Mr Snrub

Just the 1 folder (and sub-folders) have this symptom? If so, close all Explorer windows, launch RegEdit and drill down to: HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell For safety, right-click on "Bags" and export it so you have a backup. Delete the "Bags" key, then recreate it as an empty key. Log off & back on again, then check your folder selection issue.

I assume a compatibility thing, though you would have guessed that the later version would be more likely to work! When getting this "advice" in the future I'd ask for reasons

If anything, that is completely backwards."Open" simply downloads the file to the Temporary Internet Files folder for the current user, and then attempts to launch the program associated with that file type (or the file itself if it is an executable). "Save" will prompt you for a location to save a permanent copy of the file after downloading, then you can manually run (or virus-scan) it when you want. For small files, using "Open" isn't a big problem - but if you download a very large file and then for some reason the launch fails, you may end up having to download it over again, depending on your settings for temporary files. Remember that IE is now launched with a lower privilege level than your real user token, so if the launcher inherits this privilege level then it might not have enough rights to do what it wants to do (this is by design of course, it is a security measure of IE) - in this case "Save" is preferable to "Open".

I doubt it.The purpose of a trial is a period to test a product with a view to purchasing (and licensing) that product once you are happy it meets your requirements. The reason an upgrade version is cheaper than a full version is because it is seen as a "loyalty discount" - you have paid for a previous version and so get a rebate of sorts on the new version.

You are not licensed if you are running a trial version (you opted not to enter a key at all), so it is not legitimate and is a breach of the EULA.

There is no workaround on an app-by-app basis for preventing UAC prompts if a program tries to access a protected part of the OS or an administrative API. Have you tested the 3.70 beta though? The notes mention Vista, though not UAC explicitly: http://www.rarsoft.com/rarnew.htm Personally, I prefer 7-zip - it has 32-bit and 64-bit versions, is free, and works 100% on Vista: http://www.7-zip.org/

Not that I have found so far. 2 possible workarounds: 1. Create a folder "Zips" and move the .zip files into there so you would have to drill down another layer in the folder structure to see them again 2. Archive the files using a format not natively recognised by Windows Vista - such as 7zip or RAR

Because the OP's most recent post gives a screenshot example of his issue - he shows the compressed files in the "Folders" pane and does not want them there, this is nothing to do with file associations or NTFS file compression.

While the original post was a bit brief, the last one with the screenshot demonstrates the issue.Compressed folders such and .ZIP and .CAB files are now recognised natively by Explorer and are treated as if they are regular folders, so when you double-click on them it will "browse" into them and show you the contents (though any attempt to open a file in there will bring up the file extraction wizard). A side-effect of this is that using the tree view to navigate the folder structure will also show you compressed files as they are valid locations to browse and copy files to/from, this is by design. Installing another program to handle the compressed file type will not alter the native behaviour of Explorer itself, using a browse window to select folders will still display compressed files too. The same is true for the "breadcrumb trail" in the address bar - dropping down a point in the folder structure will allow you to jump into compressed files as well as folders. I am not aware of a way to disable this functionality, however.

Output from "cscript /?" at the command prompt on Vista RTM: Microsoft ® Windows Script Host Version 5.7 Copyright © Microsoft Corporation. All rights reserved.

It'll be the DivX codec I think, it has always had a problem with XP when thumbnails are enabled in Explorer as it doesn't seem to generate them (or handle the requests for their generation) well. The proposed "workaround" in XP I believe is to disable thumbnail generation or take out the DLL which refers to DivX. I do not think it a coincidence that: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} has a default value "Thumbnail Cache Out of Proc Server" Funnily enough the only time I've seen the COM Surrogate crash was after a reboot immediately after installing DivX Player on Vista RTM...

It is good to see you have an understanding at least, crahak Just to expand on the driver signing issue: - it is only enforced for 64-bit Windows - it is a protection system to prevent unauthorised kernel mode code which includes modifications to existing drivers - audio drivers use UMDF now, so are not kernel-mode - the signing is done with the vendor's own PIC, not a "Microsoft stamp" - it is disabled if a debugger attached, so developing drivers is not a problem - in corporate environments you can disable driver signing, or create a CA to sign the drivers yourself for distribution - it is not only for stability through "certified" drivers, but for security to help protect against rootkit-type attacks Also, Windows Vista was the product of a massive amount of user feedback during beta testing, its design radically altered in response to comments and demands, so while it's not possible to create something that at least a few people won't complain about, a "best effort" can be made while still making advances in security, stability and features.

Just FYI, the built-in Administrator is the only account who does bypass UAC.Edit: I attended a week-long course on supporting Vista and have the flow diagram of how UAC is implemented with split tokens, there is an explicit decision for the built-in Administrator's well-known SID to jump straight to the secure desktop without the OTS prompt. Aynthing that prompts you is not using the Administrator's security token. By default this account is disabled except in Safe Mode, but can be enabled if you need "unhindered" access to the various tools. If you need all members of the Administrators group to have this kind of freedom, then launch an Explorer or CMD prompt elevated and run your tools from there, as the split tokens are inherited from the parent process. (The translucency of windows is controlled by the application I think - try running "perfmon /sys" and then click "Compare" / "Set Transparency" and select one of the predefined options to see an example.)

You mean a new, clean AD rather than DC I assume? (Otherwise DCPROMO'ing a member server and synch'ing would be the preferred route.) Perhaps the Active Directory Migration Tool would be of use then? http://www.microsoft.com/downloads/details...;displaylang=en

PC-Cillin is in beta: https://www.trendbeta.com/index.php?get=286It's the fault of the 3rd parties that they haven't written software for Vista, isn't it? I guess once Vista starts to get a significant uptake then the vendors such as ZoneLabs, Sunbelt, Norton, etc. will then look at writing for it - heck they may even start to write 64-bit versions finally!

If they hard-coded their applications then they were stupid and need to rewrite, if they used the provided APIs and environment variables as they are meant to then they have no problems. Folder redirection has been in Windows for years, so you can never assume the user profile locations are C:\Documents and Settings\... if you want your application to be taken seriously.

Though with only 64MB of memory you might find it only supported at lower resolutions.I actually like the "fade-in" dialogue boxes as they grab my attention more than an instantly-changing window where only the text changes.

Nope, I've only helped people clean up the mess after they have tried it, and answered these kinds of advisory cases before.Firewalls (perimeter as well has host) can cause a lot of issues that aren't immediately obvious, and only by taking simultaneous network traces at both ends can you see what data is getting dropped or munged - and sometimes it's not just packet filters but the "smart defense"modules which are inspecting the payloads of the packets and blocking them based on a rigid set of rules.

The Microsoft SNMP service is simply a provider - you must have some 3rd party SNMP agents which use the provider and are creating all the CPU time. I assume you mean that "snmp.exe" is the consumer of all the CPU time? Get Process Explorer: http://www.sysinternals.com/Utilities/ProcessExplorer.html Find the process using all the CPU time and double-click it, then go to the Threads tab (note this can take a while to appear, this is normal). The CPU usage per thread is displayed, there will most likely be 1 or 2 threads using the majority - double-click one with high CPU usage and view the stack. Click the Copy button and paste the stack here.

Whether you visit Microsoft Update/Windows Update manually or the system does its automatic check, the code being executed is common (otherwise it would be a duplication and 2 sets of code to maintain & patch).The current workarounds are to switch from Microsoft Update (back) to Windows Update, or to move the .MSI files out of the %systemroot%\Installer folder.* Edit: * If uninstalling an application requires the MSI file you can either return it to this folder or point to the new location.

Don't cluster DCs. Do not give DCs public IP addresses. There is also no point in clustering DNS - especially when you have only 2 servers - just set one as primary and the other as secondary. In the event of a DNS failure, the clients will switch to use the other DNS server - they don't continue to first try the primary, then have to time out before querying the secondary. A domain is "fault tolerant" by its nature - clients will query DNS to locate DCs and authenticate users. AD-integrated DNS takes away the hassle of zone transfers and is a "mulit-master" model, so point the DCs to themselves for primary DNS and the other DC for secondary (they should never need to use the secondary DNS as the DNS service should be running locally, and so long as replication is working then DNS updates get copied between the servers automatically). You only need the DNS zone configured for your local domain, then configure both DCs with DNS forwarders pointing to your ISP DNS servers to resolve external addresses - don't complicate things with stub zones. Never expose critical servers that need to run a large number of services to the Internet - if you absolutely have to route to the Internet then use NAT and a firewall, but ideally VPN (to a perimeter firewall) if it is just remote clients needing to authenticate. Reading material (but seriously, don't cluster DCs): http://support.microsoft.com/?id=281662

It is strongly recommended that you do NOT use a host firewall on a Domain Controller - leave that job to perimeter firewalls. The list of ports for various types of traffic is quite extensive and varies depending on which roles the server has - also Remote Procedure Call design means the dynamic port range requirement punches a massive hole in the list of ports to let replication (amongst other things) work. If you are hell-bent on trying to run the Windows Firewall service on a DC then here are some KBs you should look at: "Service overview and network port requirements for the Windows Server system" http://support.microsoft.com/?id=832017 "Restricting Active Directory replication traffic to a specific port" http://support.microsoft.com/?id=224196 "How to restrict FRS replication traffic to a specific static port" http://support.microsoft.com/?id=319553 "How to troubleshoot RPC Endpoint Mapper errors" http://support.microsoft.com/?id=839880 Again, it's really not recommended to even put a firewall between DCs if possible, and certainly not using the host firewall service.

As a rule of thumb, if a machine gets infected then you reinstall - how do you know it is clean, or that ACLs haven't been screwed around with which impact system stability otherwise? I would advice ditching AVG, as I found its realtime scanning to be awful - it didn't prevent browsers saving infected files (tested with EICAR), and only popped up an "infected!" warning minutes later, after the file had been moved elsewhere (it even reported the old location!). I switched to Avast! after testing a number of AV products. You say the CPU is at 100% but you don't say which process is consuming all the time - get Process Explorer, add the column "Command Line" and let us know what is using all the cycles. (If it is an svchost.exe instance, make sure to include the full path.) It also wouldn't hurt to run RootkitRevealer if you've not already, to check for hidden nasties.

Use quotes: dir "%userprofile%\recent" del "%userprofile%\recent\*.*" %userprofile% contains spaces ("C:\Documents and Settings\username"), so you need to delimit the path with quotes for dir & del to work.

Tried using Windows Update instead of Microsoft Update? Go to the regular Windows Update link from within IE, then click "Change Settings" on the left, then tick the box at the bottom on the right to check only for Windows updates, then click the apply button. Now try an Express check and watch svchost.exe CPU usage - is it reasonable?