Orca 5 for Windows 8

Now that Windows 8 has hit RTM there is a slightly newer version of Orca the MSI editing tool available. This one is version 5.0.9200.0, but when it’s installed, in the Programs and Features dialog it’ll show up as 8.59.25584.

To grab yourself a copy get the Windows SDK for Windows 8, install using the option to ‘download for installation on a separate computer‘, and make sure only ‘Windows Software Development Kit‘ is selected in the features list. You won’t be able to de-select the .NET 4 download.

After your download is complete you can either install Orca from the download directory, or collect up the files you need to keep a copy for use later on. The files you’ll need are listed here and are linked directly to Microsoft download location for ease of collection:

a35cd6c9233b6ba3da66eecaa9190436.cab
fe38b2fd0d440e3c6740b626f51a22fc.cab
Orca-x86_en-us.msi

To install Orca just double-click on Orca-x86_en-us.msi and allow it to install. Job done!

PowerShell 3 for Windows 7, Server 2008 R2, Server 2008 and Vista

Following up on my post of a few years ago on PowerShell 2 being available, Microsoft have now released the bits needed to give you PowerShell 3 on Windows 7, Server 2008 R2, Vista and Server 2008. Sadly no PowerShell 3 lovelyness for XP, but then who really cares. I can barely remember how to use XP now I’m using Windows 8…

So without further a-do here is the download link for PowerShell 3:
http://www.microsoft.com/en-us/download/details.aspx?id=34595

Secrets of configuring DHCP policies for Lync handsets alongside other vendors

After battling with a non-Microsoft DHCP server to get it to configure multiple vendors of handset I figured out some very useful undocumented ‘habits’ of Lync handsets which might help someone else…

1. Lync handsets (e.g. the Polycom CX600) use TWO vendor IDs during their DHCP requests

The first vendor ID that is used during negotiation of an IP address is “CPE-OCPHONE”. This is the legacy ID that was used during the OCS 2007 days. Despite being legacy it is actually the first one that appears on the wire. Knowing this if you are struggling with getting Lync handsets to do vlan tagging you’ll hopefully realise that CPE-OCPHONE is the vendor ID you need to be using in option 60 for the vlan tagging configuration policy in DHCP.

The second vendor ID used is the modern Lync handset ID, namely “MS-UC-Client”. This is the one you use in option 60 when you provide the configuration to the phones.

2. If you have to use a non-Microsoft DHCP server (e.g. QIP) and you are in the middle of migrating from an IP-PBX (e.g. Alcatel) over to Lync but need to use the same voice vlans for both handset vendors, make life easy and use Vendor Class policies.

Using Vendor Class policies assigned to your voice networks means you can have multiple DHCP policies available on a single subnet! This way you can have non-voice clients that get a standard policy, and multiple vendor handsets that can get their own configuration sets. You could configure each individual IP address to have a single DHCP policy and statically assign phones to pre-configured IPs, but that doesn’t scale and it’s horrible to deal with.

Microsoft use vendor classes, and for good reason, so make sure you do your best to configure your non-Microsoft DHCP to use them too. Having to use multiple vendors’ phones is a pretty rare thing so you may not be able to get much support from anywhere.

3. Get hold of a simple network hub and use this with wireshark on a laptop to monitor DHCP traffic. It’s much easier than guessing what settings are (or are not) working.

4. If your network switches support LLDP-MED for goodness sake use it!

LLDP-MED is so much easier to handle and can be assigned to all ports on a switch instead of having to assign a specific voice vlan for a specific port. That and if you can use LLDP-MED you will not need to configure the phone to know what vlan to use for tagging because the LLDP protocol will do that for you.

5. When you’re stuck with a non-Microsoft DHCP server, read this article and this one from TechNet. The info you’ll need is there, they just haven’t really explained it too well.

I plan to do a deep dive into the stages a Lync handset goes through at boot-up and initial configuration in a later article, so if you find any of this of use you may wish to watch out for it.

