Category: IT

<#
.SYNOPSIS
This script allows you to reset all autostart settings to the default settings for Teams.
.DESCRIPTION
If you want to use the "Prevent Microsoft Teams from starting automatically after installation"
Group Policy setting, make sure you first set the Group Policy setting to the value you want 
before you run this script.
#>

$ErrorActionPreference = "Stop"

$TeamsDesktopConfigJsonPath = [System.IO.Path]::Combine($env:APPDATA, 'Microsoft', 'Teams', 'desktop-config.json')

$TeamsUpdatePath = [System.IO.Path]::Combine($env:LOCALAPPDATA, 'Microsoft', 'Teams', 'Update.exe')

Function Test-RegistryValue {
    param(
        [Alias("PSPath")]
        [Parameter(Position = 0, Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)]
        [String]$Path
        ,
        [Parameter(Position = 1, Mandatory = $true)]
        [String]$Name
    ) 

    process {
        if (Test-Path $Path) {
            $Key = Get-Item -LiteralPath $Path
            if ($null -ne $Key.GetValue($Name, $null)) {
                $true
            } else {
                $false
            }
        } else {
            $false
        }
    }
}

Function Test-Remove-RegistryValue {
    param (
        [Alias("PSPath")]
        [Parameter(Position = 0, Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)]
        [String]$Path
        ,
        [Parameter(Position = 1, Mandatory = $true)]
        [String]$Name
    )

    process {
        if (Test-RegistryValue -Path $Path -Name $Name) {
            Write-Host "Removing registry key $Path\$Name"
            Remove-ItemProperty -Path $Path -Name $Name
        }
    }
}

# when determining whether Teams should be auto-started we are checking three flags
Write-Host "Removing Auto-Start-related artifacts"

# 0. Close Teams, if running
$teamsProc = Get-Process -name Teams -ErrorAction SilentlyContinue
if ($null -ne $teamsProc) {
    Write-Host  "Stopping Microsoft Teams..."
    Stop-Process -Name Teams -Force
    # wait some time
    Start-Sleep 5
} else {
    Write-Host  "No running Teams process found"
}

# 1. Check that Teams process isn't still running
$teamsProc = Get-Process -name Teams -ErrorAction SilentlyContinue

if($null -eq $teamsProc) {
    # 2. remove HKEY_CURRENT_USER\Software\Microsoft\Office\Teams\LoggedInOnce registry key
    Test-Remove-RegistryValue -Path "HKCU:\Software\Microsoft\Office\Teams" -Name "LoggedInOnce"

    # 3. remove HKEY_CURRENT_USER\Software\Microsoft\Office\Teams\HomeUserUpn registry key
    Test-Remove-RegistryValue -Path "HKCU:\Software\Microsoft\Office\Teams" -Name "HomeUserUpn"

    # 4. remove HKEY_CURRENT_USER\Software\Microsoft\Office\Teams\DeadEnd registry key
    Test-Remove-RegistryValue -Path "HKCU:\Software\Microsoft\Office\Teams" -Name "DeadEnd"

    # 5. remove HKCU:\Software\Microsoft\Office\Outlook\Addins\TeamsAddin.FastConnect registry key
    Remove-Item -Path "HKCU:\Software\Microsoft\Office\Outlook\Addins\TeamsAddin.FastConnect" -ErrorAction SilentlyContinue

    # 6. restore HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\com.squirrel.Teams.Teams
    if (!(Test-RegistryValue -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Run" -Name "com.squirrel.Teams.Teams")) {
        Write-Host "Restoring registry key HKCU\Software\Microsoft\Windows\CurrentVersion\Run\com.squirrel.Teams.Teams"
        Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Run" -Name "com.squirrel.Teams.Teams" -Value "$TeamsUpdatePath --processStart ""Teams.exe"" --process-start-args ""--system-initiated"""
    }

    # 7. We are checking whether there are entries 'isLoggedOut' and 'openAtLogin' in the desktop-config.json file
    if (Test-Path -Path $TeamsDesktopConfigJsonPath) {
        Write-Host "Changing entries 'guestTenantId', 'isLoggedOut' and 'openAtLogin' in the desktop-config.json, if exist"

        # open desktop-config.json file
        $desktopConfigFile = Get-Content -path $TeamsDesktopConfigJsonPath -Raw | ConvertFrom-Json
        $desktopConfigFile.PSObject.Properties.Remove("guestTenantId")
        $desktopConfigFile.PSObject.Properties.Remove("isLoggedOut")
        try {
            $desktopConfigFile.appPreferenceSettings.openAtLogin = $true
        } catch {
            Write-Host  "openAtLogin JSON element doesn't exist"
        }
        $desktopConfigFile | ConvertTo-Json -Compress | Set-Content -Path $TeamsDesktopConfigJsonPath -Force
    }
} else {
    Write-Host  "Teams process is still running, aborting script execution"
}

5 Methods to Disable Microsoft Teams Auto Startup on Windows

One needs to copy the LanguagePack folder below x86/x64.

Client source files can be taken from: CD.Latest\SMSSETUP\CLIENT

Client language packs can be taken from: CD.Latest\LanguagePack\Client\lang\smssetup\Client\arch\LanguagePack

ccmsetup /source language pack from SCCM

There are several methods to bypass the Microsoft account requirement during setup on Windows devices.

I described one option in How to use local accounts on Windows 11 version 22H2 devices. While written for that specific version, the described method works in other versions of Windows 11 as well.

To describe it in a sentence, it is creating a Microsoft account during setup and creating a local account after setup ended. It is not elegant and requires that an email address is used initially for the account creation.

The following two methods do not require a Microsoft account at all.

Bypass 1: OOBE\BYPASSNRO

This bypass is the easiest option right now, as it requires just a few steps during setup to skip the Microsoft account creation.

Here is how it works:

1. Disable the Internet connection before starting setup, e.g., by disconnecting the LAN cable or disabling Wi-Fi.
2. Windows will display a “Let’s connect you to a network” or similar screen. The upcoming Windows 11 version 22H2 does not allow you to skip this anymore to create a local account.
3. On the screen, use Shift-F10 to open a command prompt window.
4. Type OOBE\BYPASSNRO and hit the Enter-key.
5. Windows will reboot and return to the “Let’s connect you to a network” screen. Only this time, you may select “I don’t have Internet” to skip this.
6. Then you select “Continue with limited setup” to then create a local account during setup.

Bypass 2: Use a banned email address

Microsoft has banned email addresses that were used too often in the account creation process. You may use this to your advantage, as it allows you to skip the Microsoft account creation or sign-in phase during setup.

Here is how this method works (thanks Neowin):

1. Select Sign-In when asked to create or sign-in to a Microsoft account during setup.
2. Use the email address no@thankyou.com.
3. Type any password on the next screen.
4. Windows will display “Oops, something went wrong” on the next screen.
5. Clicking Next opens a screen that allows you to create a local account.
6. You can assign a password to the account, or leave it empty.

How to bypass the Microsoft Account requirement during Windows setup

Install Microsoft ToDo without Store

We are going to use the Microsoft ToDo app as an example of how you can download and install apps without the store, but you can use this for any app of course.

Step 1 – Find the URL of the app

So the first step is to find the URL of the app in the online Microsoft Store. You don’t need the actual store for this, you can just use your browser to open the Store. If you have found the app that you want to install, just copy the URL from the address bar.

The URL for the Microsoft ToDo app is:

https://www.microsoft.com/en-us/p/microsoft-to-do-lists-tasks-reminders/9nblggh5r558
# Make sure you remove ?activetab=pivot:overviewtab from the url

Step 2 – Generate Microsoft Store link

We need to convert the link to the actual Microsoft Store items. To do this we will use the website https://store.rg-adguard.net.

Past the URL and make sure you change the option RP to Retail

Step 3 – Download the appxBundle

After you clicked on the checked mark it will find all the related apps. Most of the time the results start with .Net Frameworks that are required for the app, but we can skip them. Somewhere in the middle, you will find the appxBundles for the Microsoft ToDo app.

Make sure you select the latest version, ignore the date column, just check the version number. Also, make sure you select the appxBundle and not the eappxBundle. The latter is for Xbox.

To download the appxbundle, copy the link and paste it into a new browser tab. Just click on the link itself doesn’t always work, but opening it in a new tab seems to do the trick.

Step 4 – Use PowerShell to install the appxBundle

The last step is to install the Microsoft ToDo app with PowerShell.

Add-AppxPackage -Path "c:\temp\Microsoft.Todos_2.46.41622.0_neutral___8wekyb3d8bbwe.AppxBundle"

Microsoft Todo should now be installed without the need for the store.

Wrapping up

As you can see you can download Microsoft Todo without store. Using PowerShell gives you much more control over which versions and apps are installed on your computers. It’s also a great way to pre-installed apps that are generally used in your organization.

Make sure you check the version number. You will get an installation error if the app is already installed with the same or higher version number. If an app won’t install add all, then make sure you check if the needed pre-requested are installed on the client.

How To install apps on Windows 10 without Store

https://docs.microsoft.com/en-us/windows/uwp/publish/link-to-your-app#linking-directly-to-your-app-in-the-microsoft-store

SCCM Packages run in 32-bit context, which forces System32 to be redirected to SysWOW64 on a 64-bit system. Even the SCCM CB version Packages run in 32-bit mode. So you might have faced difficulties in running powershell scripts in 64-bit mode.
The fix for this is to ensure your batch file has the following lines:

%SystemRoot%\sysnative\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -WindowStyle Hidden -File YourScript.ps1

“sysnative” here is like a virtual folder or variable that helps you access the otherwise inaccessible 64-bit System32 in 32-bit CMD.
You can try it out on your own system by opening CMD.exe from the SysWOW64 folder as shown below.

I still wonder why SCCM packages still run in 32-bit mode and I hope MS implements an option to disable 64-bit redirection for packages too.

Run PowerShell scripts in 64-bit mode using SCCM Package

Here’s the Powershell script we want to use to evaluate all of the baselines deployed to the machines in a device collection. If you just want to evaluate a specific one you need to modify the script.

$Baselines = Get-WmiObject -ComputerName $env:COMPUTERNAME -Namespace root\ccm\dcm -Class SMS_DesiredConfiguration
$Baselines | % { 
([wmiclass]"\\$env:COMPUTERNAME\root\ccm\dcm:SMS_DesiredConfiguration").TriggerEvaluation($_.Name, $_.Version)
}

First off all, lets create a script

Copy the or import the powershell script

Approve the script you just created.

Over at the client you can see that we have a Baseline that hasn’t been evaluated yet

Jumping back to the ConfigMgr console we find the device collection we want to run the script against and then right click and choose “Run Script” and go through the wizard

Under Client operations we can see that the operation has started

And under monitoring and “Script Status” we see that the evaluation has completed on the client.

and finally over at the client we see that the Baseline has been evaluated.

That’s all for now and until next time, cheers !

Don’t forget to follow me on twitter

[twitter-follow screen_name=’Timmyitdotcom’]

And you can also find me blogging over at http://blog.ctglobalservices.com/

Baseline Evaluation with Run script feature in ConfigMgr 1706

Remove existing drivers

https://www.guru3d.com/files-details/display-driver-uninstaller-download.html

Install clean drivers

https://www.techpowerup.com/download/techpowerup-nvcleanstall/

ImageUSB is a free utility which lets you write an image concurrently to multiple USB Flash Drives. Capable of creating exact bit-level copies of USB Flash Drive (UFDs), ImageUSB is an extremely effective tool for the mass duplication of UFDs. ImageUSB also supports writing of an ISO file byte by byte directly to an USB drive (*). ImageUSB can also be used to install OSFClone to a USB Drive for use with PassMark OSForensics™.

