Happy New Year!


Well, once again it is that time of year again again and what an exciting year it has been indeed. Times haven’t always been good for everyone as a recession loomed large over everyone, and IT spending was down considerably in most industries – but things are definitely looking up and it seems confidence is returning everywhere.

2010 should be a great year for this blog. Paul and I have a lot of things planned and we are hoping to get these implemented as soon as possible.

Also, I am at a new job now and this move will definitely add to my experience base. I look forward to bringing that new experience to the blog and hopefully any new-found insight will filter its way through.

Our posts slowed down considerably in December with much of that being related to my job change, but we should be back with renewed vigor in 2010….

With this, i would like to wish all of our readers a happy New Year and great prosperity in the year to come!



LLMNR – Another Reason to Upgrade

The ultimate goal of any network administrator is system uptime and the consistent availability of network resources . This should be easy, but alas DNS and WINS can be fickle creatures.

In the Windows 2000/Windows XP days, losing a DNS server usually meant a total lack of connectivity for a network.  WINS, while not nearly as important as it once was, was also the source of a lot of grief when it wasn’t working properly.

Now, we have IPv6 entering the scene which has created its own set of problems. WINS doesn’t support it at all, and DNS is not so keen on mixing the two types of addresses (although it is possible). The need for a technology to fill the gap was evident. There had to be a better way of keeping machines talking to each other on subnets.

The answer was LLMNR or Local-Link Multicast Name Resolution.  The RFC for LLMNR (#4795) arose from a need for a way to get hosts communicating with each other on a small network with zero configuration.  As the name implies, it is only on the local link, so this is not a substitute for DNS, but rather a complementary system that will improve connectivity. The technology works with both IPv4 and IPv6 and is included and enabled by default on Windows Vista, Windows Server 2008/R2 and Windows 7.

This feature alone, is reason enough for me to recommend an upgrade to customers. I have set up several small networks now with Windows 7 boxes and they were able to communicate and share files within minutes of being attached to the network. Browsing by hostname was reliable and easy.  Anybody that has done the same thing on a small Windows XP network will be all too aware of how easily name resolution can be broken. The bottom line is that this technology will save companies money as it will surely reduce calls from end-users with connectivity issues.

So, how does all of this magic work? It is not all that difficult actually.

The standard is based on a standard DNS data packet, but it sends out a packet that can be up to 512 octets in size in multicast on port 5535. IPv4 hosts will listen for these broadcasts at or in the case of of IPv6 at FF02:0:0:0:0:0:1:3 .  Hosts will then respond and this information will be cached for use by the operating system allowing for fast name resolution.

The LLMNR cache will only be queried for information if a DNS query fails, and as mentioned above it should not be considered the primary form of name resolution but rather a complementary one. If one were to set the LLMNR cache with a higher precedence than the DNS cache, it could be used (inappropriately) as the primary resolution mechanism.

LLMNR is currently unable to propagate across routers, but it is interesting that in the actual RFC for LLMNR, there is considerable discussion with regard to enabling this in a wider, perhaps Internet level, fashion.

In Server 2008 (and presumably Vista/Windows 7) LLMNR can be disabled. I am not quite sure why anyone would want or need to do this, but should you find reason here is a link that will show you how it is done.

Anyway, I realize that this post was a little deep on the technical side, but I just wanted to highlight and perhaps promote this technology so that more people will make the switch to our new beautiful suite of stable, reliable and secure operating systems.


Layer 2 and layer 3 Switches

The first time I heard the term Layer 3 switch, I had a really hard time with it. It’s not that I couldn’t conceive what the device does, or how it would be implemented, but rather it was more an issue of simple pedantry. The term layer 3 switch is indeed slightly paradoxical at best and to some, completely misnamed.

Anyone with an understanding of the OSI model will already be nodding his head in agreement. It is the OSI model itself that clearly tells us that layer 2 is the Data Link Layer, which includes devices such as switches, and Layer 3 is the Network layer which would traditionally include routers and bridges.

So, what in damnations, is a Layer 3 switch. By definition this should be called a router, right? That’s certainly what I thought until recently.

In fact there are some subtle distinctions between a Layer 3 switch and a router. These distinctions however make a not-so-subtle difference in performance especially on corporate LANS connected by a VPN – layer 3 switches are blazing fast and have a throughput that would even make Takeru Kobayashi, the Japanese hot dog eating champion, blush. The ability for these devices to “ram” massive amounts of data through them is the main difference between a router and a layer 3 switches.

Hardware implementation of carefully refined software algorithms is what makes this all possible. By hard coding what would normally be a software implementation on a normal router, Layer 3 switches can attain speeds considerably faster than any normal router on the market and deliver data from across the LAN following the principle of Open Shortest Path First. (OSPF) Most layer 3 switches don’t even have CPUs as a router would, but insted use Application Specific Integrated Chips (ASICs) to get rid of the inherent speed penalty that wasted or tied up CPUs can create.

Additionally, Layer 3 switches typically don’t have a WAN port and are intended to be primarily a switching device that includes routing information. In the real world, this means that data centres using VOIP and/or have a large number of users accessing databases or file systems simultaneously will notice that lag or in the case of VOIP – choppiness – is all but removed.

Obviously, I could go into a tremendous amount of detail on how layer 3 switches are implemented and how the ethernet/MAC fram is bridged to layer 3 protocols such as IP, IPX, apple talk etc, but honestly it really isn’t necessary.

As long as you understand the use of these devices, you will be able to implement them just as easily as any router. I hope this brief explanation helps!


NTBackup for Server 2008 with Exchange

As the exploding popularity of our “Running NtBackup under Windows 7” would suggest, the emergence of our latest and greatest operating systems has also left a few holes that Microsoft has yet to plug.  As our readers have seen from our first article, it is very easy to get NtBackup running under windows 7, but more and more people are also realizing that there is a significant need for this on their Server 2008 and Server 2008 R2 boxes that are running exchange.

Currently, Microsoft does not include any product that adequately backs up exchange server on these platforms. The biggest issue with all of the schemes is the fact that logs are not cleared and these servers end up with a lot of wasted space from these.

Honestly, I don’t know when Microsoft plans on addressing this issue officially, but given the screaming we have heard, I would hope that it is soon.

Anyway, to get NTBackup working for exchange in this scenario is almost identical to our Windows 7 tutorial with a couple of small exceptions.

The process goes like this:

Copying the following binaries from a server 2003 install (C:\Windows\System32\) to a new location such as (C:\Program Files\NTBackup\):

  • ntbackup.exe
  • ntmsapi.dll
  • vssapi.dll

Then, install the removable storage manager in server 2008 which can be found under the features menu in server manager.

Finally, go into an older server and copy esebcli2.dll from your server (C:\Program Files\Exchsrvr\Bin) and put it into your new location which in our case would be (C:\Program Files\NTBackup\):

Then, change the esebcli2 reg key from (HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\BackupRestore\DLLPaths)

C:\Program Files\Micrsoft\Exchange Server\Bin\esebcli2.dll


C:\Program Files\NTBackup\esebcli2.dll.

Now go ahead and set up your exchange backup as a scheduled task just as you would have done in the past.

Please remember that this is more of a band-aid solution  and is totally unsupported by Microsoft. This will not work with tape drives, and it is very possible that future Microsoft service packs could break this functionality.  With that being said, it has been very solid in all of our testing thus far.


APC BR1500LCD: This Is the UPS You Want

You do have a UPS, right?

If so, skip this paragraph.  If not, give your head a shake, and listen to this: if you’re reading this site, you probably have at least $2,000 worth of computer equipment.  Your time and your data is worth far, far more.  And you do NOT want your system attached directly to the same power grid that serves every other light bulb, motor, and heating element in your house.  And your neighbor’s house.  And the rest of your neighborhood.  And you certainly don’t want to be directly attached to the constant lightening strikes, transformer explosions, bird explosions, and a long, long list of other stuff that goes wrong on a daily basis.  We’re pretty good at keeping the power on, and relatively consistent, most of the time.  But consistent means somewhere between 100 and 150 volts.  Good enough for your oven.  Not good enough for your shiny new XPS.  Whether you know it or not, this matters.  Remember that hard drive that died on you?  The flaky video card?  Those weird blue-screens you were having a few months back?  The old Pentium-4 that died on you?  Bad power eats away at electronics, and eventually, destroys it.

