Resizing an OSX partition on a VM hosted on ESXi.

One of the great things in vSphere 5.1 is that the Mac Pro is a fully supported server for ESXi. That means you can virtualize OSX on supported and recent hardware.

While the templating and integration is not as great as with Windows and Linux, you can deploy VMs in a reasonably short amount of time. Just make sure you don't check the "Edit virtual hardware (Experimental)" box as it may blow your template up.

If you attempt to grow the disk, you will get a "Partition failed" error message in OSX "MediaKit reports partition (map) too small.". No matter how many times you try it won't work...

At this point you have 4 options:

• Build a VM from scratch (long and annoying).
• Use the terminal to move the recovery partition so you can resize the main one (hard, error prone).
• Use PartedMagic to fix the issue (free, simple and quick).
• Acquire iPartiton and let it do its magic to fix your issue (very quick).

Since I didn't have time to place a purchase request and didn't have much time, I used a PartedMagic iso I already had in one of my Datastores. Only to notice that the iso wouldn't boot. This is due to the fact that OSX VMs are running in EFI boot mode only.

Fear not, there is a way to get it to boot:

1. Shut your VM down.
2. Right click > Edit Settings.
3. Increase the disk space to the capacity you want.
4. Go to the options tab, change the "Guest Operating System" to Windows and select any flavor of Windows in the drop down menu.
5. From this:
6. 
   
7. To this:
8. Then, still in the Options screen, under "Advanced > Boot Options", change the boot firmware from EFI to BIOS.
9. Your VM should now be able to boot from the ISO.
10. In PartedMagic, start Partition Editor, you should see an error message similar to this:
11. 
    
12. Click Fix. If another dialog prompts you to fix something else, click Fix again.
13. Add a FAT32 partition in the empty space.
14. Click Apply.
15. Shut down and revert the Guest OS and Boot Firmware options.
16. Boot into OSX, delete the FAT32 partition and resize your main partition.
17. You're done.

Serving Mountain Lion updates with a server running Lion.

UPDATE 10/03/12: Turns out, Apple decided it's no longer possible to update a newer OS than what the server is actually running (i.e. no updates for 10.8 if the server is running 10.7). As per this KB article, updating Mountain Lion requires a Mountain Lion server. My stance on this is to use either Reposado or Munki to server updates moving forward... Apple still doesn't care about the enterprise market.

Anything below this is deprecated and no longer works. Keeping it here for archiving purposes.

You want to follow this Apple article that applies to Snow Leopard: http://support.apple.com/kb/HT4771

Add the following line at the end of the otherCatalogs array in /etc/swupd/swupd.plist:

index-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog

Then, locate the following line in /etc/swupd/swupd.conf:

RewriteRule ^/index\.sucatalog$ http://%{HTTP_HOST}/cgi-bin/SoftwareUpdateServerGetCatalog?/index-lion-snowleopard-leopard.merged-1.sucatalog

Add these 2 lines after:

RewriteCond %{HTTP_USER_AGENT} Darwin/12

RewriteRule ^/index\.sucatalog$ http://%{HTTP_HOST}/cgi-bin/SoftwareUpdateServerGetCatalog?/index-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog

Restart Software Update.

Quick MDT 2012 facts

I've been quite busy lately so I'll try to be quick... I would like to share my discoveries on MDT 2012 and the information I gathered while I was migrating from MDT 2010.

• Mikael Nystrom's step by step on how to update BIOS in MDT still works perfectly.
• Andrew Barnes' how to integrate BGInfo into WinPE still works, and even better, MDT 2012 comes with a 64-bit version of BGInfo (located at %deploymentshare%\Tools\x64).
• It is no longer needed to have a custom pane to set local administrators in MDT 2012. Instead use the "SkipAdminAccounts=NO" property in CustomSettings.ini. Please note that the administrators accounts page only appears if you selected "Join a domain" as I mention on the TechNet Forums.
• Thanks to Michael Niehaus, DaRT integration is now fully supported in MDT 2012. I talked about this earlier but it's always good to reiterate the benefits of software assurance.
• A very interesting new feature of MDT 2012 is monitoring. It can be enabled in a few simple steps: Navigate to your deployment share properties, go to the last tab called "Monitoring", check the box called "Enable monitoring for this deployment share". Then click OK. It should work right away... A good way to check is to look at your CustomSettings.ini for a new line called "EventService=http://myserver.corp/contoso.com". Is you run into issues there is always this good troubleshooting article. Used in conjonction with DaRT, you can remotely control deployments from a central location.
• Another feature that might not be actually that new but still useful is the "SLSHARE=" property. It allows you to set a network share where the logs are written during the deployment. This is particularly useful when your helpdesk people forget to capture logs if a deployment fails. A good security practice it to set a sticky bit, using the user directory technique on that particular folder since logs may contain sensitive information.
• You are now able to use only one (32-bit) boot image to initiate both 32-bit and 64-bit deployments. A word of caution, though, if you need to use DaRT to repair an install you will need to boot the appropriate architecture.

Integrate Microsoft Diagnostics and Recovery Tools (DaRT) into the MDT boot image

If you're running MDT 2012, please read Michael Niehaus' post: http://blogs.technet.com/b/mniehaus/archive/2011/11/28/mdt-2012-new-feature-dart-integration.aspx

I recently found out Microsoft Diagnostics and Recovery Tools (I'll refer to it as DaRT thereafter) was quite handy. It is part of Microsoft Desktop Optimization Pack, which is available for free if you're covered by Software Assurance.

So basically the goal here it to integrate the tools available in DaRT into the WinPE boot image generated by MDT.

Looks handy, doesn't it?

DaRT is distributed as an installer which requires Windows 7 setup files to generate a custom WIM encapsulated into an ISO. Sounds quite cool but that's one more thing to maintain and update with new drivers... Since the DaRT installer uses WinPE that shouldn't be too hard to figure out a way to add some more files to make it work.

Took me a little while to figure out but it ended up working so I'm sharing the technique with you guys:

You will need: Windows AIK, the DaRT installer, MDT 2010 and some kind of archive utility like 7-zip.

You will also need to do this twice, once for the x86 Boot Image and once for the x64 Boot Image.

1. Acquire the MS DaRT installers for x86 and x64 located in the MDOP iso available through MS Volume Licensing or MSDN.
2. Follow the wizard to create the 2 ISOs, 1 for x86 and the other one for x64.
3. Create a directory called the following directories: c:\DaRT\ERD and c:\DaRT\files (or whatever/wherever you like).
4. Expand the ISOs to c:\DaRT\ERD\x86 and c:\DaRT\ERD\x64 (using 7-zip for example).
5. Open a privileged command prompt and use the following command:
6. C:Program FilesWindows AIKToolsServicing>dism /Mount-Wim /wimfile:c:\DaRT\ERD\x86\sources\boot.wim /mountdir:c:\DaRT\files\x86 /index:1
7. and
8. C:Program FilesWindows AIKToolsServicing>dism /Mount-Wim /wimfile:c:\DaRT\ERD\x64\sources\boot.wim /mountdir:c:\DaRT\files\x64 /index:1
9. At this point you can delete c:\DaRT\ERD if you want.
10. Go to c:\DaRT\files\x86 and x64. You should see the following directories:
11. Program Files
12. Program Data
13. sources
14. Users
15. Windows
16. Delete Program Data and Users.
17. Go to Program Files, delete all directories but "Standalone System Sweeper".
18. Go to sources, delete all directories but "recovery".
19. Go to Windows, delete all directories but "System32". Then, under System32 sort files by date. Delete all files and folders that are not timestamped as of the day you created the ISO. That should leave you with 28 files (37 if you have the debugging tools). Additionally, delete winpeshl.ini as it interferes with the MDT wizard.
20. At this point we're pretty much done.
21. Go to MDT, right click on your Deployment Share > Properties.
22. In both Windows PE x86 Settings or Windows PE x64 Settings at the Extra Directory to add, specify C:\DaRT\files\x86 for the x86 boot image and C:\DaRT\files\x64 for the x64 boot image (or any other folder you may already be using/wanting to use).
23. Rebuild your deployment share.

