Cries of joy are ringing throughout the Microsoft BPOS Partner community--the ability to set "Password Never Expires" for BPOS Standard Accounts has *finally* been released. Previously available only for BPOS-D customers, Microsoft has ported the command to the newest update of the Microsft Online Services Migration Tools (available for x86 here and x64 here).
So, once you've downloaded and installed the updated tools, how do you avail yourself of this helpful feature?
Set "Password Never Expires" for All Enabled Users
1. Open Migration Command Shell.
2. Copy/paste the following commands:
$cred = Get-Credential
Get-MSOnlineUser -enabled -Credential $cred | Set-MSOnlineUserPasswordNeverExpire -Credential $cred -PasswordNeverExpire $true
Drop in your BPOS administrative credentials (in the form of user@domain.com and password) in the pop-up dialog box when prompted.
Wednesday, August 24, 2011
Wednesday, July 20, 2011
Windows XP Automatic Updates service is missing
Recently, there have been a rash of "fake antivirus" viruses and trojans floating around the internet. Two of the more frustrating issues:
- Why are all my icons hidden?
- Where the heck did my Automatic Updates service go?
- Why am I getting Windows Update Error 0x80072EFE?
The icons hidden one is fairly benign and relatively easy to resolve:
1. Open Windows Explorer.
2. Select Tools > Folder Options.
3. Select the View tab.
4. Select the Show hidden files and folders radio button and click OK.
5. From Windows Explorer, navigate to C:\.
6. Right-click on the folder "Documents and Settings" and click Properties.
7. Clear the "Hidden" checkbox.
8. When prompted, choose to apply to all subfolders and files.
As far as the Automatic Updates issue goes, it's a little trickier. These particular strains of malware do everything from unregister DLLs to removing the Windows Update service altogether. Most of the time, the solution involves one or more of the following tasks:
- Re-registering the WUAU DLLs
- Re-registering Internet Explorer DLLs
- Deleting the cached update downloads
- Resetting the cryptographic service database
Copy/paste the following script into Notepad and save it as a .bat file:
net stop wuauserv /y
net stop bits /y
net stop cryptsvc /y
ren %systemroot%\system32\catroot2 catroot2_old
rd /s /q %systemroot%\SoftwareDistribution
regsvr32 /s actxprxy.dll
regsvr32 /s atl.dll
regsvr32 /s browseui.dll
regsvr32 /s cdm.dll
regsvr32 /s cryptdlg.dll
regsvr32 /s dssenh.dll
regsvr32 /s gpkcsp.dll
regsvr32 /s initpki.dll
regsvr32 /s iuengine.dll
regsvr32 /s mshtml.dll
regsvr32 /s msxml.dll
regsvr32 /s msxml2.dll
regsvr32 /s msxml2r.dll
regsvr32 /s msxml3.dll
regsvr32 /s msxml3r.dll
regsvr32 /s msxmlr.dll
regsvr32 /s oleaut32.dll
regsvr32 /s qmgr.dll
regsvr32 /s rsaenh.dll
regsvr32 /s sccbase.dll
regsvr32 /s shdocvw.dll
regsvr32 /s slbcsp.dll
regsvr32 /s softpub.dll
regsvr32 /s urlmon.dll
regsvr32 /s wintrust.dll
regsvr32 /s wuapi.dll
regsvr32 /s wuaueng.dll
regsvr32 /s wuaueng1.dll
regsvr32 /s wuauserv.dll
regsvr32 /s wucltui.dll
regsvr32 /s wups.dll
regsvr32 /s wups2.dll
regsvr32 /s wuweb.dll
net start cryptsvc
net start bits
net start wuauserv
Run. The "Automatic Updates" service should now be visible in the Services applet.
- Why are all my icons hidden?
- Where the heck did my Automatic Updates service go?
- Why am I getting Windows Update Error 0x80072EFE?
The icons hidden one is fairly benign and relatively easy to resolve:
1. Open Windows Explorer.
2. Select Tools > Folder Options.
3. Select the View tab.
4. Select the Show hidden files and folders radio button and click OK.
5. From Windows Explorer, navigate to C:\.
6. Right-click on the folder "Documents and Settings" and click Properties.
7. Clear the "Hidden" checkbox.
8. When prompted, choose to apply to all subfolders and files.
As far as the Automatic Updates issue goes, it's a little trickier. These particular strains of malware do everything from unregister DLLs to removing the Windows Update service altogether. Most of the time, the solution involves one or more of the following tasks:
- Re-registering the WUAU DLLs
- Re-registering Internet Explorer DLLs
- Deleting the cached update downloads
- Resetting the cryptographic service database
Copy/paste the following script into Notepad and save it as a .bat file:
net stop wuauserv /y
net stop bits /y
net stop cryptsvc /y
ren %systemroot%\system32\catroot2 catroot2_old
rd /s /q %systemroot%\SoftwareDistribution
regsvr32 /s actxprxy.dll
regsvr32 /s atl.dll
regsvr32 /s browseui.dll
regsvr32 /s cdm.dll
regsvr32 /s cryptdlg.dll
regsvr32 /s dssenh.dll
regsvr32 /s gpkcsp.dll
regsvr32 /s initpki.dll
regsvr32 /s iuengine.dll
regsvr32 /s mshtml.dll
regsvr32 /s msxml.dll
regsvr32 /s msxml2.dll
regsvr32 /s msxml2r.dll
regsvr32 /s msxml3.dll
regsvr32 /s msxml3r.dll
regsvr32 /s msxmlr.dll
regsvr32 /s oleaut32.dll
regsvr32 /s qmgr.dll
regsvr32 /s rsaenh.dll
regsvr32 /s sccbase.dll
regsvr32 /s shdocvw.dll
regsvr32 /s slbcsp.dll
regsvr32 /s softpub.dll
regsvr32 /s urlmon.dll
regsvr32 /s wintrust.dll
regsvr32 /s wuapi.dll
regsvr32 /s wuaueng.dll
regsvr32 /s wuaueng1.dll
regsvr32 /s wuauserv.dll
regsvr32 /s wucltui.dll
regsvr32 /s wups.dll
regsvr32 /s wups2.dll
regsvr32 /s wuweb.dll
net start cryptsvc
net start bits
net start wuauserv
Run. The "Automatic Updates" service should now be visible in the Services applet.
Friday, May 20, 2011
Internet Explorer 8 and the continuous "Manage Add-Ons" Prompt
While trying to deploy the Microsoft Online Services Single Sign-On Tool for a customer migrating to BPOS, I found myself sitting at a customer's computer banging my head against the wall. When I'd launch the tool and sign in as the user, I kept on getting the "Unable to prepare certificate" error.
The MSOL tool is dependent on a number of things:
- .NET Framework 2.0 or later
- Correct time (within 5 minute skew of the MSOL servers)
- Internet Explorer as your default browser
I was OK on the firsts two items, but I had noticed that my customer had installed both Firefox and Chrome. No big deal, right? I launch IE and set it as the default browser and attempt to reconfigure the sign-on tool (to no avail).
I proceed to follow the traditional troubleshooting steps:
- Uninstall/reinstall Online Services Single Sign-On Tool
- Uninstall/reinstall .NET Framework from 4.0 down to 2.0 and back again
- Reset IE to default settings.
Neither of these fixed my problem.
I launched IE and was faced with what I thought was an annoyance--the "Manage Add-Ons" window kept popping up with my default search providers. I'd set it, close IE, restart, and get the dialog box again.
I thought, "Now I'm getting somewhere." I thought maybe there was a piece of malware affecting the customer's system, so I downloaded one of my favorite programs, ran a scan, and didn't find anything.
In the end, I stumbled upon a tip from another hapless soul facing my same problem:
1. Make sure all IE windows are closed. To be sure, you can open a command prompt and run taskkill /im iexplore.exe /f .
2. Open Regedit.
3. Navigate to HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders.
4. Right-click, point to New > Expandable String Value.
5. Type AppData and press ENTER.
6. Double-click the new AppData value and enter %userprofile%\Application Data and click OK.
7. Try launching IE again.
The MSOL tool is dependent on a number of things:
- .NET Framework 2.0 or later
- Correct time (within 5 minute skew of the MSOL servers)
- Internet Explorer as your default browser
I was OK on the firsts two items, but I had noticed that my customer had installed both Firefox and Chrome. No big deal, right? I launch IE and set it as the default browser and attempt to reconfigure the sign-on tool (to no avail).
I proceed to follow the traditional troubleshooting steps:
- Uninstall/reinstall Online Services Single Sign-On Tool
- Uninstall/reinstall .NET Framework from 4.0 down to 2.0 and back again
- Reset IE to default settings.
Neither of these fixed my problem.
I launched IE and was faced with what I thought was an annoyance--the "Manage Add-Ons" window kept popping up with my default search providers. I'd set it, close IE, restart, and get the dialog box again.
I thought, "Now I'm getting somewhere." I thought maybe there was a piece of malware affecting the customer's system, so I downloaded one of my favorite programs, ran a scan, and didn't find anything.
In the end, I stumbled upon a tip from another hapless soul facing my same problem:
1. Make sure all IE windows are closed. To be sure, you can open a command prompt and run taskkill /im iexplore.exe /f .
2. Open Regedit.
3. Navigate to HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders.
4. Right-click, point to New > Expandable String Value.
5. Type AppData and press ENTER.
6. Double-click the new AppData value and enter %userprofile%\Application Data and click OK.
7. Try launching IE again.
Wednesday, February 2, 2011
Exchange 2010 Messages Stuck in Retry status in "MapiDeliveryQueue"
In case your Exchange admin life wasn't difficult enough, you can always have this problem, manifested with the following symptoms:
- Mail delivery hung
- Messages stuck in local delivery "MapiDeliveryQueue" with a status of "Retry"
Classic tactics such as restarting the server or right-clicking the queue and selecting "Retry" have no effect.
The key here is that Exchange 2007 and later treat these messages differently than standard SMTP queues. In order to process these messages, they need to be re-submitted using the following Exchange cmdlet:
Retry-Queue -Filter {Status -eq "Retry"} -Server "exchangeserver" -resubmit $true
The default re-submit queue time is 12 hours. To modify this:
1. Using Notepad, edit the file: C:\Program Files\Microsoft\Exchange Server\V14\Bin\EdgeTransport.exe.config.
2. Modify the following line in the
<add key="MaxIdleTimeBeforeResubmit" value="<hh:mm:ss>"/>
3. Save the file.
4. Open up the Exchange Command shell and run restart-service *rt
- Mail delivery hung
- Messages stuck in local delivery "MapiDeliveryQueue" with a status of "Retry"
Classic tactics such as restarting the server or right-clicking the queue and selecting "Retry" have no effect.
The key here is that Exchange 2007 and later treat these messages differently than standard SMTP queues. In order to process these messages, they need to be re-submitted using the following Exchange cmdlet:
Retry-Queue -Filter {Status -eq "Retry"} -Server "exchangeserver" -resubmit $true
The default re-submit queue time is 12 hours. To modify this:
1. Using Notepad, edit the file: C:\Program Files\Microsoft\Exchange Server\V14\Bin\EdgeTransport.exe.config.
2. Modify the following line in the
<add key="MaxIdleTimeBeforeResubmit" value="<hh:mm:ss>"/>
3. Save the file.
4. Open up the Exchange Command shell and run restart-service *rt
Saturday, January 22, 2011
IIS 6.0 404 Error for a file you *know* is there
This morning I was doing some maintenance on a customer's machine and needed to reinstall the application. The customer site is closed, but the work still needs to be done. I had a copy of the ISO media available on a server in our office, so the solution seemed obvious: drop it on a web server and pull it down from the client's machine.
So, I created a directory on one of our web servers, placed the ISO file there, and turned on "Directory Browsing" for that directory. I then logged into my customer's machine and navigated to the site and found the file. I right-clicked on the file, hit "Save Target As..." and ....
Internet Explorer cannot download myfile.iso from my.webserver.com.
Internet Explorer was not able to open this Internet site. The requested site is either unavailable or cannot be found. Please try again later.
I went back to the site and this time, just clicked on the file name, and was greeted with the generic 404 message.
Fortunately, the solution is very simple and only takes a few seconds.
1. Open up IIS Manager.
2. Navigate to the web site (if you don't want to change the setting for the entire web server, you can just navigate to the directory path off the web site).
