IntelliAdmin.com

Block XP SP3 - Stop the madness

2008-05-13T09:50:00.002-04:00

If you have not heard about it already, many people are having big problems with Windows XP SP3.

I just want to remind everyone that we have had a tool out since January that will delay the automatic install of SP3 for 12 months.

You have 4 options for preventing the automatic install of SP3:

1. Download our Network Administrator to deploy the change across your network.

or

2. Download and use the free GUI tool we have to make the change on a single system

or

3. Download and use the free command line tools from MS

or

4. Update the registry manually. To do this you simply need to go to this key:

HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate

Create a new DWORD value named DoNotAllowSP and set it to 1 (To disable the SP install), or 0 (To allow the SP install)

One final reminder - all of these blocking options are only valid for 12 months following the release of the service pack. After that, Windows will ignore the registry change and install.

Find out where a DLL, EXE, or SYS file came from

2008-04-15T08:33:00.003-04:00

There have been many times while working on a problem that I have found files that look suspicious, or are not part of the standard windows install. Microsoft has provided an excellent resource for researching executable files within windows.

It is called the DLL Help Database Search

So for example...you are working on your server, trying to diagnose a problem...and you see a process running called MAD.EXE

On the surface this really looks like a nefarious program. What legitimate application could be called MAD.exe?

If we do a search on the DLL help database we find that it is part of Microsoft Exchange:

Even better, you can see the version history of the file, what product it belongs to, and even the path of the file on the original install disk by clicking on the "More Info" link:

If that was not enough information for you, each file has a link to more details. Click on it, and there is even more:

This is an invaluable tool for IT Administrators, I suggest adding it to your list of bookmarks:

http://support.microsoft.com/dllhelp/

VMWare 2.0 Beta 2 Release

2008-04-08T13:21:00.003-04:00

VMWare has announced the release of Beta 2 of their server product.

It is supposed to have improved performance, and include these new key features:

- Update VMWare Infrastructure (VI) Web Access management interface

- Independent virtual machine console

- Support for USB 2.0 devices

- Multi-Tiered permissions

- New Hardware editors

- Automatically start your virtual machines

This is the next generation of their free server product. I am downloading this beta right now to see how far along they are.

Visit their website, and Get your own copy today

Restrict User Logon Hours

2008-04-08T08:09:00.004-04:00

We have a support contract with one of our software vendors. From time to time they need to login via Remote Desktop and make changes or updates for us.

I setup a special account that will notify me when they login to our server - that way I always know when they are on our system. They always work on it during business hours, and in the past they have always called us before doing any work.

This morning I see a notification email that they had logged in after 6pm last night. Grrr. I like them having their own account and password, and I don't want to disable and enable their account each time they need to do work...so I decided to see if I could limit their allowed times for logging in.

It is actually much easier than I imagined. To do it you need to get on the domain controller, open up Active Directory Users and Computers, and double click on the user you want to limit (In this case I will use our support account)

Then move over to the accounts tab, and click on the button that says "Logon Hours"

Once you click on that button, a window will appear that allows you to select the hours the user can logon.

Simply make your choice, and now the user is limited to logon the hours you selected. If they try to logon during a restricted time, they will be greeted with this message:

Now you don't have to worry about users sneaking in when they shouldn't

Vista Service Pack 1 is coming your way

2008-04-07T09:59:00.004-04:00

Service Pack 1 for Vista was released a few weeks ago. For now, it is an optional update. Beginning mid April, SP1 will start automatically downloading to PCs - Only on machines that have automatic updates turned on. Not to fear, it will download but not install automatically.

If you are not familiar with the new layout of Automatic updates, you can see if it is available for downloading by opening Internet Explorer, click on tools, then Automatic updates. It will bring up the Automatic Update application. Click on the link that says "View Available Updates"

If SP1 is available, it will look something like this:

If you want to try it out now, but you still do not see it in your list of optional updates there are a few things you need to check:

-You have a pre-release version of Vista. If you do, you need to uninstall windows, and install a fresh full release.

-You already have it. To check, simply go to the start menu, and right click on computer and go to properties

-SP1 is only available in these languages: English, French, Spanish, German, and Japanese. If you have another language version of Windows installed, it is not available yet

-Windows update has detected that you have drivers that are problematic with SP1. If this is the case, SP1 will not show up in your list of updates (No way we know yet to determine if this is the case)

-You are missing pre-requisite patches needed. Simply keep running automatic update until you are fully patched.

We are still testing it out here ourselves...we can't recommend for or against it yet. I think many of the fixes will be invisible to most - since their major focus for SP1 was driver incompatibilities.

Use auditing to track who deleted your files

2008-03-21T07:51:00.004-04:00

I had a reader write me a few days ago:

...I'm in a school environment and a student has deleted some files and I would like to know how I can do this in Win2k server to catch this sucker. Please advice and more power to you.

This can be accomplished through auditing. Lets start out by identifying what folder we want to watch - and be careful where you turn on auditing...turn it on too many folders with too many options and you can have huge performance issues.

We find the folder we want, and right click on it and go to properties

This will bring up the properties page for the folder. Move over to the security tab, and click on the advanced button:

The advanced page will appear. Click on the Auditing tab, and click the add button:

A user dialog will come up. I chose to put the "Everyone" group here. This allows me to audit for any possible user account that may be deleting files. If you think you know who it might be...you could put those users here instead. The smaller window of users being audited means better performance.

Once you click OK, a selection box will be displayed. Again - chose only the options you need. Each additional option will reduce performance. Here I just pick the options to audit deleting files and folders

Click OK through all of the windows you have open. If a user deletes a file or folder Windows will write an event to the security log.

Now. We have our auditing turned on, and you get to work one morning and find that files are missing. Simply open the event viewer and move over to the security log. Look for the event ID 560:

Double click on the event, and you will need to sit there and read it for a little bit to determine who did what. Here is an excerpt from mine (I copied the text from event viewer to notepad for easier reading)

We can see from this log entry that the user Administrator deleted the file setuperr.log

Now when someone deletes a file, you will have no problem determining who did it.

If you have a windows administration question, or an idea for a utility please send me an email at support@intelliadmin.com. I can't promise that I will answer every email, but I try to read them all.

IntelliAdmin Remote Control - Status Update

2008-03-18T21:37:00.005-04:00

We have been working on the new version of Remote Control LAN edition for quite some time.

Over a year in fact.

For those who have been waiting...it will be worth it.

Before talking about some of the cool features I want to let you know that all current customers will get a free upgrade. This is a big deal. Why? Because when we do release 3.0 we will be raising the price. In addition we may be changing the way we license the product (Possibly per client instead of per administrator). So if you buy now, you will be getting 3.0 for a lot less.

The biggest change will be Vista, and 64 bit support. This sounds so simple on the surface, but making our product compatible with Vista has been one of the most challenging programing projects we have ever faced.

I don't want to get too technical, but lets take an example...

To grab changes on the screen we need a special DLL called a 'hook'. This hook DLL allows the agent to see any graphical changes, and then send them back to the client. To make all of this work the hook uses a shared piece of memory. This shared memory *must* be accessible to all processes on the system.

Well, for quite some time we fought with our hook in Vista. Why? Because every time Internet Explorer was launched our hook would crash (Sometimes taking the system with it). Finally we determined that IE was now launched in a special restricted mode, and if you wanted it to access your shared memory you needed to explicitly allow these types of processes to access it.

This would have been easy to discover if Microsoft had properly documented this - but it was very hard to find. Worse yet the API calls needed could not compile with the current version of Visual Studio (Well after Vista had been released). With a little luck and lots of research we finally got the hook to work.

As you can imagine, this is the tip of the iceberg. I could fill over 100 pages describing the enormous changes needed to make it not only compatible with Vista, but work well with Vista.

We are still getting all of the ends tied up, and I have a rough estimate of about 2 months before we release our first beta. It might be less time than that, but I want to give our team breathing room so they concentrate on quality and not race to finish

With that said, lets start looking at some of the feature in the new version.

Request access before connecting:

We have a flood of email asking for this. Essentially it allows the end user to have a choice when you connect. They are asked for their permission before you can control their computer. I believe in some areas this is a regulatory requirement (Like being notified that your phone conversation is being recorded).

We wanted it to be clear when permission was asked. So what 3.0 does is darken the current desktop, and display a request form like this:

Now, even this feature gave us some heartburn. We wanted this to be shown even if the user had not logged in yet...and it does do that (This was not easy to accomplish). No matter where the user is at, they will be prompted for access.

Seamless operation during a UAC prompt:

If you have not used Vista before, you might not know what I am talking about. Essentially a UAC prompt is popped up each time you try to do something that requires administrative access. It looks something like this:

Whats the big deal here? Well the big deal is that most remote control software out there will choke when this prompt comes up. RealVNC will just disconnect you. UltraVNC has this wacky disconnect and reconnect feature, but very few remote control solutions have an elegant solution that allows seamless operation before, during, and after a UAC prompt. We have accomplished this in 3.0.

Support for Group Policy, and Windows User accounts:

Currently you simply need an administrator account. Now this will always be true if you want to automatically install the agent over your LAN. What if you wanted to install the agent yourself, and grant all users that are a member of the "Remote Administrators" group "View Only" access? This is all possible in 3.0. In addition, we will make available a group policy template that will allow you to deploy, and manage permissions of agents across your network.

Lets start looking at some screen shots of the software :)

Multi-User permissions

There are three types of accounts available in the new version.

1. Windows users and groups - These are domain, or local accounts that are granted access to the agent

2. Standard username and password - These are username and password combinations created by you, but do not require any interaction with windows security

3. VNC password accounts - Yes. You read it right, support for VNC client to connect to the agent.

Now with 1, and 2 you get a secure connection with Diffie-Heliman key exchange exchange, and 256 bit AES encryption. In addition to that the client supports the full array of features made available in 3.0

If the client is VNC, there is no encryption, and limited support for the new features. VNC support has been added for those customers that have non-windows operating systems and need some way to connect. If you do not add a VNC account, the VNC authentication system becomes inactive.

Here is what the form looks like for adding, or updating these user accounts:

Each user has their own settings:

So for example, you could give windows administrators full access, but standard users 'view only' access.

IP Address Filtering

Out of the box it will allow any IP to connect. Using filtering you could restrict it to a range of IP addresses, or block specific IPs that you have had problems with:

Multiple Interfaces Supported

Most of the time you will only need to listen on all interfaces on the same port. If you have custom needs it is possible to listen on more than one port, and on a specific interface:

Status Window

This has been requested many times over. Some customers have wanted a constant notification while the administrator is connected. When the status window is turned on it is displayed in the top right of the screen. If the mouse moves near it then switches to the left side of the screen. No matter what screen or window the user is on - it will always be displayed. This means even if the workstation is locked, or the user has not even logged in yet...it will be shown (While the administrator is connected)

Here is what it looks like:

Connection Activity

When administrators are connected, it is easy to see who is connected and from what IP address:

That is all I have for now. If you would like to join the beta program (Again...it may be 2 months before you see anything). Please send an email to beta@intelliadmin.com with Remote Control LAN as the subject, and you will be added to the beta list.

Try out the IE 8 Beta

2008-03-14T10:07:00.002-04:00

It seems like it was just yesterday that IE 7 was released. Well, the IE 8 beta is now available to the public, and anyone can download and try it out.

I had a chance to download and give it a try. It does have some ground breaking features. I am not sure if they will take hold or not.

One example is the activity providers. You can right click anywhere within a web page and launch an activity provider:

So for example, I visited our website, right clicked and went to translate. I was brought directly to a translation:

Another interesting feature is in the address bar. It highlights the domain name, so you can clearly see the exact URL you are visiting:

This is the first browser Microsoft has released that is standards compliant. This comes at a cost, since not all websites are. For example, when I went to blogger.com some of the buttons were not aligned, and the subject edit box was missing:

This can be easily fixed by switching to IE 7 Compatibility mode:

It is an interesting release. I suggest checking it out.

Forward email in Exchange

2008-02-27T10:21:00.002-05:00

From time to time you will find that there are employees that receive time sensitive emails. This means if they are gone for a few days, and no one is around to answer...customers start to get testy.

I know the easy answer to this problem is to setup a distribution group. Have this group send to everyone in that department. This is not a convenient, or good answer in all cases. It may be only temporary, and you don't want a whole group of people seeing confidential email.

The other way (And this is what I am going to show you today) is to temporarily forward all inbound mail to another user.

To do this you will need to be on the Exchange server. Open the user's properties under Active Directory Users and Computers.

Click on the "Exchange General" tab.

Now that you are on that page, click on delivery options

Now, the options are shown. You can change the email to forward (1), and select the user you want to receive the email from active directory.

Second, you can also allow the user receive the email in addition to the user receiving the forwarded email. This can be accomplished by checking the "Deliver messages to both..." (2).

Click OK, and email is immediately forwarding to the new user.

Thats all there is to it.

When the user returns, you can simply switch it back to "None", and the email is no longer forwarded.

Keep track of your email in Exchange

2008-02-19T00:32:00.003-05:00

I got a chance to try out GFI Mail archiver this week.

The name does not do it justice. At first glance you would think it is a tool for backing up your email, but it does much more. A quick rundown of its features:

1. Keep a copy of every email on your Microsoft Exchange server

Every email can be grabbed by the archiver. Even if it has been deleted right away by that user. I can't tell you how many times I have been asked by customers for a way to do this.

2. Easily search through email

Need to see if anyone within the organization received an email from a specific person? It can do it. The interface is web-based, and you can search across thousands of emails in less than a few seconds:

3. Give users granular access to other users folders

You can give a manager access to email of the employees they manage, but not the president of the company.

4. Take the load of email off your exchange server and move it into GFI Mail archiver.

You can setup each user to have access to their own archive. That way they can delete old emails, but still access them from mail archiver.

With the amount of email users receive these days it is easy to exceed the maximum message store size of exchange - this can help keep those mailbox sizes lower.

If you are looking for a way to keep track of email within your organization - Give it a spin and try it out.

Vista SP1 now available on Technet

2008-02-14T19:05:00.003-05:00

Earlier I had written that Vista SP1 was available on MSDN and Technet - I was wrong. I assumed this because Microsoft had released it to manufacturing. In the past this always meant that it was on MSDN right away.

I didn't notice this because the MSDN site was getting slammed by people downloading Windows Server 2008. Once the dust settled I started looking for the RTM Vista SP1 download. I couldn't find it.

After searching around the internet I discovered that for various reasons MS was not releasing it to subscribers until the rest of the public was getting it. As you can imagine this caused a huge blow up among the paying subscribers to MSDN and Technet.

Finally, Microsoft has caved and they are now allowing Technet subscribers to download it:

I will be testing it as soon as my download completes. Still the question remains - why not on MSDN? Don't developers need to see this release early too?

Australia 2008 DST Updates

2008-02-11T11:12:00.000-05:00

Looks like Australia has some new DST updates coming up. We have updated our Network Administrator, and free Daylight Saving Patch to include the changes.

You can get them both from our download section

Cannot deserialize the Web Part - The fix

2008-02-06T09:45:00.000-05:00

I started getting that message when I moved our internal SharePoint server from a physical machine to our VMWare server.

We have made lots of customizations to Sharepoint - so when ever we touch the thing it creates headaches. We were getting this message for *all* web parts, so I knew it couldn't be a specific issue with just one of them.

After searching around for a while I found a very easy fix:

http://support.microsoft.com/kb/826786

Essentially you need to give the local group named STS_WPG permission to write the the C:\Windows\Temp folder.

After I did that, I refreshed the Sharepoint website and it was working fine again.

How did it lose this permission? Well after we moved the Sharepoint server we had to run windows repair (VMWare had a different set of hardware). This resets the permission on this temp folder.

Windows 2008 and Vista SP1 Released to Manufacturing

2008-02-05T09:48:00.000-05:00

Well the day has finally come - Windows 2008, and Vista SP1 have been released to manufacturing. If you are a MSDN subscriber you can download both of them - if you can get in.

Right now it looks like the MSDN servers are being crushed by the number of people trying to download:

For Windows 2008 the highlights are:

-Significantly improved performance of IIS

-Built-in virtualization (Hypervisor)

-Faster file sharing (There have been many good benchmarks on this one)

-Introduction of the Core edition (A stripped down command line only version)

More information about the Windows 2008

For Vista SP1:

- 50% improvement of network file copies. (Sure hope this is true)

- Resuming from sleep mode significantly improved

- Many common causes of crashes addressed, and fixed

- Faster RDP sessions.

Some more detailed information from Microsoft:

Notable Changes in Vista SP1

Overview of Vista SP1

Upgrade paths available for Windows Server 2008

2008-02-04T07:27:00.000-05:00

Microsoft has announced the upgrade paths available for Windows Server 2008:

If you are currently running:	You can upgrade to:
Windows Server 2003 Standard Edition (R2, Service Pack 1 or Service Pack 2)	Full Installation of Windows Server 2008 Standard Edition Full Installation of Windows Server 2008 Enterprise Edition
Windows Server 2003 Enterprise Edition (R2, Service Pack 1 or Service Pack 2)	Full Installation of Windows Server 2008 Enterprise Edition
Windows Server 2003 Datacenter Edition (R2, Service Pack 1 or Service Pack 2)	Full Installation of Windows Server 2008 Datacenter Edition

A few important points:

1. Except for Windows Server 2008 for Itanium, the above applies for both x86 and x64 versions. Cross-platform upgrades are not supported (Ex: x64 to x86 or x86 to x64)

2. There is no upgrade path for Windows Server 2008 Server core edition (Since this is a new product line)

Microsoft has lost it

2008-02-01T14:21:00.001-05:00

Well we hear in the news today that Microsoft is trying to buy yahoo. This would be for a cool $44.6 Billion. 62% more than the current stock price.

Obviously this is Microsoft's desperate bid to out maneuver Google. I don't think Google has anything to worry about.

Lets look at the latest marketing campaign for Windows 2008. It is called Heroes Happen Here (HHH?).

They have released a comic strip to go along with it. Here is one of the latest comics:

HUH? What it is this? They must have a giant vat of cool aid laced with happy juice over in Redmond. How could they possibly think that this will help promote Windows 2008?

I don't even 'get' the cartoon. Call me stupid.

So back to Yahoo. What could MS possibly add to Yahoo? Zip. They will systematically make it disappear. In 3 years it will look like live.com

Google will still be #1. All the while Apple will still be eating away at their declining desktop market share.

Meanwhile we need to run our businesses on the software that they build. It gives me the shakes just thinking about it.

Free PDF writer for Office 2007

2008-01-31T09:34:00.001-05:00

I have been using Office 2007 for some time now, and I just ran across a free download from MS:

2007 Microsoft Office Add-in: Microsoft Save as PDF or XPS

I like to save many of my documents as PDF, since they readable/printable across many platforms. I have been using FinePrint's PDF Factory - but I don't have a license for every system I use.

It turns out to be a great alternative. Simply download the plugin, and within any Office 2007 application you will see a new "Save As.." option:

I have tried it out on a few documents and it works great.

If you are looking for a quick and easy way to save to PDF in Office 2007 I highly recommend it.

Microsoft to force install of IE 7

2008-01-29T00:15:00.000-05:00

A while back we released a IE 7 blocking tool. It uses a registry key that Automatic update checks. If it is present, IE 7 will not automatically install.

Starting February 12th, IE 7 will begin showing up on Automatic updates, and ignore the special registry key. It will be up to the user to continually reject the install.

It is unfortunate that Microsoft has not decided to extend this date. I know quite a few companies with third party apps - that simply will not work with IE 7.

Beyond the compatibility issue, I personally dislike IE 7 in its present form. It is a slow and clunky interface. Every time I come across a machine that has it - I find myself downloading Firefox.

I will be sad to see IE 6 to go. Even with all of its quirks, it was still far better than IE 7.

The same could be said about Vista and XP :)

At the end of February we will be deleting the IE 7 blocking tool from our website, and removing it from Network Administrator.

New version of IE 7 Tweak Utility Released

2008-01-18T11:02:00.001-05:00

I received an email earlier this week from a reader (Brian):

The Hide/Show Menu main menu doesn’t seem to work with this utility. I can easily hide it via other means, but your utility doesn’t seem to do it. All other changes apply, but not that one.

He did quite a bit of research for us, and determined how our utility was writing to the registry. Thanks to Brian's diagnostic help we have determined that IE 7 no longer looks to the HKEY_LOCAL_MACHINE key for the changes described in my previous article on the subject.

Normally with preferences like this, a Microsoft application will search HKEY_CURRENT_USER, then check HKEY_LOCAL_MACHINE. So if you want to make the setting system wide, you simply write to HKEY_LOCAL_MACHINE. If you want it for just the current user then you write to HKEY_CURRENT_USER.

The more I think about it, we should have been writing the updates to HKEY_CURRENT_USER anyhow. This allows you to customize the setting for each individual user on the system without impacting others.

We have updated it to write to HKEY_CURRENT_USER. To get it, simply browse over to our downloads page.

As always - no spyware, adware included - only freeware goodness.

Microsoft Releases New Remote Desktop Client

2008-01-15T09:23:00.000-05:00

Back in November Microsoft quietly added KB925876 to their list of "Optional Software Updates". I was foolish enough to simply select all, and install the latest version of Remote Desktop without even realizing it.

A few things annoy me about this release. First of all I wasted a considerable amount of time trying to figure out why the /console command line argument no longer works.

If you troll the MS blogs you will come across this post Look at the section "Why the /console switch is no longer needed". Read it and come back to my post. What the hell do I care if applications use session zero or not? This is an implementation detail for programmers - not administrators.

In fact their reasoning is silly. Most administrators use the /console argument so they can:

1. Keep reusing sessions without getting this message:

2. Connect to the console so they can see the same screen that you would see if you were sitting in front of the machine.

I have yet to run into administrator that says "Gee I need to connect to the console so this application runs correctly in session zero"

If you read further you will find that you can now use the /admin argument to have the same behavior as #1, but I have not tested yet to see if it allows me to connect to the same desktop that you would have sitting at the machine.

The least they could have done was popup with a warning or an error saying that the /console argument was no longer supported.

The next issue is a nit-pick. Maybe I was so annoyed by the /console problem that this change pissed me off more than it should have.

The location of the Remote Desktop Icon has been moved. It was under Start->Programs->Accessories->Communications...now it is right under the Accessories folder of the start menu:

This sounds like a silly thing to get upset about...but it can cause lots of frustration when trying to walk (less knowledgeable) users over the phone to connect to their desktop at work. "What do you mean there is no Remote Desktop icon under communications?..." You get the picture.

On the flip side, the new client does support new features only available in Windows Server 2008:

· Network Level Authentication
· Server Authentication
· Plug and Play redirection
· TS Gateway support
· Monitor Spanning
· 32-bit color and font smoothing

If you want to try the new release out for yourself you can run automatic updates, and find it in the optional software items...or go to Knowledge Base Article KB925876

Prevent XP SP3, 2003 SP2, and Vista SP1 from installing

2008-01-10T08:16:00.000-05:00

Neither of them have been released yet (Except 2003 SP2), but now is the time to start thinking about blocking the automatic install of these service packs. This will allow you to set your own timetable for deployment.

You have 4 options for preventing the automatic install of these service packs:

1. Download our Network Administrator to deploy the change across your network.

or

2. Download and use the free GUI tool we have to make the change on a single system

or

3. Download and use the free command line tools from MS

or

4. Update the registry manually. To do this you simply need to go to this key:

HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate

Create a new DWORD value named DoNotAllowSP and set it to 1 (To disable the SP install), or 0 (To allow the SP install)

Still no word as to the exact date these service packs will be released, but you can block them now and install when you have fully tested them within your environment.

One other final note - all of these blocking options are only valid for 12 months following the release of the service pack. After that, Windows will ignore the registry change and install.

Serious security flaw found in Windows

2008-01-09T08:24:00.000-05:00

Microsoft announced on Tuesday a serious security flaw that needs to be patched immediately. It affects Windows 2000, XP, and 2003.

Here is the executive summary of the fix:

This critical security update resolves two privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

A more detailed explanation is that a hacker could create a specially crafted ICMP packet, send it to your machine over the internet and cause it to stop responding until you reboot.

In an even more scary scenario a hacker could create a specially crafted IGMP packet and take complete control of your computer!

There are a few ways to prevent this from affecting computers on your network.

1. Have your firewall block multicast traffic (IGMPv3 and MLDv2 specifically), and block ICMP traffic

2. Disable IGMP, and ICMP in the registry:

(IGMP)
-Click Start, click Run, type regedit and then click OK.
-Expand HKEY_LOCAL_MACHINE.
-Expand SYSTEM, expand CurrentControlSet, and then expand Services.
-Expand TCPIP, expand Parameters, and then expand IGMPLevel.
-Change the DWORD value to 0.

(ICMP)
-Click Start, click Run, type regedit and then click OK.
-Expand HKEY_LOCAL_MACHINE.
-Expand SYSTEM, expand CurrentControlSet, and then expand Services.
-Expand TCPIP, expand Parameters, and then expand Interfaces.
-Select interface_name and set the PerformRouterDiscovery value to 0.

3. (Best Option) Install the patches that fix the issue from Windows Update.

This is a serious flaw. I would update your Internet facing machines as soon as possible.

Office SP3 blocks older file types - The Fix

2008-01-06T22:35:00.000-05:00

Update 1/7/2007 - Earlier I incorrectly gave the registry links for *enabling* the file block - doh! - The links are now correct, and I have included the link to re-enable the opening of Corel Draw files also (Thanks Bob B.!)

After getting back from the holidays I started setting up my Windows XP virtual machine for development and testing. Part of this was to install the latest patches for Office 2003.

After installing Service Pack 3 I could no longer open some old DBF files in Excel.

Did some searching on Google, and I discovered that Microsoft has done this for security reasons. Knowlege base article 938810 explains it all. The exact reason for disabling them is because:

"By default, these file types are blocked because the parsing code that Office 2003 uses to open and save the file types is less secure. Therefore, opening and saving these file types may pose a risk to you."

These are the file extensions that are disabled:

.cdr, .wk1, .wk4, .wj3, .wk1, .wks, .wk3, .wk3, .wj2, .wq1, .fm3, .wj1, .xlc, .dbf, .ppt, .pot, .pps, .ppa

Fortunately, If you decide that you can take the security risk in your own hands and want to still be able to open these files - you can.

Here are reg files that Microsoft is distributing to un-do the changes.

Download the Word Update

Download the Excel Update

Download the Power Point Update

Download the Update to allow opening Corel Draw files

To run them, simply open and allow the import into Regedit

Windows Vista SP1 (RC) available to general public

2007-12-13T00:31:00.000-05:00

This is just a quick note. Microsoft has just announced that the Release Candidate for Vista SP1 has been released to the general public.

Download and install from here

Get a free copy of Vista / Office 2007

2007-12-12T21:40:00.000-05:00

I lied. I read in a press release that they were doing this. I went and filled out the 15 minute form to find out the only free software I get is the spyware that collects information about my computer usage.

Originally you could apply to the Windows Feedback program, and then for the trouble of letting them watch everything you do - you could get a free copy of Vista, and/or Office 2007.

After filling out their huge survey and giving away my first born I couldn't find anywhere on the feedback site where I could download the software. I started googling. It looks like starting today (My luck eh?) they quietly discontinued the program.

The funny part is they left the website open. That way suckers like me could fill out all the info, and only after the fact find out there is nothing on the other side.

Not that I need it - since our MSDN subscription gives me all the Vista, and Office I need. I just wanted to see what this free offer looked like.

Now I know ;)