- Editor's Corner
- From the Mailbag
- Mailbag Overflow
- Printing Pitfalls
- Tip of the Week
- Recommended for Learning
- Quote of the Week
- Admin Toolbox
- Admin Tools We Think You Shouldn't Be Without
- Events Calendar
- Webcast Calendar
- IPv6 Address Autoconfiguration and DHCPv6
- This Week's Webcasts
- Register for Webcasts
- Still need MDT 2010 Update 1?
- Study of Commercially Deployed Single Sign On
- Back to the basics with Microsoft software licensing options
- Introducing Windows 8 Enterprise and Enhanced Software Assurance for Today's Modern Workforce
- Don't Be Afraid To Learn PowerShell, You'll Need It & You'll Learn To Love It!
- Virtualizing your Domain Controllers
- Cloud computing benefits may trump public cloud security fears
- VDI assessment guide
- VMware to Hyper-V converts share lessons learned
- This Week's Links We Like. Fun Stuff.
- Take Control of Group Policy with SDM Software
Save this newsletter so you can refer back to itand find helpful tips, tools and other resources that can help you when you face some planning decision, management task or troubleshooting headache!
From the Mailbag
The April 30, 2012 issue Logon Legalese generated a lot of responses pointing out that the primary motivation for implementing logon warning banners is so you can prove in court that a hacker or disgruntled employee knows he's doing something wrong if he breaks into or simply misuses one of your organization's computers. For example, reader Kevin said:
The historical basis for the banner is based on a court case years ago. An interloper hacked into a computer and gained access to data to which the individual had no right. The courts ruled the organization could not prosecute because the computer screen said 'Welcome' thus the organization invited the miscreant to hack into the system. This also avoids the interloper being able to claim, "Gee- I didn't KNOW I was not allowed on that system." The logon screen is because the legal system is even more brain dead than end-users. You have to prove in court the hacker was informed the system was not open for casual use.
He also added:
(Of course by that reasoning, we should all wear "You are not authorized to kill me" signs.)
Another reader named Darrell who is a retired ISSO reinforced this argument by pointing out that:
It does not matter if the good guys read the banner they are allowed to access the system. The bad guy is not going to read it anyway because he/she knows they are doing something illegal. The reason for having a pre and/or post logon banner is legal. If you catch someone breaking into your system, most prosecutors will not touch the case if you do not have a logon banner stating that it is illegal to logon to the system unless you are an authorized user. Prosecution of the hacker is the reason for the logon banner.
A third (anonymous) reader chimed in with another reason for implementing logon banners, namely the issue of monitoring employee use of your computing resources:
They also provide consent to monitoring. Whether users read the notifications or not, they have been notified, and have no basis for challenging any disciplinary or legal action on the basis they were not told.
Several other readers echoed much along the same lines, and of course this all makes sense, especially if you work in a government agency, the finance industry or the military, or if you plan on monitoring how users access computing resources. I suppose that living here in Canada where people are nice and nobody ever sues anyone except in Toronto (lol) probably gives me a different perspective on this whole matter...
Time for the obligatory XKCD comic:
And FWIW it's really not that cold up here...
Anyways, thanks to all the readers who work in paranoid, high security environments where logon banners are a requirement. What I'd *really* like to hear is how readers in such organizations have implemented logon banners on PCs running Windows 7, especially pre-logon banners. Send me an email at [email protected]
Check out Trench Tales, a series of articles on WindowsNetworking.com where we publish additional tips and comments from our newsletter readers that we're unable to include in our Mailbag column due to space limitations:
- Trench Tales (Part 1) - Hardware Troubleshooting:
- Trench Tales (Part 2) - Troubleshooting Slow Logons:
The Print server role isn't one of the sexier roles of Windows Servers, which probably explains why the Windows Printing Team Blog hasn't been updated for over two years:
But since the much-vaunted paperless office still hasn't arrived for most of us, print servers are still essential in most business environments. Security improvements like UAC in Windows Vista and later, coupled with the phase-out of 32-bit servers with Windows Server 2008, have led to some frustrations in the formerly benign and placid area of getting stuff printed. Let's look at a few issues and how to resolve them.
Installing drivers from print servers
Allowing standard users (i.e. users who aren't local admins on their computers) to install print drivers from print servers can be done by enabling and configuring this Group Policy setting:
Computer Configuration\Policies\Administrative Templates\Control Panel\Printers\Point and Print Restrictions
Specify the names of trusted print servers on your network and configure the two security prompt settings to Do not Show Warning Or Elevation Prompt. And if you still have Windows XP clients in your environment, you should configure the similarly named policy setting found under User Configuration.
For more information see "Control Printer Driver Installation Security" in the TechNet Library at:
Using Windows 7 x64 with legacy 32-bit print servers
If your current environment is still Windows XP PCs and 32-bit Windows Server 2003 SP2 servers (yikes) and you plan on migrating your PCs to Windows 7 x64 but keeping your old servers for a while (yikes again!), will your 64-bit Windows 7 users have any problems printing to your 32-bit print servers?
Nope. As long as you add 64-bit drivers for your printers to your print servers (if your dusty old printers have 64-bit drivers available for them) everything should be OK.
For more info, see the post "How to: Add 64-bit print drivers on 32-bit Windows Server 2003 or Windows Server 2008 print server" from awhile back on the TechNet blog called "The troubleshooters and problem solvers" at:
Migrating to Windows Server 2008 R2 print servers when you still have Windows XP clients
What if your current environment is Windows XP/Windows Server 2003 and you plan on using the Print Migration Wizard (Printbrm.exe) to migrate your print servers to Windows Server 2008 R2 while keeping at least some of your clients running Windows XP for a bit longer? (Hmm, you like playing with fire, don't you--I'll bet you're still driving an 82 Datsun too.) Do you need to make any changes to your Windows XP clients or can they just keep their current print drivers since you're not changing the printers, just the print servers?
Yep. You'll need to delete all printer connections and driver references on your Windows XP clients and create new printer connections for them. To do this you'll probably need to do some custom scripting that leverages the Prnmngr.vbs and Prndrvr.vbs scripts. See here for a list of in-box commands and scripts in Windows 7:
Also see the Print Services Migration Guide in the TechNet Library:
Enumerating the drivers on a Windows installation
How can I know what printer drivers are available in-box in Windows? And how about out-of-box drivers? Michael Murgolo of The Deployment Guys blog has a script and post that shows you how to obtain this information:
This could be useful if you're planning a print server migration for your environment.
Print/Fax Forum on TechNet
Finally, if you have printing problems in your Windows Server environment, a good place to seek help is the Print/Fax TechNet Forum, which is maintained by MVPs and by Product Group experts at Microsoft:
Got more printing tips?
Share your expertise with our readers by sending your printing tips [email protected]
Tip of the Week
You like keyboard accelerators a.k.a. shortcut keys? Here's a nifty one you probably don't know about. When you open Windows Explorer and select Details view, you'll see your files and folders organized as a list with four columns called Name, Date Modified, Type, and Size. You can also add additional columns like Title, Authors and so on by right-clicking on the column header. And compressed folders like the one in this figure show even more columns by default:
Unfortunately Explorer doesn't automatically try to justify columns in Details view, which can result in wasted space and a lot of horizontal scrolling when you have a lot of columns displayed.
Shortcut key to the rescue! By simply pressing the keystroke combination of CTRL and + where + is the plus sign on the *numeric* keyboard, you can make Explorer shrink the columns so you can see more details without scrolling:
Got any Windows or Office keyboard accelerators to recommend to our readers? Let us know at [email protected]
Recommended for Learning
Using MacOS X Lion Server (O'Reilly) is a well-written book that walks you step by step through planning, installing and implementing MacOS X Lion servers as file servers, mail servers and other network services like VPN for small organizations. If the primary client OS in your environment is Mac OS X and you don't need Active Directory, then Lion servers may be a good solution that can meet your needs. But before you deploy Lion servers in your environment, get this book and read it through so you can learn what it can do and what it can't.
Switching to the Mac: The Missing Manual, Lion Edition (O'Reilly) is a guide for Windows users who want to learn how to use a Mac. It's very detailed and covers just about everything you'll need to know. It's also maddening sometimes for an experienced Windows user like myself. A few examples will illustrate what I mean:
"Apple expects is customers not to shut down their machines between sessions, and that's fine. Instead, you're encouraged to use sleep mode (formerly called Standby on the PC)."
Um, how is that different from Windows PCs? I never shut down my PC.
"When it comes to managing your programs, the Applications folder...is something like the Program Files folder in Windows--but without the worry. You should feel free to open this folder and double-click things. In fact, that's exactly what you're supposed to do... Better yet, on the Mac, programs bear their real, plain-English names, like Microsoft Word, rather than eight-letter abbreviations, like WINWORD.EXE."
Oh, come on, this isn't Windows 3.1 anymore. And who needs to open a folder and double-click on an icon to run a program? If I want to open Microsoft Word on my Windows 7 computer, I just click the Start button (or press the Windows key) and type "word" and press ENTER and let Windows Search do its magic.
Opening the book at a random page (not kidding) I found this:
"Fast User Switching works just as it does in Windows."
Wow, so Mac is finally catching up with Windows in this feature area?
OK I'm starting to get a bit snarky so I guess it's time to finish this review and move on. The bottom line is that I personally see no reason for me to switch to the Mac. But if I did want to make the move, I'd definitely buy this book--and probably tear out my hair in frustration after every few pages!
Quote of the Week
"Try to regard all encounters and situations, including your job, as a game, as the world of illusion. Pull back a little and enjoy it all. Do our best, but don't fall apart if everything doesn't pan out the way you'd like it to. Remember that things are seldom what they seem." --Herb Cohen from his book "You Can Negotiate Anything"
Herb has over four decades of experience negotiating in situations ranging from mergers and acquisitions to hostage situations, and what he says here is right on the money. If you follow Herb's advice you'll not only enjoy life more but also have more success in your career because you'll have less stress. I highly recommend this book because the art of negotiation is basically part of everything we do in life from running a business to raising your kids:
Another terrific book by Herb that I've personally learned a lot from and can highly recommend is "Negotiate This!: By Caring, But Not T-H-A-T Much":
Got any other books on deal-making/negotiating you'd like to recommend? Email me at [email protected]
Save this newsletter so you can refer back to it later for tips, tools and other resources you might need to do your job or troubleshoot some problem you're dealing with.
Forward this newsletter to a friend or colleague who might find the tips and tools in it helpful for performing their job.
Send us feedback if you have questions, comments or suggestions concerning anything in this newsletter: [email protected]
Admin Tools We Think You Shouldn't Be Without
Compare, Report, Consolidate and Simplify Group Policy.
Download a free, fully functioning 30-day trial of Virtualization Manager from SolarWinds and take control of your virtualized environment.
Using Microsoft Hyper-V? Altaro Hyper-V Backup Freeware Edition is an easy to use Hyper-V aware backup solution. Watch YouTube Video.
Are your Hyper-V virtual machines locking up? Convert their saved state to a memory dump so you can debug the problem:
Perform live kernel debugging on running Hyper-V virtual machines using MoonSols' LiveCloudKd:
- Microsoft TechEd North America 2012 on June 11-14, 2012 in Orlando, USA:
- Microsoft Worldwide Partner Conference on July 8-12, 2012 in Toronto, Canada:
- VMworld 2012 on August 27-30, 2012 in San Francisco, USA:
- Microsoft SharePoint Conference 2012 on Nov 12-15, 2012 in Las Vegas, USA.
- Microsoft TechEd Europe 2012 on June 26-29, 2012 in Amsterdam, Netherlands:
- VMworld 2012 on October 9-11, 2012 in Barcelona, Spain:
- Microsoft Australia Partner Conference 2012 on Sept 4-6, 2012 in Brisbane, Australia:
Add your event
Contact Michael Vella at [email protected] to get your conference or other event listed in our Events Calendar.
IPv6 Address Autoconfiguration and DHCPv6
June 6, 2012 - O'Reilly will have IPv6 expert and author Joseph Davies of Microsoft Corporation demonstrate the various ways you can configure IPv6 addresses and configuration settings.
This Week's Webcasts
- Tuesday May 15 - TechNet Webcast: Everything You Wanted to Know and Ask about Windows Deployment (Part 1) (Level 200)
- Wednesday May 16 - VMware Webcast: Getting Started with VMware vSphere Hypervisor and VMware Go
- Thursday May 17 - TechNet Webcast: Everything You Wanted to Know and Ask about Windows Deployment (Part 2) (Level 200)
- Friday May 18 - TechNet Webcast: The Baker's Dozen: What's New in SQL Server 2012 (Part 9 of 13)—What's New in PowerPivot 2.0 (Level 200)
Register for Webcasts
Add your Webcast
Contact Michael Vella at [email protected] to get your webcast listed in our Webcasts Calendar.
Still need MDT 2010 Update 1?
The Microsoft Download Center now has MDT 2012 as the main download for Microsoft Deployment Toolkit, but if you still need the earlier version you can find out how to get it in this blog post by Michael Niehaus:
Study of Commercially Deployed Single Sign On
Steve Syfuhs in his blog Steve On Security discusses a paper from Microsoft Research that analyses different commercial Single Sign On services that are currently available:
Back to the basics with Microsoft software licensing options
Ruth Morton guides you through the licensing maze with this post on the Canadian IT Manager's Blog:
Introducing Windows 8 Enterprise and Enhanced Software Assurance for Today's Modern Workforce
Erwin Visser describes what Windows 8 Enterprise edition can offer business customers in this post on the Windows For Your Business Blog:
Don't Be Afraid To Learn PowerShell, You'll Need It & You'll Learn To Love It!
Feeling too old to learn another scripting language? Check out this post by Belgium MVP Didier Van Hoye from his blog Working Hard in IT:
Virtualizing your Domain Controllers
Microsoft Certified Trainer (MCT) and consultant Mitch Garvis outlines some best practices are for domain controllers in a virtualized environment in his blog The World According to Mitch:
Windows Server News
Cloud computing benefits may trump public cloud security fears
Companies can reap the benefits of cloud, if they develop smart strategies. Two IT advisers explain when public cloud makes sense and when to say no in this popular article.
VDI assessment guide
Wait! Don't implement VDI technology until you know your goals and needs. A VDI assessment should consider the benefits of a VDI environment and its effects on end users>
VMware to Hyper-V converts share lessons learned
Some IT pros will move from VMware to Hyper-V when new virtualization management tools in Microsoft's System Center 2012 and a new version of Hyper-V hit later this year. Though switching hypervisors can be a challenge, some say that the cost savings make it a worthwhile move. Learn more in this expert tip.
Five reasons a VDI project stalls: What's the holdup?
Here's one way to send a VDI project down the tubes: Ignore the end user experience. See four more factors that can hit the brakes on your implementation.
WServerNews FAVE Links
This Week's Links We Like. Tips, Hints And Fun Stuff
The Purdue Society of Professional Engineers built the World's most complex Rube Goldberg Machine with 300 steps involved in blowing up and popping a balloon:
Evacuated Tube Transport could take you from New York to LA in 45 minutes:
The best space shuttle launch video I have seen so far - with high quality audio and 1080p:
A big red push button on a quiet square in a small town in Belgium with a sign "Push to add drama". See what happens next:
John Collins folds paper airplanes for a living, and recently designed a plane that broke the world record for longest flight. Here, he shares a few of his secrets:
Creating the illusion of a static flow of water with sound waves in a simple experiment, using a thin water hose taped to a loudspeaker:
WServerNews - Product of the Week
WServerNews - Editors
Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit from Microsoft Press and has published hundreds of articles for IT pros. Mitch is also a seven-time recipient of Microsoft's Most Valuable Professional (MVP) award for his outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see www.mtit.com
Ingrid Tulloch is Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also Head of Research for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.