Newsletter 18: Grab Bag and Major Announcements In this issue:
- It's Issue 18
- Free Giveaway!
- Moskowitz, inc. Technology Takeaway (r)
- Three juicy tips
- Get a signed copy of Group Policy, Profiles and IntelliMirror
- Upcoming conferences, appearances, and classes
- Classes and seminars
- Free Education!
- Welcome Mark!
- Subscribe, unsubscribe, and usage information
This month, thereâs a lot of stuff to talk about. (This is where you ask me, âJeremy, in which month isnât there a lot of stuff to talk about?â) Last month, I asked you which newsletter format you liked most: small tips, one large tip, or a mix. The mix wins it! So, since Iâve had several âone large tipâ emails in the last few newsletters, this one is a gaggle of small tips. Gotta mix it up.
Quick TechEd Notes
A quick note for those of you who are going to TechEd: I'll be speaking on Windows & Linux Integration (session SVR211), Monday 1.30 PM in Room "156 ABC". Hope to see you there! Even though I'm not speaking on Group Policy stuff, doesn't mean there aren't some great talks! Be sure to check out the following GP related talks:
- Mark Williams (GP Team @ Microsoft):
- MGT310 Group Policy: What's New in Windows Vista Wednesday, June 14 2:00 PM - 3:15 PM, 210 ABC
- MGT310R Group Policy: What's New in Windows Vista (Repeat Session) Friday, June 16 1:00 PM - 2:15 PM, 259 AB
- Emily Hill, George Roussos
- CLITLC09 Group Policies in Windows Vista to Control Devices and Drivers Friday, June 16 2:45 PM - 4:00 PM, CLI/MGT/SEC/SVR Theater 2
- Derek Melber (DesktopStandard and all-around smart GPO-meister):
- MGT425 Troubleshooting Group Policy Friday, June 16 10:45 AM - 12:00 PM, Grand Ballroom A
So, without further ado!
This Month's Newsletter Sponsored by Centrify
Now you can use Group Policy to manage Mac desktops just as you do Windows.
Centrify DirectControl not only delivers Active Directory-based single sign-on and access control for Mac OS X, but it is also the only solution that enables IT managers to centrally secure and configure Macs via Group Policy. Use GP to require screensaver password locks, lock down system sharing and firewall preferences, and centrally configure other security settings. Request an evaluation of DirectControl for Mac OS X today.
Announcement From the Better Late Than Never/Use Your Manners Department:
Free gift to anyone who has ever taken a GPanswers two-day or three-day Group Policy workshop (where either James or I was the instructor).
Itâs about time I said thanks. So, thanks!
Hereâs the deal: the gift is free, the shipping isnât. Sorry, Iâm a small business, and thatâs the breaks.
Shipping for your free gift is only $5, though.
And if you hate the gift, Iâll cheerfully refund your $5 and you can keep the gift. Really! (I sound like Ron Popeil, donât I?) Hereâs the fine print:
- Shipping for the gift is a flat $5
- We can accept Paypal or credit card for shipping
- US residents only
- If you can remember, please specify which public class or private class you attended (location and approximate month and year).
Note, that if you like the gift, but have never taken the two-day or three-day class, you can get one for a whole $12 (including shipping).
It may take a little while for you to get the gifts (like a week or two.. but rest assured, they'll get there.)
Technology Takeaway (r), a Service of Moskowitz, inc.
Tip 1: How to troubleshoot a machine that claims it cannot find a Domain Controller.
(This tip comes to us courtesy of Dan Home from Intelliem.com.) Two computers out of the 1000+ systems in our central site had these âEvent 1054â errors. Unfortunately, these two systems were mission-critical systems. And, most interesting of all, there were NO OTHER VAGUELY RELATED ERRORS OF ANY KIND, visible or logged, on these systems. They just werenât getting policy [âgetting policyâ ok terminology?] correctly (everything else was fine).
I said to myself, âSelf, if theyâre having these errors there must be something insidious going on.â
Here is a screenshot of the 1054 error on the machine:
After MUCH back-and-forth testing, we discovered the source of the problem: LINK NEGOTIATION! The switch between these systems and the DCs had one tiny little misconfiguration, and these particular systems werenât âdiscoveringâ quickly enough what kind of network link they should have. So, in a final test, I hard-coded the NICs to 100/Full.
And the errors vanished like . . . well, something that vanishes.
Thanks again Dan Holme from Intelliem.com for this cool, simple troubleshooting tip!!
Tip 2: How do I get MMC 3.0 functionality on my Windows XP machine?
Last month, you read about how to control printers using GPOs. And we did so using Windows 2003/R2âs new Print Management Console. You might have noticed that it had a different look and feel to it. That new look and feel is the MMC 3.0 (as opposed to MMC 2.0) which can be seen in this screenshot.
(Click on image for a larger view)
Since you likely control your Active Directory universe from an Windows XP machine (and not a Windows 2003/R2 machine) you might want to step-up to the MMC 3.0 look and feel on your Windows XP machine. Hereâs how we do it:
- Ensure that your Windows XP machine has SP2 installed.
- Get the MMC 3.0 interface (one for 32-bit Windows XP and one for 64-bit Windows XP)
- Enable the MMC 3.0
Weâll assume you already have Windows XP / SP2. Now, to get the 32-bit version of MMC 3.0, click here. To get the 64-bit version of MMC 3.0, click here: . Note that it seems as if 64-bit Windows XP systems get âsecond class citizenâ status here, as there doesnât seem to be a âfinalâ version of the code, rather, that link for 64-bit Windows XP MMC 3.0 seems only to be Release Candidate 1.
Update: You can now download from Microsoft a copy of MMC 3.0 for XP x64 and MMC 3.0 for 2003 sp1 as well as 2003 x64 and ia64 Finally, once installed on your Windows XP machine, edit the registry to add a new key.
- Navigate to HKEY_LOCAL_MACHINE | SOFTWARE | Microsoft | MMC.
- From the Edit menu, select New, Key. (Yes, âkeyâ, not value)
- Enter âUseNewUIâ.
Note that the new Action pane seems to be available regardless of whether the setting is performed or not. However, the new âAdd/Remove Snap-insâ is definitely different once you perform the setting, as seen below. (Click on image for a larger view) You may not see much ânew stuffâ while youâre inside your console (such as when youâre inside the âActionsâ pane.) Thatâs because each snap-in needs to specifically take advantage of MMC 3.0 goodies.
Tip 3: Ready for Vista?
While not specifically a Group Policyârelated tip, I thought yâall would find this interesting. You can do a quick âhealth checkâ on your existing hardware (running Windows XP) and figure out if itâs a good candidate to put Windows Vista on it.
Just trot on out to the machine in question, and click here.
Youâll get asked a handful of questions about what you want to DO with Windows Vista. Then, out pops a suggestion about which version of Vista you should get and which areas need attention. Youâll get an HTML report (IE-readable-only, of course) that tells you which features are A-OK and which might not work. You also get a report about the drivers on your current machine and how theyâll fare with Vista (see second screenshot below).
(Click on image for a larger view)
Note that some items are peripherals (like my Brother MFC-3220C printer), but some are built into the machine (like the SigmaTel C-Major Audio device.) Letâs hope all these drivers are available by Vista showtime.
Get signed copies of...
Group Policy, Profiles and IntelliMirror for Windows 2003, Windows XP and Windows 2000 (THIRD EDITION)
Windows & Linux Integration: Hands on Solutions for a Mixed Environment
Do you have the new THIRD EDITION of the Group Policy book? It's got 50 new pages, fully covers XP/SP2 and Windows Server 2003/SP1, an armload of new tidbits here and there, and whole new section on the Security Configuration Wizard.
Order your signed copy today by clicking here.
Additionally available is my new title Windows & Linux Integration: Hands on Solutions for a Mixed Environment fromwww.WinLinAnswers.com/book.
Oh, and if you own either book, and want to say nice things on Amazon, please do so! That would be great. Thanks! You can do so here:
http://www.amazon.com/gp/product/0782144470 (GPO book)
http://www.amazon.com/gp/product/0782144284 (WinLin book)
Now Available: Private GP Course in "Less-Intensive" Format
Everyone knows the two-day Group Policy course is really three days of material packed into two intensive days. However, some customers have asked for a less intensive format.
Your wish has been granted!
This course starts with a half day warm-up of Active Directory, managing users, and delegating permissions. Then, we move on to the Group Policy goodies. This way, those with less Group Policy and day-to-day administration experience can get a bit of the fundamentals before diving into the Group Policy waters.
