from:"Murray, Mike"

[mssms] RE: Standalone media reboots to USB media instead of HDD

2017-05-11 Thread Murray, Mike

Not if we want it to run unattended all the way through.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Raymond Peng
Sent: Thursday, May 11, 2017 9:26 AM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Standalone media reboots to USB media instead of HDD

Can you just remove the USB media afterwards?

Thank you,

Ray

Raymond Peng

Systems Engineer / IT Operations
Direct: 650-577-5399

Email: raymond.p...@wageworks.com <mailto:raymond.p...@wageworks.com> 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Thursday, May 11, 2017 8:53 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] Standalone media reboots to USB media instead of HDD

Occasionally we use standalone media to image a machine. Recently when we do
this the machine applies the OS, and instead of rebooting into the remainder
of the TS, it reboots to the beginning on the USB drive. If we go into the
BIOS at this point and move the HD to the top of the order, it will resume
the TS. Is there some way in the sequence to tell the hard drive to move to
the top of the boot order? The USB key seem to want priority.

Best Regards,

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
 <mailto:mmur...@csuchico.edu> mmur...@csuchico.edu

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

smime.p7s
Description: S/MIME cryptographic signature

[mssms] RE: Standalone media reboots to USB media instead of HDD

2017-05-11 Thread Murray, Mike

So CCTK?

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Nash Pherson
Sent: Thursday, May 11, 2017 9:24 AM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Standalone media reboots to USB media instead of HDD

You should be using the vendor-specific tools to configure the bios,
including setting the hard drive to be first in the boot order (which is
especially important on any system without bitlocker).

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Thursday, May 11, 2017 10:53 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] Standalone media reboots to USB media instead of HDD

Occasionally we use standalone media to image a machine. Recently when we do
this the machine applies the OS, and instead of rebooting into the remainder
of the TS, it reboots to the beginning on the USB drive. If we go into the
BIOS at this point and move the HD to the top of the order, it will resume
the TS. Is there some way in the sequence to tell the hard drive to move to
the top of the boot order? The USB key seem to want priority.

Best Regards,

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
 <mailto:mmur...@csuchico.edu> mmur...@csuchico.edu

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

smime.p7s
Description: S/MIME cryptographic signature

[mssms] Standalone media reboots to USB media instead of HDD

2017-05-11 Thread Murray, Mike

Occasionally we use standalone media to image a machine. Recently when we do
this the machine applies the OS, and instead of rebooting into the remainder
of the TS, it reboots to the beginning on the USB drive. If we go into the
BIOS at this point and move the HD to the top of the order, it will resume
the TS. Is there some way in the sequence to tell the hard drive to move to
the top of the boot order? The USB key seem to want priority.

 

 

Best Regards,

 

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
  mmur...@csuchico.edu

 

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:

http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

 





smime.p7s
Description: S/MIME cryptographic signature

[mssms] RE: OSD - "SyncTimeWithMP() failed. 80004005" - NOT a date/time issue?

2017-05-09 Thread Murray, Mike

Interesting. Ill look into recreating the boot media. We do not integrate
MDT, no need to.

 

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Chobeaux, Sebastien
Sent: Friday, May 5, 2017 11:41 AM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: OSD - "SyncTimeWithMP() failed. 80004005" - NOT a
date/time issue?

 

I had this error when the usb boot media self signed certificate was
expired, did you try to re create your boot media? Also do you integrate MDT
in your TS?

 

 

--

Sébastien Chobeaux

 

De : listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] De la part de Murray, Mike
Envoyé : vendredi 05 mai 2017 14:05
À : mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Objet : [mssms] OSD - "SyncTimeWithMP() failed. 80004005" - NOT a date/time
issue?

 

Hello,

 

Trying to use a USB boot drive, it fails after entering the password and
trying to find a task sequence. Everything I see online points to this being
a BIOS date/time issue, but Ive verified these are set correctly. AND if we
do a PXE boot instead, it works. Ideas? SMSTS.log below

 

LOGGING: Finalize process ID set to 976 TSBootShell5/5/2017 10:42:25
AM  980 (0x03D4)

==[ TSBootShell.exe
]==   TSBootShell5/5/2017
10:42:25 AM  980 (0x03D4)

Succeeded loading resource DLL 'X:\sms\bin\x64\1033\TSRES.DLL'
TSBootShell5/5/2017 10:42:25 AM  980 (0x03D4)

Debug shell is enabled   TSBootShell5/5/2017 10:42:25 AM  980
(0x03D4)

Waiting for PNP initialization...   TSBootShell5/5/2017 10:42:25 AM
1000 (0x03E8)

RAM Disk Boot Path: MULTI(0)DISK(0)RDISK(0)PARTITION(1)\SOURCES\BOOT.WIM
TSBootShell5/5/2017 10:42:25 AM  1000 (0x03E8)

WinPE boot path: D:\SOURCES\BOOT.WIM  TSBootShell5/5/2017
10:42:25 AM  1000 (0x03E8)

Booted from removable device  TSBootShell5/5/2017 10:42:25 AM  1000
(0x03E8)

Found config path D:\TSBootShell5/5/2017 10:42:25 AM  1000
(0x03E8)

Booting from removable media, not restoring bootloaders on hard drive
TSBootShell5/5/2017 10:42:25 AM  1000 (0x03E8)

D:\WinPE does not exist.  TSBootShell5/5/2017 10:42:26
AM  1000 (0x03E8)

D:\_SmsTsWinPE\WinPE does not exist. TSBootShell5/5/2017 10:42:26 AM
1000 (0x03E8)

Executing command line: wpeinit.exe -winpe  TSBootShell5/5/2017
10:42:26 AM  1000 (0x03E8)

The command completed successfully.  TSBootShell5/5/2017 10:42:29 AM
1000 (0x03E8)

Starting DNS client service.  TSBootShell5/5/2017 10:42:29
AM  1000 (0x03E8)

Executing command line: X:\sms\bin\x64\TsmBootstrap.exe /env:WinPE
/configpath:D:\   TSBootShell5/5/2017 10:42:30
AM  1000 (0x03E8)

The command completed successfully.  TSBootShell5/5/2017 10:42:30 AM
1000 (0x03E8)

==[ TSMBootStrap.exe
]==  TSMBootstrap5/5/2017
10:42:30 AM  1248 (0x04E0)

Command line: X:\sms\bin\x64\TsmBootstrap.exe /env:WinPE /configpath:D:\
TSMBootstrap   5/5/2017 10:42:30 AM 1248 (0x04E0)

Succeeded loading resource DLL 'X:\sms\bin\x64\1033\TSRES.DLL'
TSMBootstrap   5/5/2017 10:42:30 AM  1248 (0x04E0)

Succeeded loading resource DLL 'X:\sms\bin\x64\TSRESNLC.DLL' TSMBootstrap
5/5/2017 10:42:30 AM  1248 (0x04E0)

Current OS version is 10.0.10240.0TSMBootstrap   5/5/2017
10:42:30 AM  1248 (0x04E0)

Adding SMS bin folder "X:\sms\bin\x64" to the system environment PATH
TSMBootstrap   5/5/2017 10:42:30 AM 1248 (0x04E0)

Failed to open PXE registry key. Not a PXE boot. TSMBootstrap   5/5/2017
10:42:30 AM  1248 (0x04E0)

Media Root = D:\  TSMBootstrap   5/5/2017 10:42:30 AM  1248
(0x04E0)

WinPE boot type: 'Ramdisk:SourceIdentified'  TSMBootstrap   5/5/2017
10:42:30 AM  1248 (0x04E0)

Failed to find the source drive where WinPE was booted from TSMBootstrap
5/5/2017 10:42:30 AM  1248 (0x04E0)

Executing from Media in WinPE TSMBootstrap   5/5/2017 10:42:30 AM  1248
(0x04E0)

Verifying Media Layout. TSMBootstrap   5/5/2017 10:42:30 AM  1248 (0x04E0)

MediaType = BootMedia  TSMBootstrap   5/5/2017 10:42:30 AM  1248
(0x04E0)

PasswordRequired = falseTSMBootstrap   5/5/2017 10:42:30 AM
1248 (0x04E0)

Found network adapter "Intel(R) 82579LM Gigabit Network Connection" with IP
Address 0.0.0.0.TSMBootstrap   5/5/2017 10:42:30 AM  1248
(0x04E0)

Running Wizard in Interactive modeTSMBootstrap   5/5/2017 10:42:30
AM  1248 (0x04E0)

Loading Media Variables from "D:\sms\data\variables.dat"
TSMBootstrap   5/5/2017 10:42:30 AM  1248 (0x04E0)

no password for vars file   TSMBootstrap   5/5/2017 10:42:30 AM
1248 (0x04E0)

[mssms] OSD - "SyncTimeWithMP() failed. 80004005" - NOT a date/time issue?

2017-05-05 Thread Murray, Mike

Hello,

 

Trying to use a USB boot drive, it fails after entering the password and
trying to find a task sequence. Everything I see online points to this being
a BIOS date/time issue, but I've verified these are set correctly. AND if we
do a PXE boot instead, it works. Ideas? SMSTS.log below.

 

LOGGING: Finalize process ID set to 976 TSBootShell5/5/2017 10:42:25
AM  980 (0x03D4)

==[ TSBootShell.exe
]==   TSBootShell5/5/2017
10:42:25 AM  980 (0x03D4)

Succeeded loading resource DLL 'X:\sms\bin\x64\1033\TSRES.DLL'
TSBootShell5/5/2017 10:42:25 AM  980 (0x03D4)

Debug shell is enabled   TSBootShell5/5/2017 10:42:25 AM  980
(0x03D4)

Waiting for PNP initialization...   TSBootShell5/5/2017 10:42:25 AM
1000 (0x03E8)

RAM Disk Boot Path: MULTI(0)DISK(0)RDISK(0)PARTITION(1)\SOURCES\BOOT.WIM
TSBootShell5/5/2017 10:42:25 AM  1000 (0x03E8)

WinPE boot path: D:\SOURCES\BOOT.WIM  TSBootShell5/5/2017
10:42:25 AM  1000 (0x03E8)

Booted from removable device  TSBootShell5/5/2017 10:42:25 AM  1000
(0x03E8)

Found config path D:\TSBootShell5/5/2017 10:42:25 AM  1000
(0x03E8)

Booting from removable media, not restoring bootloaders on hard drive
TSBootShell5/5/2017 10:42:25 AM  1000 (0x03E8)

D:\WinPE does not exist.  TSBootShell5/5/2017 10:42:26
AM  1000 (0x03E8)

D:\_SmsTsWinPE\WinPE does not exist. TSBootShell5/5/2017 10:42:26 AM
1000 (0x03E8)

Executing command line: wpeinit.exe -winpe  TSBootShell5/5/2017
10:42:26 AM  1000 (0x03E8)

The command completed successfully.  TSBootShell5/5/2017 10:42:29 AM
1000 (0x03E8)

Starting DNS client service.  TSBootShell5/5/2017 10:42:29
AM  1000 (0x03E8)

Executing command line: X:\sms\bin\x64\TsmBootstrap.exe /env:WinPE
/configpath:D:\   TSBootShell5/5/2017 10:42:30
AM  1000 (0x03E8)

The command completed successfully.  TSBootShell5/5/2017 10:42:30 AM
1000 (0x03E8)

==[ TSMBootStrap.exe
]==  TSMBootstrap5/5/2017
10:42:30 AM  1248 (0x04E0)

Command line: X:\sms\bin\x64\TsmBootstrap.exe /env:WinPE /configpath:D:\
TSMBootstrap   5/5/2017 10:42:30 AM 1248 (0x04E0)

Succeeded loading resource DLL 'X:\sms\bin\x64\1033\TSRES.DLL'
TSMBootstrap   5/5/2017 10:42:30 AM  1248 (0x04E0)

Succeeded loading resource DLL 'X:\sms\bin\x64\TSRESNLC.DLL' TSMBootstrap
5/5/2017 10:42:30 AM  1248 (0x04E0)

Current OS version is 10.0.10240.0TSMBootstrap   5/5/2017
10:42:30 AM  1248 (0x04E0)

Adding SMS bin folder "X:\sms\bin\x64" to the system environment PATH
TSMBootstrap   5/5/2017 10:42:30 AM 1248 (0x04E0)

Failed to open PXE registry key. Not a PXE boot. TSMBootstrap   5/5/2017
10:42:30 AM  1248 (0x04E0)

Media Root = D:\  TSMBootstrap   5/5/2017 10:42:30 AM  1248
(0x04E0)

WinPE boot type: 'Ramdisk:SourceIdentified'  TSMBootstrap   5/5/2017
10:42:30 AM  1248 (0x04E0)

Failed to find the source drive where WinPE was booted from TSMBootstrap
5/5/2017 10:42:30 AM  1248 (0x04E0)

Executing from Media in WinPE TSMBootstrap   5/5/2017 10:42:30 AM  1248
(0x04E0)

Verifying Media Layout. TSMBootstrap   5/5/2017 10:42:30 AM  1248 (0x04E0)

MediaType = BootMedia  TSMBootstrap   5/5/2017 10:42:30 AM  1248
(0x04E0)

PasswordRequired = falseTSMBootstrap   5/5/2017 10:42:30 AM
1248 (0x04E0)

Found network adapter "Intel(R) 82579LM Gigabit Network Connection" with IP
Address 0.0.0.0.TSMBootstrap   5/5/2017 10:42:30 AM  1248
(0x04E0)

Running Wizard in Interactive modeTSMBootstrap   5/5/2017 10:42:30
AM  1248 (0x04E0)

Loading Media Variables from "D:\sms\data\variables.dat"
TSMBootstrap   5/5/2017 10:42:30 AM  1248 (0x04E0)

no password for vars file   TSMBootstrap   5/5/2017 10:42:30 AM
1248 (0x04E0)

Activating Welcome Page.TSMBootstrap   5/5/2017 10:42:30 AM
1248 (0x04E0)

Loading bitmap TSMBootstrap   5/5/2017 10:42:30 AM  1248 (0x04E0)

hMap != 0, HRESULT=80070002
(e:\qfe\nts\sms\framework\tscore\environmentscope.cpp,493) TSBootShell
5/5/2017 10:44:01 AM  980 (0x03D4)

m_pGlobalScope->open(), HRESULT=80070002
(e:\qfe\nts\sms\framework\tscore\environmentlib.cpp,335)
TSBootShell5/5/2017 10:44:01 AM  980 (0x03D4)

this->open(), HRESULT=80070002
(e:\qfe\nts\sms\framework\tscore\environmentlib.cpp,553)   TSBootShell
5/5/2017 10:44:01 AM  980 (0x03D4)

Executing command line: X:\windows\system32\cmd.exe /kTSBootShell
5/5/2017 10:44:01 AM  980 (0x03D4)

The command completed successfully.  TSBootShell5/5/2017 10:44:01 AM
980 (0x03D4)

Successfully launched command shell.TSBootShell5/5/2017 10:44:01
AM  980 (0x03D4)

WelcomePage::OnWizardNext() TSMBootstrap   5/5/2017 10:44:38 AM  1248
(0x04E0)

Loading Media Variables from "D:\sms\d

[mssms] RE: Driver management - opinions?

2017-04-18 Thread Murray, Mike

Biggety Bump

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Murray, Mike
Sent: Monday, April 17, 2017 4:22 PM
To: mssms@lists.myitforum.com
Subject: [mssms] Driver management - opinions?

We're thinking of testing the tool linked below. Anyone have experience with
it? Are there any other tools you prefer that can accomplish similar?

http://www.scconfigmgr.com/2017/03/29/modern-driver-management-using-web-ser
vices-during-osd-with-configmgr/

Best Regards,

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
 <mailto:mmur...@csuchico.edu> mmur...@csuchico.edu

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

smime.p7s
Description: S/MIME cryptographic signature

[mssms] Driver management - opinions?

2017-04-17 Thread Murray, Mike

We're thinking of testing the tool linked below. Anyone have experience with
it? Are there any other tools you prefer that can accomplish similar?

 

http://www.scconfigmgr.com/2017/03/29/modern-driver-management-using-web-ser
vices-during-osd-with-configmgr/

 

 

Best Regards,

 

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
  mmur...@csuchico.edu

 

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:

http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

 





smime.p7s
Description: S/MIME cryptographic signature

RE: [mssms] Windows Defender issue - MpCmdRun.exe fails

2017-01-27 Thread Murray, Mike

Is anyone else experiencing this on Windows 7?

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Murray, Mike
Sent: Friday, January 27, 2017 10:33 AM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] Windows Defender issue - MpCmdRun.exe fails

Yes, but if a client gets wonky for some reason and won’t update, this is a 
quick fix.

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Adam Juelich
Sent: Friday, January 27, 2017 5:37 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: Re: [mssms] Windows Defender issue - MpCmdRun.exe fails

Doesn't your ADR and SUG handle that?

On Thu, Jan 26, 2017 at 4:47 PM, Murray, Mike mailto:mmur...@csuchico.edu> > wrote:

My previous PowerShell question was related to this. I want to be able to find 
active CM clients with old SCEP virus definitions and force them to update if 
needed. I want to run the following two commands, which work just fine on 
Windows 10, but fail on Windows 7 machines (I’m running from an admin prompt):

C:\Program Files\Windows Defender\MpCmdRun.exe -RemoveDefinitions -All

C:\Program Files\Windows Defender\MpCmdRun.exe -SignatureUpdate

The error:

Service Version: 0.0.0.0

Engine Version: 0.0.0.0

Starting engine and signature rollback to none...Failed! Error 0x800106ba

I’ve tested on multiple machines, same error. Googling brought no answers. Any 
ideas?

Best Regards,

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357  
mmur...@csuchico.edu <mailto:mmur...@csuchico.edu> 

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:  
<http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml> 
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

smime.p7s
Description: S/MIME cryptographic signature

RE: [mssms] Windows Defender issue - MpCmdRun.exe fails

2017-01-27 Thread Murray, Mike

Yes, but if a client gets wonky for some reason and won’t update, this is a 
quick fix.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Adam Juelich
Sent: Friday, January 27, 2017 5:37 AM
To: mssms@lists.myitforum.com
Subject: Re: [mssms] Windows Defender issue - MpCmdRun.exe fails

Doesn't your ADR and SUG handle that?

On Thu, Jan 26, 2017 at 4:47 PM, Murray, Mike mailto:mmur...@csuchico.edu> > wrote:

My previous PowerShell question was related to this. I want to be able to find 
active CM clients with old SCEP virus definitions and force them to update if 
needed. I want to run the following two commands, which work just fine on 
Windows 10, but fail on Windows 7 machines (I’m running from an admin prompt):

C:\Program Files\Windows Defender\MpCmdRun.exe -RemoveDefinitions -All

C:\Program Files\Windows Defender\MpCmdRun.exe -SignatureUpdate

The error:

Service Version: 0.0.0.0

Engine Version: 0.0.0.0

Starting engine and signature rollback to none...Failed! Error 0x800106ba

I’ve tested on multiple machines, same error. Googling brought no answers. Any 
ideas?

Best Regards,

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357  
mmur...@csuchico.edu <mailto:mmur...@csuchico.edu> 

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:  
<http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml> 
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

smime.p7s
Description: S/MIME cryptographic signature

[mssms] Windows Defender issue - MpCmdRun.exe fails

2017-01-26 Thread Murray, Mike

My previous PowerShell question was related to this. I want to be able to
find active CM clients with old SCEP virus definitions and force them to
update if needed. I want to run the following two commands, which work just
fine on Windows 10, but fail on Windows 7 machines (I'm running from an
admin prompt):

 

C:\Program Files\Windows Defender\MpCmdRun.exe -RemoveDefinitions -All

C:\Program Files\Windows Defender\MpCmdRun.exe -SignatureUpdate

 

The error:

 

Service Version: 0.0.0.0

Engine Version: 0.0.0.0

 

Starting engine and signature rollback to none...Failed! Error 0x800106ba

 

I've tested on multiple machines, same error. Googling brought no answers.
Any ideas?

 

 

Best Regards,

 

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
  mmur...@csuchico.edu

 

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:

http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

 





smime.p7s
Description: S/MIME cryptographic signature

[mssms] RE: PowerShell help

2017-01-26 Thread Murray, Mike

Thanks all!

 

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Jeffery Juett
Sent: Thursday, January 26, 2017 11:57 AM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: PowerShell help

 

Mike,

 

Change your if statement to: If (((Get-Date) - $datdate).Days -gt 2 ) {

 

The (Get-Date) - $datdate calculation will return the difference as the
properties of a System.Timespan value, so your if statement is evaluating
based on the TotalMilliseconds property.  

 

Thank you,

 

Jeff Juett

 

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Thursday, January 26, 2017 1:01 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] RE: PowerShell help

 

To clarify, no matter what I follow "-gt" with, it always returns "Old". My
test machine has defs that are 2 days old, but if I set the number to 5, it
still says old.

 

From: Murray, Mike 
Sent: Thursday, January 26, 2017 10:56 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: PowerShell help

 

I'm trying to write a script that will read the SCEP definition date from
registry, compare it to the current time, and if it's older than 2 days run
an action. In my code below, it always returns "Old". What am I missing?

 

$data = Get-ItemProperty "HKLM:\Software\Microsoft\Windows
Defender\Signature Updates" | Select-Object -ExpandProperty
AVSignatureApplied

$time = [DateTime]::FromFileTime( (($data[7]*256 + $data[6])*256 +
$data[5])*256 + $data[4])*256 + $data[3])*256 + $data[2])*256 +
$data[1])*256 + $data[0])

$datdate = Get-Date $time

Write-Host $datdate

 

if ((Get-Date) - $datdate -gt 2) {

Write-Host "Old"

}else {

Write-Host "New"

} 

 

 

 

Best Regards,

 

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
 <mailto:mmur...@csuchico.edu> mmur...@csuchico.edu

 

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

 

 

 





smime.p7s
Description: S/MIME cryptographic signature

[mssms] PowerShell help

2017-01-26 Thread Murray, Mike

I'm trying to write a script that will read the SCEP definition date from
registry, compare it to the current time, and if it's older than 2 days run
an action. In my code below, it always returns "Old". What am I missing?

 

$data = Get-ItemProperty "HKLM:\Software\Microsoft\Windows
Defender\Signature Updates" | Select-Object -ExpandProperty
AVSignatureApplied

$time = [DateTime]::FromFileTime( (($data[7]*256 + $data[6])*256 +
$data[5])*256 + $data[4])*256 + $data[3])*256 + $data[2])*256 +
$data[1])*256 + $data[0])

$datdate = Get-Date $time

Write-Host $datdate

 

if ((Get-Date) - $datdate -gt 2) {

Write-Host "Old"

}else {

Write-Host "New"

} 

 

 

 

Best Regards,

 

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
  mmur...@csuchico.edu

 

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:

http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

 





smime.p7s
Description: S/MIME cryptographic signature

[mssms] RE: PowerShell help

2017-01-26 Thread Murray, Mike

To clarify, no matter what I follow "-gt" with, it always returns "Old". My
test machine has defs that are 2 days old, but if I set the number to 5, it
still says old.

From: Murray, Mike 
Sent: Thursday, January 26, 2017 10:56 AM
To: mssms@lists.myitforum.com
Subject: PowerShell help

I'm trying to write a script that will read the SCEP definition date from
registry, compare it to the current time, and if it's older than 2 days run
an action. In my code below, it always returns "Old". What am I missing?

$data = Get-ItemProperty "HKLM:\Software\Microsoft\Windows
Defender\Signature Updates" | Select-Object -ExpandProperty
AVSignatureApplied

$time = [DateTime]::FromFileTime( (($data[7]*256 + $data[6])*256 +
$data[5])*256 + $data[4])*256 + $data[3])*256 + $data[2])*256 +
$data[1])*256 + $data[0])

$datdate = Get-Date $time

Write-Host $datdate

if ((Get-Date) - $datdate -gt 2) {

Write-Host "Old"

}else {

Write-Host "New"

} 

Best Regards,

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
 <mailto:mmur...@csuchico.edu> mmur...@csuchico.edu

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

smime.p7s
Description: S/MIME cryptographic signature

[mssms] RE: Collection query weirdness

2017-01-20 Thread Murray, Mike

Disregard previous post. Left join did the trick. Thanks!

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Jimmy Martin
Sent: Friday, January 20, 2017 5:07 AM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Collection query weirdness

You need to adjust the join properties.  You are tying discovery data and
data that would be provided via sccm inventory.  Default join would make it
where it was the least common denominator of the data sets

Jimmy Martin
(901) 227-8209

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Thursday, January 19, 2017 5:46 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] Collection query weirdness

Can someone explain this to me? The query below returns fewer results than
if I just use the first part of the query. Adding the "or" option drops the
total results. Seems wrong to me.

Best Regards,

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
 <mailto:mmur...@csuchico.edu> mmur...@csuchico.edu

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

This message and any files transmitted with it may contain legally
privileged, confidential, or proprietary information. If you are not the
intended recipient of this message, you are not permitted to use, copy, or
forward it, in whole or in part without the express consent of the sender.
Please notify the sender of the error by reply email, disregard the
foregoing messages, and delete it immediately.

P Please consider the environment before printing this email...

smime.p7s
Description: S/MIME cryptographic signature

RE: [mssms] RE: Collection query weirdness

2017-01-20 Thread Murray, Mike

I can’t say for sure, but if I only use 
SMS_R_System.OperatingSystemNameandVersion, I get fewer results.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Sherry Kissinger
Sent: Friday, January 20, 2017 11:00 AM
To: mssms@lists.myitforum.com
Subject: Re: [mssms] RE: Collection query weirdness

Just curious...  would there be situations where a OS X device would report 
into SMS_G_System_OPERATING_SYSTEM.Name , but NOT report into 
SMS_R_System.OperatingSystemNameandVersion ?

On Fri, Jan 20, 2017 at 12:08 PM, Daniel Ratliff mailto:dratl...@humana.com> > wrote:

Full join if you want absolutely everything from both tables. 

Daniel Ratliff 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com> 
] On Behalf Of Murray, Mike
Sent: Friday, January 20, 2017 12:32 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] RE: Collection query weirdness

Here’s the query. What join should I use?

select 
SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client
 from SMS_R_System inner join SMS_G_System_OPERATING_SYSTEM on 
SMS_G_System_OPERATING_SYSTEM.ResourceId = SMS_R_System.ResourceId where 
SMS_R_System.OperatingSystemNameandVersion like "%OS X%" or 
SMS_G_System_OPERATING_SYSTEM.Name like "%OS X%"

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jimmy Martin
Sent: Friday, January 20, 2017 5:07 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] RE: Collection query weirdness

You need to adjust the join properties.  You are tying discovery data and data 
that would be provided via sccm inventory.  Default join would make it where it 
was the least common denominator of the data sets

Jimmy Martin
(901) 227-8209  

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Thursday, January 19, 2017 5:46 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] Collection query weirdness

Can someone explain this to me? The query below returns fewer results than if I 
just use the first part of the query. Adding the “or” option drops the total 
results. Seems wrong to me.

Best Regards,

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357  
mmur...@csuchico.edu <mailto:mmur...@csuchico.edu> 

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to: 
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

This message and any files transmitted with it may contain legally privileged, 
confidential, or proprietary information. If you are not the intended recipient 
of this message, you are not permitted to use, copy, or forward it, in whole or 
in part without the express consent of the sender. Please notify the sender of 
the error by reply email, disregard the foregoing messages, and delete it 
immediately.

P Please consider the environment before printing this email...

The information transmitted is intended only for the person or entity to which 
it is addressed
and may contain CONFIDENTIAL material. If you receive this material/information 
in error,
please contact the sender and delete or destroy the material/information.

-- 

Thank you,

Sherry Kissinger

My Parameters:  Standardize. Simplify. Automate
Blogs: http://www.mofmaster.com, http://mnscug.org/blogs/sherry-kissinger, 
http://www.smguru.org

smime.p7s
Description: S/MIME cryptographic signature

[mssms] RE: Collection query weirdness

2017-01-20 Thread Murray, Mike

Left join returned what I was looking for. Full join returned zero results.
:/

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Daniel Ratliff
Sent: Friday, January 20, 2017 10:08 AM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Collection query weirdness

Full join if you want absolutely everything from both tables. 

Daniel Ratliff 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Friday, January 20, 2017 12:32 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] RE: Collection query weirdness

Here's the query. What join should I use?

select
SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SY
STEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM
.Client from SMS_R_System inner join SMS_G_System_OPERATING_SYSTEM on
SMS_G_System_OPERATING_SYSTEM.ResourceId = SMS_R_System.ResourceId where
SMS_R_System.OperatingSystemNameandVersion like "%OS X%" or
SMS_G_System_OPERATING_SYSTEM.Name like "%OS X%"

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jimmy Martin
Sent: Friday, January 20, 2017 5:07 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] RE: Collection query weirdness

You need to adjust the join properties.  You are tying discovery data and
data that would be provided via sccm inventory.  Default join would make it
where it was the least common denominator of the data sets

Jimmy Martin
(901) 227-8209

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Thursday, January 19, 2017 5:46 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] Collection query weirdness

Can someone explain this to me? The query below returns fewer results than
if I just use the first part of the query. Adding the "or" option drops the
total results. Seems wrong to me.

Best Regards,

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
 <mailto:mmur...@csuchico.edu> mmur...@csuchico.edu

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

This message and any files transmitted with it may contain legally
privileged, confidential, or proprietary information. If you are not the
intended recipient of this message, you are not permitted to use, copy, or
forward it, in whole or in part without the express consent of the sender.
Please notify the sender of the error by reply email, disregard the
foregoing messages, and delete it immediately.

P Please consider the environment before printing this email...

The information transmitted is intended only for the person or entity to
which it is addressed
and may contain CONFIDENTIAL material. If you receive this
material/information in error,
please contact the sender and delete or destroy the material/information.

smime.p7s
Description: S/MIME cryptographic signature

[mssms] RE: Collection query weirdness

2017-01-20 Thread Murray, Mike

Here's the query. What join should I use?

 

select
SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SY
STEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM
.Client from SMS_R_System inner join SMS_G_System_OPERATING_SYSTEM on
SMS_G_System_OPERATING_SYSTEM.ResourceId = SMS_R_System.ResourceId where
SMS_R_System.OperatingSystemNameandVersion like "%OS X%" or
SMS_G_System_OPERATING_SYSTEM.Name like "%OS X%"

 

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Jimmy Martin
Sent: Friday, January 20, 2017 5:07 AM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Collection query weirdness

 

You need to adjust the join properties.  You are tying discovery data and
data that would be provided via sccm inventory.  Default join would make it
where it was the least common denominator of the data sets

 

Jimmy Martin
(901) 227-8209

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Thursday, January 19, 2017 5:46 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] Collection query weirdness

 

Can someone explain this to me? The query below returns fewer results than
if I just use the first part of the query. Adding the "or" option drops the
total results. Seems wrong to me.

 



 

 

Best Regards,

 

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
 <mailto:mmur...@csuchico.edu> mmur...@csuchico.edu

 

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

 

 

This message and any files transmitted with it may contain legally
privileged, confidential, or proprietary information. If you are not the
intended recipient of this message, you are not permitted to use, copy, or
forward it, in whole or in part without the express consent of the sender.
Please notify the sender of the error by reply email, disregard the
foregoing messages, and delete it immediately.

 

P Please consider the environment before printing this email...

 

 





smime.p7s
Description: S/MIME cryptographic signature

[mssms] Collection query weirdness

2017-01-19 Thread Murray, Mike

Can someone explain this to me? The query below returns fewer results than
if I just use the first part of the query. Adding the "or" option drops the
total results. Seems wrong to me.

 



 

 

Best Regards,

 

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
  mmur...@csuchico.edu

 

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:

http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

 





smime.p7s
Description: S/MIME cryptographic signature

[mssms] RE: Configuration baseline possible for %localappdata% content?

2017-01-18 Thread Murray, Mike

I understand if I use %USERPROFILE% it will search all user profiles, so a
script is not needed?

 

https://technet.microsoft.com/en-us/library/gg712331.aspx

 

 

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Murray, Mike
Sent: Wednesday, January 18, 2017 1:23 PM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Configuration baseline possible for %localappdata%
content?

 

That makes perfect sense. How would you recommend I get around this? I would
assume a PS script would have the same problem?

 

Mike

 

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Daniel Ratliff
Sent: Wednesday, January 18, 2017 11:17 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] RE: Configuration baseline possible for %localappdata%
content?

 

%localappdata% is a user profile environment variable. When running as
SYSTEM, as SCCM does, it will check the SYSTEM profile in system32. You need
a script to parse each users %localappdata% directory. 

 

Daniel Ratliff 

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Wednesday, January 18, 2017 2:07 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] Configuration baseline possible for %localappdata% content?

 

I want to be able to check for compliance of a file located in the logged in
user's %localappdata%\XXX\ directory. I just need to know if the file
exists. Computers are reporting non-compliant even though I've verified the
file exists. I'm guessing it doesn't like using %localappdata%? Would a
better method be to use a PowerShell script to check the existence of the
file instead?

 

 

Best Regards,

 

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
 <mailto:mmur...@csuchico.edu> mmur...@csuchico.edu

 

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

 

 


The information transmitted is intended only for the person or entity to
which it is addressed
and may contain CONFIDENTIAL material. If you receive this
material/information in error,
please contact the sender and delete or destroy the material/information.

 

 





smime.p7s
Description: S/MIME cryptographic signature

[mssms] RE: Configuration baseline possible for %localappdata% content?

2017-01-18 Thread Murray, Mike

That makes perfect sense. How would you recommend I get around this? I would
assume a PS script would have the same problem?

 

Mike

 

 

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Daniel Ratliff
Sent: Wednesday, January 18, 2017 11:17 AM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Configuration baseline possible for %localappdata%
content?

 

%localappdata% is a user profile environment variable. When running as
SYSTEM, as SCCM does, it will check the SYSTEM profile in system32. You need
a script to parse each users %localappdata% directory. 

 

Daniel Ratliff 

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Wednesday, January 18, 2017 2:07 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] Configuration baseline possible for %localappdata% content?

 

I want to be able to check for compliance of a file located in the logged in
user's %localappdata%\XXX\ directory. I just need to know if the file
exists. Computers are reporting non-compliant even though I've verified the
file exists. I'm guessing it doesn't like using %localappdata%? Would a
better method be to use a PowerShell script to check the existence of the
file instead?

 

 

Best Regards,

 

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
 <mailto:mmur...@csuchico.edu> mmur...@csuchico.edu

 

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

 

 


The information transmitted is intended only for the person or entity to
which it is addressed
and may contain CONFIDENTIAL material. If you receive this
material/information in error,
please contact the sender and delete or destroy the material/information.

 





smime.p7s
Description: S/MIME cryptographic signature

[mssms] Configuration baseline possible for %localappdata% content?

2017-01-18 Thread Murray, Mike

I want to be able to check for compliance of a file located in the logged in
user's %localappdata%\XXX\ directory. I just need to know if the file
exists. Computers are reporting non-compliant even though I've verified the
file exists. I'm guessing it doesn't like using %localappdata%? Would a
better method be to use a PowerShell script to check the existence of the
file instead?

 

 

Best Regards,

 

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
  mmur...@csuchico.edu

 

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:

http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

 





smime.p7s
Description: S/MIME cryptographic signature

[mssms] RE: Annoying Windows Defender behavior

2017-01-09 Thread Murray, Mike

Hi Chris,

 

John mentioned how to do this from the ConfigMgr console:

 

"Can you set it up to enable automatic sample file submission in your
environment? That setting is in Assets and Compliance - Endpoint Protection
- Antimalware Policies, find your workstation policy. It's under advanced,
near the bottom named "Enable auto sample file submission to help, blah."
Changing the policy to Yes would get rid of the prompts as they'll go
automatically. That's what I did anyway.

 

John"

 

 

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Bolton, Chris
Sent: Monday, January 9, 2017 1:26 PM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Annoying Windows Defender behavior

 

We had a registry punch in place to automatically send such files without
notifying the users, but it appears Microsoft has changed something and
we're seeing these notifications again.

 

If anyone has any information on how to make them go away again, that would
be appreciated.

 

Thanks.

 

Chris

 

Chris Bolton - Application Programmer/Analyst Lead

University of Michigan Health Systems

Medical Center Information Technology

Enterprise Device Engineering and Management

Work:  734.936.3576

E-mail:  bol...@umich.edu <mailto:bol...@umich.edu> 

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Friday, January 06, 2017 2:26 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] Annoying Windows Defender behavior

 

Is there any way to disable this entirely? Users hate it.

 

Thanks!

 

 



 

 

 

**
Electronic Mail is not secure, may not be read every day, and should not be
used for urgent or sensitive issues 

 





smime.p7s
Description: S/MIME cryptographic signature

RE: [mssms] RE: Annoying Windows Defender behavior

2017-01-09 Thread Murray, Mike

OK, thanks!

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of John Hamilton
Sent: Friday, January 6, 2017 5:53 PM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] RE: Annoying Windows Defender behavior

Can you set it up to enable automatic sample file submission in your 
environment? That setting is in Assets and Compliance – Endpoint Protection – 
Antimalware Policies, find your workstation policy. It’s under advanced,  near 
the bottom named “Enable auto sample file submission to help, blah…” Changing 
the policy to Yes would get rid of the prompts as they’ll go automatically. 
That’s what I did anyway.

John

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Friday, January 6, 2017 4:46 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] RE: Annoying Windows Defender behavior

We’re using MS Endpoint Protection as our AV, so this is not an option.

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Adam Juelich
Sent: Friday, January 6, 2017 2:27 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: Re: [mssms] RE: Annoying Windows Defender behavior

If you have a different AV on your machines then just disable Windows Defender 
via GPO.  If you are using SCEP on Windows 8 or newer (Maybe just 10?), I don't 
think you want to disable it as SCEP basically just leverages Windows Defender 
and flips on the management switch.

On Fri, Jan 6, 2017 at 3:34 PM, Jason Mlynarchuk mailto:jmlyn...@nait.ca> > wrote:

I had this issue but with only very few users so no changes have been made as 
of yet.

It can be controlled via GPO I believe. 

https://msdn.microsoft.com/en-us/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#defender-submitsamplesconsent

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com> 
] On Behalf Of Murray, Mike
Sent: Friday, January 6, 2017 12:26 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] Annoying Windows Defender behavior

Is there any way to disable this entirely? Users hate it.

Thanks!

  _  

CONFIDENTIALITY NOTICE: This email message and any attachments hereto are 
intended only for use by the addressee(s) named herein and may contain 
information which is legally privileged, confidential and/or exempt from 
disclosure under applicable law. If you are not the intended recipient, or an 
authorized representative of the intended recipient, of this email message, you 
are hereby notified that any review, dissemination, distribution, copying, or 
use (including any reliance thereon) of this email message, and/or any 
attachment hereto, is strictly prohibited.

Although this transmission and any attachments are believed to be free of any 
virus or other defect that might affect any computer system into which it is 
received and opened, it is the responsibility of the recipient to ensure that 
it is free from virus or other defect and no responsibility is accepted by the 
sending company, its subsidiaries and affiliates, as applicable, for any loss 
or damage arising in any way from its use.

If you have received this email message in error, please immediately notify the 
sender by return email and permanently delete from your system, the original 
and any copies of this email and any attachments hereto and any printout 
hereof. Unauthorized interception of this email is a violation of federal 
criminal law.

smime.p7s
Description: S/MIME cryptographic signature

RE: [mssms] RE: Annoying Windows Defender behavior

2017-01-06 Thread Murray, Mike

We’re using MS Endpoint Protection as our AV, so this is not an option.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Adam Juelich
Sent: Friday, January 6, 2017 2:27 PM
To: mssms@lists.myitforum.com
Subject: Re: [mssms] RE: Annoying Windows Defender behavior

If you have a different AV on your machines then just disable Windows Defender 
via GPO.  If you are using SCEP on Windows 8 or newer (Maybe just 10?), I don't 
think you want to disable it as SCEP basically just leverages Windows Defender 
and flips on the management switch.

On Fri, Jan 6, 2017 at 3:34 PM, Jason Mlynarchuk mailto:jmlyn...@nait.ca> > wrote:

I had this issue but with only very few users so no changes have been made as 
of yet.

It can be controlled via GPO I believe. 

https://msdn.microsoft.com/en-us/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#defender-submitsamplesconsent

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com> 
] On Behalf Of Murray, Mike
Sent: Friday, January 6, 2017 12:26 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] Annoying Windows Defender behavior

Is there any way to disable this entirely? Users hate it.

Thanks!

smime.p7s
Description: S/MIME cryptographic signature

[mssms] RE: Annoying Windows Defender behavior

2017-01-06 Thread Murray, Mike

Bummer this only applies to Win10.  L

 

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Jason Mlynarchuk
Sent: Friday, January 6, 2017 1:35 PM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Annoying Windows Defender behavior

 

I had this issue but with only very few users so no changes have been made
as of yet.

It can be controlled via GPO I believe. 

 

https://msdn.microsoft.com/en-us/windows/hardware/commercialize/customize/md
m/policy-configuration-service-provider#defender-submitsamplesconsent

 

 

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Friday, January 6, 2017 12:26 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] Annoying Windows Defender behavior

 

Is there any way to disable this entirely? Users hate it.

 

Thanks!

 

 



 

 

 

 





smime.p7s
Description: S/MIME cryptographic signature

[mssms] Annoying Windows Defender behavior

2017-01-06 Thread Murray, Mike

Is there any way to disable this entirely? Users hate it.

 

Thanks!

 

 



 

 





smime.p7s
Description: S/MIME cryptographic signature

RE: [mssms] RE: Merge vs New Record

2016-12-21 Thread Murray, Mike

I have a duplicate computers collection that updates daily. I go through and 
remove the old record if it finds any. Query:

 

select 
R.ResourceID,R.ResourceType,R.Name,R.SMSUniqueIdentifier,R.ResourceDomainORWorkgroup,R.Client
 from SMS_R_System as r   full join SMS_R_System as s1 on s1.ResourceId = 
r.ResourceId   full join SMS_R_System as s2 on s2.Name = s1.Name   where 
s1.Name = s2.Name and s1.ResourceId != s2.ResourceId

 

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Adam Juelich
Sent: Wednesday, December 21, 2016 7:58 AM
To: mssms@lists.myitforum.com
Subject: Re: [mssms] RE: Merge vs New Record

 

Eesh.

 

Is there a way to do a query for duplicate devices to at least keep an eye on 
it and mitigate the issue?

 

On Wed, Dec 21, 2016 at 8:57 AM, Olsson Mats (4004) 
mailto:mats.ols...@forsakringskassan.se> > 
wrote:

This is a known issue introduced with SCCM2012 SP1. 
Before SP1 the netbios name was a “mergable” property and since that value 
existed in the AD DDR, in the heartbeat DDR and in a ImportMachineEntry DDR.

After SP1 there will be a problem if the AD DDR is created before the Heartbeat 
DDR.
I have had a case on this with Won’t fix from MS. We did file a DCR too with no 
result. 

We have a rather complex workaround for this. 
We first create the record in AD and record the SID from this object. 

After that we create a DDR with ImportMachineEntry WMI method 
Finally we have to use SMSResGen to create a third DDR with the SID from the AD 
entry and the Mac address from ImportMachineEntry. 


Now SCCM can merge The AD and SMSRegenEntries on AD sid and it can merge the 
SMSResgen Entry and the ImportMachineEntry on mac and the result is one record 
in the SCCM database. 

 

The Quick simple fix would be for MS to restore the Pre SP1 functionality. 
Another fix (better one) would be to modify the merging behavior so that SCCM 
did merge the records based on FQDN by default 

 

 

From: listsad...@lists.myitforum.com   
[mailto:listsad...@lists.myitforum.com  
] On Behalf Of Robert Spinelli
Sent: den 21 december 2016 13:50
To: mssms@lists.myitforum.com  
Subject: [mssms] Merge vs New Record

 

Does anyone know how SCCM decides to create a new record or merge with an 
existing record?  What does SCCM key off of to decide?  I know I had a blog or 
something way back when but can’t find it.

 

If we have following:

 

Machine1 record created by AD System Discovery

Machine1 record created when client is installed (heartbeat)

 

We’re seeing issues where the 2 records don’t merge and we end up with 2 
records for the same machine.  One record showing machine with client 
(heartbeat) and one record from AD system discovery showing machine with no 
client.  We will end up having:

 

Machine1 record (client installed – heartbeat discovery)
Machine1 record (client not installed – AD system discovery) 

 

If I delete the machine1 record created by AD system discovery from SCCM and 
then make a change on the AD object, delta discovery kicks in, creates a new 
ddr from AD System discovery and then merges with Machine1 record (client 
installed – heartbeat discovery)

 

I did find article below but this is for machines that are being using unknown 
computer support:

 

https://blogs.technet.microsoft.com/enterprisemobility/2011/09/09/known-issue-and-workaround-duplicate-records-when-you-use-unknown-computer-support-with-active-directory-delta-discovery/

 

Thanks

 

Rob

 

 

 

 

 






smime.p7s
Description: S/MIME cryptographic signature

[mssms] RE: software inventory for all file extentions?

2016-12-13 Thread Murray, Mike

+1  Id look for another solution for malware detection.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Kent, Mark
Sent: Tuesday, December 13, 2016 7:27 AM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: software inventory for all file extentions?

I think you want to run away from that idea, unless you are looking to swell
the size of your Db by many Gbs

Mark Kent

Manager, Client Systems Engineering

Technology Support Services

Resources for Information, Technology and Education (RITE)

  http://rite.buffalostate.edu

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Justin P. White
Sent: Tuesday, December 13, 2016 9:11 AM
To: mssms@lists.myitforum.com  
Subject: [mssms] software inventory for all file extentions?

Ive been getting requests from my security team to detect certain file
extentions with sccm to hunt down infected computers

Out of curiosity have any of you guys done a software inventory and included
a *.* to scan all file types? I havent done so and wanted to learn anyones
experiences with doing that, or if its as terrible as an idea Ive come up
with so far J

Justin P. White

DAK Americas LLC Cooper River Site

Technical Specialist

(843) 797-9190 Work

(843) 709-0152 Cell

jpwh...@dakamericas.com  

3350 Cypress Gardens Road

Moncks Corner, SC 29461

This message and its attachments may contain privileged, confidential or
copyrighted information property of the sender. The information is intended
only for the exclusive use of its intended recipient unless otherwise stated
by the sender. Any interception, unauthorized review, forwarding, printing,
copying, distributing, or using such information and its attachments is
strictly prohibited and may be unlawful. This message and its attachments
should not be revealed to unauthorized people. If you are not the intended
recipient of this message and its attachments, you are hereby notified that
you received this e-mail in error, and that any review, dissemination,
distribution or copying of this e-mail and any attachment is strictly
prohibited. If you have received this e-mail, attachments or both in error,
please contact the sender and delete this message and its attachments from
your computer and systems without retaining a copy. The sender takes no
responsibility for any unauthorized reliance on this message. The content of
this communication may be subject to export laws, including the U.S. Export
Administration regulations and Mexican Export Administration regulations.
Diversion contrary to any applicable laws is prohibited. This message is not
intended as an offer, or acceptance, or amendment of a contract.

Este mensaje y sus anexos pueden contener información confidencial o
protegida por derechos de autor, propiedad del emisor. La información es
solo para el uso exclusivo del destinatario (a menos que el emisor
especifique lo contrario). Cualquier intercepción, revisión, re-envío,
impresión, copia, distribución o uso de dicha información y sus anexos sin
previa autorización está estrictamente prohibido y podría constituir una
conducta ilegal. Este mensaje y sus anexos no se deberán revelar a personas
no autorizadas. Si usted no es el destinatario de este mensaje ni de sus
anexos, se le informa a través de este medio que ha recibido este mensaje
por error, y que cualquier revisión, difusión, distribución o copia de este
mensaje o sus anexos está estrictamente prohibida. Si usted ha recibido este
correo, sus anexos o ambos por error se le solicita notificar al emisor, así
como borrar de su computadora y sistemas el presente mensaje y sus anexos,
sin retener copia alguna de los mismos. El emisor no se responsabiliza por
confiar indebidamente y sin autorización en el contenido de este correo. El
contenido de este comunicado puede ser sujeto a reglas de exportación
incluyendo las Export Administration Regulations de los Estados Unidos así
como a las Reglas Administrativas de Exportación de México. Cualquier
modificación contraria a la legislación aplicable está prohibida. Este
mensaje no se considerará como ninguna oferta, aceptación o modificación de
ningún contrato.

smime.p7s
Description: S/MIME cryptographic signature

[mssms] RE: SCEP definition updates scheduling

2016-12-07 Thread Murray, Mike

I don't think it's a set schedule, my RSS feed looks pretty random. Your
plan is basically what we do. It keeps everyone up to date.

 



 

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Corkill, Daniel
Sent: Wednesday, December 7, 2016 2:19 PM
To: mssms@lists.myitforum.com
Subject: [mssms] SCEP definition updates scheduling

 

I've read that definition updates are released up to 3 times a day. Does
anyone know if there's documented times that I can align my SUP sync to?
Otherwise I'm just going to set it to midnight and recur every 8 hours.

 

Also, since we're introducing Server 2016 to our environment I've read I
need to sync Windows Defender defs. I'm assuming it's ok to have them in the
same SUG as my SCEP updates, and the client will just determine what's
needed.

 

 
*
The contents of this email message and any attachments are intended only for
the addressee and may be confidential, private or the subject of copyright.
If you have received this email in error please notify Logan City Council,
by replying to the sender or calling +61 7 3412 3412  and delete all copies
of the e-mail and any attachments.
 
To view Logan City Council's Privacy Collection Notice, please visit
 www.logan.qld.gov.au or click on the following
link  
http://www.logan.qld.gov.au/home/terms-of-use.
 

 

 





smime.p7s
Description: S/MIME cryptographic signature

RE: [mssms] RE: WOL not waking powered off computers

2016-12-07 Thread Murray, Mike

I’ve confirmed it’s a driver/Win10 issue. I imaged the same machine that would 
not WOL with our Win7 image, and it worked when powered down. The NIC lights 
were still on. I’m imaging it again with Win10 and will try your blog 
configuration baseline with this machine to see if it helps, and will see about 
finding a newer driver for the NIC.

 

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Ryan
Sent: Wednesday, December 7, 2016 6:03 AM
To: mssms@lists.myitforum.com
Subject: Re: [mssms] RE: WOL not waking powered off computers

 

No, it is completely up to the drivers and BIOS.

 

If both those settings are correct, try different drives. I've sometimes found 
the newest drivers break WOL on certain models. 

 

On Tue, Dec 6, 2016 at 4:56 PM Murray, Mike mailto:mmur...@csuchico.edu> > wrote:

So management is still pushing to get WOL working. Since every way I’ve tested 
doesn’t seem to work in Win10 when fully powered down, is anyone aware of a 
technology that will keep the NIC powered on when the computer is powered off? 
I’ve searched to no avail.

 

Mike

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com> 
] On Behalf Of Ed Aldrich
Sent: Thursday, December 1, 2016 6:01 AM


To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] RE: WOL not waking powered off computers

 

I have learned that we at 1E have a public article on the topic, FWIW…

 

http://help.1e.com/display/NWE71/Fast+Startup+vs+Wake-on-LAN

 

Interesting thread all around!

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Ed Aldrich
Sent: Wednesday, November 30, 2016 1:10 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 


Subject: RE: [mssms] RE: WOL not waking powered off computers

 

Just getting caught up here… those of us who monitor this alias were all at the 
MVP Summit when this was posted. I was at least, followed by a couple weeks of 
running around… 

 

That said, I have to say that the “disable fast startup’ fix was a new one to 
me!

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Marcum, John
Sent: Monday, November 21, 2016 4:05 PM


To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] RE: WOL not waking powered off computers

 

1e has a good little free tool for this too. Actually I am VERY surprised none 
of the 1e guys have commented on this thread, I am sure they know the answer.

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Monday, November 21, 2016 2:58 PM


To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] RE: WOL not waking powered off computers

 

I tried 3 ways:

 

· CM 2012 app with “wake on LAN” checked in the deployment.

· Right click tools WOL via CM console.

· Wake on LAN util from depicus.com <http://depicus.com> 

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Art Flores
Sent: Monday, November 21, 2016 11:45 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] RE: WOL not waking powered off computers

 

How are you sending the magic packet for your WOL tests?

 

I have a similar issue with the Dell 9020, if I send the magic packet from Win7 
using the Cireson Remote Manage app, the 9020 does NOT wake up, if I send the 
magic packet from a Win10 VM using the same version of the Cireson Remote 
Manage app, the 9020 does wake up.

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Shane McKeown
Sent: Monday, November 21, 2016 1:04 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] RE: WOL not waking powered off computers

 

Ok so did you confirm if you can see the NIC led blinking when the machine is 
fully powered off?

I have various OptiPlex models and they all seem to work fine

I’ve disabled Deep sleep and enabled WOL option in BIOS

When machine is switched off and I plug in a network cable the led lights on 
the nic…this is the first step in confirming that at the BIOS level you are on 
the right path…

 

Shane

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: 21 November 2016 17:17
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE:

RE: [mssms] RE: WOL not waking powered off computers

2016-12-07 Thread Murray, Mike

That still doesn’t work for me.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Ketterman, Frank
Sent: Wednesday, December 7, 2016 7:28 AM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] RE: WOL not waking powered off computers

Ryan,

You will need to either go into the Ethernet Adapter 
Properties/Power Management Tab and check the following;

CheckAllow the computer to turn off this 
device

This will all access to the 
other two box’s below

CheckAll this device to wake the computer

Check  Only allow a magic 
packet to wake the computer.

Once this is done, uncheck Allow the computer to turn off this 
device. This should leave the bottom two boxes checked.

The second option is to modify the registry to set  
"HKLM:\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}"
 PNPCapabilities to a value of 280.  Note I do this with a PowerShell script 
that will check for the physical NIC and set this key.

Once this is done the and you have turned off Windows (8/8.1/10) ‘Fast Start’, 
and made the required changes to BIOS, Wake on LAN should work as it did in 
Windows 7 and below.

Frank Ketterman

OA-ITSD-SDC

Desktop Services

Desktop Management Team

W: (573)526-1880

Desktop Management Hunt Group Number

(573)751-4594

CONFIDENTIALITY STATEMENT: 

This electronic transmission may contain information that is confidential, 
privileged, and prohibited from disclosure and unauthorized use pursuant to 
applicable law. If you are the intended recipient of this transmission, be 
advised that its use is restricted by law and for the purpose stated herein. If 
you are not the intended recipient of this transmission, take notice that any 
viewing, use, dissemination, or copying of the information transmitted herewith 
is strictly prohibited. If you have received this transmission in error, please 
return it to the sender and delete all copies from your system.

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Ryan
Sent: Wednesday, December 7, 2016 08:03
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: Re: [mssms] RE: WOL not waking powered off computers

No, it is completely up to the drivers and BIOS.

If both those settings are correct, try different drives. I've sometimes found 
the newest drivers break WOL on certain models. 

On Tue, Dec 6, 2016 at 4:56 PM Murray, Mike mailto:mmur...@csuchico.edu> > wrote:

So management is still pushing to get WOL working. Since every way I’ve tested 
doesn’t seem to work in Win10 when fully powered down, is anyone aware of a 
technology that will keep the NIC powered on when the computer is powered off? 
I’ve searched to no avail.

Mike

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com> 
] On Behalf Of Ed Aldrich
Sent: Thursday, December 1, 2016 6:01 AM

To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] RE: WOL not waking powered off computers

I have learned that we at 1E have a public article on the topic, FWIW…

http://help.1e.com/display/NWE71/Fast+Startup+vs+Wake-on-LAN

Interesting thread all around!

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Ed Aldrich
Sent: Wednesday, November 30, 2016 1:10 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 

Subject: RE: [mssms] RE: WOL not waking powered off computers

Just getting caught up here… those of us who monitor this alias were all at the 
MVP Summit when this was posted. I was at least, followed by a couple weeks of 
running around… 

That said, I have to say that the “disable fast startup’ fix was a new one to 
me!

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Marcum, John
Sent: Monday, November 21, 2016 4:05 PM

To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] RE: WOL not waking powered off computers

1e has a good little free tool for this too. Actually I am VERY surprised none 
of the 1e guys have commented on this thread, I am sure they know the answer.

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Monday, November 21, 2016 2:58 PM

To: mssms@lists.myitforum.com <mailto:mssms@lists.myitfor

RE: [mssms] RE: WOL not waking powered off computers

2016-12-06 Thread Murray, Mike

So management is still pushing to get WOL working. Since every way I’ve tested 
doesn’t seem to work in Win10 when fully powered down, is anyone aware of a 
technology that will keep the NIC powered on when the computer is powered off? 
I’ve searched to no avail.

 

Mike

 

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Ed Aldrich
Sent: Thursday, December 1, 2016 6:01 AM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] RE: WOL not waking powered off computers

 

I have learned that we at 1E have a public article on the topic, FWIW…

 

http://help.1e.com/display/NWE71/Fast+Startup+vs+Wake-on-LAN

 

Interesting thread all around!

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Ed Aldrich
Sent: Wednesday, November 30, 2016 1:10 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] RE: WOL not waking powered off computers

 

Just getting caught up here… those of us who monitor this alias were all at the 
MVP Summit when this was posted. I was at least, followed by a couple weeks of 
running around… 

 

That said, I have to say that the “disable fast startup’ fix was a new one to 
me!

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Marcum, John
Sent: Monday, November 21, 2016 4:05 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] RE: WOL not waking powered off computers

 

1e has a good little free tool for this too. Actually I am VERY surprised none 
of the 1e guys have commented on this thread, I am sure they know the answer.

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Monday, November 21, 2016 2:58 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] RE: WOL not waking powered off computers

 

I tried 3 ways:

 

· CM 2012 app with “wake on LAN” checked in the deployment.

· Right click tools WOL via CM console.

· Wake on LAN util from depicus.com <http://depicus.com> 

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Art Flores
Sent: Monday, November 21, 2016 11:45 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] RE: WOL not waking powered off computers

 

How are you sending the magic packet for your WOL tests?

 

I have a similar issue with the Dell 9020, if I send the magic packet from Win7 
using the Cireson Remote Manage app, the 9020 does NOT wake up, if I send the 
magic packet from a Win10 VM using the same version of the Cireson Remote 
Manage app, the 9020 does wake up.

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Shane McKeown
Sent: Monday, November 21, 2016 1:04 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] RE: WOL not waking powered off computers

 

Ok so did you confirm if you can see the NIC led blinking when the machine is 
fully powered off?

I have various OptiPlex models and they all seem to work fine

I’ve disabled Deep sleep and enabled WOL option in BIOS

When machine is switched off and I plug in a network cable the led lights on 
the nic…this is the first step in confirming that at the BIOS level you are on 
the right path…

 

Shane

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: 21 November 2016 17:17
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] RE: WOL not waking powered off computers

 

Various. The last one was an OptiPlex 9010. 

  

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Shane McKeown
Sent: Monday, November 21, 2016 9:02 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] RE: WOL not waking powered off computers 

  

What model is the machine? 

We have Dell Inspiron machines that do it like this – they will wake from sleep 
but not from cold… 

Also found this with some Vostro models(can’t remember the exact model) 

  

Shane 

  

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: 21 November 2016 16:31
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] RE: WOL not waking powered off computers 

  

It does get the packet. A

[mssms] RE: Console not connecting

2016-12-01 Thread Murray, Mike

Turns out the new firewall was blocking WMI traffic. Doh! All good now.  J

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Murray, Mike
Sent: Thursday, December 1, 2016 11:06 AM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Console not connecting

Not that I'm aware of. I see connections coming through from my
workstations. I'm checking with our network team - I found out they did some
firewall work this morning, perhaps that's the issue.

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: Thursday, December 1, 2016 10:56 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] RE: Console not connecting

Anything change on the Windows firewall?

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Daniel Ratliff
Sent: Thursday, December 01, 2016 10:33 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] RE: Console not connecting

Application or System is where I would start. Don't know if RPC errors show
up in a specific log anywhere. 

Daniel Ratliff 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Thursday, December 01, 2016 1:07 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] RE: Console not connecting

Which logs should I check?

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Daniel Ratliff
Sent: Thursday, December 1, 2016 9:47 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] RE: Console not connecting

RPC failure. Event logs on the site server show anything?

Daniel Ratliff 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Thursday, December 01, 2016 12:26 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] Console not connecting

This just started this morning, I have no idea why it won't connect. The
console opens fine on the site server, just not from anyone's workstations.
I've tried reinstalling the console, no luck.

SmsAdminUI.log:

[4, PID:13212][12/01/2016 09:21:18]
:System.Runtime.InteropServices.COMException\r\nThe remote procedure call
failed and did not execute. (Exception from HRESULT: 0x800706BF)\r\n   at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo)

   at System.Management.ManagementScope.InitializeGuts(Object o)

   at System.Management.ManagementScope.Initialize()

   at System.Management.ManagementObjectSearcher.Initialize()

   at System.Management.ManagementObjectSearcher.Get()

   at
Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlConne
ctionManager.Connect(String configMgrServerPath)\r\n

[4, PID:13212][12/01/2016 09:21:18] :Transport error; failed to connect,
message: 'The remote procedure call failed and did not execute. (Exception
from HRESULT:
0x800706BF)'\r\nMicrosoft.ConfigurationManagement.ManagementProvider.SmsConn
ectionException\r\nThe remote procedure call failed and did not execute.
(Exception from HRESULT: 0x800706BF)\r\n   at
Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlConne
ctionManager.Connect(String configMgrServerPath)

   at
Microsoft.ConfigurationManagement.AdminConsole.SmsSiteConnectionNode.GetConn
ectionManagerInstance(String connectionManagerInstance)\r\nThe remote
procedure call failed and did not execute. (Exception from HRESULT:
0x800706BF)

\r\nSystem.Runtime.InteropServices.COMException\r\nThe remote procedure call
failed and did not execute. (Exception from HRESULT: 0x800706BF)\r\n   at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo)

   at System.Management.ManagementScope.InitializeGuts(Object o)

   at System.Management.ManagementScope.Initialize()

   at System.Management.ManagementObjectSearcher.Initialize()

   at System.Management.ManagementObjectSearcher.Get()

   at
Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlConne
ctionManager.Connect(String configMgrServerPath)\r\n

[4, PID:13212][12/01/2016 09:21:27]
:System.Runtime.InteropServices.COMException\r\nThe remote procedure call
failed and did not execute. (Exception from HRESULT: 0x800706BF)\r\n   at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo)

   at System.Management.ManagementScope.InitializeGuts(Object o)

   at Sy

[mssms] RE: Console not connecting

2016-12-01 Thread Murray, Mike

Not that I'm aware of. I see connections coming through from my
workstations. I'm checking with our network team - I found out they did some
firewall work this morning, perhaps that's the issue.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Heaton, Joseph@Wildlife
Sent: Thursday, December 1, 2016 10:56 AM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Console not connecting

Anything change on the Windows firewall?

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Daniel Ratliff
Sent: Thursday, December 01, 2016 10:33 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] RE: Console not connecting

Application or System is where I would start. Don't know if RPC errors show
up in a specific log anywhere. 

Daniel Ratliff 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Thursday, December 01, 2016 1:07 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] RE: Console not connecting

Which logs should I check?

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Daniel Ratliff
Sent: Thursday, December 1, 2016 9:47 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] RE: Console not connecting

RPC failure. Event logs on the site server show anything?

