James' Tools and Tricks

Encrypt Offline Files – Access Denied

Posted on May 18, 2011 by James Rudd

On a Windows 7 laptop I was trying to set up Offline Files with encryption enabled. After syncing the files and going into Manage Offline Files -> Encryption -> Encrypt everything seemed to go OK, but it would then keep reporting Access Denied when it tried to sync any new files.
After some searching I found this post which mentioned an expired Recovery Key in Group Policy. After checking the Group Policy object on the server I discovered there was an old Recovery Key stored in the EFS policy from when it was first set up. After regenerating the key and importing into policy, a gpupdate /force on laptop and reboot fixed the issue.

Tags: Encryption, Group Policy, laptop, offline files, recovery key, security, sync, Windows 7

Posted in Windows | Tagged Encryption, Group Policy, laptop, offline files, recovery key, security, sync, Windows 7 | Leave a comment

Fuji-Xerox Network Scanning: Error 027-516

Posted on April 1, 2011 by James Rudd

As part of a test for removing legacy protocols from the network I disabled NetBIOS over TCP/IP to see if any system would be adversely affected.

Disabled NetBIOS

After disabling NetBIOS for the server used by our Fuji-Xeros ApeosPort-II 4000 Photocopier, the Network Scanning feature was unable to upload the scanned file to the SMB server. Instead it would return a 027-516 error code.

To verify the problem I Enabled NetBIOS and it immediately started working again.

I contacted Fuji-Xerox to check if they had a fix for the problem. I was advised that this can only be changed in newer versions, ApeosPort >=3, and that is was considered a “Feature”. The only way for an AP-II device to work with a server with NetBIOS disabled is to use the FTP transmit method.

AP-III NetBIOS Setting

After checking on one of our ApeosPort-III C3300, I found the page mentioned that allows the setting to be changed.

It appears that the use of NetBIOS by the APII is hardcoded and although it has DNS settings set, they are ignored for server name resolution. Considering this Photocopier is still being produced and sold I find it interesting that it relies on outdated protocols like NetBIOS. (ApeosPort-II 3000, 4000, 5010, 6000, 7000 are the main black and white photocopiers available to DET NSW Schools)

Tags: ApeosPort-II, ApeosPort-III, fuji xerox, NetBIOS, netbios over tcp ip, Photocopier, smb server

Posted in Windows | Tagged ApeosPort-II, ApeosPort-III, fuji xerox, NetBIOS, netbios over tcp ip, Photocopier, smb server | 1 Comment

Papercut

Posted on August 16, 2010 by James Rudd

I have received a few questions asking about Papercut so here are some of the details about it and what we use it for.

Papercut can run on a Windows Server (2003, 2008 or 2008 R2) using windows print queues or a Novell Linux OES server with iPrint (CUPS & SAMBA), it is written in Java with some wrappers for the OS in use.

We originally ran it on a Server 2003 R2 (x86) but have recently updated to a Windows 2008 R2 (x64)print server. The main reason for the upgrade was to provide up to date drivers for Windows 7 32 & 64bit. We also run the Papercut MF version which costs A LOT more, but allows you to use it with external devices, such as photocopiers.

Papercut has some really useful features, Card recharge allows you to generate top up cards and print them out yourself. Then you just cut them up and given them to the office (or canteen) to sell to the students. Makes recharging much easier and no need for office staff to login to an admin console to top up accounts.

We recently had a student laptop roll-out (NSW DER), these laptops are not on our domain so needed an alternative way to print. Papercut has a feature called WebPrint which allows students to upload MS office or PDF files to a website and have them printed to the chosen printer. You need to run software for it on a windows pc (server or client) which automatically opens the document and prints it to the chosen printer. As our Print server is running Windows and is a virtual machine we just configured it to auto-login as a limited user we created and installed Office, and Acrobat.

We use the reports function for auditing staff accounts and charging printer usage back to faculties. Staff are automatically added to different charge accounts based on their AD group membership.

We have just started using Advanced Scripting to charge staff different prices than students on shared copiers and printers.
The following script is what we use, as it is based on how faculties are invoiced at the end of each term. It is based on the Papercut recipe “Discount for staff” with a few changes.

