View Blog

Sep 2005

In this issue:

  • It's Issue 11 ... So much news, I can't take it!!
  • Big News Item #1: Updated Group Policy Book!
  • Big News Item #2: A New Book and a New Website for Windows/Linux Integration!
  • "Suggest a City" a Success
  • Group Policy Intensive Training and Workshop Schedule Update
  • Technology Takeaway (r), a service of Moskowitz, inc.
    • Three juicy tips and tricks
  • Upcoming Conferences, Appearances, and Classes
  • Get a signed copy of Group Policy, Profiles and IntelliMirror
  • Subscribe, Unsubscribe, and Usage Information

Moskowitz, inc. and -- Issue 11

There's so much news, I simply don't know where to begin.

First, however, I want to welcome about 100 new people since the last newsletter, which went out only about three weeks ago.

I got to meet a lot of great people in my own home town of Wilmington, DE at a Microsoft / TS2 event.

People here are downright excited about Windows Server Update Services (WSUS), and specifically, how an admin can use GPOs to control WSUS even more granularly than the older Software Update Services (SUS).

We'll address some of those issues in this newsletter, right after we announce all these goodies!

Big News Item #1: Updated Group Policy Book!

I have a Third Edition of my popular Group Policy book (Group Policy, Profiles and IntelliMirror) coming out THIS MONTH (September).

What's more -- you can pre-order a SIGNED COPY!

In this edition, we're building on the last, but adding in the bits and pieces for Windows 2003 / SP1 and Windows XP / SP2.

And, since I cannot leave well enough alone, there are lots of little adjustments and improvements throughout. Here are the TOP 12 things that have been updated since the previous edition...

  1. More "prescriptive guidance" is peppered throughout the book, based on additional experiences over the years.
  2. In the last book, I tested using XP/SP2 *BETA*. I made educated guesses how XP/SP2 *WOULD react*. This time, I made sure.
  3. We had Kevin Sullivan, a fellow Enterprise Mobility MVP, as the Technical Editor and reviewer. That means additional assurance of technical accuracy in all areas of the book.
  4. We give guidance about how to deal with XP/SP2's built-in firewall. Because some aspects of Group Policy won't work with the firewall enabled, we give specific guidance on how to deal with this feature.
  5. We've added clearer guidance on what happens during backup and restore operations.
  6. We've added more troubleshooting guidance.
  7. We've added more guidance on how to ensure that you can "see" all the settings for XP/SP2 and Windows Server 2003 / SP1.
  8. We fully cover the Windows Server 2003 / SP1 "Security Configuration Wizard." Specifically, we demonstrate how to make your servers more secure via Group Policy. This is a really big addition for this edition.
  9. We've included some newly updated information regarding Windows Installer 3.0.
  10. ALL of the URLs are "tiny" now. Not a big deal, but now you're not typing in 300 characters for a URL to Microsoft.
  11. We've addressed a notorious quirk when dealing with GPOs. Have you ever had to press "OK" 52 times when editing a GPO? This is "The Retroactive Bug That Ate New York." In this new edition, we squash this bug with a rock.
  12. And last but certainly not least, there are lots of little things that have been clarified, fixed, adjusted, and generally made better.

Oh, and all the web downloads will be updated (really soon!). We've gone through the effort to document every single Group Policy Setting and made these available. Again, stay tuned for updated web downloads just as soon as the publisher releases them!

So, the big question that I'm sure you have is: "Do I NEED this edition?" It's a tough call, because the book DID NOT go through a MAJOR re-write like it did from the First Edition to the Second Edition. Here's what's the same:

  • All chapters from the Second Edition are here again in the Third Edition.
  • The book has the same cast of characters.
  • The book has the same "flow" and the same holistic approach.
  • The scripting chapter is 100% unchanged. (It's the only untouched chapter in the book, though.)
  • In short, it really is the same book.

So, again, the question is: "Do I NEED this edition?"

I know it's not easy forking over your hard-earned dough to get a copy of a book that's, well, very similar to the previous edition. So, how can you make the best decision? Here's my take on it...

  • If you're rolling out XP/SP2 and Windows Server 2003/SP1, I'd say Yes, this new addition is for you. Again, I updated the book expressly for this purpose. And, while I was here, I cleaned up anything I wasn't 100% happy with.
  • If you're NOT rolling out XP/SP2 and/or Windows Server 2003/SP1, then just the "bug fixes" alone aren't worth plunking down the dough to get a copy. The bad news, however, is that the book's "bug fixes" alone are not availableas a download on This is because there really were too many pages changed between this edition and the last.

