Windows Server Licensing: CALs

I have determined that the licensing scheme for Microsoft's server products is really surprising. By "surprising", I mean that it violates my expectations for how ownership works.

Basically, in addition to the OS license itself, you're supposed to have a Client Access License for every user or device that will be served by that product. These don't appear to be actually enforced by software, but they're needed so you can comply with the Microsoft licensing agreement and not get fined if you get audited.

If you use user CALs, every physical person that is served by the machine needs a CAL. (CALs are assigned to a server.) If you use device CALs, every device needs a CAL. "Device" includes both workstations and network appliances, and DHCP clients!

In summary, it seems that Windows Server can be installed without CALs, but legally, CALs are required.

Unfocusable Windows

I sometimes use an application that owns a window that likes to vanish. The window is never visible in the task bar, so if I accidentally put several other windows over it (or hit Windows+M), it's difficult to find. Normally, Alt+Tab would fix all my problems, but in this case, the window just disappears when I try to Alt+Tab to it. I know it's still there - it's in the Task Manager list, and it stays while I hold Alt+Tab while over the window. It just won't allow itself to be focused.

Not sure what's up with that. I wonder if there's a solution.

How to Install ODBC Drivers Manually

Today I found myself wanting to install some ODBC drivers without installing the whole program responsible for them. Doing it manually isn't too hard:

1. Decide on or find a name for the interface. This is what goes in ODBC connection strings as the Driver parameter. You should probably use the standard driver name for your database product, maybe look at a computer that already has it installed.
2. Open the Registry Editor and navigate to HKLM\SOFTWARE\ODBC\ODBCINST.INI.
3. Under ODBC Drivers, add a new string value named the same as the driver. Set its data to Installed.
4. Create a new key/folder under ODBCINST.INI with the same name as the driver.
5. Create entries named Driver and Setup, both containing the full path to the driver DLL without quotes around it. Some database products may require additional configuration here.
6. If you're on a 64-bit machine and there is a 32-bit version of the driver, repeat steps 3 through 5 for the 32-bit file, in HKLM\SOFTWARE\Wow6432Node\ODBC\ODBCINST.INI.

No reboot required.

The Invisible Windows Defender Icon

After some Windows update a few months ago, the icon for Windows Defender turned completely white. It's not following the style of the network connectivity and volume control icons; it's just a white outline of what it used to be. I only know it's there because there's a conspicuous blank space in my notification overfill area:

What's up with that center area?

Holding my mouse down over it reveals its shape:

It was really hard to press Alt+PtScn while holding the mouse button

It would be nice if the icon was either visible or not there.

(For the curious: the icon in the upper-right is Folding@home, the one at the bottom is f.lux, and the one in the bottom-right is the Adobe Application Updater.)

Chrome Surprise: Zoom Settings are Remembered by Domain

I just now investigated an interesting phenomenon. Opening an image in a new tab in Google Chrome from my web e-mail interface and then zooming it resulted in the main mail tab also being zoomed when I went back to it. I also have noticed the zoom level changing while the web app loads (i.e. when I log in). That's kind of strange, but there is a reasonable explanation.

It appears that Google Chrome stores zoom levels based on the page's domain (the part between the protocol and the slash after the TLD), not the URL or tab. The image I opened was hosted on the same site as the web app, so zooming it changed my zoom level for the entire domain. The log-in screen redirects me through a couple pages on different subdomains, so different stored zoom levels came into play.

When Faint Squares Appear Around Desktop Icons

For the past few weeks, I have been seeing faint gray squares around some (not all) of my desktop icons.

Prism, WavePad, and OBS have the square, but the others don't

I researched the issue, and apparently the squares surround icons that didn't get resized. Resized? The issue appears when the icon size on the desktop is changed to something non-even by holding the Control key and scrolling the mouse wheel. I'm not sure what causes some icons to resize and some not.

The standard size can be restored by choosing an icon size under "View" in the desktop's context menu.

ActiveNav Update Plan

Despite having written several articles about it, I have still not released ActiveNav. That's because I don't feel that it's ready for serious use. I have been collecting things that need to be done before it is releasable, and here are some of the more easily definable ones that I frequently find myself wanting:

• Change bind to automatically find a destination server and domain name if none are specified.
• Allow binding to the Configuration and other non-primary Active Directory partitions.
• Add useful in-program help for commands like find that have many subcommands.
• Add support for invoking Active Directory actions (like SetPassword) on objects.
• Make ce forgiving of case-sensitivity errors.

I would have some "writing" updates on the list, but expanding the scope from just reading will be a very big job.

