Lilia Gutnik from the Group Policy Team at Microsoft (a.k.a. @superlilia ) recently recorded some video’s with Adam Bomb from TechNet Edge. This video shows a cool new Group Policy troubleshooting tool called GPLogview which is a very useful to decipher those very long and complicated group policy event log’s that Windows give you out of the box.
For more information check out Group Policy Team Blog Article at GPLogView and you can download the tool from from Microsoft Download Center at GPLogView
Microsoft have now released hotfix (KB980356) to resolve an issues with configuring a scheduled task described as “Incorrect start dates are displayed for the scheduled tasks that are deployed by Group Policy preferences in Windows Server 2008 or in Windows Vista”. This issues results a problem with the schedule task being configured to run on the wrong date (e.g. a day early) due to the way “the Group Policy preferences engine handles the date incorrectly”.
For more information check on the issue and for a link to the download go to KB980356
I just discovered that mine and Jeremy’s session will be broadcasted live as a free silverlight streamed session. You can register for the live session at TechEd Live. So even if you are not in the country please logon to see how awesome Group Policy Preferences can be in your organisation.
Group Policy Setting on the week will be taking a break for the next 2 weeks as I will be speaking at TechEd Australia and New Zealand.
If you are lucky enough to be coming to either event then please come to my one or both of Group Policy sessions.
Australia
Session
When
CLI303 – Unlock the Awesome Power of Group Policy Preferences in your environment
Wednesday August 25th 11:30am to 12:45pm
CLI306 – Desktop Security with Windows 7 Applocker, Bitlocker, Forefront End Point Protection
Wednesday August 25th 3:30pm to 4:45pm
New Zealand
Session
When
CLI303 – Unlock the Awesome Power of Group Policy Preferences in your environment
Monday August 30th 4:15pm to 5:15pm
CLI314 – Windows 7 AppLocker/Bitlocker: Configuration and Deployment in the Enterprise
Wednesday September 1st 1:45pm to 2:45pm
I will also be randomly video interviewing people for their Windows 7 Deployment story… So if you have a story you want to share (or you just want to meet me) feel free to send me a message on twitter http://www.twitter.com/alanburchill to catch up…
Virtualization is currently a buzz word and it seems that Microsoft is falling over itself to brand as many products as possible with the “V” word (e.g. Hyper-V, App-V & Med-V). So “User State Virtualization” is the term that Microsoft now uses to describe what used to be call Roaming Profiles and/or Folder Redirection.
The idea is simple… a user can logon to any computer in an organisations and have all their personal files and setting apply to that computer as it was the last time they used a computer. This is really a Win/Win for Users and IT Pros as for a user this is a big time saver as they no longer need to waste time setting up their drives, printers and other personal settings when they have to use another computers. IT Pro’s also benefit when there is an un-expected failure or loss of a computer then they don’t have to go through what could be a lengthily, costly and if not impossible, process of recovering the users data.
Now theoretically User State Virtualization can be totally done with just a Roaming Profile, however this quickly becomes impractical as users often store a LOT of data which can make users profile impossibly large. To get around this Microsoft users folder redirection to essentially redirect parts of a users profile to a file share on a server where it is centrally access whenever they logon to a computer.
Folder Redirection provides a way for administrators to divide user data from profile data. This division of user data decreases user logon times, and Windows downloads less data. Windows redirects the local folder to a central location, giving the user immediate access to their data when they save it, regardless of the computer they are using. This immediate access removes the need to update the user profile.
By redirecting these folders to a server they are only access when needed and therefore very large files do not slow down the profile update process. The obvious disadvantage of doing this is that when a user cannot access the redirected folders (e.g. disconnected laptop users) they lose access to these files. However this restriction is also mitigated by ensuring that the user has a cached copy of these redirected folders.
Below I am going to go through a number of tips and tricks to make sure you get the most out of a User State Virtualization setup in your environment and to ensure that you don’t fall into some configuration traps.
This week setting of the week allows you to prefer a custom logon background image in Windows 7. This setting is called “Always use custom logon background” and can be found under Computer Configuration > Policies > Administrative Templates > System > Logon.
Microsoft brought back the option to easily customise the logon background in Windows 7 as this was previously possible in Windows XP but it was removed with Windows Vista which left people with some pretty messy workarounds.
Once you have enabled this option all you have to do to create the “%windir%\system32\oobe\info\backgrounds” folder and populate it with a backgroundDefault.jpg image and your computer will then use that as the background image when logging on and off.
Note: Some sites will direct you to configured the OEMBackground or UseOEMBackground in the HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background however this setting will negate the need to set this key.
KB2250489 You cannot turn off the screen saver in the Windows Mobility Center when the "Prevent changing wallpaper" Group Policy setting is enabled on a computer that is running Windows Vista SP2
KB2261826 You cannot find a network drive in the "Browse For Folder" dialog box in the GPMC MMC snap-in on a computer that is running Windows Server 2008 or Windows Vista
KB2096902 Virtual machines in a VDI environment are not rolled back as expected if the disconnected Remote Desktop connections on the virtual machines are stopped by Group Policy
KB2254754 You experience a GPO report-generation issue in the GPMC window when you try to generate the report in a localized version of Windows 7 or of Windows Server 2008 R2
KB2258620 You cannot find the "Find Now," "Stop," and "Clear All" buttons in the GPMC snap-in on a computer that is running Windows 7 or Windows Server 2008 R2
KB2275315 You cannot read the GPO in the SYSVOL directory in Windows 7 or in Windows Server 2008 R2 if you enable the "Deny write" permission of the GPO
KB2284538 Apply once and do not reapply Group Policy setting is never applied after the first GPO deployment fails on a client computer that is running Windows 7 or Windows Server 2008 R2