Most Internet connectivity problems arise out of corrupt Winsock settings.

To reset, at the command prompt (Start > Run, type cmd, click ok)
type: netsh winsock reset

This command resets the Winsock catalog to the default configuration. This can be useful if a malformed LSP is installed that results in loss of network connectivity. While use of this command can restore network connectivity, it should be used with care because any previously-installed LSPs will need to be re-installed.

To show a list of Winsock LSP’s:

netsh winsock show catalog

Note that resetting the Winsock using netsh winsock reset catalog command in SP2 removes all the third-party LSPs and restores Winsock to factory default setting. Existing programs that uses their own LSPs, need to be reinstalled again. IE. Google Desktop Search.

More From pstilgoe

• How to add Blackberry support for MOSS 2007 & Infopath Forms
• How to Prevent users from changing views in Sharepoint
• How to delete the Shared Service Provider in MOSS 2007

Ask pstilgoe To Recommend Your Posts

Active Directory users can receive email but not send through their Blackberry device

Granting the Full Mailbox Access permission implicitly granted permission to send as the mailbox owner. This meant that another account that has the Full Mailbox Access permission could send e-mail messages that appeared as if they were sent by the mailbox owner.

Many Microsoft Exchange customers have requested that Send As permission be separated from the Full Mailbox Access permission for the following two reasons:

• To deter e-mail spoofing.
• To make sure that e-mail messages that are sent by a delegate can always be clearly distinguished from e-mail messages that are sent by the actual mailbox owner.

All new versions of the Exchange Information Store will now explicitly require the Send As permission in order to send e-mail messages as the mailbox owner.

To override this to allow the user to send email from the Blackberry device follow the steps below:

Task 1:

Make sure that the BlackBerry Enterprise Server is running as a separate, unique account
Make sure that the BlackBerry Enterprise Server is running as a separate account that is specifically created for administrative tasks. By default, this account is called “BESAdmin.”

If you have a separate account for administering the BlackBerry Enterprise Server, go to task 2.

If you do not have a separate account, create a separate account. Then, use this account to perform administrative tasks. For instructions about how to do this, visit one of the following BlackBerry Web sites, as appropriate for the version of BlackBerry Enterprise Server that you are running.

If you are running BlackBerry Enterprise Server 4.0 or BlackBerry Enterprise Server 4.1, visit the following BlackBerry Web site:
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=9174704&sliceId=&dialogID=11024244&stateId=1 0 11020632 (http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=9174704&sliceId=&dialogID=11024244&stateId=1 0 11020632)

If you are running BlackBerry Enterprise Server 3.6, visit the following BlackBerry Web site:
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB04334&sliceId=SAL_Public&dialogID=11016727&stateId=1 0 11020358 (http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB04334&sliceId=SAL_Public&dialogID=11016727&stateId=1 0 11020358)

Task 2:

Make sure that the BlackBerry Enterprise Server service account has the correct permissions
Verify that the BlackBerry Enterprise Server service account has the correct permissions.

Note If the account is within a domain, make sure that the account is a member of only the Domain Users group. On a domain controller, the account should be member of the Built-in Administrators group. 1. On the BlackBerry Enterprise Server, follow these steps: a. Make sure that the account is a member of the Local Administrators Group.
b. Assign “Log on Locally” and “Log on as a Service” permissions to the account.

2. Grant Exchange View-Only Administrator permissions at the administrative group level. To do this, follow these steps:

a. In Exchange System Manager, right-click the first Exchange Server administrative group name, and then click Delegate Control.
b. Notice that the BlackBerry Enterprise Server service account is listed as having the role of Exchange View-Only Administrator.

3. Grant “Send As,” “Receive As,” and “Administer Information Store” permissions at the server level for each Exchange Server server. To do this, follow these steps:

a. In Exchange System Manager, right-click the first Exchange Server administrative group name, and then expand the Servers group.
b. Right-click an Exchange Server server, click Properties, and then click Security.
c. In the top pane, select the BlackBerry Enterprise Server service account. In the bottom pane, make sure that the “Send As,” “Receive As,” and “Administer Information Store” permissions are set to Allow.
d. Repeat steps 3b and 3c for each Exchange Server server.

4. Grant “Send As,” “Receive As,” and “Administer Information Store” permissions to the mailbox store. To do this, follow these steps:

a. In Exchange System Manager, right-click the first Exchange administrative group name, and then expand the Servers group.
b. Expand the first mailbox store group, right-click each mailbox store, click Properties, and then click Security.
c. In the top pane, select the BlackBerry Enterprise Server service account. In the bottom pane, make sure that the “Send As,” “Receive As,” and “Administer Information Store” permissions are set to Allow.
d. Repeat steps 4b and 4c for each mailbox store on each Exchange Server server.

5. In the Active Directory Users and Computers snap-in, follow these steps: a. Right-click the user for which you want to add permissions, and then click Properties.
b. On the Security tab, add the BlackBerry Enterprise Server service account, and then click to select the Send As check box.

If you are not running Exchange Server 2003, see task 3.

Task 3:

Clear the cache on the BlackBerry Enterprise Server

To clear the permissions cache in the Information Store, restart the Blackberry-related services and restart the Microsoft Exchange Information store. After you restart the Information Store, you must restart the RIM Blackberry-related services to give the “BESAdmin” account the newly-added Send As permission on the Exchange Information Store.

If you are an administrator in the domain (ie. a MS protected account) you need to also do the following:

(Note: Microsoft do not recommend doing the following but their best practise isn’t very usable for many blackberry / exchange users who are also admins for their Active Directory.)

Run the following command on a DC:

dsacls “cn=AdminSDHolder,cn=System,dc=domain,dc=com” /G “domain.com\BESAdmin:CA;Send As”

Replacing Domain with YOUR domain.

The dsacls tool is not a standard util but you can download it from here:

http://www.microsoft.com/downloads/thankyou.aspx?familyId=6ec50b78-8be1-4e81-b3be-4e7ac4f0912d&displayLang=en

Also if you are having trouble executing the above command it is probably because you are specifiying the LDAP info incorrectly, you can download a free tool http://www.ldapadministrator.com which will let you browse to the AdminSDHolder object. Then by looking at the tool bar you will see the exact path needed to use in the dsacls command example above.

All should work fine now!

More From pstilgoe

• Import data from CSV and SQL to a SharePoint list
• Creating a scheduled email reminder using Sharepoint Designer
• How can I configure the system to let users change their passwords without logging on to the domain?

Ask pstilgoe To Recommend Your Posts

About Windows Shows the version of Windows currently installed on the system. Winver.exe

Command Prompt Opens a Command-Prompt window. Cmd.exe

Event Viewer Displays monitoring and troubleshooting messages from Windows and other programs. Eventvwr.msc

Internet Options Internet Explorer Settings. Inetcpl.cpl

Internet Protocol Configuration IPCONFIG is a command-line tool used to control network connections on Windows-based computers. Ipconfig.exe or Ipconfig.exe /all

Network Diagnostics Network Diagnostics scans your system to gather information about your hardware, software, and network connections. Netsh.exe diag gui

Programs Add or remove programs and Windows components. Appwiz.cpl

Registry Editor Make changes to the Windows registry. Regedit.exe

Security Center Configure Automatic Updates, Windows Firewall, and Internet Properties settings. Wscui.cpl

System Information View advanced information about hardware and software settings. Msinfo32 .exe

System Properties View basic information about your computer’s system settings. Sysdm.cpl

System Restore Restore computer to a previous state. %SystemRoot%\System32\restore\Rstrui.exe

Task Manager Provides details about programs and processes running on your computer. Taskmgr.exe

More From pstilgoe

• I am connected to the VPN but cannot access the Internet.
• Useful Internet Marketing Tools
• Useful Cloaking Script

Ask pstilgoe To Recommend Your Posts

Full backup

A full backup, which Microsoft calls a normal backup, backs up every selected file, regardless of the status of the archive bit. When the backup completes, the backup software turns off the archive bit for every file that was backed up. Note that “full” is a misnomer because a full backup backs up only the files you have selected, which may be as little as one directory or even a single file, so in that sense Microsoft’s terminology is actually more accurate. Given the choice, full backup is the method to use because all files are on one tape, which makes it much easier to retrieve files from tape when necessary. Relative to partial backups, full backups also increase redundancy because all files are on all tapes. That means that if one tape fails, you may still be able to retrieve a given file from another tape.

Differential backup
A differential backup is a partial backup that copies a selected file to tape only if the archive bit for that file is turned on, indicating that it has changed since the last full backup. A differential backup leaves the archive bits unchanged on the files it copies. Accordingly, any differential backup set contains all files that have changed since the last full backup. A differential backup set run soon after a full backup will contain relatively few files. One run soon before the next full backup is due will contain many files, including those contained on all previous differential backup sets since the last full backup. When you use differential backup, a complete backup set comprises only two tapes or tape sets: the tape that contains the last full backup and the tape that contains the most recent differential backup.

Incremental backup
An incremental backup is another form of partial backup. Like differential backups, Incremental Backups copy a selected file to tape only if the archive bit for that file is turned on. Unlike the differential backup, however, the incremental backup clears the archive bits for the files it backs up. An incremental backup set therefore contains only files that have changed since the last full backup or the last incremental backup. If you run an incremental backup daily, files changed on Monday are on the Monday tape, files changed on Tuesday are on the Tuesday tape, and so forth. When you use an incremental backup scheme, a complete backup set comprises the tape that contains the last full backup and all of the tapes that contain every incremental backup done since the last normal backup. The only advantages of incremental backups are that they minimize backup time and keep multiple versions of files that change frequently. The disadvantages are that backed-up files are scattered across multiple tapes, making it difficult to locate any particular file you need to restore, and that there is no redundancy. That is, each file is stored only on one tape.

Full copy backup
A full copy backup (which Microsoft calls a copy backup) is identical to a full backup except for the last step. The full backup finishes by turning off the archive bit on all files that have been backed up. The full copy backup instead leaves the archive bits unchanged. The full copy backup is useful only if you are using a combination of full backups and incremental or differential partial backups. The full copy backup allows you to make a duplicate “full” backup—e.g., for storage offsite, without altering the state of the hard drive you are backing up, which would destroy the integrity of the partial backup rotation.

More From pstilgoe

• Import data from CSV and SQL to a SharePoint list
• Creating filtered views in Sharepoint
• MOSS 2007 Backup & Restore methods from Technet

Ask pstilgoe To Recommend Your Posts

If you use a password policy in a Windows 2000 domain and you migrated some or all of the users to Active Directory (AD) with the AD Migration tool, users who attempt to change their passwords as soon as they receive the Password Change Notification message might receive the following error message:

You do not have permission to change your password.

However, users who choose not to change their passwords when the Password Change Notification message appears (by clicking No) are logged on with their old passwords and then can change their passwords.

This system behavior occurs when the Everyone group hasn’t been granted the Change Password right on the user object. Users can’t change their passwords over the null session connection (anonymous logon relies on the Everyone group to carry out this action) established between the workstation and a domain controller. Instead, an authenticated session is required to change a password (i.e., users must be logged on to change their passwords).

To change the permissions setting for the Everyone group, take the following steps:

Start the AD Users and Computers snap-in (Start, Programs, Administrative Tools, Active Directory Users and Computers).

Select the View menu and enable Advanced Features.

Right-click the container hosting the user object to which you want to grant the Change Password right (e.g., Users), then click Properties.

Select the Security tab. Ensure that the Everyone group is listed in the Name box. If it isn’t, click Advanced, then add the Everyone group to the list from the Advanced Access Control Settings dialog box. If the Everyone group is listed, click Advanced.

Click the Everyone group in the list, then click View/Edit to edit the group’s permissions. In the Apply Onto box, click User Objects.

In the Permissions section, select the Allow check box for “Change Password.”

More From pstilgoe

• How to auto populate InfoPath forms using the people picker
• I am connected to the VPN but cannot access the Internet.
• The K2 Setup Manager requires the logged on user to have domain user privileges to proceed

Ask pstilgoe To Recommend Your Posts

SUMMARY
This article describes how to create a Microsoft Installer Package (MSI) for installing third-party programs. If you want to install a third-party program by using this method, you must install a copy of Veritas Software Console by Seagate Software at a location that is accessible by the reference computer. This program is available on the Windows 2000 CD-ROM in Valueadd\3rdparty\Mgmt\Winstle\Swiadmle.msi. This includes a copy of WinINSTALL limited edition, which allows for basic functionality.

Definitions
Instruction File
An instruction file (Microsoft Installer package) contains information about what needs to be done to install a product.
Clean PC
A clean PC is defined as a computer with only the following items on it before you run Discover: • The operating system
• The service packs for the operating system
If you install Veritas Software Console (or any other product) on the computer, it is by definition no longer a clean PC. You must install Veritas Software Console somewhere, but not on the clean PC.
Reference Computer
A clean PC ensures that the Discover program will pick up all files and registry entries necessary for the program to run.

The reference computer should have access to the Discover program (Discoz.exe) in the Winstall folder from My Network Places, Windows Explorer, or the Run command on the Start menu. Do not map a drive to the Winstall share. Doing so may cause Discover to pick up the added drive, possibly causing problems in your Microsoft Installer packages.
Discover
The Discover program is the program you use to create the instruction file (Microsoft Installer package) that contains information about what needs to be done to install a product.

Back to the top

How to Create a Third-Party MSI Package
For this process to work properly, you should start with a clean PC. 1. Start with a clean PC, or one that is representative of the computers in your network.
2. Start Discover to take a picture of the representative PC’s software configuration. This is the Before snapshot.
3. Install a program on the PC on which you took the Before snapshot.
4. Reboot the PC.
5. Run the new program to verify that it works.
6. Quit the program.
7. Start Discover and take an After snapshot of the PC’s new configuration. Discover compares the Before and the After snapshots and notes the changes. It creates a Microsoft Installer package with information about how to install that program on such a PC in the future.
8. (Optional) Use Veritas Software Console to customize the Microsoft Installer package.
9. Clean the reference computer to prepare to run Discover again.
10. (Optional) Perform a test installation of the program on non-production workstations.
To obtain support for Veritas Software Console, please contact Veritas.

More From pstilgoe

• How to auto populate InfoPath forms using the people picker
• Import data from CSV and SQL to a SharePoint list
• How to embed a powerpoint presentation into a Sharepoint page

Ask pstilgoe To Recommend Your Posts

Deploying and upgrading software
Updated: January 21, 2005
 

Deploying and upgrading software
You can deploy and upgrade software to remote computers in managed environments by using Group Policy Software Installation to assign Windows Installer packages. Windows Installer packages are deployed and managed within a Group Policy object, which is in turn associated with a particular Active Directory container–either a site, a domain, or an organizational unit. You can use Add or Remove programs in Control Panel to install, upgrade, or manage an application on a local computer. You can also use Remote Desktop Connection to install or upgrade an application by using Add or Remove programs on a remote computer. For more information, see Add or Remove programs overview and Remote Desktop Connection.

Some of the most common tasks are deploying software to remote computers, upgrading software on remote computers, and installing or upgrading software on a local computer.

To deploy software to remote computers
1.
Open Group Policy Object Editor.

2.
Do one of the following:

• To assign software applications to computers, in the console tree, double-click Computer Configuration.

• To assign or publish software applications to users, in the console tree, double-click User Configuration.

3.
Double-click Software Settings, and then click Software Installation.

Where?

• Group Policy object/Computer Configuration or User Configuration/Software Settings/Software Installation

4.
Right-click Software Installation, click New, and then click Package.

5.
Click the Windows Installer package you want to assign, and then click Open.

6.
In Deploy Software, click Assigned.

Notes

• To complete this procedure, you must be logged on as a member of the Domain Administrators security group, the Enterprise Administrators security group, or the Group Policy Creator Owners security group.

• Group Policy Software Installation is available to computers running Windows 2000, Windows XP Professional, and the Windows Server 2003 family in an Active Directory environment.

• To use Group Policy Software Installation, you must create a new Group Policy object or edit an existing Group Policy object for a site, domain, or organizational unit. You can also link a Group Policy object to a site, domain, or organizational unit in Active Directory Users and Computers or Active Directory Sites and Services. For more information about ways to open Group Policy Object Editor, see Group Policy.

• Many software applications come with Windows Installer packages (.msi files). For more information, see your software manufacturer’s documentation.

Top of page
To upgrade software on remote computers
1.
Open Group Policy Object Editor.

2.
Do one of the following:

• To upgrade software applications on remote computers, in the console tree double-click, Computer Configuration.

• To upgrade software applications for users, in the console tree, double-click User Configuration.

3.
Double-click Software Settings, and then click Software Installation.

Where?

• Group Policy object/Computer Configuration or User Configuration/Software Settings/Software Installation

4.
Right-click Software Installation, click New, and then click Package.

5.
Click the Windows Installer package that will serve as the upgrade package, and then click Open.

6.
In Deploy Software, click Assigned.

7.
In the details pane, right-click the Windows Installer package that will function as the upgrade (not the package to be upgraded).

8.
Click properties, and then click the Upgrades tab.

9.
Click Add to create or add to the list of packages that are to be upgraded by the current package.

10.
Under Choose a package from, click Current Group Policy object (GPO) or A specific GPO as the source of the package to be upgraded. If you click A specific GPO, click Browse, and then click the Group Policy object that you want.

11.
Review the list of packages under Package to upgrade, which lists all of the other packages that are assigned or published within the selected Group Policy object. Depending on the Group Policy object, this list may have zero or more entries.

12.
Click the package that you want to upgrade, and then do one of the following:

• To replace an application with a completely different application, click Uninstall the existing package, then install the upgrade package.

• To install a newer version of the same product while retaining the user’s application preferences, click Package can upgrade over the existing package.

13.
On the Upgrades tab, select the Required upgrade for existing packages check box if you want the upgrade to be mandatory. If this is an upgrade under Computer Configuration in the Group Policy console tree, the check box is unavailable and selected, because packages can only be assigned to computers, not published.

Notes

• To complete this procedure, you must be logged on as a member of the Domain Administrators security group, the Enterprise Administrators security group, or the Group Policy Creator Owners security group.

• Group Policy Software Installation is available to computers running Windows 2000, Windows XP Professional, and the Windows Server 2003 family in an Active Directory environment.

• To use Group Policy Software Installation, you must create a new Group Policy object or edit an existing Group Policy object for a site, domain, or organizational unit. You can also link a Group Policy object to a site, domain, or organizational unit in Active Directory Users and Computers or Active Directory Sites and Services. For more information about ways to open Group Policy Object Editor, see Group Policy.

• Many software applications come with Windows Installer packages (.msi files). For more information, see your software manufacturer’s documentation.

Top of page
To install or upgrade software on a local computer by using Add or Remove programs
1.
Open Add or Remove programs in Control Panel.

2.
Click Add New programs, and then click CD or Floppy.

3.
Follow the instructions on your screen.

Notes

• To open Add or Remove programs, click Start, click Control Panel, and then double-click Add or Remove programs.

• When using Add or Remove programs, you can only install programs that were written for Windows operating systems.

More From pstilgoe

• Creating filtered views in Sharepoint
• Creating a scheduled email reminder using Sharepoint Designer
• How to report on users & groups in Active Directory domains

Ask pstilgoe To Recommend Your Posts