Author: Dries Willems

<#
.SYNOPSIS
This script allows you to reset all autostart settings to the default settings for Teams.
.DESCRIPTION
If you want to use the "Prevent Microsoft Teams from starting automatically after installation"
Group Policy setting, make sure you first set the Group Policy setting to the value you want 
before you run this script.
#>

$ErrorActionPreference = "Stop"

$TeamsDesktopConfigJsonPath = [System.IO.Path]::Combine($env:APPDATA, 'Microsoft', 'Teams', 'desktop-config.json')

$TeamsUpdatePath = [System.IO.Path]::Combine($env:LOCALAPPDATA, 'Microsoft', 'Teams', 'Update.exe')

Function Test-RegistryValue {
    param(
        [Alias("PSPath")]
        [Parameter(Position = 0, Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)]
        [String]$Path
        ,
        [Parameter(Position = 1, Mandatory = $true)]
        [String]$Name
    ) 

    process {
        if (Test-Path $Path) {
            $Key = Get-Item -LiteralPath $Path
            if ($null -ne $Key.GetValue($Name, $null)) {
                $true
            } else {
                $false
            }
        } else {
            $false
        }
    }
}

Function Test-Remove-RegistryValue {
    param (
        [Alias("PSPath")]
        [Parameter(Position = 0, Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)]
        [String]$Path
        ,
        [Parameter(Position = 1, Mandatory = $true)]
        [String]$Name
    )

    process {
        if (Test-RegistryValue -Path $Path -Name $Name) {
            Write-Host "Removing registry key $Path\$Name"
            Remove-ItemProperty -Path $Path -Name $Name
        }
    }
}

# when determining whether Teams should be auto-started we are checking three flags
Write-Host "Removing Auto-Start-related artifacts"

# 0. Close Teams, if running
$teamsProc = Get-Process -name Teams -ErrorAction SilentlyContinue
if ($null -ne $teamsProc) {
    Write-Host  "Stopping Microsoft Teams..."
    Stop-Process -Name Teams -Force
    # wait some time
    Start-Sleep 5
} else {
    Write-Host  "No running Teams process found"
}

# 1. Check that Teams process isn't still running
$teamsProc = Get-Process -name Teams -ErrorAction SilentlyContinue

if($null -eq $teamsProc) {
    # 2. remove HKEY_CURRENT_USER\Software\Microsoft\Office\Teams\LoggedInOnce registry key
    Test-Remove-RegistryValue -Path "HKCU:\Software\Microsoft\Office\Teams" -Name "LoggedInOnce"

    # 3. remove HKEY_CURRENT_USER\Software\Microsoft\Office\Teams\HomeUserUpn registry key
    Test-Remove-RegistryValue -Path "HKCU:\Software\Microsoft\Office\Teams" -Name "HomeUserUpn"

    # 4. remove HKEY_CURRENT_USER\Software\Microsoft\Office\Teams\DeadEnd registry key
    Test-Remove-RegistryValue -Path "HKCU:\Software\Microsoft\Office\Teams" -Name "DeadEnd"

    # 5. remove HKCU:\Software\Microsoft\Office\Outlook\Addins\TeamsAddin.FastConnect registry key
    Remove-Item -Path "HKCU:\Software\Microsoft\Office\Outlook\Addins\TeamsAddin.FastConnect" -ErrorAction SilentlyContinue

    # 6. restore HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\com.squirrel.Teams.Teams
    if (!(Test-RegistryValue -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Run" -Name "com.squirrel.Teams.Teams")) {
        Write-Host "Restoring registry key HKCU\Software\Microsoft\Windows\CurrentVersion\Run\com.squirrel.Teams.Teams"
        Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Run" -Name "com.squirrel.Teams.Teams" -Value "$TeamsUpdatePath --processStart ""Teams.exe"" --process-start-args ""--system-initiated"""
    }

    # 7. We are checking whether there are entries 'isLoggedOut' and 'openAtLogin' in the desktop-config.json file
    if (Test-Path -Path $TeamsDesktopConfigJsonPath) {
        Write-Host "Changing entries 'guestTenantId', 'isLoggedOut' and 'openAtLogin' in the desktop-config.json, if exist"

        # open desktop-config.json file
        $desktopConfigFile = Get-Content -path $TeamsDesktopConfigJsonPath -Raw | ConvertFrom-Json
        $desktopConfigFile.PSObject.Properties.Remove("guestTenantId")
        $desktopConfigFile.PSObject.Properties.Remove("isLoggedOut")
        try {
            $desktopConfigFile.appPreferenceSettings.openAtLogin = $true
        } catch {
            Write-Host  "openAtLogin JSON element doesn't exist"
        }
        $desktopConfigFile | ConvertTo-Json -Compress | Set-Content -Path $TeamsDesktopConfigJsonPath -Force
    }
} else {
    Write-Host  "Teams process is still running, aborting script execution"
}

5 Methods to Disable Microsoft Teams Auto Startup on Windows

One needs to copy the LanguagePack folder below x86/x64.

Client source files can be taken from: CD.Latest\SMSSETUP\CLIENT

Client language packs can be taken from: CD.Latest\LanguagePack\Client\lang\smssetup\Client\arch\LanguagePack

ccmsetup /source language pack from SCCM

There are several methods to bypass the Microsoft account requirement during setup on Windows devices.

I described one option in How to use local accounts on Windows 11 version 22H2 devices. While written for that specific version, the described method works in other versions of Windows 11 as well.

To describe it in a sentence, it is creating a Microsoft account during setup and creating a local account after setup ended. It is not elegant and requires that an email address is used initially for the account creation.

The following two methods do not require a Microsoft account at all.

Bypass 1: OOBE\BYPASSNRO

This bypass is the easiest option right now, as it requires just a few steps during setup to skip the Microsoft account creation.

Here is how it works:

1. Disable the Internet connection before starting setup, e.g., by disconnecting the LAN cable or disabling Wi-Fi.
2. Windows will display a “Let’s connect you to a network” or similar screen. The upcoming Windows 11 version 22H2 does not allow you to skip this anymore to create a local account.
3. On the screen, use Shift-F10 to open a command prompt window.
4. Type OOBE\BYPASSNRO and hit the Enter-key.
5. Windows will reboot and return to the “Let’s connect you to a network” screen. Only this time, you may select “I don’t have Internet” to skip this.
6. Then you select “Continue with limited setup” to then create a local account during setup.

Bypass 2: Use a banned email address

Microsoft has banned email addresses that were used too often in the account creation process. You may use this to your advantage, as it allows you to skip the Microsoft account creation or sign-in phase during setup.

Here is how this method works (thanks Neowin):

1. Select Sign-In when asked to create or sign-in to a Microsoft account during setup.
2. Use the email address no@thankyou.com.
3. Type any password on the next screen.
4. Windows will display “Oops, something went wrong” on the next screen.
5. Clicking Next opens a screen that allows you to create a local account.
6. You can assign a password to the account, or leave it empty.

How to bypass the Microsoft Account requirement during Windows setup

Run Powershell Elevated

Are you seeing task sequences enter invalid states? 

gwmi -Namespace root\ccm\SoftMgmtAgent -Class CCM_TSExecutionRequest -Filter "State = 'Completed' And CompletionState = 'Failure'"

Clear the entry

$c=(gwmi -Namespace root\ccm\SoftMgmtAgent -Class CCM_TSExecutionRequest -Filter "State = 'Completed' And CompletionState = 'Failure'"); if ($c) {$c.Delete(); Restart-Service ccmexec -force}

or

Start CMD as an Administrator

net stop winmgmt /y

winmgmt /resetrepository

reboot PC

Start CMD as an Administrator

c:\windows\ccm\ccmrepair.exe

$Users = (Get-ChildItem -path c:\users).name
foreach ($User in $Users) {
    reg load "hku\$User" "C:\Users\$User\NTUSER.DAT"
    # Do what you need with "hkey_users\$user" here which links to that user HKU
    # Example: reg add "hkey_users\$User\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People" /v "PeopleBand" /t "REG_DWORD" /d "0" /f
    REG DELETE "hkey_users\$User\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "OneDrive" /f
    REG DELETE "hkey_users\$User\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "com.squirrel.Teams.Teams" /f
    reg unload "hku\$User"
}

Note: Current users logged on the system will be not affected because the ntuser.dat file is locked by the system.

$Services = Get-Service -DisplayName "*Citrix *"

Foreach ($Service in $Services)
{
    Stop-Service -Name ($Service).Name
    Set-Service -Name ($Service).Name -StartupType Disabled
}

Install Microsoft ToDo without Store

We are going to use the Microsoft ToDo app as an example of how you can download and install apps without the store, but you can use this for any app of course.

Step 1 – Find the URL of the app

So the first step is to find the URL of the app in the online Microsoft Store. You don’t need the actual store for this, you can just use your browser to open the Store. If you have found the app that you want to install, just copy the URL from the address bar.

The URL for the Microsoft ToDo app is:

https://www.microsoft.com/en-us/p/microsoft-to-do-lists-tasks-reminders/9nblggh5r558
# Make sure you remove ?activetab=pivot:overviewtab from the url

Step 2 – Generate Microsoft Store link

We need to convert the link to the actual Microsoft Store items. To do this we will use the website https://store.rg-adguard.net.

Past the URL and make sure you change the option RP to Retail

Step 3 – Download the appxBundle

After you clicked on the checked mark it will find all the related apps. Most of the time the results start with .Net Frameworks that are required for the app, but we can skip them. Somewhere in the middle, you will find the appxBundles for the Microsoft ToDo app.

Make sure you select the latest version, ignore the date column, just check the version number. Also, make sure you select the appxBundle and not the eappxBundle. The latter is for Xbox.

To download the appxbundle, copy the link and paste it into a new browser tab. Just click on the link itself doesn’t always work, but opening it in a new tab seems to do the trick.

Step 4 – Use PowerShell to install the appxBundle

The last step is to install the Microsoft ToDo app with PowerShell.

Add-AppxPackage -Path "c:\temp\Microsoft.Todos_2.46.41622.0_neutral___8wekyb3d8bbwe.AppxBundle"

Microsoft Todo should now be installed without the need for the store.

Wrapping up

As you can see you can download Microsoft Todo without store. Using PowerShell gives you much more control over which versions and apps are installed on your computers. It’s also a great way to pre-installed apps that are generally used in your organization.

Make sure you check the version number. You will get an installation error if the app is already installed with the same or higher version number. If an app won’t install add all, then make sure you check if the needed pre-requested are installed on the client.

How To install apps on Windows 10 without Store

https://docs.microsoft.com/en-us/windows/uwp/publish/link-to-your-app#linking-directly-to-your-app-in-the-microsoft-store

SCCM Packages run in 32-bit context, which forces System32 to be redirected to SysWOW64 on a 64-bit system. Even the SCCM CB version Packages run in 32-bit mode. So you might have faced difficulties in running powershell scripts in 64-bit mode.
The fix for this is to ensure your batch file has the following lines:

%SystemRoot%\sysnative\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -WindowStyle Hidden -File YourScript.ps1

“sysnative” here is like a virtual folder or variable that helps you access the otherwise inaccessible 64-bit System32 in 32-bit CMD.
You can try it out on your own system by opening CMD.exe from the SysWOW64 folder as shown below.

I still wonder why SCCM packages still run in 32-bit mode and I hope MS implements an option to disable 64-bit redirection for packages too.

Run PowerShell scripts in 64-bit mode using SCCM Package

Here’s the Powershell script we want to use to evaluate all of the baselines deployed to the machines in a device collection. If you just want to evaluate a specific one you need to modify the script.

$Baselines = Get-WmiObject -ComputerName $env:COMPUTERNAME -Namespace root\ccm\dcm -Class SMS_DesiredConfiguration
$Baselines | % { 
([wmiclass]"\\$env:COMPUTERNAME\root\ccm\dcm:SMS_DesiredConfiguration").TriggerEvaluation($_.Name, $_.Version)
}

First off all, lets create a script

Copy the or import the powershell script

Approve the script you just created.

Over at the client you can see that we have a Baseline that hasn’t been evaluated yet

Jumping back to the ConfigMgr console we find the device collection we want to run the script against and then right click and choose “Run Script” and go through the wizard

Under Client operations we can see that the operation has started

And under monitoring and “Script Status” we see that the evaluation has completed on the client.

and finally over at the client we see that the Baseline has been evaluated.

That’s all for now and until next time, cheers !

Don’t forget to follow me on twitter

[twitter-follow screen_name=’Timmyitdotcom’]

And you can also find me blogging over at http://blog.ctglobalservices.com/

Baseline Evaluation with Run script feature in ConfigMgr 1706

Remove existing drivers

https://www.guru3d.com/files-details/display-driver-uninstaller-download.html

Install clean drivers

https://www.techpowerup.com/download/techpowerup-nvcleanstall/

ImageUSB is a free utility which lets you write an image concurrently to multiple USB Flash Drives. Capable of creating exact bit-level copies of USB Flash Drive (UFDs), ImageUSB is an extremely effective tool for the mass duplication of UFDs. ImageUSB also supports writing of an ISO file byte by byte directly to an USB drive (*). ImageUSB can also be used to install OSFClone to a USB Drive for use with PassMark OSForensics™.

Unlike other USB duplication tools, ImageUSB can preserve all unused and slack space during the cloning process, including the Master Boot Record (MBR). ImageUSB can perform flawless mass duplications of all UFD images, including bootable UFDs.

imageUSB includes functionality to Zero a USB Flash Drive. This will replace the contents of the entire drive with 0s. Or alternatively to just Zero the MBR and/or GPT entries that exists on the drive. In addition, imageUSB has the ability to reformat even hard to format drives and reclaim any disk space that may be lost previously.

https://www.osforensics.com/tools/write-usb-images.html#Installation-Instructions

The only way is to shorten the path. PowerShell does not have support for long paths.

Long Paths on a server are a very bad thing as they will continue to be headaches for all.

You can shorten the path by mapping a PowerShell drive at a midway point.

New-PSDrive -Name X -PSProvider FileSystem -Root \\server\share\folder1\folder2\folder3

Now you can use X: to access the shorter path.

The mapping will be removed when you exit PowerShell

https://social.technet.microsoft.com/Forums/lync/en-US/5bb8d044-ae62-44ce-a204-f0035131341d/getchilditem-the-specified-path-file-name-or-both-are-too-long-the-fully-qualified-file-name?forum=ITCG

Method 1: Delete User Profile in Advanced System Properties

1. Press the Windows key + R keyboard shortcut to open the Run dialog. Type sysdm.cpl and press Enter.
2. In the System Properties window, select the Advanced tab and click on the Settings button under User Profiles.
3. Select the user profile of the problematic Windows account, and click on Delete.If the Delete button is greyed out, it’s possible that you’re logged into the user profile you wish to delete. To proceed, you have to log in as another admin account.
4. Click Yes to confirm. The selected user profile will be deleted in a minute or two.

Method 2: Delete User Profile Manually

1. Open the Registry Editor and navigate to the following key:
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileListIn the left pane, you will see a list of SID keys for all user profiles on your computer. Click each SID key, and then check the ProfileImagePath entry in the right pane.
2. Once you find the SID key which points to the user profile you want to remove, right-click it and select Delete.
3. Now, open Windows Explorer and browse to the folder C:\Users. Just delete the corresponding user profile folder, or rename it to something else if you don’t want to lose documents and files on the desktop.
4. The next time you sign into the account associated with the deleted profile, Windows will set up a new user profile just as you first time turn on your brand new computer.

How to Delete User Profile to Fix Problematic Windows Account

net start W32time
w32tm /config /manualpeerlist:time.windows.com /syncfromflags:all /update
W32tm /resync /force

$Stopwatch = [System.Diagnostics.Stopwatch]::StartNew()
# Do stuff
$Stopwatch.Stop()

$TotalSecs =  [math]::Round($stopwatch.Elapsed.TotalSeconds,0)
write-host $TotalSecs

Option 1:

Download

https://support.microsoft.com/en-us/surface/download-drivers-and-firmware-for-surface-09bb2e09-2a4b-cb69-0951-078a7739e120

or

https://www.microsoft.com/en-us/download/details.aspx?id=101315

Open CMD as an Administrator

msiexec /a C:\Temp\SurfaceBook3_Win10_18362_21.063.33118.0.msi /qn targetdir=C:\Temp\SurfaceBook3

Option 2:

If you have a surface that is already set-up and has all of its drivers .

You can extract them via powershell using the Export-WindowsDriver command.

Open PowerShell as an Administrator

Export-WindowsDriver -Destination "C:\Temp\Drivers" -Online

Guide from @banpiro (Discord) to download stock Factory_config.xml from SD625 System WITHOUT root:

This is only useful if there has been not imported any file by yourself before!

1. Create WiFi hotspot in a smartphone

2. Connect Head Unit & your laptop to WiFi hotspot.

You need to know Head Unit IP (you can check it in hotspot). You also need ADB in your laptop (i.e. you can use folder \KswRooting-master\compiler of Rooting Guide)

3. Connect to IP & port of Head Unit (default port is 5555):
Code:

adb connect IP:port

4. Get the factory_config.xml:
Code:

adb pull /mnt/vendor/persist/OEM/factory_config.xml

5. Disconnect anything:
Code:

adb disconnect

Now you will find the File at the same folder as “adb”.

https://f30.bimmerpost.com/forums/showthread.php?p=26482005#post26482005

OTA Updates:

https://mega.nz/folder/kIB3CSZD#wnqmCQnF8i7VW1yIEvz66g

Config Files:

https://f30.bimmerpost.com/forums/attachment.php?attachmentid=2579321&d=1618377201

Intune One Data Collector logs:

To run this, on a affected device, open an elevated (“Run as administrator…”) PowerShell window and run these three commands:

   wget https://aka.ms/intunexml -outfile Intune.xml
   wget https://aka.ms/intuneps1 -outfile IntuneODCStandAlone.ps1
   PowerShell -ExecutionPolicy Bypass -File .\IntuneODCStandAlone.ps1

Windows Autopilot MDM logs:

To run this, on a affected device, open an elevated (“Run as administrator…”) PowerShell window and run these three commands:

   MDMDiagnosticstool.exe -area Autopilot -cab C:\Temp\Autopilot.cab

How to implement it ?

1. Download the ZIP content

2. Extract ZIP

3. Be sure to have both Add_structure.ps1 and Sources folder

4. Run Add_structure.ps1 with admin rights

5. A new context menu will be added for .intunewin

How to use it ?

1. Do a right-click on a .intunewin file

2. The below context menu we appear

3. Click on Extract intunewin content

4. The content will be extracted

5. Wait for the end messagebox, as below:

6. The extract folder will be opened

7. See below the full process in action

https://github.com/damienvanrobaeys/Intunewin_RightClick_Extract/raw/main/Intune_RightClick_Extract.zip

https://www.systanddeploy.com/2020/11/intunewin-right-click-tool-extract.html

SELECT        Model0 AS Model, COUNT(*) AS Count, Domain0
FROM            dbo.v_GS_COMPUTER_SYSTEM
GROUP BY Model0, Domain0

If there are Lenovo models in your organisation:

SELECT COUNT(*) No_Of_Items, 
CASE WHEN MODEL0 IN('10AXS2PX00') THEN 'Lenovo M73'
WHEN MODEL0 IN('10ahs00d00') THEN 'Lenovo M83'
WHEN MODEL0 IN('10FCS06W00','10FCS0W500','10FHS00D00','10FHS07Q00','10FHS0AK00') THEN 'Lenovo M900'
WHEN MODEL0 IN('10MKS03H00','10MKS04G00','10MKS04H00') THEN 'Lenovo M910s '
WHEN MODEL0 IN('10A7A00P00','10A7S00P00','10A7A00L00','10A7CTO','10A7S00D00',
'10A7S00S00','10A7S02700','10A7S02800','10A7S02D00','10A8A02H0C',
'10A8S2E100','10A9003PIV','10A9S02X00') THEN 'Lenovo M93p'
WHEN MODEL0 IN('SLIC-BPC') THEN 'HP Compaq Elite 8300 BPC'
WHEN MODEL0 = 'To be filled by O.E.M.' THEN 'WeyTech'
ELSE Model0 END [Model]
FROM v_GS_COMPUTER_SYSTEM
WHERE model0 like '%hp%' or model0 like '%think%' or model0 like '%10%' or model0 like '%O.E.M%' or model0 like '%SLIC-BPC%'
GROUP BY CASE WHEN MODEL0 IN('10AXS2PX00') THEN 'Lenovo M73'
WHEN MODEL0 IN('10ahs00d00') THEN 'Lenovo M83'
WHEN MODEL0 IN('10FCS06W00','10FCS0W500','10FHS00D00','10FHS07Q00','10FHS0AK00') THEN 'Lenovo M900'
WHEN MODEL0 IN('10MKS03H00','10MKS04G00','10MKS04H00') THEN 'Lenovo M910s '
WHEN MODEL0 IN('10A7A00P00','10A7S00P00','10A7A00L00', '10A7CTO','10A7S00D00',
'10A7S00S00','10A7S02700','10A7S02800',  '10A7S02D00','10A8A02H0C',
'10A8S2E100','10A9003PIV','10A9S02X00') THEN 'Lenovo M93p'
WHEN MODEL0 IN('SLIC-BPC') THEN 'HP Compaq Elite 8300 BPC'
WHEN MODEL0 = 'To be filled by O.E.M.' THEN 'WeyTech'
ELSE Model0 END
ORDER BY No_Of_Items DESC, model

SCCM Report – Count All Computers by Model

Certificate Discovery Script:

$sn = '‎590000000ad02bb70017be36f700000000000a'
$storeName = "TrustedPublisher"
 
$store = New-Object System.Security.Cryptography.X509Certificates.X509Store $storeName, LocalMachine
$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadOnly)
 
Write-Host (@( ($store.Certificates | where {$_.SerialNumber -eq $sn}) ).count)
 
$store.Close()

Simply replace the value of the $sn variable in the above script with the actual serial number of the certificate you are installing (unless you really want to check for the code signing certificate in my lab). You can easily grab this from the Details tab of the Certificate dialog in the MMC Certificates snap-in. Just copy and paste it (get rid of the intermediate spaces though).

Also, replace the value the $storeName variable if necessary. The script above checks for certificates in the Trusted Publisher store. Other possible values include My for the Personal store and Root for the Trusted Root Certificate Authorities store.

Alternatively, run the following script to list the serial number from all of the certificates in the given store:

Get Certificate Serial Numbers:

$storeName = "TrustedPublisher"
 
$store = New-Object System.Security.Cryptography.X509Certificates.X509Store $storeName, LocalMachine
$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadOnly)
 
$store.certificates | select Subject, SerialNumber
$store.Close()

For the compliance rule, select Value as the Rule type, change the operator to Greater than or equal to, and then set the value to 1.

The Remediation Script

If all we wanted was to check for compliance we could stop here, but we also want to add the certificate to the appropriate store which requires a Remediation Script.

Certificate Remediation Script:

$storeName = "TrustedPublisher"
$certString = "--Insert Base64 encoded certificate here--"
 
$store = New-Object System.Security.Cryptography.X509Certificates.X509Store $storeName, LocalMachine
$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
 
$certByteArray = [System.Convert]::FromBase64String($certString)
 
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$cert.Import($certByteArray)
 
$store.Add($cert)
$store.Close()

Just like with the discovery script, update the $storeName variable appropriately. For the $certString variable, open the base64 encoded certificate file that you exported above in notepad, and then copy and paste the complete text from between the —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– markers as the value replacing the –Insert Base64 encoded certificate here– text shown above. Don’t worry about the new lines, the underlying API is smart enough to deal with those.

Alternatively, if you already have the certificate in a DER encoded binary file, you can forego exporting it. To get the base64 representation of the certificate from a DER encoded binary file, run the following (replacing the values of the Path and FilePath parameters as is appropriate). This will output the base64 representation into the specified text file where you can copy and paste it from.

Get Base64 Representation of a Certificate:

[System.Convert]::ToBase64String($(Get-Content -Path .\mycertificate.cer -Encoding Byte)) | Out-File -FilePath .\mycertificate.txt

Copy the edited script into your configuration item as the Remediation Script choosing PowerShell as the language.

Finally, add the configuration item to a compliance baseline and deploy. Make sure that you choose Run the specified script when this setting is noncompliant on the Compliance Rule you created before (this checkbox doesn’t show up until after you add a Remediation Script to the setting) and Remediate noncompliant rules when supported when creating the deployment.

Certificate Deployment with ConfigMgr

• Export the list of drivers in the table form to a text file using the command:
  dism /online /get-drivers /format:table > c:\drivers.txt

Now you can delete all unnecessary drivers with the help of command pnputil.exe /d oemNN.inf (NN — is a number of drivers file package from drivers.txt, as example oem02.inf). In case the driver is in use, you will see an error while trying delete it.

Add Force to force uninstall it.

pnputil.exe /d oemNN.inf  /f

https://medium.com/@iced_burn/clean-filerepository-folder-in-driverstore-windows-10-622d3c79f58b

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System WHERE DateDiff(dd,SMS_R_System.CreationDate, GetDate()) <= 7

How To Create an SCCM Device Collection Showing New Machines

It is not recommend to query against the tables directly, this can lead to table locking issues.

It is recommend that you always query against the views, on top of that I would not use the Installed Software for OS info. I would use the v_GS_OPERATING_SYSTEM for this.

