Looking for User Training for Windows and Office? Check out ELF.

Looking for a way to provide tips about Windows 7 or Office at your office? The Microsoft Enterprise Learning Framework gives you fast access to information that you can share with users regarding the deployment and usage of Windows client operating systems and office applications.  Walk through a few steps, select the OS and applications that you need, and then review the list of articles and short videos that you can share as you deploy new software.
All the links lead to content that is available on online, but its neatly organized in a way you can share with information workers in your organization.  According to the Microsoft site, you can use ELF for a variety of purposes:

  1. As part of your deployment communication plan. Select the timeframe (for example, a month before deployment, a week after deployment) and category of employee (for example, Information Workers) and then generate a sample e-mail with topic recommendations for your employees.
  2. To identify a few key learning topics for a particular feature, such as Search. For example, you could include links to Windows Online Help topics about the Search feature on your corporate intranet site.
  3. Any time, to get ideas for tips-and-tricks topics for newsletters, your intranet support site or lunch-and-learn presentations. 

Finally, need documentation for some of your own applications so you can share tips with others?  Try using the Problem Steps Recorder that’s included with Windows 7.  Not only a great way to troubleshoot issues, you can use the tool to capture screen shots with captions that you can use as a starting point for your own instructional documents.

SceCli Warning: Event 1202 on Windows XP

Here’s an error that was found on two of our workstations recently:

Event Type: Warning

Event Source: SceCli
Event Category: None
Event ID: 1202
Computer: COMPUTERNAME


Description:
Security policies were propagated with warning. 0x4b8 : An extended error has occurred.

For best results in resolving this event, log on with a non-administrative account and search http://support.microsoft.com for “Troubleshooting Event 1202’s”.


The warning was repeated several times a day and it looked like the machine might not be process all our group policies correctly.   A check in the “%windir%\security\logs\winlogon” log file repeatedly showed “Error 1208: An extended error has occurred. Error creating database.”

I did a little searching around on the web and suspected that the local security database, secedit.sdb was damaged.  There were a couple of KB articles that danced around what seemed to be going on (KB278316 and KB818464), but either the OS indicated wasn’t XP or I wasn’t seeing all the errors listed.  But they seemed promising, so I tried one on each workstation.

Option 1 – ESENTUTL /p


Run ESENTUTL to repair the database using the command line below.  Follow with the ever popular “gpupdate /force”.

esentutl /p %windir%\security\database\secedit.sdb

Later, I came across a mention in KB884018 that indicated using ESENTUTIL /P on Windows XP could result in tattooing some previous GPO settings in the registry, but that wasn’t a big concern for me.  We don’t often rely on GPOs to rollback to their previous settings if they are removed, we usually actively change each setting if we want to alter a GPO that was previously set. I not worried that I did anything that will affect our future policies, however if you are skeptical, use the next option instead.
Option 2 – Rebuild the Security Database

  1. Open the %SystemRoot%\Security folder, create a new folder, and then name it “OldSecurity”.
  2. Move all of the files ending in .log from the %SystemRoot%\Security folder to the OldSecurity folder. (You may need to use SAFE MODE to copy all of these, however I just skipped the ones that I couldn’t copy.)
  3. Find the Secedit.sdb file in the %SystemRoot%\Security\Database folder, and then rename this file to “Secedit.old”.
  4. Click Start, click Run, type mmc, and then click OK.
  5. Click Console, click Add/Remove Snap-in, and then add the Security and Configuration snap-in.
  6. Right-click Security and Configuration and Analysis, and then click Open Database.
  7. Browse to the %TEMP% folder, type Secedit.sdb in the File name box, and then click Open.
  8. When you are prompted to import a template, click Setup Security.inf, and then click Open.
  9. Copy %TEMP%\Secedit.sdb to %SystemRoot%\Security\Database.
  10. Reboot.

This was a longer process that the first option, but seemed to be just as effective. As I mention in the steps, I didn’t bother with using safe mode to ensure I could copy or rename all the files.  There seemed to be no ill effects with doing that, at least not in the short term.


Finally, I added a rule to System Center Essentials 2010 to watch for this error message on workstations in the future. I’d like to know sooner than later if some of the workstations in our organization are having issues processing GPOs.  We aren’t sure exactly why those two machines had issues, though they have had viruses removed from them in the past.  Perhaps trashing parts of the local security database was a result of some malware action.

Don’t miss these Upcoming Events

PacITPros will be having there monthly meeting on August 3rd.  PacITPros member Sam Bowne will be presenting a recap of items that came out at Defcon and Blackhat. Doug Spindler will be talking about security items related to the recent Microsoft Zero day exploits that have come out.  Don’t forget to RSVP!

Coming up in early November, there is the SharePoint Intelligence one-day conference in Santa Clara.  For $350, spend the day attending a variety of sessions and networking with others involved with SharePoint. I’m hoping I can score a little training budget from the office! If you are in Southern California, the event will be held in mid-September.

Don’t Forget: Today is SysAdmin Appreciation Day!

System Administrator Appreciation Day is ccelebrated all day the last Friday in July, so it’s not too late for you to show your beloved Systems Administrator, Help Desk Tech, Network Guru, or even that person in your office who’s not “officially” a sysadmin but he helps you out of a jam with your computer anyway.

I’m not going to tell you what the best gift is, but even a little gift card for coffee or lunch can go a long way.  Better yet, invite them to grab that snack face to face.  Believe it or not, sysadmins like to escape the office from time to time too!

Check out the Windows 7 and Windows Server 2008 R2 SP1 Beta

Have you downloaded the Windows 7 and Windows Server 2008 R2 SP1 Beta yet?  What are you waiting for?  The public beta is best suited for IT pros, tech enthusiasts and developers who need to test the service pack in their organization or with the software they are developing.  It is not available for home users.

The Windows 7 and Windows Server 2008 R2 SP1 Beta helps keep your PCs and servers on the latest support level, provides ongoing improvements to the Windows Operating System (OS), by including previous updates delivered over Windows Update as well as continuing incremental updates to the Windows 7 and Windows Server 2008 R2 platforms based on customer feedback, and is easy for organizations to deploy a single set of updates.

Learn more about the SP1 Beta on the details page and don’t forget to check out the SP1 Beta Reviewer’s Guide.In order to download and install the Windows 7 and Windows Server 2008 R2 SP1 Beta you must currently have a Release to Manufacturing (RTM) version of Windows 7 and Windows Server 2008 R2 already installed. The Beta is available in English, French, German, Japanese and Spanish.


Goodbye SiteScope, Hello System Center Essentials

Up until very recently I’ve used HP SiteScope to monitor uptime of systems and to send email alerts when services fail.  HP acquired SiteScope from Mercury Interactive in 2006 (who acquired SiteScope from Freshwater Software) and has since released several upgrades.  But I’ll admit that upgrading to version 9.0 two years ago eventually led to uninstalling it this past week.  I’ve used SiteScope for years, starting with what was version 6 in the late 90’s.  It had a black and green dashboard with green, yellow and red animated alerts – very reminiscent of some classic video games.

It was easy to create new monitors, group them and generate automated uptime reports with basic graphs.  It was simple and did exactly what I needed for the small infrastructure I worked with.  It even had features where failed services could trigger automated attempts at restarts or run other scripts.

And then it evolved.  Once acquired by HP and integrated into its BTO (business technology optimization) line of products, it evolved beyond my needs and my desire to learn a more complex version of a tool I had been comfortable with for years. Getting monitors to work the way I wanted seemed more difficult and it wasn’t as easy to change things around once they were created.  Still, we upgraded fairly regularly and paid our annual maintenance fees.  But I never loved the HP version like I did with the Freshwater/Mercury Interactive product.  I admit, I missed the old days.

Thus I’ve switched to System Center Essentials 2010.  As as Microsoft SA customer, it seems like a no-brainer to just add this product into our active inventory.  It’s not a simple product to work with either, but it  appears to do what I need without too much special configuration right out of the box.   Since installation three weeks ago, I’ve deployed the agent to over 25 servers and 75 clients.   I’ve tweaked some of the rules to reduce some alerts I’m not interested in and there are some statistics that appear to be available if I had a moment to figure out how to activate them. 

I like the improvements it adds to WSUS, like the ability to set a deadline to install updates and automatic groupings based on OS or hardware types.  Plus I was easily able to add “ping monitors” to networking equipment and other gear that isn’t running a Microsoft operating system.  The out of the box monitoring of hard disk space usage is handy too.  (Watch for more posts about my adventures with System Center Essentials as I find time to work with it more.)

I’ve ran into other products in the past decade that try to be everything and end up more complicated than many smaller customers might need.  It took me a while, but I’m glad I let go of some nostalgia and moved forward with SCE.  It’s growing on me.

Google Voice – Never listen to voice messages again.

I’ve been using Google Voice for several months and now that it’s available to everyone in the US (no invitation required) it might be a good time to take a look at it if you haven’t already.

First off, I’ll admit that I use Google Voice for one key feature – the voice message to text conversion. Sure, it’s nice to have an alternate phone number I can give out if necessary, but when it comes down to it I just really dislike listening to voice mail messages. By having Google Voice convert messages to text and send them to my email or via SMS to my phone, I rarely have to call in to listen to a message.

Now, like many speech-to-text tools it has limitations. If there is a lot of background noise behind the caller, they have heavy accent or tend to speak quickly, the conversion might not be as comprehensive as you’d like. However, it does give me a good gist of what the call is about and if it requires my immediate attention. If I really need additional details from the message, I’ll check the audio at a later time.

Google Voice reduces the time I spend checking voice mail messages from a daily occurrence to something that happens less than once a week. What more could I really want for free? Read more about it on the Google Voice Blog.

A Shoretel Upgrade Hiccup, plus Why I Love Our DBAs

A few weeks ago, I posted about our Shoretel upgrade from version 6.1 to 10.1. Overall, the upgrade was smooth and including an upgrade of the conference bridge hardware and software to version 7. However, there was one little post-upgrade problem. I was unable to view or edit the user configuration for a subset of my users using the Shoretel Director web portal. An “data undefined” error would display in my browser and then once that box was clear, the word undefined appeared in one of the data fields for the user. All other fields were blank and I couldn’t perform any actions like delete, save or reset.

After performing a database repair with our VAR, a ticket was opened with Shoretel directly. A Shoretel engineer looked at the issue, took copies of our database and log history from the upgrade and we were left to wait for a resolution of some sort. The users in question had fully functional phones and voicemail, as well as any other feature they had before the upgrade. Outside of a slowing growing list of tweaks I couldn’t make to those users, the system was perfectly stable.

Because the users had fully functional services, I doubted we were up against any major database corruption. While one could argue that we did an extensive upgrade in one evening (6.1 to 7.5 to 8.5 to 10.1) we didn’t deviate from the standard upgrade process that one could have done over time. While waiting for Shoretel to respond to the escalated ticket, our senior in-house DBA came across some free time and was able to take a look at the MySQL database himself.

The list of affected users spanned departments and had very little in common outright. However, I suspected they had some common component enabled and those settings were causing the new version of the Shoretel Director web portal to choke when loading the information. I’ve noticed that some fields that weren’t required in the past (like Last Name) are now required, so I was hoping it was something along those lines.

I provided my list and my hunch to our DBA who started sorting and running queries on our users table to see what could possibly be mucking up the system. It wasn’t long before he found the culprit – the password hash for the conference bridge for those users in question. For the majority of the users of the conference bridge, I used the same, relatively simple password for every person when setting up their bridge access for the first time. The stored hash for that password, as well as one other password that was used more than once in the system, was causing the problem. Our DBA nulled out the passwords and the user settings were then accessible.

We aren’t sure if it was those two particular passwords or the fact that they were duplicated that was the issue, but we did learn that sometimes knowing your data is more important than anything a vendor could do for you. Because we were familiar with our users, our DBA was able to look for patterns that made sense to us. Our ticket has been with Shoretel for several weeks – it was likely they were looking for a programmatic issue of some kind, because the database was technically sound. Not sure how long it would have taken if our DBA hadn’t had time for a side project.

As a systems administrator, I like to think I can troubleshoot most issues. But database management is an area I don’t spend a lot of time in and I’m thankful for having a great DBA resource sitting nearby. Sometimes being good at your job means recognizing those that do their job well too and making sure they know you wouldn’t be nearly as good without them.

ImageRight 5.2 Improvements

I’m looking forward to spending a couple days in Las Vegas next month at the Vertafore Connection Tour so I can chat with other people who are using ImageRight. We’ll be looking to upgrade to version 5.2 soon and here are some of the new and improved features. You can find these and more in the version 5 release notes.

  • The ImageRight Application Server is certified for Windows Server 2008 R2 (64-bit).
  • The ImageRight Desktop is certified for Windows 7 (32 and 64-bit).
  • Installer was improved to make the selection of native vs. integrated (AD) security more user friendly.
  • Created a Microsoft Outlook plug-in that will allow users to work ImageRight tasks directly from Outlook. (additional licenses required)
  • The user interface for Business Process Reporting has been redesigned for a better experience. Includes reports for managers to see volume of images being added by users.
  • The enteprise scanner application now has keyboard shortcuts and Windows access keys for many of the menus.
  • ImageRight Desktop can now run inside IE 7 or higher, by utitizing Click Once technology. (This will probably be great for remote access scenarios!)
  • Export utility allows for bulk exports based on file search or flat file parser. (There used to be a bulk exporter in version 3.5, but it was not ported to version 4.0. I’m looking forward to having it back in version 5.2.)
  • Device Merge Utility provides the ability to merge images from an existing storage device to one or more other storage devices.
  • The burning service can now support blu-ray discs.
  • Retention Management functions have been added, to allow sites to set retention and cut off dates throughout the system. (additional licensing required)

Many of these features are just what I’ve been wishing for. I hope its all worth the wait!

SharePoint and Document Management

A couple of weeks ago, I attended a free seminar that featured a document management solution that integrated with SharePoint. As a new SharePoint administrator for a company that already has a content management system in place, I was curious has to how they compared.

KnowledgeLake has several product components that can be used to capture, image and manage enterprise content from various sources. The seminar demonstrated several of the products running on top of SharePoint 2010.

  • Imaging – View, annotate and index images from a web browser using a SilverLight based document viewer; scan batches of documents; centralize the configuration of indexing, database validation and lookups; scan and index documents without ever leaving the SharePoint interface.
  • Capture – Scan documents in batches; use OCR technology to extract document meta-data; use “key from image” technology to easily apply document meta-data; save documents to SharePoint from anywhere you have a web (HTTP) connection.
  • Connect – enables users to save content on an ad-hoc basis – such as Office documents, PDF files and e-mail messages; provides integration to virtually any line of business application; monitors the files you retrieve from SharePoint and updates SharePoint as you save changes to your documents.
  • Workflow – attach a business process to documents in Microsoft SharePoint, including routing of documents for approval, reviews and/or the document’s lifecycle. Workflows can be user-initiated or automated based on the actions of the scanning and capture software.

Since we started looking at managing our documents electronically through our enterprise, I’ve been an advocate for using technology to help streamline processes, make important documents easier to find and better protect data that might not otherwise be recoverable in the event of a fire or flood.

While I won’t be looking to replace our current document management system, ImageRight, I was please to see that there are other products available that have a similar feature set, while taking advantage of a portal that a company might already be utilizing.