Tag Archives: flowerco

When All You Have is Document Imaging…

…everything looks like a document. I was surprised, to say the least, to learn that one of the salesmen for Flowerco, after having his computer replaced, wanted access to the legacy document imaging system (which we’ll call FileMania).

It was my assumption that FileMania was only used for some billing and insurance paperwork, not anything that sales would really need. Turns out, he was using the software as a rudimentary CRM, to track customer calls, contact information, and the like. Hardly an ideal solution, but unfortunately, there isn’t much else we currently have available for him.

If users don’t have the tools they need to do their jobs, they will find some way to use the tools they do have to make due.

Removing or Changing the NBX 8 Pool

FlowerCo uses extensions which start with an 8 (well, technically they have 3 digit extensions internally and use 8 as a prefix on incoming calls). Switching them over to an NBX will be easy, except for the fact that by default, 8 prefixes are for the 8 pool, and extensions start at 1000.

Open up your dialplan and delete any TableEntrys which reference your 8 pool route, then update your ExtensionRange to include 8000 series extensions. If you want to maintain the functionality of the 8 pool, you can change it to use a 7 as the prefix by deleting references to the Diagnostics route in your initial tables, and replacing that TableEntry to be Local pointing to your 8 route

ExtensionRange Telephone 8000 8099
TableEntry Create 1 30 8 4 4 Internal  0 8
TableEntry Create 1 10 7 8 8 Local  0 1

Don’t forget to update your auto-discover settings to start assigning phones at 8000 (System-Wide Settings -> Enable Features System-Wide). If you want to remove the 8 pool entirely, just remove any of its entries in Table 1 and Table 2 of your dialplan.

Uninstall Symantec from all PCs in a Domain

Last time, I posted about some leftover permission issues for FlowerCo and the Enterprise Admins group.  Today, I will explain how to remove Symantec from all the workstations in the domain. Most of this comes from this awesome post by Locutus, and if I could send this guy a beer over the internet, I would.

FlowerCo’s Symantec rollout is a combination of a misconfigured old central server, a new central server with no managed clients, and workstations that are all unmanaged clients. The great thing about this is that none of the clients are managed, so there isn’t any password needed to remove them from the workstations, which makes this a lot simpler. The bad thing about this is that the clients are all running the full endpoint protection suite, so remotely uninstalling them will briefly disconnect them from the network.  Don’t run this command during business hours unless you like having your phone suddenly ring off the hook.

Find the GUID for Symantec’s uninstall command (it’ll be buried somewhere in HKLM\Software\Microsoft\Windows\Current Version\Uninstall), then from a machine logged on as Domain Admin, run the following command (you’ll need the PsTools suite from SysInternals):

psexec \\* MsiExec.exe /norestart /q/x{FB8A4E30-9915-4814-ADF9-42E00D9FDC3D} REMOVE=ALL

This will run the uninstall command on every machine in the domain. The /norestart should be obvious, the /q makes the uninstall silent, and the /x enables logging. You can substitute other installer GUIDs to uninstall those products too.

This does not remove LiveUpdate.

Manage a Child Domain as Enterprise Admin

Say your AD root is ‘smashcorp.local’, and you have a child domains of ‘flowerco.smashcorp.local’ and ‘oilchange.smashcorp.local’  The oilchange domain was migrated into your AD directly from NT4, while the flowerco domain was already AD, so a new DC was created for it and it was kind of ‘copied’ into the smashcorp forest.

If you are a member of the Enterprise Admins group of smashcorp, you might notice that while you can manage oilchange just fine, flowerco throws some strange permissions errors (like being able to delete but not create GPOs) and is always nagging you for a password for operations. Running a dcdiag from a smashcorp DC gives you “failed test NetLogons” errors, and access denied errors on Services, frssysvol, frsevent, kccevent, and Systemlog.

After scratching my head over this for a couple of days, and getting tired of RDPing into flowerco, I finally found where Enterprise Admins was missing from flowerco. In AD Sites & Services, go into the Builtin folder and add Enterprise Admins to the Administrators group. Apparently this didn’t happen with the way flowerco was brought into the forest initially.