Sign in or Join FriendFeed
FriendFeed is the easiest way to share online. Learn more »

Ryan Steele › Comments

Ryan Steele
rgsteele on About to move from stand alone WSUS to SUP; what to lookout for? - http://www.reddit.com/r...
"It's off... until the SCCM client robot comes and turns it on. Which is /u/8375456's point: if there's no GPO, the SCCM client will set the registry key." - Ryan Steele
Ryan Steele
rgsteele on About to move from stand alone WSUS to SUP; what to lookout for? - http://www.reddit.com/r...
">Many of these laptops spend most of their time out of the office and not connected to a VPN. SCCM is currently not yet setup for Internet Based Client Management and I don't have DirectAccess in place (yet). That being said, it's my understanding that most of these clients will end up downloading updates directly from MS rather than my DP's I don't think this will work the way you think it will. As long as the clients are out of the office, they won't be able to contact your management point. They won't get the software update deployment until the next time they are on the corporate network. Being able to download the updates from MS doesn't help you because the client won't go download the update until it is told to. That won't happen until it contacts the MP, and it can't do that unless it's on the corporate network." - Ryan Steele
Ryan Steele
rgsteele on Adobe Acrobat XI Professional installation - http://www.reddit.com/r...
"You have encountered a bug that occurs when Acrobat has been uninstalled and re-installed. Here's the relevant post on the Adobe forums with the fix: https://forums.adobe.com/thread..." - Ryan Steele
Ryan Steele
rgsteele on A specific Windows Update refuses to install automatically - http://www.reddit.com/r...
"I think maybe you need to set the [Turn on recommended updates via Automatic Updates](http://technet.microsoft.com/en-ca...) GPO to Enabled." - Ryan Steele
Ryan Steele
rgsteele on Are User Based Deployments based on Device Affinity or Top Console User? - http://www.reddit.com/r...
"I haven't actually used User Based Deployments yet, but I was curious about the answer to this, so I did a bit of digging and found this blog post, which explains it really well: http://gosc.nl/blog... TL;DR: It will install on all PCs the user logs into, unless you specify a Requirement in the Deployment Type of the Application that Primary Device equals True." - Ryan Steele
Ryan Steele
rgsteele on Thickheaded Thursday: 11-6-2014 - http://www.reddit.com/r...
"I'm not sure what you mean by the "awkward excuse me shuffle step", but if you're implying that having both ends of a network link set to auto-negotiate is a bad thing, nothing could be further from the truth. 99.9% of the time, both ends should be set to auto-negotiate. In the 0.01% of the time where there's some weird incompatibility between two pieces of gear and auto-negotiate isn't working, both ends should be set to the same manual setting, e.g. 100/Full. And you should NEVER have one end set to Auto and the other end set manually. This article does a good job of dispelling the myths about auto-negotiate: http://etherealmind.com/etherne..." - Ryan Steele
Ryan Steele
rgsteele on Thickheaded Thursday: 11-6-2014 - http://www.reddit.com/r...
"You could try using [Process Monitor](http://technet.microsoft.com/en-ca...) to see which process spawns the wscript.exe process. You'll need to use the "boot time logging" feature." - Ryan Steele
Ryan Steele
rgsteele on Task Sequences, Unknown Computers and Multiple Departments - http://www.reddit.com/r...
"> So if the computer name is set in that import, and the device is created in AD already you can do a completely touch free Task Sequence as SCCM will already know what to name the device and where it belongs? Yes, that is correct. I haven't used it myself, but there is a user-contributed PowerShell form available at https://gallery.technet.microsoft.com/Import-... which allows a user without the SCCM console to import the computer object." - Ryan Steele
Ryan Steele
rgsteele on Task Sequences, Unknown Computers and Multiple Departments - http://www.reddit.com/r...
"Yes, if you want to deploy to brand new computers without deploying to Unknown Computers, you will need to import the machines into SCCM. [Here's the relevant documentation in TechNet](http://technet.microsoft.com/en-us...). There are two ways to import your computer objects using the wizard: one by one or in batches using a CSV file. There's [a good step-by step guide at windows-noob](http://www.windows-noob.com/forums...) for using the batch method. Whichever method you choose, you will need to supply the desired computer name and either the MAC address or SMBIOS GUID for each machine you are importing. As for ensuring the computer object ends up in the right OU, you can actually pre-create the computer object in AD in the desired OU before initiating the deployment. When the task sequence hits the step to join the computer to the domain, it will use the computer object..." - Ryan Steele
Ryan Steele
rgsteele on Anyone able to successfully deploy Java 8u25? - http://www.reddit.com/r...
"Just out of curiosity, is there a reason you're using a vbscript to terminate Java-related processes instead of using the PSAppDeployToolkit's built-in functionality? i.e. something like `Show-InstallationWelcome -CloseApps "java,javaw,javaws,iexplore,firefox,chrome"` I've only just started exploring the toolkit and haven't yet tried deploying Java with it so I'm interested in hearing about your experiences." - Ryan Steele
Ryan Steele
rgsteele on OSD / Driver Package Selection - http://www.reddit.com/r...
"In the query you're running at the command line, you're selecting the "Name" column of the "CSProduct" table, but in the query in your task sequence, you're selecting the "Model" column of the "Win32_ComputerSystem" table. It's possible these are different values on your system. What's the result when you run this from the command prompt: `wmic computersystem get model` Also, it's not a big deal, but you're using a LIKE statement in your query when an = would serve just as well. You only need to use LIKE when you want to use a wildcard in your query (which, in SQL, is represented by the percent sign). For example, `SELECT * FROM Win32_ComputerSystem WHERE Model LIKE "Latitude%"` EDIT: What /u/abstractPotential said! :)" - Ryan Steele
Ryan Steele
rgsteele on How to find machines with/without a specific hotfix installed? - http://www.reddit.com/r...
"Glad to help!" - Ryan Steele
Ryan Steele
rgsteele on SCCM 2012 Client install failing - http://www.reddit.com/r...
">`ccmsetup 09/10/2014 9:58:08 AM 10224 (0x27F0) File 'C:\Windows\ccmsetup\Silverlight.exe' with hash '417B442E128D821119008ACEEEE6CDC2A41224377A829B6EC52BABA2724F0151' from manifest doesn't match with the file hash '37D9F8FCBD5499F1D3B9A053BD69D0B844BA9466BA0FCE7EB586B3E6B241E13D'` "Hmm, the client has Silverlight.exe, but it's not the bundle of bits I'm looking for. That's okay, I'll download it from the server!" >`ccmsetup 09/10/2014 9:58:08 AM 10224 (0x27F0) Deleted file C:\Windows\ccmsetup\Silverlight.exe` >`ccmsetup 09/10/2014 9:58:08 AM 10224 (0x27F0) Adding file 'http://FSESXSCC01.xxxxxxxxxx.local:80/SMS_DP_...' to BITS job, saving as 'C:\Windows\ccmsetup\Silverlight.exe'.` ... >`ccmsetup 09/10/2014 9:58:14 AM 10224 (0x27F0) Successfully downloaded client files via BITS. ` "All right, I've got all the files I need, now I'll install the client." >`ccmsetup 09/10/2014 9:58:14 AM 10224 (0x27F0) File 'C:\Windows\ccmsetup\Silverlight.exe' with hash..." - Ryan Steele
Ryan Steele
rgsteele on Moving from WSUS to SCCM for patching - http://www.reddit.com/r...
"[This TechNet blog post](http://blogs.technet.com/b...) is helpful for understanding how to manage updates. Typically, your deployment group will be named something like "Updates 2014-10-07" and will contain all the updates you're wanting to push out that day. You would deploy it to your "Dev" collection, then when you've confirmed nothing has broken, you'd manually deploy the group to your "Test" collection, and then your "Prod" collection. As for expired updates, you just do a search for expired updates, select all, right-click>Edit Membership, then uncheck all the boxes." - Ryan Steele
Ryan Steele
rgsteele on SCCM 2012 R2 + SQL Server 2008 R2 SP3 - http://www.reddit.com/r...
"Thanks for the clarification. I wondered why you would want to install a service pack which may not be supported but now I see that there is a security hotfix included in it. Guess that's something I should be looking into as well, so thanks for the heads up! Unfortunately I don't think anyone from Microsoft follows this subreddit, so getting an answer to this question may require picking up the phone, or perhaps posting in the TechNet forums." - Ryan Steele
Ryan Steele
rgsteele on BC criminal justice process for juveniles? - http://www.reddit.com/r...
"The [Dial-A-Law](http://www.cbabc.org/For-the...) site may be helpful." - Ryan Steele
Ryan Steele
rgsteele on SCCM 2012 R2 + SQL Server 2008 R2 SP3 - http://www.reddit.com/r...
"Are you hosting the database for SCCM on a shared SQL server? That's not recommended. In fact, [the license for System Center 2012 includes a license for SQL Server Standard](http://www.microsoft.com/licensi...) so there's really no reason not to put it on a separate server. I expect in most cases it's best to co-locate the database on the site server." - Ryan Steele
Ryan Steele
rgsteele on Ferrorfluid - The Magnetic Liquid - http://www.reddit.com/r...
"It's too late; the ferrorists have won." - Ryan Steele
Ryan Steele
rgsteele on I have a finance guy going to China for two and a half weeks to adopt another kid. He needs access to our systems back home to continue working- need some advice. - http://www.reddit.com/r...
"This is _absolutely_ something that a computer infected with malware could install on a USB device you brought into China (or anywhere, really)." - Ryan Steele
Ryan Steele
rgsteele on I have a finance guy going to China for two and a half weeks to adopt another kid. He needs access to our systems back home to continue working- need some advice. - http://www.reddit.com/r...
"[I take it you haven't heard about BadUSB yet?](http://www.wired.com/2014...) > The malware they created, called BadUSB, can be installed on a USB device to completely take over a PC, invisibly alter files installed from the memory stick, or even redirect the user’s internet traffic. Because BadUSB resides not in the flash memory storage of USB devices, but in the firmware that controls their basic functions, the attack code can remain hidden long after the contents of the device’s memory would appear to the average user to be deleted. And the two researchers say there’s no easy fix: The kind of compromise they’re demonstrating is nearly impossible to counter without banning the sharing of USB devices or filling your port with superglue." - Ryan Steele
Ryan Steele
rgsteele on Cannot client push over DirectAccess - possible boundary problem? - http://www.reddit.com/r...
"Are you limiting ISATAP Services to Manage Out Clients as documented [here](http://blogs.technet.com/b...)? If so, did you add the SCCM server to the DirectAccess Manage Out Clients security group? I'll second /u/roach8101 's recommendation to use the Software Update Point installation method. It works really well for DirectAccess clients." - Ryan Steele
Ryan Steele
rgsteele on How to find machines with/without a specific hotfix installed? - http://www.reddit.com/r...
"First of all, you may want to consider pushing out [KB2775511](http://support2.microsoft.com/kb...) instead, since it includes that hotfix as well as a boatload of other performance improvements. You can deploy that hotfix rollup by importing it into WSUS as explained in [this TechNet blog post](http://blogs.technet.com/b...). Now that being said, for hotfixes that are available as MSU files this technique won't work. The way I deploy these is with an Application. Your installation program will be something like wusa.exe "Windows6.1-KB2691043-x86.msu" /quiet /norestart And for your detection method, use the following PowerShell script: Get-HotFix | Where-Object {$_.HotfixID -eq 'KB2691043'} Note that you either have to set the "PowerShell Execution Policy" setting to "Bypass" under "Computer Agent" in your Client Settings (easy!) or sign your script and install the cert in the Trusted Roots certificate..." - Ryan Steele
Ryan Steele
rgsteele on SCCM 2007 installed, attempting in-place upgrade of SQL 2008 to R2 - http://www.reddit.com/r...
"Well, according to [this](http://technet.microsoft.com/en-ca...), upgrading from SQL Server 2008 to 2008 R2 _is_ supported, but you need to use the hierarchy maintenance tool to stop all CM services as documented [here](http://technet.microsoft.com/en-ca...). All that being said, I of course am required to suggest that your time might be better spent migrating to SCCM 2012 R2, seeing as 2007 is EOL, and 2012 is way better :)" - Ryan Steele
Ryan Steele
rgsteele on SCCM 2007 installed, attempting in-place upgrade of SQL 2008 to R2 - http://www.reddit.com/r...
