Sign in or Join FriendFeed
FriendFeed is the easiest way to share online. Learn more »

Ryan Steele › Comments

Ryan Steele
rgsteele on I have a finance guy going to China for two and a half weeks to adopt another kid. He needs access to our systems back home to continue working- need some advice. - http://www.reddit.com/r...
"This is _absolutely_ something that a computer infected with malware could install on a USB device you brought into China (or anywhere, really)." - Ryan Steele
Ryan Steele
rgsteele on I have a finance guy going to China for two and a half weeks to adopt another kid. He needs access to our systems back home to continue working- need some advice. - http://www.reddit.com/r...
"[I take it you haven't heard about BadUSB yet?](http://www.wired.com/2014...) > The malware they created, called BadUSB, can be installed on a USB device to completely take over a PC, invisibly alter files installed from the memory stick, or even redirect the user’s internet traffic. Because BadUSB resides not in the flash memory storage of USB devices, but in the firmware that controls their basic functions, the attack code can remain hidden long after the contents of the device’s memory would appear to the average user to be deleted. And the two researchers say there’s no easy fix: The kind of compromise they’re demonstrating is nearly impossible to counter without banning the sharing of USB devices or filling your port with superglue." - Ryan Steele
Ryan Steele
rgsteele on Cannot client push over DirectAccess - possible boundary problem? - http://www.reddit.com/r...
"Are you limiting ISATAP Services to Manage Out Clients as documented [here](http://blogs.technet.com/b...)? If so, did you add the SCCM server to the DirectAccess Manage Out Clients security group? I'll second /u/roach8101 's recommendation to use the Software Update Point installation method. It works really well for DirectAccess clients." - Ryan Steele
Ryan Steele
rgsteele on How to find machines with/without a specific hotfix installed? - http://www.reddit.com/r...
"First of all, you may want to consider pushing out [KB2775511](http://support2.microsoft.com/kb...) instead, since it includes that hotfix as well as a boatload of other performance improvements. You can deploy that hotfix rollup by importing it into WSUS as explained in [this TechNet blog post](http://blogs.technet.com/b...). Now that being said, for hotfixes that are available as MSU files this technique won't work. The way I deploy these is with an Application. Your installation program will be something like wusa.exe "Windows6.1-KB2691043-x86.msu" /quiet /norestart And for your detection method, use the following PowerShell script: Get-HotFix | Where-Object {$_.HotfixID -eq 'KB2691043'} Note that you either have to set the "PowerShell Execution Policy" setting to "Bypass" under "Computer Agent" in your Client Settings (easy!) or sign your script and install the cert in the Trusted Roots certificate..." - Ryan Steele
Ryan Steele
rgsteele on SCCM 2007 installed, attempting in-place upgrade of SQL 2008 to R2 - http://www.reddit.com/r...
"Well, according to [this](http://technet.microsoft.com/en-ca...), upgrading from SQL Server 2008 to 2008 R2 _is_ supported, but you need to use the hierarchy maintenance tool to stop all CM services as documented [here](http://technet.microsoft.com/en-ca...). All that being said, I of course am required to suggest that your time might be better spent migrating to SCCM 2012 R2, seeing as 2007 is EOL, and 2012 is way better :)" - Ryan Steele
Ryan Steele
rgsteele on SCCM 2007 installed, attempting in-place upgrade of SQL 2008 to R2 - http://www.reddit.com/r...
"Out of curiosity, what are you hoping to accomplish by upgrading SQL Server?" - Ryan Steele
Ryan Steele
rgsteele on Cumulative Update 3 for SCCM 2012 R2 is out. - http://www.reddit.com/r...
"The official documentation pretty much covers it: http://technet.microsoft.com/en-us..." - Ryan Steele
Ryan Steele
rgsteele on Odd issue on a few machines trying to deploy an app - http://www.reddit.com/r...
"When you say the .net install is set to not do a reboot, I presume you mean you're running the installer with the /norestart switch? And I'm assuming you've made the ".net 4.5.2" Application a prerequisite of the "Autodesk DWG trueview 2105" application? I suspect what's happening is the .net installer is exiting with error code "1641", which means "Hard Reboot". In other words, the installer thinks the computer should be restarted before any other installations occur. If you have "Determine behavior based on return codes" selected on the User Experience tab of the Deployment Type, the SCCM client will reboot the computer immediately after an installation process returns this code. Compare with the behavior seen when an installer terminates with return code 3010 ("Soft Reboot"): in this case, the SCCM client will not perform the reboot until all the other installation tasks are performed. If you believe Autodesk will install successfully despite .net's "hard reboot" not having been..." - Ryan Steele
Ryan Steele
rgsteele on Problem Setting W7 Product Key - http://www.reddit.com/r...
"If you use a GPO, it will reset existing users' homepages. (Yes, you can use a GP Preference set to not re-apply, but it will still change everyone's home page once). By setting the home page in the unattend.xml, it only applies the setting to the default user profile, meaning that users logging in for the first time will get your selected homepage the first time they launch IE but are free to change their homepage to whatever they want after that." - Ryan Steele
Ryan Steele
rgsteele on MBAM non-TPM USB startup key conundrum - http://www.reddit.com/r...
"There is a "Deny write access to removable drives not protected by Bitlocker" group policy, would that address your data security concerns? I have never implemented Bitlocker with a USB unlock key or used this GPO, but I can't imagine that they would conflict." - Ryan Steele
Ryan Steele
rgsteele on Slimming Driver Packs - http://www.reddit.com/r...
"I don't think the scan takes that long, maybe a minute or two? In theory, if you had a driver package that contained only the exact drivers required by a specific machine, it would be slightly quicker to apply with Apply Driver Package. It is worth the effort required to streamline the driver package? I was curious about the exact differences between the two ways to apply drivers and found this informative article: http://blogs.catapultsystems.com/mlist... Driver packages are replicated just like any other content. And no, your task sequence does not have to be set to "download content locally" before applying. The "Auto Apply Drivers" step connects to the SCCM server directly to download only the required drivers. (I should point out that this means you cannot use auto apply with an "offline media" type of deployment.)" - Ryan Steele
Ryan Steele
rgsteele on Slimming Driver Packs - http://www.reddit.com/r...
"The first thing I do after I download the drivers for, say, Windows 7 64-bit is to do a search on the folder I've extracted them to for folders named "x86", "Win32", "32bit", "XP", "Win2k", etc. I don't know how HP fares here but it seems Lenovo is too lazy to actually go through their driver packs and remove anything that isn't actually needed for the OS/bitness the driver pack is intended for. I've been able to cut the size of my driver packs in half this way. (Watch out though—occasionally a driver in a folder named, say, "Vista" may actually be applicable to Windows 7 as well.) How are you applying the drivers in your TS: with the "Auto Apply Drivers" step, or "Apply Driver Package"? If you use "Auto Apply Drivers", only the needed drivers are downloaded, which will speed things up. The big caveat here if you're deploying multiple desktop OSes is that sometimes a driver claims to be the "best available" driver for, say, Windows 7, when in fact it is from a driver pack for Windows..." - Ryan Steele
Ryan Steele
rgsteele on Will you be blocking iOS8 downloads this coming Wed, Sept 17th for bandwidth reasons ? - http://www.reddit.com/r...
"Updates are signed, but not per-device." - Ryan Steele
Ryan Steele
rgsteele on Question on update group statistics - http://www.reddit.com/r...
"You may want to reconsider your update strategy. There isn't any reason to limit the deployment of an update to an application-specific collection like that, because if you deploy an update to a client that doesn't need it, it just gets skipped. You will likely find this arrangement becomes too complex to manage. The recommended approach is to build collections like Servers, Workstations, Workstation Pilot Group, etc. Then your SUG might be something like "Updates - Sept. 2014". Put all the updates you're deploying that month in the SUG and deploy it to your pilot groups, then deploy it to your main groups when you're satisfied there aren't any problems. Every few months, combine the previous months' groups into one single "Updates 2014" group and deploy it (to catch any systems that were offline for an extended period, or have just been imaged)." - Ryan Steele
Ryan Steele
rgsteele on Tips for a new SCCM 2007 Sys Admin - http://www.reddit.com/r...
"> I build a VM with our most current image, which is usually a few months old, and install Updates via Windows Updates. I then capture the new image using Capture Media. Just FYI, this isn't recommended--you should be starting with a fresh OS install each time you build a new image. This blog post explains why: http://blogs.technet.com/b..." - Ryan Steele
Ryan Steele
rgsteele on So I want to learn Norwegian.. - http://www.reddit.com/r...
"[These folks](http://eidsvoldsofn.com) may be able to point you in the right direction." - Ryan Steele
Ryan Steele
rgsteele on How to generate report of computer names, associated users, and serial numbers? - http://www.reddit.com/r...
"First, just a clarification: I didn't write the blog post or the SQL query. In fact, as I indicated in my post, I don't think this is a particularly good approach. That being said, yes, you will need to wait for the SCCM client to perform its hardware inventory before the information will appear in the SCCM database." - Ryan Steele
Ryan Steele
rgsteele on An Update for the System Center 2012 Configuration Manager Support Center is now available - http://www.reddit.com/r...
"If you haven't seen this tool yet, it's very handy for troubleshooting clients. You can either install and run it on an affected client, or install it on your own machine and connect to one remotely. You can initiate tasks like client policy retrieval and application deployment evaluation. It also lets you view log files, including opening a "log group", meaning events from multiple logs are displayed in a single list." - Ryan Steele
Ryan Steele
rgsteele on Best practice for removing a shortcut - http://www.reddit.com/r...
"Using a batch script isn't a terrible approach, but why not detect "installation" based on whether the shortcut exists? What's the point of creating a separate file?" - Ryan Steele
Ryan Steele
rgsteele on How to generate report of computer names, associated users, and serial numbers? - http://www.reddit.com/r...
"A Task Sequence is a set of instructions for the client to follow when a new operating system is being deployed to it. You don't want to perform these steps unless you need the warranty information to be collected during operating system deployment. Instead, you should create a Package that runs the script on the client." - Ryan Steele
Ryan Steele
rgsteele on How to generate report of computer names, associated users, and serial numbers? - http://www.reddit.com/r...
"I'm working on exactly the same project at our shop right now with our Lenovo desktops. You'll want to start by creating a custom report. If you're not familiar with that process, this is a useful article: http://sccmgeekdiary.wordpress.com/2012... I used this SQL query as the basis for my report: http://smsug.ca/blogs... You'll notice there are two different serial numbers returned in this report: the BIOS serial number and the System Enclosure serial number. In my experience, the BIOS serial number is the one you want (some of our Lenovo machines return a value of "NONE" for the System Enclosure serial number, but all seem to return the correct value for the BIOS serial number). You could customize this report to only return entries for Lenovo gear and output the exact "ModelID, Serial, Comments" CSV format the Lenovo batch upload site expects, but I just exported the..." - Ryan Steele
Ryan Steele
rgsteele on Deploying specific classifications of updates to specific device collections - http://www.reddit.com/r...
"It is not possible to install the driver and firmware updates for the Surface through SCCM Software Updates (or WSUS, for that matter). Microsoft's recommendation is to manually download the driver pack and push it out as a Package with a PowerShell script that installs the drivers. See page 15 of the Deployment Guide PDF available here: http://www.microsoft.com/en-us..." - Ryan Steele
Ryan Steele
rgsteele on Over the Air TV - http://www.reddit.com/r...
"You will likely get better reception in Brentwood Bay on Rogers/Fido. Only Rogers has a cell tower nearby: http://www.ertyu.org/steven_... As for plans, if you work for a larger company or a government agency you may be eligible for a corporate plan. You may want to check with your employer about that." - Ryan Steele
Ryan Steele
rgsteele on Best cheese plate? - http://www.reddit.com/r...
"Yes, Stage is still amazing. Since you're pregnant (congratulations!) I must of course caution you [not to eat any unpasteurized cheeses](http://www.webmd.com/baby...)." - Ryan Steele
Ryan Steele
rgsteele on Windows updates...any way to force a restart at a certain time after updates are applied? - http://www.reddit.com/r...
"Honestly? I'm not actually sure, I just kind of assumed. Would be a good idea to test it out." - Ryan Steele
Ryan Steele
rgsteele on Enforcing Local Admin(s) on a machine in big environments? - http://www.reddit.com/r...
"My first thought was that Compliance Settings might do what you want. I Googled "sccm compliance local admin" and happily, the first hit looks like it does exactly what you need: http://myitforum.com/myitfor... You would need to ensure the user you want to give local admin to is set as the "primary user" on the machine." - Ryan Steele
Ryan Steele
rgsteele on Windows updates...any way to force a restart at a certain time after updates are applied? - http://www.reddit.com/r...
"Kinda sorta? I think? You can set the maintenance window for your devices to begin at the time you would like the devices to restart. Then you would deploy your software update groups with the deadline set to the time you would like the updates installed. On the "User Experience tab, put a check next to "Software updates installation" under "Allow the following activities to be performed outside the maintenance window". As long as the machine is powered on, the updates will install at the deadline you set in the software updates deployment, but they won't reboot until the maintenance window is reached. A couple caveats: Obviously, if a machine is turned off when the deadline is reached, the update installation will occur at whatever time the machine is powered back on. The other caveat is that if a user is logged in when the deadline is reached, a notification will be displayed for the duration specified in the "Computer Restart" setting of the applicable Client Settings for the..." - Ryan Steele
Ryan Steele
rgsteele on Need to be able to reuse laptops for imaging hard drives - http://www.reddit.com/r...
"You are aware that DirectAccess is supported on Windows 7 as well, right? /u/demogorgo has the right answer for this one. Deploy the task sequence as "available" to a collection the machines are in. When they PXE boot they will need to quickly press F12 when "Press F12 for network service boot" is displayed on the screen. Then they can proceed with imaging." - Ryan Steele
Ryan Steele
rgsteele on Superceedence and Retiring applications - http://www.reddit.com/r...
"Ah, you're deploying apps to user collections. That's something we've never actually done in our environment -- we only ever deploy applications to device collections. I'll have to make a note that that's an issue we could run into if we ever decide to go that route. Thanks!" - Ryan Steele
Ryan Steele
rgsteele on Superceedence and Retiring applications - http://www.reddit.com/r...
"That hasn't been my experience. I've found a superseding application will only install on a client if it is deployed to a collection the client is a member of. (Otherwise, a whole bunch of machines in our environment would have had Adobe Reader replaced by Adobe Acrobat!)" - Ryan Steele
Other ways to read this feed:Feed readerFacebook