Contents:

March 10, 2005

Quick login script

Previously, I used batch files for login scripts, but this time around I decided to give VB script a whirl. Here is a small script that accomplishes some very important things:

' Create printers, set default printer, and map home Directory. ' Dim net Set net = CreateObject("WScript.Network") net.MapNetworkDrive "N:", "\\servername\homedir\" & net.UserName & "\My Documents" net.AddWindowsPrinterConnection "\\servername\Black & White" net.AddWindowsPrinterConnection "\\servername\Copier" net.AddWindowsPrinterConnection "\\servername\Color Printer" net.SetDefaultPrinter "\\servername\Black & White"

The script adds the three lab printers being shared by the print server, sets the default, and also maps the user's home directory. This is the equivalent of:

NET USE N: \\servername\homedir\%USERNAME%\My Documents

Posted by djc6 at 11:10 AM | Comments (5) | TrackBack (0)

March 12, 2005

Printing posters & large format scanning

I continue to discover useful services on campus available to everyone, even after being here 7+ years. I recently found out that Student Activities & Leadership has the ability to print 36"x48" monochrome posters for $8 each, significantly cheaper than the $78.00 quote I received from printing services. They are located in Thwing across from Wackadoo's Grub & Brew.

A month ago someone came into the lab looking to scan an 11x17 size sheet of paper. The only device I have that can scan something this large is the copier, but it can only scan black & white (not even greyscale). Turns out there is a Digital Scanning Lab @ KSL which is open to everyone and has large format scanners available.

Posted by djc6 at 05:26 PM | Comments (0) | TrackBack (0)

March 13, 2005

Troubleshooting profile unload issues

I encountered a problem with roaming profiles that was preventing cached copies of profiles from being automatically deleted. The following error was in the event log:

Event Source: Userenv
Event Category: None
Event ID: 1517
Description:
Windows saved user ComputerName\UserName registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

The solution was in this knowledge base article KB837115: Troubleshooting profile unload issues. Microsoft provides a service you can install called UPHClean that monitors the computer while Windows is unloading user profiles and forces resources that are open to close.

Posted by djc6 at 02:26 PM | Comments (1) | TrackBack (0)

Sysprep w/ XP SP2 & Default User profile

If you are using Sysprep to prepare computer images for Ghosting, and you are using XP SP2, and you have configured a Default User profile, then you need to call microsoft tech support and get the hotfix listed in this article:

KB887816: Changes in behavior of the SysPrep and RIPREP tools after you install Windows XP Service Pack 2

The problem is that sysprep overwrites the custom Default User profile you've painstakingly created with the Administrator profile.

The latest version of sysprep is included in the Windows XP Service Pack 2 Deployment Tools - it seems to be newer than the copy in the DEPLOY.CAB file on the XP CD.

Posted by djc6 at 02:36 PM | Comments (10) | TrackBack (0)

March 16, 2005

Default Printer Preferences for All Users

In the Nord Lab I have a Minolta Di251f copier/fax/scanner/printer indentical to those all over campus. Like many departments, the console is setup so you need to pick your name from a list and enter in your password, in an attempt to track printing. It is also neccessary to enter these codes into a user's printer preferences, otherwise the print jobs are discarded. Using registry auditing I was able to identify this registry key changing every time I configured the copier access code & password:

HKEY_CURRENT_USER\Printers\Connections\,,server,printername

Every printer apparently has a key like this, and within it is a binary value called 'DevMode'. I then exported this key, resulting in a 26KB file. Next, I did a "regedit /s copier-code.reg" on another machine, and the copier code/password (along with other printer preferences) were automatically set! Once I solved this mystery, I set the login script to run regedit and merge this key upon user login.

There is a knowledge base article entitled KB305402: HOW TO: Change Printing Preferences on Print Server for All Connected Users but it didn't seem to work for the particular printer settings I was interested in.

Posted by djc6 at 12:13 AM | Comments (1) | TrackBack (0)

March 31, 2005

Slipstreaming / Free tool for making ISOs of bootable CDs

I've been looking forever for a free utility for windows that can easily make ISOs of bootable CDs..

LC ISO Creator works like a champ on my new slipstreamed Windows Server 2003 w/SP1 CD.

This site has instructions on how to make a slipstreamed CD using EZ-CD Creator 5.x that comes with all of the dells on campus. The only difference between the XP SP2 instructions and Server 2003 SP1 is to change the volume name on the CD you are making.

Posted by djc6 at 04:14 PM | Comments (0) | TrackBack (0)

June 08, 2005

Troubleshooting Account Lockout Problems

Microsoft offers tools to help diagnose Account Lockout problems. Most useful is the the "ALockout.dll Tool" which is a logging tool that may help you determine the program or process that is sending the incorrect credentials in an account lockout scenario. Here are some links:

Download: Account Lockout and Management Tools

Technet: Documentation for Account Lockout and Management Tools

WindowsSecurity.com article on using the Account Lockout Tools

Posted by djc6 at 10:40 PM | Comments (2) | TrackBack (0)

August 28, 2005

Automated BartPE Ghost CD Installer

Recently Grayden MacLennan wrote to the Sysadmins Mailing List about using BartPE along with Ghost 8.x as a workaround for the Netgear GA621 DOS drivers not working in some buildings. BartPE will create a bootable windows CD, and from there we can run the slightly more reliable windows GA621 drivers and the windows Ghost32 client. The following is a list of instructions to recreate his work.

  • Install the latest version of PE builder and have a Windows XP CD handy.
  • Then copy the following files from C:\Programs Files\Symantec\Ghost into the C:\pebuilder313\plugin\ghost8\files directory:

    ghost32.exe, ghostexp.exe, ghostsrv.exe, ghostcdr.dll

  • Enable the Ghost Plugin (Change to 'Yes' on the plug-in list)
  • (Optional) Enable Boot Fix ("Press any key to boot from CD") Plug-in
  • Create a folder C:\pebuilder313\drivers\Net\GA621 and copy the Netgear GA621 Windows XP Driver files (DP83820.sys and NET83820.INI) into there.
If you stop here, you'll be able to burn a BartPE disc with Ghost and the drivers for the Netgear GA621. I recommened you make at least one CD like this so you can can experiment with everything else BartPE has to offer, and also for use pulling a ghost image from a source machine. To create a fully automatic bootable client CD suitable for pushing an image out , perform this last step:

  • Replace the C:\pebuilder313\plugin\penetcfg\penetcfg.ini file with these contents:

[General]
AutoStartNet=Yes
PromptForProfile=No
ShowGUI=No

[NetAdapter1]
EnableDHCP=Yes
UseStaticGateway=No
UseStaticDNS=No
UseStaticWINS=No
IPAddress=
SubnetMask=
DefaultGateway=
DNSServer=

[PostNetAutoRun]
; StarupFlag = CommandLine

; StartupFlag is a bit field that can take the following values:
; 0 = run hidden and wait (00 00 00 00)
; 1 = run normal and wait (00 00 00 01)
; 2 = run hidden and don't wait (00 00 00 10)
; 3 = run normal and don't wait (00 00 00 11)

1 = %SystemDrive%\programs\ghost8\ghost32 -ja=GHOSTSESSIONNAME -sure -rb

The above configuration will automatically install the GA621 Network Adapter, configure it with DHCP, and then start Ghost after the network is setup. Replace "GHOSTSESSIONNAME" with the typical name of your multicast sessions. The switch "-sure" automatically answers the "Proceed with disk load?" prompt. The "-rb" switch reboots the machine automatically when it is done ghosting.

You can customize this however you wish; See http://service1.symantec.com/SUPPORT/ghost.nsf/pfdocs/1998082612540625 for an alphabetical list of all the command line switches for ghost.

Posted by djc6 at 05:19 PM | Comments (7) | TrackBack (0)

September 22, 2005

Imaging machines using different HALs w/sysprep

One of the biggest problems with ghosting dissimilar machines is when they require different Hardware Abstraction Layers (HALs). For instance, an older Pentium 4 machine will use the Uniprocessor HAL, while a newer Pentium 4 machine likely has a hyperthreading processor or even a Pentium D Dual-Core Processor, both of which qualify for the Multiprocessor HAL.

Switching between Uniprocessor/Multiprocessor HALs is only possible if BOTH machines will be using the ACPI version of the HAL, OR if they are BOTH using the non-ACPI version of the HAL. In my case, the hardware is new enough that everything will be using the ACPI HALs. If you have an older machine (P2-400 vintage) I found it possible to enable ACPI in the bios by downloading the latest BIOS updates from Dell. I actually haven't come across anything that hasn't been ACPI compliant. The method I chose was to install the base image on a machine using the Multiprocessor HAL, and then downgrading it to the Uniprocessor HAL if necessary.

To accomplish this, add the following entry to your sysprep.inf file:

[Unattended]
UpdateUPHAL = "ACPIAPIC_UP,%WINDIR%\Inf\Hal.inf"

Essentially, this line sets the Uniprocessor HAL to be "ACPIAPIC_UP" *IF* the need for a Uniprocessor HAL is detected. If your computers are both NOT using ACPI, change the above "ACPIAPIC_UP" reference to be "MPS_UP". If the image is being put on a machine that can make use of a Multiprocessor HAL, the HAL won't be changed - it will stay Multiprocessor (since my base machine used the Multiprocessor HAL).

If you are going the other way, from Uniprocessor HAL base machine to Multiprocessor HAL clone, then use this line:

[Unattended]
UpdateHAL = "ACPIAPIC_MP,%WINDIR%\Inf\Hal.inf"

Notice that the command is now UpdateHAL (lacking the UP for Uniprocessor) and that the HAL selected ends in MP now (Multiprocessor). The problem with going Uniprocessor->Multiprocessor, is that the Multiprocessor HAL will *ALWAYS* be used, regardless of whether the Uniprocessor one is appropriate. Microsoft says there is a serious performance hit for using the Multiprocessor HAL on a machine that should use the Uniprocessor HAL - this is why I decided to start out with the Multiprocessor HAL base machine. For some reason when going the other way the proper HAL gets selected.

For more information read the "deploy.chm" file that comes with sysprep XP SP2.

Posted by djc6 at 12:46 AM | Comments (17) | TrackBack (0)

September 16, 2006

Installing Arcobat automatically on multiple machines

There has been a steady rise in requests to have the latest version of acrobat installed by many of the staff members whose computers I maintain. Partly, its simply to satisfy their urge to have the latest and greatest - but increasingly, they are receiving documents that only work with the latest version. I decided to take this opportunity to try Publishing applications via group policy. Here are the steps!!

  1. Download Adobe Acrobat 7 Professional from the Software Center. Run the installer, but DON'T EXIT. Instead, go to the directory "C:\Program Files\Common Files\Software Center\Acrobat 7\acrobat7_src" and copy the installation source to another directory - for this example, we use "D:\acrobat7_src".
  2. Next, create an administrative install point by running "D:\acrobat7_src\setup /a" - give the installer a directory to put the files for the install point - I used "D:\acrobat".
  3. We now need to download a series of updates from Adobe's site to bring the patch level of Acrobat up to 7.0.8 - this way you will be distributing Acrobat 7 along with the very latest updates - automatically. Unfortunately there is no cumulative update, so you need to download and apply three patches. Also, these files are self-extracting ZIP files; you'll need Winzip or something similar to extract the files contained in them - XP's built-in zip file facilities won't cut it. Go download these files:

  4. Now that the updates are expanded, run the following commands to apply the patches to the administrative install point we created earlier in "D:\acrobat":

    • msiexec /p d:\acrobat705update\Ac705PrP_efgj.msp /a d:\acrobat\AcroPro.msi /qb!
    • msiexec /p d:\acrobat707update\Acro707.msp /a d:\acrobat\AcroPro.msi /qb!
    • msiexec /p d:\acrobat708update\Acro708.msp /a d:\acrobat\AcroPro.msi /qb!

  5. Next, you'll need to download the InstallShield Tuner 7.0 for Adobe Acrobat - this application allows you configure many default settings - like the serial number - to make the install non-interactive
  6. Open the Installsheild Tuner. A dialog box will pop up automatically - open the transforms file "D:\acrobat7_src\AcroPro.itw". Next click on "Create a new transform" in the left hand side of the screen. Where it says Select an MSI file, enter the path " D:\acrobat\AcroPro.msi" and click the Create Button.
  7. Now comes the part where you can configure a multitude of default settings for your install. Here is a rundown of the important ones:

    • Under Installation Options, enter the serial number and your name. The serial number is given when you run the installer from the Software Center.
    • Under Shortcuts, click remove desktop icon (this is a personal preference).
    • Under Application Configuration, select Prefences. Then go to the "EULA and Online Features" tab. You need to need to agree to the EULA to make the install non-interactive. I also disabled "All Updates" since my users don't have the administrative privledges to install them. For the Nord Lab, I also disabled "Display PDF in browser". This has proven VERY helpful for people using Blackboard - the PDFs now open in a seperate window, so they don't accidentally use IE's print function instead of Acrobat' (which results in a blank printout).
    • Go through the rest of the preferences and see if there is anything else you'd like to customize.

  8. Once you're done with your customizations, save the new MST file! It will be written in "D:\acrobat\AcroPro1.mst".
  9. Now copy D:\acrobat to a share on a file server - this will be the install point your clients will look to. Test the install by running AcroPro.msi /passive transforms="AcroPro.mst" - it should install Acrobat 7 with all of the updates & customizations - and it should be completely non-interactive. The only thing you should see is a progress bar - it ought not prompt you for any questions. If it does, go back to the Installsheild Tuner and see what you missed.
  10. At this point we're done making the Acrobat 7 package. Now you need to make a group policy entry to publish the application. Open up the GPMC. Create a new Group Policy object and go to "Computer Configuration -> Software Settings -> Software Installation". Once there, right click on the right hand pane of the GPMC and select New. From there, go to package and select the path to the Acrobat MSI file shared on your file server. Thats it!
  11. Link the GPO to the appropriate OUs you wish the publish Acrobat to. Next time your users restart their computer, they'll see an "Installing Adobe Acrobat 7.0 Professional" message for about 5-10 minutes prior to the login dialog box appearing. No more having to install Acrobat by hand!!

Posted by djc6 at 11:42 PM | Comments (1) | TrackBack (0)

August 24, 2008

Enabling MathType macros by default in Office 2007

One of the biggest complaints in the lab is that when a user starts Office for the first time, they are greeted with a security warning asking them to enable/disable the macros for MathType. People always click disable macros because it is the default option, or don't know/care what MathType is, but selecting Disable Macros has other effects on Office, such as disabling printing.

I set out to find a way of trusting this publisher by default, so the MathType macros work by default, and people aren't prompted to enable them. The process involves extracting the Office 2007 install media from the Software Center package, running the Office 2007 Customization Tool, and adding the certificate of the publisher (Digital Science Inc.) to the list of trusted publishers.

First we extract the digital certificate used to sign MathType:

  • Go to C:\Program Files\MathType, right click on MathType.exe , select 'Properties' and click on Digital Signatures Tab
  • Select 'Digital Science Inc.' from the Signature List and click Details
  • Click View Certificate
  • Click Details tab
  • Click "Copy to file..."
  • Save the certificate to a file as a DER encoded binary (I called mine mathtype.cer)

Next, we extract the Office 2007 media from the Software Center package and run the Office 2007 Customization Tool:

  • Run the Office 2007 package from the Software Ceneter
  • Copy the folder C:\Documents and Settings\USERNAME\Local Settings\Temp\~vis0000\CD to another location C:\stuff\office2007
  • Exit out of the Software Center office installation.
  • Start the Office 2007 Customization Tool by running C:\stuff\office2007\setup.exe /admin
  • Select Open an existing setup customization file and open the file C:\stuff\office 2007\Updates\case_full.MSP - you MUST do this since product key is saved in there!
  • Click 'Office Security Settings'
  • Click the 'Add' button next to 'Add the following digital certificates to the Trusted Publishers list:" and add the digital certificate (mathtype.cer) made earlier.
  • Now go File -> Save As in the Office Customization Tool and save the new MSP file.
Now you can either deploy the .MSP by publishing it as a software package in Active Directory, or you can double click on it to change the configuration of the current computer.

You can also replace the case_full.MSP file in the Updates folder so these configuration changes affect future installs of Office 2007.

You can use this method to make other changes to the Office 2007 configuration that you can't do via the Office 2007 Administrative Template files. For more information on deployment visit Change users' configurations after installing the 2007 Office system

Posted by djc6 at 07:19 PM | Comments (0) | TrackBack (0)