Run the following query against your CM DB with SQL Server Management Studio

select

      OS.Caption0,

      OS.OSLanguage0,

      Count(*)

from

      dbo.v_GS_OPERATING_SYSTEM OS

group by

      OS.Caption0,

      OS.OSLanguage0

Order by

      OS.Caption0,

      OS.OSLanguage0

https://social.technet.microsoft.com/Forums/systemcenter/en-US/d45b0716-f87b-4a22-88d6-19f7b83e7d57/report-os-language

net stop ccmexec /y
net stop VMAuthdService /y
net stop winmgmt /y
c:
cd %systemroot%\system32\wbem
rd /S /Q repository
regsvr32 /s %systemroot%\system32\scecli.dll
regsvr32 /s %systemroot%\system32\userenv.dll
mofcomp cimwin32.mof
mofcomp cimwin32.mfl
mofcomp rsop.mof
mofcomp rsop.mfl
for /f %%s in (‘dir /b /s *.dll’) do regsvr32 /s %%s
for /f %%s in (‘dir /b *.mof’) do mofcomp %%s
for /f %%s in (‘dir /b *.mfl’) do mofcomp %%s
winmgmt /resetrepository
net start winmgmt
net start VMAuthdService
net start ccmexec

SCCM – Application Stuck or Stalls on Installing or Downloading

Depends which channel is being used and which type of app.

Win32 apps via Intune Management Extension Agent are cached here:

C:\Program Files (x86)\Microsoft Intune Management Extension\Content

Windows LOB apps (single MSI) pushed via MDM channel like the Intune Management Extension Agent itself are cached here during install and then deleted:

C:\Windows\system32\config\systemprofile\AppData\Local\mdm

Check the log @ C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\ for more information or;
HKLM\SOFTWARE\Microsoft\IntuneManagementExtension\Apps\
HKLM\SOFTWARE\Microsoft\IntuneManagementExtension\Win32Apps\

https://techcommunity.microsoft.com/t5/microsoft-intune/app-deployment-location/m-p/283324

• Download and extract Handle & Process Explorer from https://docs.microsoft.com/en-us/sysinternals/downloads/handle & https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer
• Copy Handle.exe and ProceXP.exe to C:\Temp
• Run CMD as Administrator
• Run Handle.exe C:\Windows\ccm
• You should be able to see the PID
• Now run ProceXP.exe and kill the PID

http://jayantech.blogspot.com/2016/03/unable-to-remove-ccm-folder.html

Get-ChildItem -Path 'C:\Share\Downloads\' -Recurse | Unblock-File

$odis = Get-Process OffboardDiagLauncher -ErrorAction SilentlyContinue
if ($odis) {
# Close process safely
  $odis.CloseMainWindow()
# Wait 5 seconds
  Sleep 5
  if (!$odis.HasExited) {
# Force stop process
    $odis | Stop-Process -Force
  }
}
Remove-Variable odis

Update guide for testing

1. Verify existing Office version

Open Word go to File > Account

2. Open CMD and Run the config command

“C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe” /changesetting Channel=Insiders

3. Enforce the new config

“C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe” /update user updatepromptuser=true forceappshutdown=true displaylevel=true

4. Install the updates

5. Installer will close running Office apps

6. Sign out Windows

7. Log back in and Launch Word

8. Verify Office Version

https://docs.microsoft.com/en-us/deployoffice/name-change

Office 365 ProPlus is being renamed to Microsoft 365 Apps for enterprise. To learn more about this name change, read this blog post. In our documentation, we’ll usually just refer to it as Microsoft 365 Apps.

Office 365 ProPlus is the version of Office that comes with several enterprise, government, and education subscription plans. For example, Office 365 E5 and Office 365 A3. Even though those plans aren’t being renamed, Office 365 ProPlus that comes with those plans will be renamed.

When does the new name take effect?

The new name will appear in Version 2004 onwards, starting on April 21, 2020. For example, you’ll see the new name under the Product Information section when you go to File > Account in an Office app, such as Word.

Older versions of Office 365 ProPlus won’t be updated with the new name. For example, if you’re using Version 1908 of Semi-Annual Channel, you’ll still see Office 365 ProPlus under the Product Information section.

References to Microsoft 365 Apps for enterprise will begin to appear on April 21 in other places as well. For example, references on product websites, in documentation, and in the user interface (UI) of deployment tools, such as the Office Customization Tool. Some references to the new name might not occur until after April 21.

What do admins need to do?

Because of this name change, you might need to adjust some of your existing workflows and update your internal documentation.

Office Deployment Tool

If you use the Office Deployment Tool to deploy Office 365 ProPlus, the product ID will remain as O365ProPlusRetail. Therefore, you don’t have to make any changes to your existing configuration.xml files.

Update packages used by Configuration Manager

If you use an automatic deployment rule (ADR) to deploy updates by using Configuration Manager, you’ll need to make changes to your ADRs if they rely on the “Title” property. That’s because the name of update packages in the Microsoft Update Catalog is changing.

Currently, the title of an update package for Office 365 ProPlus begins with “Office 365 Client Update” as seen in the following example:

    Office 365 Client Update – Semi-annual Channel Version 1908 for x64 based Edition (Build 11929.20648)

For update packages released on and after June 9, the title will begin with “Microsoft 365 Apps Update” as seen in the following example:

    Microsoft 365 Apps Update – Semi-annual Channel Version 1908 for x64 based Edition (Build 11929.50000)

Registry key values

Some registry key values might change to reflect the new naming. If you rely on these values in your workflows or scripts, you’ll want to test your workflows or scripts when the name change begins rolling out on April 21. In general, because registry key values can possibly change in future builds of Office, we don’t usually recommend relying on them in your workflows or scripts.

@echo off
rem This script resets IE silently 
rem via the method of sending keystrokes onto UI
rem Author: Kim Doan
start RunDll32.exe InetCpl.cpl,ResetIEtoDefaults
ping 127.0.0.1 -w 1 -n 2
echo set WshShell = CreateObject("WScript.Shell") >autokeys.vbs
echo WshShell.Sendkeys "%{DOWN}" >>autokeys.vbs
echo WshShell.Sendkeys "R{ENTER}" >>autokeys.vbs
echo WshShell.Sendkeys "%{UP}" >>autokeys.vbs
cscript autokeys.vbs
del autokeys.vbs
ping 127.0.0.1 -w 1 -n 3
echo set WshShell = CreateObject("WScript.Shell") >autokeys1.vbs
echo WshShell.Sendkeys "c" >>autokeys1.vbs
cscript autokeys1.vbs
del autokeys1.vbs
ping 127.0.0.1 -w 1 -n 1
echo n | gpupdate/force

Reset Internet Explorer Settings Script

1. Powershell:

Recommended approach.

IdentifyingNumber is the ProductCode (WMI peculiarity).

get-wmiobject Win32_Product | Format-Table IdentifyingNumber, Name, LocalPackage -AutoSize

2. Registry Lookup:

There are always weird exceptions accounted for only by the internals of the API-implementation:

https://stackoverflow.com/questions/29937568/how-can-i-find-the-product-guid-of-an-installed-msi-setup

Make use of double “” to add a single ” in a variable for paths that has spaces

C:\Program Files (x86)\ThunderBolt 3 Update

$ExportPath = ${Env:ProgramFiles(x86)} + "\ThunderBolt 3 Update"
Write-Log "Detecting Thunderbolt Driver Version"
$TBTDriverVersion = (Get-WmiObject Win32_PnPSignedDriver | Where-Object { $_.DeviceName -like "*Thunderbolt(TM) Controller*" }).driverversion
	if ($null -eq $TBTDriverVersion) {
		try {
                    Write-Log "Thunderbolt Driver not found"
                    $InstallCmd = "$ExportPath\SW\$CSVCMDSW"
                    $InstallCmdLog = "/l*v ""$ExportPath\Install_SW.log"""
                    $InstallCmdComplete = "/i ""$InstallCmd"" /qn"

                    Write-Log "Installing Thunderbolt Software"
                    $InstallTBTSoftware = Start-Process -FilePath msiexec.exe -ArgumentList $InstallCmdComplete -Wait 
                }                
                catch {
                    Write-Log "Thunderbolt Software installation failed "$InstallTBTSoftware.ExitCode". Logs located at $ExportPath"
                    Write-Log "----------------------------- End Script ------------------------------"
                    Exit
                }

With the SkipNetworkProfileCheck parameter, you can just ignore the warning:

Enable-PSRemoting -SkipNetworkProfileCheck -Force

Accessing environment variables in PowerShell is easy, either:

dir env:

to view all of them, or:

dir env:ProgramFiles

to access a specific one. However, if you try that for the ProgramFiles(x86) environment variable you are greeted with the following error:view sourceprint?

PS C:\> dir env:ProgramFiles(x86)

x86 : The term 'x86' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the

path is correct and try again.

There are a few ways around this:

1)

dir env:ProgramFiles`(x86`)

2)

dir "env:ProgramFiles(x86)"

3)

${Env:ProgramFiles(x86)}

4)

[Environment]::GetEnvironmentVariable("ProgramFiles(x86)")

PowerShell Quick Tip: Accessing the ProgramFiles(x86) Environment Variable

Step 1:

Retrieve latest version from https://docs.microsoft.com/en-us/officeupdates/update-history-office365-proplus-by-date?redirectSourcePath=%252fen-us%252farticle%252fae942449-1fca-4484-898b-a933ea23def7

Download the Office Deployment Tool

Create new xml with the Office 365 configuration and save as an XML file.

<Configuration><Updates Enabled=”TRUE” TargetVersion=”16.0.11328.20420″ /></Configuration>

or

<Configuration> <Updates Enabled=”TRUE” TargetVersion=”16.0.11328.20420″ Channel=”Broad” /> </Configuration>

<Configuration> <Updates Enabled=”TRUE” TargetVersion=”16.0.11328.20480″ /> </Configuration>

Run setup.exe /configure newconfig.xml

From <https://docs.microsoft.com/en-us/deployoffice/delay-receiving-feature-updates-from-deferred-channel-for-office-365-proplus>

Step 2:

Force update with the following command

“C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe” /update user updatepromptuser=true forceappshutdown=true displaylevel=true

https://support.microsoft.com/en-us/help/2770432/how-to-revert-to-an-earlier-version-of-office-2013-or-office-2016-clic

nslookup -type=srv _vlmcs._tcp

(Get-ADGroupMember -Server blub.com -Identity "AD Group" -Recursive).count

Getting error code of Add-WindowsCapability failed. Error code = 0x800f0954
Run “gpedit.msc” to edit your local computer policy.

Computer Configuration\Administrative Templates\System\Specify settings for optional component installation and component repair

My local policy seems to have defaulted to “Disabled” – after changing it to “Enabled” and selecting the checkbox labeled “Download repair content and optional features directly from Windows Update instead of Windows Server Update Services (WSUS)” the RSAT tools installed for me.

Get-WindowsCapability -Name RSAT* -Online | Add-WindowsCapability -Online

https://social.technet.microsoft.com/Forums/en-US/42bfdd6e-f191-4813-9142-5c86a2797c53/windows-10-1809-rsat-toolset-error-code-of-0x800f0954?forum=win10itprogeneral

Beware of aggressive APM on Windows 10 Build 1809

If your spinning disks are making clicking noises:

In Windows 10 the registry key is:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\iaStorAC\Parameters\Device

Create a new dword value named EnableAPM with a 0 value and hdd head parking is gone.

Note that iaStorAC might be iaStorA or iaStorAV in some cases.

https://msfn.org/board/topic/140404-control-your-hdds-aamapm-through-registry/

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceId = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.Model like “%Optiplex 7060%”

Dell Command Configure 3.2.0.209:
————————————————————–
HAPIInstall.cmd:

@echo off

if defined programfiles(x86) (

call %0%\..\x86_64\HAPI\HAPIInstall.bat

) else (

call %0%\..\x86\HAPI\HAPIInstall.bat

)
————————————————————–
HAPIInstall.bat:

@echo off

Echo This file will install HAPI

%0\..\hapint64.exe -i -k C-C-T-K -p “hapint64.exe” -q

————————————————————–
cctk.cmd bootorder –activebootlist=uefi
————————————————————–
cctk.cmd –secureboot=enable
————————————————————–
————————————————————–
HP BIOS Configuration Utility 4.0.15.1:
————————————————————–
BiosConfigUtility64.exe /setvalue:”Boot Mode”,”UEFI Native (Without CSM)”
————————————————————–
BCU.cmd /setvalue:”Boot Mode”,”UEFI Hybrid (With CSM)”
————————————————————–
BCU.cmd:

@ECHO OFF

set cmdline=%*

ECHO == Seting BIOS Settings ==

REM Determine Arch

IF “%PROCESSOR_ARCHITECTURE%” == “AMD64” GOTO :X64

GOTO X86

:X64

SET BCU=”BiosConfigUtility64.exe”

GOTO RunBCU

:X86

SET BCU=”BiosConfigUtility.exe”

GOTO RunBCU

:RunBCU

ECHO –Running command %BCU% %CMDLINE%

%BCU% %CMDLINE%

EXIT /B %errorlevel%

Set the failure message step after Setup Windows and ConfigMgr.
Set OSD Failure Message
REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v legalnoticecaption /t REG_SZ /d “The Operating System Deployment FAILED!” /f & REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v legalnoticetext /t REG_SZ /d “Please rerun the imaging task by restarting the boot media or contact the Service Desk.” /f

Remove the failure message step before the end of the Task Sequence.
Clear OSD Failure Message
REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v legalnoticecaption /t REG_SZ /d “” /f & REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v legalnoticetext /t REG_SZ /d “” /f

$computerName = Read-Host ‘Enter computer name or press <Enter> for localhost’

$List = @{}

if ($computerName -eq “”) {$computerName = “$env:computername”}

$computer = [ADSI]”WinNT://$computerName,computer”

$Users = $computer.psbase.Children | Where-Object { $_.psbase.schemaclassname -eq ‘group’ }

foreach ($i in $Users)

{$objUser = New-Object System.Security.Principal.NTAccount($i.Name)

$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])

$list[$i.Name[0]] = $strSid.Value

}

$list | ft

Before you proceed, please install a launcher such as Nova, since we are removing Poco launcher that is installed by default.

