I was setting up a custom powershell script to do some remote monitoring on my servers.  For security purposes, I was not running as an admin, which is always good karma.  Locally, the script worked.  Remotely it did not.  The command I was executing was the following...

$colItems = get-wmiobject -class "DELL_System" -namespace "root\cimv2\dell" -computername "REMOTESERVER"

As you can see, I'm querying information from the Dell WMI namespace.  I made sure RemoteAccess permission was set up in the WMI configuration (among many other things), but nothing would work!

I finally found my solution with DCOM.  Now, I know you've read this before and you are thinking "BUT DCOM IS ALREADY RUNNING AND IT STILL DOESN'T WORK!" but I assure you, my solution is different than that very common newsgroup solution.

Check the COM Security tab under Properties for My Computer under Component Services.  Under "Launch and Activation Permissions" check "Edit Limits."  These limits are designed as a cap for the maximum security any DCOM server can grant.  So, even if permissions are set correctly in WMI and also in DCOM Windows Management and Instrumentation server, you still need to make adjustments here. 

Notice that although Administrators and Distributed COM Users have Remote Launch and Remote Activation, Everyone does not.  It's up to you how you want to secure your DCOM, but I'm opting for adding my non-admin DCOM users to the Distributed COM Users group.  Fixed!

I'm a big fan of Japanese Anime.  I DVR pretty much anything (except the "kiddy" stuff like Pokemon) that comes on the few outlets we have here in the USA (basically Sci-Fi Channel and Adult Swim).  When Eureka Seven first aired on Adult Swim, I thought the first episode was sort of corny.  But by episode two, I was hooked!  I got to about episode 30 before my DVR skipped a few episodes (what a sad time).  So I set it up to record the second run on Adult Swim.  After two years of putting off rewatching the series due to not having time for whatever dumb reason, I started watching Eureka Seven again.  I just got through the final episode today and all I can say is WOW.  I highly recommend this series to anybody who even has just a passing interest in good anime, good scifi, good romance, or any sort of good story-telling (or, heck, even just random dance music scene references)!  I am not ashamed to admit I shed a tear or two at the wonderful sweet ending after 50 amazing episodes.  If only we could learn to get along like the Humans and Coralians finally did!

My wife and I found each other on eHarmony about two and a half years ago.  We have always recommended eHarmony to single friends.  Despite that, it always bothered us that eHarmony had no matching service for homosexual couples.  That is why I was delighted to read that eHarmony, under the terms of a law suit settlement, will be starting a new parallel website that will cater to same-sex couples.  It's too bad that it took a law suit for this to happen, but it is good that they chose to end their homosexual discriminatory practices.

The official excuse of why eHarmony didn't provide same-sex matching consisted primarily of two big points...

1. The matching algorithm developed for heterosexuals was never tested on homosexuals and may not work for same-sex couples.
2. Since marriage for homosexuals is not legal in all 50 states, eHarmony's match-to-marriage ratio would plummet and eHarmony would no longer be able to brag about "the most marriages," etc.

I'm not sure how much of their prior refusal was due to those reasons and how much of it was due simply to bigotry.  Despite that, I'm happy to see them change course and join the rest of us in the 21st century.

I'm a skeptic at heart.  A long time ago, while researching (aka googling) cold reading, I stumbled upon a wonderful site dedicated to debunking Sylvia Browne.  In case you don't know, Sylvia Browne is a "psychic" who is most popular for cheap Vegas acts and "communicating" with random people's dead relatives on Montel Williams' old show.  She is an awful human being who preys upon vulnerable people.

The owner of the StopSylvia site, Robert Lancaster, had a stroke  recently.  In the chaos that ensued afterwards to save his life and begin rehabilitation, he failed to renew his original domain name and a cybersquatter snatched it up (GRR!).  That is the primary reason I am posting this article.  I want to get the word out about his new site with a slightly different domain name (click on any link in this post)!  It's a great resource with a ton of very useful information on how Sylvia cons people into spending money so that she can tell them what they want to hear, all the way pretending to communicate with lost loved ones.  She is a despicable human being.  I'm very glad we have people like Robert Lancaster on our side.

The good news is that Robert is on the road to recovery and will someday soon be able to continue his fight against con artists like Sylvia.

You can use RD Tabs even with Windows Server 2008 Server Core installations.  All you have to do is enable Remote Desktop on the server from the command line.  Great tip!

It's really amazing to me how many people don't realize how easy it is to schedule a reboot on a Windows server.  Sure, you can just wait for Windows Updates to kick in once a month in the middle of the night, but sometimes you need a reboot tonight because you installed/changed something.

Here's how you do it (the easy way)...

Log onto your Windows server as an administrator.

Open up Scheduled Tasks.  Create a new task.  Set the application to "C:\windows\system32\shutdown.exe -r -t 0" (-r means reboot, -t means wait this many seconds -- zero in this case, so it will reboot immediately).  If you have a misbehaving service that doesn't shut down in a timely fashion, you can add -f (force shutdown) but I'd recommend against this on a server unless you absolutely need it.  Forcing a shutdown causes Windows to kill any task not responding to a graceful application exit.  You may not want to open that can of worms on a production system!

Start the app in any folder, but I always use c:\windows\system32 since that's where the binary is.

Set the "Run As" user to NT AUTHORITY\SYSTEM.  Doing this allows you to not have to worry about password expiration or account lockout since it's running directly under the system context.  When the task asks for a password, leave it blank.  Keep in mind only admins can delegate the scheduled task impersonation account to the system itself.  (If anybody else could do it, Windows would have a massive security hole!)

After setting the account, you will notice the "Run As" field will be blank.  This is a UI bug in the task scheduler.  If you click OK and then re-open the task, it will show up as NT AUTHORITY\SYSTEM.

Now, set the time to reboot in the "Schedule" tab. 

You are done!

Easy!

At work, I maintain an old Exchange 2003 box which is the company's biggest work horse.  It's old, dusty and outdated, but it works hard and occupies a special place in my silicon heart.

Anyway, I was tasked with adding a new Auto accept agent so that a new conference call number could be booked through Outlook calendar appointments as a resource.  This is all pretty basic Exchange 2003 stuff here.

The problem was I kept getting a strange error when running RegisterMailbox.vbs...

Error 80070426: The service has not been started.

I double checked and the Auto accept agent's service was running.  What gives?

It turns out that the error message is misleading.  What actually happened is my user account did not have the appropriate permission to a DCOM service.  Checking the Event Viewer is what clued me in.  In there I saw...

 

The devil is in the details, listed below...

The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9DA0E103-86CE-11D1-8699-00C04FB98036}
to the user domain\user.  This security permission can be modified using the Component Services administrative tool.

I fired up Component Services, expanded DCOM, found the CLSID for the module, and looked at the Activation permissions.  I was surprised to see that Administrators was not in the list, which  must be why this error is occurring.

I added Administrators and granted the group Local Launch and Local Activation.  After that, Auto accept agent worked once again!  Mystery solved.

I never thought I'd see the day when a liberal presidential candidate would have a stable two-week lead in the polls in my wonderful home state of North Carolina, with the potential for it to carry to election day. Maybe Asheville and the RTP area are beginning to overshadow the more traditionally conservative areas?

Yes, I'm quite liberal (Obama is actually a bit too "right wing" for me, but I still think he will do a fine job). I'm a bleeding heart artist, so my political viewpoint should come as no great surprise.

• Rasmussen Poll for NC - October 2, 2008

This state is still very much a toss-up, so I'm not celebrating yet. However, my wife has stated that she will, in fact, dance in the streets should Obama carry NC. I, for one, would love to see that. Maybe I'll take pictures when she's not looking.

I seem to always run into obscure problems. I must be a magent for them.

The other day, my wife put a bunch of notes in an Outlook/Exchange appointment, including the address of where I needed to go to meet her. I was quite shocked when I got in my car, fired up the GPS, looked at the appointment details in my Exchange-synched WM6 phone and no notes were to be found! I had to quickly call my wife to get the address so I wouldn't be late. Thankfully, she had it on-hand.

So what would cause this? The appointment synched, but the notes were missing.

I did a little googling and found out the reason. It turns out there's a registry setting which limits the size of attached notes so you don't over-run the poor Windows Mobile device's internal storage with a bunch of crap you don't necessarily need on the go. The registry key is HKEY_CURRENT_USER\Software\Microsoft\ActiveSync\BodyTruncation. My BodyTruncation value was set to zero! From what I read, the default value should be 5000, which means it will sync up to 5000 bytes of notes. I have no idea how or when it got set to zero (maybe it was always that way), but that certainly explains why I had NO notes attached at all! :-)

I followed the advise at the above link and set the value to 20480 (hex 5000). I think 20K should be sufficient for appointment notes. But you can set it to whatever value you want!

I like the "classic control panel" view. All the applets are sorted in alphabetical order and I can find what I need really quickly.

I was having some issues in Outlook, so I was looking for the Mail icon, where you can easily create and delete Outlook profiles. However, the Mail icon was nowhere to be found!

I googled the google and found lots of people with the same problem and finally found a resolution. It has to do with my running Vista x64. The Mail icon is a 32-bit applet, so it won't show up next to the 64-bit applets. I needed to look for the "Additional Options" icon and then select "View 32-bit Control Panel Items" to find the Mail icon. One problem: I had a GPO enabled to force the "classic control panel" view on all machines in the domain and the classic view does not allow you to get to the "View 32-bit" section. Bummer!

Thankfully, the GPO was not implemented for security, but instead for my own Control Panel preference, so it would be safe to remove. It was (sadly) time to nuke that GPO, join the rest of the 21st century, and get used to the new multi-tier control panel. The "classic view," afterall, is modeled on the Windows 95/98 style control panel. I'm not that much of a ludite, am I? ;-)

So anyway, after a quick gpupdate /force, I boldly went to the new school "Control Panel Home" and found the "Additional Options" section that was alluding me previously. Now I found my "View 32-bit Control Panel Items" section which contained the mysteriously absent Mail icon.

Why can't classic view contain 32-bit icons? Who knows? But never-the-less, mystery solved.