Click an Ad

If you find this blog helpful, please support me by clicking an ad!

Tuesday, June 26, 2012

Firefox Mobile for Android has been updated!

Firefox Mobile for Android has been updated!

Sorry for not posting much lately (to the 3 of you looking at this site on a regular basis). I promise I'll have more to post in the coming weeks and months, as I start my new job in a much larger and diverse environment that I'm used to.

Today, though, I will tell you that the newest version of Firefox Mobile has hit the Google Play Store. So far I like it. It's faster and more well-organized than the last version.

Thursday, June 21, 2012

Powershell 3 session from TechEd 2012

Powershell 3 session from TechEd 2012 

Powershell 3 will ship with Windows 8 and Windows Server 2012 later this year. While the talk starts out like it's for noobs, the pace picks up as they show you some really fantastic things that you can do with version 3 of Powershell. You can find the talk here. There's also an article from Technet which outlines some of my favorite new features here.

Some of the things that I like best:
  • The ISE now offers Intellicode and a native command-list sidebar
  • There's a new GUI to help you write commands (checkboxes and things for setting options and parameters)
  • Help files that you can update
 Admins will be led more and more into installing servers into 'Core' mode with Windows Server 2012, and Powershell will become increasingly important. There are several hundred more commands in Powershell 3 than in version 2, so get started on it!!!

Wednesday, June 20, 2012

Windows 7 imaging method

Windows 7 imaging method

We are using Acronis to image our mix of desktop and tablet computers, and I was charged with coming up with the methodology on imaging computers when we started rolling out Windows 7. Learning how to work with Windows' deployment kits was just stupid. The documentation is terrible and there are a ton of different programs internal to the AIK that you have to magically just know how to use. With my complaining out of the way, let me tell you how I accomplished getting Windows 7 out to my people.
First off, a little about my environment, which directly impacted my options and enabled me to do what I did. I only need to create images for 2 different desktop and 2 different tablet models. If I had to keep track of more models, I probably would have been forced to do it "Microsoft's way". We're upgrading to Windows 7 a little at a time, so I don't need to worry about using multicast to upgrade a lot of computers at once. Now, on to the process of creating a master image:

  • Install Windows 7 Professional from the DVD, creating a generic "user" account along the way, and giving the computer a name like HP2730MSTR (combining the hardware model with "Master")
  • Enable the local admin account and set its password
  • Activate Windows 7 with your key
  • Log off of "user" and log in as the local administrator account you just enabled
  • Install Drivers, Windows 7 SP1, and Windows updates
  • Uninstall some Windows Features (Internet Printing, Windows DVD Maker, Games, Windows Media Center, Windows Fax and Scan)
  • Install Office 2010, Office 2010 SP1, and Silverlight
  • Change the workgroup: If my domain name is I would change the computer to belong to the workgroup "foo". This allows me to access the file servers on my network.
  • Turn off UAC. Our users are all local administrators (yeah yeah, fact of life here) and this is just annoying to them.
  • Delete the profile and user account of "user"
  • Go into Windows Explorer and turn on "Show hidden files, folders, and drives" and also uncheck the box next to "Hide protected operating system files"
  • Modifications to the Default User registry hive. Break time. The Default User hive stores the registry template for every new user who logs on to the computer. Make a change here, and that setting will propagate to every user who logs on to the computer, provided they have never logged on before (which is why we're addressing it here in the image).To accomplish this:
    • Open Regedit.exe, and load the default user hive. This is accomplished by:
    • Highlight the HKEY_USERS key
    • Click File, then Load Hive
    • Choose C:\Users\Default\NTUSER.DAT (If you can't see the Default folder, then you didn't perform the Windows Explorer step above)
    • Give it a name, it doesn't matter what
    •  Now, expand HKEY_USERS and the folder you just named
    •  The subkey you want is Software/Microsoft/Windows/Currentversion/Runonce
    •  On the right pane, create two new string values, named "Libraries" and "RemPinned"
    • Modify the Libraries item so that the data= c:\libraries.bat
    • Modify the RemPinned item so that the data= c:\rempinned.vbs
So, now your asking yourself, "Where are those files?" Well, you need to create them, and copy in this text.

