Somehow when I installed LCS I had not set the account to not expire so I was getting warnings in the eventvwr that the password was about to expire. Last week I set the service account to not have the password expire and I thought that was the end of it. However today I checked the eventvwr and found that I was getting eventid 12295 which is because the password is set to not expire. KB Article 830534 incorrectly (imho) states that this is due to the default domain policy or other group policy. This is only partially correct as it also occurs if you override the maximum age domain policy and select “password does not expire”
Month: March 2006
I posted a comment to Brian Livingstone’s Windows Secrets newsletter that got published in todays edition about avoiding the annoying “Do you want to reboot” dialog box. It’s nice to be quoted and nicer to get a gift for submitting the tip. Now I have to decide which of the many things on Amazon I would like purchase.
Incidentally if you don’t subscribe to this newsletter and you are a techie then Go signup now. There is no rss feed available unless you use an email to rss conversion facility.
I’m not sure why, but on a server, in the d:\data directory I ran this command…
cacls . /t /g:usergroup:c
This didn’t have the expected behaviour of granting change to usergroup on the d:\data directory and all files and subdirectories -that would have been too simple.
Instead it replaced the permissions (I should have had the /e) which is fair enough, but WHY OH WHY did it proceed to do it not only on d:\data but also all the files (and subdirectories) in c:\windows (including system32 and other fairly important files). Needless to say I had a very worrying moment – in fact several of them when I discovered i had no access to run cacls anymore (permissions removed) and the only people who could access the windows directory (but with no access to logon locally) were members of the usergroup.
In the end I had to change the permissions, cascading down from windows and then run the Security Analyzer wizard to check that everything was ok.
I have no idea why it suddenly started doing c:\windows. I know I was in the d:\data directory as I checked before hitting return, I could see the present directory after the command finished AND the permissions were also correct on d:\data
Managed to get a verizon and a Sprint pcmcia adapter to try out the companies wireless internet access via a trial period that the companies had given us. The initial experiences were vastly in favour of the sprint setup as the card needed installing in the slot, the software installed and the GO button clicking on the software to connect to the internet. The verizon card on the other hand needed installing, various usernames and phone numbers entered (no passwords though) and then clicking on one of their two accounts that were created in their applet. At this point the software failed due to username and passwords were not correct – but there had been no questions for the username and password in the installation process and no options within the software to provide this information (even if we knew what to put in). As it turned out, we needed to ring verizon to activate the card before use – not a very good out of the box experience if you have to ring the support line (for a long time) to get the line activated with no instructions to say that you need to do this. The other downside to this process is that you need access to a phone besides the phone card that has just been purchased – which may not be available.
Having said all that, it seems that once the verizon card was setup correctly the performance on the network was a lot better than the Sprint, but I’ve not had the laptop in my hand to quantify this.
Speaking about Out Of The Box experiences, our new vacuum cleaner had a HUGE red warning sign as the box was opened that said “Stop – Do NOT return to the store” (as did the old cleaner) – this seems to imply that they are expecting a lot of faulty returns as the shops will take the items back no questions asked, whereas the vendor will make you jump through hoops (and make you pay for return shipping).
I’m having a problem where ctrl-p doesn’t work in a kiosk mode machine with group policy restrictions and wonder if anyone has a clue? I’ve posted this to google groups.
I have a group policy enabled for a particular user for a locked down, kiosk user interface in a public area. Currently in *some* web pages the ctrl-P shortcut key will work, but on other web pages nothing happens when ctrl-p is pressed. Other shortcut keys such as ctrl-h, ctrl-r, ctrl-w activate properly (in the case of ctrl-w this option complains that the user does not have access to close the window).
We are running internet explorer as the shell in kiosk mode, but removing the kiosk mode doesn’t make any difference. Likewise, we have disabled the toolbar, but adding the toolbar back and enabling the print button also does not make any difference – the print dialog box never appears on certain web sites.
www.msn.com, http://travel.msn.com/default.aspx both work but http://travel.msn.com/New_York_City_New_York_State_list_entitylist_attractions_23164_2.aspx or http://www.helsby.net or https://absoblogginlutely.net doesn’t. There are a lot more sites that do/don’t work but these are just a couple of examples.
Anyone come across this problem before?
I’ve uploaded the resultant set of policies wizard output to https://absoblogginlutely.net/test/lock.htm – the only thing I’ve done is change the domain name for security reasons.
Did you know that if you change the motherboard in your pc then MS will see this as a new pc and you therefore need a new licence of xp? Apparently you can replace a motherboard under warrenty (but I assume this needs to be the exact same model) but how likely is it that someone could obtain the exact same motherboard 9-12 months after their original purchase?
I read about this on the partner website (I think) which implied that this was a new licence change, but the system builder chat in Feb2005 mentions this too – so it’s not actually that new.
There is a new version of Autorun out now but it looks like the licence agreement has changed which means that I can’t use it on customer boxes anymore. You can use it on your own pc, your companies pc but you can’t load it on another companies pc unless you are employed by them directly unless you purchase a commercial licence. The licence agreement is in the extended entry. This looks like a new change to the utility as the previous version(s) didn’t seem to have this restriction. I doubt that many people will notice this change (or take any notice of it) but it looks like we’ll have to use an old version or look for another utility – msconfig anyone *shudder*
It’s patch tuesday today with two vulnerabilities out, one critical and one important. Needless to say I’ll be looking at these in detail real soon now. Of interest is the fact that Microsoft now do an ISO of all the security patches available which is updated each month. This might be very useful to have when investigating a dial up pc.
Useful list of Microsoft podcasts which I didn’t know they did – there are at least 3 of these that I want to listen to.
Ever wonder why the IT department ask you for the EXACT error message and then have to repeat the request (several times) when the reply is “something like……” – well if you read the first reply to this help request you will know the reason why.