September 2005 - Posts

• eDonkey, Rest In Peace

  I blogged a few weeks ago about how eDonkey was apparently the new king of P2P. Their stay at the top sure didn't last long. Looks like the MPAA and RIAA have lawyered them into folding. I never used eDonkey but it's amazing how fast these new technologies come and go. It's nice that services like iTunes are sort-of embracing the technology instead of fighting it but I still think the prices they are charging are crazy. I think they would actually make more money if they lowered their prices so that people wouldn't be so interested in getting everything for free. And, for better or worse, it's here in America that we are driving all of the P2P services out of business. As mentioned in the article on Betanews, we might start seeing more technological innovation happening overseas because companies are afraid of what might happen to them in the US. Posted Sep 29 2005, 12:57 PM by mbroadstock with no comments Filed under: Misc

• Finally legal on some utilities I've used for years

  You know how it goes, you find a good utility that you find useful times and time again. You recommend it to all of your clients and IT buddies that you have. But you never actually get around to PAYING for the software. Well, today I finally got around to purchasing a couple of utilities that I have used for years. I've felt guilty about it for a long time but just never made the time to go to their websites and pay them (ya, I know, all of 5 minutes). Today, I bought ExamDiff Pro and TreeSize Professional. These are two of the best utilities I have ever used and I use them on a regular basis. ExamDiff is similar to a lot of other file comparison utilities like Winmerge. But it is, BY FAR, the best I have ever used. It is easy to make changes within the program itself and it is extremely customizable. You can highlight line differences, byte differences, change the algorithm that is uses to do the actual comaprison, ignore tabs/spaces/white space, etc. I highly recommend it. I use it daily when I am doing coding--whether it be vbs, VB.Net or who-knows-what. It makes it very easy for me to compare different versions of code and confirm that I am only making changes to the things that I want to actually change. TreeSize also has a lot of programs that are similar to it. It's just a program that parses through a folder structure and shows you how much space each folder is using. But, once again, I just think it does it better than anything else. We used it just yesterday to find out why the C: drive on one of our servers was almost out of space. One of the guys on the team spent quite a bit of time going through folders he suspected were the culprit but wasn't able to track it down. Two minutes with Tree Size and we were able to determine that IIS logs had been building up on the server and were using around 10GB of disk space. Anyway, I hope to do a better job of actually paying for the software that I use. I get spoiled because so many of the incredible tools that I use are free (like RegMon/FileMon) so I guess I get used to not paying for them. Posted Sep 28 2005, 12:26 PM by mbroadstock with no comments Filed under: Misc

• XP SP3 preview (all post-SP2 hotfixes)

  I ran into yet another bug that requires a hotfix that you have to call Microsoft Product Support in order to get the hotfix itself. Tired of waiting around on the phone every time I need to get ahold of something that should be made readily available, I decided to put Google to work to see if I could find a place to download it. Lo and behold, you can download ALL of the hotfixes in one nice download. I'm not sure if Softpedia opened up tickets with Microsoft for every post-SP2 hotfix or what but I'm just glad they are making them available. Here's the link to the download. It's just under 200MB and I am waiting for the download to finish so I can make sure the hotfix I am looking for is in there. (KB888254) One word of advice, try the Romanian download mirror instead of the USA one. I was getting about 2.1 kb/sec on the US one (55 hour download!). The Romanian one is only going to take about 10 minutes. Posted Sep 28 2005, 10:09 AM by mbroadstock with no comments Filed under: Misc, Active Directory

• grrrrr....post timed out

  Welp, I had been working on a post on an issue that had been going on that I finally figured out this morning. Of course, being a Monday, I have been swamped with calls all day. So I just got around to finishing what ended up being a fairly lengthy post. I hit the 'Post' button and I am greeted with the “Please logon” screen. AAaigh! So I logon and it just takes me to my normal Posts screen. I tried going back in the browser but, alas, everything was lost. Lesson learned, save the post as unpublished every once in a while. Or do a Select All-Copy before hitting Post. I just wish I could predict when I'm gonna get yanked out of my office for an hour. So the world will just have to figure out how to troubleshoot IE security zone issues with MS Access on a Windows 2003 Terminal Server/Citrix server on their own. :) Posted Sep 26 2005, 04:55 PM by mbroadstock with no comments Filed under: Misc

