Tag: Windows 7

Unable to connect from the View Client on Windows 7 to the View Connection Server after installing the patch kb2482017 or kb2467023

This issue occurs when you have installed one of these Microsoft patches, 2482017 or 2467023.

If you have already installed these patches, you can install VMware View Client (build 353760) or uninstall the Microsoft patches.

If you have not installed these patches, delay the installation of the Microsoft patches until you have installed VMware View Client (build 353760).

VMware View Client build 353760 has been tested on:

  • Windows 7 Enterprise 32 bit +  Internet Explorer 8
  • Windows 7 Enterprise 64 bit +  Internet Explorer 8
  • Windows 7 Home 32 bit +  Internet Explorer 8 

The View Client patch can be downloaded from here. Enter your credentials, accept the EULA and download the appropriate file:

  • If you are using Windows 7 32-bit, use VMware-viewclient-4.5.0-353760.exe.
  • If you are using Windows 7 64-bit, use VMware-viewclient-x86_64-4.5.0-353760.exe.

To apply this patch

  1. Click Start > Settings > Control Panel > Add or Remove Programs.
  2. Choose the previously installed VMware View Client and click Remove.
  3. Navigate to where you downloaded VMware-viewclient-xxx-4.5.0-353760.exe and run the executable file.
  4. Follow the installation installation wizard to complete installation.
  5. Reboot the computer.

Very Important: VMware View Clients with build number 353760 or later are not affected by this issue.

Microsoft Assessment and Planning Toolkit 5.5

The Microsoft Assessment and Planning Toolkit (MAP) is an agentless, automated, multi-product planning and assessment tool for quicker and easier desktop and server migrations. MAP provides detailed readiness assessment reports and executive proposals with extensive hardware and software information, and actionable recommendations to help organizations accelerate their IT infrastructure planning process, and gather more detail on assets that reside within their current environment. MAP also provides server utilization data for Hyper-V server virtualization planning; identifying server placements, and performing virtualization candidate assessments, including ROI analysis for server consolidation with Hyper-V.

MAP helps make the following IT planning projects faster and easier:

  • Migration to Windows 7, Windows Server 2008 R2, and Microsoft Office 2010
  • Migration to Windows 7 compatible versions of Internet Explorer
  • Migration to cloud-based services
  • Server virtualization with Hyper-V
  • SQL Server consolidation and migration to SQL Server 2008 R2
  • Assessment of current software usage and client access history for simplified software asset management
  • PC security assessment and migration to Microsoft Forefront Client Security

You can use MAP to inventory the following technologies:

  • Windows 7
  • Windows Vista
  • Windows XP Professional
  • Office 2010 and previous versions
  • Windows Server 2008 or Windows Server 2008 R2
  • Windows Server 2003 or Windows Server 2003 R2
  • Windows 2000 Professional or Windows 2000 Server
  • VMware ESX
  • VMware ESXi
  • VMware Server
  • Linux variants
  • LAMP application stack discovery
  • SQL Server 2008
  • SQL Server 2008 R2
  • MySQL
  • Oracle
  • Sybase

Download MAP 5.5 HERE

HP 6540b Bitlocker Issue

I encountered an issue on a HP 6540b Laptop with Windows 7 after the OS volume is encrypted with Bitlocker, the system never starts up normally. Every time the system is shutdown completely and then started again, it brings up the Bitlocker console and wants the recovery key entered. It doesn’t seem to do this when the system is restarted with CTRL+ALT+DELETE

After updating to the latest HP BIOS the problem was fixt.

Download the Latest bios update from the HP site for the 6540b HERE.

Recover an Exchange 2010 SP1 Server

Recover a Lost Exchange Server

1. Install the proper operating system and name the new server with the same name as the lost server. Recovery won’t succeed if the server on which recovery is being performed doesn’t have the same name as the lost server.

2. Join the server to the same domain as the lost server.

3. Install the following 2008 R2 HotFixes

The following hotfixes are required for the Client Access server for Windows Server 2008 R2:

4. Set-Service NetTcpPortSharing -StartupType Automatic

5. RUN –> E:\Setup.com /m:recoverserver /InstallWindowsComponents

image

image

Home folders renamed to My Documents

When you redirect users home folders to network share the folders are show as My Documents folder.

This is a bug in Windows 7 
http://support.microsoft.com/kb/947222

Solution:

Do not grant the Read permission to the administrator for the Desktop.ini files on the server. To do this, follow these steps:

Note If more than one Desktop.ini file exists, follow these steps for all the Desktop.ini files.

  1. Right-click the Desktop.ini file, click Properties, and then click the Security tab.
  2. In the Group or user names pane, click Administrators.
  3. Click to select the Deny check box for the Read permission.
  4. Click OK.

If you have 1000+ home folders this is not great thing to do Sad smile

Richard Willis created a nice powershell script that will do it for you Open-mouthed smile
You need only change the groupName to the group that you will give deny read permissions.
Save the script in de home folder where all the “My Documents” are and run the script.

The Script:
———————————————————————————————————–

$folders = Get-ChildItem | where-object {$_.psiscontainer};
foreach ($folder in $folders)
{
$desktopIni = Get-ChildItem $folder -Filter desktop.ini -Force
if ($desktopIni -ne $null)
{
$Acl = Get-Acl $desktopIni.FullName
$Ar = New-Object system.security.accesscontrol.filesystemaccessrule `
("groupName","Read","Deny")
$Acl.SetAccessRule($Ar)
Set-Acl $desktopIni.FullName $Acl
}
}

———————————————————————————————————-

Exchange 2010 SP1 Prerequisites

Some day’s ago Microsoft Releases Exchange 2010 SP1. When you install Exchange 2010 SP1 you need to install some hotfixes. The Exchange Team have made a nice over view witch hotfixes you need for the OS.

Hotfix Download Windows Server 2008 Windows Server 2008 R2 Windows 7 & Windows Vista
979744
A .NET Framework 2.0-based Multi-AppDomain application stops responding when you run the application		 MSDN
or Microsoft Connect		 Windows6.0-KB979744-x64.msu (CBS: Vista/Win2K8) Windows6.1-KB979744-x64.msu (CBS: Win7/Win2K8 R2) N. A.
983440
An ASP.NET 2.0 hotfix rollup package is available for Windows 7 and for Windows Server 2008 R2		 Request from CSS Yes Yes N.A.
977624
AD RMS clients do not authenticate federated identity providers in Windows Server 2008 or in Windows Vista. Without this update, Active Directory Rights Management Services (AD RMS) features may stop working		 Request from CSS using the “View and request hotfix downloads” link in the KBA | US-English Select the download for Windows Vista for the x64 platform. N.A. N.A.
979917
Two issues occur when you deploy an ASP.NET 2.0-based application on a server that is running IIS 7.0 or IIS 7.5 in Integrated mode		 Request from CSS using the Hotfix Request Web Submission Form or by phone (no charge) Yes N. A. N. A.
973136,
FIX: ArgumentNullException exception error message when a .NET Framework 2.0 SP2-based application tries to process a response with zero-length content to an asynchronous ASP.NET Web service request: “Value cannot be null”.		 Microsoft Connect Windows6.0-KB973136-x64.msu N.A. N. A.
977592
RPC over HTTP clients cannot connect to the Windows Server 2008 RPC over HTTP servers that have RPC load balancing enabled.		 Request from CSS Select the download for Windows Vista (x64) N.A. N. A.
979099
An update is available to remove the application manifest expiry feature from AD RMS clients.		 Download Center N. A. Windows6.1-KB979099-x64.msu N. A.
982867

WCF services that are hosted by computers together with a NLB fail in .NET Framework 3.5 SP1

 MSDN N. A. Windows6.1-KB982867-v2-x64.msu (Win7) X86: Windows6.1-KB982867-v2-x86.msu (Win7)
x64: Windows6.1-KB982867-v2-x64.msu (Win7)
977020
FIX: An application that is based on the Microsoft .NET Framework 2.0 Service Pack 2 and that invokes a Web service call asynchronously throws an exception on a computer that is running Windows 7.		 Microsoft Connect N. A. N. A. x64: Windows6.1-KB977020-v2-x64.msu

X86: Windows6.1-KB977020-v2-x86.msu

Some of the hotfixes would have been rolled up in a Windows update or service pack. Given that the Exchange team released SP1 earlier than what was planned and announced earlier, it did not align with some of the work with the Windows platform. As a result, some hotfixes are available from MSDN/Connect, and some require that you request them online using the links in the corresponding KBs. All these updates may become available on the Download Center, and also through Windows Update.

These hotfixes have been tested extensively as part of Exchange 2010 SP1 deployments within Microsoft and by our TAP customers. They are fully supported by Microsoft.

The TechNet article Exchange 2010 Prerequisites is updated with the hotfixes and install the prerequisites required for your server version (the hotfixes are linked to in the above table).

You can use the Install the Windows Server 2008 SP2 operating system prerequisites on a Windows 2008 R2 server. Only you have to run the following powershell command: Import-Module ServerManager

Installed Exchange 2010 SP1 on a Windows 2008 R2 Server with problems. I feels that the MMC is faster. Tomorrow upgrading a DAG/NLB cluster to Exchange 2010 SP1.

MDT 2010 Multiple Partitions Issues & hidden Bitlocker partition

I had a new laptop where I wanted to deploy Windows 7 x64 Enterprise and walked to a bug in MDT 2010. Default config.

I configured 2 partitions to use the whole disk. See screenshot.
imageimage
When I deploy the task I get the following error

IMAG0003
He wants to format partition D. But partition D is not availably. 
I ended the task and opened the PE window and started Diskpart and listed the volumes.

IMAG0001

The strange thing was that the extended partition has the drive letter S had and it was a raw partition.

After studying ZTIDiskpart.log (X:\MININT\SMSOSD\OSDLOGS\ZTIDiskpart_diskpart.log)

I found out that there was no space left to create a 300mb partition for saving Bitlocker information.

So what did ZTIDiskpart.wsf. ZTIDiskpart.wsf gave the last partition that was created the drive letter S. This is the default letter for the Bitlocker partition. So hey wanted to format the file system with fat32. Because in my case the partition size was 200GB he cannot format the disk.

Solution:

Setting the extended partition to use 95%. Then MDT have enough space to create a 300mb hidden partition for Bitlocker.

image image

How to Install & Configure Immidio Flex Profiles Advanced Edition

Install Immidio Flex Profiles Advanced Edition with setup.exe. There is one thing you must no.

The Management console is there in to flavors x86 and x64.

The Immidio Flex Profiles Advanced Edition.msi that you need later works both fine on x86 and x64 machines.

clip_image001clip_image002

clip_image003clip_image004

clip_image005clip_image006

clip_image007clip_image008

Start Immidio FlexProfile Kit
clip_image010
clip_image011
Best Practice is that the ini are placed on a domain controller because If one domain controller fails you have no problems with your flex profile kit.
clip_image013
Import the ini files that you will find in the package
I have al ready some ini files (Word 2007, Outlook 2007, Excel 2007) that i used with a older version of flex profile kit.
clip_image015

Create on a File Server an application install folder. I named it Immidio Flex profiles
Copy the Immidio Flex Profiles Advanced Edition.msi to that folder and the following script.

flexprofilesinstall.cmd

REM Voor Immidio FlexProfiles.
IF EXIST "C:\Program Files\Immidio\Flex Profiles\flexengine.exe" GOTO END
msiexec.exe /i "\\ward-dc01\install\Immidio Flexprofiles\Immidio Flex Profiles Advanced Edition.msi" /qb! LICENSEFILE="\\ward-dc01\Install\Immidio Flexprofiles\wardvissers.lic" /l* c:\InstallFlex.log

:END

Create A New GPO on the computers where you want to install Immidio Flexprofile kit. I named Install Immidio Flexprofiles. Asssign the  flexprofilesinstall.cmd als a startup script. Set the maximum wait time on 3600.
image 

Afther that i created a new policy for my domain users witch a named Immidio FlexProfiles Users

Add the Immidio Flex Profiles.adm to the new created GPO Immidio FlexProfiles Users
clip_image018 
I did some settings where to find the ini files and where to save the settings.
image

Now you have a working roaming profile based on Immidio Flexprofiles. It’s a great tool a im loving it.

It’s works great when you migrate from XP to Windows 7

Reviewing Least Privilege Security for Windows 7, Vista and XP

I was recently approached to do a book review on “Least Privilege Security for Windows 7,Vista and XP by Russell Smith” published by Packt Publishing. I will review it soon. It show you how to configure your Windows environment so that your users can operate without administrator permissions.

Here is a list of the just some of technologies that this book talks about to achieve a Least Privilege Security:

  • Program Compatibility Wizard
  • Applications Compatibility Wizard
  • User Account Control
  • Group Policy Software Deployment
  • Internet Explorer Add-on Management
  • Troubleshooting Remote Users
  • Configuring Windows Firewall
  • Software Restrictions Policies and AppLocker
  • Microsoft Deployment Toolkit
  • CD Burning
  • ActiveX Controls
  • Changing system time and time zones
  • Power Management
  • Managing networks
  • Standard Users Analyzer
  • Applications Compatibility Toolkit
  • Logon Scripts
  • Remote Desktop Services
  • App-V
  • Med-V

I have read already some chapters. I think it is a great book to have on your collection.
You have always not enough time thinking about security. This book does it for you.

As a special offer Packt Publishing are also letting people download preview chapter of this book by download here Chapter No. 3 – Solving Least privilege Problems with the Application Compatibility Toolkit

clip_image001

Enable Windows 7 Features through Group Policy

I love Windows 7. But there is one thing a hate about Windows 7.
There is no nice way to enable Windows 7 Features trough Group Policy.

So I created a small visual basis script that i used as a startup script.

It checks if adsnapins.txt exist in the program files files. If exsist do nothing if it don’t exsist enable the feature.

Windows7ADSnapIns.vbs

‘Installeerd Windows 7 AD Management Snapins.
’13-07-2010 Ward Vissers

Set fso = CreateObject("Scripting.FileSystemObject")

If Not (fso.FileExists("C:\Program Files\adsnapins.txt")) Then
    Dim Wsh
    Set wsh = CreateObject("WScript.Shell")
    wsh.run "dism /online /enable-feature /featurename:RemoteServerAdministrationTools", ,1
    wsh.run "dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles", ,1
    wsh.run "dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles-AD", ,1
    wsh.run "dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles-AD-DS", ,1
    wsh.run "dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles-AD-DS-SnapIns", ,1
    fso.CopyFile "\\ad.local\afs\install\Windows7Feature\adsnapins.txt", "C:\Program Files\adsnapins.txt"

End If

Set fso = Nothing

Translate »