Welcome to the credential hell

Getting a brand new system, installed with Vista SP2 and all the latest hotfixes you would assume this is just a top notch system – it’s not!

If you try to access files via WebDAV, for example content on your corporates internal sharepoint server, you’re presented a ton of credential dialogs to enter your username and password just by opening that stupid word or excel file. This is just sucks big time!

For some really strange reason IE thinks that the URL server.companydomain.com is an internet-address and not in intranet-address – event though the domain is set as the intranet-zone in the IE settings. Obviously the WebClient is not recognizing the IE settings in this respect (when it comes to proxy settings, it does honor the IE setting though!).

Well, there are a couple of KB articles describing this problem (like KB 941853 or KB 941890). But they don’t seem to offer any relief.

Finally I came across a blog-posting of the SharePoint Team, which offered some insight of the problem – and finally a solution that worked (at least on my system with installed SP2 – if you don’t have SP1 installed you might need to get a fix from Microsoft):

  1. in the registry go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters and add a new multi-line entry called AuthForwardServerList.
  2. add a white-list of servers/domains to this list to which you would like to automatically pass your credentials. This is the same namingstyle as the zone-settings of IE – so beware of wildcards!
  3. finally restart the WebClient service in order for the new settings to take effect.

Enabling SSO for the VMware Infrastructure Client

Even though you can authenticate to the ESX server using your Active Directory structure, when starting up the client you are prompted to enter username and password. This is just … disturbing.

OK – so just create a copy of the link to the client and change the commandline parameters. Add -passthroughAuth and -s <your servername> to vpxclient.exe and off you go …

Empty Desk-Policy – for Profiles

Every applications nowadays seems to create temp-files without feeling the need to clean up after them-selfs. So I need to take care of this matter.

At least most applications dump the temp-files in the appropriate temp-folder, that is being provided either by the windows environment or via special folders.

OK, but how do you get rid of this junk easily? The answer is simple: just setup an appropriate policy.

In order to do so, you first should create a little script:

cd %temp%
rd . /s /q
cd %windir%\temp
rd . /s /q

Call this script for e.g. del_tmp.cmd and place it in %windir%\system32\GroupPolicy\User\Scripts\Logoff.

Next startup an instance of gpedit.msc and go to user-settings\windows-settings\scripts. Here you can edit which scripts should be run at logon/logoff. Obviously we want our script to run at logoff.

OK, not everything is set to clean-up with every logoff.

Permanently setting variables in Vista

Well, from XP I’m used to just pop up the current computer properties and just set permanent environment variables. In Vista this is however different. This will require a priviledge elevation, and thus you’ll only be able to edit the admin’s variables, but not the environment of a regular user.

This being said – the answer is quite simple: setx. To set a variable like JAVAHOME just call setx JAVAHOME "c:\Program Files\java" and that’s all.

Fast Switching GAC perspectives

You all know the classic (managed) view of the GAC at C:\WINDOWS\assembly as well as the pure view where you see all the folders and stuff. But to switch between these to views you have to tweak the registry each time. This can get teadious.

Another option is to enable the managed view and then enter in the run-command of ther startmenu for e.g. C:\WINDOWS\assembly\GAC_MSIL – and you’re inside the scambled GAC view – voila!

What's the time?

just stumbled across some configuration stuff in one of my linux-servers and I thought this would be a good time to take some notes … I wanted to check that the time is correct on my linux server (running Debian), so here are some simple steps to verify that.

First off your hardware-clock should run on UTC/GMT. To verify that the clock is synced to UTC on shutdown verify /etc/default/rcS, which should have setting like UTC=yes. Then use tzconfig to manipulate the symlink at /etc/localtime to match your current timezone.

Finally you should set the clock using ntp:

ntpdate time.fu-berlin.de
hwclock --utc --adjust
hwclock --systohc