Daniel Ratliff 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Thursday, December 01, 2016 12:26 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] Console not connecting

This just started this morning, I have no idea why it won't connect. The
console opens fine on the site server, just not from anyone's workstations.
I've tried reinstalling the console, no luck.

SmsAdminUI.log:

[4, PID:13212][12/01/2016 09:21:18]
:System.Runtime.InteropServices.COMException\r\nThe remote procedure call
failed and did not execute. (Exception from HRESULT: 0x800706BF)\r\n   at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo)

   at System.Management.ManagementScope.InitializeGuts(Object o)

   at System.Management.ManagementScope.Initialize()

   at System.Management.ManagementObjectSearcher.Initialize()

   at System.Management.ManagementObjectSearcher.Get()

   at
Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlConne
ctionManager.Connect(String configMgrServerPath)\r\n

[4, PID:13212][12/01/2016 09:21:18] :Transport error; failed to connect,
message: 'The remote procedure call failed and did not execute. (Exception
from HRESULT:
0x800706BF)'\r\nMicrosoft.ConfigurationManagement.ManagementProvider.SmsConn
ectionException\r\nThe remote procedure call failed and did not execute.
(Exception from HRESULT: 0x800706BF)\r\n   at
Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlConne
ctionManager.Connect(String configMgrServerPath)

   at
Microsoft.ConfigurationManagement.AdminConsole.SmsSiteConnectionNode.GetConn
ectionManagerInstance(String connectionManagerInstance)\r\nThe remote
procedure call failed and did not execute. (Exception from HRESULT:
0x800706BF)

\r\nSystem.Runtime.InteropServices.COMException\r\nThe remote procedure call
failed and did not execute. (Exception from HRESULT: 0x800706BF)\r\n   at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo)

   at System.Management.ManagementScope.InitializeGuts(Object o)

   at System.Management.ManagementScope.Initialize()

   at System.Management.ManagementObjectSearcher.Initialize()

   at System.Management.ManagementObjectSearcher.Get()

   at
Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlConne
ctionManager.Connect(String configMgrServerPath)\r\n

[4, PID:13212][12/01/2016 09:21:27]
:System.Runtime.InteropServices.COMException\r\nThe remote procedure call
failed and did not execute. (Exception from HRESULT: 0x800706BF)\r\n   at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo)

   at System.Management.ManagementScope.InitializeGuts(Object o)

   at System.Management.ManagementScope.Initialize()

   at System.Management.ManagementObject.Initialize(Boolean getObject)

   at System.Management.ManagementObject.InvokeMethod(String methodName,
ManagementBaseObject inParameters, InvokeMethodOptions options)

   at
Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlConne
ctionManager.ExecuteMethod(String methodClass, Strin

[mssms] RE: Console not connecting

2016-12-01 Thread Murray, Mike

I'm not seeing anything. :/

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Daniel Ratliff
Sent: Thursday, December 1, 2016 10:33 AM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Console not connecting

Application or System is where I would start. Don't know if RPC errors show
up in a specific log anywhere. 

Daniel Ratliff 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Thursday, December 01, 2016 1:07 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] RE: Console not connecting

Which logs should I check?

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Daniel Ratliff
Sent: Thursday, December 1, 2016 9:47 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] RE: Console not connecting

RPC failure. Event logs on the site server show anything?

Daniel Ratliff 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Thursday, December 01, 2016 12:26 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] Console not connecting

This just started this morning, I have no idea why it won't connect. The
console opens fine on the site server, just not from anyone's workstations.
I've tried reinstalling the console, no luck.

SmsAdminUI.log:

[4, PID:13212][12/01/2016 09:21:18]
:System.Runtime.InteropServices.COMException\r\nThe remote procedure call
failed and did not execute. (Exception from HRESULT: 0x800706BF)\r\n   at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo)

   at System.Management.ManagementScope.InitializeGuts(Object o)

   at System.Management.ManagementScope.Initialize()

   at System.Management.ManagementObjectSearcher.Initialize()

   at System.Management.ManagementObjectSearcher.Get()

   at
Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlConne
ctionManager.Connect(String configMgrServerPath)\r\n

[4, PID:13212][12/01/2016 09:21:18] :Transport error; failed to connect,
message: 'The remote procedure call failed and did not execute. (Exception
from HRESULT:
0x800706BF)'\r\nMicrosoft.ConfigurationManagement.ManagementProvider.SmsConn
ectionException\r\nThe remote procedure call failed and did not execute.
(Exception from HRESULT: 0x800706BF)\r\n   at
Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlConne
ctionManager.Connect(String configMgrServerPath)

   at
Microsoft.ConfigurationManagement.AdminConsole.SmsSiteConnectionNode.GetConn
ectionManagerInstance(String connectionManagerInstance)\r\nThe remote
procedure call failed and did not execute. (Exception from HRESULT:
0x800706BF)

\r\nSystem.Runtime.InteropServices.COMException\r\nThe remote procedure call
failed and did not execute. (Exception from HRESULT: 0x800706BF)\r\n   at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo)

   at System.Management.ManagementScope.InitializeGuts(Object o)

   at System.Management.ManagementScope.Initialize()

   at System.Management.ManagementObjectSearcher.Initialize()

   at System.Management.ManagementObjectSearcher.Get()

   at
Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlConne
ctionManager.Connect(String configMgrServerPath)\r\n

[4, PID:13212][12/01/2016 09:21:27]
:System.Runtime.InteropServices.COMException\r\nThe remote procedure call
failed and did not execute. (Exception from HRESULT: 0x800706BF)\r\n   at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo)

   at System.Management.ManagementScope.InitializeGuts(Object o)

   at System.Management.ManagementScope.Initialize()

   at System.Management.ManagementObject.Initialize(Boolean getObject)

   at System.Management.ManagementObject.InvokeMethod(String methodName,
ManagementBaseObject inParameters, InvokeMethodOptions options)

   at
Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlConne
ctionManager.ExecuteMethod(String methodClass, String methodName,
Dictionary`2 methodParameters, Boolean traceParameters)\r\n

Best Regards,

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
 <mailto:mmur...@csuchico.edu> mmur...@csuchico.edu

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

The information transmitted is intended only for the person

[mssms] RE: Console not connecting

2016-12-01 Thread Murray, Mike

Yes, I see it allowing traffic from my workstation. No drops.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Kent, Mark
Sent: Thursday, December 1, 2016 9:40 AM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Console not connecting

Looked at the FW log on the server?

Mark Kent

Manager, Client Systems Engineering

Technology Support Services

Resources for Information, Technology and Education (RITE)

 <http://rite.buffalostate.edu/> http://rite.buffalostate.edu

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Thursday, December 1, 2016 12:26 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] Console not connecting

This just started this morning, I have no idea why it won't connect. The
console opens fine on the site server, just not from anyone's workstations.
I've tried reinstalling the console, no luck.

SmsAdminUI.log:

[4, PID:13212][12/01/2016 09:21:18]
:System.Runtime.InteropServices.COMException\r\nThe remote procedure call
failed and did not execute. (Exception from HRESULT: 0x800706BF)\r\n   at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo)

   at System.Management.ManagementScope.InitializeGuts(Object o)

   at System.Management.ManagementScope.Initialize()

   at System.Management.ManagementObjectSearcher.Initialize()

   at System.Management.ManagementObjectSearcher.Get()

   at
Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlConne
ctionManager.Connect(String configMgrServerPath)\r\n

[4, PID:13212][12/01/2016 09:21:18] :Transport error; failed to connect,
message: 'The remote procedure call failed and did not execute. (Exception
from HRESULT:
0x800706BF)'\r\nMicrosoft.ConfigurationManagement.ManagementProvider.SmsConn
ectionException\r\nThe remote procedure call failed and did not execute.
(Exception from HRESULT: 0x800706BF)\r\n   at
Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlConne
ctionManager.Connect(String configMgrServerPath)

   at
Microsoft.ConfigurationManagement.AdminConsole.SmsSiteConnectionNode.GetConn
ectionManagerInstance(String connectionManagerInstance)\r\nThe remote
procedure call failed and did not execute. (Exception from HRESULT:
0x800706BF)

\r\nSystem.Runtime.InteropServices.COMException\r\nThe remote procedure call
failed and did not execute. (Exception from HRESULT: 0x800706BF)\r\n   at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo)

   at System.Management.ManagementScope.InitializeGuts(Object o)

   at System.Management.ManagementScope.Initialize()

   at System.Management.ManagementObjectSearcher.Initialize()

   at System.Management.ManagementObjectSearcher.Get()

   at
Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlConne
ctionManager.Connect(String configMgrServerPath)\r\n

[4, PID:13212][12/01/2016 09:21:27]
:System.Runtime.InteropServices.COMException\r\nThe remote procedure call
failed and did not execute. (Exception from HRESULT: 0x800706BF)\r\n   at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo)

   at System.Management.ManagementScope.InitializeGuts(Object o)

   at System.Management.ManagementScope.Initialize()

   at System.Management.ManagementObject.Initialize(Boolean getObject)

   at System.Management.ManagementObject.InvokeMethod(String methodName,
ManagementBaseObject inParameters, InvokeMethodOptions options)

   at
Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlConne
ctionManager.ExecuteMethod(String methodClass, String methodName,
Dictionary`2 methodParameters, Boolean traceParameters)\r\n

Best Regards,

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
 <mailto:mmur...@csuchico.edu> mmur...@csuchico.edu

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

smime.p7s
Description: S/MIME cryptographic signature

[mssms] RE: Console not connecting

2016-12-01 Thread Murray, Mike

Which logs should I check?

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Daniel Ratliff
Sent: Thursday, December 1, 2016 9:47 AM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Console not connecting

RPC failure. Event logs on the site server show anything?

Daniel Ratliff 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Thursday, December 01, 2016 12:26 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] Console not connecting

This just started this morning, I have no idea why it won't connect. The
console opens fine on the site server, just not from anyone's workstations.
I've tried reinstalling the console, no luck.

SmsAdminUI.log:

[4, PID:13212][12/01/2016 09:21:18]
:System.Runtime.InteropServices.COMException\r\nThe remote procedure call
failed and did not execute. (Exception from HRESULT: 0x800706BF)\r\n   at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo)

   at System.Management.ManagementScope.InitializeGuts(Object o)

   at System.Management.ManagementScope.Initialize()

   at System.Management.ManagementObjectSearcher.Initialize()

   at System.Management.ManagementObjectSearcher.Get()

   at
Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlConne
ctionManager.Connect(String configMgrServerPath)\r\n

[4, PID:13212][12/01/2016 09:21:18] :Transport error; failed to connect,
message: 'The remote procedure call failed and did not execute. (Exception
from HRESULT:
0x800706BF)'\r\nMicrosoft.ConfigurationManagement.ManagementProvider.SmsConn
ectionException\r\nThe remote procedure call failed and did not execute.
(Exception from HRESULT: 0x800706BF)\r\n   at
Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlConne
ctionManager.Connect(String configMgrServerPath)

   at
Microsoft.ConfigurationManagement.AdminConsole.SmsSiteConnectionNode.GetConn
ectionManagerInstance(String connectionManagerInstance)\r\nThe remote
procedure call failed and did not execute. (Exception from HRESULT:
0x800706BF)

\r\nSystem.Runtime.InteropServices.COMException\r\nThe remote procedure call
failed and did not execute. (Exception from HRESULT: 0x800706BF)\r\n   at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo)

   at System.Management.ManagementScope.InitializeGuts(Object o)

   at System.Management.ManagementScope.Initialize()

   at System.Management.ManagementObjectSearcher.Initialize()

   at System.Management.ManagementObjectSearcher.Get()

   at
Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlConne
ctionManager.Connect(String configMgrServerPath)\r\n

[4, PID:13212][12/01/2016 09:21:27]
:System.Runtime.InteropServices.COMException\r\nThe remote procedure call
failed and did not execute. (Exception from HRESULT: 0x800706BF)\r\n   at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo)

   at System.Management.ManagementScope.InitializeGuts(Object o)

   at System.Management.ManagementScope.Initialize()

   at System.Management.ManagementObject.Initialize(Boolean getObject)

   at System.Management.ManagementObject.InvokeMethod(String methodName,
ManagementBaseObject inParameters, InvokeMethodOptions options)

   at
Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlConne
ctionManager.ExecuteMethod(String methodClass, String methodName,
Dictionary`2 methodParameters, Boolean traceParameters)\r\n

Best Regards,

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
 <mailto:mmur...@csuchico.edu> mmur...@csuchico.edu

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

The information transmitted is intended only for the person or entity to
which it is addressed
and may contain CONFIDENTIAL material. If you receive this
material/information in error,
please contact the sender and delete or destroy the material/information.

smime.p7s
Description: S/MIME cryptographic signature

[mssms] Console not connecting

2016-12-01 Thread Murray, Mike

This just started this morning, I have no idea why it won't connect. The
console opens fine on the site server, just not from anyone's workstations.
I've tried reinstalling the console, no luck.

 

SmsAdminUI.log:

 

[4, PID:13212][12/01/2016 09:21:18]
:System.Runtime.InteropServices.COMException\r\nThe remote procedure call
failed and did not execute. (Exception from HRESULT: 0x800706BF)\r\n   at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo)

   at System.Management.ManagementScope.InitializeGuts(Object o)

   at System.Management.ManagementScope.Initialize()

   at System.Management.ManagementObjectSearcher.Initialize()

   at System.Management.ManagementObjectSearcher.Get()

   at
Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlConne
ctionManager.Connect(String configMgrServerPath)\r\n

[4, PID:13212][12/01/2016 09:21:18] :Transport error; failed to connect,
message: 'The remote procedure call failed and did not execute. (Exception
from HRESULT:
0x800706BF)'\r\nMicrosoft.ConfigurationManagement.ManagementProvider.SmsConn
ectionException\r\nThe remote procedure call failed and did not execute.
(Exception from HRESULT: 0x800706BF)\r\n   at
Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlConne
ctionManager.Connect(String configMgrServerPath)

   at
Microsoft.ConfigurationManagement.AdminConsole.SmsSiteConnectionNode.GetConn
ectionManagerInstance(String connectionManagerInstance)\r\nThe remote
procedure call failed and did not execute. (Exception from HRESULT:
0x800706BF)

\r\nSystem.Runtime.InteropServices.COMException\r\nThe remote procedure call
failed and did not execute. (Exception from HRESULT: 0x800706BF)\r\n   at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo)

   at System.Management.ManagementScope.InitializeGuts(Object o)

   at System.Management.ManagementScope.Initialize()

   at System.Management.ManagementObjectSearcher.Initialize()

   at System.Management.ManagementObjectSearcher.Get()

   at
Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlConne
ctionManager.Connect(String configMgrServerPath)\r\n

[4, PID:13212][12/01/2016 09:21:27]
:System.Runtime.InteropServices.COMException\r\nThe remote procedure call
failed and did not execute. (Exception from HRESULT: 0x800706BF)\r\n   at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo)

   at System.Management.ManagementScope.InitializeGuts(Object o)

   at System.Management.ManagementScope.Initialize()

   at System.Management.ManagementObject.Initialize(Boolean getObject)

   at System.Management.ManagementObject.InvokeMethod(String methodName,
ManagementBaseObject inParameters, InvokeMethodOptions options)

   at
Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlConne
ctionManager.ExecuteMethod(String methodClass, String methodName,
Dictionary`2 methodParameters, Boolean traceParameters)\r\n

 

 

Best Regards,

 

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
  mmur...@csuchico.edu

 

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:

http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

 





smime.p7s
Description: S/MIME cryptographic signature

RE: [mssms] LogLauncher tool

2016-11-30 Thread Murray, Mike

Ah, got it.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Bateman, Vern
Sent: Wednesday, November 30, 2016 1:17 PM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] LogLauncher tool

Run the log Launcher as Admin, as the ccm logs directory can only be viewed as 
an Admin.

Vern Bateman 

Support Services Analyst

Affinity Credit Union | Campus

P 306.385.4492  M 306.371.3840

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Wednesday, November 30, 2016 3:04 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] LogLauncher tool

When I run on my machine, I only see 14 logs, none are ConfigMgr logs.

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Robert Marshall
Sent: Wednesday, November 30, 2016 3:18 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] LogLauncher tool

I wrote this LogLauncher tool over a few days, not had much testing done, works 
well in my environment, wondering if folks can let me know if it runs AOK in 
theirs and if it is useful, what else it can benefit from doing.

Comes with a handy MSI to install. You can point LogLauncher at a client, site 
system or a site server: 
https://gallery.technet.microsoft.com/LogLauncher-61ba5c99

There is also a PoSh log launcher to check out, written by Simon Dettling: 
https://gallery.technet.microsoft.com/ConfigMgr-LogFile-Opener-b6c62c41

Feedback on both tools much appreciated!

Robert Marshall – EM MVP

You’ve received this email from someone at Affinity Credit Union. We understand 
– you get a lot of emails and may not want to get any more from us. We’ll be 
sad to see you go, but you can unsubscribe from our mailing list by clicking on 
this link 
<https://www.affinitycu.ca/YourCreditUnion/ContactUs/Pages/unsubscribe.aspx> .

  _  

CONFIDENTIALITY STATEMENT MESSAGE: This e-mail and any attachments may contain 
confidential and privileged information. It is intended for the sole use of the 
individual(s) to whom it is specifically addressed and should not be read by, 
or delivered to, any other person. The act of having communicated by email in 
no way waives any privilege or confidentiality that may be claimed over these 
communications. If you are not the intended recipient, please notify the sender 
immediately by return e-mail, delete this e-mail and destroy all copies. Any 
dissemination or use of this information by a person other than the intended 
recipient is not authorized and may be illegal. We thank you in advance for 
your cooperation. Affinity Credit Union is committed to protecting personal 
information in a manner that is accurate, confidential, secure, and 
responsible. We have taken precautions against viruses, but take no 
responsibility for loss or damage that may be caused by its contents. Unless 
otherwise stated, opinions expressed in this email are those of the author and 
are not necessarily endorsed by the author's employer.

smime.p7s
Description: S/MIME cryptographic signature

RE: [mssms] LogLauncher tool

2016-11-30 Thread Murray, Mike

When I run on my machine, I only see 14 logs, none are ConfigMgr logs.

 



 

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Robert Marshall
Sent: Wednesday, November 30, 2016 3:18 AM
To: mssms@lists.myitforum.com
Subject: [mssms] LogLauncher tool

 

I wrote this LogLauncher tool over a few days, not had much testing done, works 
well in my environment, wondering if folks can let me know if it runs AOK in 
theirs and if it is useful, what else it can benefit from doing.

 

Comes with a handy MSI to install. You can point LogLauncher at a client, site 
system or a site server: 
https://gallery.technet.microsoft.com/LogLauncher-61ba5c99

 

There is also a PoSh log launcher to check out, written by Simon Dettling: 
https://gallery.technet.microsoft.com/ConfigMgr-LogFile-Opener-b6c62c41

 

Feedback on both tools much appreciated!

 

Robert Marshall – EM MVP

 






smime.p7s
Description: S/MIME cryptographic signature

RE: [mssms] RE: WOL not waking powered off computers

2016-11-21 Thread Murray, Mike

Winna winna, chicken dinna! Thank you! I’ll set up a GPO to handle this via 
registry.  J

 

Mike

 

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Ketterman, Frank
Sent: Monday, November 21, 2016 1:39 PM
To: 'mssms@lists.myitforum.com' 
Subject: RE: [mssms] RE: WOL not waking powered off computers

 

If you OS is Windows 8/8.1/10 then turn off ‘fast startup’.  Once you do this 
S5 wake on LAN should work just fine.  Failure to do so, will result in Windows 
turning off the NIC irrespective of your BIOS and NIC Power settings.  See this 
article; https://support.microsoft.com/en-us/kb/2776718

 

Frank Ketterman

OA-ITSD-SDC

Desktop Services

Desktop Management Team

W: (573)526-1880

Desktop Management Hunt Group Number

(573)751-4594

CONFIDENTIALITY STATEMENT: 

This electronic transmission may contain information that is confidential, 
privileged, and prohibited from disclosure and unauthorized use pursuant to 
applicable law. If you are the intended recipient of this transmission, be 
advised that its use is restricted by law and for the purpose stated herein. If 
you are not the intended recipient of this transmission, take notice that any 
viewing, use, dissemination, or copying of the information transmitted herewith 
is strictly prohibited. If you have received this transmission in error, please 
return it to the sender and delete all copies from your system.

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Monday, November 21, 2016 14:56
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] RE: WOL not waking powered off computers

 

No, that’s the problem. The NIC light is off. I’ve disabled deep sleep and 
enabled WOL in BIOS.  :/

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Shane McKeown
Sent: Monday, November 21, 2016 11:04 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] RE: WOL not waking powered off computers

 

Ok so did you confirm if you can see the NIC led blinking when the machine is 
fully powered off?

I have various OptiPlex models and they all seem to work fine

I’ve disabled Deep sleep and enabled WOL option in BIOS

When machine is switched off and I plug in a network cable the led lights on 
the nic…this is the first step in confirming that at the BIOS level you are on 
the right path…

 

Shane

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: 21 November 2016 17:17
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] RE: WOL not waking powered off computers

 

Various. The last one was an OptiPlex 9010. 

  

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Shane McKeown
Sent: Monday, November 21, 2016 9:02 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] RE: WOL not waking powered off computers 

  

What model is the machine? 

