RDP backslash fix for an Apple UK keyboard

Posted on By Mark Wilson
This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

A few days back, in my post about typing # on an Apple UK keyboard, I commented that I can’t type a backslash (\) on an RDP session to a Windows server from my Mac.

An anonymous contact very kindly tipped me off about Ira Rainey’s backslasher system tray application which Carl Slater has mirrored on his site (alongside a very nice VW Camper and motocrossing Honda C90s!). It works fantastically on my Windows Server 2003 SP1 system using the Microsoft Remote Desktop Connection Client for Mac v1.0.3 and Mac OS X 10.4.8.

Useful widgets

Posted on By Mark Wilson
This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

I’ve spent quite a bit of time this weekend just playing around with my Mac and now I’m hooked on dashboard widgets. Initially dismissed as a gimmick, these are similar to Yahoo! Widgets (formerly Konfabulator) and the sidebar gadgets in Windows Vista. Basically each widget is a tiny application with a particular function in mind. So, here are the ones that I’m currently finding particularly useful:

  • I’ve already written about Amazon album art but it’s been great for downloading the artwork that even iTunes 7 misses:
    Amazon Album Art widget
  • Wikipedia is a tremendously useful resource – although I could fire up a browser it’s sometimes handy to call up an article directly from the dashboard:
    Wikipedia widget
  • AirPort Radar can be used to enable/disable the wireless interface but its most useful feature is reporting all the available wireless networks and their channel numbers:
    AirPort Radar widget AirPort Radar widget
  • iStat Pro gives a single view of my system’s vital statistics:
    iStat Pro widget
  • Dashalytics hooks into my Google Analytics account and gives an instant view of web site visits and page views over the last day, week and year:
    Dashalytics widget
  • I use the BBC Weather widget in place of the standard one (because it recognises the town where I live)… oh well, looks as though things may brighten up in a day or two:
    BBC Weather widget
  • Meanwhile the BBC Radio widget lets me choose from many local and national stations, updating the logo accordingly:
    BBC Radio widget

Of course, some widgets promise much but are let down by reliability issues, or by poor interface design; however there are a growing number of widgets to choose from (Apple maintains an index of the most popular widgets – 2291 of them at the time of writing). I’ve just downloaded some more to try (including one for Blogger) – let’s see where this goes. Something tells me that widgets/gadgets (depending on your operating system of choice) could soon be big business – and if you’re yet to be convinced just imagine what will happen once these HTML/CSS/JavaScript applets cross over to become common on mobile phones and other handheld devices – after all, a few years ago we’d have laughed at the idea of selling ringtones at £3 a pop to mobile phone users.

Filling the gaps in iTunes album art

Posted on By Mark Wilson
This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

I’m not normally that bothered about iTunes updates, but iTunes 7 is a big improvement.

Two of the new features are gapless playback (thank you Apple) – touted as a big boon for classical music lovers but also pretty good for people like me who listen to dance mixes (I may be a 34 year-old family man but there’s an Ibizan clubber trying to escape from inside me) – and automatic download of album art, including a cover browser view to flip through albums jukebox style.

Unfortunately the iTunes album art service obviously has some holes, because most of my collection is still lacking album art. Short of scanning CD inlays and applying the artwork to the tracks manually, there’s not a great deal that can be done, but Mac OS X 10.4 (Tiger) users can make use of an Amazon Album Art Widget.

Amazon Album Art widget

This handy utility searches Amazon‘s Austrian, Canadian, French, German, Japanese, UK or US sites and finds one or more matches for the currently playing song, which than then be applied as artwork for selected tracks, the currently playing track or the currently playing album. As most of my CDs are from UK or Australian sources (and I suspect iTunes is very US focused) this is doing a great job of filling in the gaps, even if the quality of Amazon’s album art sometimes leaves a bit to be desired. Of course, much of my collection will have long since been deleted from catalogues, but I guess I’m now getting up towards the 80% mark on artwork completeness, which vastly improves the view of my cover browser.