1. You will need to install Minimal ADB fastboot 1.4.3 https://androidfilehost.com/?fid=962187416754459552

2. Open Command prompt as an Administrator

3. In your phone, go to about phone and click 10 times on MIUI version (For POCO)

4. You will be granted developer permission

5. Go to settings -> additional settings -> developer options and enable “USB Debugging”

6. Connect Poco F1 to your Computer

7. In CMD type “adb devices”

8. In your phone, you will have a popup window and click “OK”

9. In CMD type “adb shell”

10. Paste the commands below to remove the bloatware

pm uninstall -k –user 0 com.miui.analytics

pm uninstall -k –user 0 com.android.egg

pm uninstall -k –user 0 com.mi.android.globalpersonalassistant

pm uninstall -k –user 0 com.xiaomi.mipicks

pm uninstall -k –user 0 com.miui.audioeffect

pm uninstall -k –user 0 com.miui.backup

pm uninstall -k –user 0 com.android.bookmarkprovider

pm uninstall -k –user 0 com.android.browser

pm uninstall -k –user 0 com.miui.calculator

pm uninstall -k –user 0 com.android.calendar

pm uninstall -k –user 0 com.android.chrome

pm uninstall -k –user 0 com.miui.cleanmaster

pm uninstall -k –user 0 com.miui.cloudservice.sysbase

pm uninstall -k –user 0 com.mfashiongallery.emag

pm uninstall -k –user 0 com.mi.global.bbs.overlay

pm uninstall -k –user 0 com.miui.miwallpaper

pm uninstall -k –user 0 com.miui.translation.kingsoft

pm uninstall -k –user 0 com.miui.translation.youdao

pm uninstall -k –user 0 com.miui.translationservice

pm uninstall -k –user 0 com.miui.translation.youdao

pm uninstall -k –user 0 com.miui.translationservice

pm uninstall -k –user 0 com.miui.videoplayer.overlay

pm uninstall -k –user 0 com.xiaomi.joyose

pm uninstall -k –user 0 com.xiaomi.micloud.sdk

pm uninstall -k –user 0 com.xiaomi.midrop.overlay

pm uninstall -k –user 0 com.mi.global.bbs

pm uninstall -k –user 0 com.miui.compass

pm uninstall -k –user 0 com.eterno

pm uninstall -k –user 0 com.android.bips

pm uninstall -k –user 0 com.google.android.apps.docs

pm uninstall -k –user 0 com.xiaomi.midrop

pm uninstall -k –user 0 com.google.android.apps.tachyon

pm uninstall -k –user 0 com.microsoft.office.excel

pm uninstall -k –user 0 com.facebook.katana

pm uninstall -k –user 0 com.facebook.system

pm uninstall -k –user 0 com.facebook.appmanager

pm uninstall -k –user 0 com.facebook.services

pm uninstall -k –user 0 com.miui.bugreport

pm uninstall -k –user 0 com.android.documentsui

pm uninstall -k –user 0 com.miui.gallery

pm uninstall -k –user 0 com.miui.fm

pm uninstall -k –user 0 com.xiaomi.glgm

pm uninstall -k –user 0 com.google.android.gm

pm uninstall -k –user 0 com.google.android.videos

pm uninstall -k –user 0 com.google.android.music

pm uninstall -k –user 0 com.google.android.tts

pm uninstall -k –user 0 com.miui.klo.bugreport

pm uninstall -k –user 0 com.android.wallpaper.livepicker

pm uninstall -k –user 0 com.miui.cloudservice

pm uninstall -k –user 0 com.miui.cloudbackup

pm uninstall -k –user 0 com.xiaomi.payment

pm uninstall -k –user 0 com.xiaomi.mirecycle

pm uninstall -k –user 0 com.miui.virtualsim

pm uninstall -k –user 0 com.mi.global.shop

pm uninstall -k –user 0 com.miui.micloudsync

pm uninstall -k –user 0 com.mipay.wallet.in

pm uninstall -k –user 0 com.mi.webkit.core

pm uninstall -k –user 0 com.android.mms

pm uninstall -k –user 0 com.android.mms.service

pm uninstall -k –user 0 com.miui.player

pm uninstall -k –user 0 com.netflix.mediaclient

pm uninstall -k –user 0 com.mi.globalTrendNews

pm uninstall -k –user 0 com.miui.notes

pm uninstall -k –user 0 com.microsoft.office.outlook

pm uninstall -k –user 0 com.netflix.partner.activation

pm uninstall -k –user 0 com.phonepe.app

pm uninstall -k –user 0 com.android.dreams.phototable

pm uninstall -k –user 0 com.google.android.apps.photos

pm uninstall -k –user 0 com.mi.android.globallauncher

pm uninstall -k –user 0 com.microsoft.office.powerpoint

pm uninstall -k –user 0 com.android.printspooler

pm uninstall -k –user 0 com.google.android.printservice.recommendation

pm uninstall -k –user 0 com.miui.hybrid

pm uninstall -k –user 0 com.android.soundrecorder

pm uninstall -k –user 0 com.xiaomi.scanner

pm uninstall -k –user 0 com.miui.screenrecorder

pm uninstall -k –user 0 com.miui.touchassistant

pm uninstall -k –user 0 com.xiaomi.oversea.ecom

pm uninstall -k –user 0 com.skype.m2

pm uninstall -k –user 0 com.google.android.marvin.talkback

pm uninstall -k –user 0 com.UCMobile.intl

pm uninstall -k –user 0 com.miui.videoplayer

pm uninstall -k –user 0 com.miui.vsimcore

pm uninstall -k –user 0 com.miui.android.fashiongallery

pm uninstall -k –user 0 com.miui.weather2

pm uninstall -k –user 0 com.miui.providers.weather

pm uninstall -k –user 0 com.microsoft.office.word

pm uninstall -k –user 0 com.miui.yellowpage

pm uninstall -k –user 0 com.xiaomi.bttester

pm uninstall -k –user 0 com.miui.cit

pm uninstall -k –user 0 com.miui.qr

pm uninstall -k –user 0 com.miui.antispam

pm uninstall -k –user 0 com.milink.service

pm uninstall -k –user 0 com.android.wallpaperbackup

pm uninstall -k –user 0 com.android.wallpapercropper

Exit

https://forum.xda-developers.com/poco-f1/how-to/bloat-poco-f1-tested-t3836457

Send Ctrl+Alt+Del to nested RDP session

Start Run

C:\Windows\explorer.exe shell:::{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}

Get-WmiObject -Namespace root\virtualization\v2 -class Msvm_VirtualSystemSettingData | select ElementName, BIOSSerialNumber, BIOSGUID | Sort-Object -Property ElementName

If it is a traditional PC BIOS then the ISO uses the El Torito boot code (etfsboot.com). In this case deleting \boot\bootfix.bin will work.

If it is an EFI BIOS then the ISO should use EFI boot code (efisys.bin).
There is also a efisys_noprompt.bin boot code file that can be used when creating the ISO for EFI systems.
Use that file instead if you want to eliminate the prompt.

Microsoft Technet article: https://technet.microsoft.com/en-us/library/dd744321(WS.10).aspx

————————-

Steps:

Download Windows ADK
Install Deployment Tools

Copy original boot media iso to C:\Temp\NoPrompt
Copy oscdimg.exe, efisys_noprompt.bin and etfsboot.com to C:\Temp\NoPrompt

Run powershellscript below to generate noprompt boot media

—————

## variables ##
$sworkspace = “C:\Temp\NoPrompt\extractedISO”

# NEW ISO
$smynewiso=”C:\Temp\NoPrompt\pd_x64_1803.0.noprompt.iso”

# OLD ISO
$stheiso=”C:\Temp\NoPrompt\pd_x64_1803.0.iso”

$setfsboot=”C:\Temp\NoPrompt\etfsboot.com”
$sefisys =”C:\Temp\NoPrompt\efisys_noprompt.bin”
$soscdimg = “C:\Temp\NoPrompt\oscdimg.exe”

## start script ##
# mount the ISO
$mount = mount-diskimage -imagepath $stheiso -passthru

# get the drive letter assigned to the iso.
$drive = ($mount | get-volume).driveletter + ‘:’

# copy the existing iso to the temporary folder.
copy-item $drive $sworkspace -force -recurse

# remove the read-only attribute from the extracted files.
get-childitem $sworkspace -recurse | %{ if (! $_.psiscontainer) { $_.isreadonly = $false } }

# Create a bootable WinPE ISO file (remove the “Press any button key..” message)
Copy-Item -Path $setfsboot -Destination “$sworkspace\boot” –Recurse -Force
Copy-Item -Path $sefisys -Destination “$sworkspace\EFI\Microsoft\Boot” –Recurse -Force

# recompile the files to an ISO
# This is the part from Johan Arwidmark’s WinPE creation script:
$Proc = $null
$Proc = Start-Process -FilePath “$soscdimg” “-o -u2 -udfver102 -bootdata:2#p0,eb$setfsboot#pEF,e,b$sefisys $sworkspace $smynewiso” -PassThru -Wait -NoNewWindow

if($Proc.ExitCode -ne 0)
{
Throw “Failed to generate ISO with exitcode: $($Proc.ExitCode)”
}

# remove the extracted content.
remove-item $sworkspace -recurse -force

# dismount the iso.
Dismount-DiskImage -ImagePath “$stheiso”

—————

https://www.exitcodezero.ch/2017/12/17/boot-image-without-press-any-key-to-boot-from-message/

Unlike on Linux, when MySQL is running on Windows, most of sys-admins including myself 🙂 found that backup MySQL Databases on Windows is little bit hard. When trying to automate it, then it would definitely become challenge . However there are lots of free and commercial tools are available to automate MySQL backup process on windows. Here we are going to discus how to achieve same using simple windows batch script. Later we discuss automate the batch script using Windows task scheduler

01) Create batch file

Open notepad and save following script as batch file (.bat) and make sure to change all SET parameters as you need. If you install XAMPP then mysqldump.exe location would be similar as below otherwise you need to change it.

@echo off

For /f “tokens=2-4 delims=/ ” %%a in (‘date /t’) do (set mydate=%%c-%%a-%%b)

For /f “tokens=1-2 delims=/:” %%a in (“%TIME%”) do (set mytime=%%a%%b)

SET backupdir=C:\xampp\htdocs\backup

SET mysqlusername=your_user

SET mysqlpassword=your_pass

SET database=database_name

C:\xampp\mysql\bin\mysqldump.exe -u %mysqlusername% -p%mysqlpassword% -v %database% > %backupdir%\%database%_%mydate%_%mytime%_.sql

02) Automate the MySQL Backup process

i) Open task scheduler

Open a command prompt. To open a command prompt, click Start , click All Programs , click Accessories , and then click Command Prompt .

At the command prompt, type Taskschd.msc .

For alternative options refer this :- https://technet.microsoft.com/en-us/library/cc721931.aspx

ii) Create New Task

Task Scheduler – Create Task

Click on “Create Task…” from right hand side. it will open up “create task” sub windows

please make sure to select “Run whether user is logged on or not” and tick “Run with highest privileges“. You may can change user but

recommend to select user with admin privileges , later you may need to provide credentials of that user.

iii) Schedule the time

From “Triggers” tab select how often back process should happen and it’s time

iv) Set backup process script

From the “Actions” tab select previously saved bat file.

v) Click “OK” and save the task

https://www.tectut.com/2016/04/automatically-backup-mysql-databases-on-windows/

First of all create a new generation 2 VM that we’ll use with our new VHDX we created using Disk2VHD.
Don’t create a new vdhx but select to use an existing one and point it to the one we just created with Disk2VHD.
Rename it if needed to something more suitable.

Don’t boot the VM but add a DVD and attach the Windows Server ISO of the version your vhdx contains to the DVD

diskpart

lis disk

lis vol

select volume 3

assign letter L:

FORMAT FS=FAT32 LABEL=”BOOT”

exit

bcdboot C:\Windows /s L: /f UEFI

Disk2VHD on a Generation 2 VM results in an unbootable VHDX

Windows 10 bootrec /fixboot access is denied

https://answers.microsoft.com/en-us/windows/forum/windows_10-performance/windows-10-bootrec-fixboot-access-is-denied/747c4180-7ff3-4bc2-b6cc-81e572d546df?auth=1

# Redistribute failed packages without clicking view status -> redistribute package

$SiteCode = “P01”

$PackageState = “3”

$FailedPackages = Get-WmiObject -Namespace “Root\SMS\Site_$($SiteCode)” -Query “select * from SMS_PackageStatusDistPointsSummarizer where state = $($PackageState)”

if ($FailedPackages.Count -gt 0)

{

Write-Host “There are $($FailedPackages.Count) Failed Packages at the moment.”

