CCMEXEC.COM – System Center blog

CCMEXEC.COM – by Jörgen Nilsson

Sessions not to miss during TechED 2014 in Barcelona. After the Keynote there are foundational sessions which will go deeper into each of the topics demoed/presented during the keynote.

My problem this year is that there are so much great content, I want to attend both of these two foundational sessions. Lucky me that they will be available on Channel 9 afterwards J

-          Windows 10: What’s in it for the Enterprise?

-          Empowering Enterprise Mobility

Breakout sessions during the week.

There are many great sessions during the week I will list some of the ones I will attend that is related to Enterprise Client Management in some way. There are so many great looking Windows 10 sessions, it is going to be a great week!

-          EM-B210 – Hybrid Identity with Active Directory, Microsoft Identity Manager and Microsoft Azure Active Directory

-          WIN-B335 – Windows 10: User Experience

-          EM-B216 – Enterprise Client Management with System Center Configuration Manager and Intune

-          WIN-B324 – Real-World Windows Deployment: Notes from the Field

-          WIN-B336 – Windows 10: Disrupting the Revolution of Cyber-Threats with Revolutionary Security

-          EM-B326 – What’s New and Upcoming with OS Deployment in System Center Configuration Manager and the Microsoft Deployment Toolkit

-          WIN-B338 – Windows 10: Deployment

-          EM-B316 – Directory Integration: Creating One Directory with Active Directory and Azure Active Directory

-          EM-B321 – Infrastructure Deployment for Mobile Device Management with System Center Configuration Manager

-          WIN-B331 – Windows 10: Overview

-          WIN-B337 – Windows 10: The End Game for Passwords and Credential Theft

-          EM-B312 – Mobile Application Management with Intune

-          WIN-B339 – Windows 10: Protecting Your Data with Containers Without Boxing Yourself In

-          WIN-B334 – Windows 10: Management

-          EM-B317 – Configuring Corporate-Owned Mobile Devices with Intune

So much great content, and remember it will be available on Channel 9!

One of the updates that was released as part of the October 2014 Patch Tuesday release, kb2984976 requires multiple reboots on Windows 7 and Windows 2008 R2 when deployed as a software update in a Task Sequence and breaks the task sequence. It is actually in the description for the KB, “You may have to restart the computer multiple times when you install this update”

The KB article that lists all updates that requires multiple reboots and breaks task sequence execution after the Install Software Updates step  is not updated yet when writing this. The article with the well.-known updates is “Software Updates That Require Multiple Reboots may Cause Task Sequence Failure within Configuration Manager“ http://support.microsoft.com/kb/2894518/

The reports of this started to appear on forums last friday. Thanks all for sharing the issues they see..

A new tool for us Configuration Manager Admins is now available, Remote Manage App provided to the community for free by Cireson. A really awesome tool that will make you cry tears of happiness when you launch it and start to play around with it. In two words, Freaking Awesome!!

Wally Mead or the “Godfather” of SMS/SCCM as some like to call him joined Cireson a while ago, and my bet is that he have been deeply involved in the creation of this tool because it contains almost all the features that you need to do your daily administration of you Configuration Manager Client environment.

Thank you Cireson and Wally (i assume!)

You can download the tool from this page: http://cireson.com/apps/remote-manage/

Feature list:

  • Add or remove clients from device collections
  • Run Configuration Manager Client actions remotely
  • Interact with Applications, Packages in Software Center, and installed applications
  • Interact with Software Updates deployed from SCCM. Requires SUP to be enabled at the Configuration Manager site
  • Interact with processes, services, printers
  • Remote shutdown/reboot commands
  • View remote Computer Management, Event Viewer, and Users & Groups
  • Start RDP, Remote Control, or Remote Assistance sessions
  • Evaluate Group Policy results (RSoP)
  • Start WMI health validation & repair
  • WOL capabilities
  • View computer information compiled from Configuration Manager and the remote client

After a long days wait for THE email, it finally arrived! I have the great honor of being rewarded with the 2014 Microsoft® MVP Award – Enterprise Client Management

Thank you Microsoft and thanks to all out there in the Community! Hope to see you all at TechED Europe 2014 in Barcelona.

MVP2014

I have the great honor together with my collegue Anders Olsson (http://itsakerhetsguiden.se/) to deliver a session at Techdays Sweden 2014! :D

We will be talking about how to manage your devices and protect your sensitive information using Enterprise Mobility Suite (EMS),which I truly believe is the future. The session is in Swedish.

