Friday, 24 February 2012

RDP: Set up a Monitor Span for Non-Windows 7 Enterprise/Ultimate End Points

In order to get true multi-monitor client connections going both ends need to be Windows 7 Enterprise and/or Ultimate. Or, when connecting to Remote Desktop Services the client needs to be one of those client OSs.

To get around that for all other client OSs we can do the following:

  1. Set up an SSL VPN connection (or PPTP).
    • Disable the Use Remote Gateway setting for IPv4 and IPv6.
  2. Start –> type: MSTSC [Enter]
    • Machine.Domain.Local
    • Full Screen
    • Redirect needed resources.
    • Do not change Gateway settings from default.
  3. Save As onto the desktop.
  4. Right click RDP file and Open With…
    • C:\Windows\notepad.exe
  5. Add the following line to the RDP file:
    • span monitors:i:1
  6. Save the RDP file.
  7. Open the VPN connection.
  8. Double click on the RDP Desktop file.
  9. Log on to the desktop machine.

Users will need to get used to all dialogue boxes saddling the two monitors since that is where the “middle” of the spanned setup is.

The local monitor pair must be side-by-side and the same resolution.

We tested running the RDP file with a Remote Desktop Gateway setting and it seemed to only connect one monitor.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Symantec EndPoint Protection CleanWipe Tool: Stuck at Gathering Required Information

We were working with a particularly problematic Symantec EndPoint Protection endpoint that always caused the user’s account to lock out when they came back into the office with their laptop.

The lockout would happen only after they had plugged into another network to gain access to the Internet. With the v11.x client we removed the Administrator Scan in the SEP Console on the management server and the problem went away.

But, once we replaced the backend and the client on this machine the lockout behaviour came back. Removing the Administrator Scan from the management console did not remove the lockout behaviour in this version as it had for v11.x.

So, we opened a case with Symantec and obtained a copy of the CleanWipe utility.

Once we ran the utility we said Yes to all of the options and then waited, and waited, and waited. The last warning indicated 30 minutes or more to run the registry clean-up be we were not getting anywhere after 2 hours.

image

In the end we needed to use Task Manager to kill ccSvcHst.exe process and then rename it in Windows Explorer as in the snip above. The CleanWipe process continued on from there by requesting a restart.

The whole process took 3 reboots to complete.

Once done we were able to install the SEP v12.x client.

Now, hopefully whatever was causing the lockout problem will be gone.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Tuesday, 21 February 2012

Fujitsu ScanSnap N1800: User Log On Error Via Active Directory

We are in the process of setting up a new ScanSnap N1800 network scanner.

There were a few things that we needed to take note of when we were setting up the unit to scan on an SBS network.

Active Directory

Out of the box the unit starts with a series of questions including a username and password to log onto Active Directory. But, the questions do not ask for an LDAP server setting.

We ended up with a logon failure with nowhere to go but restart the machine on the unit’s control panel.

However, once we had the ScanSnap IP address set with a DHCP Reservation and the unit had the IP we were able to get to the admin page.

Once logged in we then had to download and install the Network Scanner Admin Tool.

image

Once installed we were able to configure the correct settings.

image

Note the above Search Base setting. We tried to limit things to the SBSUsers OU but all connection tests failed if we did so. So, we needed to stick to the DC=DOMAIN,DC=LOCAL setting.

When we clicked the Connect button we received:

image

We set up a username and password in AD and:

image

We then had success with the LDAP connection.

SharePoint Companyweb

Once we had our successful LDAP connection we then went to set up the scanner for a Companyweb Scans Library destination.

Now, since we used the Standard User – Restricted (blog post on setting up SBS 2011 ~ Step 26) User Role to create the ScanSnap AD user account we needed to add the user account to the base Companyweb site with Contribute permissions.

Before doing so we would receive an Access Denied message when trying to connect to the Companyweb site in the ScanSnap Network Scanner Admin Tool.

image

Note the URL is for the base site at: http://companyweb.

image

We added the requisite folders for all of SharePoint sites and libraries as required.

Network Print

From there we went on to try and connect to all of the required network printers with no success. Now, this is Windows XP Embedded so we all know how much fun it is to get a 32-bit client to connect to Windows Server 2008 R2.

We called into support after we could not get anywhere with it and they suggested updating the unit to the most current version.

We chose the N1800 from the drop down list and:

image

We downloaded the software update, extracted it by running the EXE, and uploaded it using the Admin Tool:

image

  • Time update started: 1300Hrs
    • image
    • image
  • Update progress at 1313Hrs:
    • image
    • image
  • The device rebooted at 1327Hrs
  • We were able to log back into the device at 1338Hrs

Once the update was complete we were able to log back into the scanner’s Admin Tool. The update did not resolve our problem with being able to print however. This is more than likely to do with our inability to get the 32-bit NTPrint.INF to install correctly when setting up 32-bit drivers in SBS 2011’s Print Management.

For now, scan to print is not a critical feature, so we will leave it until we can work on the NTPrint.INF install on SBS 2011.

Conclusion

What we do have now is the ability to create live text PDFs that can be fully indexed by the SharePoint site that the scanner will be sending the output files to.

And so far, the scanner has done its job precisely as expected.

For anyone looking to archive all pieces of paper used throughout their business this scanner is an excellent product to have around. No third party products are required beyond the scanner itself for OCR to PDF capabilities.

The scanner does full duplex scans in a single pass so there is no need to muck about with the paper jams that can be common on scanners that pull the piece of paper back into the ADF for that second side.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Tuesday, 14 February 2012

How to Swap the mSATA SSD or RAM on a Toshiba Portege

There are a couple of gotchas when it comes to removing the bottom panel on the Toshiba Portege Ultrabook.

image

  1. Under the centre bumper is found a T8 Tamper-Proof Torx screw.
  2. The microphone and earphone jacks pin the cover in place on that side.

Once all of the screws have been removed including the tamper-proof centre screw one needs to make sure that the SD slot is empty.

Then, based on the image above gently grasp the two _opposite_ corners to the mic/ear jacks (right top and bottom) and pull up much like the cover of a book pivoting on the mic/ear side.

Once the cover is a couple of centimetres up (~1.5”) we can then slip the cover out and off over the mic/ear jacks.

When it comes to re-installing the back cover run through the opposite steps however one needs to be mindful of the VGA port as it has a slot on either side that the cover needs to nestle into.

Set the cover in place over the mic/ear jacks first and then guide it into place around the VGA port. It should essentially settle into its rightful spot with a little assistance from there.

NOTE: At no time is there any need to use force when working the back cover off or on. When removed or installed correctly the panel will essentially sit in place with no more effort than to guide it off or on.

Also, be mindful that making any changes to the default unit can and may void the Toshiba warranty.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Monday, 13 February 2012

Online Banking “Security”

We are a bit puzzled at why our online banking services are not as secure, at least in our opinion, as we think they should be.

We just finished configuring a new online account at Scotiabank that is based here in Canada.

This is their suggested online password recommendation:

image

And, one we have finished our sign-up process we see:

image

But, Scotiabank, if security is important then why are we not allowed to use a pass phrase _with_ special characters?

Not only that, why are the number fields already populated in the online sign-in page?

image

The “Online Security Guarantee” is kind of cute. :)

“We will fully reimburse you . . . provided that you have met your security responsibilities.”

Okay, so we click the Safe Computing Practices link to find out what our responsibilities are and:

image

We pretty much follow all of the above with the exception of number 2. We have encountered enough problems with Trusteer’s Rapport Security Software (one example we have blogged) that we will not be trusting any of our systems to their software.

Now, one plus on Scotiabank’s side is that their online portal’s password request actually _is_ case sensitive. We work with other banks that do not pay attention to case in the password field.

Conclusion

Now, obviously the above critique is based on _our_ experience working in I.T. and all of the good, bad, and ugly that we encounter in the way of security situations.

The reality is that the banks have a business decision to make when it comes to reaching the average user.

Thus, in the end we have a good understanding of the _why_ the banks are closer to the lowest common denominator when it comes to online “security”.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Saturday, 11 February 2012

Product Review: Update – 120GB OCZ Nocti Died :(

Go figure, our first OCZ mSATA product, the 120GB Nocti that went into our new Toshiba Portege Z830 Ultrabook died sometime during the night.

We had set up Windows 7 Enterprise, all of our apps, and domain configurations a few days prior.

The Ultrabook was staying at a client site since we were going to be back early the following morning.

The last thing to be done on that Ultrabook prior to leaving was to initiate a BitLocker encryption of the entire drive.

Sometime during that process the drive outright died.

The RMA process on OCZ’s Web Site requires us to create a ticket before making any efforts to get in touch.

NOTE: If advanced swap is going to be a part of the RMA process make sure to put that in the ticket’s notes _first_ or things just do not go too well.

Intel, Kingston, and Crucial have one up on OCZ: Real people on this continent (almost for Intel) that answer the phone.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Thursday, 9 February 2012

Moving from Unmanaged or Nonexistent SEP Management Server to a New Management Server

We have a whole bunch of clients to change over to a new management server for Symantec EndPoint Protection version 12. The previous server was offline so no work could be done to allow changes.

Between the above articles we were able to piece together what we needed to do:

  1. Export a new Sylink.XML file from the new SEP Management server.
  2. Rename the exported XML file to Sylink.XML
  3. Stop SEP on the client we need to change.
  4. Copy the new Sylink.XML file over the existing file(s)
  5. Start SEP on the client.
  6. Open the client console.
  7. Click Help then Troubleshooting.
  8. The Management tab should reflect the new server’s IP as should the Connection Status tab.

Note that on Windows XP the Sylink.XML file is buried

  • C:\Documents and Settings\All Users\Application Data\…

We just saved ourselves a huge amount of time.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Tuesday, 7 February 2012

Coffee Reading: Storm Clouds on the Horizon

The “Cloud” is the really big push happening right now where vendors are essentially looking to wrest control of the traditional client from frontline IT support companies and/or in-house IT departments.

Okay, so the above statement is a little pessimistic but talking to so many IT providers the above is definitely a predominant theme.

The following CloudBeat article is an excellent synopsis of a few of the downsides to dropping IT services into the Cloud and something that _all_ business owners need to be aware of:

The 4 reasons are items that we may have had nagging at the back of our minds but were unable to express quite as clear as this article does.

  1. Business owner is no longer in control.
  2. Business owner and their business is not the most important part of anything.
  3. The business owner and their business can have any colour they want as long as it’s black.
  4. The business still needs in-house hardware and an in-house IT staff.

The shocking realization when it comes to point 4 when it comes to Office 365 is that there are _huge_ requirements for in-house infrastructure for larger organizations that want to maintain user account synchronization between the organization and Microsoft’s service.

For us small guys keeping track of things manually may not be too painful, but once an organization gets beyond the 75-100 user mark some serious decisions need to be made.

As with any service that one is looking at it is important to know the Terms & Conditions for that server and if there are any Prerequisites so one does not get surprised by anything when it comes to project implementation time.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Monday, 6 February 2012

Toshiba Portege Z830-00P: Some mSATA SSD Testing to Come

We are just in the process of reloading Windows 7 Enterprise x64 on a newly received Toshiba Portege Z830-00P Ultrabook onto the 128GB Toshiba SSD that comes with.

When we did so we formatted a partition at a little over 70GB so that once all drivers are loaded and the Ultrabook is ready for bear we will image that partition using ShadowProtect.

We will then restore that partition to the 120GB OCZ Nocti mSATA SSD that showed up at our shop and eventually to an Intel 80GB 310 series mSATA SSD that should arrive here via Intel Demo sometime in the next couple of weeks.

We purchased the OCZ Nocti outright because we are pretty sure that the OCZ will far out-perform the Toshiba SSD that comes with the Portege.

Once we have the performance numbers we will publish them here. For now we will use the default WinSAT utility built into Windows to get an idea of the numbers just as we have done for previous systems that we tested.

The packaging for the OCZ:

image

The Canadian and US quarters are about the same size. As we can see, these drives are _small_ in size.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Friday, 3 February 2012

Product Review: Update on the Zalman ZM-VE300 USB 3 Drive Enclosure–This one is a sure win!

We did our initial review of the Zalman ZM-VE300 USB 3 enclosure here:

Now that we have had a chance to work with the unit we are really impressed with its ability to facilitate booting from “optical disk” via internally mounted ISO or to boot from the drive itself.

When the enclosure is in Dual Mode meaning both the mounted ISO and the hard drive storage are presented to the BIOS we are able to boot from either via Boot Menu.

What this means is that we can boot the Windows Server 2008 R2 SP1 DVD so to speak and have the necessary RAID drivers on the USB hard drive.

Given that we have installed an 80GB Intel X25-M SSD in this enclosure we have enough room for all of the OS ISOs we require plus all of the current server, workstation, and desktop hardware drivers needed.

In the near future we will be slipstreaming the Renesas Electronics USB 3.0 controller driver into our desktop OS WIM files so that we can use the USB 3 interfaces on the desktops we build to speed things up even further.

This product is a clear win for us.

Even if we were building a lot of desktops or workstations, servers are our mainstay, having a number of these units around will make getting that OEM, Retail, or Volume License version of a Windows 7 OS, or even Windows XP Professional, installed in _very_ short order.

We will be ordering a few more of these enclosures along with some Intel 320 Series 80GB and 160GB SSDs to install in them to make the best possible combination.

Happy Friday everyone and thanks for reading! :)

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Thursday, 2 February 2012

HP LaserJet P1606dn Continually Printing

We had a problem where an HP LaserJet P1606dn kept spitting page after page of the same Test Print page without stop.

We managed to find the solution to the problem:

We disabled Bidirectional print support and power cycled the printer. It finally stopped spitting out the same print test page.

If that did not work we would have downloaded the latest driver package from HP’s Web site as well as a firmware update (this printer is relatively new so firmware is up to date) if required.

For now we have a printer that is doing what it is supposed to be doing for this small equipment rentals office.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.