I've recently installed Exchange 2007 and have been trying to get ActiveSyn up and running to sync with my Palm Treo 750. I knew that Exchange 2007 comes with a self-signed cert but didn't know how to get at it or import it into Windows Mobile. Fortunatley the proceedure is very simple and is detailed here.

In case you are wondering the brief steps are as follows:

1. Open IIS and go to the Directory Security Tab of the Default Website.
2. View the Certificate and Click the "Export to File" button.
3. Accept the default options and save the cerificate somewhere you can remember.

To import into Windows Mobile:

1. Copy the .cer file to your Windows Mobile device.
2. Using the File Explorer on the device locate and open the .cer file.
3. Select yes.

Enjoy!

Today I found myself clicking through a large number of text files containing information from Cisco switches. The text files contained a show run, show ver, show cdp neighbours and show interface status.

The customer wanted to know which interfaces had been hard-coded for speed or duplex and which interfaces had auto-negotiated to half duplex. After doing the first two by hand I realized Powershell could accomplish this quite quickly.

Get-ChildItem -Recurse -Filter "show-run.txt" | Select-String "speed","duplex"

And the results:
172.16.3.101\show-run.txt:50: duplex half
172.16.3.101\show-run.txt:51: speed 100
172.16.3.103\show-run.txt:35: speed 10
172.16.3.103\show-run.txt:45: duplex half
172.16.3.103\show-run.txt:46: speed 10
172.16.3.103\show-run.txt:98: duplex full
172.16.3.103\show-run.txt:99: speed 100
172.16.3.166\show-run.txt:41: duplex half
172.16.3.166\show-run.txt:42: speed 100

To find the interfaces that have negotiated at half duplex:
Get-ChildItem -Recurse -Filter "show-int.txt" | Select-String "half"

The Results:
172.16.3.101\show-int.txt:10:Fa0/6                      notconnect   1          Half     100 100BaseTX/FX
172.16.3.101\show-int.txt:21:Fa0/17                     connected    1        A-Half    A-10 100BaseTX/FX
172.16.3.101\show-int.txt:32:Gi0/1                      connected    1        A-Half    1000 CX_GIGASTACK
172.16.3.102\show-int.txt:32:Gi0/1                      connected    1        A-Half    1000 CX_GIGASTACK
172.16.3.103\show-int.txt:6:Fa0/4                      connected    1          Half      10 100BaseTX/FX
172.16.3.106\show-int.txt:5:Fa0/1                      connected    1        A-Half   A-100 100BaseTX/FX
172.16.3.107\show-int.txt:32:Gi0/1                      connected    1        A-Half    1000 CX_GIGASTACK
172.16.3.121\show-int.txt:32:Gi1/1                      connected    1        A-Half    1000 CX_GIGASTACK
172.16.3.123\show-int.txt:32:Gi0/1                      connected    1        A-Half    1000 CX_GIGASTACK
172.16.3.164\show-int.txt:33:Gi0/2                      connected    1        A-Half    1000 CX_GIGASTACK
172.16.3.166\show-int.txt:5:Fa0/1                      notconnect   1          Half     100 100BaseTX/FX
172.16.3.166\show-int.txt:32:Gi0/1                      connected    1        A-Half    1000 CX_GIGASTACK
172.16.3.169\show-int.txt:33:Gi0/2                      connected    1        A-Half    1000 CX_GIGASTACK
176.16.3.122\show-int.txt:31:Fa0/24                     connected    1        A-Half   A-100 100BaseTX/FX
...
Just saved myself half an hour of clicking through txt files!

I noticed today that WinPE 2, like all the WinPEs before it, does not have a built in network card driver for VMWare. Now you could add a driver to WinPE 2 by using the peimg /inf command but I just wanted to test something really quickly and didn't want the hastle of making a new WinPE 2 disk.

So I discovered you can tell VMWare to use emulate an Intel e1000 network card which works great with WinPE 2. Just add ethernet0.VirtualDev = "e1000" to your .vmx file!!

Most antivirus products these days have a unique ID stored in the registry so that management consoles can distinguish the clients. In you are using some form of cloning in your organisation this can cause problems with clients not updating or reporting back to the management console.

This week I ran into this very issue with eTrustITM v8. Fortunately all you need to do is delete a couple of ID values from the registry before running sysprep.

For eTrustITM delete the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\eTrustITM\CurrentVersion\ID

For eTrust Antivirus delete the following:
HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\eTrustAntivirus\CurrentVersion\ID

Remember to do this immediately before running sysprep otherwise the clients will register again, particularly if you do a reboot before running sysprep. In my builds I usually have a sysprep.cmd that deletes keys like this and then runs sysprep.exe.

It looks like there is already a lot of good information out there about System Center Essentials 2007. Here are a few of handy spots I have found already:

• System Center Essentials @ Microsoft: http://www.microsoft.com/systemcenter/sce/default.mspx
• Pricing Information: http://www.microsoft.com/systemcenter/sce/howtobuy/default.mspx
• SCE TechNet Forums: http://forums.microsoft.com/TechNet/ShowForum.aspx?ForumID=1558&SiteID=17
• Management Pack Authoring (AuthorMPs): http://www.authormps.com
• SCE Wiki: http://sce.editme.com/
• Blogs
  • Advisec Blog - http://advisec.wordpress.com/
  • SCE Tips & Trips - http://blogs.technet.com/caseymck/default.aspx
  • Remote Managed Services - http://blogs.technet.com/dustinj/default.aspx
  • Pete's Management Blog - http://www.it-jedi.net/

Know of any other great resources??

In my spare time over the last few days I've been getting ready to install the System Center Essentials RTM. After getting all the pre-reqs. installed I fired off the SCE 2007 installer only to find that after getting all the way through to installing and configuring reporting setup fails. Setup then promptly rolls back.

After digging a bit I found that this is actually a known issues with the RTM and Microsoft is working to fix the issue as soon as possible. The issue is to do with disjoint namespaces. Basically your NetBios Name doesn't match your FQDN for your domain. For instance, my netbios name for my domain is AD but my FQDN is ad.internal.

There is a thread on TechNet if you are interested in following the issue: http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=1556029&SiteID=17

I've been wondering how to do this in Vista. The registry key is:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Set DisableCAD to 0

Thanks to John at myITforum.com for this one.

I find that my free space is one of those things I don't check regularly enough. This morning I logged on only to find my system was really struggling. I didn't take long to realise I only had 600MB of disk space left. Dratt!!

I immediately wondered what was the quickest way to find out where all my space went, Powershell maybe? My first thought was something like this:

get-ChildItem -path C:\ -recurse | where-Object {$_.Length -gt 50000000} | sort-Object -property length -Descending |select-Object -first 10 | format-Table Name, Length -auto

This seemed to work ok but took ages:
Days              : 0
Hours             : 0
Minutes           : 1
Seconds           : 55
Milliseconds      : 828
Ticks             : 1158286885
TotalDays         : 0.00134060982060185
TotalHours        : 0.0321746356944444
TotalMinutes      : 1.93047814166667
TotalSeconds      : 115.8286885
TotalMilliseconds : 115828.6885

Anyone know a better way??

I've been involved in an Active Directory Migration lately and one of the things that was taking a lot of time was finding the groups for a group of users and then finding the nested groups. Why, you might ask? Well in this particular instance it was easier for us to migrate groups first than users but we had to make sure we got all the groups for the users we wanted to migrate moved over first.

The first part of the script involves search Active Directory for the user we wish to find group membership for. This is pretty easy:
#Setup Tasks
$query = new-object system.directoryservices.directorysearcher
$root = [adsi]""

#Setup for Query
$query.searchroot=[adsi]$("LDAP://"+$root.distinguishedName)
$query.Filter = "(&(objectCategory=user)(objectClass=person)(samAccountName=$accountName))"
$query.SearchScope="Subtree"

The next thing to do after we find the user is to get the memberOf Property:
$ADobject.psbase.Properties["memberOf"]

So I found it was easy enough to get a list of groups for a user but how could a get a list for several users without getting duplicates? The logical thing seemed like a hashtable:
$groups = @{}
foreach ( $user in $users ) {
   foreach ($group in Get-Groups $user) 
   {
      $groupName=$($group.split(",")[0]).split("=")[1]
      if(!$groups.Contains($groupname)){$groups.Add($groupname,$group)}
   }
}

The Properties["memberOf"] returns a collection of distinguished names, (CN=GroupName,OU=Groups,DC=domain,DC=local), so the above code splits up that string to extract the groupName to be the key for the hashtable and then the DN as the value. After this it is simply a case of connecting to each group and listing the memberOf property to see if there is any nested groups.

The code will only check 1 level deep so if you have a chain of nested groups you'll have to check it manually.

To Run the script just run .\GetGroups "username1","username2","username3". Please let me know what you think.

The final version of BDD 2007 has been released. Get it here.