We have Dell Inspiron machines that do it like this – they will wake from sleep 
but not from cold… 

Also found this with some Vostro models(can’t remember the exact model) 

  

Shane 

  

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: 21 November 2016 16:31
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] RE: WOL not waking powered off computers 

  

It does get the packet. And it will wake up when asleep, just now when powered 
off. 

  

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Ryan
Sent: Friday, November 18, 2016 4:29 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: Re: [mssms] RE: WOL not waking powered off computers 

  

You can check if the computer is getting the packet by running a WOL packet 
sniffer on it while it's on. Send the packet to the computer from the CM server 
and see if it comes through. If it does, it's probably not a network problem. 

  

On Fri, Nov 18, 2016, 6:26 PM Murray, Mike mailto:mmur...@csuchico.edu> > wrote: 

OK, after working with our network team, WOL *does* work from CM, but only when 
a computer is sleeping. I tried your power into BIOS trick, and it still 
wouldn’t wake. I looked at the BIOS settings, and Deep Sleep Control was 
enabled. The article below suggests that disabling this might work, but it did 
not. If the computer is fully powered off, it still will not wake. The

RE: [mssms] RE: WOL not waking powered off computers

2016-11-21 Thread Murray, Mike

This was it. Thanks.  J

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Jason Sandys
Sent: Monday, November 21, 2016 1:12 PM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] RE: WOL not waking powered off computers

Sorry if this has been noted before (it’s a long thread), but have y’all seen 
or tried this https://support.microsoft.com/en-us/kb/2776718 ?

J

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Monday, November 21, 2016 2:58 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] RE: WOL not waking powered off computers

I tried 3 ways:

· CM 2012 app with “wake on LAN” checked in the deployment.

· Right click tools WOL via CM console.

· Wake on LAN util from depicus.com

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Art Flores
Sent: Monday, November 21, 2016 11:45 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] RE: WOL not waking powered off computers

How are you sending the magic packet for your WOL tests?

I have a similar issue with the Dell 9020, if I send the magic packet from Win7 
using the Cireson Remote Manage app, the 9020 does NOT wake up, if I send the 
magic packet from a Win10 VM using the same version of the Cireson Remote 
Manage app, the 9020 does wake up.

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Shane McKeown
Sent: Monday, November 21, 2016 1:04 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] RE: WOL not waking powered off computers

Ok so did you confirm if you can see the NIC led blinking when the machine is 
fully powered off?

I have various OptiPlex models and they all seem to work fine

I’ve disabled Deep sleep and enabled WOL option in BIOS

When machine is switched off and I plug in a network cable the led lights on 
the nic…this is the first step in confirming that at the BIOS level you are on 
the right path…

Shane

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: 21 November 2016 17:17
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] RE: WOL not waking powered off computers

Various. The last one was an OptiPlex 9010. 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Shane McKeown
Sent: Monday, November 21, 2016 9:02 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] RE: WOL not waking powered off computers 

What model is the machine? 

We have Dell Inspiron machines that do it like this – they will wake from sleep 
but not from cold… 

Also found this with some Vostro models(can’t remember the exact model) 

Shane 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: 21 November 2016 16:31
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] RE: WOL not waking powered off computers 

It does get the packet. And it will wake up when asleep, just now when powered 
off. 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Ryan
Sent: Friday, November 18, 2016 4:29 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: Re: [mssms] RE: WOL not waking powered off computers 

You can check if the computer is getting the packet by running a WOL packet 
sniffer on it while it's on. Send the packet to the computer from the CM server 
and see if it comes through. If it does, it's probably not a network problem. 

On Fri, Nov 18, 2016, 6:26 PM Murray, Mike mailto:mmur...@csuchico.edu> > wrote: 

OK, after working with our network team, WOL *does* work from CM, but only when 
a computer is sleeping. I tried your power into BIOS trick, and it still 
wouldn’t wake. I looked at the BIOS settings, and Deep Sleep Control was 
enabled. The article below suggests that disabling this might work, but it did 
not. If the computer is fully powered off, it still will not wake. The article 
also states: 

These systems should wake from the System Power States: Sleep (S3) or Hibernate 
(S4). The SHUTDOWN (S5)power state is not supported in Windows 7 and SHUTDOWN 
(S5) and Hybrid SHUTDOWN (S4) power states are not supported in Windows 8 for 
Wake-On-LAN. 

W

RE: [mssms] RE: WOL not waking powered off computers

2016-11-21 Thread Murray, Mike

No, that’s the problem. The NIC light is off. I’ve disabled deep sleep and 
enabled WOL in BIOS.  :/

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Shane McKeown
Sent: Monday, November 21, 2016 11:04 AM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] RE: WOL not waking powered off computers

Ok so did you confirm if you can see the NIC led blinking when the machine is 
fully powered off?

I have various OptiPlex models and they all seem to work fine

I’ve disabled Deep sleep and enabled WOL option in BIOS

When machine is switched off and I plug in a network cable the led lights on 
the nic…this is the first step in confirming that at the BIOS level you are on 
the right path…

Shane

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: 21 November 2016 17:17
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] RE: WOL not waking powered off computers

Various. The last one was an OptiPlex 9010. 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Shane McKeown
Sent: Monday, November 21, 2016 9:02 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] RE: WOL not waking powered off computers 

What model is the machine? 

We have Dell Inspiron machines that do it like this – they will wake from sleep 
but not from cold… 

Also found this with some Vostro models(can’t remember the exact model) 

Shane 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: 21 November 2016 16:31
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] RE: WOL not waking powered off computers 

It does get the packet. And it will wake up when asleep, just now when powered 
off. 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Ryan
Sent: Friday, November 18, 2016 4:29 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: Re: [mssms] RE: WOL not waking powered off computers 

You can check if the computer is getting the packet by running a WOL packet 
sniffer on it while it's on. Send the packet to the computer from the CM server 
and see if it comes through. If it does, it's probably not a network problem. 

On Fri, Nov 18, 2016, 6:26 PM Murray, Mike mailto:mmur...@csuchico.edu> > wrote: 

OK, after working with our network team, WOL *does* work from CM, but only when 
a computer is sleeping. I tried your power into BIOS trick, and it still 
wouldn’t wake. I looked at the BIOS settings, and Deep Sleep Control was 
enabled. The article below suggests that disabling this might work, but it did 
not. If the computer is fully powered off, it still will not wake. The article 
also states: 

These systems should wake from the System Power States: Sleep (S3) or Hibernate 
(S4). The SHUTDOWN (S5)power state is not supported in Windows 7 and SHUTDOWN 
(S5) and Hybrid SHUTDOWN (S4) power states are not supported in Windows 8 for 
Wake-On-LAN. 

Welp, I’m in state S5, so what to do? 

http://www.dell.com/support/article/us/en/19/SLN216918/EN 

Mike 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com> 
] On Behalf Of Ryan
Sent: Friday, November 18, 2016 12:10 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: Re: [mssms] RE: WOL not waking powered off computers 

View page three of my troubleshooting WOL and SCCM: 

http://www.ephingadmin.com/a-configmgr-admins-guide-to-wol-magic-packet-part-three/

Is the NIC On: 

If there are no link lights on the back of the computer, where the network cord 
is plugged in, then your NIC is probably not getting any power. Because of 
this, it won’t be able to turn on the computer when packets are sent. Check 
BIOS and / or Windows to see which is turning off the NIC. The next trick will 
tell you how to narrow down which is causing the problem. 

Is This A Windows Problem or BIOS Problem: 

One interesting trick you can do is power off the computer, and then power it 
back on going into BIOS. Sometimes, Windows turns the NIC off when the computer 
is powered down, and this action will turn back on the NIC. Now, power off the 
computer (make sure it doesn’t boot into Windows) and try to wake up the 
computer. If it wakes up, and it never woke up before, you are probably looking 
at a Windows setting problem or a driver bug. If it doesn’t wake up, check the 
BIOS. make sure all the

RE: [mssms] RE: WOL not waking powered off computers

2016-11-21 Thread Murray, Mike

I tried 3 ways:

 

· CM 2012 app with “wake on LAN” checked in the deployment.

· Right click tools WOL via CM console.

· Wake on LAN util from depicus.com

 

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Art Flores
Sent: Monday, November 21, 2016 11:45 AM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] RE: WOL not waking powered off computers

 

How are you sending the magic packet for your WOL tests?

 

I have a similar issue with the Dell 9020, if I send the magic packet from Win7 
using the Cireson Remote Manage app, the 9020 does NOT wake up, if I send the 
magic packet from a Win10 VM using the same version of the Cireson Remote 
Manage app, the 9020 does wake up.

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Shane McKeown
Sent: Monday, November 21, 2016 1:04 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] RE: WOL not waking powered off computers

 

Ok so did you confirm if you can see the NIC led blinking when the machine is 
fully powered off?

I have various OptiPlex models and they all seem to work fine

I’ve disabled Deep sleep and enabled WOL option in BIOS

When machine is switched off and I plug in a network cable the led lights on 
the nic…this is the first step in confirming that at the BIOS level you are on 
the right path…

 

Shane

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: 21 November 2016 17:17
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] RE: WOL not waking powered off computers

 

Various. The last one was an OptiPlex 9010. 

  

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Shane McKeown
Sent: Monday, November 21, 2016 9:02 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] RE: WOL not waking powered off computers 

  

What model is the machine? 

We have Dell Inspiron machines that do it like this – they will wake from sleep 
but not from cold… 

Also found this with some Vostro models(can’t remember the exact model) 

  

Shane 

  

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: 21 November 2016 16:31
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] RE: WOL not waking powered off computers 

  

It does get the packet. And it will wake up when asleep, just now when powered 
off. 

  

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Ryan
Sent: Friday, November 18, 2016 4:29 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: Re: [mssms] RE: WOL not waking powered off computers 

  

You can check if the computer is getting the packet by running a WOL packet 
sniffer on it while it's on. Send the packet to the computer from the CM server 
and see if it comes through. If it does, it's probably not a network problem. 

  

On Fri, Nov 18, 2016, 6:26 PM Murray, Mike mailto:mmur...@csuchico.edu> > wrote: 

OK, after working with our network team, WOL *does* work from CM, but only when 
a computer is sleeping. I tried your power into BIOS trick, and it still 
wouldn’t wake. I looked at the BIOS settings, and Deep Sleep Control was 
enabled. The article below suggests that disabling this might work, but it did 
not. If the computer is fully powered off, it still will not wake. The article 
also states: 

  

These systems should wake from the System Power States: Sleep (S3) or Hibernate 
(S4). The SHUTDOWN (S5)power state is not supported in Windows 7 and SHUTDOWN 
(S5) and Hybrid SHUTDOWN (S4) power states are not supported in Windows 8 for 
Wake-On-LAN. 

  

Welp, I’m in state S5, so what to do? 

  

http://www.dell.com/support/article/us/en/19/SLN216918/EN 

  

  

Mike 

  

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com> 
] On Behalf Of Ryan
Sent: Friday, November 18, 2016 12:10 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: Re: [mssms] RE: WOL not waking powered off computers 

  

View page three of my troubleshooting WOL and SCCM: 

  

http://www.ephingadmin.com/a-configmgr-admins-guide-to-wol-magic-packet-part-three/
 

  

Is the NIC On: 

If there are no link lights on the back of the computer, where the network cord 
is plugged in, then your NIC is probably not getting any power. Because of 
this, it won’t be ab

RE: [mssms] RE: WOL not waking powered off computers

2016-11-21 Thread Murray, Mike

Windows 10. And that may be exactly what they’re saying. If so, that seriously 
sucks.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Ryan
Sent: Monday, November 21, 2016 10:15 AM
To: mssms@lists.myitforum.com
Subject: Re: [mssms] RE: WOL not waking powered off computers

Is Dell seriously saying they no longer support waking up computers from a 
powered off state? 

Why? 

On Mon, Nov 21, 2016 at 12:10 PM Marcum, John mailto:jmar...@bradley.com> > wrote:

On Windows 7? That’s not how I interpret this:

The SHUTDOWN (S5)power state is not supported in Windows 7

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com> 
] On Behalf Of Murray, Mike
Sent: Monday, November 21, 2016 11:16 AM

To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] RE: WOL not waking powered off computers

We have disabled the deep sleep option, which I understand is supposed to allow 
WOL when powered down.

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Marcum, John
Sent: Monday, November 21, 2016 8:59 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] RE: WOL not waking powered off computers

http://www.dell.com/support/article/us/en/19/SLN216918/en

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Monday, November 21, 2016 10:31 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] RE: WOL not waking powered off computers

It does get the packet. And it will wake up when asleep, just now when powered 
off.

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Ryan
Sent: Friday, November 18, 2016 4:29 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: Re: [mssms] RE: WOL not waking powered off computers

You can check if the computer is getting the packet by running a WOL packet 
sniffer on it while it's on. Send the packet to the computer from the CM server 
and see if it comes through. If it does, it's probably not a network problem.

On Fri, Nov 18, 2016, 6:26 PM Murray, Mike mailto:mmur...@csuchico.edu> > wrote:

OK, after working with our network team, WOL *does* work from CM, but only when 
a computer is sleeping. I tried your power into BIOS trick, and it still 
wouldn’t wake. I looked at the BIOS settings, and Deep Sleep Control was 
enabled. The article below suggests that disabling this might work, but it did 
not. If the computer is fully powered off, it still will not wake. The article 
also states:

These systems should wake from the System Power States: Sleep (S3) or Hibernate 
(S4). The SHUTDOWN (S5)power state is not supported in Windows 7 and SHUTDOWN 
(S5) and Hybrid SHUTDOWN (S4) power states are not supported in Windows 8 for 
Wake-On-LAN.

Welp, I’m in state S5, so what to do?

http://www.dell.com/support/article/us/en/19/SLN216918/EN

Mike

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com> 
] On Behalf Of Ryan
Sent: Friday, November 18, 2016 12:10 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: Re: [mssms] RE: WOL not waking powered off computers

View page three of my troubleshooting WOL and SCCM:

http://www.ephingadmin.com/a-configmgr-admins-guide-to-wol-magic-packet-part-three/

Is the NIC On:

If there are no link lights on the back of the computer, where the network cord 
is plugged in, then your NIC is probably not getting any power. Because of 
this, it won’t be able to turn on the computer when packets are sent. Check 
BIOS and / or Windows to see which is turning off the NIC. The next trick will 
tell you how to narrow down which is causing the problem.

Is This A Windows Problem or BIOS Problem:

One interesting trick you can do is power off the computer, and then power it 
back on going into BIOS. Sometimes, Windows turns the NIC off when the computer 
is powered down, and this action will turn back on the NIC. Now, power off the 
computer (make sure it doesn’t boot into Windows) and try to wake up the 
computer. If it wakes up, and it never woke up before, you are probably looking 
at a Windows setting problem or a driver bug. If it doesn’t wake up, check the 
BIOS. make sure all the settings are correct, and if they are look into 
updating or downgrading the BIOS.

On Fri, Nov 18, 2016 at 1:40 PM Linkey, Mike mailto:mlin...@icc.illinoi

RE: [mssms] RE: WOL not waking powered off computers

2016-11-21 Thread Murray, Mike

Various. The last one was an OptiPlex 9010.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Shane McKeown
Sent: Monday, November 21, 2016 9:02 AM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] RE: WOL not waking powered off computers

What model is the machine?

We have Dell Inspiron machines that do it like this – they will wake from sleep 
but not from cold…

Also found this with some Vostro models(can’t remember the exact model)

Shane 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: 21 November 2016 16:31
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] RE: WOL not waking powered off computers

It does get the packet. And it will wake up when asleep, just now when powered 
off. 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Ryan
Sent: Friday, November 18, 2016 4:29 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: Re: [mssms] RE: WOL not waking powered off computers 

You can check if the computer is getting the packet by running a WOL packet 
sniffer on it while it's on. Send the packet to the computer from the CM server 
and see if it comes through. If it does, it's probably not a network problem. 

On Fri, Nov 18, 2016, 6:26 PM Murray, Mike mailto:mmur...@csuchico.edu> > wrote: 

OK, after working with our network team, WOL *does* work from CM, but only when 
a computer is sleeping. I tried your power into BIOS trick, and it still 
wouldn’t wake. I looked at the BIOS settings, and Deep Sleep Control was 
enabled. The article below suggests that disabling this might work, but it did 
not. If the computer is fully powered off, it still will not wake. The article 
also states: 

These systems should wake from the System Power States: Sleep (S3) or Hibernate 
(S4). The SHUTDOWN (S5)power state is not supported in Windows 7 and SHUTDOWN 
(S5) and Hybrid SHUTDOWN (S4) power states are not supported in Windows 8 for 
Wake-On-LAN. 

Welp, I’m in state S5, so what to do? 

http://www.dell.com/support/article/us/en/19/SLN216918/EN 

Mike 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com> 
] On Behalf Of Ryan
Sent: Friday, November 18, 2016 12:10 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: Re: [mssms] RE: WOL not waking powered off computers 

View page three of my troubleshooting WOL and SCCM: 

http://www.ephingadmin.com/a-configmgr-admins-guide-to-wol-magic-packet-part-three/

Is the NIC On: 

If there are no link lights on the back of the computer, where the network cord 
is plugged in, then your NIC is probably not getting any power. Because of 
this, it won’t be able to turn on the computer when packets are sent. Check 
BIOS and / or Windows to see which is turning off the NIC. The next trick will 
tell you how to narrow down which is causing the problem. 

Is This A Windows Problem or BIOS Problem: 

One interesting trick you can do is power off the computer, and then power it 
back on going into BIOS. Sometimes, Windows turns the NIC off when the computer 
is powered down, and this action will turn back on the NIC. Now, power off the 
computer (make sure it doesn’t boot into Windows) and try to wake up the 
computer. If it wakes up, and it never woke up before, you are probably looking 
at a Windows setting problem or a driver bug. If it doesn’t wake up, check the 
BIOS. make sure all the settings are correct, and if they are look into 
updating or downgrading the BIOS. 

On Fri, Nov 18, 2016 at 1:40 PM Linkey, Mike mailto:mlin...@icc.illinois.gov> > wrote: 

Make sure you have the right NIC drivers.  We have problems from time to time 
when the wrong drivers are installed. 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com> 
] On Behalf Of Murray, Mike
Sent: Friday, November 18, 2016 1:04 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [External] [mssms] WOL not waking powered off computers 

We have WOL enabled on our network. I’m able to wake a sleeping computer, but 
not a powered off computer. I verified WOL is enabled in BIOS and the network 
adapter is not getting powered off. Is this normal? 

Best Regards, 

Mike Murray 

Desktop Engineer/IT Consultant - IT Support Services 

California State University, Chico 

530.898.4357
 <mailto:mmur...@csuchico.edu> mmur...@csuchico.edu 

Remember, Chico State will NEVER ask you for your passwor

RE: [mssms] RE: WOL not waking powered off computers

2016-11-21 Thread Murray, Mike

We have disabled the deep sleep option, which I understand is supposed to allow 
WOL when powered down.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Marcum, John
Sent: Monday, November 21, 2016 8:59 AM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] RE: WOL not waking powered off computers

http://www.dell.com/support/article/us/en/19/SLN216918/en

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Monday, November 21, 2016 10:31 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] RE: WOL not waking powered off computers

It does get the packet. And it will wake up when asleep, just now when powered 
off.

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Ryan
Sent: Friday, November 18, 2016 4:29 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: Re: [mssms] RE: WOL not waking powered off computers

You can check if the computer is getting the packet by running a WOL packet 
sniffer on it while it's on. Send the packet to the computer from the CM server 
and see if it comes through. If it does, it's probably not a network problem.

On Fri, Nov 18, 2016, 6:26 PM Murray, Mike mailto:mmur...@csuchico.edu> > wrote:

OK, after working with our network team, WOL *does* work from CM, but only when 
a computer is sleeping. I tried your power into BIOS trick, and it still 
wouldn’t wake. I looked at the BIOS settings, and Deep Sleep Control was 
enabled. The article below suggests that disabling this might work, but it did 
not. If the computer is fully powered off, it still will not wake. The article 
also states:

These systems should wake from the System Power States: Sleep (S3) or Hibernate 
(S4). The SHUTDOWN (S5)power state is not supported in Windows 7 and SHUTDOWN 
(S5) and Hybrid SHUTDOWN (S4) power states are not supported in Windows 8 for 
Wake-On-LAN.

Welp, I’m in state S5, so what to do?

http://www.dell.com/support/article/us/en/19/SLN216918/EN

Mike

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com> 
] On Behalf Of Ryan
Sent: Friday, November 18, 2016 12:10 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: Re: [mssms] RE: WOL not waking powered off computers

View page three of my troubleshooting WOL and SCCM:

http://www.ephingadmin.com/a-configmgr-admins-guide-to-wol-magic-packet-part-three/

Is the NIC On:

If there are no link lights on the back of the computer, where the network cord 
is plugged in, then your NIC is probably not getting any power. Because of 
this, it won’t be able to turn on the computer when packets are sent. Check 
BIOS and / or Windows to see which is turning off the NIC. The next trick will 
tell you how to narrow down which is causing the problem.

Is This A Windows Problem or BIOS Problem:

One interesting trick you can do is power off the computer, and then power it 
back on going into BIOS. Sometimes, Windows turns the NIC off when the computer 
is powered down, and this action will turn back on the NIC. Now, power off the 
computer (make sure it doesn’t boot into Windows) and try to wake up the 
computer. If it wakes up, and it never woke up before, you are probably looking 
at a Windows setting problem or a driver bug. If it doesn’t wake up, check the 
BIOS. make sure all the settings are correct, and if they are look into 
updating or downgrading the BIOS.

On Fri, Nov 18, 2016 at 1:40 PM Linkey, Mike mailto:mlin...@icc.illinois.gov> > wrote:

Make sure you have the right NIC drivers.  We have problems from time to time 
when the wrong drivers are installed.

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com> 
] On Behalf Of Murray, Mike
Sent: Friday, November 18, 2016 1:04 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [External] [mssms] WOL not waking powered off computers

We have WOL enabled on our network. I’m able to wake a sleeping computer, but 
not a powered off computer. I verified WOL is enabled in BIOS and the network 
adapter is not getting powered off. Is this normal? 

Best Regards,

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357  
 <mailto:mmur...@csuchico.edu> mmur...@csuchico.edu

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to: 
http://www.csuchico.edu/isec/ba

RE: [mssms] RE: WOL not waking powered off computers

2016-11-21 Thread Murray, Mike

Neither work. I upgraded BIOS, too.  :/

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Ryan
Sent: Monday, November 21, 2016 8:59 AM
To: mssms@lists.myitforum.com
Subject: Re: [mssms] RE: WOL not waking powered off computers

What about the BIOS trick I talked about?

Turn off the computer, boot into BIOS, then shut it down (this is important, if 
it ever even starts loading Windows you have to restart the whole process). 
Now, try to wake it.  if it wakes up, it is an OS problem. If it doesn't wake 
up, it may or may not be an OS problem, but I'd say start looking at upgrading 
BIOS first.

On Mon, Nov 21, 2016 at 10:54 AM Murray, Mike mailto:mmur...@csuchico.edu> > wrote:

It does get the packet. And it will wake up when asleep, just now when powered 
off.

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com> 
] On Behalf Of Ryan
Sent: Friday, November 18, 2016 4:29 PM

To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: Re: [mssms] RE: WOL not waking powered off computers

You can check if the computer is getting the packet by running a WOL packet 
sniffer on it while it's on. Send the packet to the computer from the CM server 
and see if it comes through. If it does, it's probably not a network problem.

On Fri, Nov 18, 2016, 6:26 PM Murray, Mike mailto:mmur...@csuchico.edu> > wrote:

OK, after working with our network team, WOL *does* work from CM, but only when 
a computer is sleeping. I tried your power into BIOS trick, and it still 
wouldn’t wake. I looked at the BIOS settings, and Deep Sleep Control was 
enabled. The article below suggests that disabling this might work, but it did 
not. If the computer is fully powered off, it still will not wake. The article 
also states:

These systems should wake from the System Power States: Sleep (S3) or Hibernate 
(S4). The SHUTDOWN (S5)power state is not supported in Windows 7 and SHUTDOWN 
(S5) and Hybrid SHUTDOWN (S4) power states are not supported in Windows 8 for 
Wake-On-LAN.

Welp, I’m in state S5, so what to do?

http://www.dell.com/support/article/us/en/19/SLN216918/EN

Mike

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com> 
] On Behalf Of Ryan
Sent: Friday, November 18, 2016 12:10 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: Re: [mssms] RE: WOL not waking powered off computers

View page three of my troubleshooting WOL and SCCM:

http://www.ephingadmin.com/a-configmgr-admins-guide-to-wol-magic-packet-part-three/

Is the NIC On:

If there are no link lights on the back of the computer, where the network cord 
is plugged in, then your NIC is probably not getting any power. Because of 
this, it won’t be able to turn on the computer when packets are sent. Check 
BIOS and / or Windows to see which is turning off the NIC. The next trick will 
tell you how to narrow down which is causing the problem.

Is This A Windows Problem or BIOS Problem:

One interesting trick you can do is power off the computer, and then power it 
back on going into BIOS. Sometimes, Windows turns the NIC off when the computer 
is powered down, and this action will turn back on the NIC. Now, power off the 
computer (make sure it doesn’t boot into Windows) and try to wake up the 
computer. If it wakes up, and it never woke up before, you are probably looking 
at a Windows setting problem or a driver bug. If it doesn’t wake up, check the 
BIOS. make sure all the settings are correct, and if they are look into 
updating or downgrading the BIOS.

On Fri, Nov 18, 2016 at 1:40 PM Linkey, Mike mailto:mlin...@icc.illinois.gov> > wrote:

Make sure you have the right NIC drivers.  We have problems from time to time 
when the wrong drivers are installed.

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com> 
] On Behalf Of Murray, Mike
Sent: Friday, November 18, 2016 1:04 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [External] [mssms] WOL not waking powered off computers

We have WOL enabled on our network. I’m able to wake a sleeping computer, but 
not a powered off computer. I verified WOL is enabled in BIOS and the network 
adapter is not getting powered off. Is this normal? 

Best Regards,

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357  
 <mailto:mmur...@csuchico.edu> mmur...@csuchico.edu

Remember, Chico State will NEVER ask you for your password via email!  

For more information about re

RE: [mssms] RE: WOL not waking powered off computers

2016-11-21 Thread Murray, Mike

It does get the packet. And it will wake up when asleep, just now when powered 
off.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Ryan
Sent: Friday, November 18, 2016 4:29 PM
To: mssms@lists.myitforum.com
Subject: Re: [mssms] RE: WOL not waking powered off computers

You can check if the computer is getting the packet by running a WOL packet 
sniffer on it while it's on. Send the packet to the computer from the CM server 
and see if it comes through. If it does, it's probably not a network problem.

On Fri, Nov 18, 2016, 6:26 PM Murray, Mike mailto:mmur...@csuchico.edu> > wrote:

OK, after working with our network team, WOL *does* work from CM, but only when 
a computer is sleeping. I tried your power into BIOS trick, and it still 
wouldn’t wake. I looked at the BIOS settings, and Deep Sleep Control was 
enabled. The article below suggests that disabling this might work, but it did 
not. If the computer is fully powered off, it still will not wake. The article 
also states:

These systems should wake from the System Power States: Sleep (S3) or Hibernate 
(S4). The SHUTDOWN (S5)power state is not supported in Windows 7 and SHUTDOWN 
(S5) and Hybrid SHUTDOWN (S4) power states are not supported in Windows 8 for 
Wake-On-LAN.

Welp, I’m in state S5, so what to do?

http://www.dell.com/support/article/us/en/19/SLN216918/EN

Mike

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com> 
] On Behalf Of Ryan
Sent: Friday, November 18, 2016 12:10 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: Re: [mssms] RE: WOL not waking powered off computers

View page three of my troubleshooting WOL and SCCM:

http://www.ephingadmin.com/a-configmgr-admins-guide-to-wol-magic-packet-part-three/

Is the NIC On:

If there are no link lights on the back of the computer, where the network cord 
is plugged in, then your NIC is probably not getting any power. Because of 
this, it won’t be able to turn on the computer when packets are sent. Check 
BIOS and / or Windows to see which is turning off the NIC. The next trick will 
tell you how to narrow down which is causing the problem.

Is This A Windows Problem or BIOS Problem:

One interesting trick you can do is power off the computer, and then power it 
back on going into BIOS. Sometimes, Windows turns the NIC off when the computer 
is powered down, and this action will turn back on the NIC. Now, power off the 
computer (make sure it doesn’t boot into Windows) and try to wake up the 
computer. If it wakes up, and it never woke up before, you are probably looking 
at a Windows setting problem or a driver bug. If it doesn’t wake up, check the 
BIOS. make sure all the settings are correct, and if they are look into 
updating or downgrading the BIOS.

On Fri, Nov 18, 2016 at 1:40 PM Linkey, Mike mailto:mlin...@icc.illinois.gov> > wrote:

Make sure you have the right NIC drivers.  We have problems from time to time 
when the wrong drivers are installed.

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com> 
] On Behalf Of Murray, Mike
Sent: Friday, November 18, 2016 1:04 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [External] [mssms] WOL not waking powered off computers

We have WOL enabled on our network. I’m able to wake a sleeping computer, but 
not a powered off computer. I verified WOL is enabled in BIOS and the network 
adapter is not getting powered off. Is this normal? 

Best Regards,

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357  
 <mailto:mmur...@csuchico.edu> mmur...@csuchico.edu

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to: 
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

CONFIDENTIALITY NOTICE: The e-mail transmission (and/or the documents 
accompanying such) may contain confidential information. Such information is 
intended only for the use of the individual or entity named above. If you are 
not the named or intended recipient, you are hereby notified that any 
disclosure, copying, distribution, or the taking of any action in reliance on 
the contents of such information is strictly prohibited. If you have received 
this email in error, please notify the sender and then delete the email. Thank 
you for your cooperation. 

smime.p7s
Description: S/MIME cryptographic signature

RE: [mssms] RE: WOL not waking powered off computers

2016-11-18 Thread Murray, Mike

OK, after working with our network team, WOL *does* work from CM, but only when 
a computer is sleeping. I tried your power into BIOS trick, and it still 
wouldn’t wake. I looked at the BIOS settings, and Deep Sleep Control was 
enabled. The article below suggests that disabling this might work, but it did 
not. If the computer is fully powered off, it still will not wake. The article 
also states:

 

These systems should wake from the System Power States: Sleep (S3) or Hibernate 
(S4). The SHUTDOWN (S5)power state is not supported in Windows 7 and SHUTDOWN 
(S5) and Hybrid SHUTDOWN (S4) power states are not supported in Windows 8 for 
Wake-On-LAN.

 

Welp, I’m in state S5, so what to do?

 

http://www.dell.com/support/article/us/en/19/SLN216918/EN

 

 

Mike

 

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Ryan
Sent: Friday, November 18, 2016 12:10 PM
To: mssms@lists.myitforum.com
Subject: Re: [mssms] RE: WOL not waking powered off computers

 

View page three of my troubleshooting WOL and SCCM:

 

http://www.ephingadmin.com/a-configmgr-admins-guide-to-wol-magic-packet-part-three/

 

Is the NIC On:

If there are no link lights on the back of the computer, where the network cord 
is plugged in, then your NIC is probably not getting any power. Because of 
this, it won’t be able to turn on the computer when packets are sent. Check 
BIOS and / or Windows to see which is turning off the NIC. The next trick will 
tell you how to narrow down which is causing the problem.

Is This A Windows Problem or BIOS Problem:

One interesting trick you can do is power off the computer, and then power it 
back on going into BIOS. Sometimes, Windows turns the NIC off when the computer 
is powered down, and this action will turn back on the NIC. Now, power off the 
computer (make sure it doesn’t boot into Windows) and try to wake up the 
computer. If it wakes up, and it never woke up before, you are probably looking 
at a Windows setting problem or a driver bug. If it doesn’t wake up, check the 
BIOS. make sure all the settings are correct, and if they are look into 
updating or downgrading the BIOS.

 

On Fri, Nov 18, 2016 at 1:40 PM Linkey, Mike mailto:mlin...@icc.illinois.gov> > wrote:

Make sure you have the right NIC drivers.  We have problems from time to time 
when the wrong drivers are installed.

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com> 
] On Behalf Of Murray, Mike
Sent: Friday, November 18, 2016 1:04 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [External] [mssms] WOL not waking powered off computers

 

We have WOL enabled on our network. I’m able to wake a sleeping computer, but 
not a powered off computer. I verified WOL is enabled in BIOS and the network 
adapter is not getting powered off. Is this normal? 

 



 

 

Best Regards,

 

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357  
 <mailto:mmur...@csuchico.edu> mmur...@csuchico.edu

 

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to: 
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

 

 

CONFIDENTIALITY NOTICE: The e-mail transmission (and/or the documents 
accompanying such) may contain confidential information. Such information is 
intended only for the use of the individual or entity named above. If you are 
not the named or intended recipient, you are hereby notified that any 
disclosure, copying, distribution, or the taking of any action in reliance on 
the contents of such information is strictly prohibited. If you have received 
this email in error, please notify the sender and then delete the email. Thank 
you for your cooperation. 

 

 






smime.p7s
Description: S/MIME cryptographic signature

[mssms] RE: WOL not waking powered off computers

2016-11-18 Thread Murray, Mike

Please disregard this, I believe it's also not working on sleeping
computers. Someone misinformed me. I'll chat with our network team.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Linkey, Mike
Sent: Friday, November 18, 2016 11:39 AM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: WOL not waking powered off computers

Make sure you have the right NIC drivers.  We have problems from time to
time when the wrong drivers are installed.

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Friday, November 18, 2016 1:04 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [External] [mssms] WOL not waking powered off computers

We have WOL enabled on our network. I'm able to wake a sleeping computer,
but not a powered off computer. I verified WOL is enabled in BIOS and the
network adapter is not getting powered off. Is this normal? 

Best Regards,

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
 <mailto:mmur...@csuchico.edu> mmur...@csuchico.edu

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

CONFIDENTIALITY NOTICE: The e-mail transmission (and/or the documents
accompanying such) may contain confidential information. Such information is
intended only for the use of the individual or entity named above. If you
are not the named or intended recipient, you are hereby notified that any
disclosure, copying, distribution, or the taking of any action in reliance
on the contents of such information is strictly prohibited. If you have
received this email in error, please notify the sender and then delete the
email. Thank you for your cooperation. 

smime.p7s
Description: S/MIME cryptographic signature

[mssms] WOL not waking powered off computers

2016-11-18 Thread Murray, Mike

We have WOL enabled on our network. I'm able to wake a sleeping computer,
but not a powered off computer. I verified WOL is enabled in BIOS and the
network adapter is not getting powered off. Is this normal? 

 



 

 

Best Regards,

 

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
  mmur...@csuchico.edu

 

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:

http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

 





smime.p7s
Description: S/MIME cryptographic signature

[mssms] RE: Odd exit code during OSD

2016-11-18 Thread Murray, Mike

Also, the script does seem to work. If I set this step to continue on error,
it goes through and the network settings are applied.

 

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Murray, Mike
Sent: Thursday, November 17, 2016 1:07 PM
To: mssms@lists.myitforum.com
Subject: [mssms] Odd exit code during OSD

 

I've Googled, but haven't found any definitive answers. We have some ports
that used wired NAC and computers connected to these ports require special
network settings in order to connect. We're trying to change these settings
during OSD with package that contains  a PowerShell script (shown below).
But, I'm getting this error and odd exit code in smsts.log:

 

Executing command line: Run Powershell script  RunPowerShellScript
11/17/2016 12:33:23 PM  1012 (0x03F4)

Running as AdminRunPowerShellScript  11/17/2016 12:33:25 PM
1012 (0x03F4)

Process completed with exit code 4294967295 RunPowerShellScript
11/17/2016 12:33:27 PM  1012 (0x03F4)

Command line returned 4294967295RunPowerShellScript  11/17/2016
12:33:27 PM  1012 (0x03F4)

ReleaseSource() for C:\_SMSTaskSequence\Packages\CMC00252.
RunPowerShellScript  11/17/2016 12:33:27 PM 1012 (0x03F4)

reference count 1 for the source C:\_SMSTaskSequence\Packages\CMC00252
before releasing   RunPowerShellScript11/17/2016 12:33:27 PM
1012 (0x03F4)

Released the resolved source C:\_SMSTaskSequence\Packages\CMC00252
RunPowerShellScript  11/17/2016 12:33:27 PM  1012 (0x03F4)

Process completed with exit code 4294967295 TSManager 11/17/2016
12:33:27 PM  2936 (0x0B78)

!---
-!   TSManager 11/17/2016 12:33:27 PM
2936 (0x0B78)

Failed to run the action: Configure Wired NAC. 

Unknown error (Error: ; Source: Unknown)TSManager
11/17/2016 12:33:27 PM  2936 (0x0B78)

 

 

What little info I could find makes me think this might because the system
needs to restart, but I'm not sure. Code below:

 

 

 

param([switch]$Elevated)

 

function Test-Admin {

  $currentUser = New-Object Security.Principal.WindowsPrincipal
$([Security.Principal.WindowsIdentity]::GetCurrent())

 
$currentUser.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator
)

}

 

if ((Test-Admin) -eq $false)  {

if ($elevated) 

{

# tried to elevate, did not work, aborting

} 

else {

Start-Process powershell.exe -Verb RunAs -ArgumentList ('-noprofile
-noexit -file "{0}" -elevated' -f ($myinvocation.MyCommand.Definition))

}

 

exit

}

 

'Running as Admin'

 

 

 

$CreateProfile = @"



http://www.microsoft.com/networking/LAN/profile/v1";>





 
false

 
true

http://www.microsoft.com/networking/OneX/v1";>

 
true

 
1

 
machineOrUser

 
http://www.microsoft.com/provisioning/EapHostConfig";>http://www.microsoft.com/provisioning/EapCommon";>25http://www.microsoft.com/provisioning/EapCommon";>0http://www.microsoft.com/provisioning/EapCommon";>0http://www.microsoft.com/provisioning/EapCommon";>0http://www.microsoft.com/provisioning/EapHostConfig";>http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1";>
25http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV1";><
ServerValidation>truechi-cppm-vip.csuchico.edu06 c9 cf ed a6 99 76 d1 b9 c2 b5 23 49 0d a4 76 d9 dc 3a 5a
02 fa f3 e2 91 43 54 68 60 78 57 69 4d f5 e4
5b 68 85 18 68
falsefalsehttp://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1";>
26http://www.microsoft.com/provisioning/MsChapV2ConnectionPropertiesV1";
>truefalsefalse<
/RequireCryptoBinding>http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2";>t
ruehttp://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2";>t
rue









"@

$CreateProfile | Out-File -FilePath C:\windows\Temp\profile.xml

 

$CreateBat = @" 

@echo off

 

::(Starts Wired Service)

net start dot3svc

sc config dot3svc start= automatic

 

::(Removes and adds Ethernet Profile)

netsh lan delete profile interface=e*

netsh lan add profile filename=C:\windows\Temp\profile.xml interface=e*

 

 

"@

$CreateBat | Out-File -FilePath C:\windows\Temp\loadprofile.bat -enc ascii

 

$LoadingProfile = & "C:\windows\Temp\loadprofile.bat"

 

stop-process -Id $PID 

 

#Read-Host -Prompt "Press Enter to exit"

 

 

Best Regards,

 

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State Universit

[mssms] Odd exit code during OSD

2016-11-17 Thread Murray, Mike

I've Googled, but haven't found any definitive answers. We have some ports
that used wired NAC and computers connected to these ports require special
network settings in order to connect. We're trying to change these settings
during OSD with package that contains  a PowerShell script (shown below).
But, I'm getting this error and odd exit code in smsts.log:

 

Executing command line: Run Powershell script  RunPowerShellScript
11/17/2016 12:33:23 PM  1012 (0x03F4)

Running as AdminRunPowerShellScript  11/17/2016 12:33:25 PM
1012 (0x03F4)

Process completed with exit code 4294967295 RunPowerShellScript
11/17/2016 12:33:27 PM  1012 (0x03F4)

Command line returned 4294967295RunPowerShellScript  11/17/2016
12:33:27 PM  1012 (0x03F4)

ReleaseSource() for C:\_SMSTaskSequence\Packages\CMC00252.
RunPowerShellScript  11/17/2016 12:33:27 PM 1012 (0x03F4)

reference count 1 for the source C:\_SMSTaskSequence\Packages\CMC00252
before releasing   RunPowerShellScript11/17/2016 12:33:27 PM
1012 (0x03F4)

Released the resolved source C:\_SMSTaskSequence\Packages\CMC00252
RunPowerShellScript  11/17/2016 12:33:27 PM  1012 (0x03F4)

Process completed with exit code 4294967295 TSManager 11/17/2016
12:33:27 PM  2936 (0x0B78)

!---
-!   TSManager 11/17/2016 12:33:27 PM
2936 (0x0B78)

Failed to run the action: Configure Wired NAC. 

Unknown error (Error: ; Source: Unknown)TSManager
11/17/2016 12:33:27 PM  2936 (0x0B78)

 

 

What little info I could find makes me think this might because the system
needs to restart, but I'm not sure. Code below:

 

 

 

param([switch]$Elevated)

 

function Test-Admin {

  $currentUser = New-Object Security.Principal.WindowsPrincipal
$([Security.Principal.WindowsIdentity]::GetCurrent())

 
$currentUser.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator
)

}

 

if ((Test-Admin) -eq $false)  {

if ($elevated) 

{

# tried to elevate, did not work, aborting

} 

else {

Start-Process powershell.exe -Verb RunAs -ArgumentList ('-noprofile
-noexit -file "{0}" -elevated' -f ($myinvocation.MyCommand.Definition))

}

 

exit

}

 

'Running as Admin'

 

 

 

$CreateProfile = @"



http://www.microsoft.com/networking/LAN/profile/v1";>





 
false

 
true

http://www.microsoft.com/networking/OneX/v1";>

 
true

 
1

 
machineOrUser

 
http://www.microsoft.com/provisioning/EapHostConfig";>http://www.microsoft.com/provisioning/EapCommon";>25http://www.microsoft.com/provisioning/EapCommon";>0http://www.microsoft.com/provisioning/EapCommon";>0http://www.microsoft.com/provisioning/EapCommon";>0http://www.microsoft.com/provisioning/EapHostConfig";>http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1";>
25http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV1";><
ServerValidation>truechi-cppm-vip.csuchico.edu06 c9 cf ed a6 99 76 d1 b9 c2 b5 23 49 0d a4 76 d9 dc 3a 5a
02 fa f3 e2 91 43 54 68 60 78 57 69 4d f5 e4
5b 68 85 18 68
falsefalsehttp://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1";>
26http://www.microsoft.com/provisioning/MsChapV2ConnectionPropertiesV1";
>truefalsefalse<
/RequireCryptoBinding>http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2";>t
ruehttp://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2";>t
rue









"@

$CreateProfile | Out-File -FilePath C:\windows\Temp\profile.xml

 

$CreateBat = @" 

@echo off

 

::(Starts Wired Service)

net start dot3svc

sc config dot3svc start= automatic

 

::(Removes and adds Ethernet Profile)

netsh lan delete profile interface=e*

netsh lan add profile filename=C:\windows\Temp\profile.xml interface=e*

 

 

"@

$CreateBat | Out-File -FilePath C:\windows\Temp\loadprofile.bat -enc ascii

 

$LoadingProfile = & "C:\windows\Temp\loadprofile.bat"

 

stop-process -Id $PID 

 

#Read-Host -Prompt "Press Enter to exit"

 

 

Best Regards,

 

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
  mmur...@csuchico.edu

 

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:

http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

 





smime.p7s
Description: S/MIME cryptographic signature

RE: [mssms] scep updates not working

2016-10-28 Thread Murray, Mike

Maybe try this? It’s worked for us. Admin command prompt.

 

"C:\Program Files\Windows Defender\MpCmdRun.exe" -removedefinitions -all

 

"C:\Program Files\Windows Defender\MpCmdRun.exe" -SignatureUpdate

 

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Stuart Watret
Sent: Friday, October 28, 2016 7:44 AM
To: mssms@lists.myitforum.com
Subject: Re: [mssms] scep updates not working

 

Thanks Jimmy, no access to ms.com   on the clients.

 

I’ve progressed with the remove and reinstall - this seems to work although 
worryingly, I’m not seeing the “Installed” number climbing in WSUS for the 
definitions.

 

May just have bought some more time before a WSUS rebuild :)

 

On 28 Oct 2016, at 12:39, Jimmy Martin mailto:jimmy.mar...@bmhcc.org> > wrote:

 

Try sending the full def update via regular sccm package to the devices with 
old defs

If you don’t already have it, this can be run as a powershell script to 
download the defs

$x64S1 = "http://go.microsoft.com/fwlink/?LinkID=121721 
 
&clcid=0x409&arch=x64"
$x64D1 = "\\server\share\x64\mpam-fe.exe  "
$x64S2 = "http://go.microsoft.com/fwlink/?LinkId=211054";
$x64D2 = "\\server\share\x64\mpam-d.exe  "
$x64S3 = "http://go.microsoft.com/fwlink/?LinkId=197094";
$x64D3 = "\\server\share\x64\nis_full.exe 
 "
$x86S1 = "http://go.microsoft.com/fwlink/?LinkID=121721 
 
&clcid=0x409&arch=x86"
$x86D1 = "\\server\share\x86\mpam-fe.exe  "
$x86S2 = "http://go.microsoft.com/fwlink/?LinkId=211053";
$x86D2 = "\\server\share\x86\mpam-d.exe  "
$x86S3 = "http://go.microsoft.com/fwlink/?LinkId=197095";
$x86D3 = "\\server\share\x86\nis_full.exe 
 "
$wc = New-Object System.Net  .WebClient



$wc= new-object System.Net  .WebClient
#If you have a proxy configured for your environment, you need to enable and 
confiure
#   the next three lines
$proxy = new-object System.Net  .WebProxy "your proxy:port"
$proxy.UseDefaultCredentials = $true
$wc.proxy=$proxy

$wc.DownloadFile($x86S1, $x86D1)
$wc.DownloadFile($x86S2, $x86D2)
$wc.DownloadFile($x86S3, $x86D3)
$wc.DownloadFile($x64S1, $x64D1)
$wc.DownloadFile($x64S2, $x64D2)
$wc.DownloadFile($x64S3, $x64D3)



Jimmy Martin
(901) 227-8209


-Original Message-
From: listsad...@lists.myitforum.com   
[mailto:listsad...@lists.myitforum.com] On Behalf Of Stuart Watret
Sent: Friday, October 28, 2016 5:17 AM
To: mailto:mssms@lists.myitforum.com> > 
mailto:mssms@lists.myitforum.com> >
Subject: [mssms] scep updates not working

Since last Friday my clients haven’t ben picking up scep updates from WSUS.

A manual update results in a 8004002e error.

Only solution I’ve found is to remove scep and reinstall.

I’ll do this, but thought I’d run it all past you in case of any bright ideas.

Cheers

Stuart



This message and any files transmitted with it may contain legally privileged, 
confidential, or proprietary information. If you are not the intended recipient 
of this message, you are not permitted to use, copy, or forward it, in whole or 
in part without the express consent of the sender. Please notify the sender of 
the error by reply email, disregard the foregoing messages, and delete it 
immediately.

P Please consider the environment before printing this email...



 

 






smime.p7s
Description: S/MIME cryptographic signature

RE: [mssms] default profile customization

2016-10-20 Thread Murray, Mike

Gah! We haven’t used copyprofile since the XP days.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Jason Sandys
Sent: Thursday, October 20, 2016 12:56 PM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] default profile customization

Three gold stars for saying no! The customer is not always right. Pigs don’t 
fly. The earth is not flat.

J

From: listsad...@lists.myitforum.com   
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jay Parekh
Sent: Thursday, October 20, 2016 2:48 PM
To: Jason Sandys mailto:ja...@sandys.us> >; 
mssms@lists.myitforum.com  
Subject: RE: [mssms] default profile customization

A client told use to use CopyProfile earlier this year in their Windows 10 
pilot.  We told them no, it doesn’t work properly and we can achieve much of 
the same with mix of GPO/GPP/PowerShell.  He insisted CopyProfile and took two 
days of seeing issues before he said okay, we’re not using it anymore.  Don’t 
do it.

Sent from Mail   for Windows 10

From: Jason Sandys  
Sent: Thursday, October 20, 2016 2:28 PM
To: mssms@lists.myitforum.com  
Subject: RE: [mssms] default profile customization

Also, that’s a really old post, almost 5 years old now.

J

From: listsad...@lists.myitforum.com   
[mailto:listsad...@lists.myitforum.com] On Behalf Of Daniel Ratliff
Sent: Thursday, October 20, 2016 1:35 PM
To: mssms@lists.myitforum.com  
Subject: RE: [mssms] default profile customization

No one said it didn’t work, it’s just undocumented, and has little to no 
support. I certainly can’t rely on that, especially with the chance of it 
breaking each time there is an OS update. 

Daniel Ratliff

From: listsad...@lists.myitforum.com   
[mailto:listsad...@lists.myitforum.com] On Behalf Of Mote, Todd
Sent: Thursday, October 20, 2016 2:07 PM
To: mssms@lists.myitforum.com  
Subject: RE: [mssms] default profile customization

I dunno, 2008 R2 was a fine Spartan version of windows 7, no aero, no desktop 
picture, single background color.  Windows 8/8.1 wasn’t teal like 2012 and 
2012R2 was, but the desktop on 12/R2 was tolerable, a single color.  Now if I 
sat down and just looked at a 10 and 2016 side by side, I’m not sure I could 
tell them apart just by looking at them.

I get the argument of more work, but competitively speaking, I can’t install 
DNS server on Windows 10, so there’s already work being put into making them 
different anyway.

And insult to injury, I just found a post 
https://blogs.technet.microsoft.com/chad/2012/04/25/tip-49-how-do-you-set-default-user-profile-registry-settings/
 where just today the author endorses the use of copyprofile.  I thought it 
didn’t work?

Sigh.

From: listsad...@lists.myitforum.com   
[mailto:listsad...@lists.myitforum.com] On Behalf Of Ryan
Sent: Thursday, October 20, 2016 12:42 PM
To: mssms@lists.myitforum.com  
Subject: Re: [mssms] default profile customization

Because each server version is based on the workstation OS. It'd be more work 
to leave it the same as they'd have to re-design the workstation OS each time 
it's updated.

On Thu, Oct 20, 2016 at 12:40 PM Todd Hemsell mailto:hems...@gmail.com> > wrote:

I agree. 

They added a ton of crap to the servers that add no business value, and they 
keep moving things around for no reason at all.

If they want to get rid of the gui, why do they keep redesigning it?

Why not just leave it alone? 

On Thu, Oct 20, 2016 at 9:52 AM, Mote, Todd mailto:mo...@austin.utexas.edu> > wrote:

Eh, it’s mostly about delivering a “clean product” I guess.  It started in 
server 2012, I couldn’t stand to deliver a teal taskbar to customers, the same 
tricks I used on that don’t work anymore, they seem to change every time 
windows changes.  In Server 2016, there’s a desktop picture.  I don’t, nor do 
my customers need a desktop picture, it’s hard to even set just a color and no 
desktop anymore.  It doesn’t have to be pretty to look at, because nobody is 
looking at it.  Transparency is on by default. Why?  There’s a desktop image.  
Why?  I guess my first email wasn’t super clear.  Why is the color of every 
window, active or not, the same?  I may not want to set everything, but it’s so 
hard to set anything these days in a build and capture or deployment scenario.  
The same registry keys you watch change when you change something don’t 
actually work when you change them in the registry rather than in the GUI.  

And before anybody says, “but Jeff Snover calls it SAAD (server as a desktop) 
for a reason, because it’s sad, use cor

[mssms] RE: SCCM SUP updates groups

2016-10-18 Thread Murray, Mike

And yes, as others have stated, don't go over 100 per SUG. I actually have
two 2016 SUGs, one is for overflow.   J

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Murray, Mike
Sent: Tuesday, October 18, 2016 1:14 PM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: SCCM SUP updates groups

I'm sure you will get many different responses - there is no single way. We
went for simplicity. Everything goes into one SUG for the current month's
updates, then get moved to a 2016 - all SUG once the next month's updates
are released. Then we set our deployments to our desired tastes.

Mike

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Fast, David D.
Sent: Tuesday, October 18, 2016 11:58 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] SCCM SUP updates groups

Okay, I'm trying to get serious about implementing SUP in SCCM.  In our
environment, we have W7x86, W7x64, W8.1x64, W10x64 (RTM, 1511 and 1607).  We
also have Office 2007 (x86), Office 2010 (x86), Office 2013 (x86 and x64)
and Office 2016 (x86).

Does each product/architecture combination get its own baseline SUG and
monthly update SUG?  Seems like all of the guides for setting up SUP assume
the environment is standardized on single platform/product configurations.
Can someone point me to a guide that addresses multiple platform/product
environments with initial setup + ongoing month-to-month configuration?

Thanks,

David

  _  

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from any
computer.

smime.p7s
Description: S/MIME cryptographic signature

[mssms] RE: SCCM SUP updates groups

2016-10-18 Thread Murray, Mike

I'm sure you will get many different responses - there is no single way. We
went for simplicity. Everything goes into one SUG for the current month's
updates, then get moved to a 2016 - all SUG once the next month's updates
are released. Then we set our deployments to our desired tastes.

 

Mike

 

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Fast, David D.
Sent: Tuesday, October 18, 2016 11:58 AM
To: mssms@lists.myitforum.com
Subject: [mssms] SCCM SUP updates groups

 

Okay, I'm trying to get serious about implementing SUP in SCCM.  In our
environment, we have W7x86, W7x64, W8.1x64, W10x64 (RTM, 1511 and 1607).  We
also have Office 2007 (x86), Office 2010 (x86), Office 2013 (x86 and x64)
and Office 2016 (x86).

Does each product/architecture combination get its own baseline SUG and
monthly update SUG?  Seems like all of the guides for setting up SUP assume
the environment is standardized on single platform/product configurations.
Can someone point me to a guide that addresses multiple platform/product
environments with initial setup + ongoing month-to-month configuration?

 

Thanks,

 

David

 

 

  _  

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from any
computer.

 





smime.p7s
Description: S/MIME cryptographic signature

[mssms] RE: Old Windows Defender update not being marked as superseded

2016-10-18 Thread Murray, Mike

It looks like the 10/13 one was finally superseded. That one was KB915597. A
newer version of KB915597 wasn't released until yesterday, so I guess that
explains it. I'm still seeing systems not updating, though. I have Microsoft
Update set as the highest priority source, so I'm not sure why they're not
updating. I tried running a manual update, all I get is this:

 

C:\Program Files\Windows Defender>MpCmdRun.exe -SignatureUpdate

Signature update started . . .

Signature update finished. No updates needed

 

The defs are 4 days old on the client.

 

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of RJ Subscriber
Sent: Monday, October 17, 2016 5:43 PM
To: mssms@lists.myitforum.com
Subject: [mssms] Re: Old Windows Defender update not being marked as
superseded

 

We see that KB915597 from 10/13 hanging around, too, with a newer KB2267602.
I haven't been able to locate info on how the two updates work together but
from their behavior they seem to be different "definition updates" on
different update tracks.  The updates are always KB915597 or KB2267602, but
I can't find any documentation on what one does over the other.

 

-Russell

  _  

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
mailto:listsad...@lists.myitforum.com> > on
behalf of Murray, Mike mailto:mmur...@csuchico.edu> >
Sent: Monday, October 17, 2016 4:19 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] RE: Old Windows Defender update not being marked as
superseded 

 

Well, for now I'm going to set my ADR to only include updates from the last
1 day. Maybe that will help.

 



 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Monday, October 17, 2016 11:12 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] RE: Old Windows Defender update not being marked as
superseded

 

This should read "My Endpoints are NOT getting updated this morning."

 

From:  <mailto:listsad...@lists.myitforum.com>
listsad...@lists.myitforum.com [ <mailto:listsad...@lists.myitforum.com>
mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Monday, October 17, 2016 10:16 AM
To:  <mailto:mssms@lists.myitforum.com> mssms@lists.myitforum.com
Subject: [mssms] Old Windows Defender update not being marked as superseded

 

My Endpoints are getting updated this morning. When I checked the update
package, I see an update from 10/13 that has not been superseded. There are
newer updates, so I'm not sure why this one is still there?

 



 

 

Best Regards,

 

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
mmur...@csuchico.edu <mailto:mmur...@csuchico.edu> 

 

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:
<http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml>
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

 

 

 

 

 





smime.p7s
Description: S/MIME cryptographic signature

[mssms] RE: Old Windows Defender update not being marked as superseded

2016-10-17 Thread Murray, Mike

Well, for now I'm going to set my ADR to only include updates from the last
1 day. Maybe that will help.

 



 

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Murray, Mike
Sent: Monday, October 17, 2016 11:12 AM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Old Windows Defender update not being marked as
superseded

 

This should read "My Endpoints are NOT getting updated this morning."

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Monday, October 17, 2016 10:16 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] Old Windows Defender update not being marked as superseded

 

My Endpoints are getting updated this morning. When I checked the update
package, I see an update from 10/13 that has not been superseded. There are
newer updates, so I'm not sure why this one is still there?

 



 

 

Best Regards,

 

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
 <mailto:mmur...@csuchico.edu> mmur...@csuchico.edu

 

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

 

 

 





smime.p7s
Description: S/MIME cryptographic signature

[mssms] RE: Recommended USB Flash Drives for OSD

2016-10-17 Thread Murray, Mike

The majority of our area techs use PXE as well. And our folks rely on PXE
when imaging multiple machines at once. But for onesy-twosey, I like the USB
boot, its faster.  J

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Andreas Hammarskjöld
Sent: Monday, October 17, 2016 11:31 AM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Recommended USB Flash Drives for OSD

I meet a lot of USB deployers in my field, naturally, since we sell PXE
software. The common view is that its a royal mess.

So go with any ol PXE instead! Will save you a ton of headaches and less
frustrated deployment techies.

//A

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: den 17 oktober 2016 13:19
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] RE: Recommended USB Flash Drives for OSD

Honestly we have a mixed bag of USB keys and they all work fine. Are you
talking about standalone imaging or just putting the boot image on it?
Either way, we use a wide variety.

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Chris Carbone
Sent: Monday, October 17, 2016 9:16 AM
To: 'mssms@lists.myitforum.com' mailto:mssms@lists.myitforum.com> >
Subject: [mssms] Recommended USB Flash Drives for OSD

Hello All,

I would like to entertain the idea again of using USB for imaging. In the
past we were using the Kingston Traveler USB 3.0 drives and I recently read
that these are known to have issues with imaging. I did not know this and
always wondered why imaging would sometimes flake out for us. 

Does anyone use USB 2.0 drives that you have used for a while that are
consistently working with OSD?

Thanks!

Chris

This electronic mail transmission may contain confidential information
intended only for the use of the individual(s) identified as addressee(s).
If you are not the intended recipient, you are hereby notified that any
disclosure, copying, distribution or the taking of any action in reliance on
the contents of this electronic mail transmission is strictly prohibited. If
you have received this transmission in error, please notify me by telephone
immediately. 

smime.p7s
Description: S/MIME cryptographic signature

[mssms] RE: Old Windows Defender update not being marked as superseded

2016-10-17 Thread Murray, Mike

This should read "My Endpoints are NOT getting updated this morning."

 

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Murray, Mike
Sent: Monday, October 17, 2016 10:16 AM
To: mssms@lists.myitforum.com
Subject: [mssms] Old Windows Defender update not being marked as superseded

 

My Endpoints are getting updated this morning. When I checked the update
package, I see an update from 10/13 that has not been superseded. There are
newer updates, so I'm not sure why this one is still there?

 



 

 

Best Regards,

 

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
 <mailto:mmur...@csuchico.edu> mmur...@csuchico.edu

 

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

 

 





smime.p7s
Description: S/MIME cryptographic signature

[mssms] RE: Recommended USB Flash Drives for OSD

2016-10-17 Thread Murray, Mike

Honestly we have a mixed bag of USB keys and they all work fine. Are you
talking about standalone imaging or just putting the boot image on it?
Either way, we use a wide variety.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Chris Carbone
Sent: Monday, October 17, 2016 9:16 AM
To: 'mssms@lists.myitforum.com' 
Subject: [mssms] Recommended USB Flash Drives for OSD

Hello All,

I would like to entertain the idea again of using USB for imaging. In the
past we were using the Kingston Traveler USB 3.0 drives and I recently read
that these are known to have issues with imaging. I did not know this and
always wondered why imaging would sometimes flake out for us. 

Does anyone use USB 2.0 drives that you have used for a while that are
consistently working with OSD?

Thanks!

Chris

This electronic mail transmission may contain confidential information
intended only for the use of the individual(s) identified as addressee(s).
If you are not the intended recipient, you are hereby notified that any
disclosure, copying, distribution or the taking of any action in reliance on
the contents of this electronic mail transmission is strictly prohibited. If
you have received this transmission in error, please notify me by telephone
immediately. 

smime.p7s
Description: S/MIME cryptographic signature

[mssms] Old Windows Defender update not being marked as superseded

2016-10-17 Thread Murray, Mike

My Endpoints are getting updated this morning. When I checked the update
package, I see an update from 10/13 that has not been superseded. There are
newer updates, so I'm not sure why this one is still there?

 



 

 

Best Regards,

 

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
  mmur...@csuchico.edu

 

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:

http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

 





smime.p7s
Description: S/MIME cryptographic signature

RE: [mssms] RE: Management dashboard

2016-10-13 Thread Murray, Mike

Great suggestion. I found the dashboard below. The only oddity, is
DeviceName comes up as some string of numbers:

 



 

https://gallery.technet.microsoft.com/Power-BI-SCCM-Dashboard-d1b7e688

 

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Stephen Leuthold
Sent: Thursday, October 13, 2016 9:36 AM
To: mssms@lists.myitforum.com
Subject: Re: [mssms] RE: Management dashboard

 

Is Power BI an option for a reporting platform? The desktop version is free,
you would need licenses if you wanted to publish the reports to the "cloud".
If this is an option, there are a few SCCM Power BI templates available.
This path will also make it easier to pull data in from other sources that
you might want to show in a dashboard.

Regards, 

Stephen


On Oct 13, 2016, at 11:26 AM, Murray, Mike mailto:mmur...@csuchico.edu> > wrote:

Bump

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Wednesday, October 12, 2016 9:37 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] Management dashboard

 

Hey all,

 

I'm looking to create a high level dashboard report for management. Is
anyone doing something similar to the link below? What other data do you
display? Could you provide a report for me to try?

 

https://blogs.technet.microsoft.com/configmgrdude/2015/01/06/creating-a-simp
le-configmgr-2012-r2-dashboard-using-smsprov-log-and-ssrs/

 

Side note, the above report seems to pull in too many OS results. I'm
guessing it's including obsolete records?

 

 

Best Regards,

 

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
 <mailto:mmur...@csuchico.edu> mmur...@csuchico.edu

 

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

 

 

 

 





smime.p7s
Description: S/MIME cryptographic signature

RE: [mssms] RE: Management dashboard

2016-10-13 Thread Murray, Mike

I was able to switch from resource ID to computer name. Cool dashboard!

 

Thanks!

