VMware – Cannot Cut, Copy, or Paste to VM’s

KB ID 0000515

Problem

Ever since ESX 4.1 this feature has been disabled and you have been unable to paste to VM, VMware say in their own documentation:

Source (Page 215 – ESX Configuration Guide ESX 4.1 vCenter Server 4.1).

To turn this feature back ON you have a few choices.

Please be aware: We are talking about copy and pasting TEXT to and from a guest VM NOT files and folders.

Solution

ESX Option 1 (Enable Copy and Paste to VM an individual Guest machine)

Using vSphere 8 or Above

Firstly, you need to shut the virtual machine down > Right Click it > Edit Settings >  Advanced > Add the following TWO attributes and values.

Add in the following two;
Attribute: isolation.tools.copy.disable, Value: false
Attribute: isolation.tools.paste.disable, Value: false

Click OK >  Power the VM back on.

Using HML5 Web Client (Enable Copy and Paste to VM)

Firstly, you need to shut the virtual machine down > Right Click it > Edit Settings > VM Options > Advanced  > Scroll down.

 

Edit configuration > Add configuration params;

Add in the following two parameters then click OK

Name: isolation.tools.copy.disable, Value: false
Name: isolation.tools.paste.disable, Value: false

Using Flash Web Client.

Firstly, you need to shut the virtual machine down > Right Click it > Edit Settings > VMware Option Tab > Advanced > Edit configuration > Add in the following;

Name: isolation.tools.copy.disable, Value: false
Name: isolation.tools.paste.disable, Value: false

 

OK > OK > Power on VM

Using VMware Client (Enable Copy and Paste to VM)

1. Firstly, you need to shut the virtual machine down > Right Click it > Edit Settings > Option Tab > Advanced > General > Configuration Parameters.

2. Select “Add Row” and add the following two options:

[box]isolation.tools.copy.disable

isolation.tools.paste.disable [/box]

Set both these values to FALSE > OK > OK > Power the VM back on again.

Note: Even without these values set, if a VM is vMotioned to an ESX host that has the copy.paste options set in it’s config file (see below) then these features are automatically enabled.

Option 2 (Enable Copy and Paste to VM on an individual Guest machine)

1. You can also achieve the same as above by directly editing the .vmx file for the virtual machine, Add the following two values as shown below:

[box]isolation.tools.copy.disable=”FALSE”

isolation.tools.paste.disable=”FALSE” [/box]

Note: Even without these values set, if a VM is vMotioned to an ESX host that has the copy.paste options set in it’s config file (see below) then these features are automatically enabled.

Option 3 (Enable Copy and Paste on the ESX host for all the VM’s on that host)

Note: This procedure will be removed/reset after an ESX upgrade. (You will need to carry out this procedure again post upgrade).

1. Connect to your ESX server, either directly on the console, or via SSH. and execute the following command:

[box]vi /etc/vmware/config[/box]

 

2. Press i to insert text and paste in the following two lines:

[box]isolation.tools.copy.disable=”FALSE”

isolation.tools.paste.disable=”FALSE” [/box]

Press Escape > then type :wq to save the changes.

Additional Steps for Linux / Ubuntu to allow Copy and Paste to VM

1. Assuming you have the VMware tools installed in your Linux guest VM, if not execute the following command:

[box]sudo apt-get install open-vm-toolbox[/box]

To enable copy paste on the guest execute the following command:

[box]vmware-toolbox &[/box]

One the VMware tools properties page pops up you will be able to copy and paste.

Enabling Copy and Paste in VMware Workstation

Out of the box, this functionality is switched on. However if you lose it then open the virtual machines settings > Options tab > Guest Isolation > Enable the Copy and paste option.

Related Articles, References, Credits, or External Links

NA

Microsoft Teams: Suppress Annoying Message Pop-ups

KB ID 0001722

Problem

Wow! Who at Microsoft Teams thought that enabling that by default was a good idea? I was on a large conference call this morning, (about 150 people). Every message to the message feed was spewing onto my screen and making a noise during the meeting!

Thought: Why do ALL developers think it’s a good idea to have pop-up banner massages appear top right of the screen, (where your windows control buttons and things live), why not bottom right?

