For those still using Windows XP and Windows Vista, then here is a somewhat useful service to try out if you run into problems, Microsoft FIX-IT.  Microsoft FIX-IT offer online repair of some of the common problems with XP and Vista installations.

Text from their website;
Thank you for your interest in Microsoft Fix it. We’re working hard to automate solutions to common software problems in an easy, intuitive way that is available when and where you need it. So whether you are looking for a solution in help or support content, or an error report, Fix it provides a way to apply automated fixes, workarounds, or configuration changes so you don’t have to perform a long list of manual steps yourself.

As I work for a large company with 700+ workstations we strive to minimize the need for PC support whenever we can, one of the problems is when users use different browsers or install strange add-ins, one of the more annoying IE additions is the Google Toolbar.  Now I am sure the toolbar offers some great options to some users, however in our corporate structure we like that all browsers function the same as this minimize the development time for our intranet and other internal solutions.

Informing the users that corporate policy does not allow for installation of Google toolbar (and others) does not help that much, it is almost impossible to avoid installing Google Toolbar today, it comes with numerous applications (even with Java as I recall) and if you just miss one checkbox then it is installed (reminds me about the terrible Real player from years back).  One good thing about the Toolbar is however that it is easy to get rid of, it uninstalls without too much hassle.

Anyway I got my heart set on disabeling the Google Toolbar from installing, but how?

Well I found this interesting article on Google Groups;

---[FROM GOOGLE GROUPS]---------------------------------------
Hi Alan,
You actually have a couple options to prevent the Toolbar from being
installed on your school's network:
1. You can block the Toolbar through the IE policy, or blacklist
everything and selectively whitelist specific add-ons. The relevant
path to the add-on management policy is:
Console Root/(Local or Global) Policy/(Computer or User Configuration)/
Administrative Templates/Windows Components/Internet Explorer/Security
Features/Add-on Management
>From there, you should be able to block each add-on through its GUID.
The Toolbar's GUID is {2318C2B1-4965-11d4-9B18-009027A5CD4F}.
2. You mentioned not wanting students to install the Toobar because it
shrinks the usable area of the screen. More than preventing the
installation of just the Toolbar, you may want to prevent the
installation of all IE BHO's in general. These can be disabled through
group policy in the admin console. There's an IE key that disables
BHO's at:
Console Root/(Local or Global) Policy/(Computer or User Configuration)/
Administrative Templates/Windows Components/Internet Explorer/Internet
Control Panel/Advanced Page/Allow third-party browser extensions
Setting that to "Disabled" will prevent all BHO's from launching.
And for any network admins out there concerned with privacy but who
still want to enable the Toolbar, you should be able to disable
features like PageRank or AutoLink through the group policy file
(that's the .ADM file that's included with the Toolbar for
---[FROM GOOGLE GROUPS]---------------------------------------

Option 1 actually sound quite good, Option 2 will likely disable way too much – some things actually need to install browser additions (certificates for public signature, banking add-ins, PDF readers/printers and many other)..

When I have the time I will take a further look at it.

I keep forgetting how to enable Group Policy Loopback processing, this is useful if you have an advanced structure/advanced needs within your OU’s in AD.

The recipe is simple;

To set user configuration per computer, follow these steps:

  1. In the Group Policy Microsoft Management Console (MMC), click Computer Configuration.
  2. Locate Administrative Templates, click System, click Group Policy, and then enable the Loopback Policy option.

This will allow for Usersettings to be propagated even if they are only in the Computer OU.

More here;

If you use HP servers you hopefully also use or have configured the iLO connection, the iLO port will allow you to connect to the console screen of the server even if Windows is not booted, this allows for installing a server or configuring bios settings etc remotely.

However, yesterday when I tried to connect to one of our servers via iLO (you do this via Internet Explorer)  i got this message;

<?xml version="1.0" ?> - <RIMP>
-<MP>   <ST>5</ST>   <INFORM>The iLO firmware is in a network flash recovery state.</INFORM>
<REFERENCE>Refer to the iLO network flash recovery under the trouble shooting 
section in the iLO users guide.</REFERENCE>   </MP>   </RIMP>
Well that was not what I expected, anyhow the solution is fairly simple, you just need to download the iLO firmware and flash the iLO management processor, this can easily be achieved via FTP.
  • Download the iLO firmware from and drivers, search for iLO firmware), note there is difference between iLO/iLO2/iLO3 so check your server specs for which FW to get.
  • Unpack firmware (by far the easiest way is to use www.rarlabs.comWinRar, just rightclick and extract from the .exe you downloaded before)
  • Find the iloXXX.bin and copy it to C:\  (or use your own location if you prefer, just remember to change it in the commands below also).
  • Start a command prompt (cmd.exe)
  • Issue these  commands;

    FTP x.x.x.x  (replace x.x.x.x with the correct IP)
    User: flash
    Password: recovery
    type binary
    put c:\iloXXX.bin   (replace XXX with the version number of the image file)

    and then wait while it flashes the ROM you will see a progress indicator.

After this iLO should be back up working 🙂  easy as pie..

If you ever (god forbid) have to support Microsoft Virtual Server 2005 then this is the tool to use;

It is by far better than the native tools/website.

By default new computers are created in the “Computers” OU in AD, however sometimes it would be smart to have them created in another OU.  The not so nice thing about the “Computers” OU is that you can not force GPO settings onto it, thus creating your own OU eg. “Domain Computers” and forcing new computers to be created here will allow you to force GPO settings onto new computers right from the start.

Another option is to change the Sysprep.inf settings to include the OU where the computers will be added, but this will only affect computers added via sysprep.

Example (sysprep.inf lines);

You could also use the NETDOM command from the Support Tools to add workstations to the domain, the NETDOM command also allow for adding the OU in which to create the computer object, but this has the similar problems as sysprep.inf it will not FORCE every new computer to be added in a specific OU.

Here is how to make the change via the redircmp command;

Redirecting CN=Computers to an administrator-specified organizational unit

  1. Log on with Domain Administrator credentials in the domain where the CN=computers container is being redirected.
  2. Transition the domain to the Windows Server 2003 domain in the Active Directory Users and Computers snap-in (Dsa.msc) or in the Domains and Trusts (Domains.msc) snap-in. For more information about increasing the domain functional level, click the following article number to view the article in the Microsoft Knowledge Base:
    322692 ( ) How to raise domain and forest functional levels in Windows Server 2003
  3. Create the organizational unit container where you want computers that are created with earlier-version APIs to be located, if the desired organizational unit container does not already exist.
  4. Run the Redircmp.exe file at a command prompt by using the following syntax, where container-dn is the distinguished name of the organizational unit that will become the default location for newly created computer objects that are created by down-level APIs:
    redircmp container-dn container-dn

    Redircmp.exe is installed in the %Systemroot%\System32 folder on Windows Server 2003-based or newer computers. For example, to change the default location for a computer that is created with earlier-version APIs such as Net User to the OU=mycomputers container in the CONTOSO.COM domain, use the following syntax:

    C:\windows\system32>redircmp ou=mycomputers,DC=contoso,dc=com

    Note When Redircmp.exe is run to redirect the CN=Computers container to an organizational unit that is specified by an administrator, the CN=Computers container will no longer be a protected object. This means that the Computers container can now be moved, deleted, or renamed. If you use ADSIEDIT to view attributes on the CN=Computers container, you will see that the systemflags attribute was changed from -1946157056 to 0. This is by design.

If you are as set in your ways as I, and if you are forced to use Windows XP in your workplace then you may just hate the Windows Desktop Search as much as I, in my experience it simply does not work properly.

Well you can return to the good old “Search Companion” quite easily, simply run this command;

regsvr32 /u "%programfiles%\Windows Desktop Search\wdsShell.dll"

And before you get too worked up then let me calm you down, in my case this also killed the annoying Fido dog that usually pops up – in other words it’s a win – win situation 🙂

For those of you that have ever tried finding anything on HP’s homepage you know that it can be virtually impossible 🙁 thus I am often struggling to find the download link for “HP ProLiant Support Pack for Microsoft Windows Server 2003”, well no more my friends 🙂 here is the link to use 🙂

And as a bonuslink, here is how to install it on a “Server Core” (the one without the Win GUI)..

I had to upgrade a server today from Win 2003 to Win 2003 R2, this should be a simple task however as with much IT this proved a no go 🙁

 Windows Server 2003 R2 Setup Wizard
 Setup cannot continue because this product disc is incompatible with the 
 service pack installed on this computer. To complete the installation 
 of Windows Server 2003 R2, you will need to insert the latest version of 
 Windows Server 2003 R2 Disc 2.

A quick google search however led me to;

where it was explained that a Windows 2003 Slipstreamed SP2 installation could cause problems with subsequent R2 installation, the solution is simple just modify the file “R2INTL.INF” in the \CMPNENTS\R2 directory like this;


R2SPLevel = 1


R2SPLevel = 2

and the installation will work without a problem.  Easy as pie (when you know what to do that is ;-))…

If you have Windows 7 you have some interesting new options when it come to moving applications (eg Games etc) to other locations, namely the “mklink” command.

Read the whole story/guide here