Windows 7 Quick Tips for the Enterprise

Set Network Location: The set network location doesn’t work when a workstation is joined to a domain. The reason for this is that the domain settings take precedence over all other network location settings. The assumption is that the network will have its only security settings.

Run As Administrator: This option will not work for domain users as you obviously will not want them running anything as administrator. My offsider seemed to insist that I had “locked it down too much” whenever he couldn’t do things like run cmd.exe as administrator. You need to Ctrl – Shift Right Click and Run as Different user then use a domain admin or equivalent account to do what you need to do.

Bitlocker: Make sure you setup bitlocker so it stores the HDD encryption keys in AD. This can only be done with Windows Server 2008 and above.

Open command window here: Windows 7 natively can open a command window at any location when browsing in Windows Explorer. While the hitting tab when in a command window to auto complete at command is great, this just might cut a couple of seconds and lot less typing when needing to dill down deep into a file structure.


No Logon Script!



In my company, we only had 1 logon script. It was used to do the usual stuff map network drives, add printers and a couple of other little things like reg key changes.

I dont know why, but I have never been a fan of logon scripts so when I was handed this Windows 7/Windows Server 2008 R2 deployment I decided to get rid of the logon script if at all possible.

The great thing about Windows Server 2008 R2 is that Group Policy has all these great Preferences settings that you can control, and the first one that caught my attention was “User Configuration\Preferences\Windows Settings\Drive Maps”

The best thing to do when setting up a entry under the Drive Maps preferences is set the action as “Replace”, that way if you need to make changes in the future such as changing a location it will dynamically update as its replacing this setting if changed at each Group Policy refresh. We have 4 drives mapped and our users connect via VPN about 25% of the time. When they did this before, they had to run a script to remap the drives, as part of Group Policy its always mapped for them.

Under “User Configuration\Preferences\Windows Settings\Registry” you can apply any registry tweaks to workstations, which removes another use for a logon script at my company. I only have 2 reg key updates in there 1 for a communication software we use and another for the desktop wallpaper due to an issue with themes in Windows 7

Finally If you setup your sever as a Print server you can deploy your printers via Group Policy and that eliminates the need for a logon script at my workplace, while only a small thing and we only have 80 odd users I feel that it just all seems cleaner.


Windows 7 Deployment Success!

Apologies for not updating for months but I have been thrust into a Windows 7 deployment since December.

I had to design the SOE for work from the ground up and learn Window Server 2008 R2 and Altiris Deployment Solutions at the same time. Lots of document writing and alot more to come.

I must say it was a great experience for me, but carrying the success or failure of this whole project solely on my shoulders wasn’t without its stressful points, but for the most part I had a blast.

I’ve been quite impressed that this site has been getting 10 or so hits a day even with the few updates that are on it, but that should change soon as I want to document alot of what I found during the SOE design and pilot process as there seems to be so little information online about Windows 7 deployment to the enterprise.

I also have a few other projects coming up including replacing our Exchange 2003 server with Exchange 2010 and redesigning the DR centre, so I’m going to be busy for a few more months yet.

I deployed Windows 7 SOE the weekend before Easter and apart from the few little problems that you will always get, things seem to be running well and everyone is happy.

I had some fun and games, mostly with Cisco and there incompatibility with x64 bit technology, which caused me to totally redesign everything, so no x64 bit Windows 7 until Cisco gets its act together with WebEx.

The new environment is Windows 7 x86 bit with Office 2007 Standard with Bitlocker encryption and McAfee VirusScan Enterprise controlled by EPO. Software deployment is managed by Altiris Deployment Solutions on Windows Server 2008 R2.


Discover Windows 7 Launch Event

The lucky few Microsoft partners had our chance to check out Windows 7 at the launch event “Discover Windows 7” yesterday, 13/10/09.

It was hosted by James Mathison of Channel V and Australian Idol fame, who apparently worked in tech support for Dell at some stage in the past (at least in reasoning why he was hosting the event)

While I didn’t win anything or learn anything new about Windows 7 I still had a great time checking out the new hardware that Acer, ASUS, HP, Sony and Toshiba are releasing next week with Windows 7.

I’m still not sold on Windows Mobile 6.5, it doesn’t look that flash to me and unfortunately flash is what sells, I mean look at the iPhone which is mostly just flashy stuff and cute icons.

Sony has a new ultra thin laptop coming out which is half the size of the Mac Book Air which is just totally amazing and I so want one.  As I cant find any links to the hardware because it doesn’t launch until next week, I cant put any up. But if I do come across some I’ll be sure to post them.

Ok, I’ve found via engadget the Toshiba laptops that I saw at the launch

and here is some Acer products