Microsoft and IT consulting company Unisys are offering a free demo of Exchange Server 2007. This is well worth it to evaluate the big changes and some improvements in this new version of Exchange and Outlook Web Access (OWA).

The trial is only 5 days long, but all that’s required to create a trial account is a name and a valid email address. The trial accounts create an account populated with sample messages, calendar items, and voice mail; you’re allowed to send and receive mail, schedule meetings, and adjust your own account’s settings while connecting via Outlook, OWA, or any Exchange Active-Sync app.

Article tagged: Microsoft, Exchange, 2007, Exchange+2007, server, exchange+server, free, trial, demo, account, OWA, Outlook

The Recovery Console is an incredibly powerful tool at times when a Windows system boots straight into a blue screen (of death) error or viruses/spyware have even made the system unusable in safe mode. Unfortuantely it’s hard to use for several reasons. Firstky, Microsoft doesn’t, to my knowledge, provide complete documentation for the Recovery Console anywhere. Also, the Recovery Console is a command-line-only interface that’s unfamiliar to most Windows users and even many non-Linux IT staff. Finally, the commands available in this environment are fewer and slightly different from those in a typical Windows shell environment.

This site, Command Windows, provides a complete list of the available commands with a description of each. Also included is documentation on some preventative measures (as usual, registry edits) that can be taken before Windows crashes to remove some of the restrictions on the Recovery Console later on. The restrictions that can be removed include disallowing Recovery Console from writing to a floppy disk, blocked access to some system folders, and not being able to use wildcards on the command line.

Anyone who’s a Windows Vista beta tester probably knows it already, but Windows Vista probably isn’t going to ship “on time”.

Everyone knows why (bugs, bugs, bugs), but Robert McLaws makes some great observations in “Vista Needs More Time” and compares the buggy Vista Bets 2 with Visual Studio 2005 Beta 2. One of them was basically production-ready with Beta 2, the other still has issues with the 3D interface that seems to be the main selling point in a lot of “get users excited ads”. Whether the interface, or anything else, is working right I think Microsoft should ship the Vista RTM version to software developers, OEMs and corporate customers regardless.

Robert is right, Vista isn’t ready to launch in retail, but he justifies the possible slipped ship date with the same-old argument about “shipping a great product”. Inveterate Windows commentator Ed Bott even wants Microsoft to push Vista’s ship date back to March.

Despite the very sorry state of Beta 2, it would be a great thing to get a Vista RTM out the door with a LOT fewer features and then release a service pack, or even a feature pack, a month later. After all, whether customers are actually buying the operating system or not, Vista will probably need to be out a good 6-9 months before most IT shops really start to get on the upgrade path.

This shiny, new OS is a hardware hog and is going to force many companies, including the majority of the companies I deal with and have friends at, to either speed their upgrade cycle or wait through at least one, if not two, budget cycles. Of course, one good way to force operating system or office-suite upgrades is to give software developers plenty of time to test and patch around it - which gets IT departments testing it and pushing it out to higher-end machines sooner - which puts it on the CFOs desk - which gets a budget decision made sooner.

Then again, with MSFT sunk for 2007 already and a $30 billion stock-buyback planned - maybe Microsoft should knock the date back to next summer and save themselves some of that money.

Article tagged: Windows, Vista, operating, system, Beta, 2, RTM, final, ship, date, slip, slipped, miss, Robert, McLaws, budget, upgrade, 2007

Seen any “Delivery Status Notification” messages lately? With many companies (especially AOL, GMail, and Yahoo) upgrading mail servers or updating their spam filters frequently we’ve seen a big increase in how many outgoing emails are returned to us. Still, it could be your own SMTP, DNS, or anti-spam settings that are causing the problem. To be sure, check the retrun and ESMTP status codes that are in the top few lines of the returned message.

Here’s and example: PERM_FAILURE: SMTP Error (state 8 ): 554 5.1.0 Sender Denied

In this case it’s easy to see that the message was returned because of an SMTP error. The “Sender Denied” comment on the end means it’s probably because the sending mail server was blacklisted by a spam filter. In most cases it’s not that clear and you need to use the status codes to figure out what happened. The status code in this message is the “554 5.1.0″ part. The format is always *** x.x.x, with the x.x.x part being a return code and the *** being an ESMTP status code. A chart of their meanings is below:

x.x.x, Server Return Codes:
The first value indicates the status of the communication between the sender and recipient server. Possible values are:

• 1 - Server accepted the command, but no action taken. Confirmation message is required.
• 2 - Server successfully completed the task.
• 3 - Server understood the request. More information is required to complete.
• 4 - Server encountered a temporary failure on that request. The command may complete if it’s repeated.
• 5 - Server encountered an error.

The second value is an extra level of detail, which indicates the type of error or communication:

• 0 - Syntax error has occured.
• 1 - Message is an informational reply.
• 2 - Message refers to the connection status.
• 3 - Unspecified, may be used for custom messages.
• 4 - Unspecified, may be used for custom messages.
• 5 - Status message refers to the entire mail system or server.

***, ESMTP Status Codes:
In the event of a failure ESMTP codes can indicate even more detail than server return codes. They can indicate status of either the recipient mail server or your local mail server in response to a problem with your mail client. Possible values are:

• 211 - System status message.
• 214 - Help message formatted for human reader follows.
• 220 - SMTP service ready.
• 221 - Service/connection closing.
• 250 - Successful request. Action completed.
• 251 - Recipient is not local to the server, but the server will accept and forward the message.
• 252 - Recipient can’t be verified, but the server will accept the message and attempt delivery.
• 354 - Start message input now, end with <crlf>.</crlf>. Indicates the server is ready to accept a message once you’ve given it From: and To: information
• 421 - Service is not available and connection will be closed.
• 450 - Requested command failed because the recipient’s mailbox is unavailable.
• 451 - Command has been aborted due to a server error. Possibly notify your SysAdmin.
• 452 - Command has been aborted because the server has insufficient system storage.
• 500 - Server could not recognize the command was due to a syntax error. (usually due to mail client error)
• 501 - Syntax error was found in command arguments. (usually due to mail client error)
• 502 - Command was not implemented. (usually due to mail client error)
• 503 - Server has encounterd a bad command or sequence of commands. (usually due to mail client error)
• 504 - Command parameter is not implemented. (usually due to mail client error)
• 550 - Command failed because the user’s mailbox was unavailable (or you did not have permissions to send to this mailbox)
• 551 - Recipient is not local to the server. Server responds with a fowarding address that should be tried.
• 552 - Action was aborted because storage allocation was exceeded.
• 553 - Action was aborted because the mailbox name was invalid.
• 554 - Transaction failed, without a clear reason.

Any need to run the new Internet Explorer 7 Beta to test a web app or other project? Problem is that IE 7 doesn’t officially support a standalone mode anymore and installing it removes IE 6.x - so you may be giving up a working IE browser for a buggy beta one. If you’re familiar with Microsoft’s Beta software then you may also know that they have a tendency to have poor uninstall routines that end up forcing you to manually remove “leftovers” before you can install the official release of IE 7.

There is an easy way to run the IE 7 browser in standalone mode, thanks to Jon Galloway. Below in Step #3, I’ve added a VBS script that hides the DOS window that needs to be kept open in his version. Here are the steps:

1. Download the IE 7 Beta installer, “IE7B2P-WindowsXP-x86-enu.exe” is the current version. Extract the files in the installer by opening a command line to the folder it’s saved in and type “IE7BETA2-WindowsXP-x86-enu.exe -e” to extract it to a temporary folder (something like C:\abcdefghijklmnop\), or use WinRAR if you have it installed already. Before closing the popup notification message, copy all the extracted files from the temporary folder to a permanent folder, I’ll use C:\IE7\ in the example. You can change the folder name, but edit the attached scripts if you’re going to change their filenames.
2. Create a file named IE7.bat in the folder C:\IE7\ and paste in Jeff Galloway’s IE7 script:
   

   @ECHO OFF
   TITLE IE7 Launcher 1.4

   ECHO IE7 STANDALONE LAUNCHER 1.4
   ECHO Updated for IE7 Beta 2 Preview
   ECHO.
   ECHO Do not close this window or it will not clean up after itself properly.
   ECHO You can pass a URL into this batch file, like this:
   ECHO ie7.bat www.microsoft.com
   ECHO.
   ECHO More info here: http://weblogs.asp.net/jgalloway/archive/2005/12/28/434132.aspx
   ECHO.
   ECHO When you close IE7, this will remove the registry key and shut itself down.
   ECHO.
   ECHO Setting up IE7 for standalone mode…
   PUSHD %~dp0

   ECHO Removing IE7 registry key and set the version vector to “7.0000″.
   > %TEMP%.\IE7Fix.reg ECHO REGEDIT4
   >>%TEMP%.\IE7Fix.reg ECHO.
   >>%TEMP%.\IE7Fix.reg ECHO [-HKEY_CLASSES_ROOT\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}]
   >>%TEMP%.\IE7Fix.reg ECHO [-HKEY_CLASSES_ROOT\Interface\{000214E5-0000-0000-C000-000000000046}]
   >>%TEMP%.\IE7Fix.reg ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Version Vector]
   >>%TEMP%.\IE7Fix.reg ECHO “IE”=”7.0000″
   >>%TEMP%.\IE7Fix.reg ECHO.
   :: Merge the REG file to delete the IE7 standalone entry
   REGEDIT /S %TEMP%.\IE7Fix.reg

   REN SHLWAPI.DLL SHLWAPI.DLL.BAK
   TYPE NUL > IEXPLORE.exe.local
   ECHO Running IE7…
   iexplore.exe “%1″

   :: Merge the REG file to delete the IE7 standalone entry
   REGEDIT /S %TEMP%.\IE7Fix.reg
   :: Delete the temporary REG file
   DEL %TEMP%.\IE7Fix.reg

   ECHO Removing IE7 standalone files…
   REN SHLWAPI.DLL.BAK SHLWAPI.DLL
   DEL IEXPLORE.exe.local

   :: Set the old version vector “6.0000″.
   > %TEMP%.\IE7Fix.reg ECHO REGEDIT4
   >>%TEMP%.\IE7Fix.reg ECHO.
   >>%TEMP%.\IE7Fix.reg ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Version Vector]
   >>%TEMP%.\IE7Fix.reg ECHO “IE”=”6.0000″
   >>%TEMP%.\IE7Fix.reg ECHO.
   REGEDIT /S %TEMP%.\IE7Fix.reg
   DEL %TEMP%.\IE7Fix.reg

   POPD
   ECHO Complete, closing…

3. Create a file named IE7.vbs in the folder C:\IE7\ and add the following VBS script:
   

   Set oShell = CreateObject(”WScript.Shell”)
   oShell.Run “ie7.bat”, 0, True

4. That’s it. To run IE 7, just create a shortcut to the IE7.vbs file and don’t worry about cleanup or keeping any DOS windows open.

Article tagged: Internet+Explorer+7, IE7, beta, beta2, standalone, fix, test, script, hack,

Have you implemented software restriction policies in Active Directory only to find that they stop working a few months later? Initial investigation may show the executable to still be blocked in the Group Policy - while the same executable now runs just fine on user desktops. This is because Microsoft’s software restriction policies are usually specific to the version of the .EXE file. I’ve heard all sorts of explanations for this, usually related to not wanting to block the function of service packs and other vital updates due to “overly restrictive software policies”… The truth is that Microsoft was smart enough to block program .EXE’s based on a hash value generated when the program was compiled from the prgrammers’ code - which means that changing the filename will not circumvent a software restriction policy.

This article is based on a recent, real-life scenario using the Internet Explorer executable, “iexplore.exe”, as the blocked program. The recent release of the IE 7.0 beta software and some freetime playing around by one of my client’s employees provided a chance for plenty of hours watching ESPN and YouTube videos on a warehouse floor and even slowdowns in getting and filling order downloads because of the use of all WAN bandwidth.

To troubleshoot failed software restriction policies I prefer to start on the client machine. To determine both whether a policy is applied correctly and the version of an executable blocked by software restriction:

• Open regedit
• Open the following key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\
• Inside that key will be one or more numbered branches related to the software restriction policies applied to that machine. To see what program each policy covers, open the numbered branch, then open the Hashes branch and click on each GUID.
• Inside each GUID key will be a string value with the data “program.exe (#.#.####.#) … and so on”. The numeric value #.#.####.# describes the program version. In my case the policy applied to “iexplore.exe (6.0.2900.2180)”
• Then, go check the version of the same executable that’s now installed on the system. In this case, I right-clicked on the iexplore.exe file and selected “Properties” and then the “Version” tab. Right at the top was the file version: 7.0.5335.5.

In this case, that was the answer - the IE 7.0, iexplore.exe was blocked with a new policy and everything was back to normal. In case the solution isn’t that simple, the best thing to do is to gether more data. Enable software restriction policies advanced logging by reopening the registry and:

• Navigate to the following key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\
• Create a new string value named LogFileName
• Enter the full path and filename of a text file that can be used for logging, ie: C:\sres_log.txt

Now, every executable run on the system will be logged to the file with a reason for wy it was or wasn’t allowed to run. Details include the executable name, PID number, GUID, path name, and an allowed/disallowed/unrestricted comment with a short reason why. Since EVERY program is logged each time it is run, the log can get quite long. To keep it from getting out of control, either disable advanced logging by deleting the key or add a batch script that will truncate the log file periodically.

The newest Microsoft security fix MS06-015: titled “Vulnerability in Windows Explorer Could Lead to Remote Code Execution” breaks “My Documents” access and features in IE, Office, Explorer, nVidia, Roxio, and several other 3rd-party applications. The official hotfix for the security fix is Microsoft KB article #918165 and lists the symptoms below as indicating you will need to install it:

• Unable to access special folders like “My Documents” or “My Pictures”.
• Microsoft Office applications may stop responding when you attempt to save or open Office files in the “My Documents” folder.
• Office files in the “My Documents” folder are not able to open in Microsoft Office.
• Opening a file through an application’s File / Open menu causes the program to stop responding.
• Typing an address into Internet Explorer’s address bar has no effect.
• Right-clicking on a file and selecting Send To has no effect.
• Clicking on the plus (+) sign beside a folder in Windows Explorer has no effect.
• Some third-party applications stop responding when opening or saving data in the “My Documents” folder

Unfortunately Microsoft neglected to mention several of the third-party apps that are also broken by this hotfix. These include, but probably aren’t limited to: nVidia drivers with shell extensions, Roxio DragToDisc or Adaptec DirectCD, Hewlett Packard’s Share-to-Web software, Kerio Personal Firewall, and SolidWorkds 3D CAD products. Thankfully someone else has spent the time on the phone with Microsoft tech support to resolve these issues and posted the registry fixes not included in KB #918165.