And if you do have a UPS, is it worth the grief?  If you spent less than $100, it probably isn’t.  Sure, it’s going to be better than that power bar with the ‘Surge Protected!’ sticker and the glowing orange power switch.  It’s probably even better than your $1,500 Monster Cable PowerCenter.  And it even has enough of a battery to keep a small computer running for a few minutes when the power goes out.  But let’s face it: these sub-$100 models are kind of like the disposable inkjet printers of similar cost.  They usually get the job done, kind of, for a year or two.  But they’re not a pleasure to use.  They’re not exactly equipment you’d trust your life to.  And they’re not a particularly sound investment.  Cheap, sure, but not good value.

Enter the APC Back-UPS RS 1500VA LCD 120V, affectionately known as the APC BR1500LCD (catchy names).  This UPS isn’t really cheap, but you can probably track one down for under $200.  And once you drop that extra $100, you’ll never again spend any less on a UPS.


The first thing you’re going to notice when you pick this up is that it’s really big, and really heavy.  This is a good thing.  Small and light is fine for cell phones, but when it comes to handling power, it’s either big and heavy or it’s cheap and crappy.  The guts of this beast will do exactly what the marketing says they do: provide clean, uninterrupted power.  All the time.  The usual features are there, of course: phone line protection for your ADSL modem, co-axial protection for your cable modem, a USB port so your computer can talk to the UPS, a bunch of fancy software you’ll never install, and plenty of pure, sweet, power outlets!  Of course, you can expect pretty good battery life: I get about 20 minutes of backup for my big, honking tower (with two power-hungry video cards and more hard drives than I can count), three large displays, and all the usual accessories.  A second unit, powering only some vital (but low power) networking and telephone equipment at the moment, reports estimated battery life of over 8 hours, but I haven’t actually tested it to verify.

The second thing you’ll notice is that there’s a screen!  You may think this is a gimmick, but once you work with it a while, you’ll understand that rather than a gimmick, the screen is what turns this device from a big, heavy, beeping power strip to something a bit worthier:


As you can see, you’ll always have access to the three most important bits of data: power status, battery status, and load status.  This alone is a big deal.  It means you’ll never have to worry about overloading your UPS, you know exactly how your battery is doing, you know exactly what your UPS is doing, and you know why it’s doing it.  This information is presented in a way that even grandma can understand.  But there’s also a numeric component, which can be switched between different fields:

  • Current load, in watts: How much power your equipment is sucking down.  This is good information to have, even in a general sense, but becomes vital for working with a UPS.
  • Current load, in percent: A UPS can only provide so much power.  This shows you how close to the limit you are.  As a rule of thumb, it’s probably a good idea to keep this under 50%.
  • Output, in volts: Okay, this is a bit useless.  Hopefully this is pretty close to 120V, since that’s the entire purpose of this device.
  • Output, in hertz: And this is entirely useless.  Again, this is what the device is for; so long as it’s on and working, you can assume this is going to be 60.0 Hz (or damn close to it).
  • Input, in volts: This is a bit more helpful.  In theory, this number should be 120V, but it won’t be.  Input voltage will constantly change a bit, and often it will change a lot.  This reading lets you know exactly what your power company is delivering to you at any given moment.
  • Event counter: This is my favorite.  It’s a running count of the number of times the UPS has had to jump into action to save your equipment from a power surge, brownout, or blackout.  This doesn’t include the continuous massaging of more ‘normal’ power fluctuations to keep the output exactly where it should.  Since I last reset this counter a few weeks ago, this UPS of mine has dealt with 31 power events.  I noticed about 3 of them.
  • Estimated run time: Another really useful bit of information.  This tells you how long the UPS expects to be able to keep things running on battery.  You can get this information whether you’re running on battery or not, and it takes the current load, battery charge level, and battery health into account.  When the power is actually out, this acts as a countdown timer.

With all this information, your UPS becomes more than an annoying box that beeps mysteriously at you: it becomes a trustworthy addition to your system that you can understand and depend on.  And since power is the lifeblood of all your computer equipment, healthy power means healthy systems.

You need a UPS.  And this is the one you want.

Netgear WNDR3700: This Is The Wireless Router You Want

For years, I’ve been complaining about the sorry state of consumer-grade wireless equipment.  It never works properly.  Every product I’ve ever used – and believe me, I’ve used a lot of them – is slow, buggy, and lacking in even the most basic of features.  Originally, this was to be expected.  Wireless was new, it was complicated, and it was expensive.  Consumers wanted it, but they didn’t want to pay hundreds for it.  Shortcuts had to be made.  These days, though, when wireless chipsets are practically free and we’ve had years to refine the technology, there’s really no excuse for it.

Well, enter the Netgear WNDR 3700 Wireless Router.  This little beast sits very nicely between the crappy consumer-grade hardware and the ridiculously overpriced and complex enterprise-grade hardware.  It’s not cheap – at $160 to $200, this is one of the priciest routers you’ll ever see in a retail store.  But let’s face it: you get what you pay for.  If cost is your primary concern, you might as well quit reading this now and go buy that $30 Linksys model you found on Craigslist.

So, what do you get for your money?  Well, three things, really: you get features, you get performance, and you get reliability.


Reliability is a huge deal for me.  You know how nice it is to work with a system that has a good, old fashioned Ethernet connection?  You don’t have to worry about drop-outs, slow downs, or other grief.  You just get your work done.  Well, that’s what this router brings, except now you can get your work done on the couch without tripping over wires.  Through all my testing, this router didn't even hiccup.  It works flawlessly, ceaselessly.  There's not much more to say about this, but it's a really, really big deal.

And it's fast.  Very fast.  This is something that's often overlooked, because most consumers don't really push much data over home networks.  But when you're copying ISO images, watching movies, using VOIP, working through RDP, opening big files, and doing all the other stuff us technical people do with networks, it really starts to matter.  Perhaps the best way of summing up the performance of this router is by comparing a couple of quotes from SmallNetBuilder.com.  Here are some (conveniently trimmed) excerpts from their preview article:

…the claim of "350 Mbps real-world maximum wireless throughput" definitely smells like "creative" marketing to me.

…the highest speed I have measured from any wireless router is 111 Mbps…

…it's highly unlikely that you'll see anywhere near 350 Mbps of "real world" TCP/IP wireless throughput from the WNDR3700, or any dual-stream draft 11n router, for that matter.

And then, their thoughts after reviewing the unit:

…it turns out that the WNDR3700 actually manages to deliver the goods and will get NETGEAR seriously back into the N router game…

…routing speed well above what most of us can use, plenty of simultaneous sessions and steady throughput…

Yes, the WNDR3700 really can deliver 250 - 300 Mbps…

Sure, there’s a bit more to the story than that, but the point is: this router is fast.  Very fast.  Oh, and did I mention the gigabit Ethernet ports?  And not only is this router fast, it offers very impressive range on the 2.4 GHz radio – and remains fast at long distances.  In fact, this router allows me to get great performance in places where other routers wouldn’t even connect (or would constantly drop the connection).

But perhaps the most interesting difference between this router and the rest of the crowd is the long list of well-implemented features it offers.  All of the basic stuff is there, of course – and well implemented.  DHCP reservation, static routing, a detailed log, great status reporting, good port forwarding and triggering, support for dynamic DNS services, and all the other stuff you hope to find (but often don’t) is right where you’d expect it to be.  There are a few other nice touches, as well: automatic notification of new firmware (with one click to download and install right from Netgear’s server, if you want), very customizable tools to block certain sites or protocols (always, or according to a schedule), the ability to have the routers log e-mailed to you on a regular basis (or immediate notification of blocking activity), SPI firewall, great QOS support (by MAC address, port number, or physical LAN port), and a traffic meter.

