Ditto...I refer to often as well :)
Troy L. Martin | Principal Consultant 1E | Empowering Efficient IT US Mobile: +1 (678) 898-6147 UK Phone : +44 208 326 9141 [email protected]<mailto:[email protected]> | www.1e.com<http://www.1e.com/> Facebook<http://www.facebook.com/1eglobal> | Twitter<https://twitter.com/1e_global/> | YouTube<http://www.youtube.com/1enews> | Blogs<http://blogs.1e.com/> | RSS<http://blogs.1e.com/index.php/feed/> Please consider the environment before printing this e-mail [Signature Banner v2] From: [email protected] [mailto:[email protected]] On Behalf Of Jason Sandys Sent: Thursday, May 8, 2014 12:56 PM To: [email protected] Subject: RE: [mssms] CCMEVALTASK issue I loved that session (saw it in person) and often link to it when folks try to lock down their systems. J ________________________________ From: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> on behalf of Troy Martin <[email protected]<mailto:[email protected]>> Sent: Thursday, May 8, 2014 11:40 AM To: [email protected]<mailto:[email protected]> Subject: RE: [mssms] CCMEVALTASK issue http://channel9.msdn.com/Events/TechEd/NorthAmerica/2011/SIM304 Description: ========= Security-conscious organizations often lock down their systems based on prescriptive guidance from Microsoft, US Federal government agencies or other security organizations. Sometimes these settings can lead to unpleasant surprises and unexpected side effects. This session describes and demonstrates some of the common issues that can arise, and whether and how those settings actually help or hurt. Is there benefit to not granting Administrators the "Debug" privilege? Does "Hide mechanisms to remove zone information" break anything? Is the "Require trusted path for credential entry" setting worth the inconvenience? Troy L. Martin | Principal Consultant 1E | Empowering Efficient IT US Mobile: +1 (678) 898-6147 UK Phone : +44 208 326 9141 [email protected]<mailto:[email protected]> | www.1e.com<http://www.1e.com/> Facebook<http://www.facebook.com/1eglobal> | Twitter<https://twitter.com/1e_global/> | YouTube<http://www.youtube.com/1enews> | Blogs<http://blogs.1e.com/> | RSS<http://blogs.1e.com/index.php/feed/> Please consider the environment before printing this e-mail [Signature Banner v2] From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Jason Sandys Sent: Thursday, May 8, 2014 8:37 AM To: [email protected]<mailto:[email protected]> Subject: RE: [mssms] CCMEVALTASK issue Technically, you should be able to edit the xml file and remove the check. although, the whole point of running ccmeval using task scheduler is so that the client agent or its dependencies can be checked and fixed --that can't happen when it's being run by the client agent itself so it doesn't really make sense to do it as an advert. For example, if WMI is broken on the client, how will the deployment ever run to fix it? Who's idea was it to disable the task scheduler? Let me guess, it was done in the name of "security"? Misguided are most security folks (quote from Yoda). J ________________________________ From: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> on behalf of Jason Wallace <[email protected]<mailto:[email protected]>> Sent: Thursday, May 8, 2014 4:40 AM To: [email protected]<mailto:[email protected]> Subject: [mssms] CCMEVALTASK issue Hi there folks I have an issue with CCMEVAL and CCMEVALTASK which I would appreciate some input on please. I have a number of Windows XP (yes, I know) systems. On these Task Scheduler is disabled. Of course this means that CCMEVAL is not going to run so we run it through an advertisement. When we do that however all of the XP systems report an error back to the console. Checking the clients it seems that CCMEVAL itself runs through the checks in its XML file and reports no significant issues but it's CCMEVALTASK which then kicks off and throws an error, masking any errors in the console. Yes, the obvious thing is to enable Task Scheduler but that cannot be done on the XP estate so I am wondering if we can somehow prevent the check on the Task Scheduler component? Thanks ________________________________ DISCLAIMER: This is a PRIVATE AND CONFIDENTIAL message for the ordinary user of this email address. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind 1E to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose.
