March 19

Windows 7: Using mklink to move folders and programs to another drive

Symbolic links can be created in the command line with a special command that was first introduced in Vista. It is called Mklink  and here is how it works for a folder:

  1. Before doing anything, make sure you have a backup of your system
  2. Move (not copy) the desired folder (let’s call it ExistingName) by the usual methods to its new destination on the X: volume. Give it whatever name you choose. Let’s call it NewName but it can retain ExistingName if you wish.  At this point programs and Registry references may be broken. It is necessary to move the folder first since otherwise no symbolic link can be created on the C. drive
  3. Next open a command prompt with elevated privileges.
  4. Enter the command mklink /d C:ExistingName X:NewName The switch /d indicates that we are linking folders (directories). No switch would be used if a file was being linked. If your folder name has spaces, you have to enclose the path name in quotes.
  5. If a link is successfully made, the command line will show a message “symbolic link created for ExistingName <<===>> X:NewName”.
  6. Close the command prompt

That’s all it takes. All of the previous Registry or other references to C:ExistingName will continue to work. The command creates a small object on the C: drive that retains the previous folder name and behaves as if it has the contents of the folder that is really over on the X: drive.

By: V. Laurie

Category: Windows | Comments Off on Windows 7: Using mklink to move folders and programs to another drive
June 26

Windows: Installing Windows Server 2003 Service Pack – Access is denied error

You receive an error message when you try to install Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1: “Access is denied”
Article ID: 873148 – View products that this article applies to.
Notice
This article is intended for advanced computer users.

SYMPTOMS
When you try to install Windows XP Service Pack 2 (SP2) or Windows Server 2003 Service Pack 1 (SP1), you may experience any one of the following issues:

You cannot install the service pack.
You receive the following error message:
Service Pack setup has failed. Access is denied
The Svcpack.log file contains the following error message:
DoRegistryUpdates failed

CAUSE
These issues may occur when permissions for one or more registry keys are restricted in a way that prevents the update of those registry keys. A failure to update a registry key may cause the Setup program to fail. To verify that there is a failure to update the registry, see the “More Information” section.

WORKAROUND
Advanced users
These methods are intended for advanced computer users.

Method 1: Locate the registry key and reset the registry permissions
After you follow these steps, reinstall the service pack. You may have to follow these steps multiple times to resolve the issue.

Note You must be a member of the Administrators security group to complete these steps.

Step 1: Locate the specific registry key
To locate the correct registry key to change the permissions and enable Windows XP SP2 or Windows Server 2003 SP1 to install successfully, follow these steps:

Include registry information in the Setupapi.log file by enabling verbose logging. For more information about how to enable verbose logging, click the following article number to view the article in the Microsoft Knowledge Base:
906485 How to enable verbose logging on a Windows XP-based computer
Note By default, registry keys are not recorded in the Setupapi.log file.

After you enable verbose logging, install Windows XP SP2 or Windows Server 2003 SP1 again to capture the registry key.
Open the Setupapi.log file. By default, this file is located in the C:Windows folder. To open the Setupapi.log file, click Start, click Run, type %windir%setupapi.log, and then click OK.
Press CTRL+END to scroll to the end of the Setupapi.log file.
On the Edit menu, click Find.
In the Find what box, type Error 5: Access is denied under Direction, click Up, and then click Find Next.

The found entry in the Setupapi.log file should resemble the following example:
#-007 Deleting registry key HKCRvnd.ms.radio
#E033 Error 5: Access is denied.
Note The line before the “Access is denied” entry indicates the registry key in question. In this case, HKCR represents the registry hive that is labeled “HKEY_CLASSES_ROOT.” “vnd.ms.radio” is one subkey that is located under that registry hive.

Step 2: Reset the registry permissions
As soon as you have found the registry subkey that has the incorrect permissions, update the permissions for that subkey.

To update the permissions of the registry subkey, follow these steps:

Click Start, click Run, type regedit, and then click OK to start Registry Editor.
Locate and right-click the registry subkey that you noted in Step 2d, and then click Permissions.
Under Group or user names, click Administrators.
Under Permissions for Administrators, make sure that the Allow check box for the following entries is selected:
Full Control
Read
Click Apply, and then click OK.
On the File menu, click Exit to exit Registry Editor.

