Older HP Universal Print Driver for GPP

Hi everyone

I wanted to share a small tip if you need older HP Universal Print Driver for your GPP.

You might ask why, it’s because in pushed GPO some older drivers work better for older printer to keep their settings, and to work in general.

The treasure groove is there; ftp://ftp.hp.com/pub/softlib/UPD/ 🙂

Enjoy if you need it 🙂

Office 365 TLS 1.2 support

Hi everyone

Today I wanted to talk a small problem I seen on Office 2016, but running on really older OS.. like Windows 7..

Office 365 support for older cryptography maked some older OS get a problem to authenticate, so it block adding a new account or to get the email in Outlook in example.

To fix, I would say, please by god, install Windows 10 .. but if you can’t convince your customer, at-least, for now, you can run that tool to get the TLS 1.2 by default in the OS, so it can connect back.

How to enable TLS 1.2 on clients and Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows

[Easy fix here]

Thanks !, and let hope Windows 7 don’t come back so fast

GPO – Per machine Printer Settings

Hi everyone

Today I wanted to share a small script if you use per machine GPO / GPP to distribute local TCP/IP printers to your computers park.

If like me sometime the settings are not push correctly I did a small script that check the local printer and find the corresponding print queue on the print server to set the options in the computer.

It seemed a need for me in some case depending on which driver I use, as some revert to the basic settings when pushed. The printing’s default got ignored in such case.

The script look like that;

$Printers = Get-Printer
Foreach ($Printer in $Printers) { 

$PrintConfig = Get-PrintConfiguration -ComputerName PRINTSERVER -PrinterName $Printer.name
Set-PrintConfiguration -PrinterName $Printer.name -PrintTicketXML $PrintConfig.PrintTicketXML
}

The script loop all locals printer and find the corresponding printer on the print server to set the option.

The script assume you use the same printer name than the one on the print server, which for me was logical because you have to enter a target print queue for publishing the printer.

Remote Desktop TSCLIENT Drive Mapping Problem (Content Redirection)

Hi everyone

Today I wanted to talk a symptom you might hit if you do content redirection with RemoteApp for a remote office while, the user click on a file located on a remote file share.

The symptom is a file lock can happen for the person and that block the document’s saving.

That cause a bug in example Word or Excel that throw an error that the file is already in use. The user need to re-save the document to another name to save it when that happen.

The cause is simple; The content redirection access the share via the tsclient’s client redirection. That force the remote computer to retrieve the file and send the file to the TS’s server to be able to use the content redirection.

I did that small chart;

In my scenario the impact appear when the remote office got a high latency’s link. You can see the RemoteApp connection got longer delay to open due to that fact.

To resolve the issue it’s all done in the way you map the drive to the users. Normal drive mapping cause this issue, while a mapping done via the network location wizard solve that issue, as the RemoteApp open directly the file so it prevent all the network discussion from happening.

I would call that network map VS network location method to access the file.

If you do the wizard’s mode to add a network location, it’s via Explorer that you can trigger the wizard:

If you want to push that via GPO, it’s where it become tricky .. You have to create a folder, an .ini and a .lnk for that folder..

In the GPO it’s a 3 step procedure.

  1. GPP to create a folder inside that folder; %APPDATA%\Microsoft\Windows\Network Shortcuts

Ie; %APPDATA%\Microsoft\Windows\Network Shortcuts\HR Department

2. GPP to create a desktop.ini inside that folder with two options set inside it;

Ie;

Action Mettre à jour
Chemin d’accès au fichier %APPDATA%\Microsoft\Windows\Network Shortcuts\HR Department\desktop.ini
Nom de la section .ShellClassInfo
Nom de la propriété CLSID2
Valeur de la propriété {0AFACED1-E828-11D1-9187-B532F1E9575D}

AND

Action Mettre à jour
Chemin d’accès au fichier %APPDATA%\Microsoft\Windows\Network Shortcuts\HR Department\desktop.ini
Nom de la section .ShellClassInfo
Nom de la propriété Flags
Valeur de la propriété 2

3. You set the link to the correct resource with a shortcut named target;

Type de cible Objet système de fichiers
Chemin de raccourci %APPDATA%\Microsoft\Windows\Network Shortcuts\HR DEpartment\target
Chemin d’accès de la cible \\fileserver\hr
Touche de raccourci None
Exécuter Fenêtre normale

After that, now your users can click inside those folder to navigate to the file share, and when they will click a resource MSTSC will open directly the file from the network share, bypassing the tsclient redirection !

Reset all printers share security / ACL to the default fast

Hi

Today I will share a tip if you need to reset a lot of printers share to the default security.

It come handy to me as if you secure too much your pritnqueue,it might block per computer GPP in example.

First, choose a printer that will be the template for all others.

Make sure Administrators, Everyone, Creator Owner, Print Operator and Server Operator is listed.

It should look that way;

First picture in workgroup, and second you add those accounts in domain.

After your template is done, you need a small powershell script, it look that way;

$printerperms = (Get-Printer -ComputerName PrintSvr -Name admin-printer -Full).PermissionSDDL
$allprinters = Get-Printer -ComputerName PrintSvr -Name * | Select name -ExpandProperty name
foreach ($printer in $allprinters)
{Set-Printer $printer -PermissionSDDL $printerperms -ComputerName PrintSvr}

Make sure to replace PrintSvr with your print server and make sure to replace admin-printer with the printer that you used as a template.

Thats all, Thanks for reading!

GPO – GPP Printer per Computer’S 0x80070005 error

Hi

Today I wanted to talk about a small bug you might encounter if you do printers GPP per computers. Such GPP create a local printer port, usually TCPIP, but need a printer share to set the driver and option.

The error is not documented much, but it’s the error 0x800700005.

That error is caused by a lack of security for the computer account to access the printer’s share for the initial setup. I seen that case on customers where the printer share are more restricted between users.

To resolve the issue you need to set back everyone into the printer security, like shown there;

Make sure that everyone is there (and CREATOR OWNER too)

That change should make your GPO work

Cumulative Update KB5009557

If you install that update on a Domain Controller, please make sure you install the outofband update KB5010791 !

It apply to Windows 10 Enterprise 2019 LTSC, Windows 10 IoT Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC and Windows Server 2019

Highlights

  • Updates a known issue that affects VPN connections. 
  • Updates a known issue that causes unexpected restarts on Windows Server domain controllers. 

Information Link; January 18, 2022—KB5010791 (OS Build 17763.2458) Out-of-band

Cached Credential

Hi everyone !

Today I wanted to share another tip. It’s something I see a lot in help desk call, and sometimes it make call a lot longer to not know that one.

It’s for the managed credential in the Windows Account’s store.

You could be renaming an account on a Domain Controller, or it can be a pass through user set for authentication, but changing it can break thing.

The tip is just to never forget to go there and delete the cached credential that give you problem;

enter image description here

enter image description here

You can see my answer there, and it’s something useful to know 🙂

Blocked Windows Update on restart

Hi everyone

Today I wanted to share a small tip that can help if your server is stuck on reboot with a Windows patch that don’t want to terminate.

Please use with precaution the tip to not loose data or break the OS.

In my case it was useful on a Windows Server 2019, as it was stuck for 3 hours and more, and the CBS log was growing indefinitely.

You can use ps exec, but we have tasklist that support a remote computer.

To use that way;

tasklist /s remote_computer with the username and password. /u domain\username /p password

tasklist /s remote_computer /u domain\username /p password

After the command we got a list with all PID.

To stop the Windows Update, in my case I had to close Windows Installer service.

The command is the same, except we give to it the PID, or we could use the /im parameter to target the executable image name. (/f force the closure)

taskkill /s remote_computer /u domain\username /p password /pid PID /f

Command reference