My favorite tools…

I’ve been wanting to put a list of my favorite tools online for a long time…
System cleanup, tune-up and optimization:
Ccleaner – Piriform – Free – Cleans caches, temp files, application specific settings, cleans up the registry and much more.
Defraggler – Piriform – Free – An awesome disk defragmentation software.
Cleanup! 4.5.2 – Steven Gould – Free – Very very strong cleanup tool for Windows XP only.
Filesystem repair:
Data Recovery Wizard Pro – EaseUs – $69.95 – Best data recovery software I’ve ever used. Way more efficient than Ontrack EasyRecovery Pro. And cheaper. Saved my a** more than a couple of times.
ViVard – Copyrsoft – Free – HDD diagnostic and sector repair. Vendor independent.
Mac side:
Appcleaner – FreeMacSoft – Free – Application uninstaller for Mac OS. Like AppZapper but free.
OnyX – Titanium Software – Free – Like Ccleaner, for mac. Awesome.
Mouse Jiggler.vbs, a small VBscript I use to prevent a computer from locking itself when I’m working on it without knowing the user’s password:

Set WshShell = WScript.CreateObject("Wscript.Shell")
Do While 1

More to come…


Migrate Outlook settings sans pain.

Just a useful tip from the top of my head. If you want to migrate Outlook settings without having to reconfigure accounts, delivery options and PST locations, here is the registry key you need to export:

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
* If you’re migrating from XP to a next-gen OS (Vista or 7), you’ll get some error messages because C:\Documents and Setting\User\Local Settings\Application Data is now C:\Users\User\AppData\Local make sure you put the PST files in the right place and simply browse to their location when asked.

How Adobe CS3 software can badly hose your network stack on Windows 7.

Since I try to put everything here that gives me headache, makes me pull my hair or worse, makes me want to run to the closest hardware store to buy the biggest hammer I can find, here is my latest discovery…
Case study:
A Windows XP user requests a new computer running Windows 7.
Actions taken:
Backup the old computer to a network share.
Take a new computer out of the box.
Put a standard image on it.
Have the user logging in.
Restore files.
Let the user go.
A few days after the system deployment, the user starts complaining about connectivity issues (i.e. getting an IP but no connectivity) and general slowness of the computer.

Troubleshooting steps:

  • Hardware swap -> no improvement.
  • OS complete reinstallation -> good for a few hours then bad again.
  • Switch configuration, patch panel, network cable and outlet check -> no improvement.
  • The user ended up giving up and asking for his old computer.

Since I got the new one back, I had some more time to investigate…
Here’s what I found after running ipconfig /all:
Default Gateway . . . . . . . . . :

Very interesting, that explains why he has an IP but no connectivity. A quick Google search confirmed the issue:It’s related to Adobe CS3 software that installs Bonjour which basically breaks WinSock on Windows and the solution is to remove Bonjour using the following steps:

  • Go to and download
  • Unzip to a desktop folder.
  • Open task manager and terminate mDNSResponder.exe.
  • Open a command prompt and navigate to c:program filesbonjour
  • Run “mdnsresponder -remove”. This will uninstall the exe and remove the service from the reg.
  • Rename mdnsnsp.dll to anything else.
  • Reboot.
  • Run lspfix and use it to fix the broken winsock.dll.
  • Delete c:program filesbonjour folder.
  • Open a DOS window and run “netsh winsock reset”.
  • Reboot.

Courtesy of FritoBandito from the Adobe Forums.



MDT 2010 Part 2: Initial Configuration

MDT is very simple to use if you are familiar with the imaging process introduced in Windows Vista (Based on monolithic WIM image files that are “restored” instead of set of files that get copied). WIM files can be updated, customized then added back to an installation media or distribution shares.
Once you have MDT up and running, you will need to create what is called a Deployment Share.
  1. Open MDT (Start > All Programs > Microsoft Deployment Toolkit > Deployment Workbench).
  2. Right click on Deployment Shares the select Deployment Share.
  3. Choose the folder that will be shared over the network. Preferably on another partition (i.e. D:Deployment). Click Next.
  4. Name the share: i.e. Deployment$ which will reside on \MDTSERVER\Deployment$.
  5. Select a descriptive name like, let’s say: “MDT Deployment Share”.
  6. Leave all the other settings by default since we will modify most of them later.
The deployment share will then be built. You will see several folders:

It’s a perfectly good time for some explanations:
  • Applications: This is the folder where the post-install applications are listed. They are presented during the wizard if the rule SkipApplications is set to NO.
  • Operating Systems: The OS images reside in there, they can be WIM files or complete OS CD/DVD contents (including Windows XP).
  • Out-of-Box Drivers: Self explanatory, all the drivers you import will be in here. It is STRONGLY recommended to create folders in order to ease future updates (i.e. Out-of-Box Driver\Ethernet\Broadcom for Broadcom Ethernet drivers or Out-of-Box Drivers\Dell\Latitude\D630 for Dell Latitude D630-specific drivers).
  • Packages: Update packages for Windows, like Service Packs, Language Packs… Remember that if you have a Volume License agreement with Microsoft, updated ISO files are available (including the latest Service Pack).
  • Task Sequences: The core of MDT, the task sequences will actually allow you to deploy operating systems. They are composed of 2 XML files, namely unattend.xml and ts.xml. The unattend.xml file is the same you would create with WAIK, based on a catalog generated for a specific image. The ts.xml file contains settings for the task sequence itself. A task sequence lets you configure installer behaviors for pre-installation (settings collection, drive formatting options), installation (image selection) and post installation (application and drivers installation, Windows settings and domain membership).
  • Advanced Configuration contains some advanced features I will talk about in another article. Mainly replication rules and fine tuning.
Your MDT distribution point should now be running. The next article will show you how to add and image and configure it for the actual deployment.