Idea: "Hide" for Network Adapters

I have a couple virtualization solutions installed on my machine, so I have lots of virtual network adapters. In fact, I have no fewer than six Ethernet adapters, five of which are virtual and almost never used. The last seems to be my actual network adapter, plus stuff from Hyper-V; it's a virtual switch.

Anyway, when I want to look at my network usage in Task Manager, it's kind of difficult:

Wouldn't it be great if I could hide or at least rename some of these? I understand that the possibility of hidden network adapters throws the door wide open for suspicious activity, but maybe a "Show all" link in the Task Manager UI could help with that; programs using the normal enumeration API would still see the full list.

Misplaced Underlining in Image Links

I have noticed this small issue on two major sites now, one of which is Blogger. These sites are styled in such a way that links do not have underlines unless the mouse is over them. When I mouse over a link element that contains an image, an underline appears only under text, which in this case is a single space, so the result is a bizarre extra line segment. In this picture, my mouse is over the blue creature:

There are two simple solutions I can think of for this problem:

1. Remove the space character and create padding some other way
2. Use CSS to remove hover underlining for the link containing the picture

Checking for the Presence of an Active Directory Attribute with ActiveNav

There are many Active Directory attributes that aren't present for every record of a certain type. For instance, I recently wanted to see how many users in an OU had a home directory mapped, so I needed to check each entry for the presence of a homeDirectory attribute. That can be accomplished with ActiveNav in two ways, both of which use the find command:

1. find filter attribute like * finds all entries that have the attribute containing any value.
2. find sort attribute str sorts the list of entries by the attribute, which has the side effect of removing entries that don't have the attribute from the result set.

I tested these on string values, but I'm not sure whether they'll work for System.__ComObject values.

Active Directory Surprise: logonCount Attribute Isn't Replicated

Today while curiously browsing around an Active Directory environment with ActiveNav, I noticed that all the logonCount values were way lower than they should have been. That user attribute should keep a tally of how many times the person has logged onto any workstation. I soon realized that I had connected ActiveNav to a relatively new domain controller. Since that controller hadn't been online as long as the other, not nearly as many logons had been checked against it. The logonCount attribute is not replicated between domain controllers, so each controller keeps its own copy; therefore, there is no way to get an authoritative answer for the number of a user's logons from just one query.

Troubleshooting Xamarin Deployment to Android Devices

I tend to experience bizarre issues with widely used programs, and my interactions with Xamarin (a toolkit for building mobile apps with .NET and Visual Studio) did not buck the trend.

First, I received an error indicating that no project was set to deploy. That was solved by opening the solution's properties and checking the "Deploy" box under the appropriate project in the Configuration section.

Then, there were errors in the deployment stage, something about being unable to deploy the previous version. Apparently, I didn't have any virtual devices set up as deployment targets. The emulator manager (AVD) wouldn't even open; a console window appeared, scrolled through a whole lot of messages, and vanished. To correct that, I had to launch Xamarin Studio (not Visual Studio) or Android Studio to get the targets set up. I could then launch the AVD to add an emulator.

Finally, I had problems getting the remote debugger for my real phone to work. It turns out that since I installed the Android ADB drivers on my computer while the phone was plugged in, I needed to purge the authorization list in the phone's developer tools and reconnect it to get the "do you want to trust this machine" dialog.

When VirtualBox Doesn't Show 64-bit OS Options

VirtualBox (and VMware Player, for that matter) have a dropdown for the OS of the virtual machine. Sometimes, 64-bit options don't appear. That usually happens for one of two major reasons:

1. Hardware virtualization is not enabled, and it's required for 64-bit virtual machines. Check your BIOS and enable Intel VT-x or the AMD equivalent.
2. Another application is holding exclusive control of hardware virtualization. That other program is usually another hypervisor, but I've heard that some antivirus solutions do this. The most likely culprit for Windows hosts is Hyper-V, which runs all the time as a system service if you have it installed. Uninstall it or stop the service to use a different hypervisor.

Position of Newly Installed Windows 8 Program Tiles

It would be really nice if the Start screen tiles for newly installed programs in Windows 8 were arranged in an intuitive fashion. Currently, there is no pattern that I can discern:

My Start screen (or part of it)

I don't remember ever explicitly pinning anything to my Start screen, though I may have unpinned some bothersome default apps (creating the blank space under Access). All the programs I've installed have been jumbled into various groups, apparently without regard for publisher, type, name, or even color. That just clutters up the first picture of my computing experience^TM.

