Internet Explorer has stopped working after closing tab or window and how to open IE maximized

Recently, I worked on the following two problems on a Vista machine with a recently updated Internet Explorer browser (from 8 to 9) that had two problems. One, when closing a tab or the Internet Explorer 9 window I would get the following popup message: Internet Explorer has stopped working. That wasn't an intermittent problem. It happened every single time a tab or the window closed. I couldn't blame the user for being annoyed by this. The other problem was when he clicked on the IE shortcut in the taskbar or on the desktop, IE would open in a tiny rectangle box instead of opening maximized.

First, how to fix the "internet explorer has stopped working" error.

Open Internet Explorer. Then click on the gear icon in the top right window to make the Tools menu appear. Then click on internet options to bring up the internet options menu. Click on the advanced tab and check the box under "accelerated graphics" called "use software rendering…" Make sure that is checked then click OK and reboot. After the reboot Internet Explorer worked correctly.

While the above solution worked for my situation, it doesn't fix every situation. You may have an IE startup process that is causing the problem too. In the past I've used autoruns, a handy tool, to find those nasty processes in IE startup and delete them, fixing not only the error after closing IE but also improving overall IE performance. Installing toolbars, addons, etc. often cripples your web browser's performance and can cause weird problems like the error message we focused on in this post. 

Now about the "maximize when opened" solution. There are different solutions for this problem. What worked for this situation I'll offer then I'll follow that with some other possible solutions. Open Internet Explorer and size the window to your liking. Then hold down the ctrl key while clicking the red “x” to close the program. This will set the IE window to open at this setting every time. To makes sure other links and such open the same way dick on the gear icon like you did earlier, click internet options,click "tabs", then select "always open pop-ups in a new tab." Click OK once then one more time in the previous window. I will also say this worked on a Vista machine. I don't know if that makes a difference or not. I do know this next method worked on Windows 7 machines but didn't work on this Vista machine. It's very simple. Open Internet Explorer then click and drag the window to the top of the monitor. It will be maximized. Close it then reopen it and the window should open maximized. That solution worked on a few Windows 7 machines in the past.

There's one more I'll detail below. Go the the desktop and right click on the desktop, click new, then shortcut. Create a short cut to "Program Files/Internet Explorer/iexplore.exe" Right click on the short cut and then select Properties. Click on the tab "Shortcut" and then change the value in the run command to "maximized". Click apply then OK. Now Internet Explorer will open in the maximized state when you click on any short cut to iexplore.exe.

So there you have it! If you have any questions comment below.

How to restore Windows 7 default "desktop" folder

Here is a quick tip on fixing the path for your desktop folder when the easy method of right-click > Properties > Location doesn't work.

Go into the Registry Editor (Start > search > regedit). When Registry Editor opens go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

Over on the right you should see "Desktop." Double-click the "Desktop" entry. A window will open displaying the value "Desktop" and "Value Data" (the path to the desktop folder). Now, if you want to put in the correct path (C:\Users\Username\Desktop) for your desktop folder or your desired path this is where you would input it then log out and log back in for the setting to take effect.

Keep IT simple - Use RDWeb instead of Site-to-Site VPN

So you have a couple of users moving from the main office to a new office (say they're moving to the public works garage) that is located miles away from the main office. These users need to still be able to use the business application but don't need anything else from the business network and security isn't a high concern. At the remote office the two users will need basic internet, ability to print, and have access to the business application; nothing else is needed. What do you do? Do you buy an expensive firewall to build a site-to-site vpn connection to the main office? Or, since you already have RDWeb implemented for remote use of applications, do you use RDWeb? The cheapest and most efficient solution would be to go with RDWeb. If you're not familiar with RDWeb, I suggest you do some reading on it, but for now know that RDWeb is a feature of Windows Server that builds a portal to essential applications and remote desktop access your employees need either remotely or locally.

Why do I say use RDWeb instead of the VPN connection? Well because RDWeb is simpler. What you can do is give the two users computers with encrypted hard drives, a solid anti-malware solution (I suggest malwarebytes PRO along with Microsoft Security Essentials\Defender and then have OpenDNS at the border), and decent internet bandwidth to give them a great working environment. RDWeb will provide access (securely) to the work application(s) and they can use it almost 99% the way they used it before at the main office. For situations like this, RDWeb trumps the other method of site-to-site VPN because it requires less setup, equipment, and time.

I know for other situations where high-security is a primary concern, file shares are needed, printers are manged from the main network, etc. RDWeb may not be the ideal choice but for a situation like the one described above where the two users just need access to the business application(s) then RDWeb is the clear winner I think. It was the winner at work. The situation described above is a real-world scenario. My work will have a new public works garage and two of our users will be leaving the main office to work out at the new garage. We already have RDWeb in place for remote users so the two users will access the business application through our portal.

One of the things to keep in my mind with any project, especially IT projects, is to keep the solution simple.

Don't be scared of virtualization

Occasionally I talk with an IT guy who is scared to death of virtualization. Why the fear? Well the typical answer I get is that "it's complicated" or "expensive" or "I have no experience with it; going forward with it would be risky." If you're a virtualization tech of any stripe you'll know these worries can be easily erased. My own work experience with Hyper-V is a great answer to these techs who are scared (no offense) of virtualization. Why do I say don't be scared? I say don't be scared of virtualization because 1) you have no reason to be and 2) virtualization is super helpful for the most ordinary of IT projects.

At work we needed to implement Server 2008 R2's RDWeb services to enable our work application to be available to users who are away from our main office and for users who needed to access the application when they're sick, on vacation, etc. When the concern was approached to me, I immediately thought of R2's RDWeb services and pitched the idea to a group of people who were not interested in buying a new server. They assumed to use the RDWeb service we would need to purchase new hardware and that just wasn't going to happen (I work for local government and money is tight!). I told them they didn't have to worry about purchasing new hardware because of Hyper-V! We were limited to the 2008 version of Hyper-V, so we aren't able to use features like dynamic memory and bandwidth management but the point I made to them and want to make here is that even 2008's Hyper-V can make the simplest of IT projects, e.g. rolling out RDWeb, even simpler and much, much cheaper than going with new hardware. The only purchase made was five Remote Desktop Services CALs! The rest of the project requirements were already owned by us which was awesome. If we didn't go the virtualization route we would have made a lot of purchases in hardware. So I added the Hyper-V role to an existing Windows Server 2008 machine, configured the RDWeb virtual machine, installed a copy of Windows Server 2008 R2 on the VM, installed and configured RDWeb on the virtual machine, made the necessary configurations in our Sonicwall TZ210 and then we were all set. Virtualization made that project so much easier than the alternative which is to buy new hardware, make room for that hardware, oh and convince the treasurer and company to make those purchases. For us, the project only cost us a couple of hundred dollars and RDWeb has helped us out a lot. Virtualizaton was the obvious route to take.

