Orca 5 for Windows 8

Now that Windows 8 has hit RTM there is a slightly newer version of Orca the MSI editing tool available. This one is version 5.0.9200.0, but when it’s installed, in the Programs and Features dialog it’ll show up as 8.59.25584.

To grab yourself a copy get the Windows SDK for Windows 8, install using the option to ‘download for installation on a separate computer‘, and make sure only ‘Windows Software Development Kit‘ is selected in the features list. You won’t be able to de-select the .NET 4 download.

After your download is complete you can either install Orca from the download directory, or collect up the files you need to keep a copy for use later on. The files you’ll need are listed here and are linked directly to Microsoft download location for ease of collection:

a35cd6c9233b6ba3da66eecaa9190436.cab
fe38b2fd0d440e3c6740b626f51a22fc.cab
Orca-x86_en-us.msi

To install Orca just double-click on Orca-x86_en-us.msi and allow it to install. Job done!

PowerShell 3 for Windows 7, Server 2008 R2, Server 2008 and Vista

Following up on my post of a few years ago on PowerShell 2 being available, Microsoft have now released the bits needed to give you PowerShell 3 on Windows 7, Server 2008 R2, Vista and Server 2008. Sadly no PowerShell 3 lovelyness for XP, but then who really cares. I can barely remember how to use XP now I’m using Windows 8…

So without further a-do here is the download link for PowerShell 3:
http://www.microsoft.com/en-us/download/details.aspx?id=34595

Secrets of configuring DHCP policies for Lync handsets alongside other vendors

After battling with a non-Microsoft DHCP server to get it to configure multiple vendors of handset I figured out some very useful undocumented ‘habits’ of Lync handsets which might help someone else…

1. Lync handsets (e.g. the Polycom CX600) use TWO vendor IDs during their DHCP requests

The first vendor ID that is used during negotiation of an IP address is “CPE-OCPHONE”. This is the legacy ID that was used during the OCS 2007 days. Despite being legacy it is actually the first one that appears on the wire. Knowing this if you are struggling with getting Lync handsets to do vlan tagging you’ll hopefully realise that CPE-OCPHONE is the vendor ID you need to be using in option 60 for the vlan tagging configuration policy in DHCP.

The second vendor ID used is the modern Lync handset ID, namely “MS-UC-Client”. This is the one you use in option 60 when you provide the configuration to the phones.

2. If you have to use a non-Microsoft DHCP server (e.g. QIP) and you are in the middle of migrating from an IP-PBX (e.g. Alcatel) over to Lync but need to use the same voice vlans for both handset vendors, make life easy and use Vendor Class policies.

Using Vendor Class policies assigned to your voice networks means you can have multiple DHCP policies available on a single subnet! This way you can have non-voice clients that get a standard policy, and multiple vendor handsets that can get their own configuration sets. You could configure each individual IP address to have a single DHCP policy and statically assign phones to pre-configured IPs, but that doesn’t scale and it’s horrible to deal with.

Microsoft use vendor classes, and for good reason, so make sure you do your best to configure your non-Microsoft DHCP to use them too. Having to use multiple vendors’ phones is a pretty rare thing so you may not be able to get much support from anywhere.

3. Get hold of a simple network hub and use this with wireshark on a laptop to monitor DHCP traffic. It’s much easier than guessing what settings are (or are not) working.

4. If your network switches support LLDP-MED for goodness sake use it!

LLDP-MED is so much easier to handle and can be assigned to all ports on a switch instead of having to assign a specific voice vlan for a specific port. That and if you can use LLDP-MED you will not need to configure the phone to know what vlan to use for tagging because the LLDP protocol will do that for you.

5. When you’re stuck with a non-Microsoft DHCP server, read this article and this one from TechNet. The info you’ll need is there, they just haven’t really explained it too well.

I plan to do a deep dive into the stages a Lync handset goes through at boot-up and initial configuration in a later article, so if you find any of this of use you may wish to watch out for it.

