Add Trusted Sites in Internet Explorer – Keeping users’ existing list

I received a call from a colleague asking if we could add a few intranet sites to each users Trusted Sites list. I said “Sure” that should be easy, send the list of sites.

Hmmm!! Easy!! Yea but not too easy.

Because if I use a group policy for this, users wont be able to add any site to the list. Which might be a great thing from security point but in our environment its just not acceptable.

So I had to think of a different method.  While changing the trusted zone settings manually I used Procmon.exe to record changes in registry and and found that the Trusted Zones are saved in the following location

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains

Now I felt better because there are many ways to deploy these settings but I used Group Policy Preferences. Easy and Clean.

1. Added the intranet sites to my Internet Options – Trusted Sites

2. Opened the existing GPO for Internet Explorer

3. Navigated to User Configuration –> Preferences –> Windows Settings –> Registry

4. Right Click Registry and chose New –> Registry Wizard

   
   

5. Select Local Computer –> Next and Just Chose the Domain or the sites that you added to the Registry location mentioned above.

6. Make sure to tick/check all the values

That’s it! It will now apply to all users while they have their own list of Trusted Zones.

Microsoft TechNet Wiki Beta Launched

TechNet has served Windows Administrators and Users for many years, this Wiki would be a great addition if Microsoft gets its act together in optimizing their search algorithms.

Check out the TechNet Wiki page here

Microsoft Pink Phone

It's finally official: Microsoft Pink -- the product of Redmond's acquisition of Danger -- has just been unveiled as a pair of handsets sourced from Sharp (which made most of Danger's Sidekicks) known as the Kin One and Kin Two. The devices are being marketed as Windows Phones, and while they're ultimately based on most of the same underpinnings of Windows Phone 7, it's a distinctly and totally different experience -- the entire user interface is custom to Kin with a heavy social media slant, a custom browser (we're told it's based on the Zune's browser), and surprisingly, zero support for third-party apps. The displays are capacitive with support for multitouch (yes, you can pinch and zoom in the browser), but there's no support for in-browser Flash or Silverlight…… Read Full Story Here

 

More Info:
http://www.microsoft.com/presspass/presskits/KIN/

Father of the PC Dr. Henry Edward Roberts Died on 1 April 2010

Dr Henry Edward Roberts was the inventor of the Altair 8800, a machine that sparked the home computer era.

Bill Gates and Paul G. Allen contacted Dr Roberts after seeing the machine on the front cover of a magazine and offered to write software for it.  The program was known as Altair-Basic, the foundation of Microsoft's business……

Read for more details

http://news.bbc.co.uk/2/hi/science/nature/8600493.stm

http://www.nytimes.com/2010/04/03/business/03roberts.html

The Windows Enterprise 90 Day Trial Has Been Extended

Microsoft’s marketing and advertising strategy for Windows 7 has been well planned and executed. This is another smart move for creating  a stronger customer base.

Read the full article here - 90 Day Trial Has Been Extended

List of Top Free Windows Administration Tools

This is a comprehensive list of Windows Administration Tools available for free. There are some great detailed reviews about tools, all of these review are written by Michael Pietroforte.  I like his reviews as they are informative and honest.

Windows Administration Tools 

Above is a precious collection of any Systems Administrator.

XP Mode Without Hardware Virtualization

For those who have machines with no Hardware Virtualization support – You can use XP Mode in windows 7. Microsoft has launched an update to Windows Virtual PC that enables running XP Mode without Virtualization support.

Read the following KB for more details.

http://support.microsoft.com/kb/977206

Download the update from from following locations.

• For 32-bit host operating systems:http://www.microsoft.com/downloads/details.aspx?FamilyID=837f12aa-1d37-464e-ae59-20c9ecbebaf6
• For 64-bit host operating systems:http://www.microsoft.com/downloads/details.aspx?FamilyID=e70dd043-e262-43c0-a002-446567f1e2b4

Microsoft previews IE9

After the success of Internet Explorer 8, Microsoft didn’t delay the next browser in line. To stay updated with Features and new capabilities of Internet Explorer 9 visit http://www.ietestdrive.com/ 

You can also download the Platform preview from the above location.

Enable File Content Search in Windows 7

Search is one of the strong features of windows 7, some on us might find it not too useful because by default Windows 7 only search within the file in an Indexed location. So there is no visible option like XP to search text within a file.

To enable File Content Search option there are two options

Option 1 (Searches will be a little slow)

• Go to Tools –> Folder Options or Organize –> Folder and search options
• select “Always search file names and contents” option in Search tab.

 Option 2

• Add the Directory or Drive to Indexed locations from Indexing Options.

Note: If the location is already being indexed and still its not searching the content of certain file types. Use the following option to make sure its being indexed correctly.

• Click on Start menu and type Indexing
• Choose Indexing Options
• Click on Advanced
• In File Types find the Extension you are looking for and click on it.
• In the “How should this file be indexed?” select “Index Properties and File Contents”

Error while importing option “6.” while moving DHCP database from Windows Server 2008 to another Windows Server 2008/2003 or 2008 R2

 

To move DHCP from one server (2003/2008) to another you can use the following steps

1. At the command prompt type netsh dhcp server export C:\dhcpdata.txt all , and then press ENTER.

Note: You must have local administrator permissions to export/import the data.

Configure the DHCP server service on the server that is running Windows Server 2008

1. Add DHCP Server Role
2. Make sure to Authorize DHCP while installing the Role.

Import the DHCP database

1. Copy the exported DHCP database file to the local hard disk of the Windows Server 2008-based computer.
2. At the command prompt, type netsh dhcp server import c:\dhcpdata.txt all and press ENTER

If might receive the following error

“Error while importing option “6.” “This option conflicts with the existing option “” An Internal Error Occurred.”

It is because by default when you install DHCP Server Role, it puts the following entries in Server Options.

006 DNS Server
015 DNS Domain Name

To fix the Error –> Just delete the above two entries from Server options and Run the Import DHCP database command again.

Outlook 2007 crashes on Import/Export

Lets say you are trying to export your contacts to a Tab Delimited Text file or CSV file. The process begins but outlook crashes right away leaving the following event in your event log

Event ID: 1000
Source: Microsoft Office 12

Discription:
Faulting application outlook.exe, version 12.0.6514.5000, stamp 4a89dc70, faulting module oladd.fae, version 12.0.6500.5000, stamp 49a6ed5f, debug? 0, fault address 0x00008c24.

One of the reasons why it might happen is that Microsoft Exchange Management Tools for Exchange 2007 are installed on the computer and Microsoft says it not supported.

To Fix it

Open command prompt and type fixmapi and press enter (there will be no notification, its instant)

Make sure Outlook is closed while you do the above, reopen Outlook and try to Export it should now work fine.

Windows 7 or Windows Server 2008 R2 logon delays

Consider the following scenario:

• You have a computer that is running windows 7 or Windows Server 2008 R2.
• You set a solid color as the desktop background.
• The Desktop Window Manager Session Manager service is running.
• You log on to the computer locally.

In this scenario, the Welcome screen is displayed for 30 seconds during the logon process.

So if you like a plain desktop, its not necessarily what Microsoft thought was the case.  One of the reasons why you might face the issue of delayed logons can be that you have chosen a solid color for your desktop.

see the following link for more details and a hotfix.

http://support.microsoft.com/kb/977346

NPS Setting for SafeWord 2008 with Cisco Router

When using Aladdin SafeWord 2008 with RADIUS authentication installed on Windows Server 2008, Network Policy Server (NPS) needs to be configured for RADIUS authentication with the router as RADIUS client. For Cisco routers the following authentication settings will work.

Unfortunately the documentation for Aladdin SafeWord 2008 does not provide the following steps, so I decided to put it here for anyone who can benefit from it.

After you have installed SafeWord 2008 successfully, made sure all SafeWord services have the startup type – Automatic and have activated it. Now its time to work on RADIUS Authentication, following steps describe the complete process:

1. Open Start --> All Programs --> Aladdin --> SafeWord --> Configuration --> IAS Agent Configuration
   Under Authentication Policy click on Groups and make sure the following options are selected.
2. Steps below are for NPS settings
   * Open NPS Console, Right Click RADIUS Clients and select New RADIUS Client option
   * Provide following details based on your environment.
   
   
3. Go to Policies --> Network Policies (Right click and choose New) and Follow the snapshots below
   
   
   
   
   
    
   Authentication methods are very important
    
   Click next in all the windows after this and finish at the end.
   
4. Make sure that this newly created Network Policy is on the top and if you want disable all the other listed network policies by default.
5. No need to touch the connection request policy already there.

That's it!! NPS authentication with SafeWord 2008 should work fine now.

So-called GodMode in Window 7 !!! I call it AdminMode.

I don't like the idea of calling a cool shortcut or trick “GodMode”. However as you might have guessed, I like the trick itself. I would call it “AdminMode” because that's what it is.

In Windows 7 you can create a new folder anywhere with the following name

AdminMode.{ED7BA470-8E54-465E-825C-99712043E01C}

You can change “AdminMode” to whatever you want to name the folder. After the folder creation is complete you will see it listed as following.

When you double click it, you will see a list of commands which are either well hidden or require a few clicks to get to. With the help of AdminMode you get easily access all of these cool features at one place. What's even more great is that you can create a shortcut by right clicking any option and choosing create a shortcut, it will place a shortcut on your desktop.

Enjoy Windows 7 !!!!

Users cannot logon to the Terminal Server

When users try to logon to the terminal server they get the following error

Insufficient system resources exist to complete the requested service

or their sessions just drops during the login process without any errors.

In this case one of the reason could be that your terminal server is handling the memory usage correctly.
check the event log to see if you can find event 1500 and event 1508 for each unsuccessful logon attempt.

if yes then use the following method:

To resolve this problem, modify the registry to increase the PoolUsageMaximum value and the PagedPoolSize value. To do this, follow these steps:

1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following registry subkey:

   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management

3. On the Edit menu, point to New, and then click DWORD Value.
4. In the New Value #1 box, type PoolUsageMaximum, and then press ENTER.
5. Right-click PoolUsageMaximum, and then click Modify.
6. In the Value data box, type 60, click Decimal, and then click OK.
7. If the PagedPoolSize registry entry exists, go to step 8. If the PagedPoolSize registry entry does not exist, create it. To do this, follow these steps:
   1. On the Edit menu, point to New, and then click DWORD Value.
   2. In the New Value #1 box, type PagedPoolSize, and then press ENTER.
8. Right-click PagedPoolSize, and then click Modify.
9. In the Value data box, type ffffffff, and then click OK.
10. Exit Registry Editor, and then restart the computer.

source: http://support.microsoft.com/default.aspx/kb/935649