Setting up a user home using Windows 8 RSAT part 1 – Server 2008 R2 server without WinRM 3.0

There are 3 main steps to configuring user home directories

1. Create a new share eg home$ with domain users having Full Control of the share but the "users" group is removed entirely from NTFS permissions

            This leaves Creator Owner with full permissions, Administrators with full permissions and I also add domain admins with full permissions also.

2. In ADUC* modify the users home H: drive mapping to \\FileServer\home$\%username% - on clicking apply a new folder will be created by ADUC with the users name in the home$ share with the NTFS permissions defined above AND the user being added explicitly with full control - thus granting just this one user access to his home folder but not any other standard user

3. Move the users data from any previous share/local drive into their new folder

*ADUC = Active Directory Users and Computers

Add your file server to Windows Server Manager:

Right click on “All Servers” and click Add Server

Type the name of your server and click Find Now and press the > button to move it over to the Selected pane and then click on OK

The process on Windows Server 2008 R2

Server 2008 R2 does not have WinRM3.0 installed by default so server manager probably shows something like this next to the server

This means that we will need to use the older share wizard in Computer Management to complete the task

Right click on your server in server management and select Computer Management

Expand System Tools > Shared Folders > Shares

Right Click on Shares and select New Share

I am creating a new folder “home” on the D: drive to house users documents etc

On the next screen I have provided a share name

The $ at the end of the share name means that the share is hidden – if a user happens to browse the server looking for shares it will not appear

On the next screen click Customize permissions and then click Custom

By Default the Everyone group has access to this folder (share tab), lets change that to domain users have full control

We now need to edit the NTFS permissions to lock down the users home folder so that only the user it belongs to and the IT staff can access it so click on the Security Tab

Click Advanced at the bottom of the Security Tab

On the advanced screen we need to Disable inheritance and then Convert inherited permissions into explicit permissions on this object

Next highlight the Users group and click Remove – that will leave your advanced security settings looking something like this

Now if you go into ADUC and select a user

Go to the profile tab

Under home folder click Connect, select a drive letter from the drop down box and then set the home directory to \\FileServer\share$\%username% (replace the server and share name as appropriate but the %username% variable will auto populate with the users name when you click OK)

My TestHomeShare user immediately creates this shared folder after setting his home drive mapping in ADUC which I can see by browsing to the folder that I created

Now when the user logs in they have got a H:\ drive which is automatically mapped to the path that we setup earlier

 

Command & Conquer Red Alert 1 - Download and play today!

Links
RedAlert1.com - The place to download Red Alert 1 (used in the below article)
iran.cnc-comm.com/ra - Lots of extras to download such as the movies and compaign files

He who controls the past commands the future
I loved Red Alert 1, it was one of the 1st games that I owned on PC.  I had the complete set of Red Alert, Counterstrike and Aftermath for my Birthday.  Before I unwrapped it I thought it was a board game since the box was so huge!

EA released Red Alert 1 as freeware to mark it's 13th Anniversary and released the ISO's for download.

Trouble is as much as I liked the game in 2008 my broadband connection was not great and to download the 2 ISO's required for the complete game I passed up the opportunity and left Red Alert alone.

ReaAlert1.com to the rescue - Here you can download the multiplayer and skirmish only cut down version which was great for me since I have completed the campaigns several times and skirmishes were always my favourite.

On launching the game via the CnCNet launcher and picking Skirmish - wow was I suprised.  The front end for the skirmish (and multiplayer) has been uterly re-done.

As you can see the totally redone interface adds functions to the game not seen until later itereations of the series such as Short Game/MCV Undeploy (Tiberian Sun) and the abilirt to pre-arrange alliances, build off your ally and pick your starting location which did not come in until the Red Alert 2 Expansion: Yuri's Revenge.  There are also a couple of interesting fixes as well.

The Settings Button > Game Settings Tab includes a neat button to quickly install the Music which is a great bonus but is kept separeate to keep the game download small (80+MB for music)

In Addition clicking the Config button on this screen which has yet more tabs - yes the settings screen could do with some refinement!  But in the video options tab you can pick much higher resolutions than the original game would allow, pick to play in a window and generally ticker with a plethora of options!  Be mindfull though if I set the resolution too high the game did not display correctly - I think it is best to stick with the default options available (max res 1024x768)

Once you have the options configured how you like the you then you are free to enjoy this great game!  Now in higher resolution, with refined skirmish and online match settings!

He who commands the future conquers the past

gog.com Games now available on linux!

If you have never heard of gog.com and you are into PC gaming then please stop reading and visit gog.com right now.

They have a ton of games available at usually a little over the Steam price BUT completely DRM free.  You don't need any CD Key's, online accounts (other than to initially download the game) etc.  You download an exe file for the game and that is it, it's yours to install as many times as you like on as many PC's/laptops as you own. Whoop!

Being a Linux fan finding that gog.com has finally decided to provide Linux support for games is fantastic.  Now for a long time the focus of gog.com was to provide users of modern PC's and operating systems the ability to play old games on those new systems so there is a lot of "retro" content on there but the focus of gog.com is shifting to include more indie and newer content (guess it is difficult to get AAA+ title developers to agree to completely DRM free grrr)!

Officially gog.com only support Ubuntu and Mint though I used Lubuntu without any problems and I suspect that maybe a lot of debian based distros will be fine (please comment on your own experiences).

Installing gog-stargunner from .deb file is easy :)

I tested the free game StarGunner and noticed a tarball and an installer - I opted for the installer, life is too short for tarballs which is a .deb file :)

Yay Stargunner on Linux - not sure I will be playing this often but hey it was free :)

The Linux available gog.com titles are available here

Server 2012: Auto updates reboot after 3 days and how to fix

WHY WHY WHY!  What were they thinking?

Sorry this post is a little ranty but wow this caught me unawares and I just cannot see the logic to the changes.   If you want to fast forward to just fixing it scroll down to the section "How to fix"

Official Resoning from MS about the changes can be found here: here

In the section: 'Automatic Maintenance and changes to restart behavior after updates are applied by Windows Update' - it states: "Because Windows Update is a part of Automatic Maintenance in Windows 8 and Windows Server 2012, its own internal schedule for setting a day and time to install updates is no longer effective" So the GPO which worked fine on Windows Server 2000, 2003 and 2008 suddenly does NOT control when your updates and subsequent reboots are installed in Windows 8 clients or Server 2012. So how do you get back control of when your server reboots for updates? You need to configure the ""automatic maintenance" feature - of course, because consistency is boring. To configure this via GPO instructions are available here: http://blogs.technet.com/b/wsus/archive/2013/10/08/enabling-a-more-predictable-windows-update-experience-for-windows-8-and-windows-server-2012-kb-2885694.aspx in a KB Article entitled Enabling a more predictable Windows Update experience for Windows 8 and Windows Server 2012 My question is whose grand idea was it to have a less predicatable Windows Update experience in the first place. *sigh* Microsoft went some way to fixing the issue with KB2885694 which now means 2012 will at least acknowledge your GPO auto update settings but will still insist on doing a restart 3 days after the updates have been installed, which means an update might get installed at 4pm on Sunday will result in a reboot of a production server at 4pm on Wednesday. To prevent that - enable the "Always automatically restart at the sceduled time policy" which is shown in the example configuration about halfway down the "more predicatble windows update experience" page linked to above but for my scenario and recommended config (note unless using Server 2012 domain you will need to install the Server 2012 ADMX templates which are available here: http://www.microsoft.com/en-gb/download/details.aspx?id=36991 yet when I tried that - even with the admx templates installed I just could not find the Always automatically restart at the scheduled time policy, even in all policies view... sigh Rant Over!

How to fix it

Basically we need to apply the usual GPO updates policy used for your 2003, 2008 servers but in addition create the following key in the GPO (and just target it at server 2012 servers):

• Registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
• Value: AlwaysAutoRebootAtScheduledTime
• Type: REG_DWORD
• Value data: 0 (default value) or 1 (force a restart)

I did this using Group Policy by creating a GPP Registry key
Create a new GPO and drill down through Computer Config > Preferences > Windows Settings > Registy
Right-Click the Registry items and click New > Registry item

Add the above registry information into the key

Apply to your Windows Server 2012 servers and we are done! Normal update behaviour should be resumed. YAY!

Lotus Notes Beginners Guide to: Giving someone else access to your emails calendar etc

Open the mailfile > Click preferences

Click Access & Delegation Tab Under the Access to Your Mail and Calendar click the Add button

Now just follow these 3 simple steps:

1. Select the user you want to have access to your mailfile from thelist
2. Select Mail, Calendar,ToDo and Contacts
3. Select the level of access that you want the user to have

Click OK and then the user specified will be able to access the mailfile.