Category: Geek Stuff

I came across an interesting problem the other day. A client had a user who was out of the office. The site administrator changed the user’s AD password, but the user was still logged in to her desktop computer under her old credentials.

The next day, the administrator went to the user’s computer to check an email, and she received the expected “invalid credentials” error message. Following the onscreen instructions, she locked the computer and unlocked it using the new password. This “worked”, in the sense that the password was accepted by Windows XP. But she was prompted for a password when opening Outlook and got a “access denied” error message when accessing network shares.

She called me, and I advised her to log off and log back on the computer. When this didn’t help, I had her reboot the computer. When this didn’t work, I accessed the computer remotely and tried logging in as that user.

I logged in using the new password, which Windows XP happily accepted. However, the login script hung on an “invalid password” error and I too got “access denied” messages when accessing network shares. But what was strange is that the login script accepted the username and new password when entered manually.

I figured something must have been screwed up with the user’s cached credentials, so I clicked Start > Run and typed the following:

rundll32.exe keymgr.dll, KRShowKeyMgr

This opened a window with the user’s cached credentials. I could have clicked “Remove”, but instead I clicked on “Properties” for the domain credentials and put the new password in.

And everything started working again.

In this post, I showed you how to make an “universal install DVD” for Windows 7. In a nutshell, by deleting one file from a Windows 7 install DVD, you can have the edited disc prompt you for which version of the OS you want to install. You can’t use this tweak to get free upgrades – the version you can use is tied to your product key – but the tweak comes in handy for IT support staff who might need to install many different versions of Windows.

I have found a similar tweak for Windows Vista, and it works in a similar way:

1) Using a disc imaging utility like PowerISO, make an image of the Windows Vista installation DVD.

2) Extract a file called SETUP.CFG from the “Inf” folder inside the “Sources” folder in the root of the drive image.

3) Open the file with a text editor like Notepad and scroll to the bottom of the file. There you will see something that looks like this:

[DefaultImageSelection]
Value=VFWBB-HAJJV-G996G-QWGJY-2V7X9

4) Delete these two lines and save the edited file, then overwrite the existing configuration file in the ISO image.

5) Burn the edited ISO to disc.

When you run setup using the edited disc, do not enter a product key when prompted; on the next screen you will be asked which version of Vista you want to install. You can then enter the product key after setup completes.

The only “gotcha” to this is that I’m fairly certain that you need a Windows Vista Ultimate disc to create the ISO, as Vista Ultimate is the only one that contains all the installation files for every version of the OS.

Quick: what do MAC filtering, disabling DHCP, and disabling SSID broadcasting all have in common? They’re all terrible ways of “securing” your Wi-Fi network. This article over at ZD Net explains:

These aren’t layered approaches; they’re more like buying overlapping warranty coverage, since any benefit against casual bandwidth thieves is already covered by real security measures. The harm is that people confuse these methods for the real thing, and they spend more money and resources on implementing the wrong security mechanisms and end up skimping on real security.

Amen! Preach it, brotha! As I’ve been trying to tell armchair security experts for years, things like MAC filtering and disabling DHCP only make hacking slightly more difficult for hackers and significantly more difficult for both guests and regular users.

Just use a long random password under WPA2-AES and you’ll be fine. I promise.

If you shut down your computer incorrectly, it’s likely that CHKDSK (Windows disk checking utility) will run the next time you boot your computer. It’s not exactly common, but it’s not unheard of for Windows to then get “stuck” and want to run CHKDSK on a disk every time you start your computer. What’s worse, if Windows wants to run CHKDSK on a system drive, you might get locked out of your computer: Windows will run CHKDSK on the system drive, then reboot, then run CHKDSK again, then reboot, then run CHKDSK and reboot… and on and on and on in an infinite loop, and you never get to the desktop.

Yesterday, I was surfing the topics at a popular message board, when I came across a user who complained that CHKDSK was running at every boot on an external drive attached to his computer. The disk came up clean every time, but it was annoying to have to sit through the unneeded disk check every single time he booted his computer.

A poster suggested that he run the following command:

chkntfs /x d:

This is a horrible idea. It permanently disables automatic disk checking for that volume. While it will indeed solve his immediate problem of Windows checking the external drive at every boot, it also prevents Windows from checking the disk for errors in the future. It’s like suggesting that the best way to fix a video driver issue is to turn off the monitor!

