Stoic Joker

Thanks, I've been using UPX for years and had almost given up on seeing another update.

Spybot S&D with the SD helper enabled is what I recommend to clients. However Windows Defender's more proactive nature is a nice feature, and it hasn't annoyed me once on 6mo of use...So I have started recommending that as of late.

Based on the article #rootworm posted above... With your chipset being (not listed) a 945 I'd have to guess no, it doesn't. I'm running one of the Asus Commando Mboards with a 965 chipset. With remap off both Vista x64 & the BIOS show 3008MB RAM. With remap on memory shows correctly as 4096MB in both Vista and the BIOS.

Set your authentication (in GP) to use NTLM v2 responces only, then map a drive using cached creds, and backup via that.

I'm not sure what OS you're planning to use for this project, but be carefull getting a Supermicro board for a Vista box. While everything runs fine (stable,fast, etc.) RAID drivers are not available and I didn't get the impression from talking to them that they had any intension of releasing them for the X6 line of boards. The X7s supposedly will have Vista drivers (but I haven't seen them). The last Xeon box I did (now my DC) came from Next Internationall, good price, people, & service ... I'd buy from them again. The X6DAL-TG I'm running did fine through the Vista betas, and OK with the RTM (minus the 4 port Marvell RAID controller) ... But it is Mindblowingly fast as a Win2k3 x64 R2 server. Just thought I'd throw that in Stoic Joker

Try to telnet into ports 21 & 80, if you can get the server's banner responce then your ISP & router are OK. FTP will say: 220 Microsoft FTP Service HTTP will require that you type quit then press [Enter] befor responding: HTTP/1.1 400 Bad Request Content-Type: text/html Date: Mon, 14 May 2007 10:53:19 GMT Connection: close Content-Length: 35 <h1>Bad Request (Invalid Verb)</h1> Connection to host lost.

There is also a small (free) utility called SafeMSI that will start the installer service in safemode. I've been using it for a while and it's quite handy.

Huh? You're running an Exchange server, and trying to stop spam at the client end?!? ...You are kidding right? On our office network the Outlook clients only see less than 1% of the actual spam and get about 50% of that. the reall "work" is done by a server side spam filter (GFi's MailEssentials) which stops the spam before it ever gets to exchange. SMTP service ->GFi ->Exchange According to the GFi logs (Which are fantastic) its prevented over 4,000,000,000 (yes 4 billion) pieces of spam since 1/1/07 from even touching Exchange ... which is actually the point of the excercise because once it hits the mail stores it's already done its damage. Bloating the db, the transaction logs, and the backups with useless information. Client side filters are fine if you get mail from your ISP, but if you run your own mail server ... Hay man if you got the "ball" ... It's (all you) your ball...

Wow, thanks for that! I actually found TClockEx first, a long time ago. Then I did some research and found the original TClock, and had the impression that the guy who did the TClockEx version was taking credit for the work. Then I found Alfaclock, which seems to have done a lot for the idea, works better on XP, but then there's the problems on Vista. I'm glad to see that you have redone the original version, and have updated it to work with Vista also. This program has been indispensable to me, and I'm still amazed that Microsoft doesn't make a better clock. On the source code thing... most programmers feel like their projects are never really done, and wait to release the code because they fear it will be criticized. What winds up happening is they lose interest, never "get around" to cleaning up the code, and then it's never released. If you still have the intent to release it, I believe it would be good for the Net, and you might get some help with it! Point Taken... I will most definately be releasing the code with the next build, which should be this summer. My developement machine fried last Thursday so I'm currently scrambling to get a new box put together.

The program that started it all was Kazubon's TClock. I've done a rewrite of the original code that is specifically designed to be "Administrator Friendly" in that it can be completely configured and run with a User Account...So you don't have to go bothering an Administrator . It also will run on x64 OSs & Vista. Both the x86 & x64 builds are in the same download. http://www.stoicjoker.com/TClock

I wouldn't put such an artificial limitation. They have server farms in multiple places (like for their live services) -- all running windows. *sigh* Exactly what is "artificial" about a physical address...? It's an example used for contrast and doesn't require that I list every possible (real live actual) physical location owned by them that just might happen have a box connected to the rest of the world that does stuff. That's equally bad (if not worse) than the previous statement. They point a DNS entry to a caching/download service. That doesn't make it their servers. They're not MS-owned, MS-managed or anything like that. It's a different company's assets altogether. A DNS entry means absolutely nothing. Really... It means nothing, other than it is part of the parent namespace (e.g. Microsoft). Does it make it one of their servers? No. Does it make it part of their hosting strategy (being that it falls under their namespace & "hosts their files) ... (oops!) Yes. So it's cheaper to pay for the bandwidth, than it is to just pay for the bandwidth? Yes, I know what you meant ... I just couldn't resist having a bit of fun. But that is the key to the "Always Have" part as MS has been using Akamai's servers to handle their peek traffic loads for years. Not just lately because of a sudden abundance of Hugh, popular files. Now you see it's the "Mostly Irrelevant" part I'm driving at...It's not Completely Irrelevant, just mostly ... Which doesn't quit make it totally ignorable. Sure I can ... It's a free country. Now if it offends somebody... Well, I'll just have to report to have myself horse whipped later. Hay I'm not saying that MS is using *niX because their stuff sucks & can't take the weight. Because ThaT would not be true. I'm simply stating the fact that one can go to MS's site, download one of MS's files, and have it come off a Linux box ... because the little buggers do in reality exist within their domains namespace. It's a matter of view point, I can either look at things from inside the "box" creating hard definitions based on what is within the broadcast zone of the local LAN. Or... I can look at the "Big Picture", the Internet as a whole and break things up based on the registered TLD. ICANN does, and the Internet's main DNS root servers agree. While they are divided into groups that each only service their given TLD classes they are still all part of the Internet's (FQDN) '.' Zone. e.g. You're right a pit-bull is not a poodle ... But they are both dogs. Remember the Internet is just one big shared global network that uses human readable domain names to define who's who.

