Saturday, March 27, 2010

How to Use the Group Policy Results (GPResult.exe) Command Line Tool

Intended for administrators, the Group Policy Results (GPResult.exe) command line tool verifies all policy settings in effect for a specific user or computer. Administrators can run GPResult on any remote computer within their scope of management. By default, GPResult returns settings in effect on the computer on which GPResult is run.

To run GPResult on your own computer:

1.

Click Start, Run, and enter cmd to open a command window.

2.

Type gpresult and redirect the output to a text file as shown in Figure 1 below:

Directing GPResult data to a text file

Figure 1. Directing GPResult data to a text file

3.

Enter notepad gp.txt to open the file. Results appear as shown in the figure below.

Verifying policies with GPResult

Figure 2. Verifying policies with GPResult

Administrators can also direct GPResult to other users and computers. Complete parameters of the tool are shown in the table below.

Using GPResult Command Line Tool

ParametersFunction

/s Computer

Specifies the name or IP address of a remote computer. (Do not use backslashes.) The default is the local computer.

/u Domain\User

Runs the command with the account permissions of the user that is specified by User or Domain\User. The default is the permissions of the current logged-on user on the computer that issues the command.

/p Password

Specifies the password of the user account that is specified in the /u parameter.

/user TargetUserName

Specifies the user name of the user whose RSOP data is to be displayed.

/scope {user|computer}

Displays either user or computer results. Valid values for the /scope parameter are user or computer. If you omit the /scope parameter, gpresult displays both user and computer settings.

/v

Specifies that the output display verbose policy information.

/z

Specifies that the output display all available information about Group Policy. Because this parameter produces more information than the /v parameter, redirect output to a text file when you use this parameter (for example, gpresult /z >policy.txt).

/?

Displays help at the command prompt.


Wednesday, March 17, 2010

Vista -- print spooler service constantly stops. I cannot print.


This problem is similar to mine, and the solution was found by reading an earlier posting of Vista and print spool problems in Word. But the problem is not limited just to Vista OS, seems to affect many versions of Word using newest HP Printers in XP too. You fix the problem by unchecking the box "allow background printing" in MS Word "tools/options/print" menu.

I run XP and have a new HP 6000 inkjet locally connected that spools Word 97 docs for hours. (Never bothered to update Word all these years as I don't use it much). Then I unchecked the "allow background printing" box and solved my problem.

For Word 2007, CLick (Office button) > Word Options, in print section unchecked "Print in background".

Sunday, March 14, 2010

HP Laserjet printer 49.3048 Service Error"

Don't print those documents again; if necessary, remove the offending document from the print queue on the computer that caused it. On Windows or Macs, stop the printer queue and remove all the jobs from it. On linux, use 'lprm''. Don't try printing the same file again if you can help it.

If you can (e.g. on Windows), try using a different printer language (say, PCL instead of postscript).

Unplugged the printer from the network or computer and turned off. If that doesn't work try a cold reset. Turn the printer on and once the memory starts to count up press and hold the check button until the three lights light up and release then scroll down and hit the check mark on cold reset and see if the printer comes to ready.

Wednesday, March 10, 2010

Turn Windows features on or off

Applies to all editions of Windows 7

Some programs and features included with Windows, such as Internet Information Services, must be turned on before you can use them. Certain other features are turned on by default, but you can turn them off if you don’t use them.

To turn a feature off in earlier versions of Windows, you had to uninstall it completely from your computer. In this version of Windows, the features remain stored on your hard disk so you can turn them back on if you want to. Turning off a feature does not uninstall the feature, and it does not reduce the amount of hard disk space used by Windowsfeatures.

To turn Windows features on or off, follow these steps:

  1. Click the Start button Picture of the Start button, click Control Panel, click Programs, and then click TurnWindows features on or off. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

  2. To turn a Windows feature on, select the check box next to the feature. To turn aWindows feature off, clear the check box. Click OK.

Picture of the Windows Features dialog boxFolders can contain both checked and unchecked features

Some Windows features are grouped together in folders, and some folders contain subfolders with additional features. If a check box is partially checked or is dimmed, then some of the items inside the folder are turned on and some are turned off. To view the contents of a folder, double-click it.

Note

Note

In Windows Server 2008 R2, use Server Manager to turn Windows features on or off.

Tuesday, March 9, 2010

W32.Sality.AE - Removal

The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.
  1. Disable System Restore (Windows Me/XP).
  2. Update the virus definitions.
  3. Run a full system scan.
  4. Delete any values added to the registry.

For specific details on each of these steps, read the following instructions.

1. To disable System Restore (Windows Me/XP)
If you are running Windows Me or Windows XP, we recommend that you temporarily turn off System Restore. Windows Me/XP uses this feature, which is enabled by default, to restore the files on your computer in case they become damaged. If a virus, worm, or Trojan infects a computer, System Restore may back up the virus, worm, or Trojan on the computer.

