Deleting user profiles

In the past I have worked within several educational establishments and there has been a recurring IT issue.

Users on a Windows PC will get an error message (eg “We can’t sign into your account”) and are unable to log in. They usually then come to IT and say something like they can’t get in / locked out / forgotten their password and can they have their password reset (ie nothing to do with the issue).

When investigating the issue, it’s clear that the PC has run out of disk space and can not create (or update) the user profile as there is insufficient disk space.

This is most likely to happen in a shared location, not usually in a class/lecture room as students tend to sit at the same computer. It most often happens in a shared space such as a general use space or a library where several different users use the computers over a relatively short period of time. This leads to multiple user profiles being created on the computers which are unlikely to be used again.

With users nowadays using more space, usually with tools such as OneDrive and Teams (although user programs also take up considerable amounts of space), the internal disk of the PC quickly fills up after a few months.

In the old days, pre Windows 10, one of the most common ways of dealing with this from a support point of view (without having rights to such tools as SCCM or Active Directory policies – which may have ways to automatically delete the profiles on such computers) was to use DelProf from Sysinternals. This program could be run on a PC to delete any profiles older than a specified number of days. The tool would be scheduled during school holidays (either by hacking the registry to run on reboot or using tools such as Altiris or PDQ) or sometimes even manually.

Unfortunately Microsoft made changes in Windows 10 and later, which stopped DelProf from working and whilst someone created a replacement DelProf2, I never found that it worked as well. Any attempts that I made to clear the profiles using PowerShell commands (which you can find using a quick Google) never worked as well as they were supposed to or just did not work in the education environments that I was using them within.

So, as Usual, after various attempts to use methods suggested online, I decided to do some hacking of my own… Whilst the end result are not what I had hoped for, it does the job to a suitable level, although I am disappointed that there is not an easier method (which doesn’t involve being logged into Windows as local admin ) to perform such a necessary task. I suppose the easiest alternative would be to just re-image the machines at set periods, use some program such as DeepFreeze (or similar ) to keep the PCs clean of the profiles in the first place or use a [Cloud based] Virtual PC or Citrix to prevent such issues in the first place [tools which are not common in the UK/Scottish education establishments I have worked in]. Whilst these are possible scenarios I suspect they could create undue strain on the network, when it would be better served for other purposes (such as pushing out Windows updates / Security fixes) or delaying the next user from logging in (whilst the profiles were cleared).

So here is my workaround to this frustrating issue…

I used one of my favourite tools, AutoIt routine IsAdmin() to check that the person running the program is a local administrator (you can’t delete the user profiles without this), then the script opens “System Properties Advanced” and “User Profiles”

Using AutoIt’s functions the program reads the “User Profiles” window (into an array) and compares each entry to the expected “DOMAIN\UNIIQUE_Start” (this could be something like “School1\21” where the domain is called School1 and the pupil profiles start with 21 for the year that the pupil year group started, it will be different depending on the environment, but places I have worked in have had a unique prefix for pupil accounts or year group [to differentiate them from the staff accounts]).

The initial program worked well, but with some of the machines I found that there were a few hundred profiles. This meant that Windows took a while to display the “User Profiles” window, causing the program to fail. I realised I needed a good way to create a delay dependant on the number of profiles. The solution was to use another AutoIt built in function _FileListToArrayRec to find out how many profiles are in “c\users” (the default location for User profiles) and use that for an estimated delay. This could be expanded (possibly with a GUI ?) to show the space used/saved using this program?

To aid the detection of issues and for potential future improvements, the script includes debug statements, which can either be displayed on screen [Debug=1], saved to a debug text file [Debug=2], any other value will disable debugging [See Func Debug( $mesage = “”)].

I hope this helps someone in a similar role to myself, somewhere and if you want to take the script and improve it feel free… I may look at creating something similar using PowerShell at a later date as some systems [AntiVitus applications such as Sophos and Microsoft Defender] have issues with AutoIt, flagging/blocking/deleting as a PUA [Potentially Unwanted Application].

Here’s a copy of the script (it’s untidy and the formatting is off (WordPress issues).

You will need to add the includes for MsgBoxConstants.au3, GUIConstantsEx.au3, GuiListView.au3, Array.au3, AutoItConstants.au3, File.au3, FileConstants.au3 and WinAPIFiles.au3 as WordPress doesn’t like the formatting for the AutoIt include statement [Interpreting as HTML], so I have had to remove it for now.

[ \/ AutoIt code starts here \/ ]

#INCLUDES STATEMENTS GO HERE

;variables

Global $advancedSettings = “SystemPropertiesAdvanced”
Global $advancedSettingsWindowName = “System Properties”
Global $userProfilesWindow = “User Profiles”

Global $ProfilesArray[]
Global $AProfileArray[]
Global $PID

Global $debug =2
Global $debugFile = “/debug.txt”
Global $delay = 500
Global $Profiles = 0
Global $StudentProfiles = 0

Global $IncreasedProfileTrigger = 10

Global $StringToFind = “DOMAIN\UNIIQUE_Start”

;Program here \/

If IsAdmin() Then
# MsgBox($MB_SYSTEMMODAL, “”, “IsAdmin” & @CRLF & “Admin rights are detected.”)

GetProfilesInDir2()
FindStudentProfiles()
debug("There are " & $StudentProfiles & " Student profiles.")

IF $StudentProfiles < 1 then
MsgBox($MB_SYSTEMMODAL, “Error”, “No Student profiles were detected on this PC.” & @CRLF & “Program will now exit.”)

Exit

EndIf

#Minimise all Windows
Local $oShell = ObjCreate("shell.application")
$oShell.MinimizeAll    

OpenAdvancedSystem()
OpenUserProfiles()

IF $Profiles > $IncreasedProfileTrigger then
IncreasedProfileDelay()
;managing issues where there are a large number of profiles and the system may stop responding
Debug(“More than “& $IncreasedProfileTrigger &” Profiles detected, will start delay.”)
EndIf

GetUserProfiles()

FindStudents()

CloseProfiles()

Else

MsgBox($MB_SYSTEMMODAL, "Administrator Access Required", "Administrator permissions is required to run this application." & @CRLF & "Please run with Admin Rights.")
Exit

EndIf

;functions here \/

Func IncreasedProfileDelay()

Debug ("Starting IncreasedProfileDelay")
For $profileDelay = 0 To $Profiles - 1
    sleep(10000)
    Debug("Delay "& $profileDelay &" of " & $Profiles)
    if WinExists($userProfilesWindow) = 1 Then
        $profileDelay = $Profiles - 1
        debug ("User Profiles Window Detected")
    EndIf

Next


Debug ("Finished IncreasedProfileDelay")

EndFunc

Func GetProfilesInDir()
Debug (“Starting GetProfilesInDir.”)

    Local $hTimer = TimerInit()

    Local $aSize = DirGetSize("c:\users",$DIR_EXTENDED)
    If Not @error Then
            Local $iDiff = Round(TimerDiff($hTimer) / 1000) ; time in seconds
            debug( "Dirs: " & $aSize[2] & @CRLF _
                             & "TimeDiff(Sec): " & $iDiff)
    EndIf

Debug ("Finished GetProfilesInDir.") 

EndFunc

Func GetProfilesInDir2()

Debug ("Starting GetProfilesInDir2") 

Local $hTimer = TimerInit()

Local $iDiff = Round(TimerDiff($hTimer) / 1000) ; time in seconds
    $AProfileArray = _FileListToArrayRec("c:\users", "*", $FLTAR_FOLDERS, $FLTAR_NORECUR, $FLTAR_SORT)
    #_ArrayDisplay($AProfileArray, "'")
debug( " " & $AProfileArray[0] & " User Dirs found."& @CRLF _
                             & "TimeDiff(Sec): " & $iDiff)
$Profiles  = $AProfileArray[0]


Debug ("Finished GetProfilesInDir.") 

EndFunc

func OpenAdvancedSystem()
Debug (“Starting OpenAdvancedSystem.”)

$PID = Run(@ComSpec & " /c " & "start "&$advancedSettings)
    While WinWaitActive($advancedSettingsWindowName, "", 1) = 0

        WinActivate($advancedSettingsWindowName)
        Debug ("Activating : "&$advancedSettingsWindowName) 
    WEnd

Debug ("Finished OpenAdvancedSystem.") 

EndFunc

func CloseProfiles()

Debug ("Starting CloseProfiles") 
    Debug("Closing." )
    WinActivate($userProfilesWindow)
    send("!{F4}")
    sleep (100)
    Debug("Closed: User Profiles Window")
    WinActivate($advancedSettingsWindowName)
    ;ProcessWaitClose($PID,60) 
    send("!{F4}")

    Debug("Closed: Advanced Settings Window")
    sleep (100)

Debug ("Finished CloseProfiles") 

EndFunc

func FindStudentProfiles()

Debug ("Starting FindStudentProfiles") 

Debug (“Checking Domain Profiles”)
For $a = 0 To UBound($AProfileArray)- 1
Debug( “Profile ” & $a & “: ” & $AProfileArray[$a] )

