Fri, Feb 13 2009 21:17
bradley
Top Vista and XP issues for the month from the Managed newsgroups.... check 'em out!
Top Vista and XP issues for the month from the Managed newsgroups.... check 'em out!
Partner Online Technical Support Communities Newsgroups:
https://partner.microsoft.com/US/40014662
TOP SUPPORT ISSUES
NEW KB ARTICLES
TOP DOWNLOAD
NEW WEBCAST
TOP SUPPORT ISSUES
==================
<Issue 1>
Problem Description:
-----------------------------
Is there a list of core dlls for IE7
Causes:
-----------------------------
N/A
Resolution:
-----------------------------
WININET.DLL
===========
WININET.DLL is the Windows Internet Extensions library. This DLL is the
interface between the
sockets layer of networking and the browser itself. The functions of WININET
have expanded
over time. Many newer applications use WININET functions to perform HTTP or
other Internet
protocol-based operations. For example, a map program may make an HTTP
connection to a
server on the Internet to update internal map data files. Such an
application does not need to
be hosted by the IEXPLORE.EXE process or SHDOCVW.DLL. The application can
use publicly
documented WININET.DLL Application Programming Interface (API) calls and
make an HTTP
connection to the server, update files, and disconnect.
URLMON.DLL
===========
URLMON.DLL is the URL.Moniker support library for Internet Explorer. A
moniker is a
nickname or handle assigned with the purpose of making an object more
familiar or
recognizable. An example of a URL is http://www.microsoft.com.
URL.DLL
===========
URL.DLL is responsible for creating local file system shortcuts (.URL files)
out of a given URL
address. It identifies the address and the required pluggable protocol, such
as http:// or
ftp://, and creates a file on the local machine with an icon that represents
the associated
handler.
SHDOCVW.DLL
===========
SHDOCVW.DLL is the Shell Document Viewer Library for Internet Explorer. The
DLL is
pronounced as .Sh-dok-view. and is often referred to as the Layout Manager
This particular
DLL is extremely important to Internet Explorer because it provides the
rendering frame for the
browser application, as well as, the interfaces required to initialize other
required browser
components during the rendering of content.
SHLWAPI.DLL
============
SHLWAPI.DLL is the Shell Lightweight API library for Internet Explorer. The
DLL is Pronounced
as .Shell-wa-pee.. This file provides an extended set of specialized shell
utility APIs. SHLWAPI
provides many shell related APIs for the operating system to use. These
functions include
string manipulation, URL parsing, association determination, path
information, registry
manipulation, and more.
BROWSEUI.DLL
============
Pronounced as .Browz-U-I., BROWSEUI.DLL is the top-level shell component of
Internet
Explorer. BROWSEUI handles the creation of toolbars, address bars, menu
bars, their
associated icons, as well as most top-level functions. BROWSEUI is likely
the component that
interfaces with the user most. Other binary files may actually perform a lot
of the underlying
work, but BROWSEUI is the primary interface to the user. Other binaries,
such as
SHDOCVW.DLL and SHLWAPI.DLL are going to support many of the functions that
BROWSEUI
perform, but BROWSEUI is where the process will begin.
MSHTML.DLL
============
MSHTML.DLL is the largest and most complex of the Internet Explorer core
binary files. Known
by the code word, Trident, it can easily be described as the core rendering
engine for the
browser. MSHTML does all the HTML interpretation and rendering.
<Issue 2>
Problem Description:
-----------------------------
You want to block users in administrators group to access certain websites
but only administrator can change the setting.
Causes:
-----------------------------
N/A
Resolution:
-----------------------------
1. Open Internet Explorer, Tools ¡ú Internet Options ¡ú Content. In the
Content Advisor box, click Enable.
2. Click the Approved Sites tab. Enter the address of the website.
Keep in mind - if you want to block the complete website put * in front. For
example to block Facebook completely, type *.facebook.com
Click Never and then OK.
3. Click on the General tab and sure to select "Users can see websites that
have no ratings"
4. To ensure only local admin can control, enter a password you can remember
easily with a hint.
5. Click OK to make it take effect.
Domain Deployment Solution:
=======================
If you want to deploy it in a domain environment, you can create a GPO for
OU1 and configure Internet Explorer Maintenance, please see below:
1. User Configuration\Windows Settings\Internet Explorer
Maintenance\Security
2. On right pane, Security Zones and Content Ratings, double click it
3. Check "Import the current Content Ratings settings", and Modify Settings
4. Then you can set as what you do in local setting
5. Then run "gpupdate /force" on client machines to make it take effect, or
every user under the OU1 will apply this GPO when logon to domain.