Actually, it would be even better if every new program shortcut was left down in the "all apps" section so I alone would be responsible for the arrangement of my Start screen. (It belongs to me, after all.)

Even so, I should organize my Start screen.

My Linux Saga: A Drama in Four Acts

A couple days ago, I figured I would give Linux a go. Several people I know love the whole open-source philosophy and therefore Linux, but I was primarily interested in producing a set of steps with which Abiathar can be installed on a Linux machine. Prior to this experience, I had used Linux about five times, and never in a serious capacity.

I tell the story in present tense for dramatic effect.

Act I: Hardware

I happen to have an Ubuntu GNOME 14.04 installation ISO laying around my drive for some reason, so I'll go with that. I'm not super interested in blowing away any real machines for this experiment, so virtualization it is. I've had success with VirtualBox, so we'll start with that. I create a new VM, give it 2GB of RAM, a single CPU, a 30GB SATA hard drive, and a DVD drive for the ISO. 

I turn it on and a purple-ish screen appears with a little keyboard and a person-looking logo thing at the bottom. Keyboard equals happy man? I think I'll start with the GUI, thanks, so I press nothing. A text screen appears with some dots that animate between blue and white. I wait a while and am rewarded for my patience with an error message about intel_rapl.

Welcome to Linux?

I wait a couple seconds, try pressing some buttons, try Ctrl+Alt+Delete, and nothing happens. I try a reset and get the same thing.

Fast-forward through thirty minutes of fiddling with hardware settings in VirtualBox, most of which either produced the same error or something else that sounds bad. I also try upgrading VirtualBox to the newest version, which gives me more buttons to press, but none of them help. So I abandon VirtualBox and try Microsoft Hyper-V, which I have used successfully exactly once. Does Hyper-V even work with non-Windows OSes? Beats me.

This should be good.

I create a new VM with similar specs. There doesn't appear to be a way to insert a SATA controller in Generation 1 Hyper-V machines, so IDE it is. I start the VM, connect to it with the Virtual Machine Connection, and receive the same error. Huh. Some Googling told me that the message is actually non-obstructive (read: spurious) despite how scary it looks. Perhaps VirtualBox would have worked after all. Oh well, we're with Hyper-V now.

After waiting several minutes, I receive a textured background and a setup utility-ish UI thing that tells me I should have an Internet connection for best results. Whoops, I forgot to install a network adapter. So I do that, and reboot the VM.

Act II: Setup

Both recommendation lights are green in the setup-starting dialog. Let's do this!

Setup asks me for a username, a password, and a computer name. Interestingly, after I fill in my username, it appends "-Virtual-Machine" to it for the computer name. I change the name to something more creative, like linuxvm. It thinks my password is weak, but I don't care, and it seems to be OK with that.

There is then a checkbox that allows the installation of proprietary components (some media player or codec or something). It is cleared by default. Heaven forfend there be non-open-source software on my machine! I check the box. Viva closed-source.

I start the installation. A progress bar dialog appears, spewing a bunch of piped text into the details box that I expanded for curiosity's sake. Hard drive activity is solid for quite a few minutes, and eventually I am presented with a logon screen. I type my password, press Enter, and receive what I believe to be a desktop. It is blank save for a black menu-bar thing at the top (which contains a single full word, "Activities") and a neat background in the main area.

Act III: Upgrades

At this point I am still feeling good about achieving my goal of running .NET software on Linux. The only thing I know is that sudo apt-get installs stuff, but I'm sure Google will help me figure out what stuff I need to install and what other line noise I need to put on a command line. Before I do that, though, I download the .NET software I would like to run and try double-clicking it for laughs. As expected, it doesn't work - Archive Manager attempts to open it, but fails, which makes sense considering that EXEs aren't archives.

Sometime during that experiment a Software Updater message made an appearance, so I figure I might as well make sure I'm running the most up-to-date version of everything before I begin in earnest. I press the Update button, and it prompts me for my password. I provide it, but I have no idea how to verify whether the prompt is legit. Good thing I'm not running any unvetted software yet.

Another progress bar appears, so I wait a while, then get some water, and when I come back the desktop has locked itself. Security is nice. I am pleased. I enter my password and press Enter to unlock. The UI clears the password box and does nothing else. I am not pleased. I try several more times, and receive nothing but a cleared text field. Deliberately entering the password wrong does produce a suitable message. There's a little link to log in as a different user - there are no other users, unless you count root - which I press. I get a list of users, which contains only me. I click me, and enter my password. It unlocks. Huh.

