Using Group Policy Preferences to control multiple BGinfo scripts

I just stumbled across this interesting article “Using Group Policy Preferences to control multiple BGinfo scripts” during a search, this may indeed be worth a closer look.

http://www.fr3d.org/2010/03/using-group-policy-prefs-to-control-bginfo-scripts/

Group Policy Loopback

I keep forgetting how to enable Group Policy Loopback processing, this is useful if you have an advanced structure/advanced needs within your OU’s in AD.

The recipe is simple;

To set user configuration per computer, follow these steps:

  1. In the Group Policy Microsoft Management Console (MMC), click Computer Configuration.
  2. Locate Administrative Templates, click System, click Group Policy, and then enable the Loopback Policy option.

This will allow for Usersettings to be propagated even if they are only in the Computer OU.

More here; http://support.microsoft.com/?id=231287

iLO firmware is in a network flash recovery state

If you use HP servers you hopefully also use or have configured the iLO connection, the iLO port will allow you to connect to the console screen of the server even if Windows is not booted, this allows for installing a server or configuring bios settings etc remotely.

However, yesterday when I tried to connect to one of our servers via iLO (you do this via Internet Explorer)  i got this message;

<?xml version="1.0" ?> - <RIMP>
-<MP>   <ST>5</ST>   <INFORM>The iLO firmware is in a network flash recovery state.</INFORM>
<REFERENCE>Refer to the iLO network flash recovery under the trouble shooting 
section in the iLO users guide.</REFERENCE>   </MP>   </RIMP>
Well that was not what I expected, anyhow the solution is fairly simple, you just need to download the iLO firmware and flash the iLO management processor, this can easily be achieved via FTP.
  • Download the iLO firmware from www.hp.com(support and drivers, search for iLO firmware), note there is difference between iLO/iLO2/iLO3 so check your server specs for which FW to get.
  • Unpack firmware (by far the easiest way is to use www.rarlabs.comWinRar, just rightclick and extract from the .exe you downloaded before)
  • Find the iloXXX.bin and copy it to C:\  (or use your own location if you prefer, just remember to change it in the commands below also).
  • Start a command prompt (cmd.exe)
  • Issue these  commands;

    FTP x.x.x.x  (replace x.x.x.x with the correct IP)
    User: flash
    Password: recovery
    type binary
    put c:\iloXXX.bin   (replace XXX with the version number of the image file)

    and then wait while it flashes the ROM you will see a progress indicator.

After this iLO should be back up working 🙂  easy as pie..

HP – ProLiant Support Pack – download link

For those of you that have ever tried finding anything on HP’s homepage you know that it can be virtually impossible 🙁 thus I am often struggling to find the download link for “HP ProLiant Support Pack for Microsoft Windows Server 2003”, well no more my friends 🙂 here is the link to use 🙂

http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareIndex.jsp?lang=en&cc=us&prodNameId=3716247&prodTypeId=18964&prodSeriesId=3716246&swLang=13&taskId=135&swEnvOID=1005

And as a bonuslink, here is how to install it on a “Server Core” (the one without the Win GUI)..

http://www.thomasmaurer.ch/2010/02/cheatsheet-how-to-install-hp-support-pack-on-a-server-core-installation-3/

Parted Magic 4.9


(Screenshot is from an older version than the current 4.9)

Yet another free partitioning CD (why in the world pay for Partition Magic), this CD will let you boot from it and resize your partitions and much more (free).

http://sourceforge.net/projects/partedmagic/files/

Super ORCA

super_orca_screenshot_2If you have ever worked with .MSI files you must have touched Microsoft’s utility ORCA.  Well it proves there is an alternative to this with a few extra features Super ORCA, so if you ever mess with .MSI files you may want to give Super ORCA a spin at http://www.pantaray.com/msi_super_orca.html

Softgrid tool and guide

So I had to brush a bit up on my Softgrid knowledge for a package build and I came across a few things I’d like to share;

  1. A super guide to Softgrid building by one of the Guru’s on the field (Chris Lord).
    http://myitforum.com/cs2/files/folders/120058/download.aspx
  2. A neat util to explore Softgrid packages without installing the sequencer. SFT Explorer.
    sftexpl_screenshot_tb
    http://www.virtualapp.net/sft-explorer.html

As of right now I haven’t really gotten my package to work, I have to include an old version of Java with a link to a web-site.  But even if I set the registry to override it still fail to launch the old java, if no java is on the machine in advance it works like a dream..  We are currently using the old 4.2 sequencer so I might try the 4.5 version to see if any improvements has been made.

Extract files/drivers from Install Shield packages

So you would like to extract some files from an Install Shield (IS) installer package you have, you may as I just need a few driver files from a package.

Well first you try the extract command from Windows (as some of the Install Shield files come as .cab files) however you quickly discover that the IS.cab files are not compatible with the Windows .cab files.  WinRar is often good at extracting all sorts of files, but not the IS files. You can forget all about -e or -x for extract that does not work either.

