To register the RTSP protocol with Internet Explorer you need to register it with the operating system. This is easily achieved thru a registry edit, however this article explains it all http://msdn.microsoft.com/en-us/library/Aa767914.aspx. So once you register the RTSP with the .reg file below just close Internet Explorer and open it back up. VLC will prompt you with a warning, if at this point it doesn’t show video; open TCP port 554 in your firewall outbound. If you do not have outbound restrictions, like in the case of 99% of home users; it either a bad feed or upgrade your VLC to the latest version.

Firefox will also see the registry change and when a user clicks the link; Firefox will prompt them with an application dialog box then open it in VLC Player. Just check the box to always open without prompting and it’ll work every time!

This fix will be valid for all users of the computer. I’m pretty sure you can register it under HKEY_CURRENT_USER on XP and above; to make the change for only that users.

RTSP registry edit file:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\RTSP]
@="URL:Real Time Streaming Protocol"
"URL Protocol"=""

[HKEY_CLASSES_ROOT\RTSP\shell]

[HKEY_CLASSES_ROOT\RTSP\shell\open]

[HKEY_CLASSES_ROOT\RTSP\shell\open\command]
@="C:\\Program Files (x86)\\VideoLAN\\VLC\\vlc.exe -vvv %1"

Copy the text above into a file of RTSP.reg and double click it to merge it into the registry.

Note: You may have to change the path where your VLC lives.

To change the label of a fixed drive with removable storage (CDROM/DVDROM/DVD-RW), you need to perform a registry edit. Follow the steps below to create custom label so when you open “My Computer” or “Computer” (depending on OS version) you see the custom label. The steps below are for Windows 7, but should also work for Windows Vista, Windows XP and Windows 2000.

1. In the run/search box type “regedit”. Find the icon for regedit.exe above and right click on it and choose “Run as administrator”. Answer the UAC prompt and click OK.
2. Find the registry key of “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons”.
3. Right click on the “DriveIcons” key and select “New -> Key” then name the key the drive letter you want to label (i.e. Drive F create the key as F).
4. Right click on the drive letter and select “New -> Key” then name the key “DefaultLabel” (case sensitive).
5. To the right on the result pane of the registry editor, double click the “(Default)” REG_SZ and change the “Value data:” to the label you want to show under My Computer.
6. Logoff and/or reboot.

Note: You can also do the same last three steps to change the Icon that shows in My Computer, create a “DefaultIcon” key. Change the “(Default)” key to the path of the icon to change the icon.

I work for a school that requires all users that start Microstation up for the first time to have the same preferences. Coupled with a Mandatory profile; all students have a “first run” experience and class goes easier. So when I called into Bentley I found out that everything is classified into “Configuration” and “Preferences”. Configuration can be changed, but preferences are a lot tougher.

In short: anything in the GUI is a preference and therefore cannot be set in the configuration files call UCF files of CFG files. The preferences are stored in a UPF file that is created in “AppData\Local” on a Windows 7 (Local Settings on Windows XP). This file is created from an installer that Microstation runs upon first run by the user. To make it worse the folder is created with a unique string that is different every time and the UPF is not text editable like the CFG files.

However you can make all users receive a seed of preferences, so that you can achieve the desired effect.

To make all first time users receive the same preferences you can:

Part 1 – Create the preference file

1. Delete your %userprofile%\AppData\Local\Bentley. Make sure you do not have Microstation running.
2. Start Microstation and create a brand new file using the seed file you want to change preferences for.
3. Make all of the GUI changes in the menus. My users wanted “enable fence create” and a few others.
4. Close Microstation.

Part 2 – Set the preference file as the seed

1. Go to “%userprofile%\AppData\Local\Bentley\MicroStation\8.11\y5211223adfsdasfsafa\prefs and copy the untitled.upf to C:\ProgramData\Bentley Multi-Install\MicroStation\WorkSpace\Standards\seed”
2. Rename the file to “default.spf”
3. Go to “C:\ProgramData\Bentley Multi-Install\MicroStation\WorkSpace\Standards” basically up a directory and open the “standards.cfg” file in notepad.
4. Put this line into the file under the MS_SYMBRSRC line “MS_USERPREFSEED = $(_USTN_SITE)seed/default.spf”
5. Save it and test.

The next user that logs on without a “Bentley” folder in AppData\Local will inherit all preferences from the default.spf file since the standards.cfg file is now pointing to it. It is all possible to point that variable of MS_USERPREFSEED to a network share, so all new users pull the preferences from a network location; so that global changes are easier. I have not tested that, so please comment if it works.

The Fonts directory is located in the Windows directory and if a normal user wants to install Fonts; they cannot. If a normal users tries to install a font they are prompted with the UAC (User Account Control) dialog box and Administrator credentials are required. If you work for a school or a print shop and do not want to give out Administrator credentials to install fonts read on.

