Windows 8.1 GPO Setting – How to Disable the Help Tips for Charms during first time login?

Whenever a new user login to Windows 8.1, they will get help tips on Charms as shown on below screen capture. It will go away till user perform once as instructed. This can really be irritating to experienced users. But it can be useful for those new users to Windows 8.

If you are instructed to disable the help tips for charms, you can do so with consideration on whether you want to apply to ALL or certain group of users as follow:

Consideration 1 – Anyone who logon to the Computer may consider to configure following GPO Setting:

Machine Configuration > Administrative Templates: Policy Definitions (ADMX… > Windows Components > Edge UI > Disable Help Tips

Consideration 2 – Target certain user may consider to configure following GPO Setting:

User Configuration > Administrative Templates: Policy Definitions (ADMX… > Windows Components > Edge UI > Disable Help Tips

Note: As of now, I will retain the setting as “Not Configured” as most users in my environment are still new to Windows 8. But after one year later when most people would have been familiar with Windows 8 when they upgraded their home machine, I will set this setting to “Enabled” before users come after me! Cheers!

Windows 8.1 GPO Setting – Why Configure "Search, Share, Start, Devices, and Settings don’t appear when the mouse is pointing to the upper-right corner of the screen"?

Does your user complains to you that the Search, Share, Start, Devices and Settings Edge User Interface (UI) keep appearing every time they try to close a Windows Explorer or Application Windows?

This is the reason why you get this GPO setting under

User Configuration > Administrative Template Policy Definitions (ADMX….  > Windows Components > Edge UI > Search, Share, Start, Devices, and Settings don’t appear when the mouse is pointing to the upper right corner of the screen

Note: This is user configuration policy so that you can target this setting to certain group of users in your environment. And PLEASE discuss with your bosses as many people may be used to move their mouse pointer to the upper-right corner of the screen?

Hope this helps in your planning on deploying Windows 8.1 in your environment!

What is “WinX” or “Charms” in Windows 8.1 and Windows Server 2012 R2 Group Policy Settings Reference Sheet is referring to?

Anyone who tried to view through the newly release excel sheet from Microsoft sharing on the new GPO settings applicable to Windows 8.1 and Windows Server 2012 R2. I believe you will have some questions as I do…

In case you are thinking what are the following settings mean. I am sharing with you on what I have combed through for my usage to buy you some time… Hope you find it useful.

 

File Name	Policy Setting Name (Excel Sheet)	Policy Setting Name (GPMC View)
Desktop.admx	Prevent adding	Note: Unable to find in the ADMX file
EdgeUI.admx	App switching
EdgeUI.admx	Charms
EdgeUI.admx	WinX
EdgeUI.admx
SkyDrive.admx
SkyDrive.admx
SkyDrive.admx
kdc.admx		(Found New Setting that is not Reflected in the Excel Sheet) Request compound authentication
kerberos.admx		(Found New Setting that is not Reflected in the Excel Sheet)
OfflineFiles.admx	At Logoff	Note: Cannot find in ADMX file.
Search.admx	Disable indexing of removable drives	Do not allow locations on removable drive to be added to libraries
Search.admx	Don’t search the web or display web results in Search
Search.admx	Don’t search the web or display web results in Search over metered connections
Search.admx	Set what information is shared in Search
Search.admx	Set the SafeSearch setting for Search
SettingSync.admx	Do not sync Apps
StartMenu.admx	Default	“GoToDesktopOnSignIn” Go to the desktop instead of start when signing in or when all the apps on a screen are closed
StartMenu.admx	Default app	“ShowAppsViewOnStart” Show the Apps view automatically when the user goes to Start
StartMenu.admx	Default search	“DisableGlobalSearchOnAppsView” Search just apps from the Apps View
StartMenu.admx	Sort	“DesktopAppsFirstInAppsView” List Desktop Apps First in the Apps View
StartMenu.admx	Multimon	“ShowStartOnDisplayWithForegroundOnWinKey” Show start on the display the user is using when they press the Windows Logo Key
UserProfiles.admx	User management of sharing user name	Turn Off The Advertising ID

Group Policy Settings Reference for Windows 8.1 and Windows Server 2012 R2 – Missing Details in the Excel Sheet

For those who went to download the excel sheet that provide the list of new GPO settings from the link – http://www.microsoft.com/en-us/download/details.aspx?id=25250

You may need to comb through the whole excel sheet together with test environment to get a full picture of what the settings are.

Following are some that I went to sort out. Hope this will buy you some time.

File Name	Policy Setting Name (From Excel Sheet)	Policy Setting Name (From GPMC)	Scope
EdgeUI.admx	App switching	Turn off switching between recent apps	User
EdgeUI.admx	Charms	Search, Share, Start, Devices and Settings don’t appear when the mouse is pointing to the upper-right corner of the screen	User
EdgeUI.admx	WinX	Prevent Users from Replacing the Command Prompt with Windows PowerShell in the Menu they see when they right-click the lower-left corner or press the Windows Logo Key+X	User
StartMenu.admx	Default	Go to the desktop instead of start when signing in or when all the apps on a screen are closed	User
StartMenu.admx	Default app	List Desktop Apps First in the Apps View	User
StartMenu.admx	Default search	Search just apps from the Apps View	User
StartMenu.admx	Sort	Show the Apps view automatically when the user goes to Start	User
StartMenu.admx	Multimon	Show start on the display the user is using when they press the Windows Logo Key	User
UserProfiles.admx	User management of sharing user name	Turn Off The Advertising ID	Machine

 

Ok… I am still going through the whole excel sheet. Most of the new settings are for Windows Defender that will make it very manageable. But my environment is using McAfee. Guess I can only play it in my test environment!

Unable to edit GPO with settings imported – Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

How I love Monday.

Situation

Scenario today is:

1. Setup a new test Windows Server 2012 R2 Test Domain in Microsoft Virtual Environment.

2. Backup GPOs from existing Domain and convert the Folder containing the GPOs into ISO

3. Mount the ISO to the Virtualized Windows Server 2012 R2 Domain Controller

4. Create new GPOs and Import GPO setting directly from ISO.

5. Try to edit the GPO and….. encounter an error message – “Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

Anyone spotted the root cause? Hahaha… Actually, I encountered this problem before too.

What happened is when ISO mounted in virtual machine is DVD-Drive, right? The files are “Read-Only”…

So, when you import… It took the whole setting over!

Resolution

How to revert? Locate the GPO’s unique ID.

Go to the folder containing the GPO folder. Find the folder that is named after the GPO unique ID.

Under properties of the folder, uncheck “Read-Only” and select “Apply Changes to the folder.. subfolder and files”, and click OK.

Note that after you apply, you may noticed that under the properties page, the check box is marked “Read-Only”. Do not panic, just go and try to edit the GPO now. It should work.

Pointers to Note:

The solution here is target for single GPO issue. If you cannot edit ALL GPOs. The problem may lies with the permission of your SYSVOL. Which I suggest you to look else where for solution.

Group Policy Settings Reference for Windows 8.1 and Windows Server 2012 R2 is released!

The wait is over… The spread sheet that GPO administrator will NEED is out.

Thank You Microsoft!

Please follow the link below to grab it now!

http://www.microsoft.com/en-us/download/details.aspx?id=25250

What to do after you download? HAVE FUN! I am going through one by one again to make sure I do not leave out any of the settings!

Cheers!

Remember to Update Your WMI Filter in GPOs!

Recently, after I successfully deployed a GPO for Windows 8, another of my team-mate told me that 802.1x GPO does not work for Windows 8 machine. So, fun time – troubleshooting begins!

All settings looks fine on the GPOs from GPMC. But I noticed something… the GPO containing the network setting for 802.1x has a WMI filter that targets ONLY Windows 7! So, what does that mean? That GPO will not be applied to the Windows 8 Client machine! Haha!

The reason why it was there initially is to prevent people from joining Windows XP to domain and get the 802.1x settings. Never realised that it will have some impact now after 2 years.

So, after I removed the WMI filter from the GPO, problem solved!

I actually take some time to comb through the whole domain for other GPOs that were applied with the Windows 7 WMI filter.

So, do we need WMI filter still? Yes. we will still need it. And let me take this chance to share with you all on how to prepare the WMI query command string:

First, lets have a quick overview on various common product version / producttype / OSArchitecture Value

Operating System	Version	ProductType	OSArchitecture
Windows XP	5.1%	1	32-bit or 64-bit
Windows Server 2003 (R2 too)	5.2%	2 or 3	32-bit or 64-bit
Windows Vista	6.0%	1	32-bit or 64-bit
Windows Server 2008	6.0%	2 or 3	32-bit or 64-bit
Windows 7	6.1%	1	32-bit or 64-bit
Windows Server 2008 R2	6.1%	2 or 3	64-bit
Windows 8	6.2%	1	32-bit or 64-bit
Windows Server 2012	6.2%	2 or 3	64-bit

Product Type Meaning

Client versions of Windows	1
Server versions of Windows that are operating as a domain controller	2
Server versions of Windows that are not operating as a domain controller (typically referred to as member servers)	3

So for Windows 8 64 bit OS, the WMI query string will be

Select * from Win32_OperatingSystem Where Version like “6.2%” AND ProductType=”1” AND OSArchitecture = “64-bit“

For Windows Vista, Windows 7 and Windows 8 (32 bit or 64 bit), the WMI query string will be

Select * from Win32_OperatingSystem Where Version like “6.%” AND ProductType=”1”

For Windows Server 2012, the WMI query string will be

Select * from Win32_OperatingSystem Where Version like “6.2%” AND (ProductType=”2” or ProductType=”3“)

Hope this helps!

And once again, please remember to update your WMI filter in your GPO! Else when you deploy Windows 8, no GPO will be applied! Cheers!~

How to use netsh command to set the DNS dynamic update configuration for a specified DHCP server

I always wanted to blog about this. At last, I got the time now (after work).

Have you ever been task to configure the DNS dynamic update configuration on hundreds of DHCP servers? For me, yes.

To avoid possible mistake made. Here, I will share with you on how to use netsh command to do it.

The command is as follow:

netsh dhcp server <dhcp server IP address> scope <scope ip address> set dnsconfig A B C D

Refer to the picture below for better understand on what is “A B C D” stands for.

To have setting as above on a server 10.0.0.100 on scope of 10.0.2.0, the command will be as follow:

netsh dhcp server 10.0.0.100 scope 10.0.2.0 set dnsconfig 1 1 1 0

If you wish to disable it. The command will be just:

netsh dhcp server 10.0.0.100 scope 10.0.2.0 set dnsconfig 0 0 0 0

Note: there are space between those numbers for DNSCONFIG!

So, if you have all the IP addresses of your DHCP servers and scope IP address (which you should have!), you can just prepare the command using Microsoft excel or merge this with Powershell script; and you can configure all your DHCP server DNS Dynamic update configuration just from a device with connections to all your DHCP servers!

Hope this can buy you more time to spend with your family! Cheers!

Plan to Implement IPv6 in your Windows Environment?

My environment is planning to implement IPv6 very soon.

Of course, I went to read up on fundamental of IPv6 first. But those documents are purely on network portion. My environment is mainly Windows Server and Client. How?

Glad that I found something online and I feel that for those who are in similar situation as me, go and read up on the article.

http://networkworld.com/pdf/nw-gated/2011/0711-Windows-IPv6.pdf

The topic that interest me and gave me a quick overview on DNS and DHCP are:

• IPv6 Static Addressing, DNSv6
• Setting up DHCPv6 to Dynamically issue IPv6 Address

Hope this article can provide Windows System Engineer some rough idea what needs to be done when there is a need to move on to IPv6 in the environment.

Have a nice Day.

I am not Missing. I had a Stent Placement but I am Back!

I am back after MIA since Sept 2012. The reason is not because I am busy with work but it is due to health issue. I think it is good for me to share my experience here, hope that anyone who read this will take action to take care of their health.

What happened to me? Well, I had a heart artery blockage of 95%!! Since Oct 2012, I cannot walked more than 400m as I will feel chest tight and hands numb. I thought that it was heart burn but i experience the same discomfort for the next 2 days after walking for a distance. I read online and suspect that I have heart related diseases.

Straight away, I went to see a doctor and arranged a treadmill test where the result is positive – my heart was detected not able to function properly at certain load.

For Singapore, to get medical subsidies, we have to go to polyclinic to get referral letter to see a specialist. Else I cannot imagine how much will my medical bill be.

3 weeks after my first visit to doctor and polyclinic, I get to see the cardio specialist at Tan Tock Seng Hospital. That time, my leg started to feel numb after walking a distance and started to swell. The doctor straight away arrange angiography for me as he suspect that I am having heart artery blockage. He gave me priority else it may take months before I get my turn for the test.

1 week later, I went for my angiography and straight away, the doctor identify that I have a 95% blockage at the front heart artery. I need a stent placement and ballooning immediately. Very interesting part is that I am fully awake and able to see the whole operation from the LCD screen during the operation. The doctor first explain to me my condition and ask if they can proceed with the stent placement operation. He also explain to me the cost of the stent – S$3500 (excluding ballooning and other operation fee). And to my shock is that for that better stent, it is not able to be covered by Medisave!! But lucky enough, I have bought hospitalization and critical illness insurance policies.

Anyway, the whole angiography with stent placement plus 3 ballooning took about 1hr plus. After the operation, I am hospitalized for 1 day to monitor my condition before I was discharged.

The whole incident is not over yet. My right hard where the angiography took place swell and have a huge patch of bruise that last for a week! I was not able to move it and apply strength for about 3 weeks!

But one good thing is by 3 week, I tried to went for a stroll and I can walk for more than 400m without chest tight or hand numb!

So… what is the cause of this blockage? I do not drink, smoke nor have cholesterol problem. What the doctor said is because I lack of exercise!! But of course, another factor is stress where doctors will never acknowledge that but it is somehow contributing to this.

So, for past months, I need to go back to hospital regularly for check up, re-hab where they teach me how to exercise properly and what food to eat. On my own, I am trying my best to change my lifestyle – spend 30mins daily to do some exercise (brisk walk) and avoid working for long hour. And… avoid oily and salty food  

Lastly… As per doctor advise, I need to lose 15kg. No choice, as I still have a long way to go. I need to change my lifestyle and maintain it as healthy as possible. Reason is the stent in the artery will increase the chance of blockage if I never take care of my cholesterol and blood pressure.

Oh.. forgot to put down… Guess how much I spent on the operation? Total of S$11,000. I can only use S$2,000 from my Medisave and the rest…. lucky I got my insurance.

Hope for those who read this blog… hope my experience can wake you up a bit on

• Lifestyle – All work but no exercise? Add in at least 30mins of exercise daily where your heart-rate must be at least 100-120. Photo walking is not really a form of exercise! I go for my brisk walk (1km – 10mins is a rough gauge on how fast you need to walk).
• Buy Correct Insurance – In Singapore, please get Hospitalization and Critical Illness Insurance. Do not rely on your company insurance. You cant be working throughout your life! Endowment / Investment Insurance does not cover hospitalization nor Critical illness!
• Regular and Correct Body Check Up – ECG is not reliable. Imagine my condition, ECG cannot detects. You may want to go for Treadmill or Stress Test for more reliable body check up.
• Eat Healthy – Eat less Oily and Salty Food. See, even I may not have Cholesterol issue, I got the heart artery diseases.

Ok! dinner time.. Good Day!  

Some photos for you all to see.. See if you can see where is the blockage~ The photo is before my stent placement.

The photo below is after the stent placement and ballooning. Can see the difference, right?

Boys and Girls… take good care of your health~