Skip to main content

Posts

Showing posts from March, 2010

How to connect to another Reliability monitor on a remote Windows 7 client?

One of the best features of Windows Vista was the Reliability Monitor. Those of you who have taken one of my Vista or Server 2008 R1 class know that I refer to it as the “The Lie Detector.” We all know that our users are less than honest when the call for tech support. The question of “What do you install” is usually answered with “Nothing.” As Network Administrators, we know the truth. 80% of all problems on our networks or client computers are caused by our users. With the Reliability monitor in Vista, we could connect to the user’s computer, without their knowledge, and look at what has been done to that machine. In Windows 7, it is not so easy. You can centrally monitor the Reliability Monitor on your Windows 7 client through Microsoft System Center Operations Monitor. This is a far cry from the Vista version that was an MMC plug in that you could use to connect to other clients. Reliability monitor data is also exposed to Window Management Interface (WMI) and is

Can you suppress the opening questions in IE 8 for suggested sites and accelerators with GPO.

The Microsoft Internet Explorer 8 Set Up screen allows you to configure your search providers, accelerators, and compatibility view. In an enterprise environment that utilizes Group Policy, you can configure these options for your users. If you do not want them to see the IE8 Set Up screen, enable this policy. Computer Configureation à Polices à Administrative Templates à Windows Components à Internet Explorer à Prevent performance of First Run Custimization Settings. Once you enable this policy, you will have to select if you want IE to go to the users home page or to the Welcome to Internet Explorer 8 page.

Can you push a list for compatibility mode out through GPOs?

Yes you can. We need to look at two Group Policy objects for this question. Both can be found at Computer Configuration à Policies à Administrative Templates à Windows Components à Internet Explorer à Compatibility View . The first one I want to point out is Include updated Web site lists from Microsoft . This setting will allow the use of a website compatibility list that is maintained by Microsoft. It is updated through Microsoft Update. The second policy we need to look at is Use Policy List of Internet Explorer 7 Sites . With this setting enabled, you will be able to add specific sites that will run in Compatibility Mode for your users. Your users will still be able to add and remove sites on your own. They will not be able to remove sites that you specify.

Can you set up BitLocker to use your domain password?

To both unlock a BitLocker encrypted hard drive and log on at the same time is not possible. When starting up a computer that has its boot drive encrypted by BitLocker, the bitlocker software will prompt for the user to enter their PIN number in before BitLocker allows the OS to start. You can still allow your users to set their BitLocker PIN number to be the same as their domain logon password by turning on enhanced PINs for startup in Group Policy. To do this: Create or edit an existing GPO on you network. Browse to Computer Configuration à Policies à Administrative Templates à Windows Components à BitLocker Drive Encryption à Operting System Drives . Open the setting for Allow Enhanced PINs for startup . Normally only numbers are used for the PIN. With this setting, all valid characters allowed for a domain password can be used for a startup PIN. If you are looking for a single sign on option with BitLocker, it is not possible. Should your users set thei

Procedure for Adding Users to Decrypt Your EFS Files

In our conversation about EFS encryption, I mentioned that you can allow others to view your encrypted files. Below is the procedure: How to encrypt a file for multiple users To do this, follow these steps: Start Microsoft Windows Explorer, and then select the encrypted file that you want to add additional users to. Right-click the encrypted file, and then click Properties . Click Advanced to access the EFS settings. Click Details to add additional users. Click Add . The Add dialog box will display any other EFS-capable certificates in your personal store or those of any other users who may be in your "Other People" and "Trusted People" certificate stores. If you do not see the user who you want to add, click Find User to search Active Directory. The Select User window appears. A dialog box displays valid EFS certificates in Active Directory based on your search criteria. If no valid

What is the difference between Domain Users and Authenticated User?

This question came about from my recommendation that resources are shared utilizing the Authenticate Users group instead of the Everyone group. The issue was why we do not use the Domain Users group. Reading below you will see that the Domain Users group can be used on domain controllers. For resources on non-domain controllers, you will need to use the Authenticated Users group. For simplicity and a consistent configuration throughout your network, I still recommend the use of Authenticated Users for all resource sharing that is open to all authenticate users of your environments. Microsoft definition of the Authenticated Users group is: Includes all users with a valid user account on the computer or in Active Directory services. Use the Authenticated Users group instead of the Everyone group to prevent anonymous access to a resource. Domain Users group:  T his group contains all domain users. By default, any user account created in the domain becomes a member

6294: Planning and Managing Windows 7 Desktop Deployments and Environments added to the MCPExpert lineup.

I completely forgot to put this on the blog site. I'm now availabile to contract for 6294: Planning and Managing Windows 7 Desktop Deployments and Environments. This is the class if you want to learn how to automate your deployment of Windows 7. For those of you who have had me in class before, you know that I focus on improving your productivity so you can spend more time on the golf course. This class focuses on the applications to help you get a grip on what you need to do to prepare for Windows 7. We will then go through 4 methods to help you deploy Windows 7 in a more efficient manor. We will then finish up with a look at how to deploy your applications. It is 5 days that will boost your productivity.

Configure Windows to Search Additional Folders for Device Drivers

Over the years, one of the things I dreaded doing was rebuilding clients. Almost always I would have to go to the internet to hunt for drivers. The client installation process has greatly improved over the past several years to include image deployments. The problem with images are that you need to service them be able to use them on different hardware platforms. This is because of the device drivers. Now there is a different method that will allow you to use your images on multiple hardware platforms without having to service the image to add new plug-and-play drivers. When a client boots, it enumerates the plug-and-play devices that are connected to the client. The client then searches its central store and installs the appropriate drivers. If a driver is not found, we then have to provide one. An easy way to make sure the drivers you use are available to all your clients is to store them in a central location. Be careful whenever you edit the registry. An i

How to change the default location for new user accounts.

New users accounts are stored in the container "Users" by default. Because Group Policy can not applied to this container, this may not be a desirable place to put user account. A scenario where this may be a problem is that you have more then one administrator who can create user accounts. Proper procedure says that all new user accounts must be moved to an OU after creation. This individual did not complete this task and the required Group Polices for user accounts in your organization do not get applied. This can create a undesired security vulnerability. Below is the procedure to change the default location for new user accounts to the OU of your choice. It is copied from the reference link below. 1. Log on with domain administrator credentials in the z domain where the CN=Users container is being redirected. 2. Transition the domain to the Windows Server 2003 domain functional level or newer in either the Active Directory Users and Computers snap-in (