"Out of curiosity, what are you hoping to accomplish by upgrading SQL Server?" - Ryan Steele
Ryan Steele
rgsteele on Cumulative Update 3 for SCCM 2012 R2 is out. - http://www.reddit.com/r...
"The official documentation pretty much covers it: http://technet.microsoft.com/en-us..." - Ryan Steele
Ryan Steele
rgsteele on Odd issue on a few machines trying to deploy an app - http://www.reddit.com/r...
"When you say the .net install is set to not do a reboot, I presume you mean you're running the installer with the /norestart switch? And I'm assuming you've made the ".net 4.5.2" Application a prerequisite of the "Autodesk DWG trueview 2105" application? I suspect what's happening is the .net installer is exiting with error code "1641", which means "Hard Reboot". In other words, the installer thinks the computer should be restarted before any other installations occur. If you have "Determine behavior based on return codes" selected on the User Experience tab of the Deployment Type, the SCCM client will reboot the computer immediately after an installation process returns this code. Compare with the behavior seen when an installer terminates with return code 3010 ("Soft Reboot"): in this case, the SCCM client will not perform the reboot until all the other installation tasks are performed. If you believe Autodesk will install successfully despite .net's "hard reboot" not having been..." - Ryan Steele
Ryan Steele
rgsteele on Problem Setting W7 Product Key - http://www.reddit.com/r...
"If you use a GPO, it will reset existing users' homepages. (Yes, you can use a GP Preference set to not re-apply, but it will still change everyone's home page once). By setting the home page in the unattend.xml, it only applies the setting to the default user profile, meaning that users logging in for the first time will get your selected homepage the first time they launch IE but are free to change their homepage to whatever they want after that." - Ryan Steele
Ryan Steele
rgsteele on MBAM non-TPM USB startup key conundrum - http://www.reddit.com/r...
"There is a "Deny write access to removable drives not protected by Bitlocker" group policy, would that address your data security concerns? I have never implemented Bitlocker with a USB unlock key or used this GPO, but I can't imagine that they would conflict." - Ryan Steele
Ryan Steele
rgsteele on Slimming Driver Packs - http://www.reddit.com/r...
"I don't think the scan takes that long, maybe a minute or two? In theory, if you had a driver package that contained only the exact drivers required by a specific machine, it would be slightly quicker to apply with Apply Driver Package. It is worth the effort required to streamline the driver package? I was curious about the exact differences between the two ways to apply drivers and found this informative article: http://blogs.catapultsystems.com/mlist... Driver packages are replicated just like any other content. And no, your task sequence does not have to be set to "download content locally" before applying. The "Auto Apply Drivers" step connects to the SCCM server directly to download only the required drivers. (I should point out that this means you cannot use auto apply with an "offline media" type of deployment.)" - Ryan Steele
Ryan Steele
rgsteele on Slimming Driver Packs - http://www.reddit.com/r...
"The first thing I do after I download the drivers for, say, Windows 7 64-bit is to do a search on the folder I've extracted them to for folders named "x86", "Win32", "32bit", "XP", "Win2k", etc. I don't know how HP fares here but it seems Lenovo is too lazy to actually go through their driver packs and remove anything that isn't actually needed for the OS/bitness the driver pack is intended for. I've been able to cut the size of my driver packs in half this way. (Watch out though—occasionally a driver in a folder named, say, "Vista" may actually be applicable to Windows 7 as well.) How are you applying the drivers in your TS: with the "Auto Apply Drivers" step, or "Apply Driver Package"? If you use "Auto Apply Drivers", only the needed drivers are downloaded, which will speed things up. The big caveat here if you're deploying multiple desktop OSes is that sometimes a driver claims to be the "best available" driver for, say, Windows 7, when in fact it is from a driver pack for Windows..." - Ryan Steele
Other ways to read this feed:Feed readerFacebook