AD Users & Computers -> View -> Advanced Features
Domain Properties -> Security -> Add BPSAdmin -> Apply onto: User Objects -> Send As

Regedit: HKCU->Software->microsoft->Exchange->ExAdmin-> New DWORD ShowSecurityPage=1
ESM -> Right-click Org -> Delegate Control -> Next -> Add BPSAdmin -> Exchange View Only Administrator
Right-click Org -> Properties -> Security -> BPSADmin -> Allow Administer IS, Receive As, Send As.

Log off.

Log on as BPSAdmin

Start BPS setup, accept all defaults, enter the BPSAdmin password.

Set up device as usual - Options -> Advanced Options -> Enterprise Activation.
When entering the email address, use space bar instead of @ and dot.

I took the machine apart to see what the microswitch looks like, and then started searching online for a replacement. I didn’t find an exact replacement in the UK, but I thought I would take a chance on a similar looking item from Rapid Electronics. This is the part that I bought: http://www.rapidonline.com/Electronic-Components/Switches/Push-Button-Switches/Sealed-push-switch/30249

First, the reason why the switch/button is broken is because of this little convex contact pad/disk, which is supposed to click as it flexes to make contact inside the switch. In this case, the disk has a hairline fracture that you cannot see in the photo. That’s why it doesn’t click.

The hardest part for me was removing the old microswitch. In the end I decided to just cut the legs, and then use the soldering iron to take off what’s left of the legs from the contact pads of the PCB. My solder sucker (desoldering pump) is useless on this surface mount stuff.

Here is the original switch on the left (after removal, so looking a bit bashed!), next to the replacement switch on the right. You can see that there is a difference in the profile, and the button on the replacement switch does not protrude like on the original. I was worried that there would be a difference in travel of the button too, and that it would feel wrong, but the results are excellent and the replacement switch feels much nicer than the original switch which is still present for the right-click button.

Because of the lack of a protruding button, it was necessary to cut a small amount of plastic from underneath the mouse button plastic of the EEE PC lid, as the original button is set inside a small circular hole there. This was easy to cut, and once done the lid fitted perfectly and the button works very nicely.

New system is C:

C:

cd \

mkdir Application

xxcopy e:\Application c:\Application /clone /TC

Since CopyControl relies on the created/modified/accessed timestamps of the files within the hidden/system control directory of the application, the above will preserve them and CopyControl won’t be aware that the application has been copied to a new computer.

The /TC flag to XXCOPY causes it to preserve the file created, modified, and accessed timestamps, to the exact second. Whilst transferring Recruit to a new server late one evening a couple of years ago, I experimented and discovered that this was how the protection scheme (CopyControl) detected tampering/copying. At that time I used a tool called 12Ghosts FileDate or something, but XXCOPY does all this for us now. I am in the process of migrating five computers in a leasing company and am using this quick and easy procedure for transfering the DOS based quoting system which also uses CopyControl.

Some example applications: Oxford Software’s Recruit, LeasePlan / Network Lease’s Ultinet quoting system.

You can tell the application uses CopyControl because there is either a local or network folder which contains a hidden/system folder named something.NNN where NNN is some numbers, e.g. 489. Within that folder are some more files, one called something.CCC and also a file called CCONTROL.

This CopyControl is not the same as the one used by the music business on audio CDs.

The trade cost for an OEM copy of SBS 2008 Standard Edition is now exactly double that of SBS 2003 R2 Standard Edition. Most people talking about the price increase only state that Premium Edition costs more because of the extra functionality, but I am talking about Standard Edition.

My OEM supplier is asking exactly double for SBS 2008 Std incl 5 CALs, OEM.

Additional licenses are a little cheaper - 20% cheaper. So, the product is 100% more expensive and the additional CALs are 20% cheaper.

Add to that the fact that you now have to buy the Outlook client separately (Office 2007 SBE or Basic) for £100 + vat per user, I think it’s too expensive.

This thing is so close to being totally sorted. I’m really impressed. The current build from the OpenSuse build farm service (19th Sept) has problems displaying the message body, but they are aware of this problem and believe it was introduced in a recent patch, so should be resolved shortly.

This is great stuff.

I had a chat with one of the developers on the #openchange IRC channel on Freenode, and he told me that RPC/HTTP support may well be here in the future!

It has two ways of working. The first, and easiest to get going, is that it uses vncserver (the VNC X Server) as the actual X server, and the xrdp program grabs the vnc display and RDPs it over to you. So you have the performance of RDP.
The other way is that it uses an RDP X server, so I suppose you could call that native X-RDP rather than VNC served RDP. This is a touch more complicated, and I was unable to get the svn version of the X11rdp Xserver to compile. There is a precompiled binary of what might be an old version at http://server1.xrdp.org/temp/ though.

The precompiled binary was the only way I could get X11rdp to work (that is native RDP - I got the vnc/rdp to work almost right away)

Let me clarify some points:

• xrdp is the name of the project, and also the name of one of the binary files that deals with RDP and integrates with the VNC server and sends it to you through RDP.

• X11rdp is the name of the special RDP Xserver that is another part of the project, which skips out vnc altogether. When you grab the (small) sourcecode off the project website, and do the make/make install, it will not build X11rdp.

• X11rdp is also called “Xserver” within the project.

You will see in /usr/local/xrdp/sesman.log something like: “No such file or directory” if you are trying to use X11rdp server (sesman-X11rdp) but don’t have the X11rdp Xserver compiled/installed, or if you are trying to use VNC (sesman-Xvnc) but don’t have vncserver installed. VNC server will be provided by your distribution (Fedora, Ubuntu..) so is very easy to get. X11rdp is made by the xrdp project, so is not so easy, but the precompiled binary seemed to work OK for me.

The project’s website is very low priority, and does not reflect the true activity of the project.

The website is at http://xrdp.sourceforge.net/

Some random files, including a pre-compiled X11rdp (that’s the rdp-native Xserver remember..) are at http://server1.xrdp.org/temp/

There are some forums here: https://sourceforge.net/forum/?group_id=112022

You can browse the developer mailing list here: https://sourceforge.net/mailarchive/forum.php?forum_name=xrdp-devel

and there might one day be a new homepage at http://server1.xrdp.org

That’s about all the links I could find. The developer mailing list gives a nice indication that the project is moving forwards.

You may also find that the print spooler service frequently dies - “spoolsv.exe has encountered a problem and needs to close”, or the Printers and Faxes folder frequently appears empty - i.e. all your printers are missing.

NetSupport Manager or NetSupport PC Duo version 8 on Windows XP SP2 will cause this to happen. Update NetSupport and all will be well.

Home Edition of Windows does not have the ability to either join the domain, or save network passwords, so we have to configure the workgroup-based machine as if we were trying our best to integrate it into a domain environment.

As per my previous article, lmcompatibilitylevel was set to 2, mutual-auth not enabled, NTLM authentication, and the certificate was imported to the “trusted root certification authorities” store.

The Home Edition client was configured as if it was to be accessing a server in a domain. That is:

• Workgroup name was set to the netbios domain name of the company (OURDOMAIN)
• The user account name was the same as the user account in the domain. If this does not match, simply changing the account name in User Accounts will not suffice. All that does is change the “Full Name”, not the Username. It needs to be either done through “Local Users & Groups” within Computer Management (if that exists on Home Edition.. ?), or a new account must be created with the name exactly as the username on the domain.
• The user’s password on his Home Edition client was set to the same as on the domain. The user was instructed not to change his password.

The two users are not being prompted for their password when launching Outlook outside of the office. It’s been a couple of weeks now since I set them up.

Let’s say you are remotely accessing a computer, and you want to release and renew its IP address. When you release the IP address, you’ll lose connectivity and won’t be able to renew. You could make a batch file, or you could do:

for %a in (release renew) do ipconfig /%a

This will run “ipconfig /release” followed by “ipconfig /renew”.

Or let’s say you have a thousand home directory folders, and you set the permissions a bit wrong. You want each user to have full control of their own folder. You could do:

for /D %a in (*) do cacls %a /E /G %a:F

This will run “cacls carl.farrington /E /G carl.farrington:F”, substituting carl.farrington for the folder name and user name until every folder has been done. This example assumes of course that the folder name is the same as the user name who you want to grant the permissions to. Notice the /D - this means the filespec matches directory names, not filenames. Without the /D the * would not return any directory names.

Another example. You might want to search within every .ini file in the current directory. NT’s “find” command doesn’t accept wildcards/multiple files. So what you do is use a for loop and pipe the output into a text file that you can check when the process completes:

for %a in (*.ini) do find /i “Microsoft” %a >>output.txt

This will do “find /i “Microsoft” file1.ini >>output.txt”, then file2.ini, then file3.ini. You can check the output of output.txt to see which files contained the text you were searching for.

I sometimes use this to search all the oem*.inf files in %windir%\inf to find the inf file that’s supplying driver information for a particular piece of hardware. Then I can delete that inf file, remove the hardware from device manager and Windows will not just re-install the existing driver for the device, allowing you to supply a different driver. Searching for the INF file is not necessary on Vista because the details tab in a device’s properties within Device Manager has been extended to display the inf source.