Nothing post-atomic here, unless you try to deploy WSS/MOSS in a high-security environment where a security policy states that the setting “System cryptography: Use FIPS compliant algorithms for encryption, hashing and signing” is applicable (set to “Enabled”)

In this case, the SharePoint Central Administration website will refuse to load and show an error message such as “This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.” instead. Any solution around? Yes 3 actually:

1. Remove this setting from your security standards for WSS/MOSS or
2. Install this hotfix http://support.microsoft.com/kb/935434 whenever possible or
3. Shout strangely before fighting, like Ken does, it seems to help a lot 

Note: solution 3 does not seem to work… But it brings fun all over the place.

And cut!

While M. Night Shyamalan (http://www.imdb.com/name/nm0796117/) is trying to sell some tickets for his new (below the average) movie The Happening (http://www.imdb.com/title/tt0949731/), I had the opportunity to help some AD admins reporting their questions in newsgroups.

A recurring one is “how can I know to which DC my users are going to authenticate”? Well, there are multiples solutions, it all depends on how you want to do and how much effort you want to invest…

For example, you can use the NLTEST command from the windows Resource Kit Tools: NLTEST /server:MYCLIENTCOMPUTER /dsgetdc:MYDOMAINDNSNAME will report to which DC a user belonging to the domain MYDOMAINDNSNAME if logged on the computer named MYCLIENTCOMPUTER

Another simple method, provided by the talented MVP Gilles Laurent (http://glsft.free.fr), is to create or modify your common logon script in batch with a line such as:echo %date:~-10%
%time:~-11,8%,%computername%,%logonserver:~2%>>\\server\share\LogonUsers.log and to create a share on a server where all user have permission to write.

Finally, there is the LogParser way. Assuming successful logon events are audited on all your DC’s, you can download and run the following scripts against all you DC’s (as long as you have the appropriate privileges): http://www.marc-antho-etc.net/scriptdetail.aspx?script=adSuccessNetLogons.cmd.txt and http://www.marc-antho-etc.net/scriptdetail.aspx?script=adSuccessNetLogons.lpq.txt. These will create a CSV file with the following fields: DC,Date-Time,Domain,User,Authentication,ClientName and ClientIP

It also takes care of not including anonymous logons. But be aware that this may turn to be a slow process across WAN’s…

Once you have the CSV in hand, you can look for the mapping between a DC and the client IP or the client Name or even run additional data extraction query such as:Returning the number of logons per authentication provider (NTLM, Kerberos…): http://www.marc-antho-etc.net/scriptdetail.aspx?script=adSuccessInteractLogonsByAuth.lpq.txt... And many more you’ll find in the AD section of the Scripting and Automation Area: http://www.marc-antho-etc.net/scripts.aspx?prodtech=AD 

Now let’s hope you’ll find better twists in your AD than in The Happening.

And Cut!

Since last month I am the happy owner of an HP iPaq Business Navigator (Thanks D.D.!)

Until now, everything is working fine except that at home, I was unable to connect to my own Wi-Fi network. After struggling a bit, I discovered that the connection was always successful if I set my AP to use channel 11. Since then, connection worked flawlessly!

And cut!

Sysinternals Tools are now available as a "Live" service and can be accessed from http://live.sysinternals.com or \\live.sysinternals.com\tools\.

If , like me, you like to keep them "available offline", feel free to use of of those script to automate download. Both HTTP or CIFS protocols can be used:

• CIFS: http://www.marc-antho-etc.net/scriptdetail.aspx?script=miscDlSysintToolsLiveCifs.cmd.txt
• HTTP: http://www.marc-antho-etc.net/scriptdetail.aspx?script=miscDlSysintToolsLiveHttp.cmd.txt

Cheers!