Sign in or Join FriendFeed
FriendFeed is the easiest way to share online. Learn more »

Ryan Steele › Comments

Ryan Steele
rgsteele on SCEP, how do you stop the Endpoint Protection client from removing specific AV products upon installation? - http://www.reddit.com/r...
"Ah, sorry, I misunderstood. As far as I know there is no way to select a single product to be excluded, it's all or nothing. In our environment we had a bunch of machines where Symantec was not being removed when SCEP was installed even though we had this option enabled so we ended up having to push out a package to run the uninstaller anyway." - Ryan Steele
Ryan Steele
rgsteele on Updating AMT Certificate? - http://www.reddit.com/r...
"Thanks, that was a great overview. Maybe it's time for me to take another look!" - Ryan Steele
Ryan Steele
rgsteele on Updating AMT Certificate? - http://www.reddit.com/r...
"Hopefully someone who has implemented AMT will chime in, but I'm not sure if either of them read this subreddit. Seriously though, AMT is something I've briefly looked into a couple times and it sounded like it could be a good fit for our organization but I've never had the time to go any further with it. I'd be interested to hear about your experience with it." - Ryan Steele
Ryan Steele
rgsteele on SCEP, how do you stop the Endpoint Protection client from removing specific AV products upon installation? - http://www.reddit.com/r...
"In the SCCM console, under Administration > Client Settings, open the applicable client settings item. Under Endpoint Protection, set "Automatically remove previously installed antimalware software before Endpoint Protection is installed" to No." - Ryan Steele
Ryan Steele
rgsteele on Evaluating SCCM: Will SCCM do what I'd like it to do? - http://www.reddit.com/r...
"> Is it possible for SCCM to do these checkins over the wan? Or do I need to get our DirectAccess functional again? In order for WAN clients to communicate with the server, there's a bunch of additional configuration that needs to be done, which you can read about [here](http://technet.microsoft.com/en-us...). Specifically, you need a server with a publicly-routable IP address and a corresponding public DNS entry for your clients to communicate with. I would assume that fixing DirectAccess is going to be quicker and easier then setting all that up, plus you can take advantage of all the other benefits that DirectAccess gives you. You should be aware that SCCM is a big product with a lot of moving parts and a steep learning curve. If you don't have time to fix your broken DirectAccess infrastructure, how can you have time to learn SCCM?" - Ryan Steele
Ryan Steele
rgsteele on How do you handle 100TB of data? - http://www.reddit.com/r...
"> - Enable indexing. It will take a long time to complete. Okay, here's something I've wondered about. When you go into enable indexing in Server 2012 R2, the wizard warns you that it is intended for small office scenarios only. A 100 TB file share wouldn't seem to qualify, but what's the alternative?" - Ryan Steele
Ryan Steele
rgsteele on Problems with OSD via boot media - http://www.reddit.com/r...
"This sounds like the image you used to create the boot media is different than the one associated with the task sequence, e.g. your boot media is using the x86 boot media and the task sequence is using the x64 boot media. Try re-creating your boot media using the same boot image the task sequence is expecting. Edit: One thing to be aware of is that the bitness of the boot image doesn't have to match the bitness of the OS you're deploying, i.e. you can use the x86 boot media to deploy an x64 OS no problem. To avoid this kind of issue, I recommend only using the x86 boot media unless you're deploying to a platform that doesn't support it for some reason." - Ryan Steele
Ryan Steele
rgsteele on Problems with OSD via boot media - http://www.reddit.com/r...
"As /u/1RedOne commented, you don't press F8 *before* WinPE boots, you press it *after* it boots. It should look like this: [Imgur](http://i.imgur.com/iMlowHh.jpg)" - Ryan Steele
Ryan Steele
rgsteele on Problems with OSD via boot media - http://www.reddit.com/r...
"You should be able to open the command prompt by pressing F8 as soon as Windows PE boots. Did you remember to recreate your bootable media after you enabled command support?" - Ryan Steele
Ryan Steele
rgsteele on Moronic Monday - March 31st, 2014 - http://www.reddit.com/r...
"You can follow the instructions [here](http://support.microsoft.com/kb...) to see what version and edition of SQL server you have installed. Just to clarify, are you setting up SCCM or SCVMM? They're two different products." - Ryan Steele
Ryan Steele
rgsteele on Server 2012 R2 not installing Endpoint - http://www.reddit.com/r...
"There were a few bugs in R2 (mostly relating to OS deployment) which were resolved with hotfixes. Those are included with the just-released [CU1](http://support.microsoft.com/kb...) along with a few other fixes. (Disclaimer: I haven't installed CU1 yet myself.) We've been running R2 for a few months now and haven't had any issues." - Ryan Steele
Ryan Steele
rgsteele on Anti-malware platform updates for SCEP will be released to Microsoft Update - http://www.reddit.com/r...
"Posted this just before I left for the day on Friday. Having had the weekend to mull it over, I'll say this seems like a great improvement. I suspect many don't install the platform updates because they don't find out about them, and publishing them through Microsoft Update will give them much more exposure. Being able to push them out the same way as other Microsoft updates also gives us a lot more control over distribution so we can do some testing before they go out to everybody." - Ryan Steele
Ryan Steele
rgsteele on Deploying Acrobat X/XI and removing Acrobat 9 - http://www.reddit.com/r...
"> When you run the setup.exe it'll use the normal install method for Acrobat, so what's happening is its launching and waiting for the expected user input during an normal install, but being SCCM its likely set to hidden so they're not seeing anything. This isn't quite right. When you run the Customization Wizard, it generates two files: the .mst, and a setup.ini file. The setup.ini file is read by setup.exe when it runs. As long as you've chosen the option in the CW for the install to run silently, this setting should be picked up by setup.exe. The option you can select in the CW to remove Adobe Reader is handled by setup.exe, so if you install using msiexec, that option will be ignored." - Ryan Steele
Ryan Steele
rgsteele on Server 2012 R2 not installing Endpoint - http://www.reddit.com/r...
"If you want to stay on 2012 RTM, at a minimum you need to install this KB to enable compatibility: http://support.microsoft.com/kb... And yes, this hotfix is included in CU3. But that hotfix has been superseded by this one (which requires CU3), so ideally, install CU3, then install this: http://support.microsoft.com/kb... Either way, you need to make sure that the update actually gets installed on the client, either by enabling Auto Client Update or otherwise. You should read this Technet blog post about that: http://blogs.technet.com/b... If I were you, though, I'd just upgrade to R2 (and install KB2907566)." - Ryan Steele
Ryan Steele
rgsteele on EMSKR: How to realize your walking the wrong direction and turn around without looking clueless. - http://www.reddit.com/r...
"Ha! I was going to post the "pretend you're counting your steps" method, and I knew I would be stealing it from something I'd read or watched, but had no idea where I'd seen it. Thanks for remembering, so I didn't have to." - Ryan Steele
Ryan Steele
rgsteele on Thickhead Thursday - March 27, 2014 - http://www.reddit.com/r...
"I think this is the GPO you're looking for: http://technet.microsoft.com/en-us..." - Ryan Steele
Ryan Steele
rgsteele on Laundry Service in Victoria? - http://www.reddit.com/r...
"When I lived in an apartment with no laundry, I used the drop-off service at [The Laundrolounge](http://www.laundrolounge.ca/index...) and was very happy with it. Note that the sign on the storefront says Maytag Laundry, not Laundrolounge." - Ryan Steele
Ryan Steele
rgsteele on Imaging problems when combining SCCM + OSD + UEFI + PXE - http://www.reddit.com/r...
"I'm not super familiar with all this stuff, but I think in order for the task sequence to reboot in WinPE, it has to install itself on the hard drive, which means it has to partition the hard drive, and if the machine was originally booted in legacy mode, it will have partitioned the drive using the old MBR partition scheme. At that point, you're essentially "locked in" to using the Legacy BIOS. You either have to get PXE boot with UEFI working, or deploy using boot media." - Ryan Steele
Ryan Steele
rgsteele on Imaging problems when combining SCCM + OSD + UEFI + PXE - http://www.reddit.com/r...
"Yes. From http://technet.microsoft.com/en-us...: > Some computers might support UEFI. However, they do not support a PXE-initiated boot when in UEFI mode. To provision these computers in UEFI mode, you must start them from boot media instead of using PXE. If the computer performs a PXE-initiated boot, Configuration Manager detects that the computer is in BIOS mode and therefore provisions the computer as such." - Ryan Steele
Ryan Steele
rgsteele on What's your favourite app that no one knows about? - http://www.reddit.com/r...
"Yup, this is one of my favourites too. You can also share your best recordings and vote on your favourites: http://www.sleeptalkrecorder.com/top" - Ryan Steele
Ryan Steele
rgsteele on Bye Bye Undersea Gardens - http://www.reddit.com/r...
"From [the story in the TC](http://www.timescolonist.com/news...): "Oak Bay Marine Group will work with Department of Fisheries and Oceans scientists and a veterinarian to release and relocate its collection."" - Ryan Steele
Ryan Steele
rgsteele on Software Updates Halting Computers - http://www.reddit.com/r...