When the updater is done, Ubuntu tells me I should reboot. (See, even Linux needs to restart after important operations!) I do so using the little power icon in the upper-right of the desktop.

When the system comes back up, I get a kernel panic.

I stress that I have done essentially nothing to my system other than updating, much less anything questionable/unsupported. I haven't even opened Terminal yet! All I did was do what the GUI wanted me to.

I Google up some instructions to fix this. There is a boot menu that appears before GNOME (the desktop, I suppose) that contains an entry with "advanced options." The resulting advanced menu lets me boot from the old version. Neat! Everything is good.

While I was waiting for the Software Updater, I discovered on the Internet that there is a new Ubuntu version, Ubuntu 15. I figure now is a good a time as ever to upgrade to that, hopefully skipping all incremental "updates." Following some instructions, I change a line in a config file using an elevated (sudo'd) instance of gedit and then run a command to do the update. A bunch of stuff downloads and lots of text comes flying down the terminal.

In the middle of all that, a message box appears informing me that do-release-upgrade has encountered a problem and needs to close. I choose to send the error report, and it sends, but the text spew continues, as does hard drive activity. I let it run to completion, at which point it tells me that some errors occurred during the upgrade, but it seems that the errors only have to do with fontconfig, which can't be too critical, right?

I use the GUI to restart, but the system hangs in text mode at "Waiting for processes to terminate." I wait a good long while, but it stays there, with 0% CPU utilization (as reported by Hyper-V) and no visible disk usage. I cut the virtual power.

When the system comes back up, I get another kernel panic. I try the old version. Kernel panic. I try the recovery mode. Kernel panic. I give up and erase the virtual hard drive.

Act IV: Fresh start

Maybe things will work better if I'm on version 15 from the start. I download an ISO from the Ubuntu web site and put it in Hyper-V in a machine with the same specs. The purple screen and intel_rapl message appear again, followed by a black screen with a flashing text-mode cursor. Not good.

I reset. Wanting to be a happy man, I use my keyboard when indicated and fiddle around with some advanced settings in accordance with some other instructions I found somewhere. The black screen continues no matter what settings I choose or how long I wait. I am not a happy man, and my keyboard does nothing helpful.

I try the same in VirtualBox and experience the same failure.

Epilogue

I give up.

I tried, I really did. I wanted to like Linux, but I can't like something that I just can't make work. Maybe I picked a bad distro. Maybe there's something up with these hypervisors. Who knows.

Windows it is. 

Tips for Running Ubuntu Linux Under Hyper-V

Just today I got an Ubuntu installation running under Microsoft Hyper-V, and along the way I discovered some tips that may be helpful to others:

• The VM, for easiest setup, should be Generation 1. (This option only appears on the Windows 8 or newer edition of Hyper-V. Don't worry about it if you don't see anything about generations.)
• The hard drive image should be presented to the VM as a SATA or IDE drive. Bizarre error messages will result if you try to present it as SCSI.
• There will be error-looking messages about intel_rapl, both in setup and during normal boot. They appear to not matter. Just wait while the message is on the screen during setup; the process will continue normally.
• If there's a kernel panic, the Caps Lock and Scroll Lock lights will blink rapidly and will not return to their original states even after you click out of the Hyper-V Virtual Machine Connection window.
• There are Integration Services for several Linux distributions, including Ubuntu, which allow dynamic resizing of the view window, among other things.

VirtualBox Strangeness: Touchpad Click Doesn't Always Count

I have yet to upgrade to VirtualBox 5, so this issue may actually be resolved.

I noticed while working with VirtualBox that the manager program's UI doesn't always respond correctly to clicks that I make by pressing down with my stylus onto the touchpad. For instance, clicking on the Settings button in the toolbar makes the button look pressed-in, but nothing actually happens unless I click by pressing the dedicated "click" button on the touchpad.

Also, clicking on the X button on the "there's a new version available" message box does the standard press animation, but the box doesn't close unless I click OK. Huh.

Preempting CryptoWall with Group Policy Software Restriction Policies

The famous ransomware trojan known as CryptoWall does its work by downloading a malicious EXE to the user's temp directory and then running it from there. It doesn't make sense for any legitimate program to be executing from the Temp directory, so we might as well remove that option outright.

That can be accomplished with Group Policy, Software Restriction Policies specifically. Those are under Security Settings, which is accessible in MMC at secpol.msc. You might need to use the "Add Software Restriction Policies" entry on the context menu before the folder can be expanded. When that's done, create a New Path Rule under Additional Rules. Enter %TEMP% as the path and set the security level to Disallowed.

Danger: it's possible to cause great inconvenience with these policies. I am not responsible for anything you mess up. Be careful.

False Traffic Sources

When I look at the Blogger statistics page for this site, I see a lot of traffic (i.e. referring URLs) from web pages that don't contain any links to my site. One of the two major "sources" is a shady-sounding web site and the other is an app page on Google Play.

My guess is that the owners of those pages are trying to drive traffic there by requesting lots of pages from my site and specifying a fake Referer [sic] URL. Maybe they're hoping I'll see it in the top traffic sources list, click it, and be interested? Seems like a lot of work for just a few potential converts.

Android Studio Installer Exit Code 1223

I am currently trying to deploy Android Studio to several Windows machines with an unattended installation, but the installer (which is an EXE, not an MSI) sometimes exits with code 1223. When that happens, shortcuts aren't created on the desktop or in the Start menu, but the files are placed in a Program Files directory and work correctly. Some research suggests that this exit code occurs with unattended (/S) installs only.

I have noticed - but not confirmed - a correlation between the ACLs on the directory containing the installer and the exit code. When normal users are not allowed to read the installer, even if the install program is run as an administrator or the system, the exit code sometimes happens. I have not seen it happen when everyone has read access to the directory. Further study may confirm or deny this hypothesis.

Connecting Hyper-V Guests to the Network

Today I set up Hyper-V (Microsoft's virtualization technology) for the first time. It was very easy for the most part; the only strange thing was the connection of the VM to the network. The Network Adapter dropdown only contained "Not Connected", so I was uncertain as to how to allow the VM to see the real network.

Apparently, a virtual network has to be created before a VM can be connected. That can be accomplished by opening the Virtual Network Manager (if you're running Windows Server 2008 or 2008 R2) or the Virtual Switch Manager (if you're on anything newer). That entry can be found in the Actions pane of the Hyper-V Manager snap-in for MMC.

To create the virtual network/switch, select the desired type ("External" allows connections to the real network) and press the Create button. Set the name if desired, and OK out of the network window. The network/switch now appears in the Network Connections dropdown.

It would be nice if Hyper-V included an external network/switch by default to minimize confusion. At least the connection bridge works with a minimum of fuss - that feature has given me trouble in both VirtualBox and VMware Player.

Removing "Windows protected your PC" Messages

Many major browsers produce warnings when downloading rarely-seen files. Attempting to run those files results in the appearance of a "Windows protected your PC" message and no execution of the actual program. These messages can be very annoying, especially when it is known that the file is benign yet rare.

The unsafeness of files is remembered in an NTFS Alternate Data Stream. When the Windows ZIP extractor decompresses an archive, it replicates that tag to all the output files. The tag can be removed in one of two ways:

• Open the Properties sheet of a downloaded file (before decompressing it if it's a ZIP) and press Unblock near the bottom
• Download the Sysinternals Streams utility and run it with "-d" followed by a wildcard mask of files from which to purge ADS's

Files without the Zone.Identifier tag are much less likely to arouse SmartScreen's suspicion.

Identifying the Source of an Untitled Window

Sometimes, bothersome windows may appear without any indication as to what program created them. The best way to find such windows' source is to identify the process that owns it, and then figure out what product the process belongs to. My preferred procedure:

1. Download Sysinternals Process Explorer
2. Run the program and accept the EULA
3. Drag from the "Find Window's Process" icon (looks like a target) on the toolbar to the mystery window
4. Look at the application name and company name columns for the newly selected row, which is the process that owns the window
5. If those data aren't helpful enough, Google the process name

This also works for windows that don't even have title bars, like those that are just gray rectangular regions. If you want to poke harder at mystery windows, try Spy++, which comes with Visual Studio.

Inspired by this Super User question and my answer there.

When Thief (FICS Client) Won't Change Piece Sets

I recently experienced a strange problem with the FICS online chess client called Thief. It refused to change its piece set to anything but the first four, which were all vector-based. Some inspection of the "THIEF" folder in Documents revealed that the folder that should contain bitmap-based piece sets was completely empty.

It appears that the Thief installer is designed for single-user systems, and doesn't play well with over-the-shoulder elevation (i.e. situations where an administrative user types a password so the program starts as the admin on the original user's desktop). Though Thief places some files in its Program Files subdirectory, the majority of its data goes in per-user locations like Documents, and apparently it gets confused when the shell is running under a different user as the installer, and so doesn't place the bitmap graphics in the right folder.

The solution is to temporarily make the main user of Thief an administrator and run the installer as the same user who is logged on.