January 20 2012

Windows 7 on NCR RealPOS 7402

A project that I recently worked on was using SCCM to upgrade their fleet to Windows 7. The 7402 uses integrated graphics in the 852GM and 852GME chip. The problem here is that this is very old and unsupported by NCR and Intel – so when installing Intel 852GM/852GME/855GM/855GME Series video driver Windows 7 reverts back to Standard VGA adapter after restart. After a day of banging my head against a wall, I came up with a solution for this. The solution is automated and deployable via SCCM. At the moment I cannot reveal the exact process, but for anyone that is experiencing the same problem, contact me and I can possibly point you in the right direction….

 

 



----------------------------------------------------------------------------
I use a maximum of one Google Ad per post to help offset some of my blog hosting costs.

----------------------------------------------------------------------------

April 29 2011

Reasons to avoid Windows 7 32-bit

There is a great new post over here (http://adventuresinosd.blogspot.com/2011/04/top-10-reasons-to-avoid-windows-7-32.html) at Adventures in OSD on the reasons to avoid the 32-bit version of Windows 7 in the enterprise.

I strongly agree with all of his points and made one conclusion – if you are going to run a 32-bit OS then stick with Windows XP 32-bit, if you are going to run a 64-bit OS then run Windows 7 64-bit. Don’t give any other options.

I have deployed both 32 and 64 bit versions of Windows 7 in environments too and you are basically creating yourself twice the work with a nightmare of ongoing maintenance.

More here – http://adventuresinosd.blogspot.com/2011/04/top-10-reasons-to-avoid-windows-7-32.html

June 3 2010

Windows 7 enable Recent Items via group policy

There is a confirmed bug with Windows 7 / group policy around this setting. The scenario is as follows:

  • Windows 7 disables Recent Items in the Start Menu by default
  • You want to enable Recent Items via group policy
  • You configure ‘User configurationPoliciesAdministrative templatesStart menu and taskbarRemove recent items menu from start menu’  and set this to ‘disabled’
  • Even though you have implemented the above setting, Recent Items still doesn’t show up

This is a bug and the workaround is to add a registry entry HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedStart_ShowRecentDocs and set this REG_DWORD value to 1.

I choose to use Group Policy Preference to replace this registry value on our Windows 7 machines:

 
 

May 10 2010

Encypting disk via BitLocker on Windows 7 with a USB key

BitLocker Drive Encryption is a full disk encryption feature included with the Ultimate and Enterprise editions of Windows 7 (and Vista and Server 2008). On my recent travels, I knew there would be times when I would need to leave my laptop unattended (like in a hotel or baggage dropoff area) and I wanted to ensure that my data would be safe if the laptop was stolen or lost.

The solution – use BitLocker Drive Encryption in conjunction with Windows 7 and a USB key – put simply – if the USB key is not plugged into the laptop, Windows will not start and the entire drive is encrypted.  This means that if I need to leave my laptop in a hotel, I can take the USB key with me and know that if my laptop is stolen, although highly inconvienient, my data will be safe and the thief cannot use my laptop.

So how do we do it?

First, ensure that you have either Enterprise or Ultimate versions of Windows 7 and a USB stick (any size will do, the BitLocker keys are very small files). You will also need a BIOS that supports USB devices during bootup – this will be common on any machine that is less than 4 or 5 years old. The USB stick that you use does not need to be dedicated to hosting the BitLocker keys, it can also be used for normal document storage or for ReadyBoost.

Next you need to open the Local Group Policy Editor (gpedit.msc). Head to Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives.  Open ‘Require additional authentication at startup’:

Local Group Policy Editor

Set this to ‘Enabled’ and ensure the Options section has ‘Allow BitLocker without a compatible TPM’ ticked:

Require additional authentication at startup

At this point I would recommend you run the ‘gpupdate /force’ command and restart your computer. Once restarted, ensure your USB stick is inserted into the computer, then head to ‘My Computer’. Right click on your system hard drive (usually C:) to encrypt and select ‘Turn on BitLocker’ (alternatively this can be done from the Control Panel):

Select ‘Require a Startup key at every startup’ as shown below:

Select the USB drive that you had previously inserted:

Select the ‘Save the recovery key to a USB flash drive’ option:

It is recommended to run the BitLocker system check on the next page. Your hard drive will now start to encrypt and you can continue working on the computer during this process. It may prompt you to restart and it will give you a progress bar as shown below. The encyption can take up to a few hours, it will depend on the size of the disk volume. As a rough guide, I would say a 30GB volume takes around 30 minutes.

Once the process is complete, as you can see below, if the USB stick is plugged in, the machine will start successfully. At this point you can remove the USB stick or leave it in and configure it for extra storage or with ReadyBoost as I do.

Successful start with USB stick plugged in

If you attempt to start the machine without the USB stick inserted, you will be the below error message and Windows will not load (just as you want!).

Requesting USB stick to be plugged in

If you look at the new files on your USB stick, you will see 2 files as shown below. These are the ‘key’ files that the system will look for when booting up (actually one is the recovery file, the other is the actually key file). I would highly recommend that you copy these files to another location incase you lose your USB stick. These 2 files can simply be copied like any other files. I would recommend to copy these to another USB stick (you can then boot up with either of the sticks plugged in) and save a copy elsewhere, like your email or give to a friend.



That is it! You can now be comfortable that your system will be encrypted and unusable if it is stolen. The important thing is to keep the USB sticks safe! Always store the USB stick and the laptop separately, otherwise this whole exercise is pointless!!
 
 
 

February 19 2010

Windows 7 background image doesn’t apply

In an Active Directory domain network environment, you apply a “Desktop Wallpaper” Group Policy setting to the domain users. However, the setting is not applied to domain users who log on to client computers that are running Windows 7 or Windows Server 2008 R2 – taken straight from the Microsoft support site.

I was having this problem in our domain environment and couldn’t understand why the background for non-admin users wouldn’t work. Microsoft have only recently release a hotfix for it -available from http://support.microsoft.com/default.aspx/kb/977944 . I still find it amazing that this wasn’t found and fixed before the RTM build of Windows 7 – it’s so obvious. I guess there were millions of beta testers but probably not that many that were running it in enterprise domain environment.

Category: Windows | LEAVE A COMMENT
February 18 2010

Add ‘My Computer’ to desktop and change to computer name

Even in Windows 7, there still isn’t a Group Policy setting that will let you add the ‘My Computer’ icon to the desktop (unless you forcibly change the Start Menu to Classic) and then change the name from My Computer to anything else. I am very surprised this isn’t a setting but we can still modify the registry to achieve this (either inside a GPO or with a script):

To show the ‘My Computer’ icon on the desktop:

[HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel]
Name = {20D04FE0-3AEA-1069-A2D8-08002B30309D}
Type =REG_DWORD
Value = 0

To change the ‘My Computer’ icon to computer or user name:

[HKCRCLSID{20D04FE0-3AEA-1069-A2D8-08002B30309D}]
Name = LocalizedString
Type = REG_EXPAND_SZ
Data value = %computername% or any combination you like – eg %username% %computername%

Don’t forget you will need to change the permissions / ownership on this registry key so that you can change it – by default even Administrators cannot modify it.

These both apply to Windows XP and 7 and Windows Server 2003 and 2008.

Category: Windows | LEAVE A COMMENT