After attending a Vista Management webcast yesterday I was all fired up to install Vista on one of my older pc’s – unfortunately it was only open to msdn subscribers (which my company is) but I didn’t have the information to download it. However, thanks to the JCXP I’ve got my own copy as it was released today. Currently downloading the ISO now. Not sure how long it will take and I hope that the huge thunderstorm we are having right now doesn’t take the powerout at 99%
Hmmm – if you are like me and forget your admin password, then you can follow the instructions at Tamba to reset the password. Note that this does rely on you remembering your phpadmin password – which shouldn’t be the same as the wordpress one!
I setup my wrt54g with openvpn support and enabled the OpenVPN server as per the wiki documentation and it works great.
Now I just need to ensure that my web browsing is being tunneled through this interface when connected remotely and I’ll be able to surf remotely and securely.
A script to remove those annoying intellitext ad’s – those double underlined in green words that are starting to appear all over the place such as at The Gadgeteer and the once was useful but not anymore expertsexchange. The links will appear briefly but then get removed by the greasemonkey script.
Looks like there is now some more incentive to start using the powershell that I installed on the notebook as there are two ide’s to use – see Scott Hanselman’s blog post for more details.
I discovered that there is a replacement to cacls called xcacls.vbs which can be downloaded from kb article 825751 which has instructions on how to use it. Not sure why there is a new version, but the output from the vbs script does look a lot nicer than cacls. Hopefully it doesn’t blow up permissions like cacls did for me once.
I was initially under the impression that only 10.1 was vulnerable to the new exploit that went out, but apparently it’s almost every 10. version of the software. The web page at symantec’s sym06-010 page is good for providing links on what needs to be upgraded to what version. This is something that symantec is VERY poor at doing – I’ve never received a new patch level notification or anything, apart from the marketing push to upgrade to the latest version – but even then the latest versions that I’ve been sent haven’t been the latest version and have needed patching!
I got asked a question at work today that had me stumped (although spf might be a solution).
The scenario:- The spammer create a spam email and spoofs the from email address. The From email address is set to be a spamtrap email address – one of the emails that will blacklist your domain if you send email to it.
The email then gets sent out to a million people – several of whom have out of office assistants turned on, and so they reply to say they are out of the office.
The result:- The spamtrap email address gets an email from your domain and your domain gets blacklisted. Your users can’t send emails to valid recipients and spamcop takes forever (12-24 hours on the best of days) to get your machine white listed again.
So my question is – how do you solve this problem or work around it? You need to keep out of office on so that genuine users will know if their email is going to get read or not. I was thinking that possibly spf would work. A user who is likely to check spamcop for blacklists is also likely to check spf records. If you have spf records set, then the spoofed email would not be accepted in the first place…… The only flaw with this is that it relies on both the relay machine AND the recipients to do spf checking – and not a lot of people do that.
I contacted 1&1 the other day to see if I could set up spf records for helsby.net but they don’t support it on any of their packages – seems a shame, but also seems to be in keeping with their policy of not letting you getting your hands dirty in the real management of the network and making everything gui-ized.
Had a customer whose wsus box wouldn’t download updates from microsoft with event id 364 – Content download failed. Reason: Access is denied. Source File < snip > destination File: d:\wsus\wsuscontent……
It looks like the permissions on the root of d: (in this case) are not correct – Network Service needs read access – unfortunately Network Service does not appear in the list of users to add to the drive (and you can’t right click d: to assign permissions).
Fortunately by using cacls you can change permissions – note that cacls is very powerful and you need to understand what you are doing before running this – take it from me, cacls going wrong can really mess with your system and your sanity and your job security!
If you are still with me, you need to do the following:
From a dos prompt:-
d:
cd\
calcs . <--- this provides you with the current state before you change it
cacls . /e /g "NT AUTHORITY\NETWORK SERVICE":r
cacls .
Then in wsus console, double click a client that needs an update, click on the status, click on an update that has failed. Click retry download. Look at the eventvwr and you should see event id 361 - Content synchronization started. A quick glance back at your wsus homepage should show the files being downloaded.
I had a problem trying to run Windows Updates on a machine, getting an error “Windows Update has encountered an error and cannot display the requested page. You may find the following resources helpful in resolving the problem…’Error Number: 0x80096001”
Several kb articles (ie kb822798) mentioned the need to edit security settings and reregister dll’s and/or remove the %windir%softwaredistribution directory but unfortunately this didn’t work.
Part of the troubleshooting for this involves going in and looking at the certificate status within internet explorer. When I tried to double click on the certificate it gave me the error message “system-level error occured while verifying trust” on any of the certificates.
A post on the microsoft.public.windowsupdate newsgroup gave me a clue and by logging on as another administrator it all worked – my certificates are ok and windows updates runs through successfully.
Update It turns out that the problem in this case was partially caused by having a readonly profile – for some reason the desktop folders etc were all redirected to a share that didn’t exist. By searching for this entry in the registry and editing it to point to a share that did exist I was able to get the profile (and windows update) working again.