• My take on teaching evolution/creationism

  Rod had a good blog on the big debate going on on what we should be teaching in our schools. I think the biggest problem is, once again, how do you teach creationism in a school? If you are going to do it, you need to be sure to talk about *all* creationism beliefs.  Hindu, Islam, Buddhism, Judaism, Sikhism, etc. in addition to Christianity. And I don't know know if I would want my kids spending time on all of that in a basic science class in primary school. I think it would be great if there was a specific class available in High School on Religion and/or Philosophy where they could focus on all of those things but I'm not sure if I want a lot of time invested on it in a science class. It'd be nice if they could just stick with explaining that evolution is a theory supported by the majority of the scientists in the world and say that there are lots of other theories on how everything came to be. Maybe list off the major ones but don't spend a lot of time going into detail on any of them. I'd want my kids learning their religious beliefs at church instead of at school anyway. And since it is in a science class that evolution is taught, let them stick to teaching what scientists believe. If anything, it is a good time to highlight that most of science is theory and it disproves itself all the time. After all, some of the most brilliant scientists in history thought the Sun orbited around the Earth, right? Heck, even Steven Hawking admitted he was wrong not that long ago. For the record, I do believe in evolution in humans. Just look at all of the different races we have on this planet, I guess I consider that to be the result of evolution. But I personally don't feel like creationism and evolution have to be mutually exclusive. Posted Sep 26 2005, 03:14 PM by mbroadstock with no comments Filed under: Misc

• Bring on the beer and the comfy couch (or barstool)

  Ahhh...my favorite time of year. Baseball playoffs are on the way (Go Cards!), football has been going a few weeks, and basketball and hockey (remember hockey?) are getting ready to get started. I love my baseball but this time of year sure is nice because you can watch a different sport every night of the week (maybe even all on the same day). The only downside I can think of is when the perfect storm of parking nightmares occurs and we have home games at the same time for two sports. Good luck finding a spot within a mile of the arena. And the parking lots folks seem to learn a lot from the gas stations -- they know when they can jack their prices up and get away with it. So here's looking forward to a bunch of hangovers on Tuesday mornings... and to the Cards winning the World Series, the Pacers winning the in the NBA, the Blues having some good fights, and the Rams losing so bad that they finally have to fire Mike Martz. Posted Sep 26 2005, 02:45 PM by mbroadstock with no comments Filed under: Misc

• RegPerm must be buggy

  Well, we might be closer to figuring out what is screwing up the registry permissions in a lot of our packages. From what we have seen so far, RegPerm must have a few bugs. It is shutting off inheritence on keys that it isn't supposed to and replacing the existing permissions with the new ones you are adding instead of just doing an edit on the existing ACL. Someone found this article and it looks like others have run into similar problems as well. I've always used SetACL to set permissions. The syntax takes a bit of learning but the thing just flat-out works. Hopefully we can transition to SetACL and stop breaking critical system components whenever we send out a package that sets registry permissions. I still need to get our packagers to stop granting all users Full Control at high levels in the registry like HKEY_CLASSES_ROOT and HKLM\Software. It can be a real pain to get apps to work in a locked-down environment but you always end up paying whenever you take the easy way out. Posted Sep 22 2005, 12:32 PM by mbroadstock with no comments Filed under: SMS, Active Directory

• Disaster Recovery scripts saved our butts today

  Well, the DHCP backup script that I put in place at my current client ws a life-saver this morning. All of the scripts that I threw together are extremely simple to put into any environment and I encourage you to check them out if you haven't. You can find them in my “Shell scripts“ article category. Our Primary DHCP server was rebooted this morning and for some reason it decided that bits of our scope configurations weren't valid anymore. So it decided to delete a number of scope options, delete a ton of reservations, and change the IP ranges for a few scopes to 0.0.0.0 through 0.0.0.0. Needless to say, we started getting calls pretty early. But we were able to re-import all of our settings from yesterday (actually from this morning at 5am since that's when I have the scheduled task setup to run) in a matter of minutes. I'm not sure what we would have done without having the scripts in place. Posted Sep 21 2005, 01:05 PM by mbroadstock with no comments Filed under: Active Directory, Scripting - Bat/Shell Scripts

