Thursday 18 January 2018

Thursday 11 January 2018

How To : Group Policy Processing ( GPP ) : Add / Edit / Remove INI FIle

It is a common practice for applications to have configurations set in INI file. It may contain information such as language, key, connection setting, version, and so forth. Updating INI file might not affect the application coding, but it may affect on how the application behave. There are multiple ways to update the file, one of it is by using Group Policy Preference ( GPP ). 

 In this example, I want to update a key file at a specific location with a specific information.

 Information : 

  • File Location : C:\Temp\key\keyfile.key
  • Content of AppsKey.key :
          [Setup]
          Key=XXXX-XXXX-XXXX-XXXX

As mentioned by Microsoft here, below format must be followed :
[SectionName]
PropertyName1=PropertyValue1
PropertyName2=PropertyValue2

 How To Do :
  1.  Edit the policy. Navigate to Preference | Windows Settings



  2.  Right click INI Files | New | Ini File




  3.  This screen will appear...


    Action = Different action will do different thing. Refer to the table below
    File Path = where to put the file. If the folder does not exist, the folder will be created. If the file does not exist, the file will be created. If the file exists, the action will affect the INI file content.
    SectionName = In which section the key will resides
    PropertyName = the property of the key
    PropertyValue = value of the key

    4.
  4. Therefore...
    Action = Replace
    File Path = C:\Temp\key\keyfile.key
    SectionName = Setup
    PropertyName = ApplicationKey
    PropertyValue = XXXX-XXXX-XXXX-XXXX




    5.
  5.  If there are more keys needed, create more entries. Note that, Update and Replace will give the same result.


Share:
                 No comments    

Thursday 4 January 2018

GPO : Failed to Open Group Policy Object

This happened to my environment anew days ago, where I was not able to edit my group policy with below error. The GPO is working fine, just that I could not make any changes on it.
Issues :
Failed to open the Group Policy Object. You might not have the appropriate rights.

 Details :

The system cannot find the path specified.



Troubleshooting :
  1. Manually assigned delegated permission (with Edit settings, delete & modify security) - not working
  2. Tried to edit the policy from PDC Emulator server - not working
  3. Checked the availability of the GPO folder in SYSVOL, the GPO folder is available.





Resolution :

A bit of Googling, I got this :

This is the issue, I executed the Procmon & found that process is trying to access the Registry.pol file under User folder under the policy path & it is failing to access, even though user configuration are not configured.


It turned out, a folder named 'User' was missing from the GPO folder, which causing GPO Editor unable to read the content, thus throwing the error. 

 An empty folder created with the name of User, and it resolved the issue.



Reference 
  • https://social.technet.microsoft.com/Forums/office/en-US/b91f3726-3a8c-42c4-9ac9-0fce356cc29d/failed-to-open-the-group-policy-object-you-may-not-have-the-appropriate-rights-the-system-cannot?forum=winserverDS
Share:
                 No comments    

Thursday 5 October 2017

Enterprise Vault - This version of the Enterprise Vault Outlook Add-In is not compatible with the Enterprise Vault server version.

Orait.. Let's talk about Enterprise Vault Outlook Plugin again... The project that I involved requires a few versions jump - from EV ver 9 to EV ver 12. The planning was to upgrade Plugin to version 12 first, followed by servers upgrade. According to EV Compatibility List ( https://www.veritas.com/support/en_US/article.000097605 ), the plugin will be supported if the server is either the same version(n), n-1 or n+1. 

 Now back to the issue. Due to version incompatibility between the plugin and the server, during my testing, there was an information box appeared whenever I opened my MS Outlook, as documented below.
Issue :

 Received below error after upgrading EV Outlook Plugin from version 9 to version 12 (where the EV server was still at ver 9).

This version of the Enterprise Vault Outlook Add-In is not compatible with the Enterprise Vault server version.

Contact your Help Desk for details of how to resolve the issue.

At the same time, the Enterprise Vault plugin was missing :

 Before EV Plugin upgrade :
Share:
           , ,       No comments    

Thursday 28 September 2017

Enterprise Vault Outlook Plugin - Location is not valid. Choose a different installation location.

I was part of a project to upgrade Enterprise Vault system - my task was to ensure the Enterprise Vault Outlook plugin is properly deployed to Outlook clients. However, during my testing to install Enterprise Vault Outlook Plugin ver 12, I faced an issue as below :

Location is not valid. Choose a different installation location. 


 No logs, just a warning. 
Thererfore, I performed some troubleshoting, which leads to the resoluton.
Issue : 
Unable to install Enterprise Vault Outlook Plugin version 12 - error : Location is not valid. Choose a different installation location. 

Troubleshooting

  1.  Normal EV Outlook plugin installation won’t produce any log. Therefore, for troubleshooting purpose (which then be used during automation), the installer executed with MSIEXEC command :

    msiexec /i "C:\temp\EVOutlookClient\Veritas Enterprise Vault Outlook Add-in (x86).msi" /qn /norestart /l* C:\temp\EV12Installation.log

  2.  Based on the log, these error (marked in yellow) captured


    Action ended 12:44:38: Set_TARGETDIR. Return value 1.Action 12:44:38: DiscoverUserProfileFolders.
    Action start 12:44:38: DiscoverUserProfileFolders.DiscoverUserProfileFolders:  Initialized.DiscoverUserProfileFolders:  GetRegKeyChildren : BEGINDiscoverUserProfileFolders:  Reading Software\Microsoft\Windows NT\CurrentVersion\ProfileList\ for childrenDiscoverUserProfileFolders:  GetRegKeyChildren : ENDDiscoverUserProfileFolders:  ReadRegistry : BEGINDiscoverUserProfileFolders:  Reading Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18 for value ProfileImagePathDiscoverUserProfileFolders:  ReadRegistry : ENDDiscoverUserProfileFolders:  Found profile with SID S-1-5-18 and path %systemroot%\system32\config\systemprofileDiscoverUserProfileFolders:  ReadRegistry : BEGINDiscoverUserProfileFolders:  Reading Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19 for value ProfileImagePathDiscoverUserProfileFolders:  ReadRegistry : ENDDiscoverUserProfileFolders:  Found profile with SID S-1-5-19 and path C:\Windows\ServiceProfiles\LocalServiceDiscoverUserProfileFolders:  ReadRegistry : BEGINDiscoverUserProfileFolders:  Reading Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20 for value ProfileImagePathDiscoverUserProfileFolders:  ReadRegistry : ENDDiscoverUserProfileFolders:  Found profile with SID S-1-5-20 and path C:\Windows\ServiceProfiles\NetworkServiceDiscoverUserProfileFolders:  ReadRegistry : BEGINDiscoverUserProfileFolders:  Reading Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2058597364-130651613-2805778835-2401 for value ProfileImagePathDiscoverUserProfileFolders:  ReadRegistry : ENDDiscoverUserProfileFolders:  Found profile with SID S-1-5-21-2058597364-130651613-2805778835-2401 and path C:\Users\.zHISclientDiscoverUserProfileFolders:  ReadRegistry : BEGINDiscoverUserProfileFolders:  Reading Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2058597364-130651613-2805778835-26805 for value ProfileImagePathDiscoverUserProfileFolders:  Error 0x2: RegQueryValueEx failed to read ProfileImagePath with error 2DiscoverUserProfileFolders:  ReadRegistry : ENDDiscoverUserProfileFolders:  Found profile with SID S-1-5-21-2058597364-130651613-2805778835-26805 and path
    DiscoverUserProfileFolders:  ReadRegistry : BEGINDiscoverUserProfileFolders:  Reading Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2058597364-130651613-2805778835-26814 for value ProfileImagePathDiscoverUserProfileFolders:  Error 0x2: RegQueryValueEx failed to read ProfileImagePath with error 2DiscoverUserProfileFolders:  ReadRegistry : END

  3.  Check on Registry Editor (REGEDIT) under HKLM\ Software\Microsoft\Windows NT\CurrentVersion\ProfileList, there are some registry keys which do not point to any profiles. It is most likely the profiles have been improperly deleted before this.

    Example of Registry Key Which Ties to User Profile : 



    Registry Key Which Not Ties to Any User Profile


 
Resolution :
  1.  Either, look for the keys one by one and delete them, or 
  2.  Run below script
On Error Resume Next
Const HKEY_LOCAL_MACHINE = &H80000002
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objRegistry=GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
strProfileListKeyPath = "Software\Microsoft\Windows NT\CurrentVersion\ProfileList"
objRegistry.EnumKey HKEY_LOCAL_MACHINE, strProfileListKeyPath, arrProfileList
For intCurrentSID = 0 To UBound(arrProfileList)
objRegistry.GetStringValue HKEY_LOCAL_MACHINE,strProfileListKeyPath & "\" & arrProfileList(intCurrentSID),"ProfileImagePath",strProfileImagePath
If Not (objFSO.FolderExists (strProfileImagePath)) Then
DeleteRegEntry  HKEY_LOCAL_MACHINE, strProfileListKeyPath & "\" & arrProfileList(intCurrentSID)
End If
Next

Function DeleteRegEntry(sHive, sEnumPath)
' Attempt to delete key.  If it fails, start the subkey
' enumration process.
lRC = objRegistry.DeleteKey(sHive, sEnumPath)
' The deletion failed, start deleting subkeys.
If (lRC <> 0) Then
' Subkey Enumerator
   On Error Resume Next
   lRC = objRegistry.EnumKey(HKEY_LOCAL_MACHINE, sEnumPath, sNames)
   For Each sKeyName In sNames
      If Err.Number <> 0 Then Exit For
      lRC = DeleteRegEntry(sHive, sEnumPath & "\" & sKeyName)
   Next
   On Error Goto 0
' At this point we should have looped through all subkeys, trying
' to delete the registry key again.
   lRC = objRegistry.DeleteKey(sHive, sEnumPath)
End If
End Function

 



Share:
           , , , ,       3 comments    

Friday 21 July 2017

Change Internet Explorer Connections Settings from Registry


Okay, I seriously thought I already have this post uploaded in this blog, but it turned out I was wrong. I have kept this for a long time, and it helped me a numbers of times already so I reckon it will help others as well.

IE Connections. There are a few settings we can configured in IE Connections Settings such as :
  • Automatically detect settings 
  • Use automatic configuration script 
  • Use a proxy server 
  • Bypass proxy server for local addresses 
  • Use different proxy servers for different protocols 
  • Proxy server exception. 

For this post, I will list registry keys positions for each setting.


Objective : Grey-Out / Not-Grey-Out Automatic Configuration
Location :
  • Hive : HKCU
  • Key : Software\Policies\Microsoft\Internet Explorer\Control Panel\
  • Value Name : AutoConfig
  • Value Type : DWORD

Value Data : 0

Result : Not-Greyed-Out, settings for Automatically detect settings & Use automatic configuration script can be changed.

Value Data : 1

Result : Greyed-Out, settings for Automatically detect settings & Use automatic configuration script cannot be changed


Objective : Checked / Unchecked Automatically detect settings

Location :
  • Hive : HKCU
  • Key : Software\Microsoft\Windows\CurrentVersion\Internet Settings\
  • Value Name : AutoDetect
  • Value Type : DWORD

Value Data : 0

Result : unchecked


Value Data : 1

Result : checked


Objective : Enable / Disable Use automatic configuration script

Location :
  • Hive : HKCU
  • Key : Software\Microsoft\Windows\CurrentVersion\Internet Settings
  • Value Name : AutoConfigURL
  • Value Type : REG_SZ

Value Data : <Config URL>

Result : Config URL configured


Objective : Grey-out / un-grey-out Option to use proxy server

Location :
  • Hive : HKCU
  • Key : Software\Microsoft\Windows\CurrentVersion\Internet Settings
  • Value Name : ProxyEnable
  • Value Type : REG_DWORD

Value Data : 0

Result : option to use a proxy server for your LAN is un-checked, box to put proxy server and port disabled, Advanced box disabled, option to bypass prosxy server disabled

Value Data : 1

Result : option to use a proxy server for your LAN is checked, box to put proxy server and port enabled, Advanced box enabled, option to bypass prosxy server enabled


Objective : Set Proxy Server

Location :
  • Hive : HKCU
  • Key : Software\Microsoft\Windows\CurrentVersion\Internet Settings
  • Value Name : ProxyServer
  • Value Type : REG_SZ

Value Data : ProxyName:port

Result :

Share:
           , , , ,       No comments    

Monday 17 July 2017

Suppress Adobe Product Improvement Program Pop-Up by Using Microsoft Group Policy Preference or AppSense Environment Manager


I implemented this a few years back, when I needed to eliminate any unneeded pop-up to my users. In this case, it was for Adobe Reader. Newly created profiles will have this automatically pop-up when they launched Adobe Reader  for the first time.
Adobe Product Improvement Program - Help Improve the Adobe Reader Experience.


The screen also can be triggered by going to Help | Improvement Program Options...

These steps will help to disable the Improvement Program Options menu, and consequently suppress the pop-up. Note that it requires registry editing, so be extremely careful. Note that the steps mentioned are for Adobe Reader 11. If oy used different version, ensure your key path refers to correct version (SOFTWARE\Policies\Adobe\Acrobat Reader\11.0)


Using GPP : 
  1.  Launch GPMC, and go to target GPO.  Edit the policy, and navigate to Computer Configuration | Preference | Windows Settings | Registry, right click at Registry, hover to New and click at Registry Item



  2.  Ensure Hive is changed to HKEY_LOCAL_MACHINE

  3. Use below info to fill up the form :
    Key Path : SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown
    Value Name : bUsageMeasurement
    Value Type : REG_DWORD
    Value Data : 0
    Base : Decimal


  4.  Reboot the target machine. Once it is up, log in to computer, and launch Adobe Reader. No Improvement Program pop-up appeared, and Improvement Program Options... is no longer listed  in Help menu.

     
Using AppSense Environment Manager : 
  1. Launch AppSense Environment Manager, right click at Process Started | choose Node


  2.  Change the information for Condition and Match accordingly, then click OK
    Condition : Equal to
    Match : AcroRd32.exe


  3. At workspace on the right side, right click at the Process condition, and navigate to Conditions | Registry | and choose Registry Value Exists. This step is to check whether the needed value is existed or not.

  4. Fill up all needed info by following below information :
    Hive : HKEY_LOCAL_MACHINE
    Key : SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown
    Value Name : bUsageMeasurement
    Value Type : REG_DWORD
    Comparison : Not Equal To
    Value Data : 0
    Base : Decimal


  5. You may also want to give a bit of description and notes to the setting. Select OK.


  6.  This is the outcomes, so far.

Share:
           , , , , ,       No comments