Monday, December 14, 2009

Adobe Flash Player Vulnerabilities

Here's some important computer security tip I found in this week's SANS NewsBites (Vol. 11 Num. 97):

"Adobe applications like Flash are feature rich, but they are putting so much complexity into their applications they probably have a lot of vulnerabilities that yet to be found. In the mean time, for your home Windows systems, install Secunia PSI and keep your Adobe products up to date and never do online banking or stock trading with multiple windows open. I realize these are just stopgap measures. They don't solve the root cause problem, but Band-Aids have a purpose."

Thursday, October 29, 2009

Office VBA: Installing Self-signed Digital Certificates

First you need to create a self-signed digital certificate by going to Start > Programs > Microsoft Office > Microsoft Office Tools > Digital Certificate For VBA Projects (this is actually a shortcut to %PROGRAMFILES%Microsoft OfficeOFFICE11SELFCERT.EXE).


Next, you need to sign your VBA code project in the VBA IDE by going to the Tools menu > Digital Signature... and pressing "Choose" to choose the certificate you created above.


So far, this is relatively straightforward.  The problems come when you're trying to re-install certificates after an OS re-install.  Or trying to install certificates on someone else's machine.  Here are some clues I've found:


1. The actual certificate files are stored in %APPDATA%MicrosoftSystemCertificatesMy


2. There's a snap-in called Certmgr.msc which helps you manage certificates.  You want to drag your self-signed certificate into the Trust Root Certification Authorities > Certificates folder.

3. When you open a MS Office file that has signed code in it, you want to try to "View Certificate" and "Install Certificate" if you can.  Or "Always Trust Macros From This Publisher".  Here is a good link on some resources to help you.


I'll continue to be on the lookout for more information about backing up and restoring certificates before and after a machine reinstall.

Tuesday, September 1, 2009

Outlook Contact List Problems When Moving To Another Machine

This is probably not of interest to any of you.  I'm just posting it here because it's a problem I frequently face at work and I want to remember where the link is to solve it.  Here it is.


Basically, when I reformat a computer or move one of my users to a new computer, I migrate their Outlook .pst file that contains all their mail and contacts.  However, unless I follow the steps in this link, they cannot add addresses to emails from their Outlook contacts.

Friday, August 28, 2009

Windows Command-line Tool: SubInACL

One of Windows' strengths in the ability to apply very granular, detailed permissions to your file system and shares.  However, this makes for some fairly complex permissions settings.  One of Windows' weaknesses is its command line (which had been more than remedied with PowerShell, I think).  But I found a tool today that enables me to take ownership of files and folders from the command prompt.  It's called SubInACL.  It looks like the ultimate Windows command-line ACL tool.  (CACLS.exe is just a joke.  It can only do the simplest of things.  And the /T option doesn't descend down more than one directory deep.)


Here's the command I used to take ownership of everything in the current directory:

subinacl /file * /setowner=me

Friday, August 14, 2009

Meet Our Newest Addition, "Nibbles"

Almost four years ago for my birthday, my family got me a betta fish I named "Herman Schnauzer."  He was a good fish, but this last week he took his last breath, and went to the happy swimming pool in the sky.  He almost made it four years with us.

This week at work, I've caught two mice!  One with the amazing, humane, "Mice Cube," which I highly recommend.  No one I've ever talked to has ever failed to make a catch with this trap.  This was my second with one.  But yesterday, we found the little toddler mouse whose mother we did away with the day before.  We found him wandering around under the desks in the daytime, the poor little guy.  I put a Cheeto out on the floor and he came out and grabbed it and ran back under the desk.  So I named him "Cheeto."  He came right out in to the open again, apparently not that afraid of all of us in the office who were watching, and I caught him with a cardboard box.  He was such a tiny, adorable, little mouse, I brought him home and was going to keep him; but the internet convinced me that it's not exactly safe to take a wild or house mouse as a pet.