Long startup and logon delays with a shared Windows 7 desktop

I’m writing with reference to a colleague’s blog post where he has found a very useful fix for a very annoying start up and log-on delay issue in Windows 7 SP1. Here’s his post, worth a read:
http://blog.solarfusion.co.uk/2011/12/windows-7-please-wait-or-welcome-screen.html

We were finding that computers in shared areas which had been logged on by many users (i.e. 50+ user profiles) were experiencing massive delays starting up and logging on. Until he found the fix the only solution was to leave the computers on all the time, or get them to start up really early in the morning.

One fix we tried was removing all the user profiles from the computers, and this only worked some of the time. Then my colleague found the right hot-fix and all of a sudden our startup and logon times dropped back to a few minutes. Big relief!

Here’s the relevant hotfix: http://support.microsoft.com/kb/2617858

See the blog entry (linked above) for a detailed explanation.

Latest Lync Server 2010 Resource Kit Tools

As of 1st December 2011 there is now a new version of the Lync Server 2010 Resource Kit Tools available to download. You should uninstall the old version before you install the new one.

This update brings us to version 4.0.7577.172 (now .197) and it is downloadable from here:
http://www.microsoft.com/download/en/details.aspx?id=21165

It is recommended that you also update any other components of Lync Server 2010 to the latest versions by downloading and running the LyncServerUpdateInstaller from here:
http://www.microsoft.com/download/en/details.aspx?id=11551

Office 2007 SP3 available for download

I read last night that the latest (and last) service pack for Office 2007 was out. After googling this morning I found it way too hard to find the ‘actual’ download for the damned thing, so I’m presenting the results of my efforts here for easy finding…

List of all 2007 Office system SP3, 2007 Office servers SP3, and Windows SharePoint Services 3.0 SP3 packages: http://support.microsoft.com/kb/2591018

And the real download for the Office 2007 SP3 is here (351 MB)

A way to run a 64-bit process from a 32-bit script (like add a registry key)

Say you have a need to add a registry key into the 64-bit registry hive but you’re stuck with doing it from a vbscript running in a 32-bit process. For example SCCM always runs vbscript in a 32-bit process, even on a 64-bit Windows machine! If you try this normally Windows 7 64-bit will redirect the key to the virtual 32-bit hive. So running in a 32-bit process if we want to add a key to HKLM\Software\ you will find it will always end up in HKLM\Software\Wow6432Node\ no matter what you do.

I couldn’t find a way to do it directly using vbscript in the short time I spent looking into it, but I did find a sneaky indirect way. My method is to execute a command to add a scheduled task into Windows that will do it for you!

I’ve written a bit of vbscript which will create a run-once self-deleting scheduled task that can be used to run a command such as REG ADD which will be running as a 64-bit process, assuming you use it on Windows x64. The only thing you need to have is admin rights, the rest will happen automatically.

You could use it for all sorts of things, like getting access to an area of the OS that needs LOCAL SYSTEM rights for example. You must remember though it’s just for firing off a command that you don’t need a response from. You need to test whatever you fire-off because you can’t check what you’ve done from within the script!

Click here to see my function on pastebin

To use the vbscript function you need to call the CreateJob() function and pass it the command that you want to run. For example if we call the following…

CreateJob("REG ADD HKLM\Software\64BitKey /v 64BitValue /d 64BitData /f")

…then my function will create a scheduled task that runs the command between the quotes 1 minute after it is created. Once the task completes it will then delete itself automatically, whether it succeeds or fails. The command in my example will create a registry key HKLM\Software\64BitKey with a new REG_SZ value 64BitValue which has the string data 64BitData.

I’ve commented the code as best I can. Basically the scheduled task that is created will have a unique name every time due the use of a guid string for the name. The task will work on XP, Vista and Windows 7, and on 32-bit or 64-bit, but it will always be in ‘XP mode’ so that it will delete itself after it is executed.

Here’s a slightly generic example of use:

Adding a registry key HKLM\Software\RegKey with KeyName that has a DWORD value of 000000FF:
CreateJob("REG ADD HKLM\Software\RegKey /v KeyName /t REG_DWORD /d 0xFF /f")
Notice here the use of 0xFF to specify the hex value, and the /f switch to force the key to add. If we don’t use /f and the value is already there then the command will perpetually wait for a response.