VirtueDesktops

Posted on By Mark Wilson
This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

This week I’ve had two separate geekfests… one with my mates Stuart and Pete, and the other with my buddy Alex. I usually learn lots from these guys as:

  • Stuart is into gadgets and “stuff” – he used to know Mac things but does more Windows work these days.
  • Pete knows a lot about coding (and now lives on the west coast of California).
  • Alex teaches me about CSS, web standards and using my Mac – this week it was dumping 10 years’ worth of Mac operator experience into a couple of hours teaching me how to use Quark XPress 6.5, Adobe Photoshop CS 2 and Acrobat to get a feature about the proposal to build a wind farm close to our town ready for the local community magazine.

Now Alex is always telling me that he has nothing to write for his blog but based on the amount of “stuff” I learn every time we get together he should start blogging more. This time, aside from the XPress/Photoshop/Acrobat lesson, it was introducing me to VirtueDesktops for the Mac – now I’m hooked. Linux users may be familiar with the workspace switcher, VirtueDesktops gives me that for Mac OS X, with customisable effects as I transition between desktops (I love the cube transition).

The 0.x version number indicates that this is still pre-release software and it does have the odd glitch where a window gets left behind on another desktop but I’m finding it so useful to keep mail, browsing, coding/design and other stuff on separate desktops, all just a keyboard shortcut away, that I can’t see me dumping this utility for a while!

wget for OS X

Posted on By Mark Wilson
This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

One Linux utility that I find very useful is wget. Last night I found out that Mac OS X 10.4.7 doesn’t include wget and I was a bit stuffed… luckily I found Quentin Stafford-Fraser’s OS X port of GNU wget. I needed to refer to the blog post comments to get things working but the basic process was to issue the following commands from a terminal:

sudo mkdir /usr/local
sudo mkdir /usr/local/bin
sudo mkdir /usr/local/man
sudo mkdir /usr/local/man/man1
sudo mkdir /usr/local/etc
sudo cp wget /usr/local/bin
sudo cp wget.1 /usr/local/man/man1
sudo cp wgetrc /usr/local/etc

Then, create a file called .bash_profile containing the following:

export PATH=$PATH:/usr/local/bin
export MANPATH=$MANPATH:/usr/local/man

After logging off and on again, issuing the wget url or man wget commands from the terminal should produce the desired results.

Burn DVDs from the Windows command line

Posted on By Mark Wilson
This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Sony DWG120A DVD recorder
A few weeks back, I bought myself a Sony DWG120A DVD±RW dual layer recorder. Although I picked mine up as a £29.99 brown box deal in PC World, it is available for less on the ‘net (but that would have involved shipping costs and delays).

It was a two-minute installation (open case, swap out old CD drive, insert and connect new DVD drive, close case) but I soon found out that Windows XP’s support for DVD writing is not very good – it can write CDs natively but even with a DVD burner that interface is restricted to CDs – one feature that I’d expect Microsoft to have fixed by now. I didn’t have much luck with Windows Vista beta 2 and the NEC DVD burner in my notebook PC either and my copy of Nero was no use, as I found that it is an OEM version and so is tied to that OEM’s devices – all I could do with my Sony drive was write to a generic image recorder device (which would at least allow me to create ISO images).

A couple of years back, I wrote about a utility for burning CDs from the command line and so I started googling for a DVD equivalent. A Windows FAQ article by John Savill, entitled How can I burn a DVD image from the command line? pointed me in the direction of a Microsoft resource kit tool called dvdburn.exe and that did the trick. It’s a really simple utility, that does exactly what it says – it burns DVDs (using the syntax dvdburn dvddrive filename). The result:

Media type: DVD+R
Preparing media…
– 100.0% done
Finished Writing
Waiting for drive to finalize disc (this may take up to 4 minutes)……………………
Success: Finalizing media took 22 seconds
Burn successful!

Delegation of Active Directory administration (using Quest ActiveRoles Server)

Posted on By Mark Wilson
This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Recently, I’ve been working with a client who has an extraordinarily high number of users with domain administrator rights (i.e. those who are members of the Domain Admins group). The problem is historic and they are in the process of moving from Windows NT to Active Directory (AD); whilst AD allows for delegation of control over objects (although best practice dictates that delegation occurs at organisational unit level), under NT the limit for delegation was the domain.

In order to reduce the number of Domain Admins, I’ve been producing a delegation model for AD administration that is intended to provide a pragmatic balance between the granular control that AD can provide and the access requirements of each support team, yet still remains realistic from a management perspective. One major issue is that, whilst Microsoft provides several-hundred pages of documentation and a delegation of control wizard, there are no native tools to keep track of the objects over which control has been delegated. Consequently it’s often necessary to resort to third party tools.

One such tool is ActiveRoles Server (ARS) from Quest Software. Quest inherited this technology with their acquisition of Aelita Software (they had previously inherited another product, now known as ActiveRoles Direct, when they purchased FastLane Technologies). Installed onto a Windows server (which should be secured as any domain controller would be), the current incarnation of the product, uses a SQL Server database for configuration data (rather than schema extensions as some previous products did) and publishes itself as a connection point object within AD. The configuration database can be mirrored via SQL replication for redundancy, with one server acting as a publisher and one as a subscriber whilst the connection point model allows for load balancing between the two servers.

In terms of management, ARS can be administered using a Microsoft management console (MMC) snap-in, a browser interface, or using AD services interface (ADSI). By default, ARS will bind to the first AD domain controller that it finds, although this can be overridden in the management toolset.

Despite not extending the AD schema, ARS allows additional attributes to be stored for an object. These attributes are placed within the ARS configuration database and can be used for provisioning (e.g. conditional filtering on attributes) or for storing additional information on a user (e.g. staff ID number). Propagation of directory data to other LDAP directories and Microsoft Identity Integration Server (MIIS) are supported via Quick Connect for ActiveRoles Server and Unix support can be provided using through a support pack for Vintela Authentication Services. ARS can also expose attributes that are not normally visible in the standard Active Directory Users and Computers MMC snap-in.

In order to allow for user rights to be elevated as required, user access is proxied via the ARS service account, which should be given the highest level of permissions that will be allowed (e.g. Domain Admins). This means that all access is via ARS, allowing for auditing and reporting of rights use. Quest’s recommendation is that users are not assigned native rights within Active Directory (beyond the standard read-only permissions given to an authenticated user). In this way, all rights can be managed via ARS (otherwise privileged users could circumvent ARS, avoiding any auditing of their actions); however there is also an option for ARS-delegated rights to be propagated to Active Directory if required.

Some ARS terminology includes:

  • Access templates: pre-defined role descriptions controlling what a user can/cannot do. ARS allows further granularity than native AD rights – for example controlling which attributes a particular user can edit on an object (e.g. allowing for self service of certain directory attributes via a web interface).
  • Managed units: query-based filters for management of roles (effectively a virtual OU). This avoids issues whereby best practice recommends delegation at OU level but the OU structure is generally designed with group policy in mind.
  • Policy objects: rules applied to objects as they are created (e.g. when creating a user in a particular OU, add them to certain security groups).
  • Script modules: bespoke code that allows policy objects to be extended beyond the standard capabilities of AD OUs and group policy (e.g. when creating a user account, e-mail the telephone system administrator and ask them to populate the user’s telephone number in AD).

ARS seems pretty powerful but it does have some limitations:

  • Firstly, it operates at the domain level, so delegation of forest-level tasks does not seem to be supported.
  • Secondly ARS is used to provide delegation of control over directory objects – not the resources protected by the directory itself (e.g. file systems). This means that ARS can be used to control the administration of the groups that allow access to a particular resource; but there is nothing that it can do to prevent a sufficiently-privileged user from bypassing ARS and accessing a resource directly.

In reality, this has meant that my client has built part of the delegation model for AD using the Quest tools (the translation of the IT policy and procedures to a provisioning model built around ARS) whilst I have based the administration model for the servers and computers within the domain (as well as forest-wide operations) around Windows groups, with procedural control over the use of privileged and non-privileged accounts.

