24 December 2019

Office 365 – Winmail.dat

After changing over from on-prem Exchange to O365, I had one user where the recipients of their emails would receive any attachment that was sent as the “dreaded” winmail.dat file instead of the .pdf or whatever file the user was actually sending. It was intermittent however, in that some users would get the actual file and some (all external) would get the winmail.dat file.

First thing that I did was check that user was sending their mail as HTML, and not Rich-Text. After changing that value, I check back a week or so later and the user was still experiencing the issue, so it was time to dig a little deeper. After some searching online I was able to find that this was not an uncommon issue.

The issue happens because the receiver’s email client can not interpret the email message that was sent from Outlook in the Rich-Text format. When using Outlook to end an email using the Rich-Text format, a plain text copy of the email is also sent along with an attachment named winmail.dat. This ‘winmail.dat’ attachment is what contains all of the formatting, elements, and other data specific to Rich-Text email messages. This method of sending the email message is called “Transport Neutral Encapsulation Format” or “TNEF” for short.

Unfortunately, many non-Microsoft email programs can not properly open message that are received in TNEF. To fix this, we can use PowerShell to force Exchange Online to convert Rich-text messages to HTML before it sends it off. You can use the commands shown below to set the ‘RemoteDomain’ property “TNEFEnabled” to false on the Default policy.

1) Connect to Exchange Online via Powershell.

2) Get your Default RemoteDomain policy:
Get-RemoteDomain | fl *

3) Set the TNEFEnabled property:
Set-RemoteDomain Default -TNEFenabled $false
Re-run step 2 and you should see that “TNEFEnabled” is set to “False”.

Just in case… Here is how to change it back to a NULL value to undo your change in step 3, and let the Outlook client again decide how it wants to send the message.

4) Set the TNEFEnabled property back to NULL:
Set-RemoteDomain Default -TNEFenabled $nul

Category: Microsoft, Office | LEAVE A COMMENT
18 December 2019

MDT loading to cmd prompt

I was running an MDT LiteTouch deployment and the computer kept getting stuck at a command prompt after loading into MDT environment. Normally it should have launched right into the LiteTouch wizard, but for whatever reason, it just didn’t want to go beyond this point on its own. I discovered two possible ways to circumvent it.

I had used this same means of deployment on other machines of the same make and model, with the same Task Sequence, so I knew it wasn’t a driver issue as many eluded to in the various forums I looked at. However, I went ahead and did an “ipconfig” and also tried to mount the MDT share using “net use“, just to make sure there was no network issues. net use z:\\<servername>\deploymentshare$ Well, it turned out that I did already have an IP address and the mapped drive was already in use. So how can I now get on with my deployment?

The first and possibly the easiest way was to just manually launch the LiteTouch. It is as straight forwards as it sounds. I entered the command below into my command prompt, and viola! The LiteTouch wizard came right up and I continued on my way. X:\windows\system32> Z:\scripts\LiteTouch.vbs

The second method, really isn’t any more difficult than the first. Sometimes a folder named “MININIT” already exists on the computer’s C: drive and it can cause issues when trying to do a new deployment. The way around that is just to wipe the drive and essentially start back at square one. Warning though – Following this method WILL erase the drive and wipe any data that is on it. While it probably doesn’t matter, as you’re stuck anyways, but it is just something to be aware of.

At the first Wizard window, press F8. Then type:

  1. Diskpart (enter)
  2. List disk (enter)
  3. Select disk 0 (choose your main OS disk) (enter)
  4. Clean (enter)
  5. Reboot and start your imaging process again.

After wiping the disk of any pre-existing partitions your next deployment attempt should go smoothly as it now has a blank HDD to work on.

Category: Microsoft | 7 Comments on MDT loading to cmd prompt
4 December 2019

Office 365 in-“stalled” at 51%

Out of an entire organization, we had one single machine that had issues installing O365, it would always get stuck at “51%”. I even let tried letting it run for an entire weekend. The weird part was that it was a Win10 machine, and it was all up-to-date in terms of applying Windows Updates. The same ODT script worked perfectly fine for all the other machines that were a mix of Win8.1 & Win10.

So I gave the Office 365 uninstaller a whirl. It ran thru pretty quickly and said everything was removed. It ran so quick, it didn’t even seem like it did anything. I went ahead and tried my ODT script again. and voila – It worked!

So my only take away, is if you’re having issues with the installer “stalling” out, try MS’s uninstaller and try your install again.

Category: Microsoft, Office | LEAVE A COMMENT
27 November 2019

My users rebooted the RDSH!

So when using RDS in Windows Server 2016 there is a funny issue that arises… Users can actually reboot your Remote Desktop Session Host (RDSH). Yes, you read that right! Your users have the rights/permissions to reboot your host. If your like the dozens of forum posts i discovered, they will probably/definitely do it during production hours.

I know what you’re probably thinking… I had set up my GPOs and it was working before when we were on Windows Server 2012 or 2012 R2.

Well folks, 2012 R2 is where the support for that GPO ended. It is not supported on 2016 or higher. Stupid, right?!? Why would they take away that setting? Or better yet, why would users need to restart a server, that’s an administrator’s role? To be honest I don’t know.

The setting you used to use was “Allow non-administrators to receive update notifications”. It is found under “Computer Configuration\Administrative Templates\Windows Components\Windows Update\”. (Full description here – https://gpsearch.azurewebsites.net/#2794)

It seems like the only viable, and IMHO equally dumb option, to prevent users from applying updates and restarting your server is to completely disable windows updates.

That setting, if you choose to go that route, is “Turn off access to all Windows Update features”. It is found under “Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\”. (Full description here – https://gpsearch.azurewebsites.net/#4728)

Hopefully Microsoft fixes this and administrators are again able to take control back and stop our users applying windows updates and rebooting our machines.

Category: Microsoft | LEAVE A COMMENT
15 November 2019

What was that GPO setting?

There is a GPO setting for, literally, almost everything in Windows!

Software companies provide all of these settings to administrators by means of Group Policy Administrative Templates, better known as ADMX templates or ADMX files. The domain admin imports these ADMX files, into their Active Directory schema, and can then manage an array of settings for the software related to the imported ADMX template.

You can usually find these files on your software vendor’s website, or try doing a search for your software along with the term ” ADMX”. The files or templates consist of two parts; (1) ADMX file – this half are the settings that it allows you to set, and (2) ADML file – the is the language localization file and will have the same name as the ADMX file it is associated with.

While these ADMX templetes allow for an amazing level of control and standardization within a domain or corporate environment, it can be pretty intimidating trying to comb through all of the available settings to find the one thing you want to tweak. It’s akin to trying to find a needle in a hay stack.

Luckily we live in the age of the Internet. There are a couple of websites that I like to use, that have made the task of finding particular GPO settings incredibly simple. Since I’m starting off with Microsoft – Think of it as “Bing’ but just for GPOs & ADMXs. As i mentioned, the first one is “powered” by Microsoft themselves. I feel that it does a great job of simplifying the task of searching for the right GPO setting you want.

Group Policy Search – https://gpsearch.azurewebsites.net/

The other site that I like to use is not Microsoft specific, but compiles and lists the configurable settings available from many software vendors (I stopped counting after I got to 50 different venders).

If the software you use has an available ADMX template, there is pretty darn good chance that it’s settings will be listed on the site below.

GetADMX – https://getadmx.com/

Category: Microsoft | LEAVE A COMMENT
13 November 2019

Outlook O365 – minimized window issue

Had an issue today with a user using O365 Outlook. Whenever they tried to open a message in a new window, it open it as a minimized window, showing only dots, then the minimize/full screen/close window icons.

I could use the “windows key + [ARROW]” buttons to move and essentially resize the window. But after closing and re-opening the message, it was the minimized window as before. I tried resizing it and holding “SHIFT” when closing the window, but that didn’t work either. Everything i tried basically wouldn’t persist. Every time i closed the window and reopened it, it would be that same minimized window.

What did end up working for me was to close Outlook, and make a registry edit. This is the registry key I deleted:

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Message\Frame

After that, opening messages in a new window worked as expected again.

Category: Microsoft, Office | LEAVE A COMMENT