IE 11 Enterprise Mode Not Working?

A few weeks back, I wrote about the Group Policy changes in the Windows 8.1 Update.  One of the big changes in the Update was the addition of Enterprise Mode for Internet Explorer 11.  Enterprise Mode allows web sites (either specified by the end user or via Group Policy) to be processed in such a way that they appear to to the site to be Internet Explorer 8.  There are also some additional ActiveX security tweaks that happen in Enterprise Mode so that [hopefully] organizations can get away from being tied to older versions of IE.

In my testing of IE 11, I came across an application that many of my customers use on a daily basis that had some compatibility issues.  Specifically, a JavaScript pop-up that was supposed to appear when clicking on certain links wouldn’t show up.  All I was getting was a spinning “Please Wait” icon.

I had that “Aha!” moment and put the site into Enterprise Mode and…. buzzer.  Nope, same problem.  What gives?  This was supposed to fix this problem, right?

The Fix!

After banging my head against the desk a few times, it occurred to me that this particular web application has about 10 different URL’s behind it.  You go to the published URL for the application that looks something like http://application.trekker.net, get kicked to https://app.auth.trekker.net, then get kicked to a central login service page (Shibboleth, ADFS, etc.).  After logging in, you’re kicked to https://prod.app.authd.trekker.net:1234.  [URL’s have been sanitized and replaced with trekker.net to protect the innocent!]

After looking at the source of the page (right click > View source), there were another two (!) URL’s in the page I’d never seen before:  https://files.app.trekker.net and https://scripts.app.trekker.net.  Another “Aha!” moment!

I added both of these sites to my XML file (here are instructions on how to set that up) and, voila!  The app works!  It appears that Enterprise Mode was taking my list literally and wasn’t including either of these URL’s since they were different than the main web application.  Lesson learned: if using Enterprise Mode, make sure any other URL’s that are being called by the app get added to the Enterprise Mode IE website list to ensure that everything is running in Enterprise Mode.

Asking for Help as an IT Pro… The Right Way

I have a bit of a pet peeve: IT Pros asking for help… the wrong way. Don’t get me wrong…  I love sharing my knowledge. I love writing articles, responding to comments on those articles, responding to forum posts, and just general interaction with other enthusiastic IT Pros! But, I need you to help me, help you.  My hope in writing this is to give guidance to any IT Pro’s out there that are looking to have a question answered.  Just a little extra up front work by you can help out other IT Pros that want to help you solve your problem.

Here are a few of the common wrong ways to ask questions as an IT Pro and how to avoid them:

The “Do It for Me” Question

To protect the guilty, here’s a [pretty heavily] modified example I got via email:

I received a list of a few thousand accounts that need to be disabled in Active Directory. For the accounts with short usernames, the Active Directory Users and Computers search comes back with more than one account. It is very time consuming to go through all these accounts one by one to find the right account.

Is there a way that PowerShell can read a text list of the accounts and then move them to an OU named “Disabled” so that I can manually skim through them before I run the script to disable them? I’m not good at PowerShell. Could you give me the commands or a PowerShell script to do this?

If you send me a question like this, I’m probably going to ask you what you’ve already done to solve the problem. I totally get that you may not know PowerShell, may have been handed AD support even though that isn’t your normal area, or that you’re just busy at work.  But, you need to do some additional leg work or ask your question differently:

  • Perhaps a better question would have been: “Do you know of any good resources for managing user accounts in Active Directory with PowerShell?” or “Do you know some good resources for learning PowerShell?”
  • I hate to use the, “have you tried Google,” response, but have you? A quick search found me numerous scripts that do exactly what the IT Pro wants here.
  • Give me something to start with. Don’t ask me to tell you how to fix the problem if you’re not going to dome some upfront work first.

Honestly, I don’t think this person did anything to answer the question on her own. Always try to do some upfront leg work to solve the problem yourself. If you’re wanting someone to just do the work for you, you’re really looking for a consultant.

The “No Background Information” Question

Here’s another example:

I’ve got some VM’s that are not restarting correctly in Hyper-V. Any ideas why they aren’t restarting like they’re supposed to be.

Yep… that was the question. It’s a bit… light… on details. I don’t need your organization’s full infrastructure history, but you’ve got to include pertinent information. In this case, the IT Pro should have included which OS the VM is running, what version of Hyper-V they’re running, storage back-end, etc. Most of us aren’t mind readers, so I usually need some background information:

  • Include pertinent information about the environment.
  • Definitely include anything that may be unusual or out of the ordinary about your environment.
  • Make sure to include things you’ve already tried to resolve the problem.
  • Has something changed in the environment recently?
  • Has the system been working for a long time and now isn’t? Or, is this a new deployment of some kind and it has never worked correctly?

The “I Have a Question” Question

This example came in on the contact form on my blog:

I’m having some problems with some servers and you wrote some posts that are similar to the problems I’m having. Do you have some time to talk on the phone about it to help me out?

I’m not really a consultant… I’m a blogger. I have a day job outside of writing and, honestly, don’t always have time during normal business hours to talk because I’m working. I don’t always have time to talk outside of business hours because I have a home life too. For me, communicating via email or forums (for questions) is usually the best way to go.

  • Just ask your question… Who knows? Maybe it’s a simple answer.
  • Don’t reference something I’ve written without including a link to it. I’ve written a lot of articles and I may not remember the specific one you’re referencing.
  • Quite a few of us that blog and are active online on places like Twitter and forums have day jobs and may not be able to consult due to work or time constraints.
  • If you’re looking for a consultant, just ask! You may be surprised how many of us can refer you to someone who can come take a look at your problems.

The “Help Me Fix My Unsupported Production Configuration” Question

I don’t have a specific example I’m sharing on this one, but if you’re having a problem in your production environment and you’re not in a supported configuration, getting to a supported configuration is probably your answer.

  • I’m all about experimenting and trying out new things, but not in a production environment.  If this is a lab or test environment, tell me and I’m probably going to be more likely to help you. Just don’t tell me it isn’t production if it really is.
  • Read the vendor documentation! Most vendors are very good about spelling out what is supported and what isn’t. Most vendors are either going to require you to change your configuration to something they support or, if you’re lucky, give you minimal support to get you back up… so you can fix your configuration.
  • Don’t get mad at me if I point out that you’re doing something that isn’t supported. I’m just the messenger.

The “What in the World Are You Talking About” Question

Final example:

I’m trying to use screen sharing from my Windows 8 laptop to my Windows 7 desktop and it isn’t working right. I’ve tried it with tunneling on and off and that isn’t working either way. Do you think this is a problem with ports, IPS or what?

Huh? I honestly had no idea what this person is talking initially about based on his first email. I can make some guesses; but, because he didn’t use any standard terminology it slowed the process down while we ironed out what he was trying to do.

  • Use standard industry terms and correct product names.
  • Use current industry terminology. Things change… so does the terminology over time.
  • If you don’t know the correct term, just tell me so I’m not left scratching my head.
  • If you’re a newbie, just say so! I love helping out newbies! There’s nothing wrong with not knowing all the jargon if you’re still learning!

TL;DR

  • Do some leg work up front. Don’t expect someone that is helping you for free to do all the work for you.
  • Let me know what you’ve already tried and some basic background information on the problem you’re having.
  • Ask your question, not something like, “Hey! Can you help me?” Just ask already! 🙂
  • Respect the time of the person you’re asking for help.
  • If you’ve been told something isn’t supported in your production environment, getting to a supported environment is either the fix or a prerequisite for the fix.
  • User proper product names and terminology. If you don’t know them, let me know before you try to describe what you’re doing so I can try to figure it out.

Thanks! You can ask your question now!!! 🙂

~~Kyle

Upgrade the Windows Server 2012 R2 Edition from Standard to Datacenter

Technically, there are no differences between Windows Server 2012 R2 Standard and Datacenter other than licensing. I ran into an issue the other day where a 3rd-party package performed an edition check and refused to install on Standard. I contacted their support and they basically told me reload the box. (Thanks, guys!) After I little research, I was able to figure out that changing the edition from Standard to Datacenter is actually pretty simple and only requires a reboot.

01-change_server_2012_r2_editionIn addition to looking in System, we can also run the DISM tool to show the current edition of Server 2012 R2 that we’re running:

02-change_server_2012_r2_editionWe’ll need to find out if the install is capable of being upgraded to a higher edition.  To do that run:

03-change_server_2012_r2_editionIt looks like we’re eligible to upgrade!  Next, we’ll need to change the edition, accept the EULA, and provide a product key.  If you’re using Volume License (VL) media, you’ll need to use the Datacenter setup key that is provided by Microsoft.  If you’re using non-VL media, your mileage may vary.

04-change_server_2012_r2_editionNow we reboot and run the edition check again:

05-change_server_2012_r2_editionWe’re done!  After changing the edition, you’ll need to reactivate Windows Server with your KMS if you’re using a VL copy.

Can I go from Datacenter to Standard?

Unfortunately, no.  Using DISM to change the edition from Datacenter to Standard isn’t supported.  Here’s what happens if you try:

06-change_server_2012_r2_editionChecking the eligible upgrade editions will tell you that “The current edition cannot be upgraded to any target editions.”

07-change_server_2012_r2_editionHonestly, this is a big shortcoming from a licensing perspective.  Sure, if your entire environment is virtualized, this isn’t an issue for you since all the VM’s on top of your hypervisors are fully licensed by having the Datacenter edition on the host(s).  But if you still (for whatever reason) are installing physical servers that are running non-virtualized workloads, paying for Datacenter licenses over Standard licenses if you don’t need Datacenter can be pricey.

I’ve seen several posts on forums and blogs that say you can change a Registry setting to go back to Standard.  I’m going to go out on a limb and say that probably isn’t going to be supported.

One other word of warning:  I performed the edition change with DISM on a recently deployed OS.  I haven’t (and probably won’t) try doing this with a server/VM that’s been in use for any amount of time.  If you’re in that boat, definitely make sure you have a full backup of the system before you start making changes.

What kind of reference image should I use and what should be in it?

I had a great question come in last week and the writer agreed to let me respond as an article:

Kyle,

Last July, I started my first real systems administrator job at a school system here in the Midwest. One of the things I inherited was Ghost for imaging computers in classrooms, computer labs and so on. Now that Symantec is killing off Ghost, I’ve been tasked with figuring out how we’re going to re-image computers this summer. We’ve settled on using SCCM for our OS deployments, but I had a question about reference images after reading your series on creating base images in MDT. What do you typically include in your reference images? Our Ghost images include literally everything from Office to Java to other random education apps… just about all of them.  We even found an image with some old gradebook software in it. The gradebook software went fully web-based years ago (before I even got here) and the software just never got taken out! The problem is that it feels like we’re constantly updating the reference image (all 40-something of them!!!!), people have apps they don’t need, many of the apps like Java and Flash have to be updated immediately after a re-image, there are remnants of old software, and so on.

Any help or advice you can provide would be really helpful!

Jeremy S.

Jeremy,

First off, thanks for letting me answer your question in the form of a blog post!  And, thank you for responding to my followup questions so crazy fast.  Here we go:

I too came from the school of Ghost imaging; so, I totally understand where you’re coming from. A lot of people that use sector-based imaging solutions build these massive monolithic catch-all images and tend to update them for years on end before re-creating them from scratch (or they just keep using the same base forever!).  And for good reason… you tended to have to have a whole lot of them to cover all of your hardware types and use cases.  The good news is that when Vista came out, the whole OS deployment process got an overhaul and it made OS deployment far more customizable and predictable without the need to create these massive reference images (unless your particular environment requires it).

MDT and SCCM have really changed the game for OS deployments.  You don’t need to create a monolithic reference image that includes every single piece of software someone needs if you don’t want to.  You can install as much or as little as your want and then use MDT or SCCM to customize that deployment at install time.  So before we can really get into a discussion about that what of your reference image, you’ll need to decide what kind of reference image you’re going to create first.

There are three schools of thought when it comes to creating reference images:  Thin Images, Thick Images, and a Hybrid Images that are somewhere between Thin and Thick.

[Short Answer] Which do I recommend?  Honestly, it depends on your environment and what you’re trying to accomplish.  If you just need to test something like a script where you don’t need any applications or to be fully patched, a Thin Image is probably all you need.  If you’re imaging a computer lab full of computers that all need to be identical, then you probably need a Thick Image. Most people I know (including me) are using a Hybrid Image.  I use a Hybrid Image because the applications used by my end users vary and I like to be able to customize the deployment to their specific needs.

[Long Answer] —

Thin Images

For me, a Thin Image is OS only.  I’ve seen some people use just the RTM media to deploy Windows 7/8 and then lay down all their software, but there’s one huge problem with doing it that way…  If you use the RTM bits, you now have to install all of the Windows Updates too.  Ouch.  That can be really time consuming.  Personally, I like to keep a Windows  reference image that is using our currently supported version of Internet Explorer and the latest Windows Updates installed available as a Thin Image with no other 3rd party software.  Even if I don’t update it every single month, I’m not having to wait while over a year’s worth of updates are installed on the computer.  There’s also the added benefit of speeding up the process of building a Thick/Hybrid Image if I base it off my fully patched Windows 7/8 Thin Image.

PROS:

  • Smaller image since since you’re just dealing with the base OS (and possibly Windows Updates).
  • Very customizable since there isn’t any software installed.
  • Speedy install of a base OS (assuming you’re including Windows Updates).

CONS:

  • Requires months (if not years worth) of Windows Updates if you don’t make a reference image that has the latest updates.
  • The full deployment process of laying down the OS and installing all your software on a computer may be slower since you’ll have to potentially install Office, Adobe products, plugins, etc.
  • Potentially eats up additional CPU cycles and disk IOPS in a virtualized environment while software installs.

WHEN TO USE

  • Any time you just need Windows on a system… whether that be testing or systems that don’t require additional software.
  • When you need to customize the install of each and every computer that will be deployed.

WHAT TO INCLUDE

  • Windows Base OS
  • Latest version of IE your applications support
  • Latest Windows Updates
  • [Consider] Visual C++ Runtimes

Thick Images

A Thick Image is everything and the kitchen sink (ok, well maybe not the kitchen sink…):  Windows, Office, all the latest Windows/Office Updates, plugins, custom apps, and everything else you can think to install.

PROS:

  • PC is ready faster since all necessary software is installed as part of the image.
  • Works well as a “cookie cutter” deployment to large numbers of identical systems like in computer labs or corporate environments where every PC should be identical.
  • Easier to hand to junior level staff or temps since everything is already installed.
  • Less chance for a piece of software to be missed at deploy time since everything intended for the system is already in the image.

CONS:

  • May require more frequent updates since you’ll need to update it monthly for Patch Tuesday updates from Microsoft and third-party products.
  • May require patching after image is deployed since third-party products like Adobe Reader, Adobe Flash, Oracle Java, etc. may have been updated since the image was built.
  • May require building multiple reference images since software needs may differ between different departments, computer labs, etc.
  • An error like a misconfiguration or a piece of software that wasn’t installed in a Thick Image means the error goes out to more computers.
  • Users end up with software that they potentially don’t need.  Unneeded software will still need to be patched/updated even if the users doesn’t use it.

WHEN TO USE

  • Computer labs where a room full of systems will all be identical.
  • Server deployments where all the systems will be identical.
  • Large scale deployments where all the systems will be identical (see a trend here?).
  • Time sensitive deployment when you need to deploy the OS and all software as quickly as possible to a system.

WHAT TO INCLUDE

  • Windows Base OS & EVERYTHING else
  • Latest version of IE your applications support
  • Latest Windows Updates
  • Visual C++ Runtimes
  • Office (and latest updates)
  • Browser Plugins (Flash, Java, etc.)
  • Adobe Reader/Acrobat
  • Antivirus software
  • Management agents
  • VPN Client

Hybrid Images

A Hybrid Image is somewhere between a Thin and a Thick Image.  It would typically include applications that everyone gets that [hopefully] aren’t updated constantly like Office, Visual C++ runtimes, various agents, OS customizations like adding wallpapers, etc.

PROS:

  • Smaller images than Thick Images since unnecessary software isn’t installed.
  • More customizable as unnecessary applications aren’t installed and the image can be customized to the needs of the user of the system at deploy time.
  • Sped up deployment since larger common packages like Office and Windows/Office Updates are already installed.

CONS:

  • Still may require updates after deployment if the image isn’t updated regularly.
  • Slightly slower deployment if large packages are left out of image and need to be installed as part of the OS deployment process.

WHEN TO USE

  • You have applications that all users get (like Office for example), but you still want the ability to customize the experience for each department or user.
  • You don’t want to constantly update images to update things like Java and Flash.

WHAT TO INCLUDE

  • Windows Base OS
  • Latest version of IE your applications support
  • Latest Windows Updates
  • Office (and latest updates)
  • Visual C++ Runtimes
  • Management agents
  • Antivirus Software
  • Install everything else at OS deployment time

Create a Local Account During OOBE in Windows 8.1 Preview

When Microsoft released the Windows 8.1 Preview, they made it pretty clear that you would have to sign in with a Microsoft Account.  In the FAQ under “What are the system requirements for Windows 8.1 Preview?” they stated the following:  “In order to use Windows 8.1 Preview you must sign in to your PC with a Microsoft account. The option to create a local account will be made available at the final release of Windows 8.1.”  That same information has been echoed over quite a few sites.

As it turns out, you can create a local account on the Windows 8.1 Preview. Continue reading