This "three-day less-intensive" option is ONLY available as a private course. Note, the "two-day intensive" option is available as either a private or a public course. Learn more about the Group Policy courses here.
Public Group Policy Intensive Training and Workshop Schedule Update
I've basically lost count at this point of how many people have signed up and taken the two-day Group Policy intensive training and workshop. Students LOVE the class, and managers LOVE the results.
You BOUGHT and IMPLEMENTED Active Directoryânow DO SOMETHING with it.
Public Two-Day Workshops for the Remainder of 2006:
Because I got invited to do a 19-city roadshow with TechTarget and Microsoft (see next section) I had to move around some of my class dates.
July 11â12: Denver, CO
July 25-26 (changed dates): Austin, TX (by popular demand!)
Aug 23â24: Phoenix, AZ
Sep 25â26 (changed dates): Seattle, WA
Oct 31âNov 1 (changed dates): Portland, OR
Why THESE cities? Because people used the "Suggest a city" form at https://www.gpanswers.com/suggest and ASKED me to have classes here.
Here's hoping you'll take advantage of the opportunity!
Learn more and sign up at: https://www.gpanswers.com/workshop
(Don't forget to scroll all the way to the bottom of that page and locate your city!)
Or, if you think you might want your own in-house training (with all the personalized attention that affords), I'd love to join you onsite!
If you have even a handful of in-house people interested in the training, the course pays for itself (as you don't need to ship people offsite!). I'll even travel overseas to the U.K., other parts of Europe, or Japanâor wherever! Have passport, will travel!
Again, while the training course isn't officially endorsed by Microsoft, the class does have the distinction of being a suggested avenue for intense Group Policy training by members of the Group Policy, Microsoft Consulting Services, and Product Support Services teams at Microsoft!
Iâm honored to announce that Iâm working with two pairs of vendors to get you free stuff in the upcoming year starting in June! (Yâall know how much I love free stuff!)
Jeremy Moskowitz and NetIQ + FullArmor team up to bring you, over the next year or so, some webinars, whitepapers, and roadshow opportunities. Here, youâll see me outline some of the difficulties that administrators have when working with the native Group Policy toolkit. Then, NetIQ + FullArmor will talk about how their products fill in those gaps ! Iâll keep you posted with mini-updates via âun-newslettersâ when a webinar or roadshow date is approaching.
Jeremy Moskowitz and TechTarget + Microsoft team up to bring you a 19-city roadshow tour titled: Deployment, Managing, and Monitoring: Getting the Job Done. Here, youâll hear me talk about how to use the tools in the box to deploy your Windows XP, Windows 2003, and Vista systems, how to use Group Policy to manage your systems, and finally how to keep tabs on them with some slick free tools! Did I mention this is 19 cities?? So, thereâs a good chance weâll be near you soon! First two cities are Charlotte, NC (June 27, 2006) and Atlanta, GA (June 28, 2006).
The best two places to see the city list will be my web site calendar (which runs along the right-hand side), and also here, the official TechTarget/Microsoft web site. Dates will be added when confirmed. Hope to see you there!
Welcome Mark, my new assistant!
Also, a big welcome to my new assistant. His name is Mark, and he can be reached at [email protected]. He can help you get signed up for a class, get you a case of books, or troubleshoot a gift order. Heâd love to get a welcome email from you! However, please donât send Mark any technical questions. Post those to GPanswers.com/community.
Subscribe, Unsubscribe, and Usage Information
If you've received this message as a forward from a friend, or are reading it online in the archives, you can sign up for your own newsletter subscription.
Also, if you want to unsubscribe, you can do that, too (but we'll be sad to see you go).
For all Subscription and Unsubscription information, we have a one-stop-shop page at the following address:https://www.gpanswers.com/newsletter
You can use this information as you see fit, but if you're going to copy any portion, please FORWARD THE ENTIRE email.
While Moskowitz, inc. tries to ensure that all information is technically accurate, we make no warranty with regard to the information within. Please use at your own risk.
If you need personalized attention in any way, just email me: [email protected] If you have questions about ordering a book, contact my assistant Mark at: [email protected]z-inc.com. I endeavor to respond to everyone who emails.
Thanks for reading!