    If stringInStr($AProfileArray[$a],$StringToFind) > 0 then
        Debug("Student " & $AProfileArray[$a] & " found." )   

        $StudentProfiles = $StudentProfiles +1
    EndIf
Next

Debug (“Checking Non Domain Profiles”)
;check for non domain
IF stringInStr($StringToFind,”\”) >0 Then

$anonDomain = StringSplit($StringToFind,"\")
$nonDomain = $anonDomain[2]

For $a = 0 To UBound($AProfileArray)- 1
    Debug( "Profile " & $a & ": " & $AProfileArray[$a] )

    If stringInStr($AProfileArray[$a],$nonDomain) > 0 then
        Debug("Student " & $AProfileArray[$a] & " found." )   

        $StudentProfiles = $StudentProfiles +1
    EndIf
Next

EndIf

Debug (“Finished FindStudentProfiles”)

EndFunc

func FindStudents()

Debug ("Starting FindStudents") 

For $a = 0 To UBound($ProfilesArray)- 1
    Debug( "Profile " & $a & ": " & $ProfilesArray[$a] )

    If stringInStr($ProfilesArray[$a],$StringToFind) > 0 then
        Debug("Student " & $ProfilesArray[$a] & " found." )   

        #find entry in list
        MovetoProfile( $ProfilesArray[$a] )
    EndIf
Next

Debug ("Finished FindStudents") 

EndFunc

func OpenUserProfiles()

Debug ("Starting OpenUserProfiles")     

WinWaitActive($advancedSettingsWindowName, "", 10)
WinActivate($advancedSettingsWindowName)
sleep(5000) ; sleep 5 seconds
send("!e")

Debug ("Finished OpenUserProfiles") 

EndFunc

Func MovetoProfile( $profile = “”)

Debug ("Starting MovetoProfile")    

$hWnd = WinWaitActive($userProfilesWindow, "", 10)
; $hWnd - is the window handle

WinActivate($userProfilesWindow)
sleep(5000) ; sleep 5 seconds


;Profiles are in a ListView


Local $hControl = ControlGetHandle($hWnd, "", "SysListView321")

# derived from https://www.autoitscript.com/forum/topic/165450-read-value-from-listview/


Local $SelectedItemIndex = -1
Local $GetCount = _GUICtrlListView_GetItemCount($hControl)
Debug( "Found " & $GetCount & " Profiles.")

    ;#cs
For $a = 0 To $GetCount - 1
    $LineInfo = _GUICtrlListView_GetItemTextArray($hControl, $a)
    #_ArrayDisplay($LineInfo)

    IF stringInStr($profile, $LineInfo[1]) > 0  Then
        ;click on this profile
        _GUICtrlListView_ClickItem($hControl, $a)
        Debug("Profile " & $LineInfo[1] & " found. " )


        WinActivate($userProfilesWindow)
        ;send Delete keys
        send("!D") ; delete
        Send("y") ; yes
        sleep(10000)
        $a = $GetCount - 1

    EndIf


Next

Debug ("Finished MovetoProfile") 

EndFunc

func GetUserProfiles()

    Debug ("Starting GetUserProfiles") 

$hWnd = WinWaitActive($userProfilesWindow, "", 100)
; $hWnd - is the window handle

WinActivate($userProfilesWindow)
sleep(5000) ; sleep 5 seconds
debug("Opened User Profiles window.")

;Profiles are in a ListView


Local $hControl = ControlGetHandle($hWnd, "", "SysListView321")

# derived from https://www.autoitscript.com/forum/topic/165450-read-value-from-listview/

Local $SelectedItemIndex = -1
Local $GetCount = _GUICtrlListView_GetItemCount($hControl)
Debug("Found " & $GetCount & " Profiles.")

Local $Profiles[$GetCount]
;#cs
For $a = 0 To $GetCount - 1
    $LineInfo = _GUICtrlListView_GetItemTextArray($hControl, $a)
    #_ArrayDisplay($LineInfo)

    $Profiles[$a] = $LineInfo[1]

    Debug("Profile " & $a & ": " & $Profiles[$a] & "" )

Next

;_ArrayDisplay($Profiles)

$ProfilesArray = $Profiles
;_ArrayDisplay($ProfilesArray)



;#ce
        Debug ("Finished GetUserProfiles") 

EndFunc

Func Debug( $mesage = “”)

If $debug = 1 Then
    MsgBox($MB_SYSTEMMODAL, "Debug", $mesage, 10 )
    sleep($delay)
EndIf


If $debug = 2 Then
    Local Const $sFilePath = @ScriptDir & "/" & $debugFile
    Local $hFileOpen = FileOpen($sFilePath, $FO_APPEND)

    If $hFileOpen = -1 Then
            MsgBox($MB_SYSTEMMODAL, "", "An error occurred whilst writing the debug file " & $sFilePath)
            Return False
    EndIf

    FileWrite($hFileOpen, @MDAY & "/" & @MON & "/" & @YEAR & " " & @HOUR & ":" & @MIN & ":" & @SEC & " - " & $mesage & @CRLF )

    ; Close the handle returned by FileOpen.
    FileClose($hFileOpen)
EndIf

EndFunc

#End Functions

Silent Install AutoDesk AutoCAD 2022 (Education)

This is an unusual post for me, but I feel that it may be of use to IT Support staff covering Schools.

The reason for this post is that I was trying to set up a silent (unattended/admin) installation of AutoCAD 2022, but the information on how to create this install was missing from the AutoDesk education website.

[update 13/04/2022 – Autodesk contacted me to advise on their process, this is documented at the bottom of the page.]

When I contacted AutoDesk support team, they could only provide details of how to create a silent install for the non educational version of the software. and appeared to be a bit confused when I advised the command line parameters they had provided were not working.

I also failed to find any information via a standard Google search. (As we all know, you are not the first person to have an IT issue and there are nice people out there that are willing to help)

What is needed first is to download the software and licence from AutoDesk’s education site (registration required).

The software is provided in a Self Extracting executable, which if run will provide a GUI to install the software manually, however if run as “XXXxXdlm.sfx.exe -Suppresslaunch -d %path%” where the XXXxXdlm.sfx.exe is the name of the setup file provided by the AutoDesk education website and %path% is the location where you want the files uncompressed to. (details from Silent Install HQ )

Once uncompressed you should have a setup.exe file, to use in the process below.

My solution was to investigate the setup files for a clue on how the installer could be used. I didn’t use any special tools for this investigation, only software that is installed by standard on Windows (all versions).

What I found was that there are some [hidden?] command line parameters that can be used, I have listed these below:

• serialnumber
• hide_eula
• productkey
• install_mode
• trial_mode
• silent

Each of these parameters has to be prefixed with a double – eg setup.exe —silent

For my silent install I used the command “setup.exe —hide_eula —trial_mode —installmode install —silent —serialnumber xxx-xxxxxxxx —productkey xxxxx” Where the Xentries are the serial and product key send by AutoDesk from the education site.

You can also create a Silent install using a similar command line of “setup.exe —installmode uninstall —silent”

I have run this on a test PC and everything appears to work successfully.

This works for the setup within the school I investigated this for, who will be using a licence server (not currently active), however I have not included details on how to configure AutoCAD to use the Licence Server as I have still to investigate this, however in the past this was managed by adding the required registry keys.

I hope this is of assistance to someone out there who may be experiencing the same issues I have.

Good luck to you and if needed please reach out to me and I’ll see if I can assist.

Note: If I get a response from AutoDesk on their preferred method I will update this page.

Additional: Here are some other potential [hidden ?] parameters that may be useful.

• manifest
• manifest_xsd
• install_source
• url_root
• clic
• substype
• session_id
• noupdate
• offline_mode
• trigger_point
• tmp_dir
• installer_version

[update 13/04/2022] Autodesk contacted me to advise on their process:

Firstly, you have to register the serial etc using their web page “RegisterOnce”. Once that has been performed then the standard Corporate software site (http://manage.autodesk.com ) will show the product (under “Product and Services”) and the option (“Custom installs and deployment“ ) to create a silent install. This process takes you “step by step” through creating an installer.

IMPORTANT: Make sure you have correctly specified the “Deployment image path” under “Deployment”. Also ensure that you have entered the serial details and licence server correctly.

Once the installer is created and downloaded, it needs to be run to create the installation on the network location you have specified during the “Step by Step” process mentioned above.

The final installation (on the network share) will contain a batch file [something similar to “InstallInventorPro2022.bat”] with three lines (two are commented out), one to install silently, one to uninstall silently and the last to install with a basic User Interface (handy for testing)

The standard silent (-q for quiet install and “deploy” rather than “install”) command line is something like: installer.exe -i deploy —offline_mode -q -o setup.xml —installer_version “1.29.0.29”

Stick to the script

My first taste of real IT was as part of a one weeks high school “works experience” at Strathclyde University’s IT department back in the 90’s (it probably was called data processing or something back then). The systems were all unix and I was used to an Acorn Electron and BBC Master, both running a version of the BASIC programming language, it was a tough learning curve, especially when I was given a manual, pad of paper and asked to write a script. I can’t remember what the script was supposed to do but I remember being lost in this manual, trying to figure out this strange programming language that made no sense to me.

