Geeky Bob

Like most people these days, I tend to swap a lot of removable storage devices between my ever-growing assortment of computing devices. The trouble is, I also have an ever-growing collection of removable storage devices, so it gets difficult keeping track of which device is which when I view them in Windows Explorer. The default images are pretty generic, and even though I try to use meaningful names, most of the drives look the same:

By using a simple and under-used Windows feature, I have been personalizing my drives so that they have meaningful icons in Windows Explorer that will be displayed when I plug them into any of my computing devices:

Here's how this works - you just need to store two files in the root folder of each removable drive, both of which will be discussed in more detail later:

• autorun.inf - which defines the icon to use
• icon.ico - which is the icon/image to use for the drive

Creating the Autorun.inf File

The autorun.inf file defines the icon that will be used in Windows Explorer, and its syntax very simple:

[autorun]
icon=icon.ico

Paste the above code into Windows Notepad and save it as autorun.inf in the root folder of your removable drive.

Creating the Icon.ico File

This part is a little trickier because you have to find an image and convert it to an icon. I find all of my images by using http://images.bing.com/ to search for a particular removable drive - see http://tinyurl.com/mztbald for an example. What I am looking for is a specific image for the removable drive that I am using, and if I can't find a specific image then I will look for a generic image that works. The following image illustrates that idea:

Once I have an image, I need to convert it to an Icon file. To do my conversions, I use AveIconifier 2.1 by Andreas Verhoeven, which you can download through the Internet Archive at the following URL:

http://web.archive.org/web/20060613232414/http://mpj.tomaatnet.nl/Aveicon.zip

When you open the application, it will prompt you to drag and drop a PNG file into it.

If you were only able to find a JPG or GIF file, don't worry - you can open the image in Windows Paint and click File -> Save As -> PNG Picture to save it as a PNG image:

Once you drag a PNG image into AveIconifier, you can drag out the ICO file that you will need to rename to Icon.ico and save that the root folder of your removable drive.

Click the following image to see what a completed icon that was created with AveIconifier to show looks like.

Hiding the Autorun.inf and Icon.ico Files

One last thing that I do is optional, which is to hide and protect the autorun.inf and icon.ico files. To do so, open a command prompt and change directory to the root of your removable drive, then enter the following commans:

• attrib +r +h +s autorun.inf
• attrib +r +h +s icon.ico

These two commands will make the files as read-only, hidden, system files, which should normally prevent you from seeing them when you open your drive in Windows Explorer, and it should prevent them from being accidentally deleted.

Viewing the Changes

After you have saved both the autorun.inf and icon.ico files to the root of your removable drive, you will need to eject the drive and re-attach it to your system in order to see the effects. But as you can see in my earlier illustration, personalization of the drives makes them much easier to identify.

Note: This blog was originally posted at http://blogs.msdn.com/robert_mcmurray/

As most people who have installed Windows 8 have realized by now, this new version of Windows is missing something... something very important: a real Start Menu. In their efforts to make Windows more tablet-friendly, the people in charge of the Windows 8 design decided to abandon the user interface which revolutionized the desktop experience upon its inclusion with Windows 95, NT4, 98, ME, 2000, XP, 2003, Vista, 2008, and Windows 7, and have opted for the following layout:

This design was so clunky and so confusing for users that it resulted in the following actual advertisement outside a local computer repair shop:

The Windows 8 user experience was so bad that none of the older members of my family were able to use it, so I set out to find a replacement for the missing start menu; something which would make Windows 8 look and feel like using Windows 7. With that in mind, I tried out several Windows 8 Start Menu applications with mixed results. I did all of my testing on a desktop version of Windows 8, but all of these will work on the Microsoft Surface Pro tablet, although they will not on the original ARM-based Microsoft Surface tablet. (See my notes below about that.)

All that being said, here are some of the better Start Menu replacements that I tested:

Start8:

• URL: http://www.stardock.com/products/start8/
• Pricing: $4.99
• Rating: GREAT
• Feedback: I really liked this start menu; it worked well and it had lots of options - not as many options as some of the menus for which I only gave a GOOD rating, but it was still pretty darn cool. Once you install this start menu system and have it boot into desktop mode, Windows 8 is almost exactly like using Windows 7. (Note that you can buy a license for this application that is bundled together with their ModernMix application which allows you to run Windows Store applications in a window.)

Classic Shell:

• URL: http://www.classicshell.net/
• Pricing: FREE
• Rating: GOOD
• Feedback: This start menu has lots of configurable options so it's very customizable, but its "Windows 7" start menu is basically the same as its Windows XP start menu with a Windows 7 theme, whereas Start8's Windows 7 start menu is the actual menu style that you expect. That said, since it's open-source you could modify it yourself. ;-)

Start Menu X aka Start Button 8:

• URL: http://www.startmenux.com/ or http://www.startbutton8.com/
• Pricing: FREE, although there is a pro version for $19.99
• Rating: GOOD
• Feedback: This start menu has a smattering of options, and it is definitely its own beast in terms of what you get for a start menu. But that being said, it does give you a start menu, just not one that you are used to or expecting.

Classic Start 8:

• URL: http://www.classicstart8.com/
• Pricing: FREE
• Rating: ACCEPTABLE
• Feedback: This start menu has no configurable options, so it cannot be customized. But that being said, its start menu is basically the same as a "Windows 7" start menu. Still, if you need a great freeware approach to getting the start menu back, you can't beat this.
• UPDATE: This start menu also adds some spamware links to the start menu, so I'm not a big fan of this offering.

RetroUI:

• URL: http://retroui.com/
• Pricing: Starts at $4.95 for 1 Consumer Activation and goes up from there
• Rating: TERRIBLE
• Feedback: I did not like this start menu at all - it was cumbersome and confusing and it looked awful. (They were trying to go with a Metro-styled start menu, and it just didn't work).

By the way, I wrote two companies that make Start Menus for Windows 8, and neither will make their product available for Windows 8 RT; they say that the sandboxing features in Windows RT prevent a start menu replacement from working properly. So if you have an original Microsoft Surface RT tablet, not the Microsoft Surface Pro, you're out of luck. :-(

FWIW - here are some URLs that I looked at with discussions about this topic:

• http://www.theregister.co.uk/2012/10/25/reg_kb_surviving_windows/
• http://www.petri.co.il/add-a-windows-8-start-menu.htm

The folks in the TechEd group have uploaded the video from my "What's New with Internet Information Services (IIS) 8: Performance, Scalability, and Security Features" presentation to YouTube, so you can view the video online.

You can also download the slides and the WMV/MP4 for my presentation at the following URL:

http://channel9.msdn.com/Events/TechEd/NorthAmerica/2012/WSV332

One quick side note: around 38:55 during the video, I had just asked the audience if anyone had used the IIS Configuration Editor, when a tremendous thunderclap resounded outside - this prompted a great laugh from audience members. After the presentation had ended, a couple people came up and jokingly asked how I had managed to stage that so well.

First of all, I have to point out that I have a few friends that work for Hewlett-Packard, so I have to apologize up front for what I'm about to write in this blog. But I just had such a horrible customer support experience with HP that I won't buy from them again.

Why I Bought an HP Computer

I have nothing against HP computers; for several years I used two beefy dual-CPU HP/Compaq ProLiant servers for my web hosting machines. (I loved those computers, and I only replaced those when Windows Server 2008 was released and I thought that it was time to upgrade my servers.)

Recently I decided to replace my aging Dell desktop computer with a newer model. I'm quite partial to Dell computers, because I've always had great experiences with their computers and their company. I had a chance to buy a refurbished HP P6510F computer for a great price, so I decided to take a chance with HP since that particular computer model had a lot of great reviews.

When the computer arrived I did what I always do - I reformatted the hard drive and I installed a brand new copy of Windows from scratch. (I have to do this because all computer companies - HP, Dell, Gateway, etc. - install a bunch of useless garbage software whenever you buy one of their new computers.) The computer ran fine for several weeks, but I'm a person that likes to keep their computer up-to-date, so this past weekend I browsed to HP's website to see if there were any updates.

Upgrading the BIOS

As it turns out, there was a new version of their BIOS that was supposed to resolve issues when waking the computer from sleep mode if you have more than 4GB of memory. I only had 4GB of RAM in the computer, but I was already shopping for another 4GB, so it seemed prudent to install the BIOS update. I downloaded the update and ran their installer. After a couple of minutes a dialog box popped up saying that the update had applied successfully and I needed to reboot my computer, which I did.

