Here is a quick command that can be used so that you can run the ipconfig/all command from the run box without it closing down on you:

cmd /k ipconfig /all

This should bring up the cmd box but pause and wait for input before closing down:

Pressing the key should close the box down.

The command ipconfig can obviously be changed for any other command that will output to the cmd screen.

This should also work in places where cmd has been locked down. You may just receive a message like this in the output:

Cheers

Paul

Whilst at a customer recently I had a requirement to run a ‘Diskpart /Clean’ at the start of a task sequence to remove any encryption on the drive, in this case McAfee. I have done this several times in the past however always hit a few niggles so thought I would blog to refer to in the future

The easiest way to do this is to perform the following;

1. Mount your Windows PE image(s) to a directory
2. Create a text file called ‘CleanPartitions.txt’ (for arguments sake), with the following content;
   • Select Disk 0
   • Clean
3. Copy this text file to ‘<Mounted Folder>WindowsSystem32′ (again, for arguments sake)
4. Commit the mounted folder back to the .WIM

In your task sequence, before the standard ‘Format and Partition Disk’ phase, perform the following;

1. Add a ‘Run Command Line’ task
2. In the ‘Command Line:’ text area, type;
   • diskpart.exe /s “%windir%system32CleanPartitions.txt”
3. Disable 64-bit file redirection
4. Save the task sequence

This should now run successfully and remove any encryption on the drive

It is worth noting that this will only work in a Lite-touch situation as you will need to either PXE-boot or use bootable media. There is a solution that McAfee have released that allows you to perform this end-to-end in a Zero-Touch situation that I will blog about soon.

Cheers

SteveH

Just to let you know TMG 2010 SP2 Rollup 1 has been released

Here is the link to the rollup http://support.microsoft.com/kb/2649961

The following fixes are in this rollup package

“2654016 (http://support.microsoft.com/kb/2654016/ )
FIX: A client may be unsuccessful in accessing a Java SSO application published to the web in a Threat Management Gateway 2010 environment

2653703 (http://support.microsoft.com/kb/2653703/ )
FIX: You receive an "Error: Subreport could not be shown" error message in the User Activity or Site Activity report in a Forefront Threat Management Gateway 2010 environment

2654585 (http://support.microsoft.com/kb/2654585/ )
FIX: UDP packets may become backlogged when you increase the "Maximum concurrent UDP sessions per IP address" setting in a Forefront Threat Management Gateway 2010 environment

2624178 (http://support.microsoft.com/kb/2624178/ )
FIX: Threat Management Gateway 2010 administrators may be unable to generate reports

2636183 (http://support.microsoft.com/kb/2636183/ )
FIX: Both sides of a TCP connection are closed when the client or remote application half-closes the TCP connection in a Forefront Threat Management Gateway 2010 environment

2653669 (http://support.microsoft.com/kb/2653669/ )
FIX: Summary information for the Top Overridden URLs table and for the Top Rule Override Users table display incorrect information in a Forefront Threat Management Gateway 2010 environment

2617060 (http://support.microsoft.com/kb/2617060/ )
Forefront TMG 2010 enables L2TP site-to-site connections in RRAS

2655951 (http://support.microsoft.com/kb/2655951/ )
FIX: Japanese characters in the subject line of an Alert email message are not readable in the Japanese version of Forefront Threat Management Gateway 2010

2654068 (http://support.microsoft.com/kb/2654068/ )
FIX: "The Web Listener is not configured to use SSL" warning message may occur when you configure a Web Listener to use a valid SSL certificate in a Forefront Threat Management Gateway 2010 environment

2654193 (http://support.microsoft.com/kb/2654193/ )
FIX: You receive a "Bad Request" error message when you try to access Outlook Web App in a Forefront Threat Management Gateway 2010 environment

2654074 (http://support.microsoft.com/kb/2654074/ )
FIX: String comparison may become case-sensitive when you publish a website by using Forefront Threat Management Gateway 2010

2658903 (http://support.microsoft.com/kb/2658903/ )
FIX: The Forefront Threat Management Gateway Firewall service (Wspsrv.exe) may crash frequently for a published website secured by SSL after you install Service Pack 2”

Thank You

Just to let you know CRM 2011 Rollup 6  has been released  

You can download from the following location http://www.microsoft.com/download/en/details.aspx?id=28712&WT.mc_id=rss_alldownloads_all

When a Common Area Phone (Hot-desk) is dialled and the call is unanswered, the call disconnects after 20 seconds by default. This number can be increased using the SEFAUtil tool.
Solution
SEFAUtil.exe /server:lyncserver.domain.com user@domain.com /enablefwdnoanswer

/callanswerwaittime:40
For details on implementing SEFAUtil see the following blog: http://support.risualblogs.com/blog/2012/01/11/installing-sefautil-for-lync-server-2010/

Secondary Extension Feature Activation (SEFAUtil) allows Lync administrators to configure call forwarding settings on behalf of other users and query their call routing settings. Below are the steps for implementing SEFAUtil on an existing Lync Front End server:

1. Login to Frontendserver.domain.com, download and install Microsoft Lync Server 2010 Resource Kit Tools Download Here
2. From the Lync Management Shell, run Get-CsSite to find your SiteId. As you can see from the example below, in the test lab our SiteId is Tokyo:

1. Create a variable for $Site by running the following with your SiteId specified. See the example for Tokyo below:

$Site=Get-CsSite –Identity Tokyo

1. Run the following in the Management Shell exactly as below:

New-CsTrustedApplicationPool –id Frontendserver.domain.com –Registrar Frontendserver.domain.com -site $Site.SiteId

1. Run the following in the Management Shell exactly as below:

New-CsTrustedApplication –ApplicationId sefautil –TrustedApplicationPoolFqdn Frontendserver.domain.com –Port 7489

1. Finally, run Enable-CsToplogy from the Management Shell

We had a request recently to Disable SSL 2.0 on a Customers Server for Security Reasons as it is flagged as an issue when they were doing there internal Pen testing.

You can do this simply by setting the below registry key.

Key: HKLMSYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 2.0Server
Value: DisabledByDefault
Type: REG_DWORD
Data: 0×1

Once set reboot the server and SSL 2.0 will be disabled

Excellent tabular list of new and upcoming features in Hyper-V 3.0 with Server 8

http://aidanfinn.com/?p=11979

Cheers,
SteveH

Had an issue recently whilst trying to re mediate an App-V 4.5 management server. Another website had been installed which had overwritten the Default Web Site that App-V was using for it’s management web service on the Management Server thus the admin console would not connect. The management server was running on Server 2008 R2 and IIS 7.

After relocating the additional website, I removed and reinstalled  IIS making sure I selected the following two additional features (which are required);

• IIS6 Management Compatibility
• IIS Management Scripts and Tools

I then attempted to run the installer again but got the same error. After checking IIS the Default Web Site had not been created after reinstalling. I re-created this website (making sure I used the exact name – ‘Default Web Site’) and re-ran the installer which succeeded.

It transpires that the 4.5 installer is hard coded to use the Default Web Site

Cheers,

SteveH

We had a customer recently requesting that we block users from downloading attachments in OWA but allow them to view attachment when choosing the open in new windows option. They had published there OWA via UAG and had a single application in a UAG trunk that published there OWA.

To do this the first thing you need to do is edit the trunk that you Exchange OWA application Sits in.

Hit Configure on your trunk and then go to the Global URL Settings and Press Configure on Download URLS.

Now we need to remove “.*/WebReadyView.aspx.*” but I’ve just renamed it to “.*/DeleteMEWebReadyView.aspx” essentially removing it. The reason we are doing this is that all URL’s under the Download URL’s will hit the UAG Download Policy, but as we want to allow users to open attachments in new window , we need to make UAG treat it as a normal URL so that it doesn’t get blocked by download policy.  (“.*/WebReadyView.aspx = Open in New Window Page)

Now we need to actually set what download policy is set for OWA so now if you open the Exchange Application in the Exchange Trunk and go to the Endpoint Policy Setting Tab. I have set the Download Policy Option to Never which will block downloads for any device connection to OWA (Please Note this Only Effects the individual application and has no effect on the others)

Once I did this and applied the setting , the OWA attachment was still downloading. So I went back into the Exchange 2010 application and noticed the following setting was checked “Evaluate without Enforcement” , so basically what was happening is that UAG knew the downloads from the OWA URLs should have been blocked but due to this setting it didn’t enforce the Download Policy and allowed the attachment to be downloaded. As soon as I unchecked this option the download of the attachment started getting blocked