Category Archives: Microsoft

Active Directory Security Groups – Group Scopes

As an IT administrator, one of the most common tasks you are involved in is administering security groups in Active Directory. As with all things, keeping your security groups simple is always best but sometimes (especially in larger environments) it is important to use groups of differing scopes or ‘visibility’ to allow or disallow certain groups or objects to become members, etc.

A security group’s scope determines to what extent a group can be applied in the domain or forest. Sometimes remembering all the details of each scope can be difficult so here’s a great table which summarizes each scope in terms of which security objects can be listed as members, where the group can be assigned permissions and what other scopes the group can be converted to.

Group scope Group can include as members… Group can be assigned permissions in… Group scope can be converted to…
  • Accounts from any domain within the forest in which this Universal Group resides
  • Global groups from any domain within the forest in which this Universal Group resides
  • Universal groups from any domain within the forest in which this Universal Group resides
Any domain or forest
  • Domain local
  • Global (as long as no other universal groups exist as members)
  • Accounts from the same domain as the parent global group
  • Global groups from the same domain as the parent global group
Member permissions can be assigned in any domain Universal (as long as it is not a member of any other global groups)
Domain local
  • Accounts from any domain
  • Global groups from any domain
  • Universal groups from any domain
  • Domain local groups but only from the same domain as the parent domain local group
Member permissions can be assigned only within the same domain as the parent domain local group Universal (as long as no other domain local groups exist as members)


XBOX 360 Dashboard Update – Big Changes On The Way!

On December 6th, 2011 Microsoft will release the final version of the Fall 2011 dashboard update which is bring a number of new features including better Kinect support, a brand new UI and television channels are on the way.

In Australia we’ll likely see TV from ABC (via iView) and SBS as well as more channels for web content from sources such as Crackle, DailyMotion, etc. The 6th means this should be released tomorrow…Can’t believe I’m getting excited over an XBOX dash update!

Consumers Running Out of Patience For Windows Tablets

Windows 8 tablets aren’t expected to arrive at market until sometime next year. And that’s a year too late, according to Forrester Research, which finds consumer interest in them to be quickly dwindling.

With the success of the Apple iPad it’s not hard to believe this, especially since not only Apple are becoming successful in the tablet market, but many other companies also. Microsoft has simply taken too long to make a mark in this space and with Windows 8 on the way that has made some effort to be more ‘touch’ friendly will it be too little too late?

Windows Deployment Services (WDS): Boot Image Changes Not Happening For You?

We use Windows Deployment Services (WDS) at work. There is a lot I really like about this deployment solution but there are a few things here and there that I wish were a little different. More specifically, how the system deals with boot image changes. It’s easy to forget that when you update your deployment share you still need to remember to copy your new boot image into your actual remoteInstall share PXE uses to pull the image. Otherwise your changes won’t be seen by PXE clients.

We started purchasing new Dell Latitude E6420 laptops to add to our fleet and as with any new computer model you wish to deploy Windows to via WDS, you need to obtain the driver cab file from the manufacturer to add the appropriate drivers into your WDS boot image. I added the drivers as usual to the Out of box drivers section of the deployment share, updated the share to rebuild the boot image and boot it up of PXE but Windows setup kept complaining that there was no driver present for the network adapter to continue. As it had been a while since I had to update anything in my WDS I had completely forgotten to move my new boot image into the right path for PXE to pick up. “Why haven’t my changes updated in the image during the update of the share”? Well, they had, I just wasn’t booting the right image.

When you update your deployment share, The deployment workbench typically creates/update the boot image stored in DeploymentShare\Boot but PXE pulls the boot image from WDS from here \\server\remoteInstall\boot\x64\images\<imagename.wim>.

So, to have workstations pull the correct image to apply you simply need to make sure you’ve copied the latest boot image with all your changes into your WDS set-up. You can manually copy/paste the new boot image over the old one using the paths above, or you can use the Windows Deployment Services snap-in to do the same job.

Open the deployment snap-in (%windir%\system32\WdsMgmt.msc) and:

  1. Expand your server and click ‘Boot Images’ to see a list of your boot images
  2. Right-click ‘Boot Images’ and select ‘Add Boot Image’
  3. Browse to the deployment share boot image directory (DeploymentShare\Boot). Click Next
  4. Give your boot image a name and description. Click Next
  5. Check the summary and click next to add the new boot image to your deployment server.
If you only have 1 image like I did you’ll now see 2 different boot images. If you don’t want to see a boot selection screen when you boot your machines off PXE, just right-click a boot image and select disable so its not used.
It’s easy to fall into the trap of thinking that when you update your deployment share with boot image changes (drivers, application selections, etc) they will take effect immediately but computers won’t start using the new boot image until you’ve added it to your WDS server for PXE to grab. You would need to remember to do this each time you add new drivers, make application install changes, make any changes to deployment rules (bootstrap.ini), etc.

Windows 8 Revealed

Today Microsoft has revealed for the first time information around its upcoming windows released codenamed “Windows 8”. Whether or not this will be the actual release name I don’t know, but Microsoft has been pretty quiet over the last couple of years surrounding what the successor to Windows 7 would look like, what direction it’s likely to head in and whether it will give in to the flood of “apps” in various other platforms (iOS, android, etc).

Some of the areas around the new UI covered in the video above are:

  • Fast launching of apps from a tile-based Start screen, which replaces the Windows Start menu with a customizable, scalable full-screen view of apps.
  • Live tiles with notifications, showing always up-to-date information from your apps.
  • Fluid, natural switching between running apps.
  • Convenient ability to snap and resize an app to the side of the screen, so you can really multitask using the capabilities of Windows.
  • Web-connected and Web-powered apps built using HTML5 and JavaScript that have access to the full power of the PC.
  • Fully touch-optimized browsing, with all the power of hardware-accelerated Internet Explorer 10.
As usual, Paul Thurrott @ the Supersite for Windows blog does a great job outlining all the new stuff shown off. Paul used to work for Microsoft about 10 years ago, since then he’s created the Supersite and is very active in many other endeavors. If you’ve never heard of him and are interested in Microsoft and technology you should check it out.

You can learn more about Windows 8 over at Previewing Windows 8.

IE 8: Faster, Better Than Anything Else?

While browsers like Firefox and Safari gain more and more momentum in the market still dominated by Internet Explorer, Microsoft have been completely going the other way loosing as much ground as they’ve managed to obtain over their 10 year browser reign.

Microsoft will be launching their new browser Internet Explorer 8 very soon, and they are trumpeting it to be faster and more powerful than their competitors browsers could ever be! Even if by some miracle Microsoft develop a browser that is faster and more powerful than Firefox, their image has become so tainted by poor performance that they will be hard pressed to convert loyal Mozilla fans.

Internet Explorer lost much of its ground to Mozilla as the browser didn’t provide functionality to extend the browsers usefulness as Firefox did with add-ins, IE didn’t do a good enough job at rendering web pages quickly enough and IE has always been too clunky and memory hungry for most users, over Firefox which is significantly less memory intensive (especially with their latest revision 5.05).

A big part of the performance leaps Firefox has over IE is its very effective JavaScript Engine. As more and more websites are utilizing JavaScript for their dynamic page content web sites have been taking longer and longer to load and to accommodate this many browsers have made significant revisions to the way they process Java code in their browser. Mozilla has always been refining this technology in their browser with each revision, but Microsoft haven’t made a significant update to their JavaScript engine in years.

Microsoft are hoping to change all that with IE 8 but as I mentioned before, by the time IE 8 ships mid year, Mozilla probably would have released yet another version of their popular browser sucking away more and more market share from Microsoft making it difficult for MS to keep whatever market share they currently have.