My previous article, The new way to configure Internet Explorer proxy settings with Group Policy, spoke about how the Internet Explorer Maintenance section of Group Policy has been killed off in favour of ADMX templates and Group Policy Preferences. One benefit of this is that you get rid of the time-consuming “Branding Internet Explorer” section when a user logs on to a PC.
Thanks to the lack of communication from Microsoft, we now need to scramble around to get all of our Internet Explorer Favorites re-deployed for any PC with IE10 or above. Thankfully it is a relatively simple, if tedious task. I used the GPMC on a 2008 R2 member server
Internet Explorer 10 was released for Windows 7 and Windows Server 2008 R2 machines back in February 2013. Nine months later and we are going through it again with Internet Explorer 11. For SysAdmins and IT Pros managing software updates, these new versions led to quite a significant change in how we use Group Policy to manage them.
I only recently discovered that when Windows 8 (and along with it IE10) was released they finally got rid of the “Internet Explorer Maintenance” Section of the Group Policy Editor. This section always struck me as an odd place to configure IE settings and I’m still not sure why they couldn’t just use the normal Administrative Template section.
Internet Explorer Maintenance in Server 2003 Group Policy Editor
We are in the process of changing over our Print Server and the first step on the plan was to get some data from all the computers on my network about which printers they had installed. This needed to grab the data from all users on all PCs so the only logical way to do this was to create logon script below and let it run for a week. In a previous post I discussed how PowerShell Export-CSV turns lovely tables in to garbage but now I needed to get a CSV from hundreds of separate text files …
You may be wondering why you would bother upgrading your existing Windows XP and Vista machines to Windows 7, when Windows 8 has just been released.
Whether you are a home user or a large company there are great benefits to be had from upgrading and using your new Windows 7 PC as a stepping stone to Microsoft’s latest and greatest.
Windows XP recently celebrated its 10th birthday, a major achievement for it to keep such a stronghold but also a major issue when it becomes time to change to something new. The are always scare stories when Microsoft releases a new OS. The fact of the matter is, change often creates such fear-mongering when really its an opportunity waiting to be taken advantage of.
Businesses stayed away from Windows 7 for 2 major reasons
- Windows Vista had a terrible launch, fraught with bad reviews and needing an extra expense of upgrading hardware
- Due to people sticking with XP, business software wasn’t upgraded and smaller bespoke software would cost a fortune to redevelop for a new OS
Nowadays, this isn’t as much of an issue. Windows 7 runs easily on hardware over 4 years old and really flies on the latest kit. All major applications have been updated or can be delivered via modern methods like application virtualisation or by using tools like Microsoft’s free application compatibility toolkit or XP Mode. OS deployment technologies have moved on too, meaning you can upgrade people from XP to 7 in a couple of hours.
One of the issues with Windows 8 is trying to find how to shut it down!
Only the free developer preview has been released so far, so all may change by time the beta comes out (rumoured February 2012). For now it’s been quite tricky to shutdown or restart your PC. One way is to create some shutdown tiles for the Start Screen but I’ve learnt a couple off ways using just the keyboard.
- Press [CTRL]+[ALT]+[DEL] then use the Power button at the bottom right of the screen. You can press tab a lot of times to get to the Power icon but the option below is a bit quicker
- [WIN]+[I], [LEFT], [SPACE], [UP], [ENTER]
“+” means press the keys together, a “,” means do the next press separately
To get these simple but cool emoticons/emoji/smilies or whatever you want to call them you will need the Segoe UI Semibold font that comes with Windows 7 (possibly Vista too?).
In Microsoft Word, click the Insert tab on the ribbon. On the far left click the Symbol button followed by the More Symbols option
We use Group Policy to tweak the default settings on Microsoft Servers and PCs. You edit the policies using the Group Policy Editor console (gpedit.msc) but to manage the policies you use the Group Policy Management Console (gpmc.msc). The more policies you start to create, the more confusing managing them can become and with each new version of Microsoft software (Office included) new Group Policy templates are added. This article is to give you an insight into exactly what the Group Policy Management Console (GPMC) is about and how everything links together.
It’s always best to edit policies from the latest OS. This is one of the reasons to always have a VM somewhere with the latest OS purely for Group Policy. Alternatively, if you are using the latest OS then you can install the GPMC from the Remote Server Administration Tools (RSAT) and then edit the policies from there. If you don’t, it’s not a big issue but some policies won’t be available. All of the templates can be stored in a central location in Active Directory so they can be accessed by all domain machines. There is some debate whether it is best to have the policies held locally rather than in the central store but I think it works well. By default this is \\DCName\sysvol\domain.name\Policies\PolicyDefinitions. If you ever download a new template you will need to put it in there. For more details on activating the central store se the following Microsoft Support article
Inheritance & Precedence
Group Policies Objects (GPOs) are created in the Group Policy Objects folder in GPMC. Policies are then linked to Active Directory Organizational Units (OUs). You can link as many Policies as you like to an OU and you can also link the same policy to as many OUs as you like. You can also block inheritance by right-clicking an OU and disabling it. The precedence of any GPOs, i.e. what GPO policy wins out of any competing policies, can be changed in the Linked GPO tab of an OU. Normally the deepest policy wins. Continue reading
Smartphones are great. I got a beautiful Samsung Omnia 7 Windows Phone this time last year and don’t think I’ll ever go back to a dumb/feature phone again. Part of the reason smartphones are so smart is that they have an always on internet connection. Unfortunately, the big mobile phone networks/carriers in the UK (Orange, Vodafone, Three & O2) see this as a great opportunity to squeeze even more money out of you. My phone was originally on Three’s network and although they had great speeds if you went over their measly data allowance you got charged a hefty sum. One month I got charged £15 for data alone! When I called their customer services I was told I’d have to pay if I wanted this itemised and it was my fault for going over the allowance. After about 30 minutes of arguing and being put on hold I gave up, chucked out the Three SIM card and looked into better value options.
Jump down to Step 1 to skip the blurb
Any Microsoft Windows operating system has services. These are little programs that run in the background of the OS to keep things ticking over. They’re really fundamental to servers as it means that programs can run in the background without any user being logged. In fact Windows servers are fine-tuned to give better performance to background services rather than any app running on the screen.
It’s always the best principle to log on with the least amount of privileges on any PC, i.e. you shouldn’t log on to a desktop or server with full admin rights. You should log on as a normal user and only elevate the programmes authority to admin level if absolutely necessary.
Some System Administrators may want an easy life and just let everything “run as admin” as it cuts back on a lot of problems, especially when using old software. Obviously this greatly widens the security attack vector, as any user who can gain access to the machine can do anything they want on it.
However, one of the issues of running as a standard user is that you are not allowed to stop or start Windows services. That is by design, you wouldn’t really want a non-admin to stop a critical service. The problem is when you have a Service Account running (as good practice dictates) as a lowly user. To get around this you can give the Service Account permission to do whatever you want to a particular service you want. Unfortunately, this is a bit more convoluted than setting file permissions. This article will explain how to achieve this. It applies to all versions of Windows from Windows 2000 or newer. My screenshots are from the Windows 8 Developer Preview. Continue reading
The Windows Developer Preview (a.k.a pre-beta version of Windows 8 ) has shown a dramatic change to the Windows Start Menu, in fact, it has been renamed to the Start Screen and it is the first thing you see when you log on to Windows.
The basic idea of this is to a) improve the touch experience on Windows Tablets/Slates and b) merge the usefulness of Windows Vista-era gadgets with the low resource usage of Windows Phone Live Tiles. You can read loads more about the changes on Microsoft’s official Building Windows 8 blog.
Unfortunately, this is slightly jarring for everybody used to the old way of working. Many people have blogged ways to hack the OS to bring back the old Start menu or install new software to provide an equivalent menu. I personally love the changes and certainly don’t want to hack or install unnecessary apps on a pre-beta OS. The problem is, due to the lack of “metro” style immersive apps, or problems with the Start Screen loading on unsupported hardware (e.g. graphics cards), it can be handy to have something similar to the Start Menu present.
A very simple way to do this is by using a feature available since the taskbar debuted in Windows 95!
- Right-click the taskbar
- Select Toolbars > New Toolbar…
- Point it to “C:\ProgramData\Microsoft\Windows\Start Menu\Programs”
There you have it, a zero maintenance, familiar Start Menu sitting happily side by side with the Start Screen.
You may want to check out my related article Windows 8 will be Great on a Slate but is it too Late?