You're done.

Updating the BIOS programmatically in MDT...

Mikael Nystrom has a very interesting blog post over at deploymentbunny.com on how to update the BIOS on HP, Dell and Lenovo computers.

The source code is mostly functional but you will need to be careful with the non-unicode characters here and there.

Make an MDT task sequence resolution independent.

You will often find yourself with a deployed computer that doesn't match the resolution it's supposed to use. It's quite annoying, especially on laptops (have you seen how ugly Windows is when displayed at 1024x768 on a 1920x1200 screen?).

There is a very easy way around that:

• Go to your task sequence properties.
• Go to the OS info tab then click on "Edit Unattend.xml"
• WSIM will launch, navigate to: Unattend\Components\1 windowsPE\x86_Microsoft-Windows-Setup_neutral (replace x86 with x64 if using a 64-bit OS, of course)
• Delete the Display component.
• Navigate to Unattend\Components\7 oobeSystem\x86_Microsoft-Windows-Setup_neutral (replace x86 with x64 if using a 64-bit OS, of course)
• Delete the Display component.
• Save and exit WSIM.

Congrats, you now have a resolution independent task sequence. It is highly recommended to have up to date drivers available in your deployment process.

Target an advertisement based on the software version in SCCM

Let's say we want to advertise an update to Adobe Reader only to clients with outdated versions (anything older than 10.0.1).

• Create a new collection.
• Edit the membership rules.
• Click on Edit Query Statement.
• At the bottom press "Show Query Language".
• Paste the following:

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,

SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,

SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName like "Adobe Reader %" and SMS_G_System_ADD_REMOVE_PROGRAMS.Version != "10.0.1"

Make edits to match the DisplayName and Version according to the results you want.

You're good to go.

Unable to run reports in ConfigMgr?

You may get the following error message when trying to generate reports:

"The page you are requesting cannot be served because of the extension configuration. If the page is a script, add a handler. If the file should be downloaded, add a MIME map."

To solve that, add the ASP Role Service to IIS in addition to ASP.net.

ConfigMgr Firewall exceptions for Client deployment.

To enable ConfigMgr client deployment, create the following GPO (or update if you already have one):

Computer Configuration > Policies > Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile

Windows Firewall: Allow inbound file and printer sharing exception: Enabled

Allow unsolicited incoming messages from these IP addresses: SCCM IP Address

Windows Firewall: Allow inbound remote administration exception Enabled

Allow unsolicited incoming messages from these IP addresses: SCCM IP Address

Missing IIS sites in SCCM 2007 SP2 R3?

After installing SCCM I noticed that IIS was not populated with the different websites needed to run ConfigMgr properly.

I took me hours to figure out until I found the ConfigMgr Toolkit. Run the MP Troubleshooter, it will solve the issues.

Of course MS could fix that easily but that must be too much to ask for.

[UPDATED] Adobe Reader 9/X Clean Deployment

What I wrote about Adobe Reader MSI patching has a major flaw: you cannot under any circumstances update Adobe Reader after installing it with the modified MSI. I had to find another way...

Good news, it's a lot easier now.

• First of all obtain the latest Adobe Reader Installer from this page: http://get.adobe.com/reader/
• Extract the contents of the downloaded archive using the following command: InstallerName.exe -nos_ne which will extract the contents to: %userprofile%\AppData\Local\AdobeReader 9.0\Setup Files\READER9 for Reader 9 and C:\ProgramData\Adobe\Setup... for Reader X.
• Optional for X (since Adobe seems to have caught up): download updates from this page, then add them to the default install by editing the setup.ini file with the following line in the [Product] section:
• PATCH=AdbeRdrUpd932_all_incr.msp;AdbeRdrUpd933_all_incr.msp;AdbeRdrUpd934_all_incr.msp
• This should allow you to install Adobe Reader in its most up to date version without too much headache.
• Download the Adobe Customization Wizard for 9 or Adobe Customization Wizard for X and set the settings you like, make sure an AcroRead.mst file is created next to the MSI. That will enable you to run setup.exe without switches in a completely unattended mode.

How to install iTunes on Windows with MDT

I came across the need to deploy iTunes using MDT (2010 or 2012). Unfortunately, there is no way to run the usual setup file with switches.

The key is to expand the installer (using 7-zip) and then create hidden applications for each component (that also allows you to prevent Bonjour or Apple Software update from installing...).

Install the MSI files in this order:

ApplicationSupport.msi

MobileDeviceSupport.msi

SoftwareUpdate.msi

Quicktime.msi

Bonjour.msi

iTunes.msi

Using this command: msiexec /i XXX.msi /qb REBOOT=ReallySuppress

(where xxx is the msi filename, of course)

It also works for the 64-bit version. Every time there is an update of iTunes, simply overwrite the files on your network share.

How to set the network adapter order from the command line.

You will notice that now matter how you install your operating system, the network adapters order is very likely to be wrong, usually with the wireless adapter at the top.

How to find out:

• Open the Control Panel.
• Open "Network and Sharing Center".
• On the left pane, click on "Change Adapter Settings".
• Press the Alt key on your keyboard then on the menu bar that appears, click Advanced > Advanced settings.
• On the first tab, "Adapters and Bindings" check what connection is at the top.

Now, there's a way to automate this for enterprise deployment: Hyper-V Network VSP Bind Application.

This utility is not intended to be used on client Operating Systems but indeed works great. All the info is here: http://code.msdn.microsoft.com/nvspbind

Simply copy the executable to a known location and execute the following command:

nvspbind /++ "Local Area Connection" *

Where /++ puts the adapter named "Local Area Connection" at the top for all protocols with *

Add a domain user as the local admin with a script.

If you need to automate the attribution of local admin rights, use the following script, that will save you quite a few clicks:

MDT 2010 & 2012: Make the local admin password optional.

If you want to be able to set the local admin password but also leave the possibility to make it blank, edit the following file scripts\DeployWiz_Validation.vbs in MDT 2010 and scripts\DeployWiz_AdminPassword.vbs in MDT 2012:

Function ValidatePassword

ValidatePassword = ParseAllWarningLabels

NonMatchPassword.style.display = "none" If Password1.Value <> "" then

If Password1.Value <> Password2.Value then

ValidatePassword = TRUE

NonMatchPassword.style.display = "inline" 

End if

End if

ButtonNext.Disabled = not ValidatePassword 

End Function

Adding PXELinux option to WDS.

Deployment guru Johan Arwidmark has a pretty interesting article about adding a boot menu to WDS. But it's about Windows Server 2008 R2. If, like me, you need info about Windows Server 2008, follow his step-by-step until step 7.

• At step 7, open the Windows Deployment Services console, right click on your server, then click on Properties.
• Go to the Boot tab.
• Change the boot images to the following:
• Go back to Johan's step 8.

Outlook Error: Cannot start Microsoft Office Outlook. Cannot open the Outlook window.

Annoying.

Some people recommend to nuke the whole Outlook profile but that didn't work for me. The solution is pretty simple... Go to Start>Run then type the following:

Outlook.exe /resetnavpane

Fixed!!

Deploy Windows on Macs using MDT.

[Edited for Mac OSX Lion, thanks to Ted.]

Deploying Windows on Macs is a bit complicated since they don't support standard PC features like PXE. Considering you have one-and-only one Mac OS partition (usually Macintosh HD), running the Boot Camp installer creates a fourth partition on Disk0 (Disk0\Partition3 or Disk 0\Partition4 if you're running Lion/Mountain Lion).

