How-To Prevent Windows From Generating Those Stupid Thumbs.db Files

For reasons that only someone locked in some basement deep in the bowels of the Microsoft Empire would know, Windows keeps generating annoying Thumbs.db files that pollute the filesystem. Normally I wouldn’t mind having a few random hidden files but these things keep getting locked making it nearly impossible to rename, move or delete folders without rebooting every time. There is, however, a fairly simple solution.

  1. In the Start Menu search area, type “group policy”. 

     thumbs.db_start_menu
  2. Click on Edit group policy to load the Local Group Policy Editor.
  3. In the Local Group Policy Editor, expand the User Configuration part of the tree in the left column. Then Administrative Templates, then Windows Components and finally Windows Explorer. Now in the right hand column, double click on Turn off the caching of thumbnails in hidden thumbs.db files

    thumbs.db_local_group_policy_editor
  4. In the dialog box that pops up, click on Enabled followed by Apply or OK to write the new setting to the registry. 

    thumbs.db_turn_off_cache
  5. Enjoy being able to rename, move and delete folders without having to reboot!

SQL Server 2005 SP1 coexistence with SQLExpress SP1

The issue I had with trying to get SQL Server 2005 SP1 to coexist with SQLExpress SP1 was that the "default" database instance, which in this case is SQL Server 2005 Enterprise SP1, wouldn't appear in SQL Management Studio when browsing for network servers. I'm not sure if this is a bug or some kinda "by design" thing that exists for backward compatability but tweaking the install order seems to have fixed the issue.

The install order is as follows:

  1. Install SQL Server 2005 Enterprise on the default instance
  2. Install SQL Server 2005 SP1 on the default instance
  3. Install SQLExpress SP1 on the "SQLExpress" instance

You will end up with SQL Enterprise on the "default" (also known as "MSSQLSERVER") instance and SQLExpress on the "SQLEXPRESS" instance.

I don't know if this is an weird scenario but it seems like it should be fairly common. I personally use this box as a "staging" server for websites that are in development and having SQLExpress on the box allows us to test sites without having to alter connect strings.

I suspect the issue appeared because I was installing SQLExpress SP1 before SQL Server 2005 Enterprise and since there's no slipstreamed SQL Server 2005 with SP1 SKU, I'm guessing the lack of SP1 on the default instance was confusing the "SQL Browser" service. I don't know why installing SP1 didn't fix the issue. The magic is all in the install-order I suppose.

Of course I haven't actually rebooted the machine yet. If the issue reappears after rebooting, this qualifies as a bug, right?

Domain Controller Installation Notes

I've installed my fair share of Windows 2003 domain controllers over the years and there are always a few things that for some reason aren't configured when running the Active Directory Wizard (DCPromo.exe):

  1. Time Server
  2. COM+ Security
  3. DNS Settings

This whole time server thing is sorta weird. From what I can tell there are at least two timing systems in a Windows enterprise. One seems to use Windows style stuff and the other seems to use standardized stuff. I don't know much about timing but I have figured out that Active Direcory uses Kerberos and Kerberos requires that all the machines using it have synchronized clocks. So at least one Domain Controller must have accurate time and the easiest way to take care of this is to just use the built-in time.windows.com servers. The problem is that by default 2003 doesn't seem to be able to talk to the Windows Time Servers (even though I see XP talking to time.windows.com like all the freekin time) so you have to screw around in the registry and make a slight change. The key is:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters

Edit the "Type" field and change it to "NTP". Then run "w32tm /resync /rediscover" just to be safe.

I figured this out by plugging Event ID's into http://EventID.Net and reading how other people solved their timing issues. EventID.Net is a great resource however I have one moral issue with how they run their site. Its basically a collection of user created solutions to events that show up in Windows Event Logs. The issue is that they pulled one of those scams where the entire site was free until the database was populated by users and then later they locked out the users from parts of the site and now charge a "subscription fee". The site is still usable but instead of being able to click directly to MSDN articles and other links, you have to use Google to search for the KB ID's and whatnot since clicking on many of the links just takes you to a "pay now" page. This "bait and switch" story is all too common these days (CDDB, etc.)

Next up is the COM+ settings. This one is easy, just follow David Grant's directions on this page: http://eventid.net/display.asp?eventid=53258&eventno=4493&source=MSDTC&phase=1

And finally the DNS settings. This one took me a while to solve. Basically you have the DC's network device set to use itself as the DNS server (because you have DNS running on this box because its a Domain Controller, right?) but the DNS server can't resolve queries yet because the system is still starting up and the system needs to be able to resolve DNS queries so the solution is to assign extra DNS servers. Generally you'll want to use your secondary Domain Controller or your primary if you're setting up an additional controller.

So, for example, on DC1 set the secondary DNS to the IP of DC2 and on DC2 set the secondary DNS to the IP of DC1. If you're only using one controller (shame on you) find another reliable DNS server (your ISP's or the one built into your router) to use as a secondary.

Now reboot again and again until no more warnings or errors show up in the Event Logs. If you're still getting weird errors, wait 20 minutes before rebooting and if that still doesn't fix the problems, demote the server, remove it from the domain, format the hard drive and start over. Trying to fix a damaged Domain Controller is more hassle than its worth. Its easier to just flatten the box and start over.

Oh and two final notes:

  1. Don't even think about trying to use multiple network devices on a Domain Controller. Although it is possible to set up a DC in this configuration, the amount of work isn't worth the payoff.
  2. Make sure the SP1/R2 firewall is turned off. Since this isn't an Internet-facing machine this shouldn't be too much of an issue, however if you're paranoid you can exclude every port that Active Directory uses. A better solution would be to let the firewall figure out what ports to unblock based on the process (add programs to the exclusion list instead of ports) but I don't know all of the processes that the Active Directory uses so this isn't yet an option. If anyone has a list, go ahead and send it and I'll test the firewall settings with those processes assigned.