Here are some screenshots proving it works…

1. running the script in an Admin CMD prompt running in 32-bit mode on a 64-bit machine

2. proving the script is running as a 32-bit process

3. showing the scheduled task about to run

4. and finally the registry key after it has been created, definitely in the 64-bit hive!

For more info about the REG ADD command either go here, try typing reg add /? in the command-line, or you could Google it.

The right way to do my precise example is use WMI as mentioned here but my way is more flexible because you can do other stuff like run apps in a 64-bit process as well…

Anyway, here’s my function. Have fun with it, and don’t forget, you’re running as the SYSTEM account when you use this, so please be careful!


Function CreateJob(strCommand)
    Const SHELL_WAIT = True
    Const SHELL_HIDE = 0
    CreateJob = False
    ' Get date & time 1 minute in advance
    ' And it must be at least 1 minute
    ' Source: w3schools, & mikeblas on hardforum.com
    Dim strDateTime : strDateTime = DateAdd("n", 1, Now())
    Dim strDate     : strDate = LEFT(strDateTime, InStr(strDateTime, " ")-1)
    Dim strTime     : strTime = MID(strDateTime, InStr(strDateTime, " ")+1)

    ' define the command we will run to create the once-only scheduled task
    ' uses a new guid for the name each time so it will be a unique task
    Dim strJobCmd   : strJobCmd = "schtasks.exe /Create /TN " & _
        getGuid & " /RU SYSTEM /ST " & _
        strTime & " /SD " & _
        strDate & " /SC ONCE /TR """ & _
        strCommand & """"
        ' on Vista/Win7 must create task as XP-readable type using /V1
        ' this is so it will delete itself propely (bug in schtasks) using /Z
        If onVistaWin7 Then strJobCmd = strJobCmd & " /Z /V1"
    WScript.echo strJobCmd
    Dim oJobShell : Set oJobShell = CreateObject("WScript.Shell")
    Dim jobRet : jobRet = oJobShell.Run(strJobCmd, SHELL_HIDE, SHELL_WAIT)
    If jobRet = 0 Then CreateJob = True
    ' here we tried to make the task and get the result to a variable
    ' if the return is non-zero then the creation of the task errored
    Set oJobShell = Nothing
End Function

Function getGuid
    ' this functions gets a unique guid and returns it as a string
    Dim TypeLib : Set TypeLib = CreateObject("Scriptlet.TypeLib")
    getGuid = Left(CStr(TypeLib.Guid),38)
    ' above line also removes some strageness at the end
    Set TypeLib = Nothing
End Function

Function onVistaWin7
    ' this function returns true on Vista or above (incl. Srv2008)
    Dim colOSver, objOSver
    onVistaWin7 = False
    Set colOSver = GetObject("WinMgmts:root\cimv2").ExecQuery _
        ("Select Version from Win32_OperatingSystem")
    For Each objOSver In colOSver
        If Left(objOSver.Version,1) >= 6 Then onVistaWin7 = True
    Next
    Set colOSver = Nothing
End Function

Orca 5 – msi editing tool for Windows 7

I finally realised where to get hold of version 5 of Orca – the one most suitable for Windows 7 able to validate .msi files for Windows Installer 5. It was of course in the Windows SDK for Windows 7 and .NET Framework 4. Unfortunately there’s no mini-download for the msi sdk like with version 4.5, so for simplicity I’ve acquired the .msi for orca and put it online for download…

Orca 5.0.7693.0 (2.1MB)

If you would rather download the official version from Microsoft you need to install the debugging tools from the Windows SDK, then go in to Program Files\Windows SDK\7.1\Bin and orca.msi will be in there.

[Update 2012-09-08: there’s now a slightly newer version available here]

Protecting yourself from tracked advertising

On-line privacy is getting harder and harder as more and more services and shops go on-line. As a person highly concerned with privacy tracked advertising is just one of the many things that I despise.

Not sure how I missed this one but I’ve just discovered a way of opting-out of a lot of tracked advertising, and it involves setting special opt-out cookies…

Here’s the link to get you started: http://www.youronlinechoices.com

Use a D-Link DIR-825 to automatically IPv6 your network

(Please note this article is now somewhat out of date as D-Link have started to trickle out a new version of software for this router which changes its ipv6 functionality and completely fixes the ipv6 router advertisement issue – here is an EU beta version that I found after scouring the d-link forums: DIR-825 2.05EU, and I think the US version is available from the US ftp site too.)

My cable router died recently so I took the opportunity to replace it with something good. I grabbed a D-Link DIR-825 (revision B) since I knew it supported IPv6 natively after doing lots of research and finding an excellent list on SixXS.net. It was a bit pricey (£120) but I believe it was worth it for the massive feature set – including the quad-band wireless which has prooved excellent so far.

Set-up was super easy. As with most cable setups, just plug it in to the modem and you’re away since there’s no mess with internet credentials, at least in my case anyway.

Now the IPv6 bit. I have a subnet obtained from Hurrican Electric’s Tunnel Broker and when you’re given a subnet they offer you a /64 subnet, and a routed /48 subnet as well. You should only need the /64 subnet, but you can get the /48 as well if you like, we won’t use it here.

Assuming you’ve signed up at HE and acquired an IPv6 subnet, keep the tunnel details page handy so you can use them in the admin interface of the router.

In the advanced section of the DIR-825 switch to the IPv6 page. Then change the connection type to “IPv6 in IPv4 tunnel”. Now we start entering addresses…
The remote and local addresses match up with the addresses on the tunnel details page, so for the Remote IPv4 address use the “Server IPv4 address” from the tunnel details page, Remote IPv6 address is the “Server IPv6 address”, and so on for the local addresses, using the “Client” addresses.

Key here is making sure you don’t include the “/64” bit and also remember to not use the short notation for the v6 addresses. For example if you have a server ipv6 address that says: “2001:470:1234:567::1/64” you should instead enter “2001:470:1234:567:0:0:0:1″. That’s because IPv6 addresses are usually given in a more human-readable format and they miss out the pointless bits, like the zero-sections at the end (where shorthand like :: is used to mean :0:0:0: ). Do the same for the client IPv6 address too.

Now you want to type in your routed /64 address in to the LAN IPv6 Address for the router. The tunnel details page will just give you a subnet notation (e.g. 2001:470:1235:567::/64) so stick a 1 on the end before the /64 and that’ll be your router’s internal LAN address, (e.g. 2001:470:1235:567:0:0:0:1). Notice that the  3rd section of the address will be 1 number higher than your client IPv6 subnet.

Finally in the address autoconfiguration section, check the enable autoconfiguration box and switch to Stateful (DHCP v6). This will give IPv6 addresses to your clients that support DHCPv6. I believe you don’t have to do this, and you can use stateless to do it aswell, but I wanted fully public IPv6 address, so I’ve gone for stateful in my case.

And so finally we click the Save Settings button at the top, and you’re done! Time to test it out. Try ipv6.google.com for starters 🙂
Ocassionally it doesn’t work. If not check on the tunnelbroker.net site and make sure you router’s wan ip address is listed on the tunnel details page. If it isn’t you need to get that filled in, so click the link next to the client ipv4 address entry and fill it in. Hopefully you have a static IP don’t you…! There does seem to be a way of dynamically updating the client ipv4 address with hurricane electric, but that would still mean updating the config on the router which would be annoying of course.

Here’s a sanitised screen-shot of my router config for reference:

Added on 20th Feb 2011: I realised recently that IPv6 wasn’t quite working all of the time on my computers served by my router and after extensive investigation I discovered that the router wasn’t advertising it’s link-local address often enough (or at all). As a result my IPv6 clients were finding they didn’t have the necessary routes to talk IPv6 to the internet.
The solution turned out to be to add a persistent static route to the IPv6 internet via the internal Link-Local address of the router.
Here’s the fix, just run it from an admin cmd prompt, and replace the [link-local address] section with your router’s link-local address (which you can find on the ipv6 config page):

route -p add ::/0 [link-local address]