If you are using roaming profiles in Windows 7, you should probably want to look at a new GPO setting named “Background upload of a roaming user profile’s registry while user is logged on” that (Computer\Administrative Templates\System\User Profiles) which by an interval you specify upload the registry hive for the user logged into the machine. This is in particular good as users tend to become more and more mobile and just bringing the machine to sleep or hibernation. Normally the profile and the registry included are only copied to the network server at user logoff time. Making this settings hopefully keeps customizations done by your users stick, making the users a lot happier.
Tag: Windows 7
Even been in a scenario where users tend to put not only large files but also a large number of music and movie files in a folder which is redirected using folder redirection? Find relief in this new GPO setting which you can use to exclude certain file types from being cached on the client machines. You find the setting in Computer configuration > Administrative templates > Network > Offline files and the setting is called “Exclude files from being cached”. Now only the relevant files will be cached on the client machines, saving space and reducing network bandwidth.
From time to time BitLocker enabled machines enter recovery mode, requiring an unlock to proceed. Sometimes this comes as a surprise to you as an administrator. An example of when BitLocker unexpectedly enters recovery mode could be when installing a language pack as this modifies the boot configuration data (BCDEDIT) making BitLocker automatically go to recovery mode as it thinks this is an attack on the machine. Ask the Core team has created a list of the most common problems with BitLocker entering recovery mode.
Still on vacation for a few more days and just warming up the blog pen for the autumn and winter to come. What’s not better than to submit your best desktop background pictures with the theme “Swedish summer” and the chance to win Windows 7? The competition information is in Swedish but for those of you who wants to know how fabulous Sweden can look like (at least a couple of months every year) :) have a look at the competition gallery.
Deployment Guru Johan Arwidmark wrote a blog post today stating that there is now a hotfix that resolves a rather common problem during deployment, where one after the deployment get to choose the network location although the profile used is the domain profile and the location therefore should be “Work”. The fix has KB article number 2028749.
Something different for a change. For all Swedes out there there is a competition going on where you can win one of five copies of Windows 7 Ultimate Edition. You compete by sending in the best desktop background picture you have and the theme is Swedish nature. More information (in Swedish) here!
So the small but never the less useful tool Volume Activation Management Tool (VAMT) 2.0 has been released. Use it to keep track of your licenses, do activations and much more! Read more on it at the Windows Team Blog.
In MDT 2010 you can enable two settings that during deployment of your machines will patch them automatically using a WSUS server of your choice.
Take a look at your existing task sequence(s) and look for “Windows Update (Pre-Application Installation)” and “Windows Update (Post-Application Installation)” and choose to enable them both or just the latter.
In your customsettings.ini somewhere beneath the [Default] section add the row:
What you see in the score for your Windows Vista and Windows 7 machines, you know the score in System properties and Performance and information tools, really comes from the command line tool “winsat”. To find out some very detailed performance specs on your machine and the specific hardware parts such as hard drive, graphics card, memory and such you can run the command winsat with a number of switches.
For instance “winsat disk” runs performance tests on my disks and present it in detail with read/write speeds etc along with the score on each individual test. Give it a try!
If you think that you have come a far way making sure all users are running as standard users you must stop and rethink. Well, having all users as standard users is very good from many perspectives but with coming challenges your efforts must not stop there. A growing problem is the fact that more and more applications install in the user space, i.e. in the \users\username\appdata directory instead of the traditional “Program files”.
Also Windows 7 contain Windows Installer 5.0 which sports a new feature which makes the software vendors easily make Windows Installer (MSI files) that install software in the user space instead of program files, and thereby not requiring the user to be administrator or even require a UAC prompt for credentials for an administrative account.
The standard users of course think this is great, meaning they after all can install and run for instance Google Chrome without needing to ask that restrictive IT department. From the IT departments view this fact that standard users can install and run applications is a concern.
The answer to take care of this problem is simply the new Windows feature AppLocker. To be honest it is somewhat like Software Restriction Policies (SRP) but whatever bad things you have heard about SRP you can forget about them. AppLocker contains new features that make the implementation and ongoing management very easy compared to Software Restriction Policies. More about AppLocker in the AppLocker walkthrough.