tag:blogger.com,1999:blog-40281190563224730622024-03-05T15:24:02.047-06:00Rasmussen's Healthcare ITWelcome to my blog...it is just a bunch of random notes to myself, for myself, and if it happens to help someone else...cool.
I am currently working for a large consulting company which supports a national nonprofit organization with 23000 workstations and 250 configuration servers.Anonymoushttp://www.blogger.com/profile/06294049745644927723noreply@blogger.comBlogger314125tag:blogger.com,1999:blog-4028119056322473062.post-12754522150079708612015-11-13T09:15:00.001-06:002015-11-13T09:15:48.962-06:00Capturing a Memory Dump from a Hung MachineWe recently deployed McAfee's File and Removable Media Protection which seems to hang some Windows 7 machines. It is still early and it is possible that some of our other security products are interfering with McAfee's tool. The hard part is capturing some important diagnostic information, including a McAfee MER.<br />
<br />
We are getting reports of the failures from computers more often from Europe. Those computers usually have just booted up within the first hour of work. When the computer hangs, the mouse is frozen and the computer will not respond to Ctrl-Alt-Del.<br />
<br />
Here are some of the steps we needed to take to capture a full memory dump using a keyboard command. There are good articles on each step but I didn't find any articles that put them all together.<br />
<br />
<ol>
<li>Make sure the workstation is able to capture a full memory dump</li>
<ul>
<li>https://msdn.microsoft.com/en-us/library/windows/hardware/ff542953(v=vs.85).aspx</li>
<li>Paging file needs to be bigger than the size of the RAM by at least 100 MB</li>
<li>Stop automatic reboots. This should ensure that the dump is written before rebooting.</li>
<li>Make sure to do a complete memory dump</li>
</ul>
<li>Set the computer to NMICrashDump to capture hardware failures in a BSOD</li>
<ul>
<li>https://technet.microsoft.com/en-us/library/cc957353.aspx</li>
<li>HKLM\SYSTEM\CurrentControlSet\Control\CrashControl\NMICrashDump</li>
</ul>
<li>Set the computer to crash on keyboard command</li>
<ul>
<li>https://msdn.microsoft.com/en-us/library/windows/hardware/ff545499(v=vs.85).aspx</li>
<li>There are two keys to worry about depending on USB keyboard or PS/2 keyboads</li>
<li>HKLM\SYSTEM\CurrentControlSet\Services\kbdhid\Parameters\CrashOnCtrlScroll</li>
</ul>
</ol>
<div>
We have started playing with this McAfee KM article to see if it gives any relief. https://kc.mcafee.com/corporate/index?page=content&id=KB81384</div>
<div>
<br /></div>
<div>
One of the more distressing issues is that we cannot capture a memory dump, blue screen or otherwise, when McAfee FRP is fully installed. I am going to test if disabling the local driver will allow the capture shown above.</div>
Anonymoushttp://www.blogger.com/profile/06294049745644927723noreply@blogger.com0tag:blogger.com,1999:blog-4028119056322473062.post-82075034788447584902015-06-29T22:13:00.001-05:002016-06-20T17:22:16.177-05:00Alternative Data StreamsI've now run into this twice which means I need a way to remember this problem solution.<br />
<br />
Windows NTFS has a method for recording Alternative Data Streams with files. When you download files from the Internet IE may add an Alt. data stream that includes the Internet Zone the file was downloaded from. There is a neat PowerShell command for viewing the stream called get-item filename.exe -stream *.<br />
<br />
You can use SysInternals stream.exe to view and delete these alternative data streams. I have not found a way to delete streams within PowerShell.<br />
<br />
Here is the best article about the topic:<br />
<br />
http://blogs.technet.com/b/askcore/archive/2013/03/24/alternate-data-streams-in-ntfs.aspx<br />
<br />
Edit:<br />
Found the PowerShell method<br />
<br />
get-item <filename> -stream *<br />remove-item <filename> -stream zone.identifierAnonymoushttp://www.blogger.com/profile/06294049745644927723noreply@blogger.com4tag:blogger.com,1999:blog-4028119056322473062.post-88948993606590264822015-06-02T13:50:00.002-05:002015-06-02T13:50:49.999-05:00COM+ Permission Issue on Win7Here is a subtle problem I started finding in my environment. I've only seen it on 3-Win7 machines but now I'm worried there are more machines out there broken but without an easy way to identify the machines.<br />
<br />
COM+ has a permission issue if you use USMT 4.0 to migrate from 32-bit to 64-bit machines (<a href="https://support.microsoft.com/en-us/kb/2481190">https://support.microsoft.com/en-us/kb/2481190</a>). We only noticed the problem because Outlook Add-ins started failing to load and seemed to crash. Specifically, a user was not able to preview a PowerPoint presentation within the Outlook preview window unless they were running Outlook elevated as an administrator but a newer machine worked just fine running Outlook as a standard user.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgc_uiyOtHfX-mkq-aKhMIJ3VVEFHt6gIxlOV3r_CljFMNfZR9UQWHnaDGUhWncqHlHi_Qwadxah-1Z3cAE0IfbkamczPM0IcyvCkNhB4cZ4HyNotpS96E8zSmv8OemBzH0LfblU7uAZlxA/s1600/powerpoint+preview+error.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="86" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgc_uiyOtHfX-mkq-aKhMIJ3VVEFHt6gIxlOV3r_CljFMNfZR9UQWHnaDGUhWncqHlHi_Qwadxah-1Z3cAE0IfbkamczPM0IcyvCkNhB4cZ4HyNotpS96E8zSmv8OemBzH0LfblU7uAZlxA/s320/powerpoint+preview+error.png" width="320" /></a></div>
We then noticed that Component Services showed "My Computer" with a red arrow and a message saying "You do not have permission to perform the requested action..."<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8bNi1IDX9xIhz5lrGTlaTSdeLm-dQwV0jJ_m5gEub6cnaifOyjvt-YfxrIMcp2X7y92Cp4AoPl8ic5cTJ5I6GsXsnTFJY-TD0pSgcoZbXw-5ixEGp1jZfEB_fi9buaJJLRk_vA1eCAx35/s1600/COM+error.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="278" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8bNi1IDX9xIhz5lrGTlaTSdeLm-dQwV0jJ_m5gEub6cnaifOyjvt-YfxrIMcp2X7y92Cp4AoPl8ic5cTJ5I6GsXsnTFJY-TD0pSgcoZbXw-5ixEGp1jZfEB_fi9buaJJLRk_vA1eCAx35/s400/COM+error.png" width="400" /></a></div>
We probably used USMT 4.0 for a year with who knows how many migrations from 32-bit to 64-bit. I'm going to see if I can find a way to test a machine for this error and maybe create an SCCM compliance test.Anonymoushttp://www.blogger.com/profile/06294049745644927723noreply@blogger.com1tag:blogger.com,1999:blog-4028119056322473062.post-25871686403591710532015-03-12T09:03:00.001-05:002015-03-12T09:03:51.843-05:00Determining Admin RightsI'm now a global product lead for <a href="http://avecto.com/">Avecto</a> Privilege Guard (now called DefendPoint). Privilege Guard is used to create an application execution policy to elevate processes, passively execute process, or block processes. We are using the product to tighten security on desktops removing users from the administrator group but giving users the ability to continue to function.<br />
<br />
One of our biggest issues was determining whether or not a user was running as an administrator. On the outset, this seems like an easy question to answer. However, with User Access Control (UAC) in place, it becomes more difficult. An administrator on Windows computers with UAC enabled will execute all scripts and applications with standard user rights until something triggers UAC and asks for elevation. In a script, it is fairly easy to check for admin rights prior to execution by calling something that only an administrator would have access. For example, you can call "net session" to determine if your shell is currently elevated.<br />
<br />
To find out how many users are running with access to elevated rights is more difficult. You could try to export the list of groups and users that are a member of the local administrator group but it quickly becomes difficult when you start dealing with nested domain groups. Your account could receive administrator group membership by being part of a domain local group that is part of a domain global group that is part of another domain global group which is the actual group that has been added to the local administrators group. Given enough time and recursive power, you can write a script that can give you the truth but it will not scale very well.<br />
<br />
We found a great little utility on Windows 7 and greater computers that can quickly express every group membership your account is part connected.<br />
<blockquote class="tr_bq">
whoami.exe /groups | find /i "administrators"</blockquote>
It "whoami.exe /groups" exports every group membership that is captured in the authentication token. It is clean, it is locally cached, and doesn't require any processing or complicated recursive language that can easily have a loop error.<br />
<br />
After testing and feeling comfortable we created an SCCM compliance powershell script that was very simple:<br />
<blockquote class="tr_bq">
whoami.exe /groups | Select-String "s-1-5-32-544" -quiet</blockquote>
It seemed to work great with a slight problem, 10% of our inventory would generate an error instead of an answer of true or null for false. I would connect to these computers and try to figure out what was happening and would find whoami.exe either fail or hang. What I found in the event log was usually a couple group policy errors or warnings prior to a script failure. It looked like we were picking up issues where group policy was temporarily failing because of one issue or another. Either the secure channel was compromised waiting for a reset or something else was a problem. I could easily fix the issue by rebooting the machine.<br />
<br />
Now I think we found an even better solution. I believe that whoami.exe is doing some type of secure channel look up on the domain which is not what we want to capture. We want to capture whether a user is part of the builtin\administrator group.<br />
<blockquote class="tr_bq">
<blockquote class="tr_bq">
[System.Security.Principal.WindowsIdentity]::GetCurrent().UserClaims.Value | Select-String "S-1-5-32-544" -quiet</blockquote>
</blockquote>
We were able to test a second SCCM compliance baseline with both CI's attached to get side-by-side results. One CI was set to query whoami and the other just used the powershell script shown above. In our test group we went from 13% failures to 0.71% failures.<br />
<br />
I did not find very good documentation on the difference of Claims or UserClaims so I picked the one that seemed most likely and started testing. If someone could point me to more information, I would appreciate it.<br />
<br />