Windows prevents outside programs, including antivirus programs, from modifying System Restore. Therefore, antivirus programs or tools cannot remove threats in the System Restore folder. As a result, System Restore has the potential of restoring an infected file on your computer, even after you have cleaned the infected files from all the other locations.

Also, a virus scan may detect a threat in the System Restore folder even though you have removed the threat.

For instructions on how to turn off System Restore, read your Windows documentation, or one of the following articles:

Note: When you are completely finished with the removal procedure and are satisfied that the threat has been removed, reenable System Restore by following the instructions in the aforementioned documents.

For additional information, and an alternative to disabling Windows Me System Restore, see the Microsoft Knowledge Base article: Antivirus Tools Cannot Clean Infected Files in the _Restore Folder (Article ID: Q263455).

2. To update the virus definitions
Symantec Security Response fully tests all the virus definitions for quality assurance before they are posted to our servers. There are two ways to obtain the most recent virus definitions:
  • Running LiveUpdate, which is the easiest way to obtain virus definitions.

    If you use Norton AntiVirus 2006, Symantec AntiVirus Corporate Edition 10.0, or newer products, LiveUpdate definitions are updated daily. These products include newer technology.

    If you use Norton AntiVirus 2005, Symantec AntiVirus Corporate Edition 9.0, or earlier products, LiveUpdate definitions are updated weekly. The exception is major outbreaks, when definitions are updated more often.


  • Downloading the definitions using the Intelligent Updater: The Intelligent Updater virus definitions are posted daily. You should download the definitions from the Symantec Security Response Web site and manually install them.

The latest Intelligent Updater virus definitions can be obtained here: Intelligent Updater virus definitions. For detailed instructions read the document:How to update virus definition files using the Intelligent Updater.

3. To run a full system scan
  1. Start your Symantec antivirus program and make sure that it is configured to scan all the files.

    For Norton AntiVirus consumer products: Read the document: How to configure Norton AntiVirus to scan all files.

    For Symantec AntiVirus Enterprise products: Read the document: How to verify that a Symantec Corporate antivirus product is set to scan all files.


  2. Run a full system scan.
  3. If any files are detected, follow the instructions displayed by your antivirus program.
Important: If you are unable to start your Symantec antivirus product or the product reports that it cannot delete a detected file, you may need to stop the risk from running in order to remove it. To do this, run the scan in Safe mode. For instructions, read the document, How to start the computer in Safe Mode. Once you have restarted in Safe mode, run the scan again.
After the files are deleted, restart the computer in Normal mode and proceed with the next section.

Warning messages may be displayed when the computer is restarted, since the threat may not be fully removed at this point. You can ignore these messages and click OK. These messages will not appear when the computer is restarted after the removal instructions have been fully completed. The messages displayed may be similar to the following:

Title: [FILE PATH]
Message body: Windows cannot find [FILE NAME]. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.

4. To delete the value from the registry
Important: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified subkeys only. For instructions refer to the document: How to make a backup of the Windows registry.
  1. Click Start > Run.
  2. Type regedit
  3. Click OK.

    Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Security Response hasdeveloped a tool to resolve this problem. Download and run this tool, and then continue with the removal.

  4. Navigate to and delete the following registry entry:

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\"[INFECTED FILE]" = "[INFECTED FILE]:*:Enabled:ipsec"

  5. Navigate to and delete the following registry subkeys:

    • HKEY_CURRENT_USER\Software\[USER NAME]914
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WMI_MFC_TPSHOKER_80
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER


  6. Restore the following registry entries to their previous values, if required:

    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Setting\"GlobalUserOffline" = "0"
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\"EnableLUA" = "0"


  7. Restore registry entries under the following registry subkeys to their previous values, if required:

    • HKEY_CURRENT_USER\System\CurrentControlSet\Control\SafeBoot
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects


  8. Exit the Registry Editor.

    Note: If the risk creates or modifies registry subkeys or entries under HKEY_CURRENT_USER, it is possible that it created them for every user on the compromised computer. To ensure that all registry subkeys or entries are removed or restored, log on using each user account and check for any HKEY_CURRENT_USER items listed above.

Monday, March 8, 2010

Unable to save free/busy information or Unable to clean your local free/busy information

You experience issues in Outlook 2007 or in Outlook 2003 when you try to configure free/busy information or when you try to delegate information

Sharing your calendar in Outlook 2003/2007


Before You Begin

When you share your calendar with someone, that person can open your calendar. You can give permission to create meetings on your behalf and to make other changes.

There are several types of sharing; here are two common choices:

  • Reviewer - Allows a person to see your calendar, but not make changes to it.
  • Editor - Allows a person to see and make changes to your calendar. An editor can create meetings on your behalf.

What's the difference between delegates and sharing?

The most important difference between delegates and sharing has to do with the Editor delegate type.

If you make someone an editor delegate, you can make that person receive meeting-related emails sent to you. When someone invites you to a meeting, both you and your delegate receive the email invite. Your delegate can then accept or decline the meeting on your behalf.

If you just share your calendar with someone (even if you make that person an editor), he or she will not receive meeting-related emails sent to you. You can allow that person to create meetings on your behalf and make other changes to your calendar, but you are responsible for accepting and declining your own meeting requests.

If you decide to add someone as your delegate, refer to 1253: Adding a delegate to your calendar in Outlook 2003/2007. You do not need to follow the instructions below. When you establish a delegate, your calendar is automatically shared with that person.

Sharing Your Calendar

To share your calendar in Outlook 2003/2007, do the following:

  1. Open Outlook 2003 or Outlook 2007.
  2. Click Calendar on the left side of the window, or click Go > Calendar.
  3. Locate the area labeled, My Calendars, on the left side of the window. Your calendar is found here—it's probably called "Calendar" (not "Calendar in Personal Folders").
  4. Open your calendar's sharing permissions:
    • If you are using Outlook 2003, right-click on your calendar and selectSharing....
    • If you are using Outlook 2007, right-click on your calendar and selectProperties. Then click Permissions.
  5. Click Add....
  6. Type the last name of the person you want to share your calendar with. To search by anything other than last name, click Advanced Find.
  7. Double-click on a name to add that person. Each name appears in the Add box at the bottom of the window.
  8. Make sure there are no duplicate names in the Add box. Then click OK.
  9. Select one of the names you just added. Right now, the Permission Level is None.
  10. Select a role from the Permission Level drop-down menu. Reviewer and editor, two common permission levels (types of sharing), are described above.
  11. If you added multiple people in step 8, above, make sure you assign a permission level to each person.
  12. When you are done, click Apply and then click OK.

Your Exchange calendar is now shared. You should inform those you shared your calendar with so they can open it in Outlook or Entourage.

Friday, March 5, 2010

HP Laserjet: PCL XL error Subsystem: KERNEL Error: IllegalOperatorSequence Operator: EndChar Position: 23

Solution:
1.right click the printer and go to the properties.
2.click on the advanced tab and uncheck 'enabled printing features'
3.click on the general tab and click on 'printing preferences'
4.click on the 'advanced' tab and disable the 'print optimizations'

Wednesday, March 3, 2010

How to block a user's ability to disable Symantec Endpoint Protection on Clients

Question/Issue:

How to prevent users from disabling Symantec Endpoint Protection by right-clicking on the client system tray icon and selecting "Disable Symantec Endpoint Protection"?


Solution:
To prevent users from disabling Symantec Endpoint Protection on their client:

Step 1: Remove the right to disable Network Threat Protection:

  1. Open the Symantec Endpoint Protection Manager.
  2. Click Clients.
  3. Select the group that contains the clients you want to be affected.
  4. Click Policies.
  5. Expand Location-specific Settings.
  6. Click Tasks to the right of "Client User Interface Control Settings", then click Edit Settings.
  7. Select Server control or Mixed control if it is not already set to one of these.
  8. Click Customize.
    • If Server control is enabled this will open the Client User Interface Settings dialog.
    • If Mixed control is enabled this will open the Client User Interface Mixed Control Settings dialog.

  9. Uncheck Allow users to enable and disable Network Threat Protection.
  10. Click OK> OK.


Step 2: Remove the right to disable Threat detection:
  1. Open the Symantec Endpoint Protection Manager.
  2. Click Clients.
  3. Select the group that contains the clients you want to be affected.
  4. Click Policies.
  5. Expand Location-specific Policies
  6. Click Antivirus and Antispyware policy.
  7. Click File System Auto-Protect, then lock this feature by clicking the lock symbol next to Enable File System Auto-Protect.
  8. Click Internet Email Auto-Protect, then lock this feature by clicking the lock symbol next to Enable Internet Email Auto-Protect.
  9. Click Microsoft Outlook Auto-Protect, then lock this feature by clicking the lock symbol next to Enable Microsoft Outlook Auto-Protect.
  10. Click Lotus Notes Auto-Protect, then lock this feature by clicking the lock symbol next to Enable Lotus Notes Auto-Protect.
  11. Click TruScan Proactive Threat Scans, then lock this feature by clicking the lock symbol next to Scan for trojans and worms and Scan for keyloggers.
  12. Click OK.


Step 3: Force clients to update policy:
This step is not necessary as clients will receive the policy during their normal heartbeat, however, you may be able to speed up the process by performing the following:

From the Symantec Endpoint Protection Manager:
  1. Open the Symantec Endpoint Protection Manager.
  2. Click Clients.
  3. Select the group that contains the clients you want to be affected.
  4. Right-click on that group.
  5. Arrow over Run Command on Group.
  6. Click Update Content.
  7. Click Yes> OK
    The client will receive a prompt to heartbeat and update its policy. Once the policy has been updated the option to Disable Symantec Endpoint Protection will be grayed-out when users right-click the Symantec Endpoint Protection system tray icon.

On the client:
  1. Right-click the Symantec Endpoint Protection system tray icon.
  2. Click Update Policy. The client will request the new policy from the manager

Once the policy has been updated the option to Disable Symantec Endpoint Protection will be grayed-out..