So today I stopped by the pet store.  We still had Cheeto in his box, and I was thinking I would buy him a friend, and they had these cute little dwarf hamsters at the pet store.  So I bought one and brought it home.  The dwarf hamster is small but still over twice as large as Cheeto.  I ended up setting Cheeto free in our backyard.  And the hamster we named "Nibbles."  The pet store people agreed she is a girl.


This is her sleeping in the bottom tier of the Critter Universe Great Wall.  She can't jump at all, so she can't even make it up to the higher levels.  Cheeto would've done it no problem.

As I get older I think I'm realizing that I like animals, smaller ones generally, more than I realized.

Thursday, August 6, 2009

Strong Passwords and Online Safety

This article is a must-read for everyone who wants to work safely on the internet.

Personally, I use Keepass to keep all my passwords saved on my computer in an encrypted format.  And I use LastPass together with my browser to automatically fill in passwords on websites that I regularly surf to - however, I do not allow LastPass to save any passwords or login information for any of my financial sites.  I enter that using Keepass's autotype feature.

I know it's convenient to have your browser store "cookies" so that websites remember your information from visit to visit, but this is the setting I use in Firefox right now so that cookies are not saved after I close Firefox:


Friday, July 24, 2009

Problems After Restoring a Cloned Hard Drive Partition

I've never had this problem before, but then today was the first time I had restored a disk partition image from another partition on the same disk.  I could not login (it was giving me an error about my paging file being absent or too small - which shouldn't matter because Windows can and should create a new one automatically).  I tried a lot of things, including running FIXBOOT and FIXMBR from the recovery console.  I also ran CHKDSK, which did fix a few important errors, but it wasn't until I followed these instructions down through step 6, then after hive is loaded, delete all entries in the HKLMSYSTEMMountedDevices registry key (except for default), then reboot.  Windows will rebuild the key automatically at next startup.  The rest of the steps aren't necessary.

In short,


2. Boot to some kind of CD-ROM or USB based live OS that has a tool to edit the registry.  You can use Bart PE or Ultimate Boot CD.  I actually used the "Offline NT Password & Registry Editor" tool on the UBCD4WIN.

3. Load the %systemroot%system32configSYSTEM registry hive and delete everything in the HKLMSYSTEMMountedDevices registry key

4. Reboot

Additionally, sometimes I have also had to edit the registry key for Windows' userinit.exe settings in order for my log in to work. These instructions are helpful.  In a nutshell, edit HKLMSoftwareMicrosoftWindows NTCurrent VersionWinlogonUserinit so that it is just "userinit.exe" instead of "C:WINNTsystem32userinit.exe" (without the quotes in both cases).  (I think even changing it to just "userinit" will work too.)

Mount USB Drive in System Rescue CD

From the forum
You can run "fsarchiver probe simple" from sysresccd-1.1.7
to identify all the filesystems

Once you know the device,
(probably /dev/sdb or something like that) just




mount /dev/sdb (or
whatever) /mnt/usb 

Monday, May 25, 2009

The Book of Mormon

I love the Bible.  It is the word of God.  I am also thankful for the Book of Mormon.  It is also the word of God.  How much poorer I would be without passages such as these:

   I will go and do the things which the Lord hath commanded, for I know that the Lord giveth no commandments unto the children of men, save he shall prepare a way for them that they may accomplish the thing which he commandeth them ( 1 Nephi 3:7).

   Adam fell that men might be; and men are, that they might have joy ( 2 Nephi 2:25).

   For we labor diligently to write, to persuade our children, and also our brethren, to believe in Christ, and to be reconciled to God; for we know that it is by grace that we are saved, after all we can do ( 2 Nephi 25:23).

   Wherefore, ye must press forward with a steadfastness in Christ, having a perfect brightness of hope, and a love of God and of all men. Wherefore, if ye shall press forward, feasting upon the word of Christ, and endure to the end, behold, thus saith the Father: Ye shall have eternal life ( 2 Nephi 31:20).