Filename: RemPinned.vbs
Purpose: This VBS file unpins the default items that Windows 7 pins to the taskbar (Media Player, IE, and Explorer)
Created by: Charles Stemaly (shamelessly copied and pasted from code found somewhere; I'm not very good at VB Scripting)

Option Explicit


Dim objShell, objFSO
Dim objCurrentUserStartFolder
Dim strCurrentUserStartFolderPath
Dim objAllUsersProgramsFolder
Dim strAllUsersProgramsPath
Dim objFolder
Dim objFolderItem
Dim colVerbs
Dim objVerb

Set objShell = CreateObject("Shell.Application")
Set objFSO = CreateObject("Scripting.FileSystemObject")

Set objCurrentUserStartFolder = objShell.NameSpace (CSIDL_STARTMENU)
strCurrentUserStartFolderPath = objCurrentUserStartFolder.Self.Path

Set objAllUsersProgramsFolder = objShell.NameSpace(CSIDL_COMMON_PROGRAMS)
strAllUsersProgramsPath = objAllUsersProgramsFolder.Self.Path

'''''''''''''''''''''''''''''''''''''''Unpin Shortcuts'''''''''''''''''''''''''''''''''''''''
'Internet Explorer
If objFSO.FileExists(strCurrentUserStartFolderPath & "\Programs\Internet Explorer.lnk") Then
Set objFolder = objShell.Namespace(strCurrentUserStartFolderPath & "\Programs")
Set objFolderItem = objFolder.ParseName("Internet Explorer.lnk")
Set colVerbs = objFolderItem.Verbs
For Each objVerb in colVerbs
If Replace(, "&", "") = "Unpin from Taskbar" Then objVerb.DoIt
End If

'Windows Explorer
If objFSO.FileExists(strCurrentUserStartFolderPath & "\Programs\Accessories\Windows Explorer.lnk") Then
Set objFolder = objShell.Namespace(strCurrentUserStartFolderPath & "\Programs\Accessories")
Set objFolderItem = objFolder.ParseName("Windows Explorer.lnk")
Set colVerbs = objFolderItem.Verbs
For Each objVerb in colVerbs
If Replace(, "&", "") = "Unpin from Taskbar" Then objVerb.DoIt
End If

'Windows Media Player
If objFSO.FileExists(strAllUsersProgramsPath & "\Windows Media Player.lnk") Then
Set objFolder = objShell.Namespace(strAllUsersProgramsPath)
Set objFolderItem = objFolder.ParseName("Windows Media Player.lnk")
Set colVerbs = objFolderItem.Verbs
For Each objVerb in colVerbs
If Replace(, "&", "") = "Unpin from Taskbar" Then objVerb.DoIt
End If

Filename: Libraries.bat
Purpose: This file leverages shlib.exe to manipulate the Windows 7 libraries available to your users. I remove the local Document library mapping to a local "Public" folder, then I remove the Music, Pictures, and Videos libraries. Group Policy doesn't have very good methods to manage libraries, so I had to go this route.
Created by: Charles Stemaly
Other requirements: This batch file requires that a file named ShLib.exe be present in you C:\Windows\System32 folder. ShLib.exe can be found here, via the Grim Admin, and his methodology is here if you want to learn about this the way I did initially.

shlib remove "%userprofile%\appdata\roaming\microsoft\windows\libraries\documents.library-ms" "c:\users\public\documents"
del "%userprofile%\appdata\roaming\microsoft\windows\libraries\music.library-ms"
del "%userprofile%\appdata\roaming\microsoft\windows\libraries\pictures.library-ms"
del "%userprofile%\appdata\roaming\microsoft\windows\libraries\videos.library-ms"

Now, back to the list:

  • Still in regedit, unload the Default User hive by clicking on the folder which you named, clicking the File menu, and then choosing Unload Hive.
  • You should turn off the "Network" tree in Windows Explorer (it normally appears under "Computers in the left pane"). This normally allows people to browse computers on your network, and no sir, I don't like it.
    • Still in regedit, expand the following: HKEY_CLASSES_ROOT\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\
    • Right click on Shellfolder, and alter the permissions to give administrator full control
    • Modify the "Attributes" DWORD value on the right and change its value to b0940064 (I only ever had to alter 1 character, the 9)
  • Now, you can close regedit
  • Ensure that RemPinned.vbs and Libraries.bat are in your C:\ (the root folder)
  • Copy ShLib.exe to C:\Windows\System32
  • Run C:\rempinned.vbs and C:\Libraries.bat to perform their functions for the local administrator profile that you're currently logged in as.
  • Install (and update) all of the applications that every computer of that model needs: Flash, Adobe Reader, Java, etc.
  • Configure any wireless settings
  • Run Windows Update and restart as needed
  • Turn hidden files back off from earlier
  • Ensure that everything is ready to go and the system boots cleanly from and updates you performed.
  • Power the system off
  • Boot the system to your disk imaging software and capture the image as "SysPrep0 - Master"
  • Now, boot the system back into windows, and log in as the local administrator
  • Launch C:\Windows\System32\Sysprep\Sysprep.exe
  • Choose "Enter System Out-of-Box Experience (OOBE), check the Generalize box, and choose "Shut Down"
  • Press Ok and let it work (it will take a few minutes)
  • Now, boot the system to your disk imaging software again and capture this image as "SysPrep1 - Deploy"
  • After this image is captured, reimage the computer using the Sysprep0 image you created earlier, thus reverting it to before you ran sysprep. Label this computer as a master and set it aside.
Every so often, boot up the master computer, run Windows Updates, install any software updates or new programs, then perform the last step again to capture a new sysprep0 and then a sysprep1 image. Doing so ensures that you don't run up against Microsoft's 3 sysprep limit.

I'm sure there are better ways to do a lot of this. I know that you can create an unattended XML answer file and probably get rid of a lot of the workarounds that my method uses. Unfortunately, I have yet to see a really thorough resource for what my options are and all of the syntax for the unattend.xml file.

I tried Microsoft, I really did, but you need to clean up your rollout methodologies, or better document them, or something.

Tuesday, June 19, 2012

Learning VMware PowerCLI (Powershell) commands the easy way

Learning VMware PowerCLI (Powershell) commands the easy way

I just learned about this tool and it's absolutely amazing. I wish I'd have known about this months ago!
Onyx is a VMware project that helps you learn PowerCLI commands from your actions in the VMware vCenter GUI. After you extract the files (there's no install), you run onyx.exe, then click the "Connect" button.

I was unable to get Onyx to work without having it launch my vCenter client for me. Now, press the button that looks like the play button. This starts the "recording". Anything you do in vCenter will now have it's equivalent Powershell code displayed in Onyx. Too Cool....

Note that this is from VMware Labs, which basically means it's "Beta" and not supported.

Friday, June 15, 2012

Holo Launcher Rules!

Holo Launcher Rules!

So, I'm really bored at work and haven't had the time to play with different launchers for my Android phone. Sprint has not yet rolled out Ice Cream Sandwich to me (and has been saying "soon" for months), and I like the way the ICS stock launcher looks. I ran across a launcher called Holo Launcher the other day on Lifehacker and had bookmarked it.
It's supposed to be a pretty good knock-off of the ICS launcher. This morning, since I had so much free time, I installed it onto my phone. It took me about an hour to create new shortcuts (I couldn't find a good way to move things between the two launchers), but along the way I found a couple other great apps I had to have. SiMi Folders lets you create scrollable folder widgets, and Home Switcher allows you to easily switch between different launchers.
I'll tell you that I absolutely LOVE this launcher. Some of the modifications I made:

  • Increased my icon density from 4x4 to 5x5 - more shortcuts, yay!
  • Created gestures: swiping up starts the phone app, and swiping down starts Handcent SMS so I can text
  • Populated the dock: my dock is now scrollable, which is awesome.
  • I also modified my home button, so that if I'm already at the home screen it starts my task manager.

With more room for my app icons, I can now start to play with some more of my apps. If I don't have an icon, I tend to forget that they're present and that I need to try them out. Now, when I'm bored and flip my phone on, I'll see them. I really want to get used to using voice commands with my phone, and also I want to try taking pictures of documents and converting them to PDF.

Thursday, June 14, 2012

Another case study in the benefits of good documentation

Another case study in the benefits of good documentation

So, I put in my two weeks' notice yesterday. I'm moving on to what I'm almost certain are greener pastures, full of opportunity and unicorns. Today when I came in they asked me to write up a list of what I "do". We have two admins here (over everything: network, storage, Windows, etc). Obviously one of us can't know everything; we'd probably go insane trying. Things get compartmentalized and assigned.
It's now noon and my cohort has everything he needs:
  • I went through my Outlook calendar and wrote down recurring events.
  • I exported my bookmarks for him.
  • I changed anything in powershell scripts that used my login or credentials over to his.
  • I ensured that all scheduled tasks were not using my login
  • Then I copied my documentation folder to the IT Network share and pointed him to it.
PROTIP: This Powershell command finds any string in a file within a directory, recursively:
Get-ChildItem -Recurse -Include *.* | Select-String "String to look for"


So now I'm "done" here with two weeks to sit here and stare into space.
But really, this is a good thing, because I can use those two weeks to handle any other questions that comes up while he gets his hands dirty.!!

Tuesday, June 12, 2012

Powershell: Delete all networked printers (AND DRIVERS!)

Powershell: Delete all networked printers (AND DRIVERS!)

We've been moving a lot of printers around recently, and installing new ones. Our old printers were about 5 years old, and we drastically needed new ones. Let me tell you, the number one way to reduce helpdesk calls (after the initial rollout) is to install new printers that work well!!! We went with Xerox printers everywhere and are very happy so far (about a month in). The drivers are easy to use and stable.

We ran into some problems pushing out new drivers, and sometimes the easiest thing to do is just to delete all of the network printers and their drivers and then redeploy them. So I made this:

Filename: ResetNetworkPrinters.ps1
Author: Charles Stemaly

cd c:\
$PrnDrvrPathXP = "C:\Windows\system32\prndrvr.vbs"
$PrnDrvrPath7 = "C:\Windows\system32\Printing_Admin_Scripts\en-US\prndrvr.vbs"
$computerosversion = get-wmiobject -class Win32_OperatingSystem
# The location for the prndrvr.vbs script, which we will use to manipulate the drivers later, is in a different directory depending on the OS version, so we get the
# OS version of the computer and set variables for the different paths.

#Restart Print Spooler
(get-wmiobject -Class win32_service -filter "Name='Spooler'").stopservice()
sleep 5
(get-wmiobject -Class win32_service -filter "Name='Spooler'").startservice()
sleep 10
# I restart the print spooler. A lot. I haven't been able to figure out when I NEED to do this, and when I don't, so I just do it whenever I'm messing with something
# printer-related to ensure success.

$NetworkPrinters = ((Get-WmiObject -Class Win32_Printer) | where {$ -eq $true})
$DriverList = @()
# This section gets the list of all network printers, and initializes the driverlist array

Foreach ($Printer in $NetworkPrinters){
    $PrinterListing = ($
    #Write Driver name to array for later use
    $DriverList += $printer.drivername
    #Delete Printers
    Invoke-Expression "rundll32 printui.dll,PrintUIEntry /dn /q /n`"$PrinterListing`""
} #End Foreach
# We go through every network printer, append the drivername to the driverlist array, and then use Invoke-Expression to run a command that deleted the printer.
# I will talk more about Invoke-Expression later.

