Showing posts with label Administrator. Show all posts
Showing posts with label Administrator. Show all posts

Thursday, September 19, 2013

Lets talk about what SOE and GPO's are...

The first comment I got on my blog was from Niall Brady on Twitter  - who runs windows-noob.com - suggesting to explain what SOE and GPO's are, and although its not as fun as documenting technical solutions, he does have a good point, lets start with the basics.

Lets first start with defining SOE. SOE stands for Standard Operating Environment and as it is very well explained on Wikipedia, this refers to "a standard implemantation of an Operating System and its associated Software".
Basically, in my own words, it is a concept in which a standard is established to ensure that a given class of devices (Desktop, Servers, Laptops, Mobiles, Virtual Desktops, ... ) get the same standardized configuration of their respective Operating System and basic components ( i.e.: Flash player, Adobe Reader, Email client, Web Browsers, Office, ... ). Depending on the thickness of the SOE many or fewer basic components are included in the SOE image.

Now, lets talk a bit about GPO's, GPO stands for Group Policy Objects and those are used to configure and enforce given settings (aka. policies) in the Operating Systems and applications.
Policies can be enforced locally for devices that are in Workgroup in which case Local GPOs are used; or centrally for devices that belong to a domain in which case we simply refer to them as GPOs.
By enforced we understand that a user is not able to modify the setting put in place by the GPO and even when using work arounds - like modifying the registry - those settings are re-applied on the next GPO refresh cycle or when the device is restarted.

With Windows Vista/Server 2008 Microsoft also introduced Group Policy Preferences which gives the flexibility to set prefered settings but give the users the option to change those to their liking.

By using SOEs and GPOs in a domain environment devices can be administered centrally, The user experience and company policies can be set and globalized.
In a Workgroup environment they can be used to harden the security of  a pool of computers or simply set a standard however those devices cannot not be centrally managed.

Microsoft has also developped a number of tools that helps implement the concept of SOE's on large scales such as MDT (MS Deployment Toolkit) to capture and deploy Standard Images of a given Operating System; SCCM and the whole System Center suite which includes the same functionalities as MDT with many added features such as Software and Patch deployment and administration, reporting, ... Other vendors are also providing platform administration solutions BMC, Altiris, Landesk, ...

Well, that's it for today, I hope you enjoy the article and I look forwards to getting some comments !

Posted by at No comments:
Labels: , , , , , , ,

Wednesday, September 18, 2013

Windows 7 Help and Support not working in online mode

Recently I came across the following issue:

On Windows 7 in Help and Support (Press F1 on the desktop), when switching to Online Help, the following warning appeared:


"You're not connected to online Help, which shows you our latest content. Check your Internet connection, and then try to connect to online Help again. If you still see this message, the online Help service might be temporarily unavailable."


At first I thought this was a proxy issue since the same image was working well in my lab.
I tried setting up the winhttp proxy using netsh but without luck.

Next I thought it was a firewall issue and checked which TCPView what process and what port Help and Support was using on a working machine. But again it could not be the firewall as the remote port used was http.

I ended up building a Workgroup machine on the customer domain, then joined it to the domain and added it to an OU where I blocked GPO Inheritance. Help and Support online was actually working....

After linking our GPOs with IE8 settings to my test OU - Help and Support stopped working so here was the root of the problem.

By gradually modifying the Group Policies settings that were "Enabled" and "Disabled" to "Not Configured" and trying to reproduce the issue, the problematical setting came to the light....  Drum rolls ...

 Windows Components/Internet Explorer/Security Features/Mime Sniffing Safety Feature

 The fix for us was to add HelpPane.exe as an exception to this feature.
This can be done either by adding a REG_DWORD value for HelpPane.exe and set it to 0 under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_SNIFFING


 Or to apply the same change through Group Policies.

That's it for today, hope you find it usefull.
Posted by at No comments:
Labels: , , , , , , , , , ,

Introduction

Welcome to my first post on my first blog.

My name is Manuel and I have worked my way up from being a Service Desk analyst to Remote Support, level 3 application support and today SOE and GPO engineer.
I really like my current role as I come across a diversity of technologies, issues and people to work with.
I also really feel that I would like to give back to the Internet community that provide me with every day solution for my work by sharing their knowledge.

Therefore, I am undertaking the task to document some of the how-to's, fixes and best practices I use in this blog. I hope you enjoy it and look forwards to reading your comments.

So here we go ....

And for those who would like to know more on what SOE and GPO's are, here is an attempt to explain it a bit.
http://theplatformadmin.blogspot.co.uk/2013/09/lets-talk-about-what-soe-and-gpos-are.html
Posted by at No comments:
Labels: , , , ,

Tuesday, September 17, 2013

Some registry entries not working in Group Policies Preferences

Today I came across the following issue.

I added some registry entries in a Group Policy Object to enable the Command bar, Favorite bar and Show the Tabs Below the Address Bar as the default preferences for IE10  users. Unfortunately only my first entry "CommandBarEnabled" was working and appearing on my test machine.





Initially I thought that the issue was with the Action being set to "Update" instead of "Create", but actually the problem was that I had copied the first entry I created and pasted it in the GUI, which appears to work in GPMC but definitely did not work on the machine.

Lesson learned for next time, do not copy GP items even if the GUI allows it.


That's it for today, please leave your comments as I would be glad to read from your experience too !!


Posted by at No comments:
Labels: , , , , , ,
Subscribe to: Posts (Atom)