The following steps will loosen up security in your operating system, so that normal users can install fonts without administrative credentials and the UAC prompt. This modification has been tested on Windows 7; however it should also work on Windows Vista as well. Please be careful when making changes that could open security holes. As of the writing of this article there are no security holes, but be vigilant and read Microsoft Security Bulletins in the future.

Log on as an administrator to make the following changes!

First we need to make the folder writable and make it a non-system folder.

attrib -r -s c:\Windows\Fonts

Next we need to take ownership. The /f directs it to the folder of c:\Windows\Fonts the /r directs it to recurse and the /d n is default answer is no or skip.

takeown /f c:\Windows\Fonts /r /d n

Now let’s give the users permission.

cacls c:\Windows\Fonts /e /t /g users:c

There is also a font cache that allows programs to display a preview of the fonts; this needs softened up as well for the user.

cacls c:\Windows\System32\FNTCACHE.DAT /e /t /g users:c

Note: you will receive an Access is denied message, this is normal; just make sure users have change security permissions.

The last thing to do is give users permissions to register fonts with Windows 7 in the registry. Use regedit and give users modify permissions to the following key in the registry.

HKLM\Software\Microsoft\Windows NT\Current Version\Fonts

See diagram:

That’s it you done… Log out and test as a normal / non-administrator by right clicking the font and selecting “Install” from the context menu.

Strictly speaking of the Windows 2008 / R2 operating system; the firewall is on by default and until you add a role, it is blocking everything inbound. By default it does not block any outbound traffic, but can be configured to do so. Since the server blocks everything inbound by default including PING, people often turn off the firewall in hopes to gain some control. This is not something you want to do, the firewall helps to lower your surface area of attack. In production environments I have network DVRs, domain controllers and file servers with the firewall on and all are working fine.

However if you try to connect to the server remotely with you computer management tools like event viewer, device manager, services or local users and groups: you’ll receive and error stating the RPC service is unavailable. One such error I received was “Event Viewer cannot connect to computer ‘server’. The Error reported is: The RPC server is unavailable.” Even after a role is configured the RPC server is blocking inbound requests to management interfaces in the Windows Server 2008 OS; this is normal and expected behavior. The inbound requests are to something called an end-point mapper, which is run within an svchost process.

To fix the problem:

1.       Open “Windows Firewall with Advanced Security” from the run/search box.

2.       Click on “Inbound Rules” in the tree.

3.       In the results panel find “Remote Administration (RPC)”, right click on it and select “Enable Rule”.

After some research I found a TechNet Article http://technet.microsoft.com/en-us/library/cc794902%28WS.10%29.aspx that explained the motivation behind this. Basically when Internet Explorer starts up, it starts with the default of “Automatically detect settings” checked in the “Local Area Network (LAN) Settings” dialog box in Internet Explorer Options. So every time it starts it queries for wpad.FQDN and if it resolves it then grabs the wpad.dat. When your client boots up and the DHCP will configure option 15 for the domain name it appends this to the wpad. An example: if you machine boots up and retrieves option 15 as contoso.com. Then IE will try to retrieve http://wpad.contoso.com/wpad.dat.

Now let me explain why: Microsoft uses dynamic updates in DNS. Since most people do not use wpad entries; it introduces an attack vector. A malicious user would name their client “wpad” and serve a wpad.dat file from the host of their web server. When their client boots up it will try to register itself as “wpad.contoso.com” and now potentially all of your clients are proxy-ed thru a malicious host.

Microsoft closed the hole by automatically denying resolution of wpad.FQDN entries in the “Global Query Block List”. Which regardless of which zones you host on Microsoft DNS servers it will deny resolution of the wpad.

To fix this you will need to run the commands below against each of your DNS servers:

To see the “Global Query Block List”

dnscmd [<ServerName>] /info /globalqueryblocklist

example:
dnscmd 192.168.1.1 /info /globalqueryblocklist

To fix the problem in the “Global Query Block List”

dnscmd [<ServerName>] /config /globalqueryblocklist [<name> [<name>]...]

example:
dnscmd 192.168.1.1 /config /globalqueryblocklist isatap

One such problem was called “DNS Islanding” detailed in Microsoft Knowledge Base article KB275278. The problem exists if you point a Windows 2000 DC/DNS or Windows 2003 DC/DNS to itself and change it’s IP address. It will update the DNS zone it is in, however other DC/DNS unit will not update because the IP has changed and they don’t know where to contact it at; thus islanding the DC/DNS unit.

After spending much time on Microsoft’s TechNet Site I found the answer and best practice. Although the problem existed in Windows 2000 and Windows 2003; it has been corrected in Windows 2003 R2. Windows 2003 R2, Windows 2008, Windows 2008 R2 will change it’s host record on a sufficient number of DNS servers before it changes it’s own DNS server’s host record for itself. This fixes the DNS islanding problem that existed in earlier version of Windows Server. This was found in a blog post on Microsoft’s site by “jdphilli” on March 25^th 2008, however no KB article or TechNet article was found.

I also found the best practice for Domain Controller DNS client settings in Windows 2008 / R2. It is best practice to point the client settings for the primary DNS to itself. The secondary DNS server should be pointed to another DC/DNS server (preferably the PDC emulator) and then any other DC/DNS servers in the site.

The following process will automate the sysprep so next reboot it will only ask for computer name. Some assumptions during this article are: you are creating an English/US install, you are using a KMS server and your timezone is EDT.

Step 1. – Download and install the latest WAIK from http://downloads.microsoft.com, the WAIK should support Windows 7 and 2008 R2 (check the date).

Step 2. – Get your media that you have installed with and mount it in the DVD-ROM or via and ISO mounting utility; if it is only and ISO. You will need to allow Windows SIM to access the install.wim in the next step.

Step 3. – Start Windows SIM and right click on “Select a Windows Image or Catalog” and find the “install.wim” in the sources directory on the media. In this tutorial I used x64 (amd64) media, this also works for x86 media; using the same steps.

Step 4. – Now we need an answer file, so right click on “Create or open an answer file” and select “New Answer File”

Step 5. – On the left hand side open the “Components” folder and find “Microsoft-Windows-International-Core”, right click and select “Add Settings to Pass 7 oobeSystem”. It will be added to the answer file in the center.

Step 6. – Fill in the settings for InputLocale thru UserLocale in the properties pane; I used en-US for English language and United States locale. The “en-US” is defined in the RFC4646 actually two standards put together: the ISO 639-1 code for known languages and the ISO 3166-1 code for assigned country codes. Microsoft has an article of supported RFC4646 locales called the LCID reference http://msdn.microsoft.com/en-us/library/cc233965%28v=PROT.10%29.aspx

Step 7. – On the left hand side under the “Components” folder and find “Microsoft-Windows-Shell-Setup_6.1.xxxxx”, right click and select “Add Settings to Pass 7 oobeSystem”. It will be added to the answer file in the center. Click on the Shell-Setup in the answer file section and fill in the TimeZone under properties. A list of these time zones can be found here http://technet.microsoft.com/en-us/library/cc749073%28WS.10%29.aspx.

Step 8. – Open the “Microsoft-Windows-Shell-Setup” folder in the answer file and find OOBE and click on it. In the properties page set “HideEULAPage” to true and Network Location to Work, Public or Home. The “ProtectYourPC” property can be set to: 1 for recommended protection, 2 for updates only and 3 for automatic protection to be disabled. These all related to the Windows Update protection. http://technet.microsoft.com/en-us/library/cc749278%28WS.10%29.aspx

Step 9. – We need to setup the first administrator account since Windows 7’s administrator account is disabled by default. Further down under “Microsoft-Windows-Shell-Setup” click on “UserAccounts” then right click on “LocalAccounts” and select “Insert New LocalAccount”.

Step 10. – In the properties of the local account on the right side; fill out Description, DisplayName and Name. The Group must be “administrators”, so that you can locally administrate the computer (i.e. login local).

Step 11. – Click on “Password” under the “LocalAccount[Name=”username”] and in the properties pane set the password for the account. The password will be saved in the XML file however it will be encrypted (the encryption used is unspecified in Microsoft’s documentation).

Step 12. – On the left hand side under the “Components” folder and find “Microsoft-Windows-Shell-Setup_6.1.xxxxx”, right click and select “Add Settings to Pass 4 specialize”. It will be added to the answer file in the center; respectively under “4 Specialize”. Click on the Shell-Setup in the answer file section and fill in the “ProductKey” with the default KMS key found here http://technet.microsoft.com/en-us/library/ff793406.aspx. These product keys will not activate via Microsoft (retail), instead they are dummy keys for a Key Management Server to activate. The product key I used was for Windows 7 Enterprise “33PXH-7Y6KF-2VJC9-XBBR8-HVTHH”. Setting this will skip the activation question during setup, but make sure you have a KMS server running. Also make sure you have met the 25 client threshold or the KMS will not activate any of the clients. http://technet.microsoft.com/en-us/library/ff793434.aspx

Step 13. – Right click on the answer file and choose “Close Answer File” when prompted save it as “unattend.xml”.

Step 14. – Copy the unattend.xml into “C:\windows\system32\sysprep” folder and create a startprep.cmd file containing the code below. The startprep.cmd file is not totally necessary, however I find it is best consistency; so the next time you do this you have the command at hand. You could just type the command into a CMD prompt.

startprep.cmd

@echo off
cd c:\windows\system32\sysprep sysprep /oobe /generalize /unattend:c:\windows\system32\sysprep\unattend.xml

Step 15. – Run the startprep.cmd and the system will sysprep revert its specialized settings and drivers and shutdown. Create an image of the workstation using your favorite image software and distribute the image to other workstations. When they restart the unattend.xml file will be run along with sysprep and you will only be prompted for computer name.

example unattend.xml

<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="oobeSystem">
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>en-US</InputLocale>
<SystemLocale>en-US</SystemLocale>
<UILanguage>en-US</UILanguage>
<UILanguageFallback>en-US</UILanguageFallback>
<UserLocale>en-US</UserLocale>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<OOBE>
<HideEULAPage>true</HideEULAPage>
<NetworkLocation>Work</NetworkLocation>
<ProtectYourPC>1</ProtectYourPC>
</OOBE>
<UserAccounts>
<LocalAccounts>
<LocalAccount wcm:action="add">
<Password>
<Value>cABhAHMAcwB3AG8AcgBkAFAAYQBzAHMAdwBvAHIAZAA=</Value>
<PlainText>false</PlainText>
</Password>
<Description>First Admin User</Description>
<DisplayName>User</DisplayName>
<Group>administrators</Group>
<Name>User</Name>
</LocalAccount>
</LocalAccounts>
</UserAccounts>
<TimeZone>Eastern Standard Time</TimeZone>
</component>
</settings>
<settings pass="specialize">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ProductKey>33PXH-7Y6KF-2VJC9-XBBR8-HVTHH</ProductKey>
</component>
</settings>
<cpi:offlineImage cpi:source="wim:h:/sources/install.wim#Windows 7 ENTERPRISE" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>

In Windows XP and Windows 2003 this was done via the command proxycfg.exe. You would simply set and unset the “Local Machine” proxy with the commands:

The old way to set the "Local Machine" proxy:

Proxycfg –p {proxy address:port} {bypass list}

Proxycfg -p "proxy.bohack.com:8180" "<local>;*.bohack.com"

The old way to unset it:

Proxycfg –d

It basically sets the registry value below, to the values you specify in with the proxycfg command.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings

So what happened to the “proxycfg.exe” command? Starting in Vista, Windows Server 2008 and Windows 7 you will no longer find the proxycfg command. It has now been replaced with the “netsh” command. This command can be used either interactively by tying “netsh” and navigating the tree of commands or used in a one line command sequence, like shown below.

The new way to set the "Local Machine" Proxy:

netsh winhttp set proxy {proxy address:port} {bypass list}

netsh winhttp set proxy "proxy.bohack.com:8180" "<local>;*.bohack.com"

The new way to unset it:

netsh winhttp reset proxy

Check the settings with:

netsh winhttp show proxy

The new commands change the same registry value above, the only thing that changed it the command to set and unset the Local Machine proxy. Theoretically you could export out the registry setting and import it onto another machine.

If you are looking for the latest OpenManage software for you servers, the first step is to go to http://support.dell.com and click on “Drivers and Downloads”. Next you will be prompted for the service tag or model of you unit you need to download Open Manage for. You will want to select “Systems Management” and search for “DVD ISO – Dell Systems Management Tools and Documentation”. You will want to select “More Download Options” from the right hand side. This selection might prompt you for the service tag since the OpenManage is model specific; so have the service tag handy.

Here you will find DVD ISO Image files; OM_6.2.0_SMTD_A00.iso.001 and OM_6.2.0_SMTD_A00.iso.002. These files are not ISO files they are actually half of the ISO file. So if you burn the first file you will boot up and be functional until you get to the “Precopy Preparation” where you will hang around 15% or 17%.

In order to fix the problem of OpenManage hanging at the “Precopy Preparation” stage: download both the files 001 and 002. Place them in a folder where you will concatenate them into one file. This process you will find under the instructions, however it is not documented anywhere else on the download page. So you think there are two separate ISO files and burn them only to find the first boots and hangs.

Dell does this to address a browser limitation around downloading large files (see Microsoft KB article 298618: You cannot download files that are 2 GB or larger – http://support.microsoft.com/kb/298618). Dell Systems Management Tools and Documentation DVD is no longer available as a single ISO for web download.

Process:

1. Download the two ISO file segments to an empty folder.
2. Run the command to concatenate them into one file.

copy /b OM_6.2.0_SMTD_A00.iso.001+OM_6.2.0_SMTD_A00.iso.002 OM_620_SMTD_A00.iso

3. Burn the OM_620_SMTD_A00.iso file to DVD.

If you are running Linux the command is:

Linux: cat OM* > OM_620_SMTD_A00.iso