# Category Archives: Windows Compontents

## Hate to say it, but Powershell is cool!

Just to put it out there.
Some history.

BAM!
There was Powershell. At first, I didnt quite understand its potential and role in the Microsoft product suite. Then came the ‘not-quite-headless’ windows server. I was like: oooh, It looks like Microsoft is Changing/learning and stripping useless overhead (read things that can potentially break, need maintenance, costs resources and thus it costs money). Up to this point I still didn’t quite understand the PowerShell potential and didn’t bother to look into it.

Then last month a team member needed to install Oracle Fail Safe on a Microsoft 2012 box. He needed to run an PowerShell script to set some things right and the script didn’t quite work. Hating the fact (as a former microsoft SE) not being of any real help, I figured, lets spend some time and start learning Powershell. Its time I get to  (ex-Windows NT4,2K,2K3 guy) understand this puppy everybody is revved up on.

In my search for a good learning site I came across the: Microsoft Virtual Academy and followed the course. After doing some of the course my conclusion was: Powershell (V3) is way more cool then I anticipated!

Why?

At first I thought another Linux-shell-clone was being created by Microsoft. But don’t let yourself (like I was at first) be fooled by the Linux looking Pipe approach. In the Microsoft implementation its not text that’s being redirected, its redirecting objects. For those that not understanding objects: Instead of sending  the unstructured text output of a command, its sending you the whole thing with structures and methods and everything. This enables you to do the wildest things without losing the oooh so important overview of things and is makes waaaay more sense.

The simplest way to explain this is by example. For instance, the following command gets the directory (as an object), pipes this object to a select method, then we select specific properties from this object then output and then manipulate “@{…}” some of this output while we are at it because we can. The result, a logical flow of information resulting in the usable and desired form I WANT IT. Did you ever use awk?!

This Object approach makes you wickedly flexible as you can see, formatting, using and manipulating data as you see fit.

Another cool thing is that you are not bound to some servers commandline console. You can output to the console sure, but there are also some several nice, cool options. For example: output an Get-Help article to a window with the -ShowWindow parameter.This enables you to view en search content from a nice scrollable window. Or output the table from the previous statement to an Gridview view.

If this is cool enough yet, there are tons of very cool features that are incorperated into powershell. A few of many are: Updateable help-system, Out of the box remoting to PS sessions on different machines, Remoting using sessions locally, Importing PS management modules from remote machines (so you dont need to install them over and over again), An PS webapplication for remote -mobile- management using powershell. Yeah, the list goes on.

Sadly all the nice graphical perks still need that blasted explorer.exe proces. I guess Microsoft still needs to develop an X alternative for that. Please Microsoft, lose the need for that explorer.exe process and you regain my trust 😉

Wrap-up, no tech is perfect, so my advice: Definitely look into is the free (Yeah ITS FREE) getting started training by Microsoft. http://www.microsoftvirtualacademy.com/training-courses/getting-started-with-powershell-3-0-jump-start#?fbid=jzUgaMv9GOI

Now lets go back to my beautifully tweaked and optimized Oracle Enterprise Linux deployment. With awk(ward) GNU text pipes that noone really understands. Without the cool management interface, but still the OS I prefer in my HAHP-backend

Regards,
Chris

## SPF2010 Explorer view, very poor performance?

Also installed Sharepoint Foundation 2010 in conjunction with your server 2008 server?

Also experiencing very slow performance with the explorer view, or the mapped networkdrive?

Then you might want to turn off “Automatically detect settings.” in the Lan Settings section of IE.

### Background

I was also experiencing ridiculous slow performance when opening a document lib in explorer view. At first I thought it was due to the zone settings, which are used by the Web Client, responsible for this connection. After fiddling around with the settings endlessly with no result. Reading the Microsoft (outdated) whitepapers for suggestions with no result, and finaly experimenting with web-folders and webdav -not needed for SharePoint explorer view- with no result… It was clearly time for a different approach.

I installed Wireshark to find out what was actually happening on the line, and this is what I found. After clicking the “view in explorer” link, the following happens on the line:

The yellow lines you see between the “actuall” traffic, are so called “WPAD” queries. WPAD stands for “Web Proxy Automatic Detection”. In the screen you can clearly see that the webclient is trying to auto detect the proxy settings prior to actually connecting. The time this action consumes is equal to the wait time, the user is experiencing.

After disabling this feature in the IE>Internet Options>Connections>Lan Settings>Automatically detect settings. Opening the document library is instant.

After I disabled this setting, the LAN behavior looked like this:

Some tips.

You dont need to install the IIS WebDav in order to use explorer view. SPF implements its own version of WebDAV for this functionality.
“Many people are under the misconception that SharePoint uses the WebDAV functionality provided by IIS 6.0. Actually, SharePoint provides its own WebDAV implementation using the Stsfilt.dll ISAPI filter that is installed with both Windows SharePoint Services and SharePoint Portal Server” (Understanding and troubleshooting Sharepoint Explorer view.doc, Steve Sheppard, 2006)

Explorer view is offered through the Web Client Service. Its useful to understand its dependencies (zones, proxy, and other settings)

(src:troubleshooting SharePoint explorer view.doc, annotations by myself)

Usefull sources:

Any other useful tips?

## Exact Globe, folder allready exists during CLIOP export to network.

On Windows 7.

If you get an error message suggesting that the user doesnt have the correct rights to create a new directory inside the designated CLIOP export networkpath. This might be, because you are running Exact in an elevated state (as administrator). This is needed by some users to netupdate the client, but will cause all sorts of problems when the client is used in this state.

To resolve this problem, verify that the user has the proper rights on the designated network location. This can simply be done by opening the path in windows explorer, next create a folder and file. If this is succesfull the network rights are correct (so you dont need to create a new support call 😉

Next verify that the exact client isnt running as administrator. You can verify this by rightclicking the shortcut, and then select properties. Locate the ‘Compatibility’ tab, and verify that the checkbox ‘run as administrator’ isnt checked. IF it is, uncheck it and apply the new settings.

If network policies allow, also verify that the checkbox isnt checked on the exact binairy inside the exact installation dir.

I hope this helps 🙂

Rgrds, Chris

## Certificates, what to know…

Certificates is a tough and complex world to be in.

Here are the main things to remember when renewing old certificates, or requesting new ones 🙂

• CAis a short for “Certificate Authority” and is usually a party that ‘Signs’ certificates on behalf of the requester. Because someone other then the party hosting a site signed the certificate it is assumed that dualism applies.
• CSR is a short for “Certificate Signing Request” and contains the hash needed by any CA to create a “Signed” certificate.
• Private Key Is the server keyportion of the certificate that enables the server to “Decrypt” traffic generated by a remote client using the provided certificate. This part of the certificate should always be kept save, and should never be exchanged with any 3rd party. He who has the private key can assume the identity of the server/service on which the certificate applies.
• Public KeyIs the client keyportion of the certificate that allows a client to decrypt the traffic that is generated by the remote server. This key is exchanged encrypted using the certificate during connection time, and because only the server holds the server portion of the privatekey, he is the only one in the world who can theoretically decode this traffic containing the key.
• Certificates CN (Common Name) should always comply with the url used by the visiting client. i.e. for google the CN would be http://www.google.com.
• Certificates O (Organization) should match the company listed in the whois that is performed on the domain name. i.e. for google it would be “Google Inc.” http://www.whois.net/whois/google.com
• When you want to use the Certificates for Mobile Devices, a special certificate should be used. Check ssl.nu for more information.
• SAN – is a short for “Subject Alternative Name” not to be mistaken with “Storage Active Network”, it is a special certificate that allows for multiple CNs. (multiple sites) http://www.digicert.com/subject-alternative-name.htm, also used in a number of Microsoft products.
• If you have an option on this point dont use certificates that use MD5 cryptographic hash . These are considered to be weak, and might be blocked by future browsers being insecure. Weaknesses allow hackers to create a ‘valid’ certificate and steal the identity of you site by applying it. (though read, for the wiz-kids http://www.win.tue.nl/hashclash/rogue-ca/)

this might also be usefull, CSR Checker that will also perform a few checks to make sure all the info inside the CSR adds up.
https://www.networking4all.com/en/support/tools/csr+check/

## peimg.exe missing? here is how to fix it :)

Facts.

peimg is not being used anymore in the WAIK for windows 7. Instead you need to use the dism command. because the help is hidden pretty well, here is the Help you prob. are looking for 🙂

To get all the available options on the “offline” wim image provided by dism you need to run the following.


# Mount the image as usual (use the WAIK command line from the start menu

imagex /mountrw C:\path\to\image.wim {1/2}* C:\path\to\mount-dir\

*There can be multiple images in a wim image, for boot.wim these are 1 = Microsoft Windows PE, 2= Microsoft Windows Setup. The 1 or 2 in the given command selects the required image.

#To get all the dism options type the following;
dism /image:C:\path\to\mount-dir /?



Keep in mind that sub options have new help menus. For example, adding additional drivers has new help instructions that are accasible by calling;

dism /image:c:\path\to\mounted\image /add-driver /?


All the base options provided by dism

Image Version: 6.1.7600.16385

The following commands may be used to service the image:

UNATTEND SERVICING COMMANDS:
/Apply-Unattend - Applies an unattend file to an image.

DRIVER SERVICING COMMANDS:
/Remove-Driver - Removes driver packages from an offline image.
/Add-Driver - Adds driver packages to an offline image.
/Get-DriverInfo - Displays information about a specific driver
in an offline image or a running operating system.
/Get-Drivers - Displays information about all drivers in
an offline image or a running operating system.

WINDOWS PE COMMANDS:
/Apply-Profiles - Applies profiles to the Windows PE image.
/Disable-Profiling - Disables profiling.
/Enable-Profiling - Enables profiling.
/Get-PESettings - Displays Windows PE image information.
/Get-Profiling - Gets the enabled/disabled state of the Windows PE
profiler.
/Get-ScratchSpace - Gets the configured amount of Windows PE system
volume scratch space.
/Get-TargetPath - Gets the target path of the Windows PE image.
/Set-ScratchSpace - Sets the scratch space of the Windows PE image.
/Set-TargetPath - Sets the target path of the Windows PE image.

INTERNATIONAL SERVICING COMMANDS:
/Set-LayeredDriver - Sets keyboard layered driver.
/Set-UILang - Sets the default system UI language that is used
in the mounted offline image.
/Set-UILangFallback - Sets the fallback default language for the system
UI in the mounted offline image.
/Set-UserLocale - Sets the user locale in the mounted offline image.
/Set-SysLocale - Sets the language for non-Unicode programs (also
called system locale) and font settings in the
mounted offline image.
/Set-InputLocale - Sets the input locales and keyboard layouts to
use in the mounted offline image.
/Set-TimeZone - Sets the default time zone in the mounted offline
image.
/Set-AllIntl - Sets all international settings in the mounted
offline image.
/Set-SKUIntlDefaults - Sets all international settings to the default
values for the specified SKU language in the
mounted offline image.
/Gen-LangIni - Generates a new lang.ini file.
/Set-SetupUILang - Defines the default language that will be used
by setup.
/Get-Intl - Displays information about the international
settings and languages.

PACKAGE SERVICING COMMANDS:
/Add-Package - Adds packages to the image.
/Remove-Package - Removes packages from the image.
/Enable-Feature - Enables a specific feature in the image.
/Disable-Feature - Disables a specific feature in the image.
/Get-Packages - Displays information about all packages in
the image.
/Get-PackageInfo - Displays information about a specific package.
/Get-Features - Displays information about all features in
a package.
/Get-FeatureInfo - Displays information about a specific feature.
/Cleanup-Image - Performs cleanup and recovery operations on the
image.

For more information about these servicing commands and their arguments,
specify a command immediately before /?.

Examples:
DISM.exe /Image:C:\test\offline /Apply-Unattend /?
DISM.exe /Image:C:\test\offline /Get-Features /?
DISM.exe /Online /Get-Drivers /?


## Exact globe 396 Runtime & automation errors, selecting “Reports and declaration”

Today we found that “E-Salary” might generate a “Runtime 0” error and an “Automation” error when running in a “dual screen” desktop, afterwhich the mainscreen will freeze.

When exact is opened on the secundair screen you might not be able to run any report / declaration from the right menu options. As an result the main screen will freeze-up and the only solution is restarting exact.

A quick fix is to run exact in the Windows main-screen only! You might be able to identify the main screen by selecting the screen properties, or (if you didnt move the start menu) use the screen that has “menu start” in it.

Good luck, and hopefully this bug will be fixed 🙂

## Installing Nvidia Quadro display drivers on Windows 7 Professional.

Oke, first off this I will not guarantee that this will not cause any problems in the future, or that this method will work for you!
As you might have noticed there are no supported Quadro drivers for windows 7 at this very moment, But do check the vendor site for any updates before attempting this work arround
.

When to apply
1. Setup halts with an error stating the opperating system isnt correct.

What to try first?
1. Try the Vista Drivers first, they usually install without any error messages. This is still no guarantee that the driver will function properly.

WARNING!
If your display isnt working afterward, do use the “Savemode” option (F8/boot options) to rollback the driver installation. Be sure to understand this before attempting the installation. Creating a restore point might also work out for you.

Work-Arround
1. oke, download the drivers for your system (Mine where on the Dell site as expected 😉
2. Unpack the drivers to your disk (c:\dell\drivers\#####\, or c:\NVIDIA\)
3. Find the “Setup.exe” file
4. Rightclick it, and find the tab compatibility
5. Select “Windows Vista [distr.] SP3”
6. Select Apply > Ok.
7. Rightclick the setup.exe again (if the next option doesnt show, press hold the left shift key while right clicking)
8. Select “Run as administrator”
9. Follow the Installer, and reboot afterward as usual.

Any keynotes, other solutions, other sources? Please be so kind to share them 🙂

Good Luck and hope this helped 😉

## Tip : Free Nero alternative.

Recently I can accros a problem where uploading files to a VM machine using SCP (SSH) just wasnt possible… 😦

It was also the moment I found that I forgot to bring my ISO container containing the file, that would enable me to mount that image within VMware. Thank god i found that Nero GNU alternative that does what nero does. Build ISO files. You can find the download here 🙂

http://sourceforge.net/projects/infrarecorder/

If you like the tool? Dont be shy and donate 😉

## Windows update error?!?

Hi guys,

Uptill reacently we start getting messages in our client system logs stating something like;
The Automatic Updates service terminated with the following error: The class is configured to run as a security id different from the caller.

To be honost, we tried different aproaches and researched different angles on this issue. Found articles about BITS and other security stuff, but none realy helped. The following is true in our envirnoment.

1. We dont use WSUS.
2. We have a Native 2003 Domain
3. We use Windows XP servicepack 2
4. We do use network policies but for some illusive buisness requirements we dont enforce updates (developers…. )

Here are some things that where true on the issue.
1. We couldnt start or stop the windows update service (wuauserv.dll / wuaueng.dll) and got an access denied message.
2. We couldnt register the various dlls into windows.
3. We couldnt rewrite the BITS entries also getting an access denied message.
4. We couldnt enable “interactive” mode in the security>logon tab of the service getting… Yea an access denied message.

“Update on this Issue”

The problem was somewhat illusive to us, but we found the problem! 🙂

The behaviour as described above is caused when a network policy is used to enforce the service configuration (Windows Update Service) itself.

In the Machine portion of a GPO you can browse down to : Computer Configuration >Windows Settings > Security > System Services. Here you can configure various aspects of the winows services, like force the messanger service to be disabled. In our case the Windows Update Service was forced to be Automatic and with thus (check the permisssions button) the rights on that service…

Just remove the policy from the Windows Update service service and control the update service using the aprop. policies found under : Computer Configuration > Administrative templates > Windows Components > Windows Update instead.

This should fix the Id is other then caller issue 😉

Just use the “gpupdate /force” command on the clients that realy need some updates, and or wait till the next logon, or 90 Minutes (default gpo refresh time)…

Gl & Rgrds, Chris

## Tip : Terminal Server Client tool.

Security, security and if possible some ease of control. Well i grew pretty tired of typing;

Start>Run>Mstsc

and repeating this for each new instance. And needing to remember all the ips from different networks etc. I didnt want to store these as machinex.rdp knowing its just a flat text file with the rpd extention. Then i came across someone that told me, dude! you should try Royal ts…

And i was like…. Whoat? Well, have a peek for yourself and drop me a message if you liked it 🙂

Browse to this location, and download version 1.5.1 (wich is the last free full purpose legacy client)

Do buy the last one if you realy realy realy like it, these guys need the motivation also 😀

Rgds,