That Office 365 Customization Tool

Those of us that have to tweak a lot of Office settings have come to depend on the Office Customization Tool over the years to save the headache of having to set these on every single user. With the introduction of O365 the tool has changed somewhat and for some reason not all of the options are available for O365 that were there in previous versions.

For example, I wanted to disable the Word Proofing option that Marks Grammar errors as you type as seen in the word settings below:

The office customization tool doesn’t give you that ability though, the item just isn’t listed:

Using Regedit I determined the key that controls this is Computer\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options\AutoGrammar  REG_DWORD Value=0

Using the examples in the default config xml I then created the line manually in the config xml to modify this during deployment/install and it worked.

It takes some experimenting to find some of the reg keys that toggle various application settings and sometimes there isn’t a reg key but it worked for most of my needs.

It appears you can create just about any registry key using the config.xml during an O365 deployment. I use MDT where I work and this method worked like a charm. I couldn't find this information during my internet searches so I thought I would post it here to help someone else out.

Windows 10 Enterprise and MDT 2013 Update 2

I spent the first two weeks of the new year fighting through the hot mess that is Windows 10 deployment with MDT. There are quite a few helpful blogs/forums/technet articles on how to accomplish a lot of these steps but many of them focus on the SCCM(config manager) aspects and I had to try to shoe horn their solutions into an MDT only deployment since I don't have SCCM.

This was done with MDT 2013 Update 2 (running on a Win 8.1 Hyper-V VM), Windows ADK 10.1.10586 and Windows 10 Enterprise 1511.

I was able to successfully deploy Windows 10 Enterprise (release 1511, FYI get a fresh ISO for 1511, if you use a previous build and install 1511 as a windows update sysprep will fail as it sees windows as an upgrade install. This will be the case for every quarterly major upgrade of Windows 10 from what I have read  *Update 8/18/16* This limitation of sysprep was removed as of the anniversary update of Windows 10) to a hyper-v virtual machine, install custom applications and Office 2010, any windows updates available at the time, remove unwanted windows 10 apps and capture this customized OS as a wim for redeployment.

During redeployment I included custom task sequence steps to customize the start menu to remove all the default icons and only show icons for Office 2010, Internet Browsers (a custom step was needed just to add Internet Explorer 11), and the snipping tool. I also removed one drive from running by default for all users thanks to Jorgan Nilsson for his helpful blog for most of these steps. I also loaded custom file associations to prevent Windows 10 apps from loading file types that we wanted more traditional applications to open.

Below I will list the custom task sequence steps I used. I placed all the files to be copied in a win10scripts folder in my deploymentshare. I plan to combine all the copy file steps into one cmd file but for testing purposes I wanted each as a separate step.

The following steps were defined in the task sequence for deploying the custom wim.

In the State Restore section after Tattoo

Copy IE shortcut - type Run command line

Command: cmd.exe /c copy %deployroot%"\win10scripts\Internet Explorer.lnk" "c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk"

Customize start menu - type Run command line

command: cmd.exe /c copy %deployroot%\win10scripts\layoutmodification.xml C:\Users\Default\AppData\Local\Microsoft\Windows\Shell\LayoutModification.xml /y

Copy onedrive uninstall file - type Run command line

command: cmd.exe /c copy %deployroot%\win10scripts\removeonedrive.cmd c:\windows\temp\removeonedrive.cmd /y

Uninstall onedrive - type run command line

command: cmd.exe /c c:\windows\temp\removeonedrive.cmd

After Install applications step

Copy win 10 default file association config - type run command line

command: cmd.exe /c copy %deployroot%\win10scripts\defaultapps.xml c:\windows\temp\appassociations.xml /y

Import win 10 default file association config - type run command line

command: cmd.exe /c dism.exe /online /import-defaultappassociations:c:\windows\temp\appassociations.xml

I attempted to move some steps earlier in the task sequence but they seemed to fail. As a result the custom start menu was not applied to the administrator account and one drive still seemed to be running under administrator. If I created another user or logged on with a domain account the settings were successfully applied to the new user.

Found a blog post from the deployment guys that increases the build speed by modifying the power settings to high performance. I saw about a five minute improvement on my 8.1 and 10 deployments by adding this step, depends on hardware and network speed obviously.

In my Preinstall section after the configure step I created a Run Command line step  called Set High Perf power

command: %scriptroot%\%processor_architecture%\powercfg.exe /s 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c

Testing revealed that changing the power  profile once windows actually boots gave no additional performance gain to the build so you can ignore the steps about adjusting the power profile again after the reboot and then having to set it back to normal at the end of your build.

Windows 8.1 dotnet 3.5 Install

Ever had to install dotnet 3.5 or below on a windows 8 machine or server 2012 machine? Kind of difficult sometimes if your organization uses WSUS and doesn't have the proper files/updates approved. The install will just kick out and say it can't download the required files. You then have to start googling for ways around this which will bring you to this command

DISM /Online /Enable-Feature /FeatureName:NetFx3 /All /LimitAccess /Source:d:\sources\sxs

Where you can substitute the source for your cdrom drive and your windows 8 disk are located. Unless of course you have either of these two windows updates (KB2966826 or KB2966828) installed which will only result in the command erring out saying it can't find the source files.

Uninstalled those updates and reboot and you can run the above command again from an administrative command prompt. I ended up copying the sources\sxs folder from my disk to a usb drive because it went about 20 times faster than the cdrom.

I'm not sure why I had a security update for dotnet 3.5 installed before I actually had 3.5 installed but MS threw it in there for some reason.

Thanks to Stephen Tomback in this thread for figuring this out.

MDT, Java and Adobe Reader OH MY!

Java and Adobe reader require at least quarterly updates for security and bug fixes. This makes it challenging to keep your PC images up to date so you don't have to manually apply all these updates on each PC. Googling for MDT and Java or Adobe reader takes you down many deep rabbit holes from which your mind not escape intact.

If you simply want a silent install of each of these beasts that will still get online updates as if you ran the typical web installer follow these instructions.

Java
Visit this page to get the manual(offline) installer for the latest release of Java
Import the file into MDT as you would any other setup. Silent install command is jre-7u67-windows-i586.exe /s

Adobe Reader
Visit this page to download the offline installer for the latest release of Reader. Import the file into MDT as you would any other setup. Silent install command is AdbeRdr11008_en_US.exe /sPB

So many of the posts out there were for old versions that didn't offer this functionality and had me installing orca or other MSI modifying programs that just were not needed anymore or had me building my own custom MSI file that then disabled the ability of these programs to auto update from the internet. My organization doesn't have SCCM or any other tools to manage updating these programs outside of the auto update that is built into them so it cost me a lot of time to go around and fix this on every computer.

Hope this saves someone some sanity and hours of their life.

HP Pro Desk 600 G1 SFF Video issue

Recently changed jobs and now have much broader job duties. Part of that was purchasing and deploying new desktop PC's. Our agency needed dual monitors for all users and we ended up choosing the HP Pro Desk 600 G1 SFF. It has on board VGA and 2 Display ports as well. We planned on using a DP-VGA adapter to be able to use our existing VGA monitors without having to replace all the cords with DVI or get a DVI adapter to couple with the DP-VGA adapter. We discovered though when we'd reboot with both the VGA port and one of the display ports in use that both monitors would just go black, still had the blue light on the monitor like the monitor was awake but it had no video signal. Powering off the computer and unplugging the Display Port monitor would allow the VGA monitor to work but having them both plugged in did not work.

We had the newest drivers for the system from the HP website as part of our build as of the date of this post and all windows updates for Win 7 x64.

We had disabled secure boot on this HP and enabled Legacy BIOS mode to be able to boot from a USB drive for our MDT deployment of Windows 7 x64

The fix:
Enter the BIOS using F10 while booting. Goto the Advanced menu, Option ROM Launch Policy and set Video Option ROMs to UEFI Only. F10 to accept change. Save Changes and Exit BIOS.

The first time the computer rebooted into Windows 7 X64 it blue screened and rebooted automatically. Subsequent reboots were fine and having both monitors plugged in worked fine thereafter.

The computer I'm looking at and trying this on right now has a BIOS version and Date of L01 V02.18 9/9/13.

------------------------------------
Update

After mixed results as I tried to image more of these desktops I ended up contacting HP support. They had me update the BIOS to L01 V2.23  which in most cases resolved the issue. Some instances I had to clear the CMOS by holding the button down for 5 seconds on the mother board.

Nimble Storage :)

My post from 2010 below detailed some of my storage challenges and considerations of another vendor. Due to budget/management issues we didn't end up doing anything but expanding our HP/Lefthand storage for several more years to my displeasure. Continued difficulty with technical and customer support were common so we took the approach of only upgrading or changing OS levels if absolutely needed. Every time we upgraded it created new problems or new bugs were introduced. We eventually got to the point that a good portion of the NSM's we had were no longer supported on the newer OS but were in the same Management group as newer units.

We had a large project request from an agency we serve and they had budget for SAN storage so my hopes rose that we'd be able to get something new. Fast forward a year and we are the proud owners of a Nimble CS 220. Looking back I'm very glad we didn't get an Equilogic. When considering tiers of storage I consider the Equilogic on the same tier as HP/Lefthand. We were considering Compellent until we came across the Nimble and I think we made the right decision. We'll be installing a CS240 in our primary Data Center soon and moving the 220 offsite for DR. If you haven't seen Nimble go check it out http://www.nimblestorage.com/

Nook Color CM7.1 network issues

Got a nook color for Christmas and naturally wanted to root it and turn it into an android tablet. The rooting process was pretty easy but I was experiencing all sorts of weird lockup and timeout issues with apps and surfing the web. Many hours spent searching forums later I found the fix. Here were the symptoms I experienced:

Facebook app would take forever to load
Youtube videos would play for maybe 10 seconds then buffer indefinitely
web surfing would time out
email would not sync
I would randomly seem to lose my wifi connection, or the indicator would turn white which means I'm connected to the network but it can't connect to google.
I could ping the IP my router assigned the NC but it was dropping 80+% of the packets

Things I did during troubleshooting:

Downloaded wifi analyser app to monitor my wireless signal and channels. No apparent conflicts with channels of other AP's in my neighborhood, signal was strong.

downloaded the speedtest.net app to try generating some non-http/youtube traffic to pin point if this was a web browsing/streaming video issue or a network issue in general. this app suffered disconnects as well when I started having trouble with the others. Oddly when I was running a speed test successfully the ping I had going to the nook responded 100% successful. As soon as the speed test was complete packets continued to drop as before.

Some forums suggested the following which didn't seem to make a difference in my case:
make sure the host name of the NC contains no special characters like - or %
Turn off AES encryption
create a DHCP reservation for the NC

The issue for me seemed to be a feature on my router called WMM. I have a netgear WGR614V7 with firmware 2.0.30_2.0.30NA. I didn't try checking for new firmware since turning off WMM made pings return to normal from the NC. I could then stream youtube on HQ and everything else returned to normal as well. The WMM setting was found under Advanced -> wireless settings, set it to disable. I suspect the CM7.1.0 encore build I'm using doesn't support WMM.

WMM (Wireless Multimedia) is a subset of the 802.11e standard. WMM allows wireless traffic to have a range of priorities, depending on the kind of data. Time-dependent information, like video or audio, will have a higher priority than normal traffic. For WMM to function correctly, Wireless clients must also support WMM.


I didn't notice any issues on my network with playing multimedia on my laptop or using netflix with this disabled so I have no problem leaving it off for the time being.