Anyway, I want them off completely, (if I want to read the messages I’ll open the message feed window!)

Microsoft Teams Notifications

Click your picture/Initials > Settings.

Chat > Edit.

Set as shown > Back to settings.

You may also want to alter, Notifications Section > Custom.

I’ve disabled ‘Banner’ for EVERYTHING and set them to only show in the feed.

Related Articles, References, Credits, or External Links

NA

Windows Server: Disabling SSL 3.0, TLS 1.0, and TLS 1.1

KB ID 0001675

What are these protocols?

Both SSL and TLS are cryptographic protocols designed to secure communications over a network (remember the internet is just a network). Originally we had SSL version 1 and version 2. But they were, (to be honest) ‘a bit bobbins’ and full of security holes, so never really took off. Version 3 however did and was widely supported. The problem with version 3 was, (again) that was also ‘bobbins’. All this came to a head with the Poodle exploit and people started getting rid of SSLv3.

So, what about TLS? Well TLS v1.0 was largely based on, (but not compatible with) SSLv3. TLS 1.1 replaced v1.0 (circa 2006). Problems with it prompted TLS 1.2 (circa 2008). Then that was the standard until TLS v1.3 (circa 2018).

However: Just because you use the newest protocols does not necessarily mean you are more secure: Most documentation you read says TLS 1.2 ‘Should’ be secure (that’s reassuring eh!) This is because these protocols are built on cryptographic ciphers and they are only as secure as those ciphers. You can corrupt a strong protocol with a weak cipher and render it less secure. In some cases, you may need to do this, or you might simply enable a web cipher to fix a ‘problem’ without understanding the consequences.

You are ‘Probably’ Reading this Because…

If you’ve had a security audit, or a company had scanned your network and produced a report that says you are running insecure protocols and you need to do something about it.

THINK: Security is a good thing, (I’m all for it,) BUT just rushing to turn things off, can cause you problems, where possible test any remediation in a test environment, many old legacy (for legacy read ‘applications that are business critical, and you can no longer update or get support on’) may still be using these old protocols. Simply disabling SSLv3.0, TLS v1.0,1.1, and/or 1.2 can have some negative effects, either on YOUR applications or in the browsers of your clients. Remember if you provide a web based service it will also need testing with any browser that your staff, or even the public may be using to access your web based platforms.

TLS 1.0 and TLS 1.1 might be ‘depreciated’ but it’s still widely used, disabling them will probably cause you more problems than the older SSL protocols, so test, test, and test.

ISOLATE: If you have old legacy applications and you need to retain them for compliance or financial reasons, then consider simply MITIGATING the risk by taking them off the local network, and running them in isolation.

DOCUMENT: If you need TLS 1.1 then that’s fine just because a scan picked it up, does not mean that you HAVE TO run to the server room and disable it. Most compliance standards are fine with you not fixing something, providing you document what it is and why it’s still enabled.

Windows TLS 1.2 Support: Clients from Windows Vista, and Servers from Server 2008 support TLS 1.2. but all the way to Windows 8.1 and Server 2012 R2 it requires an update, so make sure you are fully up to date before attempting to use TLS 1.2.

Exchange: Support for TLS 1.1 and 1.2 wasn’t added until Exchange 2013 (CU8) and Exchange 2010 (SP3 RU9). Beware Some (Older) Microsoft Outlook clients will only work with TLS 1.0

Windows Client (Internet Explorer) Disabling SSL3 and TLS 1.0, TLS 1.1

Before disabling protocols on the server, it’s good practice to disable those protocols on the clients, some time beforehand, the easiest way to do this is via Group Policy.

Windows Server Disabling SSL3 and TLS 1.0, TLS 1.1

Note: Before disabling anything enable TLS 1.2

Enable TLS 1.2

Execute the following PowerShell commands;

[box]

New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Force | Out-Null New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'Enabled' -value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'DisabledByDefault' -value 0 -PropertyType 'DWord' -Force | Out-Null    
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'Enabled' -value '1' -PropertyType 'DWord' -Force | Out-Null  
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'DisabledByDefault' -value 0 -PropertyType 'DWord' -Force | Out-Null

[/box]

What this actually does is create some registry settings;

Disabling SSL v2.0 and SSL v3.0

Note: SSL 2.0 is normally disabled by default on modern versions of Windows.