$DriverList = ($DriverList | Select-Object -Unique)
# This works through the driverlist array and removes any duplicate names

Foreach ($Driver in $DriverList){
    #Restart Print Spooler
    (get-wmiobject -Class win32_service -filter "Name='Spooler'").stopservice()
    sleep 2
    (get-wmiobject -Class win32_service -filter "Name='Spooler'").startservice()
    sleep 2
    #Delete Printer Drivers
    IF ($computerosversion.version.startswith(5)) {
        Invoke-Expression "cscript $PrnDrvrPathXP -d -m `"$Driver`" -v 3 -e `"Windows NT x86`""
    } #End WinXP
    IF ($computerosversion.version.startswith(6)) {
        Invoke-Expression "cscript $PrnDrvrPath7 -d -m `"$Driver`" -v 3 -e `"Windows NT x86`""
    } #End Win7 If
} #End Foreach
# Here, for each driver, we restart the print spooler and then execute the appropriate command to remove the driver (which depends on the OS).

After this is all finished, we reboot the computer so that the drivers can be redeployed. I could have put that into the script, but we manually double-check that the printers are gone. My script works, but Windows is sometimes temperamental when it comes to printers.

Now, back to the Invoke-Expression command. At first, I was trying to call the prndrvr script by assigning it to a script variable, and then piping it back to me on the next line, like so:

$Script = "cscript $PrnDrvrPathXP -d -m `"$Driver`" -v 3 -e `"Windows NT x86`""

Unfortunately, Powershell doesn't just throw your string back onto the command line and then press enter. Powershell doesn't know that your string is an actual command. Hence the use of the Invok-Expression commandlet. That lets Powershell know to execute the string as a command.

Another thing I'd like to point out are the use of back ticks in the command. If I were to open a DOS command prompt and run this command, it would look like so:

C:\> cscript C:\Windows\system32\prndrvr.vbs -d -m "<drivername>" -v 3 -e "<environment>"

You can look at the actual syntax for using prndrvr.vbs here, but the backticks indicate that the double-quotes are actually part of the command itself (it's parameters technically). In short, if you have reserved characters showing up in your commands that you want treated as part of the string, you have to escape them so powershell just treats them as regular text characters.

Thursday, June 7, 2012

Learning Exchange Powershell commands the easy way

Learning Exchange Powershell commands the easy way

If you open up your Exchange Management Console and change any information, there's a button in the bottom left hand corner of the window that will tell you exactly what Powershell code executes what you just did. You can cancel out of the Window so your changes aren't applied, and then use the code to automate changes you might need to make to a whole bunch of objects.

I checked Active Directory Users and Computers (on my test Windows 2008 R2 domain) and there's no equivalent functionality. Nor is there a 'script to Powershell' ability for SQL Server 2008 R2 that I can find. I haven't checked the 2012 versions of these products. This would be an amazing feature to have for all Microsoft's products.

Pilfered from this blog entry at

Wednesday, June 6, 2012

How to create easy to remember and STRONG passwords

How to create easy to remember and STRONG passwords

A LOT of people I run across have weak passwords. Here's how I create strong and easy to remember passwords. First, pick a word of some medium length. For the sake of this example, I'll choose 'horseshoe'. This would of course be cracked in a matter of seconds (an offline attack would take 56 seconds according to this password strength calculator) by a dictionary attack. BUT how about we pull an Emeril and spice the word up a bit?

First, I'll capitalize the first and last letter of the word.
Secondly, I'll substitute a zero for all instances of the letter 'o'
Finally, I'll add an exclamation mark to the end

So now, the password is H0rsesh0E! Super easy to remember, and this password would take 19 years to crack offline. Still, if someone had a massive array of computers trying to break this password, it would only take a week. So this is fine for Pinterest or whatever, but maybe not for your domain admin password or your facebook/email password. Also, you should use multiple passwords for different purposes. So let's create another password. After applying the process outlined above, I have created 'D1s1ntegratE?' (disintegrate with 1's instead of i's).

What I've done in my personal life is have multiple tiers of security. Sites or service passwords where little personal information is kept (newsletters, for intstance) get a "weak" password like 'H0rsesh0e!'. Email gets a double treatment. I combine two of these passwords together, like this: 'H0rsesh0E!D1s1ntegratE?'. That password right there would take the massive cracking array 9 billion trillion centuries to crack.

Oh but wait, there's more! They say you should use different passwords for every site! Easy. Add the first letter of the site to the end of your password. For SC Magazine, I would use 'sH0rsesh0E!' (notice the s for SC Magazine).

So let's recap my process:
1. Pick a word.
2. Apply Capitalization, leetspeak, and add symbols (leetspeak is the process of substituting numbers/symbols for letters - Here's the Wikipedia entry and here's a handy generator.

3. Make security tiers for different security requirements and combine multiple passwords to increase strength
4. Put an abbreviation for the site/purpose in front of (or behind) your password

It sounds complicated, but really you only need to remember the process, come up with a few words and then don't deviate (going off "your path" will make your passwords harder to remember). If you choose to replace i's with 1's then do it all the time so you remember to do so for all passwords.

An added bonus is that when people see you typing in really long passwords in increases your credibility in anything computer related (especially security). Just made this one up in my head:

Have a nice day! Oompa Loopma? Christmas*

One more thing regarding passwords, but not directly related to this process. Keep your passwords documented in something like KeePass. Not only in case you forget, but in case you die and someone needs to get into your accounts. Or you just are sick of telling your spouse how to get into online banking.

Monday, June 4, 2012

You can broadcast a slide show with PowerPoint?

You can broadcast a slide show with PowerPoint?

So my helpdesk guy told me about this one today. It's pretty cool. First off, you will need a Windows Live ID for this to work. Make a Powerpoint 2010 slideshow, then click on the Slide Show tab and then on the "Broadcast Slide Show" button. Click the "Start Broadcast" button. Now, log in with you Windows Live ID.

Powerpoint will give you a link to share with as many people you want. When they open the link, the browser window will show the presentation interface with the text "Waiting for broadcast to begin".

Back on the source machine, click the "Start Slide Show" button. The interface will start your show in fullscreen mode, but you can get back to windowed mode by pressing your escape key. Computers receiving the broadcast will see everything live as you move between the slides. Clicking "End Broadcast" shuts the whole thing down.

There's only one thing I think is missing, and that's some ability for the presenter to see who is connected and ready for the broadcast to begin. There's no integrated way to ensure that your targets are ready to begin.

Friday, June 1, 2012

"A Week Off?" OR "Deploying Printers!"

"A Week Off?" OR "Deploying Printers!"

Well, it's been a week since I posted last. I had five days off, and so today I'm just going to say that taking breaks is important. I came back refreshed and ready to go. Sadly, the only thing I've been working on is deploying new printers.

The scenario is that we want to keep the names of the printer share, but the model will be different. We're moving to Xerox printers as our standard, with some Ricoh's on the low end. We've had good experiences with their drivers and reliability. We've finally beat it into purchasing that HP's are junk. Well, the drivers are, anyway, but that's what's most important amiright?

So what we do here is set Scriptlogic's Desktop Authority product to remove Printer X from everyone's computer. This takes 5 minutes to propagate, and then we delete the old share from the print server, install the new printer, create the new share, and reverse the Desktop Authority setting to add the printer back (which takes another 5 minutes). We tried just changing the driver and TCP/IP port on the current share to match the new printer, but Windows must store some values elsewhere because we had all kinds of confused client computers after trying this route. Deleting the share altogether and recreating proved to be the best way forward.