App-V Hidden Drive Letter ADM File

In our environment, our users love their drive letters, and they do so to the Nth degree. As part of a change control process, myself and a colleague have scheduled the deployment of the App-V Client across our business estate to allow us to begin provding the users with user-centric real-time streamed applications to meet their business needs.

We today discovered the true nature of our Nth degree network drive letter because after some review, it became aparent that not a single letter (beyond the usual C, D, E for local disks) was free for company-wide use which caused us pain on the inside. We came to the conslucsion that people in our business very rarely use floppy disk drives anymore, and even less people (zero to my best guess) use a second floppy disk drive, which means that the B: drive would be available across the estate.

Using the Microsoft App-V ADM file for Group Policy (available for download from http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=25070), I re-configured our GPO to force the clients to use the B: drive instead of the App-V default Q: drive. I tested the configuration change on my own machine (ICT dogfooding for everyone), and also streamed a couple of applications to verify the drive letter change didn’t cause any issues, and I came to an idea. If the App-V virtual file system is inaccessible by the user because of the ACLs that App-V applies to it, and because the user has no reason to be meddling in the App-V virtual file system drive, why, display it to them?

I took a look at the Windows Explorer, Hide these specified drives in My Computer policy in the User Configuration portion of Group Policy however for reasons beyond me, Microsoft only gave you a very limited set of options in this policy (Hide A, Hide A and B, Hide A, B and C, or Hide All Drives). This policy was probably useful in the legacy days where you only wanted to restrict use of local floppy disk drives, however it’s not very useful in the 21st century.

The way around this, is to build your own custom ADM file to change the options for disabling the drive letters.

I have this evening created a custom ADM file for such a purpose, and in my example, the file is crafted to allow you to hide the B drive, or no drives, however you can add as many options to this file as you like.

How you configure the file to restrict particular drives is based on a binary value using a reverse alphabet table. Details for calculating this can be found on the Microsoft Support article Using Group Policy to Hide Specific Drives (http://support.microsoft.com/kb/231289). If you aren’t ocomfortable trying to do this in your head, you can simply copy and paste the table out of the article into Notepad and do your working in there.

Simply add the ADM file to an existing GPO and link it to an OU which contains users in AD, and you’re all set.

If you want to only restrict a single letter, then you can simply edit my file by modifying the label for, and the binary value for the BOnly item. The file is shared and free for you to download from my Windows Live SkyDrive account. I’m also happy to take comments or answer emails with questions about how to modify the file.

A Busy Week at Home and Work

As the title suggests, its a busy week this week all round. On Monday, I started the five day journey on the road to VCP while I attend the VMware vSphere 4.1 course with Gloval Knowledge, and with VMware currently running their own version of Microsoft Second Shot, hopefully I can have a chance if sitting the exam soon.

The wife, Nicky, Sat her final exam for her foundation course, Access to Higher Education for Midwifery, which means she now has the nervous wait to find out her final graded.

Me personally, I went to the doctors yesterday about my ongoing knee problems post-running and have now been referred to a physiotherapist for possible treatment.

As I write all this from my Windows Phone WordPress application, sitting in the car while Nicky runs into Tesco, we are about to go out for dinner with the girls to celebrate Layla’s birthday with another family, Gary and Amy and Joe’s birthday too.

VirtualBox Adds Direct3D and OpenGL – Hyper-V and VMware Please Follow

VirtualBox looks to be the first on the top of the virtualization pile with this one:

http://lifehacker.com/5295334/virtualbox-30-beta-adds-gaming+level-graphics

VirtualBox 3.0 Beta 1 has added Direct3D and OpenGL 2.0 support to their virtualization product, which means that those Windows Vista and Windows 7 virtual machines will finally be able to enjoy the Windows Aero UI that they so deserve.

For me, I think this could be a real driver for VDI (Virtual Desktop Infrastructure) as I think that main hold-back up until now has been the visual appearance of VDI (or rather the lack of).

I was rather hoping Microsoft could have managed Direct3D in Server 2008 R2 Hyper-V or Hyper-V Server R2 but obviously not as they use a graphics card much in common with VMware’s offering.

Hopefully this advance from VirtualBox will move them both along because we all know once one jumps the other will follow.

The Case of the Broken Default Domain Policy

So over the last couple of days, I decided as part of my server virtualization project at home with my new hard disks, I would rename the domain to something more suitable.

I found a tool on the Microsoft site called rendom.exe along with a few other tools for renaming a domain. I read all of the instructions and had a plan set out for doing it, and the process was fairly painless due to only having one Domain Controller, so there was no need to wait for forest and domain replication to take place.

Read the Full Post