Excel will not open a workbook when double clicking the file or opening an attachment in Outlook.

Had an issue where a user was opening excel files from explorer. Excel would load up, but the workbook would not launch. You could go to File Open and open the file just fine.

We had recreated his profile and made sure that there was nothing wonky in his xlstart folder and yet this issue still kept happening. Well, there is a check box  in  excels options that says something to the effect of disabling other application to access excel. If this is checked you will not be able to have outlook, explorer, or anything else open excel for you when you click on a file.

The problem was that this check box "somehow" got checked. Doing a little poking around on the Internet gave me the following information as well as booting up a test machine to play with it.

Here are the settings in the registry that were set.


Windows Registry Editor Version 5.00


[HKEY_CLASSES_ROOT\Excel.Sheet.8\shell\Open\command]
@="\"C:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE\" /e"
"command"=hex(7):27,00,5d,00,67,00,41,00,56,00,6e,00,2d,00,7d,00,66,00,28,00,\
5a,00,58,00,66,00,65,00,41,00,52,00,36,00,2e,00,6a,00,69,00,45,00,58,00,43,\
00,45,00,4c,00,46,00,69,00,6c,00,65,00,73,00,3e,00,21,00,44,00,65,00,40,00,\
5d,00,56,00,7a,00,28,00,72,00,3d,00,66,00,60,00,31,00,6c,00,66,00,71,00,60,\
00,3f,00,52,00,26,00,20,00,2f,00,65,00,00,00,00,00

Notice the /e at the end, when that is replaced with “%1”, even if the check box in excel is checked to ignore other applications requesting information from DDE, the application will still request the information via dynamic data exchange. If the /e is taken out of the key, excel will open up a document, and a blank workbook will show up, but the file requested will not show up. At least in my testing, it looks like “%1” is the only way to get it to ignore the check box and get the file to come up.
Here is the reg dump for the key being set with “%1”

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Excel.Sheet.8\shell\Open\command]
@="\"C:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE\" \"%1\""
"command"=hex(7):27,00,5d,00,67,00,41,00,56,00,6e,00,2d,00,7d,00,66,00,28,00,\
5a,00,58,00,66,00,65,00,41,00,52,00,36,00,2e,00,6a,00,69,00,45,00,58,00,43,\
00,45,00,4c,00,46,00,69,00,6c,00,65,00,73,00,3e,00,21,00,44,00,65,00,40,00,\
5d,00,56,00,7a,00,28,00,72,00,3d,00,66,00,60,00,31,00,6c,00,66,00,71,00,60,\
00,3f,00,52,00,26,00,20,00,22,00,25,00,31,00,22,00,00,00,00,00

It’s hard to tell for sure why this is happening, but some of my researching suggests updates could switch these keys around. Also, I would like to note that on my test machines I was able to use excel just fine with the /e key at the end of the strings, until I checked the check box to ignore other applications. Once that check box was checked, I was unable to open files unless I put in the “%1”.

0_o Just another day in MS land I guess. I would be interested if anyone else has had issues with this.

Thanks!

Lockdown Internet Explorer 7 Address Bar, Print, and Menu options.

The following screenshot shows that the address bar is disabled, navigation is also disabled, as well as the print buttons and file menu item. These settings are applied by using a custom ADM file in Group Policy.

The following group policy settings should be applied to the servers. These policies will disable any workaround that the user may use to gain access to another website.

Users\Administrative\Templates\Internet Explorer

\Internet Control Panel

\Browser Menus

\Toolbars

ADM file to be added.

CLASS Machine
CATEGORY InternetExplorer7Lockdown
POLICY "IE7 Lockdown Settings"
EXPLAIN !!Help
KEYNAME "Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions"
PART !!Addressbar_title DROPDOWNLIST REQUIRED
VALUENAME "NoAddressBar"
ITEMLIST
NAME !!Addressbar_enable VALUE NUMERIC 0 DEFAULT
NAME !!Addressbar_disable VALUE NUMERIC 1
END ITEMLIST
END PART
PART !!NavButtons_title DROPDOWNLIST REQUIRED
VALUENAME "NoNavBar"
ITEMLIST
NAME !!NavButtons_enable VALUE NUMERIC 0 DEFAULT
NAME !!NavButtons_disable VALUE NUMERIC 1
END ITEMLIST
END PART
END POLICY
POLICY "Disable: Printing"
Explain !!Help2
KEYNAME "SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER"
PART !!PrintButton DROPDOWNLIST REQUIRED
VALUENAME "Btn_print"
ITEMLIST
NAME !!PrintShow VALUE NUMERIC 1 DEFAULT
NAME !!PrintHide VALUE NUMERIC 2
END ITEMLIST
END PART
END POLICY
POLICY "Disable: File Menu"
Explain !!Help3
KEYNAME "SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER"
PART !!FileMenu DROPDOWNLIST REQUIRED
VALUENAME "NoFileMenu"
ITEMLIST
NAME !!FileShow VALUE NUMERIC 1 DEFAULT
NAME !!FileHide VALUE NUMERIC 2
END ITEMLIST
END PART
END POLICY
END CATEGORY 
[strings]
InternetExplorer7Lockdown="IE7 Settings"
Addressbar_title="Set the IE7 Address bar to: 
Addressbar_enable="Enabled"
Addressbar_disable="Disabled" 
NavButtons_title="Set the IE7 Navagation buttons to: 
NavButtons_enable="Enabled"
NavButtons_disable="Disabled" 
PrintButton="Hide Printer button?"
PrintShow="No"
PrintHide="Yes"
FileMenu="Hide File menu?"
Fileshow="No"
Filehide="Yes"
; explains
Help="Enabled: This policy will change registry settings to disable the address bar and navigation buttons IE7." 
Help2="Enabled: This policy will allow you to Hide or Show the print button in IE7." 
Help3="Enabled: This policy will allow you to Hide or Show the File menu item in IE7."