Don't be scared of virtualization! Implementing Hyper-V, Citrix, or VMWare doesn't mean you have to setup live migrations, virtual storage, virtual networks, VDI, or whatever else is intimidating to you; all it can mean is that you're going to use a virtual machine instead of a physical machine for your project. Try it out, even if it's in a lab at first. You can download trial copies of Server 2012 and Windows 8 to tinker around with virtualization if you haven't yet. Keith Mayer has awesome lab exercises for you to try and I know from personal experience that his lab exercises are awesome because I've used them multiple times! Again, don't be scared of virtualization because the benefits and range of uses are too great for you to not use because you're a little intimidated. 

Just an Update

Hey all. This post isn't a troubleshooting, from-the-trenches post, it is just an update post due to the sad fact I haven't posted anything in more than a month. What am I doing? Well I'm still studying in my time from work for the MCSA: Server 2012 certification. I'm actually studying for all three exams before I take an exam; a studying tip from Ed Liberrman of Trainsignal. At first I wasn't sure about that method but now I completely understand his advocating that method. Studying for all three exams before taking the exams will give you a full understanding of Server 2012, which is what Ed suggested and I know this to be true now that I'm applying his method to my study time. Having studied Active Directory at the 70-411 and 70-412 levels has helped me to understand Active Directory better at level 70-410! It's just a great study method I think.

Study Tools
I'm using the Server 2012 certification book from Sybex that is authored by William Panek (an excellent tech writer) for all three exams. I have and am also using the Exam-ref book for 70-410 from Microsoft Press and the 70-410 Training Guide from Microsoft Press by Mitch Tulloch (another excellent tech writer). An additional and amazing study tool I'm using is TrainSignal. I can't recommend their videos and practice exams enough. Their practice exam for the 70-410 exam let me know quickly that I wasn't ready to take that exam. Ed Libberman is a great teacher too. His personality is engaging and you can just tell he knows what he is talking about. What about the books? The questions at the end of each chapter in the Sybex book are great questions in that they are scenario based and make you actually think instead of just matching the correct definition with the term. Also in each chapter are exercises which is always nice. The Exam-Ref book is a good book for giving you information for exactly what Microsoft requires you to know on the 70-410 exam. The author doesn't go any further than that and he doesn't exactly go in the deep end either so I can't say that book alone will prepare you for the 70-410 exam. There are practice exercises peppered throughout each chapter which, again, is nice. The 'Training Guide' form Tulloch is a very nice tool. He goes deeper on the exam objectives and his practice exercises are fun, challenging and helpful. This guide is a nice companion to the Exam-Ref book.

Is this study method and are these tools a great approach to earning the MCSA? Well I guess I'll see when I go in and take the 70-410 exam. I can't see how my current study method with all the tools I'm using is setting me up for failure. If I fail it will be because of me.

For work, I'm currently doing the day-in and day-out stuff. I'm not doing anything special but my current job is what it is: entry-level. Hopefully after earning the MCSA, along with my continued experience will land me an exciting System Administrator job elsewhere.

Subscribe to the blog! Tell people about it.

Exchange 2010 451.4.4.0 Queue Problem

Sometimes weird stuff happens with technology. There's no philosophical inquiry needed because, in my experience, technology problems often don't have an answer as to *why* the problem happened; it just happened. Yeah, there are some reasons we can give to why it happened, sometimes, but like with this problem I'm about to describe, I can't give a reason why it happened. All I know is that it happened and I had to fix it.

A couple of the employees told me they weren't receiving emails from our employee self service application. Employees use this to view paystubs, events, and such so it is important that this application is working correctly. Employees register with whatever email address they want to use: professional or personal, we don't care.

When I dove into Exchange 2010, I noticed by looking at the logs and the queue viewer that the only domain generating an error was our professional domain. Google, Live, and yahoo domains were receiving email from our server, but not our domain. The error generated in the queue viewer was 451.4.4.0 DNS Query Failed. This was odd because I leave this server alone. The only changes made to the server are security updates. That's it. Regardless, this problem happened and I had to fix it.

How did I fix it? Well, obviously it was a DNS issue. I could tell by the error message. :p



So I checked out the external DNS lookups tab in the HUB transport server object properties. I had the top option "use network card dns settings" selected and that is how it has been running for over a year now. Anyway, since a problem had occurred I decided to select the other option "use these DNS servers" and put in the IPs of the servers we forward to. I then configured the SMTP send connector properties under the network tab (located by selecting hub transport under org. configuration) and checked the box "use the external DNS lookup settings on the transport server." Doing this cleared the queue and employees using their professional email addresses received (are are receiving) their email from "employee self service." Yeah, this is working, but I'm not sure why the problem occurred. I'm glad I was able to fix it in a timely manner. Obviously there was a problem with the DNS properties of the network card for the exchange server because changing the option to external lookups and using the DNS forwarders fixed the problem. I'll have to investigate further and will write here again if and when I figure that out.

Anyway, I hope this helps one of you having this strange problem.

How to delete Exchange 2010 mailbox without removing user object

This is a question that pops up occasionally. If you want to remove a user mailbox, but keep the user account active because he will still be connecting to the network how do you do it? Right-clicking the user mailbox in Exchange 2010 displays options like 'remove' and 'disable.' Clearly I don't want to disable the mailbox because that will just disable the user mailbox instead of removing it right? Wrong. Disable is actually what you want to click to remove the mailbox while keeping the user account in Active Directory. Yes, the mailbox will be disabled for a while and not removed, but after a period of time (depending on your Exchange setup) the mailbox will be removed (deleted) from storage.

Yes, it's strange but clicking disable will remove exchange properties from the user account then the disconnected mailbox will be setup for deletion. Doesn't it seem like 'remove' should do this?

SyncBack Free Review

I just finished testing 2BrightSparks SyncBack Free. I'm very satisfied with this free backup solution. I'm so satisfied that I'm going to stop using the previous solution I used for simple backups.

SyncBack Free isn't intending to be an enterprise level backup solution so don't expect features like that in this free solution (though their paid pro version does that stuff). What it does do though it does very well. For my environment, I wanted to backup my documents and outlook content to a shared storage location. In my past experience this has either been very easy and thus neglecting some extra features or very complicated and thus keeping me from wanting to use the product. Syncback Free takes an approach that I like a lot by having two modes: easy mode and expert mode. In easy mode and expert modes you first name your backup profile, e.g., outlook profile.  Then, you decide what this profile is going to be: backup, synchronize, or mirror (these choices are explained by hovering your mouse over the "?" next to each choice). After naming and choosing the purpose for your profile you automatically are in easy mode. In this mode you can setup your source and destination folders (local, external, or network paths to choose), setup a schedule, and choose what you want to happen if SyncBack Free encounters a duplicate file during a backup, e.g., do you want to copy and replace, do nothing, prompt, etc. If you're done then you can do a simulation run to test the backup. You can choose expert mode from the left menu bar before going through with the simulation run.

In expert mode, you obviously have more options to design your backup profile. This is the part of Syncback Free I really like. Expert mode has options like compression, encryption, FTP, Programs-before and more. One to thing to point out: by default, Syncback Free backups your data to the destination as is. What do I mean? I mean that if you go to your destination drive to view your backup you'll see all your data just the way it looks in your source drive, i.e., the backup isn't zipped into a single folder  or encrypted. Anyone with access to that destination drive will be able to access your data without any problem. This is important to point out and the only flaw, I've found, with SyncBack Free. It's basically a copy and paste by default. Expert mode allows you to change this. In the compression section you can check the box to compress the files on the destination into a zip file, then check the box below it to put all the files into a single zip file and if you want you can choose the level of compression. Doing this will make the size of your backup smaller and make the backup a single zipped folder. You can also encrypt your compressed backup which is nice.

So that is my review of SyncBack Free. It's my impression that this solution is for personal use and for very small businesses who can't afford to pay for a solution that is more robust than this free solution. The Pro version is 54.95, but it has a lot of features that make the product worth the price.

If you're looking for a backup solution for your home or small office then checkout SyncBack Free.

Disk Management refresher

In Windows Server 2012, disk management is arguably defeated by server manager, powershell, and storage spaces. However, not every business (small, medium, or large) is going to make a quick move to Server 2012. What that means is that the IT pro needs to know the basics.

I found this great post at TechNet on implementing disk management. In it the reader will learn disk terms and how to use disk management for creating and managing basic and dynamic disks, software RAID, enabling quotas, and enabling encryption.

Enjoy!

Implementing Disk Management

Fun with Windows update errors 80246007 and 80070002

*yes it has been a while since I've blogged. I've been very busy with life and studying for MCSA 70410*

 At work recently, I've had trouble with a Windows 7 pro 64 bit machine dedicated to running our remote check scanner device and software. The machine has never given me trouble until today. I was doing my morning "thang" checking out security stuff on our network. I discovered that the remotescanner machine had failed update install errors. I RDP into the machine to get a closer look. The specific errors surrounded in large, scary, red-ness were: 80246007 and 80070002. The machine hasn't been installing the latest updates for the past few days.

Looking into the errors I found that there was a 'fix-it' option. I took that option because, hey, usually that is the efficient way to take. Guess what? Fix-it didn't fix it! That's unusual for my 'fix-it experience. I even ran fix-it again only to find that it still didn't work. Tackling the errors myself I was able to solve the problem following *some* of the steps. At first, I restarted the BITS service, restarted the machine, checked for updates, downloaded the updates and then the updates actually installed. Upon reboot and logging into Windows, I was told by Update that more updates needed to be installed so I ran the install and all the updated installed successfully (yes, the updates that failed these past few days). I checked for more but there weren't any to download. So, the machine is now nice, green, and updated.

I'm confused though. Restarting the BITS is the solution for 80246007, not for 80070002. Why are Windows Updates now installing instead of failing? Whatever the answer, I'm glad the machine is working properly now, but I do wonder why two errors were the culprit for failed updates only to be fixed by the solution for one of the errors?

Road to MCSA: Week 3

Dude, week 3 has been a major letdown. I planned on knocking out objectives 4 and 5 in one week just like I did with objectives 2 and 3 last week. Week 3 has hit me hard because I've been incredibly busy with my full-time job and my job outside my professional life. So, I've only managed to barely get through objective 4 studying Zacker's book. I still have videos from TrainSignal to watch. My plan is to watch those this weekend.

Highlights of objective 4:
* New DHCP failover options: load-balancing and hot-standby. Very cool.
* Subnetting: always interesting.
* IPv6: another one of those always interesting topics.
* DNSSEC

Road to MCSA: Week 2

Week 2 was a huge success. I was able to get through objectives 2 and 3 in that week without speed reading or skipping "stuff I know." I read carefully the chapters in Zacker's book and watched the videos offered from Trainsignal. I also did the exam exercises. Guess what? I also learned "stuff." It was a good week.

Things I especially liked from the week:
* ReFS
* High availability printing
* Hyper-V, i.e., all of it: virtual storage, scalability, virtual networks, etc.
* Remote management via server manager
* of course, doing all of the above in powershell!

Road to MCSA: Week 1

Well, week 1 isn't over because I'm studying tomorrow also, but I wanted to go ahead and blog my progress.

Week 1
Read and completed the exercises in chapter 1 of Training Guide to Server 2012 by Tulloch
Read and completed exercises for Objective 1 in Zacker's Server 2012 Exam-Ref book.
Watched two videos on the 70-410 exam from Trainsignal (highly recommend).
Read Technet wiki for Objectives 1.1 and 1.2

So far so great. I'm doing both the powershell and GUI routes for the exercises because from what I understand, so far, that is the goal of Server 2012: powershell administration. It's honestly not too bad. I'm not a scripting guy, but I hope to be after earning this MCSA.

Week 1 is a success I think. I've learned a lot just from this chapter: installing and deploying Server 2012.

A Server 2012 Core Survival Guide - Fun!

Runas Radio has a very cool podcast on DHCP high availability in server 2012. The tech in the podcast interviewed has a blog and he is currently doing a series of posts on what he called, "A Server 2012 Core Survival Guide." It's an interesting series so far because of the scenario for the series.

You are a server administrator with a Windows Server 2012 deployed with only the core interface. You cannot Remote Desktop, Remote PowerShell, or ping the box. You still have access to the console by walking up to it.

So each post has that scenario in mind. Check it out.

Bruce Adamczak PFE Blog 2012 Core Survival Guide

On the road to MCSA Server 2012

Well, it's here. I'm out of excuses. I need to earn a Microsoft certification. What better route than the MCSA server 2012 certification? I think it's a good route to take, especially since Server 2012 is so awesome. I'm going to blog about my progress. So, if you care, keep up with it. It might help you out. Please comment, follow, and if you're on the road to the mcsa too then share it here with me.

My resources
Server 2012 training guide by Mitch Tulloch
Exam Ref 70-410: Installing and Configuring Server 2012 by Craig Zacker
The 90 days to MCSA from Microsoft: Videos, forums, wikis for training
Home lab :)

Windows 8 wifi problem with specific WAPs

This problem isn't cool. It's not cool at all. Even if this problem was stated to be cool by the Fonz himself this problem wouldn't be cool. What is the problem? Windows 8 wifi drivers and certain wireless access points. Let's get into it.

I love Windows 8. I do. Heck, I'm a shill for Microsoft Windows 8. Do I love the start screen? Yes I do. Do I love the graphical design? Yes I do. Do I love the how "things just work" in Windows 8? Yes I do. It's true. It's true. Is Windows 8 perfect? No it's not. It is getting there though. That's another blog post for another time though. What I've encountered thus far in my Windows 8 love and experience is a problem with Windows 8 wifi drivers working with access points. At my house, my Lenovo Windows 8 ultrabook works excellent with my wireless network. I have a Netgear wireless router and my Win 8 ultrabook "just works" with it. No problem at all. Now, at work, we have BYOD so I take my ultrabook to work with me; it will not "just work" with the access point. I have a coworker who also loves Windows 8. Guess what? Her HP tablet pc will not "just work" with the access point either. Those are the only two Windows 8 devices currently at work so that is the extent of my first-hand experience with the problem, but if you "bing" or "google" something along the lines of my problem there are many other people having the same issue.