But there is a way, you need an utility called “ISCabVu.exe”, sadly this utility is not just lying around on the net, so you need to do a bit of fiddling around to get hold of it.. 

1. Download an evaluation copy of Install Shield (any never version will likely do, do go for the latest).
2. Install it (if you don’t want to pollute your system use SandboxIE (requires 32bit os)).
3. Copy the files under “Program Files\InstallShield\2010\System” to a different location.
4. Now just run the “ISCabVu.exe” file.
5. You may be able to thin out this directory (150mb) but this may take some time and may not be worth your time.

Now the extract part is easy, see image below;
hpquickbtn

Creating and using a custom Policy file (adm template)

So you for some reason or other need a custom GroupPolicy template (.adm template) to set some strange setting for some odd software.

You can use a Policy.ADM file to set custom registry values either for your own pc (may seem like a bit overkill) or more likely for your domain.

Well I have created a few of these back in the good old NT4 days and it was not all that difficult once you got the hang of it, and thus when I had the need again lately I was confident I could get it to work without too much of a hassle.

I was wrong :-/

Ok, creating a simple policy.adm file is easy;

policy1

And if you enter a keyname like;
”SoftwarePoliciesMicrosoftwhatever”

Things will work brilliantly, however lets say you want to change some obscure value for the adobe reader!?  This is outside the “Policies” section of the registry.. things will look like this when you enter the GPM MMC console.

policy2

This is where I lost my temper and started cursing at my monitor, see again once I put “Policies” in the keyname everything worked like a charm (but my setting was NOT in the Policy region of the registry)..

So Google to the rescue, it would seem that things have changed since the good old Poledit days, and that you need to do a bit of editor tweaking to get those ‘dirty’ settings available under NT4+ systems now-er-days.

Here is the secret;

policy3 
View, Filtering, “Only show policy settings that can be fully managed”..

Once this is done you can see everything – just like in the good old days 😀

policy4

Also it’s worth noting the other filter settings, I did not even know they existed, now you can actually limit your view to only those settings that are set, and this DO make it a lot easier to overlook the more complex policies.

Good luck making your new policies its easy as pie you know..

Links;
http://episteme.arstechnica.com/eve/forums/a/tpc/f/12009443/m/645000852731/inc/-1
http://www.windowsecurity.com/articles/ADM-Template-Repository.html
http://technet.microsoft.com/en-us/library/cc738443.aspx

SandboxIE a virtual sandbox for all your applications

sandboxieYou must have heard of virtual machines and virtual software (Softgrid and ThinApp former Thinstall) these solutions are really cool and offer a lot in security and ease, however they are not really good for adhoc projects.

Say you need to test a new application but are not sure you want to keep it, well you can fire up a virtual machine and install the software here, however fireing up a virtual machine takes time, memory and ressources so in other words its not ‘easy’ and convient.  Well a little known program takes care of this, SandboxIE, with this baby you can download your application and just right click on it and say run sandboxed.

So how does it work, well its quite ingenious actually. The software will create a “sandbox” for the application (could be anything – a single exe file – Microsoft office or an installation software) anything this software does is written in the sandbox and NOT in your filesystem (both filesystem and registry are sandboxed), however the software can READ anything on your filesystem/registry – the software thus does not know its sandboxed it will preform just as it would in real world.  You can even browse the sandbox and see what files are installed and where (or what changes would be made by the software).

SandboxIE has buildin support for internet browsing security, hence you will by default have a shortcut for launching your Internet browser in a sandboxed environment, this is really cool as if will offer you a VERY high level of security when browsing – any evil stuff you stumble across during your browsing can be undone (activex components installed, Google-Yahoo-Live toolbar, trojans installed).

frontpageanimation

What are the applications of this software?

  • Security for one, you can now safely run an application (suspected spyware etc) and the changes it makes are NOT permanent, you can simply empty the sandbox afterwards.
  • Installation tests, say you are installing new software but need to figure out which settings etc are right, well now you can install the same software as many times as you like.
  • Launch your internet browser in a sandbox, none of the trojans and evil scripts on the net can harm your windows installation – any evil stuff installed (including Google Toolbar etc) can be undone by clearing your sandbox.

A word of caution though, even though the software can NOT write to your filesystem it can still read everything on it (registry and files), thus if we are talking spyware or the likes it can still read your confidential information, also spyware/trojans installed while you browse may compromise your privacy even though they cant do permanent damage to your system.

SandboxIE is very easy to get started with, but offers very complex configuration.  If you are interested in or use Virtual Machines of software virtualization you should really check this our, but also if you are concerned with security while you browse the net.

You get a free 30 day trial and then the price is 22€ (well worth its price).
Download and get all the details here; http://www.sandboxie.com/

Get a great podcast intro to SandboxIE here