Unlike other USB duplication tools, ImageUSB can preserve all unused and slack space during the cloning process, including the Master Boot Record (MBR). ImageUSB can perform flawless mass duplications of all UFD images, including bootable UFDs.

imageUSB includes functionality to Zero a USB Flash Drive. This will replace the contents of the entire drive with 0s. Or alternatively to just Zero the MBR and/or GPT entries that exists on the drive. In addition, imageUSB has the ability to reformat even hard to format drives and reclaim any disk space that may be lost previously.

https://www.osforensics.com/tools/write-usb-images.html#Installation-Instructions

The only way is to shorten the path. PowerShell does not have support for long paths.

Long Paths on a server are a very bad thing as they will continue to be headaches for all.

You can shorten the path by mapping a PowerShell drive at a midway point.

New-PSDrive -Name X -PSProvider FileSystem -Root \\server\share\folder1\folder2\folder3

Now you can use X: to access the shorter path.

The mapping will be removed when you exit PowerShell

https://social.technet.microsoft.com/Forums/lync/en-US/5bb8d044-ae62-44ce-a204-f0035131341d/getchilditem-the-specified-path-file-name-or-both-are-too-long-the-fully-qualified-file-name?forum=ITCG

Method 1: Delete User Profile in Advanced System Properties

1. Press the Windows key + R keyboard shortcut to open the Run dialog. Type sysdm.cpl and press Enter.
2. In the System Properties window, select the Advanced tab and click on the Settings button under User Profiles.
3. Select the user profile of the problematic Windows account, and click on Delete.If the Delete button is greyed out, it’s possible that you’re logged into the user profile you wish to delete. To proceed, you have to log in as another admin account.
4. Click Yes to confirm. The selected user profile will be deleted in a minute or two.

Method 2: Delete User Profile Manually

1. Open the Registry Editor and navigate to the following key:
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileListIn the left pane, you will see a list of SID keys for all user profiles on your computer. Click each SID key, and then check the ProfileImagePath entry in the right pane.
2. Once you find the SID key which points to the user profile you want to remove, right-click it and select Delete.
3. Now, open Windows Explorer and browse to the folder C:\Users. Just delete the corresponding user profile folder, or rename it to something else if you don’t want to lose documents and files on the desktop.
4. The next time you sign into the account associated with the deleted profile, Windows will set up a new user profile just as you first time turn on your brand new computer.

How to Delete User Profile to Fix Problematic Windows Account

net start W32time
w32tm /config /manualpeerlist:time.windows.com /syncfromflags:all /update
W32tm /resync /force

$Stopwatch = [System.Diagnostics.Stopwatch]::StartNew()
# Do stuff
$Stopwatch.Stop()

$TotalSecs =  [math]::Round($stopwatch.Elapsed.TotalSeconds,0)
write-host $TotalSecs

Option 1:

Download

https://support.microsoft.com/en-us/surface/download-drivers-and-firmware-for-surface-09bb2e09-2a4b-cb69-0951-078a7739e120

or

https://www.microsoft.com/en-us/download/details.aspx?id=101315

Open CMD as an Administrator

msiexec /a C:\Temp\SurfaceBook3_Win10_18362_21.063.33118.0.msi /qn targetdir=C:\Temp\SurfaceBook3

Option 2:

If you have a surface that is already set-up and has all of its drivers .

You can extract them via powershell using the Export-WindowsDriver command.

Open PowerShell as an Administrator

Export-WindowsDriver -Destination "C:\Temp\Drivers" -Online

Intune One Data Collector logs:

To run this, on a affected device, open an elevated (“Run as administrator…”) PowerShell window and run these three commands:

   wget https://aka.ms/intunexml -outfile Intune.xml
   wget https://aka.ms/intuneps1 -outfile IntuneODCStandAlone.ps1
   PowerShell -ExecutionPolicy Bypass -File .\IntuneODCStandAlone.ps1

Windows Autopilot MDM logs:

To run this, on a affected device, open an elevated (“Run as administrator…”) PowerShell window and run these three commands:

   MDMDiagnosticstool.exe -area Autopilot -cab C:\Temp\Autopilot.cab

How to implement it ?

1. Download the ZIP content

2. Extract ZIP

3. Be sure to have both Add_structure.ps1 and Sources folder

4. Run Add_structure.ps1 with admin rights

5. A new context menu will be added for .intunewin

How to use it ?

1. Do a right-click on a .intunewin file

2. The below context menu we appear

3. Click on Extract intunewin content

4. The content will be extracted

5. Wait for the end messagebox, as below:

6. The extract folder will be opened

7. See below the full process in action

https://github.com/damienvanrobaeys/Intunewin_RightClick_Extract/raw/main/Intune_RightClick_Extract.zip

https://www.systanddeploy.com/2020/11/intunewin-right-click-tool-extract.html

SELECT        Model0 AS Model, COUNT(*) AS Count, Domain0
FROM            dbo.v_GS_COMPUTER_SYSTEM
GROUP BY Model0, Domain0

If there are Lenovo models in your organisation:

SELECT COUNT(*) No_Of_Items, 
CASE WHEN MODEL0 IN('10AXS2PX00') THEN 'Lenovo M73'
WHEN MODEL0 IN('10ahs00d00') THEN 'Lenovo M83'
WHEN MODEL0 IN('10FCS06W00','10FCS0W500','10FHS00D00','10FHS07Q00','10FHS0AK00') THEN 'Lenovo M900'
WHEN MODEL0 IN('10MKS03H00','10MKS04G00','10MKS04H00') THEN 'Lenovo M910s '
WHEN MODEL0 IN('10A7A00P00','10A7S00P00','10A7A00L00','10A7CTO','10A7S00D00',
'10A7S00S00','10A7S02700','10A7S02800','10A7S02D00','10A8A02H0C',
'10A8S2E100','10A9003PIV','10A9S02X00') THEN 'Lenovo M93p'
WHEN MODEL0 IN('SLIC-BPC') THEN 'HP Compaq Elite 8300 BPC'
WHEN MODEL0 = 'To be filled by O.E.M.' THEN 'WeyTech'
ELSE Model0 END [Model]
FROM v_GS_COMPUTER_SYSTEM
WHERE model0 like '%hp%' or model0 like '%think%' or model0 like '%10%' or model0 like '%O.E.M%' or model0 like '%SLIC-BPC%'
GROUP BY CASE WHEN MODEL0 IN('10AXS2PX00') THEN 'Lenovo M73'
WHEN MODEL0 IN('10ahs00d00') THEN 'Lenovo M83'
WHEN MODEL0 IN('10FCS06W00','10FCS0W500','10FHS00D00','10FHS07Q00','10FHS0AK00') THEN 'Lenovo M900'
WHEN MODEL0 IN('10MKS03H00','10MKS04G00','10MKS04H00') THEN 'Lenovo M910s '
WHEN MODEL0 IN('10A7A00P00','10A7S00P00','10A7A00L00', '10A7CTO','10A7S00D00',
'10A7S00S00','10A7S02700','10A7S02800',  '10A7S02D00','10A8A02H0C',
'10A8S2E100','10A9003PIV','10A9S02X00') THEN 'Lenovo M93p'
WHEN MODEL0 IN('SLIC-BPC') THEN 'HP Compaq Elite 8300 BPC'
WHEN MODEL0 = 'To be filled by O.E.M.' THEN 'WeyTech'
ELSE Model0 END
ORDER BY No_Of_Items DESC, model

SCCM Report – Count All Computers by Model

Certificate Discovery Script:

$sn = '‎590000000ad02bb70017be36f700000000000a'
$storeName = "TrustedPublisher"
 
$store = New-Object System.Security.Cryptography.X509Certificates.X509Store $storeName, LocalMachine
$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadOnly)
 
Write-Host (@( ($store.Certificates | where {$_.SerialNumber -eq $sn}) ).count)
 
$store.Close()

Simply replace the value of the $sn variable in the above script with the actual serial number of the certificate you are installing (unless you really want to check for the code signing certificate in my lab). You can easily grab this from the Details tab of the Certificate dialog in the MMC Certificates snap-in. Just copy and paste it (get rid of the intermediate spaces though).

Also, replace the value the $storeName variable if necessary. The script above checks for certificates in the Trusted Publisher store. Other possible values include My for the Personal store and Root for the Trusted Root Certificate Authorities store.

Alternatively, run the following script to list the serial number from all of the certificates in the given store:

Get Certificate Serial Numbers:

$storeName = "TrustedPublisher"
 
$store = New-Object System.Security.Cryptography.X509Certificates.X509Store $storeName, LocalMachine
$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadOnly)
 
$store.certificates | select Subject, SerialNumber
$store.Close()

For the compliance rule, select Value as the Rule type, change the operator to Greater than or equal to, and then set the value to 1.

The Remediation Script

If all we wanted was to check for compliance we could stop here, but we also want to add the certificate to the appropriate store which requires a Remediation Script.

Certificate Remediation Script:

$storeName = "TrustedPublisher"
$certString = "--Insert Base64 encoded certificate here--"
 
$store = New-Object System.Security.Cryptography.X509Certificates.X509Store $storeName, LocalMachine
$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
 
$certByteArray = [System.Convert]::FromBase64String($certString)
 
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$cert.Import($certByteArray)
 
$store.Add($cert)
$store.Close()

Just like with the discovery script, update the $storeName variable appropriately. For the $certString variable, open the base64 encoded certificate file that you exported above in notepad, and then copy and paste the complete text from between the —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– markers as the value replacing the –Insert Base64 encoded certificate here– text shown above. Don’t worry about the new lines, the underlying API is smart enough to deal with those.

Alternatively, if you already have the certificate in a DER encoded binary file, you can forego exporting it. To get the base64 representation of the certificate from a DER encoded binary file, run the following (replacing the values of the Path and FilePath parameters as is appropriate). This will output the base64 representation into the specified text file where you can copy and paste it from.

Get Base64 Representation of a Certificate:

[System.Convert]::ToBase64String($(Get-Content -Path .\mycertificate.cer -Encoding Byte)) | Out-File -FilePath .\mycertificate.txt

Copy the edited script into your configuration item as the Remediation Script choosing PowerShell as the language.

Finally, add the configuration item to a compliance baseline and deploy. Make sure that you choose Run the specified script when this setting is noncompliant on the Compliance Rule you created before (this checkbox doesn’t show up until after you add a Remediation Script to the setting) and Remediate noncompliant rules when supported when creating the deployment.

Certificate Deployment with ConfigMgr

• Export the list of drivers in the table form to a text file using the command:
  dism /online /get-drivers /format:table > c:\drivers.txt

Now you can delete all unnecessary drivers with the help of command pnputil.exe /d oemNN.inf (NN — is a number of drivers file package from drivers.txt, as example oem02.inf). In case the driver is in use, you will see an error while trying delete it.

Add Force to force uninstall it.

pnputil.exe /d oemNN.inf  /f

https://medium.com/@iced_burn/clean-filerepository-folder-in-driverstore-windows-10-622d3c79f58b

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System WHERE DateDiff(dd,SMS_R_System.CreationDate, GetDate()) <= 7

How To Create an SCCM Device Collection Showing New Machines

It is not recommend to query against the tables directly, this can lead to table locking issues.