Specifics
The Windows 8 laptops will only get a limited connection to the wireless network. Running the troubleshooter will "fix" the problem for about 3 minutes then the device is back to limited. The troubleshooter says "Not a valid IP configuration: fixed" and "no default gateway: fixed." Then you have full connection for 0 to 3 minutes before it goes back to limited. Bizarre (to me anyway). Right off I thought it would be a driver issue. I updated the drivers to the latest and greatest for the Intel Centrino Wireless-N 2230. Didn't work. I uninstalled the Windows 8 driver then installed the Windows 7 driver for the device. That didn't work either (so I went back to the Windows 8 driver). I made sure the power management was correct, i.e., the laptop couldn't turn off the adapter to save on power. That didn't work either.

* at this point I think I should mention that, yes, all other laptops and wireless devices connected and functioned perfectly on the wireless network*

What could be causing the intermittent issue? Especially since it's only Windows 8? I'm not sure why I went here, but I went into the settings for the WAP. Perhaps the firmware for this Netgear model didn't want to play nicely with Windows 8? It's possible given the age (a few years old). I updated the firmware on the device. That didn't fix the issue. My frustration was quite high to say the least. So, I scoured the tech forums. Oddly enough, I did find something I hadn't tried that someone had tried which was changing the channel/frequency setting in the WAP from auto to, in his case, channel 6. That worked for him. I gave it a shot. Guess what? It worked for nearly an hour then the ultrabook just disconnected. It didn't even go to limited. It just disconnected. I changed to other channels only to find the same disappointment.

Stupid things I tried that obviously didn't fix the issue:
Turning off the firewall
Disabling other network adapters besides the Intel Centrino
Resetting WinSock

*****UPDATE*****
I had a motorola WAP on the hardware shelf. I added it and configured it to the network and, to no surprise, the Win 8 laptops connected quick, working just like they're supposed to. What I've concluded from this problem is the Win 8 wifi drivers just aren't playing nice with all WAPs. I wonder why?


Thoughts? Anyone?

Windows 7 SP1 not offered in Windows Update? Dude what's up with that?

 

Dude, what's up with that? Is that correct response. You're mad at Microsoft. "Everyone else is getting it! Why am I not?" You fold your arms, pooch out your bottom lip and give Microsoft the most evil stare of all time. Of all time!

Maybe it's not Microsoft. Maybe. I encountered this problem on a machine this week. I was doing my, ahem, weekly (okay maybe monthly...er...) checks on the machines in the network. I noticed one didn't have Windows 7 Pro SP1.

What?

That was released a loooong time back. For the shop the machine is in, I have automatic Windows Updates set. I noticed the other handful of machines were all up to date and yes, this machine was still "up to date," but not SP1 "up to date." What to do? Scouring Microsoft support I found an article with some helpful information. This article gives six methods on how to receive the SP1 update if it's not offered in Windows Update.

Method 1: Confirm that Windows 7 SP1 is not already installed and that you are not running a prerelease version of Windows 7 SP1

Method 2: Check for pending updates

Method 3: Verify that an incompatible version of SafeCentral is not installed on your computer

Method 4: Check whether you have Intel integrated graphics driver Igdkmd32.sys or Igdkmd64.sys and whether you upgraded the driver

Method 5: Make sure that you did not use vLite to customize your Windows 7 installation

Method 6: Download the Windows 7 SP1 from Microsoft Download Center

Method 4 worked for me. The machine had the integrated graphics driver and the update for that driver was in the "optional updates" section of Windows Update so it wasn't installed automatically. 



After running the driver update for the integrated graphics and a reboot, the SP1 update was offered as an update. That's fresh if you ask me.

Now, you might say, "That's nice, but I don't have Intel GMA or anything else recommended to check in the methods. What now?" Still, the driver might be installed and disabled which is why it's not showing in DxDiag. It might be that at one time you used the onboard graphics which means the Intel driver was installed on the machine but you disabled it because you added a graphics card. The driver is still installed, if that is the case, and Windows is seeing that driver thus not offering you the SP1 update.

Go into your BIOS and enable the onboard graphics again.
Reboot.
Check for updates in Windows update.
The Intel driver will most likely show up.
Install the update.
Reboot.
Search for Windows updates.
SP1 should be offered now.
Install it and the many other updates offered after reboot.
Rejoice.

A reveiw of training guide: configuring windows 8

 

Are you an IT rookie or Pro looking to get a firm understanding of how to implement Windows 8 in the enterprise? Or are you a geek who just wants to know how Windows 8 works? If you're in any of the two mentioned groups you will get a firm understanding of Windows 8 due to the excellent writing, questions, and lab exercises in Training Guide: Configuring Windows 8. How does this book differ from other books on Windows 8? I think it differs in the  writing style and the structure of the book. I have read other books on Windows 8 that are focused on tips and tricks; focused on the expert IT pro; and one that covered every "bit" of Windows 8. Yes, those other books have their purpose and that's fine, but this book is aimed at "teaching" the reader Windows 8 from the "surface" level to the advanced level without going off on unnecessary tips and theory.

The authors clearly know their subject, but they don't beat you down with it. Also, the authors offer real-world examples and tell the reader what is necessary for learning Windows 8. I really like that. When I read a training guide, I only want to know how the hardware/software functions and how to make it work for my environment. When I want to read the theory of the technology I go to a different kind of book. I like that this book at the beginning of each lesson tells the reader what he or she should know by that point, what is required for the lesson suggestions and labs, and that at the end of each lesson is a lesson summary. Throughout each lesson there are real-world examples and quick hits of information related to the topic of the lesson.

Are there any cons to this book? I gave an honest consideration to this and I did think of a con. I think there could have been more questions at the end of each lesson. Each lesson ended with 2 to 5 questions. While there could have been more, I don't think this does any damage to the book. The amount of questions asked still help the reader to reflect on the lesson learned so it's not a con that takes away a rating star.

While this book lets you know in the beginning it's not intended as a sole source for the Windows 8 exam, it does cover some of the required topics for the Window 8 exam so this is a great addition to your study tools for the exam. I think the lab exercises will help you as well.

Anyway, rambling aside, grab this book to learn about Windows 8. In my mind it's currently the best book available to train you on how to use Windows 8. Hey, I bet you'll even have fun doing it.

Customize an RDP file for a Specific RDWeb user

Do you have some rdweb users who would like to rdp to their desktop from the rdweb portal, but are uncomfortable with the method used in the rdweb portal? It's kind of a long process to login to rdweb, mouse over to 'remote desktop' then plug in the desktop information, etc. What if the user had an rdp file that looked and acted like an app in the remoteapps list? That would be great you say? Then let's do it.

