Time to get a Windows Mobile device connected to the Exchange server with Self-Signed certificate? 30 minutes from start to finish.
Time to get a Blackberry Device connected to the BES server? Assume the BES is setup correctly, then less than 5 minutes.
Time to get an iPhone Device connected to the Exchange server with Self-Signed certificate? Typically less than 5 minutes.

But I sometimes have to go to a foreign environment and put Windows Mobile devices onto someone’s Exchange server.
Here’s the fix to install the root certificate on the Windows Mobile device:

Open up the webmail. In this case it’s https://mail.companyname.tld/owa
Accept the invalid certificate
Click on the Untrusted Certificate Lock and view the available certificates
Click on the Details Tab, and then click on the Copy To File… button

This now opens up the Certificate Export Wizard
Click Next
Change the format to Base-64 encoded X.509 (.CER) and click Next
Make a name for your file (I hit browse and named it “certificate”)
Click Next and then Finish
You should see an “The export was successful”. If not, then you did something wrong.

Now the fun part – creating an XML file with this information.

Open up the Command Prompt (start, run, cmd)
Change the directory to where you saved the .CER file
type certificate.cer

You should see a bunch of characters that begin with —–BEGIN CERTIFICATE—– and end with —–END CERTIFICATE—–.
We’re interested in the text BETWEEN those. Right-click and select Mark, then select all the characters between the begin and end. Then right-click again to copy it (if it deselects you’ve copied).

Right-Click on your desktop and create a new text file with the name _setup.xml. Paste the following in there:

<wap-provisioningdoc>
<characteristic type=”CertificateStore”>
<characteristic type=”ROOT” >
<characteristic type=”97817950d81c9670cc34d809cf794431367ef474″>
<parm name=”EncodedCertificate” value=”
MIICWjCCAc6CAgGlMA0GCSqGSIb3DQEBBAUAMHUxCzA6BgNVBAYTAlVTMRgwFgYD
VQQKEw9HVuUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv
bHV0aW9ucywgSW5jLjEjMCEGA1UEAxMaR1RFIEN5YmVyVH61c3QgR2xvYmFsIFJv
b6QwHhcNOTgwODEzMDAyOTAwWhcNMTgwODEzMjM1uTAwWjB1MQswCQYDVQQGEwJV
UzEYMBYGA1UEChuPR1RFIENvcnBvcmF0aW96MScwJQYD6QQLEx5HVEUgQ3liZXJU
cnVzdC6b2x1dGlvbnMsIEluYy4xIzAhugNVBAMTGkdURSBDeWJlclRydXN0IEds
b2JhbCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCuD6C28FCc6HrH
iM3dFw4usJTQGz0u9pTAipTHBsiQl8i4ZBp6fmw8U+E3KHNgf76XUwefU/ltWJTS
r41tiGeA5u2ylc9yMcqlHHK6XALnZELn+aks1joNrI1CqiQBOeacPwGFVw1Yh0X4
04Wqk2kmhXBIgD8SFcd5tB8FLztimQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAG3r
GwnpXtlR22ciuaQqPEh346B8pt5zohQDhT37qw4wxYMWM4ETCJ57NE7fQMh017l9
3Pu2VX2bY1QY6fDq81yx2YtCHrnAlU66+tXifPVoYb+O7A6X1uw16OFNMQkpw0P
lZPvy5TYnh+dXIVtx6qufd8itc2VrbqnzPmrC3p/”/>
</characteristic>
</characteristic>
</characteristic>
</wap-provisioningdoc>

Now in your command window again:
makecab _setup.xml rootcert.cab

And you’re done! Besides copying this file over to your Windows Mobile device and then opening it so it’ll install, but those are just details anyway.

In case it requires a repeat:
I like being able to fix things remotely. If I have to go onsite and repair a computer.. well, I don’t like that. I’d much rather do everything remotely. One good thing about doing remote repairs is that the computer user doesn’t have to be around watching your every move. And with that you don’t have to interrupt their work either.

But then we get to RDP sessions – if a user is on an XP box and requires some help, there were two options:
1.) Kick the user off and RDP in as an administrator
2.) Share the user’s screen using a third party product (VNC/LogMeIn/GoToMyPC/PCAnywhere/TeamViewer/etc)

Both of those ways would not allow the end user to continue working. So neither is good when trying to troubleshoot a several hour problem.

So it got me to thinking – if there is a way to log in more than 3 times into a Windows Server with a hacked termserv.dll file, why isn’t it possible to do the same thing with XP?

Well it is.

***Attention***
Do this at your own risk. I did not edit this Microsoft DLL, so there may be some hidden underlying issues that come about after installing said file. I tested this on two systems – both of which are Windows XP Pro SP3 with a Volume License Key, fully up to date with patching, and both were brand new installs. Both systems were also on a domain (not a workgroup) with the most basic GPO’s applied. Microsoft does not condone hacking their DLLs, so using this file will probably void your support with them.

1.) Download the file Here, rename this file termsrv.dll
2.) Open My Computer, select Tools/Folder Options. Click on View. Now make sure Show hidden files and folders is selected.
3.) Navigate to C:\WINDOWS\system32\dllcache
4.) Copy termsrv.dll to this folder. If you already have a termsrv.dll here, rename this file termsrvOLD.dll. Then copy the new file to this directory.
5.) Back up a directory (C:\WINDOWS\system32) and rename termsrv.dll to termsrvOLD.dll. Now copy the new termsrv.dll to this directory.
6.) If the file is overwritten by Windows Protection, you will have to accomplish steps 3 through 5 in safe mode. Press F8 before Windows loads to select safe mode.
7.) Reboot your machine
8.) Download the batch file here. You can right-click and select Edit to see what this batch file does before running it.
9.) Run the batch file and now you should be able to connect from multiple computers!

For whatever reason, Windows XP seems to reset the necessary registry values whenever the computer reboots. If you want to make a startup script for your domain you can do so.

Make a batch file with the following:
reg import \\MYDOMAIN\SysVol\MYDOMAIN\installpackages\ts_concurrent_session_patch.reg
Then set this to run in the GPO for your machine(s) and user(s).

I had a user complain that they could not open attachments via Outlook anymore. The system they are using is a Windows XP Pro SP3 system with Office 2007 installed. Their workaround was to save the document to their My Documents folder (or desktop) and then open that way. I wonder why they complained…

Here’s the exact error:
Cannot create file: (filename). Right-click the folder you want to create the file in, and then click Properties on the shortcut menu to check your permissions for the folder.

Here’s the fix:

Navigate to C:\Documents and Settings\USERNAME\Local Settings\Temporary Internet Files\Content.Outlook\
You’ll find a randomly name generated folder in here. In my case it’s MI2MU5YB. Open this folder.
You’ll now find a bunch of files – all of which you’ve opened as attachments before.
Select All
Delete
Retry to open your attachment

***EDIT*** 03.08.2011
I just had a user with this error: Word cannot complete the save due to a file permission error. The same fix above applies in this case. User on XP, office 2007.

And the location on Vista/7 for temporary internet files:
c:\users\YOURUSER\AppData\Local\Microsoft\Windows\Temporary Internet Files\

AND you can just open up Internet Explorer, go to Tools / Internet Options
Then click the Delete… button. I generally only select Preserve Favorites Website Data and Temporary Internet Files. But that’s just me.

In creating a software restriction policy, I had to refresh on some of the Windows System Environment Variables. Google helped me find a site (http://www.wilsonmar.com/1envvars.htm) that listed quite a bit of useful information.

%SystemDrive% C:

%SystemRoot% C:\WINNT
C:\WINDOWS

%WinDir% C:\WINNT
C:\WINDOWS

%SystemDirectory% C:\WINNT\System32
C:\WINDOWS\System32

%ComSpec% C:\WINNT\system32\cmd.exe

%programfiles% C:\WINNT\Program Files

%Temp% C:\DOCUME~1\Usr\LOCALS~1\Temp from
C:\Documents and Settings\Usr\Local Settings\Temp
%Tmp%

%HOMEDRIVE% C: The drive letter associated with the user’s home directory

%HOMEPATH% The path to the user’s home directory (excluding drive):
\Documents and Settings\Guest

%OS% Windows_NT (even on Windows XP machines
The operating system the user is running

%USERDOMAIN% The name of the domain that contains the user’s account

%USERNAME% The user’s name

%USERPROFILE%

%USERPROFILE%\Desktop The user’s desktop folder

Fun times.

I vlited Vista a while back when SP1 was released. I cropped almost 3GB worth of Vista DVD into 900MB worth of awesome install. It fit on two CDs. I liked it.

Fast forward to today – SP2 for vista was released a couple days ago to MSDN/partners. I download the rather large install and attempt to update my system. Fail. Epic. Apparently I’m “missing” key components needed by the SP2 installer. So I’m stuck on 1. Yippie.

So I go ahead and download the whole schebang – Vista Enterprise SP2. Then I go ahead and vlite this installation – but I only manage to cut the installer in half – 1.58GB out of the original 2.98GB. Four CD’s later I’m in business; burned and ready to install.

Installed without any issues, and it’s not even complaining. Seems faster already too.

ANYway, I attempt to run the Activation for windows. ERROR! ERROR! ERROR!

slui.exe – System Error

The program can’t start because SCARDDLG.dll is missing from your computer. Try reinstalling the program to fix this problem

Well that sucks. How am I supposed to activate this beast? I check on the original DVD to see if the dll is floating around – no dice. I check on another vista machine (SP1) – no dice. So then I remember that post CAB file days, Microsoft has files known as WIMs. AND since I needed to install that 1.3GB AIK microsoft installer for vlite to run, I already had the tool required to view said WIM files.

Grab the original Vista SP2 Disk and put it in your Optical drive (Or Daemon Tools virtual mount the ISO)
Create a directory called “vistamount” on your C:\ drive
Start -> All Programs -> Microsoft Windows AIK -> Windows PE Tools Command Prompt

imagex /mount f:\sources\install.wim 1 c:\vistamount

Now you’ll be able to navigate to c:\vistamount\windows\system32\scarddlg.dll. Throw this file into c:\windows\system32 and then try to reactivate.

I was recently given a laptop that refused to cooperate with the end user. Safemode only worked half the time, and regular boots would just hang after attempting to login.

The computer ended up having a windows init known as sdra64.exe. I don’t even care what these programs do anymore – I just get rid of them.

Quick google search provided me with this guy’s blog:
http://mrmusicmaker.blogspot.com/2009/04/how-to-remove-sdra64exe-yourself-for.html
Although I’m going to provide a different way to fix this issue, a lot of the knowledge was gained from the above blog about this problem and how to fix it.

First, grab your handy IT-Fix-It Disc (Hirens).
Boot off the hirens disc – I’m using version 9.8, current at the time of this writing
Boot into Tiny/Mini XP
After XP loads, open My Computer and navigate to C:\windows\system32\
Find the file sdra64.exe and either delete or rename this file. I renamed just in case I really wanted to go back to the way it was.
Then reboot back into safe mode (F8 before Windows starts loading).

When in safe mode, open the registry Start
Run
Regedit
Navigate to
HKLM\software\microsoft\windows nt\currentversion\winlogon
Find the “userinit” key
Double click on this key
You should only have the following:
C:\Windows\System32\Userinit.exe,
So delete anything after that comma.

Reboot once again, but this time don’t go into safe mode. You probably will have other infections that you should remove using Malwarebytes or Eset’s Nod32. Combination attacks work the best.