3. Right-click > Properties on the website (or directory).
4. Select the "HTTP Headers" tab.
5. Select the "MIME Types" button.
6. Click the "New" button.
7. Add the extension type (in my case, ISO).
8. Add the MIME type (in my case, application/octet-stream).
9. Click OK three times.
Try to re-download the file in your browser.
The reason for this behavior is described in detail in the IIS 6.0 documentation here.
So, I created a directory on one of our web servers, placed the ISO file there, and turned on "Directory Browsing" for that directory. I then logged into my customer's machine and navigated to the site and found the file. I right-clicked on the file, hit "Save Target As..." and ....
Internet Explorer cannot download myfile.iso from my.webserver.com.
Internet Explorer was not able to open this Internet site. The requested site is either unavailable or cannot be found. Please try again later.
I went back to the site and this time, just clicked on the file name, and was greeted with the generic 404 message.
Fortunately, the solution is very simple and only takes a few seconds.
1. Open up IIS Manager.
2. Navigate to the web site (if you don't want to change the setting for the entire web server, you can just navigate to the directory path off the web site).
3. Right-click > Properties on the website (or directory).
4. Select the "HTTP Headers" tab.
5. Select the "MIME Types" button.
6. Click the "New" button.
7. Add the extension type (in my case, ISO).
8. Add the MIME type (in my case, application/octet-stream).
9. Click OK three times.
Try to re-download the file in your browser.
The reason for this behavior is described in detail in the IIS 6.0 documentation here.
Tuesday, January 4, 2011
How to fix a bad/corrupt/hidden source in Cydia
I was adding a new Cydia repository the other day to my iPhone and apparently mistyped something. I deleted it from the GUI, but every time I went to search Cydia for an application or manage my source list, I received an error that the repository was unavailable and then received the following error:
Sub-process bzip2 returned an error code (2)
Sub-process bzip2 returned an error code (2)
Fortunately, there's a way to fix it. You'll need a few pieces of software:
- OpenSSH installed on your iDevice
- WinSCP (free Windows Secure Copy client; available at http://sourceforge.net/projects/winscp)
- plist Editor for Windows (Mac OS Property List editor; http://www.ipodrobot.com/blog/2009/02/free-plist-editor-for-windows-10-released.htm)
- Make sure you have SSH access to your iDevice When you installed Cydia, you had the option for which tool sets you wanted. If you didnt' select a tool set that includes command-line tools, you'll need to install those first (OpenSSH is the main piece that's required). If SSH isn't working, you'll need to reinstall it and then respring your device.
- Test your SSH login credentials by using an SSH client such as putty connecting to your device's WiFi address and logging in as 'root.' If you have not changed the root password, the default is 'alpine.'
- Using a secure copy client (such as WinSCP), connect to your iDevice and navigate to /private/etc/apt/source.list.d.
- Right-click > Edit the cydia.list file, remove the offending line, and click Save. Close the WinSCP editor.
- Navigate to /private/var/lib/cydia.
- Copy the metadata.plist file to your computer.
- Using plist editor, open the metadata.plist on your computer.
- Search for the repository you need to remove. The line will look something like
deb:http://repositoryname/:./ - Select and delete down to the next key
tag. Your selection should start with an open key tag and end with a close dict tag and should contain approximately 9 lines of data. - Copy it back to /private/var/lib/cydia and overwrite the existing file.
- Navigate to /private/var/lib/apt/lists and delete the files starting with the name of the source you wish to remove.
- Navigate to /private/var/lib/apt/list/partial and do the same.
- Close WinSCP and respring your iDevice.
Thursday, December 16, 2010
Bulk add host headers to IIS site
Kind of in line with my previous post of bulk adding DNS zones and configuring secondaries is the need to bind multiple new host headers to a customer's site. Doing it from the IIS Manager is tedious, to say the least.
Fortunately, there is a way to bulk do this as well. This method is a little clunky, but still way better than doing it all manually.
1. From IIS Manager, locate the identifier for your website (if it's not the default site).
2. Open a command prompt and navigate to (default) \Inetpub\Adminscripts.
3. Run the following command:
cscript adsutil.vbs get w3svc/{site identifier}/serverbindings
The reason this has to be done is the adsutil.vbs set command will overwrite this settings (not add to them), so if you just plug in your new host headers, you'll lose all of your old ones!
You should get an output that looks similar to this:
":80:www.oldhostheader1.com"
":80:www.oldhostheader2.com"
4. Copy/paste the output into a notepad window. Delete the white spaces until it's all one continuous line.
5. Using the same format, add your new host headers to this list so that it looks like this:
":80:www.oldhostheader1.com" ":80:www.oldhostheader2.com" ":80:www.newhostheader1.com" ":80:www.newhostheader2.com"
6. At the beginning of the line, prepend cscript adsutil.vbs set w3svc/{siteidentifier}/server bindings, and save it as a .bat file.
7. Run.
Fortunately, there is a way to bulk do this as well. This method is a little clunky, but still way better than doing it all manually.
1. From IIS Manager, locate the identifier for your website (if it's not the default site).
2. Open a command prompt and navigate to (default) \Inetpub\Adminscripts.
3. Run the following command:
cscript adsutil.vbs get w3svc/{site identifier}/serverbindings
The reason this has to be done is the adsutil.vbs set command will overwrite this settings (not add to them), so if you just plug in your new host headers, you'll lose all of your old ones!
You should get an output that looks similar to this:
":80:www.oldhostheader1.com"
":80:www.oldhostheader2.com"
4. Copy/paste the output into a notepad window. Delete the white spaces until it's all one continuous line.
5. Using the same format, add your new host headers to this list so that it looks like this:
":80:www.oldhostheader1.com" ":80:www.oldhostheader2.com" ":80:www.newhostheader1.com" ":80:www.newhostheader2.com"
6. At the beginning of the line, prepend cscript adsutil.vbs set w3svc/{siteidentifier}/server bindings, and save it as a .bat file.
7. Run.
Quick 'n dirty DNSCMD scripts
Periodically, I get requests to bulk add domains to our DNS hosting environment. Here are a few simple DNScmd scripts to help make the job easier.
On the DNS Primary server, I created a batch script named "zoneadd_primary.bat" and put this in it:
@ECHO OFF
REM
REM Add DNS zones in from command line parameter file as
REM Standard Primary zones.
REM Replace n.n.n.n with IP address of primary/master DNSserver.
REM Replace x.x.x.x and y.y.y.y with your secondary/slave servers.
REM Check for command-line parameter
if "%1"=="" GOTO USAGE
for /F %%a in (%1) do dnscmd /zoneadd %%a /primary /file %%a.dns
REM Add secondary/slave servers to zones
for /F %%a in (%1) do dnscmd /zoneresetsecondaries %%a /securelist x.x.x.x y.y.y.y
GOTO END
:USAGE
ECHO.
ECHO Error: no file specified
ECHO.
ECHO Usage:
ECHO zoneadd_primary [filename]
ECHO.
ECHO where [filename] is a text file with a list of domains.
ECHO.
ECHO Example:
ECHO.
ECHO zoneadd_primary domains.txt
ECHO.
:END
And then, on the slave servers, I put a companion script called "zoneadd_secondary.bat" with a similar script:
@ECHO OFF
REM
REM Add DNS zones in domains.txt as secondary zones.
REM Replace n.n.n.n with IP address of primary/master server.
if "%1"=="" GOTO USAGE
for /F %%a in (%1) do do dnscmd /zoneadd %%a /secondary n.n.n.n
GOTO END
:USAGE
ECHO.
ECHO Error: no file specified
ECHO.
ECHO Usage:
ECHO zoneadd_secondary [filename]
ECHO.
ECHO where [filename] is a text file with a list of domains.
ECHO.
ECHO Example:
ECHO.
ECHO zoneadd_secondary domains.txt
ECHO.
:END
Not much to it, but I do find it useful.
On the DNS Primary server, I created a batch script named "zoneadd_primary.bat" and put this in it:
@ECHO OFF
REM
REM Add DNS zones in from command line parameter file as
REM Standard Primary zones.
REM Replace n.n.n.n with IP address of primary/master DNSserver.
REM Replace x.x.x.x and y.y.y.y with your secondary/slave servers.
REM Check for command-line parameter
if "%1"=="" GOTO USAGE
for /F %%a in (%1) do dnscmd /zoneadd %%a /primary /file %%a.dns
REM Add secondary/slave servers to zones
for /F %%a in (%1) do dnscmd /zoneresetsecondaries %%a /securelist x.x.x.x y.y.y.y
GOTO END
:USAGE
ECHO.
ECHO Error: no file specified
ECHO.
ECHO Usage:
ECHO zoneadd_primary [filename]
ECHO.
ECHO where [filename] is a text file with a list of domains.
ECHO.
ECHO Example:
ECHO.
ECHO zoneadd_primary domains.txt
ECHO.
:END
And then, on the slave servers, I put a companion script called "zoneadd_secondary.bat" with a similar script:
@ECHO OFF
REM
REM Add DNS zones in domains.txt as secondary zones.
REM Replace n.n.n.n with IP address of primary/master server.
if "%1"=="" GOTO USAGE
for /F %%a in (%1) do do dnscmd /zoneadd %%a /secondary n.n.n.n
GOTO END
:USAGE
ECHO.
ECHO Error: no file specified
ECHO.
ECHO Usage:
ECHO zoneadd_secondary [filename]
ECHO.
ECHO where [filename] is a text file with a list of domains.
ECHO.
ECHO Example:
ECHO.
ECHO zoneadd_secondary domains.txt
ECHO.
:END
Not much to it, but I do find it useful.
Saturday, December 11, 2010
Mitch McConnell, This One's For You
Also titled, "Everything that's wrong with Republicans and Democrats."
It's been a while since I've posted something political; now that the dust is getting kicked up around the compromise deal between President Obama and the Senate Republicans, I think it's a good time to let my feelings out.
Hearing Mitch McConnell on the radio is an audio reminder of why I don't consider myself a Republican anymore. I have no idea how he can claim that extending the Bush tax cuts to the wealthiest 2% of Americans is going to help our ailing economy. Since it's obvious that it's been a few years since he's had an economics course, I'm going to share my limited recollection of college econ.
Now, mind you, I was born and raised in a house that bled Reaganomics. I still hear stories about how I ran around the Whitewater Armory on election day yelling "Ronald Reagan is a good man!" I was always told that the rich people create jobs and that you never asked a Wal-Mart greeter for a job. I was told that everyone's born a Democrat, and then they grow up.
However, I've come to the realization that this particular viewpoint was very one-sided and not very practical.
While rich people and businss owners *do* create jobs, they create jobs when there is sufficient economic cause to do so. Rich people didn't get to be rich by spending their money foolishly, and few things are more foolish than employing a bunch of people making stuff that isn't getting sold.
For some reason, Mitch McConnel seems sold on the idea that the richest 2% of Americans need all of these tax breaks extended because we're in a fragile economy and that extra oomph is needed to entice them to create jobs.
Mitch, I've got news for you--no one with bags of money sits around thinking, "I'm going to create some jobs by employing a bunch of minimum wage folks in hopes of stimulating the economy." There is no benevolent employer who is looking for the opportunity to create a warehouse full of unsold goods. Rich people don't get to be rich by hiring a bunch of people to stand around idle. What stimulates the economy is a lot of people buying stuff over a sustained period. The spending must come before the job creation does.
What he (and the other Congressional Republicans) need to remember is that the most direct ways to stimulate the economy and reduce the deficit are:
1. Extend unemployment benefits. People who are on unemployment aren't building a rainy day fund. UE is barely enough to keep food on the table for most families; every last penny of it is going immediately back into the economy.
2. Simplify the tax structure. It was tried in 1986, but didn't really have a huge net change. There are so many loopholes favoring the rich that they can, in some cases, pay less taxes than people making 1/10 of what they make. Eliminate the vast majority of deductions. There is no reason that the personal tax code can't be under 100 pages, or even 50.
3. Broaden the tax base. Get more people to pay taxes. Fewer exemptions and deductions means more people are affected.
4. Lower marginal tax rates. If the tax base is sufficiently broad, everyone's marginal rates can go down. This woul directly put money back into pockets to be spent. A family of four making $40,000 per year spends a much higher percentage of their income on necessities than a single person making $2m a year. Lowering the tax rates (especially on the low end of the income scale) again means that more money would be going directly back into the economy. And we all know that money flowing in means employers need to hire more people (that whole supply and demand thing).
The President and his Debt Commission have several recommendations; I think a lot of the ideas are good. There are only two ways to shrink the deficit--raise revenues and cut spending. Republicans and Democrats seem to think that those ideas are mutually exclusive. Democrats want to increase revenues, Republicans want to cut spending on bleeding-heart programs.
Things that I think would beneficial for a comprehensive tax plan:
1. Exempt first $35,000 from personal income tax.
2. Do away with all deductions except charity and medical expenses (EIC, mortgage deduction, etc)
3. Eliminate capital gains tax.
4. Eliminate inheritance tax.
5. Implement progressive income tax (maybe about 18% on $35,000-70,000; 22% on $70,000-150,000; 25% on 150,000-$500,000, etc. It would take a bit of math, but in the end, the marginal tax rates drop significantly, but with a broader base and only two deductions (charity and medical expenses), I think we'd see an overall increase in government revenue.
My numbers may need some tweaking, but I think in teh end, it's going to take some out-of-the-box ideas like that (like touching the sacred cow "Mortgage deduction") to put real money back in the pockets of the people most likely to spend it and start growing our economy.
It's been a while since I've posted something political; now that the dust is getting kicked up around the compromise deal between President Obama and the Senate Republicans, I think it's a good time to let my feelings out.
Hearing Mitch McConnell on the radio is an audio reminder of why I don't consider myself a Republican anymore. I have no idea how he can claim that extending the Bush tax cuts to the wealthiest 2% of Americans is going to help our ailing economy. Since it's obvious that it's been a few years since he's had an economics course, I'm going to share my limited recollection of college econ.
Now, mind you, I was born and raised in a house that bled Reaganomics. I still hear stories about how I ran around the Whitewater Armory on election day yelling "Ronald Reagan is a good man!" I was always told that the rich people create jobs and that you never asked a Wal-Mart greeter for a job. I was told that everyone's born a Democrat, and then they grow up.
However, I've come to the realization that this particular viewpoint was very one-sided and not very practical.
While rich people and businss owners *do* create jobs, they create jobs when there is sufficient economic cause to do so. Rich people didn't get to be rich by spending their money foolishly, and few things are more foolish than employing a bunch of people making stuff that isn't getting sold.
For some reason, Mitch McConnel seems sold on the idea that the richest 2% of Americans need all of these tax breaks extended because we're in a fragile economy and that extra oomph is needed to entice them to create jobs.
Mitch, I've got news for you--no one with bags of money sits around thinking, "I'm going to create some jobs by employing a bunch of minimum wage folks in hopes of stimulating the economy." There is no benevolent employer who is looking for the opportunity to create a warehouse full of unsold goods. Rich people don't get to be rich by hiring a bunch of people to stand around idle. What stimulates the economy is a lot of people buying stuff over a sustained period. The spending must come before the job creation does.
What he (and the other Congressional Republicans) need to remember is that the most direct ways to stimulate the economy and reduce the deficit are:
1. Extend unemployment benefits. People who are on unemployment aren't building a rainy day fund. UE is barely enough to keep food on the table for most families; every last penny of it is going immediately back into the economy.
2. Simplify the tax structure. It was tried in 1986, but didn't really have a huge net change. There are so many loopholes favoring the rich that they can, in some cases, pay less taxes than people making 1/10 of what they make. Eliminate the vast majority of deductions. There is no reason that the personal tax code can't be under 100 pages, or even 50.
3. Broaden the tax base. Get more people to pay taxes. Fewer exemptions and deductions means more people are affected.
4. Lower marginal tax rates. If the tax base is sufficiently broad, everyone's marginal rates can go down. This woul directly put money back into pockets to be spent. A family of four making $40,000 per year spends a much higher percentage of their income on necessities than a single person making $2m a year. Lowering the tax rates (especially on the low end of the income scale) again means that more money would be going directly back into the economy. And we all know that money flowing in means employers need to hire more people (that whole supply and demand thing).
The President and his Debt Commission have several recommendations; I think a lot of the ideas are good. There are only two ways to shrink the deficit--raise revenues and cut spending. Republicans and Democrats seem to think that those ideas are mutually exclusive. Democrats want to increase revenues, Republicans want to cut spending on bleeding-heart programs.
Things that I think would beneficial for a comprehensive tax plan:
1. Exempt first $35,000 from personal income tax.
2. Do away with all deductions except charity and medical expenses (EIC, mortgage deduction, etc)
3. Eliminate capital gains tax.
4. Eliminate inheritance tax.
5. Implement progressive income tax (maybe about 18% on $35,000-70,000; 22% on $70,000-150,000; 25% on 150,000-$500,000, etc. It would take a bit of math, but in the end, the marginal tax rates drop significantly, but with a broader base and only two deductions (charity and medical expenses), I think we'd see an overall increase in government revenue.
My numbers may need some tweaking, but I think in teh end, it's going to take some out-of-the-box ideas like that (like touching the sacred cow "Mortgage deduction") to put real money back in the pockets of the people most likely to spend it and start growing our economy.
Thursday, December 9, 2010
How to Join Windows XP Media Center to a Domain
During an SBS deployment, I ran into a few machines at my customer's site that were running Windows XP Media Center Edition (MCE). As most of you know, the only machines that are technically eligible to join a Windows domain are "Business" class operating systems, such as Windows XP Professional, Windows Vista Business, Windows Vista Enterprise, Windows 7 Professional and Windows 7 Enterprise (although not technically "business" class, Windows Vista/7 Ultimate Editions are also able to join domains, since they're supposed to be everything-but-the-kitchen-sink editions).
And, as luck would have it, the customer has critical LOB applications installed on these machines and some other pieces of legacy software for which the media is no where to be found, so a fresh install with Windows XP Professional media is out of the question.
No problem, right? I've upgraded dozens of Windows XP Home PCs to Windows XP Professional for this exact reason. I pop some newly acquired Windows XP Professional with SP3 "Get Genuine" media (designed for those folks that have potentially illegitimate Windows versions); the upgrade is going well until ... the part where I enter the license key. It won't take it, even though I know it's valid (tested against an XP Home machine in the same office).
While trying to find a reason why I can't upgrade, I stumble upon another blog with some basic instructions on how to join XP MCE to a domain. The first step the author lists is to install the Windows XP Recovery Console; I run the command and restart ... and ... bluescreen.
I turn to my trusty recovery tools disc (which has gotten me out of more tight spots than you can imagine) and boot to a WinPE shell which has a bunch of great tools loaded, including RegEdit PE.
To perform this feat of amazement yourself:
1. From a WinPE installation, launch RegEdit PE, point it to the Windows installation director, and load up the registry hives.
2. Navigate to HKEY_LOCAL_MACHINE\_REMOTE_SYSTEM\WPA\MedCtrUpg.
3. Double-click the value IsLegacyMCE.
4. Change the '0' to a '1'.
5. Close RegEdit PE and restart the machine into Windows.
6. Join domain.
And, as luck would have it, the customer has critical LOB applications installed on these machines and some other pieces of legacy software for which the media is no where to be found, so a fresh install with Windows XP Professional media is out of the question.
No problem, right? I've upgraded dozens of Windows XP Home PCs to Windows XP Professional for this exact reason. I pop some newly acquired Windows XP Professional with SP3 "Get Genuine" media (designed for those folks that have potentially illegitimate Windows versions); the upgrade is going well until ... the part where I enter the license key. It won't take it, even though I know it's valid (tested against an XP Home machine in the same office).
While trying to find a reason why I can't upgrade, I stumble upon another blog with some basic instructions on how to join XP MCE to a domain. The first step the author lists is to install the Windows XP Recovery Console; I run the command and restart ... and ... bluescreen.
I turn to my trusty recovery tools disc (which has gotten me out of more tight spots than you can imagine) and boot to a WinPE shell which has a bunch of great tools loaded, including RegEdit PE.
To perform this feat of amazement yourself:
1. From a WinPE installation, launch RegEdit PE, point it to the Windows installation director, and load up the registry hives.
2. Navigate to HKEY_LOCAL_MACHINE\_REMOTE_SYSTEM\WPA\MedCtrUpg.
3. Double-click the value IsLegacyMCE.
4. Change the '0' to a '1'.
5. Close RegEdit PE and restart the machine into Windows.
6. Join domain.
Subscribe to:
Comments (Atom)