Mark this one down as one of the strangest things I’ve encountered in awhile.  The longer you are in any field, the less likely you are to see something that stumps you, but today was the exception. First, the setup:

  • Group policy in place to have My Documents redirect to a network storage folder \\servername\root\username
  • Group policy in place for laptops to have the My Documents folder available offline

On a laptop that follows those two policies, My Documents was not redirecting properly.  If you manually try to browse to the UNC path of the redirected storage you get a permission / access denied error.  After scratching my head and double checking server permissions (which of course had not changed at all) I tried accessing the share using IP address instead of server name and was able to access the folder.  However, I knew it wasn’t a DNS issue because the server name could be resolved just fine and other network folders on the same server could be viewed without issue.  Knowing that DNS and permissions had been ruled out that left me quite confused.  Next, I tried disabling offline files on the laptop and rebooted.  Much to my delight the redirected folders showed up without issue so I knew I was on the right track.

Solution: In the end, after disabling offline files I navigated to C:\Windows\CSC\.  Under C:\Windows\CSC\namespace\ you should be able to identify a folder with the same name as the file server (first, you will need to take ownership of the CSC folder and sub-folders in order to view the subfolders).  I deleted the suspect namespace as well as the files within the temp folder.  After doing these steps, I re-enabled offline files and restarted the computer.  Problem solved.

libtiff3.dll missing when using Separate+ plug-in for Gimp 2.8

Posted: 6th August 2012 by Seth Killey in Apps

This is more of a note to myself, but if others benefit all the better…

We use Gimp for staff members who need to create CMYK images, but don’t necessarily need full blown Photoshop.  There is a nifty little plug-in called Separate+ which allows you to accomplish this feat.  When porting over from Gimp 2.6 to 2.8 I got an error after adding the Separate+ files to the plug-ins folder.  Basically the error was complaining about libtiff3.dll missing.  On another computer using Gimp 2.6 I was able to grab libtiff3.dll and copy it to the GIMP 2\bin folder on the version 2.8 installation to fix the issue.  When it was all done I had the following in the plug-ins folder (GIMP 2\lib\gimp\2.0\plug-ins\):

icc_colorspace
separate
separate_import

and in (GIMP 2\bin\)

libtiff3.dll

libtiff3 download

Hiding sub-folders within a shared network drive

Posted: 26th June 2012 by Seth Killey in Windows Server

Not that this comes into play much, but from time to time there may be a project where only certain users need access to a folder under a shared network drive.  For instance, a department folder with a subset of users who needs a folder that is only accessible to them.  Of course, the obvious answer is to create a new network share.  However, another useful option is something previously unknown to me…enabling access-based enumeration.  On the sub folder if you remove security inheritance and instead add access to the subset of users only, you can then go into the advanced properties of the network share and enable access-based enumeration so that the folder will only be accessible and visible to the authorized subset of users.  Why I prefer this method in certain circumstances is it prevents a proliferation of tiny shared drives which can clutter up a users list of mapped drives as well as add yet another shared folder to account for in disaster recovery / backup jobs.

 

===================================

This is an update from this post

===================================

I’m in the process of upgrading all client computers from Java version 6.31 to Java 7.4.  Like all major version upgrades of Java if you simply install the new version the old version will remain installed.  Therefore, I’ve included instructions that allows you to remove the old version of Java, install the latest version, and then apply an update policy to fit your needs.

  1. To uninstall the old Java, navigate to the registry key that gives you the proper uninstall string.
    If you are using 32-bit version of Windows it should be under HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall
    For 64-bit Windows you might need to go to HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
    Navigate to the key under the uninstall key associated with Java (may be a long ID).  There will be an UninstallString item that will be something like MsiExec /X{________}.  This will be the first part of your batch file.  I include /quiet and /norestart switches (see below)
  2. Next, on a test computer I downloaded Java and acquired the .msi file (see http://java.com/en/download/help/msi_install.xml).  The instructions are for Java version 6, but still apply.  The next line in your batch file will use this .msi file to install Java ex: jre.msi /qn
  3. Finally, on your test computer I set my update policy so that it does not look for updates because my user accounts are standard user accounts and would prohibit users from installing any updates.  To be clear, I diligently patch all computers but I just like to control this process versus having a nagging update balloon show up for users when they can’t do anything about it.  You can change your update policy by clicking on the Java icon in control panel.  Your update policy can be found in registry under HKLM\SOFTWARE\JavaSoft\Java Update\Policy.  I also manually create a binary key EnableJavaUpdate (if it doesn’t exist already) and set it to 0 (as in zero).  Once you’re satisfied with this policy, export the entire Policy key as a .reg file.  The final line in your batch file will look like regedit.exe /s JavaPolicy.reg
    My policy looked like this when finished:
  4. In your Java package you should have 3 files.  A batch file which fires off all the commands, the Java 7 msi install file, and the exported reg file.  My batch file has the following:
    @echo off
    REM Uninstall Java 6 Update 31
    MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216031FF} /quiet /norestart
    REM Install Java 7 Update 4
    jre1.7.0_04-c.msi /qn
    REM Update registry to prevent users being prompted to update java
    regedit.exe /s JavaPolicy.reg
    exit
  5. On SCCM, you will need to either create a new package or update an existing package by updating all distribution points with your 3 files.
    Included are screenshots of parameters for the SCCM program which points to my batch script as well as parameters for the advertisement.

Last week I set out to configure a test environment for building a new website on WordPress.  I decided to setup a Linux server running as a guest on Hyper-V on my Windows 8 beta laptop.  Primarily, I wanted to setup a WordPress site that would be configured under what will be the production URL so I don’t have to monkey with renaming the WordPress site addresses and risk having a bunch content pointing to the wrong URL.

