Posts tagged: Best Practices

Mo’ Blocks for the Builders!

legobrick_redThis is a handfull of nice buildingblocks for both PowerFuse and Wisdom. These are not insanely advanced or anything, just some handy tools that every RES admin out there ought to have in his toolbelt. An up-to-date list of all available buildingblocks on this site, can be found respectively in the PowerFuse and Wisdom Buildingblock archives. Click on the RAR files below to download the buildingblocks:

 

Icon, RarFile PowerFuse BuildingBlock: Default Global authorizations. This buildingblock will help you get from pilot to production much faster, by implementing some best practices for authorizations. The buildingblock contains a set of Global Authorized files which will enable the most common authorisations for Windows XP and VMware workstation. This will enable you to switch both Application Security and Read-Only Blanketing into Blocking mode much faster. For those of you out there using Vista, a seperate buildingblock will be made available later, as there are loads more stuff that Vista wants to pull up at logon. Besides, XP/2003 administrators will probably be happy not having to weed out a ton of unnecessary authorizations. If you want to have a look what’s in the box :), check out this nifty PowerFuse Instant-Report: Icon, PDF file 

 

Icon, RarFile PowerFuse BuildingBlock: Best Practice Registry settings. This is another buildingblock which will help you speed up initial deployment by implementing some of the most common HKCU registry settings. These cover a lot of common stuff, best practices, etc. For example you can redirect shell folders, disable the XP tour, configure the explorer windows properly and much more. You can preview the contens of the buildingblock by having a look at an Instant-Report for the module here: Icon, PDF file 

 

Icon, RarFile  Wisdom BuildingBlock: Add a computer to the domain. This is a simple module, however it ought to be in the toolbox of every Wisdom admin out there. It simply enters a computer into a domain, but also modifies the DefaultDomain registry key, so the user logging on afterwards does not have to change the domain dropdown. Believe it or not, this is a frequent item which helpdesks have to deal with, so why not eliminate it all together? The module should need no editing at all. When you import it into your Wisdom 2009 environment, it will prompt you for all necessary information.

 

Icon, RarFile  Wisdom BuildingBlock: Super Security Audit (21MB). With this module you will quickly get an overview of any outstanding security issues, related to missing updates, vunerabilities etc. The module installs MBSA 2.1 + the security cab files and report everything back to the Wisdom console. Also the module will report you MS product keys and do a WGA check on the machines you schedule the job on. There are several cool things worth mentioning about this module.

  • Scr, mbsa job resultThe module contains all the components ready to go. No extra downloads are necessary.
  • Just download, import and execute.
  • It can operate offline, which makes it great for those kinds of datacenters where allowing the servers to access the Internet is not an option
  • The module supports execution on both 32 and 64 bit OS’s. Wisdom will make sure the right bit-version of MBSA is executed on the righ platform

 

If you would like a sneak-peak of what this module can do look here: Icon, PDF file

Working with the RES PowerFuse Security models

Animated, Gears, boxA new technote has been added to the Technote library. This one is a hands-on how to work with the RES Security models. There has been a bit of confusion how these work. For example, what is the difference between authorizing an application on global level, versus on the individual application. This article will also help you get a grip on what you need to do in order to go from test into production with PowerFuse. Finally we discuss what is needed to do on an ongoing basis to handle change management (new apps) in the PowerFuse environment, once the security is locked down.

Go read the article here

Best Practices BB for Wisdom

BricksHere’s the first posting in the Wisdom Buildingblock archive. This one  contains some best practices for Servers and for Workstations. This is essentially  just a bunch of stuff which made sense at the time, but hopefully you may have some use for it.

This file contains two buildingblocks which contains some nice registry fixes picked up along the way, which can make things somewhat easier for you.  The Reghacks in these buildingblocks is just collections of relevant stuff that’s been googled over time. Slice and dice the modules as you like. The Workstation building block contains the following Reghacks

  • Delete cached copies of roaming profiles. We all know what  this one does, right?
  • Disable the XP tour. Eliminates that pesky bubble which will bother new users the first 3 times they logon
  • Remove VMware HGFS.dat (shared folder support) This thing has a nasty habbit of locking up profiles. Note: The HGFS reghack is disabled per default as you probably will need to change the Network Provider order so it matches your target environment
  • Remove USB device checking. This removes the This Device Can Perform Faster message. This is a legacy setting back from VMware 5x as it didn’t support USB 2.0. You may however still find use for it
  • Kill the indexing service on Vista. If you know where your s*** is, all this thing is gonna do is slow you down.
  • Clean up StubPaths. This will remove the first-time config of IE, Outlook Express etc at first login. You’re probably going to use PowerFuse for this anyway, right?
  • Reduce animation on .default profile. This can reduce the zoom effect when the PowerFuse loader screen pops up (not tested completely) but give it a whirl

The Server Best Practices module contains:

  • Disable the Shutdown Event Tracker. Yeah yeah, lot’s of good reasons to keep it, but if you hate to answer why you want to reboot your server, this is for you.
  • Disable print spooler logging stuff to the eventlog
  • Disable the Manage Your Server thing from popping up the first time you log in
  • Delete the HKLM shadow keys (see the module for more info)
  • Clean out specific citrix stuff from the HKLM Run key, such as Java update and the Icabar.
  • Clean up the stub paths, same as the workstation module.

On a side note, RESguru.com now has two new co-authors!

/TRG