Howto: Do not display the name of the user who has locked a Windows computer or server

Normally when a Windows workstation or server is locked, you’ll see something similar to the following Windows Security message:  

This computer is in use and has been locked.
Only DOMAIN\USER (user name) or an administrator can unlock this computer.
To not show the name of the user who has locked a computer, the following can be defined in a workstation level GPO
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Display user information when the session is locked.
There are three choices if you enable this policy:
  • User display name, domain and user names (default setting)
  • User display name only
  • Do not display user information
Besides being able to apply this to Active Directory GPOs, this setting appears in the local security policy on my Windows XP SP3 VM.  The setting is not available on my XP SP2 laptop, but I see from KB837022  there is a hotfix that corrects this problem in XP SP2.

Alternatively, the following DWORD can be created in the registry of XP SP2, Windows Vista, and Windows Server 2008 machine to accomplish the same thing:
User display name, domain and user names = 1
User display name only = 2
Do not display user information =3
You need to restart the machine for the change to take effect.
You may also be interested in the related Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Do not display last user name setting. This security setting determines whether the name of the last user to log on to the computer is displayed in the Windows logon screen.

If this policy is enabled, the name of the last user to successfully log on is not displayed in the Log On to Windows dialog box.  If this policy is disabled, the name of the last user to log on is displayed.

Global Fix: Windows Media Player audio works, video does not

Hearing sound but not seeing video is a very common problem associated with many versions of Windows Media Player.  The solution is to turn down the video acceleration inside of WMP (not Windows).  To do this, access WMP’s Performance options and slide the video acceleration from full down to medium, or even none if necessary. 

I have seen this issue across my enterprise, and was hoping I could control this setting through Group Policy.  Unfortunately, this is not a setting found in the wmplayer.adm file.  
To fix this problem, I used Nir Sofer’s RegFromApp utility to determine which changes are made to the registry when WMP’s video acceleration settings are lowered.  Here is the resulting .reg file, which I pushed out globally to clients via login scripts.  Tested with WMP 9, 10, and 11.
Medium video acceleration settings
Windows Registry Editor Version 5.00
No video acceleration settings
Windows Registry Editor Version 5.00

Fix: The World Wide Web Publishing Service (WWW Service) did not register the URL prefix http://x.x.x.x:80/ for site 1. The site has been disabled. The data field contains the error number

Fix for The World Wide Web Publishing Service (WWW Service) did not register the URL prefix http://x.x.x.x:80/ for site 1. The site has been disabled. The data field contains the error number.

System log Event: 1004 Source: IIS-W3SVC Error received when trying to start the stopped web site: 

The process cannot access the file because it is being used by another process. (Exception from HRESULT: 0x80070020)
To verify nothing else is using the x.x.x.x:80 IP address and port (which would be a different issue), launch administrative command prompt and type:
netstat -ano |findstr 80
Verify no other process is listening on the x.x.x.x IP and port 80 (or whatever port the web site is running on).  If you are running the affected web site on a port other than 80, substitute that port number in the netstat command listed above.  If something is listening on that IP and port when the web site is stopped, this is probably not going to fix your problem.  
From administrative command prompt type:
net stop http
In regedit browse to
If an IP address is listed in the ListenOnly List, change the IP address to
From administrative command prompt type:
net start http
From the services applet , restart the World Wide Web Publishing Service
Restart the affect web site by opening Server Manager > Roles > Web Server (IIS) > Internet Information Services (IISM) Manager > Your Server Name > Sites.  Highlight the affected site and select Restart.
My issue was caused by an old, invalid IP address being specified at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\ListenOnlyList.  This happened because I had previously ran the web site on a different IP address on this server.  
See KB 890015 details on the solution.

After upgrading to BES 4.1.3 or higher for Groupwise, excessive GWXMLData::ContactSyncRecordToXML warnings appear in the Windows Application log

Blackberry KB15941 exlains that starting with BES 4.1, additional warnings are logged to the Blackberry Messaging and Windows Application log.  These warnings are informational in nature, and do not indicate a problem.

If you’d like to reduce or eliminate these messages, KB04342 says to edit the EventLogLevel DWORD value  of the appropriate BES service located at : 

HKEY_LOCAL_MACHINE\Software\Research In Motion\Blackberry Enterprise Server\Logging Info
DWORD values and Event Types correspond as follows:
0 = Disable all event logging
1 = Errors
2 = Warnings
3 = Information
4 = Debug
5 = Other
Unforturnately, I was unable to determine which service was generating these excessive GWXMLData warnings, so I had to contact RIM directly.  Their response was that the Mailbox Agent service needs to have it’s EventLogLevel changed to 1, which would log errors only.
I made this change on my BES server, and the event logs are now much slimmer!

Howto: Stop Backup Exec from failing entire backup jobs when corrupt files are encountered

Here is the registry entry to stop Backup Exec from failing backup jobs when corrupt files are encountered

[For Backup Exec versions 9x and 10x]

[For Backup Exec versions 11x and 12x]
HKEY_LOCAL_MACHINE\SOFTWARE\SYMANTEC\Backup Exec for Windows\Backup Exec\Engine\Backup

On the menu bar, select Edit | Add Value

In the Value name field, type in Fail Jobs On Corrupt Files

For the Data Type, select REG_DWORD

In the right window, double-click Fail Jobs on Corrupt Files

Change the Value to 0 (zero)

Restart the Backup Exec services or restart the Windows server.

Microsoft has finally fixed their methodology for disabling Autorun on Windows operating systems

Technet article 91525 describes a registry key that can be set to disable the Autorun feature in Windows operating systems. 

The registry key is NoDriveTypeAutoRun, which can be found at HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer

This key disables the Autoplay feature on all drives of the type specified.  Autoplay begins reading from a drive as soon as media is inserted in the drive. As a result, the setup file of programs and the sound on audio media starts immediately.

Unfortunately, this key did not produce the desired result of disabling the Double Click and Contextual Menu features.  Microsoft just released KB 953252, which describes how to obtain updates that correct these broken registry key settings in the following Windows Operating Systems:

Windows 2000
Windows XP Service Pack 2
Windows Server 2003 Service Pack 1 and 2
Windows Vista

Note: Windows Server 2008 is not affected.

The main purpose of Autorun is to provide a software response to hardware actions that you start on a computer. Autorun has the following features:

• Double Click
• Contextual Menu
• AutoPlay

These features are typically called from removable media or from network shares. During AutoPlay, the Autorun.inf file from the media is parsed. This file specifies which commands the system runs. Many companies use this functionality to start their installers.

Please see KB 952252 for security updates to each applicable operating system to disable autorun capabilities.  This KB also describes Group Policy settings to disable all Autorun features, plus instructions on selectively disabling specific Autorun features.

If you’re still not sure why you’d want to disable Autorun, check out Scott’s article on Autorun attacks.

Setting the Windows default logon domain

We deploy the majority of our Windows XP computers through imaging. We use several different imaging solutions – Ghost, Zenworks, Acronis, and the Microsoft imaging tools found in Windows Deployment Services, which used to be called RIS.

One of the challenges I have experienced is after you join the Active Directory domain post-imaging, Windows prompts you to login to the local computer rather than the domain by default. I came across Ronni’s post the other day, which shows the appropriate registry entries that can be added using the reg.exe utility that will change the logon target from the local computer name to the domain.

Execute both of the commands found below:

reg.exe add “HKLM\software\microsoft\windows nt\currentversion\winlogon” /v altdefaultdomainname /t REG_SZ /d “yourdomain” /f

reg.exe add “HKLM\software\microsoft\windows nt\currentversion\winlogon” /v defaultdomainname /t REG_SZ /d “yourdomain” /f

Replace yourdomain with the name of your Active Directory domain. Reg.exe is built into Windows XP+ and is available for download from the Windows 2000 Resource Kit.

Note that these values are set only for the initial logon. After a user logs into the machine for the first time these values are overwritten.