}

elseif ($FailedPackages)

{

Write-Host “There is 1 Failed Package at the moment.”

}

else

{

Write-Host “There are 0 at the moment.”

}

if ($FailedPackages)

{

foreach ($FailedPackage in $FailedPackages)

{

try

{

$DistributionPointObj = Get-WmiObject -Namespace “root\SMS\Site_$($SiteCode)” -Class SMS_DistributionPoint -Filter “PackageID=’$($FailedPackage.PackageID)’ and ServerNALPath like ‘%$($FailedPackage.ServerNALPath.Substring(12,7))%'”

$DistributionPointObj.RefreshNow = $True

$result = $DistributionPointObj.Put()

Write-Host “Refreshed $($FailedPackage.PackageID) on $($FailedPackage.ServerNALPath.Substring(12,7)) – State was: $($FailedPackage.State)”

}

catch

{

Write-Host “Unable to refresh package $($FailedPackage.PackageID) on $($FailedPackage.ServerNALPath.Substring(12,7)) – State was: $($FailedPackage.State)”

write-host $Error

}

}

}

https://social.technet.microsoft.com/Forums/office/en-US/36d083ef-6310-4d64-b4a7-031ee96a9d2f/sccm-2012-powershell-redistribute-failed-packages?forum=configmanagersdk

Some people notice after upgrading to Windows 10 April Update, that there is a new partition (recovery partition with Windows PE). Due to the fact, that a drive letter is assigned, the logical drive will be shown in explorer. And Windows 10 starts with annoying notifications, that the disk is full. This forum post describes the situation:

Disk management is failing

The first idea many users have is to remove the drive letter from the disk management partition. If you want to use Disk Management to fix the issue and remove the drive letter from the partition, you will fail in most cases. The context menu does not support commands on this recovery partition.

Open the command prompt window with administrator privileges

diskpart

list volume

select volume <number of your volume>

remove letter=<drive letter of your volume>

exit

( not able to remove letter from drive windows 10 1803 )

Windows 10 V1803 update creates a new OEM Partition

(Get-ADUser -Filter * -SearchBase “ou=Users,ou=London.UK,ou=EMEA,ou=Divisions,dc=bla,dc=com” -server “bla.com”).count

Prerequisites

The Hyper-V host and guest must both be Windows Server 2016/Windows 10 Anniversary Update or later.

VM configuration version 8.0 or greater.

An Intel processor with VT-x and EPT technology — nesting is currently Intel-only.

There are some differences with virtual networking for second-level virtual machines. See “Nested Virtual Machine Networking”.

Configure Nested Virtualization

Create a virtual machine.

While the virtual machine is in the OFF state, run the following command on the physical Hyper-V host.
This enables nested virtualization for the virtual machine.

Get-VM

copy VMName

Set-VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $true

Start the virtual machine.

Install Hyper-V within the virtual machine, just like you would for a physical server. For more information on installing Hyper-V see, Install Hyper-V.

https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/user-guide/nested-virtualization

<#

ImportHyperVVM.ps1

Dries Willems

03/12/2014

#>

Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V –All -NoRestart

Restart-Computer -Wait -For PowerShell -Timeout 600 -Delay 2

Import-Module Hyper-V

$ethernet = Get-NetAdapter -Name ethernet

$wifi = Get-NetAdapter -Name wi-fi

New-VMSwitch -Name EthernetExternalSwitch -NetAdapterName $ethernet.Name -AllowManagementOS $true -Notes ‘Parent OS, VMs, LAN’

New-VMSwitch -Name WiFiExternalSwitch -NetAdapterName $wifi.Name -AllowManagementOS $true -Notes ‘Parent OS, VMs, wifi’

Copy-Item * C:\VM

Import-VM -Path ‘C:\VM\Cobra\Virtual Machines\6FAEE0C5-7422-45BD-A915-AA3C3A5D06A7.XML’

$OldHostname = Get-WmiObject win32_computersystem | select-object -expandproperty name

$NewHostname = $OldHostname + “VM”

Rename-VM Cobra $NewHostname

Start-VM $NewHostname

———————————————————————————————

<#

RenameStartVM.ps1

Dries Willems

03/12/2014

#>

$OldHostname = Get-WmiObject win32_computersystem | select-object -expandproperty name

$NewHostname = $OldHostname + “VM”

Rename-VM Cobra $NewHostname

Start-VM $NewHostname

———————————————————————————————

<#

CreateVSwitchImportRenameStartCobra.ps1

Dries Willems

03/12/2014

#>

Import-Module Hyper-V

#Create Virtual Switch

$ethernet = Get-NetAdapter -Name ethernet

$wifi = Get-NetAdapter -Name wi-fi

New-VMSwitch -Name EthernetExternalSwitch -NetAdapterName $ethernet.Name -AllowManagementOS $true -Notes ‘Parent OS, VMs, LAN’

New-VMSwitch -Name WiFiExternalSwitch -NetAdapterName $wifi.Name -AllowManagementOS $true -Notes ‘Parent OS, VMs, wifi’

#Import VM

Import-VM -Path ‘C:\VM\Cobra\Virtual Machines\8F300942-505B-41C0-8644-B46321581214.XML’

#Rename VM & Start

$OldHostname = Get-WmiObject win32_computersystem | select-object -expandproperty name

$NewHostname = $OldHostname + “VM”

Rename-VM Cobra $NewHostname

Start-VM $NewHostname

——————————————————————————————–Cobra.bat

Powershell.exe -executionpolicy bypass -File .\CreateVSwitchImportRenameStartCobra.ps1

xcopy “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hyper-V Management Tools\VMConnect.lnk” “C:\Users\Public\Desktop\Hyper-V Virtual Machine Connection.lnk”* /I /S /Y /C /R

Command:
(Get-Credential).Password | ConvertFrom-SecureString | Out-File “C:\Temp\ABC_A1000001_PW.txt”

Script:

$username = “ABC\A1000001”

$password = Get-Content ‘\\server.domain.xyz\Scripts\Migration\ABC_A1000001_PW.txt’ | ConvertTo-SecureString

$cred = new-object -typename System.Management.Automation.PSCredential `

-argumentlist $username, $password

The current Start Menu after a successful OSD looked a bit messy:

Software that is not installed on the PC doesn’t show up on the Start Menu. (We won’t see any “ghost” tiles or …)

Once they install for example Google Chrome or Office 2016, it will show up automatically on the Start Menu.

The Start Menu is also fully customizable for the end user.

They can move/remove/add everything they want.

The initial Start Menu is just a base where they can customize it to their own desire.

The Start Menu where the default xml is exported from:

Tasksequence step:

Package Content:

StartMenu.xml:
Open Powershell
Export-Startlayout –path C:\Windows\Temp\Startmenu.xml

ImportW10Layout.ps1:
Import-StartLayout -LayoutPath $PSScriptRoot\StartMenu.xml -MountPath $env:SystemDrive\
Copy-Item -Path $PSScriptRoot’\Internet Explorer.lnk’ -Destination $env:SystemDrive’\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories’

http://ccmexec.com/2015/09/customizing-the-windows-10-start-menu-and-add-ie-shortcut-during-osd/

Remove 3D Builder, Alarms and Clock, Calendar and Mail, Contact Support, Cortana, Get Office, Get Skype, Groove Music, Maps, Microsoft Edge, Money, Movies & TV, News, OneNote, Candy Crush, Get Asphalt, People, Phone Companion, Twitter, Sports, Voice Recorder, Weather and XBOX.

Get-AppXPackage | where-object {$_.name –notlike “*store*”} | Remove-AppxPackage

Error: This version of bootcamp is not intended for this computer model.

Download Orca or InstEd It and open the BootCamp/Drivers/Apple/BootCamp.msi file using this software.

Find the table called LaunchCondition and select Drop table.

Save the file and run the BootCamp.msi from within Windows and it should start installing the drivers!

Reboot when prompted and you should be all set!

Open PowerShell from your sccm console as an admin so you are connected to your site server

Just export your task sequence using the following command (Get-CMTaskSequence | Where-Object {$_.Name -eq “YourTaskSequenceName”}).Sequence | Out-File “C:\Temp\YourFileName.xml”

Copy tsDocumentorv2.xsl to the same folder as your task sequence.

https://msdnshared.blob.core.windows.net/media/TNBlogsFS/prod.evol.blogs.technet.com/telligent.evolution.components.attachments/01/6127/00/00/03/20/49/89/tsDocumentorv2.xsl

Open your task sequence YourFileName.xml in your favourite text editor.

Enter the following as the first line:

<?xml-stylesheet type=”text/xsl” href=”tsDocumentorv2.xsl” mce_href=”tsDocumentorv2.xsl”?>

Save your task sequence file and open it in Internet Explorer. Presto!
The XSL takes care of formatting, indents and sizing.

Disclaimer: The information on this site is provided “AS IS” with no warranties, confers no rights, and is not supported by the authors or Microsoft Corporation. Use of included script samples are subject to the terms specified in the Terms of Use.

This post was contributed by Aly Shivji a consultant with Microsoft Services – U.S. East Region.

tsDocumentorv2.xsl

https://msdnshared.blob.core.windows.net/media/TNBlogsFS/prod.evol.blogs.technet.com/telligent.evolution.components.attachments/01/6127/00/00/03/20/49/89/tsDocumentorv2.xsl

https://blogs.technet.microsoft.com/deploymentguys/2009/02/20/documenting-your-task-sequences-automagically-update-v2/

Recover Solution #1 (Wipe cache, this will clear app setting data but will retain user data)

Go to recovery by holding power button + volume down

Choose English

Choose ‘Wipe data and cache’

Choose ‘wipe cache’ (This will only clear app settings data, other data on the internal storage will not be erased)

Choose ‘Yes’

Choose ‘Reboot’

Solution #2 (Wipe data and cache, this will clear app setting data and erase user data)

Go to recovery by holding power button + volume down

Choose English

Choose ‘Wipe data and cache’

Choose ‘Wipe data and cache’ (this will clear app settings data and erase internal storage data)

Choose ‘Yes’

Choose ‘Reboot’

Solution #3 (Adb sideload ROM file)

Download vx.y.z ROM from OnePlus support website (http://downloads.oneplus.net)

Turn off device and boot into recovery mode (By holding power button + volume down)

Choose English option

Choose Install from USB option in the recovery screen

Tap OK button.

A screen with “You are in sideload mode” will be displayed

Connect your device to PC (PC / Mac must have adb pre-installed)

Run the following command

For windows: “adb sideload <filename>”

For Mac: “./adb sideload <filename>”

$ccmProgram = Get-WmiObject -Namespace ROOT\CCM\ClientSDK
-Class CCM_Program | Where-Object {$_.EvaluationState –eq 14}

If ($ccmProgram -ne $null)

{

$ccmExecutionRequestEx = Get-WmiObject -Namespace ROOT\CCM\SoftMgmtAgent –Class
CCM_ExecutionRequestEx | Where-Object {$_.RunningState -eq
“NotifyExecution” -and $_.AdvertID -gt “” -and $_.ContentID
-eq $ccmProgram.PackageID}

If
($ccmExecutionRequestEx -ne $null)

{

$ccmExecutionRequestEx | Remove-WmiObject

Start-Process sc.exe -ArgumentList “config smstsmgr depend=
winmgmt/ccmexec” -Wait

Restart-Service -Name CcmExec -Force

}

}

Virtual Machines

Access denied. Unable to establish communication between ‘Hyper-V Server’ and ‘Hyper-V Manager’.

This is puzzling since the workstation has been connected to this particular Hyper-V server many times using other network profiles. The profile we created for the Microsoft folks was seemingly giving us the connection issue.

The fix took a bit of searching to find and needed to be accomplished on the Windows Vista system where the Hyper-V Manager was installed:

Close the Hyper-V Manager

C:\Windows\SysWOW64\dcomcnfg.exe

Right click on dcomcnfg and Run As Administrator.

Authenticate with the local admin credentials if UAC prompts for credentials, or
continue if it does not.

Open the Component Services node, then the Computers node, then right click on My Computer and click on Properties.

Click on the COM Security tab.

Click the Edit Limits button under Access Permissions.

Enable Remote Access for Anonymous Logon

Click Apply and OK.

Close the Component Services console and the Windows Explorer window.

Start the Hyper-V Manager and continue through the UAC.

The virtual machines, if any, will show up in the Hyper-V Manager console after that.

http://blog.mpecsinc.ca/2009/06/hyper-v-error-access-denied-unable-to.html

cachecleaner -deleteall -force=3

Install XAMPP

https://www.apachefriends.org/index.html

Select Apache and MySQL when installing

Config Apache -> Edit php.ini
upload_max_filesize=6M

Create DB utf8_general_ci + Import sql db
Create User & assign permissions on DB

——————————————————-

Install Drupal 8.x

1. Unzip the Startup Growth Drupal theme package.

2. Locate the [site]/[d8] directory and upload its content to your

server. This directory includes Drupal core and all of the

required modules that are used in the theme. If you wish to

install the theme in your root directory (often called the

“/public_html/” directory), simply place all the extracted

files and folders into this directory. Place all files in a

sub-directory, if you want the theme installed in a sub-directory

of your website.

3. (important) Create the MySQL database. Make a note of the complete

database name. You will need your database username and password

during the first couple of steps of your theme installation.

4. Import the “[site]/[d8]/[_data]/db_instance.sql” file in your newply

created MySQL database.

5. Start the Drupal installation wizard by pointing your browser to the

recently created folder, in your Apache server path.

6. Continue the installation by selecting the “Standard” installation profile.

7. Enter your recently created database information. This includes the database name

and credentials (username/password) you have chosen when creating it.

8. The installation wizard will recognise that you are using an already populated

database and will inform you accordingly. At the same time, the wizard should

create all the necessary files your Drupal site needs in order to work properly on

your server.

9. You are done. Click on the “visit existing site” link, to visit your new site.

10. Once you are done with the above, please login to this site through the /user/login url

11. Navigate to /admin/reports/status and make sure that there are no errors regarding

the “File system” item. In case of errors please make sure to resolve those.

12. By default, our theme distribution comes with Drupal 8 caching and aggregation of JS and

CSS files, deactivated, ensuring a smoother experience during any technical work you

will need to do post-installation.

Either right after installation, or when you finish building your Drupal 8 site using

this theme, it is recommended to activate Drupal caching and aggregation of CSS and

JS files, for better performance.

To do so, navigate to /admin/config/development/performance and enable caching

(default option: 15 min) as well as the “Aggregate CSS files” and

“Aggregate JavaScript files” options.

——————————————————-

Install Composer:

https://getcomposer.org/Composer-Setup.exe
https://getcomposer.org/doc/00-intro.md#manual-installation

Close all browser – and explorer windows

——————————————————-

Install Git

https://www.drupal.org/documentation/git/install

——————————————————-

Install DrupalConsole

https://github.com/hechoendrupal/DrupalConsole/#download-using-drupalcomposer

——————————————————-

Install Commerce:

Open XAMPP Shell
CD C:\xampp\htdocs\d8

composer config repositories.drupal composer https://packages.drupal.org/8

composer require “drupal/commerce 2.x-dev”

drupal module:install commerce_product commerce_checkout commerce_cart commerce_tax

SELECT CompName.Name0 as ‘Computer Name’, CompSys.Manufacturer0 as ‘OEM’, CompSys.model0 as ‘Model’, BIOS.SMBIOSBIOSVERSION0 as ‘BIOSVersion’, BIOS.ReleaseDate0 as ‘Release Date’

FROM V_R_System as Sys

LEFT JOIN V_GS_PC_BIOS as BIOS on Sys.resourceid = BIOS.resourceid

LEFT JOIN V_GS_COMPUTER_SYSTEM as CompSys on Sys.resourceid = CompSys.resourceid

LEFT JOIN V_GS_SYSTEM as CompName on Sys.resourceid = CompName.resourceid

GROUP BY CompSys.Manufacturer0,CompSys.model0, BIOS.SMBIOSBIOSVersion0, CompName.Name0, BIOS.ReleaseDate0

ORDER BY CompSys.Model0, BIOS.SMBIOSBIOSVersion0

Great Client repair utility

SCCM Client Tool for

1.fixing WMI issues

2. Ping issues

3. Client Health issues

4. change client cache size

5. Install / Uninstall SCCM Client

6. Repair Update Cycles …. etc

The tool is downloadable as a ZIP file that contains four files:
ClientActionsTool.hta – The tool itself.
Cmdkey.exe – command line tool for managing cached credentials. This is needed for alternate credentials feature when running the HTA on Windows XP. Cmdkey.exe is natively available starting from Windows Vista.
Wol.exe – command line tool from Gammadyne Corporation to send wake up packets to remote computers.
Config.ini – A configuration file for default settings. This file is not required to run the tool, but if it doesn’t exist, the tool may prompt for the data every time it’s run.

https://gallery.technet.microsoft.com/SCCM-Client-Utility-WMI-ec270313

Troubleshooting:

Invalid MP cert info; no signature

Failed to query http://… for MP location

Step 1) verify the mplist and mpcert

http://server.bla.com/sms_mp/.sms_aut?mplist

http://server.bla.com/sms_mp/.sms_aut?mpcert

if you get the cert page and mp list the mp is working

https://technet.microsoft.com/en-us/library/Bb932118.aspx?f=255&MSPPError=-2147217396

I’ve got some corrupt softpaq downloads using
https://ftp.hp.com/pub/caps-softpaq/cmit/HP_Driverpack_Matrix_x64.html

ftp://ftp.hp.com/pub/softpaq/sp66001-66500/

This one is working

ftp://g4u0180.houston.hp.com/ftp1/pub/softpaq/sp66001-66500/

Install first Windows XP 32bit on the SSD with IDE mode enabled.

Download Intel® Matrix Storage Manager

IATA89CD.exe

https://downloadcenter.intel.com/download/17882/Intel-Matrix-Storage-Manager

Open CMD
Navigate to IATA89CD.exe with cd

Extract:
IATA89CD.exe -a

Navigate to

C:\Program Files\Intel\Intel Matrix Storage Manager\winall\Driver

Copy/paste all files from that folder into C:\WINDOWS\system32\drivers

Open Device Manager

Go to IDE ATA/ATAPI controllers
Rightclick to update driver on one of them

Select “Install from list or specific location”

Select “Don’t search. I will choose the driver to install”

Select “Have Disk…”

Browse to C:\WINDOWS\system32\drivers

Select iaStor.sys

Click OK

Select driver from the list

“Intel(R) ICH9M-E/M Sata AHCI Controller”

Redo these steps on other controllers until you get a BSOD.

Be sure to change the BIOS to AHCI mode when rebooting the system!

Note: Use winsetupfromusb to load the ISO to your USB Thumb drive
http://www.winsetupfromusb.com/files/download-info/winsetupfromusb-1-6-exe/

———————————

SSD Enhancements

Disabling background disk defragmentation

Key Name:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction\ Name: Enable Type: REG_SZ Value: N

Disable Background auto-layout:

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OptimalLayout Value Name: EnableAutoLayout Type: REG_DWORD Value: 0

Disable update of filesystem’s “last access timestamps”

“Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem Name: NtfsDisableLastAccessUpdate Type: REG_DWORD Value: 1

Disable Prefetch

Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters Name: EnablePrefetcher Type: REG_DWORD Value: 0

Optionally: Go to the system settings and disable the swap file (pagefile) unless you are very low on system memory, and disable the system restore service unless needed. You can also move the temporary and log files directories away to non-SSD media if available, see below.

Now, close the registry editor, reboot and you are done. Easy, wasn’ t it? Remember not use defrag utilities on SSD disks! For additional details, please refer to – http://msdn.microsoft.com/en-us/library/ms912916(v=winembedded.5).aspx — Some of above information is collected from there.

Partition alignment

Align your partitions so that they start and end at 4k disk blocks. E.g. read this post on Anandtech. Any modern partition tool will do this automatically. I recommend GParted. However the Windows XP partitioner is old and will do this wrong in most cases. The reason is that modern drives, including SSDs and hard disks, operate on 4k data blocks at a time. If the partition is misaligned all partition blocks stretch across disk blocks. If a partition block is processed the drive will need to actually process two disk blocks! This slows disk operations down.

File system settings

If you format the partition, make sure to set the file system allocation block size to 4k. For XP, it is best to choose NTFS as the file system and 4096 as the Allocation Unit Size, check Quick Format, and hit “Ok”. Am I missing something crucial? Please tell me, it will be appreciated.

The endpoint settings in VM allows us to configure the incoming traffic such as remote desktop, custom http ports (Teamcity, OctpusDeploy and etc.) to VM. It was pretty easy to find that setting on old HTML5 azure portal https://manage.windowsazure.com.

VM EndPoint Setting in old Azure portal

But you can’t use the new type of VM with a resource manager on old portal so you have no choice but to use the new Azure portal https://portal.azure.com. The problem (at least for me) came when I wanted to open some ports (endpoints) on new VM via new portal. It took me a while to search for it so I thought I will share it here for those who might have same issue.

Let’s see what you will get when you create a new VM with a resource manager.

Microsoft Azure Resource Group

By default, you will get the following things when you create a VM but of course, you have an option to choose what to create or what to re-use during the setup.

Virtual machine

Network Interface

Network Security Group

Public IP Address

Virtual network

Storage Account

Choose “Network Security Group” then you will see the setting page that looks similar to Windows Advanced Firewall interface on windows server or desktop.

Azure Network Security Group

Click on “Inbound security rules”. This is where you can enable the endpoint of your new VM. Of course, you forget to open the same port in your server OS as well.

http://michaelsync.net/2015/09/28 /where-is-the-endpoint-setting-for-vm-in-new-azure-portal

Secure Delete Files Permanently with SDelete

Contents of the Software Package:

– sdelete.exe

– sdeleteEULA.reg:

————————————————-

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Sysinternals\SDelete]

“EulaAccepted”=dword:00000001

————————————————-

Tasksequence:

Restart Computer to WinPE

– Secure Wipe C Drive

— Copy SDelete

xcopy.exe “.\*.*” “%WinDir%” /E /C /Q /H /R /Y /I

Package: SDelete

— Accept SDelete EULA

regedit.exe /S sdeleteEULA.reg

%windir%

— Format and Partition Disk

Disk number: 0

Disk Type: Standard(MBR)

Volume: Primary NTFS (Quick Format)

— 7 Pass Drive Wipe

sdelete.exe -p 7 -c -z

C:\

https://technet.microsoft.com/en-us/sysinternals/sdelete.aspx

Dism /Mount-Image /ImageFile:”C:\Temp\prodbootv62\sources\boot.wim” /index:1 /MountDir:”C:\Temp\Mount”

## Dependencies: Install WinPE-WMI > WinPE-NetFX > WinPE-Scripting > WinPE-PowerShell

Dism /Add-Package /Image:”C:\Temp\Mount” /PackagePath:”C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\WinPE-HTA.cab”

Dism /Add-Package /Image:”C:\Temp\Mount” /PackagePath:”C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\WinPE-WMI.cab”

Dism /Add-Package /Image:”C:\Temp\Mount” /PackagePath:”C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\WinPE-WMI_en-us.cab”

Dism /Add-Package /Image:”C:\Temp\Mount” /PackagePath:”C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\WinPE-NetFX.cab”

Dism /Add-Package /Image:”C:\Temp\Mount” /PackagePath:”C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\WinPE-NetFX_en-us.cab”

Dism /Add-Package /Image:”C:\Temp\Mount” /PackagePath:”C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\WinPE-Scripting.cab”

Dism /Add-Package /Image:”C:\Temp\Mount” /PackagePath:”C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\WinPE-Scripting_en-us.cab”

Dism /Add-Package /Image:”C:\Temp\Mount” /PackagePath:”C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\WinPE-PowerShell.cab”

Dism /Add-Package /Image:”C:\Temp\Mount” /PackagePath:”C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\WinPE-PowerShell_en-us.cab”

Dism /Add-Package /Image:”C:\Temp\Mount” /PackagePath:”C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\WinPE-StorageWMI.cab”

Dism /Add-Package /Image:”C:\Temp\Mount” /PackagePath:”C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\WinPE-StorageWMI_en-us.cab”

Dism /Add-Package /Image:”C:\Temp\Mount” /PackagePath:”C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\WinPE-DismCmdlets.cab”

Dism /Add-Package /Image:”C:\Temp\Mount” /PackagePath:”C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\WinPE-DismCmdlets_en-us.cab”

Dism /Unmount-Image /MountDir:”C:\Temp\Mount” /commit

Dism /Cleanup-WIM

cd C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Windows Preinstallation Environment

copype amd64 C:\WinPE_amd64

Makewinpemedia /iso C:\WinPE_amd64 C:\Temp\prodbootv62.iso

https://technet.microsoft.com/en-us/library/hh824926.aspx

Auto Apply Drivers

This action relies on Plug’n’Play (PNP) detection from within Windows PE (WinPE) to scan the hardware that is present, and send this list to the Management Point (MP). The MP replies with a list of compatible drivers that are available on local Distribution Points (DPs), and the Task Sequence downloads and installs the drivers to the C: drive where they can be used by Windows the next time it boots. This action looks for matching drivers across all Driver Packages on all DPs that are accessible in the client’s site boundaries. Without specifying any Driver Packages in the Task Sequence, all matching drivers that are not disabled and not filtered out by a category are considered, regardless of what the package is named or what the original intent of the package was.

Advantages: This action requires the least amount of administration of drivers and driver packages, PNP does most of the work.

Disadvantages: Does not work with standalone media, does not detect hardware that is not present or disabled (i.e. external/USB devices, multi-level drivers, disabled in the BIOS, wireless/Bluetooth with an off switch, etc.) and does not support mass storage drivers for operating systems prior to Windows Vista/Server 2008. You have less control over driver versions, if an SCCM admin downloads different drivers and adds them to any Driver Package and replicates the package to DPs, then any Task Sequence with the Auto Apply Drivers step will find them and possibly consider them a better match. So you could have machines imaging fine one day, and then the next day problems arise or even blue screens, without the Task Sequence ever changing.

