Disabling Windows Update via Group Policy

grouppolicy You can do this via Group Policy via Computer Configuration –> Administrative Templates –> Windows Components –> Windows Update –> Configure Automatic Updates.


It seems that Windows Update will still deliver updates if it was previously configured to do so.  In other words, this policy only seems to work with freshly built PCs.

My current workaround is to stop the Windows Update service via Group Policy Preferences.

Internet Explorer 11 and “Enterprise Mode”

64px-Internet_Explorer_7_Logo“Our application only works on IE8”

was the refrain from a customer recently.  We just finished deploying Internet Explorer 11, and it was suddenly realised that the application had issues.

So doing some research, IE11 Enterprise Mode looks much better than setting IE Compatibility Mode via a X-UA-Compatible tab (blogged about that here).

The advantages of IE11 Enterprise Mode are as follows:

  • User agent string differences. Many legacy Web apps use browser detection, not today’s best practice of feature detection. By replicating the original Internet Explorer 8 user agent string, Enterprise Mode works for sites that fail if they can’t recognize IE8 as the browser.
  • ActiveX controls and other binaries. Some ActiveX controls silently fail if they query the browser version and get a response they don’t expect, so Enterprise Mode appeases these by mimicking IE8’s responses. In testing, customers report that many of these ActiveX controls “just work” in Enterprise Mode.
  • Deprecated functionality. Internet Explorer 8 still contained some vestiges of proprietary functionality, such as CSS Expressions which was used to place objects dynamically on a page. This functionality was removed in later versions of Internet Explorer, but some legacy Web apps used this to place buttons and other elements. Enterprise Mode brings back some deprecated features, including CSS Expressions.
  • Pre-caching and pre-rendering. Many modern browsers like Internet Explorer 11 pre-cache and pre-render pages, to make browsing more fluid. When you click on a pre-cached link, one tab disappears while the pre-rendered content tab appears in its place. To a legacy navigation controls, this behavior is confusing—so Enterprise Mode turns it off.

    (content courtesy of Microsoft’s IE Blog)


Saturday Link Roundup

Mirror_Dinghy_on_Combs_ReservoirGroup Policy Search – powered by Windows Azure.

How to bring harmony to your mixed wired and wireless networks
The article discusses several different ways to cause your WiFi enabled Windows PCs to switch to a wired connection when it is available.  The one which impresses me is the use of DHCP Default Router Metric Base property.

Sandy Mackinnon’s unlikely voyage through the canals of Europe
In a Mirror Dinghy no less.

Saturday Link Roundup

Processor Hacker
”Process Hacker was started in 2008 as an open source alternative to programs such as Task Manager and Process Explorer.”

Group Policy application fails on a computer that is running Windows 2000, Windows XP Service Pack 1, or Windows XP Service Pack 2
And Windows 7 as well.

How to reset a Roaming Profile in Windows 7

Script to list all active users and their group membership in a domain

Windows 7 Notification Area Automation – Falling Back Down the Binary Registry Rabbit Hole
”After countless hours of searching for a programmatic way to modify the notification settings of the task tray icons, I came to the conclusion that there are many questions and no answers out there. I embarked once again on the fun task of reverse engineering a binary registry setting to change a setting that should be pretty straight forward but, alas, is not. …”

How to be a reviewer
Chortle’s style guide for writers

And finally, some interesting Firefox plugins:

  • Auto Reload
    ”Reload page automatically when selected local files are changed.”
  • LastPass
    ”LastPass, an award-winning password manager, saves your passwords and gives you secure access from every computer and mobile device.”
  • Session Manager
    ”Session Manager saves and restores the state of all or some windows – either when you want it or automatically at startup and after crashes. It can also automatically save the state of open windows individually.”
  • Tab Auto Reload
    ”Adds auto reload menu to tab.”
  • Tab Rotator
    ”The Tab Rotator automatically switches between the open tabs of a browser window after a certain amount of time.”

WordPress, BlogJet, and XMLRPC

Setting up BlogJet, and I saw this helpful error:
Invalid Blog Response

Firing up a network sniffer, we can see that this (un)helpful error is actually a :
403 Forbidden

Digging a bit further, it seems some webhosts block access to XML-RPC.PHP.

One Solution: renamed the XML-RPC.PHP to something different.

edit: have also seen the error with Windows Live Writer.

Comedy reviews.

I now know why I hate comedy reviews.

They are one person’s subjective view of one particular performance.  Most (all?) reviews don’t mention what the AUDIENCE thinks, only the reviewers thought based on their years of reviewing comedy.

Their years of reviewing comedy …

Surely the important measure is whether the audience liked it or not?

If we’re going to put up with reviews, wouldn’t we at least be better of ditching the “*” system?  My vote is for a system like the “Little Man” system of the San Francisco Chronicle.


Robert Ebert explained the system here.

Comedy at MICF 2015

You could replace the banjo with a shotgun, in this pose.

You could replace the banjo with a shotgun, in this pose.  (photo courtesy Anne Edmonds)

32 shows, 26 nights.

Saw some great comedians at Melbourne International Comedy Festival.

Don’t trust the reviews” is what I learned.  Youtube, recommendations from comedians I enjoyed and friends proved to be the best strategy.

The standout comedians for me were:

* –  saw these performers more than once.  It was the very talented DeAnne Smith who said to me “Come see my show it, it grows.”.  Which was good advice.
(list sorted in alphabetical order)

Creepiest thing at MICF 2015
At Gen Fricker‘s show, turning to the bloke next to me
“So how do you pick which shows to see?”
I’m single and hope to pick up a female comedian.’


Comedians I missed from 2014
But firstly, out of the 10 comedians I missed last year, I saw four of them. (Celia Pacquola, Jennifer Wong, Rose Callaghan & Hayley Brennan).  They were all good.

Had a ticket to Alexis Simmonds, but couldn’t make her show, darn it!

The other four didn’t have solo shows at MICF.  Perhaps next year.
(Cam Knight, Sonia Di Ioria, Lana Schwarcz & Beau Stegmann)

More next year …
There were comedians I wanted to see, Claire Sullivan and Susie Youssef come to mind; as they asked me while they were flyering. I just couldn’t find a gap in my schedule.  For MICF 2016, I’m going to try this advice from Erin Davidson

  1. First step is to put in all the ones after 9:45pm and before 6pm. You should be able to see all of those.

  2. All the shows over 1 hour go to the bottom of the list.

  3. Next step is to pick venues that have 4 shows all in a row. I remember one night I stayed in the same room at the town hall. The only problem is you don’t always know which actual rooms the artists get until the festival starts.

  4. Be prepared to be flexible. Sometimes shows are cancelled, shows are added, shows are moved and shows run late. If you can’t get to see shows at the same venue, at least stay in the one area.

Interim Roaming Profile Writes?

WIndows 2008 R2In the Citrix Optimization Guide: User Logon, there are two lines which seem a bit cryptic:

With Windows Server 2008 R2 Active Directory, enable interim roaming profile writes.  Alternatively, use a third-party profile solution that manages multiple sessions more appropriately.

“With Windows Server 2008 R2 Active Directory, enable interim roaming profile writes.”

I can’t find a reference to interim roaming profile writes.  The closest setting I can find with Windows 2008 R2 is the Group Policy setting Background upload of a roaming user profile’s registry file while user is logged on.  According to Microsoft’s Ned Pyle, Folder Redirection should take care of the rest of the profile data, which you should be storing in known folders.

So this is the likely setting Citrix is referring to.

“Alternatively, use a third-party profile solution that manages multiple sessions more appropriately.”

In the case of Citrix, they are probably referring to the Active Write Back feature of their Profile Management tool.  With Active Write Back “Changes are copied back to the network profile when updated files are closed, subject to no further updates in a window of 10 seconds after the close“.


Group Policy Logging on Vista/Windows 7,8,10

group_policy_failedAt the end of “Our roaming profiles aren’t being saved …”, I wrote that

For Windows Vista and later, the log information is stored in the Event Log.  Under Applications and Services Logs\Microsoft\Windows\Group Policy\Operational.  Further information of this can be found in this Microsoft Technet post, Group Policy Logging on Windows Vista

Well it is in the event log, but there is another .log file.  You can enable the Group Policy Client Service (GPSVC) log file.  It seems to solely provide information about what Group Policy settings are being applied.

GPSVC(1278.1dfc) 15:09:59:476 DebugPrintGPOList2: Options: 2, GPOName: {31B2F340-016D-11D2-945F-4FB98400C0F9} DisplayName: Default Domain Policy
GPSVC(1278.1dfc) 15:09:59:483 PrintGPWMIInfo: WMIInfo: GPOName:{15A0E08F-4917-F60B-8358-8B78E802A8B7}, QueryId:{81430147-9924-9351-456D-2329BF3F317F}, NameSpace:noddyland.inside
GPSVC(1278.1dfc) 15:09:59:483 PrintGPWMIInfo: WMIInfo: bFilterAllowed: TRUE, Rules:1;3;10;108;WQL;root\CIMv2;select * from Win32_OperatingSystem where (Version like "5.1%" or Version like "5.2%") and ProductType = "1";
GPSVC(1278.1dfc) 15:09:59:484 GetFgPolicySettingImpl (bSync: 1)
GPSVC(1278.1dfc) 15:09:59:485 SaveGPOsToLocalCache(Machine): Server SKU runs in sync mode, skip cache operations.
GPSVC(1278.1dfc) 15:09:59:486 GetGPOInfo: Get 5 GPOs to after filtering.
GPSVC(1278.1dfc) 15:09:59:486 DebugPrintGPOList2: Options: 0, GPOName: Local Group Policy DisplayName: Local Group Policy
GPSVC(1278.1dfc) 15:09:59:487 DebugPrintGPOList2: Options: 0, GPOName: {55DD0EE9-4A06-4707-940B-5482CB34C9EF} DisplayName: Domain Policy - Log files
GPSVC(1278.1dfc) 15:09:59:488 DebugPrintGPOList2: Options: 0, GPOName: {02263A92-9FC5-4B95-B9C0-127ECC8A6C32} DisplayName: COMPUTEROBJECT-Desktops-Everyone
GPSVC(1278.1dfc) 15:09:59:493 DebugPrintGPOList2: Options: 0, GPOName: {E1692B3D-D2DA-4DA6-8683-2663C08C6F69} DisplayName: COMPUTERUSER-User Base settings
GPSVC(1278.1dfc) 15:09:59:494 DebugPrintGPOList2: Options: 2, GPOName: {3140B2F3-016D-11D2-945F-00CFB98044F9} DisplayName: Default Domain Policy
GPSVC(1278.1dfc) 15:09:59:494 GetGPOInfo:  Leaving with 1
GPSVC(1278.1dfc) 15:09:59:495 GetGPOInfo:  ********************************
GPSVC(1278.1dfc) 15:09:59:496 ProcessGPOs(Machine): Get 5 GPOs to process.
GPSVC(1278.1dfc) 15:09:59:496 ReadExtStatus: Reading Previous Status for extension {3378E5AC-683F-11D2-A89A-04FBB00CCFA2}

To enable the log file:

  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
  3. On the Edit menu, point to New, and then click Key.
  4. Type Diagnostics, and then press ENTER.
  5. Right-click the Diagnostics subkey, point to New, and then click DWORD Value.
  6. Type GPSvcDebugLevel, and then press ENTER.
  7. Right-click GPSvcDebugLevel, and then click Modify.
  8. In the Value data box, type 0x30002, and then click OK.
  9. Exit Registry Editor.
  10. At a command prompt, type the following command, and then press ENTER:
    gpupdate /force
  11. View the Gpsvc.log file in the following folder:

    Note – if the usermode folder does not exist under %WINDIR%\debug\ the gpsvc.log file will not be created. If the usermode folder does not exist, create it under %windir%\debug.