Of course “voicewarmupx” makes perfect sense

as the value to enable Windows Installer logging.

Windows includes a registry-activated logging service to help diagnose Windows Installer issues. This article describes how to enable this logging service.

To enable Windows Installer logging yourself, open the registry by using Regedit.exe, and then create the following subkey and keys:

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer

Reg_SZ: Logging
Value: voicewarmupx  The letters in the value field can be in any order. Each letter turns on a different logging mode. Each letter’s actual function is as follows for MSI version 1.1:
How to enable Windows Installer logging (KB223300)

Microsoft Cortana in the enterprise

A work in progress …

Well our first issue is “Cortana is disabled by company policy”.

speech1We MAY need to update our group policy files to the latest Windows 10 Threshold 2 version.  All 195 ADMX files.

We needed to download the English (Australia) speech pack.  We can do that for one computer, but it doesn’t scale out to 500+ Windows 10 computers.

Apparently you need to download the ‘Windows 10 Features on Demand’ iso.  Then grab the CAB files from the ISO and apply the files to our system image.

References:
Windows 10 Speech language missing
Hey Cortana! How do I add additional speeches during OSD so you work?

So what does the Group Policy Preferences Drive Mapping log file contain?

Once you enable the logging via Group Policy, you’ll end up with a log file which contains:

  • Environment variable dump
  • Group Policy settings
  • Drive mapping lists (but not the actual path)

If you are like me, and misspell a file path, you’ll see an error like this:

2016-03-31 10:44:47.981 [pid=0x45c,tid=0x53c] Passed filter [FilterGroup].
2016-03-31 10:44:47.981 [pid=0x45c,tid=0x53c] Filters passed.
2016-03-31 10:44:47.981 [pid=0x45c,tid=0x53c] Set user security context.
2016-03-31 10:44:47.981 [pid=0x45c,tid=0x53c] Adding child elements to RSOP.
2016-03-31 10:48:21.652 [pid=0x45c,tid=0x53c] Properties handled. [ hr = 0x80070035 "The network path was not found." ]
2016-03-31 10:48:21.652 [pid=0x45c,tid=0x53c] Set system security context.
2016-03-31 10:48:21.668 [pid=0x45c,tid=0x53c] EVENT : The user 'G:' preference item in the 'Map-Network-Drives {E089D01A-C249-48F5-8049-9C8FC96AA38F}' Group Policy object did not apply because it failed with error code '0x80070035 The network path was not found.'%100790273
2016-03-31 10:48:21.668 [pid=0x45c,tid=0x53c] Error suppressed. [ hr = 0x80070035 "The network path was not found." ]
2016-03-31 10:48:21.668 [pid=0x45c,tid=0x53c] Completed class <Drive> - G:.
2016-03-31 10:48:21.668 [pid=0x45c,tid=0x53c] {67803C61-824B-4ABA-ABFF-65E8687B0E59}

Three things to note:

  1. Windows Explorer will accept a “\” in a network path, Group Policy Preferences won’t.
    ie.  \\NODDYLAND\HOMEDRIVE\BE01\ vs \\NODDYLAND\HOMEDRIVE\BE01
  2. GPP will wait 3+ seconds before timing out with an error.
    Multiple wrong/missing paths will slow down your user’s logon experience.
  3. The error will also write into the Event Log.

The fun of buying Melbourne International Comedy Festival tickets

I see a lot of comedy during the Melbourne International Comedy Festival (MICF).

*LOTS*

As in 40+ shows this year.  This means dealing with multiple ticketing agents, including 2 variants of Ticketmaster.  Yes I could buy at the door.  Artists like ticket sales.  I like buying a ticket as it means I don’t run the risk of a sold-out show.

In an ideal world, there would be a “one stop shop” for all ticket purchases.  The MICF Ticketmaster combined purchase option goes partly towards this.

Ticketmaster – via MICF website.

ticketmaster-combined
The Good:
It saved me 15% over 10 tickets.

The Bad:
Some shows which are definitely Ticketmaster ticketed shows, don’t show up in the combined transaction list.

The Ugly:
There are issues with the “Combined purchase” option.  MICF are fixing them when they find them.  Dropping shows from your purchase list is the biggest issue so far.

Ticketmaster – other
If the show you want to see is not in the MICF “Combined” list, you have two options:

  1. buy individual tickets at Ticketmaster’s website, at great expense or
  2. go to a Ticketmaster outlet and buy all your tickets there.

I went to an outlet.

Trybooking
Works well, site search can be a bit difficult.  Print your own ticket(s).

Seatadvisor
Seatadvisor countdown
From the start of your booking session, you have ten minutes per show session.  So if you’re into a) going to multiple shows, and b) adrenaline; you’ll love the race between you and the expiring tickets.

ImprovConspiracy
One show, one purchase.  No way to combine purchases.

Windows 10 – “The properties for this item are not available”

The properties for this item are not availableThere’s a bug with Windows 10 which prevents you from seeing the properties for a folder.  To trigger it, you need to do the following:

  1. logon to Windows 10 with user account UserA.
  2. Run As an application, such as Explorer++ or QDir, with a different user account UserB
  3. right mouse-click on a folder, and select Properties.

“The properties for this item are not available” occurs.

The fix
Apply March 2016 Cumulative Update for Windows 10 for x64-based Systems (KB3140745), or later

The workaround
The “Interactive User” value needs to be removed form the the Runas registry key under [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{448aee3b-dc65-4af6-bf5f-dce86d62b6c7}]

You may need to take ownership of the key in order to change it.

AppLocker and applications which install in the users profile directory.

Google Chrome can be installed without administrator privileges - Continue(shout out to: Google Chrome, Mozilla Firefox and Microsoft’s SharePoint Designer)

Gee thanks guys.

We implemented AppLocker to improve our IT security, and you chaps decided to be clever.  The typical call to the Help Desk was
“My Google Chrome doesn’t work anymore.”

Well no, we block applications which are installed into the users profile directory.  Which is what Google Chrome/Firefox/Sharepoint Designer do.

The fix was to install Google Chrome with an Admin account.

AppLocker, ActiveSetup, Group Policy; all the dumb things

4846.applocker.png-200x0Welcome, strangers, to the show
I’m the one who should be lying low
Saw the knives out, turned my back
Heard the train coming, stayed out on the track
In the middle, in the middle, in the middle of a dream
I lost my shirt, I pawned my rings
I’ve done all the dumb things

– Paul Kelly, Dumb Things

Microsoft AppLocker is a wonderful technology which allows your IT Department to prevent malicious programs from being run on your work computer.  Great in theory, and my experience is that it works with some wrinkles.  It broadly works by using Group Policy to configure what is a “Trusted” location.

Applocker and Active Setup
Active Setup allows you to execute commands once per user, early, during login.   For example, you might want to do this to configure iTunes for each user who logs onto the computer.

Each Active Setup command has a file path to the commands that you need to run.  If you don’t trust this file path in Applocker, your Active Setup fails.

If you are using System Center Configuration Manager (SCCM), then it’s likely that you’ll see this failure.

Suggestion:
If you are going to add a “Path” rule to fix this issue, you need to add two.  One for EXEs and another one for MSIs.

Removing AppLocker via Group Policy
So for whatever reason, you have a class of “”special”” computers which AppLocker is not to apply to.  So you remove the AppLocker Group Policy from the “”special”” computer.  And it still seems to have AppLocker blocking programs.

What gives?
Well what seems to be happening is this:

  1. The AppLocker Application Identity service (AppIDSvc) is set to Manual.
  2. The AppLocker registry settings are being left behind.
  3. AppLocker causes applications to be blocked.

The fix?

  1. Start the Application Identity service (AppIDSvc)
  2. Logon to the computer.
  3. Restart the computer.

This causes AppLocker to finish removing the registry settings.

$NOCSC$–No Client Side Caching

NOCSC Twitter

No, I didn’t know that either.

So in other words, if you want to use the Server copy of a file, instead of the copy stored on the PC, you can do that by adding $NOCSC$ to the file path.
ie. \\Server$NOCSC$\<somefolder>\<somefile>
Another way of putting it, it causes the local computer to bypass the local file cache, and to grab the file from the file server.

I only found out about $NOCSC when a customer complained that their Roaming Profile was broken.  Looking at the event log I saw the strange $NOCSC$ entry

Log Name:      Application
Source:        Microsoft-Windows-User Profiles General
Date:          17/01/2016 17:15:09
Event ID:      1509
Task Category: None
Level:         Warning
Keywords:
User:          NODDYDOMAIN\BigEars
Computer:      SecurityPC
Description:
Windows cannot copy file C:\Users\BigEars\AppData\Roaming\Microsoft\Windows\Cookies\BigEars@fred.desk[2].txt to location \\server01$NOCSC$\Profiles$\BigEars.V2\AppData\Roaming\Microsoft\Windows\Cookies\BigEars@fred.desk[2].txt. This error may be caused by network problems or insufficient security rights.

DETAIL – Access is denied.

There is no Microsoft documentation on $NOCSC$ which means that it is unsupported for customer use.  The earliest reference to $NOCSC$ I can find is an event log reference in this Microsoft TechNet blog article from March 2008.   The earliest suggestion to use it, for debugging purposes, is from Microsoft’s Ned Pyle in March 2009.

It would seem that the earliest operating system to support it, is Microsoft Vista.