How to configure IEAK 7, IEAK 8 or IEAK 9 to deploy Internet Explorer 7, 8 or 9 with the menu bar visible without using Group Policy

System Requirements:

  • IEAK 7, 8, 9
  • Windows Vista, 7
  • Windows Server 2008, 2008 R2

The Problem:

The current version of IEAK allows you to configure the visibility of the command bar, the status bar and the tool bar however the option to make the menu bar (file, edit view etc) visible on the default install appears to be missing from the current revision of IEAK 9.

You can enforce the visibility of the menu bar through registry changes or through group policy, but the former is a headache requiring application during log-in and the latter does just what it says on the tin – it enforces it. Part of the design ideology of IE 9 was to reduce the UI of the browser to the simple necessities. While many users, particularly novice users will want the menu bar, some of your users may simply want to change all of their settings back to the IE 9 defaults.

“The web the way you want it”

More Info

If there is an option for configuring the menu bar visibility in IEAK 9, I can’t see it. Perhaps it is an oversight on the version that I’ve been building against and perhaps it’ll appear in a service release. For the time being, it’s just not there.

The Fix

The fix is to modify the custsec.inf that is generated by IEAK and then applied to the deployments default security context at package build time (.exe or .msi).

  1. Create your IEAK profile with all customisation’s, modifications and settings. Build it once (create the .exe or .msi)
  2. Exit IEAK
  3. Re-open IEAK and progress through the wizard until you arrive on the File Locations screen. Here, before continuing select the ‘Advanced Options…’ button
    IEAK 9 Advanced Options Button
  4. Now browse for the INS file that was created by IEAK during its first pass – note you are looking for the INS file associated with the pass, not the INF file that you edited in step 4. It will be located in the same folder
    IEAK 9 Browse for INS file
  5. Once located, click OK to return to the wizard and re-run through all of the options. IEAK should have remembered all of your preferences.
  6. Stop once you arrive at the ‘Wizard Complete’ screen
    IEAK 9 Pre-build Wizard Complete Screen
  7. Leaving IEAK running in the background. Open the build path’s INS folder in Windows Explorer. If you are building for Windows 7 / 2008 R2 x86 in English then by default this is something along the lines of:
    C:\builds\12232011\INS\WIN32_WIN7\ENU
    If you are building for Windows Vista / 2008 x64 in English then by default this is something along the lines of:
    C:\builds\12232011\INS\AMD64_VISTA\ENUNote that you are going into the INS folder, not FLAT or any of the others which have a similar structure.
  8. Locate and open the custsec.inf file in Notepad. This contains the security context data that will be built into the deployment package.
  9. Somewhere under the [AddRegSection.HKCU] section add:
    HKCU,”Software\Microsoft\Internet Explorer\MINIE”,”AlwaysShowMenus”,0x10001,1,0,0,0This will enable the menu bar by default when new IE profiles are created as part of Windows user profile generation on the local machine. To disable the menu bar simply change it to:
    HKCU,”Software\Microsoft\Internet Explorer\MINIE”,”AlwaysShowMenus”,0x10001,0,0,0,0
  10. Save and exit Notepad
  11. Return to the IEAK wizard and press the Next button. IEAK will now build the customised installer files
  12. Note that if you re-run IEAK it will overwrite your modifications to custsec.inf as it exits the ‘Additional Settings’ screen. Consequently you will have to reapply them from step 7.

If you wanted the custsec.inf modifications for the other toolbar options they are:

  • HKCU,”Software\Microsoft\Internet Explorer\MINIE”,”LinksBandEnabled”,0x10001,1,0,0,0
  • HKCU,”Software\Microsoft\Internet Explorer\MINIE”,”CommandBarEnabled”,0x10001,1,0,0,0
  • HKCU,”Software\Microsoft\Internet Explorer\MINIE”,”ShowStatusBar”,0x10001,1,0,0,0

Make sure that you test your installers before deploying with this as clearly it is unsupported.

Windows Vista & Windows 7 Implicit Answer File Search Order (Unattend.xml) Clarifying “Setup!UnattendFile”

System Requirements:

  • Windows Vista, SP1, SP2
  • Windows 7, SP1

The Problem:

A slight matter of a documentation error on TechNet that has existed for a very long time and is causing a lot of confusion.

More Info

TechNet states that the first and preferred search location for an Unattend.xml file is the registry location:

HKLM\System\Setup!UnattendFile

This is vague and confusing and is in fact probably typo that has been left for a long time. This could mean a value called Setup!UnattendFile under HKLM\System or a number of other things.

You can see the TechNet link below.

View: Manual Installation of Windows 7: Overview

The Fix

I can confirm from first hand experience with Vista, 7 and 7 SP1 that this should be:

Key: HKEY_LOCAL_MACHINE\System\Setup
Value Name [REG_SZ (String)]: UnattendFile
Value Data [e.g.]: C:\Windows\Setup\Scripts\MyUnattendFile.xml

Unattend.xml files found through this registry key do not have to be named Unattend.xml, you can call them whatever you like.

How to Enable Web Based Enterprise Management (WBEM) / Windows Management Instrumentation (WMI) for Remote Access under Windows NT 4.0

System Requirements:

  • Windows NT 4.0
  • Service Pack 4 or Higher

 

The Problem:

This document outlines the steps required to connect to a Windows Millennium machine using WMI using either a Monkier (inherited session credentials) or SWbemLocator.ConnectServer (specific, stated logon credentials).

This is often difficult to achieve, especially in a domain environment or an environment where more modern versions of Windows need access to the remote WMI service.

 

More Info

Windows NT 4.0 does not ship with any of the WMI components. Microsoft released WBEM version 1.5 for NT 4.0 as a separate download.

This guide will show you how to properly install WMI in order to facilitate remote access connections over a Network. Please note that while this will enable WMI requests over a LAN, the settings will not discriminate between a LAN and an Internet connection. Consequently firewall technology should be employed when dealing with systems that expose a direct peer-to-peer Internet connection.

 

The Fix

The steps below will enable you to connect remotely over WMI under some circumstances (but not all). These steps must be applied to install WMI and configure it before you can change the advanced remote connection settings.

The WMI 1.5 installer for Windows NT includes the DCOMCnfg.exe utility that is required for GUI configuration of WMI for remote access. Use the following steps to configure WMI for remote access.

  1. Install WMI 1.5 for Windows 9x
  2. When prompted, reboot the computer

 

Configure DCOM

Once you have installed dcm95cfg.exe you must configure DCOM. To configure DCOM run the DCOMCnfg utility found in c:\windows\system

  1. By default the “Enable Distributed COM on this computer” check box on the Default Properties tab should be ticked. Often if WMI isn’t working, this has inexplicably become unchecked, disabling DCOM completely.DcomCnfg Screen 1
  2. This will enable WMI to run on the local computer, but not from remote network connections. To enable the basic level of remote access check the “Enable remote connection” box on the Default Security tab. If this doesn’t work for you, keep reading!DcomCnfg Screen 2
  3. Restart the computer.

Windows NT implements WMI as a system service, so as long as the service is running and DCOM is started you will be able to remotely load WMI classes.

All being well, you should now have a working Windows NT machine which supports Remote WMI from modern Windows systems. Do keep in mind that these steps do not cover basic troubleshooting. You should already have Windows Script Host 5.6 installed and Internet Explorer 6.0 SP1.

If you would like to enable all of these settings without launching their respective utilities, you can use this registry script to automatically configure workstations with the remote access settings.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="Y"
"DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\
14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\
00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\
5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\
5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00

 

See Also

View: How to Enable Web Based Enterprise Management (WBEM) / Windows Management Instrumentation (WMI) for Remote Access under Windows 95, 98/98SE

View: How to Enable Web Based Enterprise Management (WBEM) / Windows Management Instrumentation (WMI) for Remote Access under Windows Millennium Edition

How to Enable Web Based Enterprise Management (WBEM) / Windows Management Instrumentation (WMI) for Remote Access under Windows 95, 98/98SE

System Requirements:

  • Windows 95
  • Windows 98
  • Windows 98 SE

 

The Problem:

This document outlines the steps required to connect to a Windows 98 or Windows 98 SE machine using WMI using either a Monkier (inherited session credentials) or SWbemLocator.ConnectServer (specific, stated logon credentials).

This is often difficult to achieve, especially in a domain environment or an environment where more modern versions of Windows need access to the remote WMI service.

 

More Info

Windows 95 and 98 First Edition (FE) do not ship with WBEM installed. Before you can access WMI in any form on these systems you must manually install the necessary services and resource files. This guide will show you how to properly install WMI in order to facilitate remote access connections over a Network. Please note that while this will enable WMI requests over a LAN, the settings will not discriminate between a LAN and an Internet connection. Consequently firewall technology should be employed when dealing with systems that expose a direct peer-to-peer Internet connection.

 

A Note on Windows 98 SE

While Windows 98 FE does not come with any WBEM components, Windows 98 SE does. The Windows 98 SE CD contains WBEM 1.10 components which can be installed from the Control Panel.

Windows 98 SE WBEM 1.10

It is important that you not use this version of WBEM on Windows 98 SE in order to connect remotely to the WMI service. This version of WMI is out of date (with the latest version being WBEM 1.5). Consequently if you are using Windows 98 SE, ensure that you have uninstalled ‘Web-Based Enterprise Mgmt’ from the Control Panel before following this guide.

More Info: WMI on computers running Windows 98, 98SE and Windows Millennium Edition

 

The Fix

The steps below will enable you to connect remotely over WMI under some circumstances (but not all). These steps must be applied to install WMI and configure it before you can change the advanced remote connection settings.

  1. Install DCOM 1.3 and do not reboot after the installation
    DCOM 1.3 Installer
  2. Install WMI 1.5 for Windows 9x
  3. When prompted, reboot the computer

Unlike the Windows NT installation of WMI, the WMI 1.5 installer does not include the rather useful DCOMCnfg.exe utility that is required for GUI configuration of WMI for remote access. Thankfully the DComConfig utility was made available separately for Windows 9x.

 

DCOM Config Installer

Configure DCOM

To configure DCOM run the DCOMCnfg utility found in c:\windows\system

DComCfg Utility Launch

  1. By default the “Enable Distributed COM on this computer” check box on the Default Properties tab should be ticked. Often if WMI isn’t working, this has inexplicably become unchecked, disabling DCOM completely.DcomCnfg Screen 1
  2. This will enable WMI to run on the local computer, but not from remote network connections. To enable the basic level of remote access check the “Enable remote connection” box on the Default Security tab. If this doesn’t work for you, keep reading!DcomCnfg Screen 2
  3. Restart the computer.

It is important to understand that unlike with Windows NT, Windows 9x doesn’t have the concept of a special system service. Consequently DCOM won’t start WMI when it is requested from the network. In order to enable on-demand access the WinMgmt.exe program in c:\windows\system\wbem needs to be running.

WinMgmt

This dos prompt command will run the process for the duration of the session. You can always confirm that it is running by pressing Ctrl + Alt + Del once and viewing the task manager.

WinMgmt Process in Ctrl + Alt + Del Screen

If you want to persistently run WinMgmt.exe as a ‘Service’ add the following information to the registry as shown.

 

Setup WinMgmt as a start service

Advanced Remote Access Settings

The above settings should work between NTLM enabled Windows 9x boxes and NT 4 systems, however you may have problems if the Active Directory extensions are installed or if you are attempting to connect from a Windows 2000, XP, 2003, Vista, 2008 or 7 machine.

Connection difficulties seem particularly true if you are using SWbemLocator.ConnectServer or are in any way connecting via IIS.

Do appreciate that this guide isn’t covering more basic things like “synchronise your accounts and passwords” between workgroup systems, ensure that you have IE 6.0 SP1 installed or that you have Windows Scripting Host 5.6 installed and so on.

First off, re-register the WinMgmt stack using the following command in the c:\windows\system folder

RegSvr Command for WMI

WBEM ships with an additional configuration utility, the WBEM Control app, found in c:\windows\system\wbem\

wbemcntl.exe

On the advanced tab enable the “Enable Anonymous Connection with share level security” setting and restart the computer.

Enable Anonymous Share Access

This setting allows WMI to respond to network requests that do not carry the required account credentials registered as having access to the WMI class hierarchy.

If you are now able to connect using SWbemLocator.ConnectServer you may like to try to reconfigure WMI to use WMICntl to assign permissions to WMI. To do that simply use the Security tab and, selecting Root, press the Security button and add in the user accounts that you want to gain remote access with to the security permissions list.

WMI Control Security

All being well, you should now have a working Windows 98 machine which supports Remote WMI from modern Windows systems.

If you would like to enable all of these settings without launching their respective utilities, you can use this registry script to automatically configure workstations with the remote access settings.

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\OLE]
"EnableDCOM"="Y"
"EnableRemoteConnect"="Y"

[HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM]
"EnableAnonConnections"="1"
"EnableStartupHeapPreallocation"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\Scripting]
"Enable for ASP"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
"WinMgmt"="C:\\Windows\\System\\WBem\\WinMgmt.exe"

 

See Also

View: How to Enable Web Based Enterprise Management (WBEM) / Windows Management Instrumentation (WMI) for Remote Access under Windows NT 4.0

View: How to Enable Web Based Enterprise Management (WBEM) / Windows Management Instrumentation (WMI) for Remote Access under Windows Millennium Edition