Monday, October 31, 2011

MAP 6.5 Beta

MAP Toolkit v6.5 Beta is now available at Microsoft Connect:
I don't think that you will be surprised over the fact that beside better user interface, its all about the cloud.
Download load it now and find out about the new features yourself:
Enhancements to the MAP user experience which streamline tasks and improve overall usability
  •  Server virtualization and consolidation feature enhancements including:
    • The ability to customize Microsoft Hyper-V Cloud Fast Track Configurations
    • The ability to set utilization thresholds for virtualization hosts and infrastructure
    • Enhanced UI controls that allows users to quickly find, filter, and select the list of machines targeted for virtualization
  • Additional in-depth migration analysis of applications to the Windows Azure Platform
  • Software Usage Tracking for Forefront Endpoint Protection servers
  • Discovery and reporting of "active devices" running the Windows Operating System
  • Discovery and reporting of SQL Server "Denali"
  • Discovery and reporting of Oracle Instances on HP-UX-based Itanium servers

And there is an Xbox with Kinect as a price for some lucky MAP Beta tester :-)

Monday, October 24, 2011

Creating an ISO file

Working in the virtual world its often easier to just create an iso file to move data/tools/etc. to the VM's, but Windows 7 can only burn iso files, not create them. (Windows 8 can mount them to)

Most free programs have the possibility to either burn or mount them, again not create.
Programs that can create ISO files are often complex and/or not free.

So today I just installed a cd burner program that I haven't used for years, but its free and small (4-5 Mb). And to my pleasent surpise its have the choice to save as ISO file. Nice :-)

Hat of to CdBurnerXP

Thursday, October 13, 2011

Intune session for Mtug Bergen

I will hold a session on Intune on the 18 of october in Bergen for the "Microsoft Technology User Group"

This is the day after release of the next version, so it will include the new version as well as the goodies from the first version.

Please spread the word

Wednesday, October 12, 2011

Seminar hos EDB Ergogroup Bergen

Velkommen til en opplevelsesrik Microsoft-dag
Torsdag 24. november setter Microsoft opp sitt fantastiske opplevelsessenter i lokalene våre på Bryggen i Bergen.  Sammen med andre kunder får du et innblikk i mulighetene som teknologien gir. Vi fokuserer spesielt på hvordan oppnå bedre kommunikasjon og samhandling i egen virksomhet og ut mot samarbeidspartnere/kunder. Du får garantert ideer som kan tas i bruk i egen virksomhet!

For IKT-medarbeidere tilbyr vi korte foredrag innen Microsoft teknologi; Windows 8, Windows Phone 7.5 (kodenavn Mango), SharePoint 2010, CRM 2011, Microsoft BI, Microsoft Lync, System Center Roadmap mm. Disse går fortløpende utover ettermiddagen i korte “slot’er” à 20 min slik at har anledning du får med deg  – og kryss av på påmeldingsskjemaet hva du vil delta på.

Vi starter med en uformell lunsj fra kl. 11:30. Deretter blir det noen timer med faglig påfyll, før det blir litt god mat, drikke og mulighet til å mingle med våre konsulenter og andre kunder.

Litt mer om opplevelsessenteret;
Microsoft opplevelsessenter er en arena hvor kunder selv kan prøve og få en opplevelse av hvordan Microsoft-teknologi kan bidra til å;
·         nå strategiske virksomhetsmål
·         oppnå økt produktivitet
·         redusere kostnader knyttet til kommunikasjon og informasjonsarbeid
…gjennom forbedret kommunikasjon og samhandling.

Hjertelig velkommen!

Hilsen oss i
EDB ErgoGroup Consulting Bergen

klikk her

Tid: 24. november 2011 kl. 11:30-18:00->

Målgruppe: IT og ledelse

Deltakeravgift: gratis

Kontakt Arild Pedersen
mail eller telefon
930 55 885.

Friday, October 7, 2011

What's hot in Oslo

And the answer is ME (no not the so called "Operating system")
I will have a session on the "Whats Hot?" on thuesday 27. okt talking about System Center 2012

To se more go here:
Or to sign on go here:

After a great day with knowledge we will attend the Tintin movie

Controlling your group policies with Wmi filters

The possibility to control group policies with wmi filers have been around for quite a while, but still I see companies doing weird stuff with logon script instead of using it. In fact most companies I am visiting don’t know how to use it, and therefor they don’t. And in many cases running group policies that are not intended for the computer can create serious problems.
Instead of using wmi filters and script you might of course create an OU design that will help you, but even then it will be cases with policies running on computers it should not have been applied to or not running on all computers its intended to. For example if somebody creates a new forest wide group policy adjusting the firewall rules, intended for all Windows client. You might not want that policy implemented on your server. Using a security group for filtering might prevent it from running on the servers but it might also cause all new clients to not run it, since they need to be put into the right security group. Selecting a wim filter that checks if the computer is running the right OS version or maybe just the right system (workstation, server or domain controller) are a great way to reduce the risk for implementing wrong group policies.
Creating new group policies are a process that needs to be done right. My way of doing it, are to always create a policy that is not linked to any thing. Next step would to be remove the “Authenticated Users” group from the Security Filtering and select the right wmi filter

Selecting what group you should user are always a question. Something you should know when taking that choice are:

· Authenticated Users = A group that includes all users whose identities were authenticated when they logged on. Computers are also part of this group. Cannot be changed!
· Doman Users = global group that includes all user accounts in a domain. When you create a user account in a domain, it is added to this group automatically. But the objects might have been removed!
· Domain computers = A global group that includes all computers that have joined the domain, excluding domain controllers. But the objects might have been removed!
· Domain Controllers = A global group that includes all domain controllers in the domain. New domain controllers are added to this group automatically. But the objects might have been removed!

Removing users or computers from the domain user/computer/Controllers groups can only be done if you select another primary group for the object first.

So in many/most cases you should use self-created groups instead of the default built in ones, especially the group Authenticated Users (the default selected one) should be used with caution since it includes both users and computers (included domain controllers).

When testing the group policy a good practice is to just select one computer/users instead of a group so you can see the affect it have before implementing it on all the users. Most of the time I also test it out on smaller groups in the beginning to be sure and increase the group size gradually. Remember to link the group policy to the right OU.

The Process of creating the filters

To create filters just start the “Group Policy Management” console, browse down to the “WMI Filters” under “Domains – ‘Your Domain Name’”.
Right click and select “New…” and the wizard starts

Type in a name and press the "Add" button
There are some basic filters you might want to create or at least know about.
Operating System related
·         32-bit Operating System
Select * from Win32_Processor where AddressWidth = '32'
·         64-bit Operating System
Select * from Win32_Processor where AddressWidth = '64'
·         Workstations / Clients
Select * from WIN32_OperatingSystem where ProductType=1
·         Domain Controllers
Select * from WIN32_OperatingSystem where ProductType=2
·         Servers
Select * from WIN32_OperatingSystem where ProductType=3
·         Windows XP
Select * from WIN32_OperatingSystem where Version='5.1.2600' and ProductType=1
·         Windows Vista
Select * from WIN32_OperatingSystem where Version='6.0.6002' and ProductType=1
·         Windows 7  
Select * from WIN32_OperatingSystem where Version='6.1.7600' and ProductType=1
·         Windows 7 Service Pack 1
SELECT * from WIN32_OperatingSystem WHERE Version = '6.1.7601' and ProductType=1
·         Windows 2003 Servers and domain controllers (because the “>1”)
Select * from WIN32_OperatingSystem where Version='5.2.3790' and ProductType>1
·         Windows 2003 domain controllers only
Select * from WIN32_OperatingSystem where Version='5.2.3790' and ProductType=2
·         Windows 2008
Select * from WIN32_OperatingSystem where Version='6.0.6002' and ProductType>1
·         Windows 2008 R2
Select * from WIN32_OperatingSystem where Version='6.1.7600' and ProductType>1

 You can use version numbering with the wildcard % to select all versions of a certain OS, but then you cannot use the = sign, instead use the LIKE parameter
Select * from WIN32_OperatingSystem where Version LIKE '6.1%' and ProductType=1
It’s also possible to use “Caption=” instead off “Version=”, then you can skip the “ProductType” parameter.
Select * FROM Win32_OperatingSystem WHERE Caption="Microsoft Windows XP Professional"
To include Service Pack level you can add “CSDVersion=”
Select * FROM Win32_OperatingSystem WHERE Caption="Microsoft Windows XP Professional" AND CSDVersion="Service Pack 2"
Hardware related
·         Specific computer model (in this case Lenovo W510)
Select * from Win32_ComputerSystem where model = '431929G'
·         Specific hardware manufacturer (in this case LENOVO)
Select * from WIN32_ComputerSystem where Manufacturer = 'LENOVO'
·         Installed Memory equal or more than 16 GB
Select * from WIN32_ComputerSystem where TotalPhysicalMemory >= 17108062208
·         If Application are automatic started (In this case MSN Messenger)
SELECT * FROM Win32_StartupCommand WHERE Name = 'msnmsgr'
·         Monday
Select * from Win32_LocalTime where DayOfWeek = 1
·         Tuesday
Select * from Win32_LocalTime where DayOfWeek =  2
·         Wednesday
Select * from Win32_LocalTime where DayOfWeek = 3
·         Etc…
·         Week in month (In this case first week)
Select * from Win32_LocalTime where WeekInMonth = 1
So the possibilities are many, but you should at least include the basic OS and computer types to make sure you can prevent the most basic fails done with wrong applied group policies.
When you have created set of Wmi filters you can also export, copy or edit them. Exporting is a great feature, you don’t have to remember the Wmi code the next time you need to create them, just import them. The MOF file being created is a clear text file if you just want to look at the Wmi code without importing it.

Wmi Code Creator

Wmi Code Creator is a helpful tool when working with Wmi Codes, it’s free and available for download at

It’s important to use the Wmi Code Creator on a computer with the same operative system or hardware (depending on what query you are looking for) since it loads the namespaces and classes from the running computer
Also be aware that if you use hardware related queries the results will be given with different format depending on the hardware manufacturer. Example like the “Select * from Win32_ComputerSystem where model = “query who will give you a cryptic looking result on a Lenovo like “431929G” but HP will give a great string like “HP EliteBook 8540w”. So if you are unsure or the query doesn’t seem to work use Wmi Code Creator on the computer to see what the result of the query is.
Getting started with wmi filters is not hard, just begin with the essentials and expand with more complex queries when you see the need for them, and after a while you will realize you can’t live without them.

Create a group for all Autopilot devices

Working with Autopilot and need a group covering all AutoPilotet enrolled devices? Michael Niehaus has this covered in his blogpost:  Autop...