En ny era är här! Den traditionella IT-miljön finns inte längre kvar, våra användare kopplar upp sig överallt från olika enheter och sparar företagsinformation överallt.

Med hjälp av Enterprise Mobility Suite från Microsoft kan vi hantera enheter, identiteter och skydda känslig information oavsett vart den lagras. Kom och se Client Management Specialisten Jörgen Nilsson tillsammans med IT-Säkerhetspecialisten Anders Olsson där de demonstrerar Windows Intune, Azure Active Directory och Azure Rights Managment.”

More information about the session can be found here:

http://www.techdays.se/Program/Sessioner/Hantera-enheter-och-skydda-kanslig-information-med-Enterprise-Mobility-Suite-EMS

See you at Techdays in Stockholm!

Techdays 2014PNG

Looking for the latest version of the Dell CCTK to be able to automate BIOS settings on Dell hardware?

The latest version of CCTK is now part of the Dell Client Command Suite and is called Command Configure and can be found here: http://en.community.dell.com/techcenter/enterprise-client/w/wiki/7431.dell-client-command-suite

KB2918614 which is part of the August patch Tuesday is released to solve a security issue in Windows Installer. What it does is change the way that Windows Installer handles repairs and advertised shortcuts as well. The description for the update doesn’t provide that much information.

UPDATE!! a workaround is described below

This security update resolves a privately disclosed vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application that attempts to repair a previously-installed application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

Normally a user could repair an application from the control panel without any additional permissions but after the update is applied if you try to repair for instance Adobe Reader you will, depending on your UAC setting be prompted for credentials.

UAC1This has caused some headache for many the last weeks not just for the auto-repair but for all using Activesetup and launches a msiexec.exe command in there to apply the users settings at first logon, and for advertised shortcuts as well.

Uninstalling the update brings back the normal behavior of Windows Installer again.

UPDATE!!

Thanks to HappySCCM http://happysccm.com/kb2918614-uac-gate/ who have posted the answer from Microsoft and a valid workaround..

Below if from HappySCCM’s site!

Microsoft:

This security update resolves a privately disclosed vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application that attempts to repair a previously-installed application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
Workaround if you have problems with repairing application:
==================================================
1. Uninstall the application and reinstall it with the security update installed. (sourcehash file generated with security update)

2. Manually copy the sourcehash file to c:\windows\installer folder. As the sourcehash file is generated based on the application files, the sourcehash file generated on computer A can be used on computer B.

Below is a screenshot of the sourcehash file:
screen

Just tested it and it works fine if you uninstall/install Adobe Reader again. After the installation the sourcehash file is generated and after that the repair is successful again.

Adobehash

Then at least newly installed computers can have the Update installed as it will not affect them.

Thanks for sharing HappySCCM!!

At TechED in Houston North America 2014 I had time to look at the Advanced Installer in the Expo Hall, I was impressed of the demo. I have always recommended Flexera AdminStudio as the tool to use for repackaging in the projects that I am involved with as this is a very powerful tool for repackaging software to Windows Installer packages/App-v packages.

Advanced Installer in the latest version looks like it could be an alternative to AdminStudio as there are many new features, App-V support, Snapshot support and so on.

I also have a feeling that many Flexera AdminStudio users, admins that do repackaging doesn’t really use all the features in AdminStudio and that Advanced Installer could be a less expensive option AdminStudio and provide enough features.

From a licensing perspective Advanced Installer is interesting as well if you are a consultant or an organization that repackages applications for customers, there is no additional license cost in the these scenarios for Advanced Installer. You can package applications using your license and selll them or give them to your customers.

If you haven’t had a look at it before more information on Advanced Installer can be found here: http://www.advancedinstaller.com/

Here is a short video on how to repackage 7-zip using Advanced Installer:

Here are some other free options, some with limited functionality, but all available out there for repackaging your applications/script or whatever teaks you are doing to .MSI:

InstEd: http://www.instedit.com/

Adminstudio Configuration Manager Edition: http://www.flexerasoftware.com/landing/adminstudio-configuration-manager-download.html

Orca (the true hardcore tool): http://www.technipages.com/download-orca-msi-editor

AdvancedInstaller free: http://www.advancedinstaller.com/download.html