Group Policy

I’ve been doing work lately with Group Policy objects and decided I’d write a post about this in particular.

There are two important GPOs for every domain – the Default Domain Group Policy and the Default Domain Controllers Group Policy.

These are by far the two most important GPOs for any domain. They control all of the defaults of the domain and the domain controllers and as such they can either make life blissful or turn things into an unmitigated disaster quickly.

The best approach to take with deciding whether or not a setting should be placed in either of these is to look at three things.

First – Is the setting one you want to have apply to all machines and/or users in the domain or all domain controllers no matter what? After all, these are the defaults. One such setting that is commonly looked at is a logon banner. If there is only one such banner that will be displayed for everything the Default Domain GPO would be an idea place for this.

Second – Is this a setting that actually applies to all machines? This is actually important. There is absolutely no point in putting a setting that affects Windows 7 and higher in the Default Domain GPO if there are Windows XP machines on the domain. By doing so you force machines that can’t use the setting, or worse don’t even understand it, to waste time processing the setting.

Third – Is the setting one you have no intentions of trying to turn off for particular machines. Remember one thing about the Default Domain GPO – it is always at the top in order of precedence. Any setting made in it will always trump a competing setting and there is no way to change that. You really would not want to put a setting like “System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing” in the Default Domain GPO (I can say without a doubt that one in particular will cause untold grief in the Default Domain GPO).

The best practice for dealing with these two objects is to leave them as close to the ‘factory’ settings as possible. It is always a good idea to work with the settings you want that have the potential to be problematic in a separate GPO. That way, if the worst case scenario does come up, you can move affected machines or users to a recovery OU.

Copyright info

Washing machine trouble

This is a little off-topic for me but given how hard it was to piece this together I figured I would compile it all into one place for the next person to find.


NOTE – I am NOT an appliance repair technician. This information is presented as-is-follow-at-your-own-risk. I am NOT responsible for any loss you incur. You have been warned.


My Whirlpool washing machine recently began having a problem. Occasionally it would reach the end of the spin cycle and then start to fill with water again. This was mildly annoying, but could be fixed for a while by unplugging the washer for a couple of minutes then plugging it back in. It then began to have an additional symptom – it would agitate before filling. In figuring out what was wrong I ran into the following information.

I will walk through each of four troubleshooting/repair steps. These are in order of skill, and amazingly price as well.

Step 1 – check the water lines. It is possible, particularly with hard water, to have the hoses from the wall connectors to the connectors on the washer clog with deposits. Cut off the water, disconnect power, and disconnect the hoses. Check them for flow by either blowing air or (better) hooking them up to a garden hose and blowing water through. Reconnect the hoses and then power and turn on the water. If your washer runs fine at this point great. Otherwise go to step 2.

Step 2 – check the ATC hose. You will need some mechanical ability for this, along with one or more tools. In my case I needed a small socket wrench.

1] Unplug the washer from power.

2] Remove the control panel from the washer top. This varies from washer model to washer model. In my case there were two screws at the top on the back and two metal retaining clips accessible by reaching between the drum and the top. I was able to find instructional videos on Youtube made by repair techs that show how to do this properly. FIND AND WATCH THEM! If your washer is like mine you could accidentally break the door closed sensor if you don’t know what to look for.

3] Once you have the control panel loose look for a plastic hose. On my washer this hose was connected to the fabric softener yes/no switch. GENTLY pull this hose free of the control. If the washer has water in it good, if not fill it several inches full. Blow into this hose.

You should hear bubbles. If not, fill the tub a bit further and try again. If you still don’t hear bubbles, or if it feels like you are blowing against a solid object then this hose is clogged. You will need to find out how to get to the other end of it for your model. If you hear bubbles go on to the next step.

Step 3 – Replace the ATC control. This is where you start spending money unfortunately. If this is a Whirlpool or Kenmore brand machine check the control that the plastic ATC hose goes into. I found that my control, OEM part number W10177795, had been replaced with a new version, part W10292584. If you have the W10177795 part order this new W10292584 part. I was able to find this part from several online dealers for 45-60 dollars and got mine via Amazon for just under $49.

1] Unplug the washer.

2] If you put the control panel back on in the previous step take it off again.

3] Unplug the hose from the ATC control

4] Unplug any wiring harnesses. BE CAREFULL – before just pulling on the harness check to see if it is a locking harness. Mine had a blue harness with two wires and not lock and a 7-wire white harness that had a squeeze lock.

5] Remove the knob from the front. This knob most likely will just be a keyed push-on knob that will pull straight off (mine was).

6] Locate the retaining tab on the control and gently lift it up. Mine was located opposite of the wiring harnesses. The control will need to be rotated slightly and then should pull out the back.

7] Put the new control by reversing the steps. FOLLOW MURPHY’S LAW OF REPAIR – do NOT put the control panel back onto the washer completely. Murphy will come along and make you remove it again.

Plug the washer back in and try it. If it functions properly fantastic. If not proceed to step 4.

Step 4 – Replace the timer control. This is a far more expensive part in comparison to the ATC control but cheaper than a repair tech or a new washer. I was able to find his part on the internet from 130-160 dollars.

1] Unplug power from the washer.

2] If you put the control panel back on in step 3 pull it off again (Remember Murphy’s law of repair).

3] Locate the timer control. Again there are instructional videos on Youtube for specific machines – I am only going over the basic Whirlpool/Kenmore instructions.

4] READ THIS STEP FULLY. Remove the top knob. The knob is a locking knob. There is a push pin on the underside of the timer control which you must pull down in order to free the top knob.

5] READ THIS STEP FULLY. Remove the lower knob/cover. This is most likely keyed so be sure to pay attention to how it comes off so you can match it on the new control. I found using a PLASTIC paint remover was best for this as it prevented the control panel from being scratched and provided sufficient lift.

6] Remove the attached wiring harnesses. Again CHECK FOR LOCKING HARNESSES before just yanking on the wire. On most of these there will be two wiring harnesses, one small and one big.

7] Lift the retaining tab and slide the control. On mine the tab was located on the same side as the large wiring harness and the control slid to that direction.

8] Lift the control out and replace it.

9] Reconnect the wiring harnesses.

10] Put the lower and upper knobs back on and plug the power cord back in

At this point test. If you’ve done it right you should have a fully working washer and can reassemble the control panel back onto the washer top.

If the washer still does not work correctly, call a repair technician in – you have much more serious trouble that is beyond this guide.

Hope this helps any one who has stumbled across it! Good luck!

Outlook Web logon troubles…

Ran into this issue this morning.

One of our users had let his network password expire. Normally this is not an issue – the user is prompted for a new password as soon as he logs into the network. This user however is different from normal – He is an external user who only uses Outlook Web. He couldn’t change his password due to the Outlook Web Access page erroring on the change password functionality.

I went into the EMC on the Exchange 2010 server hosting OA and looked at the configuration.

We are using formas based authentication and therefore I needed to look at the segmentation settings. Openning EMC I went to Client Access under Server Configuration, and in the configuration pane I selected the OA server and then the OWA instance in the Outlook Web App tab in the bottom half. I then clicked the properties button and went the to Segmentation tab in the properties dialog. Scrolling down I found the Change Password entry and veried it was set to enabled.

As this was correct I then needed to make sure that is was really enabled.

Openning regedit I went to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSExchange OWA. Once there I found that the 32-bit DWORD key ChangeExpiredPasswordEnabled was missing. I added the key and set the value to 1 and exited regedit. I then openned an Admin command prompt and ran an IISRESET.

Taking a test user of mine I reset its password and set it to change on next logon. I then openned the OWA page and proceeded to login. Success – I now had a prompt to reset the password as required on the account.

