• You can use this document to learn how to implement and administer the ActiveX® Installer Service in Windows Vista®. Why the ActiveX Installer Service? Many organizations must install ActiveX controls on their desktops in order to ensure that a variety of programs that they must use on a daily basis will work properly. However, most ActiveX controls must be installed by a member of the Administrators group and many organizations have configured or want to configure their users to run as standard users, which are non-administrative users that are members of the Users group. As a result, organizations have to repackage and deploy the ActiveX controls to the users. In addition, many of these ActiveX controls must be regularly updated. Many organizations find this to be a difficult and costly process to manage for standard users. With Windows Vista, you can now easily deploy and update ActiveX controls in a standard user environment. The ActiveX Installer Service enables you to use Group Policy to define approved host URLs that standard users can use to install ActiveX controls. Note The ActiveX Installer Service is an optional component on Windows Vista® Ultimate, Windows Vista® Business, Windows Vista® Enterprise. How the ActiveX Installer Service Works When a standard user uses Internet Explorer® to browse to a site that requires the user to install an ActiveX control, the ActiveX Installer Service checks whether the URL requesting the ActiveX control installation is approved in Group Policy. This URL is called the host URL. If the host URL is approved, the service installs the ActiveX control for the standard user, and the user does not have to provide administrator credentials or administrative approval. If the host URL is not approved, the default Windows Vista ActiveX control setting is used and the user is required to provide administrator credentials or administrative approval. Note We designed the ActiveX Installer Service to allow standard...
  • Open Group Policy Management Edit an existing policy or create a new policy. Navigate to Computer Configuration ->Policies->Windows Settings -> Security Settings -> Registry. Right click the Registry and click Add Key. Choose the Registry key you want to change. Configure the appropriate permissions. Choose the proper setting from the Add Object dialog box. Link or enforce the policy accordingly.
  • With the new Microsoft KMS service built into office 2010 you must run the following executable before you can capture your image. C:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPREARM.EXE The reason being is sysprep does not clear out the KMS identifier in Office like it does in Windows.  So every machine will have the same identifier making it impossible for your KMS server to activate your Office 2010 clients.  Run this executable before capturing your image and you should be fine.
  • using the task manager click file -> then new task type cmd this will open a command prompt then navigate to C:system32restore then type rstrui.exe this should launch the system restore wizard Now just follow the system restore wizard For More Information On Microsoft System Restore
  • July 10, 2010

    Group Policy Object Disable Service

    1. Install group policy manager on a PC that has the service you to want to disable on it 2. Right Click on Group Policy Objects and click New 3. Name the Policy Accordingly 4. Now select that GPO and right click and hit Edit 5. Select Computer Configuration -> Window Settings -> Security Settings -> System Services 6. In the list of services select the service you want to disable 7. Right click and select properties 8. Click Define this policy setting leave security at default 9. Set service startup mode as disabled. Click ok 10. Right click on the OU you want to apply this policy to and click Link Existing GPO 11. Find the policy and click ok
  • June 29, 2010

    Fix Missing or Corrupt Hal.dll

    Boot to the Windows recovery console get to the proper drive (usually is c:) type attrib -H c:boot.ini enter type attrib -R c:boot.ini enter type attrib -S c:boot.ini enter type del c:boot.ini enter (you are deleting the boot.ini this is normally the reason for the corrupt hal.dll) type bootcfg /rebuild fixboot After the fix runs reboot and everything should be fixed.  When I first did this I ran into an issue where I got an error “can fixboot on a corrupt registry”  I ran and chkdsk /r after that completed I ran step 7 again and everything worked fine. I have also heard an alternative solution fix this issue in the recovery console do the following command Expand D:I386HAL.DL_ c:WINDOWSSYSTEM32HAL.DLL I have never tried this method so I cannot prove it works  but if your issue persists it might be worth a try.  If you get an “access denied” do the attrib command to the HAL.DLL file that might help you. Again I have not tried this method just giving suggestions.
  • June 24, 2010

    Windows DNS Aging and Scavenging

      Had a big DNS problem today and this article really helped me out very detailed and easy to understand.  I have worked with DHCP and DNS in the past never realized how many setting and options there really were to set.  Was interesting you would ping a PC by name and would come back with the wrong IP.  The problem ended up being a combination of short DHCP leases with a long aging and scavenging time set in DNS.,289483,sid68_gci1040355,00.html
  • I recently worded on an issue where you would import computers into an imaging collection and it would take hours before they would kick off to image.  I found a Microsoft Hotfix to fix this issue.  Microsoft hotfixKB980270 took care of this issue for me I applied the patch rebooted the server and everything we imported starting imaging.  This issue focus on System Center Configuration Manager 2007 Service Pack 2 AKA SCCM 2007 SP2 but I can tell you from experience SP1 also had the same issue and there was a separate hotfix to fix that issue.
  • June 8, 2010

    Setup SCCM PXE Point

    There have been many posts out there trying to address the issue behind Native Mode and PXE and/or Boot Media problems. This posting publishes information I found in the following article and additions which I have made to clarify some certificate configurations. Step 1 In the site properties , check that you have imported your Root CA certificates. If you have subordinate CA servers , import them as well as I have seen issues arriving when not importing them .The picture below will give you the idea : Step 2 Create your OSD PXE service point Certificate & export it . Go to your certificate authority and duplicate the Computer certificate , name it Configmgr OSD certificate and make sure that you could export the private key ! My Comments: MAKE SURE SUBJECT NAME TAB CONTAINS: SUPPLY IN REQUEST. When the request is made, give the certificate the following Attributes: • CommonName: (i.e. OSDpxeBootCert..Com) • Alternate name: • Friendly name: Any descriptive name. Note: Because certificates are Required through out the native mode deployment. FQDNs are also required for certificate Subject name and Alt Subject Names. When you have created the certificate , export it to a DER format by going to MMC – Certificates – personal – Request new certificate . Select the Configmgr OSD certificate and install it on your machine . When done , right click on the certificate and select export . Export the certificate with private key and when exported , delete the certificate you have requested . Step 3 Import you in the PXE role configuration pane . Now we go to the SCCM console and go to Site systems – PXE Role , import the certificate you just exported . The picture below explains it : You will get the following warning when you exported the certificate on the Site server itself . This is...