Search This Blog

Tuesday, November 22, 2011

Administrative Template Point and Print Restrictions

This worked for me... found this after I posted the above. hope it helps some of you having the same issue. I did this on my local pc not the Domain GPO so it would work in either place.



There are TWO "Point and Print Restrictions" settings

* Computer Configuration/Policies/Administrative Templates/Printers/Point and Print Restrictions
* User Configuration/Policies/Administrative Templates/Control Panel/Printers/Point and Print Restrictions


Of these two, the one under Computer Configuration seems to be the important one. But guess what? The original Server 2008 doesn't include this setting in the list -- you need Server 2008R2 for this setting to show up. If you download the administrative templates from Server 2008 R2, extract, and copy the PolicyDefinitions folder to C:\Windows\sysvol\domain\Policies\PolicyDefinitions, this missing policy will show up magically in Group Policy Management Editor. Of course, the ADMX files from Server 2008 R2 causes Group Policy Management Editor from Server 2008 tocomplain about parse errors, but it works just fine to click "OK".


Once you've installed the proper ADMX files, for this to work in Windows 7, configure both of these "Point and Print Restrictions" settings to:

* Enabled
* Security Prompts, When Installing Drivers for a new connection = Do not show warning or elevation prompt
* Security Prompts, When Installing Drivers for a new connection = Do not show warning or elevation prompt


Also, don't forget to make sure the users have permission to install printer drivers, since you're not even going to try to use Admin privileges any more:

* Computer Configuration\Policies\Administrative Templates\System\Driver Installation
* The setting is called "Allow non-administrators to install drivers for these devices setup classes".
* You will need to add thedevice class GUID of printers: {4d36e979-e325-11ce-bfc1-08002be10318}


Don't forget to update the computer policy on the workstation by running "gpupdate /force". Then log on as a non-admin user, and test! It worked for me with an annoying Konica Minolta bizhub C550 fax driver that was prompting my Win7 non-admin users for privileges when the logon script tried to install the driver for them. YMMV.


Good luck!

Wednesday, October 19, 2011

Unbrick WZR-HP-G300NH2 and then flash DDWRT

1.Download pumpKIN http://kin.klever.net/pumpkin save you wasting time with tftp and the command line

2.Unplug all the ethernet cable and the power cable and connect the computer directly to the router(still leave it off)

3.Go to Control Panel\Network and Internet\Network Connections in win7
right click on local area connection and choose "properties"
choose "internet protocol version 4"
click properties then click "use the following ip address"
Enter these values:
IP address 192.168.11.2, subnet mask 255.255.255.0, default gateway192.168.11.1

4.then turn off firewall go to Control Panel\Network and Internet\Network and Sharing Centre click on windows firewall then
choose "turn windows firewall on or off" then click on every "turn windows firewall off" box.

5.Open a Windows command prompt as Administrator. type cmd in the search box from Start menu, then press Ctrl+Shift+Enter. You will be prompted with the User Account Control dialogue choose yes. OR just right click on CMD and choose run as administrator.
Type the command
route print
to get a list of your NIC(s). Write down the interface number for the LAN card, in my case, it's 10, you may need to scroll up. mine is the first one "Realtek PCIe GBE Family Controller"

6.Now type the command below to get the ARP binding(thanks ermax at DD-WRT forum):
Replacing the number 10 with the interface number

netsh interface ipv4 add neighbors 10 192.168.11.1 02-AA-BB-CC-DD-1A

7.Run pumpKIN utility choose "Put File"

8.Put 192.168.11.1 as remote host, local File is openwrt-ar71xx-generic-wzr-hp-g300nh2-squashfs-tftp.bin

9.Click "ok" and quickly plug the power cable into the back to turn on the router. (within a few seconds)

10. After 5-10 minutes, unplug and replug the router.

11. If there's no WebGUI, you'll have to telnet (Windows 7: add/remove windows features) into 192.168.1.1 and run,
1. cd /tmp
2. wget ftp://dd-wrt.com/others/eko/BrainSlayer-V24-preSP2/2011/06-14-11-r17201/buffalo_wzr-hp-g300nh2/wzr-hp-g300nh2-dd-wrt-webupgrade-MULTI.bin
3. dd bs=28 skip=1 if=/tmp/wzr-hp-g300nh2-dd-wrt-webupgrade-MULTI.bin of=/tmp/firmware.bin
4. sysupgrade -n /tmp/firmware.bin

Tuesday, October 18, 2011

Remove hidden Mac user

sudo dscl . delete /Users/whatevertheshortnameis

Wednesday, September 7, 2011

Deploying TCP IP Printers using Group Policy

Deploying printers that's not too dependent on print server.

Thursday, August 18, 2011

Symantec Endpoint Protection Visual C++ Runtime Error

scram[wdk] you nailed it. Thank you for helping me fix this problem. Up until your post I was not aware of wbemtest so it took me awhile to figure out what to do with it.

For the sake of those you may have this problem in the future, here are the steps that corrected my issue:

• Go to a command prompt and run wbemtest
• Click the Connect button
• Replace root\default with root\securitycenter and click Connect
• You will be returned to the original screen, now click the Enum Classes button, leave the Superclass info box that appears as is (empty) and click OK
• On the Query Results screen, highlight AntivirusProduct and choose the Delete button.
• Close the Query windows and exit wbemtest
• Now either reinstall or repair Symantec Antivirus Corporate Edition

Interesting note, in my case when I re-entered the wbemtest after fixing my problem, the AntivirusProduct class no longer existed, even after a reboot. I can only guess this was a remnant of an older Symantec AV product or some other software package placed it there and it was causing a conflict with Symantec AV.

Wednesday, August 10, 2011

Windows 7 Auto Login box missing

Problem:
The box "User must enter a user name and password to use this computer." is missing.

Fix:
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon value in the registry. Mine was set to 0 so it did not show. I set it to 1, and now it shows.
Once it showed up, it was already unchecked, and when I hit OK it did not ask me for a username and password. I then checked it, hit OK, then opened it again and unchecked it, and hit OK. The dialog for me to enter the username and password then appeared and worked as documented in this post."

Wednesday, July 27, 2011

Symantec Endpoint Protection Manager

If your server has multiple IP addresses, follow this to make one of the IPs your top priority.
http://www.symantec.com/business/support/index?page=content&id=TECH95183

Monday, July 11, 2011

WMIC

wmic /node:"computername" computersystem get username

Thursday, May 5, 2011

Cannot map to any network drive or shares/RPC server is unavailable

For me it was missing one registry key
REG_DWORD "DhcpNodeType" = 1
under
HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters

A easy trick is, if it worked before, you can look under
"HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters"
or
"HKLM\SYSTEM\ControlSet002\Services\NetBT\Parameters"
and compare the difference.

This also fixes an issue opening Group Policy Management showing "RPC server is unavailable"

Tuesday, May 3, 2011

Remote Desktop Not Working in Vista

Remote desktop is enabled, exception is checked, still remote desktop does not work.

"I've got the same problem: Vista+SP2, same event in logs, no access to remote desktop.

But, after some magic dances around my box with a process monitor, I found a solution. Basically all u need is to grant full control permission to HKLM\System\CurrentControlSet\Control\Terminal Server\RCM registry key to NETWORK SERVICE local account and restart "Terminal Services" service or reboot."