That's when everything started to go wrong.

All Heck Breaks Loose

When my computer restarted it immediately hit the infamous Blue Screen of Death (BSOD); something very much like the following illustration:

A problem has been detected and Windows has been shut down to
prevent damage to your computer.

If this is the first time you've seen this Stop error screen,
restart your computer. If this screen appears again, follow
these steps:

Check for viruses on your computer. Remove any newly installed
hard drives or hard drive controllers. Check your hard drive
to make sure it is properly configured and terminated.
Run CHKDSK /F to check for hard drive corruption, and then
restart your computer.

Technical information:

*** STOP: 0x0000007B (0xFFFFF880009A9928,0xFFFFFFFFC0000034,
0x0000000000000000,0x0000000000000000)

It didn't matter how many times I tried to reboot, I still got the BSOD. I knew that BIOS updates changed some of the settings, so my natural suspicion was to assume that something in the new BIOS settings was causing the problem. I tweaked a few settings like disabling hardware virtualization and such - but there was still no joy in Mudville. After this I started to assume that perhaps the BIOS updated hadn't actually applied successfully, so I started trying to see if I could get my computer to boot from one of my several WinPE-based utility CD-ROMs and reapply the patch, but all of those also fell victim to the vicious BSOD.

I'll spare you the details of everything else that I tried - both hardware and software - but I finally gave up and decided to call HP's 24x7 technical support number.

The Technical Support Nightmare Begins

For geeks like me, having to call technical support is humiliating enough, but it's made so much worse by having to deal with front-line technical support people. Having spent 10 years in technical support myself, I have a great deal of patience with technical support engineers, but it can still be an aggravating experience. I spent the next half-hour answering mundane questions and following every instruction from HP's Tier 1 technical support script - all of which I had tried before. (At least the parts that actually applied to my situation.) I'm sure that the engineer with whom I was working meant well, but it was clear that she was floundering.

After a while she began to tell me that I didn't need the BIOS patch and that this was all my fault, to which I replied that she was correct - I didn't actually need the BIOS patch right now, but I would need it in the future, but that didn't really matter - the BIOS patch should not cause the BSOD. Besides - I always updated the BIOS in my Dell computers with no problems. (There's a good jab at HP to try yourself sometime.) Then she started to tell me that since I had a different version of Windows than HP had installed on my computer, the BIOS patch was not compatible. I asked her incredulously, "Do you mean to tell me that HP expects their customers to never install a new version of Windows?" She hesitated before replying "No," and then I reiterated my earlier assertion that no matter what, the BIOS patch should not cause the BSOD.

Then she began to tell me that I needed to purchase a system restore DVD from HP to rebuild my system. I was quick to point out that doing so would reformat my hard drive - thereby erasing all of my files - and that I was willing to bet that the problem wouldn't go away since the system restore DVD was probably not going to reset the BIOS back to an earlier version. So in my estimation I would be wasting my money and my time on a suggestion that would ultimately achieve nothing. This is where I lost her - she had no idea what I meant; so after more than an hour of basic troubleshooting with Tier 1 support and lots of time spent on hold, my patience was finally gone, and I asked to speak with someone in HP's Tier 2 support.

The Technical Support Nightmare Continues

I was transferred to a guy in Tier 2 support who discussed my predicament with me, and he seemed to have a much better handle on things. One of the first things that he did was verify that there was no reason that the BIOS update shouldn't work with my version of Windows, to which I replied that I had been trying to tell the earlier engineer the same thing. We looked at several settings, but the problem persisted, and then he suggested that I needed to purchase a system restore DVD from HP to rebuild my system. I restated my earlier claim that I would be wasting my money and my time since I was 99.9% sure that the system restore DVD would not roll back the BIOS version, so he put me on hold while he checked on that.

When he came back he informed me that the system restore DVD would not roll back the BIOS version, so I needed to return the computer to HP in order for them to reset the computer's BIOS to the original factory version. He pointed out that this would be free since the computer was under warranty, and he took my address so HP could send me a box in order to send the computer back to HP for repairs. Once all that was taken care of, we hung up.

My total time on the phone was about two hours. Ugh.

Problem Resolved

The next day I went out to lunch with my good friend, Wade Hilmo, and I related my experience to him. Once I described the symptoms he said, "I'll bet the BIOS update changed the mode for your SATA controller. Switch it from IDE to AHCI or vice-versa and the problem should go away."

Darn. I should have thought of that. ;-]

Sure enough, when I got home that night and I pulled up my BIOS settings, the SATA mode was set to RAID; I switched it to IDE and the BSOD went away. Once I knew what the problem was I found the following Microsoft Knowledge Base article that allowed me to enable AHCI:

Error message when you start a Windows 7 or Windows Vista-based computer after you change the SATA mode of the boot drive: "STOP 0x0000007B INACCESSABLE_BOOT_DEVICE"

http://support.microsoft.com/kb/922976

My thanks to Wade for pointing that out, but Wade's follow-up comment was apropos, "I'm still a bit surprised that neither of the HP folks suggested it." So I decided that I should call HP and let them know what it took to fix the problem.

Back to Technical Support

The next day I called HP Customer Care to have them cancel my open work ticket, which was the polite thing to do since the problem was resolved. Having taken care of that, I thought that I'd give their technical support people the details of what caused the issue and how to fix it. Having worked in technical support, I always liked to know what it took to resolve an issue.

This seemed like such a good idea at the time, but it didn't turn out that way. When I called HP's Customer Care folks transferred the call to their technical support people, one of their idiots support engineers put me on hold for 20-30 minutes while he read the case notes.

Are you kidding me? It doesn't take 20-30 minutes to read the case notes, even if you're in your first year of Hooked on Phonics.

Once he took me off hold, I was pleading with him to listen to my explanation that the problem was already resolved and it was not caused by whatever stupid idea kept popping out of his wild imagination - I just wanted to share the details of how to resolve the issue if another customer calls in with the same problem, which is undoubtedly going to happen. I pointed out that I was trying to help HIM, for Pete's sake, and he just wouldn't listen. (I started hoping that HP was recording the call.)

After all that, I made it abundantly pretty clear that what he did was very unprofessional, and I asked to speak to a manager. He informed me that he'd see if a manager was available - then he put me back on hold. Fortunately I was calling from work where I have a headset for my telephone, this way I could keep working while I was on hold. (Otherwise this would have really aggravated me.)

After another 20-30 minutes I realized that this idiot engineer was not going to find a manager, he was waiting for me to hang up and go away. So I decided to put that call on hold and try to call back into technical support, but my @#$% LG-Nortel phone won't let me call a phone number if I already have that number on hold. Argh. While I was browsing HP's website to see if I could locate a different phone number for technical support I accidently hung up the original call.

Crap, crap, crap.

So I called HP again and I got another engineer - and I asked to speak to a manager right off the bat. I profusely apologized to the new engineer, and I stated emphatically that it was nothing that he did. He asked for my name and such, but I told him that I had a support ticket number and I gave him that instead. Then I started to explain what happened with the other idiot and how I resolved the issue, but this new engineer attempted to defend the earlier idiot engineer and started to change the subject. I politely cut him off and simply pointed out that the first guy took 30 minutes to read the case notes, whereas he took less than 30 seconds - even this guy had to admit that the first guy's behavior was uncalled for.

Cutting the rest of the story short, I did finally tell the new engineer what it took to fix the problem, which was simply resetting the SATA configuration back to the pre-update BIOS value. I also gave him the information about how to enable AHCI using Microsoft's KB 922976. He thanked me for the information, and after he tried unsuccessfully to upsell me on a new warranty for my computer we ended the call.

Closing Remarks

So there you have it - a thoroughly bad HP customer support experience. If either Hewlett or Packard somehow manage to read this blog, they should be ashamed on behalf of their employees. I'd give you the names of those employees, but no one that I talked to had a name that I could pronounce.

Of course, I never did get to speak to a manager at HP.

I've run into this situation more times that I can count: I set up a new web server and no matter what I do, I cannot log into websites on the server that require authentication while I am browsing to them from the console. I used to pull my hair out over this problem until I discovered the problem is in the Windows Local Security Authority (LSA) and it can be easily remedied.

