Symptom:

========

During the installation of Internet Explorer 7.0, one must go through the 
Windows Genuine Advantage check.

 The Internet Explorer 7.0 installation is going to try and update the validation 
status of your system and this is going to cause problems for systems configured
with a proxy that does basic authentication or transparent proxy servers that 
prompt for authentication. Automated installations of IE7 are going to stop dead 
in their tracks waiting on someone to enter a user name and password for 
the proxy connection being made by WGA.

 Solution:

=======

This is a known situation. As of Nov 15, 2006 a release of Internet Explorer 7.0 has been published to correct the situation with the prompt for Authentication. You will need to download the new standalone packages.

If doing IEAK you will need to synchronize your IEAK package to get the new update.

Here is the link to download latest IE7.0:

http://www.microsoft.com/windows/ie/downloads/default.mspx

Reservations are a critical feature in the DHCP server. Reservations are generally used for centralized static IP address assignment for critical machines. This way the IP address of the critical machines which serves critical functions in the network will not have a dynamically assigned IP address which can change over time. The reservation manager is a tool which will help solve typical reservation-related problems which the network admins might face.

Here is an article which introduces the usage of the Reservation Manager tool：

Reservation Manager - A tool to manage reservations

Recently, the MS PSS team received some reports regarding issues happening on the Windows Vista computers located in a domain. The typical symptom sounds like:

-Indefinite delay (hang) when opening the Certificate Services snap-in

-Slow (sometimes no) group policy application

-Trying to select a domain user in order to add that principal to a local security group (the object picker) would hang indefinitely

-Instant Messaging was not working well (sometimes not at all)

-Access to local file servers was slow and sometimes did not succeed at all (appears to hang).

In some scenarios, users cannot copy files from a network share to the Vista box from Windows 2000/2003 shares. The error is:

"You do not have permissions to perform this action" 

"access is denied."

 With intensive testing, we can copy a .txt type of file (text, log, etc) as long as it is less than 4K, while any other type of file (.doc, .xls) fails regardless of size.

This issue is finally determined to be linked to a new feature included with the Vista -TCP Auto Tuning, which uses a scaling factor communication between the server and client, to negotiate a bigger window size during connection establishment so that more traffic can be transported in less time. Windows XP and earlier versions do not have this feature.

Here’s a bit more on that:

http://www.microsoft.com/technet/community/columns/cableguy/cg1105.mspx

Note: Some Internet gateway devices and firewalls block packet flows because they do not correctly interpret the scaling factor used in TCP connections. Because of this, Internet Explorer in Windows Vista uses an initial scaling factor of 2. Other applications use a default initial scaling factor of 8. Microsoft is investigating changing the initial scaling factor for Internet Explorer-based connections to 8 in a future update of Windows Vista. Microsoft is working with the manufacturers of these devices so that they can be updated for compliance with TCP window scaling.

To see if this issue applies to you, first see if the criteria and symptoms mentioned above apply. If they do, please take some traces.  The TCP Auto Tuning can be seen in the packets like these truncated samples:

Working (no problem seen):

...TCP\Window: 8192 (scale factor 0) = 8192

...TCP\TCPOptions

......WindowsScaleFactor not listed

Failing (problem supremely evident and most annoying):

...TCP\Window: 8192 (scale factor 8) = 2097152

...TCP\TCPOptions

......WindowsScaleFactor:

......type: Windows scale factor. 3(0x3)

......Length: 3 (0x3)

......ShiftCount: 8 (0x8)

If the above symptom appears, we can try disabling this feature as a workaround and this will certainly tell the tale on what the problem is if the issue no longer happens afterward.  From a command prompt:

netsh interface tcp set global autotuninglevel=disabled

If the issue no longer occurs, this reveals that you have a network device in your environment that doesn’t support RFC 1323 “TCP Extensions for High Performance”.   

Have ever encountered the following scenarios? 

• User accounts, groups, computers, OUs or other objects in domain accidentally deleted.
• No system state backup available for authoritative restoration.
• No other DC's available.

 When an object is deleted from Active Directory, it isn't actually removed but
is instead marked as deleted by an internal marker called a tombstone. 
If you have valid system state backup, you can refer to the following knowledge 

base article to restore the object: 

How to restore deleted user accounts and their group memberships in 
Active Directory
http://support.microsoft.com/?id=840001 

 In case you don’t have any system state backup, you can use ADRestore 
to restore tombstoned objects. ADRestore is a command-line utility that lists 
and lets you restore deleted Windows Server 2003 AD objects. 
You can use ADRestore to restore tombstoned objects without 
performing an authoritative backup restore. You can download the utility at:

 http://www.microsoft.com/technet/sysinternals/utilities/ADRestore.mspx 

 After you install ADRestore, you can restore an object by running 
the command ADRestore –r. ADRestore removes the 'isDeleted' TRUE attribute 
from tombstoned accounts and changes the RDN back to the previous path, 
effectively resurrecting it. 

 The -r tells ADRestore to prompt the user before restoring the AD objects
to their original location. When you run the command, 
you'll see messages similar to the following: 

ADRestore v1.1
by Mark Russinovich
Sysinternals - www.sysinternals.com

 Enumerating domain deleted objects:

 cn: mytest1
DEL:d7076a72-8020-44c8-b562-0c5b9132d7a5
distinguishedName: CN=mytest1\0ADEL:d7076a72-8020-44c8-b562-0c5b9132d7a5,
                             CN=Deleted Objects,DC=PYM1,DC=COM
lastKnownParent: OU=mytest\0ADEL:657cde20-9d7e-43f2-8700-ad72029d2aec,
                          CN=Deleted Objects,DC=PYM1,DC=COM

Do you want to restore this object (y/n)? y

 Restore succeeded.

 distinguishedName: OU=mytest\0ADEL:657cde20-9d7e-43f2-8700-ad72029d2aec,
                              CN=Deleted Objects,DC=PYM1,DC=COM
 lastKnownParent: DC=PYM1,DC=COM

 Do you want to restore this object (y/n)? y

 Restore succeeded.

 Found 2 items matching search criteria.

 Notes: 

•  By default, users are disabled and user passwords are empty after the above method is performed. Note that if you try to bulk enable objects and some of them have passwords which do not meet complexity/length requirements, you will not be able to re-enable them. Selecting one of them will show a more verbose error message in 2003. Your option then is to change their password or lower your password policy requirements.
•  ADRestore cannot restore the group membership for a user. Meanwhile, not all attribute data can be restored.
•    ADRestore is the last choice and we may use this method only when valid system state backup does not exist. Furthermore, ADrestore does not aim to substitute System state backup of domain controllers. It’s highly recommended to perform regular system state backup on domain controllers.
• Also note that you can provide simple filters based on object names.  This command enumerates all objects with the string "comp" in the name (from ADRestore /?): 

                     ADRestore -r comp

The Group Policy team has published installation packages that distribute ADM files (below) for use with Windows XP SP2 and Windows Server 2003 SP1.

Administrative Templates for Internet Explorer 7 for Windows
Download from: http://go.microsoft.com/fwlink/?LinkId=77998

Administrative Template file for PowerShell for Windows.
Download from: http://go.microsoft.com/fwlink/?LinkId=77999