MDT lets you generate boot CDs for unsupported hardware. Make sure you include Broadcom, Marvell and Nvidia Ethernet drivers into your driver repository.

1. Go into your deployment share (Deployment$\Scripts) and create a file named DiskPartMac.txt then insert the following contents into it:
2. SELECT disk 0
3. SELECT partition 3 or SELECT partition 4 if you're running Lion or Mountain Lion
4. FORMAT FS=NTFS LABEL="Bootcamp" QUICK
5. EXIT
6. Create a standard Task Sequence in the Deployment Workbench, chose the OS you want to install.
7. Under PreinstallNew Computer Only, delete "Format and Partition Disk".
8. Still under New Computer Only, create a command line action by clicking "Add" at the top then "General", then "Run Command Line". Rename it to "Custom Mac Format" and input the following command:
9. diskpart /s "%scriptroot%\DiskPartMac.txt"
10. Move it between "Validate" and "Copy scripts".
11. Click on "Install Operating System" under "Install" and configure the target partition as Disk 0 Partition 3 or 4 if you're running Lion:

You're done.

Prevent Outlook from prompting for a password on a network context change.

Sometimes when Outlook changes network contexts (i.e. from wired to wireless), it triggers an annoying authentication popup. There's a way around:

1. Open Outlook.
2. Go to "Tools" > "Account Settings".
3. Double click on your account.
4. At the bottom right, click on "More Settings...".
5. Click on the "Connection" tab.
6. Under "Outlook Anywhere", click on "Exchange Proxy Settings".
7. Uncheck the "On slow networks, connect using HTTP first, then connect using TCP/IP".

My favorite syadmin/helpdesk tools...

I've been wanting to put a list of my favorite tools online for a long time...

System cleanup, tune-up and optimization:

Ccleaner - Piriform - Free - Cleans caches, temp files, application specific settings, cleans up the registry and much more.

Defraggler - Piriform - Free - An awesome disk defragmentation software.

Cleanup! 4.5.2 - Steven Gould - Free - Very very strong cleanup tool for Windows XP only.

Filesystem repair:

Data Recovery Wizard Pro - EaseUs - $69.95 - Best data recovery software I've ever used. Way more efficient than Ontrack EasyRecovery Pro. And cheaper. Saved my a** more than a couple of times.

ViVard - Copyrsoft - Free - HDD diagnostic and sector repair. Vendor independent.

Mac side:

Appcleaner - FreeMacSoft - Free - Application uninstaller for Mac OS. Like AppZapper but free.

OnyX - Titanium Software - Free - Like Ccleaner, for mac. Awesome.

Misc:

Mouse Jiggler.vbs, a small VBscript I use to prevent a computer from locking itself when I'm working on it without knowing the user's password:

Set WshShell = WScript.CreateObject("Wscript.Shell")

Do While 1

WshShell.SendKeys"{SCROLLLOCK}"

WshShell.SendKeys"{SCROLLLOCK}"

WScript.Sleep(300000)

Loop

Migrate Outlook settings sans pain.

Just a useful tip from the top of my head. If you want to migrate Outlook settings without having to reconfigure accounts, delivery options and PST locations, here is the registry key you need to export:

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles

* If you're migrating from XP to a next-gen OS (Vista or 7), you'll get some error messages because C:\Documents and Setting\User\Local Settings\Application Data is now C:\Users\User\AppData\Local make sure you put the PST files in the right place and simply browse to their location when asked.

How Adobe CS3 software can badly hose your network stack on Windows 7.

Since I try to put everything here that gives me headache, makes me pull my hair or worse, makes me want to run to the closest hardware store to buy the biggest hammer I can find, here is my latest discovery...

Case study:

A Windows XP user requests a new computer running Windows 7.

Actions taken:

Backup the old computer to a network share.

Take a new computer out of the box.

Put a standard image on it.

Have the user logging in.

Restore files.

Let the user go.

Issue:

A few days after the system deployment, the user starts complaining about connectivity issues (i.e. getting an IP but no connectivity) and general slowness of the computer.

Troubleshooting steps:

• Hardware swap -> no improvement.
• OS complete reinstallation -> good for a few hours then bad again.
• Switch configuration, patch panel, network cable and outlet check -> no improvement.
• The user ended up giving up and asking for his old computer.

Since I got the new one back, I had some more time to investigate...

Here's what I found after running ipconfig /all:

Default Gateway . . . . . . . . . : 0.0.0.0

Very interesting, that explains why he has an IP but no connectivity. A quick Google search confirmed the issue:It's related to Adobe CS3 software that installs Bonjour which basically breaks WinSock on Windows and the solution is to remove Bonjour using the following steps:

• Go to http://cexx.org/lspfix.htm and download lspfix.zip.
• Unzip to a desktop folder.
• Open task manager and terminate mDNSResponder.exe.
• Open a command prompt and navigate to c:program filesbonjour
• Run "mdnsresponder -remove". This will uninstall the exe and remove the service from the reg.
• Rename mdnsnsp.dll to anything else.
• Reboot.
• Run lspfix and use it to fix the broken winsock.dll.
• Delete c:program filesbonjour folder.
• Open a DOS window and run "netsh winsock reset".
• Reboot.

Courtesy of FritoBandito from the Adobe Forums.

Sophos Antivirus Deployment How-To.

I came across a couple of issues while test-driving Sophos Antivirus Enterprise.

Here are the correct steps to deploy Sophos to Windows machines (XP, Vista and 7):

1. Create a GPO named Disable UAC with the following settings and apply it to your hosts (Computer Configuration):
2. Computer Configuration (Enabled)/Policies/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control/Policy Setting
3. User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode Elevate without prompting
4. User Account Control: Detect application installations and prompt for elevation Disabled
5. User Account Control: Run all administrators in Admin Approval Mode Disabled

• Create a GPO named Remote Registry Service with the following settings and apply it to your hosts (Computer Configuration):
• Computer Configuration (Enabled)PoliciesWindows SettingsSecurity SettingsSystem ServicesRemote Registry (Startup Mode: Automatic)
• Allow NT AUTHORITY\Authenticated Users Read
• Allow NT AUTHORITY\Authenticated Users Start, Stop, Pause and continue
• Allow CONTOSO\Domain Admins Full Control
• Allow CONTOSO\Domain Users Read
• Allow CONTOSO\Domain Users Start, Stop, Pause and continue
• Create a GPO named Sophos Firewall Exceptions with the following settings and apply it to your hosts (Computer Configuration):
• Administrative Templates/Network/Network Connections/Windows Firewall/Domain Profile
• Windows Firewall: Allow inbound file and printer sharing exception Enabled
• Windows Firewall: Allow inbound remote administration exception Enabled
• Windows Firewall: Define inbound port exceptions Enabled
• Define port exceptions:
• 8192:TCP:*:enabled:SophosAdmin
• 8193:TCP:*:enabled:SophosAdmin
• 8194:TCP:*:enabled:SophosAdmin
• Windows Firewall: Define inbound program exceptions Enabled
• Define program exceptions:
• %programfiles%\Sophos\Sophos Anti-Virus\SavMain.exe:*:enabled:SophosAV
• Run the following command in your logon script: "netsh firewall set service type=FILEANDPRINT mode=ENABLE"

You should now be able to deploy Sophos Antivirus seamlessly.

How-to enable the administrative shares in Windows Vista

In Microsoft effort to tighten Windows security, the administrative shares as we used to know them (C$, IPC$ or Admin$) are not visible by default...

Hopefully, here again, there is an easy trick:

• Open the registry editor (Start > Search > Regedit - right click, run as Administrator)
• Navigate to: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciessystem
• Add DWORD Value LocalAccountTokenFilterPolicy set to 1
• Reboot.

Now you can deploy Kaspersky Antivirus on Vista without taking that much risk.

iTunes hanging when connecting iPhone on OSX.

If you see iTunes hanging (being unresponsive) when you connect your iPhone, try the following:

• Connect your iPhone.
• Watch iTunes hanging.
• Curse. A lot.
• Launch Image Capture.app, go to the Preferences and select "When a camera is connected open:" "No application".
• iTunes magically un-hangs.
• You're welcome.

Excel 2007 has trouble opening files?

Double clicking on an Excel file does not open it. Instead Excel opens and displays a blank workbook. However, if you minimize Excel, it will immediately maximise itself and display the file you originally tried to open.

The solution is really weird: You can stop this annoying behavior by adding an Add-in, like this:

Excel options >Add-Ins > Manage: Excel Add-Ins > Euro Currency tools.

Playing with Boot Camp on Macs and EFI limitations workarounds.

As you may know, Macs use a GPT (GUID Partition Table) unlike Windows, that usually uses the old MBR (Master Boot Record). On top of that, there is just a BIOS emulation on top of the EFIon Apple machines. As usual, Macs are a step ahead but that creates some side effects:

• Inability to boot from exotic CDs like UBCD, Manufacturers HDD diagnostics and so on...
• Inability to clone Windows partitions using standard tools like Ghost or Acronis.

Hopefully, there are workarounds. First of all, if you have HDD issues, you can move the drive to another computer (PC) to perform extensive testing, especially at the logical and mechanical level. You don't need to actually boot on the HDD - that would be impossible anyway - to analyze it. Moving a drive is not hard and doesn't void the warranty if done properly.

Cloning is now fairly easy, there is an awesome tool called WinClone from TwoCanoes that allows you to backup and restore a functional Boot Camp partition. You can even shrink your Windows partition. They also claim that you can deploy Windows using ARD.

I also would like to share a few reminders:

• Windows is not like Mac OS. You can't have a generic Windows image just by cloning it as every model of Mac is different and requires different drivers and settings (especially on the ACPI side) unless you use a third-party tool.
• Macs doesn't support PXE for obvious reasons. You can use NetBoot though.
• If you don't absolutely need to boot natively into windows, consider using a VM as they are less platform dependant.
• Use Time Machine!

Repair the TCP/IP stack in Windows.

Sometimes, the networking layer in Windows gets corrupted. Of course you don't necessarily know why...

There are a few easy steps to fix it. The best one, in my opinion is a good old driver update which will not only reset the stack but will also bring you more stability. Check with your computer manufacturer/chipset vendor for that.

Alternatively or if you already have the best available driver (big up for staying up to date, here), you can issue a command to reset the TCP/IP stack:

• In XP, from a command prompt, type the following: netsh int ip reset c:resetlog.txt
• In Vista/7, from a command prompt with elevated privileges: netsh int ip reset
• (logging the results of the command is optional in Vista/7)

A reboot is recommended after as a few registry keys need to be regenerated.

Trying to get rid of WINS but still in trouble with rogue Master Browser elections?

There is an interesting article at TechRepublic about GNZ or Global Name Zones in Windows Server 2008.

http://blogs.techrepublic.com.com/networking/?p=608

For the record, in the Windows Support Tools, you can find the browstat.exe utility (browstat status from a command line) that allows you to check which computer is the Master Browser and then to troubleshoot that mess that is slowing down your LAN.

Entourage issues with Exchange 2007.

How to resolve Entourage issues with Exchange 2007, especially the infamous "The user's folder could not be found. Entourage could not find a mailbox for the user username_last, username_first." The basic workaround is to instruct users to manually change the mailbox path to: mail.contoso.com/exchange/your.username@contoso.com. But wait! There is a permanent fix:

• From a MMC, open the Exchange Console.
• Select an affected user mailbox and click properties and go to the E-Mail Addresses tab.
• Under the addresses you should see user@domain.com.
• Add user@domain.local.
• Try to access a shared mailbox/calendar with Entourage again... Voilà! You shouldnt see any error message anymore.
• To do this to all the users in your domain, you will need to edit the default email policy and apply it to all the [existing and new] users.