Aug 28

IE 8 XSS Filtering – To Disable

Uncategorized, Windows No Comments »

We have several sites in our local network that have found their way onto Internet Explorer 8’s bad list when it comes to XSS. These are not necessarily sites we have developed but part of 3rd party published applications that provide a web interface. There’s a quick way to disable this for trusted sites through IE settings which I will show below. First, let’s take a look at what XSS is…

What is XSS? Is it like CSS?
XSS stands for “Cross-Site Scripting.” It is one of manymethods a hacker can use to exploit a site and gain information from a user. Basically code (usually Javascript) is injected or included in a page that makes referece back to another site providing a method for access and transmission of information. For examples see the cheat sheet of code at this site. You can also read the Wikipedia article.

How do I bypass the filter for trusted sites?
Generally you woudn’t want to turn the XSS filtering in IE 8 off at a global level unless there is a great reason to do so. What I have done is added the site I want to adjust to my trusted sites group and then manipulated my trusted site settings.

Head to Tools -> Internet Options -> Security. Click on “Trusted Sites” and click the “Custom Level” button.
Scroll down in the options until you see “Enable XSS Filter” and choose “Disable”

disable_xss_cross-site-scripting

While you are in there you also may want to adjust for mixed http and https content. You can do that in the heading “Display Mixed Content” 

disable_https_issues

I hope you found this post useful … it’s just one of those things we learn as IE 8 is used more. Overall I’m very thankful for the update IE 8 has provided.

Jan 20

W3VC will not start, DCOM will not start, Service errors

Exchange 2007, Windows 4 Comments »

I ran into an issue yesterday which I feel is worth reporting so others can benefit.Our Exchange 2007 server began having 503 Service Unavailable errors when accessingthe Exchange virtual directory for owa legacy connectivity. Restarting the informationstore was something I didn’t want to do in the middle of the day and instead investigatesIIS. No application pools were hung or crashed, the even logs had nothing to supportthe issue, and the IIS Admin and HTTP SSL services were running correctly. I proceededto alter the permissions of the Exchange virtual folder through the WebDAV tab inthe Exchange Management Console to set it to forms authentication temporarily andthen set it back hoping to fix the issue. After a net W3SVC stop the service wouldn’tstart again. I received the following errors:

 

Event Type: Error
Event Source: W3SVC
Event Category: None
Event ID: 1005
Date:  1/19/2009
Time:  6:59:22 PM
User:  N/A
Computer: SOMENAME
Description:
The World Wide Web Publishing Service is exiting due to an error. The data field containsthe error number.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 80080005
 

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7024
Date:  1/19/2009
Time:  6:59:23 PM
User:  N/A
Computer: SOMENAME
Description:
The World Wide Web Publishing Service service terminated with service-specific error2148007941 (0×80080005).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

 

It turns out the 0×80080005 is a common error for multiple services. The descriptionis as follows:

DESCRIPTION:
80080005 2148007941 CO_E_SERVER_EXEC_FAILURE: Server execution failed

 

Basically WMI wasn’t able to communicate through COM+ to initialize the service.

You can validate DCOM is working by looking at the Component Manager. If you systemhas a red down arrow on it then the service isn’t working correctly.

http://blogs.technet.com/askcore/archive/2008/05/09/troubleshooting-agent-deployment-in-data-protection-manager-2007-dcom.aspx

The final solution was a permissions error on the CSSID keyin the hive HKEY_CLASSES_ROOT.

Setting the permissions correctly then performing a reboot solved the problems.

Aug 14

The Project Location is Not Trusted, Vista and .NET

.NET 2.0, Windows 1 Comment »

If you’re in Vista and trying to access a project on your network you may get an errorfrom Visual Studio stating the “project location is not trusted.”

I trust it I do I do you say? Let’s tell Windows….

Open a command prompt.
CD to x:\windows\Microsoft.NET\Framework\v2.0.50727

Now let’s say you’ve mounted your network share as drive S:\. You will want torun the following command…

caspol -q -machine -addgroup 1 -url file://s:/*FullTrust -name “Development Share”

For good measure run: gpupdate /force and thenclose and relaunch Visual Studio and you should be ready to go.

Apr 18

Installing SharePoint 2007 on Windows Server 2008

Sharepoint, Windows No Comments »

If you are interested in SharePoint 2007 and installing it on Windows Server 2008you will find this article I wrote useful.
It is available as a PDF download due to the included screenshots. In 30 steps youcan have Sharepoint up and running on your Windows 2008 Server.

Sharepoint2007_Server08_InstallGuide.pdf(1.52 MB)

Dec 27

Recover Deleted Messages in Outlook (even hard deleted)

Windows 1 Comment »

Have you deleted e-mails using SHIFT-DEL by accident and need to recover them?I found this today when needing to recover deleted files in Outlook. Take a look atthe website for advanced Exchange settings.

http://www.msexchange.org/tutorials/Recovering-Deleted-Items-Exchange-Server-2003-Part1.html

By default, the feature above works only with the Deleted Items folder (soft delete),but if a message is deleted using Shift + Delete (hard delete) from another folder,it will not appear in the Recover Deleted Items of the Deleted Items folder,or in another common case: when an user moves messages from his/her mailbox (Inbox,Sent Items) to a .pst file.

You can roll back this situation by modifying the registry. You will have to add anentry called DumpsterAlwaysOn in the registry of the computer that lets the RecoverDeleted Items work in all of the Outlook folders.

To modify the registry, follow these steps:

  1. Go to Start, select Run, type regedit and then click OK.
  2. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Client\Options
  3. Right click on right side frame, then go to New, select DWord Value, type DumpsterAlwaysOn andthen complete the value field with a 1 (Figure 5)
  4. Restart Outlook

After that registry modification, you will be able to use the Recover Deleted Items featurefor all Outlook folders.

Jul 14

Microsoft Virtual PC 2004 – - FREE!!

Microsoft News, Windows No Comments »

Well Microsoft announced that Virtual PC 2004 SP1 is now a FREE download. How greatis that?!?! Also they will be offering Virtual PC 2007 which will be Windows Vistacompatible also at a very wonderful price – $FREE. So who can complain? I supposeVMWare won’t be too happy to hear this. Of course VMWare is also offering some freestuff so they won’t be left out. VMWare offers their VMWare Server free as of July12th. See New Release Thislooks like a nice product to do some testing for client OS and software betas. Sothis is great for all of us out there who love virtualization. Yay for us!

Download Virtual PC 2004! FREE!!

http://www.microsoft.com/windows/virtualpc/downloads/sp1.mspx

Jun 19

End User License Agreement EULA keeps coming up

Windows No Comments »

If the EULA keeps coming up even after you’ve acceptedit many times…

The acceptance of the license requires a change to the registry.  Some user accountsdon’t allow that to happen.  See if logging in as the Administrator and acceptingthe license helps.

Jun 02

The macros in this project are disabled – Microsoft Outlook Error

Windows No Comments »

This morning I ran across one of our systems where every time a new message was created,replied to, or forwarded (effectivly opening MS Word as the editor) the followingmessage was displayed:

“The macros in this project are disabled. Please refer to the online help or documentationof the host application to determine how to enable macros.”

In MS Word it is possible to set security settings on Macros to HIGH. Doing so willcause the message to appear. To reset security settings in Word…

1) Click Tools
2) Click Options
3) Click the Security tab
4) Click the “Macro Security” button
5) Set security to Medium

A Microsoft article is also available on this subject:

http://support.microsoft.com/default.aspx?scid=kb;en-us;302632

Note: After installing Adobe Acrobat on a computer with HIGH settingsthis error will appear. Also, it may be necessary to restart the system for all changesto take effect.

May 19

Outlook Web Access OWA gives red X instead of text box

Windows No Comments »

If you’re using Outlook Web Access and receive a red X when attempting to create anew message then I have the solution for you! I had the same problem with my systemand found the following solution on http://www.mcse.ms/archive72-2004-10-1107865.html

OK, I found a resolution that works (thanks to Paul S).

Re-register these ocx & dlls.

regsvr32 /u “C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx”
regsvr32 /u “C:\Program Files\Common Files\Microsoft Shared\Triedit\triedit.dll”
regsvr32 “C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx”
regsvr32 “C:\Program Files\Common Files\Microsoft Shared\Triedit\triedit.dll”

How do you do this? Simply click Start, click Run, then copy and past the first lineincluding the ” and paste into Run and click OK. It will let you know the processcompleted. Repeat for the remaining items.

May 03

Cannot move or rename the Documents and Settings folder

Windows No Comments »

Cannot move or rename the Documents and Settings folder

Viewproducts that this article applies to.
Article ID : 236621
Last Review : March 28, 2006
Revision : 5.0
This article was previously published under Q236621
Important This article contains information about how tomodify the registry. Make sure to back up the registry before you modify it. Makesure that you know how to restore the registry if a problem occurs. For more informationabout how to back up, restore, and modify the registry, click the following articlenumber to view the article in the Microsoft Knowledge Base:
256986 (http://support.microsoft.com/kb/256986/) Descriptionof the Microsoft Windows registry

SYMPTOMS

If you try to move or rename the “Documents and Settings” folderin Windows, you receive the following error message:
“Documents and Settings is a Windows system folder and is requiredfor Windows to run properly. It cannot be moved or renamed.”


CAUSE

This behavior is by design.


RESOLUTION

To specify a different folder for the “Documents and Settings” folderduring installation, follow these steps:
1. Use the /UNATTEND switch with Winnt.exe or Winnt32.exe and insert the following entryinto the Unattend.txt file, where z:\foldername is the path and foldername you want:
[GuiUNattended]
ProfilesDir = z:\foldername
2. Install Windows. The path you included in the Unattend.txt file is used instead ofthe default “Documents and Settings” folder.

For more information about unattended setup of Windows 2000, click the following articlenumber to view the article in the Microsoft Knowledge Base:

183245 (http://support.microsoft.com/kb/183245/) Changesto Windows 2000 Unattended Winnt[32].exe command line


MORE INFORMATION

NOTE: The following section provides information about a configurationthat Microsoft does not support. We provide this information for informational purposesonly; Microsoft makes no guarantee that this configuration functions properly.

WARNING: Microsoft strongly recommends against renaming any system folder.Catastrophic system failure or an unstable computer could result if you rename systemfolders. If implemented, a backup should be made of the system before attempting thisprocedure.

To rename or move the “Documents and Settings” folder, use the appropriate method.

User-specific

Warning Serious problems might occur if you modify the registry incorrectlyby using Registry Editor or by using another method. These problems might requirethat you reinstall your operating system. Microsoft cannot guarantee that these problemscan be solved. Modify the registry at your own risk.
NOTE: This method does not relocate key Windows components. Use this methodif you require only user-specific data to be moved.

To specify a different folder for the “Documents and Settings” folder after you installWindows for a particular user, follow these steps:

1. Identify the user’s profile path. There are two methods to identify the profile path.Either by user path settings or user SID. The user SID method is preferred.
User SID method
a. Use the GETSID tool from the Windows Server Resource Kit to obtain the SID. Use syntaxsimilar to the following example:
GETSID \\SERVER1 UserName \\SERVER1 UserName
b. Once you obtain the SID, use Regedit.exe or Regedt32.exe to select the user’s SIDunder the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
User path setting
a. Log on to the computer as the user, and then type SET ata command prompt. Note the setting for USERPROFILE, and then close the command promptwindow.
b. Log on as an administrator of the computer.
c. Use Registry Editor to add the USERPROFILE setting to the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
d. Click the registry key, and then click Find on the Edit menu.
e. In the Find box, type the value of the USERPROFILE setting, and then click FindNext.
2. Change the ProfileImagePath value to use the new path you want in the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ProfileList registry key.
3. Close Registry Editor, and then log on as the user. Type SET atthe command prompt to verify the path has changed.


Entire Folder

NOTE: This method relocates key Windows components. Use this method only ifyou require the “Documents and Settings” folder to be moved or renamed and you cannotuse the Unattend.txt file to change the name during installation.

To specify a different folder for the entire “Documents and Settings” folder, includingkey system components, follow these steps:

1. Log on to the computer as an administrator.
2. Create a new folder.
3. Open the current “Documents and Settings” folder.
4. On the Tools menu, click Folder Options, and then click the View tab.
5. Under Advanced settings click Showhidden files and folders, and then click to clear the Hidefile extensions for known file types and Hide protectedoperating system files check boxes.
6. Click OK.
7. Click and drag to copy all the folders to the new folder, except for the currentlylogged on users folder.
8. In Control Panel, double-click System, and then click the User Profiles tab.
9. Copy the current user’s profile to the new folder.
10. Click OK, close Control Panel, and then log off and log on to the computeras an administrator again.
11. In Registry Editor, click Find on the Edit menu.
12. Type documents and settings, and then click Find.
13. Replace the value data or rename the value or registry key to the new path for eachand every registry key and value that contains the original path.NOTE: Youmust complete this change for every instance in the registry or your computer maynot start. It is imperative that you update all registry keys and values with thenew path.
14. Restart the computer.
15. You can now safely remove the original “Documents and Settings” folder.

Note If you search the registry for “Documents and Settings,” you will finda string value in the following subkey: HKLM\system\controlset001\control\hivelist.This string value is \Device\HarddiskVolume#\Documents and Settings. Do not changethis string value. After you finish searching for “Documents and Settings,” also searchfor the short file name “Docume~1.” Change the path for those results.


APPLIES TO
Microsoft Windows Server 2003, Standard Edition (32-bit x86)
Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Professional Edition
Microsoft Windows 2000 Datacenter Server

http://support.microsoft.com/kb/236621/en-us

Previous Entries