Execute the following PowerShell commands;

[box]

New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server' -Force | Out-Null 
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server' -name 'Enabled' -value '0' -PropertyType 'DWord' -Force | Out-Null 
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server' -name 'DisabledByDefault' -value 1 -PropertyType 'DWord' -Force | Out-Null 
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client' -Force | Out-Null 
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client' -name 'Enabled' -value '0' -PropertyType 'DWord' -Force | Out-Null 
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client' -name 'DisabledByDefault' -value 1 -PropertyType 'DWord' -Force | Out-Null
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server' -name 'Enabled' -value '0' -PropertyType 'DWord' -Force | Out-Null 
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server' -name 'DisabledByDefault' -value 1 -PropertyType 'DWord' -Force | Out-Null 
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client' -Force | Out-Null 
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client' -name 'Enabled' -value '0' -PropertyType 'DWord' -Force | Out-Null 
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client' -name 'DisabledByDefault' -value 1 -PropertyType 'DWord' -Force | Out-Null

[/box]

What this actually does is create some registry settings;

 

Disabling TLS 1.0

Note: Depending on your setup this may impact production, test it first!

Execute the following PowerShell commands;

[box]

New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server' -Force | Out-Null 
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server' -name 'Enabled' -value '0' -PropertyType 'DWord' -Force | Out-Null 
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server' -name 'DisabledByDefault' -value 1 -PropertyType 'DWord' -Force | Out-Null 
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client' -Force | Out-Null 
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client' -name 'Enabled' -value '0' -PropertyType 'DWord' -Force | Out-Null 
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client' -name 'DisabledByDefault' -value 1 -PropertyType 'DWord' -Force | Out-Null

[/box]

What this actually does is create some registry settings;

Disabling TLS 1.1

Note: Depending on your setup this may impact production, test it first!

Execute the following PowerShell commands;

[box]

New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' -Force | Out-Null 
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' -name 'Enabled' -value '0' -PropertyType 'DWord' -Force | Out-Null 
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' -name 'DisabledByDefault' -value 1 -PropertyType 'DWord' -Force | Out-Null 
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client' -Force | Out-Null 
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client' -name 'Enabled' -value '0' -PropertyType 'DWord' -Force | Out-Null 
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client' -name 'DisabledByDefault' -value 1 -PropertyType 'DWord' -Force | Out-Null

[/box]

What this actually does is create some registry settings;


Then REBOOT THE SERVER. Because NONE OF THE ABOVE WILL TAKE EFFECT until you do

Help Something’s Broken!

To revert your settings, execute the following PowerShell;

[box]

Remove-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\' -Recurse
Remove-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\' -Recurse
Remove-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\' -Recurse

[/box]

Then REBOOT THE SERVER.

Related Articles, References, Credits, or External Links

NA

Windows Group Policy – Disable The Local Windows Firewall

KB ID 0001090

Problem

I’ve got nothing against the Windows firewall, it’s certainly a lot easier to manage now than it was back in the XP SP2 days. But I find a lot of clients still just ‘want it gone’ and, providing they have a decent corporate firewall in front of them that’s fair enough.

Solution

1. On a domain controller or a client running the remote administration tools > Windows Key+R > gpmc.msc {Enter} > The Group Policy Management Console will open.

2. Select the OU that contains the ‘Computers’ you want to enforce this policy on, (or here I’m choosing the entire domain) > Right Click > ‘Create GPO in this domain, and link it here..’.

3. Give the policy a sensible name so you can see what it is doing later.

4. Right click your new policy > Edit.

5. Navigate to;

[box]

Computer Configuration > Policies > Administrative Templates > Network > Network connections > Windows Firewall > Domain Profile > Windows Firewall: Protect all network connections

[/box]

6. Set the policy to disabled.

7. Close the Group Policy Management Editor. If you have a Windows 2012 domain you can force the policy refresh on a particular OU like so.

9. Or simply run gpupdate /force on the target machine, (or you could also wait a couple of hours, or reboot the target machines).

SBS Note

An (SBS) Small Business Server domain enables the client firewall by default! The policy us called Windows Firewall Policy, which is usually linked to the computer OU under  ‘My Business’.

Related Articles, References, Credits, or External Links

Windows – Open a Firewall Port with Group Policy

ENE-NG and GNS3 – Speed and Duplex Mismatch

KB ID 0000983 

Problem

I don’t know why this happens sometimes with GNS3, and EVE-NG but occasionally I will get a connection between two devices that constantly complains.

%CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on {interface-name} (not half duplex), with {host-name} {interface-name} (half duplex).

For the uninitiated, a speed/duplex mismatch, usually happens when both ends of the link are set differently, or (more commonly) both ends are set to ‘auto’.

[box]

!
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!

[/box]

Solution

WARNING: DO NOT carry out this procedure on live networking equipment, this is only for use in the GNS3 environment.

If this happens to you, you will sensibly try and set the speed/duplex of both ends of the link correctly, on real networking equipment that would solve the problem like so;

[box]

PetesRouter(config)#interface FastEthernet0/1
PetesRouter(config-if)#duplex full
*Aug 6 13:40:39.815: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
*Aug 6 13:40:41.823: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
*Aug 6 13:40:42.823: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
PetesRouter(config-if)#speed 100
*Aug 6 13:40:47.855: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
*Aug 6 13:40:49.859: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
*Aug 6 13:40:50.859: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
PetesRouter(config-if)#

[/box]

But in some cases on GNS3 it does not, (not sure if it’s a bug?)

Is that happening to you, the only way to stop it is to suppress the error. To do this add the ‘no cdp log mismatch duplex’ command to the interface giving you the error.

[box]

PetesRouter(config)#interface FastEthernet 0/1
PetesRouter(config-if)#no cdp log mismatch duplex
PetesRouter(config-if)#exit
PetesRouter(config)#exit
*Aug 6 13:45:55.235: %SYS-5-CONFIG_I: Configured from console by console
PetesRouter#write mem
Building configuration...
[OK]
PetesRouter#
[/box]

Related Articles, References, Credits, or External Links

NA

 

Windows – Suppress the ‘First Run’ Welcome to Windows Animation

KB ID 0001186 

Problem

I don’t like ‘first-run’ dialogs, Internet Explorer is annoying enough, Now Windows and Office insist on playing me a film clip when they start for the first time. I’m a busy guy I have things to do, stop asking me questions and making recommendations!

It takes this long to create a user profile? I don’t think so.

Solution

You can do this by local policy on the machine, but domain group policy is the easiest and quickest solution. On a domain controller, (or client with the RSAT tools installed). Run the group policy editor (gpedit.msc), Then either open an existing policy, or create a new one and link it to the OU  with the target computers in it.

Navigate to;

[box]

Policies > Computer Configuration > Administrative Templates > System > Logon

[/box]

Locate ‘show first sign-in animation’.

Set the policy to ‘Disabled’  > Apply  > OK > Close the policy editor

Then either reboot the clients, wait a couple of hours, or manually run “gpupdate /force” on them. Or if you are on a Windows Server 2012 domain you can force the update from the policy editor.

Related Articles, References, Credits, or External Links

NA

Event ID 7026

KB ID 0000143 

Problem

Event ID 7026

Following boot-start system-start driver(s) failed to load: i8042prt

PS2 Mouse Driver – Booting a machine without a keyboard, or with a USB keyboard can cause this problem.

Solution

Stop this Service from starting – Note this SHOULDN’T affect your keyboard but if it does have a USB keyboard handy and DON’T disable the PS2 Ports in the machines BIOS

Start > Run > Regedit {enter} Navigate to, HKEY LOCAL MACHINESYSTEMCURRENTCONTROLSETSERVICESi8042prt On the right hand pane change Start from 1 to 4 (disabled).

