Thursday 18 January 2018
Thursday 11 January 2018
How To : Group Policy Processing ( GPP ) : Add / Edit / Remove INI FIle
It is a common practice for applications to have configurations set in INI file. It may contain information such as language, key, connection setting, version, and so forth. Updating INI file might not affect the application coding, but it may affect on how the application behave. There are multiple ways to update the file, one of it is by using Group Policy Preference ( GPP ).
In this example, I want to update a key file at a specific location with a specific information.
Information :
Key=XXXX-XXXX-XXXX-XXXX
As mentioned by Microsoft here, below format must be followed :
How To Do :
In this example, I want to update a key file at a specific location with a specific information.
Information :
- File Location : C:\Temp\key\keyfile.key
- Content of AppsKey.key :
Key=XXXX-XXXX-XXXX-XXXX
As mentioned by Microsoft here, below format must be followed :
[SectionName]
PropertyName1=PropertyValue1
PropertyName2=PropertyValue2
How To Do :
- Edit the policy. Navigate to Preference | Windows Settings
- Right click INI Files | New | Ini File
- This screen will appear...
Action = Different action will do different thing. Refer to the table below
File Path = where to put the file. If the folder does not exist, the folder will be created. If the file does not exist, the file will be created. If the file exists, the action will affect the INI file content.
SectionName = In which section the key will resides
PropertyName = the property of the key
PropertyValue = value of the key - Therefore...
Action = Replace
File Path = C:\Temp\key\keyfile.key
SectionName = Setup
PropertyName = ApplicationKey
PropertyValue = XXXX-XXXX-XXXX-XXXX - If there are more keys needed, create more entries. Note that, Update and Replace will give the same result.
Thursday 4 January 2018
GPO : Failed to Open Group Policy Object
This happened to my environment anew days ago, where I was not able to edit my group policy with below error. The GPO is working fine, just that I could not make any changes on it.
Issues :
Failed to open the Group Policy Object. You might not have the appropriate rights.
Details :
The system cannot find the path specified.
Details :
The system cannot find the path specified.
Troubleshooting :
Resolution :
A bit of Googling, I got this :
This is the issue, I executed the Procmon & found that process is trying to access the Registry.pol file under User folder under the policy path & it is failing to access, even though user configuration are not configured.
It turned out, a folder named 'User' was missing from the GPO folder, which causing GPO Editor unable to read the content, thus throwing the error.
An empty folder created with the name of User, and it resolved the issue.
Reference
- https://social.technet.microsoft.com/Forums/office/en-US/b91f3726-3a8c-42c4-9ac9-0fce356cc29d/failed-to-open-the-group-policy-object-you-may-not-have-the-appropriate-rights-the-system-cannot?forum=winserverDS
Thursday 5 October 2017
Enterprise Vault - This version of the Enterprise Vault Outlook Add-In is not compatible with the Enterprise Vault server version.
Orait.. Let's talk about Enterprise Vault Outlook Plugin again... The project that I involved requires a few versions jump - from EV ver 9 to EV ver 12. The planning was to upgrade Plugin to version 12 first, followed by servers upgrade. According to EV Compatibility List ( https://www.veritas.com/support/en_US/article.000097605 ), the plugin will be supported if the server is either the same version(n), n-1 or n+1.
Now back to the issue. Due to version incompatibility between the plugin and the server, during my testing, there was an information box appeared whenever I opened my MS Outlook, as documented below.
Issue :
Received below error after upgrading EV Outlook Plugin from version 9 to version 12 (where the EV server was still at ver 9).
At the same time, the Enterprise Vault plugin was missing :
Before EV Plugin upgrade :
Now back to the issue. Due to version incompatibility between the plugin and the server, during my testing, there was an information box appeared whenever I opened my MS Outlook, as documented below.
Issue :
Received below error after upgrading EV Outlook Plugin from version 9 to version 12 (where the EV server was still at ver 9).
This version of the Enterprise Vault Outlook Add-In is not compatible with the Enterprise Vault server version.
Contact your Help Desk for details of how to resolve the issue.
Before EV Plugin upgrade :
Thursday 28 September 2017
Enterprise Vault Outlook Plugin - Location is not valid. Choose a different installation location.
I was part of a project to upgrade Enterprise Vault system - my task was to ensure the Enterprise Vault Outlook plugin is properly deployed to Outlook clients. However, during my testing to install Enterprise Vault Outlook Plugin ver 12, I faced an issue as below :
No logs, just a warning.
Thererfore, I performed some troubleshoting, which leads to the resoluton.
Issue :
Unable to install Enterprise Vault Outlook Plugin version 12 - error : Location is not valid. Choose a different installation location.
Troubleshooting
|
No logs, just a warning.
Thererfore, I performed some troubleshoting, which leads to the resoluton.
Issue :
Unable to install Enterprise Vault Outlook Plugin version 12 - error : Location is not valid. Choose a different installation location.
