Today I came across a new module which can help in administering remote registry with powershell.  It has various cmdlets to get and set registry values with powershell.

You can read more about this at Shay  Levy’s Blog

Happy Learning..,
Sitaram Pamarthi

 I had spent real huge amount of time in dealing with drive mapping in Group Policy preferences in last week. It’s easy as you see, but very difficult when you want to troubleshooting. So, I decided to write this post to help my blog visitors by providing as much as information I have gathered/learnt in Drive mapping related things. 

As said before, things are really smooth when you configure drive mapping preference for the first time.  If you start playing with it to satisfy different kind of situations, then you are caught.  What I did to make my life tough is, I deleted the mapped drives after login and did a “gpupdate /force” no drives were mapped L. Again, what I did is, I re-logged into the machine and found that they are not in place still. I surprised and made relogin again, this time they mapped. Finally after applying multiple tests like this, I came to a conclusion that, I have below two problems… 

1. Drive mapping is not happening at every attempt
2. Background processing of drive mapping is not working

 The very big mistake I did to resolve above is, trying to resolve both the problems at same attempt and really mixed up the things and made myself confused.  After taking a break, I followed the divide and conquer method. 

Problem#1: Drive mapping not happening at every login

Initially I am not sure why the drive mapping is not happening at every login. I ran rsop and there drive mapping processing time is not updated. This made me to realize that drive mapping CSE didn’t triggered at all. Well, now I enabled GPO debug logging on my Windows 7 machine and started looking at the logs. They are clearly saying that drive mapping CSE processing skipped as there is no change in version number. Hmm, whatever it is doing is right and I have enabled “Process even if the Group Policy objects have not changed” option in “Drive maps preference extension policy processing” policy which is located at [Computer Configuration | Policies | Administrative Templates | System | Group Policy] and restarted my PC. Things started working and drive mapping is happening every time I re-login.

First problem is solved. Let’s move on to the second problem.

Problem#2: Background processing of drive mapping is not working.

After login, if I delete mapped drives and initiate a “gpupdate /force” command, my drives are not coming back. I again relied on GPO logs and realized that drive mapping CSE refresh is happening as part of background processing. I STRONGLY recommend to not to follow the description of Drive mapping CSE; it is really contradicting with its behavior. As per the policy description, drive mapping refresh should work during the background processing by default — but it is not the case. Now I went to the registry key, HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonGPExtensions{5794DAFD-BE60-433f-88A2-1A31939AC01F} and changed the value of “NoBackgroundPolicy” to “0”. This did the trick and background refresh of drive mapping started working fine.

Hurry…I resolved both my problems and trying to figure out a new problem I observed just now.  I will blog it as soon as I resolve it. 

To Summarize:

How to make GPO to process Drive mapping at every login:

1. Edit the GPO which is applicable to your computers and navigate to [Computer Configuration | Policies | Administrative Templates | System | Group Policy]
2. Now go the properties of “Drive maps preference extension policy processing” policy and enable the option “Process even if the Group Policy objects have not changed”
3. Save you GPO and reboot your machine

 How to enable background processing for drive mapping CSE:

1. Go to regedit and navigate to HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonGPExtensions{5794DAFD-BE60-433f-88A2-1A31939AC01F}
2. Locate “NoBackgroundPolicy” value and change it to “0” from “1”
3. Now try doing a background refresh by issuing the command “gpupdate /force” and it should work

Thanks for reading the log story and happy learning,
Sitaram Pamarthi

UPDATE: The Group policy debugging log enable method discussed in this post for Windows 7 OS also works for Windows 8 and Windows Server 2012

People familiar with UseEnv logging for GPO debugging on Windows XP can forget that procedure if you started looking into Windows 7 operating Systems. Things have really changed and you should follow the below procedure enable debug logging on Windows 7 Computer. I guess this procedure works straight away with Windows 2008 hosts as well(I didn’t tested it).

1. Logon to the Windows 7 Computer as local administrator
2. Save the below few lines as .reg file and execute it on the Windows 7 computer.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionDiagnostics]
“GPSvcDebugLevel”=dword:00030002

Now time to restart your Windows 7 PC to make changes come into effect.

The debug log file will be available under “%systemroot%debugUserMode” folder and the file name is “gpsvc.log”.  If you want a nice view of this log file for easy reading, I prefer you download the policy reporter tool from SysPro Software. This tool allows you to analyse the time taken for each policy detection and processing.

Let me know you are in doubt anywhere…

Happy Learning..,
Sitaram Pamarthi

While working on GPOs related stuff, initially I struggled to find a way to know list of GPOs available in my machine. After a bit of research I found that list will be available at registry location “HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonGPExtensions”. I am satisfied and started looking at this location whenever I want to know CSE settings. But a bit later, I found this procedure also little bit difficult and finally relied on my favorite to get this information for me.  Below are the examples,

To list all CSEs installed in my machine alone with their GUID, use below one liner.

PS C:> Get-ItemProperty “HKLM:SOFTWAREMicrosoftWindows NTCurrentVersionWinlogonGPExtensions*” | ft “(default)”, PSChildName

And the output of above command will be something like this…

To list the properties of a given CSE(say drive mappings), use the below one liner.

PS C:> Get-ItemProperty “HKLM:SOFTWAREMicrosoftWindows NTCurrentVersionWinlogonGPExtensions*” | where {“$_.(default)” -like “*drive*”}

Similarly, to list the Internet Explorer Branding CSE related settings, use the below one.

PS C:> Get-ItemProperty “HKLM:SOFTWAREMicrosoftWindows NTCurrentVersionWinlogonGPExtensions*” | where {“$_.(default)” -like “*Internet Explorer Branding*”}

Similarly, you can play with remaining options if you have some PS knowledge. Let me know if can not make out any particular thing.

Happy Learning..,
Sitaram Pamarthi

Microsoft has released a document on functional Changes in Windows 2008 R2 Operating System. Use the below link to download that.

Download

This post talks about the command line options for enabling/disabling features in Windows 7 OS.

Features like, GPMC, telnet, DHCP, DNS and other can be enabled or disabled with the command “dism”. This utility can also be used for querying features, packages, adding drivers, etc. Below are the some of the examples.

To view list of installaed features:

dism /online /Get-features

To enable a feature(GPMC in this example)

dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Features-GP

To disable a feature(GPMC in this example)

dism /online /disable-feature /featurename:RemoteServerAdministrationTools-Features-GP

Note: Please note that feature names are case sensitive and make sure to provide them as you see in query results.

More information about DISM(Deployment Image Servicing and Management) is available at http://technet.microsoft.com/en-us/library/dd744566(WS.10).aspx

Happy Learning…,
Sitaram Pamarthi

“I have a GPO GUID and want to know to which GPO this belongs to?”. If that is your question, you can happily use the below method.  For this you need to have “support tools” of Windows 2003.  You can get it from Microsoft Web Site as well. Alternatively, you can copy search.vbs from any machine where support tools package is installed.

cscript /nologo search.vbs “LDAP://dc=mydomain,dc=com” /C:”&(objectClass=groupPolicyContainer)(name={31B2F340-016D-11D2-945F-00C04FB984F9})” /P:displayName /S:SubTree

tags:how to find GPO name, GPO GUID to name resolution

Sometimes you might see error like below while starting “Counter logs” tasks from perfmon and additionally you will see Event ID 2003 with source “Sysmonlog” in Application Event viewer and Event ID 7024 with source “Service Control Manager” in System event viewer.

The test1 log or alert has not started. Refresh the log or alert list to view current status, or see the application event log for any errors.  Some logs and alerts might require a few minutes to start,  especially if they include many counters or they contain counters to be collected from a remote system that is no longer on the network. For further information see the troubleshooting section in the online help.

If the above mentioned symptoms matches your problem, then it can be fixed by following the below steps.

• Open regedit and navigate to “HKLMMACHINESYSTEMCurrentControlSetServicesSysmonLogLog Queries” registry key and go to permissions 
• Grant full permissions to “Network Service” and propagate them to child objects.
• Now try to start your counter log job; it should start now without any issues.

Hope this helps you…

Happy Learning…,
Sitaram Pamarthi

Tags: problems with perfmon, unable to start counter logs, Error starting counter logs

http://blogs.technet.com/markrussinovich/archive/2009/11/03/3291024.aspx