I recently had a requirement to pin an application the Start Menu for All Users of the new corporate desktop during the Windows 7 automated build process.

 

Creating a shortcut in the All Users start menu is easily achieved by copying the shortcut to the folder C:\ProgramData\Microsoft\Windows\Start Menu\.  Pinning the application to the Start Menu is easy from within Windows; simply right click on the application shortcut and hit ‘Pin to Start Menu’.  However, achieving the same results automatically for all users is not so straight forward!

 

Icons manually pinned to the Start Menu are stored in the folder:

%AppData%\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu

There are also registry settings stored that hold this pinned application configuration (but as they as binary values it’s pretty much impossible to de-couple the settings).

 

Using Group Policy Preferences it is possible to add apps to the Start Menu.  However it is not possible to pin the apps so this is a dead end.

 

After some further investigation I uncovered the following information on the Microsoft website:

 

According to MS:

There is no direct programmatic interface to add pinned items to either the Start Menu or Windows 7 Taskbar.  This was done deliberately to prevent installation programs from spamming these locations with their icons (http://blogs.msdn.com/oldnewthing/archive/2003/09/03/54760.aspx).  This caused many customers to have to take manual steps in the image build process to configure pinned items.  However, there is an indirect way to automate this by using the Shell Objects for Scripting.

 

Some further research revealed the following VBscript which will pin the MyApp shortcut located in the C:\ProgramData\Microsoft\Windows\Start Menu\ programs folder to the Start Menu using Shell Objects.

 

Set objShell = CreateObject(“Shell.Application”)

Set objFolder = objShell.Namespace(“C:\ProgramData\Microsoft\Windows\Start Menu\programs”)

Set objFolderItem = objFolder.ParseName(“MyApp.lnk”)

Set colVerbs = objFolderItem.Verbs

For Each objVerb in colVerbs

If Replace(objVerb.name, “&”, “”) = “Pin to Start Menu” Then objVerb.DoIt

Next

 

So now that I can automate the process of pinning the app to the Start Menu I just need a way of achieving this for all users.  The solution is to use Active Setup.

 

Active Setup is used to configure user based settings for an application by running once per user.  During the early stage of the logon the registry keys under:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components

Are compared to those under:

HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components

 

Where an entry exists under HKEY_LOCAL_MACHINE\ but not under HKEY_CURRENT_USER\ Windows knows it has not run this Active Setup component.  It will look for the ‘Stubpath’ value under the key and execute the command referenced.  It will then add the key name under the HKEY_CURRENT_USER\ portion of the registry so that it will not run again for the current user.

 

So by copying the VBscript created earlier (PinMyApp.vbs) to C:\source\ and importing the following registry (PinMyApp.reg) file to the PC we have implemented a solution.

 

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\pinmyapp]

@=”Pin My App to Start Menu”

“StubPath”=”c:\\source\\PinMyApp.vbs”

 

Note that the double back slash is required in a reg file.

 

In this case the key name under Installed Components is called pinmyapp.  Typically, application GUIDs are used here but it’s not essential to do so.  If your application doesn’t already have a GUID associated with it you can generate one using an online GUID generator (just Google it).

 

I simply wrapped up these two actions into a batch file as follows and copied the reg and vbs files to the same folder as the batch file:

Copy %~dp0PinMyApp.vbs c:\source

Regedit /s %~dp0PinMyApp.reg

 

The batch file is then set to execute as part of the build process (in my case simply added to the MDT task sequence).

 

We have now achieved our goal.  Every user that logs onto the PC will now execute the script that pins the icon and the script will only run once per user.

Nearly every Windows laptop / netbook you can buy now comes with a built in LAN and wireless network interface and some with 3G as standard.  Whilst this offers great flexibility, having a laptop with multiple active network interfaces can have some drawbacks which I am going to discuss.

 

In home / small office it is unlikely that these issues will be applicable.  If there are a relatively small number of laptops then typically they will all just use LAN or Wi-Fi and in many cases communication between internal devices doesn’t extend further than the clients having to access a file / e-mail server in a workgroup configuration.