A much better solution would be for the user to start REGEDIT and look in the following key:

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\Session Manager

Look for the BootExecute entry. By default, the value should be autocheck autochk *. If it is not, change it back to autocheck autochk * and reboot. Problem solved!

From the “I shoulda posted this a month ago” department:

QuickJava, one of my favorite Firefox extensions, has recently been updated.

Aside from the snazzy new buttons, you can see that QuickJava has also added support for toggling images, Flash and Silverlight objects on and off, in addition to its namesake Java applets and JavaScript objects.

Download QuickJava here.

I like to tinker with my computer. That doesn’t just mean installing all sorts of programs and utilities from all over the web – it also means changing registry settings, occasionally replacing system files, and other “behind the scenes” tweaks.

I’d normally like to use System Restore to create a restore point before tweaking, in case something goes horribly wrong. Unfortunately, Microsoft made it so that doing so requires drilling through several menus. Sometimes I don’t feel like clicking 19 things to create a restore point for something I might not even need, and one day that’s going to bite me in the ass. I found several Visual Basic scripts on the ‘Net that claimed to offer such “on demand” functionality, but every single one of them generated some arcane scripting error that I didn’t feel like tracking down.

So imagine my joy when I found Quick Restore Maker. It’s a tiny executable that generates a restore point with a single click! So you can keep a shortcut to it on your desktop and easily generate a restore point before tweaking away:

Quick Restore Maker is for Windows Vista and Windows 7 and is free.

Many companies use some sort of web filter system to keep employees from visiting “time wasting” sites like Facebook, MySpace, eBay, and more. Such filters can be the bane of existence for many employees, and they are hard to get around. You might have heard of “proxy servers”, which act as a kind of “middleman”: your work computer connects to the proxy server, which then connects to the site you actually want to visit; the proxy then sends the content back to your work computer. Such a setup also allows you to access geographically-restricted content; a British computer user, for example, can connect to a proxy server in the US to access Hulu.com to watch US-only content.

The trouble with proxy servers is that most web filters block them too. But chances are those filters haven’t blocked your own home computer, and setting up your very own proxy server is actually pretty easy. This post over at Lifehacker.com shows you how to do it in a handful of easy steps. Once you have everything up and running, you should be able to connect to your home computer from work and access any site you want!

A REALLY, REALLY IMPORTANT WARNING: Bypassing web filters is a fireable offense at many companies. In fact, the more locked-down your work Internet experience is, the more likely your could be fired for trying to bypass their Internet security measures. Although the IT guys won’t be able to see which sites you visit, they will be able to see multiple connections to your home computer via port 80, so they’ll be able to tell that you’re using a proxy. In this crappy economy, you might not want to lose your job just so you can browse Facebook at the office. You’ve been warned!

Facebook is the most popular social network out there. Unfortunately the chat client included on the site kind of sucks… or at least it did, until yesterday. That’s when Facebook enabled support for XMPP, an Open Source instant messaging protocol. So if you use a multi-protocol chat client like Pidgin, Adium, iChat, or Digsby you can now have Facebook chats within your instant messaging client (or, if you use Digsby, you can use the far more stable XMPP instead of Digsby’s hacked-together interpretation of Facebook’s own protocol).

How do you get in on the love? Just download and install Pidgin or Digsby (or, if you’re a Mac retard, use a Mac compatible XMPP client). Then go to this page on Facebook’s site, which has full instructions, complete with screen caps.

If you’re already rocking an XMPP client, all you need to do is add an XMPP account, and then enter the following details:

Username: [your Facebook user name]
Domain: chat.facebook.com
Jabber ID: [Facebook user name]@chat.facebook.com
Password: [your Facebook password]
Server: chat.facebook.com
Port: 5222
Use SSL/TLS: no
Allow Plaintext Authentication: no

A quick word: your “Facebook user name” is the name that appears in the URL of your Facebook profile, not the email address you use to log in. If you’re unsure what your user name might be, just click here and then click on “Other” under “Connect your Client” and Facebook will helpfully tell you what it is.