blocking IE6
Let’s get this out of the way first…I think that IE6 is a horrible browser.
Now that that’s done, the sad truth is that many of us have to deal with IE6 on a daily basis. The school district I work for still has one quarter of the computers running Windows 2000. They have been updating the hardware, but for political reasons were unable to update the operating system for a few years. When I started last January they were halfway through a migration to Vista and had skipped XP entirely. However, there is still 1/4 of the district to go so we’re supporting IE6 for another 7 months or so.
Fixing IT problems with a hammer
In a continuing process of cleaning up horrible decisions by our predecessors, we just moved a website off one of our domain controllers. The website was moving from IIS6 to 7 (or 7.5, whatever comes with Server 2008 R2), and it required some tweaking to start working again. One of the parts that didn’t work was a self-help page where teachers could unlock student accounts. I set up this web server, and created a service account for it that doesn’t have any special rights on the domain. Because the website runs in IIS as this service account, it could query the domain with no problems, but it didn’t have the rights to unlock accounts.
This is obviously where I differ from a coworker…
him: “Just add the service account to Domain Admins”
me: “Why would I want to do that?”
In the end I remembered I can delegate just the permissions needed to unlock our student accounts to that service account and it works fine.
Why use a hammer when you only need a tiny screwdriver?
quick Windows 7 tip
Found a quick workaround for my complaint that you can’t pin items that are on network shares to the Windows 7 taskbar. All you have to do is create a folder for shortcuts to all the items, create a new toolbar on the taskbar using that folder. It shows up like the old Quicklaunch toolbar, and creates a separate icon on the taskbar when the app is launched, but it kinda solves my problem.
Here’s the steps:
- Create a new folder with shortcuts to the applications you can’t pin.
- Right click taskbar and unlock it.
- Right click the taskbar again, select toolbars, then select “New toolbar.”
- Browse to the folder you created, and click “select folder."
One line administration – search and delete computer accounts
Here’s a quick one-line script I’ve been using to clean up some old computer accounts in active directory. It requires the dsquery and dsrm tools from the Server 2003 Admin Pack or the Remote Server Administration Toolkit.
@for /f %%a in ('DSQUERY COMPUTER -NAME *%1') do (dsrm %%a)
Save that in as a batch file and it’ll query Active Directory for computers including the argument passed. Here’s an example with a naming structure where we have the last 4 digits of the MAC address in the name for uniqueness.
C:\>adrm.cmd 6736
C:\>(dsrm "CN=LABPC6736,OU=Labs,DC=yakk0,DC=org" )
Are you sure you wish to delete CN=LABPC6736,OU=Labs,DC=yakk0,DC=org (Y/N)? y
dsrm succeeded:CN=LABPC6736,OU=Labs,DC=yakk0,DC=org
Fun with icacls
We've been having some random problems at work with various software packages and have tracked it down to folder redirection policies and permissions. It appears that years ago people couldn't get folder redirection working right and rigged it up with some registry hacks and scripts. It works fine in 2000, which most of our users use, but breaks in Vista because Vista doesn't like to redirect to a drive letter. In particular we were noticing the Application Data was partially on the network share and partially on the local drive. The other thing we've noticed is the permissions on the folders aren't set properly. Following Microsoft's recommended settings for permissions and redirection policy, we tested and sure enough things started working.