28 January 2007

Acrobat Reader & Vista issue

if you have issue with opening PDF in vista, especially through Internet explorer,
there is a new version of Acrobat Reader, version 8.

27 January 2007

putting workstation in quarantine area: the easy way

I just answered a guy on activedir that would like to block all new workstation by default. The goal is to prevent users from playing with workstation until they are secured by GPO / antivirus / inventory tools...

The way i propose is globally:
-redirect all new workstation joining the domain to a new ou (let's say quarantine). This can be done direclty with windows 2003 AD thanks to redircomp.exe

-On the quarantine OU, create a new gpo that will only allow encrypted traffic communication.
As only these stations will be set up to encrypt traffic, they won't be able to communicate with servers and others stations.

The tricks are:
-If using dhcp, allow unencrypted trafic with the dhcp servers or the workstation won't get dhcp address (and won't be able to communicate with AD and so to catch the change of OU later)
-Allow unencrypted communication with DC so to be able to catch GPO change to stop ipsec traffic.

If a workstation doesn't stop using ipsec or doesn't catche the GPO change:
-stop the windows ipsec service
-issue a gpupdate /force

The only way for users is to be administrator and to stop the ipsec service manually. This can be enforced by GPO (and more if specifying a small GPO/ipsec refresh interval time)

hope it will help you !

VmWare Workstation and Vista as host

I am using VmWare Workstation 6.0 beta on my Vista RTM (host guest).

Working greats !
No more issue with disk freezing the OS for a while.

26 January 2007

Searching vmware Visio stencil for free ?

Update: (ALL in one VSD File)


have a look at this great site (but seems broken)
Thanks to them !

25 January 2007

considering username rename ?

If you are considering renaming users Samaccountname, you should at least care about:
  • Outlook will prompt for the location of OST and maybe PST if in the profile
  • ActiveSync on Windows mobile will need to be set up with the new username
  • If using roaming profile, you will need to rename all users folders (so you need access to them which is by default prohibited with XP SP2)
  • If redirecting My Documents, you will need to rename all folders to match.
  • Update logon script if network mapping is based on the username
  • You may clean up all profile on all station or at least rename them.
You should use Admodify which will do all the job on the AD side.

You should always test amont a significant numbers of users first to check against application troubles after renaming accounts. Applications like Vmware VirtualCenter always display the last used username.

12 January 2007

GFI Faxmaker 12 + Exchange 2003 cluster

hello all,

For those that will install GFI Faxmaker 12 on an Exchange 2003 Cluster:

The smtp connector won't be created and then creating it manualy will NOT WORK.
You will have to remove the gfi component and then create the whole smtp connector by hand.