mellimik

Assuming this is a BHO (Browser Helper Object), the configuration should be stored at: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects If it's a Browser Extension rather than a Helper Object, it will be at: HKLM\Software\Microsoft\Internet Explorer\Extensions - both are per machine, rather than per user, although there may also be relevant data stored under the HKCU hive, which is specific to the user, not the computer (such as whether to display a toolbar, and what dimensions to make it). It is also possible to find extensions under HKCU\Software\Microsoft\Internet Explorer\Extensions, which would be per user, although this seems to be rare - and the fact that your add-in works fine for multiple users suggests that this is not the case here. It could be that the specific BHO/Extension you are using cannot be accessed by non-administrators. Perhaps some files are written somewhere that only admins have access to (such as the user profile of another administrator). For example, the Adobe Acrobat BHO installs a DLL at C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll. If non-admins didn't have permission to read this file/directory, they would be unable to load the add-on. It might be time to dig out procmon.exe, and monitor what iexplore.exe is doing when you try to use/view the add-on as both admin and non-admin. Much appreciated for the reply. We actually got this issue sorted out by realizing that the problem lied in Local Group Policy. Some one or something had tampered with the security privilege called Create Global Objects. This privilege was assigned to BUILTIN\Administrators and one other group, where some users were members in. The browser add-in relied on this privilege, which was the actual problem. Or to put it another way, we had no problem. It was just that no one even thought of this kind of possibility.

Hi there. Would any one of you be able to share insight onto Internet Explorer and add-ons? Specifically, whether they are per user or per system? We have a bunch of Windows Server 2003 servers running with Terminal Services enabled. One software that people run while logged in is browser based, which requires Internet Explorer add-on to function correctly. The website contains a function to test if the add-on has been correctly installed. For some reason the site keeps saying that the add-on is installed when the user is a member of BUILTIN\Administrator, and the opposite if not. The Internet Explorer version we're using is 6 due to number of applications requiring it.

Thanks for the reply. I understand this a lot better now. I'll definitely take a look of this article.

We have a test user at the office who has been given a Windows 7 installation. He recently came to me to ask how can he add our network printers to his computer. The network printers are shared by our file server that is a Windows Server 2003 R2 installation. I told him to browse his way to the file server and choose Connect from the right click menu, but Windows is requesting elevation for some reason. He's running as a Power User, and even normal user should be able to do this, right?

I'll reply to myself since I now know what caused our problem with the RPC over HTTPS function. Basically my colleague had created a split DNS configuration of our AD integrated zone. Since the clients connected in the local office LAN use RPC and internal AD DNS zone to talk with the Exchange they have no problem, now for clients connected externally through the internet this caused issues, because the same DNS zone resolvable in the office LAN was suddenly resolvable from the internet as well.. just that it was a different server replying to clients which had no idea about the host name of the exchange server clients tried to resolve.

We've lately started seeing something out of normal behavior from our Outlook 2003 installations. Or then it might be that we've never really understood the application to begin with We use the combination of Outlook 2003, ISA 2006 and Exchange 2007. Clients connect using HTTPS outside of office network and then RPC while in the office. ISA is expecting HTTP basic authentication from the client protected using SSL. Outlook is configured to use HTTPS for slow and RPC for fast connections. For some magic reason we've never even had to bother our minds with this, things have just *worked*. Lately, though, Outlook clients connected outside of office have started to stall before prompting the user for credentials to proceed with login. And by looking at the Connection Status (outlook.exe /rpcdiag) we can see that for each connection made, it takes significantly long for Outlook to switch from RPC to HTTPS. So, I understand that this has to do with Outlook judging a connection either a slow or fast, which based on my Google skills seems to be 128Kb / s. What I don't understand is if this before mentioned value is the Adapter negotiated link speed or actually some calculated value between the Exchange/ISA server and the Outlook client? We have not changed anything since the original setup of our infra, so the Outlook acting differently is a bit mind boggling.. By looking at the Connection Status (see the attached image) it has always said Reg/fail being x/1 meaning it has always tried first using RPC then failed over to HTTPS. Now it just seems to take bloody long from it to do the fail over Has anyone else struggled with this issue?

Hello, I've been thinking about this by myself for some time now and I seem to be unable to come up with the answer. How can I utilize the Wireless Zero Configuration and RADIUS based Wlan network? Basically what I have now is Microsoft IAS server configured to ask EAP (with Smart card or other certificate) + MS-CHAP v2. I have my own enterprise CA or actually two of them, one being Root and the other Subordinate. Wireless clients (Windows XP SP2) have the Root CA certificate pushed by GPO and users logged in to these wireless clients have their own User certificate automatically enrolled. This setup works, but it requires that there is a valid user logged in to the computer for Windows to connect to my wireless network. This poses some issues since I would like all my client PC's to be always connected, which, for my understanding at least, means authenticating with computer account and computer certificate instead of user account and user certificate. Is this correct? I know that if you use Windows to configure wireless networks, there is this Wireless Zero Configuration system service that connects to known networks without the user logging in first. That is my goal, so I can manage computers without user logged in to them. How have others done this? I don't really know what keywords to start to use with Google, as "Microsoft IAS computer certificate" really only links to articles covering IAS setup, and that is something I've already done.

Ah, okey, sorry guys.. You have to use sort-object BEFORE you format the list with ft

The command: Get-MailboxStatistics -Database MBD1 | where {$_.displayname -notmatch 'system'} | ft displayname,totalitemsize,itemcount | Sort-Object displayname Produces the following output: There's obviously a very simple reason for this, like my syntax being wrong, but then how should I tell Management Shell to format the output from Get-MailboxStatistics based on DisplayName?

I have set up my WDS service to ask for the Administrator to approve the installation in case the GUID is uknown to directory services. When I open the Windows Deployment Services snap-in and go to the Pending Devices section to approve new installation, I get Access is Denied everytime I either choose to Approve or Name and Approve the client. Event Viewer logs ID 524 everytime I get that Access is Denied on the WDS server. Microsoft has a rather well detailed article about this: Event ID 524 — Active Directory Integration My problem is that even after following the instructions outlined in this document, I'm getting that Access is Denied dialog when approving (or Name and Approve) I have created security group to our AD with the computer account WDS is running on and delegated Full permissions for this group against the OU where computer accounts are to be created. I've also tried rebooting the WDS server, waiting couple of hours just in case if the DC's would've not yet replicated.. but at this point I'm clueless. RIS used to work in the way that CIW used the credentials of the logged in user to create the computer object, but in case of WDS (according to Microsoft) the comptuter account running the WDS service needs to have permissions on the destined OU. Btw. when I use the WDS snap-in, I'm logged in with my Domain Admin account.

See if you can use the prestage option using the Active Directory Users and Computers snap-in running on the Domain Contoller? I just installed the Adminpak.msi onto my old RIS server, using the AD Users and Computers snap-in I can verify that Remote Install tab is present when browing properties of the RIS computer object, and when creating new computer object I can also prestage it. I have no clue why, though? Why would that snap-in behave differently when run on the RIS server and when run on DC for e.g.?

cheers anyweb Yes, I did follow that. WDS is functioning just fine, just as the old RIS server, too. Problem is that I cannot prestage machines using Active Directory Users and Computers snap-in nor can I view that Remote Install tab anymore on our RIS machine's AD object. I just installed virtual environment to test this and I cannot prestage computer accounts there either. The virtual env consists of AD running in Windows 2003 Server mode, all the member servers running 2003 R2 SP2 and WDS configured using the legacy wizard. What in earth is the problem here? Where's my RIS related tabs and prestaging functionality?

Actually there's nothing RIS related visible when using the Active Directory Users and Computers snap-in. When I used to right click the RIS server computer object there was that "Remote install" tab where you could view properties of the RIS server, even that tab is gone now. I have tried this on both of our Domain Controllers.

I just installed one Windows 2008 Standard server and added the WDS role on it. We are running our AD in Windows Server 2003 mode and had already earlier installed a RIS server on an 2003 R2 server. The wdsserver service is turned off on our old RIS machine and only the new 2008 server with the WDS role is on. I'm trying to manually approve a machine requesting to get service but am instantly greeted with just the "access is denied" prompt. This is the Windows Deployment Services snap-in opened using the "Run as an Administrator" from the context menu, that is. After googling a lot about this problem I have learned that the computer object of the new 2008 server needs to have the "Create computer object" rights in the Domain Controller OU etc. 1: Deploying Vista via WDS 2: WDS When pending devices try to Approve --> Access Denied Following the instructions explained on those before mentioned links don't provide a solution for us. After too many hours of hitting my head against the wall I figured out that I could still prestage the machine with GUID. Things is that Active Directory Users and Computers snap-in does not have the option to do so anymore? When I click "New -> Computer" on top of one of our OU's I can only type the name of the machine and there is no option to click next and choose "This is an managed computer" like I've seen at least before. Anyone has any clues what's going on, did I irreversibly change something on our AD when I installed WDS?

Okay, thank you guys very much. I Had no clue about this, and was starting to wonder if my install media was pirated/modified or something odd.