• Integrating hotfixes into your RIS images

  Anyone ever had much success getting their patches integrated into their RIS images? We've always just used SMS to push out the patches after the RIS but our folks out in the field don't like waiting up to an hour for everything to come down. And until we had the ITMU, it might need to reboot a few times during the process. Tim Mintner and I recently played around with a few new ways of pulling it off but ended up resorting to just using a batch file that installs all of the critical patches. It just gets called at the end of the RIS process. This is better but I've seen some articles on some other methodologies that have piqued my interest. 1. http://support.microsoft.com/kb/828930/ - This explains how you can use the “/integrate” option to integrate a hotfix into an image. 2. A lot of people seem to be using RyanVM's update Pack in conjunction with nLite. The thing is, Tim and I couldn't get it to work. We tried following some step-by-step directions but the RIS would fail whenever we tried to install a new workstation. Although I'm not sure that we did actually follow every step exactly so maybe it was our own fault. It sure seems like what we did should have worked though. So has anyone played around with these and gotten them to work with RIS? I haven't actually tried using these processes to create a normal boot CD install. If I find some time, I might try that to see if it is just RIS that is causing the problems. Posted Sep 21 2005, 12:59 PM by mbroadstock with no comments Filed under: Active Directory

• Having fun getting SMS client issues worked out

  Well, now that Tim Mintner is a bigshot and Microsoft (how's Davenport treatin' ya) and Brian Tucker is in South Carolina sitting on a beach drinking beers and playing his guitar, I get to be SMS-guy for a week. It's a nice change of pace from the AD and scripting work that I spend most of my time on. So, for the past few days I have been working pretty much non-stop on trying to make sure all of our clients are on the ITMU version. We had a few hundred clients that had problems upgrading to the latest client. And, of course, rather than there just being one cause, there seems to be a lot of different reasons. So far, we've run into the following: 80+ machines - Registry permissions at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Client\Client Components\Remote Control\User Settings were screwed up. This was caused by a package that was setting registry permissions at HKLM\Software and pushing them down to every subkey. 50+ machines - More registry perm issues - This time a different package was resetting the permissions at HKEY_CLASSES_ROOT\TypeLib with "Domain Users - Full Control". The client wasn't able to upgrade/repair because the System account didn't have permissions. 50+ systems - A router issue at one of the sites is preventing them from contacting our load balanced Management Points. They can access any other server but not just those two servers. Still working on this one. A handful of systems - The SMS Agent Host was just stopped. I hammer this point home to our packagers all the time: You cannot take the easy way out when setting either NTFS or registry permissions. We've been bit time and time again with packages doing things they weren't supposed to do: vbs get broken, .Net framework gets broken, VBA stops working in MS Office, etc. Overall they are doing a pretty good job but all it takes is one bad package to screw up a lot of workstations. And they can be a real pain to fix after-the-fact too. Anyway, if anyone cares, here's the query we used to track which clients haven't been updated: select SMS_R_System.ResourceID,SMS_R_System.ResourceType,SMS_R_System.Name,SMS_R_System.SMSUniqueIdentifier,SMS_R_System.ResourceDomainORWorkgroup,SMS_R_System.Client from SMS_R_System where ClientVersion not in ( "2.50.3174.1152" ) and OperatingSystemNameandVersion like "%Workstation 5.1%" I then created a subcollection that was limited to that collection with the following query: select SMS_R_System.ResourceID,SMS_R_System.ResourceType,SMS_R_System.Name,SMS_R_System.SMSUniqueIdentifier,SMS_R_System.ResourceDomainORWorkgroup,SMS_R_System.Client from SMS_R_System where Active = 1 and Client = 1 and ResourceDomainORWorkgroup = "DS" This was so I was only looking at systems on the domain (not our legacy clients) that are indeed active. Posted Sep 21 2005, 12:49 PM by mbroadstock with no comments Filed under: SMS

