James Rankin

If you can’t uninstall a Windows app, the ARPNOREMOVE property might be the reason. When installing software on Windows devices, common deployment mechanisms such as Configuration Manager can set a custom property to prevent users from deleting the package. Setting the ARPNOREMOVE property results in the RegisterProduct action blocking the program’s uninstall string from being written to the Registry.

The new FSLogix version, which was released in October, introduces a long-awaited feature: VHDX compaction. FSLogix is a standalone product acquired in late 2017 by Microsoft for profile management and application masking features. It is primarily used in virtual desktop or RDSH solutions to provide users with a persistent experience in nonpersistent environments.

Sysinternals Process Monitor runs on a Windows device and uses a filter driver to log real-time file system, registry, and process/thread monitoring. It is a vital tool for troubleshooting Windows and combines the capabilities of two older Sysinternals tools: filemon and regmon.

When you access a file share in Windows and the conditions for access are not met, you are normally presented with a generic access denied message. It is actually possible to customize the error message to provide more meaningful and understandable output that aids with dynamic access control, rather than the simple “contact your network administrator,” which will invariably result in a call to the service desk. However, there are a couple of limitations to this functionality.

GPOZaurr and other tools help you with consolidation in the short-to-medium term, but as you move forward, there are other changes you can make that will make things much simpler and easier to manage. To make a significant difference to these user KPIs, there are two areas that must be concentrated on—folder redirection and loopback policy processing.

GPOZaurr from Evotec IT is a PowerShell module that is very useful for consolidating and managing Group Policy. In this post, I will demonstrate how you can use GPOZaurr to create Group Policy reports and deal with broken, disabled, invalid, or inapplicable GPOs.

In this series of three posts, I will discuss various tools that allow you to manage and consolidate your Group Policy environment. In today’s article, I will make some general remarks and take a look at two useful GPO tools: Get-GpoReport and Advanced Group Policy Management.

A popular topic in security circles these days is preventing lateral movement. Network segregation for admin tasks, or what Microsoft calls PAW—privileged access workstation—is key here.

In this article, you will learn about all the things you have to consider when configuring screen locking policies for Remote Desktop Session Host (RDSH) and Virtual Desktop Infrastructure (VDI) environments without affecting users.

Microsoft’s OneDrive application is making large inroads into enterprises as the Enterprise File Share and Sync (EFSS) tool of choice. While it’s easy to get up and running on personal devices, managing the OneDrive experience for users at any sort of scale can be challenging, particularly where users have limited storage or if they operate in Remote Desktop Session Host or VDI environments. Another option Microsoft gives you to help with these problems is a feature called Storage Sense.

In my last post, I discussed the preparations and process of migrating to OneDrive with Known Folder Move (KFM). Today, I’ll walk you through the corresponding Group Policy settings.

Known Folder Move (KFM) is a set of Group Policy Objects (GPO) settings that attempt to migrate user data into the OneDrive Sync Client with a minimum of user and/or administrator intervention. Data are moved automatically into the user’s OneDrive storage, allowing the user to then access this data from any device that either has the OneDrive application installed or can access the OneDrive web client. This post outlines the preparations for KFM, and the next post covers the Group Policy settings for the OneDrive Sync Client.

In Remote Desktop Session Host (RDSH) environments, such as Citrix, VMware Horizon, Parallels, or Windows Virtual Desktop, adopting OneDrive can often bring a unique set of challenges. Microsoft now recommends the use of their FSLogix solution to help address these challenges by providing a “local” cache essentially mounted to a remote container.

Microsoft deprecated the “TileDataLayer” model in the Windows 10 1703 Creators Update. In this post, I describe a hack that allows you to work with Start Tiles in roaming user profiles.

A Group Policy Object (GPO) has always allowed administrators to exclude folders from a roaming profile but not include them. I’d always assumed that the functionality of a roaming profile was more or less hardcoded, whereby it only captured data from AppDataRoaming. However, I have to admit I was mistaken, and I give big thanks to Raphael Schulz for pointing this out to me.