But there are a few things that really set this router apart.  Each of the two radios (one for 2.4 GHz and one for 5.0 GHz) can be configured separately, and each radio also supports a separate guest SSID that allows clients access to only the Internet while (optionally) preventing access to the local network or restricting access to the current SSID.  Each of these connections can be configured with different SSIDs and security settings.  This means this router can actually expose up to four different SSIDs and up to three isolated networks.  Wireless repeating is supported, and can again be configured independently for each radio.  And, there’s a USB port on the back for rudimentary NAS support.  This is a very nice way of adding storage to your network, and while it might not be powerful enough to use as a primary storage device, it’s ideal for storing movies and music.  It even runs a DLNA media server.

There are a few problems: the web GUI could be better (the router only lets you connect to the administration site from one IP address at a time), the NAS performance isn’t stellar, and the 5 GHz radio’s range could be better.  But I haven’t come across anything really significant.

All in all, this is one fantastic device, so whenever you can possibly justify replacing your router, I highly recommend you invest in Netgear’s new baby.  Finally, we have a ‘prosumer’ grade wireless router.

Go ahead.  Treat yourself.  Your network deserves it.

GPO Drive Mapping Issues


Apparently, mapping a drive using group policy and applied to a Windows Vista machine can result in users actually not being able to see their drives properly. While I won’t get into the reasons behind this too deeply, it is inherent in the security model that UAC relies on to function.

UAC breaks each successful logon into a split token with half of that being a standard user token and the other half being an elevated administrator token. When group policy maps drives, these are mapped under the elevated administrator token which results in the lower standard user token user being unable to see these drives as they have been theoretically mapped in a different session. 

Obviously, a simple fix would be to disable UAC, but anyone that is a loyal Slick IT reader knows our feelings on that.

The other solution is not entirely acceptable to me either as it could theoretically allow malware to redirect drive mappings, but for the time being it is the best fix we have.

Simply open regedit from the run line and modify the following registry key:

EnableLinkedConnections =(dword)1

I am not sure whether this problem affects Windows 7 clients, but I would guess that it does given the closeness in the UAC architecture of both Vista and Windows 7. If anyone can confirm this issue exists, please comment below!

Hope this helps!

10 Great Windows 7 Tips

The faster you you get your hands on Windows 7, wean yourself off of XP, or rid yourself of Vista, the faster you will be able to get in on the great new productivity tools that Windows 7 offers. It has been a long time since the reasons to switch to a new Microsoft OS were compelling, but that time is here.

Here are 10 things that are going to make your computing experience in Windows 7 a lot better and I encourage you to give them a try!

1. Try out Windows XP mode.  We all have our favourite “old” programs that we don’t want to part with. It might be that great little utility that tracks your fitness routine or that neat little bridge building game. Honestly, most of these will work on Windows 7 using some form of the compatibility mode, but if they don’t – just install it in  virtual XP mode and it will be available from your Windows 7 start menu just as any installed program is. Check out Paul’s guide to setting this up here.

2. Open Command Prompt Here.  This used to be only available as a Windows XP Power Toy, but has been built-in to Windows 7.  Simply hold the the shift key and right click within a folder to get the option to open a command prompt at that location, shift and right click to add it to the properties menu, or type start into the command prompt window to open Explorer at that exact location – Slick!!!

3. Present Yourself!  Pushing the Windows key and P will bring up presentation mode, that will allow you to choose your screen setup and projector modes. This eliminates all of the vendor specific, inconsistent interfaces that we are all used to in Vista and Windows XP. Windows and the X key will open the mobility centre giving you further options.

4. Aero Snap Windows 7 offers a great way to quickly get windows out of the way. Selecting a window, pushing the Windows key and one of the four directional arrow keys will quickly snap the window to one side or the other to the top and bottom of the screen.

5. Burn ISOs.  I was sure that I would witness the parting of the dead sea before Windows actually included this feature, but I am now pleasantly surprised. Simply right clicking on an ISO file will give you the option to burn it to a cd with a simple, reliable interface. Gone are the days of having to hunt down a spyware-infected third party tool to work with ISO images.

6. Use search connectors. We have a great article on this feature here. This feature will allow you to search non-network resources from within your Windows 7 search box. Twitter, YouTube and many other sites are open search compatible and will allow you to do this.

7. Try the new calculator and paint.  These have been revamped in a big way and are now extremely versatile modern tools. One of the great features in the calculator is the ability to figure out the difference between two dates. Paint now saves files as a .png file by default which, for obvious reason, makes a lot of sense.

8. Make your VPN useful again. As documents such as PDFs started growing in size, the usefulness of the venerable VPN connection started to wane. While it is still the defacto tool of choice, no one can deny how slow and clogged up these connections inevitably become. The new BrancheCache feature should reduce the amount of WAN traffic significantly  through the use of intelligent caching of frequently used documents.  

9. Pin items to the taskbar.  Most items in Windows 7, including the control panel can be easily pinned to the taskbar. Simply open the control panel so that it’s icon sits in the taskbar and then right click on that icon and select pin to task bar to make this stick.

10. Record your problem and email it.  System administrators everywhere are going to love this feature. If a user is having trouble explaining an issue, and a screen shot just isn’t doing it any justice, simply fire up the Problem Steps Recorder.  This will allow the system administrator to see the steps that are needed to reproduce the problem and will allow for better analysis of software or hardware issues.  Simply search for PSR in the start menu to find this great little utility.

So there you have it folks… 10 ways to better leverage your computing experience into a productive experience.  Additional comments would be greatly appreciated.

Windows 7 Ready for Primetime.

Windows 7 has been creating a real stir in the consumer market. As I have insisted all along in this blog, Microsoft seems to have finally come to the realization that they only had one more chance – and seize this chance they did!

Windows 7, after using if for months now, is absolutely the best OS I have ever used hands down. If I had to give the OS some cheesy genus and species it would definitely be Panthera Leo. Seriously, this cat is making one little snow leopard mighty nervous.

In fact, even users that I have presumed to have very little interest in computing in general and equally little knowledge, have approached me eagerly asking my opinions of Windows 7. The excitement is definitely here – but that, unfortunately, also left me with a bit of a dilemma.

These users are corporate users and any questions regarding Windows 7 were obviously in reference to integrating the new OS into their current corporate IT infrastructure. While I have had a lot of experience with the OS on a personal level, I was very apprehensive of the notion of joining this to the domain and expecting it to play well with others. There were a lot of unanswered questions for me.

Well, these fears are starting to subside. Recently Intel just finished its own trial test of the shiny new OS, and its testers gave an astounding 97 per cent approval rating of the OS and fully recommend that Intel proceed with upgrading their current fleet of XP machines. The upgrade, however, won’t come until next year sometime and only with the roll out of Intel’s vPro technology.

The numbers cited by Intel were impressive – over $11 million dollars in three years could be saved with the increased productivity, ease of deployment, reduced costs and enhanced security the the new platform brings.

Intel’s vote of confidence, along with Ford, Continental Airlines, Convergent Computing, Baker Tilly, and the city of Miami has now put me into a position of confidence in recommending the OS to enterprise. Moreover, the availabilty of Windows XP mode seals the deal as that effectively means that there will not be any applications that cannot be run in some form on Windows 7. 

Look forward to Windows 7 pouncing into a company near you with a ferocious roar and don’t be surprised if you see a few spotted leopards quietly slipping out the door.

Congratulations Microsoft!

Federated Search in Windows 7

One new feature in Windows 7 (Ultimate or Enterprise) that hasn’t had much coverage is federated search.  This is, essentially, a way to allow searching of damn near any resource from within Windows.  Here’s how a search on TechNet looks:


Because the results are represented as files (shortcuts, actually), you can now work with your search results just like any other set of files.  You can copy them into a folder, right-click them and click Print, drop them on the Start button to pin them to your Start menu, or view your results in any of the usual Windows Explorer views.  For example, here are the results of a YouTube search:


And how do you get at all this magic?  Well, this is a case where Microsoft actually got things right.  First, everything is based on the simple standards-based OpenSearch format.  Basically, this means your data source has to support RSS, and you need a simple XML file telling Windows how to access the data.  These files (usually going with an .osdx extension) are pretty simple, and opening one on Windows 7 will automatically set everything up for you.