We were looking to follow this great SCCM process from Wells Fargo to <a href="http://mnscug.org/blogs/sherry-kissinger/244-all-members-of-all-local-groups-configmgr-2012">capture every computer's local group membership</a>. I really like their elegant method of capturing the data in WMI through a compliance script and then using SCCM to collect the information at a different time. I'll have to implement this for another project.<br />
<br />
http://mnscug.org/blogs/sherry-kissinger/244-all-members-of-all-local-groups-configmgr-2012Anonymoushttp://www.blogger.com/profile/06294049745644927723noreply@blogger.com0tag:blogger.com,1999:blog-4028119056322473062.post-71287911256120806312014-10-29T10:11:00.002-05:002014-10-29T10:11:26.717-05:00SCCM 2007 Patch Report Per CollectionHere is a slightly modified Patch Compliance report that allows for quick analysis for either a Security Bulletin or a KB Article number. The default report in SCCM only allows you to focus on 1 OS at a time whereas this allows you to have a nice little report for a particular Security Bulletin or KB number. (Because of the OR statement, you can also have both parameters filled to view both)<br />
<br />
<span style="font-family: Courier New, Courier, monospace;">declare @collid varchar(20); set @collid = 'SMS0001'</span><br />
<span style="font-family: Courier New, Courier, monospace;">declare @BulletinID varchar(20); set @BulletinID = 'MS12-048'</span><br />
<span style="font-family: Courier New, Courier, monospace;">declare @ArticleID varchar(20); set @ArticleID = ''</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">declare @CI table(CI_ID int primary key)</span><br />
<span style="font-family: Courier New, Courier, monospace;">if @ArticleID = '' set @ArticleID = NULL;</span><br />
<span style="font-family: Courier New, Courier, monospace;">if @BulletinID = '' set @BulletinID = NULL;</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">insert @CI(CI_ID)</span><br />
<span style="font-family: Courier New, Courier, monospace;">select ci.CI_ID</span><br />
<span style="font-family: Courier New, Courier, monospace;">from v_UpdateCIs ci</span><br />
<span style="font-family: Courier New, Courier, monospace;">where ci.IsHidden=0 </span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>and (ci.ArticleID = @ArticleID or ci.BulletinID = @BulletinID)</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">select</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>Vendor=ven.CategoryInstanceName,</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>UpdateClassification=cls.CategoryInstanceName,</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>ArticleID,</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>BulletinID,</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>Title,</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>Approved=case when exists(select 1 from v_CITargetedCollections where CI_ID=ci.CI_ID and CollectionID=@CollID) then '*' else '' end,</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>Present=NumPresent,</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>Missing=NumMissing,</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>NotApplicable=NumNotApplicable,</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>Unknown=NumUnknown,</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>Total=NumTotal,</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>PCompliant=convert(numeric(5,2), isnull((NumPresent+NumNotApplicable)*100.0/nullif(NumTotal, 0), 100)),</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>PNotCompliant=convert(numeric(5,2), isnull((NumMissing)*100.0/nullif(NumTotal, 0), 0)),</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>PUnknown=convert(numeric(5,2), isnull((NumUnknown)*100.0/nullif(NumTotal, 0), 0)),</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>CollectionID=@CollID,</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>UniqueUpdateID=CI_UniqueID,</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>InformationURL=InfoURL</span><br />
<span style="font-family: Courier New, Courier, monospace;">from @CI ci</span><br />
<span style="font-family: Courier New, Courier, monospace;">left join v_UpdateSummaryPerCollection cs on cs.CI_ID=ci.CI_ID and cs.CollectionID=@CollID</span><br />
<span style="font-family: Courier New, Courier, monospace;">left join v_UpdateInfo ui on ui.CI_ID=ci.CI_ID</span><br />
<span style="font-family: Courier New, Courier, monospace;">left join v_CICategoryInfo_All ven on ven.CI_ID=ci.CI_ID and ven.CategoryTypeName='Company'</span><br />
<span style="font-family: Courier New, Courier, monospace;">left join v_CICategoryInfo_All cls on cls.CI_ID=ci.CI_ID and cls.CategoryTypeName='UpdateClassification'</span><br />
<span style="font-family: Courier New, Courier, monospace;">order by 1, 2, 3</span>Anonymoushttp://www.blogger.com/profile/06294049745644927723noreply@blogger.com0tag:blogger.com,1999:blog-4028119056322473062.post-16055679852010590702014-10-08T11:31:00.000-05:002014-10-09T08:05:26.232-05:00Track Down Malicious Executables Using SCCM 2007I have been chasing down some malicious code and found a very useful SCCM 2007 table.<br />
<br />
<span style="font-family: Courier New, Courier, monospace;">declare @filename varchar(20)</span><br />
<span style="font-family: Courier New, Courier, monospace;">set @filename = 'wiupdat.exe'</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">select </span><br />
<span style="font-family: Courier New, Courier, monospace;">sys.Name0 [Resource Name],</span><br />
<span style="font-family: Courier New, Courier, monospace;">sys.AD_Site_Name0 [Resource Site Name],</span><br />
<span style="font-family: Courier New, Courier, monospace;">sys.Operating_System_Name_and0 [Resource OS],</span><br />
<span style="font-family: Courier New, Courier, monospace;">sys.Resource_Domain_OR_Workgr0 [Resource Domain],</span><br />
<span style="font-family: Courier New, Courier, monospace;">sys.User_Name0 as [Resource Username],</span><br />
<span style="font-family: Courier New, Courier, monospace;">app.LastUserName0 [App Username],</span><br />
<span style="font-family: Courier New, Courier, monospace;">app.LastUsedTime0 [App Last Used Time],</span><br />
<span style="font-family: Courier New, Courier, monospace;">app.TimeStamp [App Database Timestamp],</span><br />
<span style="font-family: Courier New, Courier, monospace;">app.ExplorerFileName0 [App FileName],</span><br />
<span style="font-family: Courier New, Courier, monospace;">app.OriginalFileName0 [App Original FileName],</span><br />
<span style="font-family: Courier New, Courier, monospace;">app.CompanyName0 [App Company Name],</span><br />
<span style="font-family: Courier New, Courier, monospace;">app.FileDescription0 [App FileDescription],</span><br />
<span style="font-family: Courier New, Courier, monospace;">app.FileVersion0 [App File Version],</span><br />
<span style="font-family: Courier New, Courier, monospace;">app.FolderPath0 [App Execution Path],</span><br />
<span style="font-family: Courier New, Courier, monospace;">app.FilePropertiesHash0 [App Hash],</span><br />
<span style="font-family: Courier New, Courier, monospace;">app.SoftwarePropertiesHash0 [App Software Properties Hash],</span><br />
<span style="font-family: Courier New, Courier, monospace;">app.FileSize0 [App FileSize],</span><br />
<span style="font-family: Courier New, Courier, monospace;">app.LaunchCount0 [App Launch Count],</span><br />
<span style="font-family: Courier New, Courier, monospace;">app.ProductLanguage0 [App Product Language Code]</span><br />
<span style="font-family: Courier New, Courier, monospace;">from v_GS_CCM_RECENTLY_USED_APPS app</span><br />
<span style="font-family: Courier New, Courier, monospace;">left join v_R_System sys on sys.ResourceID = app.ResourceID</span><br />
<span style="font-family: Courier New, Courier, monospace;">where ExplorerFileName0 = @filename</span><br />
<span style="font-family: Courier New, Courier, monospace;">or OriginalFileName0 = @filename</span><br />
<span style="font-family: Courier New, Courier, monospace;">order by TimeStamp</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: inherit;">I've been using SCCM report "Software 07C - Recently used executables on a specific computer" to pull a list of recently run executables on a known infected workstation. Make sure to display all executables by choosing 'N'. Then look for the offending executable. Plug in that executable name into the SQL query or build a report with a Prompt name of 'filename' and remove the top two lines in the SQL shown above.</span><br />
<span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;">A problem I see is that the Hash function used in SCCM 2007 does not seem to be MD5 or SHA1. It is still useful assuming it creates a unique signature but we cannot use that information to find out information from <a href="https://www.virustotal.com/">https://www.virustotal.com</a> </span><br />
<span style="font-family: inherit;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjm8MqV2RoQZDrclTMK-sEm8RLzApvBKn2ccfF691iso5PuHouj04G3r0rQKDq2mYzlwGPeziu4ON1UF8oqx0LPlA00Kug81qih5OmiqxLsOQSGYa93yW_jM1y01hAJSCe6iuuB3eHENJp5/s1600/virustotal.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjm8MqV2RoQZDrclTMK-sEm8RLzApvBKn2ccfF691iso5PuHouj04G3r0rQKDq2mYzlwGPeziu4ON1UF8oqx0LPlA00Kug81qih5OmiqxLsOQSGYa93yW_jM1y01hAJSCe6iuuB3eHENJp5/s1600/virustotal.png" height="228" width="320" /></a></div>
<span style="font-family: inherit;"><br /></span>Anonymoushttp://www.blogger.com/profile/06294049745644927723noreply@blogger.com0tag:blogger.com,1999:blog-4028119056322473062.post-61906106236330288062014-08-07T17:50:00.002-05:002014-08-07T17:50:20.470-05:00Find Duplicate Serial Numbers SCCM 2007We are using SCCM to feed information into an asset management system (CMDB). We keep trying to stress how SCCM is not a very good asset management tool, especially SCCM 2007. I have heard the CM12 makes some improvements.<br />
<br />
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace;">select<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>sys.ResourceID,<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>sys.Name0,<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>sys.Active0,<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>sys.Obsolete0,<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>bios.SerialNumber0<br />from v_R_System sys<br />left join v_GS_PC_BIOS bios on bios.ResourceID = sys.ResourceID<br />where bios.SerialNumber0 in (select SerialNumber0 from v_GS_PC_BIOS group by SerialNumber0 having COUNT(*) > 1)<br />and sys.Obsolete0 = 0<br />order by SerialNumber0</span></blockquote>
Anonymoushttp://www.blogger.com/profile/06294049745644927723noreply@blogger.com0tag:blogger.com,1999:blog-4028119056322473062.post-76385754953819873902014-06-19T17:07:00.000-05:002014-06-19T17:07:07.738-05:00Temporarlily Disable Domain Group Policies<div class="tr_bq">
Every once in a while I need to do an A-B test on how something behaves with a Group Policy. Under XP, I had found a tool that worked pretty well but when trying to find it again, I ran into this article: <a href="http://superuser.com/questions/379908/how-to-clear-or-remove-domain-applied-group-policy-settings-after-leaving-the-do">http://superuser.com/questions/379908/how-to-clear-or-remove-domain-applied-group-policy-settings-after-leaving-the-do</a></div>
<br />
Here is the script that I created based on that information.<br />
<br />
<blockquote>
REM Remove Domain Group Policies<br />REM<br />REM Reference: http://superuser.com/questions/379908/how-to-clear-or-remove-domain-applied-group-policy-settings-after-leaving-the-do<br />REM Backing up the registry pieces<br />reg export "HKLM\Software\Policies\Microsoft" %userprofile%\desktop\gp_backup1.reg /y<br />reg export "HKCU\Software\Policies\Microsoft" %userprofile%\desktop\gp_backup2.reg /y<br />reg export "HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects" %userprofile%\desktop\gp_backup3.reg /y<br />reg export "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies" %userprofile%\desktop\gp_backup4.reg /y<br /><br /><br />REM Delete all Domain Group Policies<br />REM can re-enable them with a gpupdate /force<br />REM or you can double-click on all registry backups<br />reg delete "HKLM\Software\Policies\Microsoft" /va /f<br />reg delete "HKCU\Software\Policies\Microsoft" /va /f<br />reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects" /va /f<br />reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies" /va /f </blockquote>
Anonymoushttp://www.blogger.com/profile/06294049745644927723noreply@blogger.com0tag:blogger.com,1999:blog-4028119056322473062.post-72504888216728430232014-05-16T08:56:00.003-05:002014-05-16T08:56:48.105-05:00McAfee Query MethodMcAfee EPO 4.5 and 4.6 cannot easily create a report that shows a random list of computers. I often get asked to report on a list of servers or workstations that have no relationship to one another for audit purposes.<br />
<br />
You can create a direct SQL query to the backend database but I found this strange method work using VIM on Windows. Note: I have taught myself how to use VIM. It was not easy and has a huge learning curve. The hardest step was understanding how to change mode to exit the application. There are a lot of tutorials on the Internet but don't be surprised to feel very uncomfortable for a long time.<br />
<br />
Add this to the end of your _vimrc file. (:e $HOME/_vimrc). I keep the same vimrc file uploaded to a network share and backed up.<br />
<br />
<quote><br />
" Escape/unescape & ( ) McAfee query definition entities in range (default current line).<br />
function! McAfeeEntities(line1, line2, action)<br />
let search = @/<br />
let range = 'silent ' . a:line1 . ',' . a:line2<br />
if a:action == 0 " must convert &amp; last<br />
execute range . 'sno/+/ /eg'<br />
execute range . 'sno/%22/"/eg'<br />
execute range . 'sno/%28/(/eg'<br />
execute range . 'sno/%29/)/eg'<br />
else " must convert & first<br />
execute range . 'sno/ /+/eg'<br />
execute range . 'sno/"/%22/eg'<br />
execute range . 'sno/(/%28/eg'<br />
execute range . 'sno/)/%29/eg'<br />
endif<br />
nohl<br />
let @/ = search<br />
endfunction<br />
command! -range -nargs=1 MEntities call McAfeeEntities(<line1>, <line2>, <args>)<br />
noremap <silent> \m :MEntities 0<CR><br />
noremap <silent> \M :MEntities 1<CR><br />
</quote><br />
<br />
Steps to modify a McAfee report.<br />
<br />
<ol>
<li>Create a dummy report that does whatever you need and have it filter by system name matching 1-3 computers.</li>
<li>Export report into xml format</li>
<li>Edit in vim</li>
<ol>
<li>Around line 8</li>
<li>Press keystroke from the original mode: \m</li>
<ol>
<li>That rewrites the line substituting %28 for (</li>
</ol>
<li>Insert a return on the part starting with: ( eq EPOLeafNode.NodeName</li>
<li>Insert a return near the end of the line: ) )</property></li>
<li>Delete the line with all the computernames</li>
<li>Insert and paste list of computers</li>
<li>Search and replace to the end of the last computer in this example 589 is the last computer</li>
<ol>
<li>:8,589s/^/( eq EPOLeafNode.NodeName "/g</li>
<li>:8,589s/\n/" ) /g</li>
</ol>
<li>Insert at the beginning of line 8 and merge with line 7 with a delete</li>
<li>merge the end of the line with ) )</property></li>
<li>I found out that McAfee can handle the file without the correct %28 syntax. If necessary you can use \M to reset the line to the way it was before. Caution with the <property name="conditionURI"> tag, it will get the wrong output like this ++<property+name=%22conditionURI%22> and will have to be fixed.</li>
</ol>
<li>Import into McAfee</li>
<li>If you don't import that list of computernames into the system as empty records then your report will only show found items follow the next step to fix that.</li>
<li>Copy the list of computers into EPO using "New Systems" with the "<label class="orionClickableTextLabel" for="NoDeploy" id="NoDeploy_label">Add systems
to the current group (My Organization), but do not push agents"</label></li>
<ol>
<li><label class="orionClickableTextLabel" for="NoDeploy">Choose not to add duplicates </label></li>
</ol>
</ol>
<br />
Maybe McAfee EPO will fix their report system in the next iteration.Anonymoushttp://www.blogger.com/profile/06294049745644927723noreply@blogger.com0tag:blogger.com,1999:blog-4028119056322473062.post-20894151195537865442014-05-15T10:16:00.001-05:002014-11-26T13:49:50.611-06:00SCCM Client HealthThis looked very helpful.<br /><br />I am currently working on trying to come up with a process and methodology for SCCM Client Health. It seems to start with a good Asset Management strategy which is not what SCCM 2007, at least, offers. CM12 should improve some Asset Management but Asset Management seems to be a big data solution for a problem of tracking information from multiple sources. First you need to include Financial data from the purchase of equipment, then you need to track heartbeats from the objects from multiple sources. We are trying to use LDAP/ Active Directory lastLogonTimestamp, McAfee Last Communication, and SCCM Heartbeats.<br /><br />I'm just now starting to play with WMIDiag from Microsoft. I'm wondering if it would make sense to implement WMIDiag.vbs into a DCM to give a success, error, or warning.<br /><br /><span style="font-family: Courier New, Courier, monospace;"> 0 = SUCCESS<br /><br /> 1 = ERROR<br /><br /> 2 = WARNING<br /><br /> 3 = Command Line Parameter errors<br /><br /> 4 = User Declined (Clicked the Cancel button when getting a consent prompt)</span><br /><br /><br /><div>
<quote><br /><br /><b>Tracking resource usage of WMI</b><br /><br />By default the core WMI service lives in the shared Network Services instance of scvhost.exe. This can make debugging or identifying resource issues a little challenging. As a general rule of thumb I run (and recommend to customers) that they keep WMI separated into its own instance of svchost.<br /><br />On XP/Server 2003 this can be accomplished automatically via the following case sensitive command:<br /><br /><span style="font-family: Courier New, Courier, monospace;"> RUNDLL32.EXE %Systemroot%\SYSTEM32\WBEM\WMISVC.DLL,MoveToAlone</span><br /><br />For Vista and up this is done with<br /><br /> <span style="font-family: Courier New, Courier, monospace;">winmgmt /standalonehost</span><br /><br /><a href="http://blogs.technet.com/b/configmgrteam/archive/2009/05/08/wmi-troubleshooting-tips.aspx">WMI Troubleshooting Tips - System Center Configuration Manager Team Blog - Site Home - TechNet Blogs</a>:</div>
Anonymoushttp://www.blogger.com/profile/06294049745644927723noreply@blogger.com0tag:blogger.com,1999:blog-4028119056322473062.post-10779096144065500792014-05-07T15:29:00.001-05:002014-05-19T14:51:31.055-05:00Using Netsh Commands Instead of Telnet to Test Firewall Connections<div class="tr_bq">
Every once in a while I need to validate that a firewall is either working or not working. Prior to Win7 and Windows 2008 I would just use telnet to the name and port of the service I wanted to test. Now I either need to create a change request to install on a server or give up.</div>
<br />
<br />
<br />
I may have found a cool built-in tool to Windows 2008 that can accomplish the same result: netsh<br />
<br />
<br />
<br />
I knew this was a very powerful tool that allows for <a href="http://blogs.technet.com/b/mrsnrub/archive/2009/09/10/capturing-network-traffic-in-windows-7-server-2008-r2.aspx">network trace dumps</a> without installing any 3rd party tools on a server. I started looking for a way that netsh could be used to open a connection and report whether or not the connection was successful.<br />
<br />
<br />
<br />
Next time try running this command:<br />
<br />
<blockquote class="tr_bq">
netsh trace diagnose scenario=internetclient namedAttribute url=http://www.google.com</blockquote>
You can also add report=yes to have the tool automatically generate some configuration details into an ETL and CAB file for use with Microsoft Message Analyzer but the information didn't seem especially helpful other than it does some network dump (capture=yes)<br />
<br />
<br />
<br />
<br />
<br />
Successful response:<br />
<br />
<blockquote class="tr_bq">
c:\>netsh trace diagnose scenario=internetclient namedAttribute url=http://www.google.com<br />
Diagnosing 'internetclient' ... done<br />
Root causes found: 0</blockquote>
<br />
<br />
Failure response on a pingable device with http access blocked:<br />
<br />
<blockquote class="tr_bq">
c:\>netsh trace diagnose scenario=internetclient namedAttribute url=http://www.google.com<br />
Diagnosing 'internetclient' ... done<br />
Root causes found: 1</blockquote>
<br />
<br />
<blockquote class="tr_bq">
Root cause #1<br />
--------------<br />
website (www.google.com) is online but isn't responding to connection attempts.<br />
<br />
The remote computer isn't responding to connections on port 80, possibly due to<br />
firewall or security policy settings, or because it might be temporarily unavail<br />
able. Windows couldn't find any problems with the firewall on your computer.<br />
Repairs available: 1</blockquote>
<br />
<br />
<blockquote class="tr_bq">
Repair #1<br />
----------<br />
Contact the service provider or owner of the remote system for further assis<br />
tance, or try again later</blockquote>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<br />
I did find one locked down server that failed with this error:<br />
<br />
<blockquote class="tr_bq">