Hopefully, that makes sense, and gives you some direction on whether or not you should get the updated edition.

-If you want a signed copy ($45, includes shipping), the place is
-If you want a cheaper copy from Amazon ($32.99), the place is: (For some reason, the cover image says "Second Edition," but I assure you that it's the "Third Edition.")
-If you want an even cheaper copy, from Bookpool ($31.50), the place is: (Again, for some reason the cover image says "Second Edition," but I assure you that it's the "Third Edition.")

Big News Item #2: A New Book and a New Website for Windows/Linux Integration!

I know, I know. I can hear you from here ... "Whaaa? Jeremy, I thought you were the Group Policy dude. I didn't think you did that 'Linux thing.'" Well, I do.

It's interesting, exciting, and coming to an IT shop near you. And you'd better be prepared for it.

There are plenty of books you can get that try to describe how to "walk away" from your Windows investment and ... blink! ... go 100% Linux.

But there are two problems with the "walk away from Windows" idea:

  • First, it's often not possible. That is, there is a good chance you will always have Windows applications that run your business. And they might never be able to run natively on Linux.
  • Second, it's simply not realistic. Assuming every application could be re-coded for Linux, you've already got a lot invested in Windows desktops, applications, architecture, training, personnel, and more.

And yet, Linux offers undeniable advantages of its own. Compelling open-source applications, like the Apache web server and the MySQL database engine, are available today and will continue to appear. And the option of running these applications on an open-source operating system presents undeniable cost advantages. Yes, Linux has its own costs, such as re-training users and administrators familiar with Windows. But the presence of Linux in your business can save money and solve problems today.

In short, neither Windows nor Linux is leaving this planet (or the datacenter) any time soon. And for that reason, it's more important to be able to cooperatively utilize what "the other guy" has to offer, instead of trying to punch his lights out.

My new book is entitled:

Practical Windows & Linux Integration: Hands-on Solutions for a Mixed Environment

And, along with a book, I'm launching a new web site: is similar to It has:

  • Its own newsletter
  • Its own community forum
  • Its own downloads (many, many downloads for the book)
  • Its own links and other resources
  • Coming soon, its own Win/Lin Integration Training course
  • And more...

It shares the same look and feel as and shares the same "Where is Jeremy?" calendar that runs along the right-hand side.

For the record ... No, no, no! I'm NOT abandoning for other pastures. I am not going to stop living and breathing Group Policy. I'm simply expanding a little bit and hope you'll join me for the ride.

For now, if you want to receive Win/Lin updates, you'll have to specifically sign up for THAT newsletter at

(For the record, I may change my mind in the future and go to one unified newsletter. But for now, they're separate.)

You can find out more and pick up a signed copy of the new Windows / Linux Integration book at "Suggest a City" a Success

People are using the new "SUGGEST YOUR OWN CITY" service. The idea is for YOU to tell ME where you want a Group Policy class.

Simply click on the workshop page and find the link to SUGGEST YOUR OWN CITY.

Or, go directly to

Once we get 5-7 interested people in the same city, we've got a class!

Maybe your city is already listed? Check it out and add your suggestion. (It takes, maybe, 10 seconds.)  


Group Policy Intensive Training and Workshop Schedule Update

Learn more and sign up at:
Suggest your own city at  


Technology Takeaway (r), a service of Moskowitz, inc.

Here's what's on people's minds recently...

Three juicy tips and tricks


Q. Can I upgrade from SUS to WSUS?

A. Before we get into upgrading SUS to WSUS, there's good news. If you're still on SUS, Microsoft is providing 6 more months of support. That's a good idea ... because getting to WSUS could take a while. I suggest that if you're working with SUS and want to move to WSUS, you should check out this resource: TechNet Webcast: Migration from Software Update Services to Windows Server Update Services (Level 300)

About the talk (Copied from Microsoft's website):

Marc Shepard, Program Manager, Microsoft Corporation Many customers today use Software Update Services (SUS) to deploy Windows updates across their businesses. During this session, which was highly rated when presented at TechEd 2005 in Orlando, Florida, as MGT350, learn how to upgrade from SUS to Windows Server Update Services, the next version of SUS, to reap the benefits of the enhanced capabilities and broadened application support. Learn best practices and pitfalls to watch out for to help you upgrade seamlessly.


Q. Are there any bugs in the GPMC that you know about?

A. The "GPMC with SP1" has been out for some time, and it squashed lots of the remaining bugs. But not all. Here's one I know of...

If you select a GPO link in the GPMC, select the 'Details' tab, and set the GPO status to 'All settings disabled', the link itself will grey out, but the actual GPO doesn't.

So is it disabled or not?

Actually, it is. Just right-click on the domain name and select Refresh, and the icon will grey out.

Ok, it's not really a tip, but it is something to keep in mind!


Q. How can I script ... ?

A. There are just a GAGGLE of Group Policy goodies waiting for you on your scripting adventure. They are located in a 'scripts' folder in the installation folder of the GPMC.

Samples include a script to back up all GPOs (handy if you want to schedule the backup), a script to find unlinked GPOs, a script to copy a GPO. And lots more. Check 'em out!

Upcoming Conferences, Appearances, and Classes

On (or I have a neat-o calendar that I'm always updating with any public (and private) appearances. So, check it out any time for up-to-date information!  

Not free... but worth it! Upcoming classes!

I'd love to see you in one of the two-dayGroup Policy intensive training and workshop classes. These two-day classes get you up to speed, working with Group Policy, Security settings, ADM templates, and just about all you need to know to hit the ground running -- Fast!

Or ... if you think you might want your own in-house training of the course (with all the personalizedattention that affords), I'd love to join you on-site!If you have even a handful of in-house people interested in the training, the course pays for itself (as you don't need to ship people offsite!). I'll even travel overseas to the U.K., other parts of Europe, or Japan -- or wherever! Have passport, will travel!

Again, while the training course isn't officially _endorsed_ by Microsoft, the class does the have distinction of being a suggested avenue for intense Group Policy training by members of the Group Policy team at Microsoft.

At the MMS 2004 and TechEd 2004 conferences, Mark Williams from the Group Policy team encouraged the throngs of attendees to check out the new Group Policy book and the training!In fact, he dedicated a whole slide to the book, the training,and for each of his sessions!

Wow! Thanks again, Microsoft!

How do attendees feel about the class? Here are some of my favorite feedback comments:

  • "Fantastic Presentation !"
  • "Can't wait to go back to share the wealth !"
  • "Would recommend to other IT people in my company."
  • "I had a foot in the GPO door, and now I can hold it open."
  • "Easily the best training about AD I've had in the last 5 years !!"

And my favorite of pack is from Joey P, who works for a major retailer writes:

"If you have folks that are even going to SNIFF Active Directory, they *MUST* take this class!"

I don't really know what Joey means, but I'll take it as a compliment.

Thanks, Joey -- and to ALL my students !

For a public class, sign up online.
For a private class, just contact me at [email protected] or call me at 302-351-8408 (note the new phone number.)  

Get a signed copy of Group Policy, Profiles and IntelliMirror for Windows 2003, Windows XP and Windows 2000

We've had dozens of people order books directly from If you'd like a copy, it's easy to order, and I'll sign the book to you, free!

Please note that I'm not set up to accept credit cards directly; however, you can enjoy the security of ordering through your PayPal account (and they take credit cards, including AMEX just fine.) Thanks for understanding!

Order your signed copy today by clicking here.

Oh, and if you own the book, and want to say nice things on Amazon, please do so! That would be great. Thanks! You can do so here.


I want to say "thanks" for a killer book review from one of our subscribers, "AVero".

The review was originally posted here.

but is also posted on here.

Pick one if you're interested in reading it. Thanks again!

Subscribe and Unsubscribe Information

  • subscribe to this newsletter
  • unsubscribe from this newsletter

How did you get this newsletter? It's very likely you got it because you handed me (Jeremy Moskowitz) a business card at an event at some kind. And, consequently, I signed you up for my newsletter.

Or, possibly, you've received this message as a forward from a friend, or are reading it online in the archives, you can sign up for your own newsletter subscription.

Also, if you want to unsubscribe, you can do that too (but we'll be sad to see you go).

For all Subscription and Unsubscription information, we have a one-stop-shop page at the following address:

If you need personalized attention in any way, just email me: [email protected] I endeavor to respond to everyone who emails.

Thanks for reading!

Jeremy Moskowitz
Author, Instructor, Infrastructure Architect
Moskowitz, inc.
[email protected]
Learn more about Group Policy at !

Comments (0)

No Comments!