Internet Explorer 10 suggesting sites you never typed

I’ve started using the Windows 8 Consumer Preview as my primary OS, and have come across something incredibly frustrating within Internet Explorer 10.

Try typing a letter or two in the address bar, and you’ll most likely see a bunch of URLs that you have never typed or visited before:

 

The only way to remove these from appearing is through Internet Options.

Click Tools (or the gear icon) > Internet Options > Content tab > “Settings” under the AutoComplete section, and then uncheck this box:

 

 

 

Now the only thing that will appear are your typed URLs, history, and favorite items.

 

 

Hyper-V Cluster and Windows Server licensing

Thanks to Aidan Finn and this blog post, I’ve recently discovered that how I planned the licensing for my Hyper-V cluster is incorrect.

With two Dell R410’s in a Hyper-V cluster, I purchased two licenses of Windows Server 2008 R2 Enterprise. I figured that as long as I didn’t run more than 4 VMs per host, I’d be good. In the case of a Live Migration or fail over, the VMs weren’t permanently assigned to the other host so it’d be alright. For future VMs, one off purchases of Server Standard would be made to allow for their use.

I really don’t understand why Microsoft doesn’t make it more obvious that Datacenter really is what’s necessary to run a Hyper-V cluster. Unless you’re running 4 VM’s or less across two hosts, Datacenter is the only way to go. Any more than that, and you’ll be doubling up on Enterprise licenses for each host, which by that point you might as well buy Datacenter. For a two host Hyper-V cluster this will cost between $12,000-15,000.

I’m assuming this is just as much of a problem for ESXi clusters too; apply a Windows license to each host even though it isn’t running Windows, so that during failover, the licensing is legal.

 

At least now I know that this is incorrect, so for 2012 fiscal two Windows Server Datacenter licenses will be purchased. Of course with Windows 8 around the corner, I’ll be getting these licenses with Software Assurance (assuming Windows 8 isn’t out yet).

Thinking about Datacenter has got me really excited actually, because of the additional Hyper-V features, future improvements to DFS and DFSR (which I’m anxiously awaiting news of) and updated OS for WDS, RDS and a bunch of other services.

Thoughts on Windows 8 and user privileges

Windows 8 Metro start screenThe Windows 8 developer preview has been shown and released (although I have yet to find time to get it installed), and if you haven’t seen it yet, go watch the keynote at the Build conference here: http://www.buildwindows.com.

 

I’m looking at this less as a home user, and more as a system administrator for an office-based company of 350 people. Overall I’m very excited by some of the things shown, and think that it will be an immediate upgrade from Windows 7 as we bring in new computers.

Built in anti-virus is a great addition, and if the updates come via WSUS then it may finally be time to shrink our Symantec license count. The additional tools and functionality Windows Explorer, including the ribbon and file copy changes look really nice, and shouldn’t be too difficult to train users on.

I won’t repeat every feature that I’ve seen so far, but there are two things concerning me:

 

  • With the new hybrid sleep/hibernate power model, when will group policy computer settings be applied, and will putting the computer into this mode constitute a log off?We rely on our group policy objects for many things, including program installations and keeping various applications up to date. If one needs to wait until Windows Updates are done to force a real reboot (once a month based on Microsoft’s update schedule) that is an awful long time to go before GPO processes new changes.
  • I was really hoping Microsoft would revamp the permissions model within Windows, to allow program installs without Administrator rights.As more and more of our workforce get familiar with Windows and its programs, or even have grown up their entire lives using it, those people expect more control over their computer due to that familiarity. While it has always been recommended to lock down users to standard accounts for security and to ensure un-authorized programs are not installed, we are quickly entering a world where this will no longer be acceptable, due to the large amount of users who balk at the idea of control being taken away.

    Ideally what I would like to see is the Power Users local group brought back, but made better. Standard users would remain devoid of many privileges, and UAC would prompt for elevated credentials if required. Administrators would retain full control over all aspects of Windows, but these rights would only be granted to IT staff.
    Power Users would have the ability to install programs, and that’s about all. No ability to make permission changes, can’t change user accounts or rights, and are still prompted by UAC for elevated credentials when trying any of these things.

    This would give those who are comfortable with Windows the ability to install programs if necessary, as well as give IT the ability to assign programs through GPO and have it actually work without requiring Admin rights.

  • The last thing that would make my life (and our upcoming help desk staff) much easier would be the ability to unlock a user account as an Administrator, or even log into a different user’s profile with Administrator credentials.Lets say John Doe is logged on, and submits a ticket to the help desk for a problem only experienced with his profile. IT goes to that user (or remotes in) and finds the computer locked, with John no where to be found. The solutions to this are to keep a list of John’s passwords, or wait until he returns, neither of which are good solutions.

    It would be better if that IT staff remotes in, see’s the computer is locked by John, and unlocks it with their own account, getting into John’s profile. IT is already trusted with the keys to the organization, so its not like there is a security issue with this model.

 

I guess these last two things don’t really have much to do with Windows 8, but they were on my mind as I watched the keynote.

 

 

Shut down without installing updates – Windows 7

Shutdown with updates
What if I don't want to install updates?

An annoying attribute of Windows 7 is that when updates are waiting to be installed, if you choose to shut down, you MUST install the updates at the time.

While there are workarounds to shut down without installing the update (Ctrl+Alt+Del and the shutdown option there), they’re not suitable for an entire organization.

I understand the point of this being a default, but when one of the updates is Office 2010 SP1, and you have laptop users waiting to pick up and go it is not desired.

Fortunately there’s a Group Policy setting to give you the option to shut down without installing updates.

You can find this at:

User Configuration > Policies > Administrative Template > Windows Components > Windows Updates

 

Do not adjust default option to ‘Install Updates and Shut Down’ in Shut Down Windows dialog box.

If this option is enabled, you will get a regular shut down button, along with an extra option to “Install Updates and Shut Down” from the start menu shutdown arrow options:

 

Redirect HTTP to HTTPS with IIS

I’ve got an internal website that runs in IIS 6, for which I have enabled SSL. Due to the nature of this website, and the login credentials used, I want to make sure any access is always encrypted, but still allow my users to access it at http:// for ease of use.

 

Fortunately I found a pretty simple way of doing this with IIS 6 (I don’t know whether it’s still supported in IIS 7, but I imagine it would).

First, create a file called sslredirect.htm, with the contents as:

<SCRIPT type=text/javascript>
<!--
if (location.protocol != 'https:')
{
window.location = 'https://'+ location.host + location.pathname + location.search;
//alert(location.host + location.pathname + location.search); Just for sanity check
 
}
// -->
</SCRIPT>

 

Then, go into the properties of your IIS site, and on the Custom Errors tab, change error 403:4 to point to your sslredirect.htm file.

IIS custom error configuration
 

Now, if someone opens up http://www.website.com, it will automatically redirect them to https://www.website.com.