Enabling Group Favourites on a Network

One of the tricky things about managing Favourites for users on a network is that it’s a nightmare to easily deal with the varied requirements of users.

Generally, you would set up favourites on a Windows network to do one of the following:

  • Leave them as they are. Users can add and remove their own favourite websites
  • Redirect favourites to a shared location with a registry hack – but users lose their personal favourites
  • Add favourites through Group Policy – but you need a network admin to do this whenever something needs to be added.

Now, there’s a groovier, sexier way to do it. You can finally have your cake and eat it. The best part (or worst part depending on your point of view) is – the solution has been there all along.

Before We Start

You’ll need:

  • A Windows-2000 based network with group policy enabled, and an Organsational Unit with user accounts inside.
  • The Group Policy Management Console installed on either the server or a workstation that you will use
  • Administrator Rights

You also need to ask yourself who will have the rights to add shared favourites. This is fairly important, so consider it sensibly.

Getting Started

First of all, log on to a server and run the Active Directory Users and Computers console.

Somewhere in the AD structure, create a new security group called ‘FavouriteManagers’. Next add the users who you want to allow to change favourites to this group. If you don’t mind who changes the favourites, you can skip this step.
This is the group who will be allowed to add favourites to the users. Once you’re done here, and you are happy with the users who are set up in this group – we can set up the tool.

Setting Up the Group Policy to Allow Favourites to be Modified

Log onto your server / workstation as an administrator and do the following:

  1. Open up the Group Policy Management Console, and find the OU where the user accounts you want to control are.
  2. Right-click on the OU and select, Create and Link a GPO here… Call the new policy ManageFavourites.
  3. Now click on the new policy, and click on the Delegation tab. Click Add… and add the FavouriteManagers group to have edit access
  4. Click on the Details tab, and select Computer Configuration Settings Disabled from the drop down list. This will ensure that the logon times are kept brief for users.
  5. Close the Group Policy Management Console.

Create the Change Favourites

  1. Open a new Microsoft Management Colsole (Start > Run > type mmc > click OK)
  2. Click File > Add/Remove Snap-in
  3. Click Add…
  4. Click Group Policy Object Editor and click Add
  5. Click Browse, then All, double-click on the ManageFavourites policy.
  6. Click Finish. Click Close.
  7. Click on the Extensions tab and select Group Policy Object Editor from the dropdown list.
  8. Untick the Add all extensions checkbox. Then deselect all but the Internet Explorer
  9. Click OK.
  10. Expand the tree to User Configuration > Windows Settings > Internet Explorer Maintenance.
  11. Right-click on URLs and select New Window from Here
  12. Close the Console Root window so that only the URL window is visible.
  13. Click File > Options
  14. Give the console a title, I have called mine Favourite-o-matic. Under Console Mode, select User mode – limited access, single window. If you want to, you can change the icon to a more user friendly icon. I like the windows Favourite icon from shell32.
  15. Click OK to close the options dialog.
  16. Click File > Save and save the new console to a share where all of your Favourite Managers can access it. Set up the appropriate links on the start menu / desktop and you’re all done.

Using the Console

All you now need to do is let users know how to add favourites. You can do this by double-clicking on Favourites and Links, and typing links into the tool. You can also organise the favourites into folders to make them easier to manage.


The only caveat is that when you remove a link, it will not take the link from the user’s Favourites folder. This would still have to be deleted manually. Bear this in mind when you go nuts with all of your new favourite links.

Office 2007 Deployment Computer Startup Scripts

Now that MS Office 2007 is doing the rounds, I suppose it’s time to lookat some of its shortcomings.

It has a few when it comes to deployment. The biggest nuisance being deployment.

You have four options:

  • Install it on a PC manually (not great)
  • Deploy through group policy with no customisations
  • Use a deployment system such as SMS
  • Use a computer startup script

You may as well just say “no” to the first one. Anything more than a handful of PCs and you have a tedious task.

Group Policy has always been my method of choice. Most of my clients have less than 100 PCs, so Group Policy deployment is ideal. But as pointed out in the list, you cannot customise the installation with any defaults.

SMS is out. It’s not worth explaining to clients why it’s a good idea to buy software that makes my life easier. Even though the effort and management might simplify things somewhat.

So we’re stuck with computer startup scripts. Another method I hate – but if you want to control Office Deployments, then this is the way to do it. Thankfully, Aaron Parker has posted some startup scripts to help with this using the MSP method.

If you are using a network with WSUS, then updates become a non-issue, and I think that the only time to need to redeploy is if you decide to change the application packages that you want. At which point, you could check that executables of the programs exist or record your own registry entries that you can check for.

It’s not a great method (I’ve managed to avoid having to use ANY computer startup scripts in 2000-based networks) – but there’s no reason why it shouldn’t work. Especially if you make sure to use the quiet options in the Setup /admin tool.

Office, eh?

Active Directory Recovery Guide

I’ve been having numerous errors in the event log appearing on one of my servers from the ESENT service:

Event Type: Error
Event Source: ESENT
Event Category: Database Corruption
Event ID: 467
Date: 18/05/2007
Time: 09:33:06
User: N/A
Computer: SERVER123
ntfrs (5660) Index GChangeOrderGuid of table OUTLOGTable00002 is corrupted (0).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

These errors are appearing regularly, and contain various tables with problems.

After scouring eventid.net and the Microsoft support site – I eventually found a very useful Powerpoint presentation that outlines various methods of recovering poorly or corrupt active directory databases.

Although not a specific answer to the problem, it does provide useful guidelines in the best practices for repairing or reinstalling and domain controller, as well as some useful advice such as carrying out a metadata cleanup.

I’ll be following the guide to try and resolve the database errors on this server, and hopefully it will work out nicely.

Offline Windows Updates for the IT Tech with no Broadband

It happens enough times. You’re busy reinstalling Windows for someone when you find that you can’t install Windows Updates because the internet connection available is slowly than a milk float delivering breeze blocks instead of milk.

In so far as keeping up-to-date, the issue is no longer “How soon can the updates be installed on the computer?” It is actually “Can I even download updates on my computer?”

The odds are that if you are using Windows XP pre-SP2, the answer is simply ‘no’. Whenever you’re behind on a service pack, Microsoft likes to ensure that this becomes part of the download set. And that 200MB+ download might take a little while on dial-up. Once you’ve completed this, you’ll probably find another 100MB+ worth of updates to install afterwards.

Thankfully, there are a number of ways around this.

Downloading the redistributable versions of the various service packs is a piece of cake – they can be downloaded from the Microsoft website without too much effort. The subsequent rollups prove to be more of a nuisance.

Enter AutoPatcher. This is a handy little project for those folk who have all of those problems, and then some. What I particularly like is the semi-frequent updates that do not require you to download a complete CD of updates. So having a full download and the latest update CD does the job nicely. On my next visit to this school where I need the files, I’ll hopefully be able to install the updates with the minimum of fuss – then I’ll be a happy chappy.

Go get it!

Dual booting causes clocks to go mental!


Although only half a year for a user such as myself.

As I’m happily dual-booting between Ubuntu and Windows at the moment, it becomes clear that in British Summer Time (BST), Windows and Linux disagree on how the computer clock should be interpreted.

What’s really a nuisance is that I keep staying up an hour later than I intended!

Basically, the problem boils down to how Windows and Unix-based systems interpret the computer’s internal clock. There’s more about this here, including some pros and cons of either system.

Windows takes the local computer clock time, and treats it as a ‘local’ time. That is, the clock matches the time that it should be in the region. Mac and Linux systems treat the computer’s clock as GMT, and then makes any adjustemnts inside the Operating System.

The bottom line is, unless you’re living in a GMT timezone – you’re going to get the time constantly changing as you switch between operting systems on the same computer.

The simplest way to get around this is to ask Windows to use UTC time instead of local time:

Copy and paste the following into a new file called time.reg

<code>Windows Registry Editor Version 5.00


Save the file, and double-click on it. Accept the various warnings that appear.

Once Windows has been rebooted, make sure that the clock is set to the correct time. The time should now settle down as you dual-boot between systems.

Now I’ll be able to go to bed at the right time!