The permissions issue for the registry subkey should now be resolved, and Windows XP SP2 or Windows Server 2003 SP1 should install successfully. If you experience additional problems when you try to install Windows XP SP2 or Windows Server 2003 SP1, repeat these steps as needed.

Method 2: Reset your operating system back to the default settings
To reset your operating system back to original installation default security settings, follow these steps:

Click Start, click Run, type cmd, and then press ENTER.
Type secedit /configure /cfg %windir%repairsecsetup.inf /db secsetup.sdb /verbose, and then press ENTER.

You receive a “Task is completed” message, and a warning message that something could not be done. You can safely ignore this message. For more information about this message, view the %windir%SecurityLogsScesrv.log file.

For more information about how to reset security settings back to the defaults, click the following article number to view the article in the Microsoft Knowledge Base:
313222 How to reset security settings back to the defaults

MORE INFORMATION
To verify that there is a failure to update the registry, follow these steps:

Open the Svcpack.log file. By default, this file is located in the C:Windows folder. To open the Svcpack.log file, click Start, click Run, type %windir%svcpack.log, and then click OK.
On the Edit menu, click Find.
In the Find what box, type DoRegistryUpdates failed, and then click Find Next.
If a DoRegistryUpdates failed error message is found, a problem exists that is preventing the update of the registry. The error message will resemble the following example:
xxxx.xxx: DoInstallation:DoRegistryUpdates failed.
xxxx.xxx: Access is denied.
xxxx.xxx: Message displayed to the user: Access is denied.
Note xxxx.xxx represents the time stamp of each entry.

Similar problems and solutions
If you are still experiencing the problem in this article, you may have a similar but different problem. For more information about a similar problem and resolution, click the following article number to view the article in the Microsoft Knowledge Base:
828213 “Access is denied” error message when you try to install Windows XP Service Pack 1
If these articles do not help you resolve the problem, or if you experience symptoms that differ from those that are described in this article, search the Microsoft Knowledge Base for more information. To search the Microsoft Knowledge Base, visit the following Microsoft Web site:
http://support.microsoft.com
Then, type the text of the error message that you receive. Or, type a description of the problem in the Search Support (KB) field.

Article ID: 873148 – Last Review: November 27, 2007 – Revision: 6.3

APPLIES TO
Microsoft Windows XP Service Pack 2, when used with:
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
Microsoft Windows Server 2003 Service Pack 1, when used with:
Microsoft Windows Server 2003, Standard Edition (32-bit x86)
Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
Microsoft Windows Server 2003, Web Edition
Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
Microsoft Windows Server 2003, Standard x64 Edition
Microsoft Windows Server 2003, Datacenter x64 Edition
Microsoft Windows Server 2003, Enterprise x64 Edition

By: Microsoft®

Category: Windows | Comments Off on Windows: Installing Windows Server 2003 Service Pack – Access is denied error
February 5

Windows: Expand a disk using Dell's extpart

extpart is an excellent disk expansion tool especially if you are working with earlier Windows systems that do not allow for easy disk expansion like Windows 2003 servers system partition.

ExtPart (By downloading this software you are agreeing that you are using it at your own risk.)

Steps for finding free space available on a volume,
Right-click My Computer and choose Manage
Highlight Device Manager
Expand the Disk Drives section
Right click the hard disk and choose Properties
Click the Volumes tab
Click Populate
The Unallocated space is the number in MB you can use when using the extpart utility to expand the boot volume.
You may now expand your partition using extpart.

Using Dells’s Expart:
extpart c: 30718

note: If you get the error Unable to connect to c: or it does not exist then try restarting Windows in safe mode.
If the Disk Management Console is open or VMware tools are running, close them because they are the primary causes of this error.
note: If using VMware remember to expand the boot volume using Virtual Infrastructure Client first before running extpart in your VM.

By: Rich – displacedguy

Category: Windows | Comments Off on Windows: Expand a disk using Dell's extpart
November 12

Windows: Configure SSL install CA root certificate to target AD server

Overview
Requirements for an LDAPS certificate
•To enable LDAPS, you must install a certificate that meets the following requirements:
The LDAPS certificate is located in the Local Computer’s Personal certificate store (programmatically known as the computer’s MY certificate store).
•A private key that matches the certificate is present in the Local Computer’s store and is correctly associated with thecertificate. The private key must not have strong private key protection enabled.
•The Enhanced Key Usage extension includes the Server Authentication (1.3.6.1.5.5.7.3.1) object identifier (alsoknown as OID).
•The Active Directory fully qualified domain name of the domain controller (for example, DC01.DOMAIN.COM) must appear in one of the following places:
•The Common Name (CN) in the Subject field.
•DNS entry in the Subject Alternative Name extension.
•The certificate was issued by a CA that the domain controller and the LDAPS clients trust. Trust is established by configuring the clients and the server to trust the root CA to which the issuing CA chains.
•You must use the Schannel cryptographic service provider (CSP) to generate the key.

1. Create the .inf file. Following is an testdomain.inf file that can be used to create the

certificate request.

;—————– request.inf —————–
[Version]
Signature=”$Windows NT$
[NewRequest]
Subject = “CN=demo.testdomain.com” ; replace with the Full computer name of the DC
KeySpec = 1
KeyLength = 1024
; Can be 1024, 2048, 4096, 8192, or 16384.
; Larger key sizes are more secure, but have
; a greater impact on performance.
Exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = “Microsoft RSA SChannel Cryptographic Provider”
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication
;———————————————–

Save it as a file named request.inf, then put this file to folder c:certreq

2. Create Certificate Request

a). Login to the server that we want to configure SSL
b). Create a directory c:certreq, and copy the request.inf to this directory.
c). open a command prompt, and type cd c:certreq
d). Create certificate request,type the following command and then press Enter

certreq -new request.inf request.req

then a new file called request.req is created, this is a Base64-encoded request
file.

Note that make sure issue the command with in directory c:certreq, otherwise
you won’t find request.inf.

if we open request.req, we will see the similar like follows:

—–BEGIN NEW CERTIFICATE REQUEST—–
MIIDrDCCAxUCAQAwga8xCzAJBgNVBAYTAk1ZMS8wLQYDVQQIHiYAVwBpAGwAYQB5
AGEAaABfAFAAZQByAHMAZQBrAHUAdAB1AGEAbjEQMA4GA1UEBxMHUmVkbW9uZDEQ
MA4GA1UEChMHQ29udG9zbzEQMA4GA1UECxMHU2VydmVyczEXMBUGA1UEAxMOdGVz
dGRvbWFpbi5jb20xIDAeBgkqhkiG9w0BCQEWEWFkbWluQGNvbnRvc28uY29tMIGf
MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCZVBtAuRmcpLgLIzhHBEYtqXIlt6CY
O4hZl+pByrSm5OgeT8ZF3NMhKeFBh4fKAyoAe39PbaStyabTsfYBbDML6pWooQSF
armmhRsnGw/afO+fO8134ko2Gty8E6yLsatX9br9tOoosBT2jsyV4Aizd/rMUfXK
1b0BR0YqBPKi3wIDAQABoIIBujAaBgorBgEEAYI3DQIDMQwWCjUuMi4zNzkwLjIw
SgYJKwYBBAGCNxUUMT0wOwIBAQwTZGVtby50ZXN0ZG9tYWluLmNvbQwYVEVTVERP
TUFJTlxBZG1pbmlzdHJhdG9yDAdjZXJ0cmVxMFAGCSqGSIb3DQEJDjFDMEEwHQYD
VR0OBBYEFJht4ESvBmzKPgeVA5GazOToBQrDMBMGA1UdJQQMMAoGCCsGAQUFBwMB
MAsGA1UdDwQEAwIFoDCB/QYKKwYBBAGCNw0CAjGB7jCB6wIBAR5aAE0AaQBjAHIA
bwBzAG8AZgB0ACAAUgBTAEEAIABTAEMAaABhAG4AbgBlAGwAIABDAHIAeQBwAHQA
bwBnAHIAYQBwAGgAaQBjACAAUAByAG8AdgBpAGQAZQByA4GJAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwDQYJKoZIhvcNAQEFBQADgYEA
ak5GUMARkeMtWYkJezIuia5WfslHPCBpFmm+YAfg8UUXW2XqCMcMgPNVwMTYWwW/
KHFjQcnl+Qxw0fKKUeSOU03nMctSeO4KjUpknXVbdQxubCNFRtRHo9a6Uk6C6HnZ
dp0M6guDMaP1yYQg+j98ZLf9o/JpBzA1/P+TaNjg4yk=
—–END NEW CERTIFICATE REQUEST—–

Alternatively, You can use the following command to View your request

certutil -dump request.req

you’ll get the following result:
—————————————————————–
PKCS10 Certificate Request:
Version: 1
Subject:
CN=demo.testdomain.com

Public Key Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA
Algorithm Parameters:
05 00
Public Key Length: 1024 bits
Public Key: UnusedBits = 0
0000 30 81 89 02 81 81 00 a2 6c c5 27 30 ef 9c bb 3b
0010 d6 9b 76 4c 4b 1b 57 77 5f 2c 67 1f 1d 82 4b ac
0020 5b fa 4b 00 c8 c5 74 24 73 4d ea 74 9b 96 73 a0
0030 45 1f 5d 50 0d 1a ef 7b 26 de f1 06 d3 58 4d f0
0040 09 1c 9a b8 8d d0 04 fc 38 a2 12 60 fe 0c f5 a6
0050 f4 c1 a4 73 3d 6c 5e ff 05 38 9f 19 c5 34 20 14
0060 f8 7d 4a 2a 01 23 00 6d 3a d7 1f d1 62 00 f9 3e
0070 72 d2 d8 ae 06 ad 95 25 2e 10 e6 5e a8 28 ac 4a
0080 c4 c4 c6 f6 87 64 91 02 03 01 00 01
Request Attributes: 4
4 attributes:

Attribute[0]: 1.3.6.1.4.1.311.13.2.3 (OS Version)
Value[0][0]:
5.2.3790.2

Attribute[1]: 1.3.6.1.4.1.311.21.20 (Client Information)
Value[1][0]:
Unknown Attribute type
Client Id: = 1
XECI_XENROLL — 1
User: TESTDOMAINAdministrator
Machine: demo.testdomain.com
Process: certreq

Attribute[2]: 1.2.840.113549.1.9.14 (Certificate Extensions)
Value[2][0]:
Unknown Attribute type
Certificate Extensions: 3
2.5.29.14: Flags = 0, Length = 16
Subject Key Identifier
ea 5c 6c 68 e5 9b 23 3b a5 8f ab 06 c9 85 d6 fc d4 6a ff fe

2.5.29.37: Flags = 0, Length = c
Enhanced Key Usage
Server Authentication (1.3.6.1.5.5.7.3.1)

2.5.29.15: Flags = 0, Length = 4
Key Usage
Digital Signature, Key Encipherment (a0)

Attribute[3]: 1.3.6.1.4.1.311.13.2.2 (Enrollment CSP)
Value[3][0]:
Unknown Attribute type
CSP Provider Info
KeySpec = 1
Provider = Microsoft RSA SChannel Cryptographic Provider
Signature: UnusedBits=0
0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Remaining 78 bytes are zero
Signature Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA
Algorithm Parameters:
05 00
Signature: UnusedBits=0
0000 4d 03 97 19 5e 3a 2f f9 2b 55 6b 40 e7 01 02 be
0010 c1 bf 11 88 c0 30 05 c4 59 4a 88 a9 04 bd 67 64
0020 2c 00 55 68 e4 93 39 d3 f7 9f 68 96 d4 8d 3d 4c
0030 c0 18 ae 08 6c 4a a3 c7 b4 33 97 3a a4 b2 a9 08
0040 f3 a9 a8 50 00 ae fc d2 e6 27 6c c8 85 92 e7 4b
0050 f0 3f f0 3a ad c1 12 23 39 85 a8 1c 4a 05 64 bf
0060 80 70 2f a1 8c f8 98 95 45 54 5c d2 9c 92 e9 f4
0070 0b 79 ad 0a a3 69 23 c1 78 95 b9 d3 23 5c 91 3c
Signature matches Public Key
Key Id Hash(sha1): ea 5c 6c 68 e5 9b 23 3b a5 8f ab 06 c9 85 d6 fc d4 6a ff fe
CertUtil: -dump command completed successfully.

—————————————————————————
Check the subject must be : CN=demo.testdomain.com

3.Submit the request to a CA.
We are going to submit the request to a Microsoft Windows 2003 Enterprise CA,
that we have installed in another server.
we still need command certreq.exe to complete this step.

a). Login to the server has CA installed
b). create a directory c:certreq, and copy request.req to this directory
c). open a command prompt, and type cd c:certreq
d). submit the certificate request using the command below:

certreq -submit -attrib “Certificate Template: DomainControllerAuthentication” request.req

You will be prompt to select a certificate authority, Click OK

If you see the following error:
——————————————————————————————-
Certificate not issued (Denied) Denied by Policy Module The DNS name is unavaila
ble and cannot be added to the Subject Alternate name. 0x8009480f (-2146875377)
Certificate Request Processor: The DNS name is unavailable and cannot be added t
o the Subject Alternate name. 0x8009480f (-2146875377)
Denied by Policy Module
——————————————————————————————-

Solution to this issue.
1). Click start->run, then key in command mmc
2). Click File in the mmc console, then select Add/Remove Snap-in…
3). Click Add… buton in the Add/Remove Snap dialog
4). Select Certificate Templates, Click Add
5). Close the window in step 4) available standalone snap-in window.
6). You will see “Certificate Templates”, Click OK.
7). Find “Domain Controller Authentication” in “Console RootCertificate Templates”
8). Double click “Domain Controller Authentication” to open it.
9). You can change the validity of a certificate in “Domain Controller Authentication

Properties” window,change it to 10, meaning this certificate will be valid for 10 years.
10). Select the “Subject Name” tab, then select “Supply in the request”, click Apply
11). Select the “Security” tab, select “Authenticated Users”, in the permissions for

authenticated users section, make sure “Allow” for Enroll. Click OK to close “Domain

Controller Authentication Properties” window.
12)
Re-submit the certificate request using the follwing command:
certreq -submit -attrib “Certificate Template: DomainControllerAuthentication” request.req

Note that make sure you are in directory c:certreq

It will ask for which CA to use, select the first in the dialog.

Click OK
e). if no error was prompted in step d), certreq util will ask to to save the signed

certificate,
save it to desktop, named demo.testdomain.com.cer

—————————————————————————–
Note that for Windows 2000, Use the command below:

certreq -submit -attrib “CertificateTemplate: DomainController” request.req
————————————————————————-

4. Accept the certificate.
a). Login to the AD server that you want to install server certificate
b). copy the newly issued certificate to directory c:certreq
c). open a command prompt, and navigate to c:certreq
d). accept the server certificate, using the command below:

certreq -accept demo.testdomain.com.cer

if no error prompt that means we have installed server certificate successfully.

By: minfei

Category: Windows | Comments Off on Windows: Configure SSL install CA root certificate to target AD server
June 19

Windows: Windows Update fails with 0x8024D007 or 0X80070005

I spent far too much time tracking this one down.

Windows updates were failing with 0x8024D007.

My bottom line issue was HKLMSoftwareMicrosoftWindows NTCurrentVersionSvcHost
need to have Full Administrator privileges check marked.

A couple of other quick options are to:

1) Open the registry (start/run/regedit) and browse to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetserviceswuauserv

2) Right click wuauserv in the left pane and select “Permissions” make sure you have:

– System at FULL CONTROL
– Administrators at FULL CONTROL

__________________________________

1) Open a new notepad

2) Copy the following commands to the notepad
REGSVR32 WUPS2.DLL
REGSVR32 WUPS.DLL
REGSVR32 WUAUENG.DLL
REGSVR32 WUAPI.DLL
REGSVR32 MUCLTUI.DLL
REGSVR32 WUCLTUI.DLL
REGSVR32 WUWEB.DLL
REGSVR32 MUWEB.DLL
REGSVR32 QMGR.DLL
REGSVR32 QMGRPRXY.DLL

*Note that if you get a 0X80070005 error it is most likely a registry permissions problem.

3) Go to the file menu of the notepad, click save as

4) In the list select all files

5) In the name type register.bat

6) Save the register.bat file on your desktop.

7) Click right button of mouse on the file register.bat, and then run as administrator.

8) Try to install update now.

Category: Windows | Comments Off on Windows: Windows Update fails with 0x8024D007 or 0X80070005