Windows admin notebook

A day to day diary of troubleshooting steps from the perspective of one Windows admin 

Eric's Page 

A personal Home Page (


 Eric's Calendar

Google Calendar


Eric's My Space

A My Space profile


Eric's My Space Blog

A My Space blog 


Roadrunner Home 

A RR Home Page 


Lisa's Page 

A personal Home Page (


Kitty Weiser 

Lisa's alter-ego (


Our page 

A photo story  (


The Hagstroms 

Our family Home Page  (



My computer consulting business in Austin Texas (


Hagstrom Imagination 

A corporate home page


Redhat Notebook 

Batch Files 



Q: I am concerned about the recent (12/28/04) WMF vulnerability. What can I do to protect myself?

A: If your computer is attached to the or domain, you are automatically protected. Group policy will install a “patch” when you logon or logoff as well as when you reboot or shutdown your computer. If you are not connected to the domain, or want to ensure that the “patch” is applied run the following command

regsvr32 /u shimgvw.dll

And you can run the following to undo this fix.

regsvr32 shimgvw.dll

Q: I am trying to delete a file on my local machine and I recieve an "Access Denied" error. How can I change the permissions for this file

A: In most cases, this is due to your permissions being set to low. To change permissions for a file, or group of files, right click and choose properties. Then click the Security tab. If you recieve a warning that you do not have access to change permissions, then you need to first take ownership of the files. Otherwise, simply place checkmarks that correspond to the functionality that you need for that file. In order to delete a file, you will need to have at least Modify level permission. To take ownership of a file, click the Advanced button on the security tab. Then click the Owner tab. The windows displays the current owner, and the users that may take ownership. Simply choose the user you want to take ownership and click OK. Some notes about inheritence. Files and folders inherit the security settings of the parent which they were created within. So if File C is inside of Folder C, file C will have Folder C’s permissions. This can be overridden by clearing a checkmark in the Advanced Security section. The same things apply to ownership. Conversly, you can force child objects to inherit the new permissions you set on a folder by checking the appropriate box.

Q: How can I determine what version and service pack of Windows I am running?

A: Click Start/Run (or press the windows key + R) and type winver. You can also get detailed system information by typing winmsd. The Windows System Information tool is also available from the Start Menu under Accessories/System Tools.

Q: How can I determine what Environment Variables are set for my machine and what their values are?

A: Open and command prompt and type ‘set“ without quotes. This will return all current environment variables and their paths.

Q: How can I start, stop, or restart a service remotely?

A: Open the computer management console. You can find this under Control Panel/Administrative tools; You can also start the tool by right clicking My Computer and choosing Manage; or you can type the following at the run or command prompt.


In the computer management console on the toolbar click Action/Connect to Another Computer. Enter the computer name you want to manage and click OK. You can now now expand services and start, stop or restart a service. NOTE: In some cases you may need to open management console with alternate user credentials. Windows allows you to do this by holding down shift and right clicking Computer Management in the Control Panel/Administrative Tools folder and clicking runas; or you can type the following where username is your windows login.

runas /user:domain\username compmgmt.msc

Q: How can I browse folders with Alternate User credentials?

A: Windows Explorer does not provide the facility to use the runas command in order to supply alternate credentials when accessing files. There is a workaround though. You must use Internet Explorer instead. Internet Explorer can also do file browsing and will also allow you to execute with alternate credentials. In order to do so, you need to hold down the shift key while right clicking the Internet Explorer shortcut. You will see runas… in the context menu. Click this and a dialog will present you with login options. You can then use alternate credentials to access your files.

Q: How can I delete documents from the print queue that have already been deleted?

A: If you have deleted a printing job but it won’t go away, try

  1. Stop and then restart the print spooler.
  2. If that doesn’t work try deleting all the files from %system%\system32\spool\printers directory.

Windows Server 2003

Q: I have a backup scheduled to run, but when I check the scheduled task associated with the schedule, it reports: Last Result 0x1f and fails.

A: This is due to insufficient permisssions on the target directory that you are saving the backup to. Give the user that is running the task write permissions on this directory and this task will succeed with a 0×0 code.

Q: I have WSUS configured on my W2K3 Server with SP1 applied. My clients are configured with Group Policy to connect to the server for updates. In the C:\windows\WindowsUpdate.log file I see following error:

 WARNING: Failed to synchronize, error = 0x80244008
WARNING: Exit code = 0x80244008

A: From the affected client browse to http://servername/ClientWebService/client.asmx and note any errors. Repeat the steps for http://servername/SimpleAuthWebService/SimpleAuth.asmx. If runtime errors occur, ensure that services have been installed on the server.

Q: The WSUS admin page is not displaying correctly and reports:

 System.InvalidOperationException: Unable to generate a temporary class (result=1).error CS2001: Source file
'C:\WINDOWS\TEMP\m9yekbox.0.cs' could not be founderror CS2008: No inputs specified

A: This is due to Network Service account not having proper permissions on the C:\Windows\Temp folder. Add this user with List Folder/Read Data and Delete permissions.

Q: My client was created using Imaging software and is not reporting to WSUS for updates

A: According to the problem is that duplicate registry entries are created on each of the cloned machines. The same KB has a batch file that can be run to delete the entries, and recreate them.

Q: What is Distributed File Services (DFS)

A: DFS is a Microsoft technology that allows you consolidate file shares across multiple servers into a highly available, and easy to use namespace.

What it’s good for:

  • Simplifies data migration because the namespace is universal no matter where the files are actually stored.
  • High availability because of replicas on multiple servers, as well as some degree of load sharing as info is spread across sites

How it works:

  • A root is created that is either stand alone or domain based. To achieve redundancy, domain based roots can have multiple replicas on different servers; whereas standalone roots need to be attached to a cluster to achieve this redundancy.
  • Under the root are a number of link targets. These are any UNC path such as shared folders, or folder beneath a shared folder, or even another DFS namespace. They can be served by any compatible network files system such as SMB, NCP, or NFS (as long as the client has the appropriate redirector installed. Shared folders that become DFS link targets have no special attributes associated with them. Existing NTFS permissions apply to users that access the information via DFS.
  • With a Domain Based DFS root, when changes to the DFS metadata are made, they are updated in Active Directory. They are then replicated using AD replication to the other domain controllers. When a client requests a DFS namespace, the domain controllers issues a root referral. Each root server also caches this information in memory.


  • Domain name referrals are cached for 12 hours. (min 10 minutes)
  • Timeout for DFS LDAP calls. Default is 30 seconds. (min 3 seconds)
  • Query site cost timeout is defaulted at 30 seconds. (min 3 seconds)
  • Domain based root referrals are defaulted to 15 minutes (min 15 minutes)
  • Sync interval sets the time that a domain based root server checks Active Directory for changes to metadata. Default is 60 minutes. (min 15 minutes)
  • On client computers, MUP (multiple UNC provider) cache is held for 15 minutes (min 15 minutes)

Q: What is File Replication Services (FRS)

A: FRS is a Microsoft Technology that completes file replication and synchronization for DFS namespaces and SYSLOG shares on Domain Controllers.

What is going on

  • Replication starts 3 seconds after a detected file change is made on a replica server
  • Conflict resolution is handled as ”last writer wins“
  • Files are replicated only after changed and the handle has been closed
  • Using a hub and spoke replication you can ”publish“ files one way, or replicate two way using a mesh or ring topology
  • Files starting with a ~ or that end in .bak or .tmp are not replicated by default
  • A replication schedule that is set to fire every 15 minutes is essentially continuous, because it keeps the session open for 15 minutes.

In an optimal environment the following would apply

  • No files are blocking replication by being held open for an extended period of time on any replica member
  • Changes to a particular file are only made on one replica member so that no conflict resolution is even required.

Volume Shadow Copy

  • When volume shadow copy compatible backup programs access FRS replicas, the FRS writer will freeze any further updates until the shadow copy has been created. A ‘thaw’ is initiated when the backup program initiates the thaw, or a predetermined time-out occurs

Bad things that can happen

  • USN journal wrap happens when there are too many changes orders for files and the journal ‘runs out of space’

The staging folder must be as larger then the biggest file to be replicated and also have room for additional files. 660MB is the default size.

  • Files encrypted with EFS are not replicated

Inner workings

  • Change orders are made in different cases depending on where they originate and where they terminate. i.e. remote change order, local change order, etc. There are special change orders such as reanimate the will recreate a deleted object. A large variety of changes trigger replication such as folder rename, attribute changes on files, etc. When a change is made, the file is replicated to the staging folder. Once it is copied here, the file is renamed and moved to it’s proper place in the replica set. The transactions are recorded in the ntfrs database which will grow until the volume runs out of space. Two logs are also created as well as entry in the FRS event log. FRS a makes numerous entries in active directory and is checked at a regular polling interval which is 5 minutes for domain controllers

Windows Server 2000

Q: How do I audit print jobs for a particular printer?

A: You will need to make sure that the printer has auditing enabled. You also need to ensure that the Group Policy that affects this object also has auditing enabled for Object Access.

Windows XP Professional

Q: The folders button is depressed on all My Computer or Explorer windows that I open by default. How can I return to the default behaviour?

A: To change, from windows explorer, click on Tools, Folder Options, and then the File Types tab. Find (NONE) Folder in the list and highlight it. Click the Advanced button. If your issue is the same, explore will be bold. Change it back to open, by clicking on open, then clicking the Set Default button. Open should now be bold.

 Q: What is Offline File Synchronization?

A: Offline files are used to allow you access to files located on a network resource when you are not connected to the network. For example: You have a laptop that has a drive mapped to a server share where you store documents. When you are connected to the corporate LAN, you have access to these files and can edit them directly. When you disconnect from the LAN you lose access to these files; but you have a local cache of the the same files that you can work with if your Offline File Synchronization is enabled. Changes made to these files are saved in this local cache and upon reconnection the corporate LAN all changes are synced to the original location on the server share.

Q: How can I stop using Offline File Synchronization?

A: You can control how Offline Files are handled by changing the settings in the Control Panel/Folder Options Applet and choose the Offline Files tab. Once you are here, you can clear the check mark next to ”Enable Offline Files". All synchronization will stop at this point.

Q: How can I determine my logon server? (What Domain Controller do I authenticate against?)

A: Open a command prompt and type:


You will have a list of your environmental variables, one of which is LOGONSERVER=ServerName



Q: How can I compare two columns of data and indicate differences between the two?

A: You can use conditional formatting to highlight the differences.

  • Choose the range for your first list, click format and choose conditional formating.
  • Specify the criteria to be matched and choose the format of those cells when they do match
  • Repeat the steps for the second list.

 Q: How can I remove hyperlinks in multiple cells at once?

A: You can use this handy cut and paste trick

  • Type the number 1 in a blank cell
  • Right click the cell and choose copy
  • Select the cells you want to remove the hyperlink from
  • Choose Paste Special and under operations, choose Multiply 

Outlook 2003

Q: How can I hide messages marked for deletion in my IMAP folders?

A: You have two choices, you can either hide them alltogether, or you can group them under one heading. The following steps need to be completed while you have your IMAP folder selected.

  • Click View on the menu bar
  • Expand Arrange By
  • Expand Current View
  • Check either Hide Messages Marked for Deletion or Group Messages Marked for Deletion

Q: How do I assign a task to another user and make sure it is completed?

A: You can use the Task Request object.

Q: How do I schedule a meeting with multiple participants?

A: You can use the Meeting Request object.

Q: How do I install the security certificate so that I am not prompted with the Security Warning when I start Outlook

A: In order to trust the certificate that is used to identify the mail server, you must install the proper Certification Authority (CA) certificate. If you double click the certificate, you will be shown it’s details. Here you can click the Install Certificate button. Choose to have it automatically placed in the appropriate store. When you open Outlook the next time, you will not be prompted to accept the Security Certificate.



Q: How can I move my Thunderbird profile from one user account to another?

A: A folder that contains all of your profile information for Thunderbird is created in C:\Documents and Settings\Username\Application Data\Thunderbird. Move (or copy) the entire Thunderbird folder to the same location for the new user. 



Q: I have both Bluetooth and Wi-Fi installed in my laptop and sometimes lose connectivity

A: Bluetooth and Wi-Fi (Wireless LAN using 802.11b or 802.11g) both operate in the 2.4 ghz spectrum. Bluetooth uses frequecny hopping and will address the entire range of the 2.4 ghz spectrum. Wi-Fi will use Digital Spread Spectrum and uses only a portion of the 2.4 ghz spectrum determined by the channel selected for that device. The issue is further complicated when you have Bluetooth and Wi-Fi antennae in close proximity. No real solution exists aside from using 5 ghz Wi-Fi (802.11A). Note that cordless phones, microwaves, and even lightning can cause this EMI (electro-magnetic interference.)