For those of us who use WMI everyday here is a great blog at MSDN to learn tips and tricks with accessing WMI via PowerShell.

I found a tip to help me start using PowerShell to traverse my WMI database.

Give 'er a look.

In my job of developing Admin Arsenal I have the privilege of constantly creating, deleting, changing, breaking, punching, smashing, seducing, WTFing, and generally abusing Active Directory domains. In this capacity I've seen problems that probably don't crop up for the average administrator, but sometimes I see problems that are probably fairly common.

One such problem has to do with DNS. Periodically, after changing my domains in some way, I would suddenly lose connectivity to AD. But connectivity wouldn't be lost for long, it would suddenly reconnect some time later and stay connected for a while, but then drop off again. Rebooting the clients or the server sometimes worked, sometimes it didn't. I could still authenticate and connect to servers with my AD credentials, but I couldn't connect using any management tool including Admin Arsenal (sometimes I could connect if I went straight to a domain controller, but not always.) Then I'd rebuild my AD servers to test something else and the problem would go away. I would just chalk it up to something I did to abuse AD. But it kept happening every few months, so I decided that it must be common problem and decided to delve in.

It took me several hours to track it down, but I was determined, dam-nit! I'm not sure how I finally figured it out (probably a lucky find on a forum somewhere,) but as I mentioned it was to do with DNS. At some point in all my AD thrashing I got a phantom A record in DNS for my domain. Since it was doing round robin name resolution, I would periodically get this phantom address when my machine tried to resolve lab.adminarsenal.local. As long as that address was either in my cache or kept being served up by DNS, my connectivity would be erratic.

It just goes to show how many pieces there are to a well run network. If one of them breaks, it can be difficult to find out exactly where it is. Well, I guess it keeps us all employed.

For those of us who rather enjoy using XP (and certainly those of us who love to manage XP as opposed to dealing with Vista) the following bit of info should bring a smile...

"Microsoft has recently indicated that it will continue to support WinXP until 2014..."

That's good news, but it makes me wonder if hardware and software vendors will follow suit?

    Photo by Doug88888

So I was plugging away on my Windows 3.1 system (it was 1996 and we hadn't upgraded yet) when I reached for my 32 oz. drink. A slight miscalculation in my reach and the company's $1,000 Lucent phone suddenly got a gulp of Mountain Dew.

I fessed up immediately (of course) and actually came away with some brownie points for my honesty. (I used the same technique a year later in traffic court. It caught the court clerk completely by surprise, and got the judge in a very forgiving mood.  But I digress.) The phone vendor sent out a cleaning guy and we chatted while he cleaned up my mess. I learned a few things from that encounter. Namely, that some liquids are worse than others when it comes to cleaning (or even killing) your keyboard/laptop.

So in honor of that fateful accident thirteen years ago, I offer up the 7 worst drinks for a keyboard.

7. Coffee - Probably the most common. Cream will make it stickier and may actually slow its progress as it migrates downward.

6. Pepsi & Milk -  I actually met someone who enjoyed this concoction (no, it wasn't Penny Marshall). I just couldn't enjoy something that was curdling before it got to my stomach.

5. Pina Colada - The only thing worse would be to get sand in your keyboard. The coconut cream in the drink will make cleaning almost impossible.

4. Pomegranate Paradise - Seeds in sticky sauce. Your keyboard will die, but it'll go loving every minute of it.

3. Motor Oil - If you doubt this then the next time you take your car to the shop just glance at your mechanics keyboard.

2. White Russian - This is tough one. Anything with dairy stands a real chance of gettin' its stink on after a few hours/days. It's best be thorough in your cleaning.

1. Water - it may seem anti-climatic to put water as number 1, but after speaking with the technician who cleaned my phone, water is clearly the top of the list when it comes to damaging electrical components. It's the easiest to clean (just tip your laptop/keyboard upside down), but once it hits control boards or anything else with an electrical current, it's over.

You don't work with WMI as much as we do without getting a number of headaches. For all of the functionality that WMI provides, it has contributed more than its fair share of clenched fists, muttered expletives, and harshly flung mice. WMI has a lot of moving parts, any one of which can break - leading to cranial pain.

WMI errors can can be caused by... well... by almost anything, including a stern look. One common cause of WMI problems is a corrupted repository. The repository is a collection of files that WMI maintains internally to define all of the classes and methods for its providers. If the repository gets corrupted, you'll get all sorts of strange errors. Luckily, rebuilding the repository is quick so it's a good place to start.

There are only 3 steps:

1. Stop the WMI service (net stop winmgmt).
2. Delete (or rename, just in case) the repository directory (%windir%\system32\WBEM\Repository).
3. Start the WMI service (net start winmgmt).

When WMI comes back up, it will rebuild its repository and *hopefully* eliminate the error. On the off chance that this makes things worse, just re-do the steps but put back the renamed repository from step 2. 

Microsoft has a pretty in-depth article covering a variety of WMI troubleshooting techniques. They also have a tool for testing a WMI installation which I'll cover in an article next week.

Mozilla's reluctance to curry favor with corporate IT staffs is just one reason why Firefox is amazingly popular with individuals and less so with the corporate CIO. Since Mozilla seems content with their laissez-faire corporate stance, I wanted to see if others had successfully taken matters into their own hands.

Deploying Firefox is pretty easy and straight forward. But what about configuring, managing add-ons, locking down changes, or verifying compliance?

I started this post with the intent of showing the handy secrets of maintaining Firefox in a corporate environment. I looked, and researched, and finally came to the same conclusion as Michael Pietroforte from 4sysops.com, Mozilla obviously doesn't care about the corporate customer.

One tool is FirefoxADM, which allows admins to enforce locked and defaulted settings via Group Policy. The problem is that it was last updated in 2005.The only other tool that I've found is FrontMotion.

If anyone knows of solutions for managing Firefox centrally I'd love to hear about it. I plan on loading FrontMotion onto Server 2008 (I don't dare do so with FireFox ADM, since it hasn't been updated in four years). If anything screams success I promise that I won't keep it a secret.

We often get questions about uninstalling software remotely. We will be providing this capability in version 2.0, but until then there are ways to get what you want done.

Method 1

The first and simplest way to uninstall remotely only works if the application was installed with a .msi file and you have access to the install file. You simply "deploy" the .msi file with Admin Arsenal using the Uninstall option:

Admin Arsenal will then go through the standard deployment process, except that it will uninstall the application.

Method 2

The second method is a bit more tricky, but doable. It is this process that Admin Arsenal version 2.0 will automate for you. What you need to find is the "Uninstall String" which is the command that is run by the Add/Remote Programs control panel when you want to uninstall a program. This is located in the registry on the computer where the application is installed. 

To find the uninstall string, navigate to the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Within this key there will be entries for the programs that are installed. It may be a bit tricky to find exactly the one you're looking for, but using search should help you get to it. Most entries will have an UninstallString value. This is the value you want. In the highlighted example above, the value is:

"C:\Program Files\TightVNC\unins000.exe"

Running this command will give you exactly what you get when running the Add/Remove Programs control panel. The same caveats about silent installations applies to uninstalling as installing. If you ran this uninstall string, as it is, remotely it would hang and never finish. This is because it pops up asking if you "really, honest to goodness, pinky swear want to uninstall?" but the question won't be visible to allow you to answer.

A quick search in for "unins000.exe silent" in [your search engine of choice] revealed that if you use /silent as the argument, you'll avoid the question and the install runs without user intervention.

"C:\Program Files\TightVNC\unins000.exe" /silent

Tip:  Some uninstall strings include MsiExec.exe. These always have the same options to uninstall quietly. Simply change a value like this:

MsiExec.exe /I{3EE9BCAE-E9A9-4535-9B1C-83A4D357E05C}

to this:

MsiExec.exe /X{3EE9BCAE-E9A9-4535-9B1C-83A4D357E05C} /q

Now that you have the uninstall string, you just need to run it as a remote command, and voilà, a clean slate.

I've been surprised at the number of organizations that are still using IE 6. If your org is one of these, then  chances are good that there's a political reason. Since technical solutions rarely solve political issues, it's time for some political thinking. Then we'll get to the technical bit.

Years ago my hometown Sheriff lost a re-election. Just like IE 6, he had been around forever and it seemed that he would never go away. So what finally did him in? Sex scandal? Money scandal? Nope. It was his opponents one line campaign slogan.

Do we need a new Sheriff? Just ask a cop.

Let's use the same approach when political, rather than technical, hurdles arise in upgrading IE 6.

Upgrade Internet Explorer? Just ask a [web developer | power user | windows administrator].

Pick your analogy. Torture chamber. Lemon juice on a cut. FUBAR. My personal favorite is an old Simpson's line, "it tastes like burning". These are the phrases thrown around by web developers who are trying to make their sites work with IE 6. Afterall, it is the version that helped spawn the popularity of Firefox (which, in the interest of full disclosure, is the browser that I am using to write this post). But IE 7 has changed a lot, and now that IE 8 is out, it's time to approach management with the reality that support for IE 6.0 is drying up (more than a handful of sites are no longer supporting it).

If your organization is using web apps that will not work on newer versions of IE, then it's time to have a heart-to-heart with the vendor or developer(s). If they are going to maintain a product, then they need to port it over. If not, then you have some more homework, like finding an alternate solution. IE6 won't be around forever.

DownloadSquad has a good article on this very topic, as does .NET. Perhaps the most interesting read (including the comments) came from Ryan Farley's excellent blog.

The technical part of upgrading IE is pretty simple, albeit slightly different from other deployment solutions. We have a page dedicated to IE 7 upgrades. It's an easy deployment, so no worries, you'll be out of the stone-age in no time at all.

I was watching one of my stories the other day, and I remembered how one of my sisters told me that the main actor is English but putting on an American accent*. On a whim in the middle of the show I decided to find out if it was true. I jumped to the Internet Movie Database and in seconds I found out that it was indeed accurate. More amazing than the fact that my sister was correct, is how quickly I was able to find the information.

It made me think, as short as 20 years ago, how would I have been able to know? I would probably have had to go to the library, or call around to some friends who were movie buffs, or just put it into the back of my mind as one of life's great mysteries. Today, though, I don't even think twice about how easily I can find information. It's not that 20 years ago I was missing the ability, and tapping my fingers impatiently waiting for the day when the answer would be just a few keystrokes away. No, it was just how life was and life went on. 

So it makes me wonder, what does the next 20 years hold? In the year 2029, what will we have that will make us look back and wonder how we were even able to get up in the morning without it. The mind boggles. I don't dare try to predict what the future holds, but there are two things that I can be certain about: It will not be quite the way anyone predicts it will be; and it will be awesome.

But, of course, now I am tapping my fingers impatiently awaiting the day that the answer won't even require any keystrokes...

* The actor, for those who are curious, is Damian Lewis.