/*
* Change Pricing for staff
*
* Staff are charged based on cost to school.
*
*/
function printJobHook(inputs, actions) {

var DISCOUNT_GROUP   = "Staff-All";
var COST_COLOUR  = 0.07; // Click Rate of Colour
var COST_BW  = 0.02;  // Click Rate of B/W
var COST_A4  = 0.01;  // Price per page of A4
var COST_A3  = 0.03;  // Price per page of A3

/*
* This print hook will need access to all job details
* so return if full job analysis is not yet complete.
* The only job details that are available before analysis
* are metadata such as username, printer name, and date.
*
* See reference documentation for full explanation.
*/

if (!inputs.job.isAnalysisComplete) {
	// No job details yet so return.
	return;
}

if (inputs.user.isInGroup(DISCOUNT_GROUP)) {
	// Debug messages are written to [install-path]/server/logs/server.log
	actions.log.debug("Cost before discount: " + inputs.job.cost);

	// Initial 0
	var newCost = 0;

	// Includes Duplex
	if (inputs.job.paperSizeName == "A4") {
		newCost = inputs.job.totalSheets * COST_A4;
	}
	else {
		newCost = inputs.job.totalSheets * COST_A3 ;
	}

	newCost += inputs.job.totalGrayscalePages * COST_BW;
	newCost += inputs.job.totalColorPages * COST_COLOUR;

	 actions.job.setCost(newCost);

	actions.log.debug("Staff Pricing on " + inputs.job.printerName + " For " + inputs.job.totalSheets +
		" sheets had " + inputs.job.totalGrayscalePages + " B/W & " +
		inputs.job.totalColorPages + " Colour, Cost after discount: " + newCost);

	// Record that as discount was applied in the job comment.
	actions.job.addComment("Staff Pricing applied. Had " + inputs.job.totalGrayscalePages + " B/W & " +
	inputs.job.totalColorPages + " Colour");
	}
}

Other useful features:

Students and staff see a summary of how many pages they are going to print, which helps reduce accidental printing of entire chapters of text instead of just a few pages.
Logs and statistics show which printers are getting used, how much is getting printed, and who printed the document but didn’t collect it.
Great support. I have contacted them over a number of issues and they have always gotten back quickly with good ideas, or have added features in later versions.

Downsides:

Although the price for education version of Papercut NG is not too bad, to get the MF version which supports copiers it costs around twice as much. Also you then need cost recovery devices for the copiers ~AUD$1,800 each, and there are annual support and maintenance costs ~AUD$1,000/year.

If you want to get an idea of how much printing your staff and students or just want to keep a record of who is printing what (like you could do easily with iPrint) try the free Papercut Print Logger.

Tags: Papercut, Photocopier, photocopiers, Printer, printer usage, Printing, student laptop, Windows 2008, Windows 2008 R2, Windows 7

Posted in Linux, Novell, Utilities, Windows | Tagged Papercut, Photocopier, photocopiers, Printer, printer usage, Printing, student laptop, Windows 2008, Windows 2008 R2, Windows 7 | 1 Comment

Pre-populate Users names and email address in Office and Acrobat

Posted on July 22, 2010 by James Rudd

Often you would like some personal information filled in for the user before they start the application. E.g. Why have Office or Acrobat ask for the users name when it is already stored in active directory?

Here are some simple VBScripts that can be added to a log on script or similar to pre-fill these for the user. Once you know the registry location where the identity information is stored it is quite easy to fill those values as part of a login script.

Microsoft Office

' Original MS Office script written by David Isaacs
Set oShell = CreateObject("WScript.Shell")

On Error Resume Next

strUsername = oShell.ExpandEnvironmentStrings("%USERNAME%")
strUserdomain = oShell.ExpandEnvironmentStrings("%USERDOMAIN%")

Set oUser = GetObject("WinNT://" & strUserdomain & "/" & strUsername & ",user")

oShell.RegWrite "HKCU\Software\Microsoft\Office\Common\UserInfo\UserInitials", strUsername
oShell.RegWrite "HKCU\Software\Microsoft\Office\Common\UserInfo\UserName", oUser.Fullname

Adobe Acrobat Pro and Reader

This will set the full name, office, email address and your company for multiple versions of Acrobat and Acrobat reader. You can add even more versions by adding extra lines to the array.

Also if you modified Acrobat to install with Acrobat.com disabled, but now wish to enable it this will enable it. We originally had it disabled, but found email and network form submission did not work properly until it was enabled.

The method for accessing the AD User object was posted by Mike Walker in this thread.

' Configure Adobe Acrobat default settings
' Written by James Rudd
Set oShell = CreateObject("WScript.Shell")
Set oFso = CreateObject("Scripting.FileSystemObject")

' Set the different registry paths for Acrobat
Dim regPaths(2)
regPaths(0) = "HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\9.0\"  'For Acrobat Pro 9
regPaths(1) = "HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\"  'For Acrobat Reader 9
regPaths(2) = "HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\8.0\"  'Same for Acrobat Reader 8

On Error Resume Next

' Create the ADSystem Information Object
Set objADSystemInfo = CreateObject("ADSystemInfo")
' Get the current information into a new Object
Set objUser = GetObject("LDAP://" & objADSystemInfo.UserName)

For Each regPath In regPaths
 'Enable Acrobat.com by deleting key that contains disabling entries.
 oShell.regdelete regPath & "Workflows\"

 'Set Acrobat Identity Info
 oShell.RegWrite regPath & "Identity\tEMail", objUser.mail, "REG_SZ"
 oShell.RegWrite regPath & "Identity\tName", objUser.givenName & " " & objUser.sn, "REG_SZ"
 oShell.RegWrite regPath & "Identity\tFirstName", objUser.givenName, "REG_SZ"
 oShell.RegWrite regPath & "Identity\tLastName", objUser.sn, "REG_SZ"
 oShell.RegWrite regPath & "Identity\tCorporation", "Your Company Name", "REG_SZ"
 oShell.RegWrite regPath & "Identity\tDepartment", objUser.physicalDeliveryOfficeName, "REG_SZ"

 'Set Default Acrobat Collaboration details
 oShell.RegWrite regPath & "ShareIdentity\tEMail", objUser.mail, "REG_SZ"
 oShell.RegWrite regPath & "ShareIdentity\tFullName", objUser.givenName & " " & objUser.sn, "REG_SZ"
 oShell.RegWrite regPath & "ShareIdentity\tCorporation", "Your Company Name", "REG_SZ"
 oShell.RegWrite regPath & "ShareIdentity\tDepartment", objUser.physicalDeliveryOfficeName, "REG_SZ"
Next

Combined

The following script combines both Office and Acrobat data in to one, and reuses the same data objects rather than use two different connection techniques.

' Configure Adobe Acrobat and MS Office user settings
' Written by James Rudd

Const strCompanyName = "Your School Name"

Set oShell = CreateObject("WScript.Shell")
Set oFso = CreateObject("Scripting.FileSystemObject")

' Create the ADSystem Information Object
Set objADSystemInfo = CreateObject("ADSystemInfo")
' Get the current information into a new Object
Set objUser = GetObject("LDAP://" & objADSystemInfo.UserName)

On Error Resume Next

'Office Details
oShell.RegWrite "HKCU\Software\Microsoft\Office\Common\UserInfo\UserInitials", objUser.sAMAccountName, "REG_SZ"
oShell.RegWrite "HKCU\Software\Microsoft\Office\Common\UserInfo\UserName", objUser.givenName & " " & objUser.sn, "REG_SZ"
' If set by installer Company Name is overidden on load.
oShell.RegWrite "HKCU\Software\Microsoft\Office\Common\UserInfo\Company", strCompanyName, "REG_SZ"

' Set the different registry paths for Acrobat
Dim regPaths(2)
regPaths(0) = "HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\9.0\"  'For Acrobat Pro 9
regPaths(1) = "HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\"  'For Acrobat Reader 9
regPaths(2) = "HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\8.0\"  'Same for Acrobat Reader 8

For Each regPath In regPaths
 'Enable Acrobat.com by deleting key that contains disabling entries.
 oShell.regdelete regPath & "Workflows\"

 'Set Acrobat Identity Info
 oShell.RegWrite regPath & "Identity\tEMail", objUser.mail, "REG_SZ"
 oShell.RegWrite regPath & "Identity\tName", objUser.givenName & " " & objUser.sn, "REG_SZ"
 oShell.RegWrite regPath & "Identity\tFirstName", objUser.givenName, "REG_SZ"
 oShell.RegWrite regPath & "Identity\tLastName", objUser.sn, "REG_SZ"
 oShell.RegWrite regPath & "Identity\tCorporation", "Your Company Name", "REG_SZ"
 oShell.RegWrite regPath & "Identity\tDepartment", objUser.physicalDeliveryOfficeName, "REG_SZ"

 'Set Default Acrobat Collaboration details
 oShell.RegWrite regPath & "ShareIdentity\tEMail", objUser.mail, "REG_SZ"
 oShell.RegWrite regPath & "ShareIdentity\tFullName", objUser.givenName & " " & objUser.sn, "REG_SZ"
 oShell.RegWrite regPath & "ShareIdentity\tCorporation", strCompanyName, "REG_SZ"
 oShell.RegWrite regPath & "ShareIdentity\tDepartment", objUser.physicalDeliveryOfficeName, "REG_SZ"
Next

Tags: Active Directory, Adobe Acrobat, adobe acrobat reader, Microsoft Office, simple vbscript, vbscript, Windows Registry

Posted in Windows | Tagged Active Directory, Adobe Acrobat, adobe acrobat reader, Microsoft Office, simple vbscript, vbscript, Windows Registry | Leave a comment

James' Tools and Tricks

Fuji-Xerox Network Scanning: Error 027-516

Papercut

Pre-populate Users names and email address in Office and Acrobat

Microsoft Office

Adobe Acrobat Pro and Reader

Combined

Pages

Archives

Categories

General

School

HPC Cluster

Meta