A while back we started using Connectwise for our Helpdesk system and we use roaming profiles for our techs. Unfortunately Connectwise has to write to the appdata directory and the permissions were not set for Connectwise to write the files correctly and it also assumed that your appdata directory was going to be on c:\ rather than \\server…..
It took some digging and trial and error before we were able to get this working – the solution is to do the following from a command prompt –
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol -machine -addgroup LocalIntranet_Zone -url “file://server/user$/%username%/appdata/*” FullTrust -name Andy-PsaIntranet
I think the name parameter can be anything but we set it to firstname-PsaIntranet. Also note the appdata has the path to appdata but with forward slashes instead of back slashes.
Connectwise is a great tool but whatever you don’t do, don’t use the hosted version – the performance and the lack of options and features that are crippled in the hosted product makes a very frustrating end user experience. Last night we switched over to an inhouse version and I found that I had to create a new data directory in the connectwise directory. Note this was after doing the incredibly annoying “clear cache” function in Connectwise. Create %appdata%AppData\connectwise\psa\cache\companyurl.com\companyname\connectwiseuserid\data
Jeremy Moskowitz from the GPAnswers website posted a good question today - How do you name your Group Policies? Strangely enough it had never occurred to me to have a naming convention for the GP’s – normally I just make sure they are descriptive enough in the name and use the comment fields in 2008 and newer to provide a changelog of the Group Policy and details on what it should do. However, this does rely on EVERYONE updating the group policy and I know this doesn’t always happen – even I sometimes forget to fill in this information when making a quick change, so have a standard naming convention seems a great idea. Having the author (or initials) is also important so other people can easily hunt track you down to get clarification or assistance on the settings.
Do you have any naming conventions that you use?
I use Onenote extensively at work and love the ability to take freeform notes in meetings and organize stuff into the separate folders. One of the things I use it with are the various projects that I’m running in the office and these notebooks are shared amongst the project participants so we all are working off of one realtime document. This has the advantage that most of the data is in one place and we have a historical record but it is hard to tell what documents have been changed recently and with the proliferation of notebooks, it’s hard to remember which notebook contains a particular document that I worked on last Tuesday for example.
Previously I was using a toolbar icon that shows me the notebooks changed in the last 7 and last 14 days of use. This was really useful, but recently I stumbled across Omer Atay’s Onetastic addin. As the name suggests, this is really good addin (should have been in the shipped product) that enables you to tidy up the print to onenote output AND also has a built in calendar display option that shows you the documents that have been changed on the day, week or month that you select. The Calendar option is also available as a standalone application, but you might as well have the web clipping (which also contains a cropping tool too) add in too.
Highly recommended – especially if you share your OneNotes with other people or you are not that organized in filing your documents 
Note this does require OneNote2010 – but you are on that already right?
Update – Never mind – see bottom of article.
Discovered an interesting flaw in the requirement for two factor authentication with gmail today. I like to use the application on my cell phone to ensure that only I have access to my account – and if somehow a keylogger was in place, my password to gmail is not any use as the 2nd factor authentication would also require access to my cell phone.
However, today I logged into google reader first (which doesn’t support 2nd factor authentication) and used my username and password only. I then clicked the gmail tab at the top of the reader – and hey presto I’m into gmail.
Bottom line – don’t think that just because you have enabled 2nd factor authentication you are safe from keyloggers on a pc or network sniffing/man in the middle attacks. I’ve not reported this to Google yet but it will be interesting to see what they say.
Update After signing out AND restarting firefox I was prompted for the 2nd factor password. Interestingly I wasn’t prompted until I restarted the browser – so as usual – always restart browsers once you’ve finished with them.
Yes I know it has been ages since I posted on this blog and I apologise. Real life and taking up running has meant my priorities have been elsewhere but I do have some techie posts coming up shortly (I promise).
So I’m almost ready to run my first 5k Run on Oct 29th in aid of Tyler Burchett, the son of a work friend who suddenly became paralyzed through Myelitis a couple of months ago. The run is a fundraiser to help support the family with medical bills and home modifications.
So, if you’d like to sponsor me and will see me in person before (or shortly after) Oct 29th 2011 then I’ll gladly pass your donation on. If you are not going to see me in person but still want to sponsor me or donate to help this family then you can use this paypal link
(Note that the money will go into my account which I will then transfer to the Burchett family – You will have to trust me on this – it was the best way of reducing the credit card fees. Incidentally if you have a paypal balance there are no fee’s. Otherwise there is a small credit card fee that I will cover up to the first $1000 of donations if you do not wish to pay the credit card fee – let me know on the sponsor form)
If you are a runner in the Columbus,OH area and want to run a 5k to support a local family then there is still time to sign up at the official race page – all the race fee’s have been covered through corporate sponsorship so your race fee goes directly to help the family.
If you want to bake some food for the runners afterwards I’ll also take this down to the race too. (Just please make sure it doesn’t have nuts in it so I can eat it )
If you subscribe to my feed here, my IRL and Facebook status, I apologise for sending this out multiple times.
The new laptop has a fingerprint reader included and comes with DigitalPersona’s fingerprint software. At first glance, this looks like a useful piece of software but after trying to use it, I’ve found it very buggy and the support is non-existant. DigitalPersona offer no support for the product and refer you to the OEM partner, in my case Dell, who have nothing in their knowledge base about this product either.
My problem was to do with our roaming profile. After receiving the laptop last night I synched (or so I thought) to the domain, took the machine home and logged in. Windows7 decides that it can’t load my profile and uses the temporary saved copy – all well and good for now, my desktop background, images, shortcuts etc all exist. However every time I go to add a new website in DigitalPersona, it seems to take the information but does not actually save it to the machine. Suspecting roaming profiles, I created a local user, logged on as that user and registered my fingers. Note that if you do this, when you use the Windows Login Screen and your finger to login, the pc automatically logs you in without asking which user you want to use. I’m not sure how it determines which user to use, but in my case it used my local user (which was also the most recently created user).
After logging on as the local user I was then able to launch Internet Explorer (9), log into gmail, facebook and this blog and register my usernames and passwords and DigitalPersona kept the information. At this point I also used the option to download and install updates to the software – the most recent version that is now running on the pc is 5.30.252a. Note to get to the updates, click on the plus sign by central management and then the update tab appears.
I then logged off the machine and logged back as my domain account. Tried to use DigitalPersona and yet again the software refused to take my passwords. I opened explorer up, browsed to %appdata% and sure enough – there was no DigitalPersona directory. I then browsed to c:\users\localusername\appdata\local and checked out the DigitalPersona directory. This contains an OTS directory and then a _dp_ots_tmp and DPIconCache directory. The tmp directory was empty and the DPIconCache directory contained an icon for the sites I’d saved the password to. I copied the DigitalPersona directroy from the localusers\appdata\local directory to my own %appdata% directory and magically was able to start saving passwords in IE9.
Unfortunately I’ve yet to get the program to work with Firefox or Keepass – the program is unable to detect Firefox or Keepass having a login window.
If anyone has a better (preferably free) password manager that works with IE, Firefox, Chrome and Keepass (last is optional) then please let me know.
Several years ago I had a bookmarklet that would let me jump from an Amazon book page to the catalog page on the Columbus Metropolitan Library website. It was then a simple matter of clicking the reserve button to add the book to my reserve list. A while back the library changed their system and I never got round to updating the bookmark,but drag this CML Link to your favourites bar and you too can have the same functionality. If you are not using CML’s system the link is pretty easy to change so you may be able to work it out yourself. Alternatively try using Jon Udell’s Library Bookmark Generator page that got me started in rebuilding this link.
After several hours of work today, Powerpoint suddenly gave the error message “PowerPoint was unable to display some of the text, images, or objects on slides in the file, filename because they have become corrupted. Affected slides have been replaced by blank slides in the presentation and it not possible to recover the lost information. To ensure that the file can be opened in previous versions of PowerPoint, use the Save As command (File menu) and save the file with either the same or a new name.”
Now it is all very well giving a really verbose error message, but to totally blank out slides and wipe out missing data is a very peculiar way of fixing the issue. It looks like a hotfix was released in May 2011 but in our case, I saved the file to a usb drive, copied it across to my machine that had office 2010 installed and then opened the file in Powerpoint 2010. I was able to open the file but this time I got another warning about some data being corrupted but the slides that were empty in 2003 were displayed ok. I then resaved the file back to a new filename on the usb drive, opened the new file back in 2003 and we were really relieved to have a working powerpoint file to continue working on.
Not only is the data back, it also means another 4 hours of work does not need to be repeated and instead more time can be spent surfing waves – a great result all around.
Troy Hunt has a nice analysis of some of the passwords that were recently stolen from Sony. As usual, most of the characters are pretty easily cracked, although in this case the hackers didn’t need to as the passwords were stored in plain text. The scary thing is how many of the passwords were the same between the Sony site and the Gawker site that was also broken into earlier. Naturally the key (no pun intended) between the sites is the userid is commonly the email address which then also means there is a fairly good chance of having your gmail account broken into. One of these days I’ll break this information up into a password guide for users to show then how it “really could happen to them” and the risk it generates to the company as well as their personal information. I’m actually surprised at the number of people who use their work email address for things like Facebook and other social applications. After all, work email address’s are not exactly permanent nowadays and definitely not private. It would also be really interesting to take all of our email address’s from our clients and run them against the login id’s from this database to see if anyone was in the database. Alternatively checking previous web site history viewing would give a clue if people were using this site (but would be a very painful and time consuming process). The only problem is the time it would take and the fact that only a subset of the data was made available for download to the general public.
One of the things we now do as part of an SBS2011 or SBS2008 migration is to add a report in the console purely for backup purposes. This gives us the ability to check the backups are running every day and can also be sent to the clients IT technical contact for reassurance. If you log on as the administrator and try to run a report to email, the server fails with “An error has occurred while sending this report. As a result, some of the recipients will not receive this report in email.”
The solution is simple. Log off from the administrator account and use the one that was setup for the migration – this seems to do the trick. The only thing left (for me) is to work out how to modify the report to send me the last 24 hours of backups – not just the last and the next backup job. We backup 3 times a day but only find out the status of the last job with the existing reports.