• Fun with HTAs

  I do a ton of vbs/shell scripting and dabble in HTML every once in a while when I need to but I've never gotten around to writing an HTA until recently. They can be very useful and now that I have started working with them I can think of a bunch of old vbs scripts that could be improved by making them HTAs instead. Microsoft has a pretty decent overview of HTAs but it's still a bit bare. Anyway, the HTA I am working on is to help setup collections in SMS that are limited to specific groups in Active Directory. My current client has both AD and SMS split up by business unit. So any time we need to create a new package in SMS, we have to create 20 groups in AD and then create 20 collections that are tied to those specific groups. It is quite time consuming (multiple hours from what I am told) and it is also very easy for a typo to cause problems. So the new HTA that I have written automates all of this. It has a nice form that you can fill out that allows you to put in the group name that you want to create and the collection name that you want to create. A couple of clicks and PRESTO! 15 seconds to accomplish what used to take a few hours. You can also just select specific business units if you don't want to create groups and/or collections for all of them. I still have a little bit of cleanup to do but it is fully functional at this time. Next, I plan to improve on it to allow you to create advertisements for each entity. I've already done a bit of playing around and it is pretty easy to generate dropdown boxes that are populated with all of the collections and packages that are in SMS. It shouldn't be too tough to setup something that allows you to select a collection and package and create an advertisement for them. I'll post the entire code when I get it cleaned up a bit. It relies on some XML to pull up the list of all of the business units and to store information on what OU each business unit uses. If you haven't dabbled in XML using VBS, I've created some generic functions that allow you to work with XML fairly easily. Update: I tried to put in a screenshot but it didn't seem to work. I'll see if I can get one posted... Posted Sep 14 2005, 09:58 AM by mbroadstock with no comments Filed under: Scripting - VBScript, SMS, Active Directory

• More annoyances with Lotus Notes

  Let me reiterate in case you missed it...the Lotus Notes client blows. Today I got a call from one of our techs out in the field. The CEO is getting the following error whenever he tries to run Notes. "You cannot use the Administration program while the Domino Server is running. Either shut down the Domino Server (but keep the file server running) or choose the icon labeled "Lotus Notes" instead" Well, after 20 minutes of digging around it turns out that the problem is that the CEO has another computer somewhere and Notes is still running on it. Because Notes still insists on storing so much data on the client rather than the server, some critical files were locked and the new Notes session wouldn't launch without giving the no-so-helpful error above. Now this wouldn't be a problem if we just setup the CEO to store all of his Notes data on the C: drive for both systems instead of putting it all out on a network share. But then you run into other issues: No backups. If the hard drive dies, you've lost your address book and other important data. No shared address book. The CEO would have to maintain his address book on both systems. Maintaining your password separately. What other e-mail system stores your password in an ID file on the client instead of storing it on the server?!? I guess I just miss working at a client that uses Exchange. I know it's not perfect but at least Microsoft is willing to stay with the times. Lotus Notes has made tons of improvements on the server side but the client/server architecture they are using hasn't changed since the old MSMail days. I can't believe Domino still has close to the same market share as Exchange. Posted Sep 07 2005, 10:43 AM by mbroadstock with 1 comment(s) Filed under: Lotus Notes

• Skewed perspective?

  Let me start out by saying I certainly hope the best for all of those affected by Katrina. I think we've done a really horrible job so far but hopefully things are starting to come together and we can start getting food and water to everyone who needs it. I hate to see unnecessary suffering and the people hindering our efforts should be dealt with severely. One comment I have though, we're looking at a lot of money to repair everything. But buildings can be replaced. Most of the reports I've seen put the death toll in the hundreds, not the thousands. To put this on the same scale as the tsumani is ridiculous. Over 200,000 people died. Sometimes I think we are all subjected to so many huge numbers in our lives that it is hard to put things in perspective. For instance, millions of dollars were spent on the whole Terry Schiavo affair. Why couldn't that money have been sent to Somalia where it could have saved thousands of people. If one life is precious, how much more precious should 1000 be? I don't want to sound like I am devaluing anyone's life but if I (subjectively) had the chance to save one life or 1000 I certainly know which one I would choose. So let's hope our troops are able to restore some order and no more lives are lost that we could have prevented. Posted Sep 02 2005, 04:31 PM by mbroadstock with no comments Filed under: Misc

• New P2P network?

  I must be out of touch with all the new ways to “share” music/movies on the internet. Apparently eDonkey is the new King of P2P.  And some of my friends were just learning about BitTorrent.... I saw that the RIAA just sued another bunch of people swapping copyrighted material. There will always be people getting caught but it's amazing how fast new technology comes out as soon as the existing technology starts getting targetted. Posted Sep 01 2005, 02:09 PM by mbroadstock with no comments Filed under: Misc