RSAT Part 2: Deploying Printers with Group Policy and without Scripts!

Posted on by
Reply

Historically, in order to deploy printers using Group Policy we would have had to use a combination of scripts.

Now, Group Policy Preference Client Side Extensions an updated AD Schema and RSAT allow for printers deployed without any extra work.

1. Create and name a new Policy.

2. If you want to deploy the printer to a machine

Computer Configuration > Windows Settings > Deployed Printers

Or

If you want to deploy the printer to users

User Configuration > Windows Settings > Deployed Printers

3. Right click in a blank area of the right-hand pane and select Deploy Printer.

1.

4. Make sure the permissions are correct for the printer.
5. Type in the path to the printer e.g. \\myprintserver\hplaserjet9040

1.

6. Save and apply your policy.

BgInfo v4.13

Posted on by
Reply

In case anyone missed it. BgInfo v4.13 was released a few weeks ago. I know that a number of School Computing Officers use this useful tool for audit and support purposes.

Link.

I have previously used BGInfo in a startup script to have machines ‘Check in’ to an Access DB. You can use somthing like this (one line):

\\campus\software\pathtofile\Bginfo.exe \\pathtoconfigfile\config.bgi /timer:0

The config.bgi file allows you to set what data you want to capture and set a path for the DB file.

BgInfo

http://technet.microsoft….s/bb897557.aspx

Publishing your Exchange Calendar to the Internet

Posted on by
Reply

There are a few different choices when wishing to publish your Exchange calendar to the internet. Some offer frequent and automatic updates, others require manual intervention each time you make a change. Publishing your calendar to internet can be useful when you want to share with someone who doesn’t have a University Exchange mailbox.

1. Publishing to Office Online

Office Online is Microsoft’s free service that allows Microsoft Live users to view and publish calendars to their website. The main pre-requisites are that both publisher and viewer need to have a Live account. Calendars are updated automatically every 20 minutes or so.

You can sign up for live accounts here. You have the option to create a new e-mail account that will provide you with hotmail, or have your @ncl.ac.uk e-mail address become your Live user ID. I’d probably recommend the @ncl.ac.uk route, but it depends what you are after.

The documentation on Office Online on how to publish calendars is very good and thorough, so rather than reinventing the wheel, here is the: Microsoft document.

2. Publish to a WebDAV Server

If you have access to a server that has WebDAV enabled you can publish the calendar information there without needing to have access to a Microsoft Live Account. Unfortunately, it is slightly more difficult to prohibit access. This would be acheived using file sharing permissions. Calendars are updated automatically every 20 minutes or so.

The Office Onlike document detailing publishing to a WebDAV server is here.

3. Save your Calendar as a Web-page

If you select your calendar and then select File – Save As Web Page you can generate files that you can publish on a web server. You have to manually re-save the calendar and re-publish the files every time you make a change to your calendar.

RSAT Part 1: Adding domain users to local machine groups.

Posted on by
Reply

In order to add domain accounts to a machines local administrators group we would previously have used code something like this:

net localgroup administrators LocalAdministratorGroupName /add

This guide will show you how to you how to add domain users to local machine groups using the updated Group Policy Preference Client Side Extensions & RSAT.

Prerequisites

1. Create and name a new Policy.
2. Browse to Computer Configuration > Preferences > Local Users and Groups.

1.

3. Right click in a blank area of the right-hand pane and select New > Local Group.

2.

4. From the action dropdown select ‘update’ and from the group name dropdown select ‘Administrators (built-in)’

S3

5. Click the add button.
6. Under name, type your s-id (campus\s-id) and under action make sure that ‘Add to this group’ is selected.

S4

7. Close and save the group policy.

There are many more options available in the Local Users and Groups section alone which may be useful. Next time I’ll look at deploying printers via RSAT.

Introduction to Windows PowerShell

Posted on by
3

I gave a demo of PowerShell at our OU Admins Christmas Event last December, and I’ve mentioned it a couple of times on mailing lists, but for everyone who missed those or wasn’t convinced, here’s my Introduction to Windows PowerShell…

PowerShell is a command shell and language focusing on Windows system administration. It can be used interactively to get immediate results, or you can write complex scripts and do batch processing. Although it is still not used as much as it should be, PowerShell isn’t a brand new product; it’s been around for a couple of years and version 2 is currently available in its 2nd Community Technical Preview.

Now that PowerShell is part of Microsoft’s Common Engineering Criteria (meaning that product teams pretty-much have to incorporate PowerShell into their new releases), and being incorporated as a feature in Windows Server 2008, you’ll see PowerShell usage sky-rocket! (It’s worth also saying that Microsoft aren’t the only ones adding PowerShell support to their products – VMWare, IBM, Citrix and others see the potential of managing their products this way.)

The thing that sets PowerShell apart from other shells is that it uses pipelines of objects, not of text. It is build on the .NET Framework, but you don’t need to have a developer’s appreciation of .NET to work with PowerShell. In fact one of the best ways of getting started with PowerShell is to just run it each time you were about to run cmd.exe – many of the things you’d want to do there work in PowerShell. If you’ve been a *nix admin in the past, you’ll find that some of the commands you’re familiar with work in PowerShell too.

For example, the PowerShell cmdlet (pronounced “command-let”) to list the contents of a folder, Get-ChildItem, has aliases built in, so that you can use either dir or ls in its place. The interesting thing with PowerShell is that it has providers which let you access other repositories (referred to as PSDrives) in the same way as the file system, so you can do this:

cd HKLM:\software
dir

…and see the contents of a registry hive! (Note that if you want to do a recursive directory listing, the parameters are different to the dir in cmd.exe, so you’ll want to check the help to see what you can do with the cmdlets)

Give it a go and I’m sure you’ll soon find your way around. To get started, Get-Command gives you a list of the available cmdlets; Get-Help [cmdlet] tells you what they do; Get-Member lists the properties and methods of an object; Get-PSDrive lists the PSDrives that are available to you. Knowing those cmdlets is enough to get you quite a distance.

The TechNet Script Center has a load of great resources for IT Pros at and there’s a fantastic community building around PowerShell, with a UK User Group (run by Richard Siddaway who is a PowerShell MVP – details on his blog), numerous PowerShell bloggers, and community sites. There are also a bunch of PowerShell books, most of which are pretty good, but if you’re just looking for one I’d recommend Lee Holmes’ PowerShell Cookbook.

If you don’t find that there’s support built in to products or PowerShell itself for what you want to do, there may be a 3rd party snap-in that could help. I’m making used of the free Active Directory cmdlets from Quest Software, the free Group Policy management cmdlets from SDM Software and the PowerShell Community Extensions – a large suite of additional cmdlets, providers, functions and more.

I’ll leave you with a quick PowerShell example. This is a cut down version of something that we used yesterday to enumerate the members of all the AD groups in a particular OU and save the listing for each group in a separate file named after the group:

Get-QADGroup -SearchRoot "OU=Groups,OU=ISS,DC=campus,DC=ncl,DC=ac,DC=uk" | %{$name = $_.name; Get-QADGroupMember $name | Out-File "$name.txt"}

It has probably wrapped in your browser, but that’s just with one line of PowerShell and frankly a good chunk of it is specifying the OU that we’re looking in! If you want to run that, you’ll just need to change the OU and have the Quest AD cmdlets installed. I won’t explain how it works here – I just wanted to show how much you can do with so little PowerShell. How much effort/code would it take to achieve that task another way?!

This summer all of our student user accounts will be provisioned entirely with PowerShell scripts. Keep an eye on this blog for future posts about PowerShell tools, resources and code samples.

Which Mobile for Exchange Mailbox Synchronization?

Posted on by
Reply

Activesync icon

At present we only officially support the use of Windows Mobile devices when communicating with the Exchange servers. This decision was made on the basis of the consistent standard of Windows Mobile and having devices ourselves that we can test and check problems out on. Now, a number of the big mobile manufacturers are licensing Microsoft’s ActiveSync technology and introducing the Enterprise level functionality into their devices. We don’t prohibit their use, but can’t offer any in depth support.

I hope this post gives some information on our findings.

Windows Mobile:
All versions of Windows Mobile should be compatible with Exchange. Obviously with each new iteration of the operating system (We are now up to 6.1) new functionality is introduced. Push e-mail was introduced in Windows Mobile 5.0. Motorola, Samsung, Palm, HTC are among manufacturers that produce Windows Mobile devices. Many of the UK mobile providers (Orange, O2, T-Mobile) re-badge HTC devices as their own.

Nokia:
As James documented in an earlier post, Nokia were one of the first manufacturers to licence Activesync which they called ‘Mail for Exchange’. It seems to only be available for some of their ‘E’ and ‘N’ series devices.

Sony Ericsson:
We have only been able to take a look at one Sony Ericsson device and unfortunately their version of Activesync on that particular device doesn’t seem to be compatible with Forms Based Authentication. (The type of authentication that we use!)

Blackberry:
As Blackberry have their own version of Activesync, it doesn’t look like they will license Microsoft’s version. Unfortunately to get the Blackberry to offer push e-mail with an Exchange server, a separate server (Blackberry Enterprise Server) and client access licenses need to be purchased. As we can offer Microsoft Activesync for no extra cost, we have no plans to offering push e-mail support to Blackberries.

Apple iPhone:
Apple incorporate Microsoft’s Activesync into their software on July 11th. The software will be made available for existing iPhones, IPod Touch and the soon to be released 3G iPhone. We haven’t yet been able to test this.

Some useful resources:

Modaco : Thorough news and forums
MSMobiles : News
CoolSmartphone : News
Expansys : Online Retailer

Connecting to Exchange with your Nokia Phone and ‘Mail for Exchange’

Posted on by
1

I wanted to try this out and it turned out to be much easier that I thought it would be!

Here is how I went about it.

1. Download ‘Mail for Exchange’ and install it.
2. You will then need to configure your profile.

Connection

Exchange Server: owa.ncl.ac.uk
Secure connection: Yes
AP: Choose
Sync while roaming: Up to you.
Use default port: Yes

Credentials

Your Username: nXXXXXX
Password: *******
Domain: CAMPUS

The other options allow you to choose what, when and how to sync. The application also warns you not to Sync with any other mail apps (such as your own local copy of Outlook) so there may be a trade off.

To see if your phone is compatible read the release notes here.

MFE

Please note that ISS can not help you with any problems as MFE is not currently supported.

http://www.businesssoftwa…e_downloads.php

EduCoMS Community Site

Posted on by
Reply

EduCoMS

EduServ, UCISA and Microsoft have recently launched a new community website for IT professionals using Microsoft technologies in higher and further education.

The site has a collection of forums, wikis and document libraries which are somewhat sparse at the moment, but will be more useful the more members of the community start to contribute. In an attempt to persuade people to build the site up at the beginning, they’re offering book tokens to people posting content.

You don’t need to sign up in order to browse the site, so I’d recommend you at least take a look at www.educoms.net and see if you think you’d want to get involved.

Welcome to the WIT Blog

Posted on by
Reply

The Windows Infrastructure Team in ISS at Newcastle University, as the name suggests, is responsible for the Windows Infrastructure of the University, meaning that we’re the ones who look after, among other things:

  • Active Directory, which is the management framework for user accounts, managed Windows PCs and servers and the policies that manage settings and software. We delegate control of various aspects of the Active Directory to the appropriate people in ISS and around the campus.
  • Exchange, which is the home of the email mailboxes and calendars of most computer users in the institution.
  • Central File Store, which most of our users will see as their personal H: drive, and shared storage for a number of schools/services.
  • IIS and SQL Servers, offering centrally managed hosting of ASP.NET web sites and SQL databases.
  • And various other services which run on Windows Server.

The purpose of this blog is to keep people using our services up to date with developments, share handy tips and more general tech news that we think may be of interest. On that basis, you’re going to get the most out of this if you have a keen or vested interest in the systems at Newcastle University, but if even if you’re nothing to do with the University, but have an interest in technology in general, or enterprise computing using Microsoft technologies in particular, we hope you’ll find something of interest here…