Want to try?  Here are some good examples:

Some of these come from SevenForums.com, where you can find a wealth of other information on federated search.

Notice anything missing here?  There is a search engine called Google that still fulfills a small niche among certain people that isn’t really easy to use.  This is because Google doesn’t support OpenSearch, and as far as I know, doesn’t intend on doing it any time soon.  There are ways around this, of course, but none are particularly elegant.

Curious as to how this all works?  Well, just have a look at an example .osdx file.  Here’s the YouTube one:

<?xml version="1.0" encoding="UTF-8"?>
<OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/" xmlns:ms-ose="http://schemas.microsoft.com/opensearchext/2009/">
<Description>OpenSearch Youtube via Windows 7 Search.</Description>
<Url type="application/rss+xml" template="http://www.youtube.com/rss/tag/{searchTerms}.rss&amp;num=10&amp;output=rss"/>
<Url type="text/html" template="http://www.youtube.com/results.aspx?q={searchTerms}"/>

As you can see, there’s really not much here beyond a bit of meta information and a reference to the web-based RSS service.  Pretty simple, yes?  This means implementing this search ability in your own applications shouldn’t be all that hard, either.  This makes for a really easy way to integrate your application into Windows.

For more details, check out OpenSearch.org.

Fixing Typical Boot Problems

No matter how good our beloved Windows operating system has become, one has to expect that occasional problems with the boot process will arise.  If you are a loyal Slick IT reader, you will have already read our article and made yourself a boot disk and already understand how the boot process works. Today, we are going to look into some common fixes for boot problems that IT techs everywhere are sure to have run into.

This article is applicable in some way shape or form to all versions of Windows, but primarily the information given here is for Windows Vista, Server 2008, Server 2008 R2 and Windows 7. These newer flavours of Windows have a modified boot process that has both advantages and some quirks as compared to the NT/XP flavoured boot.

The first one that is 100 specific to the New NT 6.0 and later kernel, is problems in the Boot Configuration Database (BCD). Typically, this issue presents itself with an error message like “Windows could not start because of a computer disk configuration problem”; “Check boot path and disk hardware”; or “Could not read from the selected boot disk.”

These error message most often come from the careless deletion of the BCD but can also occur from disk issues resulting in BCD corruption or the addition of a partition that has somehow changed the name of the volume.

To fix this, simply log in to the Windows Recovery Environment and run the following commands: bootrec /scanos and bootrec /rebuildbcd. You will also find that the bcdedit.exe tool has some other options availoable that may be of use.

Common to all versions of Windows starting with NT is the infamous “Missing Operating System”; “Invalid Partition Table”; or the “Error Loading Operating System”.

The cause is simple. Ninety-Nine per cent of the time this is due to corruption by due to hard disk errors. Viruses and poorly written device drivers may also be responsible for corruption of the Master Boot Record (MBR).

Fortunately, this is also the easiest of all of our boot problems to fix.  Simply  run bootrec /fixmbr from a boot disk or the Windows Recovery Environment.

Many of you have probably run into “BOOTMGR is missing”. This too, is a result of corruption and is equally easy to resolve. Simply running bootrec /fixboot should clear this up.

Our final cause of boot problems may often be the most serious.

When Windows is reporting that operating system files and/or xxx.dll is missing, you should immediately suspect disk issues.  This particular error may be indicative of many files missing and not just the one listed.

Often it is easier to just reinstall the OS, but if you are in the mood to try and recover from this, you will need to launch the Windows Recovery Environment and try to find the files needed on a Windows disk or in the \Windows\winsxs\backup folder. Or, failing that, try to find and copy the file from another running machine in your network – just ensure that it is from the same service pack and OS

These tips in unison should allow you to recover from almost all boot failures. If all else fails, go for the windows repair install and cross your fingers.

Hope these help.

HP 2600n Print Queue Issues

As of late, I have become increasingly irritated with HP and the general crappiness of its products. A good HP product is now, in my opinion, akin to a good karaoke machine – the point being that neither of these really exist!

Today I had the joy of working with an HP 2600n. It should have been a really easy fix – a few users were complaining that documents were stuck in the print queue and they could not delete them – nothing stopping and restarting the spooler service won’t fix, right?

In fact, that did fix the issue. Instantly, the jobs were deleted out of the queue. Great!….Let’s just print a test page from the server to make sure that it is really working. I open up properties, select the test page and click on OK – within seconds a test page is popping out of the printer.

Fantastic!!! It works.

But then, one of the users tries to print a document to the shared printer.

Nothing happens…and the job is stuck in the queue again. What the hell?  I clear the queue and print a test page – bam, test page instantly pops out.

As it turns out, this particular model of HP printer, along with a plethora of other HP printers was not really designed to be shared off of a Server 2003 platform. These “cheap” network printers are actually not fully PCL compliant and are designed to work with HPs Print software and installed drivers but not using the standard drivers that you would install on a typical print server.

The fix, luckily, is easy. If you are having the same issue I had, simply go into the properties tab on the printer and uncheck the “Enable Bi-directional communication”. Apply the change, and your printer will work flawlessly.

But, HP you are not off the hook for this. Making printers and marketing them as network printers knowing full well that these won’t work well when shared out is absolutely unacceptable! As I mentioned in the first part of this blog entry, I have increasingly been spending far too much time troubleshooting nonsense – please count my clients and I out for any future HP purchases.

Upgrade Windows 7 RC to RTM

Greetings everyone….

This is a post that I am really pleased to make. In fact, ecstatic would probably be a better word.

For the last month I have been stewing about how to get my Windows 7 RC release upgraded to the RTM. Microsoft’s official line on this is that upgrades are not possible and the only way to do such was a fresh install.

This was really a very frightful thought for me. I have been using the RC as my primary operating system and it worked so well that it basically got tweaked into a more permanent set up than what an RC release should ever be.  Rebuilding this guy would have been a lot of work!

Well, today I found a workaround. A lot of other people had been talking about this, and of course it is not supported by Microsoft, but it worked great and it is really simple.

All you have to do is download the same release as your installed version, unpack it using WINRAR, 7Zip, or some other suitable program browse to the sources folder. Inside of that, you will find a file called cversion.ini. Open this up in notepad, change the minversion parameter to 7100 and save it.

Now, you are ready to upgrade. Copy the installation files onto a USB key, and run setup .exe. You will now be allowed to upgrade. It really is that easy!!


Manual Removal of Malware

So, I am sure most of you have been there. You just downloaded this great little free app from freeware heaven, clicked “next” through the series of endless disclaimers and dubious EULA’s, and have now watched the progress bar hit 100 per cent.

You fire up the new program and notice that it has now executed IE at the same time and has brought you to a page telling you that your system is infected. Damn, Damn Double Damn….haven’t I been down this road before?

Well, at least it didn’t lie. Your machine truly is infected and the longer it stays this way, the worse off you’ll be.

Malware is more than a nuisance though; it is an honest-to-god security threat and any real computer professional will give this class of software the prudent respect it deserves. Malware costs the world billions of dollars in lost productivity and is responsible for an unimaginable amount of identity theft and fraud. You may be inclined to chuckle at the colourful new icon that has been magically installed in your system tray, but this truly is no laughing matter.

Luckily, there are a ton of good tools out there that can deal with Malware reasonably well and are freely available. This article isn’t about recommending any of them (although I will plug an excellent product called Combo Fix recommended to me by Kevin, one of my co-workers) but rather this is for the unfortunate souls that have already run a program only to see that their malware is still alive and well.

So, where do we start.  Sometimes malware can be ridiculously easy to spot. Simply opening the task manager will show you a process that you know shouldn’t be there and allow you to terminate and remove it. Then opening up MSCONFIG and disabling/deleting the startup item stops it from ever coming back. Great!  But this does sound too easy, doesn’t it.

Modern malware almost never lends itself to easy removal and if it did, that nifty little program you downloaded to cleanse your system would have grabbed it anyway. Malware nowadays usually consists of several parts/processes and these processes work together to ensure that when one process is terminated, the other will fire it right back up.  This is a cat and mouse game that you will not win using standard Windows management tools.

What I recommend doing, is downloading process explorer from Sysinternals. This tool will be invaluable in your fight against rogue software and will give you the weapons you’ll need to be victorious. Download Here.

Open up process explorer and you will now be privy to all sorts of system information that task manager doesn’t have (although the Windows 7 task manager is greatly improved).

Now look for processes that look unusual. Watch how your system behaves and look for processes that suddenly appear in the list when the malware itself executes. By default, these will be highlighted green and easy to see.

Now, when you find something unusual, double click on the process and go to strings tab. Look for something in there such as .com since most malware out there is designed to make some sort of a connection to a website to steal information or redirect your browsing experience in some way.  Use your best judgement – if it is pointed to www.blackhathackerz.com that might be a clue that this file should not be there.


Once you have found your suspect exe file, do not kill it. Instead right click on it and suspend the process. This will prevent the other parts of the malware from restarting it as the program is still loaded in memory but just suspended and not terminated. Go through and suspend all of the suspect processes that appear. Then, once you are sure that you have got them all. Terminate them. (make a note of where they are located first in the environment tab in process explorer.)

Now, simply go through and delete the files off of your disk and clean up any registry entries that the product may have made. Use msconfig to disable any additional startup locations. Remember always export your registry and keep it safe before modifying your registry in any way.

Manually removing spyware doesn’t have to be painful. Nevertheless, some malware is going to involve a lot of work to track down on your part, but you will find that in time you will become more proficient at it and be able to clean machines up very quickly.

Last piece of advice, however. If you find yourself dealing with a root kit please disregard all that you have learned here today. There really is no way of trusting any machine that has been infected with a rootkit and your best bet is to just format windows and reinstall the OS.

I hope that this little tutorial helps!


Understanding Disks and Disk Management

Well, today’s post isn’t a fix per se. It isn’t even a tutorial, but I think that the information contained herein is invaluable for understanding disks and troubleshooting disk management issues.

A lot of us have a real rudimentary understanding of how disks and volumes are managed in Windows. Most of this comes from the overly simplistic and dumbed down models that we are given when studying for the A+ designation or it is an understanding that we gained long ago when FAT32 was the predominant file system in use.

A lot has changed since then, and I want to take you on the journey to understanding what is actually happening behind the Disk Management MMC.

So let’s begin at the root of disk management in modern versions of Windows. That swanky mmc that we all know and shown below is actually loaded through a Windows dll named dmdskmgr.dll. The functionality of this dll is simple. When it is loaded into memory it will in turn scan disks attached to the system looking for a LDM database. If it finds disks from the local computer, it will simply report the volumes that are present, however, if it happens to find an LDM from a foreigner computer it will then execute the import disk mgr which essentially just copies the foreign LDM and adds it to dmdskmgr.dll’s in memory copy of the database. Should you choose to import the disk, then it is essentially just committing the database write operation to the foreign disk which is actually done through a kernel mode dll called volmgrx.sys. Volmgrx.sys is actually the workhorse behind dmdskmgr.dll as it control the access to disk objects such as the LDM and the resident volumes.


Understanding this process alone goes a long way in troubleshooting why a disk might not be recognized or importable etc. While entirely out of the scope of this article, one could actually write a tool to manipulated the LDM itself and allow you to fix issues on a disk at a very low level.

Now, how does volmgrx.sys actually work. This is actually fairly straightforward in most cases.  Disks all contain disk relative offsets which are essentially a number of sectors from the start of a partition table to the actual partition itself.  The job of volmgrx.sys is to simply add the volume-relative offsets to the disk-relative offsets and allow the operating system to map I/O to the underlying partitions themselves.

On a multi-partition disk setup using spanned, mirrored, or some other flavour of RAID, thsi naturally becomes more complex. It is NTFS iself that allows us to create these types of volumes.

NTFS creates a bitmap file that can be added to or reduced at will. It is this file that tells the volmgrx.sys kernel mode dll where a logical volume begins and ends. Thus, to the OS itself the drive appears to be just a normal drive. In the days of FAT this was not possible as the whole partion table would have needed to be moved and thereby dislocating the data on one partition from the other. Then the volmgrx.sys will keep referring to the bitmap created to determine where free clusters are located and will logically write to these as necessary.

This process is virtually identical for all of the multi-partitioned types except for RAID 5 arrays where obviously the parity bit is also striped across the drives.

One last area that I would like to touch on is mirrored volumes. Some people have asked me why Windows cannot boot from spanned drives, Raid 5 arrays etc., but yet can boot from a mirrored volume which is a multi-partitioned volume.  The answer to this is simple. The Master Boot Record code sees the disk as one volume and only boots from half of the mirror which is marked as the boot volume.

Anyway, I hope this goes a long way toward helping you understand at a deeper level how Windows manages disks. I also want to give proper credit to Mark Russinovich et al. for the inspiration to write this article. Most of the material comes from his Windows Internals fifth edition book and I highly recommend this book for anyone who wants to understand Windows at a Engineering level.


IE8 Security Warning – HTTP/HTTPS

The more I use it, the more I love it. IE8 is actually a great product and I truly believe Microsoft got a lot of things right in this edition. Sure, there are still things that could have been done differently, but can’t that be said about Firefox and Chrome too?

Nonetheless, there is one pop up in particular that does drive me insane.  The infamous “Do you want to view only the webpage content that was delivered securely?’ security dialogue is almost enough to make me want to buy a Mac(……….. Just kidding – Macs, are they for me?)


This issue is not new to IE8 actually, but the wording has now changed and people are forced to click NO instead of “Yes” as they would have in the past. The natural tendency of end users to never read any thing that suddenly pops up and just click “yes”, means that a lot of websites are not going to render properly after they have inadvertently been told not to display insecure content.

Let’s be clear about one thing though – this is not Microsoft’s fault. Web designers should strive to only deliver secure content on secure web pages. This is really just common sense.

Anyway, luckily, the fix for this issue is really easy and probably has a very minimal security impact for your average everyday web surfer.

Simply go to:

  • Tools->Internet Options->Security
  • Select the ‘Security’ tab
  • Click the ‘Custom Level’ button
  • In the ‘Miscellaneous’ section change “Display mixed content” to Enable

    Voila, annoying pop up has magically disappeared.

    Enjoy your new browsing experience.

  • Add printer to all profiles – Server 2008 Terminal Server

    Profiles under terminal services can be really messy and problematic. Over the years, IT administrators have come up with various workarounds for profile issues under Windows Server 2003 Terminal Services.

    Server 2008, unfortunately brings a few new challenges. I recently ran into one of these when I was asked to add a printer under a user’s profile to which I had no access.  Naturally, I just assumed that the old trick of making a shared network printer appear local would work. It doesn’t.

    Server 2008’s add printer dialogue is very different from Server 2003 and many of the options that were available in 2003 are notably absent in 2008. Hmm….so how should I deal with this.

    I could just add it to the login script, but this user only wants this printer to appear in this profile on the terminal server…so that’s not going to work. I thought about the issue for a while and then I remembered an old shell command that I had once used under XP to add a printer to all profiles at one. 

    So, I fired up the command prompt, put in the command and much to my delight it worked.

    Here it is…..

    Rundll32 printui.dll,PrintUIEntry /ga /c\\localcomputername /n\\servername\printername

    The solution is wonderfully simple and can be executed with very little effort – this is exactly what Slick IT should be.

    Windows 7 installation - Versions

    It has been an exciting week for all computer aficianados – Windows 7 RTM hit MSDN and Technet and the frenzy has begun.

    However, there is one little catch to all of this. A lot of people have pre-ordered Windows 7 and are ready to install the MSDN/Technet editions but have not thought about versioning.

    Contrary to popular belief, Windows 7 is NOT exactly the same as Vista in the install phase and you will have to decide beforehand what version you want or make a modification to the install package to be able to select your flavour during the install. Windows 7 releases, despite containing the exact same images, have always been labelled with the version that they will automatically install. Windows 7, unlike Vista, does NOT allow you to choose what version you would like to install.

    But there is a workaround for this. If you are not sure which version you have or it is the wrong one, simply open up the files, go to the source directory and find a file called EI.cfg. This is the file that tells the installer which version to install automatically. By simply deleting this file you will be presented with the ability to select your OS as shown below.


    You could easily edit this file as well. Here is a screen shot of the easily edited cfg file below. Just adjust the parameters as necessary using the words “Basic” “HomePremium” “Professional” or “Ultimate”. Just deleting the file is probably the easiest though.


    When you finally do receive your pre-ordered key, simply use the slmgr.vbs script as also referenced in this blog.

    Enjoy your new Win 7 installation.

    The Time is 1234567890 – again!

    Earlier this year the time was 1234567890 - if you’re a computer running Linux, that is.  If you happen to be a real person, though, that particular moment passed without too much interest.  Well, here’s your chance to get even.  As I post this, the time is 12:34:56 07/08/09.

    By the way, you DO know the correct day / month / year ordering for your country, right?  Yes, there is indeed a format officially recognized as correct, but unfortunately, it changes by country.  The United States uses M/dd/yyyy, while Canada and the UK use dd/MM/yyyy (much more logical!).  For your country, just go to Region and Language in Control Panel, choose a country, and note the short date format.  If you’re trying to avoid confusion, though, you’d be best to use yyyy/MM/dd as your format.  If anyone gives you any grief, just mention you feel it’s very important to follow the recommendations put forth by the International Organization for Standardization and you are doing your best to follow ISO 8601.  By the way, this is often a great choice for giving dates as strings to computer programs – it works much more reliably than anything else (where supported).

    Wish everyone would just get their act together and be consistent?  You might get your wish sooner than you think!  Just hang on a couple years.  Soon, it will be 11:11:11 11/11/11.

    Windows Explorer As It Should Be

    There’s no question that using Windows Explorer is way easier today than it was a decade ago.  Particularly with Windows 7, everything just seems to be right where you need it, and there are very few annoyances.  Even better for us technical folk, there are more and more helpful tools and features tucked away, just waiting for you to find them.

    There is one little oddity, though, that’s remained with Windows – and indeed, pretty much every other OS out there – since the dawn of time.  Double-clicking.  Now, let’s think about this for a moment.  Clearly, a single click is far easier, faster, and friendlier.  When you’re working with files, generally you either double-click them (to open) or right-click (to bring up the context menu).  Yeah, sure, occasionally you single-click them to select, but let’s set that aside for now, because it’s a far distant third to opening and right-clicking.

    Think of browsing the Internet.  Every link is a simple click.  Just because of that, it’s a far easier thing to work with.  Lots of people find Explorer very intimidating, though: left click to select, right click for a menu, click and drag to move (or sometimes copy), right-click and drag to copy (or move or create a shortcut), click and drag in a slightly different way to select files, Control + click or Shift + click to select files in other ways, double click to open, click / wait / click to rename… it goes on and on. People get confused.  Hell, I get confused.  And yeah, the power is great.  I’m not suggesting this functionality be removed.  But shouldn’t the most basic operation – a single left click – perform the obvious and usually desired action?

    Well, you can make this happen.  I’m going to show you a couple of things that have been in Windows for a long, long time, but are pretty much unknown to most people.  The first goes all the way back to Windows 95 and the Active Desktop introduced by IE4.  Go into Folder Options (ALT + T, O in any Explorer window), and look what we have here:


    That’s right… somebody in Microsoft feels the same way I do!  Select the ‘Single-click’ option, and choose to underline only when you point at icons (unless you really, really like underlined text all over the place).  Click OK, and try browsing files a bit.  You’ll notice you can now get around Explorer way faster and way easier.  Double-clicking is now a thing of the past!

    Of course, there’s one flaw in this change: selecting files.  But I have you covered.  Go back to Folder Options, click the View tab, and check this out:


    Check boxes?  Huh?

    Well, it works about as you’d expect.  Every icon in Explorer will now have a checkbox.  Check to select, uncheck to deselect.  Of course, you can select the old way at the same time if you prefer.  To avoid clutter, checkboxes won’t appear unless they’re checked or until you mouse over them.  Here’s how it looks:


    As you can see, I have the ‘temp’ and ‘wwwroot’ folders selected, and I have my mouse over ‘history’.  I can quickly and easily select a bunch of random files in a list just by clicking the checkboxes.  I can still drag-select and use all the other old tricks.  There’s even a ‘Select All’ checkbox in the column header.

    This works on any view – even the giant thumbnails – and throughout all of Windows.  Even the Desktop.  Even File Open dialogs.  Whether you’re sold on single-click or not, this is very handy.  And let’s face it: once you have this, there’s no reason not to use single-click.

    Changing Explorer like this will definitely take some getting used to.  After all, you’re retraining yourself on one of the most basic parts of using your computer, and changing something very fundamental that has remained unchanged for decades.  But I highly recommend you give it a try for a week or two.  Once you get used to it, you’ll never go back.

    Microsoft Product Names

    We all know Microsoft has a thing for dumb product names.  You need look no further than Windows for this:

    • Microsoft Windows 3: Fair enough.  Nice, simple, easy to understand.
    • Microsoft Windows 3.1: A bit technical, but hey, computers were only for geeks back then, so this is fine, too.
    • Microsoft Windows 95: Huh?  A model year?  What version is this, anyway?  Do I have to buy this every year now?
    • Microsoft Windows 98: And no Office 98?  What happened to Windows 97?  And what version is this, still 4? (Yes.)
    • Microsoft Windows 98 Second Edition: Second Edition?  Really?  Why not just ‘Windows 99’?  Is this really a completely new product?
    • Microsoft Windows 2000: Huh?  Incompatible with earlier versions?  We were just getting used to these regular, trivial updates.  So this regular, trivial name change actually implies a completely different version of Windows?  Okay.  By the way, internally, this is now Windows 5.
    • Microsoft Windows ME: Yup.  The name makes no sense at all.  Is this older?  Newer?  What does ‘ME’ mean?  Me?  Millennium Edition? And would someone explain to me just why exactly we’ve gone back to version 4?  Also, why was this piece of shit even released, now that Microsoft had the vastly superior version 5 to work with?
    • Microsoft Windows XP: Oh, good, another two random letters.  I’m assuming this is alphabetical, so XP must be newer than ME.  This is also about the time Microsoft decided to experiment with a bit of market segmentation.  Home, Professional, Media Center, Embedded, N editions… what fun!
    • Microsoft Windows Vista: Sweet, a random word!  And hey, what better random time to bump the version number up to 6!  And hell, let’s triple the number of editions we offer; this stuff is nowhere near as confusing as it could be.
    • Microsoft Windows 7: Oh, back to versions, are we?  Thank god, at least the confusion will end.  What a minute, though… there were 7 versions between 3 and 7?  Oh well, we all know computers suck at math.  The real problem, of course, is that Windows 7 is actually version 6.1.  And if you think that’s annoying now, just wait until there actually is a version 7 and it’s called Windows 9.3.

    The market segmentation thing is a bit over the top, too.  For Windows 7, we’ll have:

    • Starter
    • Home Basic
    • Home Premium
    • Professional
    • Enterprise
    • Ultimate

    Each of these editions is available in both x86 and x64 versions (except Starter), so now we’re up to 11 editions.  Think we’re about done?  Hah!  We also have the ‘E’ editions, which don’t include a web browser.  Don’t even get me started on that one… Oh, and we still have the ‘N’ versions, which cut out Media Player, as well.  Each of those editions is available for all of the other releases.  My math might be out, but I believe that means we’re now up to 33 editions of Windows 7 – and that’s before you start to look at language and region options, service packs, and add-ons!

    And how about awkward marketing bastardizations?  Did you know there’s no such thing as Microsoft Office 2007?  In fact, it’s called “2007 Microsoft Office System”.  System?  Where’d that come from?  Word is called “Microsoft Office Word 2007”.  Even a simple mouse can’t have a simple name: “Microsoft Natural Wireless Laser Mouse 6000”.

    And if you think the consumers have it tough, just try being a developer.  Then you get to deal with products like these:

    • Microosft Visual Studio® Team System 2008 Team Foundation Server with SQL Server 2005 Technology
    • Microsoft® WinFX™ Software Development Kit for Microsoft® Pre-Release Windows Operating System Code-Named "Longhorn", Beta 1 Web Setup

    The IT folks are no better off:

    • Microsoft Office Live Communications Server Public Instant Messaging Connectivity
    • Microsfot Forefront Client Security Management Console with SQL Server 2005 Technology
    • Microosft Web Antimalware Subscription for Forefront Threat Management Gateway Medium Business Edition

    And then we have what is perhaps the longest product name ever used by anyone for anything in the history of human civilization.  This product name is so long that by the time you get to the end of it, you can’t even remember what you read anymore:

    • Microsoft Office Communications Server Public Instant Messaging Connectivity with Yahoo Instant Messaging service and America Online (AOL) Instant Messaging Service

    That’s 165 characters long!  We’re now into database-breaking territory.  I’m sure there were developers out there who said “Product.Name?  Surely 128 characters is long enough for this one!”.  Format this as a title using Microsoft Office Word 2007 and it’s five lines long.  Even the Onion couldn’t do a better job of mocking Microsoft here.

    Please, Microsoft, fix this.  Fix it now.  Stick to this format:

    Microsoft <Product> <Version> [<Edition>]

    Let <Product> and <Edition> be one word, and let <Version> be a number.

    And please, people, just because Microsoft does it does NOT mean you should do it.

    Alternate Port for RDP

    This is going to be short and sweet!

    Often, smaller networks use RDP as their primary method of remote administration. This is really great if you are using one of Microsoft’s SBS servers because the Remote Web Workplace wizard will automatically add all clients and allow easy access through a website harnessing the power of TSWEB.

    But what if you just have a few machines behind a firewall and would like to be able to RDP into all of them? The answer is simple – change the port that RDP listens on on the client OS.

    RDP by default listens on 3389. I find 3390 and 3391 are always good alternate choices that are almost never used by any other applications. You can use any port you like if it is free, however.

    Simply open regedit32 (this is accomplished by typing regedit on the command prompt or in the run box).

    Migrate to the following key:

    HKEY_LOCAL_MACHINE\ System\ CurrentControlSet\ Control\ TerminalServer\ WinStations\ RDP-Tcp\ PortNumber


    On the Edit menu, click Modify, click Decimal, type the new port number, and
    then click OK.


    Exit out of the registry editor.

    Now, go ahead and forward your firewall to pass that port through to the IP address of the client you have modified.   (Note:often routers will enable you to port forward external ports to different internal ports – this is equally effective and means that these registry changes would be unnecessary. There are many reasons for changing ports – use your best judgement)

    Test it by using telnet.

    For example: telnet mail.examplecompany.com:3391

    You will know if it has connected if your cursor just starts blinking in a blank window and doesn’t display any error message.

    Now, when you want to connect, use your RDP client and append your new port number to the address like below.


    It’s that simple.  I know a lot of you out there will find this extraordinarily useful…and oh yeah, by the way…standard disclaimer applies when working with the registry: back it up first, we bear no responsibility in you making a mess of it.


    Troubleshooting Windows Firewall

    Firewall: The name says it all – this little piece of software (or hardware as it may be) is designed to keep your computer and the fires outside at some distance from each other.  It is an essential service, yet the eagerness of some to let the fires inside and burn their houses down is not unappreciated.

    Let’s face it – firewalls can be a real pain in the butt and the one that comes with windows is sometimes nearly unbearable. I know a lot of you out there are tempted to live with this particular warning message forever…..


    I know I certainly have, but actually the windows firewall is very easy to work with. Let’s discuss some ways that we can make this work for you.

    Now first and foremost, any configuration you do to Windows firewall should be done through the firewall wizard itself. This often grabs any exceptions that are needed and most of the time will actually pre-emptively warn you when Windows firewall is blocking out something important. Don’t ignore these messages when they pop up – think about what they mean and either allow or ignore as you see fit.  This will save you a lot of time.

    Now, after you have tried forwardding ports as they appeared in the wizard/notification area and have failed in making the troublesome service or application work, the second step is to enable logging on the Windows firewall. Far too many people take a non-logical approach to troubleshooting firewall issues and basically just start clicking randomly allowing and denying until their issue is magically solved. Unfortunately, they have also magically opened up numerous attack surfaces on their machine and by two am the next day an army of botnets has already been able to compromise their machine and they are inadvertently relaying thousands of Cialis ads per day…this definitely puts one in between a rock and a hard place.  The moral of the story here is simple: AVOID THE IMPULSE TO RANDOMLY DISABLE/FORWARD PORTS IN WINDOWS FIREWALL. Troubleshoot these systematically.

    Here’s how to enable logging:

    1. Open the Windows Firewall with Advance Security snap-in, right click on the firewall and choose properties.


    2. Select the profile you wish to troubleshoot.

    3. In the logging group, click on customize.

    4. More often than not, you will be looking for dropped packets as these are the data packets that windows firewall has rejected and are probably the reason why that undocumented and proprietary software package you are trying to make work is failing. Click on yes for the dropped packets. Or, conversely, click on Yes to monitor which packets windows firewall is allowing through.


    5. Click OK to apply the settings. As you can see above, the log files are kept in the system32\logFiles directory.

    Now try to recreate the problem and see if Windows firewall is in fact the culprit. You will want to disable the logging after you are done with it though, as there is a considerable performance hit associated with this as the log only stores the last 4 KB of data.

    Now there is one other tool that is often overlooked in tracking down port forwarding issues.

    The simple netstat command when used with the –a and –b switches is a powerful tool in tracking down applications that require access to the machine or in the case of spyware blocked.

    Netstat when used in this fashion will allow you to see what services and/or processes are listening for incoming packets.  This, combined with a tool like process explorer by Sysinternals, is extremely useful in quickly figuring out access requirements.


    With all of these tools at your disposal, there is no reason to completely disable a firewall again nor will you be forced to just click aimlessly and randomly in the firewall configuration.


    Self-Healing NTFS

    In the past, inconsistencies on disks could mean hours of trouble. Usually, the disk would have to be taken offline and a tool such as check disk would have to be run to correct the errors.

    While check disk actually works very well at marking sectors as bad, it is slow and inconvenient. Windows engineers recognized this limitation and came up with a fairly robust solution: Self-healing NTFS.

    Windows Vista, Server 2008 and Windows 7 all utilize this new feature. The process is actually very similar to how check disk itself works, but with a difference. Most disk corruption will tend to occur in one area of a file and is not generally endemic to the disk. That being the case, self-healing NTFS systems will actually detect corrupt areas on the disk, prevent access to it, and spawn a worker process that will take check-disk like corrective actions on the disk.  This greatly minimizes disruption to end users especially on a particularly busy file server.

    This tool is not a black box, luckily and we can actually get in and control its behaviour.

    The fsutil repair set command can be used to both view the status of the self healing feature and to set its parameters.


    Note, you will have to run this as an administrator to get it to function.

    Some useful flags that can be set on the volume are:


    SET_REPAIR_ENABLED – This simply enables self healing on the volume in its default state.

    SET_REPAIR_WARN_ABOUT_DATA_LOSS – If the self healing option is unable to fully recover a file, it will visually warn the user about the potential data loss.

    SET_REPAIR_DISABLED_AND_BUGCHECK_ON_CORRUPTION – This option would mainly be used by system engineers trying to pin point when corruption is occurring. This flag will actually create a 0X24 stop error which will be cleared during reboot.

    Should you wish to initiate a manual self-healing operation, this is available too. Simply run:

    fsutil repair initiate  - to start the process and fsutil repair wait commands.  After you are done, go ahead and query the status of the volume by running

    fsutil repair query <volume name>

    Pretty neat stuff here. I suspect that this will be used often as an alternative to running check disk as more and more people learn about the powerful features of this tool.


    Running NT Backup under Windows 7

    Windows 7 (and Server 2008 R2) have great new backup tools.  These improvements were sorely needed, though: the widely-used, well-known NT Backup was getting pretty long in the tooth. Unfortunately, “in with the new” always seems to imply “out with the old”, and if “the old”, in your scenario, happens to be the format in which all your precious backups are saved, “the new” becomes pretty useless pretty quick.  That’s right: NT Backup files (*.bkf files) are officially obsolete and cannot be opened with Windows 7.

    What’s worse is that the Extensible Storage Manager – one of the Windows services NT Backup is built on – is no longer included with Windows 7, so it doesn’t seem too likely that simply copying ntbackup.exe from an XP machine would fix anything.

    But it does!

    That’s right: running ntbackup.exe under Windows 7 is entirely possible, easy to do, and generally works well – although tape drives and other odd storage devices won’t be supported.  If you have the .bkf files, though, you’re in luck.  Just find these files from the system32 folder on any Windows XP machine (or Virtual Windows XP, if you have it installed):

    • ntbackup.exe
    • ntmsapi.dll
    • vssapi.dll

    Copy them on to the Windows 7 machine and then run ntbackup.exe.  You’ll get an error:


    Just ignore it.  Now run NT Backup as usual.  Since .BKF files won’t be registered with this application, you’ll have to point NT Backup to the .BKF files yourself.  Right-click the Files tree in recovery mode and click Catalog File.  Select your backup file, and click okay.  You’ll then be able to catalog and restore your files as needed.

    For the most part, NT Backup works just fine under Windows 7.  It might not be ideal to continue using NT Backup as your daily backup solution, but it’s good to know those .bkf files you have lying around are still worth something, after all.

    (If you are looking for NTBackup for Server 2008 to backup your exchange store click here)

    Rearm Server 2008

    Today’s topic will be brief, but it is of interest lot of IT professionals out there that need to work with evaluation versions of Server 2008 for testing and self-learning.

    As most of us know, when we download an evaluation version of Windows Server 2008 off of Microsoft’s site, we are given a 60 trial version that functions wholly intact.  If you have received an evaluation DVD with an MS Press book, chances are you will be granted 120 days on the first activation. But this actually isn’t the end of the road for these. They can be, as Microsoft has coined it, rearmed.

    The tool you need is the Soft Licence Manager, and it can be invoked by typing in slmgr.vbs in an elevated command prompt. Using this tool, you will actually be able to rearm the activation 3 times, bringing your total evaluation period to 240 days – quite a generous allowance really. Let’s look at some of the switches.

    So, slmmgr.vbs /dli

    This first switch will display all of the licence information.

    slmgr.vbs /ato

    This switch can be used to activate windows.

    slmgr.vbs /rearm

    As the switch implies, this will rearm the OS allowing you another 60 days.

    slmgr /ipk <product key>

    This may in fact be one of the handies switches if you are switching between versions of server 2008. It can be used to replace the current product key with the new one inputted.

    slmgr /xpr

    Is used to find out the expiration of the current licence information.

    There are also a plethora of advanced commands available, and I suggest that you check these out by running the standard /? switch to view these. Also, as with most things, all of these switches will work with Windows 7.

    Enjoy your extended evaluation period!

    WebDAV on Windows 7

    WebDAV is a great way of accessing files over the Internet.  It’s essentially FTP, but not so archaic and fragile.  It works well through firewalls, can be encrypted, and is just generally a nice, modern, useful protocol.

    I’ll show you a couple WebDAV tricks in a moment, but first, I’m going to show you how to set up WebDAV on your own Windows machine.  It’s one of the best ways of accessing files remotely – free, easy, and highly compatible.  I’ll assume you’re using Windows 7, because if you’re a tech enthusiast, there’s no reason you should be using anything else at this point.  WebDAV works under pretty much everywhere, but it’s not always this easy to set up.

    So, the first thing to do is to install IIS, if you haven’t already done so.  IIS is included in all versions of Windows 7, although it’s not turned on by default.  Click Start, type “Windows features”, and click enter.  This will get you to the Windows Features dialog (which you can also access through Add/Remove Programs):


    Turn on IIS, and make sure you select at least the following:

    • Internet Information Services
    • IIS Management Console
    • WebDAV Publishing
    • Windows Authentication

    You might want to read through everything else there and make your own decisions about what you’d like to install.  If you don’t know what something is, just leave it off – it’s easy to change later.  Then, you’ll need to open port 80 on your router and firewall (assuming you want to access this server from elsewhere on the Internet).

    Now, start IIS Manager.  You’ll need to configure authentication, so select Default Web Site and double-click the Authentication icon:


    Depending on what options you chose earlier, you might have other types of authentication available here (such as basic, Kerberos, or certificate-based). I’d suggest you disable Anonymous and enable Windows authentication.

    Next, go to WebDAV Authoring Rules, and click Enable on the right:


    This turns on WebDAV for this web.  Now, you’ll need to add an authoring rule (essentially, permissions for WebDAV).  Click ‘Add Authoring Rule’ from the right, and you’ll see this:


    The easiest thing to do here is to select all content, all users, and all permissions.  Clearly, you may want to change this to suit your requirements.

    Once you click OK, your server will be running WebDAV!  This is great if you just want access to the files on your Default web site, but if you want general access to other places on your computer, you’ll want to add some virtual directories.  To do this, right-click the Default Web Site, and choose ‘Add New Virtual Directory’:


    Type an alias and provide a path to the folder you’d like to share.  Then click OK.  Just like that, you’ve set up a ‘Share’ under WebDAV.

    Now, I’ll show you a great trick for using WebDAV.  This will also let us test to see if everything is working properly.  Open a command prompt, and type something like this:

    net use * http://mobile1/projects

    That should map a network drive to your WebDAV folder:


    As you can see, it’s a pretty easy way of accessing your files remotely.  You get all the rich tools of working with files straight through Windows, and since WebDAV works over simple HTTP, this will work through all but the strictest of firewalls.  As this is running through IIS, you can also take full advantage of the rich security and administration tools IIS provides – including HTTPS, if you’re worried about encrypting your transfers (while your password will be encrypted if you use Windows Authentication, the rest of your session is sent in the clear if you choose to use normal HTTP).

    By the way… if you have Directory Browsing turned on, you can type that same URL into a browser, authenticate as required, and you’ll see a listing of your files that you can download directly.  This might not be as slick as WebDAV, but it’s guaranteed to work everywhere.

    Here are some things you may run into trouble with:

    • You can’t use Basic authentication with HTTP.  This is a good thing: in such a scenario, your password would be sent in plain text.  Either use HTTPS or turn on Windows Authentication.
    • Don’t forget that IIS runs under an account that won’t have access to certain places (like your desktop) by default, so you may have to adjust file permissions accordingly.
    • To use WebDAV, three permission checks will all have to succeed: the WebDAV authoring rule, your IIS permission settings, and your Windows permission settings.  If you’re having trouble, start at the bottom and work your way up.  Can you access the file through IIS using a browser?  If not, you won’t be able to get at the file through WebDAV, either.

    Because of the flexibility offered through IIS, you can use this for much more than simply accessing your documents remotely:

    • Let others edit a web site you’re hosting.
    • Set up a public read only ‘tools’ folder where you can easily get at common tools and documents you find yourself wishing were available on other people’s machines.
    • Create a web-accessible team folder, granting read-only access to some users and full access to others.
    • Publish web pages from within Microsoft Office!  Just choose ‘web page’ as the file type when you click Save, and save the document to a public WebDAV folder.

    There’s a tremendous amount of helpful information on WebDAV under IIS 7 at http://learn.iis.net/page.aspx/357/webdav-for-iis-70/ if you want to learn more.

    WebDAV: Use it, love it.  It doesn’t get much better than this, folks!

    Copyright © 2010 Paul Guenette and Matthew Sleno.