I have just been setting up a new Windows Server 2008 R2 box up as a terminal server. As part of this I enabled the Desktop Experience feature, however this also enabled Windows Mail.
Windows mail seems to generate large amounts of ESENT messages in the log file as it tries to backup the mail database. It also create 5Mb of files for every user as they logon. As we don’t even use Windows Mail, just Outlook for staff I wanted to disable it.
There appears to be no easy way to remove it from the system, but you can prevent it from setting up the details for every user when the log on.
Download and runs the Microsoft Sysinternals program Autoruns as an Administrator and then under the Explorer tab untick “Microsoft Windows” under both the Active Setup\Installed Components and the WOW6432Node\Active Setup\Installed Components.
Now when a new user logs in it will no longer set up Windows Mail files or shortcuts.
Google Earth is a great program for schools, as it allows teachers and students to explore the worlds geography and use layers to examine history, socio-economic information and many other areas.
It used to be fairly easier to deploy on your network, but after version 4.2 it became significantly more difficult if you use a deployment program like Zenworks. A new MSI test was introduced to determine where to install Google Earth. If the current user is not an Admin User it would redirect to [LocalAppDataFolder]Google\Google Earth (usually C:\Documents and Settings\username\Local Settings\Application Data\Google\Google Earth) which made it inaccessible to other users.
As Zenworks uses the System account, which is not an admin user, this would happen when the installer was launched by a student.
To fix this problem there are a few different techniques. You can use either ORCA or Admin Studio Tuner (from Zenworks) to create a transform file that ignores these checks. Alternatively you can use ORCA to edit the msi file directly, I had to use this technique for V5 due to some exisiting problems in the Google Earth MSI.
First download the full version of Google Earth, (V5.0.11337). You should be able to find later versions through Google.
To find what you need to edit you can do a search in ORCA for AdminUser you should find around 3 entries.
The major entries are:
InstallExecuteSequence: ChangeInstallDirForNonAdmin: NOT AdminUser (Delete this row)
InstallExecuteSequence: setALLUSERS: AdminUser (remove the word AdminUser so it applies to all installs)
InstallUISequence: ChangeInstallDirForNonAdmin: NOT AdminUser (Delete this row)
You may also wish to remove AdminUser as a Condition from Component: Plus_Registry_wavdest.ax
Once these are removed or modified it should install in C:\Program Files\Google\Google Earth regardless of which user is logged in.
Those who in the past have used the Novell Change Pass utility may have been missing it when moving to Active Directory.
A great tool is Wisesoft Password Control which allows you to just type in the username, it will display info about the account and give you the option to change the password, enable/disable the account and unlock the account.
It is ideal to make available to teachers for resetting the student passwords if you use the Delegate control option in AD Users and Computers for your student OU’s.
The other useful tool on the website is a pair of tools Bulk Password Control and Bulk Modify. These allow you to bulk reset the password for a large group of students, or modify the attributes for a large number of users. It can read these in from a CSV file, and match the CSV entires to either sAMaccountName or some other user attribute. You can also set the attribute based on their existing attributes.
After downloading it will ask you for a code that you can get with a free registration on their site.
Recently I needed to identify where all the space was going on our server. Usually I just use the Folder Size tab extension but it requires scanning every time you close the Properties dialogue.
After looking around online I found a great free utility that displays the info in an easy to explore graphical view. OverDisk scans the drive or folder (this took around 10 mins for a drive containing hundreds of home directories) and then you can save the data so it does not need to constantly rescan (unless you make changes to files).You can also have it only rescan a certain subfolder rather than the entire drive again.
It presents the information in a colour coded pie chart, allowing you to easily see which folders and files are using the most space.
You can click on the folder and the pie chart will change to reflect that folder or click the middle of graph to go up a level. Right clicking on a folder gives you an easy option to Open or Explore in Explorer.
What ABE does is hide any file or folder that a user does not have access to. So for example the folder where you store all your users home drives, would usually appear jam packed with folders, most of which would return an Access Denied error. However, with ABE installed users would only see the folders they have access to, usually their own.
This is great especially if you are coming from a Novell background where this is the standard behaviour. It is also very useful in a school situation to keep the students from seeing things they shouldn’t.
To use ABE you need to download the management tools from Microsoft ABE Management Tools, then after installation either enable it on all shares or bring up properties and manually add it to shares.
When you install Internet Explorer 7 (IE7) on Windows XP or Windows Server 2003 it may display a security warning when you access applications and files stored on Novell drive mappings if it does not consider them part of your local intranet.
It may also prevent MS Access from opening databases from the network as they are considered a security threat.
To see if your mapped drive is considered as either Internet or Local Intranet: first make sure Status Bar is on (View -> Status Bar), then browse to a sub folder of drive and look in lower right hand corner. or
Testing Security Settings or Configure for Individual PC
Open the “Internet Options” control panel
Click Security Tab, Local Intranet, Sites
Untick Automatically detect intranet network then tick Include all local (intranet) sites not listed in other zones and Include all network paths (UNC). I find these are the minimum required. However I find these still occasionally don’t work so I add the server names and server IP range to intranet list.
Click Advanced and add the names and IPs of your servers. This should be in form MyServer, and IP ranges as 10.1.1.2-10.
Browse to network location and check if Explorer shows Local Intranet in lower right of screen.
Check if files and applications now open without requiring verification.
Deploying Settings using Group Policies
If performing the above has fixed the problem you probably need to deploy these settings to all users, which can be done using Group Policies.
Open the Group Policy for machines affected (this may just be local GPEdit.msc on a terminal server or the Zenworks Workstation Policy in ConsoleOne).
Make sure the IE7 version of inetres.adm is loaded (~2.3MB). If not it can be download from MS IE7 ADM.
Go to Computer Configuration -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page and set the following:
Site to Zone Assignment List:
Add your server names with a value of 1 to list.
You can add your server IP range with name “10.x.y.1-30″ and value of 1.
You may want to add the Windows Update entries with a value of 2.
When using Group Policies with Zenworks and Windows XP you may find users are able to create folders and files in root of C:.
This is due to the change in default security settings for drives on Windows XP from 2000.
You need to use the Security Template editor to create a template restricting rights to the C drive and deploy it with your group policies. The same procedure can be used to create a Security Template for use with Active Directory.
VideoLAN VLC is a great cross platform media player ideal for networks. CODECs for most formats are included with the player so it can be easily deployed without needing extra installers.
As it is self contained it is very easy to repackage as an MSI for deployment or it can run straight off the network without installation (although it is a bit slow to load this way).
VLC runs on Windows, Mac and Linux so it can provide a uniform interface across platforms.
The latest version, 0.8.6d fixes some security problems and improves playback on Mac.
EZ GPO is small utility that allows central power policy management through Group Policies. Saving energy, money and the environment.
Ideal for school computer labs and staff rooms, as well as business.
EZ GPO can be deployed by MSI across the network through either AD or Zenworks. You then add the supplied ADM to a group policy and set the idle times for switching monitor off, and putting computer into sleep, hibernate or standby modes.
One other option of EX GPO that makes it very attractive for laptops, is it can allow limited user accounts to change power settings on Windows 2K / XP. As most users will have experienced, Windows stores power settings in HKLM, so a standard user can not specify times for power saving. This can be very annoying if used during presentations, etc.
EZ GPO has an option that fixes this allowing the changing of the power policy.
Finally one other use for EZ GPO, against what was originally intended. If you have a PC that is locked down, but needs to be on continuously (such as a kiosk or display PC) you can use EZ GPO to prevent visible power saving options from starting. i.e No standby mode, or monitor savings. I would however recommend spinning down HDDs .
or 