The university IT guys obviously didn’t understand my situation as their experiences were all with Unix shell scripting and possibly some C programming. To them I was a waste of space as ‘all computers worked the same’ and this should be simple for a kid with a home computer.

As I grew up I learnt Pascal, C, COMAL, COBOL at college and tried to teach myself Assembly language and C++ (both with not much luck) at home.

It’s not until recently that my programming skills have come back into use. Not just for my Open University courses on Java / Object Oriented Programming (which would have helped back in the 90s when I was trying to get my head round Objects after 2 years of procedural programming in Pascal and years toying with BBC BASIC) & web design using JavaScript. My programming has come into use more recently as part of my current support role.

The last year (or so) I have written more programs in AutoIT and Batch (DOS) scripting than I have done in a long time.

As with all programming languages, sometimes there are ‘quirks’ that you have to get your head around but it’s amazing what you can do with a bit of creativity.

One of my most recent Batch scripting triumphs was to resolve an issue we have with Altiris.

We have a wide range of sites in one of our sections ( 13 large sites with servers and 51 smaller sites with a Local NAS each), with each site needing support via Altiris. The central Altiris server does not have the spare capacity for all the installs and whilst the network links are sufficient for standard use, pulling multiple installs over the links can bring sites to a crawl.

My aim was to create a script that could be used to determine the site, check the local data store ( NAS or server) for the install and if not present copy the files from the central Altiris server to the local data store, then run the install. This sounds quite simple bit you need some safeguards to prevent multiple PCs from copying the files. some way to check the files copied successfully last time and a check that if the copy was taking too long that another computer would take over (assuming that the original had failed to copy the files – ie powered off or disconnected from the network ).

So what appeared, at first look, to be a simple little script, soon became a challenge.

I’m happy to announce that the script is currently working. So what does the script do?

First it determines the site, originally this was done using the computer name as each site names it’s PCs with a site specific prefix. After a bit of planning it was realised that some support staff take the computers to one of the larger sites when the machines are rebuilt or if there is a large number to be built. So to account for this it was realised that the unique identifier for each site was the IP address, or in our case the gateway address, using a FOR loop it was easy to strip the gateway address from the IPConfig command.
Another FOR loop then striped the IP into the data we needed and then compared it to a CSV file to get the Server / NAS details.

So that was the easy part done, we know the site & local server / NAS ( data store) but what about the rest?

Checking for the files is easy using IF EXIST, but what if it’s not there. It would be easy to just copy the files but what if 20 machines are all trying to copy at the same time? Simple, create a lock file. Each machine ruining the job cheeks for the file, if it exists it loops until the file is deleted. If the lock file doesn’t exist it is created with the name of the creating PC (for manual error checking) before using robocopy to copy the files/ directories over (other tools are available & better but Robocopy comes with Windows 7 and a version exists for Windows XP – so the easy option was taken), once
Robocopy completes the lock file is deleted and all the PCs continue with the install from the local data store.

So what if the files exist but there have been changes ? This was a bit trickier, I used the DIR command to check the number of files in the directory (and sub folders) as well as using DIR to report the size of the directory(s). This should be a simple (but not completely fool proof) way to check for changes and act accordingly.

So what if a PC is powered off and the lock file exists? Well there are two checks, the first is when the script runs – it checks the date of the lock file and if it doesn’t match the current date then it’s deleted (keeping it simple). The second check is if the batch script comes out of the loop and the lock file is still there then it sends an error back.

There are loads of other error checking in the script and there is a heavy use of CALL, IF and FOR commands within the script to do what it does, but it does everything I had planned and more than the original concept.

So, after a lot of testing and a few changes, I’m now off to look at my next challenge.

If this post is of interest please let me know by liking or posting a comment and I may add some more of the same.

Altiris For Apple Mac systems

I’ve mentioned in other posts that I have previously managed to get Apple systems (most Windows people call them Macs) on Deployment server and I have been asked how I did it…

Firstly look over the Symantec connect article “Installing the DS and NS Agent for Macintosh” which provides a step by step description and a lot of discussion about the process.

From my own experience I was using Altiris Deployment Server 6, the Altiris agent (known as the Dagent on Win 7 or Deployment client/agent) was Altiris-adlagent-2.6-54.Darwin.zip. In order to get it working I also had to disable the auto update feature on the console as it tried to upgrade the agent to the latest version (which in my case didn’t work).

With some basic unix /Command line knowledge, Altiris is quite a handy tool ( it’s not as good as Apple Remote Control, but if you have Altiris and can’t afford ARD it’s a good second choice) which you can use it to image an Apple system if you have an Apple server (or similar) running NetBoot and I’m sure if you have some scripting (AppleScript) skills you will reduce your workload considerably (not to mention allow some standards on the organisation’s Apple systems).

There is a note, that I made when I started testing the Apple client, about an issue (I assume this has been resolved since) where the ADLagent spawned multiple processes.

To uninstall / remove the ADLagent from OSX please look at http://www.symantec.com/business/support/index?page=content@id=HOWTO10704
, basically the (terminal) command appears to be sudo sh /opt/altiris/deployment/adlagent/bin/uninstall.app and after responing to the prompts, the software should be uninstalled. Once uninstalled you can sudo rm -r /opt/altiris and sudo rm -r /etc/altiris to clear out the related folders.

If I can remember anything relevant I’ll add it later, hopefully what is posted here will help, but since the organisation I currently work for no longer support Apple systems (why?) I may struggle with further advice at this point.

Altiris: Part 1

I thought I’d give my insights into what I believe to be best practice when it comes to creating deployment jobs.

Looking back at my early days creating Altiris deployment jobs, most of them appear to be a case of push out the installer and hope for the best (something it appears my colleagues still do !!?). So what do I suggest has to be considered before creating an Altiris deployment job?

Here are my top recommendations.
(more details to follow in further posts)

• What Operating system is the software compatible with? Are there different installers for different OS ?
• What software does the installer rely on (ie prerequisites)? Is the required software already installed? Can you check? Can you install it if not?
• Is there sufficient space on the client to Install the software? (Some jobs may need to copy the install locally before they are run)
• Are other installs (ie Windows update, previous Altiris jobs) running, which could cause the install to fail?
• Which type of installer does the application use? Does it support silent / quiet / unattended / admin install? How can you tell?
• Has the installer really worked and not just returned successfully? How do you check?
• Have you cleaned up any temporary files and/or folders created during the install?
• Have you updated the inventory?
• Has the installer completed before the ‘get Inventory’ task runs?
• Are there any permissions / access changes required? (registry keys / folders)
• Are changes needed to the program, config files, shortcuts? Or Is additional software required to check for access (ie to a network share)?
• Have you tested your install? Is there a standard build / department build you can test it with?

More to follow…

Hacking scorch active X installer

I don’t tend to put how-to stuff on my blog as it’s not really what I intended it for. As I will probably need this in the future and it may help out other IT support people, I’ve made an exception.

My Issue was that the Music department in the High School I work in requested Sibelius Scorch installed on their Windows XP PCs. This should be an easy task but Sibelius/Avid only provide the software as an Active X plugin for Internet Explorer or an .exe installer for Firefox, Oprah, Netscape etc.

Since the staff and pupils are blocked from installing plugins, or any other software, (for security reasons) I needed to find an installer that would install Scorch that I could then distribute to the PCs using Altiris.

After a lot of searching I was no further forward.. So the only option was to start hacking..

I downloaded the Active X .cab file from Sibelius.com and saved it to the desktop of my test Windows XP computer. Once on the PC I extracted the files and was left with a setup.inf and setup.exe files. The setup.inf file is read by windows and starts the setup.exe file.

So I manually ran the setup.exe file and ,due to the restrictions in place on my test PC (proxy settings), the setup.exe failed and gave an error message with a details button. Clicking the details button brought up a URL of where the setup.exe file was attempting to downloading a Microsoft installer file from. (The URL is also recorded in a log file under the profile of the account being used)

With this Info I could just browse to the URL and download the MSI file and use this to deploy the software to the PCs required (after testing).

Hope this info is of use to others in the same situation 🙂

Why Apple?

One of the two questions I get asked, fairly regularly, is “why do you like Apple [XYZ product]” (The other one is why am I vegetarian, but that’s another issue for another day).

My journey started many decades back, as a kid I had an Acorn Electron home computer which I thought myself how to use and program. The Acorn Electron was sold as an education system so did not have all the games and fancy distractions that other home computers (such as the ZX Spectum, Atari and others) had. I learnt to search out joysticks and find the stores that stocked the parts I needed to do what I wanted ( even going so far as to type in code for a printer driver for the colour dot matrix printer we bought later as there were no drivers for it, only a printout of the code).