<Issue 3>
Problem Description:
-----------------------------
There is a web server certificate, you can import to Vista but it doesn't
work, however it works in XP
Causes:
-----------------------------
The current user does not have Read permissions for the following registry
subkey:
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\ProtectedRoots
Even though you run as Administrator, if Administrator doesn't have Read
permission of above key, it still cannot view the certificate.
Resolution:
-----------------------------
1. Assign Read permissions for the ProtectedRoots registry key to the user
who is currently logged on to the computer.
1) Run regedit
2)
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\ProtectedRoots
3) Right click it, and choose Permission
4) If the user who is currently logged on to the computer is listed in the
Group or user names box, click the user's name, click to select the Read
check box in the Allow column, and then click OK.
5) If the user who is currently logged on to the computer is not listed in
the Group or user names box, follow these steps:
a.Click Add.
b.Type the name of the user who is currently logged on to the computer, and
then click OK.
c.In the Group or user names box, select the user name, click to select the
Read check box in the Allow column, and then click OK.
Note:
If a domain user is logged on by using cached credentials and is not
connected to the domain, the domain user will be unable to add permissions
for their domain user account to the registry key in these steps. You must
log on to the local computer and add the local user's account to the
permissions for the registry key. You can then successfully install the
certificate.
2. There is a known issue which is similar to your symptom, you can apply
the hotfix in KB 932156.
You cannot view certificate information in Windows Internet Explorer 7 or in
Certificate Manager after you successfully import a certificate on a Windows
Vista-based computer
http://support.microsoft.com/kb/932156
1) Install update of Vista:
If you cannot install it, please uninstall Vista SP1 first, apply this
update, and then upgrade to SP1.
http://support.microsoft.com/kb/948537
2) After you apply the update to the computer, locate the Portreg.exe file
in the following path:
<drive>:\Program Files\Microsoft Corporation\Microsoft Update ProtectedRoots
registry key tool (KB932156)
3) Double-click the Portreg.exe file
3. If this cannot resolve your issue, please enable built-in Admin account
and use it to import certificate.
1) Computer -> Management -> Local Users and Groups -> Users
2) Double click Administrator, uncheck "Account is disabled", click OK
3) Right click Administrator, set Password
4) Logon with Administrator and import the certificate again.
<Issue 4>
Problem Description:
---------------------------
Error 0x800B0112 during web enrollment of a certificate
Cause:
---------------------------
If the template settings for the user's request certificate is configured
for key archival, the Vista PKI client must include the user's private key
in the request before submitting it to the CA. The PKI client retrieves the
CA's CA Exchange certificate and uses that to encrypt the private key before
including it in the request. Prior to doing so, however, the PKI client
first validates the CA Exchange certificate. In the above scenario, this
validation is failing with error code 0x800B0112.
This error indicates that while the CA Exchange certificate chains correctly
to a trusted root CA certificate, the issuing CA's certificate is not in the
client's Enterprise NTAuth store.
A Windows client's Enterprise NTAuth store is a local cache of certificates
published in the NTAuthCertificates store in Active Directory. These
certificates are propagated from Active Directory to Windows clients via
Group Policy. Since the workstation is not members of a domain, the local
NTAuth cache is not being updated and so is empty. The end result is that
the CA Exchange certificate cannot be validated, so the PKI client cannot
encrypt the private key and include it in the request, so creating the
request fails which results in a failed enrollment.
A new CertEnroll control was added in Windows Vista to replace XEnroll, an
ActiveX control that performed the same function for Windows 2000, Windows
XP, and Windows Server 2003. The CertEnroll control introduced the new
requirement to validate the CA's Exchange certificate against the Enterprise
NTAuth store.
Resolution:
---------------------------
The local NTAuth store can be manually populated using certutil.exe.
Certutil -enteprise -addstore NTAuth CaCertificate.cer
The physical location for the NTAuth store is:
HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\NTAuth\Certificates
When the issuing CA certificate is added to the NTAuth store, you will see a
new key named for the certificate's SHA1 thumbprint added beneath the
Certificates key.
<Issue 5>
Problem Description:
---------------------------
Lenovo X200 with a docking station;
If we install and encrypt the PC in the docking station we cannot start it
when its not in the docking station.
If we install and encrypt without the docking station we cannot start it
when its in the station.
Cause:
---------------------------
BitLocker enters Recovery Mode when something has altered the integrity of
the secure system components. Because the TPM stores measurements of key
boot components, any unexpected change to these components causes a
discrepancy between these stored values and the Core Root of Trust
Measurement. When this occurs, the user must provide either the recovery key
or a manually entered recovery password to get back into the system. To
avoid this, BitLocker should be disabled before updating key system
components, and then re-enabled after updates are complete.
Resolution:
---------------------------
Configure PCR via local Group Policy:
1) Computer Configurations -> Administrative Templates -> Windows
Components -> BitLocker Drive Encryption
2) On right pane, Configure TPM platform validation profile
3) Enable it, and uncheck all default options, then only check PCR 11 to
ensure BitLocker protection to take effect.
<Issue 6>
Problem Description:
---------------------------
When installing Office on Vista SP1, all .exe files are changed to be opened
by Adobe Reader.
Cause:
---------------------------
1)The file association of the .exe file has been changed to another default
program.
2)The registry subkey setting for the file association is corrupted
Resolution:
---------------------------
1) Open a notepad
2) Copy below content to the file:
Windows Registry Editor Version 6.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithList]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids]
"exefile"=hex(0):
3) Save it with the name exe.reg, copy the file to the Vista machine and
double click on it (or right click and select Merge).
In addition, I would like to provide you information about known issue of
EXE in Vista and information of File Association in case you are interested
in it.
NEW KB ARTICLES
==================
<IE>
Error message when you try to install Windows Internet Explorer 8 RC1:
"Internet Explorer 8 could not be installed"
http://support.microsoft.com/kb/949220
When you install Windows Internet Explorer 8, you receive a message that the
Internet Explorer Developer Toolbar does not work
http://support.microsoft.com/kb/949039
Windows Internet Explorer 8 does not appear in the "Currently installed
updates" list in Windows Vista or in Windows Server 2008
http://support.microsoft.com/kb/965227/es
Description of updates that are installed when you install Windows Internet
Explorer 8 RC1
http://support.microsoft.com/kb/948564
Some Web sites may not be displayed correctly or work correctly in Windows
Internet Explorer 8
http://support.microsoft.com/kb/956197/
<Vista>
Windows Vista Media Center with Media Center TV Pack installed: Black screen
occurs when playing non-protected DVDs in Clone Mode
http://support.microsoft.com/kb/963034
Adding Windows Vista features takes an extended period of time or may stop
with an error message
http://support.microsoft.com/kb/967256
SFC.exe (System File Checker) shows it is repairing corrupted files per the
CBS log after installing Windows Vista SP1
http://support.microsoft.com/kb/966305/EN-US
To keep Remote Access Service connections active after you log off from
Windows Vista or Windows Server 2008, you must create a new registry key
http://support.microsoft.com/kb/950918
When you use Group Policy to create a VPN connection item, the IPv6 and IPv4
protocols may not be bound to the VPN connection item when you log on to the
domain from a Windows Vista-based client computer
http://support.microsoft.com/kb/959220
When you install Windows Vista service pack 1, you receive an error:
"0x8024200D"
http://support.microsoft.com/kb/963699
TPM (Trusted Platform Module) firmware updates may take longer when
installing on a Windows Vista or Windows Server 2008 based computer
http://support.microsoft.com/kb/963704
Some applications or services stop responding because a deadlock condition
occurs in the Ntfs.sys driver in Windows Server 2008-based or Windows Vista
SP1-based systems
http://support.microsoft.com/kb/960816
How to disable the TCP autotuning diagnostic tool
http://support.microsoft.com/kb/967475
TOP DOWNLOAD
==================
Microsoft® Windows® Malicious Software Removal Tool (KB890830)
http://www.microsoft.com/downloads/details.aspx?FamilyID=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
Internet Explorer Application Compatibility VPC Image
http://www.microsoft.com/downloads/details.aspx?FamilyID=21EABB90-958F-4B64-B5F1-73D0A413C8EF&displaylang=en
Update for Windows XP (KB959252)
http://www.microsoft.com/downloads/details.aspx?FamilyID=EC4B7D80-79B6-4035-92A3-3992A9E09718&displaylang=en
NEW WEBCAST
===================
How to save money with Microsoft's Technology Roadmap
http://msevents.microsoft.com/cui/EventDetail.aspx?EventID=1032395526&culture=en-US
TechNet Labcast: Desktop Deployment: Planning, Deploying, and Managing the
2007 Office System (Part 1 of 2) (Level 200)
http://msevents.microsoft.com/cui/WebCastEventDetails.aspx?EventID=1032400110&EventCategory=2&culture=en-US&CountryCode=US
TechNet Labcast: Desktop Deployment: Planning, Deploying, and Managing the
2007 Office System (Part 2 of 2) (Level 200)
http://msevents.microsoft.com/cui/WebCastEventDetails.aspx?EventID=1032400119&EventCategory=2&culture=en-US&CountryCode=US
Filed under: News
![[There's a reason that Yoda is the unofficial mascot of SBS. Size indeed matters not.]](http://www.sbslinks.com/images/headertop.png "There's a reason that Yoda is the unofficial mascot of SBS. Size indeed matters not!")