First and foremost, I am against cloning. I do it because I am told to.e
We ordered a batch of HP DC5750's. We made a clone doing sysprep et al. Life was good. But then after the PC's were installed 1000 miles away we discovered that we built the clone from a dual core system and most of the PC's are single core.
Now every time we lauch notepad, control panel, my computer - the system freezes for up to 2 or 3 minutes. The PC's are also reporting hard drive errors.
The fix is to go in and hardware manager and swap the dual processor APIC driver for a single processor.
Monday, November 3, 2008
Tuesday, September 23, 2008
Windows Active Directory issues with Binding
These are the errors;
Windows cannot bind to domain. (Local Error). Group Policy processing aborted.
Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine.
Ends up that one of our network guys installed a new server and it was running Computer Browser, and causing constant elections. So the Computer Browser service was down as much as it was up.
We run 3 Computer Browser servers on our LAN to prevent these elections and the guy forgot to disable the service on the new server. Once he disabled the service, I was able to run gpupdate without errors.
This was causing slow logins / logons as well.
Windows cannot bind to domain. (Local Error). Group Policy processing aborted.
Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine.
Ends up that one of our network guys installed a new server and it was running Computer Browser, and causing constant elections. So the Computer Browser service was down as much as it was up.
We run 3 Computer Browser servers on our LAN to prevent these elections and the guy forgot to disable the service on the new server. Once he disabled the service, I was able to run gpupdate without errors.
This was causing slow logins / logons as well.
Friday, September 19, 2008
Making a Ghost 8.2 clone of my Dell R300 server.
I have historically used Compaq/HP Proliant servers with Intel NICs and chipsets that I have boot disks for. I typically use an older version of the Ultimate Boot Disk which contains Bart's Network Boot Disk, the Microsoft DOS version. I boot to the network in DOS, map a drive, and run ghost.exe to back up the SCSI drives to the LAN.
This doesn't work on my Dell R300. It has too much memory so I run into that issue. Plus there are nasty problems with B57.sys in this environment.
The solution was to download from NU2.com Bart's PE Builder. I installed that and pointed it to my XP SP3 CD (or the parent of the i386 Directory on a network.) Then I took the B57 drivers from Broadcom's site. The drivers are the small K ones, unsigned. The Zip has win_xp_2k3_32 and in that it has b57win32.inf 03/19/2008,10.78.0.0 for the 5700 series. This Dell has 5722 NIC's.
Then I went to LSI's site and did a search for the XP drivers for the SAS controller. The ZIP file has symmpi_xp_x86 and in that lsipseud.inf driver version 06/03/2008,6.5.0. The link is http://www.lsi.com/storage_home/products_home/standard_product_ics/sas_ics/lsisas1068/index.html and click on downloads. The driver is the XP one which is 1.28.03.00. I did not use the WHQL one. I tried the Windows 2003 one from Dell, but that doesn't work in a WINXP OS.
So those are downloaded and put in the C:\pebuilder3110a\drivers\ directories.
I then went into addons and added the Ghost 8.2 files.
Then I created a bootable DVD using the PE builder interface.
I booted up off the DVD and started up the NIC's. Once started, I mapped a drive and ghosted to the network. I was able to see speeds over 1GB/min writing and over 2GB/min on verify. Much quicker than I ever got in DOS.
Anyway, this is how you can GHOST 8.2 a Dell R300 server for disaster recovery. I'm sure you could use this for DD or any other disk cloaning software. I have yet to try restoring the GHOST yet. Hopefully I never will have to try that.
This doesn't work on my Dell R300. It has too much memory so I run into that issue. Plus there are nasty problems with B57.sys in this environment.
The solution was to download from NU2.com Bart's PE Builder. I installed that and pointed it to my XP SP3 CD (or the parent of the i386 Directory on a network.) Then I took the B57 drivers from Broadcom's site. The drivers are the small K ones, unsigned. The Zip has win_xp_2k3_32 and in that it has b57win32.inf 03/19/2008,10.78.0.0 for the 5700 series. This Dell has 5722 NIC's.
Then I went to LSI's site and did a search for the XP drivers for the SAS controller. The ZIP file has symmpi_xp_x86 and in that lsipseud.inf driver version 06/03/2008,6.5.0. The link is http://www.lsi.com/storage_home/products_home/standard_product_ics/sas_ics/lsisas1068/index.html and click on downloads. The driver is the XP one which is 1.28.03.00. I did not use the WHQL one. I tried the Windows 2003 one from Dell, but that doesn't work in a WINXP OS.
So those are downloaded and put in the C:\pebuilder3110a\drivers\ directories.
I then went into addons and added the Ghost 8.2 files.
Then I created a bootable DVD using the PE builder interface.
I booted up off the DVD and started up the NIC's. Once started, I mapped a drive and ghosted to the network. I was able to see speeds over 1GB/min writing and over 2GB/min on verify. Much quicker than I ever got in DOS.
Anyway, this is how you can GHOST 8.2 a Dell R300 server for disaster recovery. I'm sure you could use this for DD or any other disk cloaning software. I have yet to try restoring the GHOST yet. Hopefully I never will have to try that.
Friday, May 16, 2008
How to grab still images off AXIS cameras and generate time lapse movies from them.
This depends on several free programs. mencoder which comes with mplayer2, sleep from Microsoft resource kit, and Irfanview 4.10 or better.
The first batch file grabs the images and looks like this;
==== That is the end of the first batch file. It will grab an image from two cameras and save them with a date and time stamp in separate directories. Obviously you must change this as is appropriate for your hard drive and LAN.
The next batch file is below;
That's a pretty big batch file. What it does is take all of the JPG's and normalizes them using Irfan view. Irfan view has some bugs, so we can't batch convert except for the resize. AXIS sometimes returns back color images, sometimes black and white. The encoding changes. If we don't specify the size on the wget, then sometimes the size can change. mencoder doesn't like any of this. To make a movie, the images must all be the same. Irfanview fills this role.
The mencoder settings are set for high quality, not much compression. You can adjust as needed. This file plays very well in VideoLan (VLC player) if you have problems with codec's in your default media player.
The first batch file grabs the images and looks like this;
e: cd \ md xvid cd\xvid md 8080 md 8081 :top wget -O8081.jpg --tries=1 --timeout=5 "http://user:pwd@domain.dyndns.org:8081/jpg/1/image.jpg" wget -O8080.jpg --tries=1 --timeout=5 "http://user:pwd@domain.dyndns.org:8080/axis-cgi/jpg/image.cgi?camera=1&resolution=1024x800&compression=50" rem If you want an e-mail of the image, use this; rem E:\Blat250\Blat250\full\blat.exe - -body "8081" -serversmtp gmail-smtp-in.l.google.com -f fromuser@domain.com -subject "8081" -to user@gmail.com -attach 8081.jpg -noh2 -alttext Camera setlocal call :GETDATEPARTS "%date%" call :GETTIMEPARTS ren 8081.jpg "8081-%yy%%mm%%dd%_%h%%m%%RANDOM%.jpg" ren 8080.jpg "8080-%yy%%mm%%dd%_%h%%m%%RANDOM%.jpg" move 8081*.jpg 8081\. move 8080*.jpg 8080\. sleep 10 goto top :GETTIMEPARTS for /f "tokens=1-3 delims=:." %%a in ('echo %time%') do call :SETTIMEPART h %%a&call :SETTIMEPART m %%b&call :SETTIMEPART s %%c goto :EOF :SETTIMEPART set %1=%2 if 1%2 LSS 100 set %1=0%2 goto :EOF REM *************************************************** :GETDATEPARTS set dt=%~1 set tok=1-3 if "%dt:~0,1%" GTR "9" set tok=2-4 set yyyy= for /f "tokens=%tok% delims=.:/-, " %%a in ('echo %~1') do ( for /f "skip=1 tokens=2-4 delims=/-,()." %%x in ('echo.^|date') do set %%x=%%a&set %%y=%%b&set %%z=%%c ) if not "%yyyy%"=="" set yy=%yyyy% if 1%yy% LSS 1000 (if %yy% LSS 70 (set yy=20%yy%) else (set yy=19%yy%)) if 1%mm% LSS 100 set mm=0%mm% if 1%dd% LSS 100 set dd=0%dd% goto :EOF
==== That is the end of the first batch file. It will grab an image from two cameras and save them with a date and time stamp in separate directories. Obviously you must change this as is appropriate for your hard drive and LAN.
The next batch file is below;
md e:\xvid\8080\old2 md e:\xvid\8080\old3 md e:\xvid\8081\old2 md e:\xvid\8081\old3 del e:\xvid\8081\old3\*.jpg /q/s del e:\xvid\8080\old3\*.jpg /q/s e: cd\xvid cd 8080 move *.jpg old2\. cd old2 rem cd "C:\Program Files\IrfanView" rem c: rem fails rem start /wait i_view32.exe "e:\xvid\8080\old2\*.jpg" /resize=(600,480) /resample /bpp=24 /aspectratio /jpgq=99 /convert="e:\xvid\8080\old3\*.jpg" /silent dir /b *.jpg > proc.txt @for /f "delims=| tokens=1,2,3,4,5,6,7,8,9,10" %%i in (proc.txt) do ( @echo %%i @echo %%j @C:\zentemp\unsecure\screenc\i_view32 "e:\xvid\8080\old2\%%i" /resample /bpp=24 /aspectratio /jpgq=99 /convert="e:\xvid\8080\old3\%%i" /silent ) cd "C:\Program Files\IrfanView" c: @start /wait i_view32.exe "e:\xvid\8080\old3\*.jpg" /resize=(600,480) /resample /aspectratio /convert="e:\xvid\8080\old3\*.jpg" /silent @e: @e: @cd e:\xvid\8080\old3 @mencoder mf://*.jpg -mf fps=5:type=jpg -oac lavc -ovc lavc -of mpeg -mpegopts format=dvd:tsaf -vf scale=720:576,harddup -srate 48000 -af lavcresample=48000 -lavcopts vcodec=mpeg2video:vrc_buf_size=1835:vrc_maxrate=1800:vbitrate=500:keyint=15:vstrict=0:acodec=ac3:abitrate=64:aspect=4/3 -ofps 25 -o "c:\temp\8080-%DATE:/=%%TIME::=%.mpg" rem remove ,harddup from the line above to make this remove rem duplicate frames. Resulting file is MUCH smaller, however quality does suffer. :try2 @rem o now cam 8081 e: cd\xvid cd 8081 move *.jpg old2\. cd old2 dir /b *.jpg > proc.txt @for /f "delims=| tokens=1,2,3,4,5,6,7,8,9,10" %%i in (proc.txt) do ( @echo %%i @echo %%j @C:\zentemp\unsecure\screenc\i_view32 "e:\xvid\8081\old2\%%i" /resample /bpp=24 /aspectratio /jpgq=99 /convert="e:\xvid\8081\old3\%%i" /silent ) @cd "C:\Program Files\IrfanView" @c: @start /wait i_view32.exe "e:\xvid\8081\old3\*.jpg" /resize=(600,480) /resample /aspectratio /convert="e:\xvid\8081\old3\*.jpg" /silent @e: @cd e:\xvid\8081\old3 @mencoder mf://*.jpg -mf fps=5:type=jpg -oac lavc -ovc lavc -of mpeg -mpegopts format=dvd:tsaf -vf scale=720:576,harddup -srate 48000 -af lavcresample=48000 -lavcopts vcodec=mpeg2video:vrc_buf_size=1835:vrc_maxrate=1800:vbitrate=500:keyint=15:vstrict=0:acodec=ac3:abitrate=64:aspect=4/3 -ofps 25 -o "c:\temp\8081-%DATE:/=%%TIME::=%.mpg"
That's a pretty big batch file. What it does is take all of the JPG's and normalizes them using Irfan view. Irfan view has some bugs, so we can't batch convert except for the resize. AXIS sometimes returns back color images, sometimes black and white. The encoding changes. If we don't specify the size on the wget, then sometimes the size can change. mencoder doesn't like any of this. To make a movie, the images must all be the same. Irfanview fills this role.
The mencoder settings are set for high quality, not much compression. You can adjust as needed. This file plays very well in VideoLan (VLC player) if you have problems with codec's in your default media player.
Wednesday, April 16, 2008
Surfcontrol EUM issue
There is a post "Surfcontrol EUM issue" in another site, which I have the answer to but can't reply - so here it is in case you do a Google search on this;
--- The question on that site ---
The problem is this:
1. Windows user logs onto our domain.
2. The EUM logon agent sends their domain\username and IP information to WebFilter.
3. User shuts down and leaves office.
4. MAC user boots up some time later and is DHCP'd the same IP (as the lease has since expired) 5. WebFilter incorrectly tracks/reports the browsing activities of the MAC user against the cached domain\username of the Windows user!!!
Right now, we don't have a solution for the MAC situation however, for the momentI'd be more than happy if MAC activity was simply tracked by IP - but certainly not in the name of the previous Windows holder of the IP addresses.
It seems to me that we need a way to regularly flush the EUM information that Webfilter stores.
Please advise, as this problem completely voids the integrity of the data reported.
-- The solution ---
There is a EUM agent that runs through logon scripts. It it ScEumLoginAgent.exe. What you do is launch that on your clients with the /intlogoff option which will remove that user's mapping to the IP address.
You can also run a logout script ScEumLoginAgent.exe /logout which will do the same thing, though Windows logout scripts are flaky at best.
I'm using the first method.
--- The question on that site ---
The problem is this:
1. Windows user logs onto our domain.
2. The EUM logon agent sends their domain\username and IP information to WebFilter.
3. User shuts down and leaves office.
4. MAC user boots up some time later and is DHCP'd the same IP (as the lease has since expired) 5. WebFilter incorrectly tracks/reports the browsing activities of the MAC user against the cached domain\username of the Windows user!!!
Right now, we don't have a solution for the MAC situation however, for the momentI'd be more than happy if MAC activity was simply tracked by IP - but certainly not in the name of the previous Windows holder of the IP addresses.
It seems to me that we need a way to regularly flush the EUM information that Webfilter stores.
Please advise, as this problem completely voids the integrity of the data reported.
-- The solution ---
There is a EUM agent that runs through logon scripts. It it ScEumLoginAgent.exe. What you do is launch that on your clients with the /intlogoff option which will remove that user's mapping to the IP address.
You can also run a logout script ScEumLoginAgent.exe /logout which will do the same thing, though Windows logout scripts are flaky at best.
I'm using the first method.
Friday, April 4, 2008
Plotting uptime MRTG in Windows the easy way
This summary is not available. Please
click here to view the post.
Thursday, March 27, 2008
How to grab images off an Axis camera and save them in a time lapse format
I have two Axis Cameras which I want to grab an image from every 10 seconds and store offsite.
My Firewall is configured to pass traffic on ports 1081 and 1080 to the two Axis cameras.
Below is a batch file to accomplish this. It relies upon WGET and SLEEP which is free to download if you search.
:top
wget -O1081.jpg http://user:password@yourdnsname:1081/jpg/1/image.jpg
wget -O1080.jpg http://user:password@yourdnsname:1080/jpg/1/image.jpg
ren 1081.jpg 1081-%DATE:/=%%TIME::=%.jpg
ren 1080.jpg 1080-%DATE:/=%%TIME::=%.jpg
move 1081*.jpg 1081\.
move 1080*.jpg 1080\.
sleep 10
goto top
Store that in a batch file in an empty directory along with WGET. Create two directories named 1080 and 1081.
Launch the batch file -- it will loop forever, storing your images in these directories.
Now, turn them into a time lapse film using mplayer..
Download mplayer (Search Google) and extract mencoder from the zip file. Place that in this directory..
Create another batch file with these contents;
c:
cd \yourdir\1080
mencoder mf://*.jpg -mf fps=5:type=jpg -oac lavc -ovc lavc -of mpeg -mpegopts format=dvd:tsaf -vf scale=720:576,harddup -srate 48000 -af lavcresample=48000 -lavcopts vcodec=mpeg2video:vrc_buf_size=1835:vrc_maxrate=1800:vbitrate=500:keyint=15:vstrict=0:acodec=ac3:abitrate=64:aspect=4/3 -ofps 25 -o c:\yourdir\1080.mpg
cd \yourdir\1081
mencoder mf://*.jpg -mf fps=5:type=jpg -oac lavc -ovc lavc -of mpeg -mpegopts format=dvd:tsaf -vf scale=720:576,harddup -srate 48000 -af lavcresample=48000 -lavcopts vcodec=mpeg2video:vrc_buf_size=1835:vrc_maxrate=1800:vbitrate=500:keyint=15:vstrict=0:acodec=ac3:abitrate=64:aspect=4/3 -ofps 25 -o c:\yourdir\1081.mpg
Of course replace c:\yourdir with the proper location. This will generate an mpg video of all these JPG's, and it will remove any duplicate images. Change fps from 25 to 5 for a slower view. Change maxrate and bitrate higher to get better quality.
If you have problems playing the mpg, you can use mplayer to play it or download VLC Videolan and play it through that. I use VLC because it can also stream directly from the AXIS camera and has it's own recording options.. But that's a different post.
My Firewall is configured to pass traffic on ports 1081 and 1080 to the two Axis cameras.
Below is a batch file to accomplish this. It relies upon WGET and SLEEP which is free to download if you search.
:top
wget -O1081.jpg http://user:password@yourdnsname:1081/jpg/1/image.jpg
wget -O1080.jpg http://user:password@yourdnsname:1080/jpg/1/image.jpg
ren 1081.jpg 1081-%DATE:/=%%TIME::=%.jpg
ren 1080.jpg 1080-%DATE:/=%%TIME::=%.jpg
move 1081*.jpg 1081\.
move 1080*.jpg 1080\.
sleep 10
goto top
Store that in a batch file in an empty directory along with WGET. Create two directories named 1080 and 1081.
Launch the batch file -- it will loop forever, storing your images in these directories.
Now, turn them into a time lapse film using mplayer..
Download mplayer (Search Google) and extract mencoder from the zip file. Place that in this directory..
Create another batch file with these contents;
c:
cd \yourdir\1080
mencoder mf://*.jpg -mf fps=5:type=jpg -oac lavc -ovc lavc -of mpeg -mpegopts format=dvd:tsaf -vf scale=720:576,harddup -srate 48000 -af lavcresample=48000 -lavcopts vcodec=mpeg2video:vrc_buf_size=1835:vrc_maxrate=1800:vbitrate=500:keyint=15:vstrict=0:acodec=ac3:abitrate=64:aspect=4/3 -ofps 25 -o c:\yourdir\1080.mpg
cd \yourdir\1081
mencoder mf://*.jpg -mf fps=5:type=jpg -oac lavc -ovc lavc -of mpeg -mpegopts format=dvd:tsaf -vf scale=720:576,harddup -srate 48000 -af lavcresample=48000 -lavcopts vcodec=mpeg2video:vrc_buf_size=1835:vrc_maxrate=1800:vbitrate=500:keyint=15:vstrict=0:acodec=ac3:abitrate=64:aspect=4/3 -ofps 25 -o c:\yourdir\1081.mpg
Of course replace c:\yourdir with the proper location. This will generate an mpg video of all these JPG's, and it will remove any duplicate images. Change fps from 25 to 5 for a slower view. Change maxrate and bitrate higher to get better quality.
If you have problems playing the mpg, you can use mplayer to play it or download VLC Videolan and play it through that. I use VLC because it can also stream directly from the AXIS camera and has it's own recording options.. But that's a different post.
Friday, February 22, 2008
Mac OSX 10.5.x Leopard
So I've been running a Mac OS X Leopard machine from 10.5.0 to 10.50.2 and it has been a journey for this Windows user.
While the OS looks pretty, and many things are dumbed down for use, there are still many issues with this OS that make me wonder why so many people praise it's tunes.
Issue A, in no particular order) Lockups. I have had many lockups on 10.5.x. They still continue. Many patches have been released, but the issues still occur. Most of the time it is while I am playing something either in iTunes, DVD Player, or Front Row. It will often hard lock requiring a power cycle.
Issue B) Bugs. There are many plain bugs in the system. They just released a firmware update to resolve an issue where you type a key stroke and nothing happens. This has been a royal pain to deal with, especially on passwords. Things are better now, but not resolve. In Mail if I change an account from IMAP to IMAPS it will show the port 993 (usually) in the screen - but it tries to connect with port 143 per the firewall logs. Have to mess with it over and over and finally it will take. The Network Neighborhood seems to only check for clients at startup, and then drop them off as they sleep - but never update with new clients. The only way to get the list back again that I've found is to drop Airport and bring it back online. iChat bombs out during video chats.
Issue C) The thing gets very hot, especially in bootcamp. No temperature controls in Windows.
Issue D) Can't listen to unprotected WMA's in iTunes. WTF?
Issue E) Hardware. Only two USB ports and only one providing the full mA of power. No media buttons. Metal case shocks the crap out of you if you have a static charge. Plugging something into the speaker jack often kills the audio signal completely. Especially in games. Restarting the audio in the game will fix it, if it has that option.
Issue F) Nothing like NTBackup included. Must purchase .Mac or some other tool to get backup software. Time Machine hardware is expensive. Why can't I do system recovery backup to my USB drive with out of the box software?
Issue G) No NTFS read/write built in. Again, wtf? I'm not installing NTFS-3G et al when the projects are either dead, have known issues which say do not install in production environments, or commercial. This should be out of the box.
For the most part, I like the Mac. But these are some rather major issues. Especially when I paid almost twice as much for the Mac over a very similar Dell.
While the OS looks pretty, and many things are dumbed down for use, there are still many issues with this OS that make me wonder why so many people praise it's tunes.
Issue A, in no particular order) Lockups. I have had many lockups on 10.5.x. They still continue. Many patches have been released, but the issues still occur. Most of the time it is while I am playing something either in iTunes, DVD Player, or Front Row. It will often hard lock requiring a power cycle.
Issue B) Bugs. There are many plain bugs in the system. They just released a firmware update to resolve an issue where you type a key stroke and nothing happens. This has been a royal pain to deal with, especially on passwords. Things are better now, but not resolve. In Mail if I change an account from IMAP to IMAPS it will show the port 993 (usually) in the screen - but it tries to connect with port 143 per the firewall logs. Have to mess with it over and over and finally it will take. The Network Neighborhood seems to only check for clients at startup, and then drop them off as they sleep - but never update with new clients. The only way to get the list back again that I've found is to drop Airport and bring it back online. iChat bombs out during video chats.
Issue C) The thing gets very hot, especially in bootcamp. No temperature controls in Windows.
Issue D) Can't listen to unprotected WMA's in iTunes. WTF?
Issue E) Hardware. Only two USB ports and only one providing the full mA of power. No media buttons. Metal case shocks the crap out of you if you have a static charge. Plugging something into the speaker jack often kills the audio signal completely. Especially in games. Restarting the audio in the game will fix it, if it has that option.
Issue F) Nothing like NTBackup included. Must purchase .Mac or some other tool to get backup software. Time Machine hardware is expensive. Why can't I do system recovery backup to my USB drive with out of the box software?
Issue G) No NTFS read/write built in. Again, wtf? I'm not installing NTFS-3G et al when the projects are either dead, have known issues which say do not install in production environments, or commercial. This should be out of the box.
For the most part, I like the Mac. But these are some rather major issues. Especially when I paid almost twice as much for the Mac over a very similar Dell.
Monday, January 7, 2008
IE7 IEAK upgrade causes all Internet Zones to be treated as Local Intranet
Ah, yes, this bug again. I've seen it crop it's nasty head up a number of times all the way back to IE 4.x.
After using an IEAK upgrade to upgrade my stations from IE6 to IE7, Internet Explorer treats all Internet sites as Local Intranet. For me, this means they have additional rights to install spyware & because we don't allow passwords to be saved on our Intranet via a GPO, the users can't save ANY of their passwords for any website.
I've seen this times before. So I had a hunch. I checked my settings. Everything seems right in the GUI. The settings match my machine. Mine was updated via WSUS, not through IEAK installer. But we both run the same .INS configuration file. We run security zones for IE as HKLM only as described in KB182569. This allows us to set the settings once per PC and be done.
So my first test was to disable "Automatically Detect Intranet settings". And behold, the Internet zone was detected correctly now. Go back into the settings and IE7 had reset this setting back to enabled. But that didn't matter, the detection was working now. I tested this on 3 machines and repeated the experience.
So I found the registry location and dumped it into a .REG file
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect"=dword:00000000
Notice this is in the HKCU location and not the HKLM location, where my settings should be coming from. However, running this via REGEDIT /s ie7fix.reg in a login script resolved the issue on 3 machines. So this triggers IE to fix whatever is wrong. Since my settings come out of HKLM, the IE GUI still shows autodetect enabled. And it detects correctly.
This is obviously a bug. IE7 must not be looking at HKLM in every case where it should when Security_HKLM_only is enabled. My guess is that the IEAK installer couldn't access the HKCU hive of the user. Somehow setting the AutoDetect value in HKCU triggers IE7 to fix what is wrong there.
--- Correction below----
This was caused by my own doing. I followed these directions;
http://www.msfn.org/board/index.php?showtopic=75475&mode=linearplus
Which had me set the runonce to 1 so that the annoying welcome to IE7 didn't appear. Apparently it is this flag that also upgrades HKCU settings from IE6 to IE7. So I caused the problem myself.
After using an IEAK upgrade to upgrade my stations from IE6 to IE7, Internet Explorer treats all Internet sites as Local Intranet. For me, this means they have additional rights to install spyware & because we don't allow passwords to be saved on our Intranet via a GPO, the users can't save ANY of their passwords for any website.
I've seen this times before. So I had a hunch. I checked my settings. Everything seems right in the GUI. The settings match my machine. Mine was updated via WSUS, not through IEAK installer. But we both run the same .INS configuration file. We run security zones for IE as HKLM only as described in KB182569. This allows us to set the settings once per PC and be done.
So my first test was to disable "Automatically Detect Intranet settings". And behold, the Internet zone was detected correctly now. Go back into the settings and IE7 had reset this setting back to enabled. But that didn't matter, the detection was working now. I tested this on 3 machines and repeated the experience.
So I found the registry location and dumped it into a .REG file
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect"=dword:00000000
Notice this is in the HKCU location and not the HKLM location, where my settings should be coming from. However, running this via REGEDIT /s ie7fix.reg in a login script resolved the issue on 3 machines. So this triggers IE to fix whatever is wrong. Since my settings come out of HKLM, the IE GUI still shows autodetect enabled. And it detects correctly.
This is obviously a bug. IE7 must not be looking at HKLM in every case where it should when Security_HKLM_only is enabled. My guess is that the IEAK installer couldn't access the HKCU hive of the user. Somehow setting the AutoDetect value in HKCU triggers IE7 to fix what is wrong there.
--- Correction below----
This was caused by my own doing. I followed these directions;
http://www.msfn.org/board/index.php?showtopic=75475&mode=linearplus
Which had me set the runonce to 1 so that the annoying welcome to IE7 didn't appear. Apparently it is this flag that also upgrades HKCU settings from IE6 to IE7. So I caused the problem myself.
Subscribe to:
Posts (Atom)