or in Windows Explorer, select RunAs, and run the program with any credentials you want to specify. Instead, Vista replaced this feature with Run As Administrator, which lets you run a program as an administrator (if you know the credentials for an admin account) while logged on to your computer as a standard user.
Read more.
Windows Tip: Outlook 2007 formatting (02/25/2008)
Recently, I pointed out how to retrieve misplaced email in Outlook 2007. I said that if you wanted to issue a query against all your mail items and not just the currently selected folder, you had to click the fiddly little dropdown arrow to the right of the Instant Search box and select Search All Mail Items. This is fiddly because that dropdown arrow is indeed little, and if you're mouse-challenged like I am it's a pain to to do this. Readers Matt Metz and Floris van der Zwaard independently pointed out to me that there's an easier way to search all mail items, and I appreciate their feedback.
Read more.
Windows Tip: Retrieve misplaced email in Outlook 2007 (02/19/2008)
The other day I dragged an important folder into the RSS Feeds folder, one of the default folders in Outlook 2007. No problem, I'll just drag the message from there into the folder it was intended for, right? Not so simple-when you select the RSS Feeds folder in the Folder List pane, Outlook displays a page showing various RSS feeds you can subscribe to and not the messages in the folder. Yikes, how do I retrieve my misplaced message?
Here's how.
Windows Tip: Enabling remote desktop using WMIC (02/12/2008)
Have you ever been in a situation where you need to use Remote Desktop Connection to connect to a remote machine but unfortunately the Remote Desktop feature hasn't been enabled on the remote machine? Well, you can enable Remote Desktop remotely using-you guessed it-WMIC.
Here's how.
Windows Tip: Keep Outlook 2007 messages in outbox before sending (02/04/2008)
Here's a nifty way of keeping sent messages in your outbox for a few minutes before they are sent - It's a good way to cover yourself in the unfortunate event that you forgot to attach a file, or catch a typo.
Read more.
Windows Tip: WMIC and non-admins (01/28/2008)
More on Windows Management Instrumentation Command-line (WMIC), a powerful tool that lets you query Windows Management Instrumentation (WMI) providers directly from the command line or using batch files, and if you're an administrator then it's well worth your while exploring its capabilities.
Read more.
Windows Tip: Using WMIC for customer support (01/22/2008)
A detailed explanation of how one reader uses WMIC to support his company's customers.
Read more.
Windows Tip: Use WMIC to track down all services running on a Windows server (01/09/2008)
How can you get detailed information concerning all the services currently running on a Windows server? For security professionals, this is important as it defines the attack surface of your server, and after reviewing such a service inventory you may decide to disable unused services on your server in order to reduce its footprint.
Read more.
Windows Tip: Migrating documents to Office 2007 (01/04/2008)
Microsoft Office Migration Planning Manager, which you can get from the Microsoft Download Center, is a good place to start when you're planning an Office 2007 migration.
Read more.
Windows Tip: Five tips from Santa (12/6/2007)
Troubleshoot Group Policy issues using this cool tool. Find out more about the hardware of your box than Device Manager or Msinfo32.exe can display. Print labels or do a mail merge from Excel. And so on...
Read more.
Windows Tip: System restores made easy (11/30/2007)
Restore a backup to a different hardware platform using virtualization.
Read more.
Windows Tip: Optimizing virtual machine performance (11/21/2007)
Virtualization is popular in the enterprise today, but getting the best performance from a virtualized operating system can be challenging. One issue you may not have considered has to do with the different types of virtual hard disks (VHDs) supported by Microsoft virtualization products such as Virtual PC and Virtual Server. For instance, one choice you can make is to choose between fixed-size or dynamically-expanding VHDs. Which performs best?
Read more.
Windows Tip: Configuring ALT+TAB in Vista (11/20/2007)
The behavior of ALT+TAB has changed subtly in Vista. What other changes do you like in Vista? What changes don't you like? Have you found ways of reverting such changes so that Vista behaves like previous versions of Windows? Do you think doing that is a good idea?
Read more.
Windows Tip: When no password can be best (11/13/2007)
Best and worst approaches for securing built-in Administrator accounts.
Read more.
Windows Tip: Page files, system volumes, and large memory 64-bit systems (11/02/2007)
Conventional wisdom is that your page file should be 1.5 times the size of your system's RAM. But since 64-bit Windows servers often have huge amounts of memory, do you really need to allocate a whopping 48 GB of hard drive space just to your page file on a system that has 32 GB of RAM?
Don't skimp on sizing your system volume.
Windows Tip: OneNote OCR (10/30/2007)
Occasionally I need to extract some text from an image, and typically you need some form of Optical Character Recognition (OCR) software to do this. Since I spend a lot of my time in the 2007 Office System family of products however, it would be nice if there was some built-in functionality that could serve this purpose. Well, it turns out that there is -- I just discovered that
Microsoft OneNote 2007 includes an OCR feature called Copy Text From Picture, and you can use this method to copy text from all kinds of images including scanned documents like the kind you typically find on a site like The Smoking Gun.
Windows Tip: Fixing Group Policy Gobbledygook (10/12/2007)
A reader posed this question: "When I opened my Default Domain Policy in Group Policy Object Editor, some of the nodes under Administrative Templates were in different languages -- German, Italian, Arabic, and some stuff that didn't even display and ended up as a series of "open square" characters. Do you know how to reverse this so that the outcome will be english only?"
Here's one solution.
Windows Tip: Enumerating local admin group membership (10/12/2007)
Here's one way to list any local administrator accounts on a remote machine.
Read more.
Windows Tip: Running scripts using alternate credentials (10/10/2007)
On Windows XP and Windows Server 2003, you can run a program using different credentials than those of the currently logged-on user. Administrators often use this Secondary Logon feature to increase the security of their workstations by running as an ordinary domain user for most purposes such as browsing the Web and checking email. Then, when you need to open an administrative tool like dsa.msc, you either open a command prompt and use runas mmc.exe to launch the .msc file or you right-click on the .msc file itself and select Run As from the shortcut menu. But what if you want to run a VBScript script using alternate credentials? You can use the runas command from a command prompt, but unfortunately right-clicking on a .vbs file doesn't bring up a Run As option in the shortcut menu. It sure would be nice if you could add this menu option, but how? Well, where there's a script, there's a way.
Read more.
Peer Tips (10/02/2007)
I appreciate hearing from readers with cool tips. Here are three recent submissions. Please note that I haven't had a chance to test any of these tools, so they are presented "as is".
Annotating web content with JumpKnowledge
Pushing out Group Policy changes across a domain
Web filter blocks unwanted sites
Windows Tip: When the Clipboard Dies (09/24/2007)
Windows Terminal Services is generally a solid platform to use in enterprise environments but occasionally during a Remote Desktop Connection session, my clipboard has gone wonky. Here's a quick work around to the problem.
Read more.
Windows Tip: Defragmenting large volumes (09/10/2007)
Defragmenting disk volumes regularly is important for ensuring optimal performance of your storage subsystem, but what if your volumes are really large? Today, it's common for even desktop systems to have volumes that are hundreds of gigabytes in size, and volumes on servers can often run into the terabyte range. And if you have a storage area network (SAN), you may be dealing with even large volumes. Can the built-in Windows defragmenter handle such large volumes? In theory, probably, but in practice, maybe not.
Read more.
Windows Tip: Rebuilding the Outlook search index (09/04/2007)
If you're using Outlook 2007, searching for a contact in the Outlook Contacts list, and coming up empty, try rebuilding the index on your machine. It worked for me.
Here's how.
Windows Tip: Building a supportable enterprise, part 4 (08/28/2007)
By now you've probably learned at least one important thing about
keeping your Windows infrastructure supportable, namely: leave well
enough alone. Last time I touched on this topic, I highlighted the
dangers of trying to "harden" your network by disabling so-
called "unneeded" services. The result of doing this without a proper
understanding of what Windows services actually do can lead to broken
applications and other mysterious problems. Let's look at another
common "hardening" technique that often has more downside than upside -
- changing the Access Control Lists (ACLs) on your boot/system volume.
Read more.
Windows Tip: Beyond the run box (08/21/2007)
I like to use the keyboard as much as possible and avoid using the
mouse, but if I use my Run box for so many different purposes, my
RunMRU key fills up with too many saved entries for me to make useful
use of this feature. My main priority is for frequently-used UNC paths
to be easily accessible from the Run box, so it would be nice if there
was an alternative way for me to easily open Web site URLs by simply
typing them. Well, where there's a script, there's usually a way.
Read more.
Windows Tip: Annotating web content (08/10/2007)
It's easy to annotate a Word doc with my Tablet PC's pen with Ink, but what if I need to
annotate a Web page? For example, say there's a long Microsoft
Knowledge Base article I need to read through and annotate -- how I
can I annotate a Web page? I've been doing it the hard way until I
discovered this trick.
Read more.
Windows Tip: Building a supportable enterprise, part 3 (07/31/2007)
It's called the law of unintended consequences -- you do "A" to take
care of "B", and then "C" unexpectedly happens. In a previous tip,
I talked about "leaving well enough alone" and gave the example that
when you uninstall Outlook Express from your domain controller (Why
not? Who needs an email client on a domain controller? What could go
wrong?), an unintended consequence can occur: it breaks your CDO
interfaces on your server. While this example might seem a bit obscure
to some, there are many more such "hidden dependencies" in Windows,
and casual tweaking (in the name of "hardening") can often cause you
to run up against these dependencies.
Read more.
Windows Tip: Two Outlook migration tips (07/24/2007)
Here are two Outlook migration tips I thought readers might want to know
about. The first tip has to do with upgrading ANSI .pst files to UNICODE
files. A user we'll call Bob was running Outlook 2003, but his PST file
was originally created with Outlook 2000 (he had previously upgraded his
computer from Windows 2000 to Windows XP and had upgraded Office 2000 to
Office 2003). The problem was that Outlook 2000 only supported ANSI .pst
files, which meant when his .pst file reached 2 GB, Outlook choked
(actually it choked long before that point was reached). Outlook 2003
had introduced UNICODE format for .pst files, but Bob hadn't tried to
upgrade his PST file from ANSI to UNICODE (Bob got scared off by some
Microsoft Knowledge Base articles he read but couldn't understand on the
subject.)
Read more.
Windows Tip: More fun with Outlook 2007 (07/18/2007)
Last week I started sharing some Outlook 2007 tips based on our recent
migration to the 2007 Microsoft Office System. Judging from reader
response, this is obviously a hot topic so let's continue along this
path for awhile. One of the difficulties users often have when their
applications are upgraded is finding new ways of performing old tasks.
For example, I have a lousy memory and so I often find myself
searching mail folders for a particular keyword or subject. In Outlook
2003 this was easy -- simply right-click on a mail folder and select
Advanced Find and then enter your search parameters.
So today I tried this in Outlook 2007 and guess what -- there's no
more Advanced Find menu option when you right-click on a mail folder!
Argh! How do I search a mail folder? OK so I can select Tools, then
Instant Search, then Advanced Find, but that's a drag -- TMC (too many
clicks). I want something quicker.
Read more.
Windows Tip: Fun with Outlook 2007 (07/10/2007)
So last week we took the plunge and migrated our workstations to
Office 2007, mainly so we could take advantage of the new Outlook and
the cool ribbon bar or ribbon or whatever you want to call it. Very
nice, but after only a few days, I found myself in trouble.
I was trying to do something, and accidentally deleted the Unread
Mail folder under my Favorite Folders. This raised the question of how
to get it back. It's easy to create a new favorite by dragging a
folder from the Mail Folders pane into the Favorite Folders pane, but
unfortunately there's no Unread Mail folder in the Mail Folders pane ...
or is there?
Read more.
Windows Tip: Another classic Active Directory mistake (07/03/2007)
Say you do regularly scheduled backups of the system state on your
domain controllers, but you still feel nervous and want to make sure
you can recover your forest should your schema somehow become corrupt.
You set up an additional domain controller on a separate subnet (that
is, a separate Active Directory site) and then scheduling inter-site
replication to occur only once a week with the rest of your forest.
This idea sounds reasonable af first blush, but it's not. Here's why.
Read more.
Windows Tip: Building a supportable enterprise, part 2 (06/26/2007)
IT pros are by nature people who like to "mess around" with things.
They're basically creative people who are easily bored, who enjoy
challenges, and who usually prefer to tweak than to leave well enough
alone. At least, that's me in a nutshell -- maybe I'm just a
frustrated entrepreneur. Unfortunately, tweaking can easily get you in
trouble, even when the best of intentions are involved.
Read more.
Windows Tip: Building a Supportable Enterprise, part 1 (06/19/2007)
There are lots of different ways you can approach building an
enterprise Windows network. Some of these ways are supportable though
while others aren't. A supportable network is one you can administer
easily and where you can get help from Microsoft Customer Support
Services (which was formerly called and still frequently referred to
as Product Support Services or PSS). An unsupportable network however
is one that has become difficult to administer, and if it gets really
bad then CSS may tell you that your only option is to flatten and
rebuild everything from scratch. Clearly it's better to keep your
Windows-based network supportable than let it become unsupportable.
How do you do that?
Read more.
Windows Tip: Shrinking XP partitions using diskpart (06/12/2007)
The version of the diskpart command included in Windows Vista allows
you to shrink partitions to free up space on your hard drive so you
can create additional partitions. Unfortunately, the version of
diskpart included in Windows XP doesn't include this functionality, so
the usual way of shrinking XP partitions is to use a third-party tool
like Symantec's Norton PartitionMagic. If you have a Windows Vista product DVD around however, you can use
Vista's version of diskpart to shrink partitions on a computer that
has Windows XP installed. To accomplish this bit of magic, do the
following.
