19 January, 2013

Managing Internet Explorer Add-Ons for All Users



I guess we all heard about the Java security breach. I don't know about you but I've heard about it and decided to take action like a good IT Professional. :)  We decided to deactivate the Java add-on on our Terminal Server which is running Windows Server 2008 R2. I realized that if I turn off the add-on manually from the Internet Explorer settings, the action is only takes effect only for the user account that your are logged in. But, what do you do for a Terminal server or on system that multiple user is using? I've found the answer on Microsoft TechNet forums and I wanted to share it with you guys because the answer wasn't easy to find at all.

First, here is the forum thread that I'm talking about;

http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/fe5b7fb6-bbda-42ac-87d2-a64f57f5d6a0

Here is the original article from Microsoft (even though it says Windows XP in the article, this applies to Windows 7 & Server 2008 R2 systems as well;

http://support.microsoft.com/kb/883256

Personally, I've configured these settings trrough GPO by setting up these 2 settings;

 - Computer Configuration, Administrative Templates, Windows Components, Internet Explorer, Security Features, Add-On Management
          * Deny All add-ons unless specifically allowed in the Add-On List = Enabled
          * Add-On List = Enabled

Optionally you might want to activate some of the add-ons. In this case, you will need to find out what is the CLSID (.....)
To find out what is your add-ons CLSID value for internet explorer, follow these steps;
 1 - Open Internet Explorer
 2 - Under Tools, click on "Manage Add-Ons"
 3 - Under "Toolbars and Extensions" on the right pane, right click on one of the add-ons in the list and go to "Columns" and make sure that the "Class ID" is checked. When this setting is checked you will see that the CLSID is shown along with all add-ons.
 4 - Use the CLSID value of the add-on that you want to enable in the "Add-On List"  GPO.

With all these settings in place, you will have the control of what is enabled and used in Internet Explorer by your users. You don't need to worry about Java or any other add-on security breaches.

Never forget to keep it up-to-date :)

03 January, 2013

VMWare "Failed to lock the File" Error

Recently I have created multiple virtual machines using VMWare Workstation 9. I wanted to prepare template VMs already installed, updated, patched and configured... Just ready to load and start my super clean VM lab. So after hours of work, all  my vms were ready with a nice Sysprep finish :) But when I started to use them, I realized that I could not open my vms...
I was just copying the template VM folder that I created earlier into another folder and just renaming the folder for my personal use, but i never renamed the actual files of vms. I would go from my VMware Workstation and do "File", "Open" . Surprise!


"Failed to lock the file. Cannot open the disk 'C:\path\vmfilename.vmdk' or one of the snapshot disks it depends on.

Here is what I found. Actually, I think it will be even better if I just state the most important part of the VMWare knowledge base article # 1038189 regarding this problem. Here is the WHY? ;

The error Failed to lock the file means that another process is opening the file and the process you are using cannot open the file properly. 

This typically occurs if you:

  • Start two copies of the .vmx file
  • Power on a virtual machine with mounted disks (via the vmware-mount utility)
  • Try to turn on a virtual machine through the user interface during a snapshot operation
  • Try to add the same virtual disk to the machine twice.

And here is what you should do to remedy the stuation;

To resolve this issue, remove the disk from the virtual machine and re-add it. When you re-add it, you can use the datastore browser to locate the disk on one of your datastores.

Basically, all I needed to do is remove the virtual disk trough my vm's settings and re-add it.