Microsoft to end support for Windows Rights Management Services V1.0
By Jesse | March 10, 2009
Microsoft will be dropping support for all RMS (Rights Management Services) v1.0 products on March 23rd, 2009. This does not include RMS with V1.0 with SP2 or RMS v2.0 which will still be supported.
On top of dropping support, Microsoft will also be preventing activations or reactiviations of both the client or server. So if you have a server that has an expired SLC you will not be able to renew it after March 23rd unless you upgrade to V1.0 SP2 or later. Microsoft is ending support for v1.0 because it is outdated and can expose customers to security risks.
To get the new clients can be found on the following link:
Microsoft Rights Managment Services with SP2 Download and Info Page
If you have questions please post them and I will try to answer them.
![[del.icio.us]](/wp-content/plugins/bookmarkify/delicious.ico)
![[Digg]](/wp-content/plugins/bookmarkify/digg.ico)
![[StumbleUpon]](/wp-content/plugins/bookmarkify/stumbleupon.ico)
Topics: IT Security, Microsoft RMS, Uncategorized | No Comments »
Fix for “The system administrator has set policies to prevent this installation” error.
By Jesse | March 9, 2009
Several times I have encountered the error:
“The system administrator has set policies to prevent this installation”
The solution to this is to fix the local security policy.
- Open control Panel and go to Administrative Tools.
- In Administrative tools open Local Security Policy.
- In Local Security Policy right click Software Restriction Policies and click “New Software Rectriction Policy”.
- Now Left click on software restriction policies and in the right-hand window you should see enforcement.
- Double-click on enforcement and set the policy to apply to “ALL USERS EXCEPT LOCAL ADMINISTRATORS”
Now approve the changes and see if you are now able to install software.
Alternately several people recommended the following but I’ve found the above steps fix the problem in 98% of cases. If you are unfamiliar with the registry…. stop reading.
- Browse the registry to HKLM\Software\Policies\Microsoft\Windows\Installer
Create: DisableMSI Type: REG_DWORD value = 0 (0 should allow you to install it was originally 1) - Browse to HKEY_CLASSES_ROOT\Installer\Products\
Search the list for the product that is causing the error.. delete the folder in the products folder… this may also correct your error…
If you have any additional comments or pointers they are welcome.
*********************
***** UPDATE ******
*********************
I’ve gotten alot of comments that they cannot find secpol.msc. This is because it is not included on Home versions of vista. However, I now believe I have an answer even to this. I have spent the last hour reviewing the registry changes that are made and have narrowed down the value that is changed when you set the above policy. The Value changed is a dword value :
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{A541BD3D-1A70-4D7B-BC99-CF1ADFC0DE9F}Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\PolicyScope
It is changed from 0 to 1 when you set it not to apply to administrators. When you set “new software restriction policy the following tree is populated:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{A541BD3D-1A70-4D7B-BC99-CF1ADFC0DE9F}Machine\Software\Policies\Microsoft\Windows\Safer
I am not sure if you need the whole tree to get it to function or just the value I have included 2 Registry files to run. The first includes just the policyscope value of 1 the second includes the entire “Safer” tree that was created on my machine when I added the software restriction settings.
Click here to download just the PolicyScope setting. (download and run first to see if it fixes your problem.)
Click here to download the entire “Safer” tree that manually adds the fixed software restriction settings. (try this if the above reg file does not fix your problem.)
Topics: Uncategorized | 64 Comments »
What is Rights Management Services?
By Jesse | February 18, 2009
Rights Management Services is a technology product sold by microsoft that allows users to protect their documents with a set of digital access rights. The original product was created for use with Windows Server 2003 with API’s for Windows XP, Windows 2000 and Vista. In version 2.0 of RMS also known as ADRMS, RMS is now a role in Windows Server 2008.
Rights Management Services allows you to protect sensitive information by allowing the original document owner to easily assign “use rights” to the document. I call RMS “in-use” protection which is unlike Transport encryption such as SSL or PGP and also unlike ACL type restrictions.
In other words, I can create a word document and email it to you and give you “view-only” rights. When you get the email, you will not be able to print the document, copy text out of it, or edit it. RMS even blocks print screen! Pretty neat stuff.
The rights you can assign include “view only”, “print”, “copy”,”save and edit”, or “full control”. These are pretty self-explanatory so I wont go over them in detail, but basically you can assign these rights to any email, Word doc, Excel doc, or PowerPoint doc.
This is a very useful technology, but what happens if you have Blackberries in your environment? or what happens if you have other files types you want to protect like PDF? Ah ha! well, that’s where GigaTrust comes in. GigaTrust, based in Herndon, VA has created a complementary line of products that extends the Microsoft RMS platform to other file types including PDF, Visio, CAD/CAM, JPG, and hundreds more. In addition, they also protect messages sent from the Blackberry and enable the Blackberry to view protected content while still enforcing the original rights.
Very cool stuff GigaTrust! Here’s a post from MS Technet about them too.. If MS is behind them it must be good stuff.
Blackhawk Consulting can provide expert deployment services for native Rights Management Services- We can develop your deployment strategy, can recommend products like GigaTrust, and can design an architecture that fills your RMS service needs.
Topics: Uncategorized | No Comments »
Fedora hangs during install
By Jesse | February 18, 2009
I’ve had several PC’s that refuse to load the Fedora install DVD and hang during startup. I’ve always has success by doing the following. When presented with the inital linux menu to press enter to continue, instead, press tab to edit the boot options
add “ACPI=off noapic” to the end of the boot options. You should now be able to run the install normally without further problem.
Topics: Uncategorized | No Comments »
Fix for device descriptor read/64, error -71
By Jesse | February 11, 2009
This article describes the necessary steps needed to fix a system that does not recognize attached USB devices. If you check your /var/log/messages file you will see:
Feb 11 12:39:28 localhost kernel: usb 2-5: New USB device found, idVendor=0204, idProduct=6025
Feb 11 12:39:28 localhost kernel: usb 2-5: New USB device strings: Mfr=1, Product=2, SerialNumber=3
Feb 11 12:39:28 localhost kernel: usb 2-5: Product: Flash Disk
Feb 11 12:39:28 localhost kernel: usb 2-5: Manufacturer: CBM
Feb 11 12:39:28 localhost kernel: usb 2-5: SerialNumber: 09171500CA39E502
Feb 11 12:39:28 localhost kernel: usb 2-5: USB disconnect, address 7
Feb 11 12:39:28 localhost kernel: usb 8-1: new full speed USB device using uhci_hcd and address 6
Feb 11 12:39:28 localhost kernel: usb 8-1: device descriptor read/64, error -71
Feb 11 12:39:29 localhost kernel: usb 8-1: device descriptor read/64, error -71
Feb 11 12:39:29 localhost kernel: usb 8-1: new full speed USB device using uhci_hcd and address 7
Feb 11 12:39:29 localhost kernel: usb 8-1: device descriptor read/64, error -71
Feb 11 12:39:29 localhost kernel: usb 8-1: device descriptor read/64, error -71
Feb 11 12:39:29 localhost kernel: usb 8-1: new full speed USB device using uhci_hcd and address 8
Feb 11 12:39:30 localhost kernel: usb 8-1: device not accepting address 8, error -71
Feb 11 12:39:30 localhost kernel: usb 8-1: new full speed USB device using uhci_hcd and address 9
Feb 11 12:39:30 localhost kernel: usb 8-1: device not accepting address 9, error -71
Feb 11 12:39:30 localhost kernel: hub 8-0:1.0: unable to enumerate USB device on port 1
To fix this problem, reboot the machine and at the boot menu edit the kernel options and add irqpoll.
After editing irqpoll to the kernel option- the problem should go away and the device should show up as a normal USB 2.0 device.
Topics: Uncategorized | 1 Comment »
BES “Device Not Supported” error
By Jesse | February 9, 2009
If you receive a “Device Not Supported” error when trying to deploy an application to a new Blackberry device from your BES server, it is likely because your device.xml and vendor.xml files are not up-to-date.
To update your device.xml file and vendor.xml files right click on the links below:
https://www.blackberry.com/Desktop/Download/XML/Device.xml
https://www.blackberry.com/Desktop/Download/XML/Vendor.xml
and save them to the following location on the BES server:
C:\Program Files\Common Files\Research In Motion\AppLoader
You should not need to restart any services after making this update. After completing the update, please try to redeploy back to the device.
Topics: How To, Uncategorized | No Comments »
Blackhawk Consulting Blog reaches 1,000 users per month
By Jesse | February 6, 2009
After careful months of dedication to the new site, Blackhawk Consulting, a company specializing in generalized IT consulting, hit a new high of 1,000 individual users per month. With growth of about 200% / month, it really shows what dedication and a good knowledge of web marketing and development can do.
If you have need of Search Engine Optimization and would like blackhawk consulting to help you improve your website, whether in market reach or by improving your search engine optimization, visit our site today at http://www.blackhawkconsulting.com
Topics: Uncategorized | No Comments »
McAfee 8.7i disabled — Fix
By Jesse | February 3, 2009
McAfee Virus Scan 8.7i disabled – solution:
There is a known issue wit McAfee Enterprise 8.7i that causes McAfee to become disabled. Once disabled McAfee will not re-enable. Events in event viewer include:
Event ID: 5004
Could not contact Filter Driver.
Error = 0×7d1 : The specified driver is invalid.
To solve this issue visit my article on the fix — This fix has been tested and works and involves modifying the registry:
Event ID: 5000
This error also prevents repairing the application and will generate an Error 1920: Service McAfee McShield (McShield) failed to start.
Topics: Uncategorized | No Comments »
HOWTO: Getting Group Policy Updates to External Users
By Jesse | January 19, 2009
I recently had an issue where I needed to get an external user joined back to the domain even though the users was outside the network. This can be a challenging task if you dont know the trick.
The trick to getting an external computer to join an internal network is the switch user button.
- First, have the user login to the local admin account.
- After the user has logged in, have him connect to the company VPN. The computer is now joined to the internal company network as if he were anyone else in the office.
- If you need to join the computer to the domain, you can now follow the standard steps in computer properties to join the doman. Then reboot and repeat process (steps 1-2).
- After the computer is joined to the doman, or if you’re just trying to get him to login with a domain account, now have him hit switch user, and login to his domain account. As long as the vpn connection is still active, you should be able to login to the the domain account and also get new group policy settings pushed to the machine.
Once the the user has logged into the domain once, he should not need to vpn in again to login a second time as his domain credentials will now be cached on the machine. You now have a remote profile for this user that uses the Corporate Domain.
If you have any questions or comments, please feel free to comment below. Also, if you found this article helpful please digg or del.icio.us this site.
Topics: How To, Microsoft Windows | No Comments »
Are you Minty? Finances made easy
By Jesse | January 16, 2009
This post is unrelated to IT Consulting, but I thought it was a neat site and that others might benefit from it.
A new website called Mint (http://www.mint.com) will track your finances similar to the way quicken does.. Whats the difference??
- Mint is free.. So there’s never any upgrade fee. I got tired of having to keep upgrading my version of Quicken. Yes, Quicken is nice, yes I dont have to upgrade, but…. Mint is free and equally nice.
- Mint is available from anywhere. I liked the idea that I could access my account from any location.
- Mint will send you email alerts. I really liked the alerting features for large transactions, or finance charges, or pretty much anything else you can think of ..
Great job, guys! great service.
Topics: Uncategorized | No Comments »
« Previous Entries Next Entries »