Set the default Organisational Unit for New Computers in Windows Server

Once you have your domain and group policies set up, it can become frustrating to constantly have to remember to move a new computer into the correct OU.

Luckily in Windows 2003 and above, you can set a default OU:

<code>redircmp ou=ComputersOU,dc=mydomain,dc=com</code>

Remember to replace the path with your own domain’s OU path. Also, your domain has to be running in at least Windows Server 2003 native mode – otherwise you will receive an error:

Error, unable to modify the wellKnownObjects attribute. Verify that the domain functional level of the domain is at least Windows Server 2003:
Unwilling To Perform
Redirection was NOT successful.

To change this:

  • On the server go to Administrative Tools > Active Directory Domains and Trusts.
  • Right-click on your domain name, and click on Raise Domain Functional Level.
  • Set the domain level to at least 2003

Now you should be ready to go!

IIS and those pesky Flash files

Doesn’t it drive you mad when you set up an IIS server in Windows and you forget to add Flash files to the MIME types? You end up debugging what you think is some scripting problem only to remember about 2 hours later that IIS’s file support out-of-the box leaves a lot to be desired.

Well, I can’t stop you or me not wasting time, but I thought that I’d collect up file types here for reference:

Flash
Extension: .flv
Content type: video/x-flv

7-zip
Extension: .7z
Content type: application/x-7z-compressed

WIM – Windows Image File
Extension: wim
Content type: application/octet-stream

Access VirtualBox SSH and Web Server

One of the thing that differs VirtualBox from Microsoft’s Virtual PC is that VB puts guest on a subnet of the computer that you are working on. This means that it cannot be directly accessed from other computers on your network.

To enable access, you need to configure your computer to allow ports to be forwarded to the guest. Thankfully, this is quite straightforward with the VBoxManage tool, and Allister Sanchez covers it well here: Additions and SSH Access to a VirtualBox Guest.
I’m assuming that your Vitual Machine is called MyVBoxSystem. Replace this with the name of your VM.

To enable SSH:

On the host computer, run the following commands:

<code>VBoxManage setextradata MyVBoxSystem "VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/HostPort" 22
VBoxManage setextradata </code><code>MyVBoxSystem</code><code> "VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/GuestPort" 22
VBoxManage setextradata </code><code>MyVBoxSystem</code><code> "VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/Protocol" TCP
</code>

This is essentially telling VirtualBox to map any access on port 22 (the host port) to 22 on the guest. On a Windows system, this is fine as you are unlikely to be running an ssh server. If you are though, just change the HostPort parameter to a port that you know is free.

To enable HTTP:

<code>VBoxManage setextradata </code><code>MyVBoxSystem</code><code> "VBoxInternal/Devices/pcnet/0/LUN#0/Config/http/HostPort" 80
VBoxManage setextradata </code><code>MyVBoxSystem</code><code> "VBoxInternal/Devices/pcnet/0/LUN#0/Config/http/GuestPort" 80
VBoxManage setextradata </code><code>MyVBoxSystem</code><code> "VBoxInternal/Devices/pcnet/0/LUN#0/Config/http/Protocol" TCP</code>

Once again, we’re passing TCP ports forward. If you already have a web server installed such as Apache or IIS, then you will probably need to change the HostPort to something like 8080.

Make sure that your VM isn’t running when you run these commands. To check that the settings are saved, you can run the following command:

<code>VBoxManage getextradata MyVBoxSystem enumerate</code>

Alternatively, open up the VM .xml file which is found in .VirtualBox/Machines/MyVBoxSystem/MyVBoxSystem.xml. The settings are found in the ExtraData node:

&lt;ExtraDataItem name="VBoxInternal/Devices/pcnet/0/LUN#0/Config/apache/HostPort" value="8080"/&gt;
&lt;ExtraDataItem name="VBoxInternal/Devices/pcnet/0/LUN#0/Config/apache/GuestPort" value="80"/&gt;
&lt;ExtraDataItem name="VBoxInternal/Devices/pcnet/0/LUN#0/Config/apache/Protocol" value="TCP"/&gt;
&lt;ExtraDataItem name="VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/HostPort" value="222"/&gt;
&lt;ExtraDataItem name="VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/GuestPort" value="22"/&gt;
&lt;ExtraDataItem name="VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/Protocol" value="TCP"/&gt;

Mounting a remote system with SSH

One of the cool things I’ve been doing lately is using secure shell to mount remote file systems. The great thing about this method is that you’re not dependant of explicitly creating shares as you are in Samba, and you don’t have to rely on repeated scp commands.

As long as you have the sshfs package installed, you should be able to mount the file system. Here’s an example to create a mount point on your desktop:

<code>mkdir ~/Desktop/sshmnt
sshfs user@target-pc:/home ~/Desktop/sshmnt/</code>

That’s it! Once finished you can unmount the folder with the fusermount command:

<code>fusermount -u ~/Desktop/sshmnt</code>

If you have trouble with unmounting a connection (because the target may be switched off), you can force the connection to be unmounted:

<code>fusermount -z -u ~/Desktop/sshmnt</code>

Stop ‘Computer’ appearing when you logon in Vista

I’ve had a problem lately whereby various roaming profiles have the Computer window appear when users log into Windows Vista.

I messed around with a load of settings to try and work out what it was – I thought that as the problem only manifests itself in Vista with the new profiles, maybe it’s mis-interpreting a group policy setting such as the ‘only show personal folders’ setting.

It took a while, but there was no such setting to make My Computer appear in either the Desktop settings or Start Menu and Taskbar.

The offending article is that nigh-on useless Welcome Center that Vista imposes on users when they log in for the first two times. It seems that if you have redirected folders enabled and have turned off the common options for the Start Menu, then the Welcome Center fails to run. What then compounds the problem is that instead of showing the Welcome Center, it shows the Computer window.

Windows Vista Welcome Center - A useful portal to your computer or just a pain the the backside?

Here’s the kicker, because you cannot see the Welcome Center, you cannot tick the box to tell it never to appear again.

A very simple Group Policy fix is actually found in User Configuration > Administrative Templates > Windows Components > Windows Explorer. Here you can find the option Do not display the Welcome Center at user logon.

Once enabled, the annoying Computer popup is no more.

Office 2007 Deployment Computer Startup Scripts

Now that MS Office 2007 is doing the rounds, I suppose it’s time to lookat some of its shortcomings.

It has a few when it comes to deployment. The biggest nuisance being deployment.

You have four options:

  • Install it on a PC manually (not great)
  • Deploy through group policy with no customisations
  • Use a deployment system such as SMS
  • Use a computer startup script

You may as well just say “no” to the first one. Anything more than a handful of PCs and you have a tedious task.

Group Policy has always been my method of choice. Most of my clients have less than 100 PCs, so Group Policy deployment is ideal. But as pointed out in the list, you cannot customise the installation with any defaults.

SMS is out. It’s not worth explaining to clients why it’s a good idea to buy software that makes my life easier. Even though the effort and management might simplify things somewhat.

So we’re stuck with computer startup scripts. Another method I hate – but if you want to control Office Deployments, then this is the way to do it. Thankfully, Aaron Parker has posted some startup scripts to help with this using the MSP method.

If you are using a network with WSUS, then updates become a non-issue, and I think that the only time to need to redeploy is if you decide to change the application packages that you want. At which point, you could check that executables of the programs exist or record your own registry entries that you can check for.

It’s not a great method (I’ve managed to avoid having to use ANY computer startup scripts in 2000-based networks) – but there’s no reason why it shouldn’t work. Especially if you make sure to use the quiet options in the Setup /admin tool.

Office, eh?