Friday, August 17, 2007

Disable Windows XP Professional Fast Logon Optimization feature

So Windows XP Pro got the great feature that helps speed up login time. Fast is good, unless it doesn't work.

Well, the Fast Logon feature works, but just not the way "normal" desktop administrator / users would expect.

Read more about it here http://support.microsoft.com/kb/305293.

Bottom line on how to disable this? Use either local group policy or AD group policy to set this value to ENABLE:
Computer Configuration\Administrative Templates\System\Logon\
Always wait for the network at computer startup and logon
Some of the symptoms of this feature are:
  • users not getting network drives at logon
  • users net getting User Configuration GPO settings

Wednesday, July 4, 2007

Vista Ultimate (finally)

After "everyone" is on Vista, I finally obtained a copy of Vista Ultimate. Running on a Dell Inspiron E1405, Core Duo, 2gb memory, things are going well.

However, I did have a few small problems, and here are two three tweaks I used.

1. OpenVPN routing issue
When initiating a connection, I got this error message:
ROUTE: route addition failed using CreateIpForwardEntry: One or more arguments are not correct.

Upon a quick search, all I have to do is add two lines to the .ovpn configuration file.
route-method exe
route-delay 2


That's it. Easy.
2. Wireless Group Policy setting (or, Connect to Wireless Network before domain login)
This one is a bit tougher. In XP, the Dell driver took care of this with a check box that said "connect before login", or something similar.

In Vista, the Dell driver didn't provide such option. So on with Google.
Basically, use AD GPO to assign a wifi profile to your PC at bootup, so it could log in to the wifi network by itself, and establish a connection to available pre-determine SSID.

Check out this link. http://www.microsoft.com/technet/technetmag/issues/2007/04/CableGuy/default.aspx
3. Citrix client reports "Protocol Driver Error" while using CSG (Citrix Secure Gateway)
On two separate Vista computers, I saw this error while trying to launch a published app. Could not figure it out. Firewall, Anti-Virus, nothing.

At one point, I did have one Vista PC running CSG successfully, so I knew it has to work. Turns out, the working Vista PC was using a "incompatible" version of Citrix client (v9.15). Both later Vista PCs were using v10.0. So I went back to 9.15, accepted the "incompatibility" warning message, and got CSG to work.




Wednesday, May 30, 2007

Windows XP Workgroup issues

Since not everyone has a domain controller with AD at home, using Workgroup for file and print sharing is pretty common.

So what happens when a user of a newly rebuilt computer goes home, and is not able to browse workgroup? For those of us who are not using to using Workgroups, the answer is hard to pinpoint, but easy to fix.

The user reported that she can not see other computers in her workgroup. Her firewall was off, and the other computers are working fine in the workgroup. She can ping the other computers. She can also browse the other computers' resources by IP (eg, \\192.168.0.2). So what's missing?

I suspected that it had to do with NetBIOS name resolution. IPConfig shows a node type P (Peer to Peer). I didn't think that was correct, because P means you need a WINS server to perform NetBIOS resolution.

So what's going on? Turns out, it is because it was connected to an network that sets DHCP Option 46. If a computer connects to a network that sets DHCP Option 46 (WINS Node Type), and then connects to a network that does not change that option, it will stay a the previously set node type. In this case the node type was P. So you can manually change it to B for broadcast, which works well in a small workgroup environment.

HKLM\System\CurrentControlSet\Services\NetBt\Parameters\DHCPNodeType = 1 (for broadcast)

Tuesday, May 8, 2007

HP OfficeJet 7200 / 7400 network problem

First, I dislike all-in-ones. The concept is good, but they never do exactly what you want. Second, HP has really undesireable AIO drivers. It tries to be too smart, do too much, and end up delivering much less then you expect. Also, do they have to make 10 programs run at startup!?

OK, here's an observation. I've worked with both HP OfficeJet 7200 and 7400, and have noticed a particular problem. They either don't like to work with the 3com IntelliJack NJ90, or they don't like to work at 100 Mbps / Full Duplex. On both machies, at 100 Full, would fail to print or scan. Go to 10 / Full, and it's ok.

Friday, March 9, 2007

Hong Kong, Chinese New Year, 2007


So, we go to Hong Kong for Chinese New Year, which is a SUPER experience. I knew I was going to take a lot of pictures, but didn't realize with a 8 mpx and 5 mpx camera, I'd end up with over 8GB of data.

Anyways. This is a nice picutre of the stuff you can get in HK. Dancing Lion's head, and the Chinese version of "rodeo clown" head. Kind of fun, kind of creepy. In the back, you can see that you could also get a cowboy hat. Rodeo Clown, indeed.
Posted by Picasa

Friday, January 5, 2007

IIS' "Integrated Windows Authentication"

While trying to get "IWA" to work properly, I ran into two new bits of knowledge.

1. Even if you THINK you are in the "Intranet Zone", you should make sure you are by entering the domain name into Internet Explorer's Local Intranet Sites section.
2. In Firefox, under "about:config", you can add your domain to "network.automatic-ntlm-auth.trused-uris", which will pass your local authentication hash to IIS.

These issues were started by my attempt to make access to internal, NTFS secured web pages seamless. Knowing that Integrated Windows Authentication should work, I was still getting prompted for UN/PW.