Internet Explorer (IE) Get those tabs back and other annoying lockdowns

Group policy turns them off, you turn them on :)

(with your admin access obviously)

HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel
or
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel

AdvancedTab 0
SecurityTab 0
PrivacyTab 0

etc

cmd command console disabled:

HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System

DisableCMD 0

Visual Studio 2012 error

This Visual Studio 2012 error can be easily rectified

 " 'Microsoft.VisualStudio.Editor.Implementation.EditorPackage' 

package did not load correctly". 

Just delete the files and folders in


%LOCALAPPDATA%\Microsoft\VisualStudio\11.0\ComponentModelCache

https://connect.microsoft.com/VisualStudio/feedback/details/800087/getting-error-microsoft-visualstudio-editor-implementation-editorpackage-package-did-not-load-correctly

Find the App-V 5 PackageID VersionID

It is possible to find the PackageID and VersionID of an App-V 5 package by opening the MSI and reading the Properties Table:

PACKAGE_GUID = PackageID
ProductCode = VersionID

Keywords: GUID

Disable-AppvClientConnectionGroup does not work

Connection groups are enabled globally or for users.

Disable-AppvClientConnectionGroup can be run in the system context with -usersid <usersid> to target the relevant user. The -GroupID <GUID> -VersionID <GUID> can be used to target a particular connection group.

This command

Disable-AppvClientConnectionGroup * -usersid <usersid> 

should disable all the connection groups for the user, however this command will cause an error if other connection groups exist which are not enabled for the user.  At first this looks confusing however, because not all the connection groups are enabled for the user, it is unable to disable any of them and errors are reported:

disable-appvclientconnectiongroup : Operation cannot be completed because connection group is not enabled for the target of the operation. Please make sure that the connection group is enabled.
Operation attempted: Disable Connection Group.
AppV Error Code: 020000050A.
Please consult AppV Client Event Log for more details.
    + CategoryInfo          : InvalidResult: (:) [Disable-AppvClientConnectionGroup], ClientException
    + FullyQualifiedErrorId : DisableConnectionGroupError,Microsoft.AppV.AppvClientPowerShell.DisableAppvClientConnectionGroup

Web site zone information

In later versions of IE the zone the website is identified as being in is shown under properties in the file menu.  The Menu Bar must be turned on first.

Remote Assistance to Citrix sessions

You can use Microsoft Remote Assistance (msra.exe) to assist users with their Citrix desktop sessions.

run msra.exe
Click:
Help someone who has invited you
Click:
Advanced connection option for help desk

Enter the server name and click Next

A drop down window appears with all the available logged on sessions.  Select the one you wish to help.  The user will be prompted in the normal way to authorise viewing or control.

FactoryTalk by Rockwell Automation

FactoryTalk is a suite of software for machine process monitoring and control.  It can be configured to provide customised solutions via its client/server/database software architecture.

Client side items for installation can be numerous and be of significant size.  For a suite of software the installation seems fragmented and poorly planned apparently without a silent install options (the patches did).  It is a mixture of MSIs, GUI driven setup shell executable programs (which call extracted MSIs), configuration tools, runtimes, redistributables, and batch file driven patches.

Sequencing with App-V 5.1 did not produce a working package, possibly due to "DCOM Subsystems detected" A launch error appeared when a launch was attempted
FactoryTalk View SE Client
"The software requires personalized information that cannot be read. Please contact Rockwell Technical Support."

One possible approach to packaging is to turn on MSI logging in the registry and then run an interactive installation.  By checking the logs and the MSIInstaller event sources in the Application Event logs, it is possible to create a list of the MSIs which have been called.  Some of the MSIs are harder to obtain because they are not in the source but extracted temporarily into the temp folder at install time.  This requires that an interactive installation is activated and the temp MSI folders are copied.  The next stage is to collect the MSIs together and create master cmd script to call them in the required order with any patches.

Directory Server and Activation server are configured in the registry at respectively
HKLM\SOFTWARE\Rockwell Software\RNA\Directory
HKLM\SOFTWARE\Rockwell Software\FactoryTalk Activation\ClientSearchPath

This is a clip from the master cmd installer.  This shows how the %~dp0 is used with call commands to activate the batch file driven patching before continuing with other MSI commands.

msiexec /i "%~dp0\3. FTView\FTAE\FTAE.msi" TRANSFORMS="%~dp0\3. FTView\FTAE\FactoryTalkCCCS_70000_s1.mst" TFLCTPSERVER=PDC2CTP001 /qn /l*v c:\Source\Installlogs\FactoryTalk_CCCS_70000_s1_I_SFTAE.log /norestart

::Stage five
cd "%~dp0"
cd "5. FTView-Patches-Jul.01.2013"
call InstallAllPatches.bat /S
cd..

Check the InstallAllPatches.bat file for location that you want to modify such as the log file output location.

An uninstall master cmd file can be roughly the reverse of the install.  Some of the uninstalls may not be required because the install routine may have MSIs upgrading previous ones.  Also you may wish to leave isntalled the MSIs with common or runtime components.

George and Zippy

Zippy: Oh Geoffrey! How can I get a silently self extracting exe file ?

Geoffrey: Well Zippy, you could use 7zip which is a free download from http://www.7-zip.org/.

7Zip has an option to create a self extracting exe file.  With the -y command parameter it will silently extract in its current folder location.  It also has great compression !

Zippy: Oh Thank You Geoffrey.

Bungle: But I already have a licensed copy of WinZip installed.  How can I do that with WinZip Geoffrey?

Geoffrey: Well Bungle, with a WinZip self extracting exe file you need to use the command parameters /auto <folder>.  If you use .\ for the folder it will extract in to the current location.

Bungle: Oh Thank You  Geoffrey.

George:  Is there a way to silently unzip a zip file Geoffrey ?

Geoffrey: Well George, there is.  You can use a vbscript to do that, but be careful; if your zip file is large it will take a very long time.

George: Oh Dear.

Geoffrey: If you did want to do it though it would look something like this:

Dim WshShell, strCurDir, cmdint
 
Set WshShell = CreateObject("WScript.Shell")

strCurDir    = WshShell.CurrentDirectory

'The location of the zip file.
ZipFile=strCurDir & "\battest.Zip"

'The folder the contents should be extracted to.
ExtractTo = strCurDir

'Extract the contants of the zip file.
set objShell = CreateObject("Shell.Application")
set FilesInZip=objShell.NameSpace(ZipFile).items
objShell.NameSpace(ExtractTo).CopyHere(FilesInZip)

Set fso = Nothing
Set objShell = Nothing

Zippy: Well I'm much cleverer than all of you because I know how to use powershell, so there.

Zippy: (Quietly to Geoffrey) Geoffrey, can powershell create and extract zip files?

Geoffrey: Yes it can Zippy.  Powershell v5 has cmdlets to do it.  Here are the cmdlets and parameters

# Create a zip file with the contents of C:\Stuff\
Compress-Archive -Path C:\Stuff -DestinationPath archive.zip

# Add more files to the zip file
# (Existing files in the zip file with the same name are replaced)
Compress-Archive -Path C:\OtherStuff\*.txt -Update -DestinationPath archive.zip

# Extract the zip file to C:\Destination\
Expand-Archive -Path archive.zip -DestinationPath C:\Destination

Bungle: Geoffrey, Geoffrey, someone's sent me a zip file but my normal zip tool won't open it.  7-zip tells me the compression method is "pkAES-256-Cert Deflate".

Geoffrey: Oh dear, Bungle.  I'm afraid you'll have to probably have find an unzip tool that supports that compression method.  That looks like they might have used PKWare SecureZip to create that file.  You'll need to install that software before you can unzip it.

and in case you don't know who Geoffrey, George, Zippy and Bungle are......
https://www.youtube.com/watch?v=wqZ2RFgkuoA

ClickOnce

Some products may use a downloadable eXtensible Application Markup Language (XAML) Browser Application (XBAP) also known as ClickOnce. This uses the C:\Windows\syswow64 or System32\PresentationHost.exe, which is part of the .NET, to provide the runtime environment. The file resources for the application are automatically downloaded to %LOCALAPPDATA%\APPS\2.0

Security certificates are used to assess security and if the requirements are not met the user is prompted to confirm running the application.













When a ClickOnce application is being launched on a user's desktop the first time, the .NET Framework runtime will first check to ensure that the application manifests have not been tampered with since they were signed with whatever publisher certificate was used for signing. If they pass that check, the runtime will then look into the Trusted Root Certification Authority store and see if the certificate for the issuer of the publisher's certificate is installed in that store. It will then look at who the publisher on the certificate is, and see if their certificate is in the Trusted Publishers store. If those two things are true, then by default the user will not be prompted, and the application will be granted whatever privileges are specified in the application manifest file.  from - https://msdn.microsoft.com/en-us/library/ms996418.aspx

More information
https://msdn.microsoft.com/en-us/library/z17ceyya%28v=vs.80%29.aspx 

https://msdn.microsoft.com/en-us/library/t71a733d(VS.100).aspx 

https://leastprivilege.com/2006/02/18/beware-be-aware-of-clickonce-default-settings/ 

https://robindotnet.wordpress.com/2013/02/24/windows-8-and-clickonce-the-definitive-answer-2/

 http://www.informit.com/articles/article.aspx?p=691085&seqNum=2

click once

IE launching outside the bubble on Citrix

https://trentent.blogspot.co.uk/2013/01/internet-explorer-popping-up-outside.html

This post revealed the cause of a scenario where an application was attempting to launch a html file in Internet Explorer (IE) but failing.  IE launched its normal home page instead.  On Windows 7 IE launched inside the bubble with the html file correctly displayed.

We determined that on citrix the browser was indeed launching outside the bubble and therefore unable to see the required html file.

Changing the user classes registry key in the bubble did not work.  Setting the user classes registry key for that users session did work though.  This avoids changing the key for the entire machine which may impact the way the citrix server is designed to work.

Use caution. This change impacts the way that citrix is designed to launch IE, it could have wider unforeseen consequences.

Outlook Navigation View - Folders Contacts

In the navigation bar on the left hand side of outlook, there are buttons at the bottom, Mail Calendar etc

If you have psts open which contain folders, the folder are only visible to browse from the Folders List view.

If the user click the mail view, mail looks pretty much the same but the psts look empty !  This can cause mild panic.

Do not panic, simply switch back to folder view mode, a lower down option on the Navigation Bar.


keywords
contacts folders missing pst new folder

Windows8 Hyper-V and VMWare Workstation Player 12.0

Although VMWare Workstation Player 12 will install on a Windows 8 PC with the Hyper-V feature enabled, it will not launch a virtual machine (VM) that is created until the Hyper-V Platform subfeature is unchecked and the PC rebooted several times.

Manual Connection Group Configuration

Use the following XML to generate the Connection Group definition XML file

<?xml version="1.0" encoding="UTF-8"?>
<AppConnectionGroup AppConnectionGroupId="06DACB3C-10E8-444F-A3FB-646F695BD21D" VersionId="5E9249E4-0D2C-4F8C-8BB2-708288294FD4" Priority="0" DisplayName="<NAME>" xmlns="http://schemas.microsoft.com/appv/2010/virtualapplicationconnectiongroup">
<Packages>
<Package PackageId="a3020438-47ff-4041-9c03-b78255c82c10" VersionId="5b2ba854-92d9-4c4b-b855-837748349f29">
</Package>
<Package PackageId="aaea7d7c-79e0-43f8-88eb-4ae8f6d0692e" VersionId="e3b074a5-51ff-4d4c-8dc0-6a15ad6a37e6">
</Package>
</Packages>
</AppConnectionGroup>

Add-AppvClientConnectionGroup -path <path to xml file>

Once the packages in the connection group are published, then the connection group can be enabled

Enable-AppvClientConnectionGroup <NAME> 


The following message can appear when a connection group in enabled
 
The application failed to launch.
This may be due to a network failure 

This can be caused by the Advanced settings inside the packages not being the exactly the same. 

Connection Group Reference

See this article for the "Laws of Connection Groups"
http://virtualvibes.co.uk/advanced-connection-groups-the-sanity-check/ 

http://virtualvibes.co.uk/app-v-management-server-or-configuration-manager-2012-a-feature-comparison/


Config XML details
https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/appv-v5/about-the-connection-group-file 

ProgramFilesX86S and the other S folders

User VFS, the COW and the S folders.....

Standard users will read and write from the regular directory (with relaxed ACL’s) while elevated processes will read and write to the “S” version.

This is further explained here

http://blogs.technet.com/b/gladiatormsft/archive/2014/08/29/app-v-5-on-the-now-sometimes-immutable-package-cache-location.aspx

App-V 5.0 server bulk package import

http://stealthpuppy.com/app-v-5-powershell-one-liners-adding-and-publishing-app-v-server-packages/

https://t3chn1ck.wordpress.com/2014/06/04/app-v-5-0-bulk-add-and-publish-applications/

Windows Mobile Device Center 6.1.6965

Introduction

This software is required to enable Windows 7 to make connections to Windows Mobile and older Pocket PC type devices.  Drivers are included in the installation.

The original installation can be obtained here.

https://www.microsoft.com/en-us/download/details.aspx?id=3182

This installs drivers and the 64-bit version of the Windows Mobile Device Center (WMDC) software.

The Windows Mobile-based device connectivity and Windows Mobile-2003-based device connectivity services are installed.

Vendors Install Design

The drvupdate-amd64.exe file can be run to carry out the installation on Windows 7 64-bit which requires no user input to any setup dialog boxes. Use of the /Q has no effect.

drvupdate-amd64.exe extracts driver_setup.exe and drvupdate-amd64.msi before running the command driver_setup.exe /i drvupdate-amd64.msi

drvupdate-amd64.msi will not run correctly using standard msiexec commands.  It only correctly operates under the driver_setup.exe shell installer.

drvupdate-amd64.msi installs drivers (Windows Mobile Device Center Driver Update in Programs and Features) and extracts files to C:\Windows\WindowsMobile.  The wmupdate.msi is then called and this installs the WMDC software which appears as a separate item in the Programs and Features window.  This item cannot be separated out for virtualisation because it is automatically called by the installer shell after the drvupdate-amd64.msi install has completed.

SCCM incompatibility

The unmodified vendor installation fails when it is attempted via SCCM.  This can also be reproduced by using psexec.exe to run the installation in the system context.

The failure occurs because Microsoft have used driver installation binaries in the drvupdate-amd64.msiwhich are 32-bit not 64-bit versions.

Solution for SCCM incompatibility

The only way to enable an SCCM installation is to directly edit the drvupdate-amd64.msi.  The driver_setup.exe does not support command lines which enable standard Windows Installer paramters to be used such as TRANSFORMS=

The drvupdate-amd64.msi was edited directly and then renamed to new-drvupdate-amd64.msi .  This following edits were carried out

1. open the msi package in an MSI editor
2. goto the Binary table
3. delete the DIFxApp.dll and DIFxAppA.dll row
4. Add new rows using the same names and upload the correct 64-bit versions of these files to the binary table.
new-drvupdate-amd64.msi contains these DLLs

\\onelondon.tfl.local\infrastructure$\EUC Apps\008 Utilities\Drivers\Toolkit 2.1.0\DIFxApp\WixLib\x64

5. save the msi as new-drvupdate-amd64.msi

The install command line options do not include a logging option.  If the client has Windows Installer logging turned on via the registry then MSI installation log files are written to C:\Windows\Temp

Note The above edits were successful however other attempts to edit drvupdate-amd64.msi resulted in red driver warning dialog boxes which would stall a silent install.

The SCCM compatibility fix is discussed here:

http://www.itninja.com/software/microsoft/mobile-device-center-driver-update/6-2534

Device connection to PC

A Windows Mobile or Pocket PC device may be connected before (and left connected during) or after an installation.  When a device is connected the WMDC interface will automatically launch.

It is possible that the automatic WMDC launch may be disrupted (hang) the first time a device is connected by a user.  

 A process called wmdhost.exe begins when a windows mobile device is connected to the PC.

 

WMDC Startup

The installation configures C:\Windows\WindowsMobile\WMDC.exe to launch at login via the 64-bit HKLM Run key.  Wmdc.exe runs in the background silently.  The shortcut uses the /show parameter to show the user interface.

Mobsync

WMDC can make use of mobsync which is a Windows 7 built in mobile device synchronization utility.

Further Reading

http://pocketpccentral.net/help/win7_and_winmobile.htm

Uninstall fault on Clean Windows 7 machines

uninstalling the two relevent MSIs.  This may work correctly on a build PC due to the presence of email software.  Silent uninstalls on clean Windows 7 PC fail due to a custom action which generates a dialog box:-

“There is no email program associated to perform the requested action.  Please install an email program or, if one is already installed, create an association in the Default Programs control panel.”