It is recommend that you always query against the views, on top of that I would not use the Installed Software for OS info. I would use the v_GS_OPERATING_SYSTEM for this.

Run the following query against your CM DB with SQL Server Management Studio

select

      OS.Caption0,

      OS.OSLanguage0,

      Count(*)

from

      dbo.v_GS_OPERATING_SYSTEM OS

group by

      OS.Caption0,

      OS.OSLanguage0

Order by

      OS.Caption0,

      OS.OSLanguage0

https://social.technet.microsoft.com/Forums/systemcenter/en-US/d45b0716-f87b-4a22-88d6-19f7b83e7d57/report-os-language

net stop ccmexec /y
net stop VMAuthdService /y
net stop winmgmt /y
c:
cd %systemroot%\system32\wbem
rd /S /Q repository
regsvr32 /s %systemroot%\system32\scecli.dll
regsvr32 /s %systemroot%\system32\userenv.dll
mofcomp cimwin32.mof
mofcomp cimwin32.mfl
mofcomp rsop.mof
mofcomp rsop.mfl
for /f %%s in (‘dir /b /s *.dll’) do regsvr32 /s %%s
for /f %%s in (‘dir /b *.mof’) do mofcomp %%s
for /f %%s in (‘dir /b *.mfl’) do mofcomp %%s
winmgmt /resetrepository
net start winmgmt
net start VMAuthdService
net start ccmexec

SCCM – Application Stuck or Stalls on Installing or Downloading

Depends which channel is being used and which type of app.

Win32 apps via Intune Management Extension Agent are cached here:

C:\Program Files (x86)\Microsoft Intune Management Extension\Content

Windows LOB apps (single MSI) pushed via MDM channel like the Intune Management Extension Agent itself are cached here during install and then deleted:

C:\Windows\system32\config\systemprofile\AppData\Local\mdm

Check the log @ C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\ for more information or;
HKLM\SOFTWARE\Microsoft\IntuneManagementExtension\Apps\
HKLM\SOFTWARE\Microsoft\IntuneManagementExtension\Win32Apps\

https://techcommunity.microsoft.com/t5/microsoft-intune/app-deployment-location/m-p/283324

• Download and extract Handle & Process Explorer from https://docs.microsoft.com/en-us/sysinternals/downloads/handle & https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer
• Copy Handle.exe and ProceXP.exe to C:\Temp
• Run CMD as Administrator
• Run Handle.exe C:\Windows\ccm
• You should be able to see the PID
• Now run ProceXP.exe and kill the PID

http://jayantech.blogspot.com/2016/03/unable-to-remove-ccm-folder.html

Get-ChildItem -Path 'C:\Share\Downloads\' -Recurse | Unblock-File

$odis = Get-Process OffboardDiagLauncher -ErrorAction SilentlyContinue
if ($odis) {
# Close process safely
  $odis.CloseMainWindow()
# Wait 5 seconds
  Sleep 5
  if (!$odis.HasExited) {
# Force stop process
    $odis | Stop-Process -Force
  }
}
Remove-Variable odis

Update guide for testing

1. Verify existing Office version

Open Word go to File > Account

2. Open CMD and Run the config command

“C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe” /changesetting Channel=Insiders

3. Enforce the new config

“C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe” /update user updatepromptuser=true forceappshutdown=true displaylevel=true

4. Install the updates

5. Installer will close running Office apps

6. Sign out Windows

7. Log back in and Launch Word

8. Verify Office Version

https://docs.microsoft.com/en-us/deployoffice/name-change

Office 365 ProPlus is being renamed to Microsoft 365 Apps for enterprise. To learn more about this name change, read this blog post. In our documentation, we’ll usually just refer to it as Microsoft 365 Apps.

Office 365 ProPlus is the version of Office that comes with several enterprise, government, and education subscription plans. For example, Office 365 E5 and Office 365 A3. Even though those plans aren’t being renamed, Office 365 ProPlus that comes with those plans will be renamed.

When does the new name take effect?

The new name will appear in Version 2004 onwards, starting on April 21, 2020. For example, you’ll see the new name under the Product Information section when you go to File > Account in an Office app, such as Word.

Older versions of Office 365 ProPlus won’t be updated with the new name. For example, if you’re using Version 1908 of Semi-Annual Channel, you’ll still see Office 365 ProPlus under the Product Information section.

References to Microsoft 365 Apps for enterprise will begin to appear on April 21 in other places as well. For example, references on product websites, in documentation, and in the user interface (UI) of deployment tools, such as the Office Customization Tool. Some references to the new name might not occur until after April 21.

What do admins need to do?

Because of this name change, you might need to adjust some of your existing workflows and update your internal documentation.

Office Deployment Tool

If you use the Office Deployment Tool to deploy Office 365 ProPlus, the product ID will remain as O365ProPlusRetail. Therefore, you don’t have to make any changes to your existing configuration.xml files.

Update packages used by Configuration Manager

If you use an automatic deployment rule (ADR) to deploy updates by using Configuration Manager, you’ll need to make changes to your ADRs if they rely on the “Title” property. That’s because the name of update packages in the Microsoft Update Catalog is changing.

Currently, the title of an update package for Office 365 ProPlus begins with “Office 365 Client Update” as seen in the following example:

    Office 365 Client Update – Semi-annual Channel Version 1908 for x64 based Edition (Build 11929.20648)

For update packages released on and after June 9, the title will begin with “Microsoft 365 Apps Update” as seen in the following example:

    Microsoft 365 Apps Update – Semi-annual Channel Version 1908 for x64 based Edition (Build 11929.50000)

Registry key values

Some registry key values might change to reflect the new naming. If you rely on these values in your workflows or scripts, you’ll want to test your workflows or scripts when the name change begins rolling out on April 21. In general, because registry key values can possibly change in future builds of Office, we don’t usually recommend relying on them in your workflows or scripts.

@echo off
rem This script resets IE silently 
rem via the method of sending keystrokes onto UI
rem Author: Kim Doan
start RunDll32.exe InetCpl.cpl,ResetIEtoDefaults
ping 127.0.0.1 -w 1 -n 2
echo set WshShell = CreateObject("WScript.Shell") >autokeys.vbs
echo WshShell.Sendkeys "%{DOWN}" >>autokeys.vbs
echo WshShell.Sendkeys "R{ENTER}" >>autokeys.vbs
echo WshShell.Sendkeys "%{UP}" >>autokeys.vbs
cscript autokeys.vbs
del autokeys.vbs
ping 127.0.0.1 -w 1 -n 3
echo set WshShell = CreateObject("WScript.Shell") >autokeys1.vbs
echo WshShell.Sendkeys "c" >>autokeys1.vbs
cscript autokeys1.vbs
del autokeys1.vbs
ping 127.0.0.1 -w 1 -n 1
echo n | gpupdate/force

Reset Internet Explorer Settings Script

1. Powershell:

Recommended approach.

IdentifyingNumber is the ProductCode (WMI peculiarity).

get-wmiobject Win32_Product | Format-Table IdentifyingNumber, Name, LocalPackage -AutoSize

2. Registry Lookup:

There are always weird exceptions accounted for only by the internals of the API-implementation:

https://stackoverflow.com/questions/29937568/how-can-i-find-the-product-guid-of-an-installed-msi-setup

With the SkipNetworkProfileCheck parameter, you can just ignore the warning:

Enable-PSRemoting -SkipNetworkProfileCheck -Force

Accessing environment variables in PowerShell is easy, either:

dir env:

to view all of them, or:

dir env:ProgramFiles

to access a specific one. However, if you try that for the ProgramFiles(x86) environment variable you are greeted with the following error:view sourceprint?

PS C:\> dir env:ProgramFiles(x86)

x86 : The term 'x86' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the

path is correct and try again.

There are a few ways around this:

1)

dir env:ProgramFiles`(x86`)

2)

dir "env:ProgramFiles(x86)"

3)

${Env:ProgramFiles(x86)}

4)

[Environment]::GetEnvironmentVariable("ProgramFiles(x86)")

PowerShell Quick Tip: Accessing the ProgramFiles(x86) Environment Variable

Step 1:

Retrieve latest version from https://docs.microsoft.com/en-us/officeupdates/update-history-office365-proplus-by-date?redirectSourcePath=%252fen-us%252farticle%252fae942449-1fca-4484-898b-a933ea23def7

Download the Office Deployment Tool

Create new xml with the Office 365 configuration and save as an XML file.

<Configuration><Updates Enabled=”TRUE” TargetVersion=”16.0.11328.20420″ /></Configuration>

or

<Configuration> <Updates Enabled=”TRUE” TargetVersion=”16.0.11328.20420″ Channel=”Broad” /> </Configuration>

<Configuration> <Updates Enabled=”TRUE” TargetVersion=”16.0.11328.20480″ /> </Configuration>

Run setup.exe /configure newconfig.xml

From <https://docs.microsoft.com/en-us/deployoffice/delay-receiving-feature-updates-from-deferred-channel-for-office-365-proplus>

Step 2:

Force update with the following command

“C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe” /update user updatepromptuser=true forceappshutdown=true displaylevel=true

https://support.microsoft.com/en-us/help/2770432/how-to-revert-to-an-earlier-version-of-office-2013-or-office-2016-clic

nslookup -type=srv _vlmcs._tcp

(Get-ADGroupMember -Server blub.com -Identity "AD Group" -Recursive).count

Getting error code of Add-WindowsCapability failed. Error code = 0x800f0954
Run “gpedit.msc” to edit your local computer policy.

Computer Configuration\Administrative Templates\System\Specify settings for optional component installation and component repair

My local policy seems to have defaulted to “Disabled” – after changing it to “Enabled” and selecting the checkbox labeled “Download repair content and optional features directly from Windows Update instead of Windows Server Update Services (WSUS)” the RSAT tools installed for me.

Get-WindowsCapability -Name RSAT* -Online | Add-WindowsCapability -Online

https://social.technet.microsoft.com/Forums/en-US/42bfdd6e-f191-4813-9142-5c86a2797c53/windows-10-1809-rsat-toolset-error-code-of-0x800f0954?forum=win10itprogeneral

Beware of aggressive APM on Windows 10 Build 1809

If your spinning disks are making clicking noises:

In Windows 10 the registry key is:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\iaStorAC\Parameters\Device

Create a new dword value named EnableAPM with a 0 value and hdd head parking is gone.

Note that iaStorAC might be iaStorA or iaStorAV in some cases.

https://msfn.org/board/topic/140404-control-your-hdds-aamapm-through-registry/

Send Ctrl+Alt+Del to nested RDP session

Start Run

C:\Windows\explorer.exe shell:::{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}

If it is a traditional PC BIOS then the ISO uses the El Torito boot code (etfsboot.com). In this case deleting \boot\bootfix.bin will work.

If it is an EFI BIOS then the ISO should use EFI boot code (efisys.bin).
There is also a efisys_noprompt.bin boot code file that can be used when creating the ISO for EFI systems.
Use that file instead if you want to eliminate the prompt.

Microsoft Technet article: https://technet.microsoft.com/en-us/library/dd744321(WS.10).aspx

————————-

Steps:

Download Windows ADK
Install Deployment Tools

Copy original boot media iso to C:\Temp\NoPrompt
Copy oscdimg.exe, efisys_noprompt.bin and etfsboot.com to C:\Temp\NoPrompt

Run powershellscript below to generate noprompt boot media

—————

## variables ##
$sworkspace = “C:\Temp\NoPrompt\extractedISO”

# NEW ISO
$smynewiso=”C:\Temp\NoPrompt\pd_x64_1803.0.noprompt.iso”

# OLD ISO
$stheiso=”C:\Temp\NoPrompt\pd_x64_1803.0.iso”

$setfsboot=”C:\Temp\NoPrompt\etfsboot.com”
$sefisys =”C:\Temp\NoPrompt\efisys_noprompt.bin”
$soscdimg = “C:\Temp\NoPrompt\oscdimg.exe”

## start script ##
# mount the ISO
$mount = mount-diskimage -imagepath $stheiso -passthru

# get the drive letter assigned to the iso.
$drive = ($mount | get-volume).driveletter + ‘:’

# copy the existing iso to the temporary folder.
copy-item $drive $sworkspace -force -recurse

# remove the read-only attribute from the extracted files.
get-childitem $sworkspace -recurse | %{ if (! $_.psiscontainer) { $_.isreadonly = $false } }

# Create a bootable WinPE ISO file (remove the “Press any button key..” message)
Copy-Item -Path $setfsboot -Destination “$sworkspace\boot” –Recurse -Force
Copy-Item -Path $sefisys -Destination “$sworkspace\EFI\Microsoft\Boot” –Recurse -Force

# recompile the files to an ISO
# This is the part from Johan Arwidmark’s WinPE creation script:
$Proc = $null
$Proc = Start-Process -FilePath “$soscdimg” “-o -u2 -udfver102 -bootdata:2#p0,eb$setfsboot#pEF,e,b$sefisys $sworkspace $smynewiso” -PassThru -Wait -NoNewWindow

if($Proc.ExitCode -ne 0)
{
Throw “Failed to generate ISO with exitcode: $($Proc.ExitCode)”
}

# remove the extracted content.
remove-item $sworkspace -recurse -force

# dismount the iso.
Dismount-DiskImage -ImagePath “$stheiso”

—————

https://www.exitcodezero.ch/2017/12/17/boot-image-without-press-any-key-to-boot-from-message/

Unlike on Linux, when MySQL is running on Windows, most of sys-admins including myself 🙂 found that backup MySQL Databases on Windows is little bit hard. When trying to automate it, then it would definitely become challenge . However there are lots of free and commercial tools are available to automate MySQL backup process on windows. Here we are going to discus how to achieve same using simple windows batch script. Later we discuss automate the batch script using Windows task scheduler

01) Create batch file

Open notepad and save following script as batch file (.bat) and make sure to change all SET parameters as you need. If you install XAMPP then mysqldump.exe location would be similar as below otherwise you need to change it.

@echo off

For /f “tokens=2-4 delims=/ ” %%a in (‘date /t’) do (set mydate=%%c-%%a-%%b)

For /f “tokens=1-2 delims=/:” %%a in (“%TIME%”) do (set mytime=%%a%%b)

SET backupdir=C:\xampp\htdocs\backup

SET mysqlusername=your_user

SET mysqlpassword=your_pass

SET database=database_name

C:\xampp\mysql\bin\mysqldump.exe -u %mysqlusername% -p%mysqlpassword% -v %database% > %backupdir%\%database%_%mydate%_%mytime%_.sql

02) Automate the MySQL Backup process

i) Open task scheduler

Open a command prompt. To open a command prompt, click Start , click All Programs , click Accessories , and then click Command Prompt .

At the command prompt, type Taskschd.msc .

For alternative options refer this :- https://technet.microsoft.com/en-us/library/cc721931.aspx

ii) Create New Task

Task Scheduler – Create Task

Click on “Create Task…” from right hand side. it will open up “create task” sub windows

please make sure to select “Run whether user is logged on or not” and tick “Run with highest privileges“. You may can change user but

recommend to select user with admin privileges , later you may need to provide credentials of that user.

iii) Schedule the time

From “Triggers” tab select how often back process should happen and it’s time

iv) Set backup process script

From the “Actions” tab select previously saved bat file.

v) Click “OK” and save the task

https://www.tectut.com/2016/04/automatically-backup-mysql-databases-on-windows/

First of all create a new generation 2 VM that we’ll use with our new VHDX we created using Disk2VHD.
Don’t create a new vdhx but select to use an existing one and point it to the one we just created with Disk2VHD.
Rename it if needed to something more suitable.

Don’t boot the VM but add a DVD and attach the Windows Server ISO of the version your vhdx contains to the DVD

diskpart

lis disk

lis vol

select volume 3

assign letter L:

FORMAT FS=FAT32 LABEL=”BOOT”

exit

bcdboot C:\Windows /s L: /f UEFI

Disk2VHD on a Generation 2 VM results in an unbootable VHDX

Windows 10 bootrec /fixboot access is denied

https://answers.microsoft.com/en-us/windows/forum/windows_10-performance/windows-10-bootrec-fixboot-access-is-denied/747c4180-7ff3-4bc2-b6cc-81e572d546df?auth=1

Some people notice after upgrading to Windows 10 April Update, that there is a new partition (recovery partition with Windows PE). Due to the fact, that a drive letter is assigned, the logical drive will be shown in explorer. And Windows 10 starts with annoying notifications, that the disk is full. This forum post describes the situation:

Disk management is failing

The first idea many users have is to remove the drive letter from the disk management partition. If you want to use Disk Management to fix the issue and remove the drive letter from the partition, you will fail in most cases. The context menu does not support commands on this recovery partition.

Open the command prompt window with administrator privileges

diskpart

list volume

select volume <number of your volume>

remove letter=<drive letter of your volume>

exit

( not able to remove letter from drive windows 10 1803 )

Windows 10 V1803 update creates a new OEM Partition

(Get-ADUser -Filter * -SearchBase “ou=Users,ou=London.UK,ou=EMEA,ou=Divisions,dc=bla,dc=com” -server “bla.com”).count

Prerequisites

The Hyper-V host and guest must both be Windows Server 2016/Windows 10 Anniversary Update or later.

VM configuration version 8.0 or greater.

An Intel processor with VT-x and EPT technology — nesting is currently Intel-only.

There are some differences with virtual networking for second-level virtual machines. See “Nested Virtual Machine Networking”.

Configure Nested Virtualization

Create a virtual machine.

While the virtual machine is in the OFF state, run the following command on the physical Hyper-V host.
This enables nested virtualization for the virtual machine.

Get-VM

copy VMName

Set-VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $true

Start the virtual machine.

Install Hyper-V within the virtual machine, just like you would for a physical server. For more information on installing Hyper-V see, Install Hyper-V.

https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/user-guide/nested-virtualization

Command:
(Get-Credential).Password | ConvertFrom-SecureString | Out-File “C:\Temp\ABC_A1000001_PW.txt”

Script:

$username = “ABC\A1000001”

$password = Get-Content ‘\\server.domain.xyz\Scripts\Migration\ABC_A1000001_PW.txt’ | ConvertTo-SecureString

$cred = new-object -typename System.Management.Automation.PSCredential `

-argumentlist $username, $password

The current Start Menu after a successful OSD looked a bit messy:

Software that is not installed on the PC doesn’t show up on the Start Menu. (We won’t see any “ghost” tiles or …)

Once they install for example Google Chrome or Office 2016, it will show up automatically on the Start Menu.

The Start Menu is also fully customizable for the end user.

They can move/remove/add everything they want.

The initial Start Menu is just a base where they can customize it to their own desire.

The Start Menu where the default xml is exported from:

Tasksequence step:

Package Content:

StartMenu.xml:
Open Powershell
Export-Startlayout –path C:\Windows\Temp\Startmenu.xml

ImportW10Layout.ps1:
Import-StartLayout -LayoutPath $PSScriptRoot\StartMenu.xml -MountPath $env:SystemDrive\
Copy-Item -Path $PSScriptRoot’\Internet Explorer.lnk’ -Destination $env:SystemDrive’\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories’

http://ccmexec.com/2015/09/customizing-the-windows-10-start-menu-and-add-ie-shortcut-during-osd/

Remove 3D Builder, Alarms and Clock, Calendar and Mail, Contact Support, Cortana, Get Office, Get Skype, Groove Music, Maps, Microsoft Edge, Money, Movies & TV, News, OneNote, Candy Crush, Get Asphalt, People, Phone Companion, Twitter, Sports, Voice Recorder, Weather and XBOX.

Get-AppXPackage | where-object {$_.name –notlike “*store*”} | Remove-AppxPackage

Error: This version of bootcamp is not intended for this computer model.

Download Orca or InstEd It and open the BootCamp/Drivers/Apple/BootCamp.msi file using this software.

Find the table called LaunchCondition and select Drop table.

Save the file and run the BootCamp.msi from within Windows and it should start installing the drivers!

Reboot when prompted and you should be all set!

Virtual Machines

Access denied. Unable to establish communication between ‘Hyper-V Server’ and ‘Hyper-V Manager’.

This is puzzling since the workstation has been connected to this particular Hyper-V server many times using other network profiles. The profile we created for the Microsoft folks was seemingly giving us the connection issue.

The fix took a bit of searching to find and needed to be accomplished on the Windows Vista system where the Hyper-V Manager was installed:

Close the Hyper-V Manager

C:\Windows\SysWOW64\dcomcnfg.exe

Right click on dcomcnfg and Run As Administrator.

Authenticate with the local admin credentials if UAC prompts for credentials, or
continue if it does not.

Open the Component Services node, then the Computers node, then right click on My Computer and click on Properties.

Click on the COM Security tab.

Click the Edit Limits button under Access Permissions.

Enable Remote Access for Anonymous Logon

Click Apply and OK.

Close the Component Services console and the Windows Explorer window.

Start the Hyper-V Manager and continue through the UAC.

The virtual machines, if any, will show up in the Hyper-V Manager console after that.

http://blog.mpecsinc.ca/2009/06/hyper-v-error-access-denied-unable-to.html

I’ve got some corrupt softpaq downloads using
https://ftp.hp.com/pub/caps-softpaq/cmit/HP_Driverpack_Matrix_x64.html

ftp://ftp.hp.com/pub/softpaq/sp66001-66500/

This one is working

ftp://g4u0180.houston.hp.com/ftp1/pub/softpaq/sp66001-66500/

Install first Windows XP 32bit on the SSD with IDE mode enabled.

Download Intel® Matrix Storage Manager

IATA89CD.exe

https://downloadcenter.intel.com/download/17882/Intel-Matrix-Storage-Manager

Open CMD
Navigate to IATA89CD.exe with cd

Extract:
IATA89CD.exe -a

Navigate to

C:\Program Files\Intel\Intel Matrix Storage Manager\winall\Driver

Copy/paste all files from that folder into C:\WINDOWS\system32\drivers

Open Device Manager

Go to IDE ATA/ATAPI controllers
Rightclick to update driver on one of them

Select “Install from list or specific location”

Select “Don’t search. I will choose the driver to install”

Select “Have Disk…”

Browse to C:\WINDOWS\system32\drivers

Select iaStor.sys

Click OK

Select driver from the list

“Intel(R) ICH9M-E/M Sata AHCI Controller”

Redo these steps on other controllers until you get a BSOD.

Be sure to change the BIOS to AHCI mode when rebooting the system!

Note: Use winsetupfromusb to load the ISO to your USB Thumb drive
http://www.winsetupfromusb.com/files/download-info/winsetupfromusb-1-6-exe/

———————————

SSD Enhancements

Disabling background disk defragmentation

Key Name:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction\ Name: Enable Type: REG_SZ Value: N

Disable Background auto-layout:

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OptimalLayout Value Name: EnableAutoLayout Type: REG_DWORD Value: 0

Disable update of filesystem’s “last access timestamps”

“Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem Name: NtfsDisableLastAccessUpdate Type: REG_DWORD Value: 1

Disable Prefetch

Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters Name: EnablePrefetcher Type: REG_DWORD Value: 0

Optionally: Go to the system settings and disable the swap file (pagefile) unless you are very low on system memory, and disable the system restore service unless needed. You can also move the temporary and log files directories away to non-SSD media if available, see below.

Now, close the registry editor, reboot and you are done. Easy, wasn’ t it? Remember not use defrag utilities on SSD disks! For additional details, please refer to – http://msdn.microsoft.com/en-us/library/ms912916(v=winembedded.5).aspx — Some of above information is collected from there.

Partition alignment

Align your partitions so that they start and end at 4k disk blocks. E.g. read this post on Anandtech. Any modern partition tool will do this automatically. I recommend GParted. However the Windows XP partitioner is old and will do this wrong in most cases. The reason is that modern drives, including SSDs and hard disks, operate on 4k data blocks at a time. If the partition is misaligned all partition blocks stretch across disk blocks. If a partition block is processed the drive will need to actually process two disk blocks! This slows disk operations down.

File system settings

If you format the partition, make sure to set the file system allocation block size to 4k. For XP, it is best to choose NTFS as the file system and 4096 as the Allocation Unit Size, check Quick Format, and hit “Ok”. Am I missing something crucial? Please tell me, it will be appreciated.

One solution would be to reboot the computers in the environment. This would clear the Kerberos tickets from all session caches. However, rebooting a server is not always allowed in production and in some cases the server needs to be available 24×7.

klist -li 0:0x3e7 purge

Option Explicit

Dim objshell,path,DigitalID, Result
Set objshell = CreateObject(“WScript.Shell”)
‘Set registry key path
Path = “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\”
‘Registry key value
DigitalID = objshell.RegRead(Path & “DigitalProductId”)
Dim ProductName,ProductID,ProductKey,ProductData
‘Get ProductName, ProductID, ProductKey
ProductName = “Product Name: ” & objshell.RegRead(Path & “ProductName”)
ProductID = “Product ID: ” & objshell.RegRead(Path & “ProductID”)
ProductKey = “Installed Key: ” & ConvertToKey(DigitalID)
ProductData = ProductName & vbNewLine & ProductID & vbNewLine & ProductKey
‘Show messbox if save to a file
If vbYes = MsgBox(ProductData & vblf & vblf & “Save to a file?”, vbYesNo + vbQuestion, “BackUp Windows Key Information”) then
Save ProductData
End If

‘Convert binary to chars
Function ConvertToKey(Key)
Const KeyOffset = 52
Dim isWin8, Maps, i, j, Current, KeyOutput, Last, keypart1, insert
‘Check if OS is Windows 8
isWin8 = (Key(66) \ 6) And 1
Key(66) = (Key(66) And &HF7) Or ((isWin8 And 2) * 4)
i = 24
Maps = “BCDFGHJKMPQRTVWXY2346789”
Do
Current= 0
j = 14
Do
Current = Current* 256
Current = Key(j + KeyOffset) + Current
Key(j + KeyOffset) = (Current \ 24)
Current=Current Mod 24
j = j -1
Loop While j >= 0
i = i -1
KeyOutput = Mid(Maps,Current+ 1, 1) & KeyOutput
Last = Current
Loop While i >= 0
keypart1 = Mid(KeyOutput, 2, Last)
insert = “N”
KeyOutput = Replace(KeyOutput, keypart1, keypart1 & insert, 2, 1, 0)
If Last = 0 Then KeyOutput = insert & KeyOutput
ConvertToKey = Mid(KeyOutput, 1, 5) & “-” & Mid(KeyOutput, 6, 5) & “-” & Mid(KeyOutput, 11, 5) & “-” & Mid(KeyOutput, 16, 5) & “-” & Mid(KeyOutput, 21, 5)

End Function
‘Save data to a file
Function Save(Data)
Dim fso, fName, txt,objshell,UserName
Set objshell = CreateObject(“wscript.shell”)
‘Get current user name
UserName = objshell.ExpandEnvironmentStrings(“%UserName%”)
‘Create a text file on desktop
fName = “C:\Users\” & UserName & “\Desktop\WindowsKeyInfo.txt”
Set fso = CreateObject(“Scripting.FileSystemObject”)
Set txt = fso.CreateTextFile(fName)
txt.Writeline Data
txt.Close
End Function

Configuring the firewall

I already explained Server Core acts as a file server without installing anything. All you need to do is permit file services through the firewall. In the standard firewall configuration there’s already a pre-built exception you can enable by typing the following command:

netsh firewall set service fileandprint

https://dirteam.com/sander/2007/09/19/getting-installation-files-onto-server-core/

https://buildnumbers.wordpress.com/

Windows 10 comes with .NET framework 4.5 pre-installed, but many apps developed in Vista and Windows 7 era require the .NET framework v3.5 installed along with 4.5.

These apps will not run unless you will install the required version.

When you try to run any such app, Windows 10 will prompt you to download and install .NET framework 3.5 from the Internet.

Here is how to install it offline using DISM from Windows Kits for Windows 10.

Dism /Get-WIMInfo /WimFile:S:\Temp\install.wim

Dism /Mount-WIM /WimFile:S:\Temp\install.wim /Index:1 /MountDir:S:\Temp\offline

Dism /Image:S:\Temp\offline /Enable-Feature /FeatureName:NetFX3 /All /Source:H:\sources\sxs /LimitAccess

Dism /Image:S:\Temp\offline /Add-Package /PackagePath:S:\Temp\de-de

Dism /Image:S:\Temp\offline /Add-Package /PackagePath:S:\Temp\fr-fr

Dism /Image:S:\Temp\offline /Add-Package /PackagePath:S:\Temp\nl-nl

Dism /Unmount-WIM /MountDir:S:\Temp\offline /Commit

Dism /Cleanup-WIM

Remove the following file”C:\Windows\System32\GroupPolicy\Machine\Registry.pol”

run gpupdate /force

When you open registry editor and connect to a remote system, the only hives you will see are HKEY_LOCAL_MACHINE and HKEY_USERS. The other two hives, HKEY_CLASSES_ROOT and HKEY_CURRENT_USER are there too, but are under the two visible hives. So for all purposes, I am only going to explain here how to access the once that are not openly evident.

HKEY_CLASSES_ROOT

This hive is located under HKEY_LOCAL_MACHINE\SOFTWARE\Classes

HKEY_CURRENT_USER

This hive is more tricky to find because you have to correlate what the SID is to the user. This can be done by going to HKEY_USERS and parsing through each SID. Ignore the SIDs that have only 4 sets of numbers (i.e. S-1-5-18). These are system accounts. The best way I found to parse through and find who the user is is to go to HKEY_USERS\<SID>\Software\Microsoft\Windows\CurrentVersion\Run. Under this key will be a list off applications that are set to run when the system is booted up. You can look at the data field and there will usually be a few apps that will say “c:\users\<username>”, which will give away who the user of that SID is.

There is another way and that would be to remotely run a WMI query to find out who the current user is and the SID for that user.

http://mickitblog.blogspot.be/2012/03/accessing-all-hives-from-remote.html

Over the last couple of months I gathered the following tweaks for a better performance insight the virtual machine, besides disabling / uninstalling useless services and devices:

– Disable the pre-logon screensaver:

Open Regedit

HKEY_USERS\.DEFAULT\Control Panel\Desktop

Change the value of “ScreenSaveActive” to 0.

– Disable updates of the last access time attribute for your NTFS filesystem, especially for i/o intensive vm’s this is a real boost:

Open CMD

fsutil behavior set disablelastaccess 1

– Disable all visual effects:

Properties on your desktop

Appearance -> Effects

Disable all options.

– Disable mouse pointer shadow:

Control Panel -> Mouse

Click on the tab “pointers” and switch “enable pointer shadow” off.

– Uninstall Tablet PC Components, unless this feature is needed.

– Disable IPv6, unless it is needed.

– Use the File System Utility (fsutil) command to disable the setting that keeps track of the last time a file was accessed.

For example: fsutil behavior set disablelastaccess 1

– Start the Registry Editor (regedit.exe) and change the TimeOutValue REG_DWORD in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Disk to0x000000be(190).

– Shut down the guest operating system and power off the virtual machine.

Change the virtual machine video card RAM setting to 128 MB.

Power on the virtual machine.

https://pubs.vmware.com/view-50/topic/com.vmware.view.administration.doc/GUID-E712DAE6-88DF-4208-BEFA-09513A01A26E.html

Virtual Machine tweaks for a better performance

You can identify if the computer is Laptop or Desktop based on its chassis Types.

Below are listed the Chassis types available to create SCCM collection or reports.

For Laptops Chassis Types : 8 , 9, 10, 11, 12, 14, 18, 21

For Desktop Chassis Type : 3, 4, 5, 6, 7, 15, 16

For server Chassis Type: 23

Below is the collection to list all the computers which are laptops which fall in above Chassis type. All these values are from SQL table called SMS_G_System_SYSTEM_ENCLOSURE .If you are looking to create SCCM report,you can create using Views(v_GS_SYSTEM_ENCLOSURE).

You can also replace the values with Desktop computers or servers also you can use joins to club these with AD groups for deploying the applications based on this.

select SMS_R_System.ResourceId, SMS_R_System.ResourceType, SMS_R_System.Name, SMS_R_System.SMSUniqueIdentifier, SMS_R_System.ResourceDomainORWorkgroup, SMS_R_System.Client from SMS_R_System inner join SMS_G_System_SYSTEM_ENCLOSURE on SMS_G_System_SYSTEM_ENCLOSURE.ResourceID = SMS_R_System.ResourceId where SMS_G_System_SYSTEM_ENCLOSURE.ChassisTypes in ( “8”, “9”, “10”, “11”, “12”, “14”, “18”, “21” )

Here are some sample reports/queries available which you can make use of it

http://myitforum.com/cs2/blogs/snorman/archive/2007/09/18/count-of-chassis-types-by-collection.aspx

http://wmug.co.uk/wmug/b/eskonr/archive/2010/11/16/sccm_2d00_collection_2d00_to_2d00_list_2d00_all_2d00_the_2d00_laptop_2d00_computers

HKEY_CLASSES_ROOT\Installer\Products

of

HKLM\Software\Classes\Installer\Products

COL_Devices_without_ClientUpdate_2012R2CU3

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_SMS_ADVANCED_CLIENT_STATE on SMS_G_System_SMS_ADVANCED_CLIENT_STATE.ResourceID = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.SystemType = “x64-based PC” and SMS_G_System_SMS_ADVANCED_CLIENT_STATE.DisplayName = “CCM Framework” and SMS_G_System_SMS_ADVANCED_CLIENT_STATE.Version >= “5.00.7958.1000” and SMS_G_System_SMS_ADVANCED_CLIENT_STATE.Version < “5.00.7958.1401”

COL_Devices_with_SCCM_Console

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceId = SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName like “%System Center 2012 R2 Configuration Manager Console%”

For 64-bit OS also use
or SMS_G_System_ADD_REMOVE_PROGRAMS_64.DisplayName like “%Applicationname%”

Redistribute a hidden package.

Apply the following powershell script

$SiteCode = “XXX”
$PackageID = “XXX00003”
$distpoints = Get-WmiObject -Namespace “root\SMS\Site_$($SiteCode)” -Query “Select * From SMS_DistributionPoint WHERE PackageID=’$PackageID'”
foreach ($dp in $distpoints)
{
$dp.RefreshNow = $true
$dp.Put()
}

https://social.technet.microsoft.com/Forums/en-US/d2e5366f-f7c3-4691-9011-ad35ed25ab74/configuration-manager-client-upgrade-package-missing?forum=configmanagerdeployment&prof=required

PXE keeps rebooting after “preparing Network connection”. Errors: “reply has no message header marker”, “Failed to get client identity (80004005)”, “Failed to request for client”

OSD Boot media cannot see TS

Resolution: Set correct time in BIOS!

cmd:
date
time

http://777notes.wordpress.com/2012/10/09/sccm-2012-failed-to-get-client-identity-80004005/

You can keep your operating system images updated with the latest software updates from Microsoft using the offline servicing feature of Configuration Manager. Here are a few facts you may not know:

Software updates content is not retrieved over the wide area network, rather it is obtained locally from the Configuration Manager content library on the site server where offline servicing is performed. This prevents excessive network traffic during the application of updates.

You can specify to continue if an error occurs while applying the selected updates to an OS image. As a result, if some updates fail to be applied to the image, servicing will apply the remaining updates.

Upon completion of the offline servicing process, you can specify that the updated version of the OS image is automatically distributed to all distribution points where it resides.

Offline servicing stages temporary data on the site server when the process runs, and uses the drive on which Configuration Manager is installed. One common request is to configure offline servicing to use the specified drive of the site server. Let’s say you want to specify the “F:” drive for offline servicing to stage and mount the OS image and store software updates files. Here’s how to do this using the Windows Management Instrumentation Tester utility (wbemtest.exe).

Launch wbemtest.exe.

Connect to the Configuration Manager namespace on the site server. For example, if your site code is “CCP”, connect to namespace “root\sms\site_CCP”.

Next click Query, enter the following, and then click Apply:

SELECT * FROM SMS_SCI_Component WHERE SiteCode=’CCP’ AND ItemName LIKE ‘SMS_OFFLINE_SERVICING_MANAGER%’

Double-click on the result.

Double-click on the “Props” property in the list.

Click “View Embedded”.

There will be four entries returned in the list. Double-click on each to find the one where the PropertyName field is “StagingDrive”.

Change Value1 in the list to “F:” (in this example).

Click “Save Object”.

Click “Close”.

Click “Save Property”.

Click “Save Object”.

Click “Close”.

Now the next time offline servicing runs it will stage all of its files in the folder F:\ConfigMgr_OfflineImageServicing.

–Vladimir Sorokin

http://blogs.technet.com/b/configmgrteam/archive/2013/07/15/customizing-offline-servicing-of-operating-system-images.aspx

1: Scan for updates
powershell.exe -command “([wmiclass]’root\ccm:SMS_Client’).TriggerSchedule(‘{00000000-0000-0000-0000-000000000113}’)”

2: Wait for Scan to Finish
powershell.exe -command start-sleep 500

3: Install All Updates

4: Restart Computer

Re-apply these steps 3 times

Today’s blog post is a collaboration between our PFE group and premier support. Joao Botto (PFE), Kyle Blagg (PFE), and Scott McArthur (Support) are writing about their favorite device. You will see this post in the askpfeplat and askcore blogs.

Some of you may know that we launched Surface Pro 3 before its gigabit network adapter and Docking Station were available, and that has led to some customers experiencing issues such as:

· Slow PXE performance downloading a boot.wim

· Surface Pro 3 not charging when in docking station

Both of these issues are due to older firmware. When you unbox a Surface Pro 3, there will be newer firmware available, due to the time difference between when the device is manufactured and finally makes its way to you.

This post focuses on the Surface Pro 3, but this same process can be utilized on the Surface Pro and Surface Pro 2 (but not the Surface RT/Surface 2 devices).

If you are deploying a custom image using Microsoft Deployment Toolkit (MDT), System Center Configuration Manager, or other deployment tool you may want to address these firmware issues before you deploy your custom image. We have developed a method to use a USB Windows PE drive that automatically updates the Surface firmware when you boot with it.

Other possible workarounds, instead of using the method describe in this blog post are to have a boot.wim on a USB drive instead of PXE, or go through OOBE and immediately use Windows Update to apply the latest Surface drivers/firmware.

Introduction

Firmware updates reprogram the chips inside your device, making it better than ever before. They are shipped in what we call capsules, but they look like regular drivers:

image

If this interests you, check out the blog post from the Surface Team about how Windows Update Makes Surface Better

Before you start this recipe you will need the following ingredients:

Latest Surface Pro Firmware Updates from the driver pack

Windows Assessment and Deployment Kit (ADK), specifically the Deployment Tools and Windows PE components of this kit

A USB flash drive

IMPORTANT:

· Do not try to update the Touch Firmware using this method.

· This guidance will not work if the Surface Pro disk was formatted (and a new Operating System wasn’t loaded) or if the disk is encrypted.

· To prevent accidental device shutdown, the firmware updates will only be applied when the device has 40% or more of battery. We strongly recommend you fully charge your battery before proceeding with the firmware update.

Drivers

Extract the Surface driver pack you previously downloaded, and select the EC, SAM and UEFI firmware updates. All these firmware capsules are in the Microsoft > FW folder.

image

Copy the EC, SAM and UEFI the firmware files to a folder. In my example I called this folder Pro3 and put it in C:\SurfaceFW\Pro3

Reminder: DO NOT try to update touch firmware using this process.

image

Windows PE

From the ADK you must make sure you have installed the Deployment Tools and Windows PE:

image

From that point you will have the Deployment and Imaging Tools Environment (which is essentially a command line window with additional tools in the path). Run it as Administrator.

image

At this point you’re ready to start preparing a version of Windows PE x64 that will be used to update the firmware. It’s very important to use the x64 version since x64 UEFI isn’t able to load an x86 OS.

When you install the ADK the default folder (on a x64 install of Windows) for Windows PE is C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Windows Pre-installation Environment

In that folder you will find the WinPE images for x86 and x64, and some scripts that make the creation of a WinPE flash drive extremely easy.

image

Change directory to this folder: cd “C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Windows Preinstallation Environment”

From the elevated prompt you will have to start by running the first script by executing the command copype amd64 C:\WinPE_amd64 to place the original WinPE image in that folder.

Then you will use the same elevated prompt to run MakeWinPEMedia /UFD C:\WinPE_amd64 E: (the E: drive is my flash drive, which will be reformatted, and C:\WinPE_amd64 is the working folder I supplied in the previous command).

image

The first step is to create a folder (in my case c:\mount), and then mount the mount the WinPE image using this command: dism /Mount-Image /ImageFile:E:\sources\boot.wim /index:1 /MountDir:c:\mount

image

Then you should inject the firmware updates into Windows PE: dism /Image:C:\mount /Add-Driver /Driver:C:\SurfaceFW\Pro3 /Recurse

You should see all firmware updates being successfully injected.

image

Note: Make sure all three firmware updates were successfully injected into Windows PE. You should see the “The driver package was successfully installed” message like in the example above.

To unmount the WinPE image just run the following command:

dism /Unmount-Image /MountDir:C:\mount /commit

image

You can now boot to your new WinPE environment by plugging the flash drive to your new Surface Pro (while it’s turned off) and then start the device with Power + Volume Down. Keep holding the volume down button until a few seconds after your device displays the Surface logo. Once WinPE loads, you’ll see a blank screen and a command prompt will automatically process the updates.

The firmware will be updated without any user interaction and your Surface will reboot automatically when it’s done. You will then see “Please wait while we install a system update” for a few minutes and your Surface Pro 3 will reboot again when it’s ready.

If you want to validate that the update was successful you can boot into the UEFI settings (start the device by pressing Power + Volume Up) and look under device information. If you see the Asset Tag field that would indicate your UEFI firmware was updated from the version that shipped in the original image. Over time this method may not be usable for validation since at some point the image that is shipped with the device will already have this version of the firmware by default. Another option for validating firmware versions is to press Shift+F10 at the first page of the OOBE and open devmgmt.msc to check the firmware versions. Note: If you use this process to update the firmware and then goto Windows Update, you will likely see a firmware update offered. This is normal. The firmware is updated but the driver currently installed is not up to date. The offered update will install the driver that shows the updated firmware

We will be improving this process over time so look for updates to this blog for some additional features such as automatically checking for battery level and other ways to determine the firmware was updated.

Scott “I fix all Surface Issues” McArthur, Kyle “my Surfaces are on TV” Blagg, and Joao “let’s do it!” Botto

http://blogs.technet.com/b/askpfeplat/archive/2014/10/20/how-to-update-the-surface-pro-3-firmware-offline-using-a-usb-drive.aspx

By simply adding a unique text file to the driver folder it creates a different hash value and allows you to import the same driver even if the actual drivers already have been imported.

Just put the above code into a batch file at the root of your directory structure for a given model and name it for that hardware model; e.g., name it Optiplex755.bat and put it in the root of the folders housing the Optiplex 755 drivers.

—————————————–

@ECHO OFF

for /f “tokens=*” %%G IN (‘dir /ad /b /s’) DO (

echo. > “%%G\%~n0.txt”

)

—————————————–

Executing this simple batch file will create an empty text file named Optiplex755.txt in every sub-directory.

Repeat as necessary for each model and each model’s top-level driver folder.

If you add or change any drivers for a model, just re-execute the script.

http://myitforum.com/cs2/blogs/jsandys/archive/2010/04/05/duplicate-drivers-helper-script.aspx
https://wbracken.wordpress.com/2009/09/26/adding-duplicate-drivers-to-sccm-sp1/

This registry editing trick has been around forever, but still works in ConfigMgr 2012! In fact, it’s the preferred way to keep the ConfigMgr client software from installing on specific computers in your organization.

A couple NOTEs: This only blocks ConfigMgr client software when using the site-wide automatic push method. You can still use any other method to install the client, ex. manually running CCMSetup.exe. Also, this does not exclude the computer from being “discovered”, just that the client software will not be installed once it is discovered liked non-excluded computers.

To do it…

On the ConfigMgr site server, run the Registry Editor.

Navigate to the SMS_DISCOVERY_DATA_MANAGER sub-key which is located within HKEY_LOCAL_MACHINE/Software/Microsoft/SMS/Components/SMS_DISCOVERY_DATA_MANAGER

Locate the ExcludeServers key and edit the Multi-String value.

Enter the NetBIOS name of each computer you want to exclude. Each computer name must be on its own separate line.

