Category Archives: Microsoft

Enabling Flash for IE11 on Windows 2012 R2

The VMware vSphere web client requires Flash 11.5. I’ve noticed some issues with certain versions of Chrome and IE11 on Windows 2012 R2 not being able to open the web client due to either a missing or incorrect Flash version. Luckily, enabling the built in flash player for IE11 is an easy process.

Continue reading

Horizon View Client DPI Scaling

I recently ran across an issue with the Horizon View client, on a Surface Pro 3, where the icons and text were so small they were unreadable. I tried the usual fix of checking the disable display scaling on high DPI monitors checkbox, but to no avail. This check box has helped in the past, but isn’t fixing the issues with VMware Horizon View client.

VMware has a registry key that can be added to fix this issue once and for all. This key only works with the 3.4 version of the Horizon View client and enables an experimental DPI Scaling feature.

KEY: HKCU\software\vmware, inc.\vmware vdm\client
Value:  DWORD:  EnableSessionDPIScaling 1

1 = on
0 = off

With this key added, when you connect to a desktop, the screen scales properly.

Adjusting Windows 7 DPI Settings via Registry

In Windows 7, Microsoft has provided us with an option to adjust the size of icons and text on the screen. Normally this is accessed by going into display properties and choosing smaller, medium or larger. These settings are commonly disabled by policy so users cannot adjust them.

Display Settings

Even with these options disabled, these can still be adjusted per user via the registry or Group Policy Preferences. The registry key is applied at login, so the user will need to log off and back for the change to take effect.



 

Key: HKCU\Control Panel\Desktop   
Value:  DWORD: LogPixels
Smaller (100%) = 96 (decimal) = 60 (HEX)
Medium (125%) = 120 (decimal) = 78 (HEX)
Larger (150%) = 144 (decimal) = 90 (HEX)

Setting Windows 7 Best Performance Settings in Parent Image

Windows 7 (along with other versions of windows desktop operating systems) offer the ability to adjust visual affects to help the performance of the operating system.  These settings can be changed in Advanced System Settings –> Advanced tab –> Performance settings and also via the registry.

When setting via the registry, it requires a logoff and re-login for the changes to take affect (or API calls), which in the non persistent VDI world causes some issues.  If setting via group policy, there’s a few keys to adjust in HKCU, but these keys need to be loaded at logon, or the theme and/or windows explorer need to be reloaded.  Luckily there’s a much more elegant way to set these in a parent image without changing the default user.

Continue reading

Disabling Signatures in Outlook 2013

In Outlook 2013, disabling signatures with Group Policy doesn’t work the same as in previous versions. The group policy setting disables adding/updating/deleting new and reply signatures, but leaves the toolbar button active to add an existing signature that was already in place.  In this post i’ll go over how to disable signatures via group policy and how to disable the toolbar button as well.

To disable signatures via group policy, first step is to load the adm or admx templates for outlook.  Once those are loaded, go to administrative templates, Microsoft Outlook 2013, Outlook Options, Mail format.  Under mail format is an option titled “Do not allow signatures for e-mail messages”  Enable this setting and signatures will be disabled for any users this GPO is applied to.  In previous versions of outlook this was all that was needed.  In Outlook 2013, this leaves the button in a new email message active so any existing signatures can still be added.

Continue reading

New Powershell REST API Module for XtremIO

An EMC SE has recently published to Github a powershell module for making REST API calls to XtremIO arrays. The module greatly simplifies leveraging these API’s.

Manually this task includes setting the username and password, converting them to the proper format, setting the headers and than finally making the REST API calls.

An example of this look like the below code. A few pieces are left out from this example but this is the basics.

$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($pass)
$password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
$EncodedAuthorization = [System.Text.Encoding]::UTF8.GetBytes($username + ':' + $password)
$EncodedPassword = [System.Convert]::ToBase64String($EncodedAuthorization)
$headers = @{"Authorization"="Basic $($EncodedPassword)"}

$baseUri = "https://" + $ip.IPAddressToString + ":443/api/json/types" 
$xCluster = (Invoke-WebRequest -Uri $baseURI/clusters/1 -Headers $headers).content
$xCluster.content

With this new powershell module, this gets simplified to be straightforward one-line commands from powershell

Get-XtremClusterStatus
Get-XtremVolumes
etc...

Make sure to take careful note of the task to import the certificates from the XMS for each array you want to query. If this step isn’t completed correctly, you will receive errors back from powershell that may leave you scratching your head.

It is also requires a minimum of powershell v4

Check out the Git page for more examples and to download the module at the link below

xtremlib

Whitelisting and Blacklisting Sites in Chrome Via GPO

The Google Chrome browser has Group Policy extensions available for managing computer and user settings for the chrome browser via group policy.

These settings include enabling/disabling default browser prompts and settings, controlling password manager, chrome apps settings and numerous other items.

The ones we’ll look at today are whitelisting and blacklisting websites via GPO.

To start, make sure you have the Chrome admx and adml files downloaded. They can be downloaded from Google:

http://dl.google.com/dl/edgedl/chrome/policy/policy_templates.zip

This zip contains HTML listings of the policy settings, linux templates and windows templates. The windows templates come in two flavors. adm and admx. For the admx template:

Copy chrome.admx to SYSVOL\domain\Policies\PolicyDefinitions\ 
Also copy the appropriate adml language file to the subfolder for your language

Chrome processes policies in the order of Machine –> User –> Chrome

When you launch Group Policy Management Console, and edit a policy, expand Administrative templates under either user or computer configuration and you’ll now see a folder titled Google. When you expand this folder, there are two options. Google Chrome or Google Chrome default settings. The defualt settings allow you to set default settings but allow end user over riding of these policy settings.

The other option enforces the settings defined in the policy with no ability to override.

In the Google Chrome policy, there are two options related to white listing and black listing of sites. They are “Block access to a list of URLs” and “Allow access to a list of URLs”. Both of these settings are available at the user and computer/machine level.

These settings take a list of urls or can take the wildcard *

To block all sites and only whitelist the ones you want, set “Block access to a list of URLs” to enabled and add * to the list.

Next, go to “Allow access to a set of URLs” click enable and add the sites you want to the list.

Example: 
 https://www.google.com
https://translate.google.com
etc...

In the background, these are setting registry values at the following locations:

SOFTWARE\Policies\Google\Chrome\URLBlacklist 
SOFTWARE\Policies\Google\Chrome\URLWhitelist

These are added as strings in numerical order.

1 REG_SZ https://www.google.com 
2 REG_SZ https://translate.google.com

Once you have the settings how you like them, close the editor,complete any other GPO related tasks such as security filtering and attach to the appropriate OU.

Now you have Chrome filtered to only allow whitelisted sites or whatever combination of whitelisted and blacklisted sites you desire.

Adjusting MTU Size on Windows 7 / Windows 2008

I recently ran into an issue with ping and trace route succeeding but RPC failing to certain servers. I noticed some interesting items in packet captures which prompted me to try pinging with different MTU sizes.

To start, lets look at the MTU size currently configured.

 #netsh interface ipv4 show interface
Idx     Met         MTU          State                Name
---  ----------  ----------  ------------  ---------------------------
 10           5        1500  connected  Local Area Connection

We can see that the connected interface has an MTU of 1500 bytes.

Since a normal ping only sends 32 bytes of data from windows, we send pings with a configured size

 
#ping -l 1500 192.168.1.1

Pinging 192.168.1.1 with 1500 bytes of data:
Request timed out
Request timed out

To figure out the packet size that will work, we just keep lowering the MTU until we find the highest MTU that responds

#ping -l 1450 192.168.1.1

Pinging 192.168.1.1 with 1450 bytes of data:
Reply from 192.168.1.1: bytes=1450 time<1ms TTL=64
Reply from 192.168.1.1: bytes=1450 time<1ms TTL=64

Now all that is left is re-configuring the MTU size on the interface to this new MTU size. For the MTU size, we use the number from the previous step plus 28. This additional 28 bytes is to account for IP and ICMP headers. For the example above, we will use 1450 bytes plus 28 bytes

#netsh interface ipv4 set subinterface 10 mtu=1478 store=persistent
Ok.

After this, RPC communications were restored.

Checking DFS-R Backlog

When using DFS-R, the replication groups occasionally get out of sync. Microsoft includes built-in tools to help check the backlog of files and state of DFS-R

To check the backlog, open a command prompt as administrator and run the following command: Continue reading