Issues:

Users will still be able to press CTRL+P to print – I am unable to find a way around this.

IE7 Disable toolbar, Navigation Bar and printing via Group Policy and Custom ADM file

The scenario was that a customer needed to lock down IE7 on their plant floors. The application they use to run the machines was a homebrewed application and called IE to open up some documents. The application was presented to the users via Citrix, so it was the only app they could see. Once they would open up the app they were going out and opening documents, then surfing on over to whatever sites they wanted.

They also would try and print recipies or whatever but would end up sending the print job to the wrong printer (there is not a lot of control at the plants to use group policy printing) and screw up label printers or other such devices.

The solution?! Group policy and a custom ADM built to change the registry keys!

Here is the ADM, just copy and paste into notepad and save it with a .adm extension (be sure to change file type to all!!)

APP-V Server install

Found a very helpful write-up on how to get app-v installed on a Server 2k8r2 box.

They tech net articles are a little convoluted, while all the information is there, you have to find about 10 articles to get things set up.

http://social.technet.microsoft.com/wiki/contents/articles/how-to-install-and-configure-the-app-v-management-server.aspx

Also, one of the things that I had issues with was the fact that .net 4 was installed on the servers. Make sure to uninstall .net 4 framework before trying to install app-v, unless you like scratching your head.

Remember to reinstall .net 4 after though

Cheers!

Ports to be opened when using RD Web in a DMZ

 

Found this on MSDN’s blog. Has a good write-up on what ports need to be open in different scenarios.

http://blogs.msdn.com/b/rds/archive/2009/07/31/rd-gateway-deployment-in-a-perimeter-network-firewall-rules.aspx

Domain Controller Assessment

I really wish Microsoft would release a single product that would be able to assess the health of the overall domain controller.

Server 2008 does come with built in Best Practice Analyzers and they are very helpful.

This is really nice because you are able to click on anything that gives you a warning or error and open up the properties of that error.

As you can see, Microsoft even suggests how to fix the issue.

This is all fine and good and you can run these BPA on any of the roles you have installed, however, some times you run into a server that is so broken that these BPAs won’t run. That is when you have to use a basket full of commands. I have added in few that I use and just put them into a batch file that I can run on the servers.

Example:

mkdir c:\<Folder> dnscmd /info > c:\<Folder>\dnsinfo.txt dnscmd <SERVERNAME> /directorypartitioninfo DomainDnsZones.<DOMAIN> > c:\<Folder>\dnspartitioninfoDomain.txt dnscmd <SERVERNAME> /directorypartitioninfo forestDnsZones.<DOMAIN>> c:\<FOLDER>\dnspartitioninfoForest.txt repadmin /showreps > c:\<FOLDER>\replog.txt repadmin /replsum /errorsonly > c:\<FOLDER>\replogerror.txt route print > c:\<FOLDER>\routes.txt copy c:\windows\system32\drivers\etc\* c:\<FOLDER>\

I grab the routes as well as all the files in the etc folder because I have run across issues before where someone had gone in and put static routes on the servers or static entries in the hosts file or protocols file that had me scratching my head for a few hours until I figured it out. It’s best to just grab these files and make sure they are clean.

I would like to know what other commands people use and why they use them, maybe we can get a super script that will take 2 seconds to run and generate a nice report with useful information.

EDIT: I left DCDIAG and NETDIAG.. not sure why.. I just did

Exporting a list of services from all machines in your domain

 

This can be done pretty quick with a power script, rather than going into each machine and opening up services and exporting manually.

Get-Service | Export-Csv -path "C:\services.csv"

Ranked Dimms?

 

So, today I was specing out a couple SQL servers, and I have not had to do any hardware specing in a few years, so things sure have changed when looking into the hardware components. One of the things that I was seeing on HPs site was Ranked Dimms. I found this website that explained what Ranked Dimms are, good read!

http://www.oempcworld.com/support/Whatis_4-Rank_DIMM_Memory.htm

Remote uninstall of SEP 11

 

http://www.symantec.com/business/support/index?page=content&id=TECH105827&locale=en_USWhile Logged into an account that has domain admin rights, you can run this command after downloading psexec.exe from Microsoft.

psexec @c:\computers.txt MsiExec.exe /norestart /q/x{2EFCC193-D915-4CCB-9201-31773A27BC06} REMOVE=ALL

Where @c:\computers.txt is a txt file that I pulled from the AD computers OU and chopped it up in excel so that it lists all the computers, one line at a time.

Example:

XPPC001 XPPC002 XPPC003

{2EFCC193-D915-4CCB-9201-31773A27BC06} is the uninstall string from the local systems registry. This can be found by going to

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

http://www.symantec.com/business/support/index?page=content&id=TECH105827&locale=en_US

If there is a password set on the clients you can:

A) disable it from the SEP Manager

B) Edit the registry to zero out the password Value.

I will post how to do this soon.

Ever want to double check who has what FSMO roles quick?

 

I always seem to forget the stupid command to type to look at show what servers hold what FSMO roles. This can be nice when walking into a network that is having issues and there are multiple domain controllers. Knowing what domain controllers do what can help in your troubleshooting.

Open up a command prompt with enterprise admin privileges and run the following command.

Netdom query fsmo

You should see something to the effect of..