Hit OK and close out the Registry Editor.

http://myitforum.com/myitforumwp/2012/02/01/same-as-before-excluding-specific-computers-from-becoming-configmgr-2012-clients/

File
xcopy fzdefaults.xml “%ProgramFiles(x86)%\FileZilla FTP Client\fzdefaults.xml”* /I /S /Y /C /R

xcopy *.ora “c:\oracle\product\11.2.0\client_86\network\admin\”* /I /S /Y /C /R

Folders & Subfolders
xcopy .\swl\*.* C:\SWL /I /S /Y /C /R

Main Installer

http://myITforum.com/myitforumwp/wp-content/uploads/2012/06/SCCMRCT1.0.zip

Updates for 2012

http://myITforum.com/myitforumwp/wp-content/uploads/2012/06/2012Update1.0.EXE.zip

Fixes the issue with restarting the ConfigMgr Agent Host on the client tools

http://myITforum.com/myitforumwp/wp-content/uploads/2012/06/2012Update1.21.exe

Fixes the issue with performing an Application Deployment Evaluation Cycle on both clients and collections

http://myITforum.com/myitforumwp/wp-content/uploads/2012/09/2012Update1.34.exe

Fixes the issue with files being copied to the wrong location.

https://social.technet.microsoft.com/Forums/en-US/c5aaaa8e-cdd8-400b-8749-8a233a3f0a52/importing-existing-computers-into-a-device-collection?forum=configmanagergeneral&prof=required

ConfigMgr 2012 – Powershell Right Click Tools Version 2.0

https://psrightclicktools.codeplex.com/

It’s possible to change the size of the blocks used for the Trivial File Transfer Protocol (TFTP) transfer; the larger the block size, the greater the performance. Microsoft’s recommendation is to not set higher than 16384; in addition, you must use multiples of 4096, such as 8192, 16384, and so on. I got a huge performance boost from using a value of 16384. Perform the following steps:

Log on to the Configuration Manager PXE Windows Deployment Services (WDS) server.

Open the registry editor (regedit.exe).

Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\DP.

From the Edit menu, select New, DWORD value.

Enter a name of RamDiskTFTPBlockSize and press Enter.

Double-click the new value.

Set the Base to Decimal and set the value (e.g., 16384).

Click OK.

Restart the WDS server service.

http://windowsitpro.com/configuration-manager/speed-sccm-tftp-performance-pxe-clients

Task Sequence problem after SCCM 2007 to SCCM 2012 R2 migration

Ran into some problem after I had migrated a SCCM 2007 site to SCCM 2012 R2 CU3

When running the Task Sequence I got the following errors in SMSTS.LOG

Empty location for package: _SMSTSXXX000F1 ApplyOperatingSystem

Installation of image 1 in package XXX000F1 failed to complete..

The system cannot find the file specified. (Error: 80070002; Source: Windows) ApplyOperatingSystem

Changing the operating system package properties under Data Access to “Copy the content in this package to a package share on distribution Points” would have been the solution to this problem.

My client had a problem with an update of Adobe Reader version 11.
After updating, only english was available.
The update was a MUI version …

After verifying the files and folders, I noticed that the “Locale” folder wasn’t created.
I installed Adobe Reader 11 MUI normaly (not in silent mode) and choose another language then English.
After the installation just copy the “Locale” folder in the Program folder of Adobe Reader.
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale

I copied the “Locale” folder into the Customization Wizard and overwrote all files.

Computer Configuration (Enabled)

Policies

Administrative Templates

Policy definitions (ADMX files) retrieved from the central store.Windows Components/Internet Explorer/Security Features/Add-on Management

Policy Setting Comment

Add-on List Enabled

Add-on List

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} 0

{DBC80044-A445-435B-BC74-9C25C1C588A9} 0

w32tm /configure /manualpeerlist:”be.pool.ntp.org” /syncfromflags:manual /reliable:yes /update

net stop w32time

net start w32time

w32tm /resync /rediscover

Backup Registry
REG EXPORT HKLM\Software\Microsoft\COM3 %temp%\com.reg /y

Change Registry Key
REG ADD HKLM\Software\Microsoft\COM3 /v REGDBVersion /t REG_BINARY /d 010000 /f

Move Computer to New OU
wscript.exe Move_Comp_To_OU.vbs “OU=New,OU=Computers,OU=XX,DC=XX,DC=XX”
Disable 64-bit file system redirection
PKG_XX_OSD_Scripts
XX.XX\srv-dom

Restore Registry Backup
REG IMPORT %temp%\com.reg

Copy Fonts to Temp
xcopy *.ttf %SystemDrive%\Temp /Y /I /Q
PKG_XX_XX

Set PowerShell Execution Policy
Powershell.exe -noprofile -command “Set-ExecutionPolicy Bypass LocalMachine” -force

Run Add-Font.ps1
Powershell.exe -noprofile -file Add-Font.ps1 -path “%SystemDrive%\Temp”
PKG_XX_OSD_Scripts

Revert PowerShell Execution Policy
Powershell.exe -noprofile -command “Set-ExecutionPolicy RemoteSigned LocalMachine” -force

Remove C:\Temp
cmd.exe /c rmdir “%SystemDrive%\Temp” /S /Q

Windows 7:

Install Package KB958830

cmd /c start /w pkgmgr /iu:RemoteServerAdministrationTools-Roles-AD-DS-SnapIns;RemoteServerAdministrationTools-Roles-AD-DS;RemoteServerAdministrationTools-Roles-AD;RemoteServerAdministrationTools-Roles;RemoteServerAdministrationTools

run batfile ==>

@echo off

hostname.exe > __t.tmp

set /p host=<__t.tmp

del __t.tmp

c:\windows\system32\netdom.exe remove /d:mydomain %host% /ud:mydomain\serviceaccount /pd:P@ssw0rd

Windows Server 2012 R2:

DISM /online /enable-feature /featurename=ActiveDirectory-Powershell /all

@echo off

hostname.exe > __t.tmp

set /p host=<__t.tmp

del __t.tmp

c:\windows\system32\netdom.exe remove /d:data %host%

PS H:\> $appv=get-appvclientpackage -name *visio*
PS H:\> $appv

PackageId : 7828a894-5155-4f3d-923e-a0b91ce5835c
VersionId : a6ec2f50-114b-4cee-ba42-277cb70b6f46
Name : SDV_Microsoft_VisioPrem_2010SP2_01.00_EN
Version : 0.0.0.1
Path : C:\WINDOWS\ccmcache\57\SDV_Microsoft_VisioPrem_2010SP2_01.00_EN.appv
IsPublishedToUser : True
UserPending : False
IsPublishedGlobally : False
GlobalPending : False
InUse : True
InUseByCurrentUser : True
PackageSize : 1671256007
PercentLoaded : 100
IsLoading : False
HasAssetIntelligence : True

PS H:\> Start-AppvVirtualProcess -FilePath cmd.exe -AppvClientObject $appv

http://support.microsoft.com/kb/2830069

1. Install OffVirt

Office2010AppVKit-x64.exe
http://www.microsoft.com/en-us/download/details.aspx?id=10386

msiexec /i OffVirt.msi ADDLOCAL=OSpp,OSpp_Core,OSppWoW64 PROPLUS=1 VISIOPREM=1 PIDKEYS=CK796-QYJ67-JVKWX-QJ9GD-W3CKX USEROPERATIONS=1

2. Download and Extract the Office 2010 sequencing kit for App-V

Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0.EXE
http://www.microsoft.com/en-us/download/details.aspx?id=38399

3. Start the App-V Sequencer

Click on Tools -> Options…

Open the “Exclusion Items” tab and add the following:

[{Common AppData}]\Microsoft\OfficeSoftwareProtectionPlatform

[{Common AppData}]\Microsoft\Windows

With Mapping Type = “VFS”

Run Powershell(x86) as an Administrator

Enter-PSSession -ComputerName LAP123 -Credential Labo\Admin

Get-AppvClientPackage -All

Unpublish-AppvClientPackage

PackageId

VersionId

Remove-AppVClientPackage

PackageId

VersionId

Don’t forget to remove the folder in the SCCMcache!
\\LAP123\c$\Windows\ccmcache\..

get-hotfix | Where-Object {$_.HotFixID -match “KB2835517”}

wusa.exe “Windows6.3-KB2835517-x64.msu” /quiet /norestart /log:%WINDIR%\Temp\Install_SDC_Microsoft_MediaPack_1.0_01.00_ML.log

wusa.exe /uninstall “Windows6.3-KB2835517-x64.msu” /kb:KB2703761 /quiet /norestart /log:%WINDIR%\Temp\Uninstall_SDC_Microsoft_MediaPack_1.0_01.00_ML.log

_____________________________________________________________

<span class=”rem”>’Returns info if Windows Management Framework 3 in installed</span>

<span class=”rem”>’ ———————————————————-‘ </span>

<span class=”kwrd”>Option</span> Explicit

<span class=”kwrd”>Dim</span> objWMIService, strComputer

strComputer = <span class=”str”>&quot;.&quot;</span>

<span class=”rem”>’Run the query</span>

<span class=”kwrd”>Set</span> objWMIService = GetObject(<span class=”str”>&quot;winmgmts:&quot;</span> _

&amp; <span class=”str”>&quot;{impersonationLevel=impersonate}!\\&quot;</span> _

&amp; strComputer &amp; <span class=”str”>&quot;\root\cimv2&quot;</span>)

<span class=”kwrd”>Dim</span> QFEs

<span class=”kwrd”>Dim</span> QFE

<span class=”kwrd”>Set</span> QFEs = objWMIService.ExecQuery (<span class=”str”>&quot;Select * from win32_QuickFixEngineering where HotFixID like ‘KB2506143’&quot;</span>)

<span class=”kwrd”>For</span> <span class=”kwrd”>Each</span> QFE <span class=”kwrd”>in</span> QFEs

Wscript.echo <span class=”str”>&quot;Update KB2506143 was installed by &quot;</span> &amp; QFE.InstalledBy &amp; <span class=”str”>&quot; on &quot;</span> &amp; QFE.InstalledOn

<span class=”kwrd”>Next</span>

WScript.Quit

DE: “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\Language\InstallLanguage” (REG_SZ) equals “0407”

EN: “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\Language\InstallLanguage” (REG_SZ) equals “0409”

FR: “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\Language\InstallLanguage” (REG_SZ) equals “040C”

NL: “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\Language\InstallLanguage” (REG_SZ) equals “0413”

setup.exe /Q /W /I setup.ini

msiexec /X {5783F2D7-D028-0409-0100-0060B0CE6BBA} MSIRESTARTMANAGERCONTROL=Disable /qb-!

http://forums.autodesk.com/t5/DWG-TrueView/DWG-Trueview-2013-silent-installation-on-different-path-Windows/td-p/3467892

http://usa.autodesk.com/adsk/servlet/pc/item?siteID=123112&id=9078813

——————-

http://www.itninja.com/software/xmind/xmind/3-5187

http://www.xmind.net/download/win/

Installation:

xMind 3.1.1.exe /S

Deinstallation:

%ProgramFiles%\XMind\uninstall.exe /S

No Upadate:

you have to create and copy the org.xmind.cathy.prefs file.

The file must include following rows:

eclipse.preferences.version=1

checkUpdatesOnStartup=false

and copy it to:

%AppData%\XMind\workspace-cathy\.metadata\.plugins\org.eclipse.core.runtime\.settings

No Dialog on Startup:

like no update. You need following rows in the net.xmind.verify.prefs file:

SUPPRESS_SIGN_IN_DIALOG_ON_STARTUP=true

eclipse.preferences.version=1

and copy it also to:

%AppData%\XMind\workspace-cathy\.metadata\.plugins\org.eclipse.core.runtime\.settings\

for version 3.2.1

in the “net.xmind.verify.prefs”

STARTUP_SIGN_IN_DIALOG_SHOWED=false

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
“DefaultScope”=”{012E1000-F331-11DB-8314-0800200C9A66}”
“KnownProvidersUpgradeTime”=hex:1c,21,6c,bd,bf,2b,cf,01
“Version”=dword:00000003
“UpgradeTime”=hex:e4,ab,d7,bd,bf,2b,cf,01

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}]
“DisplayName”=”Google”
“URL”=”http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}”
“ShowSearchSuggestions”=dword:00000001
“SuggestionsURL”=”http://clients5.google.com/complete/search?q={searchTerms}&client=ie8&mw={ie:maxWidth}&sh={ie:sectionHeight}&rh={ie:rowHeight}&inputencoding={inputEncoding}&outputencoding={outputEncoding}”
“FaviconURL”=”http://www.google.com/favicon.ico“
“FaviconPath”=”C:\\Users\\vantorre\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{012E1000-F331-11DB-8314-0800200C9A66}.ico”

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
“Deleted”=dword:00000001

Troubleshooting tips for client communication to the Application Catalog:

Ensure that the Configuration Manager client is successfully assigned to a site and operational by checking LocationServices.log and ClientIDManagerStartup.log.

Verify that the client can communicate with the management point. For example, check out any HTTP errors in the CcmMessaging.log file.

Check the LocationServices.log file for any errors during the time you browsed to the Application Catalog. One typical reason for Application Catalog failures in this log is client communication failures to the management point, indicated by the following error: “Failed to send web service info Location Request Message.” In this case, verify that the management point is operational and reachable from the client computer.

If you have recently installed the Application Catalog roles, the configuration on the site system server might take some time to complete. If you have a central administration site, make sure that sites are replicating successfully. In this scenario, information about the Application Catalog roles must replicate to the central administration site and then back to the primary site before the Application Catalog is fully operational. For example, until the replication is complete, users will not be able to request or install applications from the Application Catalog.

Ensure that the domain and user name that is displayed in the top right corner of the Application Catalog matches the user that is logged in to Windows, especially if Internet Explorer prompts the user for credentials.

Ensure that any required Internet Explorer plugins are enabled and not explicitly blocked in Internet Explorer. For more information, see Prerequisites for Client Deployment in Configuration Manager on TechNet.

If you have configured client settings to add the URL to the trusted sites and the URL is not added to the trusted sites zone, check whether the client successfully downloads client policy and also check group policy settings in your environment to ensure that the Configuration Manager client can add the URL to the trusted sites zone.

If the Application Catalog shows an error page, the error will also be displayed in the ConfigMgrSoftwareCatalog.log. You can find the log file by searching the user profile folder. For example, in Windows 7, you can find the log file inside the following folder:

%systemdrive%\Users\<username>\AppData\LocalLow\Microsoft\Silverlight

Note that the error in this log most likely indicates one of the issues mentioned previously.

If you see the following error message when you request or install software in the Application Catalog, ensure that the domain and user name that is displayed in the top right corner of the Application Catalog matches the user that is logged in to Windows. If you are prompted for a user name and password, do not specify a different account from the one that you used to log in to Windows. In addition, you will see the same error message if the client setting Install permissions prevents you from installing software (for example,this setting is configured for Only administrators and your account is not a member of the local Administrators group).

Last week it was needed to install printer drivers on already deployed Windows 7 systems. Because driver packages can be used only during OS deployment (within a task sequence) that was not an option. Lucky me I found another way for doing this, just use the PnPutil command to do this. Let’s have a look at the needed steps now!

Create a new software package (instead of a driver package) without a program, and per model. Add all the packages created to a task sequence, using the “Run command line” option. Put in a name, select the needed package (created before), select a account with enough permissions (because drivers cannot be installed with the system account afterwards), and add a command line:

xcopy *.* C:\Temp\Drivers\ /I /S /Y /C /R

from Package

cmd.exe /c PnPutil.exe -i -a C:\Temp\Drivers\*.inf

After that all .inf files available in the package will be scanned and needed drivers installed cq. injected in the Windows 7 driver store. In my opinion a very easy solution to install (printer) drivers on already installed systems. Hope it helps!

Source: danovich.com.au > Thanks for sharing!

http://henkhoogendoorn.blogspot.be/2013/07/deploy-printer-drivers-during-configmgr.html

select * from SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceId = SMS_R_System.ResourceId where SMS_R_System.OperatingSystemNameandVersion = “Microsoft Windows NT Workstation 6.3” and SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName = “Adobe Reader XI (11.0.05) MUI”

Object type	Collection resources	Deployment	Application Catalog	Software Center
Application	Users or groups	Available deployment, does not require approval	Yes	After installation is initiated successfully from the Application Catalog
Users or groups	Available deployment, requires approval	Yes	After the application is approved
Users or groups	Required deployment	No	Yes
Computers	Available or required deployment	No	Yes
Package and program	Users or groups	Available deployment	Yes	After installation is initiated successfully from the Application Catalog
Users or groups	Required deployment	No	Yes
Computers	Available or required deployment	No	Yes

http://blogs.technet.com/b/configmgrteam/archive/2012/03/31/introducing-the-application-catalog-and-software-center-in-system-center-2012-configuration-manager.aspx

Reminder for myself 😉

Device Collection:
select * from SMS_R_System where SMS_R_System.SystemGroupName = “DATA\\GG_SDC_IBM_Notes_ML_PROD”

User Collection (managedby):
select SMS_R_USER.ResourceID,SMS_R_USER.ResourceType,SMS_R_USER.Name,SMS_R_USER.UniqueUserName,SMS_R_USER.WindowsNTDomain from SMS_R_User where SMS_R_User.DistinguishedName in (select SMS_R_System.managedBy from SMS_R_System where SMS_R_System.SystemGroupName = “DATA\\Domain Computers”) and SMS_R_User.UserGroupName = “DATA\\GG_SDV_FreeMind_FreeMind_ML_PILOT”

AD Computer Object: Managedby field must be filled in!

Reminder for myself 🙂

During OS Deployment

Before your hard drive is formatted and partitioned

X:\windows\temp\smstslog\

After your hard drive is partitioned formatted

X:\smstslog\ and then is in C:\_SMSTaskSequence\logs\smstslog\

Within Windows

Within Windows before the SCCM agent is installed:

C:\_SMSTaskSequence\logs\smstslog\

Within Windows after the SCCM agent installed:

C:\windows\system32\ccm\logs\smstslog\

When the Task Sequence completes on a x86

C:\windows\system32\ccm\logs\

For x64 Systems

C:\windows\SysWOW64\ccm\logs\

You will need to enable your boot.wim with f8 support to retrieve the log if it bombs out before apply OS stage so that you can bring up the command prompt and copy the log to a share on the network.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Google\Chrome] “SyncDisabled”=dword:00000001

You need to enable the StartUp Pages in the GPO. Enable Action on startup and the other, URLs to open at startup and enter the URL(s) you want to open.

and use GPO for settings

master_preferences does not work on 32.0 …

Use the same OS when using DISM!

Offline Image:
Dism /Get-WIMInfo /WimFile:C:\Temp\install.wim
Dism /Mount-WIM /WimFile:C:\Temp\install.wim /Name:”Windows 8.1 Enterprise N” /MountDir:C:\Temp\offline
Dism /Image:C:\Temp\offline /Enable-Feature /FeatureName:NetFX3 /All /Source:D:\sources\sxs /LimitAccess
Copy languages to C:\Temp
Dism /Image:C:\Temp\offline /Add-Package /PackagePath:C:\Temp\de-de
Dism /Image:C:\Temp\offline /Add-Package /PackagePath:C:\Temp\fr-fr
Dism /Image:C:\Temp\offline /Add-Package /PackagePath:C:\Temp\nl-nl
Dism /Unmount-WIM /MountDir:C:\Temp\offline /Commit

Current Image:
Dism /Online /Enable-Feature /FeatureName:NetFX3 /All /Source:D:\sources\sxs /LimitAccess

Remember:
First add NetFX3 and add the languages later

dism windows 8.1 netfx3 80070490
Error when running DISM /Online /Cleanup-Image /RestoreHealth – error 0x800f0906
How to troubleshoot error 0x800F081F when installing roles and features
http://blogs.technet.com/b/askcore/archive/2012/05/14/windows-8-and-net-framework-3-5.aspx
http://support.microsoft.com/kb/2785188

I can’t boot from a Windows 7 USB pen drive on my iMac begin 2008 (shortname IM81)

Verify Apple Computer Version on wikipedia http://en.wikipedia.org/wiki/Intel_iMac

If you have only 2 options in the boot camp assistant, or if bootcamp doesn’t recognize the windows installer disk when its on a bootable usb, it’s because bootcamp doesn’t recognize your MAC as a model that should install windows from a USB, its actually quite easy to fix, just follow these simple steps:

1. go to Applications>Utilities> right click on boot camp and click Show Package Conents, you’ll find a folder inside called Contents. Inside that folder exists a file called info.plist.

2. Right click on the folder containing the file > get info > change permissions so any user can read & write. Do the same for the file itself (right click > get info…).

3. Right click on info.plist and choose Open with > Text Edit.

4. at the end of the document theres a list of strings that contain different versions of Mac computers, the list is titled something like: “USB boot Versions”, add your Mac’s version to the string list ( MB40 ) if your version is Macbook 4,1 (you can see this by clicking on the System information App in the Utilities folder).

5. save the file and change back the permissions on the file and folder.

Now open boot camp and you should see the option to create a Windows 7 installler on a USB, and also bootcamp will look for a windows installation on any USB’s after you partition the hard drive.

That should get you past the bootcamp assistant phase, assuming your usb is indeed bootable, your mac should partition the disk and boot into the USB and start the installation (for some reason mine doesn’t recognize the USB as bootable but thats another issue)

FYI: Windows Official ISO’s http://www.mydigitallife.info/official-windows-7-sp1-iso-from-digital-river/

The kerberos SSPI package generated an output token of size 12750 bytes, which was too large to fit in the token buffer of size 12000 bytes, provided by process id 4.

The output SSPI token being too large is probably the result of the user willdrie901@INTRA.*.*.* being a member of a large number of groups.

It is recommended to minimize the number of groups a user belongs to. If the problem can not be corrected by reduction of the group memberships of this user, please contact your system administrator to increase the maximum token size, which in term is configured machine-wide via the following registry value: HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\MaxTokenSize.

How to fix this …

REGEDIT:

HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters

create New DWORD: “MaxTokenSize” with decimal value “48000”

reboot your machine

download (and launch with administrative privileges) http://blog.gentilkiwi.com/mimikatz (trunk version for last version)

privilege::debug (or not if you’re already system)

crypto::patchcng (nt 6)

crypto::exportCertificates CERT_SYSTEM_STORE_LOCAL_MACHINE “CA”

crypto::exportCertificates CERT_SYSTEM_STORE_LOCAL_MACHINE “My”

crypto::exportCertificates CERT_SYSTEM_STORE_LOCAL_MACHINE “…”

pfx files are passwords protected “mimikatz”

Greetings 😉

System.Net.WebException: The request failed with HTTP status 407: Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. ).~~ at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)~~ at Microsoft.UpdateServices.Administration.AdminProxy.GetUpdateServer(String serverName, Boolean useSecureConnection, Int32 portNumber)~~ at Microsoft.SystemsManagementServer.WSUS.WSUSServer.ConnectToWSUSServer(String ServerName, Boolean UseSSL, Int32 PortNumber)

Solution

Remove following keys from the registry HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\InternetSettings\Connections\SavedLegacySettings

Driver for “DP BACKPLANE SCSI Enclosure Device”

DellBPA05.exe (110KB)

http://www.dell.com/support/drivers/us/en/555/DriverDetails/DriverFileFormats?c=us&l=en&s=&cs=555&DriverId=R220657