View Blog

Jun 2006

Newsletter 18: Grab Bag and Major Announcements In this issue:

  • It's Issue 18
  • Free Giveaway!
  • Moskowitz, inc. Technology Takeaway (r)
    • Three juicy tips
  • Get a signed copy of Group Policy, Profiles and IntelliMirror
  • Upcoming conferences, appearances, and classes
    • Classes and seminars
  • Free Education!
  • Welcome Mark!
  • Subscribe, unsubscribe, and usage information

This month, there’s a lot of stuff to talk about. (This is where you ask me, “Jeremy, in which month isn’t there a lot of stuff to talk about?”) Last month, I asked you which newsletter format you liked most: small tips, one large tip, or a mix. The mix wins it! So, since I’ve had several “one large tip” emails in the last few newsletters, this one is a gaggle of small tips. Gotta mix it up.

Quick TechEd Notes

A quick note for those of you who are going to TechEd: I'll be speaking on Windows & Linux Integration (session SVR211), Monday 1.30 PM in Room "156 ABC". Hope to see you there! Even though I'm not speaking on Group Policy stuff, doesn't mean there aren't some great talks! Be sure to check out the following GP related talks:

  • Mark Williams (GP Team @ Microsoft):
    • MGT310 Group Policy: What's New in Windows Vista Wednesday, June 14 2:00 PM - 3:15 PM, 210 ABC
    • MGT310R Group Policy: What's New in Windows Vista (Repeat Session) Friday, June 16 1:00 PM - 2:15 PM, 259 AB
  • Emily Hill, George Roussos
    • CLITLC09 Group Policies in Windows Vista to Control Devices and Drivers Friday, June 16 2:45 PM - 4:00 PM, CLI/MGT/SEC/SVR Theater 2
  • Derek Melber (DesktopStandard and all-around smart GPO-meister):
    • MGT425 Troubleshooting Group Policy Friday, June 16 10:45 AM - 12:00 PM, Grand Ballroom A

So, without further ado!

This Month's Newsletter Sponsored by Centrify

Now you can use Group Policy to manage Mac desktops just as you do Windows.

Centrify DirectControl not only delivers Active Directory-based single sign-on and access control for Mac OS X, but it is also the only solution that enables IT managers to centrally secure and configure Macs via Group Policy. Use GP to require screensaver password locks, lock down system sharing and firewall preferences, and centrally configure other security settings. Request an evaluation of DirectControl for Mac OS X today.


Announcement From the Better Late Than Never/Use Your Manners Department:

Free gift to anyone who has ever taken a GPanswers two-day or three-day Group Policy workshop (where either James or I was the instructor).

It’s about time I said thanks. So, thanks!

Here’s the deal: the gift is free, the shipping isn’t. Sorry, I’m a small business, and that’s the breaks.

Shipping for your free gift is only $5, though.

And if you hate the gift, I’ll cheerfully refund your $5 and you can keep the gift. Really! (I sound like Ron Popeil, don’t I?) Here’s the fine print:

  • Shipping for the gift is a flat $5
  • We can accept Paypal or credit card for shipping
  • US residents only
  • If you can remember, please specify which public class or private class you attended (location and approximate month and year).

Note, that if you like the gift, but have never taken the two-day or three-day class, you can get one for a whole $12 (including shipping).

It may take a little while for you to get the gifts (like a week or two.. but rest assured, they'll get there.)  

Technology Takeaway (r), a Service of Moskowitz, inc.

Tip 1: How to troubleshoot a machine that claims it cannot find a Domain Controller.

(This tip comes to us courtesy of Dan Home from Two computers out of the 1000+ systems in our central site had these “Event 1054” errors. Unfortunately, these two systems were mission-critical systems. And, most interesting of all, there were NO OTHER VAGUELY RELATED ERRORS OF ANY KIND, visible or logged, on these systems. They just weren’t getting policy [“getting policy” ok terminology?] correctly (everything else was fine).

I said to myself, “Self, if they’re having these errors there must be something insidious going on.”

Here is a screenshot of the 1054 error on the machine:

gp After MUCH back-and-forth testing, we discovered the source of the problem: LINK NEGOTIATION! The switch between these systems and the DCs had one tiny little misconfiguration, and these particular systems weren’t “discovering” quickly enough what kind of network link they should have. So, in a final test, I hard-coded the NICs to 100/Full.

And the errors vanished like . . . well, something that vanishes.

Thanks again Dan Holme from for this cool, simple troubleshooting tip!!

Tip 2: How do I get MMC 3.0 functionality on my Windows XP machine?

Last month, you read about how to control printers using GPOs. And we did so using Windows 2003/R2’s new Print Management Console. You might have noticed that it had a different look and feel to it. That new look and feel is the MMC 3.0 (as opposed to MMC 2.0) which can be seen in this screenshot.

(Click on image for a larger view)

Since you likely control your Active Directory universe from an Windows XP machine (and not a Windows 2003/R2 machine) you might want to step-up to the MMC 3.0 look and feel on your Windows XP machine. Here’s how we do it:

  • Ensure that your Windows XP machine has SP2 installed.
  • Get the MMC 3.0 interface (one for 32-bit Windows XP and one for 64-bit Windows XP)
  • Enable the MMC 3.0

We’ll assume you already have Windows XP / SP2. Now, to get the 32-bit version of MMC 3.0, click here. To get the 64-bit version of MMC 3.0, click here: . Note that it seems as if 64-bit Windows XP systems get “second class citizen” status here, as there doesn’t seem to be a “final” version of the code, rather, that link for 64-bit Windows XP MMC 3.0 seems only to be Release Candidate 1.

Update: You can now download from Microsoft a copy of MMC 3.0 for XP x64 and MMC 3.0 for 2003 sp1 as well as 2003 x64 and ia64 Finally, once installed on your Windows XP machine, edit the registry to add a new key.

  1. Navigate to HKEY_LOCAL_MACHINE | SOFTWARE | Microsoft | MMC.
  2. From the Edit menu, select New, Key. (Yes, ‘key’, not value)
  3. Enter “UseNewUI”.

Note that the new Action pane seems to be available regardless of whether the setting is performed or not. However, the new “Add/Remove Snap-ins” is definitely different once you perform the setting, as seen below. gp (Click on image for a larger view) You may not see much “new stuff” while you’re inside your console (such as when you’re inside the “Actions” pane.) That’s because each snap-in needs to specifically take advantage of MMC 3.0 goodies.

Tip 3: Ready for Vista?

  While not specifically a Group Policy–related tip, I thought y’all would find this interesting. You can do a quick “health check” on your existing hardware (running Windows XP) and figure out if it’s a good candidate to put Windows Vista on it.

Just trot on out to the machine in question, and click here.

You’ll get asked a handful of questions about what you want to DO with Windows Vista. Then, out pops a suggestion about which version of Vista you should get and which areas need attention. You’ll get an HTML report (IE-readable-only, of course) that tells you which features are A-OK and which might not work. You also get a report about the drivers on your current machine and how they’ll fare with Vista (see second screenshot below).


(Click on image for a larger view)

Note that some items are peripherals (like my Brother MFC-3220C printer), but some are built into the machine (like the SigmaTel C-Major Audio device.) Let’s hope all these drivers are available by Vista showtime.  

Get signed copies of...

Group Policy, Profiles and IntelliMirror for Windows 2003, Windows XP and Windows 2000 (THIRD EDITION)


Windows & Linux Integration: Hands on Solutions for a Mixed Environment

Do you have the new THIRD EDITION of the Group Policy book? It's got 50 new pages, fully covers XP/SP2 and Windows Server 2003/SP1, an armload of new tidbits here and there, and whole new section on the Security Configuration Wizard.

Order your signed copy today by clicking here.

Additionally available is my new title Windows & Linux Integration: Hands on Solutions for a Mixed Environment

Oh, and if you own either book, and want to say nice things on Amazon, please do so! That would be great. Thanks! You can do so here: (GPO book) (WinLin book)

Now Available: Private GP Course in "Less-Intensive" Format

Everyone knows the two-day Group Policy course is really three days of material packed into two intensive days. However, some customers have asked for a less intensive format.

Your wish has been granted!

This course starts with a half day warm-up of Active Directory, managing users, and delegating permissions. Then, we move on to the Group Policy goodies. This way, those with less Group Policy and day-to-day administration experience can get a bit of the fundamentals before diving into the Group Policy waters.

This "three-day less-intensive" option is ONLY available as a private course. Note, the "two-day intensive" option is available as either a private or a public course. Learn more about the Group Policy courses here.

Public Group Policy Intensive Training and Workshop Schedule Update

I've basically lost count at this point of how many people have signed up and taken the two-day Group Policy intensive training and workshop. Students LOVE the class, and managers LOVE the results.

You BOUGHT and IMPLEMENTED Active Directory—now DO SOMETHING with it.

Public Two-Day Workshops for the Remainder of 2006:

Because I got invited to do a 19-city roadshow with TechTarget and Microsoft (see next section) I had to move around some of my class dates.
July 11–12: Denver, CO
July 25-26 (changed dates): Austin, TX (by popular demand!)
Aug 23–24: Phoenix, AZ
Sep 25–26 (changed dates): Seattle, WA
Oct 31–Nov 1 (changed dates): Portland, OR

Why THESE cities? Because people used the "Suggest a city" form at and ASKED me to have classes here.

Here's hoping you'll take advantage of the opportunity!

Learn more and sign up at:
(Don't forget to scroll all the way to the bottom of that page and locate your city!)

Or, if you think you might want your own in-house training (with all the personalized attention that affords), I'd love to join you onsite!

If you have even a handful of in-house people interested in the training, the course pays for itself (as you don't need to ship people offsite!). I'll even travel overseas to the U.K., other parts of Europe, or Japan—or wherever! Have passport, will travel!

Again, while the training course isn't officially endorsed by Microsoft, the class does have the distinction of being a suggested avenue for intense Group Policy training by members of the Group Policy, Microsoft Consulting Services, and Product Support Services teams at Microsoft!

For a public class, sign up online at:
For a private class, just contact me at [email protected] or call me at 302-351-8408.  

Free Education!

I’m honored to announce that I’m working with two pairs of vendors to get you free stuff in the upcoming year starting in June! (Y’all know how much I love free stuff!)

Announcement #1:

Jeremy Moskowitz and NetIQ + FullArmor team up to bring you, over the next year or so, some webinars, whitepapers, and roadshow opportunities. Here, you’ll see me outline some of the difficulties that administrators have when working with the native Group Policy toolkit. Then, NetIQ + FullArmor will talk about how their products fill in those gaps ! I’ll keep you posted with mini-updates via “un-newsletters” when a webinar or roadshow date is approaching.

Announcement #2:

Jeremy Moskowitz and TechTarget + Microsoft team up to bring you a 19-city roadshow tour titled: Deployment, Managing, and Monitoring: Getting the Job Done. Here, you’ll hear me talk about how to use the tools in the box to deploy your Windows XP, Windows 2003, and Vista systems, how to use Group Policy to manage your systems, and finally how to keep tabs on them with some slick free tools! Did I mention this is 19 cities?? So, there’s a good chance we’ll be near you soon! First two cities are Charlotte, NC (June 27, 2006) and Atlanta, GA (June 28, 2006).

The best two places to see the city list will be my web site calendar (which runs along the right-hand side), and also here, the official TechTarget/Microsoft web site. Dates will be added when confirmed. Hope to see you there!  

Welcome Mark, my new assistant!

Also, a big welcome to my new assistant. His name is Mark, and he can be reached at [email protected]. He can help you get signed up for a class, get you a case of books, or troubleshoot a gift order. He’d love to get a welcome email from you! However, please don’t send Mark any technical questions. Post those to

Subscribe, Unsubscribe, and Usage Information

If you've received this message as a forward from a friend, or are reading it online in the archives, you can sign up for your own newsletter subscription.

Also, if you want to unsubscribe, you can do that, too (but we'll be sad to see you go).

For all Subscription and Unsubscription information, we have a one-stop-shop page at the following address:

You can use this information as you see fit, but if you're going to copy any portion, please FORWARD THE ENTIRE email.

While Moskowitz, inc. tries to ensure that all information is technically accurate, we make no warranty with regard to the information within. Please use at your own risk.

If you need personalized attention in any way, just email me: [email protected] If you have questions about ordering a book, contact my assistant Mark at: [email protected]. I endeavor to respond to everyone who emails.

Thanks for reading!

Comments (0)

No Comments!