*There might be an easier way than this and if there is please let me know about it*

First, launch remote desktop connection.
Input the user specific information in the fields.

Second, save it as an rdp file.

Third, (only do this if your user's desktop has dual-monitors) open the rdp file in notepad to add some information.
If you user's desktop has dual monitors and the system is Windows 7 ultimate or enterprise then add the following to the end of the rdp file that is opened in notepad: use multimon:i:1

If the users' desktop has dual monitors and running pre-Windows 7 ultimate or enterprise (e.g., windows 7 pro or Windows Vista) then add the following to the end of the rdp file: span monitors:i:1

What is the difference between span and multimon?

From MSDN blog

"Span mode, introduced in Vista, allows the remote desktop to span across all monitors on the client as long as the monitors are arranged to form a rectangle. The remote session created when using span mode is still a single-monitor session. With multimon support, each monitor on the client machine is viewed as a distinct monitor in the remote session. Due to this fundamental difference, span mode has some restrictions that true multimon does not:
1. The primary monitor must be leftmost.
2. The set of monitors must form a rectangle (i.e. identical vertical resolution, and lined up in exact straight line).
3. The total of the resolutions must be below 4096x2048 (ex. 1600x1200+1600x1200 = 3200x1200)."

Multimon "...for Remote Desktop Services allows users to open a Remote Desktop connection expanded across all the monitors on the client computer regardless of the client monitor configuration. With this feature, the user can fully utilize all the monitors connected to the client computer for the Remote Desktop connection thereby providing extra desktop space and an almost seamless experience with the client desktop that is much improved over “Span mode”. "

Fourth, add the rdp file to the remoteapp programs list in your rdweb server.
Go to "remoteapp manger."
Click "add remoteapp programs."
Next.
Browse.
Make sure "all files (*.*)" is selected in the dropdown box. After you've found your custom rdp file select Open.
Next and finish.

Fifth, customize view permissions for the rdp file.
Under remoteapp programs in remoteapp manger, right click the rdp file then select properties. Select user assignment then select "specified domain users and domain groups." Click add. Since this is a specific user rdp file select the appropriate user profile for the rdp file.
OK it.
Then OK in remoteapp properties.

Now, say all of this was for Jane Austen. She will login to the RDWeb portal, see the file you've added to remoteapp programs for her profile, run it then have access to her work desktop. This is much easier compared to the default route.

Make file explorer available in RDWeb

I thought this was pretty cool. This may not be anything new for RDWeb pros, but I discovered this possibility the other day and thought, "Why not share this on my blog?"

First things first: I haven't found a way to make the file explorer match the logged in user's profile, e.g. if jausten logs in to RDWeb, runs file explorer then she will see all of the available folders instead of only seeing her own documents folder. Why? Because this file explorer is the file explorer on the RDWeb server instead of the file explorer that is in jausten's ad profile. Make sense?

Login to your RDWeb server.
Launch remoteapp manager. 
Click add remoteapp program. 
In the "choose programs to add to the..." window, click browse 
In the "choose a program" explorer window browser to c:\windows then choose explorer.exe
Next
Finish 

File explorer is now a part of the remoteapp programs on your RDWeb site. Cool. Just remember to tell your users not to treat the file explorer as their work drive for their own documents. Then why add the file explorer to the remoteapps list? Example: if your rdweb users are on a team then they can share their project files there.There are other examples I'm sure.

Please let me know if you are going to or have done anything with file explorer in rdweb beyond what I have done in this blog post. I would like to hear about it.

Are 3G and 4G USB modems a security threat?

According to researchers Nikita Tarakanov and Oleg Kupree they are.

From Network World:

"For one, it's easy to make an image of the USB modem's file system, modify it and write it on the modem again. There's a tool available from Huawei to do modem backup and restore, but there are also free tools that support modems from other manufacturers, Tarakanov said.

Malware running on the computer could detect the model and version of the active 3G modem and could write an image with malicious customizations to it using such tools. That modem would then compromise any computer it's used on.

The modem contains the installer for an application that gets installed on the computer, as well as the necessary drivers for different OSes. The application allows the user to stop, start and manage the Internet connection established through the modem.

The configuration files for the installed application, as well as those of the application installer stored on the modem, are in plain text and can be easily modified. One setting in the configuration files defines what DNS servers the modem should use for the Internet connection.

An attacker could change those entries to servers controlled by the attacker, Tarakanov said. This would give the attacker the ability to direct users to rogue websites when they're trying to visit legitimate ones using the modem connection.

While the application installer itself cannot be directly modified to load malware because it's a signed executable, there are some entries in its configuration file that can be used for this purpose.
For example, many configuration files had paths to antivirus installers and an option of whether to install those programs or not, Tarakanov said. The researcher said that he never found an antivirus installer shipped with the USB modems he tested, but the feature was there.

An attacker could create a custom image with a modified configuration file that enables this feature and installs a malicious file stored on the modem instead of an antivirus program. If the image is written on a USB modem, every time the user would install the modem application, the malware would also be installed, Tarakanov said.

The researchers also found a possible mass attack vector. Once installed on a computer, the modem application -- at least the one from Huawei -- checks periodically for updates from a single server, Tarakanov said. Software branded for a specific operator searchers for updates in a server directory specific to that operator.

An attacker who manages to compromise this update server, can launch mass attacks against users from many operators, Tarakanov said. Huawei 3G modems from several different Russian operators used the same server, but there might be other update servers for other countries, he said.

Tarakanov said that he didn't look for vulnerabilities in the actual modem drivers installed in the OS, but he expects them to have vulnerabilities. The vast majority of third-party drivers in general have vulnerabilities, he said.

Tarakanov specializes in exploit writing and finding vulnerabilities in the Windows kernel mode drivers. However, Oleg Kupreev was the leader for this particular research project concerning 3G/4G modems.
Research in this area is just at the beginning and there's more to investigate, Tarakanov said. Someone has to do it because many new laptops come with 3G/4G modems directly built in and people should know if they're a security threat"

Let's hope new models will be safe because I use a 3G usb modem on occasion.

Source: Network World

Hyper-V 3.0 Best Practices Checklist

The Ask PFE Platforms blog has an excellent post on Windows Server 2012 Hyper-V best practices and it's actually in-depth. I'm only sharing the "general" section for the host not the vms because there are many things to checkoff your roll-out list before you even get to the "deep" things of rolling out a Hyper-V environment.

Excerpt from the blog post:
GENERAL (HOST):
⎕ Use Server Core, if possible, to reduce OS overhead, reduce potential attack surface, and to minimize reboots (due to fewer software updates).

