Another Ad
Wednesday, October 12, 2011
Force Internet Explorer compatibility view to be used for your web site
With Internet Explorer 8 and 9 you may have noticed some websites not working like they used to. It's been quite a while since the release of IE 8 so most of the major sites have probably caught up to this problem, but the easy fix is to setup the site to force IE8 and IE9 to use the compatibility view function with your site. You can do this through the use of a custom header, which is easy to setup in IIS. You can do it on other types of web servers too. The custom HTTP header to add is X-UA-Compatible: IE=EmulateIE7. This is supposed to only be acknowledged by IE, thus leaving any other browser functioning as it normally would. For instructions on how to do this in IIS 6 or IIS 7 or in a Web.config file, check out the Microsoft article here. For an Apache web server you can modify the httpd.conf file or include it in specific directories or pages. Microsoft outlines this process as well in a separate article that you can find here.
Monday, October 10, 2011
Can't uninstall McAfee Agent error 1714 or 1610
The environment I manage uses McAfee EPO for its antivirus needs, and I ran across multiple events in the application log with ID 11714 and 1002 on one of the machines. The event description was "Product: McAfee Agent -- Error 1714. The older version of McAfee Agent cannot be removed. Contact your technical support group. System Error 1610." I tried to manually uninstall the Agent and it kept asking for the MFEAgent.msi installer file, but that file was already in the location it was looking in. This meant the something was corrupt, so a little digging through the McAfee support forums led me to a quick fix using a registry hack.
1. Open up the Registry Editor (regedit.exe)
2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products
3. Go to Edit->Find
4. Search for MFEAgent.msi
5. Delete the PackageName entry that is found with MFEAgent.msi as its value. It should be under something like HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2C12BAA2ADC498140ACEE56D6611F348\SourceList. The 2C12BAA2ADC498140ACEE56D6611F348 may vary between machines though, which is why you should search for it
6. Restart your computer
7. Reinstall the McAfee Agent
An alternative to searching in steps 3 and 4 would be to look in the Application event log at your event ID 1002. This will give you the exact registry path to the PackageName key you need to delete.
3. Go to Edit->Find
4. Search for MFEAgent.msi
5. Delete the PackageName entry that is found with MFEAgent.msi as its value. It should be under something like HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2C12BAA2ADC498140ACEE56D6611F348\SourceList. The 2C12BAA2ADC498140ACEE56D6611F348 may vary between machines though, which is why you should search for it
6. Restart your computer
7. Reinstall the McAfee Agent
An alternative to searching in steps 3 and 4 would be to look in the Application event log at your event ID 1002. This will give you the exact registry path to the PackageName key you need to delete.
The McAfee forum post can be found here. Look on the second page for an entry by user SeaCat, who posted a long list of steps to fix the problem. Luckily, the first step of editing the registry was all that I needed to do, and from some of the other entries it looks like that also worked for some others.
Friday, September 9, 2011
Disable or enable an Active Directory account on a schedule
I know Active Directory has log on hours and account expiration, but what if you need to disable a user account at a specific time? I found this can be useful when an employee quits or is terminated because as long as I know in advance, I can schedule their account to be disabled and don't have to remember to do it manually. The trick is to use AD command line tools that are available on Windows Server through a batch file so it can be scheduled to run at a certain time. Here's how it can be done:
To see the Microsoft KB article outlining doing this with dsmod, click here
- Create a new text file and rename it to something.bat. This is the start of your batch script file that you'll schedule later on.
- Right-click your .bat file and select Edit. This should open the file in notepad so you can enter your command
- Enter dsmod user USER_DN -disabled (yes|no) into your batch file. To expand on what this means:
- dsmod user is required. This uses the directory services modify program built into your server,a and also says it will be a user change.
- USER_DN represents the DN of the user you want to disable within your Active Directory structure. Say your Active Directory domain is domain.com, your user is named Test User, and the user exists in the OU named DomUsers. Your USER_DN value would be CN=Test User,OU=DomUsers,DC=domain,DC=com
- -disabled is required because it defines which property for the user that you are changing
- (yes|no) means to select yes or no, whichever one you want to set disabled equal to
- Save your batch file
- Use Windows Scheduled Tasks to schedule the file. You can browse out and select it, then pick the schedule you want it to run.
Here are two basic examples of the command using the information above
To disable Test User the command is
dsmod user "CN=Test User,OU=DomUsers,DC=domain,DC=com" -disabled yes
And to enable Test User
dsmod user "CN=Test User,OU=DomUsers,DC=domain,DC=com" -disabled no
Notice that I put the USER_DN in quotes. This is because there are spaces. You're best off using quotes around the USER_DN regardless since it will work with the quotes regardless or spaces.
Also, if your user is buried in multiple OUs, just add them to the DN. If Test User had been in three tiers of OUs, such as a top-level named USA, a mid-level named MN, and a bottom-level named DomUsers, the USER_DN value would be CN=Test User,OU=DomUsers,OU=MN,OU=USA,DC=domain,DC=com
To see the Microsoft KB article outlining doing this with dsmod, click here
Friday, August 12, 2011
OS X Lion not creating a local home folder for network users
Update: 8/19/11
Apple released 10.7.1 yesterday, so I'm curious to see if it resolves these issues with network accounts. I'll have a chance to test it next week and will update this with what I find. If you're ready this and already tried it please leave a comment as to whether or not it works for you
Original Post
I use local home folders for the Mac users I manage, but the Macs are bound to Active Directory for the user accounts. In OS X 10.7 Lion this seems to be far from complete. First I couldn't get logged in with a network account, which required a workaround. Then after getting in, another error said the "The home folder for user xxxxxx isn't located in the usual place or cannot be accessed". This has worked fine in 10.4-10.6 but is now broken in 10.7. The problem appears to be related to OS X Lion having bugs with creating mobile accounts. By unchecking "Create mobile account", the home folder issue disappears. Supposedly I see a lot of talk of a 10.7.2 update fixing this problem, but since that update is in beta and not available to the general public that doesn't do much good. If you don't know where to go to uncheck the mobile account box, here's a walkthrough:
1. Open System Preferences
2. Go to User & Groups
3. Click Login Options in the lower left. You may have to authenticate first by clicking the lock icon in the lower left.
4. Under Network Account Server, click Edit
5. Select your domain, then click Open Directory Utility
6. Select Active Directory, then click the pencil to edit
7. Click to Show Advanced Options
8. Under User Experience you will see "Create mobile account at login". Uncheck this box
9. Click OK
10. Close your windows
11. Reboot and log in like normal
Apple released 10.7.1 yesterday, so I'm curious to see if it resolves these issues with network accounts. I'll have a chance to test it next week and will update this with what I find. If you're ready this and already tried it please leave a comment as to whether or not it works for you
Original Post
I use local home folders for the Mac users I manage, but the Macs are bound to Active Directory for the user accounts. In OS X 10.7 Lion this seems to be far from complete. First I couldn't get logged in with a network account, which required a workaround. Then after getting in, another error said the "The home folder for user xxxxxx isn't located in the usual place or cannot be accessed". This has worked fine in 10.4-10.6 but is now broken in 10.7. The problem appears to be related to OS X Lion having bugs with creating mobile accounts. By unchecking "Create mobile account", the home folder issue disappears. Supposedly I see a lot of talk of a 10.7.2 update fixing this problem, but since that update is in beta and not available to the general public that doesn't do much good. If you don't know where to go to uncheck the mobile account box, here's a walkthrough:
1. Open System Preferences
2. Go to User & Groups
3. Click Login Options in the lower left. You may have to authenticate first by clicking the lock icon in the lower left.
4. Under Network Account Server, click Edit
5. Select your domain, then click Open Directory Utility
6. Select Active Directory, then click the pencil to edit
7. Click to Show Advanced Options
8. Under User Experience you will see "Create mobile account at login". Uncheck this box
9. Click OK
10. Close your windows
11. Reboot and log in like normal
"Network accounts are unavailable" when logging into OS X Lion
Update: 8/19/11
Apple released 10.7.1 yesterday, so I'm curious to see if it resolves these issues with network accounts. I'll have a chance to test it next week and will update this with what I find. If you're ready this and already tried it please leave a comment as to whether or not it works for you
Original Post
If you use Active Directory user accounts with your Macs, you may run into this issue after upgrading or introducing OS X Lion. Hopefully Apple comes out with an update to fix it soon, but in the meantime there is a workaround. You can add a custom search path to the Authentication tab and that seems to work. Here's a walkthrough:
1. Open System Preferences
2. Go to User & Groups
3. Click Login Options in the lower left. You may have to authenticate first by clicking the lock icon in the lower left.
4. Under Network Account Server, click Edit
5. Select your domain, then click Open Directory Utility
6. At the top, select Search Policy
7. Under the Authentication tab you should see two paths: /Local/Default, and /Active Directory/YourDomain/All Domains, where YourDomain is a placeholder for the name of your domain name. Click the + to add another
8. You should see /Active Directory/YourDomain listed as an additional option. Select it and click Add
9. Move /Active Directory/YourDomain above /Active Directory/YourDomain/All Domains so it has a higher priority
10. Click Apply
11. Reboot and log in
Thanks to juiced2010 at macrumors.com for posting that the solution.
Thursday, August 11, 2011
Mac OS X 10.7 Lion scrolling is inverted
After having my first hands-on experience with Mac OS X 10.7 Lion, one thing I noticed right away is that Apple thought it was a good idea to try to change the way people use scroll buttons on mice. They've set the default to be inverted, so if you scroll down the screen moves up, and scrolling up the screen moves down. I I'd guess this is because of their new swipe gestures to control your computer, but for someone like me who likes a two-button mouse it makes scrolling seem backwards. It's a simple fix though if your preferences are the same as mine:
1. Open System Preferences
2. Go to Mouse
3. Uncheck the box at the top that says "Move content in the direction of finger movement when scrolling or navigating"
4. Close System Preferences
1. Open System Preferences
2. Go to Mouse
3. Uncheck the box at the top that says "Move content in the direction of finger movement when scrolling or navigating"
4. Close System Preferences
Thursday, July 14, 2011
"Security log on this system is full" error when logging in
If you're logging in to a Windows XP or Windows Server 2003 machine and you notice this message, it's a really simple fix assuming you have access to an admin account on the machine. If not, you won't be able to login until it gets resolved, so contact an admin. Here's how to fix it:
1. Login using an account with admin privileges on the machine in question
2. Right-click My Computer, then go to Manage
3. Go to Computer Management->System Tools->Event Viewer
4. Right-click on Security and select Properties
5. In the Log Size section, do one of the following:
1. Login using an account with admin privileges on the machine in question
2. Right-click My Computer, then go to Manage
3. Go to Computer Management->System Tools->Event Viewer
4. Right-click on Security and select Properties
5. In the Log Size section, do one of the following:
- Increase the maximum log size. This will avoid the error message until your log reaches the new maximum, but you won't lose record of any security log events
- Select Overwrite events as needed. This will maintain the log up to the maximum size, and then delete the oldest events when it needs more space
- Click the Clear Log button in the lower right. This will wipe out all records in your security log
6. Click OK
That takes care of the problem. You'll want to make sure to choose the best option for what you'd like to accomplish, and can use a combination such as increasing the log size and overwriting events as needed.
Wednesday, June 22, 2011
OS X Disk Utility restore failed "Must be imagescanned..." error
While trying to image some Macbook Pros I ran into a problem restoring the prepared image onto the Macbooks. Disk Utility said the image file needed to be imagescanned in order to continue. I didn't know what this meant, but luckily this turned out to be something very simple. If you get this error select your image file you plan to restore, then go to Images->Scan Image for Restore.. in the top menu bar. That will run a quick check on your image file and allow you to restore it once the scan is finished.
If you're imaging OS X you may also want to check out the article that I found my answer in. It has a few other suggestions for the imaging process. Even though it's an older article I've been able to use the instructions posted there in order to successfully create and restore OS X 10.6 images. The only thing is that some of the files it says to remove do not seem to exist in 10.6. You can check out that article here
If you're imaging OS X you may also want to check out the article that I found my answer in. It has a few other suggestions for the imaging process. Even though it's an older article I've been able to use the instructions posted there in order to successfully create and restore OS X 10.6 images. The only thing is that some of the files it says to remove do not seem to exist in 10.6. You can check out that article here
Wednesday, May 11, 2011
Turn Fn or function key lock on or off on newer HP laptops
I purchased a stack of Compaq Presario CQ56-115DX laptops the other day because they were super cheap and fit their purpose almost perfectly. However, it would require using the F1-F12 keys a lot. I found that out of the box, you had to hold down Fn in order to do that. By default the special actions on each key was used instead. I did some searching trying to find a way to lock the function keys and luckily I was able to find one. HP calls them Action Keys, and it's a BIOS setting. Disabling Action Keys allows you to use F1-F12 by default, and enabling it lets you adjust the brightness, change the volume, etc without needing to hold Fn. You can find the official HP document here. Otherwise here's how to do it:
1. Turn on the computer
2. Press F10 as soon as you see the HP or Compaq splash screen. This should take you into the BIOS
3. Once the BIOS settings load, go to System Configuration using the arrow keys
4. Press the down key to get to Action Keys
5. Press F5 or F6 to toggle between Enabled/Disabled. Enabled will change the brightness or change volume, disabled will allow using F1-F12
6. Press F10 to save the settings and exit
1. Turn on the computer
2. Press F10 as soon as you see the HP or Compaq splash screen. This should take you into the BIOS
3. Once the BIOS settings load, go to System Configuration using the arrow keys
4. Press the down key to get to Action Keys
5. Press F5 or F6 to toggle between Enabled/Disabled. Enabled will change the brightness or change volume, disabled will allow using F1-F12
6. Press F10 to save the settings and exit
Thursday, April 7, 2011
"File does not have program associated with it" when trying to run any application in Windows
Update 11/21/2011:
After receiving a comment regarding this not working in the Run As Administrator mode, I did a quick search and found a Microsoft FixIt post that has a fix it for me option. You can find that link here: http://support.microsoft.com/kb/950505. If you can get the automatic fixer tool to run then that should clear up your problem, otherwise this article also lists the manual steps you can use to clear it up.
Original Post:
I had a user bring in a personal machine today (running Vista) and ask why she couldn't open anything on her computer. Immediately I told her she was likely infected with something, and it turns out she was. I used Spybot and MalwareBytes Anti-Malware to clear the infection. If you're not familiar with adware removal, check out one of my early posts. Afterward she was left with an error when trying to open anything. It said "This file does not have a program associated with it for performing this action. Please install a program or, if one is already installed, create an association in the Default Programs control panel." For those of you who are more visual, it looked like the image below.
If you have this error don't bother with the Default Programs control. Instead, I found a Microsoft KB article that outlines the steps that worked for me, which you can find here. I used a slightly modified version, which is what I'll explain here. My version is specific to Vista and should work on Windows 7, but likely won't work for XP. If you have XP or run into problems with my method, feel free to check out the KB article for the official walkthrough. Or there's another KB article listed here.
1. Open My Computer and go to C->Windows
2. Find regedit.exe, right-click and choose Run As Administrator. This will open the registry editor
Be careful to only change what is listed below from this point forward. Any other changes to the registry could potentially screw up the computer and require an OS restore.
3. In the left-hand pane, navigate to HKEY_CLASSES_ROOT->exefile->shell->open->command. In my case the command key wasn't there so I had to create it. If you are missing command, right-click open, select New Key, then type command there. This will create the command sub-key for you to click on.
4. In the right-hand pane, double click on (Default) that is listed inside command
5. Change the Value data field to "%1" %* exactly like that. To be clear that is quote then percent then 1 then quote then space then percent then asterisk
6. Click OK
7. Close Registry Editor
Now you should be able to open your applications again.
After receiving a comment regarding this not working in the Run As Administrator mode, I did a quick search and found a Microsoft FixIt post that has a fix it for me option. You can find that link here: http://support.microsoft.com/kb/950505. If you can get the automatic fixer tool to run then that should clear up your problem, otherwise this article also lists the manual steps you can use to clear it up.
Original Post:
I had a user bring in a personal machine today (running Vista) and ask why she couldn't open anything on her computer. Immediately I told her she was likely infected with something, and it turns out she was. I used Spybot and MalwareBytes Anti-Malware to clear the infection. If you're not familiar with adware removal, check out one of my early posts. Afterward she was left with an error when trying to open anything. It said "This file does not have a program associated with it for performing this action. Please install a program or, if one is already installed, create an association in the Default Programs control panel." For those of you who are more visual, it looked like the image below.
If you have this error don't bother with the Default Programs control. Instead, I found a Microsoft KB article that outlines the steps that worked for me, which you can find here. I used a slightly modified version, which is what I'll explain here. My version is specific to Vista and should work on Windows 7, but likely won't work for XP. If you have XP or run into problems with my method, feel free to check out the KB article for the official walkthrough. Or there's another KB article listed here.
1. Open My Computer and go to C->Windows
2. Find regedit.exe, right-click and choose Run As Administrator. This will open the registry editor
Be careful to only change what is listed below from this point forward. Any other changes to the registry could potentially screw up the computer and require an OS restore.
3. In the left-hand pane, navigate to HKEY_CLASSES_ROOT->exefile->shell->open->command. In my case the command key wasn't there so I had to create it. If you are missing command, right-click open, select New Key, then type command there. This will create the command sub-key for you to click on.
4. In the right-hand pane, double click on (Default) that is listed inside command
5. Change the Value data field to "%1" %* exactly like that. To be clear that is quote then percent then 1 then quote then space then percent then asterisk
6. Click OK
7. Close Registry Editor
Now you should be able to open your applications again.
Subscribe to:
Posts (Atom)