Long startup and logon delays with a shared Windows 7 desktop

I’m writing with reference to a colleague’s blog post where he has found a very useful fix for a very annoying start up and log-on delay issue in Windows 7 SP1. Here’s his post, worth a read:
http://blog.solarfusion.co.uk/2011/12/windows-7-please-wait-or-welcome-screen.html

We were finding that computers in shared areas which had been logged on by many users (i.e. 50+ user profiles) were experiencing massive delays starting up and logging on. Until he found the fix the only solution was to leave the computers on all the time, or get them to start up really early in the morning.

One fix we tried was removing all the user profiles from the computers, and this only worked some of the time. Then my colleague found the right hot-fix and all of a sudden our startup and logon times dropped back to a few minutes. Big relief!

Here’s the relevant hotfix: http://support.microsoft.com/kb/2617858

See the blog entry (linked above) for a detailed explanation.

Latest Lync Server 2010 Resource Kit Tools

As of 1st December 2011 there is now a new version of the Lync Server 2010 Resource Kit Tools available to download. You should uninstall the old version before you install the new one.

This update brings us to version 4.0.7577.172 (now .197) and it is downloadable from here:
http://www.microsoft.com/download/en/details.aspx?id=21165

It is recommended that you also update any other components of Lync Server 2010 to the latest versions by downloading and running the LyncServerUpdateInstaller from here:
http://www.microsoft.com/download/en/details.aspx?id=11551

Office 2007 SP3 available for download

I read last night that the latest (and last) service pack for Office 2007 was out. After googling this morning I found it way too hard to find the ‘actual’ download for the damned thing, so I’m presenting the results of my efforts here for easy finding…

List of all 2007 Office system SP3, 2007 Office servers SP3, and Windows SharePoint Services 3.0 SP3 packages: http://support.microsoft.com/kb/2591018

And the real download for the Office 2007 SP3 is here (351 MB)

A way to run a 64-bit process from a 32-bit script (like add a registry key)

Say you have a need to add a registry key into the 64-bit registry hive but you’re stuck with doing it from a vbscript running in a 32-bit process. For example SCCM always runs vbscript in a 32-bit process, even on a 64-bit Windows machine! If you try this normally Windows 7 64-bit will redirect the key to the virtual 32-bit hive. So running in a 32-bit process if we want to add a key to HKLM\Software\ you will find it will always end up in HKLM\Software\Wow6432Node\ no matter what you do.

I couldn’t find a way to do it directly using vbscript in the short time I spent looking into it, but I did find a sneaky indirect way. My method is to execute a command to add a scheduled task into Windows that will do it for you!

I’ve written a bit of vbscript which will create a run-once self-deleting scheduled task that can be used to run a command such as REG ADD which will be running as a 64-bit process, assuming you use it on Windows x64. The only thing you need to have is admin rights, the rest will happen automatically.

You could use it for all sorts of things, like getting access to an area of the OS that needs LOCAL SYSTEM rights for example. You must remember though it’s just for firing off a command that you don’t need a response from. You need to test whatever you fire-off because you can’t check what you’ve done from within the script!

Click here to see my function on pastebin

To use the vbscript function you need to call the CreateJob() function and pass it the command that you want to run. For example if we call the following…

CreateJob("REG ADD HKLM\Software\64BitKey /v 64BitValue /d 64BitData /f")

…then my function will create a scheduled task that runs the command between the quotes 1 minute after it is created. Once the task completes it will then delete itself automatically, whether it succeeds or fails. The command in my example will create a registry key HKLM\Software\64BitKey with a new REG_SZ value 64BitValue which has the string data 64BitData.

I’ve commented the code as best I can. Basically the scheduled task that is created will have a unique name every time due the use of a guid string for the name. The task will work on XP, Vista and Windows 7, and on 32-bit or 64-bit, but it will always be in ‘XP mode’ so that it will delete itself after it is executed.

Here’s a slightly generic example of use:

Adding a registry key HKLM\Software\RegKey with KeyName that has a DWORD value of 000000FF:
CreateJob("REG ADD HKLM\Software\RegKey /v KeyName /t REG_DWORD /d 0xFF /f")
Notice here the use of 0xFF to specify the hex value, and the /f switch to force the key to add. If we don’t use /f and the value is already there then the command will perpetually wait for a response.

