Downgrade from iOS 6 to iOS 5.1.1 (link to iOS 5.1.1 for the iPhone 4s included)

So for many people the… inconsistencies of the new iOS maps application in iOS6 is a deal breaker. Not so much for me, but I know some people who travel for work a lot and are furious about it.

Apple doesn’t want you downgrading to 5.1.1 because of the removal of Google Maps and the YouTube app.

That’s not to say it can’t be done.

First you’ll need and iOS 5.1.1 ipsw file, which you can get directly from Apple (for now) here (that’s for the iPhone 4s, you’ll need to hunt around for links for other devices).

Backup your phone in iTunes (or with iCloud, which ever you can get to successfully restore – with iTunes you can get software that will let you recover data and pictures from the resulting backup file even if iTunes tells you it is corrupt).

Select Restore in iTunes while holding the Shift key on Windows, or Option on a Mac.

When it prompts you for the file to restore from, select the one you downloaded above, and wait for the restore to complete.

I’ll use a safari link to until google releases an iOS maps app, but then I never used maps on my phone all that much.


Setting up DFS on Windows Server 2008 R2 in a domain with Windows 2003 Server DC’s: Fixing a very particular DFS Replication error

So I’m in the process of a complete migration to Server 2008 R2, and it comes time to migrate DFS. No problem. I have it working on the 2003 machines, I’ll just leave those up to service the users while I set up a new Namespace on the 2008 R2 DC’s, and then I’ll remap the user drives.

Well that was the plan anyway. As it turns out, it’s not quite that easy.

Before I get started on the particular issue I encountered I’ll note that if your DC’s are all 2003 (Schema v30), and you have not updated the AD Schema in preparation for 2008 R2 DC’s (Schema v47), you will want to do that now. The DFS-R service requires that the AD Schema be updated to at least 2003 R2 (Schema v37), and you’re going to have to update it to 2008 R2 before you can add a 2008 R2 Domain Controller anyway so might as well do it now (see this for more information).

The problem: Replication

I set up the Namespace Folders in the DFS Management Console first, and then proceeded to add the Folder Targets. Once you add a second Target to a Namespace Folder, the DFS Management console prompts you to set up replication, which I did. I ran through the Replication Wizard, accepting all the defaults, and it promptly failed out at the “Update folder security” step, as shown in Figure 1:

Figure 1

Ok, well there is a tab for the error, let’s click that and see what’s in there as shown in Figure 2 (the blacked out areas are the Server names):

Figure 2

Well, that’s not very helpful. Maybe there is something in the event logs? Hmm not really, the closest thing was an Error 6804 from DFSR as shown in Figure 3:

Figure 3

Which is not exactly helpful. So what is the problem? Well it turns out that Microsoft doesn’t document very well. They document in exact steps using an example (like this one on how to set up DFS on Server 2008). The problems arise when you deviate from that example in an attempt to do things in a logical manner. I inadvertently caused this issue, in the underlying file structure on the Servers.

I have two identical (hardware wise) servers that I am configuring this on. They each have a single RAID10 volume totaling approximately 680GB of storage per machine. This is in two partitions; the SYSTEM partition (C:\) at ~50GB, and the DATA partition (D:\) at ~630GB, give or take a couple of GB’s.

When I set up the DFS Namespace, I decided to keep everything simple: since the SYSTEM partition is rather limited, I’ll set the DFSRoot in D:\public, which also happens to be where I created the Folder Targets. This is a no no. When you create a Folder in DFS, Microsoft creates a reparse point in the DFSRoot with the same name. Well, it turns out that there is absolutely nothing that will prevent you from selecting and sharing this reparse point as a Folder Target in DFS. Well nothing except trying to get the Folder Targets to replicate. There is also nothing in any of Microsoft’s technical documentation that says that this is a no no.

At this point, I deleted the entire DFS Namespace, and started over (keeping this in mind). It works fine when you separate the DFSRoot and the Target Folders.

I guess all I can say is; I… I didn’t know I couldn’t do that.

How to use Gmail to manage contacts on an iPhone

When I first moved to an iPhone, I lost all of my contacts after an update to iOS (good old iTunes and its corrupt backups). I had just gotten the phone, so there were not many contacts to lose, and I had them backed up in an excel spreadsheet. But I learned not to ever trust Apple with my data.

After doing a little bit of research, I discovered that I could use Gmail to manage my contacts, which is a great solution because it integrates with iOS 4+ really well and also because it gets my contacts online.

