It’s been a while, huh?

Sorry about not posting for a while, but I’ve been tackling projects left and right, trying to shorten the list on my boss’ desk.

So major issue broke out this morning: password changes in Active Directory were failing with error: 
The password does not meet the password policy requirements. Check the minimum password length, password complexity and password history requirements
Even through command line, (net user /domain username password) the error persisted. So I tried the usual, editing default domain policy, allowing/blocking inheritance on Domain Controller’s OU in GPMC, editing domain controller’s policy, the usual stuff you find googling the error. (¬†Nothing worked… until, I noticed the same error in the application event log, over and over:
The description for Event ID ( 5 ) in Source ( WinPSAFilter ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: .
And I didn’t notice that it started at about the same time users began reporting issues changing their passwords. Well, the WinPSAFilter belongs to our SSO product, Computer Associates, CA SSO.
Long story short, this software sucks. I uninstalled the Password Sync Agent from all of our DCs, and that was it. Password changes were now allowed.
Does anyone out there use this product? Have you had problems like this with it?
We were going to use it in a test environment, but have now decided that it just isn’t going to work out.
I have another Cisco tip to post, but I’ll post after work.
Rick Estrada

Zetafax using Windows TAPI

I have a scenario here at work where long distance calls require a 4 digit code to be entered after the phone number is dialed. Roughly, here’s how it goes:

pick up receiver -> 9,1 2223334444 -> wait for voice prompt -> 5555 (4 digit code)
So when setting up our new Zetafax server, I couldn’t find a way to configure this rule within the software. instead, I had to use Windows TAPI rules with the “calling card” options.
Just for reference, Windows TAPI only supports 255 or 256 prefix numbers per area code rule. Zetafax server, only supports 36. If you enter more than 36, the server configuration tool exits as if it had crashed. I called technical support, and the very rude lady on the phone, confirmed this limit, but lowered the number to 30 supported prefixes. She said the next release of Zetafax server would natively include rules like those in Windows TAPI, and also include an “exclude” list of prefixes, unlike TAPI’s “include” only option.
I really hope this makes sense, I googled this and couldn’t find an answer.
If you need explaining, feel free to send me an email.
-Rick Estrada

Open File – Security Warning

I pushed out an .exe this morning to all desktops, network wide, and received numerous complaints that when users tried to run the .exe, a popup would prompt for comfirmation before allowing it to run. Its title was:

Open File – Security Warning”

Of course, there is a checkbox to keep this prompt from reapearing, but we all know how end users can be…
So the ‘quick fix’ is to create or edit a group policy object and under “User Configuration > Administrative Templates > Windows Components > Attachment Manager”, enable “Inclusion list for low file types” and add .exe with the leading period.
After a gpupdate, the security prompt no longer came up.
-Rick Estrada