I first tried my preferred Linux distro which is CentOS but sadly I couldn’t get the NIC to show up properly (no ETH 0, even using a legacy NIC).  Interesting, considering I’m running CentOS on my Windows Server 2008 R2 production Hyper-V environment with a legacy NIC.  In any event I went with Ubuntu just to get things going. Ubuntu has a very handy guide to help you through setting up WordPress https://help.ubuntu.com/community/WordPress.

These directions went through without a hitch so for finishing touches I edited the host file on my laptop so that I could edit my WordPress website using what will be the public URL and then export my database and WordPress files to the production server when the time comes.  Keep in mind Hyper-V on Windows 8 has the following hardware requirements: Hyper-V requires a 64-bit system with second level address translation (SLAT) capabilities and an additional 2 GB of RAM. You can also enable SLAT via a BIOS setting.

How to instal Hyper-V on Windows 8

Monitoring a specific web page with Nagios

Posted: 14th May 2012 by Seth Killey in Apps, Linux

Recently I was in need of using the check_http plugin in Nagios to monitor a web app that wasn’t the root web page in IIS.  I’ve used check_http before but never knew how to check sub pages until recently so I figured I’d jot down some notes because it wasn’t overly intuitive to me.

First up, I defined a custom command in my commands cfg file (iwp because this was for instant web publishing in FileMaker)

define command{
command_name    check_iwp
command_line    $USER1$/check_http -H $ARG1$ -u $ARG2$
}

On my server that hosts IWP I defined the following service.  Obviously replace the FQDN with your server name, but notice how you just fill in the remaining part of the URL for the 2nd parameter.

define service{
use                             onsite-service
host_name                       FileMaker
service_description             HTTP
check_command                   check_iwp!server.domain.org!/fmi/iwp/res/iwp_auth.html
}

So I noticed one my SharePoint database files had grown to 15 GB recently.  I found this strange because we’ve only got about 100 users and I couldn’t conceive how a user profile database could possibly be this big.  Upon further inspection, when looking at the tables within the sync database I found the InstanceData table to be the culprit.  A search produced a well written article explaining the issue found here http://paulliebrand.com/2011/05/26/user-profile-synchronization-database-growing-out-of-control/

The only thing I would add to this post is it is advisable to split up the workload into multiple batch jobs if there are A LOT of rows that will need to be truncated.  To fully reclaim the disk space, I ran DBBC SHRINKDATABASE on my sync database.  Here’s what my script ends up like –> SharePointSyncDB_maintenance

  • Also, your tempdb may grow while you are deleting all the records from the InstanceData table.  You’ll likely be using more disk space than before you started.  If you restart SQL Server it will clear out your tempdb.  Running the shrinkdatabase command will take care of the Sync DB size

Fun with RBLs / DNSBLs

Posted: 23rd December 2011 by Seth Killey in Nerdy Stuff

In the past I’ve filtered inbound e-mail using a commercial on-premise software program, and later I used Postini for filtering before it reached my firewall.  However, I’ve realized that doing so is for suckers because it really is pretty easy to block SPAM nowadays.  Of course, if you host your e-mail with a cloud provider this may not be an option, but for those of us still running Exchange in-house here are some notes on my implementation.

First off, my firewall subscription includes an anti-malware scanner for e-mail so that’s a simple check box.  What really takes some research is deciding on which RBLs to use.  Prior to using the firewall as an MTA, I filtered mail using a Linux solution involving Postfix, Amavis-new, ClamAV and SpamAssassin.  This worked remarkably well, but I never felt comfortable with all the moving parts.  However, I did use the logic built into SpamAssassin to decide trustworthy RBLs.

If you go to http://wiki.apache.org/spamassassin/DnsBlocklists you can see a list of RBLs or DNSBLs used by SpamAssassin.  Of those listed, I use the following:

  • Spamhaus – specifically zen.spamhaus.org which I have found to be the best in terms of identifying SPAM without the false positives.  If you stop with this service alone you’ll be in pretty good shape.
  • SPAMCOP- bl.spamcop.net
  • SORBS – safe.dnsbl.sorbs.net (update: I have since removed this listing due to false positives)

A couple more useful tools when deciding on an RBL:

  • Curious about which RBLs get the best results?  Check this website
  • Worried your IP may be getting blocked by an RBL?  Check this website

Overlay public folders in Outlook 2007

Posted: 4th November 2011 by Seth Killey in Nerdy Stuff

One feature I really like with Google calendar is the ability to easily overlay multiple calendars into one master calendar.  You can do the same thing in Outlook 2007 but it isn’t as intuitive, especially if you wish to do this with public calendars.  Here’s some steps to overlay multiple calendars, including public calendars.

  • Navigate to the public folder(s) you wish to overlay.  Right-click and select Add to Favorites…

  • Now that you have added your public calendar as a favorite, you can check the check box to add it to your calendar view.  Navigate to the calendar tab and check the check box for the calendar you just added as a favorite, click on the arrow to View in Overlay Mode

  • You should end up with something like this, where the calendars are merged into one


Restore file permissions on VHD file after move

Posted: 26th September 2011 by Seth Killey in Virtualization

A bit of a scary moment for me the other day.  I changed the virtual hard disk path on one of my virtual machines from the disk GUID to the appropriate CSV path in preparation for Hyper-V live migration.  After changing the path, the Virtual Machine SID permissions were stripped and therefore Hyper-V couldn’t take control of the file as necessary.  In order to restore the file permissions I ran the following:

icacls “<path to VHD>.vhd” /grant “NT VIRTUAL MACHINE\<virtual machine SID>”:F

If you don’t know the virtual machine SID, navigate to the folder storing your virtual machine files and click on the Virtual Machines subfolder.  Inside this folder is an XML document named the same as the SID