Author: Adam Fowler

How To Apply HKLM Settings Per User

Posted on by Adam Fowler

Normally when you think of Windows Registry, you’re normally worried about the two sections: HKEY_LOCAL_MACHINE (HKLM) and HKEY_CURRENT_USER (HKCU).

It’s fairly obvious that settings under each area apply to either the PC itself (machine) or just to the currently logged in user. This is usually fine, but there are scenarios where there’s a setting that will only apply to a machine due to how the program is written, but you actually want to turn it on or off based on the logged on user.

With Group Policy Preferences (GPP) which was introduced with Windows Server 2008, this is much easier to do. Before this, you would have need to have written complex logon scripts using 3rd party tools to perform lookup commands, create variables and then adjust the registry accordingly, while providing administrator credentials.

GPP lets you apply registry settings rather easily. One of the main benefits of GPP is how flexible and granular you can be with the settings you apply.

This is how I would normally use to deploy a setting, but have it easily managable: Have two settings for the registry, one setting it on and the other off (normally done by a 1 for on, 0 for off but it depends on the setting). The targeting for having the setting on or off is based by user membership to an Active Directory (AD) group, but the setting is not applied in the user context meaning it’s applied by ‘System’ which will have full access to the HKLM registry.

This will then mean the HKLM setting changes from 0 to 1 and back based on which user logs in!

I prefer this than just applying particular users individually to the item because it will reduce processing time having a single check vs many, and that anyone can easily manage an AD group rather than mucking about with Group Policy and potentially doing something wrong, affecting the entire user base.

How to create a Group Policy that applies HKLM settings per user:

First, create a Policy. I’m going to assume you’re able to open Group Policy Management and create a Group Policy Object (GPO).

We’ll be working under User Configuration > Preferences > Windows Settings > Registry.

Here’s what you should see without my registry item already created:gpp1

Right click in the big open white space and choose New > Registry Item. Fill in the General tab for the registry item you want to create. Here’s an example:

gpp3

Next, go to the Common tab and tick ‘Item Level Targeting’. Then click the ‘Targeting’ button and you’ll be taken to the Targeting Editor. This is where all the granular control is, and you’ll find many options on what criteria needs to be met to either apply, or not apply the registry item.

You can define what you like for the rules, but I’ll be doing ‘the user is a member of the security group’. You can click the ellipsis … button and find your group in Active Directory (or quickly go there to create it first).

gpp2

After you’ve done this then pressed ‘OK’ twice, you’ll have your first registry entry ready to apply. We need a second one to do set the registry setting to a different value if a user is NOT in the group, so right click on the registry item and choose ‘copy’ then right click on the blank area and choose ‘paste’.

Go into the properties of your copied item, and change the value data to the second setting, and go into the ‘Targeting’ area and change the rule to ‘Is Not’ rather than ‘Is’ under the ‘Item Options’ dropdown menu.

One note is that AD group membership is checked when the user logs in, so if you’re testing and running ‘gpupdate’ to force a group policy check, it may not work as it won’t realise the user is in or out of the group. Just log off and back on to test instead.

I am a big fan of Group Policy Preferences and this is one of the examples of how powerful it can be, so if you are not already using it – get started!

Getting AD User Data via PowerShell

Posted on by Adam Fowler

It’s a common question asked of IT – “Can you give me a list of who’s in Marketing?” or “How many accounts do we actually have?”

Before PowerShell, this was a lot harder to do. There were companies like Quest Software who provided several handy tools (and still do) , or long complicated visual basic scripts.

So, how do you get a list of users? All of this is being done from the Active Directory Module for Windows PowerShell which will install as part of the Windows Server 2012 Feature – Role Administration Tools > AD DS and AD LDS Tools > Active Directory Module for Windows PowerShell.

The ‘Get-ADUser’ command is what we’ll use to demonstrate what you can do.

For starters, ‘Get-ADUser -filter*’ will get you a list of all users, and they’ll output in this format one after the other:

powershell1 (1)

A lot of information. You can specify a single user with:

Get-ADUser -identity username

which will just show you the one result.

As you may be aware, there are a lot more fields a user has than just the ones shown. You can tell PowerShell to show you all the properties by modifying the command like this:

Get-ADUser -identity username -properties *

Note that in PowerShell v4 if you get the error “get-aduser : One or more properties are invalid.” then there may be an issue with your schema. Check out this post for more information.

If there’s just one extra property you need, there’s no point getting everything, so if you needed to see a field such as “Department” for all users then adjust the command like this:

Get-ADUser -filter * -properties Department

Now, this gives the results for every single user in your Active Directory environment. You can narrow this down to a particular OU (and consequent sub OUs) by changing the command to this:

Get-ADUser -searchbase “ou=specialusers,ou=users,dc=mydomain,dc=com” -filter * -Properties Department

Now, you might be wondering how to get rid of all the standard properties and only see the ones you want.

There are two ways to pipe out the data that you want. One is with the ‘Format Table’ and the other is ‘Select Object’. Say you want a list of staff and their departments, we only need to use the ‘name’ field and the ‘department’ field.

Here’s what the two command look like, which are very similar:

Get-ADUser -searchbase “ou=specialusers,ou=users,dc=mydomain,dc=com” -filter * -Properties Department | ft name, department

Get-ADUser -searchbase “ou=specialusers,ou=users,dc=mydomain,dc=com” -filter * -Properties Department | Select-Object name, department

powershell2

The results of these commands will look exactly the same. But, when you want to export this information out, you would normally use the ‘Export-CSV’ command. If you use the ‘ft’ option, the results will not be what you expect. There is a brief writeup on this on the Windows PowerShell Blog which shows what you’ll see and explains why. The ‘Select Object’ command doesn’t have this issue.

So, if you want to output this list to a text file, here’s the command to use:

Get-ADUser -searchbase “ou=specialusers,ou=users,dc=mydomain,dc=com” -filter * -Properties Department | Select-Object name, department | export-csv c:\temp\myfile.csv

Note that you can also cheat and just pipe any output to a textfile using the old DOS redirect output method, which works even with the ‘ft’ option:

Get-ADUser -searchbase “ou=specialusers,ou=users,dc=mydomain,dc=com” -filter * -Properties Department | Select-Object name, department > c:\temp\myfile.csv

Note that one ‘>’ creates a new file or overwrites an existing, while a double ‘>>’ will create a new file or append to an existing.

Easy! Now you can provide Active Directory details to whomever asks, with a one line command that will output only the fields you want.

TechEd North America 2014

Posted on by Adam Fowler

 

5a1b31f5-50ca-403b-a339-925263e84eb2 (1)

I am really lucky this year to be going to Microsoft TechEd North America 2014, being hosted in Houston, Texas from 12th May to 15th May! Not only am I just attending, but I’ll be going as Press, representing The Register and We Break Tech.

I’ve been to TechEd Australia a few times and it’s a great experience, but this is a whole new level for me.

There will be over 10,000 people attending the single conference, a somewhat larger scale than the ~2500 that attend TechEd Australia.

To get there, I’ll have to fly Adelaide > Sydney > Dallas > Houston which will take about 24 hours, and to get back it’s Houston > Los Angeles > Melbourne > Adelaide. I’ll definitely be taking a few different gadgets and games to keep me entertained for that journey.

I don’t know what to expect exactly out of this experience. I’ll be doing writing of course, but there might be interviews, meeting and talking to world renowned experts/MVPs, mingling with Bill Gates and Satya Nadella… ok maybe not, but again I don’t really know what I’m in for!

My most similar experience was having HP fly me to Sydney for a day to cover the release of HP Converged Cloud on OpenStack technology which I live blogged and that was being thrown in the deep end – about 8 bloggers and 10 or so HP representatives there just to tell the 8 of us all a bunch of information.

Anyway, I realise this is a completely different scale and experience, and I’ll be one of hundreds of Press – but I do know this will be an awesome experience.

I’ll post some bits and pieces on here too, and I’m sure I’ll be constantly on twitter talking about my experience along with half the attendees.

Hoping to meet a bunch of new people and probably be way out of my comfort zone for the entire trip, but that’s what living is about! :)

Diverting Unassigned Numbers in Lync 2010

Posted on by Adam Fowler

Lync 2010 with Enterprise Voice attaches a phone number to a user with a direct one to one relationship. This means that when a user departs, the account should get disabled along with any Lync attachments. In turn, this abandons the phone number that was attached to the user. All great by design, but what about external people that are still calling the number of the departed user?

You could leave the user’s Active Directory account disabled, leave Lync attached and configure it that way, but that’s a big hassle. Microsoft covers this scenario with a feature called “Unassigned Number”.

Unassigned Number lets you configure an Announcement on an entire number range. The idea is that if any extension in the number range configured (which can be a single number) is called and isn’t attached to a user, it will divert the call to either an Announcement or an Exchange UM Auto Attendant number. Generally just the Announcement is fine, because the Announcement can be configured to be nothing, but divert the call to wherever you want it to go afterwards.

The Announcement needs to be configured before you create an Unassigned Number Range, which can only be managed by PowerShell. The Unassigned Number Range can be created via the Lync Control Panel GUI or PowerShell which seems a bit inconsistent.

Creating an Announcement is rather easy still, with a great guide from TechNet here. The important bits are to give your Announcement a name, tell it which Lync Pool to use and give it a target SIP address to send the call to. An example command do this is:

New-CsAnnouncement -Identity ApplicationServer:lyncpool.mydomain.com -Name “Forward Announcement” -TargetUri sip:[email protected]

Note that if you use a direct phone number for the sip address, you need to append “;user=phone” or it won’t work, so the sip address should look like this: “sip:[email protected];user=phone”

Once that has been created (run a ‘get-csannouncement’ to see all the Announcements you have) you can then use PowerShell or the Lync Control Panel to create your Unassigned Number Range if you feel more comfortable there. A guide on how to do this is available from Microsoft Technet here.

All you need to do for the Unassigned Number range is give it a name, tell it the number range to start from and end (which if you have multiple sites, you’ll need multiple ranges), the name of the Announcement you want to use (i.e. where you want the call to divert to) and finally which Lync Pool server/Application Server the Announcement lives on.

Based on the Announcement above, this is what the Unassigned Number command would look like:

New-CsUnassignedNumber -Identity “Unassigned Number Range 1” -NumberRangeStart “+61712345000” -NumberRangeEnd “+161712345099” -AnnouncementName “Forward Announcement” -AnnouncementService ApplicationServer:lyncpool.mydomain.com

The number range start and end just need to be in standard international telephone format: +xx being the country code (+61 for Australia, +1 for US) and then the local number (In Australia we drop the 0 at the front).

Again, you can run a ‘get-csunassignednumber’ command to see how it’s been configured.

Once you’ve done the above, you’re set. Try calling any unassigned number that you have and it should divert to the sip address you configured on the Announcement. If they’re a Lync user (as you can enter a phone number and divert these calls out) they will also get a message with the incoming call saying it was diverted from the originally dialled number.

If you have a special requirement where a particular number range needs to go elsewhere, you can just create more Announcements and unassigned number ranges – the order of the unassigned number ranges will define which range rule is applied with a highest first approach.

I believe this is very similar in Lync 2013, and would recommend that anyone using Lync with Enterprise Voice set this up for easier management of their phone system, but also to make sure no important business calls are missed.

Nokia Lumia 1520 Review

Posted on by Adam Fowler

Nokia’s shot at the growing phablet market.

On the 11th December 2013, Nokia released its latest Windows Phone in the Lumia range – the 1520.

Following up from the Lumia 1020 with its flagship 41 megapixel camera, Nokia went for a different extreme on the 1520 with a 6 inch display.

Other impressive specifications include a full HD 1920 x 1080 resolution on the giant display, a 20 megapixel camera (which is still better than most other smartphones on the market), a quad-core processor, and finally a 3400mAh battery. That beefy battery is supposed to provide 32 days standby time, and my heavier real-world use averaged 2 to 3 days between charges.

Software-wise, this is the first phone to run Nokia’s “Black” update which will end up being available to all Lumias, so that’s no reason to consider this particular phone. The hardware is what makes it or breaks it, so that’s what this review will focus on.

 

wp_ss_20131227_0001Lumia Black

Good

Weight wise, it’s not a light phone at 209g. It is much heavier than an iPhone 5S at 115g or a Samsung Galaxy Note 3 at 168g, but I don’t consider it too heavy.

The screen is the number one reason I’d recommend this phone. The amount of real estate you get will make you reconsider using a laptop to do lighter tasks, and the large number of tiles you can fit on a single screen means you can glance at your phone and see everything you need to know.

 

wp_ss_20131224_0001The home screen fits a crazy amount of fully customisable tiles.

The long battery life means that you’re much less worried about charging your phone at every chance you get, which is a refreshing change from most other smartphones.

Bb9ViqtCQAAa1xc
“Battery” app – free from Enless Soft

 

Bad

There is only one official case for the 1520, and that’s the CP-623. It’s the standard ‘clip on the corners’ cover that most other Lumias have available, but with an added protective flap. The flap doubles as a stand, but it’s not stable enough to actually use the phone while in stand mode. It can only be stood sideways, and many things don’t actually rotate sideways (like the all-important home screen) so it has very limited functionality.

Other accessories like official charging stands and car chargers don’t fit this gargantuan particularly well either. They do work, but it’s a bit of a balancing act to put the 1520 on a charging stand, and a very tight squeeze to fit in the car charger when the official case is attached too.

Other

I’m still not sure if the size of this device is a good or a bad thing, and that should come down to individual taste. When I first held it, I thought it’d be too big. Initially it felt a bit weird both sitting in my pocket as well as just holding it, but after a week or so I’m now used to it. I came from a Nokia Lumia 1020 which is still a decent 4.5″ screen, but this phone does take some getting used to.  You’re going to need a large pocket to carry it around.

Summary

The Nokia Lumia 1520 is a solid phone. It’s faster than any other Lumia before it, with the best battery life and screen so far in the Lumia range. Once you get used to its size, it may end up being your default ‘go-to’ device for most basic tasks, as it’s already in your pocket (or half sticking out of it). I’m already worried how I’d go back to a smaller phone, and that’s a good sign.