 

The scenarios below apply more to corporate laptops that are part of an Active Directory domain where access to the corporate network is available via LAN and Wi-Fi.

 

A switched, full duplex wired network eliminates data collisions and typically provides 100Mbps or 1Gbps throughput where multiple streams of communication can occur simultaneously.

 

By comparison a Wi-Fi connection using 802.11n technology is only half duplex as it is impossible for a device to send and receive data over the air at the same time.  Throughput speeds of up to 150Mbps sound impressive until you consider that only one device can communicate at a time and collisions have to be handled by CSMA/CA.  In short the fewer devices on the Wi-Fi network the better it will perform.

 

Taking the above into account it’s clear to see that in nearly every corporate scenario a wired LAN connection is superior to a corporate Wi-Fi network.  And that’s before you even consider other advantages of LAN such as low latency, QOS capability and security.  However, Wi-Fi is an invaluable tool and when offered in a corporate environment gives users the flexibility to work from anywhere within or even outside the office.

 

In an ideal world we would like to have both interfaces enabled and route all traffic over the LAN when available and WAN when disconnected from the wire.  This sounds obvious, but as I mentioned before there are some issues with this configuration which I will describe below.

 

Imagine Fred comes in to the office, docks his laptop and boots it up.   The docking station is wired to the network and the laptop’s wireless interface is enabled and configured within Windows 7 to automatically connect to the corporate Wi-Fi network.  The result of this is that Fred’s laptop ends up with two IP addresses.  As the corporation is using DHCP with active directory integrated DNS the NIC will be allocated an IP address and this will be registered dynamically in DNS.  The same will happen for the Wi-Fi adapter.  So the result is the laptop ends up with two active network interfaces each with its own IP address.  Both interfaces are capable of accessing internal corporate resources and the Internet.  Within DNS, two A records will be created for the same hostname – one for each IP address.

 

Windows will have assigned a metric to each interface and this will determine which interface is used as priority.  The metric assigned is based on link speed as follows:

Greater than 200 Mb – Metric = 10

Greater than 80 Mb, and less than or equal to 200 Mb – Metric = 20

Greater than 20 Mb, and less than or equal to 80 Mb – Metric = 25

 

In the case of Fred’s laptop we can do some quick analysis to see what’s happened.

 

An IPCONFIG will display the IP address allocated to each adapter.  From the results below we can see that the wired interface is 10.243.29.6 and the Wi-Fi interface is 10.67.12.58.

 

C:\Users\Fred>ipconfig

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix. : domain.com

IPv4 Address. . . . . . . . . . . : 10.67.12.58

Subnet Mask . . . . . . . . . . . : 255.255.252.0

Default Gateway . . . . . . . . . : 10.67.15.254

 

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix. : domain.com

IPv4 Address. . . . . . . . . . . : 10.243.29.6

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 10.243.29.254

 

 

By running an NSLOOKUP command we can confirm that DNS holds two IP addresses for the hostname ‘laptop’.

 

C:\Users\Fred>nslookup laptop

Server:                 DC.domain.com

Address:              172.20.220.26

 

Name:                  laptop.domain.com

Addresses:         10.243.29.6

10.67.12.58

 

 

By running the ROUTE PRINT command we can confirm the Interface metrics assigned to each adapter.  In this case a metric of 25 has been assigned to the wireless adapter (54Mbps) and a metric of 10 has been assigned to the wired adapter (1Gbps).

 

C:\Users\me>route print

Active Routes:

Network              Destination         Netmask              Gateway              Interface  Metric

0.0.0.0                   0.0.0.0                   10.67.15.254      10.67.12.58          25

0.0.0.0                   0.0.0.0                   10.243.29.254     10.243.29.6         10

 

When more than one network connection is available, Windows uses the one with the lowest metric value so in this case the wired interface should always be used for network traffic initiated from the laptop – so far so good!

 

However, we do get different behaviour if another computer initiates communication with the laptop.  Firstly, it must first resolve the hostname to an IP address.  We know DNS has two IP addresses associated with the hostname so how does DNS know which one to use?  The answer is that it is not aware of network metrics and is not qualified to evaluate which interface to use.  It therefore simply resolves the hostname to one of the two IP addresses based on round-robin.

 

This presents the first issue with having multiple active network adapters.  Say Fred undocks his laptop and walks to a meeting room with no LAN connection.  His access to internal resources and the internet continues to work seamlessly as the traffic is now routed over the W-Fi network.  Fred then encounters an application issue and calls the IT Helpdesk.  A technician attempts to remove onto his machine using a remote control tool but is unable to connect to machine.

 

The problem is that even though Fred has disconnected from the LAN, the associated DNS record is not deleted automatically.  We can prove this by pinging LAPTOP from the IT technician’s machine and confirming the connectivity failure.  Clearing the local name resolution cache and then pinging it again as shown below then results in a success (as DNS will then resolve LAPTOP to the other IP based on its round-robin method).

 

C:\Users\me>ping laptop

Pinging laptop.domain.com [10.243.29.6] with 32 bytes of data:

Request timed out.

Request timed out.

Request timed out.

Request timed out.

Ping statistics for 10.243.29.6:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

 

C:\Users\me>ipconfig /flushdns

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

 

C:\Users\me>ping laptop

Pinging laptop.domain.com [10.67.12.58] with 32 bytes of data:

Reply from 10.67.12.58: bytes=32 time=7ms TTL=122

Reply from 10.67.12.58: bytes=32 time=25ms TTL=122

Reply from 10.67.12.58: bytes=32 time=7ms TTL=122

Reply from 10.67.12.58: bytes=32 time=7ms TTL=122

Ping statistics for 10.67.12.58:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 7ms, Maximum = 25ms, Average = 11ms

 

 

These connectivity and performance issues typically cause a problem where another machine initiates the communication and has to do a DNS lookup in the first instance.

 

For most client/server style apps this is not an issue as the client initiates the communication and the server responds to the IP it received the request from.

 

Even when both connections are active, data transmission that is initiated from a remote machine may not occur over the interface with the lowest metric as the laptop will respond on the interface it received the request on.

 

In addition, there is another potential issue with having multiple active network adapters.  If Fred went to visit a different office and plugged into a 100Mbps wired LAN connection and also connected automatically to the corporate Wi-Fi network at 108Mbps he would get a metric of 20 for both connections.  This is not a desirable configuration as the LAN connection will give much better performance for reasons outlined earlier.

 

In order to overcome this issue on his Windows 7 machine Fred can hardcode a metric value on one or both of the network interfaces as follows:

 

In Control Panel, open the Network and Sharing Applet

Hit the Change Adapter Settings link

Right-click a network interface, and then click Properties

Click Internet Protocol Version 4 (TCP/IPv4), and then click Properties

On the General tab, click Advanced.

To specify a metric, on the IP Settings tab, click to clear the Automatic metric check box, and then enter the metric that you want in the Interface Metric field.

 

There are a few steps we can take to alleviate these issues…

 

HP Laptops have a BIOS setting called ‘LAN switching’.  Enabling this setting means that the laptop will automatically disable the wireless interface when a LAN connection is present.  Just unplugging the LAN connection re-activates the wireless interface.  I strongly recommend turning this setting on unless you have a good reason for having wired and wireless interfaces active at the same time.

 

A similar setting may be available in the BIOS of other manufacturers’ laptops.  In some cases you can achieve similar results by network management utilities provided by the manufacturer (e.g. Lenovo Access Connections).  In my opinion this is a chunkier way of doing this and the BIOS method would be my preference if this is available.

 

Another alternative is to train the end-user community so that they only activate and use Wi-Fi when required.

 

Finally training IT support staff and other appropriate people on how to run an NSLOOKUP command will allow them to identify the IP address of both adapters and then enable them to connect to the remote machine using the IP address.

 

Hopefully Microsoft is aware of this issue and will look to implement a solution in future implementations of Windows/DHCP/DNS…

 

PST (Personal Storage Table) files were introduced over 15 years ago and are used to archive e-mails, calendar appointments, and other data into a single PST file (or multiple files if you like).

 

The main reason people use PST files is because mailbox size limits imposed by administrators give them no alternative but to archive their mail in this manner.  Additionally, depending on how Outlook is configured the end-user may have accepted its kind offer to auto-archive mail without fully understanding the consequences.

 

By default new PST files are created in a folder under the user’s profile so they are stored on the local hard disk.  Hang on a minute; we’ve all been warned about the perils of saving data locally so surely PST files should be stored in a secure network location.  Not so I’m afraid – Microsoft does not recommend the use of these archive files over the network.  PST files can grow to enormous sizes and as Outlook maintains a constant connection to the archives it’s easy to see why Microsoft makes this recommendation.  However it creates a catch 22 situation.  Your choices are to save PST files on the network and suffer degraded Outlook performance coupled with an increased risk of PST file corruption or save the PST files locally and risk losing data in the event of a hard disk failure, laptop theft etc.

 

PST files are prone to corruption regardless of where they are stored and this can be caused for any number of reasons – bad sectors on a hard disk, power failure, application or OS crashes, network connectivity issues, virus/malware attacks, etc.  There are utilities to recover from corruptions (scanpst and some third party tools) but getting data back is never guaranteed.

 

Now, I’m not denying that PST files were invaluable in the early days of Exchange/Outlook but the time has most definitely come to banish them once and for all.  With a bit of planning and maybe a little investment I believe this is absolutely achievable.

 

Obviously every organisation is different but I’ll outline a couple of recent implementations I’ve worked on.

 

Case 1

An SMB customer had a legacy internal Exchange 2003 server for circa 100 users.  There was no resilience on this single server solution and the client suffered a fair amount of downtime over the last few years for various reasons.  Unhappy with the cost and complexity of maintaining this solution we agreed to move forward with a migration to office 365.  Taking the Staged Exchange Migration approach the users were migrated over the course of a week to ensure minimum risk/disruption.  Due to the small number of users the onsite support technician then assisted the users in importing any PST files they had into their new Office 365 mailbox.  The IT Director has deemed that the 25GB mailbox limit is perfectly sufficient for any individual’s needs.  In the future server based archival is an option that can be taken up.  Office365 has provided the additional collaboration tools of SharePoint and Lync and the company has also made move from BES/Blackberry to ActiveSync and opened up this capability to all staff.

 

Case 2

Working at a large corporation with several thousand seats we migrated all mailboxes to Exchange 2010. All end-users are now being upgraded to a new Windows 7 / Office 2010 laptops.  As part of the migration a custom built tool moves all local and network PST files to a network file share.  A PowerShell script executes as a scheduled task every night and ingests the data into the users Online Archive.  The users come in the following morning to receive their new Laptop with all their historical PST data available in their online archive.

 

The Online Archive is a new feature in Exchange 2010.  Essentially think of it as a secondary mailbox associated to the user’s primary mailbox that can be provisioned to a different mailbox DB.  This allows organisations to implement separate storage strategies for less frequently accessed e-mail (i.e. hosting the archive mailboxes on cheaper storage solutions).

 

In both of the of the above cases above applying a simple group policy setting to prevent the use of PST files was an absolutely essential step to ensure the problem does not return.  So to all sys admins out there who turn a blind eye to the use of PST files I say the time has come to do something about it!!

 

Comments welcome…

Hey there, welcome to Codester.NET.  This site is under rapid development and will be a valuable resource for IT professionals who write code or scripts. You’ll find everything you need here from help creating logon scripts to administering Active Directory.  Watch this space…