Author: Adam Fowler

Microsoft Word – Show all formatting marks

Posted on January 15, 2018October 20, 2020 by Adam Fowler

Microsoft Word 2016 and earlier versions have a handy toggle for ‘Show/Hide paragraph marks and other hidden formatting symbols’. It’s that backwards P looking thing in the Word ribbon:

… but also choosable from Word’s options under the Display section, called ‘Show all formatting marks’:

By default, this option is off. I had a business requirement to have it on by default, which proved harder to work out than I thought.

Normally for Word and Office, a user option is controlled by the registry. Procmon is great for capturing those changes, but I couldn’t see anything when toggling this option.

Jeremy Moskowitz from PolicyPak gave me a hint on finding the solution on this one; Word sets some of it’s user settings at the time of closing Word, rather than changing an option and pressing ‘OK’.

Once I knew that, the setting was easy to find.

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options

DWORD Value - ShowAllFormatting

1 - Enabled / On

0 - Disabled / Off

Word will read this setting at startup, and write to it at shutdown based on what the setting was last set to.

Using Group Policy Preferences and setting the option ‘Apply once and do not reapply’ to push out the registry setting will make it the default, but let users change it as they please.

Deploying a Locked Down Start Menu in Windows 10

Posted on January 10, 2018October 20, 2020 by Adam Fowler

The tiles in Windows 10’s Start Menu can be rather messy. By default, you get a lot – and they may be things you don’t want there such as News, Sports, Photos, Microsoft Store etc.

Since Windows 10 1607, there’s been a way to control this. Customize Windows 10 Start and taskbar with Group Policy covers how to do this, but there’s some errors and links that don’t work, so I thought it was worth giving a quick overview on how to do this.

Keep in mind that this process locks down the Start Menu tiles completely, users won’t be able to add, remove or change anything to do with tiles.

The first step is to configure the Start Menu tiles how you want them on a computer. You can add, remove, move, resize etc until you’re happy with how it looks.

Once that’s done, you’ll need to export the layout to an XML file. Easily done by opening PowerShell and running Export-StartLayout. This needs the -Path switch, e.g. Export-StartLayout -Path “C:\temp\startmenu.xml”

Copy the resulting startmenu.xml file into a central location that clients will be able to access, or copy it out to each machine through Group Policy Preferences. This XML file will be called in the Group Policy setting “Start Layout”.

The Group Policy setting called “Start Layout” lives in User Configuration or Computer Configuration > Policies> > Administrative Templates >Start Menu and Taskbar. You’ll probably want this at the user level rather than the computer level, but it depends at what layer you want this locked down at.

If you can’t see this policy at all, then you may need to update your Group Policy templates. Each time a new version of Windows 10 comes out, there’s usually new or updated Group Policies to use. There’s a good step-by-step here if you need help – I’d recommend downloading the templates that match the latest version of Windows 10 you’re managing.

Start Layout in Group Policy

For this policy, you’ll be setting the radio button to Enabled, and setting the Start Layout File value to the path of the XML file that you copied out or placed centrally.

Start Layout Settings

Once that is done, the Group Policy object containing this setting needs to be pointed at the users or computers you want it to apply to, just like any other Group Policy.

The end result is the client then having the same Start Menu tiles configured in the XML file.

You may find that some of the tiles are missing. I’ve seen this happen when the shortcut the XML points to isn’t in the location expected. Here’s an example XML file with just one tile configured for Notepad:

<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
 <LayoutOptions StartTileGroupCellWidth="6" />
 <DefaultLayoutOverride>
 <StartLayoutCollection>
 <defaultlayout:StartLayout GroupCellWidth="6">
 <start:Group Name="">
 <start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\Notepad.lnk" />
 </start:Group>
 </defaultlayout:StartLayout>
 </StartLayoutCollection>
 </DefaultLayoutOverride>
</LayoutModificationTemplate>

When a Tile is added to the Start Menu, if it doesn’t exist already, it will create a .LNK file and uses that for the tile. You may need to copy these off the computer you created the tiles on the in first place too, and copy them out to the same path on the computers you’re pushing this setting to.

You can also manually update or change the XML file yourself, which can sometimes be easier than going through the whole export process again.

One last thought I have on this, is that you can have multiple XML files going to different computers or users based on their requirements – but don’t over complicate things or you’ll be constantly managing tiles!

Windows Store Error 0x8024500c

Posted on December 12, 2017December 14, 2017 by Adam Fowler

I was getting this error company wide when trying to install any app from the Windows Store on a domain joined computer. The store was fully navigational, but any app I tried to install would instantly error. Showing the details would reveal Error Code 0x8024500c.

This is a fairly standard error code and there’s a lot of reasons already posted online; but for me it was one simple Group Policy setting:

Do not connect to any Windows Update Internet locations

Help:

Even when Windows Update is configured to receive updates from an intranet update service, it will periodically retrieve information from the public Windows Update service to enable future connections to Windows Update, and other services like Microsoft Update or the Windows Store.

Enabling this policy will disable that functionality, and may cause connection to public services such as the Windows Store to stop working.

Note: This policy applies only when this PC is configured to connect to an intranet update service using the “Specify intranet Microsoft update service location” policy.

Back in the Windows 7 days, it makes sense to disable this if you want to force clients to only use your WSUS servers and control the experience. However, it completely breaks the Windows Store!

You can find this policy under Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update.

Note that this doesn’t seem to break the private Business Store section if you have that configured up, which can be a nice way of controlling the apps your users see.

Update 14th December 2017

A friend pointed this out to me – before changing this setting, be aware that there’s a bug with Windows 10 Pro that is fixed in KB4053580:

Addresses issue that caused Windows Pro devices on the Current Branch for Business (CBB) to upgrade unexpectedly.

You may find your Windows 10 Pro devices being upgraded to Windows 10 1709 without you doing anything. Make sure you have this patch deployed before changing this setting.

Exchange Online and Exchange On-Premises Security Groups

Posted on December 8, 2017 by Adam Fowler

I had a requirement come up where I needed a list of Exchange Online users as well as Exchange On-Premises users. If you’re hybrid or going through a long migration, there’s many scenarios where you want certain products or settings applied against the users and accounts based on where their mailbox is.

You could maintain that manually, but why do that when you can automate it!

Thankfully there’s two easy commands that will return accounts based on where they are – get-mailbox and get-remotemailbox. As long as you’re in Exchange Hybrid mode, you can run both of these commands against your local Exchange server.

Here’s the quick script I wrote up:

$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange server name/Powershell -Authentication Kerberos
Import-PSSession $session
$remoteusers = Get-RemoteMailbox -resultsize unlimited
$onpremusers = Get-mailbox -resultsize unlimited
$remotegroup = "Exchange Online Users"
$onpremgroup = "Exchange OnPrem Users"

Get-ADGroup $remotegroup | Set-ADObject -clear member
Get-ADGroup $onpremgroup | Set-ADObject -clear member

foreach ($user in $remoteusers){
Add-ADGroupMember -Identity $remotegroup -Members $user.SamAccountName
}

foreach ($user in $onpremusers){
Add-ADGroupMember -Identity $onpremgroup -Members $user.SamAccountName
}

Remove-PSSession $Session

All I’m doing here is getting the two user types and putting them into variables – $remoteusers and $onpremusers. I’ve also used the group names as variables, so you can create whatever AD groups you like and put them into the $remotegroup and $onpremgroup variables.

Also I’m clearing out all members of the group before adding users, which means if someone gets migrated or leaves, they’ll be cleaned up from the old group properly.

Finally I’m going through the two users lists and using ‘foreach’ to add each user to the relevant group, using the SamAccountName value of each result to identify them.

It’s only a basic script, but you can easily add extra filters to the Get-Mailbox and Get-RemoteMailbox commands to do things such as only getting users from certain OUs.

This was tested on Exchange 2010, so if you get different results on Exchange 2013 or 2016 please let me know.

Win a Raspberry Pi 3

Posted on December 6, 2017December 6, 2017 by Adam Fowler

I was at the recent Microsoft Tech Summit in Sydney where I was learning all about the latest Microsoft bits and pieces, and being a Community Reporter:

I ended up winning from one of the vendors a Raspberry Pi 3 with case. I thought it’d be a good idea to give this away on my blog! I did plug it in once to make sure it works, but beyond that it’s brand new :)

What do you need to do to win this? Not much! I don’t like having much fluff around these occasional giveaways, so there’s just a few simple ways to enter. Drawn in 2 weeks, just in time for Christmas :) The Pi will sit on my desk in front of me until then, waiting for it’s new owner. You’ll need a Micro SD card and some sort of USB power source.

Win a Raspberry Pi 3 and Case

Share this:

Share this:

Share this:

Share this:

Share this: