Tag: MDOP

Today I held a presentation at the Swedish System Center User Group client day on topic Microsoft User Experience Virtualization (UE-V) and its integration in ConfigMgr 2012 R2. Great to see such interest in UE-V! Afterwards, the most common question I got was “Does UE-V roam email signatures for Outlook?”. Well, the answer is yes, but there is a big “BUT”!

UPDATE May 14th 2014: UE-V 2.1 (currently in beta) include a template fix for this for Swedish and Dutch but still there might be issues for other localized versions of Office. If you are still on UE-V 1.0 or 2.0 you find a UE-V template for roaming the Signature for Swedish Office at TechNet Gallery.

UE-V does roam the email signature but you have to manually set the signature as default in Outlook options > Mail > Signatures when logging into another machine or after reinstalling your own machine. And, there is an issue if you are using a localized version of Office. First an example of how the Outlook email signature is actually roamed when switching to another machine, but note that you must choose to make the email signature “active” on the other machine.

So this is in Office 2010 on a Windows 7 machine. Note that I have set this email signature to be active for new messages. 1980110714567

And after logging onto a Windows 8.1 machine, the email signature did roam with me, but I as a user must make the email signature active by selecting it in the drop down list for new and/or replied or forwarded messages.

Problems with the default templates for localized Office versions

If you are running a localized version of Office you must manually update the UE-V templates to accomodate for localized folder names. The rule as specified for roaming the Outlook email signature in the UE-V template file MicrosoftOffice2010Win32.xml defines the following:

<File>
<Root>
<EnvironmentVariable>APPDATA</EnvironmentVariable>
</Root>
<Path Recursive="true">Microsoft\Signatures</Path>
</File>


This will save and roam all files (email signatures) in the users %APPDATA%\Microsoft\Signatures folder. The problem is that on a machine with a localized Office version, the email signature folder located in C:\Users\<username>\AppData\Roaming\Microsoft is not called “signatures” but instead localized to “signaturer” (as I am running a Swedish installation of Office).

If you  have followed UE-V best practices and put your template files in a network share pointing that out using the UE-V GPO settings, you can just go ahead and edit the template file in the network location replacing “Signatures” with “Signaturer” in my example and the UE-V agents in your environment will by default pick up the new settings within 24 hours.

This behavior is the default for both UE-V 1.0 (with SP1) as well as the coming UE-V 2.0 (which is now in beta). Note that changes might occur before UE-V 2.0 is released.

UPDATE September 25th 2013: Microsoft has posted a KB article which explains more about why the mail signature is not set as default/active when roaming, see http://support.microsoft.com/kb/2889499/en-us.

This guide will take you through the necessary steps to create a DaRT 7.0 installation locally (replacing WinRE) and not having the user need to enter the password for a local administrator account before having the remote connection start. Basically this means that a user can press F8 during boot and choose “Repair your computer” and have someone remotely taking control over their machine and fixing problems which previously required physical presence of IT staff.

Note: There is information on how to do this in official MS documents for DaRT 7.0 but you have to do a lot of reading between the lines so I wanted to take the moment to do a complete documentation on how to accomplish this.

Background on WinRE and local admins

Some basic information about WinRE is that whenever you start WinRE (and that includes DaRT 7.0) when it is located on the machines disk it will always ask you to supply a local admin account information. This is not the case if you boot WinRE or DaRT from USB, DVD, CD or via PXE boot, then you do NOT have to enter a local admin account to gain access to the system. Potential security issue here I might add.

Step by step solution

The dilemma with DaRT and remote connections is that we cannot in most cases let the users know the password of our local administrator account so what we can do is to start the remote connection as soon as possible when DaRT boots. So here is what you need to do to achieve this:

1. Go through the DaRT Recovery Image wizard and create your DaRT.iso. Then extract this ISO file and copy boot.wim which can be found in the sources folder to C:\DaRT and rename it to winre.wim.

2. Start a cmd.exe with administrator privileges.

3. Create a folder called C:\DaRTmount

4. Run the following command (on one line and with no space between “mount-” and “wim”:

dism /mount-wim /wimfile:C:\DaRT\winre.wim /index:1 /mountdir:C:\DaRTmount

5. From the same command prompt, type “notepad” to start Notepad and then browse to C:\DaRTmount\Windows\System32 and open winpeshl.ini. Make sure that this is entered into the winpeshl.ini and then save the file:

[LaunchApps]
"%windir%\system32\netstart.exe -network -remount"
"cmd /C start %windir%\system32\RemoteRecovery.exe -nomessage"
"%windir%\system32\WaitForConnection.exe"
"%SYSTEMDRIVE%\sources\recovery\recenv.exe"

6. When the file is saved make sure that you have closed notepad and also all instances of Windows Explorer (yes, the following command might fail if you have Explorer windows open) run the following command:

dism /unmount-wim /mountdir:C:\DaRTmount /commit

7. After the image has been saved you need to replace the existing Windows recovery environment with your customized DaRT installation.

8. Start by making sure that you show hidden and operating system files (via Windows Explorer – Organize – Folder and search options – View).

9. Go to C:\Recovery (if you get “access denied”) you need to modify the access control list, add your account or everyone full control to this folder.

10. Now scroll down the folder structure until you reach where winre.wim is located. Now copy your modified winre.wim from C:\DaRT to this location. Remember to set the ACLs back on the recovery folder when you are finished, that is if you modified them.

11. Test by booting the machine and press F8 just before Windows starts loading and you will get “Repair your computer” option. Choose that and see how the Remote Connection is started along with the prompt for local administrator password, giving your users a chance to let you connect and then giving the IT staff enter the password.

12. Done!