Wednesday, June 30, 2010

Microsoft Security Bulletin Minor Revisions

********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: June 30, 2010
********************************************************************

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS10-041 - Important
* MS10-040 - Important
* MS10-038 - Important
* MS09-040 - Important

Bulletin Information:
=====================

* MS10-041 - Important

- http://www.microsoft.com/technet/security/bulletin/ms10-041.mspx
- Reason for Revision: V1.3 (June 30, 2010): Corrected the registry
   key verification for Microsoft .NET Framework 3.5 and
   Microsoft .NET Framework 2.0 Service Pack 2.
- Originally posted: June 8, 2010
- Updated: June 30, 2010
- Bulletin Severity Rating: Important
- Version: 1.3

* MS10-040 - Important

- http://www.microsoft.com/technet/security/bulletin/ms10-040.mspx
- Reason for Revision: V1.1 (June 30, 2010): Added a link to
   Microsoft Knowledge Base Article 982666 under Known Issues in
   the Executive Summary to address the issue where specific
   installations of IIS fail on restart after installing this
   security update.
- Originally posted: June 8, 2010
- Updated: June 30, 2010
- Bulletin Severity Rating: Important
- Version: 1.1

* MS10-038 - Important

- http://www.microsoft.com/technet/security/bulletin/ms10-038.mspx
- Reason for Revision: V1.2 (June 30, 2010): Added a link to
   Microsoft Knowledge Base Article 2027452 under Known Issues
   in the Executive Summary.
- Originally posted: June 8, 2010
- Updated: June 30, 2010
- Bulletin Severity Rating: Important
- Version: 1.2

* MS09-040 - Important

- http://www.microsoft.com/technet/security/bulletin/ms09-040.mspx
- Reason for Revision: V1.1 (June 30, 2010): Added a link to
   Microsoft Knowledge Base Article 971032 under Known Issues in
   the Executive Summary.
- Originally posted: August 11, 2009
- Updated: June 30, 2010
- Bulletin Severity Rating: Important
- Version: 1.1

Monday, June 28, 2010

All Available IMP Links for SCCM destination

Many times people things about the destination of SCCM Available resources below are some i can suggest

Books:- Yep there are Three Books available below are the links

1) System Center Configuration Manager (SCCM) 2007 Unleashed by Kerrie Meyler $37.79 http://www.amazon.com/System-Center-Configuration-Manager-Unleashed/dp/0672330237

2) Mastering System Center Configuration Manager 2007 R2 by Chris Mosby $37.79

3) System Center Operations Manager 2007 Unleashed by Kerrie Meyler $40.94

 

CBT’s,

Yes there are two best CBT’s offered these are most popular

cbtnuggets

http://www.cbtnuggets.com/webapp/product?id=421

Exam-Pack 70-401: Microsoft Systems Center - Configuration Manager
$299.00 - Includes 20 Videos

 

CBT Planet

http://www.cbtplanet.com/microsoft-it/microsoft-system-center-configuration-manager-training-video.htm

Microsoft System Center Configuration Manager 2007 (SCCM) CBT Training Course

 

Topics Based Courses also offered from

http://blogcastrepository.com/level5/sccm/default.aspx

for some of them it is free and for most of them you need to pay :D

 

OK, Now Cools free supported WebPages for SCCM & SMS is below

and also…..

Rod Trent's Blog

Great people Blogs:

SMS 2003 Client Health : GP Based Script

Source:-http://www.myitforum.com/absolutenm/templates/Articles.aspx?articleid=17217&zoneid=87

 

Overview

Workstation Client Health maintenance is a continuous process that must be maintained. The following document gives an overview on how to fix several common workstation issues.
CliFix GPO startup script :- Can be downloaded from here http://myitforum.com/cs2/blogs/scassells/Public_SMS_CLIFIX_4.19.vbs.txt
In an effort to reduce the amount of common workstation issues I have developed a script to check and change the following common issues. This script is to be run via GPO startup scripts. This requires the script to work as the system account and have intranet connectivity. Both are accomplished by running as a GPO. Script Requirements
  1. Script must be in a location where the computers system account has access. Usually on your domain controller ex. \\FQDNDomain\sysvol\ FQDNDomain\
  2. sc.exe must be present for full successful run.
    1. Either in the run path
    2. system32
    3. system32\DLLCache
    4. Note: there are multiple versions floating around in the average environment
  3. regsvr32.exe needs to be present
  4. %systemroot%\system32 needs to be in system path
Script Settings

All, unless I missed some, sections of the script can be turned on and off in the top of the script. Please review the script as some features will fail without modification.

Please Review the following CONFIG SETTINGS Variables:

  • SMSVersion
  • ConfigMgrVersion
  • WKS_ASSIGNSITECODE
  • WKS_CacheSize
  • WKS_LocalAdminGroup
  • WKS_admACCT
  • RegPath
  • strWebAddress
  • StrCCRServer
  • strCCRSiteCode
  • CCMSetUP
What the Script Does
  1. Checks to make sure the script has not run in X many hours.
    1. Example if X = 12 the script will not run again until at least 12 hours after the last occurrence.
    2. This will prevent a slow down on multiple reboots.
  2. Sets DCOM permissions to be correct for SMS / SCCM configuration
  3. Checks to make sure System Path has the 3 required windows paths enabled. (does NOT use WMI or require a restart to change values)
    1. C:\windows
    2. C:\windows\sysetm32
    3. C:\windows\system32\wbem
    4. Also removes %systemroot% from path replacing it with correct full path value
    5. If one of the 3 paths is missing, it will parse the full path removing duplicates and adding a,b,or c to the beginning of the path statement leaving all else unchanged.
  4. Check to see if sc.exe exists in the run from directory and if not in the system32 directory
  5. Checks to see if this script is run on a workstation or server. If a server kills the script
  6. Checks to make sure the correct local admin group is present (value is set in header of script)
  7. Checks WMI service to see if it is set to auto and running. If not executes sc.exe to start the service.
  8. Attempts to connect to WMI object
  9. If the WMI object connect fails
    1. Attempt to do a repair (if no previous status is present in the registry and approved via script switches)
    2. Attempt to do a rebuild (if ‘repair’ status is present in the registry and approved via script switches)
    3. If both the above have failed then do nothing and report major error
  10. Checks to see if Admin$ is present, if not forces existence via WMI
  11. Checks to see if msxml3.dll is registered, if not forces existence via WSH
  12. Checks to see if Qmgr.dll and qmgrprxy.dll are registered, if not forces existence via WSH
  13. Checks to see if OLEAut32.dll is registered, if not forces existence via WSH
  14. Checks to make sure the following services are set to appropriate Status and Mode
    1. RPC
    2. WMI
    3. Firewall/ICS
    4. Server Service
    5. Remote Registry
    6. BITS
    7. Windows Update Services
    8. Terminal Services
    9. Windows Installer
    10. Note: You may want to review the settings for your environment on each of these services. All of the above services are set to default and either Manual or Automatic.
  15. Check the SMS version
  16. Checks the CCMExec service
  17. If SMS is not correct version can be forced to do an install
    1. Needs Review
  18. If the all of the above test passed without issue you have a healthy workstation. The following two checks are for SMS.
    1. Check log file last update time. If the PolicyEvaluator.log file has not been modified in past 14 days do a repair of the client.
    2. Check client assignment. If no assignment set new site code based on AD boundaries in which the client is present.
      1. Note: Some people may want to disable this as it relies on AD
  19. If any fixes above had to be preformed
    1. Check the advanced client state. Which client policies have enabled.
    2. Check the cache size
    3. Send a Client Configuration Request (CCR) to have client installed
    4. Run CCMSetup from the install share on the server.
Note during this script several forms of reporting, logging, and information submitting have been preformed. The standard methods of reporting are:
  • Event log
  • Log file in the %temp% directory for the account used to run
    • GPO = C:\windows\temp
  • Reporting to a website that submits client status to a SQL table.
    • Future WebPost on how to do this
Other verbose methods include:· Two levels of command line reportingo Log to Command lineo Verbose to command line· network share copy

Future Additions:

Area's that need improvement

Below are the port Numbers used in SMS 2003

• Site Server to child and secondary sites as well as SMS SQL Server.
445 - Server Message Block (SMB)
389 - Lightweight Directory Access Protocol (LDAP)
636 - LDAP (Secure Sockets Layer (SSL) connection)


• Proxy Management point to parent SQL Server
1433 - TCP (SMS Site Server to SQL Server)
389 - LDAP
636 - LDAP (Secure Sockets Layer (SSL) connection)


• Advanced Client to Management Point and Distribution Point
80 - Hypertext Transfer Protocol (HTTP)
139 - Client sessions (for non BITS-enabled DPs)
445 - Server Message Block (for non BITS-enabled DPs)
389 - UDP (User Datagram Protocol) LDAP Ping
389 - TCP LDAP
636 - TCP LDAP (Secure Sockets Layer (SSL) connection)
3268 - TCP (Explicit connection to Global Catalog)


• Remote Control System service (Wuser32)
2703 - TCP SMS Remote Chat
2703 - UDP SMS Remote Chat
2701 - TCP SMS Remote Control (Control)
2701 - UDP SMS Remote Control (Control)
2702 - TCP SMS Remote Control (Data)
2702 - UDP SMS Remote Control (Data)
2704 - TCP SMS Remote File Transfer
2704 - UDP SMS Remote File Transfer


• Remote Control UDP *
137 - Name resolution
138 - Messaging
139 - Client sessions
* Only applies if you use NetBIOS over TCP/IP for SMS Remote Control
• Microsoft SQL Server
1433 - TCP SQL server
139 - TCP Named pipes


• Active Directory Discovery methods
389 - TCP LDAP
389 - UDP LDAP
636 - TCP LDAP (Secure Sockets Layer (SSL) connection)
135 - TCP RPC Endpoint Mapper
135 - UDP RPC Endpoint Mapper
3268 - TCP Global Catalog LDAP
3269 - TCP Global Catalog LDAP (Secure Sockets Layer (SSL) connection)
88 - TCP Kerberos
88 - UDP Kerberos


• Microsoft Windows NT UDP
53 – UDP Domain Name System (DNS)
67 – UDP Dynamic Host Configuration Protocol (DHCP)
135 – TCP Remote procedure call (RPC)
138 – UDP Windows Internet Name Service (WINS)
138 – UDP NetBIOS Datagram Service Computer Browser
139 – TCP NetBIOS Datagram Service Messenger

OSD Log Files Location

Unfortunately, the smsts.log can be stored in one of 7 locations, depending on the stage of the build and the architecture of the OS:

  • WindowsPE, before HDD format:
          x:\windows\temp\smstslog\smsts.log
  • WindowsPE, after HDD format:
          x:\smstslog\smsts.log and copied to c:\_SMSTaskSequence\Logs\Smstslog\smsts.log
  • Full version windows, before SCCM agent installed:
          c:\_SMSTaskSequence\Logs\Smstslog\smsts.log
  • Full version windows, after SCCM agent installed:
          c:\windows\system32\ccm\logs\Smstslog\smsts.log
  • Full version x64 windows, after SCCM agent installed:
          c:\windows\sysWOW64\ccm\logs\Smstslog\smsts.log
  • After Task Sequence has finished running
          c:\windows\system32\ccm\logs\smsts.log
  • After Task Sequence has finished running(x64)
          c:\windows\sysWOW64\ccm\logs\smsts.log

Thursday, June 24, 2010

Windows Update Explained

Windows Update Explained

Source  as it is

http://download.microsoft.com/download/a/9/4/a94af289-a798-4143-a3f8-77004f7c2fd3/Windows%20Update%20Explained.docx

 

How the Software Update Service Works and Why it Matters to You

Published: September 2008

For more information, please see http://www.microsoft.com/windows/downloads/windowsupdate/default.mspx

Contents

Introduction. 1

The Problem with Keeping Computers Up to Date. 1

Windows Update to the Rescue. 2

Windows Update for Individual Computers. 2

Windows Update in Windows Vista. 2

Windows Update in Windows XP. 4

Updating Networked Computers. 6

Windows Server Update Services. 6

Customizing Windows Server Update Services. 6

How Updating Works. 7

Checking for updates. 7

Downloading updates. 7

Installing Updates. 8

Rebooting your computer. 8

Reporting. 8

When the Windows Update Client is Updated. 9

Security Protections in Windows Update. 9

Additional Resources. 10


Introduction

We’ve all heard about or even experienced the havoc that computer viruses and other malicious software can cause to PCs and computer networks. Computer hackers are constantly trying to find ways to attack networks and computers with the intent of committing fraud and other crimes. When they succeed, individuals and enterprises can lose a great deal of time and money. In spite of their high cost and the headaches they cause, many security breaches are easily avoidable. The security fixes are available, but users don’t get them installed quickly enough (or at all).

Have you ever wondered what Microsoft is doing to help? Or did you know that Microsoft® Windows® Update is an important part of the solution, but weren’t sure exactly what it does or how it works. If so, this paper is for you.

For individual PC users, this paper will help you understand how to use Windows Update to keep your PC up to date, not only to help protect it from malicious software, but to keep it functioning at its best. If you’re responsible for networked computers, this paper will help you understand how Windows Update and Windows Server® Update Services (WSUS) can help protect groups of computers.

The Problem with Keeping Computers Up to Date

With Internet usage increasing, it’s more important than ever to keep your PC protected from malicious code. Understanding this, the people at Microsoft have been hard at work to help ensure that your PC continues to function well and that your personal information is very safe. Special teams at Microsoft proactively search for security vulnerabilities in Microsoft software and provide security updates. One of those teams is the Microsoft Security Response Center (MSRC). The MSRC is on call 24 hours a day, 7 days a week and dedicated to identifying, monitoring, resolving, and responding to Microsoft software security vulnerabilities.

In addition to security updates, Microsoft provides other software updates that make your computer run better and give you a better Windows experience. For example, an update may fix an issue with a hardware device, improve the performance of your computer, or deliver improved Windows features.

Downloading and installing the latest software updates, particularly security updates, quickly and consistently on your PC is vital to maintain both its security and its proper functioning. For network administrators, applying updates on computers across your organization—small, medium, or large—is a crucial measure for keeping your systems secure and running properly. Yet doing this manually requires constant time and attention, which many people simply don’t have available for the task. There must be an easier way!

Windows Update to the Rescue

Fortunately, there is an easier way, thanks to Windows Update, a free, built-in service included with Windows. This service helps you keep your PC more secure and reliable as well as compatible with devices and applications. It provides a single location for getting updates and scheduling automatic updating.

Using Windows Update by itself, you get updates for Windows and new or updated hardware drivers. For the other Microsoft software installed on your computer, use Microsoft Update. By turning on Microsoft Update, you get all of the benefits of Windows Update, but you get security and non-security updates for your other Microsoft software, such as Microsoft Office and the Windows Live™ network of internet services. Turning on Microsoft Update is recommended for all Windows PCs. To turn on Microsoft Update, go to http://update.microsoft.com/microsoftupdate.

Windows Update for Individual Computers

It is easy to improve the security and reliability of your PC, and take advantage of the continuous improvements Microsoft makes to Windows. Just use this four-step process:

1. Turn on Windows Update. You probably did this when you set up your new PC by selecting the option to “Help protect Windows automatically.”

2. Use the recommended settings. Windows Update is designed to work automatically and not interrupt you while you’re working on other things. Using the recommended settings, you get all of the benefits from the service, such as quick delivery of very important security updates, and you get them with fewer interruptions.

3. Turn on Microsoft Update. Microsoft Update includes updates for both Windows and other Microsoft products. This makes it easy to keep all your Microsoft software updated. To turn on Microsoft Update, go to http://update.microsoft.com/microsoftupdate.

4. Check Windows Update periodically. You will find a list of lower priority recommended and optional updates that you can choose to download and install. These include driver updates, new product features, and so forth. These updates will keep your PC functioning smoothly.

Windows Update has slightly different settings in the Windows Vista® and Microsoft Windows XP operating systems, as described in the following sections. For more information about Windows Update and its features, see http://www.microsoft.com/windows/downloads/windowsupdate/default.mspx.

Windows Update in Windows Vista

In Windows Vista, you can configure Windows Update settings and view and install updates from Windows Update in your Control Panel. If you go to the Windows Update Web site (http://update.microsoft.com), Windows Update opens automatically.

Getting Help in Windows Vista

Windows Update Help provides complete information and procedures for using Windows Update. To open it, click the Help button in the upper-right corner of the Windows Update control panel.

Figure 1: Windows Update control panel in Windows Vista

To configure or change settings, click the Change settings link in the left navigation pane. The Change settings screen displays.

Figure 2: Change settings screen in Vista

The most secure option is Install updates automatically (recommended). When you choose this option, you don't have to worry that critical fixes for Windows might be missing from your computer if you don’t have time to install them personally. Nor must you worry about Windows Update slowing down your PC’s Internet connection, while it downloads updates, because it operates in the background in a way that won’t interfere with your Internet usage. For more information about how Windows Update behaves during the download and installation process, see “How Updating Works,” later in this paper.

Updates in Windows Vista

Important updates offer significant benefits, such as improved security and reliability. Examples include security and critical reliability updates.

Recommended updates address non-critical problems and help enhance your computing experience. Examples include upgrades to Windows features and less important software updates.

Optional updates are not downloaded or installed automatically. Examples include less critical driver updates and new Windows or Microsoft software.

You can choose to have updates downloaded automatically and then install them manually, or you can choose to both download and install updates manually. In either case, Windows Update still continuously checks for updates automatically and notifies you when important or recommended updates are available. Still, the most convenient and secure option is to make both download and installation automatic.

Even if your PC is configured for automatic updating, you should periodically check that important updates have been installed and also check for Optional updates. To do to this, click the Check for updates link in the left navigation pane of the Windows Update control panel. On the screen that displays, you can review any available updates and install them.

Windows Update in Windows XP

In Windows XP, check for updates from the Windows Update Web site http://update.microsoft.com, and configure automatic updating settings from the Automatic Updates program in Control Panel, shown in the following figure.

Getting Help in Windows XP

For general Windows Update help and support go to http://update.microsoft.com and click Get help and support in the left-hand navigation pane.

To get help for the Automatic Updates program in Control Panel, click How does Automatic Updates work?

Figure 3: Automatic Updates control panel in Windows XP

The most secure option is Automatic (recommended). When you choose this option, you don't have to worry that critical fixes for Windows might be missing from your computer.

Updates in Windows XP

High-priority updates offer significant benefits, such as improved security and reliability. Examples include security and critical reliability updates.

Optional updates are not downloaded or installed automatically. You need to manually view and install these updates from within Windows Update. Examples include less important software updates, drivers, updates to Windows features, and new Windows or Microsoft software.

You also don’t need to worry about Windows Update slowing down your PC’s Internet connection and computer. It is designed to operate in the background and minimize interruptions. For more information about how Windows Update behaves during the download and installation process, see “How Updating Works,” later in this paper.

You can choose to have updates downloaded automatically and then install them manually, or you can choose to both download and install updates manually. In either case, Windows Update still continuously checks for most updates automatically and notifies you when High-Priority updates are available. Still, the most convenient and secure option is to let Windows Update download and install updates automatically.

With Windows XP, you should check the Windows Update Web site regularly because many of the updates that improve your experience with Windows are not installed automatically. To view all of the available updates, first make sure you upgrade to Microsoft Update, and then click the Custom button, as shown in the following figure.

Figure 4: Windows Update Web site for Windows XP

Updating Networked Computers

Windows Update makes it easy to automatically update a home computer or small group of business computers. However, if you are managing a network of 10 or more computers, you may want to manage the update process for computers on your network. By managing the update process, you have more control over which updates are installed and when they are installed.

Windows Server Update Services

Windows Server Update Services (WSUS) is a free add-on for the Windows Server operating system to help network administrators manage updates for computers. By using WSUS with Active Directory® group policy, administrators can fully manage update settings and the distribution of updates for computers on their network. To find out more about using WSUS, go to the Windows Software Update Services (WSUS) Web site http://technet.microsoft.com/en-us/wsus/default.aspx.

Note: Microsoft also provides the System Center Family of business software for fully managing (including updates) desktop computers and servers in medium to large organizations. For more information, see http://www.microsoft.com/systemcenter/en/us/default.aspx.

Customizing Windows Server Update Services

Microsoft provides a complete, programmable, and scriptable API that network administrators and software developers can use to create custom updating behaviors for WSUS. System administrators can use the WSUS API to determine which updates apply to a computer or group of computers, download those updates, and install them with little or no user intervention. Independent software vendors and developers can integrate WSUS features into computer management or update management software to provide a seamless operating environment. For more information, see http://msdn.microsoft.com/en-us/library/bb905331.aspx.

How Updating Works

During the updating process, the Windows Update client operates in the background to download and install updates. (The Windows Update client is the Windows Update component running on your PC.) It does this automatically, according to your settings, and in a “silent” manner that doesn’t disrupt your computer usage. This section describes how Windows Update behaves during the update process.

Checking for updates

The Windows Update client on your PC checks the Windows Update server at Microsoft for the availability of new updates at random intervals, every 17 to 22 hours. The randomization ensures that the Windows Update server is not overloaded with requests for updates all at the same time. The client is very efficient in checking for new updates and searches only for updates that have been added since the last time updates were searched, allowing it to find updates quickly and efficiently.

When checking for updates, the Windows Update client evaluates whether the update is appropriate for your computer using guidelines defined by the publisher of the update, for example, Microsoft Office.

If the computer is not online at the time you specified to check for updates, then the Windows Update client begins checking every five hours until it successfully finds updates. If more than 30 days have gone by without successfully finding updates, the client will notify you. If you should receive such a notification, you should connect your computer to the Internet, go to the Windows Update Web site, and check for updates.

Downloading updates

Once the Windows Update client determines which updates apply to your computer, it will begin downloading the updates, if you have selected the option to automatically download updates. It does this in the background without interrupting your normal use of the computer.

To ensure that your other downloads aren’t affected or slowed down because updates are downloading, Windows Update uses the Background Intelligent Transfer Service (BITS) technology which downloads updates using idle bandwidth. This technology ensures that Windows Update downloads only when no other active download is in progress on the computer. This allows you to smoothly carry on day-to-day activities even while updates are being downloaded in the background.

Windows Update also supports pausing and restarting downloads. You do not have to worry if you need to shut down your computer, or if you have lost your Internet connection while an update is downloading. Once the connection is reestablished, the download will continue where it left off.

Installing Updates

When downloading is complete, depending on your Windows Update settings, the Windows Update client either installs the updates automatically, or else it notifies you of the download without performing the installation. You do not need to be logged in to your computer for Windows Update to automatically install updates.

When you install Microsoft software

When you install or reinstall a program, you must reinstall updates that came out after the installation CD or installer was created. For some programs there may be multiple updates available and some updates may require a previously released update to be installed.

When the option to automatically install updates is configured, the Windows Update client tries to install updates as they become available. For example, if updates are available when you begin shutting down your computer, it gives you the option to install the updates before shutting down the computer. Otherwise, it installs them during the time you have specified for updates to be automatically installed. The default time for updates to be automatically installed is 3:00 AM daily.

If your computer is not turned on during the scheduled time for installing updates, the Windows Update client will try to wake up the PC (if the PC was asleep), or wait for the PC to be turned on again. As soon as the PC is running again, it will install the updates.

Rebooting your computer

When the option to automatically install updates is configured, the Windows Update client, in most cases, automatically restarts the PC for you after installing the updates. This is necessary because your PC may be insecure, or not fully updated, until a restart is completed. To reduce the number of computer restarts required, the client attempts to install as many updates as possible together. If you are using the computer, you may be given the option to postpone the restart.

Most updates can be installed automatically without any user intervention. Some updates, however, such as service packs require the user to provide explicit consent. These are not automatically installed. When you install updates manually, be sure to restart your PC if prompted to do so. Otherwise, the PC may not be updated until a restart is performed.

Reporting

The Windows Update client reports back to Microsoft regarding which updates have installed successfully and which, if any, failed to install. This helps the Windows Update team verify the quality of the updates provided by Windows Update. No personally identifiable information (PII) is sent to Microsoft or stored by Microsoft with the report. For more information, read the Windows Update privacy statement online at http://update.microsoft.com/windowsupdate/v6/vistaprivacy.aspx?ln=en-us.

The Windows Update client keeps a log of all the different actions it performed on a particular computer at %windir%\windowsupdate.log. On Windows Vista, this log is available from the Windows Update control panel.

When the Windows Update Client is Updated

From time to time, Microsoft needs to update and enhance the Windows Update service, and that includes updating the Windows Update client software on your PC. If Windows Update is configured to check for updates, it installs a newer version of the Windows Update client automatically, so that it can continue to check for updates. If Windows Update is completely turned off, the client is not updated. If the client doesn’t update automatically then it may not be able to notify you about new updates. For this reason, Windows Update always updates the client automatically before checking for other updates. Given how important it is to maintain the quality of the update service, Windows Update always updates itself when it is turned on, regardless of whether you've chosen the option to have updates automatically installed or to be notified that they are available so that you can manually install them. If you have automatic updating turned off completely, the next time you manually check for updates, you will be prompted to update the Windows Update client before installing any updates.

Security Protections in Windows Update

Windows update implements many security checks and restrictions to ensure that the security of your computer is not compromised. The most critical checks validate the authenticity and quality of the software and updates that are installed on a machine. Some of the ways in which Windows Update maintains the integrity of the updates that get installed are as follows:

1. Windows Update uses the Secure Socket Layer (SSL) protocol to send and receive information. SSL is used to encrypt the information being transferred, prevents hackers from tampering with information being transferred, and verifies that the Windows Update agent is transferring data from an authorized Microsoft server.

2. Each update is individually signed using the Secure Hashing Algorithm (SHA-1). This technology allows Windows Update to confirm that the update has been downloaded correctly and hasn’t been changed by anyone. The update signature is also compared to information in the update metadata that was previously downloaded.

3. Windows Update also checks for the certificate associated with each update. This certificate provides a means for Windows Update to validate the source of each update. Currently Windows Update will only install updates that have certificates issued by Microsoft or other providers that are trusted by Microsoft.

Windows Update has many more internal security checks and controls. For example, Windows Update ensures that any action that can make your machine less secure (like turning off Windows Update) can only be performed by an authorized administrator.

To help keep your PC more secure and reliable, it's a good idea to install new updates as soon as they're available. The easiest way to install updates is to use the Windows Update service and make sure automatic updating is turned on. Now that you know how important—and easy—it is, be sure to check your Windows Update settings today.

Additional Resources

For additional information about configuring and using Windows Update or to find a discussion group, see the Windows Update Home Page. http://www.microsoft.com/windows/downloads/windowsupdate/default.mspx

For help and support, including solutions for top issues with using Windows Update and explanations of error messages, see the Microsoft Update Solution Center. http://support.microsoft.com/ph/6527#tab3

For information about managing Windows Update on an enterprise network, see the Update Management Tech Center.
http://technet.microsoft.com/en-us/updatemanagement/bb259683.aspx

To learn how Microsoft monitors and responds to security issues, see the Microsoft Security Response Center Web site. It offers tools such as an alert service, monthly webcast, blog, and Really Simple Syndication (RSS) feeds to help you stay current with security-related updates and information for Windows. http://www.microsoft.com/security/msrc/default.mspx

To learn about new security updates, find how-to articles and security tips, and get answers to security-related questions, see the Microsoft Security at Home Web site for the free, monthly Security Newsletter for Home Users from Microsoft. http://www.microsoft.com/protect/default.mspx

For a clearinghouse of information and links about protecting your computer, see http://www.microsoft.com/protect/computer/updates/default.mspx.

The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.

This white paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS
DOCUMENT.

Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in, or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

© 2008 Microsoft Corporation. All rights reserved.

Microsoft, Active Directory, the Security Shield logo, Windows, Windows Live, Windows Vista, Windows Server, the Windows logo, and the Windows Update Icon are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

Wednesday, June 23, 2010

RUN Command Tip’s

1. Click Start/Run and type APPWIZ.CPL to open "Add/Remove Programs"

2. Click Start/Run and type SYSDM.CPL to open "System Properties"

3. Click Start/Run and type HDWWIZ.CPL to open the Add New Hardware Wizard

4. Click Start/Run and type NCPA.CPL to open "Network Connections"

5. Click Start/Run and type LOGOFF and press Enter to LOG OFF the current logged user

List of log files with the description of each to remember easy.

 

Client Component Installation Manager - Ccim

Client Configuration Manager - Ccm

Client Install Data Manager - Cidm

Collection Evaluator - Colleval

Component Status Summarizer - Compsumm

Courier Sender - Coursend

Courier Sender Confirmation - Cscnfsvc

Despooler - Despool

Discovery Data Manager - Ddm

Distribution Manager - Distmgr

Hardware Inventory Agent - Hinv

Hierarchy Manager - Hman

Hierarchy Manager - Sitecomp

Inbox Manager - Inboxmgr

Inbox Manager Assistant - Inboxast

Inventory Data Loader - Dataldr

Inventory Processor - Invproc

LAN Sender - Sender

License Metering - Licrsvc

License Server Manager - Licsvcfg

Network Discovery - Netdisc

Offer Manager - Offermgr

Offer Status Summarizer - Offersum

Replication Manager - Replmgr

Scheduler - Sched

Sender - Sender

Setup - SMSsetup

Site Component Manager - Sitecomp

Site Control Manager - Sitectrl

Site System Status Summarizer - Sitestat

SMS Administrator Provider - SMSprov

SMS Executive - SMSexec

SMS NT Logon Manager - NT_logon

SMS Provider - SMSprov

SMS SQL Monitor - SMSdbmon

SMS_Bootstrap Service - SMS_bootstrap

Software Inventory Agent - Sinv

Software Inventory Processor - Sinvproc

SQL Error Logs – Errorlog  and sqldbmon

Status Manager - Statmgr

Windows Networking Logon Discovery - NTlgdscm

Windows Networking Logon Installation - NTlginst

Windows NT Logon Discovery Agent - Ntlgdsca

Windows NT Logon Discovery Manager - Ntlgdscm

Windows NT Logon Server Manager - NT_logon

Windows NT Server Discovery Agent – Ntsvrdis

SCCM Product released Dates

image

SMS & ConfigMgr Support

 

  • If you are running SMS 2003, its time to migrate.  That product ended Mainstream support Jan 11, 2010
  • If you are running the RTM version of Configuration Manager 2007, that level of product is now out of mainstream support as of July 2009
  • If you are running Configuration Manager 2007 SP1, that level of product will go out of Mainstream support at the end of calendar 2010.
  • If you are doing a net new deployment, the recommendation is ConfigMgr SP2, on Windows Server 2008 or ‘08 R2.
  • If you are at a current level like SP2 now, its time to check out the very cool new features in the R3 beta – like Power Management.

What Service Pack level required for Supporting

 

  • Windows 7 as a managed client requires ConfigMgr SP2
  • Windows Server 2008 either as a managed client or a host for a site role required Service Pack 1
  • Windows Server 2008 R2 either as a managed client or a host for a site role requires Service Pack 2
  • Monday, June 21, 2010

    Microsoft Desktop Optimization Pack (MDOP)

    Productivity, manageability and reduced total cost of ownership for enterprise desktops

    Enterprise IT infrastructures are increasingly complex to manage. The Microsoft Desktop Optimization Pack (MDOP) is a dynamic desktop solution that is available as a subscription for Software Assurance customers. The solution suite enhances application deployment and compatibility, increases IT responsiveness and end user uptime, and helps reduce total cost of ownership (TCO) of your desktop software and IT management.

    MDOP employs six innovative technologies to increase desktop manageability, reduce TCO, and improve overall infrastructure satisfaction:

    MDOP 2009 R2 for Windows 7 is now available!

    Learn more about MDOP 2009 R2 features.

    Read more about how customers and partners use MDOP.

    MDOP subscribers can download the software at Microsoft Volume Licensing Site (MVLS).

    MDOP is also available for test and evaluation for MSDN* and TechNet** subscribers in accordance with MSDN and TechNet agreements.

    * Available to levels: TechNet Plus SA Media; TechNet Plus (retail); TechNet Direct (retail); TechNet Plus (VL); TechNet Plus Direct (VL); TechNet Cert Partner; TechNet Gold Cert Partner; T1.

    ** Available to levels: VS Pro with MSDN Premium (Empower); Developer AA; MSDN Universal (retail); VSTS Team Suite (VL); VSTS Architecture (VL); VSTS Development (VL); VSTS Test (VL); VS Pro with MSDN Premium (VL); MSDN Universal (VL); VSTS Database (VL); VS Pro with MSDN Premium (retail); VSTS Test (retail); VSTS Development (retail); VSTS Architecture (retail); VSTS Team Suite (retail); VSTS Database (retail); BizSpark Admin; BizSpark.

    HTTP 500 Internal Server Error when accessing SCCM Reports

    If you are receiving HTTP 500 Internal Server Error when accessing SCCM Reports via web browser, check the following settings:

    1. Make sure that you are not hitting the limit of maximum rows returned by a report query. By default, report viewer in SCCM 2007 is configured to limit the results returned by a report query to 10 000 rows.

    To change the number of rows returned by a report query, create the Rowcount DWORD value under the HKEY_LOCAL_MACHINE\Software\Microsoft\SMS\Reporting registry key.

    Set its value to the number of rows that you want returned in the report query. If you want to return all rows, set the value to 0xffffffff, which is the hexadecimal equivalent of –1.

    For more information, refer to the following TechNet article: How to Configure the Maximum Rows Returned by a Report Query, available at the: http://technet.microsoft.com/en-us/library/bb680885.aspx

      2. Increase the ASP response buffer limit size (aspbufferinglimit).

      In IIS 6.0 change has been introduced which limits a default ASP response buffer to 4 MB. Increasing the buffer limit might help you in resolving this problem. To increase the buffer limit, follow these steps:

      • Click Start, click Run, type cmd, and then click OK.
      • Type the following command, and then press ENTER:

      cd /d %systemdrive%\inetpub\adminscripts

      • Type the following command, and then press ENTER:

      cscript.exe adsutil.vbs SET w3svc/aspbufferinglimit LimitSize

      LimitSize represents the buffering limit size in bytes. For example, the number 67108864 sets the buffering limit size to 64 MB.

      To confirm that the buffer limit is set correctly, follow these steps:

      •   Click Start, click Run, type cmd, and then click OK.
      • Type the following command, and then press ENTER:

      cd /d %systemdrive%\inetpub\adminscripts

      • Type the following command, and then press ENTER:

      cscript.exe adsutil.vbs GET w3svc/aspbufferinglimit

      In my case, setting the limit to the value of 12582912 (12 MB) did the trick in the Configuration Manager environment of approximately 10 000 managed devices (SCCM Clients).

      For more information about the ASP response buffer limit, refer to the following article: Error message when a Web browser sends a request for an active server page to a Web server that is running IIS 6.0: “Response buffer limit exceeded”, available at the: http://support.microsoft.com/kb/925764

      Below are the basic exceptional for any antivirus for Microsoft products…

       

      Windows:
      KB822158 Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows

      Windows / Active Directory:
      http://support.microsoft.com/kb/822158
      http://support.microsoft.com/kb/837932
      http://support.microsoft.com/kb/943556

      Cluster:
      http://support.microsoft.com/kb/250355

      Forefront: Considerations when using antivirus software on FF Edge
      Products

      http://support.microsoft.com/kb/943620
      http://technet.microsoft.com/en-us/library/cc707727.aspx

      FRS:
      http://support.microsoft.com/kb/815263

      SQL:
      http://support.microsoft.com/kb/309422

      IIS:
      http://support.microsoft.com/kb/821749
      http://support.microsoft.com/kb/817442

      DHCP:
      http://support.microsoft.com/kb/927059

      SCOM / MOM:
      http://support.microsoft.com/kb/975931

      Hyper-V:
      http://support.microsoft.com/default.aspx/kb/961804

      Exchange:
      Exchange 2010: http://technet.microsoft.com/en-us/library/bb332342.aspx
      Exchange 2007: http://technet.microsoft.com/en-us/library/bb332342(EXCHG.80).aspx
      http://support.microsoft.com/kb/328841
      http://support.microsoft.com/kb/823166
      http://support.microsoft.com/kb/245822
      http://technet.microsoft.com/en-us/library/bb332342(EXCHG.80).aspx
      http://technet.microsoft.com/en-us/library/bb332342.aspx

      SharePoint:
      http://support.microsoft.com/kb/952167
      http://support.microsoft.com/kb/320111
      http://support.microsoft.com/kb/322941

      SMS:
      http://support.microsoft.com/kb/327453

      ISA:
      http://support.microsoft.com/kb/887311

      WSUS:
      http://support.microsoft.com/kb/900638

      SBS:
      http://support.microsoft.com/kb/885685

      Med-V
      Recommended Anti-Virus exclusions for MED-V client and workspace installations

      System Center:
      Recommendations for antivirus exclusions in MOM 2005 and Operations Manager 2007

      APP V

      Below are the APP-V Virtual LABs available

      Learning App-V Basics includes preparation, streaming and launch of virtual applications

      Learning App-V Intermediate Skills includes Application update, Dynamic Suite Composition and Metering

      Learning to Configure App-V for Standalone Client Mode includes Standalone Client Mode and AppLocker

      Wednesday, June 16, 2010

      ConfigMgr admin must aware of these

       

      Prerequisites for Installing Configuration Manager
      http://technet.microsoft.com/en-us/library/bb694113.aspx

      About Configuration Manager Client Installation Properties
      http://technet.microsoft.com/en-us/library/bb680980.aspx

      Planning for PXE Initiated Operating System Deployments
      http://technet.microsoft.com/en-us/library/bb680753.aspx

      Operating System Deployment in Configuration Manager
      http://technet.microsoft.com/en-us/library/bb632767.aspx

      Step-By-Step Example Deployment of the PKI Certificates Required for Configuration Manager Native Mode: Windows Server 2008 Certification Authority
      http://technet.microsoft.com/en-us/library/cc872789.aspx

      ConfigMgr 2007 Super Flows

      Others who downloaded Application Virtualization Sequencing SuperFlow also downloaded:

      1. Application Virtualization Sequencing SuperFlow http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=8c4dfab6-7ef5-4188-a531-346cf9bfe7bf
      2. Backup and Recovery SuperFlow for Configuration Manager 2007
      3. SuperFlow for Operating System Deployment via PXE
      4. Software Update Deployment SuperFlow
      5. Software Updates Synchronization SuperFlow
      6. SuperFlow for Configuring Software Updates
      7. SuperFlow for Creating SRS Report Models in Configuration Manager 2007

      Tuesday, June 15, 2010

      IMP Downloads from MYITFORUM Central place

       

      This is the place you will get all must needed tools and software's and documents that you need at your finger tips.

       

      http://myitforum.com/cs2/files/

       

      script that has WMI connection error will skip it and move to next

      strComputer = "MYcomputername"

      Set objExcel = CreateObject("Excel.Application")

      objExcel.Visible = True

      objExcel.Workbooks.Add

      intRow = 2

      objExcel.Cells(1, 1).Value = "Logon Name"

      objExcel.Cells(1, 2).Value = "Full Name"

      objExcel.Cells(1, 3).Value = "Description"

      objExcel.Cells(1, 4).Value = "Domain"

      objExcel.Cells(1, 5).Value = "Password Changeable"

      objExcel.Cells(1, 6).Value = "Password Required"

      objExcel.Cells(1, 7).Value = "Password Expires"

      objExcel.Cells(1, 8).Value = "Account Disabled"

      objExcel.Cells(1, 9).Value = "Account Locked Out"

      On Error Resume Next
      Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
      If err.Number <> 0 then
             Call Wscript.echo("Error has occurred connecting to WMI on workstation: " & strComputer)
      End if

      Set colItems = objWMIService.ExecQuery("Select * from Win32_UserAccount")

      For Each objItem in colItems

      objExcel.Cells(intRow, 1).Value = objItem.Name

      objExcel.Cells(intRow, 2).Value = objItem.FullName

      objExcel.Cells(intRow, 3).Value = objItem.Description

      objExcel.Cells(intRow, 4).Value = objItem.Domain

      If objItem.PasswordChangeable = True Then

      objExcel.Cells(intRow, 5).Value = "Yes"

      objExcel.Cells(intRow, 5).Font.ColorIndex = 10

      Else   

      objExcel.Cells(intRow, 5).Value = "No"

      objExcel.Cells(intRow, 5).Font.ColorIndex = 3

      End If

      If objItem.PasswordRequired = True Then

      objExcel.Cells(intRow, 6).Value = "Yes"

      objExcel.Cells(intRow, 6).Font.ColorIndex = 10

      Else   

      objExcel.Cells(intRow, 6).Value = "No"

      objExcel.Cells(intRow, 6).Font.ColorIndex = 3

      End If

      If objItem.PasswordExpires = True Then

      objExcel.Cells(intRow, 7).Value = "Yes"

      objExcel.Cells(intRow, 7).Font.ColorIndex = 10

      Else   

      objExcel.Cells(intRow, 7).Value = "No"

      objExcel.Cells(intRow, 7).Font.ColorIndex = 3

      End If

      If objItem.Disabled = True Then

      objExcel.Cells(intRow, 8).Value = "Yes"

      objExcel.Cells(intRow, 8).Font.ColorIndex = 10

      Else   

      objExcel.Cells(intRow, 8).Value = "No"

      objExcel.Cells(intRow, 8).Font.ColorIndex = 3

      End If

      If objItem.Lockout = True Then

      objExcel.Cells(intRow, 9).Value = "Yes"

      objExcel.Cells(intRow, 9).Font.ColorIndex = 10

      Else   

      objExcel.Cells(intRow, 9).Value = "No"

      objExcel.Cells(intRow, 9).Font.ColorIndex = 3

      End If

      intRow = intRow + 1

      Next

      objExcel.Range("A1:I1").Select

      objExcel.Selection.Interior.ColorIndex = 19

      objExcel.Selection.Font.ColorIndex = 11

      objExcel.Selection.Font.Bold = True

      objExcel.Cells.EntireColumn.AutoFit

      MsgBox "Done"

      Excel output Script : for file version check well explained

      Correct Script

      Set Fso = CreateObject("Scripting.FileSystemObject")
      Set InputFile = fso.OpenTextFile("MachineList.Txt")
      Set objExcel = CreateObject("Excel.Application")
      objExcel.Visible = True
      objExcel.Workbooks.Add

      intRow = 2
      Do While Not (InputFile.atEndOfStream)
      strComputer = InputFile.ReadLine

      intRow = intRow +1
      objExcel.Cells(1, 1).Value = "System Name"
      objExcel.Cells(1, 2).Value = "Version"
      Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
      Set colFiles = objWMIService.ExecQuery _
          ("Select * from CIM_Datafile Where Name = 'c:\\windows\\system32\\mshtml.dll'")

      For Each objFile in colFiles
      objExcel.Cells(intRow, 2).Value = objFile.Version
      objExcel.Cells(intRow, 1).Value = strComputer
      objExcel.Range("A1:B1").Select
      objExcel.Selection.Interior.ColorIndex = 19
      objExcel.Selection.Font.ColorIndex = 11
      objExcel.Selection.Font.Bold = True
      objExcel.Cells.EntireColumn.AutoFit
      Next
      loop
      Set objSheet = objExcel.ActiveWorkbook.Worksheets(1)
      Set objRange = objExcel.Range("B1")
      objRange.Sort objRange,1,,,,,,1
      ' loop
      MsgBox "Done"

       

      Wrong Script

       

       

      Set Fso = CreateObject("Scripting.FileSystemObject")
      Set InputFile = fso.OpenTextFile("MachineList.Txt")
      Do While Not (InputFile.atEndOfStream)
      strComputer = InputFile.ReadLine
      Set objExcel = CreateObject("Excel.Application")
      objExcel.Visible = True
      objExcel.Workbooks.Add
      intRow = 2
      objExcel.Cells(1, 1).Value = "System Name"
      objExcel.Cells(1, 2).Value = "Version"
      Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
      Set colFiles = objWMIService.ExecQuery _
          ("Select * from CIM_Datafile Where Name = 'c:\\windows\\system32\\mshtml.dll'")
      For Each objFile in colFiles
      objExcel.Cells(intRow, 2).Value = objFile.Version
      objExcel.Cells(intRow, 1).Value = strComputer

      objExcel.Range("A1:B1").Select
      objExcel.Selection.Interior.ColorIndex = 19
      objExcel.Selection.Font.ColorIndex = 11
      objExcel.Selection.Font.Bold = True
      objExcel.Cells.EntireColumn.AutoFit
      Next
      loop
      Set objSheet = objExcel.ActiveWorkbook.Worksheets(1)
      Set objRange = objExcel.Range("B1")
      objRange.Sort objRange,1,,,,,,1
      ' loop
      MsgBox "Done"

      Send Activity in Inboxes

       

       

      image

      ConfigMgr / SCCM Roles

      image_thumb[1]

      image_thumb[8]

      SCCM Roles

      image

      Monday, June 14, 2010

      Collection : For software distribution status if system pending for reboot

      For software distribution status if system pending for reboot

       

      select 
           SMS_R_SYSTEM.ResourceID,
           SMS_R_SYSTEM.ResourceType,
           SMS_R_SYSTEM.Name,
           SMS_R_SYSTEM.SMSUniqueIdentifier,
           SMS_R_SYSTEM.ResourceDomainORWorkgroup,
           SMS_R_SYSTEM.Client
      from
           sms_r_system AS sms_r_system
           join SMS_StatMsg  as st on sms_r_system.Name = st.MachineName
           join SMS_AdvertisementStatusInformation sti on st.MessageID = sti.MessageID
      where
              sti.messagestate = 102
       

      102 is the reboot pending code
      you can get the complete list of codes using the following sql query
       select distinct messagestate,MessageStateName from dbo.v_AdvertisementStatusInformation

      Collections based on software updates deployment status in Configuration Manager

      ConfigMgr sccm patching status based collections

      LastEnforcementMessageID
      LastEnforcementMessageName

      1        Enforcement started   

      3        Waiting for another installation to complete

      6    General failure

      8    Installing update   

      9    Pending system restart   

      10  Successfully installed update   

      11  Failed to install update   

      12  Downloading update   

      13  Downloaded update   

      So in this example we would like to use the status of reboot pending, the WQL query for the collection should look like this:

      select 
      SMS_R_SYSTEM.ResourceID,
      SMS_R_SYSTEM.ResourceType,
      SMS_R_SYSTEM.Name,
      SMS_R_SYSTEM.SMSUniqueIdentifier,
      SMS_R_SYSTEM.ResourceDomainORWorkgroup,
      SMS_R_SYSTEM.Client
      from
      sms_r_system AS sms_r_system
      inner join SMS_UpdateComplianceStatus as c on c.machineid=sms_r_system.resourceid
      where
      c.LastEnforcementMessageID = 9

      SMS 2003 Patching : Pending for reboot collection

      A collection listing all servers/clients that were pending reboot (see query statement):

       

       

       

      select SMS_R_System.ResourceID,SMS_R_System.ResourceType,SMS_R_System.Name,       SMS_R_System.SMSUniqueIdentifier,SMS_R_System.ResourceDomainORWorkgroup,SMS_R_System.Client
        from SMS_R_System inner join SMS_G_System_PatchStatus on SMS_G_System_PatchStatus.ResourceID = SMS_R_System.ResourceId where SMS_G_System_PatchStatus.LastStateName = "Reboot Pending"    

      One other best site to search for rapid links

      One other best site to search for rapid links

       

      http://www.frameworkmx.com/

      Where MS going?

      TO GET THE USER STATUS : Guest account status

       

      Set Fso = CreateObject("Scripting.FileSystemObject")

      Set InputFile = fso.OpenTextFile("MachineList.Txt")

      Do While Not (InputFile.atEndOfStream)

      strComputer = InputFile.ReadLine

      strUserName = "Guest"

      On Error Resume Next
      Set objUser = GetObject("WinNT://" & strComputer & "/" & strUserName)

      If objUser.AccountDisabled = True Then

      Wscript.Echo (strUserName) & " Is Disabled On " & UCase(strComputer)

      Else

      MsgBox UCase(strUserName) & " Is Enabled On " & UCase(strComputer)

      End If

      loop

      Wednesday, June 9, 2010

      Sysprep parameters

      Sysprep parameters
      You can use the following optional parameters with the Sysprep command in Windows XP:
      • -activated - Do not reset the grace period for Windows product activation. Use this parameter only if you have activated the Windows installation in the factory.
        Important The product key that you use to activate the Windows installation must match the product key that is located on the COA sticker that is attached to that particular computer.
      • -audit - Restarts the computer in Factory mode without having to generate new security IDs (SIDs) or process any items in the [OEMRunOnce] section of the Winbom.ini file. Use this command-line parameter only if the computer is already in Factory mode.
      • -bmsd - Populates all the available mass storage devices in the [SysprepMassStorage] section.
      • -clean - Clears the critical devices database that is used by the [SysprepMassStorage] section in the Sysprep.inf file.
      • -factory - Restarts in a network-enabled state without displaying Windows Welcome or mini-Setup. This parameter is useful for updating drivers, running Plug and Play enumeration, installing programs, testing, configuring the computer with customer data, or making other configuration changes in your factory environment. For companies that use disk imaging (or cloning) software, Factory mode can reduce the number of images that are required.
        When all the tasks in Factory mode are complete, run the Sysprep.exe file by using the -reseal parameter to prepare the computer for end-user delivery.
      • -forceshutdown - Shuts down the computer after the Sysprep.exe file finishes.
        Note Use this parameter with computers that have an ACPI BIOS that do not shut down correctly with the default behavior of the Sysprep.exe file.
      • -mini - Configures Microsoft Windows XP Professional to use Mini-Setup instead of Windows Welcome. This parameter does not affect Microsoft Windows XP Home Edition, where the first-run experience is always Windows Welcome.
        Note that if you plan to use the Sysprep.inf file to automate Mini-Setup, you must either run the Sysprep tool by using the -mini switch, or click to select the MiniSetup check box in the GUI interface. By default, if you do not choose to run Mini-Setup, Windows XP Professional runs the Windows Welcome.
      • -noreboot - Modifies registry entries (SID, OemDuplicatorString, and other registry entries) without the computer restarting or preparing for duplication. This parameter is mainly used for testing, specifically to see if the registry is modified correctly. Microsoft does not recommend this option because making changes to a computer after the Sysprep.exe file has run may invalidate the preparation that was completed by the Sysprep.exe file. Do not use this parameter in a production environment.
      • -nosidgen - Runs the Sysprep.exe file without generating new SIDs. You must use this parameter if you are not duplicating the computer where you are running the Sysprep.exe file or if you are preinstalling domain controllers.
      • -pnp - Runs the full Plug and Play device enumeration and installation of previous devices during Mini-Setup. This command-line parameter has no effect if the first-run experience is Windows Welcome.
        Use the -pnp command-line parameter only when you must detect and install previous, non-Plug and Play devices. Do not use the sysprep -pnp command-line parameter on computers that only use Plug and Play devices. Otherwise, you will increase the time that it takes for the first-run experience without providing any additional benefit to the user.
        Note When unsigned drivers are unavoidable, use the UpdateInstalledDrivers=yes parameter in conjunction with OemPnPDriversPath= and DriverSigningPolicy=ignore instead of the -pnp command-line parameter to provide a more seamless installation.
      • -quiet - Runs the Sysprep.exe file without displaying onscreen confirmation messages. This is useful if you are automating the Sysprep.exe file. For example, if you plan to run the Sysprep.exe file immediately after the unattended Setup program finishes, add the sysprep -quiet command to the [GuiRunOnce] section of the Unattend.txt file.
      • -reboot - Forces the computer to automatically restart, and then starts Windows Welcome Mini-Setup, or Factory mode, as specified. This is useful when you want to audit the computer and verify that the first-run experience is operating correctly.
      • -reseal - Clears the Event Viewer logs and prepares the computer for delivery to the customer. Windows Welcome or Mini-Setup is set to start the next time that the computer restarts. If you run the sysprep -factory command, you must seal the installation as the last step in your preinstallation process. To do this, run the sysprep -reseal command or click the Reseal button in the Sysprep dialog box.

      Join the computer silently to the Domain

      Join the computer silently to the Domain

       

      Or, in the command you want to use:

      netdom join /d:mydomain.com Computertobeaddednamehere /ud:mydomain.com\administrator /pd:oil@22

      Batch file for loop in other way

      echo ***** Are you sure you want to add these accounts? *******
      echo *** If not, press CTRL-C to terminate this batch file ***
      pause
      FOR %%X IN (NT1 NT2 NT3 NT4 NT5) DO NET COMPUTER \\%%X /ADD
      FOR %%X IN (NT6 NT7 NT8 NT9 NT10) DO NET COMPUTER \\%%X /ADD
      cls
      echo ******* Machine Accounts Added ********
      pause

      It's Microsoft Patch Tuesday: June 2010

      Security Patches

      MS10-032/KB979559 - Important (2000, XP, 2003, Vista, 7, 2008, 2008 R2): A trio of bugs in the Windows kernel can allow the use of malformed fonts to allow escalation of privileges attacks. It would be a bit hard to sneak a font onto the system without some sort of install privileges anyways, which is why this patch can wait until your next patch cycle. 1.0MB - 4.3MB

      MS10-033/KB979902 - Critical (2000, XP, Vista, 7, 2003, 2008, 2008 R2): This patch addresses a pair of vulnerabilities in Windows’ media subsystem which allows specially crafted media files and streaming content to execute remote code execution exploits. One of the vulnerabilities is less serious that the other, but you should patch your systems immediately all the same. Depending on your system, you may need to install up to four separate patches to address of the issues. 105KB - 4.8MB

      MS10-034/KB980195 - Critical (2000, XP, Vista, 7)/Moderate (2003, 2008, 2008 R2): This patch updates the ActiveX kill bits and fixes two bugs in ActiveX that could allow remote code execution attacks. If you allow ActiveX on your desktops (which you shouldn’t, other than for internal sites), install this immediately, otherwise, wait until your next patch cycle. 26KB - 1.0MB

      MS10-035/KB982381* - Critical (2000, XP, Vista, 7, 2003, 2008, 2008 R2): Five security holes in Internet Explorer 5, 6, 7, and 8 which can allow remote code execution attacks are fixed with this cumulative update. Some of them are rating as “Moderate” but I don’t see any specific combination of IE version and OS that does not make it “critical.” I would install this patch immediately. 3.3MB - 48.4MB

      MS10-036/KB983235 - Important (Office XP, Office 2003, Office 2007): COM validation in Office has a bug which can allow remote code execution attacks. Since you should not be allowing COM to be running in Office from outside sources, this is a less risky bug than it could be. Patch your systems on the next scheduled times. 2.9 - 15.5MB

      MS10-037/KB980218 - Important (2000, XP, Vista, 7, 2003, 2008, 2008 R2): Another font handling issue is allowing escalation of privileges attacks across all versions of Windows. Like MS10-032, this one can wait until your next regular patch period. 496KB - 1.3MB

      MS10-038/KB2027452* - Important (Office XP, Office 2003, Office 2007, Office 2004 for Mac, Office 2008 for Mac, Open XML File Format Converter for Mac, Excel Viewer, Office Compatibility Pack for Office 2007 File Formats): A whopping fourteen security bugs in the way Microsoft Office opens files are fixed with this patch. The worst can result in remote code execution attacks. Microsoft says this one is “Important” but I call it “Critical” due to the widespread use of Office, and I suggest that you patch immediately. 9.7MB - 332.8MB

      MS10-039/KB980218 - Important (InfoPath 2003, InfoPath 2007, Office SharePoint Server 2007, Windows SharePoint Services 2.0): Three problems with SharePoint are fixed with this patch. The issues allow an attacker to perform a variety of attacks, including an escalation of privileges attack if a SharePoint user clicks on a malformed link in SharePoint. This is not a burning issue and the patch can wait until your usual patch time. 2.9MB - 109.3MB

      desktop / server MS10-040/KB982666 - Important (Vista, 7, 2003, 2008, 2008 R2): Computers running IIS 6, 7, and 7.5 are vulnerable to a remote code execution attack that will run with full privileges when an attacker sends a malformed HTTP request. Microsoft calls this patch “Important” but I think that understates the issue for servers. I would patch servers immediately, and leave desktops for the regular path cycle. 43KB - 4.0MB

      MS10-041/KB981343* - Important (2000, XP, Vista, 7, 2003, 2008, 2008 R2): A problem affecting all versions of the .NET Framework’s handling of signed XML content could allow the data to be altered without being detected. This is a fairly minor issue, so this patch can wait until you do your normal patching. 123KB - 2.2MB

      Thursday, June 3, 2010

      DNS Bulk ADD

      use ease:--

      For /F %a in (list.txt) do addaptr.bat %a

      list.txt sample input is

      addaptr.BAT DNSSERVERNAME COMPUTERSNAMETOBEADD.DOMAINNAME.COM IPADDRESS

      addaptr.bat 10.0.0.20 QTEST.PADDYMADDY.COM 10.0.0.23

       

      script:-

      ::  addaptr.bat
      ::
      ::  Purpose:         Add an A and PTR record using dnscmd.exe
      ::
      ::  Usage:           addaptr dnsserver fqdn ipadd
      ::
      ::                     dnsserver  DNS server's ip, hostname or "." if the
      ::                                DNS service is running on local machine
      ::                     fqdn       FQDN of the host you want the records
      ::                                to be added for (hostname.mydomain.com)
      ::                     ipadd      ip address of the host
      :: __________________________________________________________________
      ::
      @Echo Off
      SetLocal

      Set dnsserver=%1
      Set fqdn=%2
      Set ipadd=%3

      If Not Defined ipadd (
        Echo Add an A and PTR record using dnscmd.exe
        Echo.
        Echo %~n0 dnsserver fqdn ipadd
        Echo.
        Echo   dnsserver  DNS server's ip address, hostname, or "." if the DNS
        Echo              service is running on local machine.
        Echo   fqdn       FQDN of the host you want the records to be added for
        Echo              ^(hostname.mydomain.com^)
        Echo   ipadd      ip address of the host
        Goto End
      )

      For /F "Tokens=1,* Delims=." %%A In ("%fqdn%") Do (
        Set hostname=%%A
        Set fzone=%%B
      )
      For /F "Tokens=1-4 Delims=." %%A In ("%ipadd%") Do (
        Set rzone=%%C.%%B.%%A.in-addr.arpa
        Set okt4=%%D
      )

      :: Add PTR record
      DnsCmd %dnsserver% /RecordAdd %rzone% %okt4% PTR %fqdn%

      :: Add A record
      DnsCmd %dnsserver% /RecordAdd %fzone% %hostname% A %ipadd%
      Echo Done.
      Goto End

      :Err
      Type %TEMP%.\%~n0.log
      Pause

      :End
      If Exist %TEMP%.\%~n0.log Del %TEMP%.\%~n0.log
      EndLocal</pre>

      Wednesday, June 2, 2010

      Tuesday, June 1, 2010

      Sample Prompt option for Collection

      begin
      if (@__filterwildcard = '')
      select v_Collection.CollectionID, v_Collection.Name from v_Collection order by v_Collection.Name
      else
      select v_Collection.CollectionID, v_Collection.Name from v_Collection
      WHERE v_Collection.CollectionID like @__filterwildcard
      order by v_Collection.Name
      end