Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Locked thread
angry armadillo
Jul 26, 2010
Hopefully a quick question (I'm a n00b so stay with me...)
We've got office 2003 and server 2003 (modern times where I work, obviously)
My boss said to me change group policy so the user can't save their files to the my docs folder on the local PC (we hide the C drive, and we use roaming profiles fyi)
I said can we use folder redirection and he said it doesnt work for a reason he cant remember(!)

My first effort was to try: User Config > Windows Components > Windows Explorer > Common Open File Dialog > Items displayed in places bar

I changed the my docs place to the H:\ drive they are supposed to use and it works fine in notepad, adobe reader etc, however Office apps seems to have its own open/save dialog box instead of using the standard one (hooray for Microsoft ignoring it's own rules!)

I also tried regedit /s and you can hide the My Docs link from the Places bar on the left, however the users can still see the C:\ in the 'Look In' drop down box when they are saving stuff.

Has anyone attempted this before? Or am I best to get My Docs folder redirection working properly?

Adbot
ADBOT LOVES YOU

BangersInMyKnickers
Nov 3, 2004

I have a thing for courageous dongles

You should just do folder redirection. Policy can handle the change and do the copy automatically.

Serfer
Mar 10, 2003

The piss tape is real



Serfer posted:

I've been trying to setup a group policy to do drive maps (we're migrating from Novell to Windows, finally), but it seems like it's failing.

I get this error on the server:
The client-side extension caught the unhandled exception '0xC0000005' inside: 'threadEntry : client main' See trace file for more details.

And there doesn't seem to be a trace file on either the server or the client, and the drives don't map. Client is Win7, server is 2003.

I've fallen back to login scripts for now, but group policy should be working for this... Any ideas?

Nobody has any ideas? Is anyone else doing drive mappings this way, or is everyone doing it with login scripts?

BangersInMyKnickers
Nov 3, 2004

I have a thing for courageous dongles

Tracking down why drive mappings fail through policy is an absolute bitch at this point. If it works in your environment, then great. Go crazy and use it. In your situation, I would not hesitate to just fall back on a logon script.

BangersInMyKnickers
Nov 3, 2004

I have a thing for courageous dongles

Ok, this might help out for people doing policy drive mappings: The net use command defaults to running SMB over Netbios on the Netbios port. Policy drive mappings only seem to work over the native SMB port. Check to make sure your SMB port isn't being blocked by something.

Honey Im Homme
Sep 3, 2009

How can I diagnose a slow login on windows 7, there is nothing that stands out in event viewer or gpresult /h. I've kind of narrowed it down to folder redirection, only the desktop and start menu is redirected at the minute.

When I login with a domain admin account it's around 8 seconds, but with a normal user account it can take anywhere from 40 seconds to 3 minutes. Permissions look fine.

fishmech
Jul 16, 2006

by VideoGames
Salad Prong

Honey Im Homme posted:

How can I diagnose a slow login on windows 7, there is nothing that stands out in event viewer or gpresult /h. I've kind of narrowed it down to folder redirection, only the desktop and start menu is redirected at the minute.

When I login with a domain admin account it's around 8 seconds, but with a normal user account it can take anywhere from 40 seconds to 3 minutes. Permissions look fine.

There's this program called Soluto that tracks how long various processes take during startup that might help: http://www.soluto.com/

Honey Im Homme
Sep 3, 2009

fishmech posted:

There's this program called Soluto that tracks how long various processes take during startup that might help: http://www.soluto.com/

That's a neat little program but doesn't really help as it seems just to look at what programs are slowing the boot. The machines taking a long time are fresh windows installs with nothing installed, so it's definately related to GPO or profiles somehow.

fishmech
Jul 16, 2006

by VideoGames
Salad Prong

Honey Im Homme posted:

That's a neat little program but doesn't really help as it seems just to look at what programs are slowing the boot. The machines taking a long time are fresh windows installs with nothing installed, so it's definately related to GPO or profiles somehow.

It'll list the various boot up processes Windows uses tho, it told me that a bad bluetooth driver was making my laptop take 30 seconds longer to boot than it should have.

BangersInMyKnickers
Nov 3, 2004

I have a thing for courageous dongles

Honey Im Homme posted:

How can I diagnose a slow login on windows 7, there is nothing that stands out in event viewer or gpresult /h. I've kind of narrowed it down to folder redirection, only the desktop and start menu is redirected at the minute.

When I login with a domain admin account it's around 8 seconds, but with a normal user account it can take anywhere from 40 seconds to 3 minutes. Permissions look fine.

Try this: http://support.microsoft.com/kb/325376

Honey Im Homme
Sep 3, 2009

BangersInMyKnickers posted:

Try this: http://support.microsoft.com/kb/325376

Cheers for this, machine is hanging for an awful long time on Waiting for user profile service.

I've also ran a boot trace but have no idea how to use the files it spat out to find out what's making this machine slow.

BangersInMyKnickers
Nov 3, 2004

I have a thing for courageous dongles

Honey Im Homme posted:

Cheers for this, machine is hanging for an awful long time on Waiting for user profile service.

