..by Guillaume Ross
You have probably noticed that the “New” category in the App store is..well.. not that new.
Pinchmedia has started aggregating info from the app store to compile it into RSS feeds.
http://www.pinchmedia.com/your-view-into-the-app-s… for all the info.
For the lazy ones (*cough* efficient *cough*):
Here is another post I had on my Wiki that I think is still useful.
Purpose of this article
A lot of people encounter problems using Entourage 2004 on Exchange 2007 system. Errors with little detail such as “error 170″ happen when trying to receive or send email.
Solution
A few things need to be checked on the OWA side of things and a special way to enter the URL in entourage.
How to do it
On your Exchange Outlook web access server:
Internet Information Services (IIS) Manager
Open the web site containing your owa application. At the same level as the owa application, you should have folders called Exchange and Exchweb. Those are used for legacy applications.
Fig1: Checking if the legacy OWA folders exist
If you do not have these folders, use this command, posted by Mike Willis on http://benskelton.blogs.com/ben_skeltons_blog/2007/01/entourage_and_e.html (It is a simple command but I saw it there first, hence the credits) :
New-OwaVirtualDirectory -name exchange -OWAVersion Exchange2003or2000 -VirtualDirectoryType mailboxes
Then go in the Web Service Extensions at the bottom left of the IIS manager. Right click WebDav in the list, and enable it. After all of this, you might want to reset or restart IIS.
Fig2: Enabling WebDav
Open Entourage. With a bit of luck, it will connect with your old settings. If not, go edit the Exchange Server field in your configuration, and set it like this:
https://exchange.server.blah/exchange/user@host.com
User@host being your default email address, not your local domain account, unless they are the same of course.
It should then connect properly. If not, feel free to post in the talk pages and I will try to help you out!
A lot of people running ESX 3.5 Update 2 have been experiencing a slight bug where you can’t start or restart VMs starting August 12th 2008. Well, that could be a problem.
Here’s a thread about the issue with some workarounds which involve messing with the host’s time. (Watch out not to sync your Domain controllers with the wrong time, or bye bye Kerberos!).
Also, today is patch Tuesday by Microsoft and I’m sure a lot of people will be installing critical security patches and rebooting Virtual Machines. That should be interesting…but hey, people will learn not to patch stuff too fast.
The real issue with this is that VMware, an enterprise solution, has built-in license management. How can companies not realize that schemes such as this always hurt the honest customer? The dishonest ones are probably running cracked versions that weren’t affected by this.
Sometimes, it might be impossible to clean up all old domain accounts at the same time. Maybe you’re using Windows 2000 mixed mode and don’t have the LastLogonTimestamp field handy, maybe your users use some applications that don’t update it properly…there can be many reasons.
However, if it is a huge environment where there are a lot of administrators, and you know that the deprovisioning process is not always followed, you should at least disable the old accounts that are members of Domain Admin.
I use oldcmp by Joeware, maker of the greatest AD tools on Earth.
Oldcmp was originally designed to disable old computer accounts, but it’s also made to work with user accounts. It can use pwdLastSet and LastLogonTimestamp as attributes.
Check out the oldcmp usage first.
Then, it is a matter of running oldcmp with the proper switches, and filters. Always run it in reporting mode first.
oldcmp -users -report -af “memberof=CN=Domain Admins,CN=Users,DC=domain,DC=com” -llts -age 120 -format csv
oldcmp -users -report -af “memberof=CN=Administrators,CN=Builtin,DC=domain,DC=com” -llts -age 120 -format csv
This will output a CSV file with a list of Domain Admins that have not logged in for 120days+ according to the LastLogonTimestamp attribute. Of course, this attribute is not precise as it is replicated roughly every 2 weeks. However, this will give you a pretty good list of “old” admins.
Then, if you only want to remove them from the Domain Admins group, either do it manually or use admod to do it. If your domain is not totally insane, there should be few accounts to remove.
If you want to completely disable the accounts, you can use the same oldcmp string as above, with the safety and reporting removed. I’ll let you read the usage so you don’t blame me if you disable all your domain admins! If you are using pwdLastSet, watch out not to disable accounts that are set so that the password doesn’t expire..
You should do that on Enterprise Admins and other high privilege groups as well obviously, and also, on the whole domain.
Shamelessly stolen mp3 from http://www.modemsite.com/56k/trouble3.asp
Took the Crank one for somewhere I can’t remember.
Converted to m4r for iPhone goodness. Import to iTunes straight away and enjoy. Click on Ringtones tag for more!
Today I read a post on Windows Networking by Brien M. Posey about “The Confusion of AD Design”.
He argues that some people use way too many OUs and that “less is more”.
As I said before, there are situations that do warrant using multiple OUs. This is particularly true in situations in which there are multiple administrators, and each administrator needs to be delegated control over a different portion of the network.
