Advanced Windows PowerShell Scripting Video Training

Advanced Windows PowerShell Scripting Video Training
Advanced Windows PowerShell Scripting Video Training

Wednesday, June 30, 2010

On Remote Desktop Connection, how do you get rid of the saved list of connected computers?

To help make things a little easier for you, Windows Remote Desktop Connection maintains a list of the clients that you have connected to. This makes it easier for you to re-connect to clients that you need to frequent log into remotely. The Remote Desktop Connection does not have a mechanism in the GUI to remove entries from this list. To do so, you must edit the registry.

· Click Start.

· Type regedit and press Enter.

· Browse to HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default

· In this case, the name of the computer in the list is QC6


By removing this entry, you will remove it from the list in Remote Desktop.


Monday, June 28, 2010

GPO setting for folder redirection.

For any business environment, the location of your data needs to be addressed. With so many users on the move, they tend to carry their data with them. For IT staff, this is a nightmare to ensure the users data gets backed up. To help resolve this, Folder redirection is available in Group Policy.

Folder redirection allows you to specify that any documents saved in a location on the users hard drive, is actually saved on a server. That way you can provide fault tolerance and backups. You will find the folder redirection policy at Users Configuration à Windows Settings à Folder Redirection.

Using folder redirection, you can specify that all user data is redirected to the same location, or you can filter the location based on Security Group membership. The following folders are availible for redirection:

  • Desktop
  • Start Menu
  • Documents
  • Pictures
  • Music
  • Videos
  • Favorites
  • Contacts
  • Downloads
  • Links
  • Searches
  • Saved Games.

You can choose which ones you want to redirect, where they go, and which ones to keep on the client. For your mobile users, their data will be automatically synchronized with the server when they log on or log off. You may want to point out to your users of large data that this may cause delays in starting work in the morning, and leaving in the evening.

Wednesday, June 23, 2010

Prevent Authenticated Users from adding a workstation to a domain.

For whatever reason, standard user accounts can add a workstation to your domains. I have yet to figure a good reason out for this one. Microsoft does limit this to 10 computers per user account by default. That is little comfort for IT Professionals who are trying to maintain security on their networks. Here are two ways to close this security hole.

Change the number of workstations the users can add to your network. In this case, change it to zero.

· Click Start.

· Type ADSIEdit.msc and press Enter.

· Right mouse click ADSI Edit and select Connect to..

· Click OK

· Expand Default naming context.

· Right mouse click the distinguished name of your network and select Properties.

· Click ms-DS-MachineAccountQuota

· Click Edit.

· Set the number to 0.

The other option is to remove Authenticate Users from the User Right to add workstations to the domain.

· On your Domain Controller, Click Start à Administrative Tools à Group Policy Management.

· Either create a new GPO and link it to the Domain Controllers OU, or edit the Default Domain Controller Policy

· Expand Computer Configuration à Policies à Windows Settings à Security Settings à Local Polices à User Rights.

· Double click Add workstations to domain.

· Add in a group of users whom you want to be able to add workstations to the domain.

· Remove Authenticated Users from the policy.

· Click OK.

Monday, June 21, 2010

Can you turn off InPrivate Browsing and filtering in GPO?

Yes you can. InPrivate Browsing allows users of IE 8.0 to surf the web with out a history, or any other recording data. To be kept by the browser. This eliminates the need to delete your history after you are done. Some organizations do not want to allow users to surf in this manner and want that data recorded. Microsoft has greatly expanded what we can do with Group Policy over the years. One of the new ones is to disable to InPrivate browsing functionality of IE 8 through group policy.
  • Create a new Group Policy Object (or reuse an existing one).
  • Expand Computer Configuration --> Administrative Templates --> Windows Components --> Internet Explorer --> InPrivate
  • Double click Turn off InPrivate Browsing and select Enable.
I want to make one final note that needs to be mentioned on privacy. Using InPrivate Browsing will not hinder a network based monitor for watching what you do at work.

Wednesday, June 16, 2010

Find FMSO roles with NETDOM

On Windows networks, certain operations can only be done by a single domain controller. Otherwise problems may occur. For example, if more than one DC help the RID role, you could run into a situation where two computers had the same SID. That would be bad.

On occasion, you may need to identify which servers are holding which roles. Type the command below to get a very simple list of the FSMO roles.

netdom query fsmo.

Monday, June 14, 2010

Windows 7 will not print when Point and Print Restrictions are turned on.

The GPO setting Point and Print Restrictions allows you to specify where Windows Vista and Windows 7 get their printer drivers from. It also allows you to choose what kind of security prompt is displays on the operating systems. My best guess for why this is happening is maybe the correct driver for Windows 7 is not in the location specified in the GPO. Below is the relevant information directly from the GPO setting:

This policy setting controls the client Point and Print behavior, including the security prompts for Windows Vista computers. The policy setting applies only to non-Print Administrator clients, and only to computers that are members of a domain.

When the policy setting is enabled:

- Windows XP and later clients will only download print drivers components from a list of explicitly named servers. If a compatible print driver is available on the client, a printer connection will be made. If a compatible print driver is not available on the client, no connection will be made.

Wednesday, June 9, 2010

How do you transfer text on your clipboard of the host machine to a running VM?

While using Hyper-V, you can copy text from the physical computer to the VM. First you highlight and copy the string of text on the host computer. In the VM, place the curser where you want the text to go. On the menu bar for that VM, click Clipboard à Type clipboard text (or press Ctrl + V).
You can capture the screen of the VM and transfer it to the host machine. On the VMs menu bar, click Clipboard à Capture Screen. Then on the physical machine, paste the clipboard into a graphics editor.

Monday, June 7, 2010

Thank you to my friends in Naples Italy.

I just want to drop a quick thank you to my new friends in Naples, Italy. I returned last night from two weeks of work at Naval Support Activity in Naples, Italy. I had a great time working with my civilian counter parts in the military and I'm looking forward to spending some more time with all of you next year.

Wednesday, June 2, 2010

Is the WSUS requirement, Report Viewer free?

During our class time with WSUS, one of the questions was concerning if one of the installation requirements, Report Viewer, was free. Yes it is: