Friday 27 May 2011

Deploying Drivers

Have you ever just finished building a load of PCs, to have someone come up and ask for some dodgy piece of hardware to be installed on all PCs, and the drivers required are unsigned, and aren't pre-packaged in an easily deployable silent package or MSI. Or you've been given some dodgy new hardware (you know the companies I'm talking of), to install.

Well its easier than you think to deploy drivers as either a script or as part of an MSI package. I am assuming that you, the reader, are capable of writing a script and/or creating a suitable MSI, so I will not insult your intelligence by giving you a completed script/msi. If you're anything like me (God help you if you are!) you'll learn better by doing, rather than seeing.

Anyway, by using a small executable provide by Microsoft, DPInst.exe, available as part of the Windows Driver Kit (WDK), Download available here, we can indeed make drivers available on any windows OS system, to be installed as and when needed.

Once you have download and installed the WDK (btw you only need to install the tools part), you can find different architectural/language versions of the DPInst.exe in C:\WinDDK\7600.16385.1\redist\DIFx\dpinst (assuming you install to the default location, and the version number hasn’t changed since writing).

Place the correct version of DPInst.exe in with your driver .inf files. If you were to run the dpinst.exe now, you would be presented with a wizard for installing the drivers onto the system. If you were to step through the wizard, it will complete, but it will only be successfully if the drivers are signed.

However, that’s not what we really want, we need no user interaction at all, and we need to be able to install unsigned driver*. To install any drivers without the end user noticing, call the DPInst.exe with the following commands:

/Q  - This is for quiet install with no user interaction,
/LM – This is for unsigned drivers.

Now the drivers are installed, or technically they are made available to be installed when the hardware is connected. Now if your drivers are signed that is the end of the story, however, if like me, you have been given a host of cheap hardware made in china, with unsigned drivers, you will need to adjust the following 2 Group Policies*:

Computer Configuration>Windows Settings>security Settings>Local Policies>User Rights Assignment:
Policy: “Load and unload device drivers”
Setting: DomainName\Domain Users

User Configuration>Admin Templates>System>Driver Installation:
Policy: “Code signing for device drivers”
Setting: Enabled – ignore

Click here for a full overview of DPInst, and here for a full list of command switches.

* Please note that installing unsigned drivers and/or modifying Group Policy is done at the readers own risk, and the writers of “Thoughts of a Primary School Tech” are in no way responsible/liable for any loss/damage caused to any system(s) by following the instructions provided here. Whilst every effort has been made to ensure this works correctly on any windows system, your milage may vary.

Tuesday 24 May 2011

Adobe Reader 10 cannot open pdf from UNC path

If you have deployed Adobe Reader 10 and get messages saying that your users cannot open .pdf files from a network location the likely culprit is that protected mode is enabled.
You can turn this mode off using a registry edit as below:

Registry Editing Method
Open notepad and paste the following command, when pasted save as a .reg file.

REG ADD "HKCU\SOFTWARE\Adobe\Acrobat Reader\10.0\Privileged" /v bProtectedMode /t REG_DWORD /d 0 /f
 
Alternative Method
If using Server 2008R2 you can set a preference to make a change to the registry for users as below
Open Group Policy Management from Start > Administrative Tools > Group Policy Management


Create a new Group Policy Object


Give the GPO a suitable name
 

Right click and select edit

 
Expand the User Preferences menu option

 
Expand the Windows Settings and select Registry

 
In the blank area in the right hand pane right click and select New > Registry Item

 
Ensure that the settings are to ‘Update’ the registry key, also check that the selected hive is HKEY_CURRENT_USER.
In the Key path enter ‘SOFTWARE\Adobe\Acrobat Reader\10.0\Privileged’

 
Enter ‘bProtectedMode’ into the Value box

 
Change the value type to REG_DWORD


In the value box enter ‘0’

 
Click OK and you are done.
 

This is how the finished registry entry should look.

Tuesday 17 May 2011

Older Smart Boards with Windows 7 x64


Some Smart boards back in the day came didn't want to be that easy and decided to use a "USB-Serial Controller" device to connect to your computer. Now in Windows XP 32bit this came within the standard Smart Drivers you can easily download from SmartTech, but unfortunately with a 64bit operating systems, especially Windows 7, this device commonly is not found within this driver pack and needs to be sourced via a third party.

Luckily with help from a blog from Visible Procrastinations there is a easy solution to this.



Installing a fresh copy of SMART Notebook 10 doesn’t load the drivers for this adapter, and Windows ‘yellow triangles’ the device as an unknown ‘USB-Serial controller’. Reading the technical bulletin, we should be able to install the driver from the original SMART Board ie. D:\STI2303X.inf – unfortunately this is not the case.

Having a look at the properties of STI2303X.sys which is the driver that should be being loaded we find;

* Original File name: USB2SER.SYS
* Product Name: PL-2303 OnlyUSB Link Cable

A quick search on Google and we can acquire drivers from the Prolific support site.;

PL-2303 USB to Serial Bridge (H, HX, X) Installshield Driver Setup Program
Installer version & Build date: 1.3.0 (2010-7-15)
Windows 98/ME Driver: v2.0.0.19
Windows 2000/XP/Server2003 (32 & 64-bit) WDM WHQL Driver: v2.0.13.130
Windows Vista/7/Server2008 (32 & 64-bit) WDF WHQL Driver: v3.3.11.152
Language Support: English (default), Chinese (Traditional), Chinese (Simplified), Japanese
For Prolific USB VID_067B&PID_2303 Only

Now in device manager, right click your problem driver and manually source the inf file from the following directory.

C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\PNP Drivers\HidBoard.inf

And we have a working SMART Board.

Update: Recently I have discovered that the 10.8 version of this software is slightly different in where it stores its drivers. If this solution does not work, try to use the drivers included within the orginal install that are hidden in "C:\program files (x86)\SMART Technologies\Drivers\x64" (or x86 if you're on a 32bit machine). It was just by pure luck I found this worked.

Friday 13 May 2011

Group Policy Setting - Verbose vs normal status messages

During a major roll out of software using Group Policy on a Windows 7 Client System, I had cause to want to know what was happening during the roll out, to see if any software was sticking. To enable more detailed messages on screen (other than "Please Wait") enable the following in an appropriate GPO:

Computer > Policies > Administrative Templates > System > Verbose vs normal status message

This setting displays a number of extra status messages during the start up and shutdown of the computer and when the user is logging on and off. Some of the verbose status messages you will see are (but not limited to):

Software Deployment
Mapping Drives
Playing Logon Sound
Mapping Printers
Applying Power Settings
Stopping Services


You will still see your Applying Computer settings and Preparing Desktop messages however these will be shown for a lot shorter time.

Also by enabling this option end users think that their PC is faster, due the reduced time each message is displayed. It certainly seems to speed it up for me anyway. This is still a handy setting to enable as at the very least will help your IT support troubleshoot log on performance issues.

This setting will work on Windows 2000 and above and it will also show the processing of newer Group Policy Preferences.

Original Source:
http://www.grouppolicy.biz/2009/11/group-policy-setting-of-the-week-2-verbose-vs-normal-status-messages/

Friday 6 May 2011

Removing Items from Navigation Pane.

The other week I happened to be testing the pupil lockdown of Windows 7, and realised that users could access things in the navigation bar that I didn't want them to access. Things like computers on the network, favourites (not IE favourites), Homegroup (which is empty, so is pointless being there) and Libraries.



No problem I thought, it must be a Group Policy I've overlooked...Nope. It seems that microsoft don't want Network administrators to be able to remove these from the end users. Not easily anyway. So I turn to my tried and trusted friend, Bing (You were expecting Google, right?), and found the answers. I provide a quick explaination here, mainly for my own benefit, and the original source is linked at the bottom, there you will also find a way of removing computer from the Navigation Pane, and the pane itself if you wish to go down that route.

To modify items in the navigation pane, you must first give administrator full control to the following registry keys:

For x32 and x64 Systems.
Favourites: HKEY_CLASSES_ROOT\CLSID\{323CA680-C24D-4099-B94D-446DD2D7249E}\ShellFolder
Libraries: HKEY_CLASSES_ROOT\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\ShellFolder
Homegroup: HKEY_CLASSES_ROOT\CLSID\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\ShellFolder
Network: HKEY_CLASSES_ROOT\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder

Additional for x64 Systems Only.
Favourites: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{323CA680-C24D-4099-B94D-446DD2D7249E}\ShellFolder
Libraries: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\ShellFolder
Homegroup: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\ShellFolder
Network: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder

Theoretically administrator accounts should already have full control to these keys, but I found that without doing the above, the items were not modified. It may also turn out that you do not need to add the first set of registry keys for a x64 system, but I have not tested that yet, if I ever get around to it I will update this post accordingly.

Now for adding/removing the items. Please modify the Attribute Values below the above keys as required below:

Favourites On: a0900100 (Default Setting)
Favourites Off: a9400100
Libraries On: b080010d (Default Setting)
Libraries Off: b090010d
Homegroup On: b084010c (Default Setting)
Homegroup Off: b94010c
Network On: b0040064 (Default Setting)
Network Off: b0940064

I made the necessary modifications using a combination of Group Policy (for the registry permissions) and Preferences (for modifying the value), but feel free to make the changes how you feel most comfortable.

The original information found at:
http://www.sevenforums.com/tutorials/38933-favorites-add-remove-navigation-pane.html
http://www.sevenforums.com/tutorials/35627-libraries-folder-add-remove-navigation-pane.html
http://www.sevenforums.com/tutorials/39670-homegroup-add-remove-navigation-pane.html
http://www.sevenforums.com/tutorials/39699-network-add-remove-navigation-pane.html