C:\>netsh trace diagnose scenario=internetclient namedAttribute url=http://www.google.com<br />
Diagnosing 'internetclient' ... done<br />
Network Diagnostics failed (error=0x80070511).</blockquote>
<br />
<br />
<a href="http://technet.microsoft.com/en-us/library/dd878517(v=ws.10).aspx#bkmk_traceDiagnose">Netsh Commands for Network Trace in Windows Server 2008 R2 and Windows 7</a>: <br />
<br />
<br />
P.S. Possibly much easier:<br />
<blockquote>
try this powershell command it work for me.<br />(new-object Net.Sockets.TcpClient).Connect("google.com", 80)</blockquote>
Anonymoushttp://www.blogger.com/profile/06294049745644927723noreply@blogger.com0tag:blogger.com,1999:blog-4028119056322473062.post-61345159357470263522014-01-09T08:29:00.001-06:002014-01-09T08:29:41.089-06:00Dealing with 1618 Errors in a Task Sequence<div class="MsoNormal">
<span style="color: #1f497d;">A co-worker came up with this
brilliant email about a recent issue when trying to install McAfee 4.6 in an
OSD task sequence:</span><br />
<span style="color: #1f497d;"><br /></span>
<span style="color: #1f497d;"><quote></span><br />
<span style="color: #1f497d;">The error 1618 usually means that there is another installation “already in progress”. Now this doesn’t always mean that there really is one in progress, but there may still be a “PendingFileRenameOperations”. In my task sequence, I have a reboot occur after the installation of “McAfee EPO Agent 4.6” as well as a reboot after the install of “McAfee Virus Scan Enterprise 8.8.02004”.</span><br />
<span style="color: #1f497d;"><br /></span>
<span style="color: #1f497d;">A quick way to verify if indeed a reboot is needed in between would be to check for the existence of the following registry key after the “McAfee EPO Agent 4.6” is installed:</span><br />
<span style="color: #1f497d;"><br /></span>
<span style="color: #1f497d;">[HKLM\SYSTEM\CurrentControlSet\Control\SessionManager]</span><br />
<span style="color: #1f497d;"> PendingFileRenameOperations <i>(If this exists, then it is a good bet that you need to reboot the computer before trying to install anything else)</i></span><br />
<span style="color: #1f497d;"><br /></span>
<span style="color: #1f497d;">Also, you if desired you can copy the code below and paste it into a VBS. This will help to determine if a reboot is required. I have used it in the past for patches, but should work as well for packages.</span><br />
<span style="color: #1f497d;"><br /></span>
<span style="color: #1f497d;">================= Copy Below =================</span><br />
<span style="color: #1f497d;">Set objSysInfo = CreateObject("Microsoft.Update.SystemInfo")</span><br />
<span style="color: #1f497d;">Wscript.Echo "Reboot required: " & objSysInfo.RebootRequired</span><br />
<span style="color: #1f497d;"></span><br />
<span style="color: #1f497d;">================= Copy Above =================</span><br />
<span style="color: #1f497d;"></quote></span></div>
<div class="MsoNormal">
</div>
Anonymoushttp://www.blogger.com/profile/06294049745644927723noreply@blogger.com0tag:blogger.com,1999:blog-4028119056322473062.post-15894582665122932092013-08-07T15:05:00.001-05:002013-08-07T15:05:52.029-05:00Tracking BSOD under SCCM 2007I just ran into a problem for a client who started seeing a number of blue screens of death (BSOD) after upgrading to a particular version of Websense Endpoint that interacts with McAfee. The actual error seems to be a problem with MUP.SYS based off of a couple knowledge base articles (<a href="http://support.microsoft.com/kb/906866">Microsoft's</a> and <a href="http://www.websense.com/content/support/library/data/v753/install/multiple%20agents.aspx">Websense's</a> article)<br />
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhkliGVnGZ_eQcCFm7s_vgDX9833NfuYtlRhHcPA6eqWQBntzW-vRMaKFtVmXDkRh64VdQ-BJmVB3qgOVq8MlU88szW5m8EU0VoUpUoR9mVP2E5hu7Ie-lBzvm8jsqPZfwa4KSK9BOZPF0Q/s1600/Minidump+SCCM+Settings.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhkliGVnGZ_eQcCFm7s_vgDX9833NfuYtlRhHcPA6eqWQBntzW-vRMaKFtVmXDkRh64VdQ-BJmVB3qgOVq8MlU88szW5m8EU0VoUpUoR9mVP2E5hu7Ie-lBzvm8jsqPZfwa4KSK9BOZPF0Q/s400/Minidump+SCCM+Settings.png" width="362" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div>
These 2 reports allow analysis of file modification dates based on Software Scan Inventory information.</div>
<div>
<br /></div>
<div>
Here is the SQL query of the top level view. I usually build my reports in SQL Server Studio Management and then copy them into a report. You can see where I separate out the parameter variables in the top few lines of the query. These top few lines are not copied into the report.</div>
<div>
<br /></div>
<div>
<code></div>
<div>
<div>
declare @variable varchar(20)</div>
<div>
set @variable = 'Mini%.dmp'</div>
<div>
declare @datelimit date</div>
<div>
set @datelimit = '2013'</div>
<div>
<br /></div>
<div>
select </div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>DATEADD(day, datediff(day, 0, SF.FileModifiedDate), 0) as 'Day'</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>, COUNT(distinct sys.Name0) as 'Count of Computers'</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>, COUNT(distinct SF.FilemodifiedDate) as 'Count of Files'</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>, (COUNT(distinct SF.FilemodifiedDate) + 0.00) / COUNT(distinct sys.Name0) as 'FilesPerComputer'</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>, @variable as [File Search Term]</div>
<div>
from v_GS_SoftwareFile SF</div>
<div>
inner join v_R_System sys on SF.ResourceID=sys.ResourceID</div>
<div>
where FileName Like @variable and dateadd(YEAR, datediff(YEAR, 0, SF.FileModifiedDate),0) = @datelimit</div>
<div>
GROUP BY </div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>DATEADD(day, datediff(day, 0, SF.FileModifiedDate), 0)</div>
<div>
Order By Day</div>
</div>
<div>
</code></div>
<div>
<br /></div>
<div>
Here is the SQL query of the drill down or daily view. I usually build my reports in SQL Server Studio Management and then copy them into a report.</div>
<div>
<br /></div>
<div>
<code></div>
<div>
<div>
declare @variable varchar(20)</div>
<div>
set @variable = 'Mini%.dmp'</div>
<div>
declare @datelimit date</div>
<div>
set @datelimit = '7/15/2013'</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
select</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>'Scanned Computers' as Label</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>, COUNT(ResourceID) as Total</div>
<div>
from v_GS_LastSoftwareScan</div>
<div>
where LastScanDate >= @datelimit</div>
<div>
<br /></div>
<div>
Union</div>
<div>
<br /></div>
<div>
select</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>'Total Computers' as Label</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>, COUNT(ResourceID) as Total</div>
<div>
from v_GS_LastSoftwareScan</div>
<div>
<br /></div>
<div>
select </div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>DATEADD(day, datediff(day, 0, SF.FileModifiedDate), 0) as 'Day'</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>, sys.Name0</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>, COUNT(distinct SF.FilemodifiedDate) as 'Count of Files'</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>, lss.LastScanDate</div>
<div>
from v_GS_SoftwareFile SF</div>
<div>
inner join v_R_System sys on SF.ResourceID=sys.ResourceID</div>
<div>
inner join v_GS_LastSoftwareScan lss on SF.ResourceID=lss.ResourceID</div>
<div>
where FileName Like @variable and </div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>dateadd(day, datediff(DAY, 0, SF.FileModifiedDate),0) = @datelimit</div>
<div>
GROUP BY </div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>DATEADD(day, datediff(day, 0, SF.FileModifiedDate), 0)</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>, sys.Name0</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>, lss.LastScanDate</div>
<div>
Order By [Count of Files] desc</div>
</div>
<div>
</code></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
I don't know if there is an easy way to upload this file here but if you copy between the mof tags, you can create a text document with a mof extention</div>
<div>
<mof></div>
<div>
<div>
// *********************************************************************************</div>
<div>
//</div>
<div>
//<span class="Apple-tab-span" style="white-space: pre;"> </span>Created by SMS Export object wizard</div>
<div>
//</div>
<div>
//<span class="Apple-tab-span" style="white-space: pre;"> </span>Wednesday, July 17, 2013 created</div>
<div>
//</div>
<div>
//<span class="Apple-tab-span" style="white-space: pre;"> </span>File Name: BSOD Reports.MOF</div>
<div>
//</div>
<div>
// Comments :</div>
<div>
//</div>
<div>
// These 2 reports allow analysis of file modification dates based on Software Scan</div>
<div>
// Inventory information.</div>
<div>
//</div>
<div>
// *********************************************************************************</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
// ***** Class : SMS_Report *****</div>
<div>
[SecurityVerbs(140551)]</div>
<div>
instance of SMS_Report</div>
<div>
{</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>Category = "Software - Files";</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>Comment = "Displays the number of computers that a single specified file is inventoried on";</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>DrillThroughColumns = {};</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>GraphCaption = "";</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>GraphXCol = 1;</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>GraphYCol = 2;</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>MachineDetail = FALSE;</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>MachineSource = FALSE;</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>Name = "JJR - Count computers with a filename";</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>NumPrompts = 2;</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>RefreshInterval = 0;</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>ReportGUID = "{CAB3BCC6-FEC0-4BE9-8BD0-BD703D89E8B1}";</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span></div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>ReportParams = {</div>
<div>
instance of SMS_ReportParameter</div>
<div>
{</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>AllowEmpty = FALSE;</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>DefaultValue = "Mini%.dmp";</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>PromptText = "File Name (Like Mini%.dmp)";</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>SampleValueSQL = "begin</div>
<div>
\n if (@__filterwildcard = '')</div>
<div>
\n select distinct FileName from v_SoftwareFile order by FileName</div>
