Run an application as a NT Service

Have you ever had the problem of an application that needs to be running on a server that accidentally doesn’t get turned on because the server wasn’t logged into a user? We have one such animal.
Every now and then we’d reboot the server and forget to log it back in so that the application would launch. Then it’s Saturday and we get a phone call wondering why such and such isn’t working. So I did a little Googling and found a couple of solutions that will install an application as a NT Service. The one I ended up going with is from Eltima Software. It was super easy to get up and running. There are a few free options out there but they weren’t quite as easy to setup. This one is $79.95 for a single license and they have cheaper prices for more licenses, so the price is reasonable. One note of caution is that the account that is used to run the application is an important setting. It looked as though the application was running, but I wasn’t getting some of the results that I should have been and there were no error messages. After some tinkering and thinking it through I realized that it was using the system account to run the application and then trying to use that application to gain network access to some resources and wasn’t able to. Now if either of us MIS Guys forgets to logon the server, which is actually a security risk anyways, the needed application will still sit there and run faithfully.

Realtek HD Audio crackling

Ok, it’s kinda funny how things go. I wrote the previous post about 6 hours ago, telling you how I really liked the new laptop and no problems so far. 2 hours later I started having problems with my laptop. I have a DVD I’m going to play tommorrow. I’m going to hook the laptop up to a TV and run it through there using the S-Video out function. I found that it’s really easy to turn on the S-Video output on this laptop by using the fn key and the key that has lcd/tv on it. Cool, works great. I planned on running the sound out of the laptops audio output into the TV. Here’s were the problems begin. The laptop has two 1/4″ jacks. One is labeled mic the other s/pdif. I pause for a minute because spdif is Sony Philips digital interface. I want a normal analog output from this, but I figure it probably has a setting to make it analog or digital and I plug it in. Nothing, no sound. I grab some headphones, nothing. Hmm. I grab the drivers cd that came with the laptop and run the audio install. A couple of reboots later I have audio out of it. I pop in the DVD and it’s messed up. There’s popping and it seems like the DVD is running at 1/2 speed or something. Hmmmm. I uninstall the DVD software, it’s called ASUS DVD. Basically it’s a LE version of Cyberlink’s Power DVD. I re-install it and audio is the same. MP3s work fine, DVD not so fine. I install a copy of WinDVD, no audio at all now. Install a regular version of Power DVD 6, popping and crackling. Hmmmm. I do a Google (is that really a verb?) on Realtek and find their site and download their HD Audio driver. A couple of reboots later, pop the DVD back in and voila it’s working. So, if you are having wierd audio problems with a Realtek HD audio soundchip head over to their website and download the latest driver. Why is it that laptop manufacturers are so bad about keeping updated drivers on their sites? My Gateway laptop was the same way. Thank you Realtek for not making me rely on my laptop manufacturer! :)

Essential Firefox Extensions


One of the great things about Firefox is the ability to add extensions. Themes are cool and I love tabbed browsing and the stability and consistency at which it works is awesome as well. The extensions are what really sets it apart from Internet Explorer. I’ve tried Opera, but not long enough to know if it supports plug-ins/extensions in this manner. Here are the extensions I always install.
1. Download manager tweak – this one I like to tweak so that my downloads show up in the side bar.
2. PDF Download – I like PDF files, but I don’t like PDF files when they try and load inside the browser. This makes it easy to download the PDF or go ahead and view it in the browser.
3. Adblock – Easily block ads and images from whole domains.
4. IEView – There are still websites that just don’t work right in any other browser but IE with this you can easily right click and open the current page in IE.
5. Stumble Upon – Basically it’s channel surfing for the internet. You can only find so much stuff through Google or other search engines. With this you give it topics and it randomly gives you sites others have recommended.
6. Opanda IExif – With this you can right click images and view the Exif data stored in the image. Many images have the exif data totally removed from them, but on those that still have it intact you can get interesting info about the image.

There are tons of extensions out there and you have to be careful about installing some of them. Some have caused Firefox to crash or have long wierd pauses before loading pages. But if you have trouble uninstall the extension and you are back to happy browsing. You can find all of the above extensions and more at
Mozilla Update.

Server 2003 Active Directory replication problems

We just replaced one of our domain controllers with a brand spankin new rack mounted IBM eServer. We were like kids at Christmas time opening the huge box and gawlking at the beautifull insides. Installation went well, for the most part.

The server we replaced had Microsoft Exchange running on it, DNS and IIS hosting a website. The Exchange database had some corruption to it and had to be repaired but it went well. Once we got it up and running and made it a domain controller, installed Exchange, restored the Exchange database, got the website up and running and a couple of other applications it needed it purred away and was right at home. Then a couple of days later we added the first user to our domain since the upgrade and for some reason we couldn’t log on with it. After some looking and checking out the event viewer we noticed errors with the Active directory replication service. Apparently the two domain controllers were not on speaking terms with one another. Research was pointing to DNS as the cause and how Windows Server 2003 handles active directory replication following an unsuccessful DNS lookup.

From Microsoft’s support site it appears that Server 2003 with Service Pack 1 (which I thought was on both boxes) handles this much better. So after I figured out that one of the servers didn’t have Service Pack 1 I installed it rebooted and the two Servers decided they were on speaking terms after all. I think we need to do some diving into the workings of the DNS problem but for now it’s working!

Traffic trouble

Here’s a lesson we learned the hard way. We have a remote site that has a PIX 501 installed using VPN to connect back to our main site to a PIX 506. It worked great for about a month and then we began having problems.
20120104-004114.jpg
For some reason random computers behind the PIX 501 would stop communicating to the internet. We beat our heads against the wall, went to the remote site and just couldn’t get it figured out. We would reboot the PIX and things seemed to start working only to randomly quit hours later. For some strange reason checking the log on the PIX had slipped my mind. When I did finally type ‘show log’. The light came on and the angels sang ‘Halleluiah’. Hidden between the ‘Built inbound TCP connection…’ and ‘Teardown TCP connection…’ lines was the magic info that we desperately needed. ‘host blocked…license limit exceeded.’ As soon as I saw that I realized what was going on. The PIX 501 has a 10 user limit. My thought on it was that the limit was on 10 VPN connections either outbound or inbound. The limit is actually 10 hosts communicating through the PIX. So, we called our favorite hardware and software vendor overnighted a license upgrade to increase the limit from 10 to 50. We’ve gone a full day with no phone calls so far! Kind of a wierd problem and something we should have picked up on on earlier but, that’s the way things go in the tech world sometimes!

Enable and disable domain user accounts with VBScript

How to enable and disable a Windows domain account using vb script. In our network there are only 2 people who are able to add or manipulate domain users. Every now and then I have wanted to give a non administrator user the ability to enable or disable a user account.

Keys

In our case we have a couple of domain user accounts used for external software support companies that VPN into our network to perform tasks. I didn’t want that account being open and accessible all of the time. I realize I could have used logon hours within the account properties to specify what hours the user could and couldn’t log on, but I wanted to the account to only be enabled when the support personel asked for access. I didn’t want to add the person I wanted to be able to enable and disable this account to the domain administrator’s group and I didn’t want to have to install the domain administration tools on their PC so they could do this locally.
After some research I found a really easy way to accomplish this using VB Script. The user that will be running the script will have to have security privileges on the user that they are going to be able to enable or disable. Create a text file and name it whatever you want with .vbs as the extension. Edit the following text in the appropriate places and copy this text into the .vbs file.

Set objUser = GetObject _
(“LDAP://cn=accountname,ou=organizationalunit,dc=domain,dc=domainextension”)
objUser.AccountDisabled = FALSE
objUser.SetInfo

Replace accountname with the user account name, replace organizationalunit with the appropriate organizational unit, domain and domain extension. Save the text file.
Just double click it to execute and viola! Now this is just the bare minimum coding to enable a disabled account it doesn’t come back and let you know it worked or didn’t work. You could get fancy and make it display a message box when it’s finished, but I didn’t feel like going that far.
The following code disables the specified account.
Const ADS_UF_ACCOUNTDISABLE = 2
Set objUser = GetObject _
(“LDAP://cn= accountname,ou= organizationalunit,dc= domain,dc= domainextension “)
intUAC = objUser.Get(“userAccountControl”)
objUser.Put “userAccountControl”, intUAC OR ADS_UF_ACCOUNTDISABLE
objUser.SetInfo

For added security I took the disable account code and made a scheduled task on one of our servers to automatically run this script every day at 4:30pm. That way I know the account gets disabled and don’t have to worry about someone forgetting to disable it.