Office 2013 Group Policy User Settings Recommendations

The following table lists a number of user settings across each of the Office 2013 applications that I recommend you take a look at. This is just a small subset of the total number of settings, but includes some of the most important ones.

The status of each setting will vary dependant on the environment. Use at your own risk.

PRODUCT
PATH
SETTING
RECOMMENDED VALUES

Microsoft Access 2013
Miscellaneous
Disable the Office Start Screen for Access
Enabled | Not Configured

Microsoft Excel 2013
Excel Options – Save
Default file format
Enabled, Excel Workbook (*.xlsx)

Microsoft Excel 2013
Miscellaneous
Disable the Office Start Screen for Excel
Enabled | Not Configured

Microsoft Office 2013
Global Options – Customize
Allow roaming of all user customizations
Enabled

Microsoft Office 2013
Privacy – Trust Center
Disable Opt-in Wizard on first run
Enabled

Microsoft Office 2013
Privacy – Trust Center
Enable Customer Experirnce Improvement Program
Disabled | Not Configured

Microsoft Office 2013
Privacy – Trust Center
Automatically receive small updates to improve reliability
Disabled | Not Configured

Microsoft Office 2013
Privacy – Trust Center
Send Office Feedback
Disabled | Not Configured

Microsoft Office 2013
Privacy – Trust Center
Allow including screenshot with Office Feedback
Disabled | Not Configured

Microsoft Office 2013
Subscription Activation
Do not show ‘Manage Account’ link for subscription licenses
Enabled | Not Configured

Microsoft Office 2013
Subscription Activation
Automatically activate Office with federated organization credentials
Disabled | Not Configured

Microsoft Office 2013
Services
Disable Roaming Office User Settings
Enabled | Not Configured

Microsoft Office 2013
Services – Fax
Disable Internet Fax feature
Enabled

Microsoft Office 2013
Downloading Framework Components
Hide missing component download links
Enabled

Microsoft Office 2013
Microsoft Office Picture Manager
Disable File Types association dialog box on first launch
Enabled

Microsoft Office 2013
Miscellaneous
Show SkyDrive Sign In
Disabled | Not Configured

Microsoft Office 2013
Miscellaneous
Block signing into Office
Enabled | Not Configured

Microsoft Office 2013
Miscellaneous
Disable the Office Start screen for all Office applications
Enabled | Not Configured

Microsoft Office 2013
Miscellaneous
Disable Office Backgrounds
Enabled | Not Configured

Microsoft Office 2013
Miscellaneous
Suppress recommended settings dialog
Enabled

Microsoft Office 2013
First Run
Disable First Run Movie
Enabled | Not Configured

Microsoft Office 2013
First Run
Disable First Run on application boot
Enabled | Not Configured

Microsoft OneNote 2013
OneNote Options – Other
Add OneNote icon to the notification area
Disabled | Not Configured

Microsoft Outlook 2013
Outlook Social Connector
Turn off Outlook Social Connector
Enabled | Not Configured

Microsoft Outlook 2013
Outlook Social Connector
Do not show social network info-bars
Enabled | Not Configured

Microsoft Outlook 2013
Outlook Options – Preferences – Calendar Options – Office.com Sharing Service
Prevent publishing to Office.com
Enabled | Not Configured

Microsoft Outlook 2013
Outlook Options – Other – AutoArchive
AutoArchive Settings
Disabled

Microsoft PowerPoint 2013
PowerPoint Options – Save
Default file format
Enabled, PowerPoint Presentation (*.pptx)

Microsoft PowerPoint 2013
Miscellaneous
Disable the Office Start Screen for PowerPoint
Enabled | Not Configured

Microsoft Project 2013
Miscellaneous
Disable the Office Start Screen for Project
Enabled | Not Configured

Microsoft Publisher 2013
Miscellaneous
Disable the Office Start Screen for Publisher
Enabled | Not Configured

Microsoft Visio 2013
Visio Options – Save – Save Documents
Save Visio files as
Enabled, Visio Document

Microsoft Visio 2013
Visio Options – Advanced – General Options
Put all settings in Windows registry
Enabled

Microsoft Word 2013
Word Options – Save
Default file format
Enabled, Word Document (*.docx)

Microsoft Word 2013
Miscellaneous
Disable the Office Start Screen for Word
Enabled | Not Configured

Install Exchange 2016 Prerequisites with Install-Exchange2016MailboxPrerequisites.ps1

This script will install the needed prerequisites for the Mailbox Role of Exchange 2016 “Preview” on Server 2012 R2 .

It will install the following:
– Windows Componets
.NET Framework 4.5.2
Microsoft Unified Communications Managed API 4.0, Core Runtime 64-bit

You can download the script here:
https://gallery.technet.microsoft.com/scriptcenter/Exchange-2016-prerequisites-9a0b5e17

MDT 2013 Update 1 Release Notes and Known Issues

This post is to serve as the release notes and known issues list for the current release of MDT 2013 Update 1 (v6.3.8290). Source: http://blogs.technet.com/b/msdeployment/archive/2015/08/25/mdt-2013-update-1-release-notes-and-known-issues.aspx

The list of known issues below provides a number of workarounds that are currently available to help unblock affected customers. We will revise the list as needed. Given the number of issues with this build we will release a newer build of MDT 2013 Update 1 in the next several weeks to address as many of these issues as we can. Watch this blog for more information.

Release Notes

TechNet documentation is not updated

The MDT product documentation published on TechNet is current as of MDT 2013; it has not yet been updated for MDT 2013 Update 1.

Do not upgrade from Preview to RTM

MDT 2013 Update 1 Preview should be uninstalled before installing the final MDT 2013 Update 1. Do not attempt to upgrade a preview installation or deployment share. Although the product documentation is not updated for MDT 2013 Update 1, the information on upgrading an installation still holds true.

Windows System Image Manager will fail to validate MDT Unattend.xml templates

The Windows System Image Manager (WSIM, a component of the Windows ADK used to create and modify unattended installation answer files) does not allow blank values which exist in the default MDT Unattend.xml templates. MDT removes blank values before injecting the file during deployment, so Windows always receives a valid XML answer file.

Integrating with System Center Configuration Manager

When integrating MDT with Configuration Manager, follow the version of the Windows ADK. MDT 2013 Update 1 only works with the Windows 10 ADK, so make sure it is used with a version of Configuration Manager that supports and also uses the Windows 10 ADK.

Image files larger than 4 GB are not split by default

Split image (.SWM) support is now off by default. It must be enabled by modifying %DeployRoot%\Control\Settings.xml with the following:

<SkipWimSplit>False</SkipWimSplit>

Using HideShell with Windows 10

The behavior of the HideShell option changed with Windows 10. Michael Niehaus explains this in great detail on his blog.

Known Issues

Disk partitioning issues

Symptoms:

  • Recovery partition consumes the majority of the disk on BIOS systems
    • LTIApply fails with DISM error 112, There is not enough space on the disk.
  • Recovery partition is unnecessarily visible on both UEFI and BIOS systems
  • You can’t specify a custom partition layout containing a recovery partition for UEFI systems

Workarounds: Keith Garner provides some suggestions on his blog: uberbug06 and uberbug07.

Static IP not restored when using media deployment

When doing a media deployment and using a static IP the static IP does not get restored.

Workarounds:

  • Modify Litetouch.wsf to enable MEDIA deployments (Keith Garner explains in this forum post)
    or
  • Add an extra Apply Network Settings action (alternative suggested by Johan Arwidmark on his blog)
Static IP not set in Network Adapter Configuration Wizard

When initializing a deployment in Windows PE and clicking Configure Static IP Address, if you uncheck Enable DHCP and enter static IP information, the following Network Settings Error will display:

WMI Function: Adapter.EnableStatic(IPAddress,SubnetMask) FAILURE: -2147467259

This warning may also be seen in the results screen and log files during a deployment.

Workaround: a static IP can be manually set from Windows PE using netsh, but otherwise there are no workarounds at this time.

Monitoring does not work after Windows 10 upgrade

After successfully upgrading a system to Windows 10 the MDT monitoring fails to report information. You will see the following warnings:

Unable to create WebService class

Workaround: None.

MDAC component fails being added to Windows PE

This is a known bug with DISM; it is external to MDT. DISM can sometimes fail to add the MDAC component to WinPE boot images. This seems to be a timing issue which most commonly occur when you are using SSD disks.

Workarounds:

  • Remove MDAC. On the deployment share properties, Windows PE tab, Features subtab, uncheck Microsoft Data Access Components (MDAC/ADO) support.
  • If you need MDAC for database connectivity, you can try updating your boot images from a system where the %TMP% directory is located on a non-SSD drive. This is not a guaranteed workaround, but has been seen to work.

NOTE: we are also aware of reports of similar issues regarding Windows PowerShell and WMI components in Windows PE (as well as some functional issues with these components). We have not been able to reproduce these issues, and are working with the Windows team to investigate further. If you have a reproducible issue with these components in Windows PE, please open a case with Microsoft Support to troubleshoot.

Upgrade task sequences are displayed when not applicable

Windows 10 upgrade task sequences are available when starting a deployment from Windows PE or on a non-matching architecture, however the in-place upgrade scenario is only supported when started from the full OS (it cannot be started from Windows PE) and from the correct architecture.

Workaround: Modify your upgrade task sequence properties to exclude client platforms that are not applicable. On the task sequence properties, General tab, select This can run only on the specified client platforms and then choose platforms that you want to target, for example, All x86 Windows 7 Client. This example will exclude Windows PE and Windows 7 x64 systems.

Applications with a command file (.cmd) use a Windows system working directory

If you have an application that uses a command file (.cmd) as the installation command line it will be launched from C:\Windows\System32 instead of the application’s working directory.

Workaround: See the associated bug on Connect for sample edits to ZTIApplications.wsf.

Application bundles successfully install but log an error

Application bundles will successfully install but the following warning is logged in ZTIApplications.log:

SelectSingleNodeString(CommandLine) Missing Node.

as well as the following error:

Application <app bundle name> returned an unexpected return code: 87

Workaround: See the associated bug on Connect for sample edits to ZTIApplications.wsf.

Deployment Wizard error for Keyboard Locale

Changing the keyboard locale in the Deployment Wizard will result in a script error:

Type mismatch: 'SetNewKeyboardLayout'

This error is non-fatal. Click Yes and continue.

Workarounds:

  • Specify the keyboard locale in CustomSettings.ini and hide this wizard page.
  • Edit %DeployRoot%\Scripts\DeployWiz_LanguageUI.xml to remove onchange="SetNewKeyboardLayout" from line 62.
ZTI: Offline installation of language packs or software updates fails

Using the “Install Language Packs Offline” or “Install Updates Offline” step in an MDT-integrated task sequence in Configuration Manager results in the language packs or updates not injected, and the following errors in the ZTIPatches.log:

ZTI ERROR - Unhandled error returned by ZTIPatches: Object required (424)

This error is only seen in logs, the deployment appears to be successful otherwise.

Workaround: apply updates and language packs online

Split image files do not apply

If you split a large image file to create .SWM file(s), then applying this split image file will fail.

Workaround: edit %DeployRoot%\Scripts\LTIApply.wsf, both lines 915 and 918, to add a colon and remove a space, for example on line 915 change:

sCmd = sCmd & " /SWMFile """ & sRWMPath & """"
to
sCmd = sCmd & " /SWMFile:""" & sRWMPath & """"

Do the same on line 918.

Deployment fails due to unattend.xml errors during oobeSystem

If you have edited unattend.xml and then start a deployment with the wizard page for administrator password enabled, or specified AdminPassword in CustomSettings.ini, the deployment will fail during Windows OOBE:

Windows could not parse or process Unattend answer file [C:\Windows\Panther\unattend.xml\ for pass [oobeSystem]. The settings specified in the answer file cannot be applied. The error was detected while processing settings for component [Microsoft-Windows=Shell-Setup].

Workaround: edit %DeployoRoot%\Scripts\ZTIConfigure.wsf lines 343 and 344 to append unattend: before PlainText. For example, on line 344 change:

oCurrent.parentNode.selectSingleNode("PlainText").text = "true"
to
oCurrent.parentNode.selectSingleNode("unattend:PlainText").text = "true"

Do the same on line 343.

ZTI: LTIBootstrap.vbs script not found

Towards the end of a MDT-integrated task sequence deployment in Configuration Manager a Windows Script Host popup will appear with a message similar to the following:

Can not find script file "C:\LTIBootstrap.vbs".

(The drive letter may be different depending upon the specific scenario.)

Workaround: Script changes are possible but difficult and challenging. Johan Arwidmark provides an option on his blog (see Issue #2).

LTI: Cleanup is not complete after image capture

After capturing an image and rebooting back to the drive, autologon is still configured and an error will appear about LTIBootstrap is not found. This is a minor, non-fatal error that does not affect the captured image.

Workaround: Script changes are possible but difficult and challenging, especially given the minor severity of the issue.

DISM returns error 87 when applying image

A deployment fails with the following error from DISM:

Error: 87 (The parameter is incorrect)

With further detail in the dism.log:

Failed to get the filename extension of the image file

Workarounds: This is seen when the server name is only two characters, for example DC, such that the /ImageFile parameter is similar to the following:

"\\dc\DeploymentShare$\Operating Systems\Windows 10 Enterprise x64\sources\install.wim"

Use a deployment share on a server whose name is three or more characters.

If you must use a server with a two-character name, specify its fully qualified domain name in bootstrap.ini, for example

DeployRoot=\\DC.contoso.com\DeploymentShare$

Recertify MCSE: Messaging certification through MVA

You’ve proven yourself. As a Microsoft Certified Solutions Expert (MCSE), you passed a rigorous series of exams to earn your certification. But, as the pace of changing technology accelerates, so does the challenge of keeping your skills up to date.

Now, you have a convenient way to get recertified. Through Microsoft Virtual Academy, you can recertify your MCSE certification by reviewing a prescribed set of skills and passing all related assessments—on your own schedule.

Note Not all MCSE certifications can be recertified through Microsoft Virtual Academy at this time.

To renew your MCSE certification through Microsoft Virtual Academy:

  1. Find the skills path for your expiring certification, listed in the sections that follow.

  2. Pass all of the module-level assessments for each of the Microsoft Virtual Academy courses in the path.

    When you have completed Step 2, submit your Microsoft Virtual Academy user name and Microsoft Certification ID (MC ID) to certquest@microsoft.com.

Your MCP transcript will reflect the new skills and expiration date for your MCSE after Microsoft has verified that you have passed all assessments.

Please note that recertification skills paths might evolve over time. If you have already recertified, you are not responsible for taking the assessments on the new content until your next recertification cycle. However, for your own development, you may want to review those new skills at an earlier point in time.

Recertification paths for additional MCSE and Microsoft Certified Solutions Developer (MCSD) certifications will be made available through Microsoft Virtual Academy in the coming months.

Recertify an MCSE: Messaging certification

Recertify with Microsoft Virtual Academy

Finding some time now Knipogende emoticon

CalCheck Powershell Script to fix Calander Issues the Easy Way

I created a handy script to fix a Exchange calender the easy way.

I does the following:
– Ask for the username
– Gives full access to user mailbox and disable automapping
– Export Name,LegacyExchangeDN from the user to list.txt
– Run CalCheck
– Remove Full Access Permissions

Put CalCheck.ps1 in de same folder where calcheck.exe exsist.

Download CalCheck

You can find the script the Microsoft Script Libary:
https://gallery.technet.microsoft.com/scriptcenter/CalCheck-Powershell-Script-c419c10e

ExchangeLyncAdminScript.ps1 Script to Manage Exchange & Lync & Active Directory

Exchange & Lync Admin Script created by Ward Vissers
www.wardvissers.nl

Tool to Manage Active Directory & Exchange & Lync

THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE RISK
OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE USER

    Please select the admin area you require

        1. Active Directy Users Tasks
        2. Active Directy Computers Tasks
        3. Active Directy Groups Tasks
        4. Active Directy Protected From Accidental Deletion Tasks
        5. Active Directy FSMO Tasks
        6. User Profile Tasks
        7. Exchange Tasks
        8. Lync Tasks
        9. Quit and exit
    Enter Menu Option Number:

Download: https://gallery.technet.microsoft.com/scriptcenter/Exchange-Lync-Script-c079133e

Configure your Exchange 2013 server with Configure-Echange2013.ps1 Updated to V3.1

Updated to V3.1

Change List:

# V1.0 Begin
# V1.1 Added Some New Options 12-10-2014
# V1.2 Added Hyper-V Best Practise & NTFS Partition Offset
# V1.3 Added KB2995145 .NET Framework 4.5 garbage collector heap Fix
# V1.4 Added Set Minimum Disk Space Warning level (180GB Default CU6 200GB CU5)
# V1.5 Added Some new features
# V1.6 Changed the Layout & Add Move Arbitration Mailbox
# V1.7 Added PST Export & KB2990117
# V1.8 Added Full backup, Database in GB and Mailbox Size in GB Export CSV
# V1.9 Added Outlook AnyWhere & SafetyNetHoldTime
# V2.0 Added Check DatacenterActivationMode, Get-DatabaseAvailabilityGroupNetwork, Add Static Route, Disable Replation Network on DAG, Database Copies Per Volume (AutoReseed)
# V2.1 Added Edge Subscription
# V2.2 Added Check Transaction Log Growth
# V2.3 Changed the Menu to Submenu’s
# V2.4 Added Check Database White Space
# V2.5 Added MAPI HTTP External URL
# V2.6 Fixed OWA Virtual URL & HTTP URL
# V2.7 Added Fixes & Mountpoints & Changed Set Minimum Disk Space Warning Level from REG to GlobalOverride
# V2.8 Maintaince Added
# V2.9 Set Power to Highperformance
# V3.0 Check of Microsoft.Exchange.Management.PowerShell.SnapIn is loaded
# V3.1 Added Set-OutlookProvider -Identity EXPR -CertPrincipalName msstd:*.domain.com & Set-OutlookProvider -Identity EXCH -CertPrincipalName msstd:*.domain.com

Download: https://gallery.technet.microsoft.com/scriptcenter/Configure-Exchange-2013-e0ffb2a6

Rollup 10 for Exchange Server 2010 Service Pack 3

Exchange Team released Rollup 10 for Exchange Server 2010 Service Pack 3

Fixes:

KB 3069055 Various DAG maintenance scripts do not work in an Exchange Server 2010 environment
KB 3057422 “MapiExceptionNoAccess: Unable to query table rows” error and some mailboxes cannot be moved
KB 3056750 Exchange ActiveSync application pool crashes in an Exchange Server 2010 environment
KB 3054644 “The item no longer exists” error when you access an archive mailbox in Outlook Web App in Exchange Server 2010
KB 3051284 Event ID 4999 is logged and MSExchangeServicesAppPool crashes in an Exchange Server 2010 environment
KB 3049596 Event ID 4999 is logged and remote procedure call Client Access service crashes in an Exchange Server 2010 environment
KB 2964344 MSExchangeRPC service stops working intermittently in Exchange Server 2010

Download

Configure your Exchange 2013 server with Configure-Echange2013.ps1 Updated to V3.0

Updated to V3.0

Change List:

# V1.0 Begin
# V1.1 Added Some New Options 12-10-2014
# V1.2 Added Hyper-V Best Practise & NTFS Partition Offset
# V1.3 Added KB2995145 .NET Framework 4.5 garbage collector heap Fix
# V1.4 Added Set Minimum Disk Space Warning level (180GB Default CU6 200GB CU5)
# V1.5 Added Some new features
# V1.6 Changed the Layout & Add Move Arbitration Mailbox
# V1.7 Added PST Export & KB2990117
# V1.8 Added Full backup, Database in GB and Mailbox Size in GB Export CSV
# V1.9 Added Outlook AnyWhere & SafetyNetHoldTime
# V2.0 Added Check DatacenterActivationMode, Get-DatabaseAvailabilityGroupNetwork, Add Static Route, Disable Replation Network on DAG, Database Copies Per Volume (AutoReseed)
# V2.1 Added Edge Subscription
# V2.2 Added Check Transaction Log Growth
# V2.3 Changed the Menu to Submenu’s
# V2.4 Added Check Database White Space
# V2.5 Added MAPI HTTP External URL
# V2.6 Fixed OWA Virtual URL & HTTP URL
# V2.7 Added Fixes & Mountpoints & Changed Set Minimum Disk Space Warning Level from REG to GlobalOverride
# V2.8 Maintaince Added
# V2.9 Set Power to Highperformance
# V3.0 Check of Microsoft.Exchange.Management.PowerShell.SnapIn is loaded

Download: https://gallery.technet.microsoft.com/scriptcenter/Configure-Exchange-2013-e0ffb2a6

Translate »