   For the natural man is an enemy to God, and has been from the fall of Adam, and will be, forever and ever, unless he yields to the enticings of the Holy Spirit, and putteth off the natural man and becometh a saint through the atonement of Christ the Lord, and becometh as a child, submissive, meek, humble, patient, full of love, willing to submit to all things which the Lord seeth fit to inflict upon him, even as a child doth submit to his father ( Mosiah 3:19).

   For how knoweth a man the master whom he has not served, and who is a stranger unto him, and is far from the thoughts and intents of his heart? ( Mosiah 5:13)

   And behold, he shall be born of Mary, at Jerusalem which is the land of our forefathers, she being a virgin, a precious and chosen vessel, who shall be overshadowed and conceive by the power of the Holy Ghost, and bring forth a son, yea, even the Son of God.
   And he shall go forth, suffering pains and afflictions and temptations of every kind; and this that the word might be fulfilled which saith he will take upon him the pains and the sicknesses of his people.
   And he will take upon him death, that he may loose the bands of death which bind his people; and he will take upon him their infirmities, that his bowels may be filled with mercy, according to the flesh, that he may know according to the flesh how to succor his people according to their infirmities ( Alma 7:10-12).

    Yea, and cry unto God for all thy support; yea, let all thy doings be unto the Lord, and whithersoever thou goest let it be in the Lord; yea, let all thy thoughts be directed unto the Lord; yea, let the affections of thy heart be placed upon the Lord forever.
   Counsel with the Lord in all thy doings, and he will direct thee for good; yea, when thou liest down at night lie down unto the Lord, that he may watch over you in your sleep; and when thou risest in the morning let thy heart be full of thanks unto God; and if ye do these things, ye shall be lifted up at the last day ( Alma 37:36-37).

   And now, my sons, remember, remember that it is upon the rock of our Redeemer, who is Christ, the Son of God, that ye must build your foundation; that when the devil shall send forth his mighty winds, yea, his shafts in the whirlwind, yea, when all his hail and his mighty storm shall beat upon you, it shall have no power over you to drag you down to the gulf of misery and endless wo, because of the rock upon which ye are built, which is a sure foundation, a foundation whereon if men build they cannot fall ( Helaman 5:12).

   And if men come unto me I will show unto them their weakness. I give unto men weakness that they may be humble; and my grace is sufficient for all men that humble themselves before me; for if they humble themselves before me, and have faith in me, then will I make weak things become strong unto them ( Ether 12:27).

    Behold, I would exhort you that when ye shall read these things, if it be wisdom in God that ye should read them, that ye would remember how merciful the Lord hath been unto the children of men, from the creation of Adam even down until the time that ye shall receive these things, and ponder it in your hearts.
   And when ye shall receive these things, I would exhort you that ye would ask God, the Eternal Father, in the name of Christ, if these things are not true; and if ye shall ask with a sincere heart, with real intent, having faith in Christ, he will manifest the truth of it unto you, by the power of the Holy Ghost.
   And by the power of the Holy Ghost ye may know the truth of all things ( Moroni 10:3-5).

Wednesday, May 20, 2009

psexec Computer Trick

From my computer, I
can open a cmd console screen with a message on it on another computer using psexec
Here's how:

I need to already
have administrative privileges on the target computer.
  • psexec needs to be
    installed on my computer.
  • I create a batch
    file that looks like this: 
    @echo OFF
    echo Tell me if you got
    del %0
    (The last line is the batch file
    "self-destruct" command.)
  • I open a command
    window, and type  psexec \targetcomputernameorIP -i -c

    The -i switch runs
    the process interactively with the logged on user.  The -c switch copies
    the file to that computer before running it.

