Home » 2011

Yearly Archives: 2011

Cisco Unified Attendant Console Overflow

Since I keep forgetting where the settings are for changing the Cisco Receptionist/Auto-Attendant timers and overflow are I decided to post it here for future reference.

The Attendant Console is the Windows based server application that is part of the Cisco Call Manager v8.x system.

This is setting is on the Attendant Console server (web interface http://attcon/webadmin/) under “User Configuration -> Queue Management — Overflow — Wait time to overflow”.

Allow Anonymous Relay Through Exchange Hub Transport

Use this Exchange Management Shell command to allow anonymous relay to external domains. (This should not be done on external facing servers.)

Get-ReceiveConnector "<servername>\Receive Connector Name" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-Accept-Headers-Routing","Ms-Exch-SMTP-Accept-Any-Sender","Ms-Exch-SMTP-Accept-Authoritative-Domain-Sender","Ms-Exch-SMTP-Submit","Ms-Exch-SMTP-Accept-Any-Recipient"

The last ExtendedRights permission is the one that can only be set through the shell.  (The other permissions can be set in the GUI console.)

Set Exchange 2010 Alias to samAccountName

Use these PowerShell commands to set a users Exchange mailbox Alias to their username (AKA samAccountName/samid):
$aliasname = Get-Mailbox -OrganizationalUnit "OUNameHere" -ResultSize Unlimited
$aliasname | Foreach-Object{
$_ | Set-mailbox -Alias $_.SamAccountName

Cisco ASA pre-shared Key Recovery

Use this at the ASA’s Enable prompt to show the pre-shared VPN keys:
[code]hostname(config)# more system:running-config

tunnel-group mytunnel type ipsec-ra
tunnel-group mytunnel general-attributes
default-group-policy myGROUP
tunnel-group mytunnel ipsec-attributes
pre-shared-key PASSWORD


Where are my TEMPDB files?

Use this query to find the physical location/path of the SQL TEMPDB files:
SELECT name as ‘File Name’, physical_name as ‘File Directory’
FROM sys.master_files
WHERE database_id = DB_ID(‘tempdb’);

NetApp disk assign

Move disk ownership from one NetApp controller to another:

Remove ownership on system that owns the disk (FAS1):
fas1> disk assign –s unowned 0a.23

The disk shows up as unowned with the physical address it has on FAS2:
fas2> disk show –n

Take ownership of the unowned disk on the partner system:
fas2> disk assign 0b.23

Windows Server Multipath I/O

You can enable the Windows Server 2008 R2 Multipath I/O (MPIO) feature from the command line using this DISM command:

[sourcecode language=”bash” wraplines=”false” collapse=”false”]
dism /online /enable-feature:MultipathIo

To disable this feature use:

[sourcecode language=”bash” wraplines=”false” collapse=”false”]
dism /online /disable-feature:MultipathIo

To show the currently enabled/installed features use this DISM command:

[sourcecode language=”bash” wraplines=”false” collapse=”false”]
dism /online /get-features

Find Empty Active Directory Groups

Find Empty Active Directory Groups

Following one-liners will find Active Directory Groups that have no users.

** To find empty Global Security groups:
Click Start -> Run -> Cmd.exe -> OK -> Copy and Paste following statement
DSQuery * -Filter “(&(sAMAccountType=268435456)(!member=*))” -Limit 0

** You can save the output to a text file by using Dos redirection operator > with file name.

DSQuery * -Filter “(&(sAMAccountType=268435456)(!member=*))” -Limit 0 >C:\EmptyGroups.txt

Above statement will create EmptyGroups.txt file on C: drive root listing all empty security groups.

** To find empty Local Security groups:

DSQuery * -Filter “(&(sAMAccountType=536870912)(!member=*))” -Limit 0

** To find empty Distribution groups:

DSQuery * -Filter “(&(sAMAccountType=268435457)(!member=*))” -Limit 0

** To find ALL empty groups (either local, global Security or Distribution groups):

DSQuery * -Filter “(&(objectClass=group)(!member=*))” -Limit 0

Exchange Address List Segregation

An address list is a collection of recipient and other Active Directory objects. Each address list can contain one or more types of objects (for example, users, contacts, groups, public folders, conferencing, and other resources). You can use address lists to organize recipients and resources, making it easier to find the recipients and resources you want. Address lists are updated dynamically. Therefore, when new recipients are added to your organization, they’re automatically added to the appropriate address lists.


with very little effort I got …

with very little effort I got a bartender to say, “I know kung-booze.” #bar

iTunes MSI Install Order

The order to install individual Apple iTunes’ MSIs is:

  • AppleApplicationSupport.msi – With iTunes Apple ships two ‘support’ MSI. The ‘Application Support’ msi has the core files for ‘Application Support’ within iTunes.
  • AppleMobileDeviceSupport.msi – With iTunes Apple ships two ‘support’ MSI. The ‘Mobile Device Support’ msi has the core files for device management of devices which can be connected to iTunes (iPhone, iPod, Ipad).
  • Bonjour.msi – Bonjour, also known as zero-configuration networking, enables automatic discovery of computers, devices, and services on IP networks. Bonjour uses industry standard IP protocols to allow devices to automatically discover each other without the need to enter IP addresses or configure DNS servers. Specifically, Bonjour enables automatic IP address assignment without a DHCP server, name to address translation without a DNS server, and service discovery without a directory server. Bonjour is an open protocol which Apple has submitted to the IETF as part of the ongoing standards-creation process. To learn more, check out the Bonjour Protocol Specifications which detail the technologies that make up Link-Local and Wide-Area Bonjour.
  • QuickTime.msi – Configuration and installation of QuickTime is covered here.
  • iTunes.msi – the Itunes.msi contains the core files needed to run Apple iTunes.
  • AppleSoftwareUpdate.msi* – The ‘AppleSoftwareUpdate.msi’ is optional and only needed if you want to use the Apple Auto Update feature and/or MobileMe

* = don’t install in corporate/enterprise environments

Command line switches(?):


SIP Providers

These are seven SIP providers given to me by Time Warner Cable Business Class (Texas) in Q1 of 2011.  I’m pretty sure that at least one of them is already out of business in Q2 with not forwarding address.


Force user logoff after a period of inactivity – Windows XP/Server 2003

To logoff the user after a certain period of inactivity, you may use the Winexit screensaver which comes with Windows 2003 Resource Kit tools (free). Download Windows 2003 Resource Kit Tools from here. It contains the file Winexit.scr [Windows Exit Screen Saver]. Once installed, reboot the system.

  • Open C:\Program Files\Windows Resource Kits\Tools
  • Right-click winexit.scr and choose Install
  • The Display Properties dialog box appears with the Screen Saver tab active
  • The Logoff Screen Saver entry is automatically selected
  • Click Settings
  • Select the Force application termination check box to force programs to quit
  • In the Countdown for n seconds box, type the value accordingly
  • In the Logoff Message box, type the message that appears during the logoff countdown. Click OK.
  • In the Display Properties dialog box, click Preview.
  • You see the Auto Logoff dialog box. It displays the logoff message and the countdown timer.
  • Click Cancel. Click OK.

The Force application termination option forces programs to quit even if the programs contain unsaved data. If you do not use this option, programs that contain unsaved data do not quit and the user is not logged off.


P.S. It is, “Run FOR the hills…

P.S. It is, “Run FOR the hills!” #weaklink

Please no more, “Run from the …

Please no more, “Run from the hills!” posts! I have read & heard this incorrect colloquialism too much in the last 72 hours! #weaklink

User Profiles on Remote Desktop Servers

If you have Remote Desktop Servers (RDS) and use a central file share for your users’ roaming profiles the world is good. Some small bit of background information: you set a user’s RDS profile location on the “Remote Desktop Services Profile” tab of a domain user’s account properties dialog. (Active Directory Users and Computers.)

But happens when you need to deploy another Remote Desktop Server in a location/site that does not have network file share access to the user’s defined profile location?

Well if you don’t absolutely need to sync the users’ RDS profile across your servers, you can set the Local Group Policy on the Remote Desktop Servers:
Run... -> gpedit.msc -> Computer -> Administrative Templates -> System -> User Profiles -> Only Allow local user profiles -> Enabled
This will override the Profile Location Setting defined in a user’s account properties and force the use of a local profile on the server.

Better than nothing…

Now a bad Physics joke: A neut…

Now a bad Physics joke: A neutron walked into a bar and asked, “How much for a drink?” The bartender replied, “For you, no charge.”

Thinking about astronomy tonig…

Thinking about astronomy tonight…Reminds me of the quote, “Whatever the missing mass of the universe is, I hope it’s not in cockroaches.”

WFAA Inclement Weather Listing

Information from the WFAA.com website about signing up for the weather closure listings:

Thank you for visiting WFAA.com’s closings page. We will list the following who have pre-registered in our system:
* Public school districts
* Large private schools (grades K-12 with 150+ students)
* Universities and colleges (listed with the Southern Association of Colleges and Schools)
* Governmental agencies* Preschools, ages 3 to 5 years of age only, 150 students or more with the exception of Franchises.
* Businesses (with more than 500 people in one location)

If your agency or business qualifies, but you have not yet signed up, please fax your information (including contact information) on company letterhead to: 214-977-6464. Or email your information including Name, Day Phone, Night Phone, Business Name, Street Address, City, Zip Code, E-mail, Type of Closing (closed, opening late, closing early) and Time of Closing to weatherclosings@wfaa.com (you will be contacted for verification).

If you are already registered for our system, call the number in your confirmation letter and use the private ID number to activate your closing.

VMware Networking Issues with Windows 7

If you need a Firewall between the physical host and its guest virtual machines, this workaround is not for you.

The problem is that on Windows 7 (x86/x64) the VMware virtual adapters and subnets are found and reported as “Unidentified Network”. This means that the built-in Windows Firewall can only treat the VMware networks, and thus the guest VMs, as type Public.

When the network type is set to Public, the Windows Firewall by default blocks Microsoft File & Print, and other most other network traffic, which effectively prevents useful direct communication between the physical host and its VM guests. You might, if allowed, disable the Firewall or configure exception rules for the VMware virtual subnets and/or hosts. Disabling the Firewall for all public networks is a bad security practice and managing the Windows Firewall is a tedious task that still leaves potential security holes.

Below are the instructions from the VMware Knowledge Base Article 1004813 that I used to change the VMware virtual network adapters to be endpoints. Endpoints do not show up in the “Network and Sharing Center” are also excluded from control of the Windows Firewall. This makes it easier to manage the Firewall rules and Home, Work, and Public network types for real, physical adapters.

This work around solution can be used until VMware updates their networking technology to meet current operating systems standards.

# VMware KB Article: 1004813
# Updated: Apr 29, 2010

Redefine the VMware virtual NICs as endpoint devices

This procedure is permanent and allows for the continued use of Bridged, NAT, and Host Only networking. However, doing this causes the VMware virtual NICs to disappear from the Network and Sharing Center, even though they remain visible under Network Connections. This also causes the VMware virtual NICs to be exempt from all Windows Firewall access rules. When implemented, the control of virtual machine network access must be done from the guest operating system of each virtual machine. This bypasses the default security model of Windows Vista with respect to the the VMware virtual NICs, and the implications of using this procedure must be carefully considered.

To redefine the VMware virtual NICs as endpoint devices:

  1. Click Start > Run.
  2. Type regedit and click OK.
  3. Double-click HKEY_LOCAL_MACHINE>System>CurrentControlSet>Control>Class>{4D36E972-E325-11CE-BFC1-08002BE10318}.
    Caution: VMware recommends that you back up this registry key before proceeding:
    1. If {4D36E972-E325-11CE-BFC1-08002BE10318} is not still highlighted, click it.
    2. Click File > Export.
    3. Pick a location and name for the Registration File (*.reg).
    4. Click Save.
  4. Click 0000.
  5. Look at the content of the Data field associated with the DriverDesc entry.
  6. If you see VMware Virtual Ethernet Adapter for VMnetx , where x is replaced by a number, then:
    1. Right-click an empty space in the right content pane.
    2. Click New > Dword.
    3. Type *NdisDeviceType
      and press Enter.
      Note: Ensure to include the asterisk (*) at the beginning of the entry.
    4. Double-click *NdisDeviceType.
    5. Type 1 and press Enter.
  7. Repeat steps 4-6, replacing 0000 in step 4 with the next entry in numerical order, until you have reached the end of all numerical entries.
  8. Follow the Disable the VMware virtual NICs section of this article above.
  9. Repeat step 8 but click Enable this network device instead.