bloggingIT

I found a useful article about some concepts that might help administrators repair, recover or transfer an Exchange Server.

Not sure if it will help with SBS though…

Yes.

Although only half a year for a user such as myself.

As I’m happily dual-booting between Ubuntu and Windows at the moment, it becomes clear that in British Summer Time (BST), Windows and Linux disagree on how the computer clock should be interpreted.

What’s really a nuisance is that I keep staying up an hour later than I intended!

Basically, the problem boils down to how Windows and Unix-based systems interpret the computer’s internal clock. There’s more about this here, including some pros and cons of either system.

Windows takes the local computer clock time, and treats it as a ‘local’ time. That is, the clock matches the time that it should be in the region. Mac and Linux systems treat the computer’s clock as GMT, and then makes any adjustemnts inside the Operating System.

The bottom line is, unless you’re living in a GMT timezone - you’re going to get the time constantly changing as you switch between operting systems on the same computer.

The simplest way to get around this is to ask Windows to use UTC time instead of local time:

Copy and paste the following into a new file called time.reg

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation]
"RealTimeIsUniversal"=dword:00000001

Save the file, and double-click on it. Accept the various warnings that appear.

Once Windows has been rebooted, make sure that the clock is set to the correct time. The time should now settle down as you dual-boot between systems.

Now I’ll be able to go to bed at the right time!

Some grief today as I found that Vista wasn’t behaving with user profiles. Whenever a user attempted to logon, he or she would be greeted with the following popup:

Your user profile was not loaded correctly!

You have been logged on with a temporary profile. Changes you make to this profile will be lost when you log off. Please see the event log for details or contact your administrator.

How annoying is that message when you are the administrator?

Anyway, the event log was equally unhelpful:

Windows cannot locate the server copy of the roaming profile and is attempting to log you on with you local profile. Changes to the profile will not be copied to the server when you log off. This error may be caused by network problems or insufficient security rights.

DETAIL - Access is denied.

What was weird was that some users were creating the username.v2 profiles.

After a bit of trial and error, I realised that the users that had a dynamic roaming profile path (such as %logonserver%\users\%username%) would not locate or create a profile in Windows Vista.

As soon as I replace %logonserver% with the name of a domain controller (\\server1\users\%username%), everything behaved itself.

This is pretty annoying, as I’d have to set up DFS to get around this. In the meantime, I’ve just changed the paths.

There is no evidence to suggest that this is by design, especially considering that using the SET command in Vista shows that the logonserver variable is indeed set.

ARGH!

Microsoft have posted a KB article to manually create ADM and ADMX files which will allow you to manage the search providers in Internet Explorer 7’s Search Box.

This can be very useful for admins who only want certain sites to be searchable across their domain (such as an intranet!)

After when deploying Internet Explorer 7 around your site through a service such as WSUS, there are immediate considertaions that have to be dealt with. The main one being configuring settings for IE7.

It is possible to download the Internet Explorer Administration Toolkit (IEAK), but when dealing with IE7 that has been installed on computers automatically - that’s not what you want to hear.

After installing IE7 on one of our servers, I went to the group policy to see if there were any new settings. As such, the important ones didn’t seem to exist:

• Configure the phishing filter
• Disable the ‘First run’ Page

Obviously, there are a number of settings that administrators would want to take control of.

Thankfully, there are two ways of getting these settings in group policy. The first is to simply install Windows Vista as a workstation and use the Group Policy Management Console (GPMC.MSC) which is bundled with Vista. This has all of the IE settings.

If you don’t have a Vista system, you can download an up-to-date MSI of the Administrative Templates for Internet Explorer 7 for Windows. This will install the inetres.adm file in the specified folder.

To apply it to the machine you are working on (pre-Vista, of course), copy the ADM file to %systemroot%\inf. Run gpedit.msc and navigate to User Configuration > Administrative Templates > Windows Components > Internet Explorer.

Some of the useful settings are:

• Prevent Performance of First Run Customized settings to disable the first run page
• Turn of Managing Phishing filter to enable the phishing filter and configure its actions
• Turn on the menu bar by default to stop people asking you where the menu bar is
• Prevent Participation in the Customer Experience Improvement Program, another default from the first run page
• Moving the menu bar above the navigation bar to put the menu bar in its proper place, above the address bar

Using the group policy configuration is a much more practical way of configuring IE7 than the registry hacks that I’ve seen floating around where people are struggling to find the group policy settings for IE7.

There are there! Honest!

When dropping Windows Vista into an existing network, you may notice some unusual issues that weren’t apparent in Windows 2000 or Windows XP.

The main cause of a headache for me was the new interpretation of the Group Policy settings that Vista utilises.

Because most of the networks that I manage rely on roaming user profiles, it’s not uncommon for me to use folder redirection to redirect the Start Menu and Desktop. These are set so that the user cannot change the contents of these folders, and they specifically show programs that only I allow.

So, all is good. Until Vista came along and the contents of the Start Menu suddenly disappeared. Clicking on the ‘All Programs’ links showed nothing at all. Eeep!

After about 2 hours of searching as to why this might happen, I eventually discovered it was a group policy setting that works differently (and by its interpretation, correctly) to Windows XP.

The setting in question is User Configuration > Adimistrative Templates > Start Menu and Taskbar > Remove User’s Folders from the Start Menu

In Windows 2000 and Windows XP, the setting prevents the user’s profile folders from appearing. This is useful if you are using folder redirection and don’t want the default Start Menu icons to appear. However, Vista includes the redirected folders as excluded, and as such - nothing appears.

The difficulty hunting this down of course is that the group policy results show a successful redirect, which of course is exactly what it’s doing