In Remote Desktop how to send CTRL-ALT-DEL

Hi everyone, today I waned to share a small tip that not everyone know; how to send the famous key stroke CTRL-ALT-DELETE to the remote system in Remote Desktop.

It’s always useful, in case you want to bring the task manager, or to try to recover from a unresponsible session.

ctrl+alt+end is the prescribed way to do this.

A small tip it’s, but it’s handy to have 🙂

You can see other shortcut there; Remote Desktop Tips and Tricks

Windows 10 build 2004 – Login script – Net Use Problem

Hi everyone

Today I wanted to share a small problem with Windows 10’s newer build, 2004.

Login script that use net use no longer seem able to be used, the mapping no longer work.

To work around the issue you have two possible’s way;

Add a timeout in the script’s beginning;

timeout /t 60

or add a delete script first before the mapping;

NET USE * /DELETE /YES persistent: yes

Be sure that setting is set too, set it if not already before trying to make the workaround;

Computer Configuration

  » Administrative Templates

    » System

      » Logon

        » Always wait for the network at computer startup and logon

Some other mentionned that Enabling SMBv2 could help, but it all depend on your environnement, as in my case it happened between Windows 10 2004 client and a new DC in 2019.

 

Windows 10 IoT – Enable local profil with UWF

Hi, Today I wanted to share a small tip if you want to enable local write for the HCU / HKEY_USERS registry hive with UWF enabled.

By default UWF does not allow to exclude the HCU/ HKEY_USERS, you will got error if you try to exclude those registry path.

The tip seem small, but it’s not intuitive to do it with UWF. The tip is to exclude the NTUSER.DAT folder where those settings are wrote.  c:\users\ if you want to exclude all user profile, or just c:\users\userx\ntdata.* where you want to exclude the registry.

With such exclusion it would be mandatory to exclude that registry hive;

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

That exclusion would make sure Windows will remember each profile created inside the computer.

Thanks everyone

 

 

 

Windows 10 IoT Terminal Deployment – Part 6 – Manage the system local on first boot

Hi everyone

Today I will share a small tip if you got a lot of Windows 10 to manage the default language. IoT or any other Windows 10 version for that tip.

A lot of new system come by default in en-US but if you want to automate the distribution you can tweak a bit some policy to set correctly the wanted locale.

It seem simple, but don’t forget the locale impacts those settings differently;

– The OS language

– The login screen language

– The default keyboard for new session

– The default keyboard for the login screen

– The date format and various localized settings

 

For almost all of those settings it’s a settings to push for each one.

Where it can be tricky is if like me you live in zone where the default keyboard never match by default.

In example, I live in French’s Canada, and Windows put for me Canadian multilingual by default, which is not the best one for fr-CA. You have legacy french Canadian keyboard and finally the french Canadian’s layout.

So when we push the locations settings, as you can guess in a case like me the default keyboard is never set correctly, thus it need a bit more settings to push.

First of, you need to know if your computer got ready the language pack or not. On IoT usually they are already ready. If not, please download the language ISO and copy the one you need to deploy.

6

5

When the file is deployed, you can pre-install the .cab that way in a script :

dism /online /add-package /packagepath:C:\Microsoft-Windows-Client-Language-Pack_x64_fr-ca.cab

After that we can run the script to set the correct layout we need, I will explain below;

Powershell.exe -executionpolicy remotesigned -File C:\language.ps1

control.exe intl.cpl,, /f:”C:\language.xml”

language.ps1

Set-Culture fr-CA
Set-WinSystemLocale fr-CA
Set-WinHomeLocation -GeoId 39
Set-WinSystemLocale -SystemLocale fr-CA

$langList = New-WinUserLanguageList -Language “fr-CA”
$langList[0].InputMethodTips.Clear()
$langList[0].InputMethodTips.Add(‘0c0c:00001009’)
$langList.Add(“en-US”)

Set-WinUserLanguageList -LanguageList $langList

language.xml

<!–Keyboard Language Change–>
<gs:GlobalizationServices xmlns:gs=”urn:longhornGlobalizationUnattend”>
<!–User List–>
<gs:UserList>
<gs:User UserID=”Current” CopySettingsToDefaultUserAcct=”true” CopySettingsToSystemAcct=”true”/>
</gs:UserList>

<!– MUI–>
<gs:MUILanguagePreferences>
<gs:MUILanguage Value=”fr-CA” />
<gs:MUIFallback Value=”fr-CA” />
</gs:MUILanguagePreferences>

<!–input preferences–>
<gs:InputPreferences>
<!–en-US–>
<gs:InputLanguageID Action=”add” ID=”0409:00000409″/>
</gs:InputPreferences>
</gs:GlobalizationServices>

The command Powershell.exe -executionpolicy remotesigned -File C:\language.ps1 does set the location and the default local.

The only thing the script can’t do, is to set the keyboard for NEW users account.

The XML import, control.exe intl.cpl,, /f:”C:\language.xml”,  simulate a click on apply to new user account and to the login screen and system’s account. The important flag is see is; CopySettingsToDefaultUserAcct & CopySettingsToSystemAcct

That XML set that screen options correctly;

10

 

Thanks everyone 🙂

Windows 10 IoT Terminal Deployment – Part 5 – HPDM – Auto-Enrollment into the Domain

Hi everyone

Today I will talk about the auto-enrollment inside the domain.

This task is possibly one of the first that would be done if you have a internal domain.

For this task I suggest to create a service account that will have the correct deleguated right. In my case, with my exytaordinary imagination, created an account named hpdm 😳🤷‍♂️

The task itselft is kinda straighforward to create from the HPDM, but if we want to autoenroll our devices, so if like our customers plug 100 or even 1000 of devices we want to do the less manual tasks possibles and with the autoenrollment we can target GPO to those computers afterward.

For rhe task please create too an OU where all those IoT device will be 🙂 a big party for them alone.. just kidding.

In the HPDM we will start by creating a rule with a first contact condition.

In my rule I will add another configuration too, I will rename the terminal. As the generic name is pretty ugly, I will add one easier to spot. Out of the box it’s a generic name generated from the MAC address, in my task I will rename the terminal to win10-mac.

Now for the rule;

The sub task :

Our domain creatial and the target OU:

The renaming task:

After we can apply that rule 🙂

 

I hope you enjoyed today tip !

Windows 10 – Can’t deploy printers – Spooler error 0x000006BA / 0x000003EB

Hi everyone

Today I wanted to talk a small bug I seen from some Windows 10 with UWF enabled.

The error I seen was 0x000003EB and 0x000006BA

km02

The error is pretty generic, but the system greyed all the printers in the Windows 10’s list, and you can’t connect to other printers from the server, nor add them by GPP or by deploying them.

km03

In the past I used to use a Microsoft KB .exe to fix and erase all the spooler, by a hard reset, but the utility was removed from the website, as such to find the exact cause or to reset the error I suggest to get that small Kyocera’s utility (KM Deleter) now;

km01

The error in my case seemed to come from UWF, as I unlocked the spooler folder for read and write, but I miss some registry key. As seen there;

km04

As you can see no file or driver were present, but the registry were, so it blocked the Windows 10 to reconnect to those printers.

In my case I allowed more exceptions in the UWF, but you can see those two errors can happen if the driver is badly setupped, or missing necessary files.

Windows 10 IoT Terminal Deployment – Part 4 – Apps Publishing (HPDM – HP Device Manager)

Hi everyone

In the previous article series about deploying Windows 10 IoT terminal I talked about the global use in the Introduction, and secondly how to protect the C drive for unwanted change.

Now in this article I will bring subject, how to publish application to those terminals and I will start by talking HPDM.

It exist some way that we need to think about;

– Application pushed by a remote server and using the remote server ressources; Remote App, XenApp (technically speaking you need the RDSCAL to run XenApp, as such I tell about it there, but overall you must see XenApp as a feature set over RemoteApp)

– Applications pushed by a remote server, but running on the terminal; App-V, MSIX, XenApp Streaming Client (depreciated)

– Applications pushed by GPO (.MSI)

– Application pushed by HP Device Manager (HPDM)

Now the fact that we protect the hard disk bring us some limitations, as such in my guide I suggest for Office, or such application to be pushed by RemoteApp (or XenApp). The limitation is not only the fact the hard disk is using a UWF, but by the fact on IoT terminal the SSD is often small, and we try to not overuse it by product update. With a central server you can update the program and each terminal  would be using the latest version of the productivity’s suite.

I would start by talking of the HP Device Manager. On other articles I will cover other’s way.

We need to install it first and I suggest the latest version 5. We now need to have an account, and you need to ask to download, after we can got it free.

hpdm01

I will skip the install step as I want to focus on how to push the application correctly with the tool.

For the test I will push Google Chrome Enterprise.

At first we go inside the template menu in HPDM, and we want to push the file to the terminals;

1

We select the _File and Registry Template

2

Inside the template we click Add (Ajouter)

3

We click Deploy Files (Deployer les fichiers)

4

We click to add the Chrome Enterprise .msi

5

 

6

For the folder we select C:\TEMP, which is a special folder for the terminal.

7

We create an install.cmd (with that content), and we will push that file too;

8

7-1

Now we click Ok, HPDM will upload the file to its HTTP repertory and we click Generate.

10

After that we create a script action;

13

12

We save that, and now we do another template, a Sequence Template.

14

Inside the sequence, we need that;

  • We turn OFF HPWF or UWF.
  • Change Temp to C.
  • We deploy our first sequence’s files.
  • We change back Temp to Z.
  • We turn ON HPWF or UWF.

The task should look that way:

15

And voila, we can now deploy to any number of terminals we want the needed local application they need ! That finish that article.

Take care, and see you soon in the next article for that serie 🙂

 

Windows 10 IoT Terminal Deployment – Part 2 – Protect the Hard Disk ? – Deploy Write Filter !

Hi everyone !

In the second part of my article on how to deploy some thin client that run Windows 10 IoT I will talk on the write filter.

It exist three way to manage it that I know that exist;

1 – HP Write Filter (Shipping inside that terminal model as it’s a HP’s brand)

2 – Microsoft Unified Write Filter. That is new a new feature that come from EWF. (Shipped inside the terminal, as the Windows IoT is an Enterprise’s build)

3 – DeepFreeze (not free)

Today I will talk about HPWF and how to deploy the settings to the terminals.

To make the initial configuration to deploy, you must login inside one terminal to configure the overlay exception. We will capture the change after to deploy that.

We right click the HPWF management icon in the systray; it’s the green lock.

hpwf02

A side note; The green icon mean the overlay usage is ok, if it turn yellow or red, it mean it’s now in a critical state. To explain it, the overlay is stored inside the RAM, and each file change is stored inside of that buffer, it’s how the system can revert back the change after a reboot.

hpwf03

Let’s go back to our settings, when we will click the icon we will see which write filter is used;

hpwf01

Inside that windows we can click the More Settings to see which exception is set, and what use the overlay;

hpwf04

I put in red some exception that I did, as some default’s exception exist. The exception I really suggest to enable is for;

  • Your Antivirus product.
    • In that case I added TrendMicro and Windows Defender
  • The user profile if you intend to not use roaming profile, and that you want permanent settings for the user.
  • Chrome there, as the default behaviour of Chrome is to auto-update (which is not bad if you want to be secure in the long term)
  • I suggest too the Windows LogFiles folder.

The exception will allows our Antivirus to update in a day to day routine, while most of the program files and system folder will revert back.

I suggest to target a test user and test the terminal to see if the overlay cache stay in a consistent state. The goal is if the user write a lot of data to the hard-drive for a reason X, we need to know why.

With the why, we can try to push an needed application to a RDS server in example to prevent HDD usage, or if really needed we can make new exception.

Now to push the settings we need HPDM, which I talk more in detail in the part 3, but I will show you the task to do;

We need to capture the settings, and after we push the captured settings back to our terminals.

The two task w e need to know is:

 _Capture Write Filter Exclusion List

This template captures the FBWF/UWF exclusion list from a device running a Windows operating system with FBWF or UWF.

_Deploy Write Filter Exclusion List

This template deploys the write filter exclusion list to devices running a Windows operating system with FBWF or UWF

 

Thanks everyone for reading, stay tuned for the part 3 soon !

 

Windows 10 IoT Terminal Deployment – Part 1 – Introduction

 

Office 2019 / 365 Deployment

Hi everyone

Today I wanted to share some tips to deploy Microsoft Office 2019 to multiple computers.

The new way to deploy it differ from the older version as you now need to modify an XML file with the setup.exe

In the past we could do a customized setup by running the setup wizard, setup.exe /admin, which was creating a custom file for the setup. Now it’s all XML’s based.

First, you might need that setup if you use internally a KMS’s server:

Microsoft Office 2019 Volume License Pack 

This download is needed for administrators to set up activation for volume license editions of Office 2019, Project 2019, or Visio 2019 by using either the Key Management Service (KMS) or Active Directory.

After that download we will go find the deployment tool:

Office Deployment Tool

The Office Deployment Tool (ODT) is a command-line tool that you can use to download and deploy Office 365 ProPlus to your client computers. The ODT gives you more control over an Office installation: you can define which products and languages are installed, how those products should be updated, and whether or not to display the install experience to your users.

We now have everything we need, from there after we need to edit the XML file to add the option we need.

An example XML;

<Configuration>
<Add SourcePath=”\\Server\Share”
OfficeClientEdition=”32″
Channel=”Broad” >
<Product ID=”O365ProPlusRetail”>
<Language ID=”en-us” />
<Language ID=”ja-jp” />
</Product>
<Product ID=”VisioProRetail”>
<Language ID=”en-us” />
<Language ID=”ja-jp” />
</Product>
</Add>
<Updates Enabled=”TRUE”
UpdatePath=”\\Server\Share” />
<Display Level=”None” AcceptEULA=”TRUE” />
<Logging Level=”Standard” Path=”%temp%” />
</Configuration>

We can see all XML options there, Configuration options for the Office Deployment Tool. As stated inside that article, and I confirm it too, it’s way easier now to use online tool on config.office.com (https://config.office.com/deploymentsettings)

4

Now with a XML ready, we are now ready to issue a first command with the deployment tool;

setup.exe /download configuration.xml

The command will download the specific files needed to do the deployment. I suggest to copy those files to a central store to deploy to multiple machines.

Now we run that command to actually install the product;

setup.exe /configure configuration.xml

3

1

Now we are ready to use Office ! 😀