Tuesday, 25 September 2012

No Policies Applying, Temporary Login, Windows 7

No Policies Applying, Temporary Login, Windows 7 x64/x86

You have been logged in with a temporary profile..  even though the user in Active Directory (AD) is setup correctly and the NTFS/Share permissions are also.. setup correctly.

Whats going on? Hopefully this post will help.

Applies to: Windows 7 x86/x64, Windows 2008R2 Domain

Symptoms

  • No Group Policies have applied to the profile
  • No Mapped Drives/Printers
  • No Preferences Applying
  • Admin (like) control of the machine, no restrictions set
  • An explanation mark (!) in a blue circle appears in the system tray
  • A balloon appears/tries to appear notifying the user that they are logged in with a temporary profile
  • The login is way too quick.
  • If you log out and log back in sometimes the profile works fine, sometimes it logs back in again as a temporary profile. 
  • The issue is intermittent with little/no pattern, sometimes does it, sometimes it does not. Not machine specific, not user specific.
  • If you wait for a few seconds before logging in, the chances of the profile working correctly improves.
  • Occurs more often on wireless devices than wired, but isn't limited to wireless.



Reasons

When Windows 7 was the new big thing, Microsoft had a page about all the cool new features of their brand new operating system.  There was one feature (which unfortunately I have forgotten the name of) but it boasted about priority, fast logins.  Essentially, it meant that if Windows 7 noticed there would be a delay in the logging in, it chose to prioritise just getting the user to the desktop rather than waiting to ensure the login was correctly done.

This is what you are encountering.  Some networks, particularily wireless ones take that little bit longer to establish a new IP address, down to poor signal strength or just generally the type of wireless card you have in your device.

So when a typical user, types in their username and password within seconds of the machine first booting, the chances are the computer hasn't yet got an IP address or stable connection with the server but still attempts to log them in regardless.  Windows 7, realising that there is a networking issue, rather than saying to the user, "Please wait a sec, I haven't fully established a trust with the server", it simply goes, "oh who needs a server, I know your credentials are correct, thats all I basically need, heres a desktop", perfect if you are a home user, really annoying if they are domain user.

Resolutions

Nice and Easy, theres a group policy for it.  Inside that needle in a haystack database there is a policy that ensures the computer (regardless of whether its wireless or not) will make sure the user will not be able to login until a stable connection is first established.

Located Here

Windows Server 2008R2
Computer Configuration -- Policies -- Administrative Templates -- System --  Logon

Windows Server 2003R2
Computer Configuration -- Administrative Templates -- System -- Logon

Policy Name

Always Wait For The Network At Computer Startup And Logon

Set to: Enable



How it works

This is a brilliant policy when applied as it ensures that when a computer is loading up and a user attempts to login the second they can type, it overrides the client operating system's decision to prioritise getting the user to the desktop. 

All policies will therefore come down to the client and apply to the user and computer, thus ensuring that their logins are correctly redirected and their resources (shared areas and Printers) are correctly applied in accordence to your ICT policy.



I hope this helps you all out, I understand that Windows 8 is out soon but for those looking to upgrade to Windows 7, this is a small bug i'm sure you will come across.

It is easy to ignore when testing as when it happens you log off and you log back in and it all seems fine, but bear in mind, you are a technician, you use computers in the way they should be used.  True testing comes from the end user and not the ICT department.

I'm happy to help out anyone with any more issues in relation to this, just leave a comment below.  Additionally, any other fancy features you may of found in the GPO Needle in a haystack database, which you feel will help optimise Windows 7's logging in speed and/or reliability, never hesitate to post a comment, we are all on the same team here, all help is much appreciated.

Speak to you all soon,

The ITMagician

Monday, 17 September 2012

Restart Pending? But I've restarted!

Cannot start/begin installation due to restart Pending on your machine.

Applies to Windows Vista, 7, Server 2008, Server 2008R2

This is an annoying issue.  You've recently uninstalled something or you've just updated the machine with the most recent windows updates, whatever the reason, you cannot install something because apparently, even after several restarts, the computer still wants a restart..

Nice and simple (and you don't even need to do another restart). 

Go to Run, type Regedit.

Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager

Look for the key PendingFileRenameOperations

Right Click and edit.

See that list of random stuff in there, that's the stuff that is stuck "pending for install" and fails to remove itself once you have.

Highlight it all, Delete.

Press Ok and leave the registry.

Now, restart your software install.  Hopefully, fingers crossed, you should be pleasantly surprised that you can now start your installation successfully.

Keywords
Exchange 2007, 2010
System Center
DPM Data Protection Manager
SCCM System Center Configuration Manager
SQL Server 2008 R2, 2012
                     

Monday, 20 August 2012

Windows 8 ADK (The new WAIK)

Yes folks, Microsoft have updated their tools for working with windows images.

What was once known as the Windows Automated Installation Kit has now been merged with more utils and is now called the Assesment and Deployment Kit.

A quick look on Microsofts site only seems to proveide a bootloader to install from the internet however if you run this file you are presented with the option to download the files for offline installation.

Be warned though its a biggie coming in at around 3 and a bit Gig.

It can be downloaded from here

Tuesday, 14 August 2012

Brother HL-5350DN reset and default web admin password

We encountered a Brother HL-5350DN printer today with no user display, after resetting the device to factory settings

  • Power off the printer
  • Hold the GO button while powering on the printer
  • All LED's will light up, keep holding
  • When the Status LED goes out release the GO button
  • Press GO 6 times


we needed to use the web interface to set the IP address, the acces details are below

Username = admin
Password = access

Wednesday, 1 August 2012

Creating a more useful Powershell prompt

 

 

As Microsoft are moving more and more functions for their products to be Powershell aware, we are starting to use PS more than VBScript in our daily lives. Although I often use Quest’s Powergui for my coding as the watches built into the interface make debugging easier, I do also make use of the Powershell itself, in these instances I have to import the relevant module manually, by editing your PS profile you can make these tools available every time you click on the little blue icon.  This walkthrough will install the Active Directory and Exchange tools.

 

Here are the steps to achieve this.

 

1. Create a profile (If you don’t already have one)

New-Item -Itemtype file -path $profile -force


2. Edit your profile with notepad

notepad $profile

3. Add the following code

import-module activedirectory

Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
. $env:ExchangeInstallPath\bin\RemoteExchange.ps1
Connect-ExchangeServer –auto

4. Save the file and re-open Powershell

 

You will now have a Powershell which loads the AD and Exchange tools by default.

Sunday, 29 July 2012

WMI Filters for Windows Operating Systems

For those of you wanting to filter your GPO's by OS here are the filters we use. The filter works against the root\CIMV2 namespace


Windows 8

Select * from Win32_OperatingSystem Where Version like "6.2%" and ProductType = "1"


Windows 7

Select * from Win32_OperatingSystem Where Version like "6.1%" and ProductType = "1"

Windows XP

Select * from Win32_OperatingSystem Where Version like "5.1%" and ProductType = "1"

Friday, 4 May 2012

PXE-E32 Error

If you get a PXE E-32 error on your client when using WDS on a 2008R2 server then it is due to DNS stealing a port which WDS needs, this will probably happen following an update.


It can be fixed however with a little tweak in Regedit,


Navigate to  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WDSServer\Parameters

Change the value of  UdpPortPolicy to 0, close Regedit

Restart WDS on the server.


This should allow you to PXE boot properly again.


Thanks to sted over at the edugeek forums for this fix.

Wednesday, 2 May 2012

Editing MDT 2012 Lite Touch Wizard Screens


At work we are still deploying Windows XP due to a need for our customers, we have automated the installation to a large extent however the biggest bugbear we have had is the need to select a task sequence and then to click next before giving the computer a name.

Here you can see where we are going from and to

Here is the original Task Sequence selection screen

Followed by the Name your computer screen


Followed by our modified screen which combines both Task Sequence and computer name into one pane.


We are aware that by prestaging machines we could avoid this issue however for our needs this would be overkill and an additional time overhead, what we wanted was the ability to unbox and name machines then walk away.

While poking around I found that the wizard you navigate around when using the Lite Touch Deployment is controlled using a collection of xml and vbs scripts, these are stored in the deploymentshare\scripts folder.

With a bit of copying and pasting between files I have been able to put the boxes for computer name and task sequence selection into a single pane, as we have used the deploymentshare rules settings to skip the other pages it means that we can pxe boot then simply enter a name and pick TS all in one page then walk away.
Apologies for this but this one is going to be a bit wordy Smile

The files you will be modifying are

Deploywiz_Definition_ENU.xml
Deploywiz_SelectTS.xml
Deploywiz_ComputerName.xml

The files are named fairly well by Microsoft, the Definition file is the master file which guides you through the wizard, it calls the required files in turn. We will be making minor changes to this file but as always we should make a backup before we touch anything, just in case. The SelectTS file is the one which lists the task sequences available and allows us to choose one, the ComputerName file is self explanatory, however it also contains possibilities for you to enter domain join values, in our usage scenario we do not use these as the values are provided in the rules for the deploymentshare.

Open the ComputerName file and copy everything between the <body></body> tags, switch to the SelectTS file and paste all of this in just below the <body> tag and before the existing code, return to the ComputerName file and copy the <Initialization> and <Validation> section, again return to the SelectTS file and paste this in along with the existing values. Move to the top of the file and add the following as one line

<CustomScript>DeployWiz_ComputerName.vbs</CustomScript>



into the <global> section.

Change the <Pane id> values to something more appropriate such as

<Pane id="Name_Computer_and_SelectTaskSequence" title="Enter Name and pick a Task Sequence">


Save this file with your initials at the beginning and a more appropriate name, mine is called MHDeployWiz_Name_Computer_SelectTS.xml this will allow the deploymentshare files to be replaced in the future if an upgrade requires it but your files should remain in place.
You have now done the hard work.
Open the Definition file and edit the section 
<Pane id="SelectTaskSequence" reference="DeployWiz_SelectTS.xml">  <Condition><![CDATA[UCASE(Property("SkipTaskSequence"))<>"YES" ]]></Condition> </Pane>


to contain our newly made xml file so it should read 
<Pane id="SelectTaskSequence" reference="MHDeployWiz_Name_Computer_SelectTS.xml">  <Condition><![CDATA[UCASE(Property("SkipTaskSequence"))<>"YES" ]]></Condition> </Pane>


You can then remove completely the following section
<Pane id="ComputerName" reference="DeployWiz_ComputerName.xml">  <Condition><![CDATA[UCase(Property("SkipDomainMembership"))<>"YES" or UCase(Property("SkipComputerName"))<>"YES"]]></Condition>  <Condition><![CDATA[Property("DeploymentType")<>"REPLACE" and Property("DeploymentType")<>"CUSTOM" and Property("DeploymentType") <> "StateRestore" ]]></Condition> </Pane>
If you do not remove this then you will have another screen (which we are trying to remove) asking for the computer name, however its value will have been taken from the previous screen.

Save your file and test your deployment.
I have attached my modified files at the end of this post so you can see some which I have working in my test environment, feel free to play with them for your own use.I have used these modified files to deploy XP, "7 and W8 Consumer Preview,  I am sure that much more can be done with the xml files in MDT so there may be more posts to follow, but for now that’s it.
Good Luck

Monday, 2 April 2012

Windows XP SP3 DFS Network shares not refreshing

If you run a network where you connect Windows XP to DFS shares, you may encounter the issue whereby a user can create a new file/folder but not see it until they refresh the folder, this can lead to a large number of 'New Folder' entries if the user believes that they have not actually created a new folder.

The issue can also occur when moving or deleting items.

Microsoft list a fix which consists of a registry entry, apparently this was introduced in Windows XP SP2 but you can still get the issue with SP3.

