27 November 2019

My users rebooted the RDSH!

So when using RDS in Windows Server 2016 there is a funny issue that arises… Users can actually reboot your Remote Desktop Session Host (RDSH). Yes, you read that right! Your users have the rights/permissions to reboot your host. If your like the dozens of forum posts i discovered, they will probably/definitely do it during production hours.

I know what you’re probably thinking… I had set up my GPOs and it was working before when we were on Windows Server 2012 or 2012 R2.

Well folks, 2012 R2 is where the support for that GPO ended. It is not supported on 2016 or higher. Stupid, right?!? Why would they take away that setting? Or better yet, why would users need to restart a server, that’s an administrator’s role? To be honest I don’t know.

The setting you used to use was “Allow non-administrators to receive update notifications”. It is found under “Computer Configuration\Administrative Templates\Windows Components\Windows Update\”. (Full description here – https://gpsearch.azurewebsites.net/#2794)

It seems like the only viable, and IMHO equally dumb option, to prevent users from applying updates and restarting your server is to completely disable windows updates.

That setting, if you choose to go that route, is “Turn off access to all Windows Update features”. It is found under “Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\”. (Full description here – https://gpsearch.azurewebsites.net/#4728)

Hopefully Microsoft fixes this and administrators are again able to take control back and stop our users applying windows updates and rebooting our machines.

15 November 2019

What was that GPO setting?

There is a GPO setting for, literally, almost everything in Windows!

Software companies provide all of these settings to administrators by means of Group Policy Administrative Templates, better known as ADMX templates or ADMX files. The domain admin imports these ADMX files, into their Active Directory schema, and can then manage an array of settings for the software related to the imported ADMX template.

You can usually find these files on your software vendor’s website, or try doing a search for your software along with the term ” ADMX”. The files or templates consist of two parts; (1) ADMX file – this half are the settings that it allows you to set, and (2) ADML file – the is the language localization file and will have the same name as the ADMX file it is associated with.

While these ADMX templetes allow for an amazing level of control and standardization within a domain or corporate environment, it can be pretty intimidating trying to comb through all of the available settings to find the one thing you want to tweak. It’s akin to trying to find a needle in a hay stack.

Luckily we live in the age of the Internet. There are a couple of websites that I like to use, that have made the task of finding particular GPO settings incredibly simple. Since I’m starting off with Microsoft – Think of it as “Bing’ but just for GPOs & ADMXs. As i mentioned, the first one is “powered” by Microsoft themselves. I feel that it does a great job of simplifying the task of searching for the right GPO setting you want.

Group Policy Search – https://gpsearch.azurewebsites.net/

The other site that I like to use is not Microsoft specific, but compiles and lists the configurable settings available from many software vendors (I stopped counting after I got to 50 different venders).

If the software you use has an available ADMX template, there is pretty darn good chance that it’s settings will be listed on the site below.

GetADMX – https://getadmx.com/

13 November 2019

Outlook O365 – minimized window issue

Had an issue today with a user using O365 Outlook. Whenever they tried to open a message in a new window, it open it as a minimized window, showing only dots, then the minimize/full screen/close window icons.

I could use the “windows key + [ARROW]” buttons to move and essentially resize the window. But after closing and re-opening the message, it was the minimized window as before. I tried resizing it and holding “SHIFT” when closing the window, but that didn’t work either. Everything i tried basically wouldn’t persist. Every time i closed the window and reopened it, it would be that same minimized window.

What did end up working for me was to close Outlook, and make a registry edit. This is the registry key I deleted:

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Message\Frame

After that, opening messages in a new window worked as expected again.