Troubleshooting
- Normal EV Outlook plugin installation won’t produce any log. Therefore,
for troubleshooting purpose (which then be used during automation), the installer executed with MSIEXEC command :
msiexec /i "C:\temp\EVOutlookClient\Veritas Enterprise Vault Outlook Add-in (x86).msi" /qn /norestart /l* C:\temp\EV12Installation.log - Based on the log, these error (marked in yellow) captured
Action ended 12:44:38: Set_TARGETDIR. Return value 1.Action 12:44:38: DiscoverUserProfileFolders.
Action start 12:44:38: DiscoverUserProfileFolders.DiscoverUserProfileFolders: Initialized.DiscoverUserProfileFolders: GetRegKeyChildren : BEGINDiscoverUserProfileFolders: Reading Software\Microsoft\Windows NT\CurrentVersion\ProfileList\ for childrenDiscoverUserProfileFolders: GetRegKeyChildren : ENDDiscoverUserProfileFolders: ReadRegistry : BEGINDiscoverUserProfileFolders: Reading Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18 for value ProfileImagePathDiscoverUserProfileFolders: ReadRegistry : ENDDiscoverUserProfileFolders: Found profile with SID S-1-5-18 and path %systemroot%\system32\config\systemprofileDiscoverUserProfileFolders: ReadRegistry : BEGINDiscoverUserProfileFolders: Reading Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19 for value ProfileImagePathDiscoverUserProfileFolders: ReadRegistry : ENDDiscoverUserProfileFolders: Found profile with SID S-1-5-19 and path C:\Windows\ServiceProfiles\LocalServiceDiscoverUserProfileFolders: ReadRegistry : BEGINDiscoverUserProfileFolders: Reading Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20 for value ProfileImagePathDiscoverUserProfileFolders: ReadRegistry : ENDDiscoverUserProfileFolders: Found profile with SID S-1-5-20 and path C:\Windows\ServiceProfiles\NetworkServiceDiscoverUserProfileFolders: ReadRegistry : BEGINDiscoverUserProfileFolders: Reading Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2058597364-130651613-2805778835-2401 for value ProfileImagePathDiscoverUserProfileFolders: ReadRegistry : ENDDiscoverUserProfileFolders: Found profile with SID S-1-5-21-2058597364-130651613-2805778835-2401 and path C:\Users\.zHISclientDiscoverUserProfileFolders: ReadRegistry : BEGINDiscoverUserProfileFolders: Reading Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2058597364-130651613-2805778835-26805 for value ProfileImagePathDiscoverUserProfileFolders: Error 0x2: RegQueryValueEx failed to read ProfileImagePath with error 2DiscoverUserProfileFolders: ReadRegistry : ENDDiscoverUserProfileFolders: Found profile with SID S-1-5-21-2058597364-130651613-2805778835-26805 and path
DiscoverUserProfileFolders: ReadRegistry : BEGINDiscoverUserProfileFolders: Reading Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2058597364-130651613-2805778835-26814 for value ProfileImagePathDiscoverUserProfileFolders: Error 0x2: RegQueryValueEx failed to read ProfileImagePath with error 2DiscoverUserProfileFolders: ReadRegistry : END - Check on Registry Editor (REGEDIT) under HKLM\ Software\Microsoft\Windows
NT\CurrentVersion\ProfileList, there are some registry keys which do not point to
any profiles. It is most likely the profiles have been improperly deleted
before this.
Example of Registry Key Which Ties to User Profile :
Registry Key Which Not Ties to Any User Profile
Resolution :
- Either, look for the keys one by one and delete them, or
- Run below script
On Error Resume Next
Const HKEY_LOCAL_MACHINE = &H80000002
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objRegistry=GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
strProfileListKeyPath = "Software\Microsoft\Windows NT\CurrentVersion\ProfileList"
objRegistry.EnumKey HKEY_LOCAL_MACHINE, strProfileListKeyPath, arrProfileList
For intCurrentSID = 0 To UBound(arrProfileList)
objRegistry.GetStringValue HKEY_LOCAL_MACHINE,strProfileListKeyPath & "\" & arrProfileList(intCurrentSID),"ProfileImagePath",strProfileImagePath
If Not (objFSO.FolderExists (strProfileImagePath)) Then
DeleteRegEntry HKEY_LOCAL_MACHINE, strProfileListKeyPath & "\" & arrProfileList(intCurrentSID)
End If
Next
Function DeleteRegEntry(sHive, sEnumPath)
' Attempt to delete key. If it fails, start the subkey
' enumration process.
lRC = objRegistry.DeleteKey(sHive, sEnumPath)
' The deletion failed, start deleting subkeys.
If (lRC <> 0) Then
' Subkey Enumerator
On Error Resume Next
lRC = objRegistry.EnumKey(HKEY_LOCAL_MACHINE, sEnumPath, sNames)
For Each sKeyName In sNames
If Err.Number <> 0 Then Exit For
lRC = DeleteRegEntry(sHive, sEnumPath & "\" & sKeyName)
Next
On Error Goto 0
' At this point we should have looped through all subkeys, trying
' to delete the registry key again.
lRC = objRegistry.DeleteKey(sHive, sEnumPath)
End If
End Function
Friday 21 July 2017
Change Internet Explorer Connections Settings from Registry
Okay, I seriously thought I already have this post uploaded in this blog, but it turned out I was wrong. I have kept this for a long time, and it helped me a numbers of times already so I reckon it will help others as well.
IE Connections. There are a few settings we can configured in IE Connections Settings such as :
- Automatically detect settings
- Use automatic configuration script
- Use a proxy server
- Bypass proxy server for local addresses
- Use different proxy servers for different protocols
- Proxy server exception.
For this post, I will list registry keys positions for each setting.
Objective : Grey-Out / Not-Grey-Out Automatic Configuration
Location :
- Hive : HKCU
- Key : Software\Policies\Microsoft\Internet Explorer\Control Panel\
- Value Name : AutoConfig
- Value Type : DWORD
Value Data : 0
Result : Not-Greyed-Out, settings for Automatically detect settings & Use automatic configuration script can be changed.
Value Data : 1
Result : Not-Greyed-Out, settings for Automatically detect settings & Use automatic configuration script can be changed.
Value Data : 1
Result : Greyed-Out, settings for Automatically detect settings & Use automatic configuration script cannot be changed
Objective : Checked / Unchecked Automatically detect settings
Location :
Value Data : 0
Result : unchecked
Value Data : 1
Result : checked
Objective : Enable / Disable Use automatic configuration script
Location :
Value Data : <Config URL>
Result : Config URL configured
Objective : Grey-out / un-grey-out Option to use proxy server
Location :
Value Data : 0
Result : option to use a proxy server for your LAN is un-checked, box to put proxy server and port disabled, Advanced box disabled, option to bypass prosxy server disabled
Value Data : 1
Result : option to use a proxy server for your LAN is checked, box to put proxy server and port enabled, Advanced box enabled, option to bypass prosxy server enabled
Objective : Set Proxy Server
Location :
Value Data : ProxyName:port
Result :
Objective : Checked / Unchecked Automatically detect settings
Location :
- Hive : HKCU
- Key : Software\Microsoft\Windows\CurrentVersion\Internet Settings\
- Value Name : AutoDetect
- Value Type : DWORD
Result : unchecked
Value Data : 1
Result : checked
Objective : Enable / Disable Use automatic configuration script
Location :
- Hive : HKCU
- Key : Software\Microsoft\Windows\CurrentVersion\Internet Settings
- Value Name : AutoConfigURL
- Value Type : REG_SZ
Result : Config URL configured
Objective : Grey-out / un-grey-out Option to use proxy server
Location :
- Hive : HKCU
- Key : Software\Microsoft\Windows\CurrentVersion\Internet Settings
- Value Name : ProxyEnable
- Value Type : REG_DWORD
Result : option to use a proxy server for your LAN is un-checked, box to put proxy server and port disabled, Advanced box disabled, option to bypass prosxy server disabled
Value Data : 1
Result : option to use a proxy server for your LAN is checked, box to put proxy server and port enabled, Advanced box enabled, option to bypass prosxy server enabled
Objective : Set Proxy Server
Location :
- Hive : HKCU
- Key : Software\Microsoft\Windows\CurrentVersion\Internet Settings
- Value Name : ProxyServer
- Value Type : REG_SZ
Monday 17 July 2017
Suppress Adobe Product Improvement Program Pop-Up by Using Microsoft Group Policy Preference or AppSense Environment Manager
Adobe Product Improvement Program - Help Improve the Adobe Reader Experience.
The screen also can be triggered by going to Help | Improvement Program Options...
These steps will help to disable the Improvement Program Options menu, and consequently suppress the pop-up. Note that it requires registry editing, so be extremely careful. Note that the steps mentioned are for Adobe Reader 11. If oy used different version, ensure your key path refers to correct version (SOFTWARE\Policies\Adobe\Acrobat Reader\11.0)
Using GPP :
- Launch GPMC, and go to target GPO. Edit the policy, and navigate to Computer Configuration | Preference | Windows Settings | Registry, right click at Registry, hover to New and click at Registry Item
- Ensure Hive is changed to HKEY_LOCAL_MACHINE
- Use below info to fill up the form :
Key Path : SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown
Value Name : bUsageMeasurement
Value Type : REG_DWORD
Value Data : 0
Base : Decimal - Reboot the target machine. Once it is up, log in to computer, and launch Adobe Reader. No Improvement Program pop-up appeared, and Improvement Program Options... is no longer listed in Help menu.
Using AppSense Environment Manager :
- Launch AppSense Environment Manager, right click at Process Started | choose Node
- Change the information for Condition and Match accordingly, then click OK
Condition : Equal to
Match : AcroRd32.exe - At workspace on the right side, right click at the Process condition, and navigate to Conditions | Registry | and choose Registry Value Exists. This step is to check whether the needed value is existed or not.
- Fill up all needed info by following below information :
Hive : HKEY_LOCAL_MACHINE
Key : SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown
Value Name : bUsageMeasurement
Value Type : REG_DWORD
Comparison : Not Equal To
Value Data : 0
Base : Decimal - You may also want to give a bit of description and notes to the setting. Select OK.
- This is the outcomes, so far.