Later I progressed into a BBC B micro from the same company before I went to college to learn how to program in (the now dead) languages such as Turbo Pascal, C on Amstrad AT PCs and unix terminals.

I eventually managed to get my hands on one of the old PCs when the college eventually upgraded them and tried to teach myself machine code (with little success) and kearn more about DOS 5/6 and windows 3. My family had bought an IBM PC with IBM OS on it at the time so I knew the hardware could do more that Microsoft were doing with it, especially as games were coming out with colour graphics & decent sound.

I played about with PCs for many years and it became my career to build, upgrade and repair Windows PCs. But my sights were a bit wider than my colleagues and I also used an Amiga 1200, upgraded with internal HDD, external HD floppy, chip upgrades etc to run a small ‘off-line Bulletin board system (BBS) called Phoenix which had members on PC, Mac and Atari (I also had an Atari ST).

Every now and then I had a chance to try something new, I got my hands on an Apple PC in high school & had a chance of doing word processing on green screen Apple (probably a classic) which had a graphical desktop & mouse, when other computers were clunky with command line driven interfaces.
My dad decided to replace the IBM with an Apple clone (during Apple’s bad years) and I still kick myself to think we could have gone for an original iMac if only I hadn’t been so blind and realised Apple had seen the demise of the floppy disk, which back then were the only real option for saving data (CDs were too expensive).

At work I have always had the odd chance to get my hands on Apple hardware, from the odd OS 7 system that came in for repair, to working on upgrading OSX systems within schools.

So why Apple?

well after all these years of using different makes and models of computers, Apple is the only one that still makes me feel like a kid. They make the type of computer I wish I could build myself, they get it right first time, every time.

I remember back in the 90’s being at a Microsoft event and bring told how great Windows NT 5 was going to be and what it was capable of. I remember saying to customers it was going to be great. So what happened? NT 5 was delayed time and again and eventually came out as a cut down (my opinion) version under the name of Windows 2000. At that point I realised that Microsoft promised the future but delivered mediocrity.

Apple, on the other hand, do things differently. I attended an Apple event (hopefully the related Non Disclosure Agreement has expired) many years back. Their new OS was due for release or just released, but a feature which they were working on wasn’t ready on time so they were not happy to release a sub standard feature & didn’t release that feature in the initial product. Being the sort of company they are they proceeded to explain about the feature and how it could be used once they had resolved their issues. This meant that the community could get up to speed and develop their software so that it was ready for Apple to release the feature silently as part of a future update. So rather than promising and not delivering they delivered what was expected and were planning more improvements as that were sure they were happy with them. ie promise the possible, deliver the future when it arrives. (or ‘under promise, over deliver’ if you want the boring version)

Even Apple’s view on OS pricing appears to be so much fairer. Would Microsoft sell Windows 8 for the same price as Apple are due to release Mountain Lion? I can’t see it happening and I suspect that MS will force users to update their hardware ( remembering the ‘Vista Ready’ fiasco) when Windows 8 finally gets released.

So what I’m saying is Apple produce stunning technical and visually appealing products that go beyond the rest of the industry and bring back the fun and excitement into IT.

Side note: There are loads of IT people that try to guess what Apple will come up with next, but I don’t want to know. I’m that kid at Xmas, eager to rip into the presents, but knowing there’s no point in peeking as it spoils the excitement of opening them on the day. Sometimes things are more than the sum of their parts and Apple know this.

Just when you think they’re dead

At work we get our new PCs imaged before they are delivered to the organisation. This is pretty common practice in modern companies, especially ones that realise that their IT support staff are busy enough installing apps and diagnosing/repairing faults.

My issue comes from the recent batches of PCs that came into my work recently. This is the first batch of Windows 7 machines and has been a massive learning curve for most of us, especially when there has been little obvious testing before the machines were sent to the sites.

As much as I could rant on about the lack of planning and how myself and my colleagues have been firefighting instead of providing a great service to our customers, that is not what this is about.

The reason for this blog posting is that I received a system that was imaged and configured for another organisation. The logical thing would be to send it back for our supplier to resolve but I have been asked to re-image the machine. Simple enough request you’d think, until you realise that the machine in question has had a BIOS password set, and you’ve probably guessed that it’s not our password and the settings are not correct for our defined security policy.

One of the issues with the BIOS is that the boot from Network (PXE Boot) has been switched off, so I can’t even image the machine with our defined image until we find out what the password is.

So I investigated how to reset the password and after trying ‘backdoor’ passwords and removing all power and internal backup power to no avail, I found a utility from the Hardware manufacturer that could record the settings from a machine that had the correct settings, store them to replay them on the faulty machine.

Now here comes the zombie bit…

The program will only work on DOS.. I thought in the age of USB pen drives, Windows PE, Windows 7 and Windows 8 just round the corner that DOS was dead and buried years ago..

Luckily I dug up my stash of old floppy disks and was able to hunt down an external (USB) floppy Drive that the new PC detects. I still have some old decaying Win 98 install floppies In my stash so I copied one and amended it to work with the program. So I’m crossing my fingers that I’ll be able to beat the security and I can get back to what I’m paid to do.

Why are PC hardware manufacturers not providing utilities that work under Windows? I would suggest that they should provide a CD image, but how would a user be able to save the settings file to restore on the other system? I guess a network interface would be required?

I’m sure that Apple don’t turn round and ask you to create system 7 images to update their hardware.. when will hardware vendors realise that it’s time to move past DOS. Most people don’t even know what it is/was, or maybe that’s the reason.. To prevent novice users from using what is after all an administrative tool designed for deployment and configuration of PCs?

Anyway it’s been a blast from the past with floppy disks, even an LS120 SuperDisk drive (Immation) which didn’t work. I guess this is the reason that DOS disks are still available for Microsoft’s TechNet downloads (which I don’t presently have a subscription to) , and it has kept me in touch with my past.. even though I prefer to be looking to the future.

HP OfficeJet Pro 8000

From time to time I’m asked to recommend a printer for the different departments within the organisation I work for and recently I have been recommending the HP OfficeJet Pro 8000.

The 8000 is a great printer for general printing, for £50-100 you can get a colour network inkjet printer that’s suitable for a small group of occasional users (up to 10 users) that prints A4.

The printer has separate ink tanks (4) which are accessible from the front of the printer and replaceable print heads (2) which allows for easy replacement of inks as they run out and print heads as they become blocked or near their End of Life.

The print quality and speed are acceptable at 15 pages 1200x1200dpi per minute black and 11 pages 4800x1200dpi per minute for colour (speed calculated using OSI standard).

The printers green credentials are good as it is Energy Star compliant and uses a max of 48w, usually consuming only 25.2w and reducing down to 3w on power saving.

The printer also supports common OSs including Windows XP, Windows 7, Windows Server 2000 – 2008 & Mac OS X 10.4 and up.

For home users or offices that use Wi-Fi, you can purchase the a version of this printer with a Wi-Fi for not a lot more than the normal version.

For larger offices, an Enterprise version of this printer is available. The enterprise version has a memory upgraded from the original 32MB to 256MB and the print speed is improved, presumably because of the memory.

All 3 models come with a 250 sheet input tray and the output tray can hold 50 pages, however users that need an additional input tray then an additional 250 sheet tray is available for all models.

All in all the printers appear to be great for small groups of users or homes that want to share their printer over their home Wi-Fi. I also believe that the price of the ink isn’t to bad either 🙂

UPDATE: The basic 8000 model no longer appears to be available. There also appears to be some issues with these printers.

The enterprise version supports HP Universal Print Driver driver, however the basic model still uses the specific printer driver for that model (note the model number is different for the enterprise and basic model), which adds an additional level of support if you have both installed on your Windows server.

I’ve also had reports that the printer has trouble printing multiple copies of the same document, this could just be an issue with the application that is sending the prints (Office 2000 pro) but the issue appears to affect both basic and enterprise versions [further information to follow].

MacGuard & user permissions

Following on from my recent posting on MacDefender, I noticed the same site had an updated page relating to MacGuard ( for original article see Reed Corner Design [Thomas Reed] http://www.reedcorner.net/news.php/?p=204 )

From the article it appears that MacGuard relies on a similar tactic to install itself on OS X machines as MacDefender, i.e. by Safari automatically starting the installer if “Open ‘safe’ files after downloading” is still ticked in the Safari preferences (see the ‘MacDefender Info’ article in this blog for further details).

The big difference between MacDefender and MacGuard appears to be that if a user has administrator rights then the install will run and the application will install without any prompts. If the user only has user rights then the installer will fail.

In reality, I believe that most home users do not know if they are using their machine as a user or admin, so this could be a risk to home users. For companies that have properly trained IT staff then no one should have admin rights on a Mac unless they are IT staff, but smaller companies may be left at risk.

As usual it appears that the risk is from lack of user awareness, that users need to realise the importance of the different types of account and the risks involved. This issue is one of awareness is not just limited to OS X users but Windows users as I believe that most Windows users are sitting using their Admin accounts in a daily basis. I believe that the industry as a whole need to look at the issues of user account permissions more seriously in the future.