Global DNS Blocklist

After the rebuild of a AD Domain Controller I was wondering why I could not longer get response from WPAD, when it hit me like a ton of bricks….. Global DNS Blacklist, this is a “feature” in some Microsoft products, and in this case specifically Server 2008 R2 that blocks the query of specific DNS names (isatap and wpad by default, although you can add and remove names to the list), apparently for security so that the address cannot be used to gain unauthorized access to the system through spoofing, all well and good, and I am all for added security but a number of browsers require it for automatic proxy detection, hence we  have to disable it.

Thankfully that is easy enough through an ADMINISTRATIVE command prompt using the following commands

If you want to check that the DNS blocklist is enabeld, type; dnscmd /info /enableglobalqueryblocklist if it displays 1, its enabled, if 0 its disabled nice and simple, but wait what if you want to see the contents of the blocklist, again simple through an administrative command prompt (lets assume from now on in this article that all command prompts are administrative shall we) simply type; dnscmd /info /globalqueryblocklist this will make the blocklist print out onto your screen

Now how to disable it, easy simply input the following commands

  1. dnscmd /config /globalqueryblocklist (Optional, this clears the blocklist that way if something happens and it is re-activated it is empty)
  2. dnscmd /config /enableglobalqueryblocklist 0

The second command there is the one that does the actual disabling, conversely if you want to enable it you should type dnscmd /config /enableglobalqueryblocklist 1. As an asside, if you want to ADD an item to the blocklist this is done by typing the following: dnscmd /config /globalqueryblocklist name where name is the item you want to add to the blocklist.

 

Also dont forget to ensure that the mimetype for the file is defined as “application/x-ns-proxy-autoconfig”

Windows Vista/7 God Mode

Here is a neat trick for those of you who do no know it already, Windows Vista and 7 have a “God Mode”, nothing more really than a way to access the system settings, there are however a few settings that are not normally available apparantly, although I have not looked at the whole list of options myself

 

Just create a folder somewhere with the name GodMode.{ED7BA470-8E54-465E-825C-99712043E01C} (“GodMode” can be replaced with anything you want, its the “extension” that is important)

 

[SOLVED] WSUS Update Error, Not reporting and error 800B0001

After a WSUS Rebuild, I started noticing that Machines, although associating with WSUS were showing up that they had not yet reported to the server, upon investigating this it was discovered that the clients were erroring and displaying error code 800B0001. The machine in question hosting WSUS is a 64 Bit Server 2008 R2 machine, with these details in hand I go off looking for a solution.

Looking for solutions to this I came across several sources indicating that this is a known problem, and thankfully that there is a solution available from Microsoft ( http://www.microsoft.com/en-us/download/details.aspx?id=29999 )

I simply installed the update, and restarted at then end as asked by the installer, once the server is back up I went back to the same clients and re-ran windows update, and off it went working again.

Nice Simple fix, if only everything was that easy

 

Language Management GPO

Recently (Well a few months ago) a client asked me to install multiple extra keyboards, on multiple (300+) PC’s through the organization, needless to say I was not to exited to do that manually, looking for options I discovered that there is no GPO available for it, and although it can be done through registry modifications, that whilst useful is not overly effective, so I wrote a GPO, at the time as it was a 2003 domain I wrote it as an ADM file, however as I was then asked for a similar thing (different languages) at a client with a 2008 domain the ADM files were useless (and so is ADMX Migrator from Microsoft/Full Armor, I recommend and use PolMan and its ADM Template Editor from SysPro [ http://sysprosoft.com/products.shtml ]) I re-wrote it for ADMX, and implemented it at a few client sites.

Forward to yesterday, a fellow tech at another client site had been asked the same thing, and came to me for advice on making their job easier, recalling these templates I promised I would forward it to them, which I did just moments ago (after making a minor modification and re-generating the ADMX to include a little joke for them, yet the inclusion is still useful for others, great how that works out hey) anyway I had always planned to release it to the public however I never had done, getting this request has prompted me to do it, currently there are 10 languages in there, I plan to add support for a bunch more in future and at the same time give Administrators and easy way to set the default keyboard layout but that will not happen till I have some spare time as at this point no clients require that functionality, if they do I will add it sooner

In the mean time download the file here , please note however, that the system contains no warranty whatsoever and although has been tested to work on Windows XP it is by far from guaranteed it is designed to work on Windows Vista and Windows 7

To install it just place it in the C:\Windows\PolicyDefinitions folder on your domain controller and restart Group Policy Editor, the settings show up under User Preferences > Administrative Templates > Keyboards

You can pass this on to others, so long as the work is still attributed to me, although I suggest you just point others here as it will allow them to get the latest version as it is updated

 

 

 

%d bloggers like this: