There may come a time when you want to turn off Windows firewall and ensure that it doesn’t come back on. Windows appears to do this randomly (I’m sure there is a reason). To ensure that it is disabled, you can use Group Policy when on a domain. However, when you are off the domain, you need to do it locally. Using GPEDIT.MSC, you can do this on a machine.
Open up GPEDIT.MSC and browse to Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall. In there, you will see several profiles. Under each profile, change the “Windows Firewall: Protect all network connections” to disabled. This will effectively disable the Windows Firewall and not allow anyone/anything to turn it back on. You should repeat this for all profiles that it makes sense on.
So one of my pet peeve statements is “That’s the way we’ve always done it.” In my current position, I was shown how to use our template images in VMware to produce new machines and what options to click in. I always felt something was missing in the process. Recently, I was reading an article on VMware and sysprep as I was considering redoing the image and taking out a lot of manual work. Then I learned about customization templates which I never knew existed because I did it the way it was always done! Here are a few things I learned about using the customization templates, and I’ll keep adding as I find more.
What is it?
The customization template is basically applying sysprep to a Windows box after it is cloned or deployed. You don’t have to do the process yourself before the last shutdown. VMware Tools will do it for you. It will join the domain, apply a license, run scripts, setup a NIC, etc. Don’t do this yourself. Let VMware do it for you.
Post Install Scripts
I could not find any documentation detailing this. From what I can tell, this creates a “RunOnce” key after the sysprep is complete. When you set your auto-login reboot count to at least one, on the first login, VMware Tools will run a script. This will be running as the local Administrator user in the user-context after the WinLogon startup process, but before the desktop loads. I added a batch file that asks a few questions during the login and then reboots the machine one last time. I also setup a RunOnce key to delete the folder after it was done. Here is the interesting thing though. I’ve seen other RunOnce keys run before the reboot. So it may be deleting it sooner. Keep that in mind… adding new RunOnce keys manually during this process may result on them running right after, not on the next reboot.
You can specify network settings in the template and have it ask you for the IP when you apply the customization later. If you do this and use different VLANs, make sure you change the VLAN to the matching subnet range that you specified in the template. If you don’t and it can’t get to the network during the cutomization, it will not apply correctly, such as joining the domain. You’ll find yourself doing everything manually or starting over again.
In recent news, it has come to light that CurrentC by MXC may have a contract with many of the big retailers that prohibits them from using other mobile payment operators. This became big news because of the introduction of Apple Pay using NFC. The reasoning behind CurrentC is for merchants to avoid credit card transaction fees by doing ACH transactions directly to a bank account. All security issues aside, I understand retailers desire to get rid of these fees. However, I also realize that it is part of doing business and the convenience for the customer. As Apple is heavily invested with banks and credit card processors right now, I think this is the perfect opportunity for Google to get ahead of the NFC war. Google currently has Google Wallet where a user can put money into, much like a bank account. Using this, Google could potentially offer a much lower transaction fee to merchants as a credit card company does not have to be involved at this point. In return, the merchant could provide more detailed information about the purchase which Google could data mine. While many consumers would be concerned about Google knowing their purchase history, I personally would love for Google to mine my purchase data. A whole new service line could be opened where Google finds better prices on the items you commonly buy and integrated into their current shopping services. NFC isn’t dead just yet, it’s really just beginning.
I was presented with a question from a user the other day. They needed to be able to use Adobe Flash on a Windows 2012 R2 server while using Internet Explorer. Apparently, they have regular users logging into the server to grab information from the web server application it was running. Aside from the blatant security issues of using Flash in IE and why they don’t access it remotely via HTTP, I don’t know, but I will be looking into it. So I started looking into installing Flash. The installer that they had downloaded, presumably from their machine, told me “Your Microsoft Internet Explorer browser includes the latest version of the Adobe Flash Player built-in.” Well, I went to the Adobe Flash test page, and it didn’t load Flash. So where was it? Well, after some digging, I finally discovered that while IE 11 does indeed contain Adobe Flash, it does not contain it on Windows Server 2012 unless you install the Desktop Experience. I only found one other webpage that appeared to mention this, so I thought I would help spread the word. If you need Adobe Flash on Server 2012, make sure you install the Desktop Experience feature. Keep in mind however that it will require not one, but two reboots. After you install the feature and reboot, it will apply settings at bootup, then reboot again.
So I had a line of text in a variable in which I needed to remove some extra whitespace as Split(String,” “) will split at every space. I didn’t want to remove every space, I wanted to leave at least one space. I’ve seen some complicated examples by which they recursively go over the string until they are all gone, or split the array and create a second array removing the empty elements. I found a much simpler method however. It is using our good old friend, regular expression.
sWPString = "This is a string with extra whitespace."
Set oRegEx = CreateObject("VBScript.RegExp")
oRegEx.Global = True
oRegEx.Pattern = "\s+"
sNoWPString = oRegEx.Replace(sWPString," ")
Now this will leave a space at the beginning if there was already a space there. You can of course just LTrim that off. And RTrim wouldn’t hurt. Or just Trim it.
With the newer versions of JRE (specifically as it relates to this writing, 1.7_60), the security prompts included have become quite a bit more intrusive. Normally, you can click on the check box to always remember the decision to Run or Allow a Java applet. However, on Citrix this can be difficult if the user’s profile is built out on logon then removed upon logoff. After having searched through Java’s documentation for hours, I was unable to find a way to turn off these prompts globally, either completely, or just for certain signers or codebases. If you know of a way to do this, please let me know. Since I couldn’t find anything, I decided to do it for the user upon logon.
In the health system I work for, we have been tasked with taking our old AD domain and making it work within the new domain. Eventually, all computers will be converted to the new domain, but there are steps along the way before that date. One of those stages was to use Exchange from the other domain. We will call this DomainB.com. The domain here at our local hospital is DomainA.com. Continue reading Trusted Domain Exchange Environment→
Where I work right now, they use a Nortel phone system. For voicemail, they use CallPilot. The CallPilot system happens to be on the network, which is rather intriguing. For the department I am in, we use an Asterisk phone system that talks to the Nortel. I’ve always wondered however if there was an phone directory of the extensions. I was told no. So I did some digging. I happened across and LDAP server running on the CallPilot system. After some hacking, I discovered that the LDAP system had all the names in it (outdated of course). Two caveats though: it is only the extensions which have voicemail and it is using LDAP 2.0.
A few months back, I had found a solution called AutoIT. I downloaded and installed it, and attempting to write a quick little program. At the time however, I really didn’t want to have to learn another scripting language as I had already started getting heavily into VBScript. Just a week or so ago, I realized it was wrong of me to just throw it to the side. AutoIT and it’s scripting language is an amazing language, and is basically a BASIC language. It is incredibly easy to use, and very powerful. There are so many commands that are already built in, and on top of all that, you can compile it into a standard EXE file that doesn’t require any libraries. If you wanted to go crazy, you could even create a GUI. I’d like to say that I wish I had found this product years ago. I could have created a lot of powerful tools. If you are looking to script common actions, networked or not, try out AutoIT. Keep an eye here, as I will be posting some of my AU3 scripts here.