    Monday, May 11, 2009

    Step-through VBscript Debugging

    First of all, let me
    say at the outset that if there is any way at all you can use Windows Powershell
    instead of VBscript, do it.  Powershell is the future of Windows

    But we all have to
    go back and fix things from the past sometimes, and when we do it's nice to have
    some tools.

    One of the great
    tools I use is Notepad++, a
    free and highly configurable text editor for Windows.

    You can configure
    Notepad++ to open up a debugging program to step through the file you've
    currently got open.  First you have to edit your
    %APPDATA%Notepad++shortcuts.xml file.  In the <UserDefinedCommands>
    element, add this line:

    <Command name="Debug VBscript" Ctrl="no"
    Alt="no" Shift="no" Key="0">wscript.exe //D //X

    This will add a command to the Notepad++ "Run" menu, that will execute the currently saved
    version of your open file with wscript.exe, with the //D switch to tell it to
    debug if it encounters any errors, and the //X switch to immeditely throw an
    error at the beginning of execution.

    Next, what debugger
    should you use?  Often you can get Microsoft Script Debugger to come up,
    but if it all possible, see if you can use Microsoft Script Editor. 
    Microsoft Script Editor comes with Microsoft Office; I can find mine in
    %PROGRAMFILES%Microsoft OfficeOFFICE11.  It's called

    It took a little
    doing to figure out how to get it to come up as a debugger.  I think this
    registry edit should do the trick.  Create a .reg file with these contents
    and merge it with your registry [Disclaimer: DO ONLY AT YOUR OWN RISK! 
    Making a mistake modifying the registry can crash your




    For more help check here:

    Wednesday, May 6, 2009

    Windows Administration From My Workstation

    I've always wanted to know how to bring up a command console or Explorer window as an administrator with full privileges, instead of having to remote login to the server.  This link tells you how:

    Here's how to bring up a "remote" command shell on another Windows computer (you already need to have administrative privileges on it):

    I've already installed SQL Server tools on my workstation, so I can manage my SQL Server from there.  But today I figured out how to install the Active Directory MMC snap-in at my workstation.  The only catch is figuring out how to run it with administrator privileges (see above link.)  The following link explains how to install the AD snap-in at your local workstation:

    After you run MMC and add the Active Directory Users & Computers snap-in, you can save the mmc console as an .msc file, move it to %windir%system32, and create a batch file to run it with one click from your start menu:

    runas /user:DOMAINadministrator "mmc AD.msc"

    (Thanks, scripting guys.)

    Thursday, April 23, 2009

    Gmail Hacked!!

    Yesterday one of my friends called and told me they had been contacted by a telemarketer that had mentioned my name! (and I had nothing to do with it)  I was disturbed, and couldn't figure out where someone would have got that information.  But today I found out: my Gmail Contacts were hijacked!

    Creating a Custom Toolbar Button in Firefox

    If you've ever wondered:

    Friday, April 3, 2009

    SCAM ALERT: Beware of "Extended Car Warranties"!

    Most of the time I try to give people the benefit of the doubt, but maybe this is the wrong policy
    when talking with salespeople over the phone.

    We got sucked into a
    scam the other
    day for an "extended car warranty."
      I even told the person over the
    phone, "this is too good to be true."  She offered me a 5-year, 100,000
    mile extended warranty on our 2001 Grand Caravan that already has over
    110,000 miles on it.  And we had to commit to it right then, or else we'd
    miss our opportuntity and couldn't call them back (when you hear this,
    immediately think: Warning! Warning! Scam alert!).  She told us we had 30
    days to cancel and get our money back, so I agreed.

    A week later, a bottle of engine treatment arrives in the mail.  It says to put it in our
    vehicle, and they will cover anything that the fluid touches.  Originally
    the salesperson told me it was a $50 deductible, and that A/C and electrical
    components were covered.  But in the contract that arrived in the mail, we
    had a $100 deductible, a total $3,000 coverage limit, and only on the drive
    train (maybe not even that).

    I called customer service to ask for my money back, and when they heard that I had received the
    engine treatment, they acted like it was some sort of mistake, and they tried to
    sell me the same extended 100,000 miles warranty again (with full electrical and
    A/C systems covered)!   By this time my guard was up, so I
    declined.  They told me to send the engine treatment product back to them
    (at my expense, of course) and they would return my money.

    Stay tuned to see if I get my money back!  And in the meantime, just remember:

    1. If it's too good to be true, it probably is (and when dealing with salespeople, I would dare say it's ALWAYS true!)

    2. If you're pressured to make a decision immediately without time to consider it, DON'T DO IT!

    Tuesday, March 31, 2009

    A Call For All: Start Using OpenDNS!

    There's been a lot in the news lately about the-virus-that-must-not-be-named (because if your computer is infected it won't let you view pages that refer to it by name.  They should call it the Voldemort virus!)  As computers become more advanced and sophisticated, so do the attacks and malware that can be crafted using them.  As consumers, I feel like it's important that we educate ourselves our these tools we have come to rely on every day, so that we can use them securely and effectively.

    Here are my recommendations:

    1. Don't use Microsoft Internet Explorer.  Why?  Because its "ActiveX" controls are too integrated with the operating system environment, which makes it a prime target for the bud guys.  Use Mozilla Firefox instead.

    2. Once you're using Mozilla Firefox, install the AdBlock Plus add-in.  At the browser level, not only can it block images, scripts, and domains for advertisements, but also for virii and malware.

    3. Use OpenDNS!  Almost all internet communication relies on DNS (which stands for Domain Name Server) to look up the websites you surf to everyday.  For instance, you type in  How does your computer know where that is?  First it must be looked up on a DNS server to get its IP address (mine just returned for google).
         Once you have set your computer or router to use OpenDNS's servers, OpenDNS will block all attempts to access domains that you specify.  You can customize it to your liking.  You can set OpenDNS to block access to porn sites, other sites, etc.  A screen shot is in order:


    Yes, OpenDNS takes a little doing to set up, but it's worth it for your peace of mind.  If you don't feel like you can do it, ask a computer saavy friend or relative to do it for you (hopefully they've already done it).

    Wednesday, March 11, 2009

    Flashing Tomato Firmware to a Linksys WRT54G-TM Wireless Router

    I recently purchased a Linksys WRT54G-TM (the T-Mobile one) off ebay for $40. My intention was to flash the firmware to DD-WRT or Tomato. I need to put a couple of computer workstations out on our factory floor, but I don't want to have to run ethernet cable out to them. Instead, I thought I'd try to form a wireless bridge with our existing Linksys wireless router that's in the office.

    Some background information:
    Different versions of Linksys WRT54G wireless routers have different processors and amounts of memory, so you have to choose carefully before purchasing one. You may need to have the seller look on the bottom of the unit for the serial and/or version number. From what I've heard, once Linksys found out that people were flashing custom firmware on to their routers, they started reducing the memory in the units and put in some kind of CFE ("Common Firmware Environment") that could detect if the factory firmware was overwritten and automatically restore it.
    I wanted to flash the Tomato firmware onto my unit but apparently Tomato doesn't have any method of flashing the CFE. So first I had to follow these instructions to flash the CFE and load DD-WRT. These instructions worked like a charm for me, and then it was quite simple to update the firmware to Tomato from DD-WRT.
    Once I had Tomato loaded, I switched it to "Wireless Ethernet Bridge" mode and then I entered the same SSID and security key from my existing wireless router and voila! all I have to do is plug the power cable in and I have instant wireless access to our network anywhere within the range of my existing wireless router, as though I were connected with an ethernet cable!
    The only thing I'm worried about now is the unit overheating when it gets hot out on the plant floor in the summertime. I'm thinking about underclocking the unit to make it run cooler, because it runs a little warm right now at the default 200MHz. The telnet login username is "root", and the password is what you set it to be in the web-admin interface.

    Monday, March 9, 2009

    Using Blat and xp_cmdshell in SQL Server 2000

    This has happened to me twice here at work:

    I set up an automatic script to run regularly to do some processing for a department.  I create folders on the shared drive to export the processed files to.  Then the user in that department comes along and (accidentally or otherwise) deletes or renames one of those folders used for export in my script.  Then the script doesn't run anymore, and they come and ask me what's wrong.

    Lesson learned: ALWAYS have your scripts check to verify that all necessary executables and paths are present, and have a way for the script to notify me if it is otherwise.

    Today I spent most of the day coming up with some code to put in our custom payroll processing SQL stored procedure that checks to make sure the export directories are present, and creates them and notifies me if they aren't.

    DECLARE @result1 int, @result2 int
    EXEC master..xp_cmdshell 'if not exist "\oursvrsharePayrollExports for Payroll" echo Folder "sharePayrollExports for Payroll" could not be found.  Creating... >foldercheck1.txt',no_output
    EXEC master..xp_cmdshell 'if not exist "\oursvrsharePayrollExcel Hours Report" echo Folder "sharePayrollExcel Hours Report" could not be found.  Creating... >foldercheck2.txt',no_output

    If these files exist then the folders couldn't be found, else these files won't exist and this command will fail and @result will be 1
    (which is a good thing, it means the folders were located.)
    EXEC @result1 = master..xp_cmdshell 'TYPE foldercheck1.txt',no_output
    EXEC @result2 = master..xp_cmdshell 'TYPE foldercheck2.txt',no_output

    IF @result1 = 0  --Folder not found
        EXEC master..xp_cmdshell 'blat foldercheck1.txt -to -ss -u -pw opensesame -q'
        EXEC master..xp_cmdshell 'mkdir "\oursvrsharePayrollExports for Payroll"',no_output

    IF @result2 = 0  --Folder not found
        EXEC master..xp_cmdshell 'blat foldercheck2.txt -to -ss -u -pw opensesame -q'
        EXEC master..xp_cmdshell 'mkdir "\oursvrsharePayrollExcel Hours Report"',no_output

    EXEC master..xp_cmdshell 'DEL /Q foldercheck*.txt',no_output  --DEL does not return 1 if it cannot find the file to delete!

    Of course, blat must be installed.  And I really should check that blat is present or else give an error.

    Thursday, March 5, 2009

    Tuesday, March 3, 2009

    Weird Outlook 2002 Error: "The messaging interface has returned an unknown error..."

    Today someone at our company was trying to send some emails in Microsoft Outlook 2002, running in Windows 2000 OS.  (I know, I know.  Why are we running such ancient software?  Because I believe in the old adage: "Use it up, wear it out, make it do, do without then upgrade.")  He had three emails that were hung up in his Outbox, and he couldn't delete them.  They would just keep sending themselves over and over again.  When he tried to delete them from the Outbox, he got this message:


    I googled the message and looked at some of the results.  One of them said it could be fixed just by emptying the Deleted Items folder, but that didn't work.  Another said to create a new Outlook profile, which I was in agreement with.  This employee has been working on the same Windows 2000 box for the past 5 years, without a single re-install (and that's saying something!).  His Outlook .pst file was right at the 2GB mark, and I remembered having heard that in versions prior to 2003, Outlook had problems with .pst files greater than 2GB.

    I did end up creating a new Outlook profile for him, which I had never done before.  You have do close Outlook to do it, and go to Windows Start > Settings... Control Panel > Mail and do it there.  But what I wanted to share here was this trick:  The emails that couldn't be deleted because of the above error message, I was able to delete by holding down SHIFT while deleting them.  Keep in mind that this was after I had emptied the Deleted Items folder, although I'm not certain that had anything to do with it.

    Creating a new profile automatically creates a new .pst file, mine was automatically named Outlook1.pst.  I wanted a more descriptive, meaningful name for the file than that, so I closed Outlook, and changed the file name to 2009 Email.pst.  Then I opened Outlook again, it complained that it couldn't find the .pst file, but eventually it let me point to the file with the changed name.  The next trick is how to change the name of the .pst group of folders that displays inside of Outlook (The default is "Personal Folders."  The link is for Outlook 2007, but it's the same back in 2002).  You'd think you would be able to do that by just right-clicking on it and choosing Rename... (the option is greyed out) or by choosing Properties and changing it there (the name field isn't greyed out there, but it still can't be changed).  But you have to go one step further, and click the Advanced... button in the Properties dialog, and there (finally!) you can change the name.

    Thursday, February 26, 2009

    Computer Benchmarking Using System Speed Test 32 on UBCD

    Recently our company inherited a lot of old computers from the plant next door after it closed down.  I've been looking inside them to determine what components are there to see if I can combine them to make some better systems.

    I've never gotten into computer benchmarking before.  I wanted to use a simple utility that would boot from a CD, and about the only one I could find was the Ultimate Boot CD.  The utility I chose was System Speed Test 32 version 4.78.  It looks like it was created by a Russian but I can't find a home page for it anymore.

    Here are my results:

    Processor Benchmark
    Intel Core 2 Duo E6550 @ 2.33GHz3450.07
    AMD Athlon XP 2400+2376.52
    Intel Pentium 4 2.8 GHz2116.44
    AMD Athlon MP 2000+1976.42
    Intel Pentium 4 2.4 GHz (Northwood)1868.58
    AMD Athlon XP 1800+1773.98
    AMD Athlon Duron 700 MHz (Spitfire)827.96
    Intel Celeron 633MHz (Coppermine)712.24
    Intel Pentium III 550MHz635.58

    (The Core 2 Duo at the top is my workstation, not a computer we received.)

    Tuesday, February 17, 2009

    Windows 2000: How to restrict internet access to certain users using Group Policy

    In Active Directory on your domain server, create a new Organizational Unit (OU) called 'Restricted Users' or something like that.


    Now right-click on your new OU, and select 'Properties.'  Click on the 'Group Policy' tab.  Create a new group policy called "No Internet" or something.


    Edit the settings for this policy (make sure they meet or exceed the security level of the other existing group policies in your domain).

    Under 'User Configuration' > 'Internet Explorer Maintenance' > 'Connection', set the Proxy Settings to some non-existent IP address and port.


    Now, you can move certain users over to the new restricted OU by right-clicking on the user and choosing 'Move...'  Any user belonging to this OU will have these proxy settings loaded by default when they log in and will not be able to use standard windows methods to connect to the internet (IE, Outlook Express, etc.)

    Of course, there are workarounds for this.  It's not hack-proof, but it may be better than nothing in your organization.  For instance, if the workstation that the restricted user logs on to has Firefox or some other browser/email client installed, they will be able to access the internet.  So you must restrict those users from being able to install software and/or run existing non-Microsoft internal applications.

    Wednesday, February 11, 2009

    Changing/wiring a plug

    I've had to look this up enough times that I thought I'd blog about it so it'll be easy for me to find next time I need to look it up.

    When wiring a standard electrical plug–

    • The white wire goes on the silver terminal, which in turn goes to the wider of the two prongs on a polarized plug.  The white wire is the neutral wire.

    • The black (hot) wire goes to the brass colored terminal, which goes to the narrower of the two prongs.

    Saturday, February 7, 2009

    Friday, February 6, 2009

    Saving Win2K disk image using Partimage and CIFS

    At work I've got this computer set up with Windows 2000 and Office XP just like I like it.  Now I want to "image" the hard drive so that later on if anything happens I can just restore the image to this computer (with all the drivers and updates and everything) and it will be just like it is now.

    I've done this before.  I use a great free Linux program called Partimage.  This can be found in the Knoppix distro, but recently I've been using System Rescue CD.  I shut down the computer and booted from System Rescue CD ver. 1.1.4 using the "dodhcp" option so it would connect to my network.

    Then, to make the disk image smaller, I wanted to delete the Windows paging file (pagefile.sys) before I made the image.  To do this, I first needed to mount my Windows partition.  From System Rescue CD Linux command prompt, I typed:

    mount -t ntfs-3g /dev/sda1 /mnt/windows

    then just   cd /mnt/windows   and    rm pagefile.sys

    Next, I had to mount a shared folder from my Windows 2000 domain to save the disk image to.  Usually, I have been doing this using smbfs, but when I did this the other day, the new Linux kernel told me smbfs is deprecated and to use cifs now instead.  Here's how I used to do it with smbfs:

    mount -t smbfs -o lfs,username=administrator //machinename/sharename /mnt/smb

    but this time I did it with cifs:

    mount -t cifs -o username=administrator //machinename/sharename /mnt/smb

    When I ran Partimage, I kept getting this error "Cannot create temp file" "no space left on device" from Partimage.  I couldn't believe that I had ran out of space at first.  So I went back and tried to unmount the cifs share, but I got an "Unable to umount, device is busy" error.  I tried googling around for a solution, and finally found this page.  I needed to do a "lazy" unmount:

    umount -l /mnt/smb   (I'm very thankful for this tip!)

    After further research, I found that the device I was trying to save the image to actually _was_ full, and after deleting some files, partimage worked just fine.  What's more, cifs is significantly faster than smbfs!

    Thursday, February 5, 2009

    Windows 2000 reporting incorrect drive capacity

    At work I restored a disk image I had saved from a previous Windows 2000 install onto a Dell Optiplex GX260.  Except I saved the image from a 20GB drive, and restored it onto a 40GB drive.  (Disk images saved and restored using Partimage.)  After I restored the image, Windows showed the C: drive as having a capacity of 20GB, but I knew it was more than that.  Here's what I tried:

    1. Ran chkdsk C: /f  which needs to be done after a restart.  No change.

    2. Updated the BIOS, and checked the drive capacity there.  It reported the drive capacity correctly.  No joy.

    3. Opened a recovery console using the Windows 2000 install CD and ran fixmbr.  But even when the drive capacity was correct in the MBR, still Windows reported it as only a 20Gb drive...

    4. Ran GParted off System Rescue CD 1.1.4.  The partition showed as the correct size there.  However, I noticed GParted had a "Check and repair" option, which I ran on the primary partition.  This finally did the trick!

    Windows 2000 reporting incorrect drive capacity

    At work I restored a disk image I had saved from a previous Windows 2000 install onto a Dell Optiplex GX260.  Except I saved the image from a 20GB drive, and restored it onto a 40GB drive.  (Disk images saved and restored using Partimage.)  After I restored the image, Windows showed the C: drive as having a capacity of 20GB, but I knew it was more than that.  Here's what I tried:

    1. Ran chkdsk C: /f  which needs to be done after a restart.  No change.

    2. Updated the BIOS, and checked the drive capacity there.  It reported the drive capacity correctly.  No joy.

    3. Opened a recovery console using the Windows 2000 install CD and ran fixmbr.  But even when the drive capacity was correct in the MBR, still Windows reported it as only a 20Gb drive...

    4. Ran GParted off System Rescue CD 1.1.4.  The partition showed as the correct size there.  However, I noticed GParted had a "Check and repair" option, which I ran on the primary partition.  This finally did the trick!

    Friday, January 23, 2009


    I believe that pain forces people into one of two attitudes:

    It can humble us and enlarge our compassion for others, whose pain we had not previously comprehended.

    Or it can lead to bitterness, self-pity, envy, and the seeking for company in misery.

    Christ is the example of the first.  Lucifer is the example of the second.

    See Alma 62:41.