Software
This section looks at what is new in the world of software (Operating Systems included) and how to take best advantage of what is out there.
Recently I came across a need to update the BIOS of a number of Dell PCs, given that the PCs were due to be re-imaged it made sense to perform the update as part of the System Centre Configuration Manager 2012 task sequence process.
To kick this process off you will need
- A need to update the BIOS – you should only update the BIOS on a PC if a later revision fixes a particular issue you are having (in my case it was a wake on LAN issue)
- The BIOS update files from the Dell Support site – on occasion you may need to perform a staged update process, for example on the Dell Optiplex 390 to go from Revision A01 to A10 you must first update to A02.
The first step of this process requires that you put the BIOS update in as a Package, follow the guide below to see how this is done.
Please note – this guide only applies to the ‘newer’ packaged style of Dell BIOS updates, the steps to identify if you have one of the newer style packages can be seen in the first three screen shots.
Next you need to include the package in the SCCM task sequence, during the process you will need this WMI query (contained within the download to make copy/paste easy)
BIOS WMI query (83 bytes, 39 hits)
A few points to note
- You do not want the BIOS update to trigger the restart – (I have never been able to get this to work without causing a error and stopping the task sequence)
- If you have one of the older BIOS versions you may find this list of legacy command line switches useful.
When it comes to SCCM 2012 you have a powerful bit of software to deploy software updates and applications however all of this is worthless without the SCCM 2012 client which must first be installed.
This client comes as part of any task sequence that you configure however what if you have PCs that have been previously imaged or have an older version of the client?
In this case I prefer to fall back to good old GPO/MSI deployment; Microsoft does have an article on it in Technet http://technet.microsoft.com/en-US/library/gg712298.aspx however its far from descriptive so for a full guide on deploying the System 2012 Config Manager Client see the screen shot sequence below.
Lets imagine that for the past few years software has been deployed using Group Policy Software Installation and that a single server has been used to store the MSIs.
The only issue is you now want to move the MSIs to another server or even better are looking to move the MSIs to a DFS share.
The ovious option would be to remove and reassign the software packages pointing them at the new path; the issue here is that the software would then go and reinstall its self on all of your PCs!
A better option is to use ADSI edit to change the paths that already exist without having to reassign the software. The procedure in the screen shot sequence below uses the instructions found at this Microsoft KB – http://support.microsoft.com/kb/2395088.
PDF is quite possibly one of my favourite web technologies – if nothing else it is my #1 way to share files with others knowing that when they go to view/print them it will look precisely the same as it does on my PC.
The great thing about Adobe PDF reader is its very easy to fully customize the installation without having to use Orca.
In this guide I am looking to, deploy Adobe Reader 11 to all of my clients using group policy software deployment, remove older versions of reader, prevent auto update prompts, accept the EULA for my users, remove the desktop shortcut, make Adobe Reader the default PDF viewer and turn off Protected View (I find it causes more issues than it solves).
A few things you will need
- Adobe Reader deployment resources site (lots of good things to read!) - http://www.adobe.com/uk/products/acrobat/it-resources.html
- Adobe Customization Wizard – http://www.adobe.com/devnet-docs/acrobatetk/tools/Wizard/index.html
- Adobe Reader Licence website (you need this to deploy) – http://www.adobe.com/go/rdr_apply_dist/
If you do not want to go through the Customization Wizard phase and are happy with the settings I will be using you can download the transform file from the ZIP file below.
Adobe Reader 11 Transform (8.0 KiB, 356 hits)
So all thats left now is to follow the screen shots below and get Adobe Reader 11 out to your users!
Adobe Flash Player has to be one of the most valuable bits of software ever created, yes HTML5 is taking over for some things but all the same I don’t see Flash disappearing anytime soon.
As such its important to keep Flash updated in your Enterprise. The one pain I’m sure everyone has come across at some stage is your end users getting the prompt to update Flash themselves (see right).
So what I will show you how to accomplish in this guide is
- Obtain and Deploy a MSI for Adobe Flash Player to 32 and 64bit PCs that use Internet Explorer
- Make it so that your users do not get Flash update prompts
A few things you will need
- A read of the Adobe Flash Enterprise Deployment Guide – http://www.adobe.com/devnet/flashplayer/articles/flash_player_admin_guide.html
- A licence to deploy Adobe Flash Player (its the only way to get at a MSI that will work) – http://www.adobe.com/products/players/flash-player-distribution.html
- Adobe Flash Tester (it will let you know if your deployment has worked or not) – http://www.adobe.com/software/flash/about/
As part of the setup process you will need to copy a mms.cfg file to some locations on your PCs, to make life simple a sample mms.cfg is included in the ZIP file download below along with the paths to where the files need to be copied to (all is explained in the setup guide).
MMS Config File (131 bytes, 77 hits)
32bit Windows – C:\WINDOWS\System32\Macromed\mms.cfg
64bit Windows – C:\Windows\SysWOW64\Macromed\Flash\mms.cfg
So lets get this ball rolling! For the steps on how to mash out Flash to your users follow the screen shot sequence below.
When deploying software the best way to edit the MSI (remove shortcuts/disable auto update features) is to do it is through a tool called Orca.
Orca is a Microsoft created tool that reaches into a MSI and changes settings inside it without having to repackage the MSI using other tools (e.g. WinInstallLE), the advantage of this method is you have a cleaner software install where repacking sometimes allows mistakes to creep in (e.g. random reg entry changes). Having said that some MSIs get poorly created by the software developers and so don’t allow this modification in the first place.
Either way Orca is a tricky tool to get installed and so the screen shot sequence below shows my way of getting it on your PC.
Before you go any further you will need this link – http://www.microsoft.com/en-gb/download/details.aspx?id=8442
I’m sure if you have ever spent any time looking after PCs you will soon come accross Java asking for updates; in a managed enviroment you wouldn’t want your users to see this prompt and the simple fix is to deploy Java properly.
Before I go any further I would like to thank the creator of this article – http://adminadventure.wordpress.com/ 2012/06/12/java-jre-deployment-via-group-policy/ which most of this article is based upon (with a few my world of IT tweaks).
A few things you will need
- A download of the Offline Installer for Java -
http://www.java.com/en/download/manual.jsp - The Orca tool MSI editor tool (part of the Windows 7 SDK) – a guide to installing it can be found here http://myworldofit.net/?p=1368
Since there are too many modifications in Orca to be included in the screen shots I have listed them in the table below instead (everything is in the Property table).
After a few requests the transform file (pre created) is now available in the ZIP file below
Java 7 Transform (943 bytes, 72 hits)
So now that you have everything you need just follow this screen shot series.
For a while now Skype have offered a MSI, a ADM template and a nifty little guide on Enterprise Deployment considerations but so far I haven’t found a decent guide which shows how to bring all of these components together to get Skype out there on your client PCs.
In this guide I will be looking to, deploy Skype 6.3 to my clients using GPO/MSI, remove the desktop shortcut, remove its ability to auto launch on login, restrict access to file transfers, put in proxy settings and prevent automated updates (among a few other things that can be done through GPO).
A few things you will need
- A read of the Enterprise Deployment guide (its from 2010 but is still valid) – http://www.skype.com/go/administrators.guide
- The MSI – http://www.skype.com/en/business/downloading/
- The ADM template (right click save target as) – http://download.skype.com/share/security/Skype-v1.7.adm
- The Orca tool MSI editor tool (part of the Windows 7 SDK) – a guide to installing it can be found here http://myworldofit.net/?p=1368
After a few requests the transform file (pre created as specified above) is now available in the ZIP file below
Skype 6 Transform (986 bytes, 170 hits)
The screen shot sequence below shows how to get everything rolling.
For a few days I’ve found that printers that have been published in Active Directory (from our 2008 R2 printer server) were not appearing in the directory or find printers tabs (see above). With about 120 printers deployed and only 5 showing up there had to be something wrong.
As it turns out the Printer Service was starting before the Server service which was causing a whole load of Errors in event log with error Event 315, PrintService being logged.
The printer spooler failed to share printer <printer name> with shared resource name <printer share name> Error 2114. The printer cannot be used by others on the network.
The fix in this case was to restart the Server service (and if the printers do not appear for a few minutes in directory restart the Printer Spooler service as well).
The reasoning behind this is the server service was starting up after the printer spooler service; because of this the printer service was trying to share out the printers and couldn’t (because the server service needs to be running to do this). A simple reboot of the whole server wouldn’t fix this as the same could just happen again where the services start up in the wrong order.
More details can be seen in the screen shots below.
A little while back I moved to Office 2013 (from 2010) however in the past few days I noticed that Windows Update wanted to install 2 updates – both of which would fail with error code 80024002D.
As it turns out this was a lingering update from Office 2010 that was trying to install, naturally as 2010 was now long gone there was nothing to update – hence the error message!
As Office 2010 was no longer in Add/Remove programs I had to resort to the Fix it program (save to your PC run in compatibility mode if you are on Windows 8) in Microsoft KB 290301.
Once I ran the Fix it program I refreshed Windows update and boom the problem was gone!
More in the screen shots below…
