Skip to main content

Posts

Showing posts from 2011

How to let users see websites that do not have a rating

Content advisor uses a rating system known as Recreational Software Advisory Council on the Internet ) RSACi to determine if the content in a web site is suitable to the user based on the users preferences.  Below shows the rating levels: Level Language Nudity Sex Violence 4 Explicit or crude language Provocative frontal nudity Explicit sexual activity Wanton and gratuitous violence 3 Obscene gestures Frontal nudity Non-explicit sexual touching Killing with blood and gore 2 Moderate expletives Partial nudity Clothed sexual touching Killing 1 Mild expletives Revealing attire Passionate kissing Fighting 0 Inoffensive slang No nudity No sexual acts No violence If content advisor is turned on and a website does not include a RSACi rating, that content is blocked.  To override this, open the Internet Explorer’s Properties. Click the Content tab. Click Settings In the Content Advisor window, click the General tab. Check Users can see websi

How to control the installation of Add-Ons in Internet Explorer.

For many organizations, controlling what can be added to clients help to reduce the Total Cost of Ownership (TCO) of a network.  Controlling what extensions can be added to Internet Explorer is part of the TCO reduction effort by preventing the IT staff from support issues caused me non-approved Add-ons.   The first thing we need to do is to discover the GUID of an Add-On that we want to prevent from being installed.  For this reason, you fist need to install it on a test client.   Once installed, open Internet Explorer.   Click Tools / Manage Add-ons .   Browser to the Add-on that you want to prevent the installation of.   Right mouse click the Add-on and select More Information .   Record the GUID ( curly braces as well ) and the Name.   Close the window.   Open a Group Policy that is scoped to the computers that your want to prevent add-ons from being installed.   Browse to Computer Configuration / Policies / Administrative Templates / Windows Components / Intern

Case sensitive “Contains” operator in PowerShell

In PowerShell, we can use the –contains operator to determine if a string contains something that we care looking for.  Here is an example:   $collection = "One","Two","Three" $collection -contains "One" In this example, True would be returned. In the next example, True would also be returned. $collection -contains "one" The difference is the ‘O’ is lower case.  This may not serve your needs if case sensitivity is a requirement.  The below code will prove a case sensitive test.   $collection -ccontains "one"   Now the result will be False .

How to Disable the clients from removing the IE Menu Bar with Group Policy.

This is a simple fix utilizing Group Policy.  Make sure you are doing this in a GPO that is properly scoped to the Users that you want affected by this policy. In your GPO, browse to User Configuration \ Policy \ Administrative Templates \ Windows Components \ Internet Explorer \ Toolbars . Enable the following policies: Disable customizing browser toolbar buttons. Disable customizing browser toolbars.

MCTExpert is now on the Android Market!

Today MCTExpert is proud to announce our first step in the exciting world of mobile apps.  After a month of research and development, our first demo app is on the Android Marketplace.  “American Road Trip” was inspired by a game played with 12x12 inch cards on family road trips a long time ago with my brothers in the back seat of the car.   This version is more dynamic. This demo app served as our test bed for developing our first code library for the Android platform.  It also allowed us to work on the procedures that are needed to get an application fro the design board to the Android Marketplace.  I invite you to download this app and give your kids a video game that will keep their eyes more on the world around them. Plans are on the table to take on more challenging projects as we continue to build our code library and bring some great ideas to the Android Market. https://market.android.com/details?id=com.mctexpert.android.ishunt&feature=search_result#?t=W251bGws

Prevent a specific type of device from installing on a client.

This process can be completed in either local or Group Policy.   Plug in the device that you wish to restrict.   Open Device Manager and then open the properties of the device.   Click the Details tab. From the Property drop down box, select Device class guid . Record the Value .   Close Device Manager   Open either local policy or the GPO that you will use to manage this restriction.   Expand Computer Configuration / Administrative Templates / System / Device Installation /Device Installation Restrictions .   Double click Prevent installation of devices using drivers that match these device setup classes .   Click Enable and then click Show .     Enter the GUID you recorded earlier.  Include both the open and close curly braces on each end of the GUID. Click OK .   Click OK . Close the policy editor.

Password Change prompt in Windows 7

You can set the number of days in advanced that a user receives a warning about their password expiring using Group Policy.   You will find this setting at: Computer Configuration \ Windows Settings \ Security Settings \ Local Policies \ Security Options \ Interactive Logon: Prompt user to change password before expiration .   Just enable this policy and set the number of days that you want the warnings to begin.  This will appear as a pop up balloon.  If you are preventing balloon pop ups, the user will not receive notification.   If you do not want to enable balloon notifications, try the logon script located at this site .  Make sure you test it before using it in a production environment.

What does the–b switch do in OSCDIMG command?

In class, we used the OSCDIMG command to create a Windows PE image a question came about as to when the –b switch does. According to Microsoft , the – b option specifies the location of the El Torito boot sector file. From Wikipedia , the El Torito Bootable CD Specification is an extension to the ISO 9660 CD-ROM specification. It is designed to allow a computer to boot from a CD-ROM.  In short, this helps us create a bootable image.

Change the number of cached credentials

Many years ago, Microsoft allowed users to logon to Windows clients utilized a set of cached credentials.  These were credentials from a previous authentication with a domain controller.  This allowed for two things.   1) The user could log on to a mobile computer without contacting a domain controller and, 2) The user could logon to the client before the network connection initialized.  This gave the appearance of Windows booting faster.  It is also why the hard drive is still going strong on the I/O operations after you log in. By default, Windows 7 stores the last 10 logged on users credentials and Windows Server 2008 stores the previous 25.  You can change these values to better suite your organizations needs. Click Start . Type Regedit and press Enter . Browse to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Current Version\Winlogon\ Change the value of CachedLogonCount to any value between 0 and 50.   Giving the value of zero will disable cached credentials.  Any v

How to turn off Windows 7 System Restore with Group Policy

  Click Start / Administrative Tools/ Group Policy Management Create or use an existing GPO that is scoped to the clients you want to make this change to. Edit your GPO Browse to Computer Configuration / Policies / Administrative Templates / System / System Restore Double click Turn off Configuration . Set this olicy to Enable and click OK . Close the Group Policy Management Editor . Scope the GPO to deploy the GPO to the target computers.   Remember, it may take a few reboots for the GPO to take effect.

How to prevent new USB devices from being installed on a client.

In local (or Group) policy, expand Computer Configuration / Administrative Templates / System / Device Installation /Device Installation Restrictions.   Double click Prevent installation of Removable Devices . Select Enable and click OK. Close local (or Group) policy.

How to list all the WMI namespaces and their classes in PowerShell

Get ready for a real long list, but here is how you do it. Get-WMIObject –Namespace root –List -Recurse Simple, yet effective.  Be prepared though. My Windows 7 Ultimate returned 4,608 classes. Get-WMIObject –Namespace root –List -Recurse | Get-Member I receive 60251 classes. There is a lot of information in WMI.

How to Delete a DNS Zone

When it is time to remove a DNS zone for a server, log on with an account that has local administrative rights to the server. We are going to delete a zone called Test.Contoso.com Type the following line. dnscmd nyc-dc1 /zonedelete test.contoso.com Press Y to confirm the delete.

How to sort an object with one property descending and another property ascending with PowerShell?

I’ll admit, I did not come up with the answer to this one.  I pulled it from the help file for Sort-Object   It was a good question though. get-service | sort-object -property @{Expression="Status";Descending=$true}, @{Expression="DisplayName";Descending=$false} The above command is all on the same line. First we used Get-Service to get some objects to work with.  We then piped it to Sort-Object   and we used the – Property parameter to tell PowerShell what values we are interested in sorting.   Next we switch to creating a hash table to specify that we first want to sort the Status property in descending order.  We do this by setting the Descending flag to Boolean True   In PowerShell Boolean true is $true and Boolean false is $false .  We the specify the next value that we want to sort by which is DisplayName and we set the Descending flag to Boolean $false .   The end result is a list of all running processes that is sorted in descending order by st

Windows 8 app History

Note: Information provided from Windows 8 Developer Preview   Windows 8 has a new tab in the task manager called App History.  This tab allows you to monitor the usage of Metro app. With Windows 8 being designed for a more mobile workforce, I can see this tab being very useful.  You can identify how much CPU time but more importantly, how much network bandwidth is being consumed.  With our more mobile society, one network hogging app and really degrade the users experience.

Windows 7 Installation does not see my hard drive.

It is possible that on some very advanced systems, the Windows 7 installer may not have the drivers for your hard drive.  Follow this simple set of instructions to load your drivers into Windows 7 during installation.   Boot from the Installation DVD.   Choose your language and click Next .   Click Install Now .   Check I accept the license agreement and click Next .   Click Custom .   Click Load Driver .   Browse to the media that contains your drivers.  Once loaded, you may need to click Refresh to see your hard drive.

List all properties of a user object with PowerShell

Enumerating a user account’s properties in PowerShell using the command get-ADUser – Filter ‘name –like “ username”’ only gets you a small subset of the data. If you want to see it all, try this: get-aduser –filter ‘name –like “ username”’ –Properties *   You will see all the attributes of the user object.

How to join a client to a domain via command line

Windows 7/2008 R2 have a feature that allows you to join a client to the domain without actually having access to the client.  It is called Offline Domain Join.  This process involves creating a file on the domain controller and then using that file on the client to join it to the domain.  Let’s take a look at how to make that happen.   We are going to perform this on the server.  The idea is to join a client, NYC-CL1 to the domain in an Organizational Unit called Clients   The default container for joining clients to the domain is Computers , but this exercise will allow you to join the client to the OU that you want the computer object to be stored in. On the Domain Controller, click Start .   Type CMD .   Right click the CMD.exe that appears in the search list and then click Run as Administrator .   Type djoin /provision /domain contoso.com /machine nyc-cl1 /savefile nyc-cl1_File /MachineOU “OU=Clients,DC=contoso,dc=com”   Once this is done, we can see the computer obje

Rename all the files in a directory to lowercase with PowerShell

Here is a case where I was thinking to much.  While I was naming about 500 image files for an app that I was working on, I named them in all uppercase lettering.  Well, lowercase was required.  I then started writing a small PowerShell function to go through the folder and rename every image file to lowercase.  Way to much work.  It ended up being a one liner. Get-ChildItem *.txt | ForEach {$_ | Rename-Item -NewName $_.Name.TpLower()} Seriously, it is that easy.

List installed roles and features in Server Core 8

Tested on Windows Server 8 Developer Preview. On the 2008 R1 and R2 versions of Server Core, we could list all the roles and features using the OCList command.  This gave us a large and messy list.  We can use PowerShell to give us a list of what is installed, and separately what is not. At the command prompt, type PowerShell and press Enter . We need to expand the normal cmdlet set for PowerShell by importing the ServerManager module. Import-Module ServerManager To get a list of all installed components: Get-WindowsFeature | Where {$_.Installed –eq $True} Conversely, we can also get this list of roles and features that are not installed. Get-WindowsFeature | Where {$_.Installed –eq $False}

Reliability Monitor is Empty in Server 2008

On some installation of Server 2008, the Reliability Monitor does not record data.  The instructions below are from Microsoft and I’ve tested them out.  They do work.   Click Start , type Task Scheduler in the Search box, and then click Task Scheduler . Enable the trigger that regularly starts the RacTask task. In Task Scheduler, expand Task Scheduler Library , expand Microsoft , and then expand Windows . Right-click RAC , click View , and then click to select the Show Hidden Tasks command. Note If the Show Hidden Tasks command is already selected, go to step 2c. Double-click RacTask . In the RacTask Properties dialog box, click the Triggers tab. On the Triggers tab, double-click the One time trigger. In the Edit Trigger dialog box, click to select the Enabled option, and then click OK . In the RacTask Properties dialog box, click OK . Close Task Scheduler. Update a registry setting. Click Start , type Regedit in the Search box, and then click Regedit . I

PowerShell 3 on the Horizon

This is just a “I told you so.”  For those of you who have taken my classes over the past 2 years you know that I’ve been encouraging all network administrators to learn PowerShell.  I’m now looking at Windows Server 8 DP.  PowerShell v3 is on it and WOW!  The additional functionality.  The help files are not fully in place, but I can see hundreds of not functions and cmdlets to support the virtual/cloud environment. My next PowerShell class is in Portland, Maine on December 12th at VTEC.  I also will be providing another one in Fort Wayne, IN in early 2012 and ENS.  Please contact these training centers and book your seat. 

How to shut down Windows 8

This was one of my big frustrations.  For years the Shut Down option has been in the Start menu.  If you are working with Windows 8 with the touch based interface turned off, the shut down procedure has not changed.  With Metro turned on, it is different.   Just move yore finger to the lower left corner of the screen or press your finger on the right side and move it left.  A menu similar to the one below appears. Touch Settings Touch the Power icon (highlighted in blue) Now touch Shut Down  

How long can a GPO name be?

This was a unique one.  I created a GPO with the longest name possible.  Instead of counting I switched to PowerShell.   Open PowerShell on the Domain Controller. Type Import-Module Group Policy The name I used was a repeating 0123456789 to help make locating it easier.  I then used the following PowerShell line to count the characters of the name for me. ((Get-GPO –all | Where {$_.DisplayName –like “01234*”}).DisplayName).Length The returned value was 255 .

What is the DUID found with IPv6 DHCP?

Below is a screen shot of an IPConfig /all command: The question from class is “What is the DUID?”   According to section 9 of RFC3315 , DHCP servers use DUIDs to identify clients for the selection of configuration parameters and in the association of IAs with clients.  An IA (Identity Association) is a collection of addresses assigned to a client.  The DUID must be both unique in the environment and to be dynamically created.  This is because some devices cannot store this information.  For this reason, a DUID is generated in one of 3 ways.  The link above contains more detailed information. Link-layer Address Plus Time Vendor-assigned unique ID based on Enterprise Number Link-Layer address

Use GPO Preferences to populate built–in groups on your clients.

If you need to populate users or domain group in the built-in groups on your clients, you have 2 choices.  You can use restricted groups.  The problem with restricted groups is that they will remove any existing members of that group and prevent you from adding anymore without using Group Policy.  Another option is to your GPO preferences. Create a GPO to hold this GPO preference. Edit the policy and expand Computer Configuration / Preferences / Control Panel Settings . Click Local Users and Groups and then right mouse click it. Select New –> Local Group In the Action drop down list, ensure Update is selected.  The Update action will not remove the group if it already exists.  If it does not exist, the group will be created. In the Group Name field, type the name of the group that you want to add members to. Under Members , click Add. Click OK when completed. Apply this policy to the appropriate portion of Active Directory. Refresh the GPO’s on your client

DFSR Migration for RODC is stuck

During a DFSR sysvol migration on Windows Server 2008, problems can occur with the migration of Read Only Domain Controllers. See the image below. The RODC is stuck trying to move to the Prepared state.  First go to the RODC and type Repadmin /SyncAll /AeD .   On the PDC Emulator, run dfsrmig /GetMigrationState . If the migration completed, continue on.  If not type dfsrmig /CreateGlobalObjects . This will manually create the global objects for DFS replication. On the PDC Emulator, run dfsrmig /GetMigrationState . You should be ready to move on to the next step in the migration process.

Delete a DNS zone with PowerShell

When it comes time to remove a zone from a DNS server, you can accomplish this task with PowerShell   We are going to remove a zone called Test.Contoso.com .   Log into your DNS server with an account that has the permissions to delete the zone.   Open PowerShell and type the following command.   Get-WMIObject –NameSpace “Root\MicrosoftDNS” –Class MicrosoftDNS_Zone | Where-Object {$_.Name –eq “Test.Contoso.Com”} | Remove-WMIObject   You may need to close and then reopen the DNS console to see the zone completely removed.

Utilizing Windows Server 2008 R2 Bare Metal Recovery

A new feature of Server 2008 R2 allows you to recover a server from a completely failed hard drive.  The Image restore capability is a combination of using Windows Server Backup and Windows Recovery Environment (WinRE). Windows Server Backup is utilized to create the image where WinRE is used to apply the image. To create the image, first install Windows Server Backup feature on your server. Open Server Manager Click Features . Click Add Features Scroll down the list and click Windows Server Backup Features and then click Install/Next until the installation completes. Next, create a bare metal recovery image Open Windows Server Backup Create a backup.  In this example, we are clicking Backup Once . Make sure Different options is selected and then click Next . For this demonstration, we are going to select Custom . Full Server will also work.  By using Custom , we can select Bare Metal recovery and take the minimum data required. In the Select Items for Backup w