• For more information: http://msdn.microsoft.com/en-us/library/windows/desktop/hh846313(v=vs.85).aspx

⎕ Ensure hosts are up-to-date with recommended Microsoft updates, to ensure critical patches and updates – addressing security concerns or fixes to the core OS – are applied.
⎕ Ensure all applicable Hyper-V hotfixes and Cluster hotfixes (if applicable) have been applied. Review the following sites and compare it to your environment, since not all hotfixes will be applicable:

· Update List for Windows Server 2012 Hyper-V: http://social.technet.microsoft.com/wiki/contents/articles/15576.hyper-v-update-list-for-windows-server-2012.aspx

· List of Failover Cluster Hotfixes: http://social.technet.microsoft.com/wiki/contents/articles/15577.list-of-failover-cluster-hotfixes-for-windows-server-2012.aspx

⎕ Ensure hosts have the latest BIOS version, as well as other hardware devices (such as Synthetic Fibre Channel, NIC’s, etc.), to address any known issues/supportability
⎕ Host should be domain joined, unless security standards dictate otherwise. Doing so makes it possible to centralize the management of policies for identity, security, and auditing. Additionally, hosts must be domain joined before you can create a Hyper-V High-Availability Cluster.

· For more information: http://technet.microsoft.com/en-us/library/ee941123(v=WS.10).aspx

⎕ RDP Printer Mapping should be disabled on hosts, to remove any chance of a printer driver causing instability issues on the host machine.

• Preferred method: Use Group Policy with host servers in their own separate OU
• Computer Configuration –> Policies –> Administrative Templates –> Windows Components –> Remote Desktop Services –> Remote Desktop Session Host –> Printer Redirection –> Do not allow client printer redirection –> Set to "Enabled

⎕ Do not install any other Roles on a host besides the Hyper-V role and the Remote Desktop Services roles (if VDI will be used on the host).

• When the Hyper-V role is installed, the host OS becomes the "Parent Partition" (a quasi-virtual machine), and the Hypervisor partition is placed between the parent partition and the hardware. As a result, it is not recommended to install additional (non-Hyper-V and/or VDI related) roles.

⎕ The only Features that should be installed on the host are: Failover Cluster Manager (if host will become part of a cluster), Multipath I/O (if host will be connecting to an iSCSI SAN, Spaces and/or Fibre Channel), or Remote Desktop Services if VDI is being used. (See explanation above for reasons why installing additional features is not recommended.)
⎕ Anti-virus software should exclude Hyper-V specific files using the Hyper-V: Antivirus Exclusions for Hyper-V Hosts article, namely:

• All folders containing VHD, VHDX, AVHD, VSV and ISO files
• Default virtual machine configuration directory, if used (C:\ProgramData\Microsoft\Windows\Hyper-V)
• Default snapshot files directory, if used (%systemdrive%\ProgramData\Microsoft\Windows\Hyper-V\Snapshots)
• Custom virtual machine configuration directories, if applicable
• Default virtual hard disk drive directory
• Custom virtual hard disk drive directories
• Snapshot directories
• Vmms.exe (Note: May need to be configured as process exclusions within the antivirus software)
• Vmwp.exe (Note: May need to be configured as process exclusions within the antivirus software)
• Additionally, when you use Cluster Shared Volumes, exclude the CSV path "C:\ClusterStorage" and all its subdirectories.
• For more information: http://social.technet.microsoft.com/wiki/contents/articles/2179.hyper-v-anti-virus-exclusions-for-hyper-v-hosts.aspx

⎕ Default path for Virtual Hard Disks (VHD/VHDX) should be set to a non-system drive, due to this can cause disk latency as well as create the potential for the host running out of disk space.
⎕ If you choose to save the VM state as the Automatic Stop Action, the default virtual machine path should be set to a non-system drive, due to the creation of a .bin file is created that matches the size of memory reserved for the virtual machine.  A .vsv file may also be created in the same location as the .bin file, adding to disk space used for each VM. (The default path is: C:\ProgramData\Microsoft\Windows\Hyper-V.)

• Note: Hyper-V in Server 2012 will now only use the .bin if you choose to save the VM state as the Automatic Stop Action.
• Change to .bin usage in Server 2012: http://blogs.msdn.com/b/virtual_pc_guy/archive/2012/03/26/option-to-remove-bin-files-with-hyper-v-in-windows-8.aspx

⎕ If you are using iSCSI: In Windows Firewall with Advanced Security, enable iSCSI Service (TCP-In) for Inbound and iSCSI Service (TCP-Out) for outbound in Firewall settings on each host, to allow iSCSI traffic to pass to and from host and SAN device. Not enabling these rules will prevent iSCSI communication.

To set the iSCSI firewall rules via netsh, you can use the following command:

Netsh advfirewall firewall set rule group=”iSCSI Service” new enable=yes

⎕ Periodically run performance counters against the host, to ensure optimal performance.

• Recommend using the Hyper-V performance counter that can be extracted from the (free) Codeplex PAL application:
• http://pal.codeplex.com/
• Install PAL on a workstation and open it, then click on the Threshold File tab.
• Select "Microsoft Windows Server 2012 Hyper-V" from the Threshold file title, then choose Export to Perfmon template file. Save the XML file to a location accessible to the Hyper-V host.
• Next, on the host, open Server Manager –> Tool –> Performance Monitor
• In Performance Monitor, click on Data Collector Sets –> User Defined. Right click on User Defined and choose New –> Data Collector Set. Name the collector set "Hyper-V Performance Counter Set" and select Create from a template (Recommended) then choose Next. On the next screen, select Browse and then locate the XML file you exported from the PAL application. Once done, this will show up in your User Defined Data Collector Sets.
• Run these counters in Performance Monitor for 30 minutes to 1 hour (during high usage times) and look for disk latency, memory and CPU issues, etc.

Check out the entire thing and bookmark it! :D Click here.

xPrintServer Office Edition Review

xPrintServer Office edition is an excellent product! A product that is definitely worth the money. It's easy to setup and easy to configure if needed. This is nearly plug-and-play. I say nearly because I did have to go into the admin panel of the device and run the "discover" feature two times. I'll get to the that. For right now, know this is an excellent product.

The product comes in very nice packaging that has a clean style design. When I unboxed it I was amazed at the size of the device. It's about the size of an iPhone! I had read that on the product specs sheet but being the skeptical guy I am and didn't think it would actually be that size. Also in the box is an ethernet cable, power supply with adapters, wall mount kit (bracket and 2 screws), and rubber feet for those who don't want to wall mount their xPrintServer. As you can see in the picture you can connect a usb printer to it. I must admit, this reviewer hasn't tried that option. I've read positive things about that option, but I haven't tried that myself. Yet. If I do I will update this review.

I connected the device to our network via an ethernet calbe to our main switch. After it was connected and powered on, the LED network lights flickered and the device light at first flickered very fast then flickered slowly; this is the discover phase. I grabbed an iPad that was connected to our network via wifi. I browsed to a page then went to the printer options for safari. Only one printer was available. There should have been 3 printers available. I went ahead and printed the page just for testing and it worked just as it should have worked. After that, I went into the admin panel of the xPrintServer device. After running the discover tool
two times all 3 printers were discovered. I checked with my iPad to find that all 3 printers were ready for printing.

Aside from the device not auto-disovering all the printers at once, this device has been great. Setup is a breeze. Even the "extra" stuff I had to do was super easy and fast. All of this happened in less than 10 minutes. How great is that? You can't ask for more than that right?

In addition to enabling your iOS and Mac OS devices to print without any software or app installation, xPrintServer Office admin panel also has cool stuff for admins like: job status and viewer, log viewer, network configuration for the device, manually add a printer, and driver installation.

I highly recommend xPrintServer Office edition to those offices in need of printing from iOS devices and don't want to have to purchase iPad and iPhone printing enabled printers.

Currently Reading Training Guide: Configuring Windows 8

 Training Guide: Configuring Windows 8

The authors clearly know their subject. I've learned a lot from this book on how to implement Windows 8 in the enterprise and SMB. Lessons, practices, and exercises are the model and the authors have worked this model in an excellent way. The writing is top notch as well. Tech books have an image (no pun intended) of bad writing, i.e., dry, only writing what's necessary, but that can't be said of this book. The writing keeps me interested.

I'm only about 1/4 of the way through the book and what's funny is I don't want it to be over. I actually look forward to studying this book and doing the exercises. I highly recommend this book for the IT professional wanting an understanding of how to roll out then maintain Windows 8 in the business level and for the geek who just wants to know how it works.

When I'm finished with the book I plan on writing a full review.

Resources on Installing and Configuring Exchange Server 2010

In preparation for the install and configuration of Exchange Server 2010, I was greatly helped by the list of links below, so I'm sharing. I hope these links help you as much as they helped me.

Enjoy!

Installing Exchange 2010 step-by-step http://www.enterprisenetworkingplanet.com/datacenter/Installing-Exchange-2010-Step-by-Step-3877601.htm

Understanding receive connectors in Exchange 2010 http://technet.microsoft.com/en-us/library/aa996395.aspx

Create an SMTP receive connector http://technet.microsoft.com/en-us/library/bb125159.aspx

Understanding Edge subscriptions http://technet.microsoft.com/en-us/library/aa997438.aspx

How to allow relaying in Exchange 2010...securely http://exchangepedia.com/2007/01/exchange-server-2007-how-to-allow-relaying.html

Anonymous Relay with Exchange 2010 http://blogs.catapultsystems.com/tharrington/archive/2010/07/20/anonymous-relay-with-exchange-20072010.aspx

Troubleshooting the client access server http://blogs.catapultsystems.com/tharrington/archive/2010/09/17/troubleshooting-the-client-access-server.aspx

SSL for outlook web app 2010 http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_26160513.html

Security warning when you start outlook 2007 then connect it to Exchange 2010 http://support.microsoft.com/kb/940726

Troubleshoot Outlook Web Access problems http://www.techrepublic.com/article/get-it-done-troubleshoot-outlook-web-access-problems/5031583

Windows Server 2008 R2 RDWeb Resources

This is the first post of February 2013 and it's already the 19th. I can't believe it. I haven't posted in a while, but it's not because of laziness: I've been working on RDWeb for my work. Along the way I found some very helpful and not so helpful resources. I'll only list the helpful links.  Do note that these links may not solve your problem and that I'm not endorsing *every* solution mentioned in the links. The answers labeled "best answer" or "chosen answer" helped me in the forums. I didn't try every solution that is mentioned in the links below.

My main focus for deploying Remote Desktop Services was to make our local applications available to users located outside our network so that's the focus of the links below. 

Getting Started
Deploying Remote Desktop Web Access Step-by-Step Guide

Resources on Troubleshooting Outside Access Problems
External Users Can't Connect to Apps in RDWeb
TS Gateway "the computer can't connect to the remote computer"
External Access to RDWeb Problem
How to resolve external FQDN to a local IP when behind a firewall
RD Gateway/Web Access Outside the Firewall
Your computer can’t connect to the remote computer because the Remote Desktop Gateway server address is unreachable or incorrect. Type a valid Remote Desktop Gateway server address.
Can't Access Through Gateway
Remote Desktop Gateway is Temporarily Unavailable

Licensing
Remote Desktop Services Licensing

Customizing the RDWeb website
Customizing RDWeb

Troubleshooting Remote Desktop from RDWeb
Remote Desktop via RDWeb

iTunes has detected an iPhone in recovery mode. You must restore this iPhone before it can be used with iTunes

 This error is bad news, i.e., if you don't have a recent backup. I don't know of any way to bypass this error either. Apple support said there isn't one and to just go through with the restore. What does the restore do? Running the restore will reset your iphone back to factory settings meaning just the way you had it when you bought it, opened it, then started it for the first time.

1. Run the restore 
Just do it. You know, like Nike says: just do it (showing my age huh?). If you don't, you won't be able to use your iPhone. In iTunes click on the restore button and let it do the work. The restore shouldn't take longer than 10 minutes. There are progress bars through the whole thing.

2. Run your backup if you have one 
iTunes will detect the restored iPhone. iTunes will also give some indication of running a backup (if you're using the "authorized" computer - the computer you have iTunes on that you use for charging and syncing your iPhone). If there is a backup detected then run it! Even if it's a few days old or more because if you don't you will be starting your iphone in factory settings mode.

How long does the restore from your backup take? It all depends on the size of your backup, i.e. how many apps you had, music, notes, etc. The restore from backup on my boss's iPhone 5 took about a hour or a little more.

3. Make sure things run correctly 
I like to make sure things are running correctly before I give the device back to whomever. Make sure you can receive and send email correctly, that your iTunes store experience is correct, device to computer syncing works, iCloud syncing works and that other important apps are working.

All in all, this process wasn't as *bad* as I thought it would be. Why does this error happen? My boss told me his iPhone 5 began an update and that the didn't have time for it so he unplugged his iPhone from his computer and that's when he couldn't get his iPhone past the screen with the usb cable pointing to the iTunes logo.

So, if your device (whatever it is) is in "installing an update" mode then LET IT DO IT BEFORE DISCONNECTING IT OR TURNING IT OFF.

Configure Server 2008 VPN Behind Sonicwall TZ 210

You want to use your Server 2008 as a VPN for accessing remote applications and data at your workplace instead of your VPN firewall or a router that has that option? Understandable. Exciting that you found this post huh? No? Only useful? Well, okay.

First, install the server role.
The server role isn't called 'vpn' or anything like that. Go to Start > Server Manager > Add Roles > Select Network Policy and Access Services > Next > Next.

Select Remote Access Service > Next > Install > The Service takes a long time so make a sandwich or a salad if you're a vegetarian. When it finishes, click close.

Now go to Start > Administrative tools > Routing and Remote Access > The Server will have a red "south" Arrow on it > Right Click the Server and Select "configure and enable routing and remote access"

Next > Select "Custom Configuration" > Next.

VPN Access > Next

When prompted select "Start Service" > service will start > you can now close the Routing and Remote Access Console.

Make sure the user has 'dial-in access' in Active Directory Users and Computers. For example find Joe Smith in Active Directory. Go to his properties. In the dial-in tab, click "allow access."

Now we must go to the Sonicwall device.
Since the Server 2008 box is behind our firewall we must open the correct port and protocol to Server 2008. TCP Port 1723 and GRE (Generic Routing Encapsulation) to be exact.

You will need two rules in your Sonicwall. The first one is NAT.

Source original - any
Source translated - original
Dest original - your public IP
Dest Translated - your vpn server internal IP
Service original - pptp
service tranlated - original

The second rule is a firewall rule.
Wan to Lan
Source - any
Destination - my external IP
Service - pptp
Action - allow

These two rules cover the TCP port 1723 and the GRE protocol requirements.

Now you need to connect your remote client to the VPN server (your server 2008 box).

The following is for Windows Vista and Windows 7 machines.
Click on Start > Control Panel > Network and sharing Center > Connect to a Network > Set up a Connection or Network > Connect To a Workplace > Next.

Use My Internet Connection (VPN) > Enter the public IP address of the VPN server > Enter a Name for the Connection > Next > Enter your Domain Logon details > Connect.

I hope this helps. I couldn't find a single post covering all of this. There might be one out there. I couldn't find one so that's why I wrote this post. Enjoy!

Application Authentication Through VPN Tunnel Problem

This is a good "from the trenches" story, especially if you like networking. I've been working on this problem for exactly a week (no, not a crazy long time, but still, it's a while) and today I finally fixed the issue.

At work our main application for hr, payroll, general ledger, and employee self-service is called Springbrook. It's a nice, though slightly bloated, application that works for us. It's important to know how Springbrook is used for this story to make sense. Please bear with me while I give you the rundown.

The Springbrook application is installed on server1 along with the programs OpenEdge and Progress to handle all of the data processing for Springbrook. We have a separate drive just for Springbrook, OpenEdge and Progress. When the app is executed, the login page is opened in Internet Explorer. Springbrook uses the LDAP protocol (in our case Active Directory) to authenticate the user trying to login against the login id’s already inside of Springbrook, so when the session is established it requires that the user logs in and is authenticated to the domain which in turn makes the connection to the LDAP connector which verifies user info and allows them access.

How do the users run Springbrook? I have setup a mapped drive to the server on their workstations. I setup a desktop shortcut to the executable so the employees don't have to go that mapped drive each time and double-click the executable. So, it looks and feels like Springbrook is installed locally on their workstations.

This setup works great for local users right? What about remote users? We have those. One currently, but we're about to have one more permanent remote user. I decided to go with the VPN option in our Sonicwall TZ 210. It worked great. It was fast, surprisingly, and the user didn't have to go through remote desktop to use Springbrook which was nice. I mapped a drive to the server so she was able to use it just like the local users do. Fantastic.

Well, eight days ago Springbrook ran a service pack for the application. No problem because they do that on occasion to correct problems in the modules. The next day my remote user couldn't use Springbrook. I asked her if the VPN connected fine and she said "yeah, I can connect to the network, but I can't login to Springbrook." I told her to wait and I would be there in about fifteen minutes. I went through the checklist and found that nothing should be preventing her from logging in to Springbrook. I was so confused. The only change was the service pack install. I contacted Springbrook about this and the tech told me that somehow the authentication isn't happening in the VPN tunnel.

Okay. I knew that, haha

He then said that they use Citrix for their remote employees. I'm sure Citrix has a very nice WebApp tool, but if I can do this through a VPN tunnel and save us money that would be great. I don't like to go with paid solutions if we can implement a solution with equipment and software we already have. So, since I couldn't figure the problem out I decided to hit the forums. A person at serverfault recommended the VPN option in Windows Server 2008. I thought, "Why not?" I set that up in my lab. The VPN connection was fast, smooth, and near painless. *I'm going to write a blog post about it because it's so simple and there wasn't a single post containing all of the steps, instead I had to piece it together from multiple posts - ugh* Anyway, I connected to the VPN server, accessed the Springbrook share, ran Springbrook and guess what? I couldn't login to Springbrook. THE EXACT SAME PROBLEM. I understood possibly having an authentication issue using Sonicwall's VPN but there is no way that my server couldn't authenticate me because I connected to that server with my Active Directory credentials. 

I was livid. Suddenly, I thought, "Why don't I try adding the .local to the domain name in the domain field?" The Springbrook login window requires a username, password, and a domain. All users and I mean all of our users don't have to put the .local for the domain however when you're up against a wall you try anything. I added .local to the domain name and then Springbrook launched. That fixed the issue. I couldn't believe it. I then wondered if that was the problem going through Sonicwall? I called the remote user, asked her when I could work on this for her, she said now and so I went to her office. I enabled the Sonicwall VPN connection, ran the Springbrook application, added the .local to the domain name and like a charm I was running Springbrook. The user was happy and yeah I was happy, but I want to know why I have to add .local to the domain name when logging in remotely now. Remote users didn't have to do that before last week. Why now? 


I'm not satisfied. Could it be the recent Springbrook service pack update? I contacted Springbrook support and hopefully I'll hear back from them soon.

Anyway, lesson is try the easy things first. Like usual.

malware removal and prevention like a boss

It's highly likely that malware will never go away, no matter how awesome computers and the internet become malware will most likely still hang around like that old suit or old dress your parents never remove from their wardrobe and wear to parties. Gross. Anyway, since malware is here to stay, how does one go about removing it? Better, how does one prevent it? It can happen.

Check out this new blog post at InfoWorld written by Roger Grimes; let him tell you how the pros remove malware. It's a good piece.

While you're here let me give some advice on prevention. While malware is here to stay, it doesn't have to come stay at your house. This prevention method is near perfect.

1. Get behind a router/hardware firewall
If you have a direct line to the internet then you're screwed. You need to be behind a firewall and not just a firewall, but a hardware firewall. This is a good one. It's affordable and it rocks.

2. Antivirus 
You know, I think if you're behind a firewall and you practice safe browsing then you're most likely good to go. However, many people don't practice safe browsing. So, download and install Microsoft Security Essentials. It's the best antivirus out there in my opinion. Note: if you're running windows 8 then you don't have to do this because it's already installed and running on your system.

3. Safe-Browsing Add-on
This handy tool from Web of Trust rates websites for you and will give you a warning screen upon clicking a poorly rated link. This helps out a lot because it trains the user in safe browsing. Get it here. You will need to install it on every browser you use.

4. OpenDNS 
This is, arguably, optional. Using OpenDNS will not only improve your DNS performance (which makes your internet browsing faster), but it also has excellent security tools like malware prevention and safe browsing. The web filter is not only good for preventing porn, but it also filters sites that are infested with malware and other junk. Good stuff. Use it.

So those are four ways to prevent your pc and network from malware infections. However, these tools can't keep you (totally keep you) from user installed malware. So, learn about safe browsing.

10 Essentials Skills for Hyper-V 3.0

If you're interested learning 10 skills for using the next generation of hyper-v, I highly recommend this webinar by Brien Posey from Veeam.