AN Authentication Error has occured (0X507)

This error occured when you try to connect from your XP (SP 2 or 3) or Vista desktop to Windows 2008 TS. This is NLA error. WIndows 2008 use NLA for security reason. 

To solve this error you need to make registory changes. 

1. Click on Start and Click on RUN (if it is Vista type regedit in search)
2. Type Regedit and click OK
3. It will open registory editor
4. Click on HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
5. In right hand panel right click on Security Packages and clcik Modify.
6. In box leave all value and add tspkg at end As new value. and click OK.Refer Image
7. Now click onHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
8. In right hand side panel right click on Security Provider and click Modify
9. In data add word credssp.dll as new value. Do not change any other value
8. Click OK and exit from registery Editor
9. Restart your compute

If you are responsible for maintaining Windows Terminal Server in your environment then i strongly recommend to use "Windows Server 2008 Terminal Services Resource Kit" . This book is really very helpful.
  

SEP 12.1 & Dos commands

We should be familiar with dos commands to start & stop services related to SEP.

Symantec Endpoint Protection Service is dependent on Symantec Web service so when we try to stop web service only it will stop SEPM service also.

Net stop semwebsrv

Type ‘Y’to stop the service, you can see it's stopping SEPM service first then Apache service.

To start both the services again type

Net start semsrv

IF you wish to stop only Symantec Endpoint Protection Manager Service only

Net stop semsrv

To start Symantec Endpoint Protection Manager service again

Net start semsrv

o stop Symantec Endpoint Embedded database service.

net stop sqlanys_sem5

To start it again

net start sqlanys_sem5

How to restart Shared insight cache service through command line if it’s installed.

Sc start “Shared insight cache”

Sc stops “Shared insight cache”

Sc query “Shared insight cache”



In many cases we may required to stop SEP client service to replace sylink.xml or for any other troubleshooting.

To stop SEP client service

smc -stop

After typing this command there won't be any command prompt window, SEP yellow shied icon  should disappear after typing this command.

To start SEP client service

smc -start



To disable SEP client firewall service

smc -disable –ntp

To enable client firewall service

smc -enable -ntp

If the SEP client UI is password protected:

smc -disable -ntp -p

I hope it's been informative.

Using a Command Line to Uninstall Software on Remote PCs

WMIC (Windows Management Instrumentation Command-Line) is a potent tool that often doesn't see much use due to the lack of (easily accessible) documentation available. More information can be found on WMIC here: http://technet.microsoft.com/en-us/library/bb742610.aspx. Some great switches and alternate options can be found here: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/wmic_overview.mspx. We’ll be using WMIC with domain admin credentials to crawl through a list of nodes (PCs/Laptops) and uninstall an example program without interrupting the user.

01. Load up a command shell with appropriate access permissions

Though a WMIC instruction can be given appropriate credentials prior to operation, it is typically best-practice to avoid clear-text typing the password (who is that looking over your shoulder;)). We’ll execute the runas command like the following:

Runas /user:DomainAdminAccount@DOMAIN cmd

… which will prompt us for the credentials of our DomainAdminAccount. If authenticated, we’ll be handed a command shell running as the Admin

 02.     
Verify Program Installation (an optional informative step)

With our WMIC prompt, we can ask many questions of a node (or nodes) and receive some nicely formatted replies. Though formatting the replies is beyond the scope of this "How To", much more information can be found on the internet.

So let's find out if a particular node even has our target software (Spiceworks does attempt to list this information in its software scan)

>/node:COMPUTERNAME product get name,version,vendor

This command asks WMI to reply with a list including the Name, Version, and Vendor of all compliant software installations.

If you would like to filter for a specific product, you may do so. Here's an example scanning a networked machine for all installed applications from the vendor "Apple, Inc"

>/node:ANOTHEREXAMPLE product where vendor="Apple Inc." get name,vendor

(*Note from Anders4221:
A small hint if you have special characters like '-' or '/' in the computer name you need to use ' ' characters in order to get information from client)

(**Note from Joe3034:
Here is how you use wildcards in your search:

Surround the like phrase in double quotes and your search criteria in single quotes, and use % as the wildcard symbol.

e.g.:
/node:ComputerXYZ product where "vendor like 'adobe%'" get name,version,identifyingNumber )

03. Call for the Uninstallation

So we can make a call to the WMI interface to uninstall a particular product... let's pick on the MobileMe Control Panel from our previous example. The command:

>/node:EXAMPLE product where name="MobileMe Control Panel" call uninstall

... will prompt you for confirmation in the following (long) format:

Execute (\\EXAMPLE\ROOT\CIMV2:Win32_Product.IdentifyingNumber="{6DA9102E-199F-43A0-A36B-6EF48081A658}",Name="MobileMe Control Panel",Version="2.1.0.24")->Uninstall() (Y/N/?)?

.. to which you must reply 'y' if you wish to uninstall. WMI compliant software will run the default uninstalation procedures without the user needing to do anything (they receive no prompts etc).

**Note that you may also use the
/nointeractive flag like /node:EXAMPLE product where name="MobileMe Control Panel" call uninstall /nointeractive to prevent the confirmation request!
-thx Bart2691

04. Call Uninstall for a List of Machines (an optional informative step)

Let's assume you just got word that Adobe Reader has a serious flaw in it's old version. In a panic, you asked all your users to blindly install the new version of Adobe reader straight from Adobe's site. Thankfully, they all managed to do so... however you've received 3 tickets so far about an Acrobat.com icon on the desktop.

You have a flat text file of all your computer's names stored in c:\computers.txt. You pop open a WMIC shell with appropriate permissions and enter the following command:

>/failfast:on /node:@"c:\computers.txt" product where name="Acrobat.com" call uninstall /nointeractive

Which iterates through your list, skipping nodes that are invalid (eg:machine is turned off) and those that don't meet the criteria. You'll need to confirm 'y' that you want to uninstall on every node unless you use the nointeractive flag.

* Updated Note from Bart2691
... an easy way to automate answering 'Yes'. Examples for doing it by PC or a text file is to use the /nointeractive flag. Additionally, if you don't wish to hang on failed nodes, use the /failfast:on flag to quickly skip a node that isn't responding.

** note from true911 (unconfirmed)
The correct flag is failfast:on, not fastfail:on

wmic /failfast:on /node:@"FILENAME.txt" product where "name like 'microsoft office professional edition 2003'" call uninstall /nointeractive

This for Spiceworks for this links.

Remove Leftover Office Registry Keys

Sometimes after uninstalling older versions of Microsoft Office some registry keys are left behind. This causes Spiceworks to think that those older versions of Office are still installed, even though the actual program files are all removed. You can follow the steps here to clean up those old registry keys so Spiceworks can get a proper inventory of the software on the machine.

NOTE: Please make a backup of Registry before making any changes to it. You can severely damage a machine if an incorrect edit is made.
1.Open up RegEdit

Open up RegEdit by going to Start>Run and typing "regedit" and pressing Enter or OK. You can also enter the "regedit" command into a Command Prompt to open up the editor.
   
2.Locate the Office Registry Key

Microsoft stores all of the installation information for Office Products in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\. Underneath this key you will see various version numbers, each corresponding to different versions of Office. They are as follows:


-9.0 is Office 2000
-10.0 is Office XP
-11.0 is Office 2003
-12.0 is Office 2007
-14.0 is Office 2010
   
Note : On a 64bit machine it is under HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Office.

3.Locate the Corresponding Registration Key

Underneath each of the version number keys you should see a "Registration" key. Depending on how many Office products you have installed (Visio, Project, etc. all will be stored underneath one of those version keys) on the machine there will be multiple hashed keys present underneath the Registration key. Each of these hashed keys should have a value underneath it called "ProductName". You can use this value to correctly determine which hashed key is related to the product you want to remove.

   
4.Delete the Hashed Key

Once you have located the correct hashed registry key, delete it. As mentioned above, though, make sure you have a good backup before doing this!
   
A9909880dbc69ec638645f89f4cec6ae617b50c5bcea4b4214d520def25bbef6_hashed_key_big
Conclusion

Once you have performed the steps above run a scan on the device by either running a full network scan or a rescan underneath the Tools section of the device. Once the scan is complete you should see that the long deleted Office products are now gone from your Spiceworks Inventory. If the scan is still showing that the software is present, you might need to disable Incremental Scanning in Settings>Network Scan.

I hope this helps!

This topic are taken from Spiceworks.

Solved: “Cannot read from the source file or disk”

     One of our file shares ended up with several undelete-able files. Attempting to delete them results in “Error Deleting File or Folder – Cannot delete file: Cannot read from the source file or disk“.

Note: Windows 7′s version of this message is something like:

    Could not find this item: This is no longer located in C:\Blah. Verify the item’s location and try again.

Even going to the file’s properties to check permissions presented a very blank properties dialog. And a CHKDSK didn’t sort thing out either.

It turns out the problem was: the filename ended with a dot, e.g. it was something like “C:\Temp\Stuff\Sales Agreement.“. As far as Windows is concerned this is an invalid file name: so although it gets reported in a directory listing, the standard Windows APIs for manipulating files subsequently deny its existence.

So how did this file get created in the first place? The answer: a Mac. The file was on a file share which had been accessed by a Mac user. Macs tend to write all sorts of metadata to extra “._DSStore” files and suchlike and had left this file behind.

So if Windows doesn’t appear to allow these file names, how did they get to be created? Well, it turns out that NTFS allows all sort of file name/path weirdness that Windows, or specifically the Win32 API, doesn’t allow. For example, NTFS actually allows file paths up to 32K but Windows restricts file paths to no more than 260 characters (MAX_PATH). I suppose this is all for DOS/Windows 9x backwards compatibility. As these files were being accessed over a file share I guess the usual Win32 checks are bypassed.

But thankfully you can get Win32 to ignore these checks by prefixing your file paths with \\?\, (ie. C:\Temp\SomeFile.txt becomes \\?\C:\Temp\SomeFile.txt) which I discovered after reading this blog post about long paths in .NET.

So at a command prompt (Start > All Programs > Accessories > Command Prompt) I was able to delete the file using:

del "\\?\C:\Temp\Stuff\Sales Agreement."

    Note: On Windows 7 it seems you can just use wildcards without the \\?\ trick to delete the offending files: e.g.
    del c:\temp\somefil*

If it’s a folder/directory you’re trying to delete use the rd or rmdir command, e.g.:

rd /s "\\?\C:\Documents and Settings\User\Desktop\Annoying Folder."

Tip: as you’re typing the file/directory name use the TAB key to auto-complete the name (press TAB repeatedly to cycle through possible names).


Of course the corollary of all of this is that you could really annoy somebody by doing this:



echo Hi > "\\?\%USERPROFILE%\Desktop\Annoying file you can't delete."