Prevent Windows 7 From Deleting Network Shortcuts From Your Desktop

March 16th, 2011 by Paul Sterley | No Comments | Filed in Uncategorized

Credit where credit is due: I found this information here. There are some alternative suggestions about using Group Policy in the comments. One person said it worked. Another said it didn’t. It looks like the suggested GPO modification turns off all system maintenance, not just the shortcut issue. Anyway, here is my version of how to fix this issue, minus scripts, batch files, etc.

The problem: Windows 7 runs system maintenance periodically, and among other things, performs these actions:
1. Deletes broken shortcuts with broken network links, if there are more than 4 of them.
2. Deletes unused desktop shortcuts.

Prerequisite: You will need to be logged in as an administrative user, or start an Explorer instance as one.
1. Go to the \Windows\diagnostics\scheduled folder.
2. Take ownership of the Maintenance folder. Select the checkbox to replace owner on subcontainers and objects.
3. Set NTFS security on the Maintenance folder to allow the admin user to modify.
4. Click the Advanced button and then Set Permissions button, and check the box to replace all child object permissions…
5. In the maintenance folder, edit the file called “TS_BrokenShortcuts.ps1″ as follows:

Remove everything between these two lines:
[string]$list = “”
return $list

This should include:
Get-ChildItem -Path $path -filter *.lnk | Foreach-Object {
$fullPath = ConvertTo-WQLPath $_.FullName
$wmiLinkFile = Get-WmiObject -query "SELECT Name,Target,AccessMask FROM Win32_ShortcutFile WHERE Name = '$fullPath'"

if(-not(Test-ValidLink $wmiLinkFile) -and (Test-Delete $wmiLinkFile))
{
$list = AttachTo-List $list $wmiLinkFile.Name
}
}

6. You may also choose to modify the parameter that decides how many broken shortcuts are tolerated before a mass deletion occurs. To do this, do a search for “-gt 4″ and change the number 4 to something big, like 50.
7. Save the file. If you are prompted to save a copy of the file elsewhere, and cannot overwrite the existing file, you didn’t modify the NTFS permissions correctly.
8. You may choose to edit the file called “TS_UnusedDesktopIcons.ps1″ as well, like so:

Remove the content between the same two lines as above. This should include:

Get-ChildItem -Path $path -filter *.lnk | Foreach-Object {
$fullPath = ConvertTo-WQLPath $_.FullName
$wmiLinkFile = Get-WmiObject -query "SELECT Name,Target,AccessMask FROM Win32_ShortcutFile WHERE Name = '$fullPath'"
$lastAccessTime = Get-LastAccessTime $_.FullName

if((Test-ValidLink $wmiLinkFile) -and (Test-Delete $wmiLinkFile) -and (Test-FileShortcut $wmiLinkFile) -and (Test-Unused $lastAccessTime $threshold))
{
$list = AttachTo-List $list $wmiLinkFile.Name
}
}

9. You may also choose to modify the parameter that decides how many broken shortcuts are tolerated before a mass deletion occurs. To do this, do a search for “-gt 10″ and change the number 10 to something big, like 50.
10. Save the file. If you are prompted to save a copy of the file elsewhere, and cannot overwrite the existing file, you didn’t modify the NTFS permissions correctly.
11. You may want to set the permissions back to where they were before by removing the extra permissions you added, then enabling inherited permissions from the “scheduled” folder. You can also edit the ownership of the “scheduled” folder, do not change owners, and set the checkbox to replace the owner on subfolders. This will trickle down to the maintenance folder and its contents.

Dell Error Code for Failed Hard Disk

March 16th, 2011 by Paul Sterley | No Comments | Filed in Hardware, Not in the Windows Box

You have a Dell workstation. It’s under warranty. The event log has a bunch of errors with source “Disk”. CHKDSK reports bad sectors.

You KNOW the hard disk is failing, but Dell Support wants you to boot from a diagnostic CD and run some tests to generate an error code, which could take hours. You’re on the clock charging your customer for your time. Time is money.

You can tell the Dell technician that you have run the diagnostics utility, and that it generated this error code:

Error Code 4400:011B
Msg: Block 253122 (feel free to change up the block number for variety)
Medium error (3-1101)
Read retries Exhausted.

More recently, from an Optiplex 780:

Error Code 0142
Error Code 2000-0142
Hard Drive 0
Self Test Unsuccessful Status 79
Error Code 0F00:1332
Disk-Block 126377466
Interrupt Request (IRQ) did not set in time.
One of these will get you a new hard disk shipped from Dell.

Tags: , ,

There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of server.domain.com.

March 3rd, 2011 by Paul Sterley | No Comments | Filed in Exchange Server, In the Windows Box, Windows Server

You may received the following event in the Application log:

Application log generated Error Event 12016 on server.domain.local
Log: Application
Type: Error
Event: 12016
Source: MSExchangeTransport
Category: TransportService
Computer: server.domain.local
Description: There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of server.domain.com. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of server.domain.com should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task.

If you are not using TLS, you might not notice any ill effects of this error, but it’s annoying anyway.

You’re probably confused as to why you’re seeing this error, since you have a current, valid SSL certificate.
If so, there’s a good chance you used IIS to get your new certificate, and Exchange simply doesn’t know about it.
All you have to do to fix this is run a simple command line to tell Exchange to use your new certificate.

Before you can do this, you need to know the “thumbprint” of the certificate you’re going to replace the expired one with.

Here’s how to find it:
1. Run “MMC”.
2. Add the Certificates snap-in to your MMC console. Choose “Computer Account” and “Local Computer” when adding the snap-in.
3. Navigate to where your certificate is in the Certificates snap-in.
4. Double-click to view your certificate.
5. Click the Detail tab and scroll down the list of fields until you find Thumbprint (usually near the bottom).
6. Open Notepad, and paste the following command line below into it:
enable-exchangecertificate -thumbprint [your thumbprint here] -services SMTP
7. Copy the thumbprint’s hexadecimal sequence into the command line, replacing “[your thumbprint here]“, and remove the spaces.
8. Open Exchange Management Shell and paste the adjusted command line into the powershell.
9. When prompted, press Y to confirm the replacement of your expired certificate.
10. Make yourself a note on how to do this next time the cert expires.

Note: You could make yourself a self-signed certificate WAY into the future and use that one to avoid messing with this on a regular basis.

Tags: , ,

Reset Trend Micro client password on orphaned workstation

January 13th, 2011 by Paul Sterley | No Comments | Filed in Uncategorized

Reposted from here.

To remove / reset the uninstall password for Trend Micro OfficeScan

Edit Ofcscan.ini file. (Do a search.)

Windows 95/98/XP machines it is usually in C:\Windows\Ofcscan.ini

On Windows.NT/2K machines it is usually in C:\WINNT\Ofcscan.ini

Open the Ofcscan.ini file using notepad search for the [INI_CLIENT_SECTION]

Find the line reading Uninstall_Pwd= and type a # at the beginning of the line to comment it out.

Insert a new line saying Uninstall_Pwd=70

Save the Ofcscan.ini file and retry the uninstall. When it prompts you for a password, enter a ’1′.

Good Luck!

Editor’s Note: I used this in a fairly recent version on Windows 7 successfully.

I was also able to reset the uninstall password using the same method, and change the client’s permission to uninstall in the same section of the INI file. That’s fantastic security, by the way.

I went from being unable to uninstall due to a generic unspecified OFCSCAN.INI error in “Programs and Features” to being able to unload and then uninstall the software thanks to these INI file tweaks.

This is good stuff!

So you’d like to standardize your computers on Windows 7…

December 24th, 2010 by Paul Sterley | No Comments | Filed in Uncategorized

So you’d like to standardize your computers on Windows 7…

That’s a great goal to have, but it may not be a simple or inexpensive process, so you have to look at it closely, and perform a cost/benefit analysis.
At a high level, you have to look at:
  1. How much am I willing to spend to realize this goal?
  2. How difficult and disruptive will this be?
  3. What real benefits will I gain from it?
The primary benefit is in support. If everyone is on the same platform, the support staff’s job is easier, and the users can support each other to some extent.
Secondarily, and closely related, is software upgrade predictability. The behavior of the workstations when upgrading line of business applications is more consistent, and aside from problem machines, success/failure can be predicted by running a test on one PC.
The final consideration is of security. Older OSes are less important to Microsoft, and are more vulnerable to viruses.

So, how do I proceed?
First, take a good look at what you have. These are the primary criteria we are looking at:

1. Hardware Compatibility:
Were most of your workstations purchased in July of 2010 or later? Windows 7 was released to manufacturing in July of 2009, and manufacturers began preparing. It hit the streets in late October of 2009. If you bought your PC after that date, it’s probably Windows 7 compatible. You could try Microsoft’s upgrade advisor, but its abilities are somewhat limited. It might not know about third party drivers that are available to support your hardware in Windows 7. Here are a few tips to help decide:
a. Is it a name-brand computer? If so, go to the manufacturer’s website and look up its serial number or service tag. Check to see if Windows 7 drivers are available for that machine. If they are, your prospects are looking good.

b. If it is a “white-box” PC, then you have a difficult task ahead of you. Look at Device Manager in the existing OS and make a list of the hardware devices you can identify. Run the MS Upgrade Advisor first to look for basic motherboard compatibility, then go to the manufacturer website for each hardware device and check for drivers. Check them off one by one, and be sure not to miss any peripherals – scanners, label makers, printers, cameras, etc. Be sure to ask yourself “Is this worth it?” if the road starts getting rocky.

1b. Software Compatibility:
We’re not just talking about whether your machines will run Windows 7. We’re also talking about whether those line of business apps you run will work on Windows 7. Did you shave your expenses by cancelling the maintenance contract on that software package? Are you a couple of years behind on version upgrades, because what you had was working just fine for you? Time to take a closer look at that.

Maybe you can find out from the manufacturer whether your version is Windows 7 compatible or not. Maybe what they tell you is 100% accurate, or maybe they’re not being entirely truthful with you. The best way to find out for sure is to load up one Windows 7 PC with all of your apps and have someone use it for a couple of weeks, and see how that goes.

2. Longevity:
How long have you had your computers? They last three or four years, tops. Maybe you had one that lasted you 5 or 6 years once, but that was a fluke. Don’t push your luck. If you take an older machine and upgrade it to Windows 7, even if it appears to work, it may fail sooner than you’d like. You’ll have wasted the effort and the money. Sure, you might be able to re-use that upgrade license on anther machine, but you’d only be repeating your mistake. If you a buy a new PC, you can’t use that upgrade license with it. The smart buyer gets the OS bundled with the computer.

OK, I’ve looked at all of the above, and it looks good for upgrade compatibility. Now what?
The next thing to do is look at how much this will cost you in labor from an outside consultant, and/or administrative effort if you’re going to do some of it yourself.
This is detailed in the sections below, but generally, it takes about 3-4 hours to build up software on a PC, and another 1-2 hours to get a new user settled into it.
An experienced consultant, multitasking with a keyboard/monitor/mouse switchbox, can cut down on the software load time significantly if doing multiple PCs at the same time.

Some example/ballpark costs for a 10-PC upgrade:
A. 2-4 hours: Consultant time for driver/compatibility discovery on existing PCs, and possibly software version compatibility testing.
B. 8-10 hours: Consultant time, multitasking with a KVM switch,  to load OS, drivers, join the domain, and install software/updates on 10 PCs.
C. 8 hours: Time to put the computers in the hands of the users and get them settled in.
D. Plan to spend another 12 hours during the following week adjusting things and educating the users about their new PCs.

If you’re doing 10 PCs, but you’re doing them one or two at a time, these numbers aren’t valid. It will take much longer.
These numbers assume that you are multi-tasking effectively, everything goes smoothly, your users are smart, and they are considerate enough to let you get on with it and leave the details for later.
You can’t just divide these numbers to match your setup though. For example, if you have only two PCs to upgrade, you’re not going to be able to do it in 30 minutes for discovery, 2 hours for software load and configuration, 1 hour for getting users settled in, and 2 hours of follow-up over the next week. It’s probably going to take more than that. It gets more efficient as the numbers increase.

Keep in mind during your considerations that even if you buy brand new PCs with Windows 7 pre-loaded, you still have to do some of B, and all of C and D. You save time because you don’t have to worry about hardware compatibility and loading the OS. The time/effort you save and the hardware costs cancel each other out – but you have something to show for it if you buy new ones! Can you donate the old ones to charity and get a tax break?

How did you come up with these numbers?
Generally, it will take an experienced consultant 1-2 hours per PC to load a fresh OS on a computer and install drivers for the various hardware devices, assuming everything goes smoothly. If many are being done at the same time, a keyboard/monitor/mouse switchbox may be employed to multi-task and save some time. If you’re not an IT consultant, you’re doing this yourself, and you don’t have a lot of experience with it, plan for it to take at least 3 hours per PC.

Next up is joining the domain (if you have one), setting security, and loading the line of business software. This usually includes things like Microsoft Office, QuickBooks, some form of contact management or database software, miscellaneous utilities you use for picture viewing, PDF printing, etc. If you’re very organized (CDs, product keys, etc. all ready to go) and have a dozen or so programs to load, it might take another hour per PC. Again, a consultant employing a KVM switch to multitask might be able to cut down on this time.

Finally, after loading all of this software, there will be some updates to run. Windows updates, Office updates, Java updates, Acrobat Reader updates, etc. Sometimes there are multiple reboots involved. Figure at least another half hour per PC, assuming a fast internet connection.

After you install all of the software and configure all of the devices, now you have User Profiles to worry about. You’ll need to log in as the user who will be receiving the PC, set up the e-mail profile, add shared printers, restore their favorites and e-mail archives/address books/auto-complete lists, etc. from backup, and tweaking the line of business software as needed for that user’s role or preferences. Depending on how complicated your company’s setup is, this might take an hour per PC – maybe less if the users are smart and self-sufficient.

Add up the amount of time it will really take to do all of this, and decide whether you’re going to do these all at once, and whether you’re going to do them during business hours, or on a weekend. Keep in mind that once you hand out the first PC to the first user, your efficiency will  decrease, because that user is going to start interrupting you with questions right away. Windows 7 looks different, and maybe they’d rather just ask you than figure out for themselves how to do things – or maybe you genuinely missed something they need to be able to work.

But Microsoft’s marketing people say I can just upgrade the OS “in place” and save a lot of time. Why do I have to do all of this stuff you listed above?
If you are running Windows XP now, you might be able to load Windows 7 right on top of your existing operating system, and thereby avoid having to reinstall all of your software and devices. However, your chances of a successful OS load, and the likelihood of you being happy with the result, are drastically reduced if you go down that path. Generally, it is better to start with a blank hard drive and load it all from scratch. If you do this, I highly recommend purchasing new hard drives, and swapping out the drives before you begin, rather than formatting the old disks.

Why? Because:
a. Maybe you told the users not to keep anything important on the local hard drive (likely), and maybe they listened and understood (somewhat less likely). Or maybe not.
b. Maybe you have backups, and maybe those backups are current (somewhat unlikely) and include everything important (even less likely). Or maybe not.
c. Maybe you made a checklist and backed up or wrote down EVERY important little detail about the computers that have been in use for the last year or so (uh huh). Or maybe not.
d. Maybe, in the case of software that requires activation/deactivation (like Adobe suites), you remembered to deactivate before you started this process (I always forget). Or maybe not.

WHEN (not IF) you discover that you forgot something, EVEN IF YOU HAVE A BACKUP, it is a heck of a lot easier to just swap the old hard drive back in to get that important file or check that detail than to try to pull it out of the backup.
Workstation hard drives are cheap, so you needn’t be. When you’re done, you’ll have fresh hard drives. They are one of the most common things that fail in a PC, and certainly the most expensive from a TCO perspective.
You can keep the old ones as spares, or put them in USB external cases ($25).

This all sounds like a LOT of work, and a VERY expensive process.

Yes, yes it is. I’m glad you noticed. Now you have a decision to make. Buy new PCs with Windows 7 pre-loaded, or upgrade the ones you have.

If nothing in the above article has killed the upgrade initiative for you, then consider this:

You’re going to have to go to Windows 7  eventually, and you’re going to have to spend every dime of what I listed above eventually. All you really have to decide is whether you want to do it all at once, right now, and have smooth sailing for a while, or whether you’re going to do it one at a time, as PCs fail or as your budget allows.

Upgrading  your workstations all at once is much more efficient – but yes, it’s a lot of work, and it’s a lot of money to spend all at once.

But the good news is that now you know exactly what you’re in for, and have the tools to make an informed decision.

Good luck!

« Older Entries
Newer Entries »