View Blog

Oct 2004

In this issue:

  • It's Issue 5...
  • Where do you want me?
  • Moskowitz, inc. Technology Takeaway (r)
    • Three juicy questions and answers...
  • Upcoming conferences, appearances, and classes
    • Free live events
    • Public courses until the end of the year ... and one for 2005 already!
  • Get a signed copy of Group Policy, Profiles and IntelliMirror
  • Subscribe, unsubscribe and usage information

Moskowitz, inc. and -- Issue 5

It's issue five of the Moskowitz, inc. newsletter. Hopefully, you've all had some time to at least experiment with XP/SP2. Okay, okay's my short, shameful confession: I haven't loaded it yet on my own laptop. Okay, sure, it's on my desktop machine, but not the one I travel with.

Why haven't I committed? Because I'm busy busy busy... running around the country, etc. I'm 1% fearful that I'll be that one guy who gets the BLUE SCREEN after the reboot.

I have some vacation time planned in December. That's when I'm making my own switch. Do you have a plan for your company? As always, you can forward this newsletter to your friends --but please do so in one whole piece (please don't just cut and paste).

Where do you want me?

I'm trying to come up with the Group Policy Intensive Training and Workshop class schedule for 2005. My plan is to do 12 PUBLIC training classes – one a month in a different city. I'm committed to having one in Orlando, Phoenix, Dallas, and Philly. All dates (except Orlando) to-be-determined. Everything else is open for negotiation.

So, if you think you've got a great location for a class (we only need 5 people to make it "a go"), then send me an email with a subject line of CLASS LOCATION: . I'll take the top 6 suggestions, and that'll be that. The winning results will be in the next newsletter.Of course, I'll still be available for PRIVATE training classes inside your company. You don't have to VOTE for that. Just send me an email when you're ready to get that started.

Technology Takeaway®, a service of Moskowitz, inc.

Here's what's on people's minds recently...

TIP / Question 1

We have a GPO that disables XP/SP2's Firewall until we can configure and test its use. So, when a new system starts up on our LAN, the GPO takes effect immediately and disables the firewall.

However, if the user has never connected to the LAN before, and simply dials in, the policy does not appear to have any effect. Ihave left a test machine connected for over 3 hours to give the background refresh time to occur, and have tried manually initiating processing with "gupdate /force" -- but neither had any effect. Again, if I then connect the system to the LAN, the policy takes effect immediately.

Answer 1

First, you need to be using the XP/SP2 ADM templates. (See previous newsletters for that.)

Then, you can drill down to:

Computer Configuration | Administrative Templates | Network | Network Connections | Windows Firewall

There, you'll see both "Domain Profile" and "Standard Profile." And, the policy setting you're after is: "Firewall: Protect all network connections" and you want to set it to DISABLED (yes, Disabled). The policy settings in "Domain Profile" are used when AUTHENTICATED to a DC. The policy settings in "Standard Profile" are for when the computer ISN'T AUTHENTICATED to a DC.

Soooooooo.... You have a very special case, my friend. You should set *BOTH* the
Domain Profile | Firewall: Protect all network connections
and the
Standard Profile | Firewall: Protect all network connections

so they are Disabled.

Why?Because when you dial in you might not be actually authenticating to a DC. Rather, if you dial in (when already logged on) you're using pass-through authentication. You might need to GET the GPO ONE TIME on the LAN (ie: not dialed up) for this magic to work. Then, it should keep on working.

Question 2

How can I stop XP/SP2 from deploying to my clients via critical update?

Answer 2:

Take a look at the materials on Microsoft's web site here. There's an ADM template to squelch XP/SP2 from being automatically downloaded until YOU'RE ready. There's also other little odds and ends in there to help with the process.

Question 3

Jeremy, some things just aren't going to work after I install XP/SP2. Do you know what is known to "blow up"?

Answer 3

Check out this KB article which has a known list of stuff that might not work immediately after XP/SP2 is applied. There are lot of applications on this list, so be sure to give it a look-see BEFORE you leap into XP/SP2.

Upcoming Conferences, Appearances and Classes

Something new...
On (or )
I have a neat-o calendar that I'm updating with any public (and private) appearances. So, check it out anytime for up-to-date information!

Its Free! Jeremy pairs with Microsoft TechNet Presenters at key events!

Microsoft is running around the country giving free all-day Active Directory, Group Policy and ISA talks. was just paired up with TechNet presenter Bryan Von Axelson, in Dover, DE and Philadelphia, PA and it was great!

I'll be there at some more dates, giving out some free books, some shirts -- oh, and some killer Group Policy tips, too! I get about 20 minutes to speak, but, believe me, you'll walk away with something you can use immediately.

Hope to see you there.

You can sign up for the free Microsoft events here. They're simply EVERYWHERE around the country. But I'm not. I'm scheduled to appear at two more before the end of the year: December 14th, 2004in my hometown of Wilmington, DE and December 16th, 2004in either Trenton, NJ or Allentown, PA. It's still being determined. I'll keep you posted as I know more.'

Not free... but worth it! Upcoming classes

I'd love to see you in one of the two-day Group Policy intensive training and workshop classes.These two-day classes get you up to speed, working with Group Policy, Security settings, ADM templates and just about all you need to know to hit the ground running -- Fast!

Hope to see you in class soon!

Again, while the training course isn't officially endorsed by Microsoft, the class does the have distinction of being a suggested avenue for intense Group Policy training by members of the Group Policy team at Microsoft.

At the MMS 2004 and TechEd 2004, conferences, Mark Williams from the Group Policy team encouraged the throngs of attendees to check out the new Group Policy book and the training!In fact, he dedicated a whole slide to the book, the training, and for each of his sessions!

Wow! Thanks, again Microsoft!

If you want to see the full course outline, and sign up for an upcoming public class, be sure to click here. Or ... If you think you might want your own in-house training of the course (with all the personalized attention that affords), I'd love to join you on-site!

If you have even a handful of in-house people interested in the training, the course pays for itself (as you don't need to ship people offsite!) I'll even travel overseas to the U.K., other parts of Europe, or Japan -- or wherever! Have passport, will travel!

Just contact me at [email protected] or call me at 302-793-3957.

Get a signed copy of Group Policy, Profiles and IntelliMirror for Windows 2003, Windows XP and Windows 2000

We've had dozens of people order books directly from If you'd like a copy, it's easy to order, and I'll sign the book to you, free!

Please note that I'm not set up to accept credit cards directly; however, you can enjoy the security of ordering through your PayPal account (and they take credit cards, including AMEX just fine.) Thanks for understanding!

Order your signed copy today by clicking here.

Oh, and if you own the book, and want to say nice things on Amazon, please do so! That would be great. Thanks! You can do so here.

Technology Takeaway (r), a service of Moskowitz, inc. (Supersecret, hidden, Easter-egg)

We're just giving it away! -- More Technical Takeaway Tips (My way of saying thanks for making it all the way to the end of the newsletter!)


Did you know Windows XP's SP2 has a new ability to have TWO Remote Desktop Sessions? Out the box, XP SP2 only has one. You can enable the second one with a simple registry punch.

1) In the registry, drill down to: HKEY_LOCAL_MACHINE | System | CurrentControlSet | Control | Terminal Server | Licensing Core. 2) Create a new REG_DWORD value named EnableConcurrentSessions.
3) Set the value to 1.

You may have to reboot (or maybe not). And, voila! Instant double-team!

Bonus Tip #2

Microsoft had another nice online Q&A chat on September 29th with the guys who head up the Group Policy division within Microsoft.

If you missed the chat, you can catch the transcript. Some goodies in there, for sure!They even mentioned us -- training! Hey, thanks! You make me blush!

Bonus Tip #3

Microsoft is having a large 14-part webinar series on Group Policy. They're doing one each Wednesday until the end of the year. Discover more about it!

My pal Matt Hester from Microsoft is doing the presentations, so be sure to catch some!

Subscribe and Unsubscribe Information

  • subscribe to this newsletter
  • unsubscribe from this newsletter

How did you get this newsletter? It's very likely you got it because you handed me (Jeremy Moskowitz) a business card at an event at some kind. And, consequently, I signed you up for my newsletter.

Or, possibly, you've received this message as a forward from a friend, or are reading it online in the archives, you can sign up for your own newsletter subscription.

Also, if you want to unsubscribe, you can do that too (but we'll be sad to see you go).

For all Subscription and Unsubscription information, we have a one-stop-shop page at the following address:

If you need personalized attention in any way, just email me: [email protected] I endeavor to respond to everyone who emails.

Thanks for reading!

Jeremy Moskowitz
Author, Instructor, Infrastructure Architect
Moskowitz, inc.
[email protected]
Learn more about Group Policy at !

Comments (0)

No Comments!