The fix is a registry entry in the following path

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

It is a DWORD entry and is called 'NoSimpleNetIDList'

the value needs to be set to 1




Reference:

Microsoft Support Information

Kyocera Command Center default admin password

Just a quick heads up for those who are struggling to find the default web admin password for Kyocera printers, try accessing the printers IP address and using the code admin00

This has been tested on a fair few Kyocera printers but it took a lot of digging to find the code.

[Edit 22-05-2013]

Here is the list of additional printers which this password works for, collected from the comments section below.


FS-C5400DN
FS-1370DN
FS-1035DN
FS-6025MFP
FS-5250DN
FS-3920DN
TASKalfa 300ci
TASKalfa 552ci
FS-C5300DN
FS-C5350DN
FS-1370DN


[EDIT 01-06-2013]

I have been looking for a solution to the question below about a changed password and found a list of default passwords, the page I found this information on can be found here.


Command Centre Username and Password




Monochrome


Model
Username
Password



FS-2100DN
Admin
Admin
FS-4100DN
Admin
Admin
FS-4200DN
Admin
Admin
FS-4300DN
Admin
Admin
FS-1028MFP
admin00
FS-1030MFP

admin00
FS-1035MFP

admin00
FS-1128MFP
admin00
FS-1130MFP

admin00
FS-1135MFP

admin00
FS-3040MFP
admin00
FS-3140MFP
admin00
FS-3140MFP+
admin00
FS-3540MFP
admin00
FS-3640MFP
admin00
FS-6525MFP
Admin
Admin
FS-6530MFP
Admin
Admin
KM-2560


KM-3060

620

820

181

221

255

admin00
305

admin00
300i

admin00
420i

admin00
520i
No Default
admin00
3500i
Admin
Admin
4500i
Admin
Admin
5500i
Admin
Admin
6500i
Admin
Admin
8000i
Admin
Admin


Colour

Model Username Password






FS-C2526MFP
admin00
FS-C2626MFP
admin00
205c
Nothing when default
admin00
255c
admin00
250ci
admin00
300ci
admin00
400ci
admin00
500ci
admin00
552ci
admin00
2550ci
Admin
Admin
3050ci
Admin
Admin
3550ci
Admin
Admin
4550ci
Admin
Admin
5550ci
Admin
Admin
6550ci
Admin
Admin
7550ci
Admin
Admin

Machine Username and Password

Monochrome

Model
Username
Password



FS-2100DN
Admin
Admin
FS-4100DN
Admin
Admin
FS-4200DN
Admin
Admin
FS-4300DN
Admin
Admin
FS-1028MFP
2800
2800
FS-1030MFP
3000
3000
FS-1035MFP
3500
3500
FS-1128MFP
2800
2800
FS-1130MFP
3000
3000
FS-1135MFP
3500
3500
FS-3040MFP
4000
4000
FS-3140MFP
4000
4000
FS-3140MFP+
4000
4000
FS-3540MFP
Admin
Admin
FS-3640MFP
Admin
Admin
FS-6525MFP
2500
2500
FS-6530MFP
3000
3000
KM-2560
2500
2500
KM-3060
3000
3000
620
6200
820
8200
181
1800
221
2200
255
Admin
Admin
305
Admin
Admin
300i
3000
3000
420i
4200
4200
520i
5200
5200
3500i
3500
3500
4500i
4500
4500
5500i
5500
5500
6500i
6500
6500
8000i
8000
8000

Colour

Model
Username
Password



FS-C2526MFP
Admin
Admin
FS-C2626MFP
Admin
Admin
205c
Admin
Admin
255c
Admin
Admin
250ci
2500
2500
300ci
3000
3000
400ci
4000
4000
500ci
5000
5000
552ci
5500
5500
2550ci
2500
2500
3050ci
3000
3000
3550ci
3500
3500
4550ci
4500
4500
5550ci
5500
5500
6550ci
6500
6500
7550ci
8000
8000