Rules for Aliases in Office 365

I found out this week that it is not possible to create a rule for email sent to an alias created in Office 365.  If you wanted a rule that would file emails into a folder based on which email address it was sent to then you can't simply use an alias to do this.

What you need to do instead is:
1. Create a distribution list named as the alias (e.g. accounts@organization.biz) with the intended recipient in it
2. Make the distribution list accessible from outside the organization
3. Create the rule based on the distribution list

I hope that helps some of you.

How do you share a mailbox with another user in Office-365?

In a typical organisation with a Microsoft Exchange server you would select your mailbox in Outlook, right-click > Properties > Security, then give the user the appropriate permissions.  However in Office-365 this approach does not work, instead you have to delve into the inner working with PowerShell.

1. Click Start > All Programs > Accessories > Windows PowerShell > Windows PowerShell.
2. Run the following command:
   
   
   

   $LiveCred = Get-Credential
3. In the Windows PowerShell Credential Request window that opens, type the credentials of an account in your cloud-based organization. When you are finished, click OK.
4. Run the following command:
   
   
   

   $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
   Note   The AllowRedirection parameter enables cloud-based organizations in datacenters all over the world to connect Windows PowerShell to the cloud-based service by using the same URL.
5. Run the following command:
   
   
   

   Import-PSSession $Session
   A progress indicator appears that shows the importing of commands used in the cloud-based service into the client-side session of your local computer. When this process is complete, you can run these commands.
6. To view the available mailboxes, run the following command:
   
   
   

   Get-Mailbox
7. Run the following command:
   
   
   

   Add-MailboxPermission -Identity <mailboxToShare> -User <userToAccess> -AccessRights FullAccess -InheritanceType All
   Note  <mailboxToShare> and <userToAccess> can both be replaced by the respective user's email addresses.


8. To disconnect PowerShell run the following command:
   Remove-PSSession $Session

To now add the mailbox to Outlook.  From Outlook do the following:

1. On the Tools menu, click E-Mail Accounts.
2. Click View or change existing e-mail accounts, and then click Next.
3. In the list, click the Exchange account type, and then click Change.
4. Click More Settings, and then click the Advanced tab.
5. Click Add, and then type the mailbox name of the person whose mailbox you want to add to your user profile.

To have The PC Support Group help you with any of your business or personal computer needs please call us on +44 (0) 845 2233116 or visit our website http://www.pcsupportgroup.com/

Computer Slow Opening Word Documents

I recently had a customer call me complaining of a slow computer.  After a few questions I discovered that it was only slow when right-clicking on files, or when opening MS Office documents (Word, Excel etc) from Windows explorer.  This particular user was part of a small network using Windows XP Professional and connected to a small business server.

Thanks to some tips from online forums I was able to get to the bottom of this.  I'd already tried:

• Reinstalling Office
• Registry cleaner (ccleaner)
• Log on as a different user
• Chkdsk
• Performance monitor
• File type associations
• Disable DDE

Nothing was having any effect, using Perfmon.exe I could see that the computer was quite simply doing nothing for about 10 seconds when trying to open a word file then all of a sudden it would kick into life.

So what was happening?

This post pointed me to the answer http://howtotroubleshoot.blogspot.com/2008/05/double-clicked-documents-slow-to-open.html

On this occasion running netstat -ano in the command shell showed me that the desktop was connected to only the server and the router until I tried to open a Word document when suddenly it sent a SYN packet to another local IP - this user's old computer.

There were no mapped drives to this computer and searching the registry for the IP address gave no results.  However when I searched the registry for the old computer's name then it came up under several keys relating to Firefox.

I uninstalled firefox but the problem didn't go away.  I did another search of the registry and this entry still came up under a firefox key so I simply deleted it.  Hey presto! Problem solved.

Don't ask me why but this is how I solved it.

For further information, or to have this problem solved for you remotely by our team of technicians, please contact The PC Support Group on +44 (0) 845 2233116, or visit our website http://www.pcsupportgroup.com/

Backups Failing in SBS 2011

Recently The PC Support Group were contacted by a customer whose Windows server backup was failing, with error code 2155348129.  Typically we don't use Windows Server Backup because the reliability and features are somewhat lacking, however this customer chose to use it for price reasons.

It turns out that the cause of it not working was down to a Sharepoint update (SP1 to be precise).  This has been blogged on the SBS Technet site.

Backups failing is a real concern for business.  Once configured, do ensure that someone is receiving notifications of its success or failure.  You can do this with the Reports feature from the SBS Console.

Quickbooks PDF converter not working

After upgrading a clients operating system recently we found that quickbooks could not create PDFs either through the "email accounts" function, or the file > save as > pdf option.

Having run through all the the troubleshooting steps, manually we were no closer to resolving the problem.  As a workaround, we had installed PDF Creator allowing the user to print to pdf and then email the file out manually, but this significantly increased the number of steps involved.

Solution
On this occasion the solution was simpler than imagined, Intuit's own PDF diagnosis tool resolved the problem.
http://support.quickbooks.intuit.com/support/Articles/SLN40733 (Solution 1)
Perhaps a misnomer on their part as it is more a repair tool than a diagnosis tool.

If you require assistance with this or any other problems then please call The PC Support Group on +44 (0)845 2233116

Deciphering Blue Screens

One of our customers called today with the infamous blue screen, actually she wasn't getting the blue screen, she was getting the "Windows just recovered from a serious error" screen which happens after Windows automatically reboots itself.

What you can do to troubleshoot this is check the event viewer (eventvwr) for system errors with ID 1001.  This will reveal something about the cause and regularity of the errors.  It is also worth seeing if any other errors occur just momentarily before the 1001 event.

Should you require more information then there is a great program called BlueScreenView, it is included with Windows 7 Professional, but you may be able to download it for other versions of Windows.  Using the Kaseya console I transferred the C:\Windows\Minidump folder to a temporary folder on my local machine and running this was immediately able to see the main suspects

Although the Stop Code was 0x10000008e, and searching Google suggested it was a graphics driver problem.  Using BlueScreenView seemed to suggest is was caused by some security software Trusteer Rapport.  Adding further weight to this theory, the Trusteer website even lists "blue screens" in their FAQ.

For further information check out the detailed response in the Microsoft Forums
Please contact The PC Support Group on +44 (0)845 2233116 if you would like us to resolve these blue screen problems for you.

How to manually extract self-extracting archives

This applies to certain .exe .msu .msp and .msi files and is taken from the following website (http://www.windowswiki.info/2009/02/19/how-to-extract-msumspmsiexe-files-on-the-command-line/)

How to extract msu/msp/msi/exe files on the command line

I find these commands quite helpful — maybe you know them already — if not, here you go:

Microsoft Hotfix Installer (.exe)

setup.exe /t:C:\extracted_files\ /c

Microsoft Update Standalone Package (.msu)

expand -F:* update.msu C:\extracted_files
cd extracted_files
expand -F:* update.cab C:\extracted_files

Microsoft Patch File (.msp)

msix patch.msp /out C:\extracted_files
msix.zip

Windows Installer Package (.msi)

msiexec /a setup.msi /qb TARGETDIR=C:\extracted_files

XP Service Pack 3 uninstall Blue Screen

When The PC Support Group recently received a call about a non-booting computer we were able to trace it to an attempted installation of XP service pack 3.  The user has a Dell Dimension 9200 with XP service pack 2.  Service pack 3 had installed perfectly but upon rebooting to complete the installation they were greeted with the well-known blue-screen-of-death (or BSOD) with stop code 0x0000007E stating "there was an attempt to Execute non-executable memory".  This also happened in safe mode.  It did not happen in any live CDs so the approach we took was to uninstall the service pack.


So step 1. take an image backup using Acronis True Image to make sure that if the worst happens you still have a copy of all the data.
step 2. boot the computer using the original install CD and select the recovery console
step 3. Use the recovery console approach here to uninstall the service pack


Alternative step 2.
If you do not have the original install CD then you may be able to use an alternative install CD, but in this case the computer has a RAID setup that is not supported by the standard XP install CD.  In this case the best option available for us was to boot from an Ultimate Boot CD for Windows (UBCD4Win).  In order to use the RAID drivers you need to add the Mass Storage drivers from the Driver-pack plugin (this would be at step 7 in their how to http://www.ubcd4win.com/howto.htm).
This did work for us, but something worth noting is that Dell drivers are available from their public FTP site ftp.us.dell.com

Alternative step 3.
Once into the UBCD4Win environment then launch a command shell and type:
cd c:\Windows\$ntservicepackuninstall$\spuninst
ren spuninst.txt spuninst.bat
spuninst.bat


You should now be able to boot into Windows.

Kaseya script to silently uninstall Microsoft Security Essentials

Microsoft security essentials is a good anti-virus program for small businesses because it is a capable program and its End User License Agreement (EULA) allows its use for free where the business has less than 10 PCs.  However, if you are a managed server provider like The PC Support Group then you may well be using software like Kaseya with its automated scripting engine for preventative maintenance routines and its 24/7 monitoring and alerting features.  A new customer would typically take the Kaseya Endpoint Security (KES) thus allowing an integrated management service.  So using Kaseya, how do you uninstall Microsoft Security Essentials prior to installing KES? With a script of course (this script was taken courtesy of SMason on the Kaseya Forums):

Script Name: Uninstall Security Essentials
Script Description: 

IF True 
THEN
   Execute File - (Continue on Fail)
     Parameter 1 : %PROGRAMFILES%\Microsoft Security Client\setup.exe
     Parameter 2 : /x /s
     Parameter 3 : 3
         OS Type : 13
   Execute File - (Continue on Fail)
     Parameter 1 : %ProgramW6432%\Microsoft Security Client\setup.exe
     Parameter 2 : /x /s
     Parameter 3 : 3
         OS Type : 13
   Execute File - (Continue on Fail)
     Parameter 1 : %PROGRAMFILES%\Microsoft Security Essentials\setup.exe
     Parameter 2 : /x /s
     Parameter 3 : 3
         OS Type : 13
   Execute File - (Continue on Fail)
     Parameter 1 : %ProgramW6432%\\Microsoft Security Essentials\setup.exe
     Parameter 2 : /x /s
     Parameter 3 : 3
         OS Type : 13
ELSE

Free Software Downloads for Microsoft Partners

At The PC Support Group, we subscribe to the Microsoft Action Pack (MAP) because this gives us use of a lot of the Microsoft products for a simple yearly subscription.  To qualify you need to pass a short technical test to prove that you're a competent Microsoft reseller and then you pay your subscription.  The MAP software although extensive is perhaps not all the software that you may need.  Recently I needed to download Windows Home Server 2011 and found that only WHS 2008 was available through the MAP.  Then I discovered that the software was available through a Technet subscription.  Thankfully this is included now as part of the MAP benefits the tricky part is figuring out how to link the subscriptions.
Thanks to this Blog (http://msmvps.com/blogs/bradley/archive/2010/05/24/technet-plus-now-part-of-action-pack.aspx) I was able to access Technet fairly quickly.

It is worth noting the differences in the terms of use, the Technet software is available as trial editions, whereas the MAP software is available for internal use.  It may nevertheless be just what you need, as it was for me on this occasion.

Forgotten your Windows Password?

If you have forgotten your Windows password, be it a simple login password or the local administrator password for a Windows Server then there are a few approaches you can take, listed in order or difficulty/time-taken:

1. Guess the password

2. Use an alternative administrative account to reset the password

3. Try to crack the password

4. Try to clear the password

5. Enable a hidden administrative account and then reset the password

1. Guess the password, or guess the password of another user with administrator privileges some common passwords can be found here http://www.whatsmypass.com/the-top-500-worst-passwords-of-all-time

Of course try some themes which may mean something the person who owns the account.

2. In any version of Windows, if you have another account that is an administrator and you know the password then you can log-in with that account and use this method to reset any passwords.  In Windows XP the administrator account is rarely used and often has a blank password.  Access it by going in to safemode - press F8 just before the "Starting Windows" splash screen shows.  Once you have logged on as administrator you can go to Start > Run: control userpasswords2

Select the user and then the "Reset Password" button.

3. Try to crack the password with Ophcrack http://ophcrack.sourceforge.net/.  Password cracking will work in most cases for XP and a lot of cases for Vista.  However, if you look through the tables page on the website you'll see that using this technique is virtual impossible for a password longer than 8 characters that includes upper and lower case letters, numbers and symbols.

Write the Ophcrack iso to a cd/dvd and reboot the computer from the CD.

If Ophcrack fails to run first time then it could be that it failed to mount the Windows partition.  So you will need to figure out which partition it is.  I did this with trial and error like so:   (Open a terminal window)

   a) mkdir /mnt/cdrive

   b) mount /dev/sda1 /mnt/cdrive

   c) ls /mnt/cdrive

In step c) you are looking out for a directory listing the same as your Windows C drive, the presence of a Windows directory is an obvious giveaway.  If /dev/sda1 does not hold your C drive then try /dev/sda2, then try /dev/sda3.  On older systems, i.e. with PATA (IDE) rather than SATA drives then you might find it is /dev/hda1 etc.

Once you have located and mounted your windows partition. Then you need to re-run the cracking utility:

   d) /home/tux/launch.sh

If you get permission denied errors then you should run the command starting with sudo, e.g. sudo mount /dev/sda1 /mnt/cdrive

Check out the FAQ for more information http://sourceforge.net/apps/mediawiki/ophcrack/index.php?title=Frequently_Asked_Questions

4. Try to clear the password with chntpw

This method has worked for me on XP, 2003 and Vista installs and I have no reason to believe that it wouldn't work on Windows 7 or Server 2008.  The caveat is that servers tend to have RAID disks and so you will need a Linux distro with RAID drivers, such as Ubuntu server.

   a) mount the drive (see Method 3)

   b) sudo apt-get install chntpw  (at this step it failed, make sure you're connected to the Internet, in some cases you may need to first run sudo apt-get update)

   c) cd /mnt/cdrive/Windows/System32/config

   d) chntpw -u Administrator SAM

   e) select option 1 to clear the password, choose "y" to write the hive file, then reboot.

In Vista, the built-in administrator account is disabled by default and perhaps it is someone else's account which you need to clear the password on so choose chntpw -u "Joe Bloggs" SAM.

The last time I tried this it failed to clear the password.  So that's why I've written method 5. 

5. Enable a disabled administrative account with chntpw then reset the password from that account.  Note: if there is another administrator account in Windows which you do know the password for then you should use method 2.

You begin this one exactly the same as method 4 except at step e).

   a) mount the drive (see Method 3)

   b) sudo apt-get install chntpw 

   c) cd /mnt/cdrive/Windows/System32/config

   d) chntpw -u Administrator SAM

   e) select option 4 to unlock and enable, choose "y" to write the hive file, then reboot.

   f) Log on to Windows using the Administrator account, then proceed as in Method 2.

   g) Log-off Administrator and Log-on to the User who now has a new password.

   h) Finally hide the Administrator account again start a command prompt, in Vista or 7 type cmd into the start menu then right-click on cmd.exe and choose "run as administrator"

   i) type: net user administrator /active:no

Using Office 365 Web Interface for Contact Sharing

In a recent deployment of Office 365 that I did for a customer, they were particularly interested in the ability to share contacts.


No problem, with an Exchange back-end you are able to share Calendars, Contacts and even whole mailboxes. The real problem in getting it done is the web-interface.

• User1 has just been upgraded to Outlook 2010, he right-clicks his contacts, selects properties and then on the permissions tab selects the user and then the desired permissions.
• User2 is a subcontractor and brings his own Macbook into work.  He has to buy his own copy of Outlook 2011 but this only comes bundled with Office 2011 so he chooses not to do it.  Outlook Web Access (owa) should be sufficient for his needs anyway.... shouldn't it?

It turns out that in Office 365 you can very simply view a shared calendar, or you can open another user's mailbox, what you can't do is open anything else very easily, but there is a work-around.  Thanks to Amit Tank for this tip which pointed me in the right direction: http://exchangeshare.wordpress.com/2009/06/15/how-to-open-shared-calendar-in-owa/

So the work-around for displaying shared contacts using owa is to enter the following address into a browser:

https://<server name>/owa/<SMTP address>/?cmd=contents&module=contacts

So you replace <server name> with the Office365 server which can be found in a few ways, I found it by Ctrl-Clicking on the Outlook system-tray icon for the machine running Outlook, and then selecting "Connection Status".  This brings up a box showing the server address.

You also replace the <SMTP address> with the email address of the user whose contacts you are trying to view.

Troubleshooting Internet issues

A lot of Small businesses that we work with have regular Internet problems, which is often why they call The PC Support Group.  Either their previous one-man-band did not solve the problem or they couldn't get a fast response from them to solve the problem.

The PC Support Group have a team of experts waiting to solve problems just like this.  But suppose you want to solve the problem yourself, where do you start?

