Author: Adam Fowler

Windows 8 on a MacBook Air

Posted on by Adam Fowler

Hi,
This one was a bit more painful than expected. Windows 8 WILL work on a MacBook Air, but there’s a few hurdles to get over.

Firstly, you can do the standard method of going into OSX and using the inbuilt Boot Camp option. You’ll have to burn a copy of your ISO and use an external CD/DVD drive (Ironic for a MBA, but also I was running Snow Leopard so this may be fixed in Lion or Mountain Lion) and follow the bouncing ball.

At the other end, you’ve got Windows 8 installed, except if you try to then install the Boot Camp tools you’ll get the lovely message “Boot Camp requires that your computer is running Windows 7”.

You’ll have to break out the free Microsoft tool Orca (available here http://www.technipages.com/download-orca-msi-editor.html) and make one small change. Thanks to this page http://www.sellsbrothers.com/posts/Details/12708 for advising on what that is:

Open the BootCamp64.msi file from your WindowsSupport\Drivers\Apple folder created from OSX and under the LaunchCondition entry, go to where it says VersionNT=601 and change it to 602 (or just right click and drop row to remove the check completely). Now you’ll be able to run setup.exe without getting the annoying error.

That’ll install Boot Camp, which you can then update from inside the app for a newer version without issue.

Next, you may have noticed that if you’re using the trackpad that right click doesn’t work. You can enable that in the Boot Camp software under the Boot Camp Control Panel, and ticking the Two Fingers > Secondary Click option.

The last annoyance for me was that the network dongle didn’t work either. I found the correct driver under WindowsSupport\Drivers\Asix – installing that made it instantly work.

Good luck and enjoy Windows 8!

Windows 8, accounts and inbuilt admin $ shares

Posted on by Adam Fowler

Hi,
Windows 8 RTM is now out, so everyone who cares is installing it on every device they can find (or is this just me?). Anyway, after doing this to a few PC’s I wanted to browse to a Windows 8 PC’s UNC path using the inbuilt $ share for each drive.

Don’t know what an inbuilt Admin share is exactly? Do some reading here: http://en.wikipedia.org/wiki/Administrative_share

So, if you’re trying to map or browse to a file share such as \\homepc\c$ you should get ‘Access Denied’, even when using administrator credentials.

A fix to this is to add the following setting to the registry on the Windows 8 PC you’re trying to connect to (I had to reboot to make it work afterward):

HKEY_LOCAL_MACHINE\SOFTWARE\Mi
crosoft\Windows\CurrentVersion\Policies\System
Add a new DWORD (32-bit) called LocalAccountTokenFilterPolicy and set it to 1 

While working this out, I did a bit of trial and error with my accounts. Windows 8 lets you use a Microsoft Live ID account over the top of your administrator local account (not the inbuilt administrator). A bunch more info on that from Microsoft blogs here: http://blogs.technet.com/b/privacyimperative/archive/2011/09/28/signing-in-to-windows-8-with-a-windows-live-id-privacy-and-security.aspx

With this, I discovered that once you’ve put your Microsoft Live ID in, it sits on top of your administrator account, and actually changes the password to match your Microsoft Live ID. You can use the combination of the username for the administrator account, and your Microsoft Live ID password to prove this. The old password for the administrator account won’t work. The other interesting thing about this setup is that even if you’re logged onto the PC with your Microsoft Live ID, you can’t change the password of the administrator account it’s on top of via Computer Management > Local Users and Groups. I assume this is because it will break the relationship between the Microsoft Live ID and the administrator account, but anyone who knows more about this please fill me in.

In summary, a registry entry will enable the admin $ shares again and you can either use the combination of “Microsoft Live ID Username\Microsoft Live ID Password” or “Local Administrator Username\Microsoft Live ID Password” because both passwords are now the same. Keep this in mind if you’ve got a poor strength password!

How to add your KMS keys for Windows 8 and Server 2012

Posted on by Adam Fowler
Hi,
Now that Windows 8 and Windows Server 2012 are out, any company that uses KMS keys needs to add the new ones from Microsoft’s Volume Licensing Service Center
https://www.microsoft.com/Licensing/servicecenter/Downloads/DownloadsAndKeys.aspx

First, there’s a hotfix for your existing KMS server available here:

Once you request the hotfix, get the email and download it, and install. The install will require a reboot, so if you’ve got this on a critical server you’re going to have to schedule a reboot.
A few change request forms and approval signatures later, you’ll be finally ready to add your shiny new keys in.
Now, here’s the installation instructions from the link above:

Installation instructions
If you have a KMS host that is running Windows Server 2008 R2 SP1 or Windows 7 SP1, follow these steps to perform an upgrade: Install this update (KB2691586). Restart the computer when you are prompted.

To install a new KMS host key for Windows 8 activation or for Windows Server 2012 activation, run the following command: cscript %windir%\system32\slmgr.vbs /ipk
Note In this command, replace  with the new KMS host key for Windows 8 activation or for Windows Server 2012 activation.Important Every KMS host key is associated with a group of Windows editions. Additionally, a KMS host key that is associated with Windows client operating systems cannot be installed on Windows server operating systems, and vice-versa. This is true for all Windows operating systems except for Windows Server 2003.

If you install a KMS host key on a Windows operating system that is not associated with that host key, you receive the following error message: 0xc004f015: The Software Licensing Service reported that the license is not installed.SL_E_PRODUCT_SKU_NOT_INSTALLEDFor example, you receive this error message if you try to install a KMS host key for Windows 7 on a computer that is running Windows Server 2008 R2.For more information about KMS host keys and about associated groups of Windows editions, see Table 5 in the “Determine Product Key Needs” section of the Volume Activation Planning Guide (http://technet.microsoft.com/en-us/library/dd878528.aspx#E3IAC) .
To activate the new KMS host key on the host computer, run the following command: cscript %windir%\system32\slmgr.vbs /ato

I had to read this more than once. Using the command cscript %windir%\system32\slmgr.vbs /ipk  worked fine with the Server 2012 KMS key, but not with the Windows 8 key. You can’t mix both Windows 8 and Server 2012 keys on the same box, but it appears that as long as you enter the Server 2012 key, it also allows Windows 8 clients to register.

The secondcommand cscript %windir%\system32\slmgr.vbs /ato makes the server ‘phone home’ and completely register the keys.

Once you’ve got a client registered, you can use the command cscript %windir%\system32\slmgr.vbs /dli to show you when you registered, to which server etc.
Note: The Volume Activation Management Tool is useless for this, as it won’t recognise your new keys.
Good luck!

Disabled Add-ins in Microsoft Office

Posted on by Adam Fowler

Hi,
Another little fix here. Many companies will have certain add-ins in their Microsoft Office products, and sometimes things go wrong. Often if an Office product crashes, it will blame an active plugin and bring up the prompt asking if you want to disable the add-in:

For most people presented with more than a line of text and a ‘Yes/No’ option, they’ll just click ‘Yes’ and continue on their merry way – not realising they’ve just crippled some functionality.

In Office 2010, it’s a bit of a pain to re-enable an add-in manually: Click File > Options > Add-ins > Drop down Manage and choose ‘Disabled Add-ins’ > Go > Choose the add-in > Click Enable > Click OK > Click OK > Have a nap. Hard work!

So, what I decided to do was use Group Policy to automatically wipe from the registry anything that’s disabled. This will happen on 90 minute intervals, and at login time – so for some users, it’s easier to train them to log off and back on (or reboot) if they’re having that important add-in disabled.

The relevant keys to delete are:

HKCU\Software\Microsoft\Office\14.0\Outlook\Resiliency\DisabledItems
HKCU\Software\Microsoft\Office\14.0\Word\Resiliency\DisabledItems
HKCU\Software\Microsoft\Office\14.0\Excel\Resiliency\DisabledItems

I am doing this with a Registry Group Policy Preference set to ‘Delete’

Of course this could be added to a login script if you use those, or if it’s a really common problem a desktop shortcut or reg file that deletes the key when the user choose to. All it needs to contain is this:

[-HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DisabledItems]
[-HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\DisabledItems]
[-HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DisabledItems]

Note that this is for Office 2010, but the same works for 2007 and 2003, just the version path needs to be changed – for 2003, it’s 11.0 and 2007 is 12.0 (no unlucky 13.0).

My Solution to Online Password Management

Posted on by Adam Fowler

Hello,
Today’s blogpost is about password management. I have (what I think) is a good solution that means you’ll only need to remember a few small details for all your online passwords.

An entirely unexciting topic for most – including myself. You’ve all heard and possibly uttered phrases such as ‘the longer the password the better’ and ‘use complicated passwords’ which are of course true. Here’s a blurb taken from Intel’s Supplier Password rules via https://supplier.intel.com/Auth/PasswordRules.asp :

In order to protect your security, Intel has certain rules for choosing passwords. Please read the following rules so that you will know how to choose a good password.
The following rules apply to all passwords:

  • The password must be at least 8 characters long.
  • The password must contain at least:
    • one alpha character [a-zA-Z];
    • one numeric character [0-9];
    • one special character from this set:
      ` ! @ $ % ^ & * ( ) – _ = + [ ] ; : ‘ ” , < . > / ?
  • The password must not:
    • contain spaces;
    • begin with an exclamation [!] or a question mark [?];
    • contain your login ID.
  • The first 3 characters cannot be the same.
  • The sequence of the first 3 characters cannot be in your login ID.
  • The first 8 characters cannot be the same as in your previous password.
  • Passwords are treated as case sensitive.

*yawn* Please don’t give up on this post yet, I do have a point to make! Now, the next commonly quoted rule is ‘never usethe same password on multiple sites’. So, how do you remember the wacky combination? XKCD has half the answer:

Via http://xkcd.com/936/

Great for a single password, but again how do we manage 100’s? Many people use databases such as KeePass, or notepad files inside encrypted zip files with another password on top. Cumbersome in my opinion, you don’t want to have to go checking for passwords each time you log in somewhere. There’s also other solutions that save the websites, usernames and passwords in a centralised location – a big risk in itself I say. So, here’s my two layer solution:

1) Have your own email domain, and use a different email address for every single site you sign up to. On top of that, make the email address something that always identifies with the site.

For example, I could buy the domain passwordssuck.com, set up Google Apps with it, and have a catch all. This means I can tell people I like an email address like “[email protected]” but also if I were to sign up for Blogger, I could use “[email protected]”.

Why do this? The first reason is spam. If you sign up to a site that gets compromised, or sells off email addresses, the most likely impact to you is getting a bunch of spam. If you no longer use the site, you can blacklist the email address you signed up with (in this example, [email protected]) and you’ll never see spam on that address again. If you still use the site, you’ll have to either live with the spam that gets by any spamfilters, or change your email address. I don’t like the idea of changing it, because for this overall formula (coming up!) to work, you just want to look at a site and immediately know what the login is.

The second reason – again if the site gets compromised, is that your email address and password combination are now useless anywhere else. Even if you used the same password anywhere, the email address to log in is a one off.

2) The password part. You need a formula. Once you remember the formula, you don’t need to remember anything else.

You can adjust this how you like, but I’ll give an idea of a decent formula (and no, this isn’t exactly what I use!). First, come up with two words. Let’s go with ‘keyboard’ and ‘mouse’. Now, let’s use some special characters. Now we have ‘K3yboard’ and ‘mou5e’ – these will never change.

Between our two words, let’s go back to the site we’re on. Blogger.com. What I’ll do is take the first and last letter of the domain. B and R. We’re going to put this in between our two chosen words. ‘K3yboardBRmou5e’ – but let’s get even trickier! Instead of B and R, we’ll go up two letters in the alphabet. B goes to D, and R goes to T.

Now we have ‘K3yboardRTmou5e’ as our final password. This means, when I go to blogger.com and think ‘hmm what’s my username/password’ it’s going to be “[email protected]” and password “‘K3yboardRTmou5e'”.

Youtube.com? That’d be “[email protected]” and “‘K3yboardAGmou5e'”

If someone obtained your credentials for Youtube, there’s no way these details will work anywhere else. If someone targets you specifically for some reason, they’re still going to need to know your formula. They have no idea which parts of your password are static, and which change, and even if they thought the AG was the bit that changed, they then need to work out what that means.

In summary, once you remember your formula, that’s the last thing you’ll need to remember. You don’t have to go down the full path of having a different email address for each site, but I’d put a bit more work into varying your password formula.

If you have any feedback on the above, or think it’s a terrible idea for any reason please let me know!