1. Open your registry editor by going to Start –> Run and enter regedit and click OK.
2. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa in the registry editor.
3. Right-click Lsa, click on New and select DWORD value.
4. Enter DisableLoopbackCheck and press Enter.
5. Right-click DisableloopbackCheck and select Modify.
6. In the Value data box, enter 1 and click OK.
7. Reboot your server.

Several years later someone wrote the following KB article that includes this fix with a description of the problem, as well as an alternate workaround:

http://support.microsoft.com/kb/896861

HTH

I put together this list for my brother when Windows 7 launched. I got the information from a variety of sources, thereby living up to the old adage that "Copying from one person is plagiarism, copying from a hundred people is research." Some of these are new to Windows 7, while others have been around a little while. In any event, here are some notes that explain how to interpret the keystrokes:

• A plus symbol (+) between keys means to press the keys at the same time, whereas a comma (,) between keys means to press the keys one after another.
• [Right] text stands for the right cursor key, [Left] for the left cursor key, etc.

Taskbar Modifiers

Managing Windows

Starting Programs

Logging In And Out

Viewing Folders With Explorer

One of my coworkers, Vijay Sen, just forwarded the following eWeek review of IIS 7.5 to me:

The review was written by Jim Rapoza, and he said some great things about IIS 7.5, which ships with both Windows Server 2008 R2 and Windows 7 client. But what really made my day was the following things that he said about FTP 7.5:

Another welcome change in IIS 7.5 is the elevation of FTP as a full-fledged part of the server. In previous versions, setup and management of an FTP server in IIS were done pretty much separately from Web server management. In IIS 7.5, FTP administration is fully integrated into the IIS Management Console.

I found this to be a very good implementation of FTP, making it possible to quickly set up secure FTP servers and tie them to my Websites. Especially nice was the ability to easily use virtual host names for the FTP sites. All in all, the FTP implementation in IIS 7.5 is one of the best I've seen, even when compared with dedicated FTP server products.

It's great to see all of our hard work being recognized!

My thanks once again to everyone on the FTP and IIS feature teams that helped make this version of the FTP service: Jaroslav, Emily, Daniel, Umer, Suditi, Ciprian, Jeong, Dave, Andrew, Carlos, Brian, Wade, Ulad, Nazim, Reagan, Claudia, Rick, Tim, Tobin, Kern, Jenny, Nitasha, Venkat, Vijay. (I hope that I didn't leave anyone out!)

Note: This blog was originally posted at http://blogs.msdn.com/robert_mcmurray/

Using this Batch File

Some time ago a friend of mine gave me a bunch of JPG files, but for some reason she had two copies of every image in the collection. The names of the images had all been randomized, and since there were hundreds of files in the collection it would have taken hours to find and delete the duplicates. With that in mind, I wrote the following batch file that loops through the collection of files and does a binary comparison to find and delete duplicate files.

To use the example code, copy the batch file code from below into Notepad and save it as "_del_dupes.cmd" in the folder where you have duplicate files

Note: As with many utilities that I write - this is a destructive operation, meaning that it will delete files without prompting, so you should always make a backup just in case something goes terribly wrong... ;-]

Batch File Example Code

@echo off

dir *.jpg /b > _del_dupes.1.txt

for /f "delims=|" %%a in (_del_dupes.1.txt) do (
   if exist "%%a" (
      dir *.jpg /b > _del_dupes.2.txt
      for /f "delims=|" %%b in (_del_dupes.2.txt) do (
         if not "%%a"=="%%b" (
            echo Comparing "%%a" to "%%b"...
            fc /b "%%a" "%%b">NUL
            if errorlevel 1 (
               echo DIFFERENT
            ) else (
               echo SAME
               del "%%b"
            )
         ) 
      ) 
   )
)

del _del_dupes.?.txt

Many years ago I put together a bunch of information about logging system activity in W3C format by using Group Policy Objects and Windows Script Host. All of that information was supposed to become Microsoft KB article 324414, but I changed teams and I eventually lost track of its status. Recently I had a need for the information in that KB article and discovered that it was never published, so I had to look for my notes to reconstruct what was supposed to be in the KB article, and I thought that all that effort would make a good blog post.

(Note: This blog post has been updated a few times since it was first posted in order to keep it up-to-date.)

IN THIS POST

• SUMMARY
• MORE INFORMATION
  • Step 1 - Create the Sample Logging Script
  • Step 2 - Copy the Sample Logging Script to your Group Policy Folders
  • Step 3 - Configure the Script to Record LOGON/LOGOFF Activity
  • Step 4 - Configure the Script to Record STARTUP/SHUTDOWN Activity
• TROUBLESHOOTING
• REFERENCES

APPLIES TO

• Windows Server 2008 R2
• Windows 7
• Windows Server 2008
• Windows Vista
• Windows Server 2003 R2
• Windows Server 2003
• Windows XP
• Windows Server 2000

SUMMARY

The steps in this blog post will show you how to configure your network for additional logon/logoff information for all domain clients by using a sample Windows Script Host (WSH) script to create log files that conform to the W3C Extended Log File (ExLF) Format.

The W3C Extended Log File Format is currently used on Windows servers by the various web services that install with Internet Information Services. These log files are kept in your %SystemRoot%\System32\LogFiles or %SystemRoot%\Inetsrv\Logs\LogFiles folder. By configuring this sample logging script through a domain-level Group Policy, a new folder named Activity will be created under the %SystemRoot%\System32\LogFiles folder containing log entries formatted like the following example:

#Description: Log file for all LOGON/LOGOFF activity
#Date: 2002-01-01 21:28:50
#Fields: date time s-computername cs-username cs-method
2002-01-01 21:28:50 MYCOMPUTER LOCALHOST\SYSTEM STARTUP
2002-01-01 21:32:55 MYCOMPUTER MYDOMAIN\userone LOGON
2002-01-01 21:45:58 MYCOMPUTER MYDOMAIN\userone LOGOFF
2002-01-01 21:47:00 MYCOMPUTER MYDOMAIN\usertwo LOGON
2002-01-01 21:52:02 MYCOMPUTER MYDOMAIN\usertwo LOGOFF
2002-01-01 21:53:09 MYCOMPUTER LOCALHOST\SYSTEM SHUTDOWN

Since there are a wide variety of applications that can process log files in the W3C Extended Log File Format, recording logs in this format allows domain administrators to use tools they are already familiar with when analyzing network logon/logoff information.

NOTE: The W3C Extended Log File Format requires that all times must be kept in Greenwich Mean Time (GMT). As such, all logon/logoff activity recorded by the script in this article will be listed in GMT. This allows a uniform standard for large-scale networks that traverse multiple time zones.

MORE INFORMATION

Step 1 - Create the Sample Logging Script

1. Log on to your Windows Domain Controller as a Domain Administrator.
2. Open Windows Notepad by clicking Start, then All Programs, then Accessories, and then Notepad.
3. Type or paste the following WSH code into notepad:

   Option Explicit
   On Error Resume Next
    
   ' declare all variables
   Dim objFSO,objFile
   Dim objNet,objShell
   Dim objProcess,objArgs
   Dim strFolder,strFile
   Dim blnFileExists
   Dim objDateTime,lngTimeZoneOffset
   Dim strYear,strMonth,strDay
   Dim strLongDate,strShortDate
   Dim strShortTime,strMethod
   Dim strComputerName,strUserDomain,strUserName
    
   ' create all objects
   Set objNet = WScript.CreateObject("WScript.Network")
   Set objFSO = WScript.CreateObject("Scripting.FileSystemObject")
   Set objShell = WScript.CreateObject("WScript.Shell")
   Set objProcess = objShell.Environment("PROCESS")
   Set objArgs = WScript.Arguments
    
   ' process arguments
   If objArgs.Count <> 1 Then WScript.Quit
   strMethod = UCase(objArgs(0))
    
   ' perform date operations
   lngTimeZoneOffset = GetTimeZoneOffset()
   objDateTime = Now() - lngTimeZoneOffset
   strYear  = CStr(Year(objDateTime))
   strMonth = Right("00" & CStr(Month(objDateTime)),2)
   strDay   = Right("00" & CStr(Day(objDateTime)),2)
   strLongDate = strYear & "-" & strMonth & "-" & strDay
   strShortDate = Right(strYear,2) & strMonth & strDay
   strShortTime = FormatDateTime(objDateTime,4) & ":" & Right("00" & CStr(Second(objDateTime)),2)
    
   ' get network information
   strComputerName = objNet.ComputerName
   If Len(strComputerName) = 0 Then strComputerName = "LOCALHOST"
   strUserDomain = objNet.UserDomain
   If Len(strUserDomain) = 0 Then strUserDomain = "LOCALHOST"
   strUserName = objNet.UserName
   If Len(strUserName) = 0 Then strUserName = "()"
    
   ' get windows directory name
   strFolder = objProcess("WINDIR")
    
   ' check for and create "System32" folder
   strFolder = strFolder & "\System32"
   If objFSO.FolderExists(strFolder) = False Then
     objFSO.CreateFolder(strFolder)
   End If
    
   ' check for and create "LogFiles" folder
   strFolder = strFolder & "\LogFiles"
   If objFSO.FolderExists(strFolder) = False Then
     objFSO.CreateFolder(strFolder)
   End If
    
   ' check for and create "ACTIVITY" folder
   strFolder = strFolder & "\ACTIVITY"
   If objFSO.FolderExists(strFolder) = False Then
     objFSO.CreateFolder(strFolder)
   End If
    
   ' set up log file name
   strFile = "ex" & strShortDate & ".log"
    
   ' check if log file exists
   blnFileExists = objFSO.FileExists(strFolder & "\" & strFile)
    
   ' open or create the log file
   Set objFile = objFSO.OpenTextFile(strFolder & "\" & strFile,8,True)
    
   ' write headers if new file
   If blnFileExists = False Then
     objFile.WriteLine "#Description: Log file for all LOGON/LOGOFF activity"
     objFile.WriteLine "#Date: " & strLongDate & " " & strShortTime
     objFile.WriteLine "#Fields: date time s-computername cs-username cs-method"
   End If
    
   ' write the log data
   objFile.WriteLine strYear & "-" & strMonth & "-" & strDay & " " & _
     strShortTime & " " & _
     strComputerName & " " & _
     strUserDomain & "\"  & _
     strUserName & " " & _
     strMethod
    
   ' close the log file
   objFile.Close
    
   Function GetTimeZoneOffset()
     On Error Resume Next
     Dim tmpShell,tmpOffset
     Set tmpShell = WScript.CreateObject("WScript.Shell")
     tmpOffset = objShell.RegRead("HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\ActiveTimeBias")
     If Len(tmpOffset) = 0 Then
       tmpOffset = objShell.RegRead("HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\Bias")
     End If
     ' set a default offset if none can be determined
     If Len(tmpOffset) = 0 Then tmpOffset = "0"
     ' calculate offset in hours
     tmpOffset = (CLng(tmpOffset) * -1) / 60
     ' calculate offset in 1/24 of a day
     tmpOffset = tmpOffset / 24
     GetTimeZoneOffset = tmpOffset
   End Function

4. Save the file:
   • Click the File menu, and then Save.
   • When the Save As dialog appears, choose your desktop as the destination.
   • Enter activity.vbs for the File name.
   • Click the Save button.
5. Click the File menu, and then Exit to close Notepad.

Step 2 - Copy the Sample Logging Script to your Group Policy Folders

To use the sample script with the Default Domain Policy Group Policy Object (GPO), you first need to determine the Globally Unique Identifier (GUID) for the GPO. To do so, use the following steps:

1. Start the Active Directory Users and Computers snap-in in the Microsoft Management Console (MMC). To do so, click Start, point to All Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
2. Right-click your domain, and then click Properties.
3. Click the Group Policy tab.
4. Highlight the Default Domain Policy, and then click the Properties button:
   • The GUID for the GPO will be listed as the Unique name property in the Summary section of the properties dialog.
   • The Default Domain Policy GUID will always be {31B2F340-016D-11D2-945F-00C04FB984F9}, if you choose enable logging in a different policy this will be a different GUID.
5. Click the Cancel button to close the GPO properties dialog.
6. Click the Cancel button to close the domain properties dialog.

To use the sample script with the GPO, you will need to copy the activity.vbs script on your desktop to each of the following paths:

%SystemRoot%\SYSVOL\sysvol\<DOMAIN>\Policies\<GUID>\USER\Scripts\Logon
%SystemRoot%\SYSVOL\sysvol\<DOMAIN>\Policies\<GUID>\USER\Scripts\Logoff
%SystemRoot%\SYSVOL\sysvol\<DOMAIN>\Policies\<GUID>\MACHINE\Scripts\Startup
%SystemRoot%\SYSVOL\sysvol\<DOMAIN>\Policies\<GUID>\MACHINE\Scripts\Shutdown

Where <DOMAIN> is the Fully Qualified Domain Name (FQDN) of your domain, (e.g. mydomain.local ), and <GUID> is the Globally Unique Identifier (GUID) for the Default Domain Policy GPO.

Step 3 - Configure the Script to Record LOGON/LOGOFF Activity

1. Start the Active Directory Users and Computers snap-in in the Microsoft Management Console (MMC). To do this, click Start , point to Programs , point to Administrative Tools , and then click Active Directory Users and Computers .
2. Right-click your domain, then click Properties .
3. Click the Group Policy tab.
4. Highlight the Default Domain Policy , then click the Edit button.
5. In the console tree, click the plus sign (+) next to the Windows Settings under User Configuration , then highlight Scripts (Logon/Logoff) .
6. Add the Logon script:
   1. In the right pane, double-click the Logon item.
   2. Click the Add button.
   3. Click the Browse button.
   4. Highlight activity.vbs , then click the Open button.
   5. Type LOGON in the Script Parameters box.
   6. Click OK to add the script.
   7. Click OK to close the Logon scripts dialog.
7. Add the Logoff script:
   1. In the right pane, double-click the Logoff item.
   2. Click the Add button.
   3. Click the Browse button.
   4. Highlight activity.vbs , then click the Open button.
   5. Type LOGOFF in the Script Parameters box.
   6. Click OK to add the script.
   7. Click OK to close the Logoff scripts dialog.
8. Close the Group Policy Editor.
9. Click OK to close the domain properties dialog.

Step 4 - Configure the Script to Record STARTUP/SHUTDOWN Activity

1. Start the Active Directory Users and Computers snap-in in the Microsoft Management Console (MMC). To do this, click Start , point to Programs , point to Administrative Tools , and then click Active Directory Users and Computers .
2. Right-click your domain, then click Properties .
3. Click the Group Policy tab.
4. Highlight the Default Domain Policy , then click the Edit button.
5. In the console tree, click the plus sign (+) next to the Windows Settings under Computer Configuration , then highlight Scripts (Startup/Shutdown) .
6. Add the Startup script:
   1. In the right pane, double-click the Startup item.
   2. Click the Add button.
   3. Click the Browse button.
   4. Highlight activity.vbs , then click the Open button.
   5. Type STARTUP in the Script Parameters box.
   6. Click OK to add the script.
   7. Click OK to close the Startup scripts dialog.
7. Add the Shutdown script:
   1. In the right pane, double-click the Shutdown item.
   2. Click the Add button.
   3. Click the Browse button.
   4. Highlight activity.vbs , then click the Open button.
   5. Type SHUTDOWN in the Script Parameters box.
   6. Click OK to add the script.
   7. Click OK to close the Shutdown scripts dialog.
8. Close the Group Policy Editor.
9. Click OK to close the domain properties dialog.

TROUBLESHOOTING

If the Logon Script does not run, you may need to check your network connection speed as the script may not run when you first log on to the network. For additional information on this issue, click the article numbers below to view the articles in the Microsoft Knowledge Base:

302104 The Logon Script Does Not Run During the Initial Logon Process

REFERENCES

For more information on the extended log file format, see the specification in the W3C Working Draft at the following URL:

http://www.w3.org/TR/WD-logfile

For additional information on assigning Logon/Logoff Scripts, click the article number below to view the article in the Microsoft Knowledge Base:

322241 HOW TO: Assign Scripts in Windows 2000

For additional information on the Extended Log File Format, click the article numbers below to view the articles in the Microsoft Knowledge Base:

194699 Extended Log File Format Always in GMT

271196 IIS Log File Entries Have the Incorrect Date and Time Stamp

242898 IIS Log File Naming Syntax

When you manage a certificate server, you will periodically need to issue certificates to requestors. To to so, use the following steps:

1. Open the "Certificate Authority" administrative tool:

   

2. Click on "Pending Requests":

   

3. Right-click the pending request and choose "All Tasks", then click "Issue":

   

4. The certificate will now show up under "Issued Certificates":