1. Do you have a network connection? 
• Press Windows-R then type cmd
• type ipconfig
• Look through the list for "Default Gateway" - note the value (e.g. 192.168.1.1)  
• If there is no value or if your IPv4 address begins 169.x.x.x then you are not properly connected to the network.
2. Can you reach the Internet gateway?
• Press Windows-R then type cmd
• type ping -t defaultgateway (defaultgateway is the value noted above e.g. 192.168.1.1)
• A good result is: Reply from 192.168.1.1: bytes=32 time<1ms TTL=64
• If you get any other result then you cannot contact the router.  Sometimes rebooting the broadband router, or rebooting the computer can solve this.
3. If you can reach the Internet gateway but cannot get to the Internet then the problem could be the Internet service, or the Domain Naming service (DNS).
• Press Windows-R then type cmd 
• type ping -t 8.8.8.8
• A good result is: Reply from 8.8.8.8: bytes=32 time=32ms TTL=64
• The time is not so important but it should be less than 100ms and if you watch it for about 30 seconds you shouldn't see any "no replies".  No replies, or times of greater than 100ms mean you have a poor Internet connection.
• Connect to the broadband router through a cable instead of by wireless to confirm it is not a WiFi problem and see if the previous results improve.
• If the results look good but the Internet will still not work reliably then it could be a DNS problem
4. You can diagnose a DNS problem by pinging an IP address without problem, but being unable to ping a domain name.
• Press Windows-R then type cmd
• type ping -t www.google.com
• A good result is: Pinging www.l.google.com [173.194.66.104] with 32 bytes of data:
  Reply from 173.194.66.104: bytes=32 time=43ms TTL=46
• Any other result indicates a DNS problem
• Change the DNS server you use by typing:
• netsh interface ip set dns "Local Area Connection" static 8.8.8.8
• The above will change the DNS server on the wired connection and set it to google's public DNS server.

The above steps are just some general tests to perform for troubleshooting your internet connection.  This may not resolve your problem and there may be slight differences in your set up which require slight changes.  For help with any of the above please contact us at The PC Support Group or on +44 (0) 845 2233116

 

How to Blog source code

In my first blog post earlier today I had to find a way to post some code for a script that I'd written.  I found a few suggestions, some of the popular ones being:

1. http://alexgorbatchev.com/SyntaxHighlighter/
2. https://gist.github.com/
3. http://codeformatter.blogspot.com

After trying option 1, I eventually settled on option 3.  Why?  Because all I want to do is copy and paste a script into a blog without context highlighting.  The other thing I want is for people to be able to copy and paste the code into notepad again.  Option 3, the code formatter, is perfect for this requirement.

Does your computer start-up too slowly?

Does your computer start up too slowly?

This could be down to a number of things but there are a few standard places to check:

1. Amount of RAM in the computer – is there enough?
2. Amount of free hard-disk space – is there more than 10% free?
3. Is the Anti-Virus set to run upon startup – if so disable that option.
4. Size of the user profile (my documents and desktop) – primarily a problem for domain users.
5. Number of programmes loading at startup – the fewer the better.

The number of programmes loading at startup can yield a quick fix for older computers, and that’s where I’m focussing in Today’s blog, but I would not recommend jumping straight in and changing it as any changes here are likely to change the way some programmes work.  Once the other options have been ruled out and you (or the user) are aware of the effect, then you can go ahead and make the change.  But how will you make that change?

In Person

If you have sufficient knowledge to make the change and the computer is in front of you then by all means make the changes by running msconfig or the ever useful ccleaner.  Hide any Microsoft items and then usually you can disable most of the other items safely.  It’s probably worthwhile leaving the AntiVirus running though!  Offending items can be present in both “Startup Programs” and “Services”.

Using Remote Control

You could have a qualified IT Professional (such as at The PC Support Group), carry this out for you using their remote control technology.  Remote control technology enables an IT Professional to control your computer over the Internet without being physically present.  You, the user, need to stop whatever you’re doing and give them perhaps 30 minutes to carry out the above.  From the IT Professional’s perspective, this is a fairly common request .  Looking for bottlenecks can be done fairly quickly but then getting a list of startup items and investigating which ones to disable and which ones to leave can be quite time consuming and may inconvenience the user if they’re left waiting while this is done.  That’s where scripts come to the rescue.

