Friday, July 6, 2012

Quick Tip: Get to the Statup Folders Quickly

Under the Start Menu if you right click on the Startup folder you have the option to explore the currently logged on user's Startup folder or the All Users Startup folder.  Just a quick tip I discovered to get around the OS faster.

Friday, June 29, 2012

Group Policy: Site to Zone Assignment

Adding a URL to an Internet Explorer zone gives you the ability to change the security settings Ineternet Explorer applies to that website. Some websites may require more or les security than what is given through the default Internet Zone.  There are two ways you can add a website to an Internet Explorer zone using Group Policy.  One way is to use policy provided by Microsoft shown below.  A Policy almost always has UI lockout associated with it.  Meaning no user receiving the Site to Zone policy even Admins will be unable to add new sites to IE zones through the UI.  To get around this you could manually add all the sites you need in the different zones and then use Group Policy Preferences Registry Wizard to dig down to where those zone keys are located and have them applied via Preference without the UI lockout.  Below I will demonstrate how most corporations would choose to deploy these sites to zone which is through Policy.

Node: Computer, User
Categorie: Policy
Path: Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page
Setting: Site to Zone Assignment List - Enabled

1) In the Site to Zone Assignment List you can click the Show button and enter in a website under value name.  You have a few options on how to enter a website.  Entering * will set the entire domain into a particular zone.  This will include, and http, https, ftp, or any other protcal for the domain.

Under Value enter a number 1-4 to represent the zone you are placing the site into.

     0 - My Computer
     1 - Local Intranet Zone
     2 - Trusted sites Zone
     3 - Internet Zone
     4 - Restricted Sites Zone


Friday, June 22, 2012

Group Policy: Remove Games Folder for the Start Menu

In the Enterprise version of Windows all included games are disabled by default (Solitaire, Checkers, etc).  You may have noticed the games folder still exist in the Start Menu even if there are no games listed.  Here is an easy way to remove the folder using Group Policy Preferences.  Refer to the screen capture below to see how to create the GPP Folders.

TIP: With GPP use the "Apply once" option under the Common tab when a preference only needs to be processed once per object.

     Path: %PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\Games

Group Policy: Push Gadget Settings

This post will demonstrate how to push settings for currently installed Gadgets such as Weather. 

1)  Open the Weather Gadget and position it in the upper right corner of your screen.  Setup any settings you might want like zip code, opacity, Gadget size, etc.

2) Copy the following file to your deployment share:

     C:\Users\MyProfile\AppData\Local\Microsoft\Windows Sidebar\Settings.ini

3) Setup Computer Group Policy Files Preference similar to the below screen capture.  The file will be copied to the default users profile and therefor any new user will get the Weather Gadget on their desktop along with the proper settings.

TIP: GPP Files will create any folders in the destination path that do not exist. There is no need to create missing folders.

     Source: \\MySCCMServer\Packages\Windows Deployment Files\Settings.ini
     Destination: %SYSTEMDRIVE%\Users\Default\AppData\Local\Microsoft\Windows Sidebar\Settings.ini

Group Policy: Pin Items to the Taskbar

I have seen a lot of posts with solutions to automate taskbar pinning.  The one I choose to work with came from the following link:

This is a well made VBScript that can pin and unpin items from the taskbar.  Depending on the program you are trying to pin you might have to do a little experimenting outside of these blog posts to get it working.  Here I'm going to show a solution that worked for me and my own way of deploying this script over Group Policy for Windows 7 Deployments.

1) Take your final SetTaskbar.vbs script and place in your deployment folder.  Mine is \\MySCCMServer\Packages\Windows Deployment Folder.

2) Recreat the below Computer Group policy Files Preference.  Notice that under the Common tab I checked Apply once and do not reapply.  This Group Policy process only needs to happen once per machine to be effective.

TIP: GPP Files will create any folders in the destination path that do not exist. There is no need to create missing folders.

      Source:  \\MySCCMServer\Packages\Windows Deployment Files\SetTaskbar.vbs

      Destination:  %SYSTEMDRIVE%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SetTaskbar.vbs

3)  Any users who logs on for the first time on a deployed machine will get this VBScript in the startup folder which causes the script to run.  The taskbar links you requested are added or removed and then the script deletes itself.  The script STILL exist in the default users folder waiting for the next new/first time user to log on to run once on a new profile.

SCCM: Rename the Administrator Account during OSD

It is a best practise to rename the local Administrator account if you choose to keep it enabled.  Here is an option for renaming this account during a SCCM Task Sequence.

     CMD Line:  wmic UserAccount where Name="Administrator" call Rename Name="HelpDesk"

SCCM: Name Computer Prompt during OSD

There are a few ways to stage a computer for SCCM OSD.  I will show how I set the computer name during the SCCM OSD without having to prestage the computer in SCCM.  This tip is generally used when your operating system deployments are on site and the IT personnel is going to be in front of the machine.  This may not work as well in a remote deployment scenario as it requires user interaction on the client end and therefor is not considered a zero touch solution. 

1) First we need to create a VBScript which will create an input box and capture the computer name we enter during the OSD.  I have modified the script below (original script author unknown) and added some logic to it that I will explain. 

The script sets some variable and defines what characters are allowed to be in a computer name.  Remember that a computer name can only include the characters a-z, A-Z, 0-9, or a dash.  Next it pops up the input box with instructions and converts the name you enter to uppercase.  If the computer name is longer then 15 characters then SCCM with through a generic error later down the line. Here we verify the name length before moving on.  Next we verify that the computer name contains only valid characters.  If any of these checks are false then the field goes blank and you need to enter a new computer name.  Last, the computer name is saved as a variable OSDComputerName.  This is variable that Microsoft has programed SCCM to check for during a later Task Sequence (I could not find which one but it could be Windows Settings or Setup Windows).  Copy the below script into a text file and name the file SetComputerName.vbs

Note: If you leave the input field blank and click OK and are doing a computer refresh then the original computer name should be used if you also have the Task Sequence capture Windows Setting (This needs to be tested).


Dim objOSD, objRegEx
Dim Matches, Match
Dim strPattern, strInputBox, strReason
Dim boolLength, boolValid

Set objOSD = CreateObject("Microsoft.SMS.TSEnvironment")
Set objRegEx = New RegExp

' Define valid patterns as and character not in (A-Z, 0-9, or -)
strPattern = "[^a-zA-Z0-9-]"

 strReason = ""
 strInputBoxA = InputBox("Enter desired machine name:" & VbCrLf & VbCrLf & "Names must be less then 16 characters, and only include A-Z, 0-9, or -.","Machine Name",,60,60)
 If strInputBoxA = "" Then TemplateQuit(0)
 strInputBox = UCase(strInputBoxA)

 ' Check length - must be less than 16 charatcers
 If Len(strInputBox) <= 15 Then
  boolLength = True
  boolLength = False
 End If
 ' Check character validity
 boolValid = True
 ' Return all matches for invalid characters
 objRegEx.Global = True
 objRegEx.Pattern = strPattern
 ' Generate collection of matches
 Set Matches = objRegEx.Execute(strInputBox)
 ' Check for matches on invalid characters
 For Each Match In Matches
  boolValid = False
Loop While Not (boolLength And boolValid)

objOSD("OSDComputerName") = strInputBox


2) Create an SCCM package that contains only the VBScript we just created.  One of the first Task Sequences should be this Run Command Line with a setup similar to the below screen capture.

     "%SYSTEMROOT%\System32\cscript.exe" ".\SetComputerName.vbs"