Um... If we define Microsoft's servers as what is physically at One Microsoft Way ... then OK I'll concede the point as all being a mixture of Win2000 & Win2003 machines. However if we define it as any machine that is hosting content for the microsoft.com parent domain ... then Akamia's servers do count, and are Linux machines. i.microsoft.com, i2.microsoft.com, and i3.microsoft.com are all Akamia servers, that run Linux, and send you directly to Microsoft's home page. So ... Does Microsoft use all Windows servers? Yes. Does Microsoft's content hosting use all Windows servers? ...No!

Actually they use both Windows & Linux server (always have), go to www.netcraft.com and check it out.

Geek, Nerd, Guru ... I don't care what you call me ... I Do However reserve the right to not respond to it. Odds are when their screen goes blank ,,, they'll get my name right...

If the Smoothwall box is going to be handling NAT, then one public IP (for it) should be fine (and cheaper) ... why not looking into configuring the Netopia box as a bridge?

...Which is precisely why they should be forced to pay a Hugh fee for un-Borking their server (Write it off as an educational expense). I recommend to all clients that servers be run "Headless" for the purpose of preventing this kind of incident from happening; Because IT Shouldn't.

DHCP Scope Classes should do what you want. Just setup one scope class with basic info and your IIS server as the gateway, and one class with the correct complete domain information. Assign all the domain machines to the domain scope class and you're there. ...DHCP Scope classes are usually used for braking up subnets...but there is no reason you can't use it for "Other Stuff"...

Assuming you're using a client to gateway VPN (which with 40 tunnels is a safe assumption), all you'd really need is a WINS server/proxy to get NetBIOS working through the tunnel. Why drop thousands in a high-end server & TS licenses, when XP's remote desktop is free...simply send each user to their own internal desktop through the tunnel. (either leave them running or use WOL) If the RDC is stripped down e.g. kill animation, connect back to local disks, printers, etc. and drop the colors a bit (CAD doesn't need True Color...) it might actually be tolerable. Just a Thought Stoic Joker

Just ran into this one yesterday...I'm assuming the 2k3 server is R2 Correct? You'll need to run the copy of ADprep that is on the Win2k3 R2 CD that has the (other) new for 2003 AD updates. it's in: X:\Cmpnents\R2\Adprep It'll update AD to version 31, instead of version 30 which is what you probably have now. ...and no, rerunning it won't brake anything...the rest of yesterday's deployment went perfectly (after I found the right copy of ADprep).

Put DNS back the way it (was to start with) before you break AD. I've see MS KB articles both for and against using the public FQDN internally...There are some situations where you have to. Internally you only need (needed...) to create a DNS record for the mail server mail.intDomain.com that will be used internally so the MAPI clients can find it. Directly under the Masquerade domain entry is the FQDN field that is only used by external servers to confirm your servers identity during a send. So it should contain the same public domain name that your MX records will point to as having the IP address that you're sending from. As long as you have DNS forwarding (and your MX records) configured properly the check DNS button will give you a successfull lookup and all will work fine. The default from address is (globally) configurable under recipient policies in Exchange System Manager.

Which FSMO roles were held by the DC that died? Have they been seized by the new "Temp" DC? If all domains were under a single forest root, was it the Forest root server that died? Which DCs hold which FSMO roles?

Answer: There's a "spoiler" tag, let's use it. How cleaver I have to highlight text to read it ... Not! Many Many?!? try 2 .txt & Internet options HTML edit with... Sure there are others .reg .inf .ini etc. Which have no syntax highlighting support (and therefore don't need a fancy editor...), and if you really need it then you're probably to stupid to be editing the file in the first place. If you really want to have everything "covered" then add your editor of choice to the send to menu and you're done ... or pick an editor (Like EmEdit) that is written by someone with enough sense to grab the file associations during the install and it's problem over. Poking holes in a security scheme that's designed to protect the OS just to wedge in some widget is foolish and a recipe for disaster.

Instead of throwing the baby out with the bath water and crippling security configurations just to rid ones self of a single 100kb file ... Why not just change the file associations for the file types you want opened with the other editor? It's hardly hurting anything just sitting on the drive, Christ it's only a text editor not a plague rat.

Yes, that is exactly what can be done (together with other things) by the MBRfix app linked to before, which runs under 2K/XP/2003. No need to boot into DOS. jaclaz True ... but being that he is trying to boot RAID1 with the primary drive removed and getting an OS not found error. I assumed that he was exploring his recovery options and would be needing something to boot to (at that point) to complete the scenario.

Chances are (Given the error) the partition is not set as "Active". If I recall correctly you should be able to use Fdisk from a Win9x boot floppy to set the active partition flag on a Non-DOS (NTFS) partition. Just a Thought Stoic Joker