Read more.
Windows Tip: Installing WINS on domain controllers (06/05/2007)
So what's the best way to deploy WINS servers on your network? I can't
find an "official" (i.e. documented on TechNet somewhere) statement of
best practice for deploying WINS servers, but talking with many
enterprises and also consultants who work closely with Microsoft, the
usual recommendation is to install WINS right on your domain
controllers. Here's why.
Read more.
Windows Tip: Disabling system tasks (05/29/2007)
Ever had a scheduled task on your computer that you can't disable or
configure? This can happen if an application running under the built-
in SYSTEM account creates the task, and even if you are logged on as
the local administrator you may not be able to configure the task. If
you find yourself in this situation, you can try doing the following:
Read more.
Windows Tip: Clustered DHCP Servers (05/22/2007)
DHCP servers are at the heart of network client availability, and I've
seen administrators bend over backwards trying to build some sort of
high-availability solution that can kick in when their main DHCP
server fails. And believe me, seeing your average administrator try to
bend over backwards isn't a pretty sight. One company I heard about recently apparently does the following: They
have two DHCP servers configured with identical scopes, but one of the
servers (we'll call it the fallback) has its scopes deactivated. The
administrator created a netsh script that is scheduled to run
periodically on the main server and which first backs up this server's
DHCP configuration and then restores the configuration onto the
fallback server. So is this a good idea? Probably not.
Read more.
Windows Tip: A classic Active Directory mistake (05/15/2007)
If you're spinning off a part of your business into a separate unit,
migrate your Active Directory, don't split it. There's a risk you
could put your AD into an unsupportable state. Here's why.
Read more.
Windows Tip: VBScript and security policies (05/08/2007)
You can't prevent VBScript from running on client computers in order to comply with a corporate security policy. Instead, replace the the policy with a more reasonable one that requires all scripts to be signed and that uses Group Policy to allow only signed scripts to run on client machines.
Read more.
Windows Tip: Kill hung applications more quickly (05/01/2007)
Ever been right in the middle of working on something and your
application hangs? I get that from time to time with Outlook when I
try to rush things, especially when accessing large mail folders over
a slow connection. Here's what to do next time that happens.
Read more.
Windows Tip: Drag and drop RunAs (04/24/2007)
I'm always on the lookout for new ways of doing LUA (least-privileged user account) so I can maintain
the security of my computer while still keeping things manageable.
Today I'll share a cool tip that was forwarded to me by someone inside
Microsoft.
Read more.
Windows Tip: Forcing a remote reboot (04/17/2007)
You've probably heard that old saying, "When in doubt, reboot."
Unfortunately sometimes when you try and reboot a remote system it may
not behave as expected. Here's how to make sure a server reboots when you tell it to.
Read more.
Windows Tip: Troubleshooting Group Policy processing on terminal (04/10/2007)
Here's a tip concerning troubleshooting Group Policy application when
you have Windows terminal servers on the back end of your Windows
clients. User Configuration policy settings will usually be applied
when a user logs on to a terminal server, with one main exception:
when the terminal server is configured to use loopback processing with
replace mode.
Read more.
Windows Tip: Using FR and RUP in mixed environments (03/27/2007)
Folder redirection (FR) and roaming user profiles (RUP) are two
separate but complementary methods for enabling users to roam between
different computers on your network and access their desktop
environments together with their personal data and settings. Here's a
tip that provides recommendations on how to implement FR and/or RUP in
mixed Vista/XP environments.
Read more.
Windows Tip: Determine bandwidth using WMI script (03/20/2007)
Did you know that you can use WMI to measure your machine's network
bandwidth using a script? To use this script, copy the text provided
in this article into Notepad (with Word Wrap turned off) and save it
as ReportBandwidth.vbs. To run this script on a Windows Vista machine,
open an elevated command prompt and type cscript
reportbandwidth.vbs /? to view a list of different arguments you can
use with this script. Here's the script, minus some comments at the
beginning.
Read more.
Windows Tip: Managing Windows Firewall in mixed environments (03/13/2007)
If you migrate all the desktops in a given organizational unit to
Windows Vista, you can simply manage the firewall on these computers
using the new Group Policy node found under Computer
Configuration\Windows Settings\Security Settings\Windows Firewall With
Advanced Security. But what if your OU will contain a combination of
Windows XP and Windows Vista computers? What's the best way to use
Group Policy to manage the Windows Firewall on these computers? Here's
a brief answer taken with permission from the soon-to-be-released
Windows Vista Resource Kit.
Read more.
Windows Tip: Enabling weak crypto in Vista (03/06/2007)
If you're planning on deploying Windows Vista on mobile computers that
remotely access your company network using a virtual private network
(VPN) connection, you must be aware that support for weak or non-
standard cryptographic algorithms has now been removed from Windows
Vista. This can result in compatibility issues with certain VPN
servers and the result is that some clients may not be able to connect
to your corporate network after upgrading them to Windows Vista.
Here's an explanation from the Windows Vista Resource Kit concerning
why this change was implemented, plus a workaround you can use if you
can't upgrade your VPN servers or don't have access to high-crypto for
regulatory reasons.
Read more.
Windows Tip: Two Vista tips and a story (02/23/2007)
This resource reviews which applications from third-party vendors have
been certified by the Windows Logo Program as working with Windows
Vista. What's really interesting is not which vendors' apps are on the
list but which vendors aren't listed.
Read more.
Windows Tip: Windows Vista and GPT disks (02/20/2007)
Windows Vista supports two types of disk partitioning: Master Boot
Record (MBR) and Globally Unique Identifier Partition Table (GPT). GPT
disks offer several advantages over MBR disks including more
partitions (128 instead of 4) and larger partition sizes
(theoretically up to 18 exabytes or about 18 million terabytes). But
before you run out and get a zillion terabyte drive for your Vista
workstation so you can store all your YouTube videos, you need to know
the following.
Read more.
Windows Tip: Troubleshooting a USB flash drive (02/13/2007)
Don't through away that USB Flash drive too quickly. If the drive
fails after connecting to the network, it could be an issue with the
network.
Read more.
Windows Tip: Restoring individual files from a CompletePC Backup (2/6/2007)
Windows Vista has a new backup feature called CompletePC Backup that
backs up everything on your computer in one easy step. And you can
back up everything either to another hard drive such as a removable
USB drive or DVD. Then later if you need to restore your computer due
to instability or corruption, you can boot from your Windows Vista
product DVD while holding down F8 to start the Windows Recovery
Environment, select the Windows CompletePC Backup option when it is
displayed, and follow the prompts to restore your system from your
previous backup to your external drive or DVD.
Read more.
Windows Tip: Daylight savings time fix (1/30/2007)
There are several ways for companies still running legacy Windows
platforms to address the impact of these Daylight Savings Time changes
on their products.
Read more.
Windows Tip: Preventing removal from a domain (01/22/2007)
By default, any authenticated users on an Active Directory-based
network can add a Windows XP workstation to a domain. In fact, they
can create up to ten computer accounts in the domain if they want to.
As an administrator, you can use Group Policy to manage who in your
organization has the right to join workstations to the domain by
configuring the Add Workstations To Domain policy setting, which is
found under Computer Configuration/Windows Settings/Security
Settings/Local Policies/User Rights Assignments. To configure this
setting, open the Default Domain Controllers Policy in Group Policy
Object Editor, double-click on the policy setting, remove
Authenticated Users and add only those specific users or groups whom
you want to be able to perform this action.
Read more.
Windows Tip: Troubleshooting group policy in Windows Vista (01/16/2007)
Group Policy is a key technology for managing computers on Windows-
based networks where Active Directory is deployed. But Group Policy
has been considerably enhanced in Windows Vista, and also in the soon-
to-come Windows Server Code-Name "Longhorn." And of course, changes
mean more learning for those who are going to administer these
platforms, so this tip deals with one of these changes, namely how to
troubleshooting Group Policy processing in Windows Vista.
Read more.
Windows Tip: VPN and domain authentication (01/02/2007)
If your enterprise has multiple small offices but only one domain
controller at each office, how will users at one of your sites log on
if their domain controller goes down? One common approach is to have
users make a VPN connection to one of the other offices using PPPoE
over DSL and authenticate with the domain controller there.
Read more.
Windows Tip: Backup in Windows Vista (12/25/2006)
A lot of people have been asking lately why the new Backup and Restore
Center in Windows Vista can't back up files to tape drives the way the
Backup Utility (ntbackup.exe) can in Windows XP and Windows Server
2003. Yes it's true -- the Backup and Restore Center in Windows Vista
lets you back up to hard drives (including removable drives), DVD
media, even to shared folders on network file servers, but not to
tape. Why?
Read more.
Windows Tip: Listen to your users, multi-select files in Explorer (12/11/2006)
I was manning the Ask The Experts booth at a 2007 Microsoft Launch
event the other day when I heard an interesting story from another
Microsoft MVP. He told me that his wife was really excited about a new
feature in Windows Vista that made it a lot easier for her to work on
her computer. So I asked what the new feature was, thinking BitLocker? Complete PC Backup? New Group Policy settings for Power Management? Delta sync for Offline Files? Outbound firewall filtering? Dual layer IPv4/v6 networking stack? I held my breath and waited for his reply.
Read more.
Windows Tip: Do you LUA? (11/27/2006)
I've been running with a least-privileged user account (LUA) on my main
Windows XP workstation now for over a year. In other words, the user
account I use for checking email, browsing the web, writing reports and
so on is an ordinary domain user account and is not a member of the
local Administrators group on my computer. Why do I do this? Because
running with an admin account results in a lot more damage when your
machine gets compromised by some malware.
Read more.
Windows Tip: Robocopy just got better (11/21/2006)
If you're an IT pro you probably have a few favorite tools that you
always rely on. One of my favorites is Robocopy, which has been around
at least since the Windows NT 4.0 Resource Kit and probably earlier
(except my brain is too shot right now to remember -- occupational
hazard of being in IT).
Read more.
Windows Tip: Are cached credentials secure? (11/13/2006)
A reader recently contacted me concerning a previous tip
Troubleshooting Cached Logons where I shared a script that could be
used to query your event logs to determine whether your machine is
currently logged on using cached credentials. When you try to log onto
your domain and your Windows XP computer can't contact a domain
controller, your computer uses cached credentials to authenticate.
These credentials are cached locally on your machine from a previous
successful domain authentication, and are designed to enable you to
log onto domain members when domain controllers are unavailable.
The reader told me that he heard from "some security experts" that
storing domain credentials locally on client machines like this poses
a security vulnerability since anyone who can gain access to your
computer can run a password cracker against these stored credentials
and extract your domain username and password from them. But how
serious a vulnerability is this? To find the answer, I cracked open
one of my all-time favorite books, Protect Your Windows Network: From
Perimeter To Data by Jesper M. Johansson and Steve Riley.
Read more.
Windows Tip: Outlook merge mail vs. DLs (11/06/2006)
Ever needed to send an email out to a lot of contacts in your
organization or customer base in a hurry? Here's a tip that may help
if your mail client is Outlook 2003.
Read more.
Windows Tip: Managing local users and groups (10/23/2006)
Is being able to manage local users and groups using scripts useful to enterprise administrators? Here's what Ed Wilson, author of
Microsoft VBScript Step by Step, and the
Microsoft Windows Scripting with WMI: Self-Paced Learning Guide has to say on the topic.
Read more.
Windows Tip: IPsec and Windows Vista (10/16/2006)
The biggest improvement with IPsec in Vista is that it's now easy to
work with! Think about trying to use IPsec to secure traffic between
your client computers and domain controllers. Have you ever tried that
with an existing Windows network? It takes dozens (more likely
hundreds) of IPsec filters and rules just to make it work -- if you
can ever get it working. Domain and server isolation are great in
theory but they're still difficult to implement and maintain on
today's Windows networks.
Read more.
Windows Tip: Smart cards and duct tape (10/09/2006)
Although troubleshooting system and network problems are usually work,
not fun, I had a good laugh at myself recently over one situation that
initially left me stumped. To gain remote access to a secure corporate network, I had to install
a smart card reader on a machine so I could authenticate using the
smart card the company issued me. The smart card reader was a USB
type, and when I plugged it into the system Windows XP recognized the
reader and installed drivers for it. Unfortunately the smart card
reader I obtained didn't include a stand accessory, so rather than
having it sitting on the desk I decided to use duct tape to fix the
reader to the side of the PC beneath the desk. After all, Canadians
like myself can use duct tape for almost anything, eh?
Read more.
Windows Tip: Locking a desktop at logon (10/02/2006)
Unfortunately you can't configure Windows autologon to log on into a locked state, but a short script may provide a workaround for this situation. Simply open Notepad and copy and paste the following lines into it.
Read more.
Windows Tip: File sharing in Windows Vista (09/25/2006)
One of the biggest gripes over the years about file sharing on
Microsoft Windows platforms is that users can see files and folders on
a network share even if they don't have permission to open those
folders or read the files. The good news is that with Service Pack 1 for Windows Server 2003, a
new feature called Access-Based Enumeration (ABE) has been added to
how file sharing works on Windows platforms.
Read more.
Windows Tip: Resolving IP address conflicts (09/18/2006)
A basic but often hard to troubleshoot issue that can arise on a
TCP/IP network is an IP address conflict. This occurs when two
computers on a network are assigned the same IP address, and this
situation can arise in three different ways. First, you might
misconfigure your network by manually assigning two computers the same
static IP address. Second, a DHCP server on your network might assign an address to a client
computer that conflicts with a static IP address assigned to some
other network device such as a router or printer. And third, if you
have two DHCP servers on the same subnet that have overlapping scopes,
you're likely to get client computers with duplicate addresses.
Read more.
Windows Tip: Remotely changing the default script host (09/11/2006)
If you're an enterprise admin who has started developing your logon scripts using VBScript (.vbs files) instead of the old batch language (.bat files) you must pay attention to which default script host is configured on your users' computers.
Read more.
Windows Tip: Scripting multiple Outlook windows (08/28/2006)
One complaint I used to have about Outlook 2003 was that I could only
open one copy of the program at a time. This frustrated me
because I could manage my email more efficiently if I could have
multiple Outlook windows open. Here's a little script to help.
Read more.
Windows Tip: Disk quotas and the recycle bin (08/21/2006)
Here's a common scenario: A user has 25 MB of files on a quota-enabled
volume, tries to free up space by deleting 5 MB of old files, checks
the volume in My Computer and it still shows 25 MB of files, and calls
Support to complain that something doesn't work. The problem? When the
user deleted his files, they were simply moved to the Recycle Bin on
the quota-enabled volume. The solution: educate users to either empty
their Recycle Bin, hard-delete files using SHIFT+DELETE, or run Disk
Cleanup.
Read more.
Windows Tip: Launching a low priority process (08/14/2006)
A friend of mine who is a petroleum engineer recently told me about a problem he was having. He was launching a series of batch jobs (big simulation jobs) on his Windows XP workstation from the command line by running a batch file that contained a series of commands like job5.exe -i input.dat, and his problem was that these jobs were hogging so much of his machine's processing power that foreground tasks became unresponsive. Once these processes were running however, he could open Task Manager and change their priority to Low, and then he could work normally on the machine while the jobs ran in the background. He was wondering if there was a way to start an application with Low priority instead of Normal.
Read more.
Windows Tip: Protecting your default policies (08/07/2006)
Always leaving yourself an out is good advice when it comes to playing poker, and it's a good idea when it comes to managing Windows networks too. Group Policy is one place where it's easy to back yourself into a corner. There are literally thousands of policy settings you can configure, and if you accidentally configure the wrong setting in your Default Domain Policy, you might end up with hundreds of phone calls to your support desk asking for help. That's because any change you make to your Default Domain Policy automatically affects every user on your Windows network.
Read more.
Windows Tip: Using remote assistance in the enterprise (07/31/2006)
Have you ever been asked a computer question from a friend or family member who is located miles away? Wouldn't it be great if you could see what they were trying to describe to you and show them how to fix the problem remotely? Remote Assistance, a feature of Windows XP, is a great idea for troubleshooting issues that are hard to explain or which require a complicated series of steps to fix. Remote Assistance can be used to help users with simple problems like "How do I format this document?" and also more complicated ones like "I need to download and install a new driver and synchronize with my new handheld device, what do I do?"
Read more.
Windows Tip: Know your IPv6 address types (07/24/2006)
Is your enterprise planning or in the process of migrating your IPv4
network to IPv6? Did you know Windows Vista comes with IPv6 enabled
out-of-the-box? And were you aware that some Vista applications like
Windows Meeting Space use only IPv6 and not IPv4?
Read more.
Windows Tip: Keep an eye on solid state disk technology (07/17/2006)
IT departments have always known that the hard drive is the main performance bottleneck, and that's why the development of solid state disk technology (SSD) is exciting as it will push performance up significantly. Therefore, I suggest keeping your eyes on SSD technology as it makes inroads into the notebook, desktop, and eventually server arena.
Read more.
Windows Tip: Three resources for regulatory sompliance (07/10/2006)
Ensuring your company's IT infrastructure is compliant is no easy job. For one thing, you must first be aware of the laws and regulations that apply to your industry. Next you must be aware of how these laws impact IT operations. And finally, you must develop a set of internal procedures and controls to ensure your enterprise complies with these laws and regulations and can stand the test of an external audit or even worse, a lawsuit. Here are three resources to check out.
Read more.
Windows Tip: Revisiting group policy refresh (07/03/2006)
In a recent tip here in Windows in the Enterprise, I mentioned that administrators could remotely refresh Group Policy on desktop computers using a free tool from Sysinternals called psexec and that this can save them the labor of touching (visiting) desktops when Group Policy refresh needs to be forced for some reason. Several readers of this newsletter commented afterward that there are other tools that can be used to do this, and this week I'd like to thank these readers for their feedback and highlight their suggestions.
Read more.
Windows Tip: Troubleshooting cached logons (06/26/2006)
How can you determine whether you've either successfully logged onto a domain or are merely logged onto your own computer using cached domain credentials? One way to do this is to use Event Viewer to check your System log for an occurrence of event 5719 around the time when you last tried to log on to the domain. An even easier way to do this is to use the following script I wrote to query the System log on my machine for the most recent occurrence of event 5719.
Read more.
Windows Tip: Remotely forcing group policy refresh (06/16/2006)
One of the cardinal principles of managing enterprise networks is
avoiding having to touch desktop computers unless you really must. Of
course, by "touching" a desktop what I mean is having to walk over to
where that machine is located and log on interactively to perform some
administrative task.
Read more.
Windows Tip: Old apps never die (06/12/2006)
In a previous tip titled Virtual Bliss, I extolled the virtues of
virtualization as a means of enabling you to test buggy prerelease
(beta) software in a safe environment without the need of dedicating
to use or possibly corrupting any of your production machines. But
virtualization is more than just a tool for testing software -- you
can actually run production software right within the guest operating
system running in a virtual machine on a box with Virtual Server or
Virtual PC installed. Why would you want to do that? To keep your
legacy apps running properly!
Read more.
Windows Tip: Encourage users to behave themselves (06/02/2006)
Life would truly be easy for administrators if there were no users. And
if only your users would behave themselves and actually follow the
written policies you've laid out for them. We're talking network
nirvana here -- is such a state achievable? Yes it can be, if your
policies are effective. What makes a policy effective? Two things
really: enforcement and encouragement.
Read more.
Windows Tip: Looking for help? Think global, but look local (05/18/2006)
I've been impressed over the last year or so by how much time and
energy Microsoft has committed to building up a thriving user group
community around the globe. If you're looking for an IT pro user group
in your area, a good place to start is Culminis, a not-for-profit,
member-owned association sponsored by Microsoft that has almost a
million user group members under its umbrella.
Read more.
Windows Tip: Virtual bliss (05/15/2006)
I'm on the beta program for Windows Vista, and the other day I wanted to download and read through the Vista Product Guide, a pre-release guide to the features of Vista and how they benefit home and business users. This posed a bit of a problem however, because the Product Guide is in Microsoft's new XPS (XML Paper Specification) document format, which is designed to compete with Adobe's popular PDF format.
Read more.
Windows Tip: Business-driven deployments (05/04/2006)
Deployments of new platforms and products should always be business-
driven, not technology-driven. If your enterprise has a business need
that can be realized by deploying a new version of Windows or Office,
then do it. But how do you identify possible areas of business need?
Vendors generally present you with a list of exciting new features for
new versions of their products -- how do you match these features to
the needs of your business? A good place to start is usually with your mobile workforce.
Read more.
Windows Tip: Vista pro and con (05/01/2006)
Windows Vista is edging forward towards completion, and the big question facing enterprises is whether to deploy or wait once RTM arrives. I've been thinking about this a lot, and there are things I really like about Vista and things that still leave me concerned.
Read more.
Windows Tip: Laziness as a virtue (04/24/2006)
What would you do if you were a business owner and you walked into your sysadmin's office and saw him with his feet up on his desk reading a magazine? Fire him? Or offer him a raise? Laziness is defined as a disinclination to work or exert effort, and it's generally viewed as a negative character trait. But what appears on the surface to be laziness may actually be a sign of an energetic, vigorous personality who prefers to work hard and do what's needed and then later take a much-deserved break.
Read more.
Windows Tip: Romance compliance auditors with security templates (04/17/2006)
Are you prepared for an audit? Complying with SOX means enterprises need
external auditors to sign off on their financial controls, and large
companies have been getting socked in the wallet in their efforts to
comply. But SOX and similar legislation also means that IT staff need to
be ready at any time for having their own internal controls audited, and
that adds a lot of pressure to an already stressful job. There are lots of recommendations out there for how to get your IT
infrastructure ready for those pesky auditors, but here's one you may
not have heard before: use security templates.
Read more.
Windows Tip: Desktop refresh cycles return to front burner (04/10/2006)
I've heard from several quarters that desktop refresh cycles are
returning to the front burner for many enterprises
after being placed on hold during the recent economic downturn. Whether
you're organization is contemplating a three- or four-year refresh cycle
or a rolling replacement of a certain percentage of desktop computers
each year, there's one thing you need to remember if you want to make
the most of your IT hardware investment: buy only x64-capable machines
from now on.
Read more.
