Author Archives: Thomas.Marcussen

About Thomas.Marcussen

Technology Architect & Evangelist, Microsoft Trainer and Everything System Center Professional with a passion for Technology

Microsoft System Center Configuration Manager 2007 SP2 Evaluation

Posted on by
Reply
Brief Description
Configuration Manager 2007 SP2 Evaluation is a full version of the product that is valid for 180 days from the time of installation.

Overview

Service Pack 2 for Configuration Manager 2007 delivers new platform support for Windows 7 client, Windows Vista SP2, Windows Server 2008 R2 and Windows Server 2008 SP2. In addition, Service Pack 2 delivers continued innovation with Intel vPro technology, support for Branch Cache enabled environments, and continued development for 64 bit architectures.
Feature Summary

  • New Operating System Support
    • Windows 7
    • Windows Vista Sp2
    • Windows Server 2008 R2
    • Windows Server 2008 SP2
  • New Features in Out of Band Management
    In addition to providing feature parity with SP1 and AMT firmware versions 3.2.1, 4.0 and 5.0, the following new features are supported:

    • Wireless management with up to 8 wireless profiles
    • End point access control: 802.1x support
    • Audit logging
    • Support for different power states
    • Power control options at the collection level
    • Data storage
    • Scheduling configuration for in-band provisioning
  • Asset Intelligence Certificate Requirement Removal
    Configuration Manager Service Pack 1 introduced Asset Intelligence v1.5. This version allowed customers to configure an online synchronization to ensure that their catalog was up to date with the latest Microsoft inventory for both hardware and applications. This initial release required a certificate. With Service Pack 2, the requirement to have the certificate has been removed, so any customer can configure their Asset Intelligence capabilities to connect online and update their catalog. Software Assurance is not required for this functionality.
  • 64-bit Architecture Development
    Service Pack 2 will also continue to deliver new support for x64 architectures, including the following:

    • X64 support for Operations Manager 2007 Client Agent
    • Update to Management Packs for 64-bit operating systems – SP2 will ship 64-bit performance counters (the management pack is a separate release)
    • Remote control support added for x64 XP and x64 Server 2003
  • Improved Client Policy Evaluation
    • Faster policy processing
    • More efficient software distribution configured to run at user logon
  • Branch Cache Support
    Support for scenarios where Windows Server 2008 R2 and Windows 7 Client are present and Branch Cache is enabled

System Requirements

  • Supported Operating Systems: Windows 2000 Advanced Server; Windows 2000 Service Pack 4; Windows 7; Windows Embedded for Point of Service ; Windows Server 2003; Windows Server 2003 R2 (32-Bit x86); Windows Server 2003 R2 Enterprise Edition (32-Bit x86); Windows Server 2003 Service Pack 1; Windows Server 2003 Service Pack 2; Windows Server 2008 Datacenter; Windows Server 2008 Enterprise; Windows Server 2008 R2; Windows Server 2008 Service Pack 2; Windows Vista Ultimate
Download at: http://www.microsoft.com/downloads/details.aspx?FamilyID=3318741A-C038-4AB1-852A-E9C13F8A8140&displaylang=en

10 Ways to Secure Windows 7

Posted on by
Reply

Use the Windows 7 Firewall

The firewall in Windows 7 is a spin off of Windows Vista and is easy and is very secure and powerful. With features to secure you and step by step instructions, Windows 7’s firewall is a very powerful firewall that allows a detailed configuration giving the end user true protection from malicious threats.

Backup Your Data

Windows 7 allows you an easier to use backup option that allows you to walk through a step by step backup of your critical data. This option is often over looked by home users. The simple and easy to use backup allows the end user to backup their data in the event of a system crash. Microsoft Windows 7 allows for a system image to be created as well as files to be backed up.

Use Internet Explorer 8

A recent study showed Internet Explorer 8 beat out Firefox and other major browsers in protecting your computer. With SmartScreen Filter, this addition allows users to surf websites that are labeled in Microsoft’s database as legitimate or malicious. Go to the Safety menu for more information on how to enable this option. Cross-site scripting and other websites that are vulnerable are noted.

Enable BitLocker

This encryption can allow the entire volume of your computer to be secured. With BitLocker, you can encrypt the boot system and any removable media on your computer. With USB thumbdrives being portable, this is one of many ways you can encrypt your system. Third party software such as Truecrypt, blah and blah which are all Windows 7 compatiable, Windows 7 can be further encrypted to provide a strong barrier against data theft. Always save your encrypted information and passwords / phrases. Loss of these items can result in you losing your valuable information.

Updates and Patches

Microsoft years ago set aside security dates monthly to ensure computers had hotfixes / patches to ensure your computer is protected. Although these patches are for Windows, you should look at SUMo or Secunia to ensure your computer’s applications are also patched.

Antivirus / Antimalware

Ensuring your computer has protection against viruses and malware is essential. With the dozen or so applications that are free to use, these applications provide protection against the malicious injection of viruses or malware on your system. With zero day threats along with malicious activities found on thousands of websites, antivirus and antimalware protection allows further protection against these threats from infecting your computer.

Keep the UAC

Keeping the ‘what users call’ annoying UAC prompts helps you make the critical descisions in and when installing software. With smarter malware and viruses, the UAC helps you decide on what is legitimate and what may be a dangerous piece of software. Windows 7 allows you to adjust this protection agent. The UAC in Windows 7 is less annoying than Windows Vista. Microsoft has adjusted this feature to help the end user.

Sharing Information

When sharing out files or folders, make sure you only allow specified users to assess your data. With Windows 7 Folder and File sharing being easier than ever, you must specifiy individual users whom you wish to share the data. Never allow all users to veiw data and avoid appications such as P2P file sharing programs to share out information on your hard drive. Research has shown that using such software leaves users vulnerable to accidently placing files in the shared folder and users across the globe have access to the data in the shared folder.

Restricting User Access

Physical security plays an important role in computer security. Many homes and business allow the sharing of a common computer. Setup individual accounts to ensure users are logging in and creating their own sessions. Assign a user role to the computer user. Do not allow everyone to be an administrator of a common computer. This can result in many logistical nightmares from the addition of users you are unaware of, removal or addition of software and many other security nightmares. Always lock your computer when away from it for any period of time. You can do this by holding down the Windows key and hitting the ‘L’ key to lock it.

Using Email and the Internet Wisely

Many articles have been written warning users not to click fishy and unknown ads on the web, opening unknown email or going to websites that are malicious in nature. All of the information stated in these articles are true. Don’t open any email that you don’t know where it came from and don’t surf the web without surfing wisely. Restrict children from surfing the internet and control their surfing habits by using Windows 7’s Parental Controls with Web Filtering.

Conclusion

In conclusion, Windows 7 is secure out of the box. Using the above tips, the end user can further secure their system. By using antivirus, antimalware, UAC and other items, you can enhance the security of Windows 7 or any operating system.

Error creating MDT Boot Image

Posted on by
Reply

The error occurred after upgrading from SCCM SP1 to SCCM SP2.


I did a clean install of the SCCM with SP1 and after that i upgraded with SP2.

Seems to be related to the WAIK installtion that comes with SCCM SP1.
Remove the already install WAIK, Reinstall the latest WAIK.
That solved my problem.

the error shown in smsprov.log :
e:nts_sms_fresmssiteserversdk_providersmsprovsspbootimagepackage.cpp(2948) : Failed to read image property from the source WIM file due to error 80004005

Hypervisor not running

Posted on by
Reply

I’m running Windows Server 2008 R2 on my laptop and after I Hyper-V role the following error message showed, when trying to start a Hyper-V machine. Seems the Hyper-Visor entry was never made to the BCD store.

To add the hypervisor auto launch into the BCD store you’ll need to run the following command in administrator mode

bcdedit /set hypervisorlaunchtype auto

make sure virtualization feature is enabled in BIOS!

ConfigMgr OS Deployment – WDS and DHCP on same server Issue/Resolution

Posted on by
Reply

Recently I set up a Windows 2008 server with ConfigMgr 2007 SP1 (aka SCCM 2007) & wanted to do OS deployment.  I ran into some issues because this server was also a DHCP server, this post will address the high level steps I took to get this working.

  1. Installed WDS via the Add Roles Wizard
    • image
  2. Added the PXE service point role via ConfigMgr Admin Console
    • image
  3. Now all should be good right?  Nope, the WDS service would not start.  After some research I found the issue to be that WDS & DHCP both use port 67 by default.
    • To get around this the following registry change needs to be made (UseDHCPPorts = 0)
      • image
  4. I then removed and reinstalled the PXE service point and thought all was well – even the pxecontrol.log looked good (see below)
  5. Monitored PXEControl.log to ensure PXE was responding to tests
    • image
  6. So I tried to PXE boot a system and still no luck.  More research showed that I needed to accomplish two more steps
    • Initialize the WDSServer (wdsutil /initialize-server /reminst:G:RemoteInstall) – NOTE: Adjust the G:remoteinstall location to reality in your environment
      • image
    • Next you need to run the following command for the registry change made in step 3 to take affect
    • image
  7. The next test worked like a charm
    • image
    • image
    • image

Autorun keys for new users and/or add registry keys to HKEY_CURRENT_USER

Posted on by
Reply

its rather simple, create an entry in the “HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components” key. the entrees in this key is the stuff you se in the upper left hand corner during first log on. (the Personalized Settings box). Most if not all entries in this key will be in the GUID format, but it does not have to be..