"This kinda sounds like component store corruption. What happens if you try running the [System Update Readiness Tool](http://windows.microsoft.com/en-ca...) on one of the affected machines? If this fixes it, make sure you're pushing out KB947821, which will run this fix on any machine where it is detected as required. If you are already pushing out this update but it's not showing as required, you may need to run this update manually on the affected machines. Or, if you've got a bunch of them, you can package it as an application and push it out (run it with a command line like `wusa.exe Windows6.1-KB947821-v31-x64.msu /quiet`)." - Ryan Steele
Ryan Steele
rgsteele on SCCM 2012 Office Application question - http://www.reddit.com/r...
"Good question. If I had to guess, I'd say you would still have to deploy Office Standard to the Users collection. The client would detect that the app was already installed when the deployment was received, so nothing would happen until the superseding deployment was received, at which time the uninstall would run. You'll have to test that out though." - Ryan Steele
Ryan Steele
rgsteele on SCCM 2012 Office Application question - http://www.reddit.com/r...
">From the looks of it I can make ProPlus supersede the Standard version and force an uninstall before Pro installs. Yes, this should work as you expect. Just be aware of: >When the option to uninstall the superseded deployment type is selected, a deployment type cannot be superseded by a deployment type that was deployed to a different collection type. For example, a deployment type that was deployed to a device collection cannot be superseded by a deployment type that was deployed to a user collection if the option to uninstall the superseded deployment type is selected. [(source)](http://technet.microsoft.com/en-us...) So if you want to make Office Professional 2010 available through the Application Catalog (which requires deploying it as Available to a User collection), your Office Standard 2010 Application must also have been deployed to a User collection." - Ryan Steele
Ryan Steele
rgsteele on Another Adobe Flash zero-day in the wild - http://www.reddit.com/r...
"Sigh. I just spent an hour troubleshooting why the EXE installer wasn't updating the plugin, only to discover that despite having updated the version number on the download site, they were still serving the previous version. Way to be awesome, Adobe. Check the version number on the properties tab of the EXE before deploying, folks! EDIT: Should have clarified, I downloaded it again and the correct version is available now." - Ryan Steele
Ryan Steele
rgsteele on Another Adobe Flash zero-day in the wild - http://www.reddit.com/r...
"From [the writeup on FireEye's site](http://www.fireeye.com/blog...) the exploit is only targeting machines with * Windows XP * Windows 7 and Java 1.6, or * Windows 7 and an out-of-date version of Microsoft Office 2007 or 2010 so it's not as bad as it could be. Still, you'd best get patching..." - Ryan Steele
Ryan Steele
rgsteele on Thickheaded Thursday - February 20, 2014 - http://www.reddit.com/r...
"I can't speak to the bug you're seeing, but I did want to caution you that if "DefaultPassword" is supposed to be a secret, you should find another way to push it out. Group Policy is stored in the SYSVOL share which is accessible to anybody. [This article](http://www.grouppolicy.biz/2013...) talks about the risks of setting passwords with GPP." - Ryan Steele
Ryan Steele
rgsteele on Application Detection - http://www.reddit.com/r...
"See my comment to /u/kronicx. A 15 second pause will work unless msiexec takes longer than 15 seconds to install/uninstall your msi package for some reason. Much better to use "start /wait" to run msiexec." - Ryan Steele
Ryan Steele
rgsteele on Application Detection - http://www.reddit.com/r...
"If you must call msiexec from a batch file, always run it using "start /wait", e.g. start "" /wait msiexec /i "%~dp0setup.msi" /qn Otherwise, msiexec immediately returns control to the batch file while it is still executing in the background, meaning your script continues to run before the software installation has completed. (The "" in the command is to work around an issue with the Start command where, if the full command is in quotation marks, it will be interpreted as the "window title".) Putting a "sleep" command may work most of the time, but if execution of msiexec takes longer than expected for whatever reason, you'll run into problems. Also, if you don't use "start /wait", you won't get the return code from msiexec, and of course you're checking to make sure the install completed successfully before continuing on with your script, right? :) /u/JesterXL7 has the right idea with creating a package with multiple programs, and making the second program run the first one first. If..." - Ryan Steele
Ryan Steele
rgsteele on PXE boot problems with Dell Opti 9010s - http://www.reddit.com/r...
"Whenever I get the abortpxe.com, it's because the SCCM server doesn't think there is an advertisement available for the client. Were these machines on the network previously? I'm assuming you've deployed the task sequence to the "Unknown Computers" collection, in which case, make sure you don't have a computer object in SCCM corresponding to the machine you're trying to image." - Ryan Steele
Other ways to read this feed:Feed readerFacebook