Update Group Policy Templates

April 19th, 2010

If you are using Windows 7 clients on your network and wish to manage them fully via group policy you may have noticed that some of the new GP items are missing from your Group Policy Managament Console. This happens when you are running a Domain Controller that is not Windows 2008 R2.

Don’t worry its really easy to copy the newer group policy templates over to your DC, whether it be Windows 2003 or 2008.

Execute the following 2 commands on a Windows 7 workstation:

xcopy %systemroot%\PolicyDefinitions\* %logonserver%\sysvol\%userdnsdomain%\policies\PolicyDefinitions

xcopy %systemroot%\PolicyDefinitions\EN-US\* %logonserver%\sysvol\%userdnsdomain%\policies\PolicyDefinitions\EN-US\

This will copy all the updated ADMX and ADML files to your DC.

This should take but seconds, now when you access GPMC you will have a full set of Group Policy objects to look at.

 

You may also like to install the Remote Server Administration Tools (RSAT) on your Windows 7 workstation, visit the link below to download:

http://www.microsoft.com/downloads/details.aspx?FamilyID=7D2F6AD7-656B-4313-A005-4E344E43997D&displaylang=en

Tags: ,
Posted in Geek Central, Server, Windows | No Comments »

Adding Printers via Group Policy – Windows 7

April 19th, 2010

I ran into a rather interesting problem the other day….

Trying to set up a new printer (MFD) on our network we wanted to roll out the drivers via group policy to all clients. As we completely skipped over Vista to Windows 7, I had never come across this problem before.

When I looked into the event log for inspiration I found the following error:

0×80070bcb The specified printer driver was not found on the system and needs to be downloaded.

This problem occured everytime group policy was applied. To fix this problem you could manually install the driver onto the workstation and it would obviously connect the printer. This however is not much of a solution as we want to roll this out to all workstations automactically.

Incidentally, if you try and manually add the printer you get this warning message:

 

Printer Driver Warning

Printer Driver Warning

 The easy solution to this problem is in two group policy settings. This will reduce the security on your system if you set the policy to disable, or you can configure the policy settings to your environment for added security.

Under Windows 7, group policy you need to look at:

Computer Configuration | Policies | Administrative Templates | Printers | Point and Print Restrictions : Disable

User Configuration | Policies | Administrative Templates | Control Panel | Printers | Point and Print Restrictions : Disable

Once applied, Group Policy processing should now compelete succesfully, and your printers should be added.

Tags: , ,
Posted in Client, Server, Windows | No Comments »

EBS 2008 / SBS 2008 Remote Web Workplace

March 29th, 2010
I have been working recently with both Essential Business Server 2008 (EBS) and Small Business Server 2008 (SBS),  both of these platforms include the excellent Remote web workplace (RWW). From here users can log in and get to their email/intranet/local computer. It is also possible to include a Terminal Server in this environment, or the new RDS as it is known in Windows server 2008 R2.

The major problem I have run into recently is clients running Windows 7, can not connect to a TS Server through RWW. What you see is a very helpful message about a licensing problem:

The Remote computer disconnected the session because of an error in the licensing protocol. Please try connecting to the remote computer again or contact your server administrator.

The Remote computer disconnected the session because of an error in the licensing protocol. Please try connecting to the remote computer again or contact your server administrator.

This is all great and well, but you will find that users of Windows XP can happily connect to your terminal server and there are no licensing errors.

This all points a problem with the client rather than the terminal server.

After some recent findings, there seem to be several things to try:

  • Start Internet Explorer by going to the start menu and choosing Run As Administrator.
  • Modifying the system registry.

If you use the Run As Administrator option above then you should find that you can connect with no problems. This has a small draw back for users on a domain, as you may not be allowed to run programs as an administrator because of local permissions and policies. If this is the case then you need to change the Registry.

You need to modify:

HKLM\SOFTWARE\Microsoft\MSLicensing

Set full access permissions for all users.

If you are using Windows 7 x64 then you also need to modify:

HKLM\SOFTWARE\Wow6432Node\Microsoft\MSLicensing

Set full access permissions for all users.

Posted in Uncategorized | 2 Comments »

Windows Essential Business Server 2008 to be discontinued.

March 26th, 2010

If you haven’t yet heard, Microsoft have taken the desicion to discontinue the development of EBS.

As yet details are somewhat thin on the ground, however wait until June 2010 for further offers/information from Microsoft.

If you are a Software Assurance customer then things might not be so bad, as you should be offered the indpendant products in place of your EBS 2008 product.

Further details can be found at:

http://www.microsoft.com/ebs

Posted in Uncategorized | No Comments »

Windows 7 Key Management Server (KMS)

March 15th, 2010

So you have the Enterprise version of Windows 7 itching to get installed on your network….

…How do you activate it?

Our systems were moved from Windows XP directly to Windows 7, so KMS is all brand new. Windows Vista Enterprise used the KMS activation style and will work with this solution.

So lets get down to it

Installing KMS

Step 1, Work out what kind of KMS key you have. This is quite important, on your License agreement it should give you an indication of the key type you have. The table below will show you which versions of Windows your key will activate.

Volume product group Windows products Key type Products activated by key type
Windows Vista Windows Vista BusinessWindows Vista Enterprise KMS Windows Vista BusinessWindows Vista Enterprise
Windows 7 Windows 7 ProfessionalWindows 7 Enterprise KMS Windows Vista BusinessWindows Vista Enterprise

Windows 7 Professional

Windows 7 Enterprise
Windows Server 2008 R2Server Group A: Windows Web Server® 2008 R2Windows Server 2008 R2 HPC Edition

Windows HPC Server 2008 R2

 KMS_A Windows Server 2008 R2 Group AWindows Server 2008 Group A

Windows Vista Volume Editions

Windows 7 Volume Editions
Windows Server 2008 R2Server Group B Windows Server 2008 R2 StandardWindows Server 2008 R2 Enterprise KMS_B Windows Server 2008 R2 Group AWindows Server 2008 Group A

Windows Server 2008 R2 Group B

Windows Server 2008 Group B

Windows Vista Volume Editions

Windows 7 Volume Editions
Windows Server 2008 R2Server Group C Windows Server 2008 R2 DatacenterWindows Server 2008 R2 for Itanium-Based Systems KMS_C Windows Server 2008 R2 Group AWindows Server 2008 Group A

Windows Server 2008 R2 Group B

Windows Server 2008 Group B

Windows Server 2008 R2 Group C

Windows Server 2008 Group C

Windows Vista Volume Editions

Windows 7 Volume Editions

Now this is the obvious part, depending on the type of key you have either use it on your server or workstation.

Now the machine that has the KMS product key simply acts as a KMS server. Simple as that.

Now you have to wait until 25 workstations or 5 servers have connected to the KMS for activation before the server itself activates the KMS and in turn activates all your workstations.

One point to note, that if you use deployment services to roll out your workstations ensure that when you sysprep them that they regenerate all of their installation ids otherwise your KMS server will simply receive requests for activation from the same unique id. (suprising you will not reach you 25 machine limit if this is the case)

If you need change the unique activation number for a workstation because of the above error then you need to open a command prompt and type:

slmgr.vbs /rearm

Posted in Client, Windows | No Comments »

Unable to open the Outlook window.

March 11th, 2010

Posts round here seem to be like buses…..nothing for ages, then 2 at once!!

If you get the wonderful error message:

Unable to open the Outlook window.

Then don’t worry, they is a knowledge base article all about it here:

http://support.microsoft.com/kb/252304

 

You may find that this is really use(less), and there want to try alternatives to your problem. I have found the most efficient way to get rid of this particular error is:

Start->run..then type the following -> “Outlook.exe /resetnavpane”

A far easier approach!

Posted in Uncategorized | No Comments »

Blocked Microsoft Outlook Attachments

March 11th, 2010

Outlook is a strange beast, it decides on its own what it want to block. This has become an ever increasing problem for config files being sent to me via email.

However, there is an easy way to change it (if you don’t mind hacking the registry!)

Outlook 2007, Outlook 2003, Outlook 2002 and Outlook 2000 SP3 (but not Outlook 98 or earlier Outlook 2000 versions) allow the user to use a registry key to open up access to blocked attachments. (Always make a backup before editing the registry.) To use this key:

1.Run Regedit, and go to this key:

HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Outlook\Security (change 10.0 to 9.0 for Outlook 2000 SP3 or to 11.0 for Outlook 2003, 12.0 for Outlook 2007 )

2.Under that key, add a new string value named Level1Remove.

3.For the value for Level1Remove, enter a semicolon-delimited list of file extensions. For example, entering this:

.mdb;.url

would unblock Microsoft Access files and Internet shortcuts. Note that the use of a leading dot was not previously required, however, new security patches may require it. If you are using  “mdb;url” format and extensions are blocked, add a dot to each extension. Note also that there is not a space between extensions.
If you are using this registry entry, a glance at Help | About Microsoft Outlook will show Security Mode: User Controlled above the license information. See OL2002 You Cannot Open Attachments for more information on this registry entry.

 

Now, if you are a little worried about using regedit, then you can always try out this little tool instead:

Attachment Options

http://www.slovaktech.com/attachmentoptions.htm

Tags:
Posted in Client, Windows | No Comments »

Windows Deployment Server woes

May 7th, 2009

I have been configuring up some nice new Dell Optiplex 960 workstations. I use WDS under server 2003 and 2008 so I thought it would be a walk in the park…..

Problem 1

The first problem. Drivers are not included in the boot.wim image for the Intel Pro1000 Gigabit 825xx network card. Not a great problem in itself so a quick download of the network drivers from the Dell website and hey presto I have something to work with.

You need to ensure that you have the Windows Automated Install Kit (WAIK) installed. Now open up the command prompt through the WAIK program group.

Mount your boot image with ImageX. I would recommed setting up a couple of directories, so you can put the files in and then mount the image to.

I created a temp folder in the C drive. And a mount directory beneath it. I extracted the drivers into a folder called network beneath the temp folder.

Copy the boot.wim file to the temp folder. Then issue the following command:

imagex /mountrw c:\temp\boot.wim 2 c:\temp\mount

The number 2 is very important, it relates to the install image inside the boot.wim file. You can find out which images you have in a file by using imagex /info <wimfile>

Now you want to inject the drivers:

peimg /inf=c:\temp\network\*.inf /image=c:\temp\mount

This should complete successfully then all you need to do is commit the changes and unmount the wim image.

imagex /unmount /commit c:\temp\mount

You should now have your boot.wim file updated with new drivers. Insert this back into WDS using the console tools.

 

Problem 2

This one had my screaming at the machine for hours….

When the boot image loads it start Windows PE and gives you this error

WdsClient: An error occured while obtaining an IP Address from the DHCP Server

The only option is to hit OK, and thats the end.

The solution…..you might be interested in has nothing to do with the WDS server or the image file. It is actually the network switch. I have some very nice pretty shiney new Dell Powerconnect switches (62xx series), this is also a problem with Cisco switches. I messed about with some simply unmanaged switches and the problem goes away. So what is different??

Its called Spanning Tree Protocol (STP) portfast. You must enable this on the ports on your switch that you want to be able to network boot the machines on.

For the Dell Powerconnect 62xx series you need to log onto the switch in CLI mode and issue the following

at the Console> prompt

enable
configure
interface ethernet 1/g1
spanning-tree portfast

Where 1/g1 above that is the switch/port-type(number) 

I hope this helps.

Tags: , , ,
Posted in Client, Geek Central, Server | No Comments »

Making an Xbox 360 connect to a Vista Media Centre PC on SBS 2008

May 6th, 2009

Well…….

……this has had me ripping my hair out and well i thought what the hell, i’ll post it here. Its not really something you will come across too often unless you have a modern forward thinking office (or high tech home).

The crux of the matter – How on earth do you make an Xbox 360 play nicely with a Vista Media Centre PC that is connected to a domain running Windows Small Business Server 2008?

Well, it is actually quite easy – when you know how.

The first step is to make sure that the Xbox can communicate with the Media Centre PC.

Fire up your Server console and start digging into Active Directory Users and Computers, expand the domain and drill through the organisational units until you get to:

<Domain> – MyBusinss – Computers – SBSComputers

In here you will see the AD account for your computer, drag that account into the SBSServers Unit.

Hey presto job done, your xbox can now see your media centre pc. If you want to speed up the group policy processing so it happens immediately don’t forget to run the following on your media centre pc:

gpupdate /force

Tags: , , ,
Posted in Windows | No Comments »

Auto-create Outlook signature based on Active Directory

April 7th, 2009

A long time ago I created a useful script to make create a default signature. This evolved over the years and when I was asked if it were possible to standardise all our signatures across each office and company I thought why not make use of Active Directory and gather most details from there.

So the below script looks up the logged on user and then matches it against the company they work for and then adds some extra details that we wanted, apart from that its pretty straight forward.

You need to have Word and Outlook installed to run this script.

I run the script on user logon so it sets up email signatures for the user.

 

' Auto Add Email Signature based on Active Directory Information

' Created by Iain Gibson 9/02/2007
on error resume next
' Collect Logged on user details and connect to AD
Set objSysInfo = CreateObject("ADSystemInfo")
strUser = objSysInfo.UserName
Set objUser = GetObject("LDAP://" & strUser)
' Grab some of the users details from AD
strName = objUser.FullName
strTitle = objUser.Title
strDepartment = objUser.Department
strCompany = objUser.Company
strPhone = objUser.telephoneNumber
strFax = objUser.faxNumber
strEmail = objUser.mail
' Choose which company they work for and ammend extra signature lines
Select Case strCompany
case "COMPANY1"
strPre = "PRE NAME DETAILS "
strExtra = "POST NAME DETAILS"
strWeb = "WEBSITE"
strAddress = "SHORT ADDRESS FORM"
case "COMPANY2"
strPre = "PRE NAME DETAILS "
strExtra = "POST NAME DETAILS"
strWeb = "WEBSITE"
strAddress = "SHORT ADDRESS FORM"
case "COMPANY3"
strPre = "PRE NAME DETAILS "
strExtra = "POST NAME DETAILS"
strWeb = "WEBSITE"
strAddress = "SHORT ADDRESS FORM"end select
' Create MS Word Document
Set objWord = CreateObject("Word.Application")
Set objDoc = objWord.Documents.Add()
' Start Text area selection & choose email signature options
Set objSelection = objWord.Selection
Set objEmailOptions = objWord.EmailOptions
Set objSignatureObject = objEmailOptions.EmailSignature
Set objSignatureEntries = objSignatureObject.EmailSignatureEntries
' Setup Font and type style & Include variables from AD
objSelection.Font.Name = "Palatino Linotype"
objSelection.Font.Size = 12
objSelection.Font.Bold = 1
objSelection.TypeText strName
objSelection.TypeParagraph()
objSelection.Font.Italic = 1
objSelection.Font.Bold = 0
objSelection.Font.Size = 10
objSelection.TypeText strTitle
objSelection.TypeParagraph()
objSelection.TypeText strDepartment
objSelection.TypeParagraph()
objSelection.Font.Bold = 1
objSelection.Font.Italic = 0
objSelection.Font.Size = 12
objSelection.TypeText strPre & strCompany & ", "
objSelection.Font.Bold = 0
objSelection.Font.Size = 10
objSelection.TypeText strExtra
objSelection.TypeParagraph()
objSelection.TypeText strAddress
objSelection.TypeParagraph()
objSelection.TypeText "Email: " & strEmail
objSelection.TypeParagraph()
objSelection.TypeText "Web: " & strWeb
objSelection.TypeParagraph()
objSelection.TypeText "Tel: " & strPhone & "    Fax: " & strFax
objSelection.TypeParagraph()
Set objSelection = objDoc.Range()
' Update Outlook with the new signature and set as default
objSignatureEntries.Add "AD Signature", objSelection
objSignatureObject.NewMessageSignature = "AD Signature"
objSignatureObject.ReplyMessageSignature = "AD Signature"
objDoc.Saved = True
objWord.quit

Posted in Scripting | 5 Comments »

« Older Entries