Open REGEDIT and follow the instructions below.

image Right click Installed Components and click New KEY, and name the key {Z-UserSetup}. NOTE: The different keys are executed in number and alphabetical order, so to make sure our key is executed last we name it Z-“something” and put it in { }. Everything not in curly braces wile be executed first.
image In the new key create two new String Values (REG_SZ) and name them
StubPath and Version. StubPath has info on what we want to run, and could be any executable, script, run.dll e.t.c. Version will show in the Installed Components section in CURRENT_USER

(Default) will be the info showed in the Personalized settings box during logon. (can also be sat as @=”info”)

Now just reboot and log on with a different user, and notepad will be executed during logon.

If you want to set this with a script ,then here small one for disabling the Windows Media Player wizard.

Set oShell = CreateObject("WScript.Shell") 

RegPath="HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{Z-UserSetup}"
oshell.RegWrite Regpath & "Stubpath", "reg.exe add HKCUSOFTWAREMicrosoftMediaPlayerPreferences _
/v AcceptedPrivacyStatement /t REG_DWORD /d 1 /f", "REG_SZ"
oshell.RegWrite Regpath & "Version", "1.00", "REG_SZ"
oshell.RegWrite Regpath & "@", "Accept MP Privacy Statement", "REG_SZ"

you can add as many as you want, just remeber the execution order.

CONFIRMED – Windows 7 RTM, Server 2008, and Office 2010 Beta Leaked

Posted on by
Reply

Full details at: Windows7news.com

The previously rumored leak has been confirmed.

Wzor has placed the download links to the Windows 7 RTM on their home page, and it definitely the real deal. The build string is:
6.1.7600.16384.win7_rtm.090710-1945

Windows 7 7600 RTM (x64):
7600.16384.090710-1945_x64fre_client_en-us_Retail_Ultimate-GRMCULXFRER_EN_DVD.iso
Size: 3,224,717,312 bytes
CRC32: 1EE7DC6F
MD5: E6CE9644D0C7A8E1C950D257A7B2C8A4
SHA-1: 31849B315290EFABFD81F967ED3C553D82925E4C

Windows 7 Server 2008 RTM (x64):
7600.16384.amd64fre.win7_rtm.090710-1945.serverenterprise_en-us_vl. serverenterprise.vhd or file-tracker.ru
SIZE: 6,857,337,856 bytes
CRC: 2AA7974F
SHA1: EA13B569AD4EA4F34955D1FB8A7ADFF8A30297E6
MD5: EC65EE9F3B18F7A232F8B0073A02216A

Office 2010 Beta (x86):
14.0.4302.1000_Mondo_volume_ship_x86_en-us_wzt
Size: 798,101,835 bytes
CRC32: 8BE7AB28
MD5: 874AE2B75AD8FAF169784AFEC099B526
SHA-1: E8E13E9DF771314C2B8A615B4952A49DDE3C9117

Office 2010 Beta (x64):
14.0.4302.1000_Mondo_volume_ship_x64_en-us_wzt
Size: 893,402,501 bytes
CRC32: 7CBEF7DF
MD5: 24A46B000B79520969508CF940D6D581
SHA-1: E22690C6E63ACF0D0BDF9588E8308C5C855A38BC

Windows 7 leaked – official believed-to-be-RTM:

Posted on by
Reply

I downloaded this ISO and can confirm its hashes match those of the official believed-to-be-RTM:

File Name: 7600.16384.090710-1945_x64fre_client_en-us_Retail_Ultimate-GRMCULXFRER_EN_DVD.iso CRC32: 1ee7dc6f MD5: e6ce9644d0c7a8e1c950d257a7b2c8a4 SHA1: 31849b315290efabfd81f967ed3c553d82925e4c

See:

http://windows7center.com/news/windows-7-rtm-finalized-at-build-7600-download-leaked/

Also, here are the properties of the setup.exe:

http://cid-0edc1d24b4a14025.skydrive.live.com/self.aspx/Public/Signed.png