Internet File Blocking on Server 2008 and Windows 7

We’ve got a client who recently upgraded their Windows Server 2008 Remote Desktop Services box from Office 2003 to Office 2010.  In doing so, they ran up against Internet File Blocking which Office 2010 seems to take seriously, where Office 2003 ignored it.

In a nutshell, any file you download from an “insecure” location, like say, your email, gets a tag injected in its Alternate Data Stream marking it as potentially unsafe, so when you try to open it using Office 2010, you get this helpful dialog:

blockeddoc

File permissions are fine and disk space and memory is plentiful, so what’s the glitch?  It’s the alternative data stream, a hidden feature of NTFS that allows, well, alternate data to be stored along with your file; so in our case, every downloaded file has a Zone Identifier in its ADS, and Office will hemorrage with an unhelpful dialog if it comes across something.  Internet Explorer at leasthas the decency to tell you the score:

ofsw

So, the question is how does one open these files in Office?

One way is to right click on the file, go into the properties tab and click the UNBLOCK button

fileblock3_30790E2A

But that can get tedious.

You can use SYSINTERNALS’s streams.exe file to strip the ADS out of a bunch of files.

Or, you can turn the behavior off, which is what we did for our client.

A quick trip to the Google brought us to Dixin’s Blog (which is where we cribbed the “file properties” screenshot from) and the steps are laid out very clearly there.

In a nutshell, go to Group Policies and edit or create a policy to enable a single setting in User Configuration > Administrative Templates > Windows Components > Attachment Manager > Do Not Preserve Zone Information in File Attachments.  

Log off and log back on, and you’re good to go.

(We also forced the “Notify Antivirus Programs When Opening Attachments” setting, just to be on the safe side).

Anyway, you should really just go read the article over at Dixin’s Blog and read Understanding The Internet File Blocking and Unblocking, it’s much better than this one.  Lots of screenshots and explanatory text in an easy to read manner.

 

 

Installing Chrome on a Windows 2008 R2 Terminal Server

Chrome is a pretty fantastic browser; in fact, I’m using it right now!  However, it wants to live in your AppData directory, and that’s a drag for users on Terminal Servers since administrators can’t easily install the application into that location, and users can’t install it themselves if they’re not administrators…

But Google has come to the rescue with an alternate installer that you can grab from their website: http://support.google.com/chrome/bin/answer.py?hl=en&answer=126299

So, log yoursef on the terminal server as an adminsitrator and download the Alternate installer for all user accounts.

Google is going to freak you out with a big button that says “Accept and Install” after you review the EULA.  DON’T PANIC! You;’ll be allowed to download the installer (ChromeStandaloneSetup.exe) and install it using the Programs app in the Control Panel, as you install all programs on the terminal server.  (You do use that, right?)

The Font Smoothing Box Does Nothing! (Where is Fallout Boy?)

There are times when Microsoft makes me wonder. You develop this cool technology, ClearType, which helps reduce eyestrain, you put checkboxes all over the Remote desktop client allowing me to choose to use or not use it, you have it active in the shell… but then you casually ignore it and withhold it from me. What gives?

Oh, a KB article sheds some light:

The option to enable theFont smoothing feature is not available in the version of RDC that was released with Windows Server 2003. By default, Windows Server 2003 disables theFont smoothing feature in all remote connections. These connections include the connections that are established through RDC 6.0.

Happily, MS’s dictatorship is matched only by its benevolence, because there’s a “hotfix” available for this problem:

KB946633:The “Font smoothing” feature has no effect in Windows Server 2003 terminal sessions

It kinda cracks me up…

“We’ll put the feature in.”

“But it doesn’t work. We should disable the checkboxes”

“Why would we do that?”

I bring this up because we just migrated a client over to a terminal server environment, and the number one complaint was “My fonts aren’t fuzzy!”

Since I actually prefer the crispness of an LCD display, I didn’t really notice, or care, but since I wasn’t signing the check, I did my best to comply. I used bing to google the issue, and found the hotfix.

Of course, since it’s a hotfix, it requires a reboot… so here I am at 5:30 AM, having just rebooted the server.

This hotfix is available via draconian download — you fill out a form, they send an email with the link – however, they put the link in parentheses, so Outlook botches the conversion and breaks the link, resulting in the need for you to copy and paste the URL into your browser. From there, it’s a Start > Next > Finish install and a reboot seals the deal.

As a side note: ClearType increases the bandwidth requirements, and is only available if you’re running in “High Bandwidth” mode in the RDP 6.0 (or better) client. It also needs to be turned on in the desktop session.

In the RDP client:

fontsmooth1

Click Options > Experience tab

The check off the “font smoothing” box.

On the Windows 2003 Desktop:

fontsmooth2

Right click on the desktop > Properties >Appearance tab > Effects button

That should do it!