When I am away from the office I often set Outlook to “Work Offline.”  This allows me to have Outlook open for access to the cached information and it doesn’t try to connect and update all the folders whenever I establish a VPN back to the office.

At some point, Outlook started resorting to Work Offline every time it started.  This was troublesome as I might go for hours at a time not realizing I was Working Offline and as a result, not receiving email messages.  Before this problem, Outlook would start in whatever state (Connected or Work Offline) it was in whenever it was shut down.

In researching the problem I found many references to this problem which go all the way back to Outlook 2003. [more]

Microsoft’s solution is to create a new Outlook profile, as the existing profile has somehow become corrupted.  I really wanted to find a “cause and effect” fix, but never did.  So ultimately, I created a new profile and the problem is solved.  It seems as though this is a work around rather than a solution, but I am now Online.

To create a new Outlook profile go to Mail (32 bit) in the Control Panel (Windows 7).

  • Click on the Show Profiles button under Profiles.
  • Click on the Add button.
  • Give the new profile a different name from your existing profile.
  • Follow the instructions and Outlook will connect to the Exchange server and automatically create a new profile.
  • With a new profile, you can now have Outlook prompt you regarding which profile you want to use when Outlook starts.  You can also specify one of the profiles for Outlook to use automatically.
  • If you specify a profile, be sure you specify the new one you just created.  This will ensure Outlook will start up and look for a connection to the Exchange server rather than ignore the Exchange server and Work Offline.


Windows 2008 terminal servers handle user profiles slightly differently than Windows 2003. 

  1. Windows 2008 (and Windows 7) profiles use a different format from previous versions.  You will notice in the roaming profile folder that you get a new folder with a .v2 extension; this is to prevent the new format from being applied to older OS’s.  Essentially, the user has two different roaming profiles; one for older OS’s and one for Windows 2008 (and Windows 7).  (\\servername\profile_share\username\tsprofile for older machines, \\servername\profile_share\username\tsprofile.v2 for Windows 2008 terminal servers)
  2. They finally manage to delete the user profile when the user logs off.  I’ve noticed two issues related to this.
    • The Users folder (formerly Documents and Settings) starts having multiple folders with the users name.  wcbtest, wcbtest.datacenter, wcb.datacenter.001, wcb.datacenter.002, etc.  The event log shows an error when trying to delete the profile folder, saying that it is not empty.  I have not looked in-depth yet; there may be a solution to this.
    • If you want to run the group policy results wizard, you have to do it while the user is logged in.
  3. If the roaming profile location is unavailable, the user gets a temporary profile every time.  On Windows 2003, you would get an error saying the roaming profile location could not be contacted (if I remember correctly), but the local profile would be normal.


The Level Platforms Service Center website is probably not very standards-compliant.  We've know for some time that Firefox and Chrome browsers don’t render it properly, but I’ve recently seen more critical problems, such as the Site Management page showing a blank site-list in Chrome.  Some of the monitoring procedures require these pages, so using IE (or Firefox add-on like IE Tab) may be the only way to see everything properly.


In Microsoft Office 2007, Quick Access Toolbar definitions are stored in .QAT files that are stored in the c:\users\<username>\appdata\local\microsoft\office\ folder for each user.  For Office 2010, these are files that are formatted the same but have .officeUI extensions.  Actually, you can rename the extension of .QAT files and they'll work with 2010.

If you want to retain Quick Access Toolbars, keep a backup copy of your QAT or officeUI files and copy them to the user's appdata file on a new system.


For several months I would try to open Outlook 2010 and nothing would happen. When I checked the Task Manager I would see two Outlook.exe processes running. If I killed the process with the most memory, Outlook would open and all would be well.

One day I decided to fix the problem. My first guess was that Outlook was not starting correctly. When I searched for "Outlook startup problems", I didn't find anything useful. After a little research I found that when I closed Outlook, the process did not go away. A quick search for "Outlook shutdown problems" immediately returned the most common problem is a third party Add-Ins. When I checked the list of Outlook Add-Ins, the most likely suspect was "Outlook Change Notifier" that was in an Apple subdirectory. I removed the Add-In and Outlook would open and close like a champ.  [more]

I found a forum discussion,, that said opening iTunes will reinstall the add-in. It tried it and iTunes acted like it was reinstalling and the Outlook Add-In was back.

Instead of removing the Add-In, just uncheck the box next to the Add-In to disable it. This will allow Outlook to close correctly and iTunes won't try to reinstall it. An alternative method is to rename the file that contains the Add-In: Although Apple claims it's not a problem with Outlook 2010, it is.


On any VMware virtual machine running Windows 2008 or 2008 R2 that was created using v4.1, the advanced configuration parameter disk.enableUUID is set to TRUE. Basically, this enables application-level quiescence in the VM. If the VM was created on ESX prior to v4.1, the advanced configuration setting does not exist. So, if you want to get application consistency on a VADP (vStorage API style) initiated backup, it won’t happen if that setting isn’t set to TRUE. This is a problem because a number of vendors (CommVault included) don’t support this feature yet. Since it is a default for new VMs, they won’t back up correctly.

The bottom line is... make sure you are absolutely sure you are getting application consistent backups by checking the app logs on the VM when doing the backup. You may not be getting as consistent of a backup as you think.


