Jerold Schulman


Jerold Schulman is the former author of the JSI FAQ tips on

Q. How can I capture an image of the Windows Vista Start menu or context menu?

The Windows Vista Snipping Tool allows you to capture a window, full screen, rectangular area, or a free-form selection.

When you attempt to capture an image of the Start menu or context menu, accessing the Snipping Tool causes the Start menu and context menu to close.

To workaround this behavior:

Q. Where does the Windows Server 2003 R2 Print Management console store the connections for PushPrinterConnections.exe?

The Print Management console in Windows Server 2003 R2 stores connections for the PushPrinterConnections.exe program in the registry as the default Value Name, using a REG_MULTI_SZ data type.

The user-based connections are stored in the HKEY_CURRENT_USER\Software\Microsoft\PPC key, and can be viewed by typing
Reg Query HKCU\Software\Microsoft\PPC /Ve in a CMD.EXE window.

Q. Internet Explorer 6 hangs when you resize an Active Document server window?

Internet Explorer 6 may stop responding when you resize an Active Document server window. If you hide the Internet Explorer resize handle, it responds again.

This behavior will occur if Internet Explorer is set to hide the status bar and the Active Document server displays scroll bars.

NOTE: When this behavior occurs, Windows continues to send the same mouse coordinates even though the mouse is no longer over the resize handle.

Q. After installing SP2 for Windows XP, or SP1 for Windows Server 2003, some services do NOT start?

After upgrading to Windows XP SP2 (Service Pack 2), or Windows Server 2003 SP1 (Service Pack 1), the following services do NOT start:

Q. A user can bypass the roaming profile size limit by pressing ALT + F4 two times in Windows Server 2003?

Windows Server 2003 allows you to use the Limit profile size Group Policy Object at User Configuration / Administrative Templates / System / User Profiles to limit the size of roaming profiles.

If you enable this policy, the Profile Storage Space dialog is displayed when a user logs off if their profile exceeds the maximum size. When this occurs, they are required to reduce their profile size before they can log off.

The Windows Vista Security Guide.

The Windows Vista Security Guide contains the following Overview:

Welcome to the Windows Vista Security Guide. This guide provides instructions and recommendations to help strengthen the security of desktop and laptop computers running Windows Vista in a domain with the Active Directory directory service.

Q. Host (A) records may contain incorrect IP addresses if you configure a Windows Server 2003 DHCP server to update A records and PTR records in DNS?

The host (A) records for one or more clients contain incorrect IP address, preventing name resolution, when a Windows Server 2003 DHCP (Dynamic Host Configuration Protocol) server is configured to update A records and PTR records in DNS.

This behavior can occur if there is no reverse lookup zone for the IP subnet, or if the reverse lookup zone is not configured to allow dynamic updates.

Q. How can I set an environment variable to a user's domain SID, using standard commands?

I have scripted GetUserSID.bat to return the current user's domain SID.

The syntax for using GetUserSID.bat is:

\[call GetUserSID SID

Where SID is a call directed environment variable that will contain the user's domain SID.

GetUserSID.bat contains:

Q. The Lsass.exe process may stop responding if you have many external trusts on a Windows Server 2003 domain controller?

The Lsass.exe (Local Security Authentication Server) process on your Windows Server 2003 domain controller may hang if you have many external trusts and many simultaneous logon requests that do not specify the domain name.

This behavior will occur because the Lsass.exe process runs out of resources if the 'number of simultaneous logons' multiplied by the 'number of trusts' is grater than 1,000.

To resolve this problem:

Q. How can I disable Local GPO processing in Windows Vista?

In previous versions of Windows, there was no mechanism for creating multiple local Group Policy Objects. The only way you could filter Local Group Policy was by applying NTFS deny access permissions on the Group Policy.

Windows Vista allows you to create multiple local GPOs. You can create them for any user, by name, for all the members of the local Administrators group, and for all users who are NOT members of the local Administrators group.

Q. How can a batch determine if the current user is using a temporary profile?

Using REG.EXE, built into Windows XP, Windows Server 2003, Windows Vista, and later operating systems, or installed from the Windows 2000 Support Tools, information from tip 11125 » What is the meaning the State Value Name in a user's registry profile, and GetUserSID.bat, I have scripted IsProfileTemp.bat to determine if the current user has logged on with a temporary profile.

Q. What is the meaning of the State Value Name in a user's registry profile?

When a user logs on, their registry profile at
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\<SID> contains a State Value Name, a REG_DWORD data type, that is a bit mask whose value indicates the state of the local profile cache.

NOTE: See tip 5346 » How do I retrieve a user's ProfileImagePath in batch?

The mask bits and their meaning are:

Q. You receive an error when you attempt to install the UDDI Services database components on SQL Server 2005 running on Windows Server 2003?

When you attempt to install the Microsoft Windows Server 2003 UDDI (Universal Description, Discovery, and Integration) Services components on Microsoft SQL Server 2005 running on Windows Server 2003, you receive:

This database instance does not meet the minimum version or Service Pack level requirements and cannot be used for installation. Please upgrade this instance or select another one.

Q. When you run the Exchange ActiveSync Certificate authentication tool in Windows Server 2003 you receive 'The security ID Security is Invalid'?

When you run EASAuthUploadXMLtoAD.vbs to upload the customized .xml configuration file to the Active Directory directory service in Microsoft Windows Server 2003, you receive:

"The security ID Security is Invalid"
error code 80070539
Line 250 char 9

This issue occurs when you upload to a non-English version of Windows Server 2003, because the EASAuthUploadXMLtoAD.vbs file contains the following line:

Const strDomainUsers = "Authenticated Users"

Microsoft Stack Master Class

Master-Level Microsoft Stack Class with John Savill
Online Class: Thursdays Oct. 12th-Dec. 21st
30 Hours of Training for $995!

Understand the complete Microsoft solution stack, how the products work together, and how to implement and maintain for a total datacenter and desktop solution. This course covers the latest technology updates including Windows Server 2016 and Windows 10 and will enable the new capabilities to be leveraged in your organization.


Join the Conversation

Sponsored Introduction Continue on to (or wait seconds) ×