<div>
\n else</div>
<div>
\n select distinct FileName from v_SoftwareFile</div>
<div>
\n WHERE FileName like @__filterwildcard</div>
<div>
\n order by FileName</div>
<div>
\nend";</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>VariableName = "variable";</div>
<div>
}, </div>
<div>
instance of SMS_ReportParameter</div>
<div>
{</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>AllowEmpty = TRUE;</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>DefaultValue = "2013";</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>PromptText = "Year (i.e. 2013)";</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>SampleValueSQL = "Select distinct</div>
<div>
\nYEAR(FileModifiedDate) </div>
<div>
\nfrom v_GS_SoftwareFile</div>
<div>
\ngroup by YEAR(FileModifiedDate)";</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>VariableName = "datelimit";</div>
<div>
}};</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>SecurityKey = "";</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>SQLQuery = "select </div>
<div>
\n\tDATEADD(day, datediff(day, 0, SF.FileModifiedDate), 0) as 'Day'</div>
<div>
\n\t, COUNT(distinct sys.Name0) as 'Count of Computers'</div>
<div>
\n\t, COUNT(distinct SF.FilemodifiedDate) as 'Count of Files'</div>
<div>
\n\t, (COUNT(distinct SF.FilemodifiedDate) + 0.00) / COUNT(distinct sys.Name0) as 'FilesPerComputer'</div>
<div>
\n\t, @variable as [File Search Term]</div>
<div>
\nfrom v_GS_SoftwareFile SF</div>
<div>
\ninner join v_R_System sys on SF.ResourceID=sys.ResourceID</div>
<div>
\nwhere FileName Like @variable and dateadd(YEAR, datediff(YEAR, 0, SF.FileModifiedDate),0) = @datelimit</div>
<div>
\nGROUP BY </div>
<div>
\n\tDATEADD(day, datediff(day, 0, SF.FileModifiedDate), 0)</div>
<div>
\nOrder By Day";</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>StatusMessageDetailSource = FALSE;</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>UnicodeData = FALSE;</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>XColLabel = "";</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>YColLabel = "";</div>
<div>
};</div>
<div>
// ***** End *****</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
// ***** Class : SMS_Report *****</div>
<div>
[SecurityVerbs(140551)]</div>
<div>
instance of SMS_Report</div>
<div>
{</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>Category = "Software - Files";</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>Comment = "Displays the number of computers that a single specified file is inventoried on";</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>DrillThroughColumns = {};</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>GraphCaption = "";</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>GraphXCol = 1;</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>GraphYCol = 2;</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>MachineDetail = FALSE;</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>MachineSource = FALSE;</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>Name = "JJR - Count computers with a filename drilldown";</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>NumPrompts = 2;</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>RefreshInterval = 0;</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>ReportGUID = "{E99EFE30-27DA-4594-8105-A37E2568E4B3}";</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span></div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>ReportParams = {</div>
<div>
instance of SMS_ReportParameter</div>
<div>
{</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>AllowEmpty = TRUE;</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>DefaultValue = "";</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>PromptText = "Day Limit (Like 2/25/2013)";</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>SampleValueSQL = "";</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>VariableName = "datelimit";</div>
<div>
}, </div>
<div>
instance of SMS_ReportParameter</div>
<div>
{</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>AllowEmpty = FALSE;</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>DefaultValue = "Mini%.dmp";</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>PromptText = "File Name (Like Mini%.dmp";</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>SampleValueSQL = "begin</div>
<div>
\n if (@__filterwildcard = '')</div>
<div>
\n select distinct FileName from v_SoftwareFile order by FileName</div>
<div>
\n else</div>
<div>
\n select distinct FileName from v_SoftwareFile</div>
<div>
\n WHERE FileName like @__filterwildcard</div>
<div>
\n order by FileName</div>
<div>
\nend";</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>VariableName = "variable";</div>
<div>
}};</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>SecurityKey = "";</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>SQLQuery = "select</div>
<div>
\n\t'Scanned Computers' as Label</div>
<div>
\n\t, COUNT(ResourceID) as Total</div>
<div>
\nfrom v_GS_LastSoftwareScan</div>
<div>
\nwhere LastScanDate >= @datelimit</div>
<div>
\n</div>
<div>
\nUnion</div>
<div>
\n</div>
<div>
\nselect</div>
<div>
\n\t'Total Computers' as Label</div>
<div>
\n\t, COUNT(ResourceID) as Total</div>
<div>
\nfrom v_GS_LastSoftwareScan</div>
<div>
\n</div>
<div>
\nselect </div>
<div>
\n\tDATEADD(day, datediff(day, 0, SF.FileModifiedDate), 0) as 'Day'</div>
<div>
\n\t, sys.Name0</div>
<div>
\n\t, COUNT(distinct SF.FilemodifiedDate) as 'Count of Files'</div>
<div>
\n\t, lss.LastScanDate</div>
<div>
\nfrom v_GS_SoftwareFile SF</div>
<div>
\ninner join v_R_System sys on SF.ResourceID=sys.ResourceID</div>
<div>
\ninner join v_GS_LastSoftwareScan lss on SF.ResourceID=lss.ResourceID</div>
<div>
\nwhere FileName Like @variable and </div>
<div>
\n\tdateadd(day, datediff(DAY, 0, SF.FileModifiedDate),0) = @datelimit</div>
<div>
\nGROUP BY </div>
<div>
\n\tDATEADD(day, datediff(day, 0, SF.FileModifiedDate), 0)</div>
<div>
\n\t, sys.Name0</div>
<div>
\n\t, lss.LastScanDate</div>
<div>
\nOrder By [Count of Files] desc";</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>StatusMessageDetailSource = FALSE;</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>UnicodeData = FALSE;</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>XColLabel = "";</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>YColLabel = "";</div>
<div>
};</div>
<div>
// ***** End *****</div>
</div>
<div>
</mof></div>
Anonymoushttp://www.blogger.com/profile/06294049745644927723noreply@blogger.com2tag:blogger.com,1999:blog-4028119056322473062.post-70405519498738733282013-07-11T15:24:00.002-05:002013-07-11T15:24:20.862-05:00WSUS Bug in Downstream RepllicasA co-worker found this on one of our servers and was able to follow the SQL commands to fix an issue we have been fighting with for a while.<br />
<br />
<a href="http://www.flexecom.com/wsus-replica-server-fails-to-synchronize/">http://www.flexecom.com/wsus-replica-server-fails-to-synchronize/</a><br />
<br />
This was a really good find.<br />
<br />
On an unrelated note, I helped another co-worker rebuild his SUSDB because it was originally used to deploy WSUS approvals and migrated to SMS approvals without cleaning the database.Anonymoushttp://www.blogger.com/profile/06294049745644927723noreply@blogger.com0tag:blogger.com,1999:blog-4028119056322473062.post-54485937493739196912013-01-30T08:58:00.000-06:002013-01-30T08:58:14.968-06:00Slightly Modified ReportHere is a modified Site system roles and servers report that can show all servers:<div>
<blockquote class="tr_bq">
if @variable != ''<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>BEGIN<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>SELECT sys.SiteCode, sys.ServerName,<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>case when sys.RoleName='SMS Distribution Point'<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>then case when dp.IsPeerDP=1 then 'SMS Branch Distribution Point'<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>else 'SMS Standard Distribution Point' end<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>else RoleName end as 'RoleName'<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>FROM v_SystemResourceList as sys<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>left join v_DistributionPointInfo as dp<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>on sys.NALPath = dp.NALPath<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>WHERE sys.SiteCode LIKE @variable<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>Order by sys.SiteCode, sys.ServerName, RoleName<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>END<br />ELSE<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>BEGIN<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>SELECT sys.SiteCode, sys.ServerName,<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>case when sys.RoleName='SMS Distribution Point'<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>then case when dp.IsPeerDP=1 then 'SMS Branch Distribution Point'<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>else 'SMS Standard Distribution Point' end<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>else RoleName end as 'RoleName'<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>FROM v_SystemResourceList as sys<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>left join v_DistributionPointInfo as dp<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>on sys.NALPath = dp.NALPath<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>--WHERE sys.SiteCode LIKE @variable<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>Order by sys.SiteCode, sys.ServerName, RoleName<span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-tab-span" style="white-space: pre;"> </span>END</blockquote>
<div>
To create a modified report, it always helps to build the report in SQL Management Studio. Most of the time, you just need to add 2 lines at the top of the query to accomidate for the SCCM prompt for some reports like the one shown above.<br />
<br />
<blockquote class="tr_bq">
DECLARE @variable varchar(30)<br />SET @variable = ''</blockquote>
Then you can add whatever information to your variable (in this case called @variable)<br />
</div>
</div>
Anonymoushttp://www.blogger.com/profile/06294049745644927723noreply@blogger.com0tag:blogger.com,1999:blog-4028119056322473062.post-22247920198035366352013-01-17T15:23:00.001-06:002013-01-17T15:23:29.236-06:00Quick and Dirty PowershellI didn't want to use psexec and when I tried to use it, I failed my first attempt.<br />
<br />
Non-Destructive test to make sure I have the correct syntax:<br />
<br />
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace;">Get-Content .\SMSReportResults.csv | ForEach-Object {If (test-connection $_ -Count 1 -quiet) {get-childitem \\$_\c$\windows\system32\grouppolicy\machine\registry.pol}}</span></blockquote>
Destructive command that will delete the registry.pol file which will be recreated next time SCCM checks for updates<br />
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace;">Get-Content .\SMSReportResults.csv | ForEach-Object {If (test-connection $_ -Count 1 -quiet) {remove-item \\$_\c$\windows\system32\grouppolicy\machine\registry.pol}}</span></blockquote>
<br />
Quick explanation on what every step does:<br />
<br />
<ul>
<li>Get-Content: Reads the lines from file as an array</li>
<li>ForEach-Object: Takes the array and does {}</li>
<li>If (test-connection $_ -Count 1 -quiet): Quick ping test (1 ping) to see if device is online returns true if online</li>
<li>get-childitem: is equivalent to dir or ls</li>
<li>remove-item is equivalent to del or rm</li>
</ul>
<div>
Curious to see if there is a way to create a wrapper powershell script that will allow someone used to psexec to use the same context for powershell equivalents.</div>
<br />
Anonymoushttp://www.blogger.com/profile/06294049745644927723noreply@blogger.com0tag:blogger.com,1999:blog-4028119056322473062.post-18764119313517001152013-01-04T11:04:00.001-06:002013-01-04T11:04:13.888-06:00Poor Man's MRTG on Windows 2008<div class="separator" style="clear: both; text-align: center;">
</div>
I'm trying to see what impact the "Configuration Manager 2007 Client Status Reporting" tool may give if it is enabled for 20K+ workstations running from a central site with 2 other primary sites and loads of secondary sites beneath the primaries. When I came on board, the tool was already configured to ping all inactive clients for the entire site hierarchy without any perceived negative impact.<br />
<br />
<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: right; margin-left: 1em; text-align: right;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEicn1bxwmX0PkWxRDqp7nyDzHugVCp5bAMo2r_3Anm8NLS1qh-cFMGpkw6NGBimlGtAbvrtlhPYug10KMwlYnlGcIpssPUMGIyon2ONktz30r3geZA4zgos-9IaVNuMk779GT91B9FngP6e/s1600/Network+Bandwidth9.png" imageanchor="1" style="clear: right; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" height="135" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEicn1bxwmX0PkWxRDqp7nyDzHugVCp5bAMo2r_3Anm8NLS1qh-cFMGpkw6NGBimlGtAbvrtlhPYug10KMwlYnlGcIpssPUMGIyon2ONktz30r3geZA4zgos-9IaVNuMk779GT91B9FngP6e/s320/Network+Bandwidth9.png" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Once the data is collected don't forget to click on the graph tool</td></tr>
</tbody></table>
My question and purpose was to figure out if we could enable the policy request from the management points without greatly impacting the environment or if we needed to re-architect the tool to install on each primary site and have the tool only focus on it's own site. This is the recommended design if you have slow network connectivity between your sites.<br />
<br />
Of course slow network connectivity between sites is always subjective and changes over time. Today a 128k WAN link is slow, whereas it was screaming fast in the 1990s. What I'm trying to say, is that it always depends on what else is trying to be pushed through your network connection. That means that it is time to measure network bandwidth usage before and after implementation.<br />
<br />
I don't have a working relationship with anyone on the networking team, otherwise I would ask someone there to show me the link usage using their reports. What I really wanted to do was run my own <a href="http://oss.oetiker.ch/mrtg/">MRTG </a>on just the server to see if I could find out how much more bandwidth this new setting may inflict. Since <a href="http://oss.oetiker.ch/mrtg/">MRTG </a>is a perl script and this is on a Windows computer, I wanted to see if I could somehow make Performance Monitor work the same way as MRTG which checks the SNMP settings on routers every 5 minutes by default.<br />
<br />
I was lucky and found out that the server already had the SNMP service installed which is necessary in order to monitor the Network Interfaces. I then created a new Data Collector Set which you can see from the steps that I took below. I found the Performance tools to watch from the Microsoft site: <a href="http://technet.microsoft.com/en-us/magazine/dd722745.aspx">Monitor and Tune Network Bandwidth and Connectivity</a><br />
<br />
What I like best about this method was that it only took 704 KB to monitor overnight. This is something you could set to run for 3 days at a time without any concern.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="clear: right; margin-bottom: 1em; margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKn9ZXPJDta8-Qr5YJuY6kdXnuQSMn1WlRs2hl8ldT4oPhyphenhypheneVAwtWU592M8yje5Z4lSgu27Ko74Xphsb24CHMThdry33Kb2W419NZxtBxpnnaikL2VCf_TfuwjUDl8X2YxfIAiGgY5e2xn/s1600/Network+Bandwidth1.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="236" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKn9ZXPJDta8-Qr5YJuY6kdXnuQSMn1WlRs2hl8ldT4oPhyphenhypheneVAwtWU592M8yje5Z4lSgu27Ko74Xphsb24CHMThdry33Kb2W419NZxtBxpnnaikL2VCf_TfuwjUDl8X2YxfIAiGgY5e2xn/s320/Network+Bandwidth1.png" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Make sure to choose: Create manually (Advanced)</td></tr>
</tbody></table>
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLOfQeB39Ad0p4z-hTLUUZ1__4Ll-VCZLZbPRyjqpwoSRAE9CyWdL5PqLZFMrmXZZFtd0RcP6qw1FaIldPy_ztAaxxiONpmoRWDpEUSG7f-e8gltTOQi_r67VVraXmrhyphenhypheneVu60Y0q7v_K8/s1600/Network+Bandwidth2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="236" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLOfQeB39Ad0p4z-hTLUUZ1__4Ll-VCZLZbPRyjqpwoSRAE9CyWdL5PqLZFMrmXZZFtd0RcP6qw1FaIldPy_ztAaxxiONpmoRWDpEUSG7f-e8gltTOQi_r67VVraXmrhyphenhypheneVu60Y0q7v_K8/s320/Network+Bandwidth2.png" width="320" /></a></div>
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZo3mW2kboIdAUDG2_Pk8LAIim9tGc5zmCzVspqxC9EGNov9akYTblnAW_8h88KwS08vvWkeF-4coC_9nZRQeuNaaiYub0UcD42fPtvtla5CXxSVVqxq_hk9urTGWX1hIqYkKvYgCYuREq/s1600/Network+Bandwidth3.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="235" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZo3mW2kboIdAUDG2_Pk8LAIim9tGc5zmCzVspqxC9EGNov9akYTblnAW_8h88KwS08vvWkeF-4coC_9nZRQeuNaaiYub0UcD42fPtvtla5CXxSVVqxq_hk9urTGWX1hIqYkKvYgCYuREq/s320/Network+Bandwidth3.png" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">These options are only available once you install Microsoft's SNMP service</td></tr>
</tbody></table>
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjVxfKt1sxK0BhyphenhyphenlfAu_0unYyNWM-W3XcqvXBwR1-fcA7k9DyuXsLAwW2hjIrwYYHRsBxxgknfmS9qeqABYt5e6j_9G9HImBwfJIZs00MyWhGKImCKXg4bcJVsqNwFepiesx-Yx4SZ7KsM2/s1600/Network+Bandwidth4.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="238" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjVxfKt1sxK0BhyphenhyphenlfAu_0unYyNWM-W3XcqvXBwR1-fcA7k9DyuXsLAwW2hjIrwYYHRsBxxgknfmS9qeqABYt5e6j_9G9HImBwfJIZs00MyWhGKImCKXg4bcJVsqNwFepiesx-Yx4SZ7KsM2/s320/Network+Bandwidth4.png" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">I set the collection interval to 5 minutes which matches MTRG's default</td></tr>
</tbody></table>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgMxA4ylezk__F11deh9Fe69TZHmZlTtzQRWovA_9TvCWcnfE97Qu-aox8oFt8h64AQ5hUPgSkk4CIbtOyuJweDdSWWPFOQcb4FmGeWC2R4-K0OjCIp-cjm0kWPCDi9MxjgdggGcBLPhyphenhyphenYk/s1600/Network+Bandwidth8.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgMxA4ylezk__F11deh9Fe69TZHmZlTtzQRWovA_9TvCWcnfE97Qu-aox8oFt8h64AQ5hUPgSkk4CIbtOyuJweDdSWWPFOQcb4FmGeWC2R4-K0OjCIp-cjm0kWPCDi9MxjgdggGcBLPhyphenhyphenYk/s320/Network+Bandwidth8.png" width="288" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">I added a default maximum of 3 day collection </td></tr>
</tbody></table>
<br />
<br />
<br />
<br />
<br />Anonymoushttp://www.blogger.com/profile/06294049745644927723noreply@blogger.com0tag:blogger.com,1999:blog-4028119056322473062.post-52213886620619188572012-12-03T12:27:00.001-06:002012-12-03T12:27:39.272-06:00Christjan's IT Minutes » Dynamically fix invalid ClientKeyData issue on central site<a href="http://blog.itminutes.net/?p=867">Christjan's IT Minutes » Dynamically fix invalid ClientKeyData issue on central site</a>: <br />
<br />
Great little article to fix DDR ClientKeyData mismatch messages from a central site in SCCM 2007.Anonymoushttp://www.blogger.com/profile/06294049745644927723noreply@blogger.com0tag:blogger.com,1999:blog-4028119056322473062.post-80841875629355344632012-11-02T12:15:00.006-05:002013-02-22T11:37:33.311-06:00SCCM Console Permission Issue<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLFzxrzAMMRWlMLSyGB9zBO68BevNtt4j0otAysgNM0hlRvOSNNLtyFcsgeFPc4HhWCR2ju6lHMYwOz3UVwUL_cPJXeS_YsaN3e2qzirLGg94g4DwIKgarnXqdP3UMaHCX7iQV6nxPuA5I/s1600/SCCM+console+issue.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="122" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLFzxrzAMMRWlMLSyGB9zBO68BevNtt4j0otAysgNM0hlRvOSNNLtyFcsgeFPc4HhWCR2ju6lHMYwOz3UVwUL_cPJXeS_YsaN3e2qzirLGg94g4DwIKgarnXqdP3UMaHCX7iQV6nxPuA5I/s320/SCCM+console+issue.png" width="320" /></a></div>
Normally setting up SCCM permissions is pretty straight-forward. However, a couple weeks ago we applied a couple server patches and rebooted our central site server. By Monday, our level 2 help desk users stopped having access to the SCCM console. First we tried checking to see what changed over the weekend. Did someone modify an AD group?<br />
<br />
<br />
Here was the main Microsoft article that we were focused on. Unfortunately we didn't see the helpful tasks at the bottom until today.<br />
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0NhXocau0MqfTMoDMMDaV7z-YIYot2o7wq0Hc3AGuuCJePgYebzw3LH47cnS9z6sqvjMsr9-a69IPgFY96cTAvrDXbVAs03LYJdQUUzMXhkaNCB8uWJ2U1pU3K1MlVja_WccVIHVY3Kkw/s1600/WMI+Permission.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0NhXocau0MqfTMoDMMDaV7z-YIYot2o7wq0Hc3AGuuCJePgYebzw3LH47cnS9z6sqvjMsr9-a69IPgFY96cTAvrDXbVAs03LYJdQUUzMXhkaNCB8uWJ2U1pU3K1MlVja_WccVIHVY3Kkw/s320/WMI+Permission.png" width="264" /></a><a href="http://technet.microsoft.com/en-us/library/bb932213.aspx">http://technet.microsoft.com/en-us/library/bb932213.aspx</a><br />
<br />
We got trapped looking at DCOM permissions shown under this article.<br />
<br />
<a href="http://technet.microsoft.com/en-us/library/bb633148.aspx">http://technet.microsoft.com/en-us/library/bb633148.aspx</a><br />
<br />
When we finally looked at WMI permissions by using this test.<br />
<br />
<a href="http://technet.microsoft.com/en-us/library/bb932190.aspx">http://technet.microsoft.com/en-us/library/bb932190.aspx</a><br />
<br />
After finding a problem connecting to the WMI namespace, we then used this article to recreate the correct permissions for the local "SMS Admins" group.<br />
<br />
<a href="http://technet.microsoft.com/en-us/library/bb932151.aspx">http://technet.microsoft.com/en-us/library/bb932151.aspx</a><br />
<br />
<br />
<br />Anonymoushttp://www.blogger.com/profile/06294049745644927723noreply@blogger.com1tag:blogger.com,1999:blog-4028119056322473062.post-78662124431546459242012-09-11T14:12:00.004-05:002012-09-11T14:12:33.171-05:00SCCM 2007 Windows 7 Project Dashboard<div class="separator" style="clear: both; text-align: left;">
My major project for this year is preparing, designing, and building a process and methodology for upgrading 5000+ XP workstations to Windows 7 at the hospital. Upgrading to Windows 7 is a major project and took a number of resources. Me and my partner were only responsible for building the OS and using the SCCM tools. There was a Desktop Manager to handle purchasing the hardware and make decisions on where that hardware us used. There was a project manager who was very useful just keeping everybody in line and keeping track of what was said in previous meetings. There was an Applications Manager who managed a team of individuals who would have to test all our applications with Windows 7 (later on Windows 7 with 64-bit). And of course we had a Desktop Team lead who managed the resources necessary for moving hardware around and interfacing with the customer/clients.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
The project started in January as a hardware attrition model whereby we would replace XP workstations with new hardware with Windows 7. Not surprisingly, we only received the budget to replace 10-12% of our inventory. If anyone is keeping track, that would put the end date for this project at best into 2020 and at worst 2022 -- time for plan B, upgrading current hardware.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
It took my partner and I three months to build a decent Windows 7 Operating System Deployment task sequence. From there we added local User State Migration but asked for some direct Microsoft Professional Field Engineer (PFE) to verify our process and make sure that we approached USMT for 5000 without too much egg on our face. Microsoft helped us leverage Microsoft Deployment Toolkit (MDT) 2012 and tweaked our USMT. Best of all they gave the USMT the stamp of approval for which I was looking.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGzu85MHogQ3fabJlGdxTMyIQ5Shy5aD4wqJki3ga8lZkRVPhq49PzYsS8OTO5tcC3iPTZ5CnGBYeDyXx8pQTelUsZS2ZKTirZRbJ42zuzmgEic5vITLj5QdlwswPLXeCXkNqhgob2NtkX/s1600/Window+7+Project+Dashboard.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="118" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGzu85MHogQ3fabJlGdxTMyIQ5Shy5aD4wqJki3ga8lZkRVPhq49PzYsS8OTO5tcC3iPTZ5CnGBYeDyXx8pQTelUsZS2ZKTirZRbJ42zuzmgEic5vITLj5QdlwswPLXeCXkNqhgob2NtkX/s640/Window+7+Project+Dashboard.png" width="640" /></a></div>
<br />
Here is the Windows 7 Dashboard I built and the queries used to create it:<br />
<br />
Left side:<br />
<br />
<blockquote class="tr_bq">
SELECT OPSYS.Caption0 as C054, COUNT(*) AS 'Count'<br />FROM v_GS_OPERATING_SYSTEM OPSYS<br />inner join v_R_System sys on OPSYS.ResourceID=sys.ResourceID<br />join v_FullCollectionMembership SYS1 on SYS1.ResourceID=SYS.ResourceID<br />WHERE SYS1.CollectionID = 'CM0004C5'<br />GROUP BY OPSYS.Caption0<br />ORDER BY Count DESC</blockquote>
<br />
Right side:<br />
<br />
<blockquote>
DECLARE @daysleft int, @workdaysleft int, @targetdate datetime, @previousos nvarchar(30)<br />SET @previousos = '%Microsoft Windows XP%'<br />SET @targetdate = '2013-04-30'<br />SET @daysleft = DATEDIFF(day, GETDATE(), @targetdate)<br />SET @workdaysleft = (@daysleft*5)/7<br />SELECT<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>CAST(GETDATE() AS nvarchar(30)) AS 'Today',<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>CAST(@targetdate AS nvarchar(30)) AS 'Target Date',<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>@daysleft AS 'Days Left',<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>@workdaysleft AS 'Work Days Left',<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>OPSYS.Caption0 as 'Previous OS',<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>COUNT(*) AS 'Count',<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>COUNT(*)/@workdaysleft AS 'Upgrades Per Day'<br />FROM v_GS_OPERATING_SYSTEM OPSYS<br />inner join v_R_System sys on OPSYS.ResourceID=sys.ResourceID<br />join v_FullCollectionMembership SYS1 on SYS1.ResourceID=SYS.ResourceID<br />WHERE SYS1.CollectionID = 'CM0004C5'<br />AND OPSYS.Caption0 like @previousos<br />--WHERE SYS1.CollectionID = @CollID<br />GROUP BY OPSYS.Caption0<br />ORDER BY OPSYS.Caption0</blockquote>
<br />
Anonymoushttp://www.blogger.com/profile/06294049745644927723noreply@blogger.com0tag:blogger.com,1999:blog-4028119056322473062.post-54663813561072425342012-08-24T09:35:00.000-05:002012-08-31T08:29:12.895-05:00Enterprise Auto-Login Application for Windows DesktopHere is a wishlist for an Enterprise Auto-Login application for the hospital where I work.<br />
<br />
First the behind-the-scene story: We have a high number of shared workstations that do not rely on Windows Authentication for security but instead opt for Application specific authentication. These are kiosk stations where person after person needs to walk up, log into the application, read or post medical information and walk away. Medical standards require us to use application specific authentication for tracking access to patient records. Most of these devices are just Citrix windows into the medical applications.<br />
<br />
We are currently using a text file to comma-delimited the username, the password, and the computer name. We then have a login script that uses that parses that text file and populates the correct registry key for AutoLogin and ForceLogin.<br />
<br />
Here is what I brainstormed as a possible application that we could build in-house or outsource. I couldn't find any <a href="http://www.logonexpert.com/">comparable application</a> on the market. If anyone wants to run with this idea, just let me know so that our hospital can buy it :)<br />
<br />
<br />
<ul>
<li>Switch to using Microsoft's AD Lightweight database (LDAP) or some other SQL application</li>
<li>encrypt and salt the password field with sha256 hash</li>
<li>No person ever needs to know the password so the passwords should be randomly generated</li>
<li>the passwords should change every 30 days</li>
<li>The username can be randomly generated but needs to have some pattern (ie. auto-FF342D)</li>
<li>The table would be basic computername, username, and hashed password</li>
<li>This application should have the AD rights to create usernames and modify passwords</li>
<li>If a password gets lost in transit, just recreate a new password</li>
</ul>
<div>
Right now the client uses the login script to read from the text file and create the correct registry changes so an equivalent program or script would need to be run on the workstations.</div>
<div>
<ul>
<li>Read content from the database and query based on the computername</li>
<li>Modify the local registry if it finds a match</li>
<ul>
<li>AutoLogon = 1</li>
<li>ForceLogon = 1 or 0</li>
</ul>
<li>My understanding from <a href="http://technet.microsoft.com/en-us/sysinternals/bb963905.aspx">SysInternals Autologon</a> application that there is a better way to store <a href="http://blogs.technet.com/b/doxley/archive/2009/04/22/safely-setting-autologon-for-windows.aspx">passwords in the registry</a></li>
<li>When no match is found in the database, the local app should reset AutoLogon = 0</li>
</ul>
</div>
Anonymoushttp://www.blogger.com/profile/06294049745644927723noreply@blogger.com0tag:blogger.com,1999:blog-4028119056322473062.post-9764745416211739512012-05-14T09:07:00.001-05:002012-05-14T09:07:20.278-05:00Root Droid Incredible from 2.3.4<br />
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglP9GWDQJmYi8uhhovBZxjrdUz-yapuYuxQip8JhrkE_gOyJ7k87TU4xOU-QY8RUF0sZzFsBVTT5IMxvW_L-RJmiXSByfSUvKWNatv4ZXHeND4CJWMFvksNcMFeUXE8E3BwCwc1DO1wAFO/s1600/Screenshot_2012-05-14-08-15-18.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img alt="ICS Home Screen" border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglP9GWDQJmYi8uhhovBZxjrdUz-yapuYuxQip8JhrkE_gOyJ7k87TU4xOU-QY8RUF0sZzFsBVTT5IMxvW_L-RJmiXSByfSUvKWNatv4ZXHeND4CJWMFvksNcMFeUXE8E3BwCwc1DO1wAFO/s320/Screenshot_2012-05-14-08-15-18.png" title="Droid Incredible ICS Home Screen" width="192" /></a>I wasn't able to follow any other advice on how to root my Droid Incredible once I upgraded to Verizon's Gingerbread 2.3.4. I found some articles describing how to <a href="http://forum.xda-developers.com/showthread.php?t=1306400">downgrade the firmware</a> and then use <a href="http://unrevoked.com/#inc">unrevoked</a> to root the phone but I had no luck getting these instructions to work. Instead, I followed my own path using <a href="http://htcdev.com/bootloader/">HTC's bootloader unlock tool</a> which was released for the Droid Incredible.<br />
<br />
My only complaint with HTC's bootloader unlock tool was the necessity for using Windows to unlock the phone. I attempted to use <a href="http://www.winehq.org/">Wine</a> under Ubuntu with no success. I have a virtual Windows 7 using <a href="https://www.virtualbox.org/">VirtualBox</a> that may have worked but I was tired and decided to use another computer in my office.<br />
<br />
My Goal:<br />
<blockquote class="tr_bq">
Install <a href="http://www.cyanogenmod.com/">CyanogenMod</a> and try out an Ice Cream Sandwich build CM9</blockquote>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNnucmezzfSLeeEdf3dmLgVNXOcaZNYLIQpk1Duf5fveWKaW3r1FDJnNepbk5bFDjPlOmYeoudr_I0oLHjcy9lizKA-RNKuzJlLVLYAqvsb7y_Q7QXqTVgsbMgjpsgRZJCMpNNpYgPgLxC/s1600/Screenshot_2012-05-14-08-15-57.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img alt="ICS Version Confirmation" border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNnucmezzfSLeeEdf3dmLgVNXOcaZNYLIQpk1Duf5fveWKaW3r1FDJnNepbk5bFDjPlOmYeoudr_I0oLHjcy9lizKA-RNKuzJlLVLYAqvsb7y_Q7QXqTVgsbMgjpsgRZJCMpNNpYgPgLxC/s320/Screenshot_2012-05-14-08-15-57.png" title="Droid Incredible ICS Version Confirmation" width="192" /></a>Issues with Ice Cream Sandwich on Droid Incredible at the time of writing:<br />
<br />
<ol>
<li>Video Recording doesn't seem to work -- other camera functions seem to work just fine</li>
<li>Once rooted, can't rent Movies from Google Play store.</li>
<li>Netflix fails playing back video -- Audio works with a blank picture, there are reports that the DRM is broken and won't be fixable</li>
<li>Composite video output via special cable has never worked on CyanogenMod and I didn't expect it to magically work. I believe, HTC created the video output prior to Android having an API for HDMI outputs let alone working with composite video.</li>
<li>I don't have Verizon service on this phone any longer so I can't test phone functionality but I was able to get it to call *228 to try to register with Verizon and I have gotten phone to work with previous versions of CyanogenMod.</li>
</ol>
<br />
<br />
You will need:<br />
<br />
<ol>
<li>One Microsoft Windows Computer to unlock the bootloader</li>
<li>One Compuer (Can be the same computer as above) with Android SDK tools (adb) -- Ubuntu Linux is my main computer</li>
<li>One Droid Incredible with USB Debugging turned on</li>
<li>One SD Card -- I'm using a 16 GB card. SD content is not touched following my instructions but be careful there are some options that will format your card and then your backups and other content will be deleted.</li>
</ol>
Definitions and Concepts:<br />
<br />
<ol>
<li>Bootloader: the BIOS of the phone -- Navigate through this using Volume Up/Down and Power Button as the Enter key</li>
<li>Recovery: Recovery partition and application used to reset the phone to factory defaults. Can be customized using CyanogenMod's Clockwork recovery which gives more flexibility than Verizon/HTC's stock recovery</li>
</ol>
<div>
Here are the steps:</div>
<div>
<ol>
<li>Follow HTC's instructions for unlocking the bootloader on the Droid Incredible</li>
<li>Reboot the unlocked phone to Bootloader by holding the Volume Down while pressing Power to turn on the phone.</li>
<ol>
<li>Select Fastboot (not available if device is not unlocked) (Use Volume Up/Down to select and the Power Button as Enter Key in this mode)</li>
<li>Download or compile fastboot for your OS of choice (Again I'm using Ubuntu Linux)</li>
<li>run 'fastboot flash recovery recovery-clockwork-5.0.2.0-inc.img'</li>
<li>run 'fastboot reboot'</li>
<li>Hold the Volume Down key while booting to get to the Bootloader and Choose 'Recovery' to start the recovery-clockwork application.</li>
</ol>
<li>Clockwork Recovery</li>
<ol>
<li>First let's make a backup of Verizon's 2.3.4 Droid Incredible -- Choose 'backup and restore' (In this application Volume Up/Down are used for selection and the optical joystick button is used for Enter -- Power Button is now used as a screen saver)</li>
<ol>
<li>This will save the backup to a folder on the sdcard under clockworkmod</li>
</ol>
<li>Choose to install zip from sdcard</li>
<li>Navigate to %ICS%.zip</li>
<li>After successfully applying the image zip, then choose 'wipe data/factory reset'</li>
<ol>
<li>This is done because we are using an entirely different system -- there is no easy upgrade path. Without the factory reset you may get a number of errors</li>
</ol>
<li>Next we need to apply the gapps zip for CM9</li>
<li>Finally 'reboot system now' and wait for ICS to build some packages for the first time.</li>
</ol>
</ol>
</div>
<div>
I'll try to fill in more details and take some pictures of the Bootloader and the Recovery Screens.</div>Anonymoushttp://www.blogger.com/profile/06294049745644927723noreply@blogger.com0tag:blogger.com,1999:blog-4028119056322473062.post-22835949098073116152012-05-04T11:02:00.000-05:002012-05-04T11:02:06.613-05:00Achieved Handbrake on Ubuntu 12.04 Precise PangolinI upgraded to Ubuntu's newest version 12.04 Precise Pangolin earlier this week and ran into a problem with <a href="http://handbrake.fr/">Handbrake</a> working. The website offers a <a href="https://launchpad.net/~stebbins/+archive/handbrake-releases">ppa repository</a> that unfortunately does not have an updated binary package or repository for the new version of Ubuntu.<br />
<br />
Being from old school Debian :) I knew that there was some ~easy way to install Handbrake through the deb-src of the older version of the source repository. Add this to your /etc/apt/source.list or /etc/apt/source.list.d/stebbins-handbrake-releases-precise.list<br />
<blockquote class="tr_bq">
deb-src http://ppa.launchpad.net/stebbins/handbrake-releases/ubuntu oneiric main</blockquote>
Then run 'sudo apt-get update' or 'sudo aptitude update' to update the local software database.<br />
<br />
Follow these steps that I got from <a href="http://www.debian.org/doc/manuals/debian-faq/ch-pkg_basics.en.html">Debian's Manual</a>:<br />
<br />
<pre><div style="font-family: 'Times New Roman'; white-space: normal;">
</div>
<ol>
<li>Now, first get the source package:</li>
<ol>
<li> apt-get source foo</li>
</ol>
<li>and change to the source tree:</li>
<ol>
<li> cd foo-*</li>
</ol>
<li>Then install needed build-dependencies (if any):</li>
<ol>
<li> sudo apt-get build-dep foo</li>
</ol>
<li>Then create a dedicated version of your own build (so that you won't get confused later when Debian itself releases a new version)</li>
<ol>
<li> dch -l local 'Blah blah blah'</li>
</ol>
<li>And finally build your package</li>
<ol>
<li> debuild -us -uc</li>
</ol>
<li>If everything worked out fine, you should now be able to install your package by running</li>
<ol>
<li> sudo dpkg -i ../*.deb</li>
</ol>
</ol>
</pre>Anonymoushttp://www.blogger.com/profile/06294049745644927723noreply@blogger.com1tag:blogger.com,1999:blog-4028119056322473062.post-57630591557726786052012-05-01T08:59:00.000-05:002012-05-01T08:59:28.802-05:00SCCM 2007 Reboot ReportWe unfortunately have some devices inside our hospital that cannot be rebooted after applying updates. These are not critical patient care devices but they are used sporadically 24/7 and therefore we cannot schedule a clean reboot. For example, we have a computer that is being used during a sleep study that is not directly used all night long (cannot click postpone reboot) but that nevertheless needs to be managed. Our current solution is to apply updates to a specific group of computers and then have our application team manage rebooting those machines at their convenience.<br />
<br />
We needed a report that could be used to show when the last time a computer was rebooted based off of a collection. This is what I was able to come up with:<br />
<br />
<br />
<blockquote class="tr_bq">
SELECT DISTINCT<br />
sys.netbios_name0 AS [Computer Name],<br />
[Top Console User] = CASE<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span> when (v_GS_SYSTEM_CONSOLE_USAGE_MAXGROUP.TopConsoleUser0 is NULL or v_GS_SYSTEM_CONSOLE_USAGE_MAXGROUP.TopConsoleUser0 = '-1')<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span> then 'Unknown'<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span> Else v_GS_SYSTEM_CONSOLE_USAGE_MAXGROUP.TopConsoleUser0<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span> End,<br />
CONVERT(VARCHAR(10),os.LastBootUpTime0,101) AS [Bootup Time],<br />
Datediff(dd, os.LastBootUpTime0, GetDate()) AS [Days Since Last Reboot],<br />
CONVERT(VARCHAR(10),wss.LastHWScan,101) AS [Last Inventory]<br />
FROM<br />
dbo.v_R_System_Valid AS sys<br />
LEFT JOIN dbo.v_GS_Operating_system AS os<br />
ON sys.resourceID = os.resourceID<br />
LEFT JOIN dbo.v_GS_Workstation_Status AS wss<br />
ON sys.resourceID = wss.resourceID<br />
left join v_GS_SYSTEM_CONSOLE_USAGE_MAXGROUP on (v_GS_SYSTEM_CONSOLE_USAGE_MAXGROUP.ResourceID = sys.ResourceID)<br />
inner join v_FullCollectionMembership on (v_FullCollectionMembership.ResourceID = sys.ResourceID)<br />
WHERE<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>v_FullCollectionMembership.CollectionID = @CollectionID <br />
ORDER BY<br />
[Days Since Last Reboot] DESC</blockquote>
<br />
<br />Anonymoushttp://www.blogger.com/profile/06294049745644927723noreply@blogger.com0tag:blogger.com,1999:blog-4028119056322473062.post-22575026105447751182012-01-27T17:52:00.000-06:002012-01-27T17:59:09.566-06:00Kindle Fire 6.2.2 on Linux<a href="http://www.geek.com/articles/gadgets/how-to-root-the-kindle-fire-20111223/">How to root the Kindle Fire (updated for 6.2.2) – New Tech Gadgets & Electronic Devices | Geek.com</a>:<br />
<br />
This is a great guide but missed some critical differences when trying to work on a Linux machine (probably a Macintosh too)<br />
<div>
<br /></div>
<div>
On step 2, you need to make 2 changes on Linux. One found under your local android preferences folder ~/.android/adb_usb.ini</div>
<div>
1. Add <span style="background-color: white; color: #333333; font-family: arial, sans-serif; font-size: 13px; line-height: 16px; text-align: -webkit-auto;">0×1949</span></div>
<div>
2. Add 3 lines to your /etc/udev/rules.d/51-android.rules</div>
<div>
<div>
# Amazon Kindle Fire</div>
<div>
SUBSYSTEM=="usb", ATTR{idVendor}=="1949", MODE="0666", GROUP="plugdev"</div>
<div>
SUBSYSTEM=="usb", ATTR{idVendor}=="1949", ATTR{idProduct}=="0006", SYMLINK+="android_adb"</div>
<div>
SUBSYSTEM=="usb", ATTR{idVendor}=="1949", ATTR{idProduct}=="0006", SYMLINK+="android_fastboot"</div>
</div>
<div>
<br /></div>
<div>
<a href="http://aur.archlinux.org/packages.php?ID=51476">http://aur.archlinux.org/packages.php?ID=51476</a><br />
<br />
On step 3 they forgot to tell you to download a <a href="http://140.239.234.172/files/su">SU Binary</a><br />
<br />
<a href="http://channelandroid.com/2011/08/25/droid3-with-superuser-and-su/">http://channelandroid.com/2011/08/25/droid3-with-superuser-and-su/</a><br />
<br />
Here are the next steps for TWRP 2.0 installed<br />
<br />
<br />
<div style="background-color: white; color: #555555; font-family: 'Lucida Sans Unicode', arial; font-size: 12px;">
<a href="http://techerrata.com/file/twrp2/twrp-blaze-2.0.0RC0.img" style="color: #3792af;">twrp-blaze-2.0.0RC0.img</a></div>
<div style="background-color: white; color: #555555; font-family: 'Lucida Sans Unicode', arial; font-size: 12px;">
Download file above. Execute the commands below from the command prompt with your Kindle connected to the PC.</div>
<div style="background-color: white; color: #555555; font-family: 'Lucida Sans Unicode', arial; font-size: 12px;">
adb shell</div>
<div style="background-color: white; color: #555555; font-family: 'Lucida Sans Unicode', arial; font-size: 12px;">
su</div>
<div style="background-color: white; color: #555555; font-family: 'Lucida Sans Unicode', arial; font-size: 12px;">
idme bootmode 4002</div>
<div style="background-color: white; color: #555555; font-family: 'Lucida Sans Unicode', arial; font-size: 12px;">
fastboot -i 0x1949 boot twrp-blaze-2.0.0RC0.img</div>
<div style="background-color: white; color: #555555; font-family: 'Lucida Sans Unicode', arial; font-size: 12px;">
<br /></div>
<div style="background-color: white; color: #555555; font-family: 'Lucida Sans Unicode', arial; font-size: 12px;">
<a href="http://teamw.in/project/twrp2/79">http://teamw.in/project/twrp2/79</a></div>
</div>Anonymoushttp://www.blogger.com/profile/06294049745644927723noreply@blogger.com0