A while back I tried to use nbtstat on my 64bit Windows 7 machine and it seemed to not be installed.  Well, I did some more research into this.  After a while I figured out that if I launched a command prompt using the usual shortcut I had been using, nbtstat would not be found.  But if I launched cmd.exe from the start menu, it could be found.  When listing the contents of the system32 directory the files were different when depending how I launched the command line.

Here is a single screen shot of two command prompts.  The directory commands were executed within seconds of each other.  The top command prompt can see nbtstat.exe, but it cannot see audiodev.dll.  The bottom command prompt cannot see nbtstat.exe, but can see audiodev.dll. [more]

Looking at these closely, did you notice that the times on the files displayed on both command prompts were different?

The gotcha here is how Windows handles launching 32 bit programs on a 64 bit system.  Many of us have probably noticed the “Program Files” directory is for 64 bit programs and the “Program Files (x86)” directory is for the 32 bit programs.  The system32 directory is for 64 bit programs and DLLs and there is a sysWOW64 directory for the 32 bit system32 files.  But instead of the operating system just activating the correct DLL when a program needs it, it does some sneaky root kit like work.  Here is what is really going on: 

When running a 32 bit program, the sysWOW64 directory looks like the system32 directory so no matter what the program does, it cannot try to load a 64 bit DLL.  Or it cannot even load a 64 bit executable.  I was launching the command prompt by using a shortcut.  But I was launching it from a 32 bit program launcher.  A 32 bit program can launch a 64 bit program if it can find it.  But when my 32 bit program launcher went looking for cmd.exe in the system32 directory, it actually found the 32 bit cmd.exe in the sysWOW64 directory and just didn’t know it.  So Windows 7 does not come with a 32 bit nbtstat, only the 64 bit version.  So that is why I could not find nbtstat.


While Bitlocker is encrypting your drive, the program automatically locks your entire drive except for 6GB. This is normally not a problem, but can be an issue if you are doing significant copying to the disk being encrypted. The following verbiage from a TechNet article describes this “feature” and describes how to temporarily pause the encryption in case you need to do work that requires more than 6GB on the disk. [more]

Why does it appear that most of the free space in my drive is used when BitLocker is converting the drive?

BitLocker cannot ignore free space when the drive is being encrypted because unallocated disk space commonly contains data remnants. However, it is not efficient to encrypt free space on a drive. To solve this problem, BitLocker first creates a large placeholder file that takes most of the available disk space and then writes cryptographic material to disk sectors that belong to the placeholder file. During this process, BitLocker leaves 6 GB of available space for short-term system needs. All other space, including the 6 GB of free space not occupied by the placeholder file, is encrypted. When encryption of the drive is paused or completed, the placeholder file is deleted and the amount of available free space reverts to normal. A placeholder file is used only on drives formatted by using the NTFS or exFAT file system.

If you want to reclaim this free space before encryption of the drive has completed, you can use the Manage-bde command-line tool to pause encryption. To do this, open an elevated command prompt and type the following command, replacing driveletter with the letter of the drive you want to pause encryption on:

manage-bde –pause driveletter :

When you are ready to start encrypting the drive again, type the following command:

Manage-bde –resume driveletter :


Quite frequently on information security audits we find machines where group policies have been applied incorrectly or not at all.  The IT administrator swears the policy is working, but the policies haven’t always taken on machines.  What we can do in that situation for Windows XP machines is use GPupdate.exe, Rsop.msc, and GPresult.exe to find out more information. [more]


After you make changes to group policies, you may want the changes to be applied immediately, without waiting for the default update interval (90 minutes on domain members and 5 minutes on domain controllers) or without restarting the computer. To make this update, at a command prompt, run the Gpupdate.exe utility.


The Resultant Set of Policy MMC snap-in has a nice interface and is easily used. Just go to Start, Run and enter rsop.msc. This will flash up a quick screen with a summary of the environment it’s processing.

When the progress reaches 100%, it will pull up a report for the policies upon which the computer and the user are having applied. You can browse the list, which mirrors the Group Policy Management Console, and see which policies the machine is seeing, which might not quite match what you’ve set in the Active Directory server.

You can also use this to diagnose any errors. For example, if a software deployment isn’t coming through for some reason, you can verify that it has access to the policy and has received the command. You can also see any related errors to help your troubleshooting.


Starting with Vista SP1, RSoP no longer shows all of the group policies that a computer might have being applied to it. Instead, Microsoft recommends that you use the command line tool GPResult. Just open the Command Prompt and type:  gpresult

Being a command line tool, it opens up the possibilities to include it in scripting. There are a large number of options you can use with GPResult to get exactly what you want. You can use it to create a nicely formatted HTML or XML report and you can also use it to run remotely on another system and as a different user (provided you know the password).


Just as IT departments are finally locking down the use of removable media, a new threat may make existing technical controls irrelevant.  The “Teensy” is a USB microcontroller that plugs into a PC in the same manner as a USB thumbdrive.  But, the technical controls that are able to neutralize the use of thumbdrives and other USB storage have no effect on the Teensy.  That is because the Teensy emulates a human interface device, such as a keyboard.  Since USB keyboards are restricted by very few, if any companies, the Teensy is able to connect undetected.  The tiny microcontroller can be programmed with virtually any code- including code useful in an exploit.

Teensy devices are available online for relatively low cost- under $10 US.  It looks like IT administrators have another thing to keep them awake at night.