Here are some screenshots proving it works…

1. running the script in an Admin CMD prompt running in 32-bit mode on a 64-bit machine

2. proving the script is running as a 32-bit process

3. showing the scheduled task about to run

4. and finally the registry key after it has been created, definitely in the 64-bit hive!

For more info about the REG ADD command either go here, try typing reg add /? in the command-line, or you could Google it.

The right way to do my precise example is use WMI as mentioned here but my way is more flexible because you can do other stuff like run apps in a 64-bit process as well…

Anyway, here’s my function. Have fun with it, and don’t forget, you’re running as the SYSTEM account when you use this, so please be careful!


Function CreateJob(strCommand)
    Const SHELL_WAIT = True
    Const SHELL_HIDE = 0
    CreateJob = False
    ' Get date & time 1 minute in advance
    ' And it must be at least 1 minute
    ' Source: w3schools, & mikeblas on hardforum.com
    Dim strDateTime : strDateTime = DateAdd("n", 1, Now())
    Dim strDate     : strDate = LEFT(strDateTime, InStr(strDateTime, " ")-1)
    Dim strTime     : strTime = MID(strDateTime, InStr(strDateTime, " ")+1)

    ' define the command we will run to create the once-only scheduled task
    ' uses a new guid for the name each time so it will be a unique task
    Dim strJobCmd   : strJobCmd = "schtasks.exe /Create /TN " & _
        getGuid & " /RU SYSTEM /ST " & _
        strTime & " /SD " & _
        strDate & " /SC ONCE /TR """ & _
        strCommand & """"
        ' on Vista/Win7 must create task as XP-readable type using /V1
        ' this is so it will delete itself propely (bug in schtasks) using /Z
        If onVistaWin7 Then strJobCmd = strJobCmd & " /Z /V1"
    WScript.echo strJobCmd
    Dim oJobShell : Set oJobShell = CreateObject("WScript.Shell")
    Dim jobRet : jobRet = oJobShell.Run(strJobCmd, SHELL_HIDE, SHELL_WAIT)
    If jobRet = 0 Then CreateJob = True
    ' here we tried to make the task and get the result to a variable
    ' if the return is non-zero then the creation of the task errored
    Set oJobShell = Nothing
End Function

Function getGuid
    ' this functions gets a unique guid and returns it as a string
    Dim TypeLib : Set TypeLib = CreateObject("Scriptlet.TypeLib")
    getGuid = Left(CStr(TypeLib.Guid),38)
    ' above line also removes some strageness at the end
    Set TypeLib = Nothing
End Function

Function onVistaWin7
    ' this function returns true on Vista or above (incl. Srv2008)
    Dim colOSver, objOSver
    onVistaWin7 = False
    Set colOSver = GetObject("WinMgmts:root\cimv2").ExecQuery _
        ("Select Version from Win32_OperatingSystem")
    For Each objOSver In colOSver
        If Left(objOSver.Version,1) >= 6 Then onVistaWin7 = True
    Next
    Set colOSver = Nothing
End Function

Orca 5 – msi editing tool for Windows 7

I finally realised where to get hold of version 5 of Orca – the one most suitable for Windows 7 able to validate .msi files for Windows Installer 5. It was of course in the Windows SDK for Windows 7 and .NET Framework 4. Unfortunately there’s no mini-download for the msi sdk like with version 4.5, so for simplicity I’ve acquired the .msi for orca and put it online for download…

Orca 5.0.7693.0 (2.1MB)

If you would rather download the official version from Microsoft you need to install the debugging tools from the Windows SDK, then go in to Program Files\Windows SDK\7.1\Bin and orca.msi will be in there.

[Update 2012-09-08: there’s now a slightly newer version available here]

Protecting yourself from tracked advertising

On-line privacy is getting harder and harder as more and more services and shops go on-line. As a person highly concerned with privacy tracked advertising is just one of the many things that I despise.

Not sure how I missed this one but I’ve just discovered a way of opting-out of a lot of tracked advertising, and it involves setting special opt-out cookies…

Here’s the link to get you started: http://www.youronlinechoices.com