Deploying OpenVPN

Problem: When deploying OpenVPN I can use the /S switch to silence the installer but Windows will prompt to trust the driver manufacturer when it attempts to install the TAP interface. I can use a third party tool to turn off Windows drivers signing, or just do the right way.

Solution: Add the OpenVPN certificate to Trusted Publishers before installing OpenVPN.

Install OpenVPN on your test box . When prompted check the box for "Always trust content from this publisher"
Start the Certificate Manager snap-in and export the "OpenVPN Technologies Inc." certificate. I used the .cer format.
Use certutil to install the .cer prior to installing OpenVPN.

certutil -addstore TrustedPublisher openvpn.cer
openvpn-*.*.*.exe /S

References:

• TUN/TAP Wikipedia
• OpenVPN
• Import or export certificates and private keys
• How to do Silent Installation
• Certutil Manual

Allowing Non-Admin users to add printers OS X clients

Problem: I need to allow non-administrator users add printers to Mac OS X.

Solution:

Add the GeneratedUID from the everyone group (ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C) to the NestedGroups attribute of the _lpadmin group.

dscl . -append /Groups/_lpadmin NestedGroups ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C 

References:

• dscl Manual

Set Windows Compatibility Mode from the Command Line

Problem: I need to set an executable to compatibility mode to Windows XP SP3.

Soltuion:

reg.exe Add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" /v "C:\Path\To\Executable.exe" /d "WINXPSP3" /f

References:

• Running an Application as Administrator or in Compatibility Mode

Allow Non-Administrator Users Add Printer Drivers Windows 7

Problem: I need to Allow non-Administrator users to add print drivers to Windows 7.
Many of the workstations I administrate are located in remote location and end-users or site technicians from other organizations need to install local or network printers on the workstations.

Solution:

1. Install Administrative Templates (ADMX) for Windows Server 2008.
1. Apply this registry edit:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DriverInstall\Restrictions\AllowUserDeviceClasses]
"1"="{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}"
"2"="{4d36e979-e325-11ce-bfc1-08002be10318}"
"3"="{4658ee7e-f050-11d1-b6bd-00c04fa372a7}" 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint]
"Restricted"=dword:00000001
"TrustedServers"=dword:00000000
"ServerList"=""
"InForest"=dword:00000000
"NoWarningNoElevationOnInstall"=dword:00000001
"UpdatePromptSettings"=dword:00000002

References:

• Configure Computer Policy to Allow Non-Administrators to Install Specific Devices
• Control Printer Driver Installation Security
• System-Defined Device Setup Classes Available to Vendors
• Administrative Templates (ADMX) for Windows Server 2008

Shell Script Find Windows Version and Architecture

Problem: I need to find a script to find version and processor architecture windows in a windows shell script.

Soltuion: 

Batch/CMD Script

:; Find Windows Version and ArchitectureFOR /F "tokens=*" %%i in ('VER') do SET WinVer=%%i FOR /F "tokens=1-3 delims=]-" %%A IN ("%WinVer%" ) DO ( SET VarString=%%A )
FOR /F "tokens=1-9 delims=n" %%A IN ("%VarString%" ) DO ( SET WinVer=%%C)
FOR /F "tokens=1-8 delims=.- " %%A IN ("%WinVer%" ) DO (SET WinMajor=%%ASET WinMinor=%%B)
:; Set version+archicitecher string. 5.1.x86 is Windows XP x86, 6.1.x86 is Windows 7 x86, & 6.1.AMD64 is Windows 7 x64SET VerArch=%WinMajor%.%WinMinor%.%processor_architecture% 

 Powershell

# Find processor architecture and Windows version$processorArchitecture = (Get-ItemProperty 'HKLM:\SYSTEM\ControlSet001\Control\Session Manager\Environment').PROCESSOR_ARCHITECTURE$windowsVersion = (Get-WmiObject Win32_OperatingSystem).Version | %{$data = $_.split("."); Write-Output "$($data[0]).$($data[1])"}

Deploying Adobe Flash 11 Windows 7 64 bit

Problem:
I kept getting an error when deploying Adobe Flash 11.X to my Windows 7 64 bit workstations.
The error "This file does not have a program associated with it for performing this action. ..." Would pop up at the end of the installation and would cause the deployment task to hang until someone click "OK".

Solution/Deployment Task:
Set compatibility to Windows XP SP3 before installing.

1. Download standalone executables from Adobe.

http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_11_active_x.exe
http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_11_plugin.exe

2. Check if browsers are running.

REM Check if browser is running Exit 1
tasklist|find /i "iexplore.exe"
IF %ERRORLEVEL%==0 EXIT 1
tasklist|find /i "firefox.exe"
IF %ERRORLEVEL%==0 EXIT 1
tasklist|find /i "chrome.exe"
IF %ERRORLEVEL%==0 EXIT 1
tasklist|find /i "Safari.exe"
IF %ERRORLEVEL%==0 EXIT 1
EXIT 0

3. Copy install_flash_player_11_plugin.exe, and install_flash_player_11_active_x.exe executables to "C:\Windows\Temp\".

4. Set compatibility to Windows XP SP3 for the executables.

REM Set compatibility install_flash_player_11_plugin.exe
reg.exe Add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" /v "C:\Windows\Temp\install_flash_player_11_plugin.exe" /d "WINXPSP3" /f
REM Set compatibility install_flash_player_11_active_x.exe
reg.exe Add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" /v "C:\Windows\Temp\install_flash_player_11_active_x.exe" /d "WINXPSP3" /f

5. Execute the installation.

REM Install install_flash_player_11_plugin.exe
C:\windows\temp\install_flash_player_11_plugin.exe /install
REM Install install_flash_player_11_active_x.exe
C:\Windows\Temp\install_flash_player_11_active_x.exe /install

6. Take out the trash.

REM Delete install_flash_player_11_plugin.exe
DEL "C:\windows\temp\install_flash_player_11_plugin.exe"
REM Delete install_flash_player_11_active_x.exe
DEL "C:\Windows\Temp\install_flash_player_11_active_x.exe" 

Gmail as default mail client via Registry Edit

Problem: I need to set Gmail as the default mail client on a windows system without installing a third-party Program.

Solution:
The fallowing Regestry changes:

Windows Registry Editor Version 5.00 

;Use icon C:\Windows\Web\icons\mail.ico via 

@="%SystemRoot%\\Web\\icons\\mail.ico" 

; Setup Gmail mailto client. 

[HKEY_CLASSES_ROOT\Gmail.Url.Mailto]@="URL:Mail Protocol""FriendlyTypeName"="Gmail URL""URL Protocol"=""
[HKEY_CLASSES_ROOT\Gmail.Url.Mailto\DefaultIcon]@="%SystemRoot%\\Web\\icons\\mail.ico"
[HKEY_CLASSES_ROOT\Gmail.Url.Mailto\shell\open]
[HKEY_CLASSES_ROOT\Gmail.Url.Mailto\shell\open\command]@="rundll32.exe url.dll,FileProtocolHandler http://mail.google.com/a/yourdomain.com/?extsrc=mailto&url=%1" 

; Set Gmail as the default mailto client for the system. 

[HKEY_CLASSES_ROOT\mailto]"URL Protocol"=""
[HKEY_CLASSES_ROOT\mailto\DefaultIcon]@="%SystemRoot%\\Web\\icons\\mail.ico"
[HKEY_CLASSES_ROOT\mailto\shell]
[HKEY_CLASSES_ROOT\mailto\shell\open]
[HKEY_CLASSES_ROOT\mailto\shell\open\command]@="rundll32.exe url.dll,FileProtocolHandler http://mail.google.com/a/yourdomain.com/?extsrc=mailto&url=%1" 

; Set Gmail as the default mail client for the current user. 

[HKEY_CURRENT_USER\Software\Clients\Mail]@="Gmail" 

; Set Gmail as the default mail client for the system.

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail]@="Gmail" 

; Add Gmail to your mail client list. 

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Gmail]@="Gmail"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Gmail\Capabilities]@="""ApplicationDescription"="Gmail""ApplicationName"="Gmail"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Gmail\Capabilities\URLAssociations]"mailto"="Gmail.Url.mailto"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Gmail\DefaultIcon]@="%SystemRoot%\\Web\\icons\\mail.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Gmail\Protocols]
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Gmail\Protocols\mailto]"URL Protocol"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Gmail\Protocols\mailto\shell]
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Gmail\Protocols\mailto\shell\open]
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Gmail\Protocols\mailto\shell\open\command]@="rundll32.exe url.dll,FileProtocolHandler http://mail.google.com/a/yourdomain.com/?extsrc=mailto&url=%1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Gmail\shell]
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Gmail\shell\open]
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Gmail\shell\open\command]@="rundll32.exe url.dll,FileProtocolHandler http://mail.google.com/a/yourdomain.com" 

;Add Gmail to your default programs list 

[HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications]"Gmail"="Software\\Clients\\Mail\\Gmail\\Capabilities"