I've also ran a boot trace but have no idea how to use the files it spat out to find out what's making this machine slow.

Are we talking about roaming profiles here or just local ones?

Honey Im Homme
Sep 3, 2009

Roaming. Profile is 3mb~

BangersInMyKnickers
Nov 3, 2004

I have a thing for courageous dongles

Might be worth throwing a hub in there and watching traffic with wireshark. Policy and the profile should look like SMB traffic and if you're seeing timeouts/retries there it could point you in the right direction.

Honey Im Homme
Sep 3, 2009

I'm home now but will give this a try tomorrow. Anything else I can try?

BangersInMyKnickers
Nov 3, 2004

I have a thing for courageous dongles

Honey Im Homme posted:

I'm home now but will give this a try tomorrow. Anything else I can try?

One thing that can be a culprit for slow logons is a whole bunch of poo poo in the cookies folder. They don't take up much of any space, but they are part of the roaming profile and SMB absolutely sucks for those kinds of transfers (SMB2 addresses it). After that is going to be whatever you can do to narrow out the problem and rule out possibilities. Temporarily disabling AV software (network drive scanning can cause issues like that with roaming profiles), moving the user/computer to a location in AD that doesn't receive policy for testing, a deleting the locally cached copy and letting it come down again.

Honey Im Homme
Sep 3, 2009

Eh still haven't sorted this, i've got a week off now so i'll let my boss sweat over it. Reading festival :woop:

Everything looked pretty normal. I even checked transfer speeds manually, as we've had a little trouble with jumbo frames loving up in the past making transfer speeds crawl. Really out of ideas on this!

Rooster Brooster
Mar 30, 2001

Maybe it doesn't really matter anymore.
Slow WINS/DNS lookups or timeouts? If the profiles are on DFS shares and the name resolution is slow for that, it could make the whole thing pause for a bit.

The Diddler
Jun 22, 2006


I'm trying to set up an ODBC data source from a SQL server. Our SQL server requires a username and password, which (as some of you may know) doesn't work so well. I've been kicking it around on and off for a couple of months, but I need to get it working soon. I've read a ton of stuff about editing the XML, but I haven't had any luck yet, as it keeps failing due to an "unspecified error" which is less helpful then intended.

Has anyone made something like this work?

Spudalicious
Dec 24, 2003

I <3 Alton Brown.
So I was checking out my GPOs that I deployed last night this morning and noticed they were in an OU higher than where they should be! So, thinking fast, I started deleting them to re-link in the appropriate, lower OU. Unfortunately I deleted the OU they were in via a misclick!

So now all my computer objects for two organizations are gone. I used a few tools to recover them, but I lost details on the objects and god knows what other problems will come up.

Anyone have experience with this type of recovery? Is there anything wrong with just re-joining workstations to the domain and pretending everything is peachy?

quackquackquack
Nov 10, 2002
What is your domain? 2003? 2008? 2008 R2?

BangersInMyKnickers
Nov 3, 2004

I have a thing for courageous dongles

If you're already gotten that far in rebuilding, you'll probably be ok just rejoining systems. You could have gone in and done an authoritative restore of that OU on one of the DCs and that would have propagated out to the others and is the best option, but it can be difficult and you should really have a test lab for doing something like that so you can practice. If you're using Vista/Win7 for the AD tools, you can mark OUs as protected which can prevent the exact situation you hit.

Spudalicious
Dec 24, 2003

I <3 Alton Brown.
Thanks for the info regarding the OU protection. Too bad I didn't know about that before! Oh well, I just need to be more careful in the future. Rejoining 50 computers isn't really all that bad, it could have been the users OU :psyboom:

Everything appears to be in order now. And I learned how to restore tombstoned objects! :woop:

Syano
Jul 13, 2005
I am attempting to streamline my printer deployment by using group policy preferences. So I build a new policy and add 3 new shared printers under user configuration. When adding the printers I actually picked from the list it showed of those deployed in active directory. Problem is though that when logging on as one of the users covered by this policy, 2 out of the three are not there. Event log shows a warning that the printers were not found. What gives?

quackquackquack
Nov 10, 2002
From the list you are pulling from, are the printers listed as their FQDN\PrinterName, or DOMAIN\PrinterName?

We had some funniness where some clients could not find DOMAIN\PrinterName. I would guess DNS configuration issues. I was not working on this project, so I'm not sure the outcome.

Syano
Jul 13, 2005
The list was in the form of \\printserver\printer.

Interestingly enough I changed it to \\printserver FQDN\printer and the error seems to have vanished for the moment.


Its strange because I have always had a pretty rock solid DNS infrastructure.

dyehead
Nov 28, 2008
This may be the wrong thread to ask in, but...

Does anyone know of an easy way to disable the minimize button in IE via GPO or the registry or some such?

Googled a bunch, not much help so far.

quackquackquack
Nov 10, 2002
What is your desired outcome from disabling this button?

dyehead
Nov 28, 2008
don't want the window to get lost behind another window which is _always_ in front, no access to start menu, etc... basically kiosk mode, all shortcuts disabled yadda yadda.

quackquackquack
Nov 10, 2002
Run IE in kiosk mode, or make an HTA to control what visible?

quackquackquack fucked around with this message at 22:44 on Sep 1, 2010

Syano
Jul 13, 2005

Syano posted:

The list was in the form of \\printserver\printer.

Interestingly enough I changed it to \\printserver FQDN\printer and the error seems to have vanished for the moment.


Its strange because I have always had a pretty rock solid DNS infrastructure.

.... and now curiously the error has returned. This is weird.

dyehead
Nov 28, 2008

Noel posted:

Run IE in kiosk mode, or make an HTA to control what visible?

it's actually terminal services that's popping a new window in front of the current kiosk application. I don't want them to be able to minimize that window, leaving the session running forever. Timeout isn't an option at this point, we just want to disable the minimize button.

sanchez
Feb 26, 2003

Spudalicious posted:

it could have been the users OU :psyboom:

I did that once, before I knew that remove in the Exchange 2007 console does not mean remove mailbox. That option is called Disable...

Still have no idea why they're named like that.

crazyfish
Sep 19, 2002

If this is inappropriate for this thread, I apologize, but I didn't know where else to turn.

I'm having a problem with user logon scripts in Windows Server 2008.

My requirements are that I need to run a script at logon time which maps a network drive using a third-party NFS client. The script runs without issue when run manually as any user. The network drive is exposed correctly and everyone is happy. However, when I try to put the same script as a logon script, it does not work correctly for non-Administrator users.

I found that by both adding the failing account to the Administrators group AND disabling UAC I was able to get the drive to appear correctly as a logon script. However, the end destination for this script is a production server - for obvious reasons this is not a production-quality solution.

Some other things I've tried:

- Performing the registry change in http://support.microsoft.com/kb/937624 and rebooting. No change.
- The launchapp.wsf workaround in this article: http://technet.microsoft.com/en-us/library/cc766208%28WS.10%29.aspx No change.

Anyone else have any insight?

Syano
Jul 13, 2005
What is the file server version?

I may be way off base but while researching my problem I posted just a few posts above I have come across a ton of articles recently about logon scripts/mapped drives/mapped printers acting wonky with Server 2008 and older versions of windows acting as the file server/print server. Has to do with the SMB streams.

crazyfish
Sep 19, 2002

Syano posted:

What is the file server version?

I may be way off base but while researching my problem I posted just a few posts above I have come across a ton of articles recently about logon scripts/mapped drives/mapped printers acting wonky with Server 2008 and older versions of windows acting as the file server/print server. Has to do with the SMB streams.

The file server is Linux based. I read some of the same articles - apparently it has a lot to do with how priviledges are elevated at logon time vs. normal use time, or something like that. All I know is that I'm not an experienced Windows admin and I've suddenly been thrust into Windows permission hell.

crazyfish
Sep 19, 2002

crazyfish posted:

The file server is Linux based. I read some of the same articles - apparently it has a lot to do with how priviledges are elevated at logon time vs. normal use time, or something like that. All I know is that I'm not an experienced Windows admin and I've suddenly been thrust into Windows permission hell.

For those who were wondering (probably no one), our Windows guy solved the problem by creating a folder and set it up like a shared folder with the ACLs properly set and put the script inside. Once it was in there, it ran as a logon script and the drive letter showed up with zero issues whatsoever.

emtoor
Feb 11, 2010
Okay I'm messing around with software distribution in AD (Windows SBS 2003) and would like to assign a .msi package under the user configuration so when they log in it will auto install. I've tried doing it under the computer configuration but it will never go for some reason.

Anyway here's my question. This remote management software requires administrator to install. Is there anyway that when as user logs on and the package begins to install. That it will execute the setup in a privileged mode or maybe under an administrator account without prompting the user for un/pw?

any help appreciated!

sanchez
Feb 26, 2003
Try to run it during boot as a computer policy instead, to avoid that problem. It really should work, assuming it's a fairly normal MSI. Do Domain Computers (the group) have read/execute access to your install point? Check the logs on the failing machine too, there will be a reason in there somewhere.

Adbot
ADBOT LOVES YOU

BangersInMyKnickers
Nov 3, 2004

I have a thing for courageous dongles

emtoor posted:

Okay I'm messing around with software distribution in AD (Windows SBS 2003) and would like to assign a .msi package under the user configuration so when they log in it will auto install. I've tried doing it under the computer configuration but it will never go for some reason.

Anyway here's my question. This remote management software requires administrator to install. Is there anyway that when as user logs on and the package begins to install. That it will execute the setup in a privileged mode or maybe under an administrator account without prompting the user for un/pw?

any help appreciated!

Assigning it under the user section publishes the program to their Add/Remove programs list where they can then install it manually (assuming they have admin rights). I don't know of a way to make it happen automatically through that. Some packages are made by monkey idiots and don't detect the OS language correctly, so you might want to hit the check box to tell the policy to ignore the language settings. Also, some don't like being executed by the system account. Not much to do about that one except scream and/or cry.

You could always write a logon/startup script really quickly that will do a registry check for the product and then run the installer if it isn't present.

  • Locked thread