Although I’ve been working with Active Directory since Windows NT 5.0 beta 2 (about 8 years now), this is the first time I’ve really looked at the administration model. It’s been a difficult process for me – to do it properly requires business analysis skills as well as (and probably more than) technical knowledge. The following links might be useful to anyone else who is looking at delegating AD administrative control:

Creating a customised Windows XP CD using nLite

Posted on By Mark Wilson
This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Last night, when I was installing Windows on my Mac, I needed a Windows XP CD with service pack 2 included (i.e. a slipstreamed service pack as Apple Boot Camp doesn’t allow the use of a non-SP2 CD). I didn’t have one – only a Windows XP (RTM) CD, an integrated SP1 CD, and an SP2 update CD – but that’s no problem, as you can create your own slipstreamed XP SP2 CD.

The official method linked above works well, but (as highlighted in the August 2006 edition of Personal Computer World magazine) there is an easier way – using the excellent (and free) nLite deployment tool for unattended Windows. After copying the contents of my original Windows XP (RTM) CD to a temporary location on my hard disk, I was able to use nLite to integrate the service pack (from my SP2 CD) and make a bootable .ISO image of the new distribution (ready for burning to CD using the software of my choice) using just a few mouse clicks. I could also have integrated drivers (e.g. the ones from the Macintosh driver CD that Boot Camp creates), included updates/patches, removed components, applied tweaks and generally customised the Windows XP installation to suit – all using one simple wizard.

Thanks to Dino Nuhagic (Nuhi) for creating nLite (and for making it free) – it really is a very useful tool.

Sharing disks between Mac OS X and Windows

Posted on By Mark Wilson
This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

I wrote a couple of months back about the Toshiba PX1223E-1G32 320GB external hard disk that I bought (and which I’ve been very pleased with). Well, nowadays the aluminium case makes it a perfect companion for my Mac Mini and my Fujitsu-Siemens S20-1W widescreen monitor.

The trouble is that, in common with most external hard disks, the drive comes pre-formatted for the NT file system (NTFS), used by all modern versions of Windows. NTFS is a great file system – but it is also Windows-specific, at least from a read/write perspective (Linux and MacOS X systems can only read NTFS-formatted partitions). So, to use the disk with a Mac requires a reformat – either using one of the Macintosh file systems, such as HFS+/MacOS Extended (Journalled), the Unix file system (UFS – but not ext3), or FAT32 (MS-DOS file system). Of these choices, only FAT32 is universally accepted by Windows, Mac OS X and Linux systems but it does have some pretty serious limitations, as I soon found.

Firstly, although FAT32 supports file systems up to 2TB in size, the format utilities within Windows support a maximum partition size of 32GB; however by formatting the drive using another operating system or third-party tools, this limit can be overcome and Windows is able to read or write larger volumes. Secondly, and more significantly, FAT32 only supports files up to 4GB in size. That doesn’t sound like an issue until you start copying .ISO DVD images and digital video files around. Pretty soon it became apparent that FAT32 was not the answer.

The solution was using a software product called Mediafour MacDrive, which I found from the Wikipedia article on HFS+ and which has turned out to be really useful. Ironically, I didn’t need to use a licensed version to transfer my data from a PC to the Mac, as Mediafour make a trial version available for download which is valid for 5 days after installation. Having used that as my demonstration of how useful this software is, I decided to buy a copy (proving that users will buy genuinely good software, even if they can get by for free) – at $49.95 it’s reasonably priced (especially with the current dollar exchange rate and as Mediafour offered me a 24% discount if I purchased within 24 hours of requesting the trial version) and when I finally get around to dual-booting Windows on my Mac it will be invaluable. Sadly, the current version of MacDrive doesn’t work on Windows Vista, so I will need to upgrade one day in the future, but for now it’s a great way to share files between Windows and Mac OS X.

Creating Windows file system shares remotely

Posted on By Mark Wilson
This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Yesterday, one of my colleagues came to me with a problem to solve. He wanted a user to be able to create a share remotely (i.e. without logging onto the server console physically or via terminal services). I suggested allowing the user access to a shared folder at a higher level in the directory structure and then, after they had connected to that share, they could create a new subfolder and share it out. Unfortunately, my colleague returned later to say that Windows doesn’t allow sharing of folders when connected via a share so he had to find another way around the issue – he found two possible answers:

Even though rmtshare.exe dates back to the days of Windows NT 4.0, I was able to use it to create a share (and delete it again) on a Windows Server 2003 server from a Windows Vista client (although I did have to elevate my permissions before it ran successfully).