This is optional, but if you already have contacts in your iPhone you’ll want to import them into Gmail. Unfortunately the easiest way to do this is using iTunes (after this is done if you have iOS 5+ installed you’ll only need iTunes to sync music and ringtones).

You can use iTunes to upload existing Contacts from your Apple device to Gmail. Only the following information can be uploaded:

  • People’s names and job titles
  • Company names
  • Email and postal addresses
  • Phone numbers
  • IM names, including the type of service
  • Notes

Other information, like custom ringtones and photos, are not uploaded. Please sync them to Outlook first.

Contact Upload Instructions

  • Connect your iPhone, iPad, or iPod Touch to your computer using the USB cable.
  • Open the iTunes application.
  • Select your iPhone and click the Info tab.
  • Check the Sync Contacts with option and select Google Contacts from the drop-down menu.
  • Click Configure and enter your Google username and password.

  • Press Apply to sync your device with iTunes.
  • Once you’ve checked that your contacts are available on the web, disable iTunes Contacts sync with Google. If you don’t do this, you’ll see duplicate contacts on your phone.

Now that you have your iPhone contacts in Gmail, you can setup Gmail using an Exchange connection and specify that account for default contacts creation.

Getting Started

1. Open the Settings application on your device’s home screen.
2. Open Mail, Contacts, Calendars.
3. Press Add Account….
4. Select Microsoft Exchange. iOS 4.0+ allows multiple Exchange accounts. However, if you’re on a device that doesn’t let you add a second account, you could also use CalDAV to sync Google Calendar and IMAP to sync Gmail.

settings mail calendar contacts on iphone  add mail calendar contacts account on iphone  microsoft exchange

Enter Account Info

5. In the Email field, enter your full Google Account email address. If you use an address, you may see an “Unable to verify certificate” warning when you proceed to the next step.
6. Leave the Domain field blank.
7. Enter your full Google Account email address as the Username.
8. Enter your Google Account password as the Password.

Notes about passwords:

9. Tap Next at the top of your screen.
9a. Choose Cancel if the Unable to Verify Certificate dialog appears.
10. When the new Server field appears, enter
11. Press Next at the top of your screen again.

exchange domain  exchange server

Enable Mail and Calendar

12. Select the Google services (Mail, Calendar, and Contacts) you want to sync. To receive and respond to meeting requests on your device, both Mail and Calendar need to be turned on, and New Invitations needs to be enabled in your Google Calendar settings.

To enable New Invitations, sign in to your Google Calendar using the web browser on your phone or computer. Go to Calendar Settings > Calendars > Click on the Notifications for the calendar you want to sync. Under Email check New Invitations (and any of the other Invitation settings you want enabled), and click Save.

13. Unless you want to delete all the existing Contacts and Calendars on your phone, select the Keep on my iPhone (or iPad or iPod touch) option when prompted. This will also allow you to keep syncing with your computer via iTunes.

If you want to sync only the My Contacts group, you must choose to Delete Existing Contacts during the Google Sync install when prompted. If you choose to keep existing contacts, it will sync the contents of the All Contacts group instead. If there are no contacts on your phone, the latter will happen — the contents of your All Contacts group will be synced.

iphone exchange mail calendars contacts  exchange keep on my iphone

Set Gmail as the default account for new contacts

To do this, select Settings  >  Mail, Contacts, Calendars  >  Scroll to the Contacts Section  >  Default Account  >  Change FROM On My iPhone TO (whatever you named your Gmail account).

Now, whenever you create a contact on your iPhone, it will automatically sync to Google!

Siri-ous vulnerability in default iPhone 4s configuration

So like many people, I got an iPhone 4s shortly after launch. It wasn’t totally gadget lust, I have iPhone users to support at work, and they have started upgrading to the 4s (deployed the first one today).

Turns out it’s a good thing I got one a couple of weeks before any of my users.

I keep my phone locked with a passcode, but with Siri enabled, that doesn’t mean the phone is secure.

There is a setting in iOS 5 phones with Siri enabled (at this point only the 4s) that allows Siri to be accessed while the phone is locked. This is a feature not a bug. With this feature enabled anyone who picks up your locked iPhone 4s can send email, text messages, make calls, even screw with your calendar. The potential for shenanigans is only limited by how well the unauthorized user knows Siri.

I was able to set an alarm for 3AM with the phone locked, so I can only imagine what someone that really knows how to use Siri could get up to.

Unfortunately Apple decided to set this to enabled by default. Apparently impressing your buddies is more important than securing your phone, even if you thought you had secured your phone by enabling a passcode lock.

Fortunately it’s a setting, so you can disable it. To do so, go to Settings>General>Passcode Lock, and turn the Siri setting to Off.

This means that you can’t use Siri when your phone is locked, but then neither can anyone else. I’m disappointed that Apple hasn’t yet made taking security seriously a priority, it would have been so easy to avoid this potentially serious security breach.

How to make use of your PowerShell profile.

PowerShell is the tool for Windows Administrators. I can’t even begin to explain how truly useful it is in this article. Once of the most awesome features of PowerShell is it’s native extensibility. It is rather trivial to do things in PowerShell that would take monumental amounts of effort using any other Windows automation technology (I’m looking at you VBScript), if it is even possible to do them with said technology (again, I’m looking at you VBScript).

Before you can make use of a profile in PowerShell, you must enable the execution of scripts (this is disabled in PowerShell by default), by setting the Execution Policy to at least “AllSigned” (be aware that if you do this, you’ll have to be able to digitally sign your scripts before any will execute, including your profile script). You can find information on setting the PowerShell Execution Policy here.Once you have the Execution Policy set (I generally use RemoteSigned, but in a production environment, you should really be using AllSigned for maximum security), you need to set up your profile script.

PowerShell can store all kinds of useful things in the $profile variable (like aliases, functions, variables, or even extensions like snap-ins or modules), which is actually a PowerShell script that is executed when a console session is started (hence why you need to set the Execution Policy before you can make use of it). But the PowerShell Profile is not created automatically. To see if you have a PowerShell profile, open a PowerShell session, and type this command:

    test-path $profile

If it returned $true, you already have a PowerShell profile set up, if it returned $false, you do not (If you do skip to the “Editing your $profile” section below).

Creating a PowerShell Profile

If you do not already have a PowerShell Profile the first step is to create one. This can be easily done right from the PowerShell console. To create a profile script, type the following at the PowerShell console prompt:

    new-item -path $profile -itemtype file -force

This will generate the required file, and let PowerShell know that you are ready to use it.

Editing your $profile

Just having a PowerShell profile does nothing to change the way PowerShell behaves. To really make use of a PowerShell profile, you’ll need to add something to alter PowerShell’s default behavior. To edit the PowerShell profile type the following command at the PowerShell console:

    notepad $profile

This will open your $profile script for editing in NotePad. Ok, so now what do we put in there?

Really this is going to be personal preference. There are literally thousands of things you can put in a PowerShell profile script. For purposes of demonstration, we’ll set an alias. In the NotePad window that opened when we ran that last command, add this line:

    Set-Alias open 'explorer'

This creates an alias for Windows Explorer. Now save the file, and run this command at the PowerShell console:

    . $profile

This will reload your profile script (make sure there is a space between the “.” and “$profile”), and we can now make use of the alias. At the PowerShell console type the following:

    open c:\

If your $profile is working correctly, this should have opened the root of your C:\ drive in Windows Explorer. Now you can do the same thing without the $profile script directly in the console, but using the PowerShell Profile allows things you set there to persist between console sessions (you can test this by closing the PowerShell console and reopening it, the alias we just set should still work).

How do I?: Share a printer from WS2008 R2 to x86 clients (or, All printers should die in a fire.)

Of all the scenes in Office Space, this is probably the most iconic for IT professionals. We have all dealt with printers, and we all hate them. We’ve all wanted to do this at some point, and it seems that no matter how far technology advances, printers never fail to provide an IT professional the opportunity to hate them anew.

At my day job we recently replaced two aging plotters (a plotter is just a really big printer), with the “new hotness” plotter: the Xerox 6279. It looks nice, it’s got lots of features, but underneath it all, it’s still just an overgrown printer.

The CAD group made the decision on which plotter to buy, I only had two requirements:

  • It must support Windows Server 2008 R2.
  • It must be a new model (no “discontinued model” specials).

I really only care about the first requirement, but I don’t want to have the thing be obsolete (read ludicrously expensive to repair) in six months. So the Xerox rep assures our CAD group that the plotter is WS2008R2 compatible, and they buy it.

What he meant to say is that it is engineered for WS2008, but will work on WS2008R2. Since the CAD group are all on Windows 7 x64 machines, no problem getting them up and working with the new plotter. Unfortunately a couple of our Project Managers need access to the new plotter as well, and this is where things start to go awry. See our Project Managers are on Windows 7 x86 machines. And since Xerox did not write drivers for WS2008R2 (they were written for WS2008, and they even have an x64 driver), the driver does not support this correctly.

But I don’t blame Xerox for this (well not totally), I also blame Microsoft. See this should be a fairly simple operation, which goes something like this:

  • On the Print Server, open Start > Administrative Tools > Print Management
  • Right click the Shared printer
  • Select the Sharing Tab
  • Click the Additional Drivers… button
  • Check the x86 checkbox
  • Click the OK button

Windows will prompt you for the location of the driver, you select it, and you’re off to the races.

Not so much if you are doing this on Server 2008R2, using a driver that was not written specifically for Server 2008R2. After you point the wizard at the correct driver it asks you for ntprint.inf, but you won’t find it on WS2008R2.

Why? Because Windows needs the x86 version of the ntprint.inf file. And it doesn’t exist on Server 2008R2 (this is where I blame Microsoft).

Really Microsoft? Is it so hard to include a tiny (10KB) INF file somewhere in the OS?

So what’s the solution? Well Microsoft’s official solution is to do one of two things:

  • Install the printer driver locally on one client (which should allow the print server to upload the correct driver automatically)
  • Copy the ntprint.inf file from a 32 bit version of WS2008 (because everyone has one on their network amiright?) to the WS2008R2 print server.

The first option will work, but it’s not as straight forward as Microsoft would have you believe. Most of the time it doesn’t work automatically, and you have to export the driver, and then import it on the print server (which works approximately 50% of the time). Most frequently, you end up having to install the printer driver on each x86 client, because it just seems faster (if you only have one or two x86 clients, it may be initially faster to do it this way, but otherwise, or over time it’s not).

The second option is the Least Amount Of Administrative Effort, but what if you don’t have a 32 bit WS2008 install? You can also use  WS2003 (if you have one of those in 32 bit).

If you don’t have either, you can use method one, or you can install the WS2008 32 bit version trial in a VM. Seriously, this is the easiest way. I know this seems like it will take longer than installing the printer driver on the client machines, but remember you only have to do this once (as long as you keep the files we’re going to copy out of the OS) and then you use these files for any printer you’ll share from WS2008R2 with x86 clients.

Once you have a WS2008 x86 instance, navigate to C:\Windows\System32\DriverStore\FileRepository, and find a folder labeled “ntprint.inf_x86_neutral_xxxxxxxx” (the last string will be a random hex string). There may be more than one. Copy them all to a network share, or somewhere on the WS2008R2 machine.

When the WS2008R2 Print Management Additional Driver wizard asks you for the ntprint.inf file, point it to one of these folders, and it should find it in one of them.

You can now successfully install the network printer on x86 clients.

Or you could just get a bat and some friends to help you fix all your printer problems. Permanently.

How to: Single space envelope addresses in Word 2010?

Ok, file this one under WTF?

So one of my users is printing an envelope (I didn’t even know that people still did this for single envelopes), and she tells me that her addresses are double spaced, and can’t get them to be single spaced. She also just had her Office version upgraded from 2003 to 2010 two days ago, so my natural inclination was that this was just a case of “stupid Office Ribbon!”

When I walked into her office, this is what I found:


Ok then. Well this should be easy enough to fix I think. Yeah, no. So some quick Google Fu, and I can now define why this is happening, but am having no luck figuring out how to fix it. This happens because when you hit the ENTER key, Word creates a new paragraph, not just a new line. So it should just be a simple matter of fixing the paragraph spacing right? Except the paragraph spacing is already set to 0px, and the line spacing is already set to single spaced.

Then I find a user with the same problem (you mean there’s more than one of you???). So I’m reading 10 pages of comments with troubleshooting advice like I would give, and all to no avail. Then this gem from a Microsoft MVP for Word: Try SHIFT+ENTER to create a new line rather than a new paragraph.


I discovered later that if you want to fix this permanently, you need to set the paragraph spacing to “auto”, which then allows paragraph spacing to function correctly.

Somewhere at Microsoft there is a Product Manager that approved this jackassery. I’d like to meet that guy face to face so I can kick his junk up into his throat.

I seem to be working my way through the Office 2010 design team, as I have a similar gripe about Outlook 2010 and mail headers.

What next, et tu Excel?

%d bloggers like this: