Today, I discovered that to enable the filer snapshots to be visible within the Previous Versions facility within Windows 7 (or Server 2008 R2), I needed to enable SMB 2.0. I spent some time search on NetApp’s support site for some assurance that the SMB issue didn’t affect ONTAP, but didn’t find anything.

So I sent Mr. Bercovici an email asking if there was a more official statement about ONTAP and SMB 2.0, and he very kindly looked sent me a link to the Windows File Services (CIFS) Compatibility Matrix – Microsoft Security Update Test Report. [requires NOW account]

This document rocks. It lists the Microsoft Security updates, by month, and the result of NetApp’s testing. Exactly what I was looking for. Thanks, Val.

A friend asked me how to open a Control Panel applet As Administrator. In Windows Vista, when you see a little shield icon as part of a button or shortcut, that would indicate that you would get prompted by the User Account Control (UAC) facility to elevate the process Integrity Level, that is, to run it as an administrator with full rights to muck with the system.

In Windows 7, the frequency of UAC prompts has been reduced. You will still see the shield icon, but sometimes there’s no UAC prompt.

You can use Microsoft SysInternals Process Explorer tool to view the integrity levels of running processes. On campus, you can run the tool from \\files\software\utilities\sysinternals\procexp.exe. Once you’ve started Process Explorer, there are two things you’ll want to do:

1. From the File menu, select the Show Details for All Processes option (you noted the shield icon, yes?).
2. From the View menu, choose Select Columns… and check Integrity Level item (on the Process Image tab; see below)

In the screenshot below (click the image for better resolution), I have clicked the Advanced system settings link to launch the control panel applet. I have highlighted the corresponding system process and the Integrity with which it is running.

The upshot is that even though I didn’t get a UAC prompt, the control panel applet is running As Administrator.

This method can be used to inspect any process. See that reticle (crosshairs) icon on the Process Explorer toolbar? You can click–and–drag that icon and drop it on an open window to see what process corresponds to that window.

I usually download and install this program locally, and choose the Replace Task Manager item from the Options menu.

• Backup issues
• Shared folder quotas
• Printer configurations
• Data execution protection

I created a Server 2008 x64 guest for managing 64-bit drivers on our shared printers. It works much better than trying to use Printer Management MMC in RSAT on Windows 7.

One hiccup I ran into while install the Ricoh PCL6 Driver for Universal Print was that it was missing a file. Fortunately, I had also download and extracted the non-universal PCL6 drivers and the file was present in the drivers for the corresponding platforms (x86, x64).

Looking at adding a –WhatIf switch parameter to my SharePoint Backup powershell script. Useful info at Negating PowerShell switch parameters.

Now wrestling with Task Scheduler and PowerShell invocation syntax.

We managed to rebuild one failed host from bare (virtual) metal, because EMC Networker could not recover the system from backups. For Server 2008 systems, they require backups made with client 7.5.1 and restored with 7.5.1 and you have to enable/install any server role that was present on the original system before performing the restore.

We’ve been working on other ways to make sure we can recover from a system failure. Greg has successfully scripted using server 2008’s printer management scripts to dump printer info to files. I’ve been working on scripted backup of SharePoint Site collections. I got some help from Microsoft in determining the correct permissions needed for a service account to perform STSADM backup operations, which has been a thorny issue. ( see KB896148 )

To recapitulate:

1. Boot into safe mode

2. In either the Run dialog or the Vista Start Menu search box, type the following:

cmd /k "sc config ekrn start= auto"

(Please note that the space after start= is required; goodness knows why…)

3. Watch for the success message, and reboot.

Disabling ESET NOD32 / ekrn Service.

If your system become unresponsive, in most cases soon after logging into the system, you may be affected. Please follow these instructions to disable the ESET service:

1. Restart your system in safe mode

• Windows Vista
• Windows XP

2. In either the Run command ( Start->Run or [Windows Key]+R)

OR in the Vista Start menu search box…

3. …Enter the command below

cmd /k "sc config ekrn start= disabled"

(Please note that the space after start= is required; goodness knows why…)

4. Watch for the success message:

Reboot and stay tuned to your friendly neighborhood technical support resources for updates.

PS. for what it’s worth, here’s my current ESET version info, which hangs my system.

Safari Tech Books online provides some good resources, including The .NET Developer’s Guide to Directory Services Programming [at Amazon], which provides a good code example in Listing 6.8. Range Retrieval Using DirectorySearcher.

Or maybe I should just post-process the LDIFDE-generated LDIF file…

Among other things Steve said at his retirement celebration, today, was this. “I hope I have as much fun in retirement as I’ve had working at UVM.”

My tears didn’t come until I left the party.

Friend to me and many, many souls here at UVM; visionary, curmudgeon, provocateur, playful adopter and vocal advocate of disruptive innovations. I will miss your voice, calling to us from a divergent path, pointing toward a new, interesting destination.

Now that you’ve migrated much of your virtual essence into the cloud, I expect frequent pings (tweets, facebook updates, Asian video chats…) telling me what you really think. And keep the cool music and design posts flowing.

Let’s go out to lunch before summer is over. I’ll buy you a martini.

I paid a service call (across the parking lot; any excuse to get up and walk outside ), and after some poking around confirmed her claim. We did determine that she might not have attempted to access that folder from her new Vista system before.

So I started digging deeper. The folder granted her (via a group)  the “List Folder/Read data” permission. So I created a test folder and granted an analogous group this specific permission to the folder. This is displayed in the output of icacls thas “(S,RD)”.

C:\>icacls s:\cit\ZTest
s:\cit\ZTest CAMPUS\ETS-FileServices-Browse:(S,RD)
             BUILTIN\Administrators:(OI)(CI)(F)

This permission alone allows Windows XP workstations to browse the folder, but Windows Vista or later give an “Access in denied” error.

When creating a “browse” permission for a single folder, I start by granting the “List Folder Contents” standard permission, which assigns the following permissions to the folder and subfolders (not to files):

• Traverse folder/execute file
• List folder/read data
• Read attributes
• Read extended attributes
• Read permissions

With icacls, this permission looks like this:

C:\>icacls s:\cit\ZTest
s:\cit\ZTest BUILTIN\Administrators:(OI)(CI)(F)
             CAMPUS\ETS-FileServices-Browse:(CI)(RX)

The (CI) indicates “Container inherit,” which means that permission (ACE) will be inherited by subfolders. Now I open the advenced security dialog, and edit the ACE to change the “Apply to” control to “This folder only.” Now the browse permission applies only to the particular folder. In icacls, it looks like this:

C:\>icacls s:\cit\ZTest
s:\cit\ZTest BUILTIN\Administrators:(OI)(CI)(F)
             CAMPUS\ETS-FileServices-Browse:(RX)

I changed the permissions on the client’s folder, and her access was restored.

See also:

• icacls.exe command reference
• TechNet NTFS Technical Reference

In consulting with a colleague, he suggested that it could be a race condition between the network authorizing  the connection and the Windows system DHCP Client behavior.

In looking for details of the dhcp process on a Windows Vista client, I found a couple useful resources:

TCP/IP Fundamentals for Microsoft Windows
PDF book discussing TCP/IP protocols and services, and their configuration. Over 500 virtual pages.

Microsoft Enterprise Networking Team blog: DHCP Client Behavior
Now this is good detail! I have to review this blog in more detail.