Monthly Archives: August 2011

Disabling HP Printer Notifications using Group Policy and Group Policy Preferences

The HP printer status notification is enabled by default.  You can disable it manually for each printer just by clicking on the Settings option when the GIANT ANNOYING BIG SQUARE BOX pops up in the bottom right corner of your screen, but of course, you would not want to do that for every client; thus, GPOs become very useful.

Depending on your environment, there are a couple ways to accomplish this.

  1. If you have your server acting as the print server and sharing out all your printers, you are in luck.  HP makes a Universal Print Driver AD Tool Kit and Template that you can add to your GPM console.  Once the new options are added, you can easily disable the status notification option by checking a box.
  2. Download the HP Universal Print Driver AD Template and Guide Park-1.4 from HP’s site.
  3. Open Group Policy Management Console.
  4. Right click on the User Configuration section and add the .adm file you just downloaded.  This will give you added features. See Figure 1.

    Figure 1

  5. Figure 1By Selecting “Disabled”, you will stop the status notification from popping up on all your HP printers.
  6. NOTE: This is a User Configuration policy, thus, you can only apply this to an OU that contains users, not PCs.  Also, this will ONLY work if you are using/installing shared printers from the server.  If you are using local IP printers, jump to the next section.

If you are using local IP printers, disabling the status notification is a bit more complicated.  This is because you can only affect the HP Laser Jet settings using the options under the Computer Configuration section, not the User Configuration section since these are installed as local IP printers, not shared printers.  The printer settings are connected to the PC, not the users.  Unfortunately, the HP AD Template only adds options under the User Configuration, not the Computer Configuration, so you need to follow these steps to accomplish the same task.

  1. On an XP workstation, install the IP printer(s) you need to modify. Go to the following registry section: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\
  2. Create a DWORD value named: SSNPNotifyEventSetting, Give it a “0” value and  repeat this step for EVERY printer you need to modify.
  3. Create a new GPO called: Disable HP LJ Printer Status Notification
  4. Expand Computer Configuration\Preferences\Windows Settings\Registry
  5. Right click on the right side and choose New/Registry Wizard.
  6. Select the PC on which you installed the printers above.
  7. In the bottom section, go to the registry DWORD setting you just created and select it.
  8. Most of the default settings should suffice, but you may want to associate the

    Figure 2

    preference with a specific OU. See Figure 2.  If you do:

  • Open the preference you just created.
  • Click the Common tab.
  • Check Item-level targeting and then click the Targeting button.
  • Click on New Item and select Organizational Unit.
  • Select the OU to which you want to apply this preference.

Note: You can rename the preference in order to keep track of the printers you are modifying.

Finally reboot the PC

Attached Files:

Change Windows 7 Log On Screen to use the Control+Alt+Delete and Username & Password fields

When I have to provision Windows 7 laptops, that aren’t joined to a domain, I get annoyed by looking at all of the different accounts that are typically created on the local machine (2 administrator accounts, 1 helpdesk account, and a standard user or two are typical for our deployments) so what I do is force the machine to make the user enter in a username and password, this makes for a much cleaner looking log on screen. I also enable the Control+Alt+Delete screen, as this is typical to what most business users are expecting to do when using a computer.

To enable these settings log onto your Windows 7 computer perform the following steps:

1) Click on START, then Control Panel, then Administrative Tools, finally open Local Security Policy

2) Expand Local Policies, Security Options, and then change the following:

  • Interactive logon: Do not display last user name – Change to Enabled
  • Interactive logon: Do not require CTRL + ALT + DEL – Change to Disabled

3) Close all windows, and log off, after you log off you should be forced to press CTRL + ALT + Del and then specify your username and password.

Applying a NAT policy to a Sonicwall VPN Tunnel

I recently had an opportunity to setup something that I’ve never configured before. I had to build a site to site VPN with a vendor into a network that used the same IP scheme as one of the vendor’s subnets. Normally the IPs on either side of the tunnel are different, in this case the vendor already had a subnet in their network with the same IP address range as our internal subnet, so this wouldn’t allow us to build a tunnel between the two sides wouldn’t route the traffic to the other, both would think the traffic is local.

We decided that we would mask my client’s internal subnet to some other range so that the internal subnet wouldn’t interfere with the subnet that the vendor had internally.

Let me break this down into numbers that make some sense:

  • Our local subnet was
  • The Vendor’s subnet was (but they also had a subnet in their network for, which is why this would not work, our traffic would  get to them, but wouldn’t make it back out over the VPN on the way back)
  • We decided that we would mask our subnet as

Here is how the router was Setup:

First we needed to make some Address Objects in the Sonicwall

1)      Expand “Network” in the Sonicwall’s left hand pane

2)      Click on “Address Objects”, and Create the following Address Objects:

  • Name: Vendor Network,  Zone: VPN, Network:, Netmask:
  • Name: Local Network, Zone: LAN, Network:, Netmask:
  • Name: Masked Local Network, Zone: VPN, Network:, Netmask:

Next we need to build the VPN Tunnel

1)      Next Expand “VPN” in the Sonicwall’s left hand pane

2)      Click on “Add..” to create a new VPN

3)      Fill in a Name,  IPSec Primary Gateway, Shared Secret and then click the “Network” tab

4)      Under the Section “Local Networks” select “Local Network” from the drop down list

5)      Under the Section “Remote Networks” select “Vendor Network” from the drop down list, and then click on the “Advanced” tab

6)      Select the box for “Keep Alive” and the box for “Apply NAT Policies”

7)      Change “Translated Local Network:” to “Masked Local Network” using the drop down selection box

8)      Change “Translated Remote Network:” to “Original” using the drop down Selection box and press OK (note: we did not go over the proposals tab because it’s not relevant to this configuration)

Finally we’ll need to setup some one-to-one NAT rules to allow traffic from our Vendor to our desired Server(s). Note: This section may not be needed, when I configured this we were actually bringing 3 different subnets into the tunnel using just a single masked subnet, so I ended up needing to do this, but it’s possible that you won’t need to do this if you’re only using a single subnet on each side, so check to make sure the tunnel is routing traffic properly before moving forward with these steps.

1)      Expand “Network” in the Sonicwall’s left hand pane

2)      Click on “NAT Policies” in the Sonicwall’s left hand pane

3)      Here is where things can get a little tricky, basically we need to make a rule for each object that needs to be accesses by the vendor’s subnet. Let’s assume it’s only our one server, which happens to be If you’ve got more than one server, you can create multiple rules

4)      Click “Add…” to start a new NAT rule and enter the following:

  • Original Source: Vendor Network
  • Translated Source: Original
  • Original Destination: (remember this is coming FROM the vendor to the Masked Address)
  • Translated destination:
  • Original Service: Any
  • Translated Service: Original

Once this rule is created your vendor should be able to access you server at IP address by using the IP address of

This is a confusing configuration, so email me if you have any questions, and good luck.

Manually Configuring Static IP addresses on APC Management Network Cards

Not too long ago I was installing a few APC rack mount Smart-UPS battery backup systems. I also were installing some NICs into these systems so that we could configure network based shutdown and monitoring software. The management NICs came with some APC software that failed to detect the NICs, and the method that APC describes on their website to use the serial connection did not work for me. I ended up having to use the static ARP / ICMP method to configure the NICs, here is how to do it:

1) Obtain the MAC address of each NIC from the sticker on the NIC.

2) Next, on your workstation or server configure a static ARP for each NIC be entering the following commands:

  • On Windows XP/2003: arp -s xx-xx-xx-xx-xx-xx
  • On Windows Vista/7/2008: netsh interface ip add neighbors LAN xx-xx-xx-xx-xx-xx
  • on Mac OSX: sudo arp -s xx:xx:xx:xx:xx:xx

Where is the static IP address you want to use, and xxxxxxxxxxxx is the MAC address of the NIC

3) Once the static ARP entry is configured we need to ping the NIC with a byte size of 113 to tell the NIC to configure itself with the IP address used in the ping command, using the following commands:

  • Windows: ping -l 113
  • Mac: ping -s 113
  • Linux: ping -s 113

4) Now that the NIC is configured with an IP address you can telnet into that IP address using “apc” as the username and password, configure any additional settings you may need, and then log out to save the changes.