 

Related Articles, References, Credits, or External Links

NA

Event ID 1525

KB ID 0000270 

Problem

Windows has detected that Offline Caching is enabled on the Roaming Profile share – to avoid potential profile corruption, Offline Caching must be disabled on shares where roaming user profiles are stored.

Pretty self explanatory – Offline caching is turned enabled on Windows shares by default, for shares that have profiles in them this needs disabling.

Solution

1. The error will tell you the username in question “It’s been blurred out above”. Go to a domain controller and click start > run > dsa.msc > locate that user > Properties.

2. The users profile can be in TWO places Either on the “Profile” tab, or the “Terminal Services Profile” tab. See which server it is on and go to that server.

3. If you are having trouble finding the share on the server click Start > Run > fsmgmt.msc {enter} > this will tell you where the folder is.

4. Locate the folder in question > Right click > Properties > Sharing > Caching tab.

5. Select “Files or programs from the share will not be available offline” > OK > Apply.

Related Articles, References, Credits, or External Links

NA

Deploying VMware View 5 – Part 2: Configure Windows 7 to be a VMware View Desktop

KB ID 0000596

Problem

Note: This is an old post for VMware view version 5, you might want to read Deploying VMware Horizon View instead.

In Part 1 we looked at setting up your connection server. To actually deliver a virtual desktop you need to a) have a desktop built, and b) have the VMware View ‘agent’ installed on it.

In addition there are various changes you need to make, both to streamline the virtual machine, and make it more efficient for VMware View.

Note: If you are doing manual assignment of desktops to users, then this is not as important, but if you are going to deploy linked clone desktops this is VERY important. Either way its still good practice to ‘prep’ desktops first.

Solution

1. Build the desktop you intend to deliver via View (In this example I’m using Windows 7 Pro x32 bit).

Licencing Note: For manual desktop assignments you can use MAK license keys, but for larger deployments using VMware composer and linked clones, use Microsoft’s KMS server to service your licensing needs.

Using KMS Server for Windows Server 2008 R2, Windows 7, and Office 2010

2. Run a full Windows update, allow the machine to reboot, then keep running Windows update until it says that it is up to date.

3. Then install the VMware tools.

4. Install any software and applications you require.

5. Download these scripts to auto configure your clients.

Note: There are two scripts, one called PrepClient.bat and the other called PrepClientPM.bat (Only use the latter if you are going to deploy persona management). I originally got these scripts from VMware, and have made a subtle change to them, they are 99% NOT my work!

Make sure you execute the scripts from a command window “As Administrator”, (right click the cmd shortcut while holding down Shift). You will need to do this even if you are logged in as the administrator.

What this script is doing?

a. Sets screen saver to “Blank Screen”, enable after one minute, and password protects it. b. Empties the internet cache. c. Turns off RSS Feeds in Internet Explorer. d. Disables Microsoft Action center. e. Stops the “Welcome to Internet Explorer” Dialogue for new users. f. Disables “Superfetch”. g. Disables Windows update (Note: If you are not using linked clones you might want to remove this line);

[box]reg ADD “HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU” /v NoAutoUpdate /t REG_DWORD /d 0x1 /f[/box]

h. Disables System Restore, and removes access to the restore options. i. Sets the application log size to 10MB and allows it to overwrite events as needed. j. Sets the system log size to 10MB and allows it to overwrite events as needed. k. Sets the security log size to 10MB and allows it to overwrite events as needed. l. Disables the Network Location Wizard. m. Disables Crash Dump Logging. n. Deleted files are instantly deleted, they do not go to the recycle bin (Stops the recycler file filling up with junk), to stop this remove this line.

[box]reg ADD “HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer” /v NoRecycleFiles /t REG_DWORD /d 0x1 /f[/box]

o. Enables Remote Desktop (RDP Connections) from all clients (the less secure option) p. Disables Windows User Access control. q. Disables Windows SideShow. r. Disables the following services.

Bitlocker Drive Encryption Service ‘BDESVC’ Block Level Backup Engine Service ‘wbengine’ Diagnostic Policy Service ‘DPS’ Desktop Window Manager Session Manager Service ‘UxSms’ Disk Defragmenter Service ‘Defragsvc’ Home Group Listener Service ‘HomeGroupListener’ Home Group Service ‘HomeGroupProvider’ IP Helper Service ‘iphlpsvc’ Microsoft iSCSI Initiator Service ‘MSiSCSI’ Microsoft Software Shadow Copy Provider ‘swprv’ Client side Caching Service ‘CscService’ Secure Socket Tunnelling Protocol Service ‘SstpSvc’ Windows Security Center Service ‘wscsvc’ Simple Service Discovery Protocol Service ‘SSDPSRV’ ReadyBoost Service ‘SysMain’ Tablet Input Service ‘TabletInputService’ Themes Service ‘Themes’ Universal Plug and Play Service ‘upnphost’ Volume Snapshot Service ‘VSS’ (Note: NOT Disabled if using the Persona Management Batch File) Windows Backup Service ‘SDRSVC’ Windows Defender Service ‘WinDefend’ Windows Error Reporting Service ‘WerSvc’ Windows Firewall Service ‘MpsSvc’ Windows Media Center Receiver Service ‘ehRecvr’ Windows Media Center Scheduler Service ‘ehSched’ Windows Search Service ‘WSearch’ Windows Update Service wuauserv’ Wireless LAN Service ‘Wlansvc’ Wireless Auto config Service ‘WwanSvc’

s. Sets Windows to show “Blank Screen” when booting instead of the Windows animation. “bcdedit /set BOOTUX disabled”. t Remove all Shadow Copies, “vssadmin delete shadows /All /Quiet” (Note: NOTDisabled if using the Persona Management batch file). u. Disables Hibernation “powercfg -H OFF”. v. Disables the “Last accessed” timestamp for windows files “fsutil behavior set DisableLastAccess 1”. w. Stops scheduled Windows Defragmentation (Note: In Linked clone environments this would expand all the delta disks and is a common ‘gotcha’). x. Stops the registry backup which happens every 10 days. y. Stops the scheduled Windows Defender tasks. z. Stops the Windows System Assessment Tools (this gives your PC its ‘performance rating’ from 1 to 5).

Another Option to Prepare Windows 7 for View

You can also (If you prefer a graphical tool) use Desktop Optimizer from Quest. (Note: Also needs to be ran as administrator or you will get runtime errors!)

6. Then Install the VMware View Agent.

7. Then make sure any floppy drives, and CD/DVD drives are also disconnected.

8. If the virtual machine is going to be in a manual pool leave it powered on. If it’s going to be part of an automated pool, you can snapshot it.

Related Articles, References, Credits, or External Links

Deploying VMware View 5 – Part 1: Configure Active Directory and Deploy VMware Connection Server

Deploying VMware View 5 – Part 3: Creating a ‘Manual Pool’ and Connecting a View Client

 

Assign Public IP Address (No NAT) on a Thompson Speedtouch ST510

Bridged Mode – Thompson Speedtouch ST510

KB ID 0000210 

Problem

You have a device either a PC, or In my case a Cisco firewall you want to have the public IP address assigned by your ISP, rather than the translated private IP address given out by the speedtouch router/modem.

Solution

1. Once you have your Speedtouch up and running, connect your devices to the back of it (it only has one internal Ethernet port so you may need to plug in a switch to get your laptop/PC, and the item in question on – though you can plug them in one at a time if your pushed). Select “Home Network” > “Devices” > all being well you should see the device you are after on the list > Select it.

2. Here’s my firewall listed, currently with a private IP address via DHCP (192.168.1.65 in this case). At the bottom select “Assign the public IP address of a connection to a device.”

3. At present nothing is set you need to click “Edit”.

4. Change the drop down section so that your device is listed and > Apply.

5. Now you should see it listed, if you mistakenly assigned it to the wrong device you can click “Unassign”.

6. Note on the device you will need to reboot or refresh the IP address before it will get the public IP address.

Firewall Notice

If you are deploying a firewall behind this router – you might find that your VPN’s work but your port forwarding and remote management does not. You will need to disable the Speedtouch’s internal firewall. Select Firewall > Configure > Select “Disabled” > Apply.

Related Articles, References, Credits, or External Links

NA