MSiX – Remote machine conversions

The MSiX Packaging Tool (1.2019.226.0) Preview now has the ability to connect to a remote machine, where you can run the conversion.
This is great news, and solves the normal issue with contamination on “non-sanitised” machines.

I have always preferred to do my packaging and re-packaging on Hyper-V Virtual Machines
This gives a total control and clean enviroment, with easy ability to get back to a controlled point of reference, using checkpoints.

Getting started with remote machine conversions? Fear not! It is quite simple to get started.

– PowerShell remoting must be enabled for secure access to the remote machine.
– You must be logged on with administrative privileges on the machine.

To enable PowersShell remoting on the machine, run the following command in an elevated PowerShell prompt: Enable-PSRemoting -Force -SkipNetworkProfileCheck

If network/firewall restrictions are in place, remember to allow inbound traffic on port 1599 (MSiX Packaging Tool default port, it can be changed with the settings tab)

If you are connecting using a non-domain joined machine, you must use a certificate to connect over https.
To enable PowerShell remoting and allowing WinRM over https run the following commands in an elevated PowerShell prompt

Enable-PSRemoting -Force -SkipNetworkProfileCheck

New-NetFirewallRule -Name "Allow WinRM HTTPS" -DisplayName "WinRM HTTPS" -Enabled True -Profile Any -Action Allow -Direction Inbound -LocalPort 5986 -Protocol TCP

To generate a self-signed certificate, configure WinRM secure configuration and export the certificate, you can run this script: (or download: GenerateSelfsignedWinRMHTTPS (2 downloads) )

$thumbprint = (New-SelfSignedCertificate -DnsName $env:COMPUTERNAME -CertStoreLocation Cert:\LocalMachine\My -KeyExportPolicy NonExportable).Thumbprint
$command = "winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname=""$env:computername"";CertificateThumbprint=""$thumbprint""}"
cmd.exe /C $command
Export-Certificate -Cert Cert:\LocalMachine\My\$thumbprint -FilePath <path_to_cer_file>

On your locale Machine, copy the exported certificate and install it into the Trusted Root Store.
It can be imported with the following command: Import-Certificate -FilePath <path> -CertStoreLocation Cert:\LocalMachine\Root





Smart Card device integration into Windows 10

All the joys of Windows 10….. now on 1709

Last week after upgrading Windows 10, I came a cross this nice new integration for Smart Cards. (tokens)

 

 

 

 

 

 

 

Windows 10 new has support for eTokens (SafeNet Tokens)
I was very pleased with this update, it will save me yet another application to install.
I’ve been using the SafeNet Application from Gemalto and it has served me well for several years. So time for a changes, the integrated Smart Card application in Windows 10 works perfect for me.

I am using the following it with:

and my tokens? I ALWAYS use digicert for codesigning certificates:)

ps. A new version of Access Director Enterprise is on its way, signed and released to web.

Stay tuned!

Remove dependency for msvcr120.dll/msvcp120.dll in release versions

I know that there are some questions about, how to include msvcr120.dll/msvcp120.dll into your project.

If you want to drop that dependency. If you compile the program in release version, in Visual Studio 2013/2015 and do not depend on any VS-specific commands (#pragma etc.) or precompiled headers etc.

If you want to compile it to one single release .exe and provide it to user WITHOUT demanding enduser to install VC++ Redistributes for VS

You can statically link the runtime to your project by setting the /MT flag. You can find this option in Visual Studio 2013/2015 under Project > [ProjectName] Properties… > Configuration Properties > C/C++ > Code Generation > Runtime Library. Make sure to only set it for the Release configuration.

 

Using a 3.Party IM Client with Office 365 or Lync?

Of course!

I’ve been using Pidgin for ages…

In Pidgin I’m able to run the following protocols

  • -XMPP (facebook)
  • Office Communicator (for Lync and O365)
  • Skype
  • Skype for Business
  • ICQ
  • ….. and lots more.. see the full list at Pidgin Thirdparty plugins

You should try it, if you like me prefer to keep your conversation history’s together and sorted.

One thing i’ve noticed, for some reason Office 365 (Lync or now Skype for Business) requires me to use a specific user agent(!) so….having problems getting it to work? Maybe you see:

Connection refused with error message
“You are currently not using the recommended version of the client”
“You have been rejected by the server: https://portal.microsoftonline.com/download/lync.aspx”

Cry no more!

Here is a list of user agents and versions you can emulate, and it works great! Just modify your connection profile, under advanced, type one of the following user agent values..

Version / Product User Agent values (as seen in the wild)
Lync 2013 and Office 365 UCCAPI/15.0.4481.1000 OC/15.0.4481.1000 (Microsoft Lync)
UCCAPI/15.0.4420.1017 OC/15.0.4420.1017 (Microsoft Lync)
Lync 2010 and Office 365 UCCAPI/4.0.7577.314 OC/4.0.7577.314 (Microsoft Lync 2010)
UCCAPI/4.0.7577.256 OC/4.0.7577.280 (Microsoft Lync 2010)
Office Communicator 2007 R2 UCCAPI/3.5.6907.206 OC/3.5.6907.206 (Microsoft Office Communicator 2007 R2)
UCCAPI/3.5.6907.0 OC/3.5.6907.0 (Microsoft Office Communicator 2007 R2)
Office Communicator 2007 UCCP/2.0.6362.111 OC/2.0.6362.111 (Microsoft Office Communicator)
UCCP/2.0.6362.97 OC/2.0.6362.97 (Microsoft Office Communicator)
Office Communicator 2005 LCC/1.3.5371 (Microsoft Office Communicator 2005 1.0.559.0)
LCC/1.3.5371 (Microsoft Office Communicator 2005 1.0.559.232)

Access Director 3.0 Released

The future of Windows is coming on July 29

To make your next Windows experience even better – We have just released the next version of Access Director.                                                                                               Using Access Director you will be able to secure your desktop, simple and easy!

– Run your desktop in a non-elevated user context
– Elevate only needed applications with a single click
– Elevate in your current user-context without affecting other unsecured applications like IE or Office

What’s in Access Director 3.0 ?

– Updates to support the next Windows experience (10)
– Support for integration modules
– Minor bug fixes

Get it from the Download Center

Direct Download Link

EasyBoot USB 1.1 has been released

Simpel, but very helpful tool to create Windows Boot or To-Go USB sticks

Download Link

It’s that simple, EasyBoot USB with 4 easy steps and you are ready to go.

  1. Insert USB stick
  2. Choose between the following types
    1. UEFI
    2. BIOS
    3. Windows To Go
  3. Browse to your ISO file
  4. Click Start

EasyBoot USB

The tool is pretty much self-explanatory

Do not hesitate to ping me with bugs, feature requests or ideas for new tools 🙂

 

 

 

Access Director 2.4.0.2 released!

It’s been some time since our last update, but here we go again

Access Director has been updated and released

This is a major upgrade, all previous versions should be uninstalled prior to installing the new versions

Short list of changes

  • Its now possbile to use localized balloon notification (or your own)
  • Language default is en-us
    • valid values are auto, or specific lananuge files e.g. de-de.lng (must reside in existing languages folder)
  • Localized menu options (remember du save lng files as unicode)
  • Registry modifications now resides in HKLMSoftwareNoLightPeopleAccess Director
  • as per request the MSI, and application itself is now signed
  • Removed the need for any registry keys needed for the service to start (will run with default values if no other is present
  • Updated Policy Prefences template included in zip file

Direct Download Link: http://tinyurl.com/mtc4pzo

let me know of bugs and feature requests 🙂 @MarcussenThomas

 

 

Advanced Installer

For many years I’ve been working with Wise Package Studio, the best tool ever for application repackaging projects. Since Wise Package Studio is End of life – announced in December 2011. Now seemed like a good time to find a new tool, Flexera Admin Studio seemed like the obvious choice, but is rather expensive (still a great tool)

In some cases Orca (http://www.technipages.com/download-orca-msi-editor) would get the job done, but still would take a long time

I remembered coming across Advanced Installer at TechEd NA, so decide to have a look at the tool

There is a free trial from the website and also a free version: http://www.advancedinstaller.com/download.html

Advanced Installer comes in multiple versions, I choose to test the Architect version, mainly because it had the following features highlighted

  • Repacker
  • App-V
  • SCCM
  • MSI Quick-Edit

My test of the product was a great success !

Today I will recommend this product to my customers looking to repackage or edit MSI’s, it has a nice and intuitive interface, much like Wise Package Studio had 😉

Have a look at some of the videos from Advanced Installer on YouTube: https://www.youtube.com/channel/UCIPx2SPC1K7_DoPdVeFHoNg

 

 

Essentials – Access Director

Allowing a known user to elevate specific applications or tasks on demand

http://www.youtube.com/watch?v=-ZrL_rbqYlI

In the video we are logged on a workstation with the TestUser
TestUser is not member of the Local Administrators group
TestUser is member of the custom created local group Access Director

When requesting local administrators access using the tray icon, it will verify that we are a know user that is a member of the local group Access Director. If we are member of the local group we will be elevated for a predefined number of minutes (2 minutes in the example)

When elevated, we can click on any application and RunAs Administrator – we will as always be prompted for our logged on credentials, but this time the application is running with local administration privileges.

When the timer hits 2 minutes, our administration privileges are expired.

This will make it possible ONLY to elevated, when needed and not having to load the full profile with administrative privileges

The tray icon does not require additional rights to run
A local system service will handle all requests
All options are configurable through gpo and/or registry

Read more about latest additions at https://basic-bytes.com