Powerpoint files become corrupted after saving

We had a number of powerpoint users complaining that their slide shows were suddenly becoming corrupt even though they had experienced no crash or error message. Just saved as normal but next time they try and open it they get an error:

“The server application source file or item cannot be found or returns an inknown error you may need to re-install the server application.”

We found the cause of this was that network drives were being disconnected and re-connected after the user had opened the slide show.

For example:

1. User logs on to machine

2. They immediately open a Powerpoint slide show from an existing network drive and start working on it

3. The user is using a machine on a corporate  network which runs a logon script. This script has not completed its tasks and part of the script makes sure all relevant network drives exist by disconnecting and re-connecting the network drives (does this to avoid situation where a rogue network drive mapping has occurred i.e. X is connected to something different than what the company policy stipulates).

4. One of these network drives contains the file the user is working on. The file is now in memory and everything carries on as normal but when the user later saves the file it becomes corrupted without informing the user.

This is a know Bug in Powerpoint – basically Powerpoint cannot handle removable media which the network drive will be seen as.

This problem was particularly prevelant on terminal server sessions where the logon script can take some time to complete.

A workaround is to force the logon script to run before explorer.exe loads using group policy:

Run logon scripts synchronously

User ConfigurationAdministrative TemplatesSystemLogon
Directs the system to wait for logon scripts to finish running before it starts the Windows Explorer interface program and creates the desktop.
If you enable this policy, Windows Explorer does not start until the logon scripts have finished running. This setting assures that logon script processing is complete before the user starts working, but it can delay the appearance of the desktop.

If you disable this policy or do not configure it, the logon scripts and Windows Explorer are not synchronized and can run simultaneously.

This policy appears in the Computer Configuration and User Configuration folders. The policy set in Computer Configuration takes precedence over the policy set in User Configuration.

I’ve also attached a screenshot of the location of this feature:

An alternative workaround is to manage your logon script so that disconnections are not needed. In the example given you could issue a group policy to disable users ability to map drives. You would then only need to connect drives in the logon script:

Command line setup of Cisco VPN on ASA 5500

These VPN setup notes are for an ASA 5500 unit but relate, in general, to all Cisco firewall units:

Notes created 4 December 2008


Company name: IBM

VPN IP Range:

VPN IP Subnet Mask:

Internal network IP range:

Internal network IP range subnet mask:

Primary DNS server:

Secondary DNS server:

Radius authentication server IP:

Remote access vpn configuration :

You can use the ASDM interface (GUI for Cisco ASA units) to enter details or

For command line input:

Use telnet or Putty as telnet.

At password prompt type ‘cisco’.

Then type ‘enable’ and enter enable password (same one you logon to asdm with).

1. Initial setup of ipsec – just need to do once:

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto dynamic-map dyn1 10 set transform-set ESP-3DES-SHA

crypto dynamic-map dyn1 10 set reverse-route

crypto map WAN_map 65535 ipsec-isakmp dynamic dyn1

crypto map WAN_map interface WAN

crypto isakmp enable WAN

crypto isakmp enable management

crypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400

crypto isakmp nat-traversal  20

crypto isakmp ipsec-over-tcp port 10000

2. Setup authentication server – use Radius for Windows based domain, do not use NT Domain (this is legacy NT only):

Radius uses active directory for group policy settings e.g. allow or deny remote access on users dialin tab.

Note: Items in quotes ” are supplied by you – do not include quotes:

aaa-server IBM_Auth_servers protocol radius

aaa-server IBM_Auth_servers (LAN) host  key “radius server secret key”  radius-common-pw “radius server password”

IBM_Auth_Servers is the ASA’s connection to the Windows Radius authentication server and can be setup in ASDM under Configuration, Properties, AAA Setup, AAA Server Objects. Add a server group called IBM_Auth_servers and then add the IP number of the Radius server. 

Note: you can add more than one Radius server IP, so you could add a remote radius server for failover if you have two ASA units failing over.

Radius servers are setup using Internet Authentication Service in Admin Tools – add the Cisco units internal IP (gateway IP) and shared secret and password.

 3. Setup group policy:

configure terminal

group-policy IBM_VPN internal

group-policy IBM_VPN attributes dns-server value vpn-tunnel-protocol IPSec



Note: Secondary DNS server should be on remote failover site if you have 2 ASA units failing over.

4. Setup IP Pool:

configure terminal

ip local pool IBM_VPN_POOL mask


Note: the VPN IP range should be a separate range from your normal network and not used by any other service.

5. Setup Tunnel group – for each machine or site:

Items in quotes ” are supplied by you – do not include quotes:

configure terminal

tunnel-group IBM_VPN_London type ipsec-ra

tunnel-group IBM_VPN_London general-attributes address-pool IBM_VPN_POOL authentication-server-group IBM_Auth_Servers default-group-policy IBM_VPN


tunnel-group IBM_VPN_London ipsec-attributes pre-shared-key “your secret key”



Note: IBM_VPN_London is an individual tunnel group for a set of machines. e.g. you may use “IBM_VPN_Germany” for another remote office as a site name or “IBM_DESKTOP_77_WindowsXP” for an individual machine

“Your secret key” is the key you type into the VPN client software – use http://www.grc.com/passwords.htm to obtain 64 character key (do a separate one for each tunnel group i.e. each site and/or machine, DO NOT USE THE SAME KEY for all tunnel groups. In this way you can revoke a key and assign a new one without having to redo all VPN connections.

6. For the vpn client to be able to access internal network and go to internet via vpn tunnel (no split tunneling):

6a. Internet access:

See: Allowing Cisco VPN to access Internet via tunnel

configure terminal

same-security-traffic permit intra-interface

nat (WAN) 10

6b. Internal access:

access-list Inside_nat0_outbound line 4 extended permit ip


7. Allow local LAN access

To enable clients with ‘Allow Local access’ option set on VPN Client to be able to access their local resources do the following (this is so a user can access local resources like NAT drives or network printers whilst connected to the VPN – otherwise all traffic goes via the VPN link):

See: Cisco Local LAN Access Notes

access-list LOCAL_LAN_Access remark Clients with local lan access option set – internet and dns access is still via tunnel

access-list LOCAL_LAN_Access standard permit host group-policy IBM_VPN attributes split-tunnel-policy excludespecified split-tunnel-network-list value LOCAL_LAN_Access

8. Setup on client machine:

Use VPN client software available from: Cisco VPN Client Software Download Site

Connect to external IP of ASA unit (WAN address) using IBM_VPN as VPN name and enter secret key for the tunneling group setup for this machine or site.

9. To list connections:

In ASDM goto Monitoring, VPN, VPN Statistics, Sessions – this will list all current sessions with relevant username, IP and encryption details.

HP Storage Proliant Servers – Moving disks from one server to another

You should be able to move disks between HP Proliant servers without any problems by following this guide (note: applies to single or mirrored disks only RAID 0+1).

This operation is useful when a server has died (just pull the disks and follow instructions for new server below) or a server is no longer connected to a storage expander where disks are allocated to it. In both cases you can then pull the data off the drive onto a production disk array.

If the server is still operating, logon to the server you are moving the disk from and start the HP Disk Array Configuration Utility – usually under Start, Programs, HP System Tools

Find the correct logical disk/partition that you are moving – select logical disk and choose more information (this should tell you which server is connected to which drives on a storage expander – look for host controller connecting and you should see the server name in brackets).

You can also select the physical view to guide you as to which bays disks are located.

Once you have identified the physical drive(s) unslot the drive (just single drive if part of raid array) from its bay and slot it into a spare bay on the new server or storage expander.

Open the HP Disk Array Configuration utility on the new server – you should see the new drive listed as unallocated.

Select create partition on new server and tick the new drive listed – keep defaults.

Select create logical drive for partition just created.

Select save changes.

Drive should now have mounted and been assigned a drive letter – try browsing to the drive on the new server.

Exit the array configuration utility on new server.

On old server delete the partition for the drive you just pulled out, save changes and exit the ACU.

Your done – you can now pull data off and restore to a production array etc.

Resetting XP Administrator Password

Was upgrading my management desktop recently and somehow forgot the admin password – nightmare!

Anyway, found this excellent resource:


You download a CD image, create the CD, boot to the CD which loads a linux variant and the utility. You can then follow the menu instructions to reset the admin password – their FAQ was useful.

Worked perfectly and their CD now sits in my utilities box.

SQL 2008 Management Studio – Saving changes is not permitted

Upgraded my management desktop recently and made sure I had the latest SQL 2008 Management studio, even though i’m still managing only SQL 2005 databases – works perfectly with older versions.

I edited a table and inserted some columns on trying to save the table I got the following message:

“Saving changes is not permitted. The changes that you have made require the following tables to be dropped and re-created. You have either made changes to a table that can’t be re-created or enabled the option Prevent saving changes that require the table to be re-created.”

After much searching I came across the following Microsoft article:


Problem solved. The old SQL 2005 management studio did not have this function, it was only added in 2008 and the default was set to on – to accomodate change tracking it seems! Another example of Microsoft catering to enterprise customers and not their core small business market.

Inserting HTML into an Outlook Email

You have created something in Word and saved it as an HTML file or you have received HTML content that you want to send out as an email. But, when you copy it into an Outlook email you just get the HTML code displaying – it does not render the HTML to give you the final page look you want.

It’s really simple but not immediately obvious how to do this in Outlook:

1. Create a New message

2.  Hit the paper clip to attach a file

3.  Select your source html file

4. Once selected the Insert button activates

5.  To the right of the Insert button select the down arrow

6.  Select Insert as Text

Your new email message is now rendering the HTML.

Anonymous searching

Came across some recent tech news items regarding Scroogle this week – http://www.scroogle.org/cgi-bin/scraper.htm – don’t use .com, that’s a porn site! Apparently Google has switched off a search scraping service which allows you to use Google search results through your own interface. This was apparently due to Google dropping support for IE6 – how these two relate I don’t know.

This caused Scroogle to stop working but it piqued my interest enough to investigate further, especially when a a few days later Google re-instated the service and Scroogle was back up and running.

Scroogle is a means of obtaining Google search results anonymously – they use various techniques like IP obsfuscation and cookie manipulation to make sure Google cannot track your searches i.e. cannot link it with your Google account etc. Scroogle delete all the info they collate within 48hrs of your search and you don’t get Google advertisements on your search results page – it feels just like the early days of Google, no clutter, just basic results. Marvellous! So I started using it and have not looked back.

They provide a helpful set of instructions for adding Scroogle to the IE search provider list which enables you to change the default search engine and the search engine box, at top right of IE, to Scroogle:

1. Go to Microsoft’s add search provider page: http://www.microsoft.com/windows/ie/searchguide/en-en/default.mspx

2. Paste in the test search link to the URL box: http://www.scroogle.org/cgi-bin/nbbw.cgi?Gw=TEST

Microsoft Search Provider Web Page

3. Type in ‘Scroogle’ for the name.

4. Hit the Install button.

5. Tick to make default search provider and hit Add button.


Adding Scroogle Dialog

That’s it – your default search provider is now Scroogle – you should now see a red, green and black crossed through ‘G’ icon in your search box.

The only problem I have found is that you do not get the ‘Cache’ link appearing on the results for the Google cached content – this is sometimes useful when trying to access cloaked content i.e. Experts-Exchange.com, but otherwise I have found the service faultless.

At the time Scroogle went down they were advising people to use another alternative anonymous search engine which you may want to check out as well:


And they have a page for adding it to IE here: http://us2.ixquick.com/eng/download-ixquick-plugin.html