Well, I’m not aware of many domains that do not have “multiple administrators that need to be delegated control over a different portion of the network”. Those that don’t have that usually don’t have any OUs created other than the default ones, with every user under Users, and every computer under Computers. Of course there might be some exception, for example a domain used only to host your Exchange servers, however, most companies that pay high priced consultants to come in and set up their Active Directories have structures a little more complex than a 25 employee small business.
Having a lot of OUs can be very useful in almost any big domain structure. Let’s say you have 50 different types of servers. Each of these server sets has their own Hardening rules. You apply a “master” hardening GPO at the top of your OU structure, that locks everything down, and then you unlock things for each application, at the OU level. This way, your OUs apply in the proper order by default, and delegation is pretty easy as each application has their own container.
At least, at the end of the article, he acknowledges this:
Right about now, you might be wondering what I really have against creating multiple OUs. There are a couple of reasons why I do not like using multiple OUs unless I have to. Maybe it’s just laziness on my part, but the first reason why I like to try to stick to using a single OU in an Active Directory design is because having multiple OUs tends to complicate LDAP queries.
Well, just do a subtree search then! Laziness, on my end, makes me want to have a structured design where Group Filtering is the exception rather than the rule.
When working a lot with Group Policy, one thing that I would love being able to do is merging user right assignments. If you’re aware of how to do it, be sure to post a comment (Workaround, 3rd party tool, etc).
Let’s say you have 500 servers. All servers run some agent service that must always be set to automatic, and for which you have customized ACLs. (You grant helpdesk the right to restart the service for example).
Well, this is pretty easy to handle as every service can be handled in different GPOs, so you just create a GPO with your settings, and you link it appropriately.
Now, what if you want to grant the service account that this service uses on every computer the right to “Log On as a Service” ? You could put that in the same GPO, but it would override any other policy that has “Log On as a service” defined and is applied before this one. Wouldn’t it be nice to be able to specify in a GPO that the service account must have “Log on as a service” while keeping the currently specified rights?
Vmware
When I use Windows virtual machines, sometimes the system beep gets annoying to my neighbors.
When I use Linux virtual machines, it goes through my laptop’s PC Speaker, which makes me have a heart attack, and annoys my neighbor.
Find your Vmware preferences file
Windows: Application Data\VMware\preferences.ini
Linux: ~/vmware/preferences (you could possibly do it in the system wide config as well)
Add this line:
mks.noBeep = TRUE
All beeps should be gone.
Windows itself
If for some reason you use some other Virtualization product that does not allow you to disable beeps, just create a Group Policy on your test domain (you could do it local as well). Configure any non critical service in the GPO to be DISABLED. (I use the print spooler).
Once that is done, browse to the sysvol, find the GPO’s folder, and edit the security policy text file. Replace the name of the service you disabled with “beep”.
The reason we have to do that is because you don’t see the beep service in the list of the GPO editor. But this effectively disables the beep service that Windows uses, well, to beep ! I deploy this on test domains where I “beep” often.
Get it here – Coupon at bottom of post
I received my invisibleSHIELD for iPhone 3g.
It came in a nice box, with the little squeegee and some spray to apply it. I read the instructions, watched the guide on their web site, and got to work.
Applying the front and the button piece was a piece of cake. I did it first, but I think it is a better idea to do the back first, let it try for a few hours, and then do the front. When doing the back, you apply a lot of pressure on it and you might ruin what you have done on the front, which thankfully did not happen to me, but came pretty close.
Applying the rear was easier than I expected it to, after reading comments of people who were “not able to get the corners to stick” etc.
I aligned the back piece with the headphone jack and the power/volume buttons, then folded it on its back and made sure the camera hole lined up. Then, I “squeegee’ d” it a bit to get the rear slightly glued.
Making the corners look good was not hard, but takes a while (half an hour maybe). The reason for that is that at first, the flaps are too soft and not sticky enough. I shaped the corners by stretching the flaps and applying some pressure with my palm, while breathing hot air on it. I did not get it perfect but I’m confident if I had to do a second one I could. There are some slight imperfections in the corners, and the alignment of the plastic on the chrome trims is not perfect either.
However, I usually carry my iPhone around in a Griffin Elan Clip so as long as the front is perfect, that is great. And while the back might not be perfect, it is still awesome to be able to carry it in my pockets without being afraid to scratch it.
Will post a follow up with close up pictures as soon as it is done drying !
*note that this is an actual unbiased review and that none of the links I posted send you to sites where I get referral money when you buy it. However if you do order one here are some coupons I found. They may or may not work, worth a shot:
pcworld20
5he27e
I couldn’t resist.
Actual Numbers from Google (Canada)
“I should have kissed her” : 7730
“I shouldn’t have kissed her:” 806
Results from Cuil
I should have kissed her: 4
I shouldn’t have kissed her: 0
My regret is actually having wasted time to check this out. I actually feel guilty comparing anything to Cuil, since it might generate some “buzz” around it.