mellimik

Assuming this is a BHO (Browser Helper Object), the configuration should be stored at: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects If it's a Browser Extension rather than a Helper Object, it will be at: HKLM\Software\Microsoft\Internet Explorer\Extensions - both are per machine, rather than per user, although there may also be relevant data stored under the HKCU hive, which is specific to the user, not the computer (such as whether to display a toolbar, and what dimensions to make it). It is also possible to find extensions under HKCU\Software\Microsoft\Internet Explorer\Extensions, which would be per user, although this seems to be rare - and the fact that your add-in works fine for multiple users suggests that this is not the case here. It could be that the specific BHO/Extension you are using cannot be accessed by non-administrators. Perhaps some files are written somewhere that only admins have access to (such as the user profile of another administrator). For example, the Adobe Acrobat BHO installs a DLL at C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll. If non-admins didn't have permission to read this file/directory, they would be unable to load the add-on. It might be time to dig out procmon.exe, and monitor what iexplore.exe is doing when you try to use/view the add-on as both admin and non-admin. Much appreciated for the reply. We actually got this issue sorted out by realizing that the problem lied in Local Group Policy. Some one or something had tampered with the security privilege called Create Global Objects. This privilege was assigned to BUILTIN\Administrators and one other group, where some users were members in. The browser add-in relied on this privilege, which was the actual problem. Or to put it another way, we had no problem. It was just that no one even thought of this kind of possibility.

Hi there. Would any one of you be able to share insight onto Internet Explorer and add-ons? Specifically, whether they are per user or per system? We have a bunch of Windows Server 2003 servers running with Terminal Services enabled. One software that people run while logged in is browser based, which requires Internet Explorer add-on to function correctly. The website contains a function to test if the add-on has been correctly installed. For some reason the site keeps saying that the add-on is installed when the user is a member of BUILTIN\Administrator, and the opposite if not. The Internet Explorer version we're using is 6 due to number of applications requiring it.

Thanks for the reply. I understand this a lot better now. I'll definitely take a look of this article.

We have a test user at the office who has been given a Windows 7 installation. He recently came to me to ask how can he add our network printers to his computer. The network printers are shared by our file server that is a Windows Server 2003 R2 installation. I told him to browse his way to the file server and choose Connect from the right click menu, but Windows is requesting elevation for some reason. He's running as a Power User, and even normal user should be able to do this, right?

I'll reply to myself since I now know what caused our problem with the RPC over HTTPS function. Basically my colleague had created a split DNS configuration of our AD integrated zone. Since the clients connected in the local office LAN use RPC and internal AD DNS zone to talk with the Exchange they have no problem, now for clients connected externally through the internet this caused issues, because the same DNS zone resolvable in the office LAN was suddenly resolvable from the internet as well.. just that it was a different server replying to clients which had no idea about the host name of the exchange server clients tried to resolve.

We've lately started seeing something out of normal behavior from our Outlook 2003 installations. Or then it might be that we've never really understood the application to begin with We use the combination of Outlook 2003, ISA 2006 and Exchange 2007. Clients connect using HTTPS outside of office network and then RPC while in the office. ISA is expecting HTTP basic authentication from the client protected using SSL. Outlook is configured to use HTTPS for slow and RPC for fast connections. For some magic reason we've never even had to bother our minds with this, things have just *worked*. Lately, though, Outlook clients connected outside of office have started to stall before prompting the user for credentials to proceed with login. And by looking at the Connection Status (outlook.exe /rpcdiag) we can see that for each connection made, it takes significantly long for Outlook to switch from RPC to HTTPS. So, I understand that this has to do with Outlook judging a connection either a slow or fast, which based on my Google skills seems to be 128Kb / s. What I don't understand is if this before mentioned value is the Adapter negotiated link speed or actually some calculated value between the Exchange/ISA server and the Outlook client? We have not changed anything since the original setup of our infra, so the Outlook acting differently is a bit mind boggling.. By looking at the Connection Status (see the attached image) it has always said Reg/fail being x/1 meaning it has always tried first using RPC then failed over to HTTPS. Now it just seems to take bloody long from it to do the fail over Has anyone else struggled with this issue?

Hello, I've been thinking about this by myself for some time now and I seem to be unable to come up with the answer. How can I utilize the Wireless Zero Configuration and RADIUS based Wlan network? Basically what I have now is Microsoft IAS server configured to ask EAP (with Smart card or other certificate) + MS-CHAP v2. I have my own enterprise CA or actually two of them, one being Root and the other Subordinate. Wireless clients (Windows XP SP2) have the Root CA certificate pushed by GPO and users logged in to these wireless clients have their own User certificate automatically enrolled. This setup works, but it requires that there is a valid user logged in to the computer for Windows to connect to my wireless network. This poses some issues since I would like all my client PC's to be always connected, which, for my understanding at least, means authenticating with computer account and computer certificate instead of user account and user certificate. Is this correct? I know that if you use Windows to configure wireless networks, there is this Wireless Zero Configuration system service that connects to known networks without the user logging in first. That is my goal, so I can manage computers without user logged in to them. How have others done this? I don't really know what keywords to start to use with Google, as "Microsoft IAS computer certificate" really only links to articles covering IAS setup, and that is something I've already done.

Ah, okey, sorry guys.. You have to use sort-object BEFORE you format the list with ft

The command: Get-MailboxStatistics -Database MBD1 | where {$_.displayname -notmatch 'system'} | ft displayname,totalitemsize,itemcount | Sort-Object displayname Produces the following output: There's obviously a very simple reason for this, like my syntax being wrong, but then how should I tell Management Shell to format the output from Get-MailboxStatistics based on DisplayName?

I have set up my WDS service to ask for the Administrator to approve the installation in case the GUID is uknown to directory services. When I open the Windows Deployment Services snap-in and go to the Pending Devices section to approve new installation, I get Access is Denied everytime I either choose to Approve or Name and Approve the client. Event Viewer logs ID 524 everytime I get that Access is Denied on the WDS server. Microsoft has a rather well detailed article about this: Event ID 524 — Active Directory Integration My problem is that even after following the instructions outlined in this document, I'm getting that Access is Denied dialog when approving (or Name and Approve) I have created security group to our AD with the computer account WDS is running on and delegated Full permissions for this group against the OU where computer accounts are to be created. I've also tried rebooting the WDS server, waiting couple of hours just in case if the DC's would've not yet replicated.. but at this point I'm clueless. RIS used to work in the way that CIW used the credentials of the logged in user to create the computer object, but in case of WDS (according to Microsoft) the comptuter account running the WDS service needs to have permissions on the destined OU. Btw. when I use the WDS snap-in, I'm logged in with my Domain Admin account.

See if you can use the prestage option using the Active Directory Users and Computers snap-in running on the Domain Contoller? I just installed the Adminpak.msi onto my old RIS server, using the AD Users and Computers snap-in I can verify that Remote Install tab is present when browing properties of the RIS computer object, and when creating new computer object I can also prestage it. I have no clue why, though? Why would that snap-in behave differently when run on the RIS server and when run on DC for e.g.?

cheers anyweb Yes, I did follow that. WDS is functioning just fine, just as the old RIS server, too. Problem is that I cannot prestage machines using Active Directory Users and Computers snap-in nor can I view that Remote Install tab anymore on our RIS machine's AD object. I just installed virtual environment to test this and I cannot prestage computer accounts there either. The virtual env consists of AD running in Windows 2003 Server mode, all the member servers running 2003 R2 SP2 and WDS configured using the legacy wizard. What in earth is the problem here? Where's my RIS related tabs and prestaging functionality?

Actually there's nothing RIS related visible when using the Active Directory Users and Computers snap-in. When I used to right click the RIS server computer object there was that "Remote install" tab where you could view properties of the RIS server, even that tab is gone now. I have tried this on both of our Domain Controllers.

I just installed one Windows 2008 Standard server and added the WDS role on it. We are running our AD in Windows Server 2003 mode and had already earlier installed a RIS server on an 2003 R2 server. The wdsserver service is turned off on our old RIS machine and only the new 2008 server with the WDS role is on. I'm trying to manually approve a machine requesting to get service but am instantly greeted with just the "access is denied" prompt. This is the Windows Deployment Services snap-in opened using the "Run as an Administrator" from the context menu, that is. After googling a lot about this problem I have learned that the computer object of the new 2008 server needs to have the "Create computer object" rights in the Domain Controller OU etc. 1: Deploying Vista via WDS 2: WDS When pending devices try to Approve --> Access Denied Following the instructions explained on those before mentioned links don't provide a solution for us. After too many hours of hitting my head against the wall I figured out that I could still prestage the machine with GUID. Things is that Active Directory Users and Computers snap-in does not have the option to do so anymore? When I click "New -> Computer" on top of one of our OU's I can only type the name of the machine and there is no option to click next and choose "This is an managed computer" like I've seen at least before. Anyone has any clues what's going on, did I irreversibly change something on our AD when I installed WDS?

Okay, thank you guys very much. I Had no clue about this, and was starting to wonder if my install media was pirated/modified or something odd.

Uum, have you guys ran into this that your 2008 Server thinks it's equipped with Service Pack 1? My server says it's version 6.0 (Build 6001: Service Pack 1).. Am i entirely wrong here, but isn't it so that there is no SP1 for 2008 Server?

Actually, you make a whole lot of sense when I think about it. I was reading this yesterday: http://www.msexchange.org/tutorials/outlookrpchttp.html I think you can go around that by using that OWA login "trick".

Hey, thanks for reply! Uum, no. I have different web listener for OWA and RPC over HTTP, so they have their own certificate as well. The certificate has been granted with the FQDN of the web listener, so the local host name is not mentioned in it. Why do you ask, should they use the same certificate?

----- Post Nº 1 ----- Has anyone been able to setup Outlook to use RPC over HTTP in non-domain (workgroup) machine? I'm rolling Outlook Anywhere with Exchange 2007 to our remote offices and some of those employees are using a machine that has not been joined into our domain. My own tests implicate that it is not possible for some reason. ----- Post Nº 2 ----- I actually got an Outlook client using Workgroup networking to work with RPC over HTTPS, but the Outlook client refuses to authenticate before the user has logged in at least once using Outlook Web Access.. It's weird and sounds stupid, but it's the truth. Outlook is able to connect using HTTPS as soon as the user opens OWA at least once. I cannot explain that nor does it make any sense to me, but I have to include that in the documentation

Ok, have copied those into the folder and still no luck getting it to work, which i386 folder should they be placed into, the riprep image, or the risetup image, i have also read about needing to delete some PNF files? I'm talking about the RIS image (flat-file image). not RIPREP. There's actually very good howto somewhere here at the MSFN forum. You should check that out. Before that, see Microsoft KB: How to add a third-party OEM network adapter to a RIS installation

During the text mode setup phase Windows will pick up network interface drivers from the i386 folder. You have to extract the .sys and .inf files from the driver package and copy them to the mentioned folder. I might add that it is usually a good idea to spare one OEM installed machine intact, this way it is easier for you to go through the Device Manager and visually browse the hardware installed.

I was once working for slightly bigger company that very well could be described as an international by its acts and holdings and all those endless remote offices. Anyway, my job was to update the workstation installation method and bring it to the "global" level. It took about 3months to come up with rather competitive solution that pretty much owned any commercial product, at least price wise and they also had me to support it. What I did was just a bunch of batch scripts, RIS and DFS to distribute images throughout our offices. Simple and easy to maintain. I heard the guy left to maintain it is happy with it and has no reasons to complain or change anything, as he learned installing workstation can be done in an hour with everything included, where as using CD/DVD-ROM would take that hour just to install the OS. Even if it is not the speed that rules RIS flat-file image format against others, it is the simplicity of modifying anything inside it when you basically just work inside folder structure using Windows Explorer. The story is mainly told to illustrate the fact that RIS and flat-file image format used through PXE is in most cases superior to anything else out there. And, it is as free as they come.

I think my problem was that [massStorageDrivers] section got over-looked because [unattended] was missing OemPreinstall = Yes Without this it seems that OemPnPDriversPath=<something> gets overlooked as well. Nice to learn all the time!

Ok, what I have at my hands is something that is really driving me mad. I bought a Acer M5620 workstation to home that contained pre-installed Vista Home Premium OS. As I have the right to install 2003 Server Standard I chose to reinstall the machine with the latter one. Anyhow, I chose to quickly setup RIS to my home environment. As this is basically just a matter of creating new image for Aspire M5620 and downloading drivers I was suspecting rather easy-going night. And how wrong was I.. I used the newest Intel Storage Manager driver available from Intel to build the TEXTMODE (non-pnp) directory, then modified the .SIF file and booted with PXE. However, the CIW just keeps saying "cannot detect hard disk drives". I know the M5620 contains an Intel G33 chipset with ICH9R mass storage controller, and this has been defined in the .SIF file as well. I chose this from the TXTSETUP.OEM as the storage controller: Intel(R) ICH8R/ICH9R SATA RAID Controller (Desktop/Server/Workstation) I think it should be working both with ICH8R and ICH9R controllers, but it doesn't. Currently my machine only has one SATA drive attached to the port number 1, while BIOS is claiming the SATA mode to be RAID. For some reason I cannot change that SATA mode setting onto ACHI as the value is just grayed out. Anyway, I'm a bit clueless here so if any of you guys come up with something I would definitely appreciate I'm starting to suspect that I have to actually create RAID array for the CIW to pick up the disk or something.

Exactly what I was looking for. Thank you! I just don't get what is the difference between FOR %%a IN (%DISCARD%) and FOR %%a IN ('echo %DISCARD%')