Essentials – Access Director

Posted on February 13, 2014 by Thomas.Marcussen

Allowing a known user to elevate specific applications or tasks on demand

http://www.youtube.com/watch?v=-ZrL_rbqYlI

In the video we are logged on a workstation with the TestUser
TestUser is not member of the Local Administrators group
TestUser is member of the custom created local group Access Director

When requesting local administrators access using the tray icon, it will verify that we are a know user that is a member of the local group Access Director. If we are member of the local group we will be elevated for a predefined number of minutes (2 minutes in the example)

When elevated, we can click on any application and RunAs Administrator – we will as always be prompted for our logged on credentials, but this time the application is running with local administration privileges.

When the timer hits 2 minutes, our administration privileges are expired.

This will make it possible ONLY to elevated, when needed and not having to load the full profile with administrative privileges

The tray icon does not require additional rights to run
A local system service will handle all requests
All options are configurable through gpo and/or registry

Read more about latest additions at https://basic-bytes.com

Supported AV clients for SCEP to automatically uninstall

Posted on October 21, 2013 by Thomas.Marcussen

Endpoint Protection uninstalls the following antimalware software only:

Symantec AntiVirus Corporate Edition version 10
Symantec Endpoint Protection version 11
Symantec Endpoint Protection Small Business Edition version 12
McAfee VirusScan Enterprise version 8
Trend Micro OfficeScan
Microsoft Forefront Codename Stirling Beta 2
Microsoft Forefront Codename Stirling Beta 3
Microsoft Forefront Client Security v1
Microsoft Security Essentials v1
Microsoft Security Essentials 2010
Microsoft Forefront Endpoint Protection 2010
Microsoft Security Center Online v1

Download Windows Driver Kit for WIndows 8.1

Posted on September 9, 2013 by Thomas.Marcussen

The Windows Driver Kit (WDK) includes the tools and documentation you need to develop drivers. Windows Driver Kit (WDK) 8.1 is integrated into Microsoft Visual Studio 2012 (Professional, Premium, and Ultimate) to provide you with a complete set of tools to develop, build, package, test, and debug drivers.

Direct Download Link: http://go.microsoft.com/fwlink/?LinkID=317353

Windows 8.1 RTM app samples

Posted on September 9, 2013 by Thomas.Marcussen

This sample pack includes all the app code examples developed and updated for Windows 8.1 RTM. These samples should only be used with the released version of Windows 8.1 and Visual Studio 2013 RC. The sample pack provides a convenient way to download all the samples at once. The samples in this sample pack are available in C#, C++, and JavaScript

Direct download link: http://go.microsoft.com/fwlink/?LinkId=322042

Windows 8.1 and Windows Server 2012 R2 RTM released on TechNet and MSDN

Posted on September 9, 2013 by Thomas.Marcussen

Following criticism from TechNet and MSDN subscribers, Microsoft has announced plans to release the Core and Pro RTM builds for Windows 8.1 and Windows Server 2012 R2 to users of those services. Additionally, the release candidate build for Visual Studio 2013 will be provided to TechNet and MSDN subscribers.

Serialized Editing of Data Objects in ConfigMgr2012 (SEDO)

Posted on July 8, 2013 by Thomas.Marcussen

A few facts about SEDO

30 minute timeout for the lock – so if I am not active the lock goes away after 30 minutes.
Another admin want to edit the object, in this case a task sequence I can press “Retry Edit” and if the first admin have been inactive more than five minutes then control is transferred to the Admin requesting to edit it. But in difference to SCCM 2007, there will not be conflict as I as the first admin cannot save the changes I make so there are no conflicts created.
Admin UI crash can cause Locks

When the UI crashes and causes locks, you can easily unlock or locate the Locks

run sql mangement studio against your DB

Show locks: select * from SEDO_LockState where LockStateID <> 0

Delete locks: delete from SEDO_LockState where id=’PLACE ID FROM ABOVE HERE’

After installing IE10, sysprep fail with error: SYSPRP LaunchDll:Could not load DLL C:WindowsSysWOW64iesysprep.dll[gle=0x000000c1]

Posted on July 3, 2013 by Thomas.Marcussen

This took me quite some time to figure out.

When running a build and capture task sequece from ConfigMgr, it won’t give any errors

Even after the image is captured and ready for re-deployment, the error appears when trying to run Setup Windows and Configmgr from a deployment task sequence. It would just break/stop right in the middel of that process, leaving your with pretty mush a useless deployment

Solution:

Set permission for group Administrators ( Full Control ) to

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionSetupSysprepCleanup

Value Name

{EC9FE15D-99DD-4FB9-90D5-5B56E42A0F80}

Value Data

C:WindowsSysWOW64iesysprep.dll,Sysprep_Cleanup_IE

replace with

C:WindowsSystem32iesysprep.dll,Sysprep_Cleanup_IE

Set permission for group Administrators ( Full Control ) to

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionSetupSysprepGeneralize

Value Name

{EC9FE15D-99DD-4FB9-90D5-CE53C91AB9A1}

Value Data

C:WindowsSysWOW64iesysprep.dll,Sysprep_Generalize_IE

replace with

C:WindowsSystem32iesysprep.dll,Sysprep_Cleanup_IE

Set permission for group Administrators ( Full Control ) to

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionSetupSysprepSpecialize

Value Name

{EC9FE15D-99DD-4FB9-90D5-676C338DC1DA}

Value Data

C:WindowsSysWOW64iesysprep.dll,Sysprep_Cleanup_IE

replace with

C:WindowsSystem32iesysprep.dll,Sysprep_Cleanup_IE

setting this from a batch file:

IEhotfix.cmd:

regini -m \%computername% iesysprep.dll.txt reg add HKLMSOFTWAREMicrosoftWindowsCurrentVersionSetupSysprepCleanup /v {EC9FE15D-99DD-4FB9-90D5-5B56E42A0F80} /t REG_SZ /d “C:WindowsSystem32iesysprep.dll,Sysprep_Cleanup_IE” /f reg add HKLMSOFTWAREMicrosoftWindowsCurrentVersionSetupSysprepGeneralize /v {EC9FE15D-99DD-4FB9-90D5-CE53C91AB9A1} /t REG_SZ /d “C:WindowsSystem32iesysprep.dll,Sysprep_Cleanup_IE” /f reg add HKLMSOFTWAREMicrosoftWindowsCurrentVersionSetupSysprepSpecialize /v {EC9FE15D-99DD-4FB9-90D5-676C338DC1DA} /t REG_SZ /d “C:WindowsSystem32iesysprep.dll,Sysprep_Cleanup_IE” /f

iesysprep.dll.txt

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionSetupSysprepCleanup [1] HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionSetupSysprepGeneralize [1] HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionSetupSysprepSpecialize [1]

File cannot be loaded because the execution of scripts is disabled on this system

Posted on May 17, 2013 by Thomas.Marcussen

Error when trying to execute powershell script

cannot be loaded because the execution of scripts is disabled on this system

The machine was a x64 bit Windows Server 2012 so had to set the Powershell policy for BOTH x86 and x64 to solve my problem

command: Set-ExecutionPolicy Unrestricted
The x86 version can be found here: %windir%SysWOW64WindowsPowerShellv1.0

About Execution Policies: http://technet.microsoft.com/da-DK/library/hh847748.aspx
Using the Set-ExecutionPolicy Cmdlet: http://technet.microsoft.com/en-us/library/ee176961.aspx