Friday, October 30, 2009

PDFCreator as a Service on Server 2008

The latest version of this information can be found here.

PDFCreator is a great tool for users you just need to quickly convert a document into pdf format.  Getting it to run properly as a service on Windows Server 2008 proved to be a bit of trouble.  Here's what I did to get things working in our environment.

Install PDFCreator in 'Server installation' mode.  If  data execution prevention is enabled, PDFCreator needs to be added to the exception list.  DEP hides a little bit under Control Panel - System - Advanced system settings - Advanced - Data Execution Prevention.

Next we need to get srvany.exe from the Windows Server 2003 Resource Kit.  I decided to put it in \Program Files\oldResourceKitTools.  This article explains how to use instsrv.exe to setup a custom service that uses srvany.exe to run what we want.  Trouble is instsrv.exe doesn't work very well on Server 2008.  Thankfully we can use sc.exe to create the service in a similar way.

However, before we create the service we have to decide what credentials to have the service run as.  Depending on your environment running as the local system (the default) may be sufficient.  If PDFCreator will need to save files anywhere other than the local system we'll  need to choose either Network Service, or create a domain user for the service.  As I like to be able to control specific permissions I created a new domain user, svc-pdfcreator, with a strong password.

Armed with that information we can now create the service with the sc command:

C:\> sc create pdfcreator start= auto binPath= "C:\Program Files\oldResourceKitTools\srvany.exe" DisplayName= "PDFCreator" obj= DOMAIN\User password= password

We can double check that the service was created successfully by using sc query:

C:\>sc query pdfcreator

SERVICE_NAME: pdfcreator
        TYPE               : 10  WIN32_OWN_PROCESS
        STATE              : 1  STOPPED
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

Now we need to follow the registry editing instructions from KB137890 :

  1. Run Registry Editor (Regedt32.exe) and locate the following subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\<My Service>
  2. From the Edit menu, click Add Key. Type the following and click OK:

    Key Name: Parameters
    Class :<leave blank>
  3. Select the Parameters key.
  4. From the Edit menu, click Add Value. Type the following and click OK:

    Value Name: Application
    Data Type : REG_SZ
    String : <path>\<application.ext>

    where
    <path>\<application.ext> is the drive and full path to the application executable including the extension (i.e., C:\WinNT\Notepad.exe)
  5. Close Registry Editor.
Almost done setting up the service.  I found that it was necessary to run PDFCreator.exe and PDFSpool.exe in "Server 2003 SP1" compatibility mode.  Go to the compatibility tab on the properties of each executable and check "Run this program in compatibility mode for:" and select "Windows Server 2003 (Service Pack 1)".

That's it!  Test the service either by running "net start pdfcreator" or from the services mmc snap-in.  If all goes well it should start successfully.

The last piece of the puzzle is setting up Auto-save in PDFCreator itself.  Run "PDFCreator Settings" from the start menu and click the 'Auto-save' link on the left side of the window.  What you setup here will vary depending on your environment.  We have a standardized structure for our users:
\\DOMAIN\staff
   -username
     -Documents
     -...

This setup works well for the auto-save in PDFCreator, as we can setup the auto-save directory to be:
\\domain\staff\<REDMON_USER>\Documents\PDFCreator\

You may have to get creative with the auto-save path if your userdata paths aren't uniform across the users that have access to the PDFCreator printer.  We could probably solve the issue by setting up a shared folder like:
\\server\PDFCreatorAutoSave\<REDMON_USER>

Wherever you decide to have PDFCreator save its output, make sure that the account the service runs as has permissions to create and modify files and your users have at least read access.

That's it!  Hope this proves helpful for somebody out there.

Tuesday, October 13, 2009

Group Policy CSE execution order

We have all kinds of tools to help us troubleshoot group policy processing. Modeling and RSoP in the management console get used almost every week around here. Have you ever wondered in which order the client side extensions get processed in, though? Trying to find the answer only led to the helpful but not quite user friendly answer that they are processed in the numerical order they are found in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions. However, pointy clicking my way through that list wasn't going to cut it for me. Using powershell it was pretty simple to create a user friendly human readable list. The list and the command to produce it on my Windows 7 Professional workstation are below. How to get at the information remotely, or using another tool, I haven't quite worked out yet, but this seems a good place to start. Command (broken into multiple lines for clarity): $key = "hklm:\software\microsoft\windows nt\currentversion\winlogon\gpextensions" $CSEs = get-childitem $key $CSEs | sort name | foreach-object { $_.getvalue('') } Output: Wireless Group Policy Group Policy Environment Group Policy Local Users and Groups Group Policy Device Settings Folder Redirection Microsoft Disk Quota Group Policy Network Options QoS Packet Scheduler Scripts Internet Explorer Zonemapping Group Policy Drive Maps Group Policy Folders Group Policy Network Shares Group Policy Files Group Policy Data Sources Group Policy Ini Files Windows Search Group Policy Extension Internet Explorer User Accelerators Security Deployed Printer Connections Group Policy Services Internet Explorer Branding Group Policy Folder Options Group Policy Scheduled Tasks Group Policy Registry 802.3 Group Policy Group Policy Printers Group Policy Shortcuts Microsoft Offline Files Software Installation TCPIP Internet Explorer Machine Accelerators IP Security Group Policy Internet Settings Group Policy Start Menu Settings Group Policy Regional Options Group Policy Power Options Audit Policy Configuration Group Policy Applications Enterprise QoS CP Not too shabby for a first blog post since I quit and decided to pick it back up again a few years later, eh?