Kaseya^TM Scripts

Kaseya^TM is by no means the only way of automating part of this speed-up but it forms the basis for The PC Support Group managed service, and scripting is just one part of it’s functionality.  When one of our customers says that their computer is starting up slowly then we can draw on this scripting engine to help.  First the usual bottlenecks, as listed above, are checked via the “system audit” function.  Then a list of startup items is retrieved – this allows The PC Support Group to confirm what to disable and what to leave.  We have two scripts to do this:

• Export services
• Export startupitems

These scripts are run, then the files retrieved (e.g. C:\exportserviceslist.txt) and reviewed.  Finally the cleanup script is customized to disable the necessary startup items.  The XML should be edited directly in an editor like Notepad++ and the relevant services/programs just copied & pasted over.  This script is then imported back into Kaseya again and scheduled to run on the user’s computer. 

This makes the work totally invisible to the user so that they can continue to work on their computer while we work on it in the background.  More productivity for them and more productivity for us J

NB: The inspiration for the script came from http://www.on-sitetechsupport.com/category/kaseya-scripts/  In the future the script could be modified to make it generic so that it includes all programmes likely to be encountered and skips those not relevant to that computer. The PC Support Group accepts no responsibility for the use of these scripts.

Export Services Script

 <?xml version="1.0" encoding="utf-8"?>  
 <ScriptExport xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.kaseya.com/vsa/2008/12/Scripting">  
  <Procedure name="ListServicesExport" treePres="3" id="35789810">  
   <Body description="Export list of services to a file then upload the file to the KServer.">  
    <If description="Export list of services to a file then upload the file to the KServer.">  
     <Condition name="True" />  
     <Then>  
      <Statement name="ExecuteShellCommand" continueOnFail="false">  
       <Parameter xsi:type="StringParameter" name="Command" value="sc query &gt;&gt; c:\ServicesList.txt" />  
       <Parameter xsi:type="EnumParameter" name="ExecuteAccount" value="User" />  
       <Parameter xsi:type="BooleanParameter" name="Is64Bit" value="False" />  
      </Statement>  
      <Statement name="GetFile" continueOnFail="false">  
       <Parameter xsi:type="StringParameter" name="RemoteFileName" value="c:\ServicesList.txt" />  
       <Parameter xsi:type="StringParameter" name="KServerFileName" value="ServicesList.txt" />  
       <Parameter xsi:type="EnumParameter" name="Action" value="OverwriteSendAlert" />  
      </Statement>  
     </Then>  
    </If>  
   </Body>  
  </Procedure>  
 </ScriptExport>  

Export Startup Items Script

 <?xml version="1.0" encoding="utf-8"?>  
 <ScriptExport xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.kaseya.com/vsa/2008/12/Scripting">  
  <Procedure name="ListStartupAppsExport" treePres="3" id="71790046">  
   <Body description="Exports the registry keys relating to Startup tasks and then Uploads the file using &amp;#34;Get File&amp;#34;&#xD;&#xA;See Scripts --&gt; Get File --&gt; Machine, in order to retrieve uploaded file.">  
    <If description="Exports the registry keys relating to Startup tasks and then Uploads the file using &amp;#34;Get File&amp;#34;&#xD;&#xA;See Scripts --&gt; Get File --&gt; Machine, in order to retrieve uploaded file.">  
     <Condition name="True" />  
     <Then>  
      <Statement name="ExecuteShellCommand" continueOnFail="false">  
       <Parameter xsi:type="StringParameter" name="Command" value="regedit /E c:\StartupTaskList.txt &quot;HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\&quot;" />  
       <Parameter xsi:type="EnumParameter" name="ExecuteAccount" value="User" />  
       <Parameter xsi:type="BooleanParameter" name="Is64Bit" value="False" />  
      </Statement>  
      <Statement name="GetFile" continueOnFail="false">  
       <Parameter xsi:type="StringParameter" name="RemoteFileName" value="c:\StartupTaskList.txt" />  
       <Parameter xsi:type="StringParameter" name="KServerFileName" value="StartupTaskList.txt" />  
       <Parameter xsi:type="EnumParameter" name="Action" value="OverwriteSendAlert" />  
      </Statement>  
     </Then>  
    </If>  
   </Body>  
  </Procedure>  
 </ScriptExport>  

Remove Startup Items Script

 <?xml version="1.0" encoding="utf-8"?>  
 <ScriptExport xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.kaseya.com/vsa/2008/12/Scripting">  
  <Procedure name="removeStartupTasks" treePres="3" id="1505946189">  
   <Body description="Removes applications from the Registry RUN key. Removes services not required on startup.">  
    <If description="Removes applications from the Registry RUN key. Removes services not required on startup.">  
     <Condition name="True" />  
     <Then>  
      <Statement description="" name="DeleteRegistryValue" continueOnFail="true">  
       <Parameter xsi:type="StringParameter" name="Path" value="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ISUSPM Startup" />  
      </Statement>  
      <Statement description="" name="DeleteRegistryValue" continueOnFail="true">  
       <Parameter xsi:type="StringParameter" name="Path" value="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ISUSScheduler" />  
      </Statement>  
      <Statement description="" name="DeleteRegistryValue" continueOnFail="true">  
       <Parameter xsi:type="StringParameter" name="Path" value="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSKDetectorExe" />  
      </Statement>  
      <Statement description="" name="DeleteRegistryValue" continueOnFail="true">  
       <Parameter xsi:type="StringParameter" name="Path" value="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\YBrowser" />  
      </Statement>  
      <Statement description="" name="DeleteRegistryValue" continueOnFail="true">  
       <Parameter xsi:type="StringParameter" name="Path" value="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Adobe Photo Downloader" />  
      </Statement>  
      <Statement description="" name="DeleteRegistryValue" continueOnFail="true">  
       <Parameter xsi:type="StringParameter" name="Path" value="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LogMeIn GUI" />  
      </Statement>  
      <Statement description="" name="DeleteRegistryValue" continueOnFail="true">  
       <Parameter xsi:type="StringParameter" name="Path" value="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iTunesHelper" />  
      </Statement>  
      <Statement description="" name="DeleteRegistryValue" continueOnFail="true">  
       <Parameter xsi:type="StringParameter" name="Path" value="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched" />  
      </Statement>  
      <Statement description="" name="DeleteRegistryValue" continueOnFail="true">  
       <Parameter xsi:type="StringParameter" name="Path" value="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Adobe Reader Speed Launcher" />  
      </Statement>  
      <Statement description="" name="DeleteRegistryValue" continueOnFail="true">  
       <Parameter xsi:type="StringParameter" name="Path" value="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Adobe ARM" />  
      </Statement>  
      <Statement description="" name="ExecuteShellCommand" continueOnFail="true">  
       <Parameter xsi:type="StringParameter" name="Command" value="sc stop JavaQuickStarterService &amp;&amp; sc config JavaQuickStarterService start= demand &gt;&gt;&gt;&gt; c:\scriptlog.txt" />  
       <Parameter xsi:type="EnumParameter" name="ExecuteAccount" value="User" />  
       <Parameter xsi:type="BooleanParameter" name="Is64Bit" value="False" />  
      </Statement>  
      <Statement description="" name="ExecuteShellCommand" continueOnFail="true">  
       <Parameter xsi:type="StringParameter" name="Command" value="sc stop OrangeMobileBroadband_Service &amp;&amp; sc config OrangeMobileBroadband_Service start= demand &gt;&gt;&gt;&gt; c:\scriptlog.txt" />  
       <Parameter xsi:type="EnumParameter" name="ExecuteAccount" value="User" />  
       <Parameter xsi:type="BooleanParameter" name="Is64Bit" value="False" />  
      </Statement>  
      <Statement description="" name="ExecuteShellCommand" continueOnFail="true">  
       <Parameter xsi:type="StringParameter" name="Command" value="sc stop WTGService &amp;&amp; sc config WTGService start= demand &gt;&gt;&gt;&gt; c:\scriptlog.txt" />  
       <Parameter xsi:type="EnumParameter" name="ExecuteAccount" value="User" />  
       <Parameter xsi:type="BooleanParameter" name="Is64Bit" value="False" />  
      </Statement>  
      <Statement description="" name="GetFile" continueOnFail="false">  
       <Parameter xsi:type="StringParameter" name="RemoteFileName" value="c:\scriptlog.txt" />  
       <Parameter xsi:type="StringParameter" name="KServerFileName" value="scriptlog.txt" />  
       <Parameter xsi:type="EnumParameter" name="Action" value="OverwriteNoAlert" />  
      </Statement>  
     </Then>  
    </If>  
   </Body>  
  </Procedure>  
 </ScriptExport>