Re: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

2018-01-09 Thread Meluso, Anthony 
Need to test that next. But servicing threw no errors.


Take care,

Anthony Meluso
Network and Computer System Administrator
Passaic Valley Regional High School
100 East Main St.
Little Falls, NJ 07424
973-890-2500 x2501
http://www.pvhs.k12.nj.us

On Tue, Jan 9, 2018 at 1:59 PM, Aaron Czechowski <
aaron.czechow...@microsoft.com> wrote:

> Good question, not a scenario we’ve tested yet.
>
> Does the image apply ok with the patch showing as installed?
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Meluso, Anthony
> *Sent:* Tuesday, 9 January, 2018 10:22
> *To:* mssms@lists.myitforum.com
> *Subject:* Re: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?
>
>
>
> Me too when applying it to 1709.
>
>
>
> Take care,
>
> Anthony Meluso
> Network and Computer System Administrator
> Passaic Valley Regional High School
> 100 East Main St.
> Little Falls, NJ 07424
> 973-890-2500 x2501 <(973)%20890-2500>
> http://www.pvhs.k12.nj.us
> <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.pvhs.k12.nj.us=02%7C01%7Caaron.czechowski%40microsoft.com%7Cb6568b861fa04c0248a108d5578ec2b4%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636511193046468345=8JTnUTdcs%2FMVMuyGqG8Iynit7SJgI7DYpwwvH9JsUzY%3D=0>
>
>
>
> On Tue, Jan 9, 2018 at 1:13 PM, Brian Illner <brian.ill...@canal-ins.com>
> wrote:
>
> No errors in the offlineservicing log when I applied that update to a
> vanilla 1607 wim from the MS source media.
>
>
>
>
>
>
>
> *BRIAN* *ILLNER |* Canal Insurance Company
> 864.250.9227 <(864)%20250-9227>
> 864.679.2537 <(864)%20679-2537> Fax
>
>
>
>
> Visit canalinsurance.com
> <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcanalinsurance.com=02%7C01%7Caaron.czechowski%40microsoft.com%7Cb6568b861fa04c0248a108d5578ec2b4%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636511193046468345=40pDAvC2qaPeat2Po19bQcq2dSjWIzRb3uymj1JxCKg%3D=0>
>  for
> news and information.
>
>
>
> <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fcanal-insurance-company=02%7C01%7Caaron.czechowski%40microsoft.com%7Cb6568b861fa04c0248a108d5578ec2b4%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636511193046468345=D%2FiPieZWKWB%2FvbKDnvK%2FtRGPFMFPydcobxJ11%2Fr%2B7nk%3D=0>
>
> *WARNING*:  *As the information in this transmittal (including
> attachments, if any) may contain confidential, proprietary, or business
> trade secret information, it should only be reviewed by those who are the
> intended recipients.  Unless you are an intended recipient, any review,
> use, disclosure, distribution or copying of this transmittal (or any
> attachments) is strictly prohibited.   If you have received this
> transmittal in error, please notify me immediately by reply email and
> destroy all copies of the transmittal.  While Canal believes this
> transmittal to be free of virus or other defect, it is the responsibility
> of the recipient to ensure that it is virus free and no responsibility is
> accepted by Canal (or its subsidiaries and affiliates) for any loss or
> damage arising therefrom.*
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Adam Juelich
> *Sent:* Tuesday, January 9, 2018 10:42 AM
>
>
> *To:* mssms@lists.myitforum.com
> *Subject:* Re: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?
>
>
>
> This is a good question, Brian.
>
>
>
> Let us know how it goes.
>
>
>
> On Tue, Jan 9, 2018 at 8:11 AM, Brian Illner <brian.ill...@canal-ins.com>
> wrote:
>
> Thanks Rod
>
>
>
> This is outside of any AV considerations. We install our AV during an OSD
> task sequence instead of including it on the reference images.
>
>
>
> I’m trying to find out if MS has (temporarily?) broken a basic feature of
> CM and MDT without manual administrator intervention because of this.
>
>
>
> Going to fire up the test environment shortly to see what happens there.
>
>
>
> *BRIAN* *ILLNER |* Canal Insurance Company
> 864.250.9227 <(864)%20250-9227>
> 864.679.2537 <(864)%20679-2537> Fax
>
>
>
>
> Visit canalinsurance.com
> <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcanalinsurance.com=02%7C01%7Caaron.czechowski%40microsoft.com%7Cb6568b861fa04c0248a108d5578ec2b4%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636511193046468345=40pDAvC2qaPeat2Po19bQcq2dSjWIzRb3uymj1JxCKg%3D=0>
>  for
> news and information.
>
>
>
> <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fcanal-insurance-company=

RE: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

2018-01-09 Thread Aaron Czechowski 
Good question, not a scenario we’ve tested yet.
Does the image apply ok with the patch showing as installed?

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Meluso, Anthony
Sent: Tuesday, 9 January, 2018 10:22
To: mssms@lists.myitforum.com
Subject: Re: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

Me too when applying it to 1709.


Take care,

Anthony Meluso
Network and Computer System Administrator
Passaic Valley Regional High School
100 East Main St.
Little Falls, NJ 07424
973-890-2500 x2501
http://www.pvhs.k12.nj.us<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.pvhs.k12.nj.us=02%7C01%7Caaron.czechowski%40microsoft.com%7Cb6568b861fa04c0248a108d5578ec2b4%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636511193046468345=8JTnUTdcs%2FMVMuyGqG8Iynit7SJgI7DYpwwvH9JsUzY%3D=0>

On Tue, Jan 9, 2018 at 1:13 PM, Brian Illner 
<brian.ill...@canal-ins.com<mailto:brian.ill...@canal-ins.com>> wrote:
No errors in the offlineservicing log when I applied that update to a vanilla 
1607 wim from the MS source media.


[cid:image003.png@01D38938.E278FC70]

BRIAN ILLNER | Canal Insurance Company
864.250.9227<tel:(864)%20250-9227>
864.679.2537<tel:(864)%20679-2537> Fax

[cid:image004.jpg@01D38938.E278FC70]

Visit 
canalinsurance.com<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcanalinsurance.com=02%7C01%7Caaron.czechowski%40microsoft.com%7Cb6568b861fa04c0248a108d5578ec2b4%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636511193046468345=40pDAvC2qaPeat2Po19bQcq2dSjWIzRb3uymj1JxCKg%3D=0>
 for news and information.

[cid:image005.jpg@01D38938.E278FC70]<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fcanal-insurance-company=02%7C01%7Caaron.czechowski%40microsoft.com%7Cb6568b861fa04c0248a108d5578ec2b4%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636511193046468345=D%2FiPieZWKWB%2FvbKDnvK%2FtRGPFMFPydcobxJ11%2Fr%2B7nk%3D=0>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Adam Juelich
Sent: Tuesday, January 9, 2018 10:42 AM

To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: Re: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

This is a good question, Brian.

Let us know how it goes.

On Tue, Jan 9, 2018 at 8:11 AM, Brian Illner 
<brian.ill...@canal-ins.com<mailto:brian.ill...@canal-ins.com>> wrote:
Thanks Rod

This is outside of any AV considerations. We install our AV during an OSD task 
sequence instead of including it on the reference images.

I’m trying to find out if MS has (temporarily?) broken a basic feature of CM 
and MDT without manual administrator intervention because of this.

Going to fire up the test environment shortly to see what happens there.

BRIAN ILLNER | Canal Insurance Company
864.250.9227<tel:(864)%20250-9227>
864.679.2537<tel:(864)%20679-2537> Fax

[cid:image004.jpg@01D38938.E278FC70]

Visit 
canalinsurance.com<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcanalinsurance.com=02%7C01%7Caaron.czechowski%40microsoft.com%7Cb6568b861fa04c0248a108d5578ec2b4%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636511193046468345=40pDAvC2qaPeat2Po19bQcq2dSjWIzRb3uymj1JxCKg%3D=0>
 for news and information.

[cid:image005.jpg@01D38938.E278FC70]<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fcanal-insurance-company=02%7C01%7Caaron.czechowski%40microsoft.com%7Cb6568b861fa04c0248a108d5578ec2b4%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636511193046468345=D%2FiPieZWKWB%2FvbKDnvK%2FtRGPFMFPydcobxJ11%2Fr%2B7nk%3D=0>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited

Re: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

2018-01-09 Thread Meluso, Anthony 
Me too when applying it to 1709.


Take care,

Anthony Meluso
Network and Computer System Administrator
Passaic Valley Regional High School
100 East Main St.
Little Falls, NJ 07424
973-890-2500 x2501
http://www.pvhs.k12.nj.us

On Tue, Jan 9, 2018 at 1:13 PM, Brian Illner <brian.ill...@canal-ins.com>
wrote:

> No errors in the offlineservicing log when I applied that update to a
> vanilla 1607 wim from the MS source media.
>
>
>
>
>
>
>
> *BRIAN* *ILLNER |* Canal Insurance Company
> 864.250.9227 <(864)%20250-9227>
> 864.679.2537 <(864)%20679-2537> Fax
>
>
>
>
> Visit canalinsurance.com for news and information.
>
>
> <https://www.linkedin.com/company/canal-insurance-company>
>
> *WARNING*:  *As the information in this transmittal (including
> attachments, if any) may contain confidential, proprietary, or business
> trade secret information, it should only be reviewed by those who are the
> intended recipients.  Unless you are an intended recipient, any review,
> use, disclosure, distribution or copying of this transmittal (or any
> attachments) is strictly prohibited.   If you have received this
> transmittal in error, please notify me immediately by reply email and
> destroy all copies of the transmittal.  While Canal believes this
> transmittal to be free of virus or other defect, it is the responsibility
> of the recipient to ensure that it is virus free and no responsibility is
> accepted by Canal (or its subsidiaries and affiliates) for any loss or
> damage arising therefrom.*
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Adam Juelich
> *Sent:* Tuesday, January 9, 2018 10:42 AM
>
> *To:* mssms@lists.myitforum.com
> *Subject:* Re: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?
>
>
>
> This is a good question, Brian.
>
>
>
> Let us know how it goes.
>
>
>
> On Tue, Jan 9, 2018 at 8:11 AM, Brian Illner <brian.ill...@canal-ins.com>
> wrote:
>
> Thanks Rod
>
>
>
> This is outside of any AV considerations. We install our AV during an OSD
> task sequence instead of including it on the reference images.
>
>
>
> I’m trying to find out if MS has (temporarily?) broken a basic feature of
> CM and MDT without manual administrator intervention because of this.
>
>
>
> Going to fire up the test environment shortly to see what happens there.
>
>
>
> *BRIAN* *ILLNER |* Canal Insurance Company
> 864.250.9227 <(864)%20250-9227>
> 864.679.2537 <(864)%20679-2537> Fax
>
>
>
>
> Visit canalinsurance.com for news and information.
>
>
> <https://www.linkedin.com/company/canal-insurance-company>
>
> *WARNING*:  *As the information in this transmittal (including
> attachments, if any) may contain confidential, proprietary, or business
> trade secret information, it should only be reviewed by those who are the
> intended recipients.  Unless you are an intended recipient, any review,
> use, disclosure, distribution or copying of this transmittal (or any
> attachments) is strictly prohibited.   If you have received this
> transmittal in error, please notify me immediately by reply email and
> destroy all copies of the transmittal.  While Canal believes this
> transmittal to be free of virus or other defect, it is the responsibility
> of the recipient to ensure that it is virus free and no responsibility is
> accepted by Canal (or its subsidiaries and affiliates) for any loss or
> damage arising therefrom.*
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Rod Trent
> *Sent:* Tuesday, January 9, 2018 8:23 AM
> *To:* mssms@lists.myitforum.com
> *Subject:* RE: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?
>
>
>
> Setting that registry works in some situations – but not all.
>
>
>
> There’s a master list of supported AV software:
>
>
>
> http://myitforum.com/myitforumwp/2018/01/09/the-master-list-of-antivirus-
> compatibility-with-microsofts-meltdownspectre-patches/
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com <listsad...@lists.myitforum.com>] *On Behalf Of *Brian
> Illner
> *Sent:* Tuesday, January 9, 2018 8:13 AM
> *To:* mssms@lists.myitforum.com
> *Subject:* RE: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?
>
>
>
> Aaron – If setting that registry key is now mandatory for the time being
> for the security updates to install, how does that affect OS offline
> updates servicing in MDT and CM? Broken I assume without manually editing
> the WIM first for the key?
>
>
>
> https://support.microsoft.c

RE: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

2018-01-09 Thread Brian Illner 
No errors in the offlineservicing log when I applied that update to a vanilla 
1607 wim from the MS source media.


[cid:image003.png@01D3894B.92D1C590]

BRIAN ILLNER | Canal Insurance Company
864.250.9227
864.679.2537 Fax

[cid:image001.jpg@01D3894B.92DA7820]

Visit canalinsurance.com<http://canalinsurance.com> for news and information.

[cid:image002.jpg@01D3894B.92DA7820]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Adam Juelich
Sent: Tuesday, January 9, 2018 10:42 AM
To: mssms@lists.myitforum.com
Subject: Re: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

This is a good question, Brian.

Let us know how it goes.

On Tue, Jan 9, 2018 at 8:11 AM, Brian Illner 
<brian.ill...@canal-ins.com<mailto:brian.ill...@canal-ins.com>> wrote:
Thanks Rod

This is outside of any AV considerations. We install our AV during an OSD task 
sequence instead of including it on the reference images.

I’m trying to find out if MS has (temporarily?) broken a basic feature of CM 
and MDT without manual administrator intervention because of this.

Going to fire up the test environment shortly to see what happens there.

BRIAN ILLNER | Canal Insurance Company
864.250.9227<tel:(864)%20250-9227>
864.679.2537<tel:(864)%20679-2537> Fax

[cid:image001.jpg@01D3894B.92DA7820]

Visit canalinsurance.com<http://canalinsurance.com> for news and information.

[cid:image002.jpg@01D3894B.92DA7820]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Rod Trent
Sent: Tuesday, January 9, 2018 8:23 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: RE: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

Setting that registry works in some situations – but not all.

There’s a master list of supported AV software:

http://myitforum.com/myitforumwp/2018/01/09/the-master-list-of-antivirus-compatibility-with-microsofts-meltdownspectre-patches/<http://myitforum.com/myitforumwp/2018/01/09/the-master-list-of-antivirus-compatibility-with-microsofts-meltdownspectre-patches/>

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Brian Illner
Sent: Tuesday, January 9, 2018 8:13 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: RE: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

Aaron – If setting that registry key is now mandatory for the time being for 
the security updates to install, how does that affect OS offline updates 
servicing in MDT and CM? Broken I assume without manually editing the WIM first 
for the key?

https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software<https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software>



BRIAN ILLNER | Canal Insurance Company
864.250.9227<tel:(864)%20250-9227>
864.679.2537<tel:(864)%20679-2537> Fax

[cid:image001.jpg@01D3894B.92DA7820]

Visit canalinsurance.com<http://canalinsurance.com> for

Re: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

2018-01-09 Thread Adam Juelich 
This is a good question, Brian.

Let us know how it goes.

On Tue, Jan 9, 2018 at 8:11 AM, Brian Illner <brian.ill...@canal-ins.com>
wrote:

> Thanks Rod
>
>
>
> This is outside of any AV considerations. We install our AV during an OSD
> task sequence instead of including it on the reference images.
>
>
>
> I’m trying to find out if MS has (temporarily?) broken a basic feature of
> CM and MDT without manual administrator intervention because of this.
>
>
>
> Going to fire up the test environment shortly to see what happens there.
>
>
>
> *BRIAN* *ILLNER |* Canal Insurance Company
> 864.250.9227 <(864)%20250-9227>
> 864.679.2537 <(864)%20679-2537> Fax
>
>
>
>
> Visit canalinsurance.com for news and information.
>
>
> <https://www.linkedin.com/company/canal-insurance-company>
>
> *WARNING*:  *As the information in this transmittal (including
> attachments, if any) may contain confidential, proprietary, or business
> trade secret information, it should only be reviewed by those who are the
> intended recipients.  Unless you are an intended recipient, any review,
> use, disclosure, distribution or copying of this transmittal (or any
> attachments) is strictly prohibited.   If you have received this
> transmittal in error, please notify me immediately by reply email and
> destroy all copies of the transmittal.  While Canal believes this
> transmittal to be free of virus or other defect, it is the responsibility
> of the recipient to ensure that it is virus free and no responsibility is
> accepted by Canal (or its subsidiaries and affiliates) for any loss or
> damage arising therefrom.*
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Rod Trent
> *Sent:* Tuesday, January 9, 2018 8:23 AM
> *To:* mssms@lists.myitforum.com
> *Subject:* RE: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?
>
>
>
> Setting that registry works in some situations – but not all.
>
>
>
> There’s a master list of supported AV software:
>
>
>
> http://myitforum.com/myitforumwp/2018/01/09/the-master-list-of-antivirus-
> compatibility-with-microsofts-meltdownspectre-patches/
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com <listsad...@lists.myitforum.com>] *On Behalf Of *Brian
> Illner
> *Sent:* Tuesday, January 9, 2018 8:13 AM
> *To:* mssms@lists.myitforum.com
> *Subject:* RE: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?
>
>
>
> Aaron – If setting that registry key is now mandatory for the time being
> for the security updates to install, how does that affect OS offline
> updates servicing in MDT and CM? Broken I assume without manually editing
> the WIM first for the key?
>
>
>
> https://support.microsoft.com/en-us/help/4072699/january-3-
> 2018-windows-security-updates-and-antivirus-software
>
>
>
>
>
>
>
> *BRIAN* *ILLNER |* Canal Insurance Company
> 864.250.9227 <(864)%20250-9227>
> 864.679.2537 <(864)%20679-2537> Fax
>
>
>
>
> Visit canalinsurance.com for news and information.
>
>
> <https://www.linkedin.com/company/canal-insurance-company>
>
> *WARNING*:  *As the information in this transmittal (including
> attachments, if any) may contain confidential, proprietary, or business
> trade secret information, it should only be reviewed by those who are the
> intended recipients.  Unless you are an intended recipient, any review,
> use, disclosure, distribution or copying of this transmittal (or any
> attachments) is strictly prohibited.   If you have received this
> transmittal in error, please notify me immediately by reply email and
> destroy all copies of the transmittal.  While Canal believes this
> transmittal to be free of virus or other defect, it is the responsibility
> of the recipient to ensure that it is virus free and no responsibility is
> accepted by Canal (or its subsidiaries and affiliates) for any loss or
> damage arising therefrom.*
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com <listsad...@lists.myitforum.com>] *On Behalf Of *Aaron
> Czechowski
> *Sent:* Monday, January 8, 2018 8:40 PM
> *To:* mssms@lists.myitforum.com
> *Subject:* RE: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?
>
>
>
> We just published a blog post with a piece on SQL (in Config Manager
> infrastructure section): https://blogs.technet.microsoft.com/
> configurationmgr/2018/01/08/additional-guidance-to-mitigate-speculative-
> execution-side-channel-vulnerabilities/
>
>
>
> Let me know if you have any further questions/comments.
>
>

RE: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

2018-01-09 Thread Brian Illner 
Thanks Rod

This is outside of any AV considerations. We install our AV during an OSD task 
sequence instead of including it on the reference images.

I’m trying to find out if MS has (temporarily?) broken a basic feature of CM 
and MDT without manual administrator intervention because of this.

Going to fire up the test environment shortly to see what happens there.

BRIAN ILLNER | Canal Insurance Company
864.250.9227
864.679.2537 Fax

[cid:image001.jpg@01D38929.C7F3E270]

Visit canalinsurance.com<http://canalinsurance.com> for news and information.

[cid:image002.jpg@01D38929.C7F3E270]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Rod Trent
Sent: Tuesday, January 9, 2018 8:23 AM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

Setting that registry works in some situations – but not all.

There’s a master list of supported AV software:

http://myitforum.com/myitforumwp/2018/01/09/the-master-list-of-antivirus-compatibility-with-microsofts-meltdownspectre-patches/<http://myitforum.com/myitforumwp/2018/01/09/the-master-list-of-antivirus-compatibility-with-microsofts-meltdownspectre-patches/>

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Brian Illner
Sent: Tuesday, January 9, 2018 8:13 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: RE: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

Aaron – If setting that registry key is now mandatory for the time being for 
the security updates to install, how does that affect OS offline updates 
servicing in MDT and CM? Broken I assume without manually editing the WIM first 
for the key?

https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software<https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software>



BRIAN ILLNER | Canal Insurance Company
864.250.9227
864.679.2537 Fax

[cid:image001.jpg@01D38929.C7F3E270]

Visit canalinsurance.com<http://canalinsurance.com> for news and information.

[cid:image002.jpg@01D38929.C7F3E270]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Aaron Czechowski
Sent: Monday, January 8, 2018 8:40 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: RE: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

We just published a blog post with a piece on SQL (in Config Manager 
infrastructure section): 
https://blogs.technet.microsoft.com/configurationmgr/2018/01/08/additional-guidance-to-mitigate-speculative-execution-side-channel-vulnerabilities/<https://blogs.technet.microsoft.com/configurationmgr/2018/01/08/additional-guidance-to-mitigate-speculative-execution-side-channel-vulnerabilities/>

Let me know if you have any further questions/comments.

Aaron


From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Sherry Kissinger
Sent: Monday, 8 January, 2018 11:52
To: mssms@lists

RE: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

2018-01-09 Thread Rod Trent 
Setting that registry works in some situations – but not all.

 

There’s a master list of supported AV software:

 

http://myitforum.com/myitforumwp/2018/01/09/the-master-list-of-antivirus-compatibility-with-microsofts-meltdownspectre-patches/
 

 

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Brian Illner
Sent: Tuesday, January 9, 2018 8:13 AM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

 

Aaron – If setting that registry key is now mandatory for the time being for 
the security updates to install, how does that affect OS offline updates 
servicing in MDT and CM? Broken I assume without manually editing the WIM first 
for the key?

 

https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software

 

 

 

BRIAN ILLNER | Canal Insurance Company
864.250.9227
864.679.2537 Fax


 

Visit canalinsurance.com <http://canalinsurance.com>  for news and information.


 <https://www.linkedin.com/company/canal-insurance-company> 

WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Aaron Czechowski
Sent: Monday, January 8, 2018 8:40 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

 

We just published a blog post with a piece on SQL (in Config Manager 
infrastructure section): 
https://blogs.technet.microsoft.com/configurationmgr/2018/01/08/additional-guidance-to-mitigate-speculative-execution-side-channel-vulnerabilities/

 

Let me know if you have any further questions/comments. 

 

Aaron

 

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Sherry Kissinger
Sent: Monday, 8 January, 2018 11:52
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: Re: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

 

Have you read through this yet:  
https://support.microsoft.com/en-us/help/4073225/guidance-for-sql-server 
<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F4073225%2Fguidance-for-sql-server=02%7C01%7Caaron.czechowski%40microsoft.com%7C068f54ea2032472e831b08d556d2286e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636510383014781575=DTXKrzyNfoaNdIUhdBwRX5CYT%2BwDHVL5ME5639aRCU4%3D=0>
   ?

Keeping in mind that's the SQL recommendation, and there isn't (as far as I 
know), specific guidance from the ConfigMgr team regarding the SQL instances 
used for ConfigMgr.

 

My (probably incorrect) take on it...It doesn't matter WHAT version of SQL 16 
you have.  the first SQL 16 version which addresses the vulnerability is CU7 
for SP1.  So if you are at SQL 16 SP1 No CU, you would want to apply CU7--if 
your scenario fits one of the scenarios outlined in the guidance, AND you don't 
care about what the ConfigMgr team has-yet-to-publish for guidance so that you 
do not break your ConfigMgr SQL instance from working correctly.  If you are 
still using SQL 16 no SP, you'd update to SP1, and apply CU7.  That's my likely 
INCORRECT interpretation.  But that's why I'm just waiting for more info, and 
not trying to guess anything.

 

I personally plan on just "wait for more info" regarding ConfigMgr SQL 
information, from the ConfigMgr Team.

 

On Mon, Jan 8, 2018 at 12:39 PM, Brian Illner <brian.ill...@canal-ins.com 
<mailto:brian.ill...@canal-ins.com> > wrote:

Could someone explain the SQL updates please?

 

There’s SQL 2016 SP1 CU7 and SQL 2016 SP1 GDR

 

I get that we download the Security Update for CU7 if we have that particular 
cumulative update installed, but what if its CU4 or CU5?

 

Do we use the GDR update? Or is that only for SQL 2016 SP1 that have had NO CU 
applied at all?

 

BRIAN ILLNER | Canal Insurance Company
864.250.9227 <tel:(864)%20250-9227> 
864.679.2537 <tel:(864)%20679-2537>  Fax


Error! Filename not specified. 

Visit canalinsurance.com 
<htt

RE: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

2018-01-09 Thread Brian Illner 
Aaron – If setting that registry key is now mandatory for the time being for 
the security updates to install, how does that affect OS offline updates 
servicing in MDT and CM? Broken I assume without manually editing the WIM first 
for the key?

https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software



BRIAN ILLNER | Canal Insurance Company
864.250.9227
864.679.2537 Fax

[cid:image001.jpg@01D38921.9BA4C7F0]

Visit canalinsurance.com<http://canalinsurance.com> for news and information.

[cid:image002.jpg@01D38921.9BA4C7F0]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Aaron Czechowski
Sent: Monday, January 8, 2018 8:40 PM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

We just published a blog post with a piece on SQL (in Config Manager 
infrastructure section): 
https://blogs.technet.microsoft.com/configurationmgr/2018/01/08/additional-guidance-to-mitigate-speculative-execution-side-channel-vulnerabilities/<https://blogs.technet.microsoft.com/configurationmgr/2018/01/08/additional-guidance-to-mitigate-speculative-execution-side-channel-vulnerabilities/>

Let me know if you have any further questions/comments.

Aaron


From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Sherry Kissinger
Sent: Monday, 8 January, 2018 11:52
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: Re: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

Have you read through this yet:  
https://support.microsoft.com/en-us/help/4073225/guidance-for-sql-server<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F4073225%2Fguidance-for-sql-server=02%7C01%7Caaron.czechowski%40microsoft.com%7C068f54ea2032472e831b08d556d2286e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636510383014781575=DTXKrzyNfoaNdIUhdBwRX5CYT%2BwDHVL5ME5639aRCU4%3D=0>
  ?
Keeping in mind that's the SQL recommendation, and there isn't (as far as I 
know), specific guidance from the ConfigMgr team regarding the SQL instances 
used for ConfigMgr.

My (probably incorrect) take on it...It doesn't matter WHAT version of SQL 16 
you have.  the first SQL 16 version which addresses the vulnerability is CU7 
for SP1.  So if you are at SQL 16 SP1 No CU, you would want to apply CU7--if 
your scenario fits one of the scenarios outlined in the guidance, AND you don't 
care about what the ConfigMgr team has-yet-to-publish for guidance so that you 
do not break your ConfigMgr SQL instance from working correctly.  If you are 
still using SQL 16 no SP, you'd update to SP1, and apply CU7.  That's my likely 
INCORRECT interpretation.  But that's why I'm just waiting for more info, and 
not trying to guess anything.

I personally plan on just "wait for more info" regarding ConfigMgr SQL 
information, from the ConfigMgr Team.

On Mon, Jan 8, 2018 at 12:39 PM, Brian Illner 
<brian.ill...@canal-ins.com<mailto:brian.ill...@canal-ins.com>> wrote:
Could someone explain the SQL updates please?

There’s SQL 2016 SP1 CU7 and SQL 2016 SP1 GDR

I get that we download the Security Update for CU7 if we have that particular 
cumulative update installed, but what if its CU4 or CU5?

Do we use the GDR update? Or is that only for SQL 2016 SP1 that have had NO CU 
applied at all?

BRIAN ILLNER | Canal Insurance Company
864.250.9227<tel:(864)%20250-9227>
864.679.2537<tel:(864)%20679-2537> Fax

Error! Filename not specified.

Visit 
canalinsurance.com<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcanalinsurance.com=02%7C01%7Caaron.czechowski%40microsoft.com%7C068f54ea2032472e831b08d556d2286e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636510383014781575=wI5JflSNZ%2BxEX9NqpO8L0oRgXWm6YWdsU2wehw2cMxA%3D=0>
 for news and information.

Error! Filename not 
specified.<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com

RE: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

2018-01-08 Thread Aaron Czechowski 
We just published a blog post with a piece on SQL (in Config Manager 
infrastructure section): 
https://blogs.technet.microsoft.com/configurationmgr/2018/01/08/additional-guidance-to-mitigate-speculative-execution-side-channel-vulnerabilities/

Let me know if you have any further questions/comments.

Aaron


From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Sherry Kissinger
Sent: Monday, 8 January, 2018 11:52
To: mssms@lists.myitforum.com
Subject: Re: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

Have you read through this yet:  
https://support.microsoft.com/en-us/help/4073225/guidance-for-sql-server<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F4073225%2Fguidance-for-sql-server=02%7C01%7Caaron.czechowski%40microsoft.com%7C068f54ea2032472e831b08d556d2286e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636510383014781575=DTXKrzyNfoaNdIUhdBwRX5CYT%2BwDHVL5ME5639aRCU4%3D=0>
  ?
Keeping in mind that's the SQL recommendation, and there isn't (as far as I 
know), specific guidance from the ConfigMgr team regarding the SQL instances 
used for ConfigMgr.

My (probably incorrect) take on it...It doesn't matter WHAT version of SQL 16 
you have.  the first SQL 16 version which addresses the vulnerability is CU7 
for SP1.  So if you are at SQL 16 SP1 No CU, you would want to apply CU7--if 
your scenario fits one of the scenarios outlined in the guidance, AND you don't 
care about what the ConfigMgr team has-yet-to-publish for guidance so that you 
do not break your ConfigMgr SQL instance from working correctly.  If you are 
still using SQL 16 no SP, you'd update to SP1, and apply CU7.  That's my likely 
INCORRECT interpretation.  But that's why I'm just waiting for more info, and 
not trying to guess anything.

I personally plan on just "wait for more info" regarding ConfigMgr SQL 
information, from the ConfigMgr Team.

On Mon, Jan 8, 2018 at 12:39 PM, Brian Illner 
<brian.ill...@canal-ins.com<mailto:brian.ill...@canal-ins.com>> wrote:
Could someone explain the SQL updates please?

There’s SQL 2016 SP1 CU7 and SQL 2016 SP1 GDR

I get that we download the Security Update for CU7 if we have that particular 
cumulative update installed, but what if its CU4 or CU5?

Do we use the GDR update? Or is that only for SQL 2016 SP1 that have had NO CU 
applied at all?

BRIAN ILLNER | Canal Insurance Company
864.250.9227<tel:(864)%20250-9227>
864.679.2537<tel:(864)%20679-2537> Fax

Error! Filename not specified.

Visit 
canalinsurance.com<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcanalinsurance.com=02%7C01%7Caaron.czechowski%40microsoft.com%7C068f54ea2032472e831b08d556d2286e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636510383014781575=wI5JflSNZ%2BxEX9NqpO8L0oRgXWm6YWdsU2wehw2cMxA%3D=0>
 for news and information.

Error! Filename not 
specified.<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fcanal-insurance-company=02%7C01%7Caaron.czechowski%40microsoft.com%7C068f54ea2032472e831b08d556d2286e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636510383014781575=HyGDLs9ozqKHJETcomBo0Insu6yH83Af3AZkyXt05gc%3D=0>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Sherry Kissinger
Sent: Monday, January 8, 2018 10:46 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: Re: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

Based on how I 'interpreted' that tweet, it was specific regarding the SQL 
patch.  In my case, the one I would care about is SQL 16 SP1, the CU7 
(Cumulative Update 7).  ConfigMgr requires "CLR" to be enabled in order to 
function.  Additionally, the majority of environments except for a super small 
ones where they might only have ONE server with all roles--almost everyone has 
at least a MP, DP, or SUP role server elsewhere.  Depending on the 
configuration of those other servers, they likely leverage a SQL 'thing' calle

Re: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

2018-01-08 Thread Sherry Kissinger 
Have you read through this yet:
https://support.microsoft.com/en-us/help/4073225/guidance-for-sql-server  ?
Keeping in mind that's the SQL recommendation, and there isn't (as far as I
know), specific guidance from the ConfigMgr team regarding the SQL
instances used for ConfigMgr.

My (probably incorrect) take on it...It doesn't matter WHAT version of SQL
16 you have.  the first SQL 16 version which addresses the vulnerability is
CU7 for SP1.  So if you are at SQL 16 SP1 No CU, you would want to apply
CU7--if your scenario fits one of the scenarios outlined in the guidance,
AND you don't care about what the ConfigMgr team has-yet-to-publish for
guidance so that you do not break your ConfigMgr SQL instance from working
correctly.  If you are still using SQL 16 no SP, you'd update to SP1, and
apply CU7.  That's my likely INCORRECT interpretation.  But that's why I'm
just waiting for more info, and not trying to guess anything.

I personally plan on just "wait for more info" regarding ConfigMgr SQL
information, from the ConfigMgr Team.

On Mon, Jan 8, 2018 at 12:39 PM, Brian Illner <brian.ill...@canal-ins.com>
wrote:

> Could someone explain the SQL updates please?
>
>
>
> There’s SQL 2016 SP1 CU7 and SQL 2016 SP1 GDR
>
>
>
> I get that we download the Security Update for CU7 if we have that
> particular cumulative update installed, but what if its CU4 or CU5?
>
>
>
> Do we use the GDR update? Or is that only for SQL 2016 SP1 that have had
> NO CU applied at all?
>
>
>
> *BRIAN* *ILLNER |* Canal Insurance Company
> 864.250.9227 <(864)%20250-9227>
> 864.679.2537 <(864)%20679-2537> Fax
>
>
>
>
> Visit canalinsurance.com for news and information.
>
>
> <https://www.linkedin.com/company/canal-insurance-company>
>
> *WARNING*:  *As the information in this transmittal (including
> attachments, if any) may contain confidential, proprietary, or business
> trade secret information, it should only be reviewed by those who are the
> intended recipients.  Unless you are an intended recipient, any review,
> use, disclosure, distribution or copying of this transmittal (or any
> attachments) is strictly prohibited.   If you have received this
> transmittal in error, please notify me immediately by reply email and
> destroy all copies of the transmittal.  While Canal believes this
> transmittal to be free of virus or other defect, it is the responsibility
> of the recipient to ensure that it is virus free and no responsibility is
> accepted by Canal (or its subsidiaries and affiliates) for any loss or
> damage arising therefrom.*
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Sherry Kissinger
> *Sent:* Monday, January 8, 2018 10:46 AM
> *To:* mssms@lists.myitforum.com
> *Subject:* Re: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?
>
>
>
> Based on how I 'interpreted' that tweet, it was specific regarding the SQL
> patch.  In my case, the one I would care about is SQL 16 SP1, the CU7
> (Cumulative Update 7).  ConfigMgr requires "CLR" to be enabled in order to
> function.  Additionally, the majority of environments except for a super
> small ones where they might only have ONE server with all roles--almost
> everyone has at least a MP, DP, or SUP role server elsewhere.  Depending on
> the configuration of those other servers, they likely leverage a SQL
> 'thing' called Linked Servers.  CU7 also modifies Linked server
> configuration.
>
>
>
> So just wait on deploying CU7 until further information is available.  If
> you haven't yet gone to SQL 16 SP1 CU6, my understanding is that version is
> supported/acceptable to SCCM--but it obviously doesn't address the
> Spectre/Meltdown stuff.
>
>
>
> On Mon, Jan 8, 2018 at 8:25 AM, John Aubrey <jaub...@norwoodmedical.com>
> wrote:
>
> I *THINK*, there is a SQL patch as well as the Window patches.  I applied
> the Windows patch had SCCM is still working.  I think the SQL patch is the
> one that causes issues.
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Mike Murray
> *Sent:* Friday, January 5, 2018 7:16 PM
> *To:* mssms@lists.myitforum.com
> *Subject:* [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?
>
>
>
> Could someone expand on this?
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com <listsad...@lists.myitforum.com>] *On Behalf Of *Richard
> Poole
> *Sent:* Friday, January 5, 2018 12:59 PM
> *To:* mssms@lists.myitforum.com
> *Subject:* [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?
>
>
>
>
>
> Thank you,
>
> Richard Poole
>

RE: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

2018-01-08 Thread Mike Murray 
Thanks, Sherry!

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Sherry Kissinger
Sent: Monday, January 8, 2018 7:46 AM
To: mssms@lists.myitforum.com
Subject: Re: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

Based on how I 'interpreted' that tweet, it was specific regarding the SQL 
patch.  In my case, the one I would care about is SQL 16 SP1, the CU7 
(Cumulative Update 7).  ConfigMgr requires "CLR" to be enabled in order to 
function.  Additionally, the majority of environments except for a super small 
ones where they might only have ONE server with all roles--almost everyone has 
at least a MP, DP, or SUP role server elsewhere.  Depending on the 
configuration of those other servers, they likely leverage a SQL 'thing' called 
Linked Servers.  CU7 also modifies Linked server configuration.

So just wait on deploying CU7 until further information is available.  If you 
haven't yet gone to SQL 16 SP1 CU6, my understanding is that version is 
supported/acceptable to SCCM--but it obviously doesn't address the 
Spectre/Meltdown stuff.

On Mon, Jan 8, 2018 at 8:25 AM, John Aubrey 
<jaub...@norwoodmedical.com<mailto:jaub...@norwoodmedical.com>> wrote:
I THINK, there is a SQL patch as well as the Window patches.  I applied the 
Windows patch had SCCM is still working.  I think the SQL patch is the one that 
causes issues.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Mike Murray
Sent: Friday, January 5, 2018 7:16 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

Could someone expand on this?

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Richard Poole
Sent: Friday, January 5, 2018 12:59 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?


Thank you,
Richard Poole

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Mike Murray
Sent: Friday, January 5, 2018 11:55 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] Spectre/Meltdown patch breaks ConfigMgr/SQL?

Anyone have issues with this?

https://twitter.com/djammmer/status/949122372384141312

Mike



NOTICE: This message contains confidential information and is intended only for 
the individual named. If you are not the named addressee, you should not 
disseminate, distribute or copy this email. Please notify the sender 
immediately by email if you have received this email by mistake and delete this 
email from your system. Email transmission cannot be guaranteed to be secure or 
error-free, as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses. The sender, therefore, does not 
accept liability for any errors or omissions in the contents of this message. 
This email neither constitutes an agreement to conduct transactions by 
electronic means nor creates any legally binding contract or enforceable 
obligation in the absence of a fully signed written contract.






--
Thank you,

Sherry Kissinger

My Parameters:  Standardize. Simplify. Automate
Blog: http://mnscug.org/blogs/sherry-kissinger

RE: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

2018-01-08 Thread Brian Illner 
Could someone explain the SQL updates please?

There’s SQL 2016 SP1 CU7 and SQL 2016 SP1 GDR

I get that we download the Security Update for CU7 if we have that particular 
cumulative update installed, but what if its CU4 or CU5?

Do we use the GDR update? Or is that only for SQL 2016 SP1 that have had NO CU 
applied at all?

BRIAN ILLNER | Canal Insurance Company
864.250.9227
864.679.2537 Fax

[cid:image001.jpg@01D38886.289DECF0]

Visit canalinsurance.com<http://canalinsurance.com> for news and information.

[cid:image002.jpg@01D38886.289DECF0]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Sherry Kissinger
Sent: Monday, January 8, 2018 10:46 AM
To: mssms@lists.myitforum.com
Subject: Re: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

Based on how I 'interpreted' that tweet, it was specific regarding the SQL 
patch.  In my case, the one I would care about is SQL 16 SP1, the CU7 
(Cumulative Update 7).  ConfigMgr requires "CLR" to be enabled in order to 
function.  Additionally, the majority of environments except for a super small 
ones where they might only have ONE server with all roles--almost everyone has 
at least a MP, DP, or SUP role server elsewhere.  Depending on the 
configuration of those other servers, they likely leverage a SQL 'thing' called 
Linked Servers.  CU7 also modifies Linked server configuration.

So just wait on deploying CU7 until further information is available.  If you 
haven't yet gone to SQL 16 SP1 CU6, my understanding is that version is 
supported/acceptable to SCCM--but it obviously doesn't address the 
Spectre/Meltdown stuff.

On Mon, Jan 8, 2018 at 8:25 AM, John Aubrey 
<jaub...@norwoodmedical.com<mailto:jaub...@norwoodmedical.com>> wrote:
I THINK, there is a SQL patch as well as the Window patches.  I applied the 
Windows patch had SCCM is still working.  I think the SQL patch is the one that 
causes issues.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Mike Murray
Sent: Friday, January 5, 2018 7:16 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

Could someone expand on this?

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Richard Poole
Sent: Friday, January 5, 2018 12:59 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?


Thank you,
Richard Poole

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Mike Murray
Sent: Friday, January 5, 2018 11:55 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] Spectre/Meltdown patch breaks ConfigMgr/SQL?

Anyone have issues with this?

https://twitter.com/djammmer/status/949122372384141312<https://twitter.com/djammmer/status/949122372384141312>

Mike



NOTICE: This message contains confidential information and is intended only for 
the individual named. If you are not the named addressee, you should not 
disseminate, distribute or copy this email. Please notify the sender 
immediately by email if you have received this email by mistake and delete this 
email from your system. Email transmission cannot be guaranteed to be secure or 
error-free, as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses. The sender, therefore, does not 
accept liability for any errors or omissions in the contents of this message. 
This email neither constitutes an agreement to conduct transactions by 
electronic means nor creates any legally binding contract or enforceable 
obligation in the absence of a fully signed written contract.






--
Thank you,

Sherry Kissinger

My Parameters:  Standardize. Simplify. Automate
Blog: 
http://mnscug.org/blogs/sherry-kissinger<http://mnscug.org/blogs/sherry-kissinger>

Re: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

2018-01-08 Thread Sherry Kissinger 
Based on how I 'interpreted' that tweet, it was specific regarding the SQL
patch.  In my case, the one I would care about is SQL 16 SP1, the CU7
(Cumulative Update 7).  ConfigMgr requires "CLR" to be enabled in order to
function.  Additionally, the majority of environments except for a super
small ones where they might only have ONE server with all roles--almost
everyone has at least a MP, DP, or SUP role server elsewhere.  Depending on
the configuration of those other servers, they likely leverage a SQL
'thing' called Linked Servers.  CU7 also modifies Linked server
configuration.

So just wait on deploying CU7 until further information is available.  If
you haven't yet gone to SQL 16 SP1 CU6, my understanding is that version is
supported/acceptable to SCCM--but it obviously doesn't address the
Spectre/Meltdown stuff.

On Mon, Jan 8, 2018 at 8:25 AM, John Aubrey 
wrote:

> I *THINK*, there is a SQL patch as well as the Window patches.  I applied
> the Windows patch had SCCM is still working.  I think the SQL patch is the
> one that causes issues.
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com] *On Behalf Of *Mike Murray
> *Sent:* Friday, January 5, 2018 7:16 PM
> *To:* mssms@lists.myitforum.com
> *Subject:* [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?
>
>
>
> Could someone expand on this?
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com ] *On Behalf Of *Richard
> Poole
> *Sent:* Friday, January 5, 2018 12:59 PM
> *To:* mssms@lists.myitforum.com
> *Subject:* [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?
>
>
>
>
>
> Thank you,
>
> Richard Poole
>
>
>
> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.
> myitforum.com ] *On Behalf Of *Mike Murray
> *Sent:* Friday, January 5, 2018 11:55 AM
> *To:* mssms@lists.myitforum.com
> *Subject:* [mssms] Spectre/Meltdown patch breaks ConfigMgr/SQL?
>
>
>
> Anyone have issues with this?
>
>
>
> https://twitter.com/djammmer/status/949122372384141312
>
>
>
> Mike
>
>
>
>
>
> NOTICE: This message contains confidential information and is intended
> only for the individual named. If you are not the named addressee, you
> should not disseminate, distribute or copy this email. Please notify the
> sender immediately by email if you have received this email by mistake and
> delete this email from your system. Email transmission cannot be guaranteed
> to be secure or error-free, as information could be intercepted, corrupted,
> lost, destroyed, arrive late or incomplete, or contain viruses. The sender,
> therefore, does not accept liability for any errors or omissions in the
> contents of this message. This email neither constitutes an agreement to
> conduct transactions by electronic means nor creates any legally binding
> contract or enforceable obligation in the absence of a fully signed written
> contract.
>
>
>
>
>
>


-- 
Thank you,

Sherry Kissinger

My Parameters:  Standardize. Simplify. Automate
Blog: http://mnscug.org/blogs/sherry-kissinger