Details: The Auto Apply Drivers step in the TS performs these steps:

WinPE performs a PNP scan (devices that are disconnected or turned off are not detected)

WinPE submits the results of the PNP scan to the MP for matching

The MP returns the locations of drivers that are applicable, not disabled, not filtered out by Categories, and accessible on DPs within the current boundaries

WinPE downloads them, and depending on the OS to be installed:

Windows XP: Installs them to the correct folders under C:\Windows

Windows Vista/7/8: Directly adds them to the image’s driver store using DISM for use during Windows (mini-)setup phase

No drivers get loaded under WinPE, but the drivers are installed for the Windows PNP to find on the next boot

——————————————————-

Apply Driver Package

This action does not rely on PNPID detection and always installs all drivers included in a Driver Package, regardless of whether they are valid for that hardware or not. The Driver Packages should be grouped together logically (i.e. by operating system and hardware model) to avoid installing unnecessary drivers on the system (not because this would cause problems, drivers that are not needed are not loaded and just consume disk space). The Task Sequence step can be targeted at specific models using a WMI query.

Advantages: Provides the most control over which drivers and which versions get installed for a particular model, allows drivers to be installed for hardware that may not be present during the Task Sequence, and works with standalone media.

Disadvantages: Requires more up front administration to get the Driver Packages grouped, requires additional disk space on the Distribution Points if the drivers apply to more than one model and need to be included in more than one Driver Package.

Details: The Apply Driver Package step in the Task Sequence performs these steps:

Tries to find the package on a DP that is accessible within the current boundaries

WinPE downloads them (even if they are not needed or not applicable), and depending on the OS to be installed:

Windows XP: Installs them to the correct folders under C:\Windows

Windows Vista/7/8: Directly adds them to the image’s driver store using DISM for use during Windows (mini-)setup phase

No drivers get loaded under WinPE, but the drivers are installed for the Windows PNP to find on the next boot. Unnecessary drivers are ignored by PNP.

Summary

Most smaller companies and test labs can use Auto Apply Drivers, and it can work fine for months or years, but at some point a new driver could start getting detected as valid for older hardware and cause issues. Larger companies with a diverse or global administration model usually prefer Apply Driver Package. Some companies might prefer a hybrid approach, where the Task Sequence runs an Auto Apply Drivers step first to get most of the required drivers, and then runs Apply Driver Package steps for each model that requires additional handling.

Notes

The Import New Driver Wizard does not actually import the driver files into the SQL database, it only creates metadata information about the drivers and stores the path to the source files. The import source files need to remain in the same path after the import wizard is complete, since they will be used to update driver packages and boot images.

After you have imported new drivers, it’s good practice to manually verify the operating systems selected as supported platforms. This is done by editing the Properties and selecting the Applicability tab. The wizard tries to assign the correct platforms based on information in the .INF files, but these files are not always correct and often needs to be corrected to match the information provided on the vendor’s website or in the readme files.

I try to avoid adding any unnecessary drivers to the Windows PE boot images. Generally I try to use the default drivers provided by Windows PE, and only add drivers for mass storage controllers and network adapters when needed, or to improve performance. Do some benchmarking from Windows PE, and make sure the disk I/O for SATA drives averages at least 40MBps for writes and 80MBps for reads. Make sure the network I/O is at least 600Mbps on Gigabit, and 70Mbps or better on Fast Ethernet.

Both of the Task Sequence driver steps can only be ran from WinPE, not under full Windows.

For Windows Vista/7/8, all driver steps need to be added during the “offlineServicing” configuration pass of setup (after the “Apply Operating System Image” step, but before the “Setup Windows and ConfigMgr” step).

On pre-Vista operating systems, any mass storage and boot critical drivers must be installed with Apply Driver Package, not Auto Apply Drivers.

Thanks to Jason Sandys for input and feedback on this info.
http://blogs.catapultsystems.com/mlist/archive/2012/10/18/auto-apply-drivers-vs-apply-driver-package-in-task-sequences/

NetpJoinDomainOnDs: Function exits with status of: 0x216d

0x216d = ERROR_DS_MACHINE_ACCOUNT_QUOTA_EXCEEDED

“Your computer could not be joined to the domain. You have exceeded the maximum number of computer accounts you are allowed to create in this domain. Contact your system administrator to have this limit reset or increased.”

By default any authenticated user can add up to 10 workstations to the domain.

After that you need the appropriate rights.

You can either get the rights delegated (recommended) or increase the default limit for authenticated users (not recommended).

https://support.microsoft.com/en-us/kb/932455

Peter Monten gave me a cool query for SCCM 2012 to monitor an deployment.
It is compatible with all deployments in SCCM and so I changed it for our Office 365 – 2016 rollout.

select stat.*, ins.*, att1.*, att1.AttributeTime from SMS_StatusMessage as stat left join SMS_StatMsgInsStrings as ins on stat.RecordID = ins.RecordID left join SMS_StatMsgAttributes as att1 on stat.RecordID = att1.RecordID inner join SMS_StatMsgAttributes as att2 on stat.RecordID = att2.RecordID where att2.AttributeID = 401 and att2.AttributeValue = “XYZ20198” and stat.SiteCode = “XYZ” and att2.AttributeTime >= ##PRM:SMS_StatMsgAttributes.AttributeTime##

order by att1.AttributeTime desc

System.NullReferenceException

Object reference not set to an instance of an object.

Stack Trace:

at Microsoft.ConfigurationManagement.Migration.ObjectSerialization.Modeling.PrototypeImpl.TryGetPropertyValue(Object instance, String propertyName, Object& value)

at Microsoft.ConfigurationManagement.Migration.ObjectSerialization.Modeling.EntityHandle.TryGetValue[T](String propName, T& value)

at Microsoft.ConfigurationManagement.AdminConsole.MigrationAssistant.ExportPageControl.relatedWoker_DoWork(Object sender, DoWorkEventArgs e)

at System.ComponentModel.BackgroundWorker.OnDoWork(DoWorkEventArgs e)

at System.ComponentModel.BackgroundWorker.WorkerThreadStart(Object argument)

Remove the checkmark “Use an unattended or Sysprep answer file…” from Apply OS step, the export goes fine.

https://social.technet.microsoft.com/Forums/en-US/00b7fc39-f639-48e1-ba07-0604b29e49b1/unable-to-export-task-sequence-with-dependencies-in-sccm-2012-r2-sp1?forum=configmanagerosd

One solution would be to reboot the computers in the environment. This would clear the Kerberos tickets from all session caches. However, rebooting a server is not always allowed in production and in some cases the server needs to be available 24×7.

klist -li 0:0x3e7 purge

Monitoring\Overview\System Status\Component Status

http://anoopcnair.com/2012/06/05/configmgr-sccm-2012-where-is-tools-configmgr-service-manager-in-cm12-console/

WMI Query in Tasksequence

root\cimv2
Select * from Win32_LogicalDisk where name = “C:” and FREESPACE > 5368709120

Good news, there is a hotfix available!

https://support.microsoft.com/en-us/kb/3084586

Because there is still no new server key available (2016).
VLSC has provided us a special Windows 10 activation key.

Windows Srv 2012R2 DataCtr/Std KMS for Windows 10

For those guys who don’t understand this.
To activate Windows Clients on KMS running Windows Server, you need the Server Key to activate your client.

Option Explicit

Dim objshell,path,DigitalID, Result
Set objshell = CreateObject(“WScript.Shell”)
‘Set registry key path
Path = “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\”
‘Registry key value
DigitalID = objshell.RegRead(Path & “DigitalProductId”)
Dim ProductName,ProductID,ProductKey,ProductData
‘Get ProductName, ProductID, ProductKey
ProductName = “Product Name: ” & objshell.RegRead(Path & “ProductName”)
ProductID = “Product ID: ” & objshell.RegRead(Path & “ProductID”)
ProductKey = “Installed Key: ” & ConvertToKey(DigitalID)
ProductData = ProductName & vbNewLine & ProductID & vbNewLine & ProductKey
‘Show messbox if save to a file
If vbYes = MsgBox(ProductData & vblf & vblf & “Save to a file?”, vbYesNo + vbQuestion, “BackUp Windows Key Information”) then
Save ProductData
End If

‘Convert binary to chars
Function ConvertToKey(Key)
Const KeyOffset = 52
Dim isWin8, Maps, i, j, Current, KeyOutput, Last, keypart1, insert
‘Check if OS is Windows 8
isWin8 = (Key(66) \ 6) And 1
Key(66) = (Key(66) And &HF7) Or ((isWin8 And 2) * 4)
i = 24
Maps = “BCDFGHJKMPQRTVWXY2346789”
Do
Current= 0
j = 14
Do
Current = Current* 256
Current = Key(j + KeyOffset) + Current
Key(j + KeyOffset) = (Current \ 24)
Current=Current Mod 24
j = j -1
Loop While j >= 0
i = i -1
KeyOutput = Mid(Maps,Current+ 1, 1) & KeyOutput
Last = Current
Loop While i >= 0
keypart1 = Mid(KeyOutput, 2, Last)
insert = “N”
KeyOutput = Replace(KeyOutput, keypart1, keypart1 & insert, 2, 1, 0)
If Last = 0 Then KeyOutput = insert & KeyOutput
ConvertToKey = Mid(KeyOutput, 1, 5) & “-” & Mid(KeyOutput, 6, 5) & “-” & Mid(KeyOutput, 11, 5) & “-” & Mid(KeyOutput, 16, 5) & “-” & Mid(KeyOutput, 21, 5)

End Function
‘Save data to a file
Function Save(Data)
Dim fso, fName, txt,objshell,UserName
Set objshell = CreateObject(“wscript.shell”)
‘Get current user name
UserName = objshell.ExpandEnvironmentStrings(“%UserName%”)
‘Create a text file on desktop
fName = “C:\Users\” & UserName & “\Desktop\WindowsKeyInfo.txt”
Set fso = CreateObject(“Scripting.FileSystemObject”)
Set txt = fso.CreateTextFile(fName)
txt.Writeline Data
txt.Close
End Function

Un-checked Allow this package to transfered via multicast at package/image properties.

Cleared SerializedMCSKey and SignedSerializedMCSKey in registry (HKLM\Software\SMS\MCS).

Unchecked enable multicast at dp properties.

Checked enable multicast at dp properties.

Checked Allow this package to transfered via multicast at package/image properties.

ConfigMgr 2012 R2 MultiCast issue smsts.log showing HRESULT=800705B4)

* Uninstall old SCCM Client

C:\Windows\ccmsetup\ .\ccmsetup.exe /uninstall

* Clean CCM WMI

Get-WmiObject -Namespace “root” -Query “SELECT * FROM __Namespace where name= ‘ccm'” | Remove-WmiObject

* Uninstalled Reporting Services Point Role from SCCM 2012 R2

* Ran the script by (Mike Laughlin) after editing “SiteCode” & “Server Name” to clean up OLD files leaving only the ConfigMgr_”SiteCode” folder

######################################################################################################################################

# SCCM2012SP1-RemoveDuplicateSSRSFolders.ps1

# This script will connect to SSRS on a specified server and delete all folders that end with .OLD.*

# Used for SSRS cleanup after SCCM 2012 SP1 installation

# Script must be run from an account that has access to modify the SSRS instance

# 3/22/2013 – Mike Laughlin

#

# Resources used in writing this script:

# Starting point: http://stackoverflow.com/questions/9178685/change-datasource-of-ssrs-report-with-powershell

# API Documentation: http://msdn.microsoft.com/en-us/library/ms165967%28v=sql.90%29.aspx

# Previous script: http://social.technet.microsoft.com/Forums/en-US/configmanagergeneral/thread/dc9aa3b4-cea9-4a07-87ca-2795a2dbc04e

######################################################################################################################################

# Define variables

$SiteCode = “XXX”

$serverName = “SACCESQLXXX.XXX.local”

# Set the value of $noConfirm to $True only if you don’t want to manually confirm folder deletion. Use with caution.

$noConfirm = $False

# Safeguard

If ( $SiteCode -eq “” -or $serverName -eq “” ) { Write-Host “Enter the required information for the SiteCode and serverName variables before running this script.” -ForegroundColor Red -BackgroundColor Black ; Exit }

# Connect to SSRS

# $ssrs = New-WebServiceProxy -uri http://$serverName/ReportServer/ReportService2005.asmx?WSDL -UseDefaultCredential

$ssrs = New-WebServiceProxy -uri http://sccmreportsacc.XXX.local/ReportServer_INS008/ReportService2005.asmx?WSDL -UseDefaultCredential

# Get a listing of all folders in SSRS

$reportFolders = $ssrs.ListChildren(“/”, $True)

# Find all folders containing .OLD.*

$foldersToDelete = $reportFolders | Where { $_.Name -like “ConfigMgr_” + $SiteCode + “.OLD.*”}

# Quit if no folders are found

If ( $foldersToDelete.Count -eq 0 ) { Write-Host “No folders with .OLD.* found. Quitting.” ; Exit }

# Show a listing of the folders that will be deleted

Write-Host “The following folders will be deleted from SSRS on” $serverName”:`n”

$foldersToDelete.Name

Write-Host “`nTotal number of folders to delete:” $foldersToDelete.Count “`n”

# Get confirmation before deleting if $noConfirm has not been changed

If ( $noConfirm -eq $False )

{

$userConfirmation = Read-Host “Delete these folders from” $serverName”? Enter Y or N”

If ( $userConfirmation.ToUpper() -ne “Y” ) { Write-Host “Quitting, folders have not been deleted.” ; Exit }

}

# Delete the folders

$deletedFolderCount = 0

Write-Host “Beginning to delete folders now. Please wait.”

ForEach ( $folder in $foldersToDelete ) { $ssrs.DeleteItem($folder.Path) ; $deletedFolderCount++ }

Write-Host “Folders have been deleted. Total number of deleted folders:” $deletedFolderCount

######################################################################################################################################

* Run mofcomp to add classes to wmi

PS C:\Users\XXX> mofcomp “C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqlmgmproviderxpsp2up.mof”

Microsoft (R) MOF Compiler Version 6.2.9200.16398

Copyright (c) Microsoft Corp. 1997-2006. All rights reserved.

Parsing MOF file: C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqlmgmproviderxpsp2up.mof

MOF file has been successfully parsed

Storing data in the repository…

Done!​

* Reinstalled Reporting Services Point Role

https://social.technet.microsoft.com/Forums/en-US/f6ce1fc4-fd60-4908-a308-751b2f856211/sccm-2012-sp1-evil-folders-in-reporting-services-what-are-they-and-how-to-remove-them?forum=configmanagergeneral

In case you are wondering, normally I would open the EXE’s and extract the MSI’s.

But today I decided to use the EXE’s with the default commands that Oracle delivers us.

Had some problems with SCCM depencies and with little time, I used a batch file.

When using SCCM and installing it with SYSTEM credentials, the java installer decided to place the msi’s under the appdata from the install account.

Because appdata from the System account is under C:\Windows\System32, it would not do the correct copy actions.

Also it was searching for java.settings.cfg under C:\ProgramData\Oracle\Java , so we needed to place the file there before installing.

I also added some custom settings to the Java configuration.

Placing the file under APPDATA of the current user.

Detection Method:

Exist

C:\ProgramData\Oracle\Java\Settings_Java8u66_Installed.txt

Exist

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2381208660F

Exist

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF2681408660F

Installing:

cmd.exe /c InstallJavaRE8U66.cmd

Batchfile InstallJavaRE8U66.cmd

——————————————————————

xcopy java.settings.cfg “%ProgramData%\Oracle\Java\”* /I /S /Y /C /R

xcopy .\jre1.8.0_66* “C:\windows\system32\config\systemprofile\AppData\LocalLow\Oracle\Java\”* /I /S /Y /C /R

xcopy .\jre1.8.0_66_x64* “C:\windows\system32\config\systemprofile\AppData\LocalLow\Oracle\Java\”* /I /S /Y /C /R

timeout.exe /T 30 /NOBREAK

jre-8u66-windows-x64.exe /s INSTALL_SILENT=1 STATIC=1 AUTO_UPDATE=0 WEB_ANALYTICS=0 REBOOT=0 NOSTARTMENU=1 SPONSORS=0 /L C:\Windows\Temp\Install_SDC_Oracle_JavaRE_1.8.0.66_01.00_EN_x64.log

jre-8u66-windows-i586.exe /s INSTALL_SILENT=1 STATIC=1 AUTO_UPDATE=0 WEB_ANALYTICS=0 REBOOT=0 NOSTARTMENU=1 SPONSORS=0 /L C:\Windows\Temp\Install_SDC_Oracle_JavaRE_1.8.0.66_01.00_EN_x86.log

type NUL > %ProgramData%\Oracle\Java\Settings_Java8u66_Installed.txt

——————————————————————

java.settings.cfg -> Place this file under C:\ProgramData\Oracle\Java

——————————————————————

AUTO_UPDATE=0

INSTALL_SILENT=1

NOSTARTMENU=1

SPONSORS=0

WEB_ANALYTICS=0

——————————————————————

deployment.properties -> Place this file under %userprofile%\appdata\locallow\Sun\Java\Deployment\deployment.properties

——————————————————————

#deployment.properties

#Fri Oct 23 18:21:40 CEST 2015

deployment.modified.timestamp=1445617300114

deployment.roaming.profile=false

deployment.security.mixcode=DISABLE

deployment.security.revocation.check=NO_CHECK

deployment.version=8

install.disable.sponsor.offers=true

deployment.browser.path=C\:\\Program Files\\Internet Explorer\\iexplore.exe

#Java Deployment jre’s

#Fri Oct 23 18:21:40 CEST 2015

deployment.javaws.jre.0.registered=true

deployment.javaws.jre.0.platform=1.8

deployment.javaws.jre.0.osname=Windows

deployment.javaws.jre.0.path=C\:\\Program Files\\Java\\jre1.8.0_66\\bin\\javaw.exe

deployment.javaws.jre.0.product=1.8.0_66

deployment.javaws.jre.0.osarch=amd64

deployment.javaws.jre.0.location=http\://java.sun.com/products/autodl/j2se

deployment.javaws.jre.0.enabled=true

deployment.javaws.jre.0.args=

——————————————————————

My blog:

http://dries.metrico.be/#post96

https://docs.oracle.com/javase/8/docs/technotes/guides/install/config.html#table_config_file_options

http://www.itninja.com/software/oracle/java-8/8-update-45

http://serverfault.com/questions/721388/java-msi-install-error-3-2147287037

Example: Computers that run Windows 7

Use the following query to return the NetBIOS name and operating system version of all computers that run Windows 7.

Tip: To return computers that run Windows Server 2008 R2, change %Workstation 6.1% to %Server 6.1%

SELECT *

FROM SMS_R_System

WHERE

OperatingSystemNameAndVersion LIKE ‘%Workstation 6.1’

Example: Computers with a specific software package installed

Use the following query to return the NetBIOS name of all computers that have a specific software package installed. This example displays all computers with a version of Microsoft Visio installed. Replace %Visio% with the software package you want to query for.

Tip: This query searches for the software package by using the names that are displayed in the programs list in Windows Control Panel. The term DISTINCT is used to ensure that only one result is returned per computer. The query also uses the AS term to create an alias to enhance readability of the query.

SELECT DISTINCT *

FROM SMS_R_System AS Sys

INNER JOIN SMS_G_System_ADD_REMOVE_PROGRAMS AS ARP ON

ARP.ResourceId = Sys.ResourceId

WHERE

ARP.DisplayName LIKE ‘%Visio%’

Example: Computers WITHOUT a specific software package installed

Use the following query to return the computers that do not have a specific software package installed. This example displays all computers that do not have a version of Microsoft Visio installed. Replace %Visio% with the software package you want to query for.

Tip: This query uses the ability to use sub-queries to filter results. The key is the use of the NOT IN operator is used to filter only computers not found in the sub-query (that is the query after the WHERE clause between brackets).

SELECT *

FROM SMS_R_System AS Sys

WHERE

Sys.ResourceID NOT IN

(

SELECT ResourceID

FROM SMS_G_System_Add_Remove_Programs AS ARP

WHERE ARP.DisplayName LIKE ‘%Visio%’

)

Example: Computers that are in a specific Active Directory Domain Services Organizational Unit (OU)

Use the following query to return the NetBIOS name and OU name of all computers in a specified OU. Replace the OU Name in the example with the name of the OU that you want to query for.

SELECT DISTINCT *

FROM SMS_R_System AS Sys

WHERE

Sys.SystemOUName = ‘Contoso.Domain.local/OUName’

Example: Computers with a specific NetBIOS name

Use the following query to return the NetBIOS name of all computers that begin with a specific string of characters. In this example, the query returns all computers with a NetBIOS name that begins with ABC.

SELECT DISTINCT *

FROM SMS_R_System AS Sys

WHERE

Sys.NetbiosName LIKE ‘ABC%’

Example: All computers that are laptops (method 1)

Use the following query to return the all computers that are laptops. This is achieved by finding all machines that have batteries.

This query uses hardware inventory of the Win32_Battery WMI class.

Tip: This query requires that hardware inventory be extended to include the Win32_Battery class (and at least the DeviceID property). To do this, see one of the following TechNet articles for System Center 2012 Configuration Manager This link is external to TechNet Wiki. It will open in a new window. or Configuration Manager 2007 This link is external to TechNet Wiki. It will open in a new window. .

SELECT DISTINCT *

FROM SMS_R_System AS Sys

INNER JOIN SMS_G_System_Battery AS Batt ON

Batt.ResourceId = Sys.ResourceId

WHERE

Batt.DeviceID LIKE ‘%’

Example: All computers that are laptops (method 2)

Use the following query to return the all computers that are laptops. This is achieved by determining the chassis type defined by the hardware manufacturer.

This query uses hardware inventory of the Win32_SystemEnclosure WMI class. This query identifies devices classified as ‘Laptop’ or ‘Notebook’ or ‘Portable’ – there are additional classes that a hardware vendor may choose to identify their devices. A complete list of chassis types can be found in the MSDN documentation of the Win32_SystemEnclosure class here This link is external to TechNet Wiki. It will open in a new window. .

Tip: This query uses the Configuration Manager WQL extension IN operator, which allows for case like query.

SELECT DISTINCT *

FROM SMS_R_System AS Sys

INNER JOIN SMS_G_System_System_Enclosure AS Case ON

Case.ResourceId = Sys.ResourceId

WHERE

Case.ChassisTypes IN (’10’, ‘9’, ‘8’)

Example: All computers that are virtual machines

Use the following query to return the all computers that are running virtual machines (either Microsoft or VMWare). This is achieved by determining the manufacturer of the guest’s “hardware” as reported by the virtual BIOS.

This query uses hardware inventory of the Win32_ComputerSystem WMI class. A complete list of properties can be found in the MSDN documentation of the Win32_ComputerSystem class here This link is external to TechNet Wiki. It will open in a new window. .

SELECT *

FROM SMS_R_System AS Sys

INNER JOIN SMS_G_System_Computer_System AS CompSys ON

CompSys.ResourceId = Sys.ResourceId

WHERE

(CompSys.Manufacturer = ‘Microsoft Corporation’

OR CompSys.Manufacturer = ‘VMware, Inc.’)

http://social.technet.microsoft.com/wiki/contents/articles/12050.example-wql-queries-for-configuration-manager.aspx

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

LaunchTo DWORD

1 = This PC

2 = Quick access

https://technet.microsoft.com/en-us/library/hh427342.aspx

Upgrading your installation: If you have a System Center 2012 R2 Configuration Manager installation, you can use the System Center 2012 Configuration Manager SP2 media to install the latest patches and automatically upgrade to System Center 2012 R2 Configuration Manager SP1.

New installation: Install System Center 2012 Configuration Manager SP2 first, and then install System Center 2012 R2 Configuration Manager SP1 at the top-tier site of your hierarchy. Both of these installation files are included on VLSC.

PS:
Don’t forget to install the latest CU1
https://support.microsoft.com/en-us/kb/3074857

Configuring the firewall

I already explained Server Core acts as a file server without installing anything. All you need to do is permit file services through the firewall. In the standard firewall configuration there’s already a pre-built exception you can enable by typing the following command:

netsh firewall set service fileandprint

https://dirteam.com/sander/2007/09/19/getting-installation-files-onto-server-core/

https://buildnumbers.wordpress.com/

Removing Built-in apps from Windows 10 WIM-File with Powershell – Version 1.1

When creating a Windows-10-Image for the Enterprise you may not want to include all of the default Windows Store Applications.

This script takes a simple list of Apps and then removes the Apps from the default install.wim.

The Script works aso for Windows 8 and Windows 8.1.

Create Temp-Directory -> Mount Windows 10 WIM-File -> Remove all Built-in apps -> Unmount WIM-File -> Remove Temp-Directory. Thats all!

Open SQL Management Studio

select * from SEDO_LockState where LockStateID <> 0

DELETE from SEDO_LockState where LockID = ‘<LockID of the record identified in the previous query>’

Verify:
1. Verify that “HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full!Release” is greater than or equal to “379893”.

On Success:
1. Log “The Microsoft .NET FrameWork 4.5.2 is already installed.” to “status”.

Remediation:
1. Run the batch file “Setup” with params “”.
Setup

@echo off

NDP452-KB2901907-x86-x64-AllOS-ENU.exe /q /norestart /log C:\Temp\BL_SDS_Microsoft_.NetFrameWork_4.5.2_1.0_NL_Inst.log

if %errorlevel% == 3010 (exit /b 0) else (exit /b %errorlevel%)

Wait for completion

2. Launch “\cmd.exe /c” with params “shutdown -r -t 90 -c ”De PC zal automatisch na 90 seconden herstarten. Gelieve uw openstaande documenten te bewaren.“”.
Wait for completion
Visible

On Remediation Success:

On Remediation Failure: