>Making your Regional Settings consistent across your domain

>I’m back in Geneva safe, sound, and all in one piece! SANS Barcelona was a great experience. Got to meet some fantastic folks and learn a whole lot more about forensics πŸ™‚

But this post isn’t about last week – I’m going to need a whole lot more time to blog about that. Today, I’m going to share a fairly simple but useful script that will allow you to apply regional settings consistently across your domain.

This week’s challenge

A colleague’s been trying to set up a script that would allow us to apply custom regional settings to a client’s machines; although the client is located in Switzerland, the environment is anglophone. If you simply set the regional settings to Switzerland, you get all the dates and times in French (or German). This is annoying – really annoying. But not impossible to circumvent; we generally set the regional settings to English and then customize the date, time, metric system, and currencies. One is tempted to just put up with the annoyance – but I figure that we’d also have to put up with the extra annoyance of user (legitimately) asking us why the dates are in an additional language… Plus, I’m anal retentive.

Shouldn’t you be able to do this via GPO?

It would seem natural that something like Regional Settings could be applied to an OU, a set of computers, or something like that using GPO. Oddly enough, this does not seem to be the case. In the past, we’ve dealt with this by customizing the default user’s regional settings when we set up the master image for our workstations. Theoretically, this works just fine but in application, we’ve often found that for some reason or another (patching, PEBKAC, what have you) the settings don’t perpetuate to the user.

Let me pause to explain the way Windows handles regional settings:

  1. Windows stores them in the registry – no big surprise there.
  2. However, it stores them in the user’s part of the registry (a.k.a the NTUSER.DAT file) – this makes a bit less sense at first, but it does mean that two users on one same box can have different regional settings – super important if, for instance, you’re using RDP in a large organization and users from different countries would be connecting to the same application server.
  3. This also means that if your user’s profile gets corrupted, or you start her/him off on a brand new machine with a brand new profile, there’s a chance the regional settings would not be perpetuated.

I’ve been tempted to say that stuff like regional settings isn’t critical. I mean, who cares if it’s dd/MM/yyyy or MM/dd/yyyy, right? No biggie. I mean, except if you’re in Finance and timely payments (not to mention currencies) are crucial. Or if you’re in admin and you’re organizing a lot of meetings and that inversion can create a lot of confusion with your attendees. Or if you’ve got a complicated trip planned and you don’t want to confuse 6 PM with 6 AM. Or if you’re an administrator or forensics analyst and you’re looking at a whole lot of timestamped entries at a time. Or if you…

So here was my suggested methodology. Nothing new, really – picked up the idea and elements of the script by browsing the forums. The idea is that you run the batch script below from a domain login script. Since you can attribute different login scripts to different users, you can easily create a script for each region in which you have users.

The script below makes use of the ver.exe file, which lists the full versions of windows. For a full listing of Windows versions, check this out: http://www.computerhope.com/whow.htm .

Any comments or thoughts are appreciated πŸ™‚

The Script

::Checks whether the machine windows XP or 7 and applies settings accordingly.
::WARNING – this would also apply to servers if you let it.

@echo off

:: Check if your machine is Windows XP
ver | find “5.1.2600”
if ERRORLEVEL 0 goto winXP

:: Checking if your machine is Windows 7
ver | find “6.1.7600”
if ERRORLEVEL 0 goto win7

::Vital – prevents this script from executing on servers…
goto :eof

REG add “HKCUControl PanelInternational” /v sShortTime /t REG_SZ /d “HH:mm tt” /f
REG add “HKCUControl PanelInternational” /v sYearMonth /t REG_SZ /d “MMMM, yyyy” /f

REG add “HKCUControl PanelInternational” /v iMeasure /t REG_SZ /d “0” /f
REG add “HKCUControl PanelInternational” /v sCurrency /t REG_SZ /d “CHF” /f
REG add “HKCUControl PanelInternational” /v sLongDate /t REG_SZ /d “dddd, dd MMMM, yyyy” /f
REG add “HKCUControl PanelInternational” /v sShortDate /t REG_SZ /d “dd/MM/yy” /f
REG add “HKCUControl PanelInternational” /v sTimeFormat /t REG_SZ /d “HH:mm:ss” /f

>De vuelta en BarΓ§a

>After what seems like an eternity, I’m back in Barcelona.

I used to come here every summer for two weeks with my family; coming here alone is such a different experience, really. Don’t quite know what to do with myself πŸ™‚ I could have done a bit more research, tapped into the friend network and written down a list of places to go visit… But frankly, I pretty much know where to go already. I just need to work up the motivation to get there πŸ˜€

I figured that I’d spend my first night getting my bearings; tomorrow, SANS is starting and I’m hoping to get to know people enough to enjoy some fun nights out, so I might as well rest up tonight!

However, I couldn’t bring myself to eat anything but local food this evening – I came across a few italian and japanese restaurants in my quest for sustainance, but I finally settled for La Botiga, a stone’s throw away from my hotel. A bit touristy-looking, but the service was wonderful and the food – calamares a la plancha and crema catalana for dessert – felt like a warm catalan welcome back to a city much visited in my childhood.

Incidentally, I got to practice my dubious castellano. Though I got a few puzzled looks throughout the evening, I did manage to make myself understood entirely without reverting to english. I feel full of win πŸ™‚

Off to code, and maybe do a bit of cramming for tomorrow… Don’t quite know what to expect!