MDT 2010 Part 1: Installation

There we are, finally… Let’s talk about the installation of Microsoft Deployment Toolkit 2010.
First of all, I have to say that I’ve been blasted by this product. It’s been the first time in a long time since I really appreciated using a Microsoft product… Let’s leave the troll aside and proceed with the installation steps.
They obviously need to be installed in that order.
  • On your server, open Server Manager then scroll down to Roles. Click Add Roles then find Windows Deployment Services. Restart your server if prompted to do so.
  • If not already installed, download and install MSXML 6.0 or better.
  • Download and install WAIK using the link above. It will be used to manage settings inside the images by generating catalogs and XML configuration files. WAIK is also some kind of WYSIWYG editor for the aforementioned XML files.
  • Finally, install MDT 2010.
This process should be straightforward if you have installed the utilities in this order. Please note that MDT 2010 doesn’t require WDS to install or run since WDS acts only as a transport for the images. MDT can be run off CDs or DVDs instead of PXE, but that’s not really what you want to do, right?


Sorry, I’ve been quite silent recently but I’m currently writing a pretty exhaustive guide to Microsoft Deployment Toolkit 2010 (MDT 2010).

Stay tuned!

Sophos Antivirus Deployment How-To.

I came across a couple of issue while test-driving Sophos Antivirus Enterprise.

Here are the correct steps to deploy Sophos to Windows machines (XP, Vista and 7):

  1. Create a GPO named Disable UAC with the following settings and apply it to your hosts (Computer Configuration):
    Computer Configuration (Enabled)/Policies/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control/Policy Setting
    User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode Elevate without prompting
    User Account Control: Detect application installations and prompt for elevation Disabled
    User Account Control: Run all administrators in Admin Approval Mode Disabled
  • Create a GPO named Remote Registry Service with the following settings and apply it to your hosts (Computer Configuration):
    Computer Configuration (Enabled)PoliciesWindows SettingsSecurity SettingsSystem ServicesRemote Registry (Startup Mode: Automatic)
    Allow NT AUTHORITY\Authenticated Users Read
    Allow NT AUTHORITY\Authenticated Users Start, Stop, Pause and continue
    Allow CONTOSO\Domain Admins Full Control
    Allow CONTOSO\Domain Users Read
    Allow CONTOSO\Domain Users Start, Stop, Pause and continue
  • Create a GPO named Sophos Firewall Exceptions with the following settings and apply it to your hosts (Computer Configuration):
    Administrative Templates/Network/Network Connections/Windows Firewall/Domain Profile
    Windows Firewall: Allow inbound file and printer sharing exception Enabled
    Windows Firewall: Allow inbound remote administration exception Enabled
    Windows Firewall: Define inbound port exceptions Enabled
    Define port exceptions:
    Windows Firewall: Define inbound program exceptions Enabled
    Define program exceptions:
    %programfiles%\Sophos\Sophos Anti-Virus\SavMain.exe:*:enabled:SophosAV
  • Run the following command in your logon script: “netsh firewall set service type=FILEANDPRINT mode=ENABLE”

You should now be able to deploy Sophos Antivirus seamlessly.


How-to enable the administrative shares in Windows Vista

In Microsoft effort to tighten Windows security, the administrative shares as we used to know them (C$, IPC$ or Admin$) are not visible by default…
Hopefully, here again, there is an easy trick:

  • Open the registry editor (Start > Search > Regedit – right click, run as Administrator)
  • Navigate to: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciessystem
  • Add DWORD Value LocalAccountTokenFilterPolicy set to 1
  • Reboot.

Now you can deploy Kaspersky Antivirus on Vista without taking that much risk.


iTunes hanging when connecting iPhone.

If you see iTunes hanging (being unresponsive) when you connect your iPhone, try the following:

  • Connect your iPhone.
  • Watch iTunes hanging.
  • Curse. A lot.
  • Launch Image, go to the Preferences and select “When a camera is connected open:” “No application”.
  • iTunes magically un-hangs.
  • You’re welcome.


Excel 2007 has trouble opening files?

Double clicking on an Excel file does not open it. Instead Excel opens and displays a blank workbook. However, if you minimize Excel, it will immediately maximise itself and display the file you originally tried to open.

The solution is really weird: You can stop this annoying behavior by adding an Add-in, like this:
Excel options >Add-Ins > Manage: Excel Add-Ins > Euro Currency tools.