 

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Stephen Leuthold
Sent: Thursday, October 13, 2016 9:36 AM
To: mssms@lists.myitforum.com
Subject: Re: [mssms] RE: Management dashboard

 

Is Power BI an option for a reporting platform? The desktop version is free,
you would need licenses if you wanted to publish the reports to the "cloud".
If this is an option, there are a few SCCM Power BI templates available.
This path will also make it easier to pull data in from other sources that
you might want to show in a dashboard.

Regards, 

Stephen


On Oct 13, 2016, at 11:26 AM, Murray, Mike mailto:mmur...@csuchico.edu> > wrote:

Bump

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Wednesday, October 12, 2016 9:37 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] Management dashboard

 

Hey all,

 

I'm looking to create a high level dashboard report for management. Is
anyone doing something similar to the link below? What other data do you
display? Could you provide a report for me to try?

 

https://blogs.technet.microsoft.com/configmgrdude/2015/01/06/creating-a-simp
le-configmgr-2012-r2-dashboard-using-smsprov-log-and-ssrs/

 

Side note, the above report seems to pull in too many OS results. I'm
guessing it's including obsolete records?

 

 

Best Regards,

 

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
 <mailto:mmur...@csuchico.edu> mmur...@csuchico.edu

 

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

 

 

 

 





smime.p7s
Description: S/MIME cryptographic signature

[mssms] RE: Management dashboard

2016-10-13 Thread Murray, Mike

Bump

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Murray, Mike
Sent: Wednesday, October 12, 2016 9:37 AM
To: mssms@lists.myitforum.com
Subject: [mssms] Management dashboard

Hey all,

I'm looking to create a high level dashboard report for management. Is
anyone doing something similar to the link below? What other data do you
display? Could you provide a report for me to try?

https://blogs.technet.microsoft.com/configmgrdude/2015/01/06/creating-a-simp
le-configmgr-2012-r2-dashboard-using-smsprov-log-and-ssrs/

Side note, the above report seems to pull in too many OS results. I'm
guessing it's including obsolete records?

Best Regards,

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
 <mailto:mmur...@csuchico.edu> mmur...@csuchico.edu

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

smime.p7s
Description: S/MIME cryptographic signature

[mssms] Management dashboard

2016-10-12 Thread Murray, Mike

Hey all,

 

I'm looking to create a high level dashboard report for management. Is
anyone doing something similar to the link below? What other data do you
display? Could you provide a report for me to try?

 

https://blogs.technet.microsoft.com/configmgrdude/2015/01/06/creating-a-simp
le-configmgr-2012-r2-dashboard-using-smsprov-log-and-ssrs/

 

Side note, the above report seems to pull in too many OS results. I'm
guessing it's including obsolete records?

 

 

Best Regards,

 

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
  mmur...@csuchico.edu

 

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:

http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

 





smime.p7s
Description: S/MIME cryptographic signature

RE: [mssms] Can i Replace SCCM Console with webbased?

2016-10-11 Thread Murray, Mike

Check this out, it might do the trick. Note, the author is leaving the 
ConfigMgr community, so I don’t know if it will be updated again.

 

https://scottkeiffer.wordpress.com/2013/09/13/configuration-manager-web-frontend/

 

Mike

 

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of S ConfigMgr
Sent: Tuesday, October 11, 2016 10:14 AM
To: mssms@lists.myitforum.com
Subject: Re: [mssms] Can i Replace SCCM Console with webbased?

 

thank Ryan,

 

We wanted to replace almost all the features that offered by SCCM Console.

 

So that engineers can access is remotely as a web service...

 

On Tue, Oct 11, 2016 at 10:35 PM, Ryan mailto:ryan2...@gmail.com> > wrote:

There is no Microsoft web console for SCCM, but there are some community 
solutions out there. What are you looking to do with the console?

 

On Tue, Oct 11, 2016 at 11:56 AM S ConfigMgr mailto:configmgrarch...@gmail.com> > wrote:

We are running SCCM 1606 , looking for web based solution so that we can 
replace sccm console and offer as a web service. ?

 

is this possible ?

 

-- 

Thanks,

ED

 





 

-- 

Thanks,

ED

 






smime.p7s
Description: S/MIME cryptographic signature

[mssms] RE: Endpoint client definitions not updating regularly

2016-10-11 Thread Murray, Mike

Good idea, thanks!

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Beardsley, James
Sent: Tuesday, October 11, 2016 7:41 AM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Endpoint client definitions not updating regularly

What is your source order? Why not just put Microsoft Update as the top
source? We have ours set like below. We opened a ticket with Microsoft for a
similar issue and after conferring with them, they suggested we let the
clients update directly from Microsoft rather than getting updates from
WSUS/ConfigMgr. We're only 2500 clients though so maybe that's not ideal
from a bandwidth perspective if, for example, you have 10x that. 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Monday, October 10, 2016 4:29 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] RE: Endpoint client definitions not updating regularly

I think this may be it. We had Forefront Endpoint Protection 2010 selected,
but not Windows Defender in our ADR. Hoping the new settings below do the
trick. Thanks!

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Nemec, Dale
Sent: Monday, October 10, 2016 10:42 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] RE: Endpoint client definitions not updating regularly

Mike,

Look at your ADR.

Last month we had to add in the Windows Defender updates for Windows 10
since the Definition files appear to have been split based on OS type.
Win7/8.1 get one set of files, Win10 gets another set.

Our Definition package size also grew about 3 times its previous size after
we added in the Win10 Definition set to the ADR.

Dale Nemec | Global Architecture & Technology Ops (ESS) | Tektronix

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Monday, October 10, 2016 9:13 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] Endpoint client definitions not updating regularly

We have our Endpoint Protection settings to check for updates every 8 hours,
but many clients that are online are 2, 3, even 5 days out of date. I've
verified the definition updates are being downloaded and set to deploy. I've
verified our ADR is deployed to All Systems. This is a big concern - we're
trying to move from McAfee ePO to EP, but if our clients are this far out of
date it's not good. Looking at our settings, clients *should* be updating at
least a couple times a day. Any input is appreciated!

Best Regards,

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
 <mailto:mmur...@csuchico.edu> mmur...@csuchico.edu

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

Please be advised that this email may contain confidential information. If
you are not the intended recipient, please notify us by email by replying to
the sender and delete this message. The sender disclaims that the content of
this email constitutes an offer to enter into, or the acceptance of, any
agreement; provided that the foregoing does not invalidate the binding
effect of any digital or other electronic reproduction of a manual signature
that is included in any attachment. 

  _  

Confidentiality Notice: This e-mail is intended only for the addressee named
above. It contains information that is privileged, confidential or otherwise
protected from use and disclosure. If you are not the intended recipient,
you are hereby notified that any review, disclosure, copying, or
dissemination of this transmission, or taking of any action in reliance on
its contents, or other use is strictly prohibited. If you have received this
transmission in error, please reply to the sender listed above immediately
and permanently delete this message from your inbox. Thank you for your
cooperation.

smime.p7s
Description: S/MIME cryptographic signature

[mssms] RE: OT - Excel VLOOKUP help?

2016-10-10 Thread Murray, Mike

Never mind, turns out it's a limitation of VLOOKUP - the value it checks
against must be in the first column.

From: Murray, Mike 
Sent: Monday, October 10, 2016 4:42 PM
To: mssms@lists.myitforum.com
Subject: OT - Excel VLOOKUP help?

I'm sure there's an Excel guru out there that can easily explain why this
isn't working. In the "testcomp" sheet I'm trying to looking up the
distinguished name value on column C to a matching value on the "testuser"
sheet and return the friendly user name (or any other columns I choose). It
keeps coming up with "N/A", even though the value is there. I've used
VLOOKUP in the past a lot, not sure why it won't work here.

TIA!

Mike

smime.p7s
Description: S/MIME cryptographic signature

[mssms] OT - Excel VLOOKUP help?

2016-10-10 Thread Murray, Mike

I'm sure there's an Excel guru out there that can easily explain why this
isn't working. In the "testcomp" sheet I'm trying to looking up the
distinguished name value on column C to a matching value on the "testuser"
sheet and return the friendly user name (or any other columns I choose). It
keeps coming up with "N/A", even though the value is there. I've used
VLOOKUP in the past a lot, not sure why it won't work here.

 

TIA!

 

Mike





AD Computer and User Data - TEST.xlsx
Description: MS-Excel 2007 spreadsheet


smime.p7s
Description: S/MIME cryptographic signature

[mssms] RE: Endpoint client definitions not updating regularly

2016-10-10 Thread Murray, Mike

I think this may be it. We had Forefront Endpoint Protection 2010 selected,
but not Windows Defender in our ADR. Hoping the new settings below do the
trick. Thanks!

 



 

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Nemec, Dale
Sent: Monday, October 10, 2016 10:42 AM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Endpoint client definitions not updating regularly

 

Mike,

Look at your ADR.

 

Last month we had to add in the Windows Defender updates for Windows 10
since the Definition files appear to have been split based on OS type.
Win7/8.1 get one set of files, Win10 gets another set.

 

Our Definition package size also grew about 3 times its previous size after
we added in the Win10 Definition set to the ADR.

 

Dale Nemec | Global Architecture & Technology Ops (ESS) | Tektronix

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Monday, October 10, 2016 9:13 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] Endpoint client definitions not updating regularly

 

We have our Endpoint Protection settings to check for updates every 8 hours,
but many clients that are online are 2, 3, even 5 days out of date. I've
verified the definition updates are being downloaded and set to deploy. I've
verified our ADR is deployed to All Systems. This is a big concern - we're
trying to move from McAfee ePO to EP, but if our clients are this far out of
date it's not good. Looking at our settings, clients *should* be updating at
least a couple times a day. Any input is appreciated!

 



 

 

Best Regards,

 

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
 <mailto:mmur...@csuchico.edu> mmur...@csuchico.edu

 

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

 

 

Please be advised that this email may contain confidential information. If
you are not the intended recipient, please notify us by email by replying to
the sender and delete this message. The sender disclaims that the content of
this email constitutes an offer to enter into, or the acceptance of, any
agreement; provided that the foregoing does not invalidate the binding
effect of any digital or other electronic reproduction of a manual signature
that is included in any attachment. 

 





smime.p7s
Description: S/MIME cryptographic signature

[mssms] Endpoint client definitions not updating regularly

2016-10-10 Thread Murray, Mike

We have our Endpoint Protection settings to check for updates every 8 hours,
but many clients that are online are 2, 3, even 5 days out of date. I've
verified the definition updates are being downloaded and set to deploy. I've
verified our ADR is deployed to All Systems. This is a big concern - we're
trying to move from McAfee ePO to EP, but if our clients are this far out of
date it's not good. Looking at our settings, clients *should* be updating at
least a couple times a day. Any input is appreciated!

 



 

 

Best Regards,

 

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
  mmur...@csuchico.edu

 

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:

http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

 





smime.p7s
Description: S/MIME cryptographic signature

RE: [mssms] Allowing staff to add computers to collection

2016-10-06 Thread Murray, Mike

Maybe, I’ll test. Thanks.  ☺

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Adam Juelich
Sent: Thursday, October 6, 2016 12:39 PM
To: mssms@lists.myitforum.com
Subject: Re: [mssms] Allowing staff to add computers to collection

https://technet.microsoft.com/en-us/library/mt592917.aspx#bkmk_planCol

This doesn't fit the bill?

On Thu, Oct 6, 2016 at 1:52 PM, Murray, Mike 
mailto:mmur...@csuchico.edu>> wrote:
I don’t see a role that fits.  :/

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Adam Juelich
Sent: Thursday, October 6, 2016 10:56 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: Re: [mssms] Allowing staff to add computers to collection

Can't you utilize Role-Based Administration on a Security Group / Collection 
level?

On Thu, Oct 6, 2016 at 12:23 PM, Murray, Mike 
mailto:mmur...@csuchico.edu>> wrote:
CM2012. I’d like to allow certain staff members to add computers to a 
collection. I found this article: 
https://social.technet.microsoft.com/Forums/en-US/c9d7531c-c8e1-4b0f-ab95-5a9ec5207e41/sccm-2012-security-to-allow-users-to-add-resource-to-a-collection?forum=configmanagersecurity

It says the below, which is confusing me. Can someone clear this up and let me 
know if this is a good idea?

Here is a solution that should work for you. Perform this on a test account 
with only the security role you are going to change for your users in question.

  1.  Create a new collection that is a copy of your collection limiting 
collection mentioned above.
  2.  Set the limiting collection of this new collection to something other 
than the limiting collection it defaults to, which is the copied collection.
  3.  Select the collections to which you wish to grant Add Resource 
permissions to and set their limiting collection to this new collection.
  4.  Within your Administrative user or group properties, specify this new 
limiting collection and the collections you wish to allow Add Resource 
permissions under the "Associate assigned security roles with specific security 
scopes and collections - don't forget to add your security scope.
  5.  Apply the changes and test - don't forget to restart the console of your 
test account.
This does a couple things - it allows the Add Resource function to the specific 
collections you wish for the specific Administrative user/group you wish.  It 
does NOT allow modify on the limiting collection. And it separates the specific 
collections you tag as being modifiable by the specified group.

Best Regards,

Mike Murray
Desktop Engineer/IT Consultant - IT Support Services
California State University, Chico
530.898.4357
mmur...@csuchico.edu<mailto:mmur...@csuchico.edu>

Remember, Chico State will NEVER ask you for your password via email!
For more information about recognizing phishing scam emails go to: 
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

RE: [mssms] Allowing staff to add computers to collection

2016-10-06 Thread Murray, Mike

I’m good now. I created a new role that allows collection modification, set the 
user’s scope for the collection, he was able to add. Thanks!

Mike

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Nemec, Dale
Sent: Thursday, October 6, 2016 1:42 PM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] Allowing staff to add computers to collection

I agree, use AD security group memberships for users and computers.

We use a naming convention that helps our Service Desk understand which AD 
object to put into the security group:

-  CM-U-AppNamevN.NNis a security group for just usernames that 
will be targeted with a deployment

-  CM-C-AppNamevN.NNis a security group for just computer names 
that will be targeted with a deployment

Service Desk techs don’t need the SCCM Admin Console.  In fact, since they are 
a mostly in the AD Users & Computers anyhow, the security AD groups work quite 
well for us.

Dale Nemec | Global Architecture & Technology Ops (ESS) | Tektronix

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Marcum, John
Sent: Thursday, October 6, 2016 1:29 PM
To: 'mssms@lists.myitforum.com' 
mailto:mssms@lists.myitforum.com>>
Subject: RE: [mssms] Allowing staff to add computers to collection

Fair enough. Still use an AD group.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Thursday, October 6, 2016 1:51 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: RE: [mssms] Allowing staff to add computers to collection

This is for BitLocker deployment, so user is not an option.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Marcum, John
Sent: Thursday, October 6, 2016 11:04 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: RE: [mssms] Allowing staff to add computers to collection

I detest direct memberships. 1.) Don’t deploy to computers, deploy to users. 
2.) Use AD groups in your queries not direct rules.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Adam Juelich
Sent: Thursday, October 6, 2016 12:56 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: Re: [mssms] Allowing staff to add computers to collection

[External Email]
Can't you utilize Role-Based Administration on a Security Group / Collection 
level?

On Thu, Oct 6, 2016 at 12:23 PM, Murray, Mike 
mailto:mmur...@csuchico.edu>> wrote:
CM2012. I’d like to allow certain staff members to add computers to a 
collection. I found this article: 
https://social.technet.microsoft.com/Forums/en-US/c9d7531c-c8e1-4b0f-ab95-5a9ec5207e41/sccm-2012-security-to-allow-users-to-add-resource-to-a-collection?forum=configmanagersecurity

It says the below, which is confusing me. Can someone clear this up and let me 
know if this is a good idea?

Here is a solution that should work for you. Perform this on a test account 
with only the security role you are going to change for your users in question.

  1.  Create a new collection that is a copy of your collection limiting 
collection mentioned above.
  2.  Set the limiting collection of this new collection to something other 
than the limiting collection it defaults to, which is the copied collection.
  3.  Select the collections to which you wish to grant Add Resource 
permissions to and set their limiting collection to this new collection.
  4.  Within your Administrative user or group properties, specify this new 
limiting collection and the collections you wish to allow Add Resource 
permissions under the "Associate assigned security roles with specific security 
scopes and collections - don't forget to add your security scope.
  5.  Apply the changes and test - don't forget to restart the console of your 
test account.
This does a couple things - it allows the Add Resource function to the specific 
collections you wish for the specific Administrative user/group you wish.  It 
does NOT allow modify on the limiting collection. And it separates the specific 
collections you tag as being modifiable by the specified group.

Best Regards,

Mike Murray
Desktop Engineer/IT Consultant - IT Support Services
California State University, Chico
530.898.4357
mmur...@csuchico.edu<mailto:mmur...@csuchico.edu>

Remember, Chico State will NEVER ask you for your password via email!
For more information about recognizing phishing scam emails go to: 
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

Confidentiality Notice: This e-mail is from a law firm and may be protected by 
the attorney-client

RE: [mssms] Allowing staff to add computers to collection

2016-10-06 Thread Murray, Mike

This is for BitLocker deployment, so user is not an option.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Marcum, John
Sent: Thursday, October 6, 2016 11:04 AM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] Allowing staff to add computers to collection

I detest direct memberships. 1.) Don’t deploy to computers, deploy to users. 
2.) Use AD groups in your queries not direct rules.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Adam Juelich
Sent: Thursday, October 6, 2016 12:56 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: Re: [mssms] Allowing staff to add computers to collection

[External Email]
Can't you utilize Role-Based Administration on a Security Group / Collection 
level?

On Thu, Oct 6, 2016 at 12:23 PM, Murray, Mike 
mailto:mmur...@csuchico.edu>> wrote:
CM2012. I’d like to allow certain staff members to add computers to a 
collection. I found this article: 
https://social.technet.microsoft.com/Forums/en-US/c9d7531c-c8e1-4b0f-ab95-5a9ec5207e41/sccm-2012-security-to-allow-users-to-add-resource-to-a-collection?forum=configmanagersecurity

It says the below, which is confusing me. Can someone clear this up and let me 
know if this is a good idea?

Here is a solution that should work for you. Perform this on a test account 
with only the security role you are going to change for your users in question.

  1.  Create a new collection that is a copy of your collection limiting 
collection mentioned above.
  2.  Set the limiting collection of this new collection to something other 
than the limiting collection it defaults to, which is the copied collection.
  3.  Select the collections to which you wish to grant Add Resource 
permissions to and set their limiting collection to this new collection.
  4.  Within your Administrative user or group properties, specify this new 
limiting collection and the collections you wish to allow Add Resource 
permissions under the "Associate assigned security roles with specific security 
scopes and collections - don't forget to add your security scope.
  5.  Apply the changes and test - don't forget to restart the console of your 
test account.
This does a couple things - it allows the Add Resource function to the specific 
collections you wish for the specific Administrative user/group you wish.  It 
does NOT allow modify on the limiting collection. And it separates the specific 
collections you tag as being modifiable by the specified group.

Best Regards,

Mike Murray
Desktop Engineer/IT Consultant - IT Support Services
California State University, Chico
530.898.4357
mmur...@csuchico.edu<mailto:mmur...@csuchico.edu>

Remember, Chico State will NEVER ask you for your password via email!
For more information about recognizing phishing scam emails go to: 
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

Confidentiality Notice: This e-mail is from a law firm and may be protected by 
the attorney-client or work product privileges. If you have received this 
message in error, please notify the sender by replying to this e-mail and then 
delete it from your computer.

RE: [mssms] Allowing staff to add computers to collection

2016-10-06 Thread Murray, Mike

I don’t see a role that fits.  :/

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Adam Juelich
Sent: Thursday, October 6, 2016 10:56 AM
To: mssms@lists.myitforum.com
Subject: Re: [mssms] Allowing staff to add computers to collection

Can't you utilize Role-Based Administration on a Security Group / Collection 
level?

On Thu, Oct 6, 2016 at 12:23 PM, Murray, Mike 
mailto:mmur...@csuchico.edu>> wrote:
CM2012. I’d like to allow certain staff members to add computers to a 
collection. I found this article: 
https://social.technet.microsoft.com/Forums/en-US/c9d7531c-c8e1-4b0f-ab95-5a9ec5207e41/sccm-2012-security-to-allow-users-to-add-resource-to-a-collection?forum=configmanagersecurity

It says the below, which is confusing me. Can someone clear this up and let me 
know if this is a good idea?

Here is a solution that should work for you. Perform this on a test account 
with only the security role you are going to change for your users in question.

  1.  Create a new collection that is a copy of your collection limiting 
collection mentioned above.
  2.  Set the limiting collection of this new collection to something other 
than the limiting collection it defaults to, which is the copied collection.
  3.  Select the collections to which you wish to grant Add Resource 
permissions to and set their limiting collection to this new collection.
  4.  Within your Administrative user or group properties, specify this new 
limiting collection and the collections you wish to allow Add Resource 
permissions under the "Associate assigned security roles with specific security 
scopes and collections - don't forget to add your security scope.
  5.  Apply the changes and test - don't forget to restart the console of your 
test account.
This does a couple things - it allows the Add Resource function to the specific 
collections you wish for the specific Administrative user/group you wish.  It 
does NOT allow modify on the limiting collection. And it separates the specific 
collections you tag as being modifiable by the specified group.

Best Regards,

Mike Murray
Desktop Engineer/IT Consultant - IT Support Services
California State University, Chico
530.898.4357
mmur...@csuchico.edu<mailto:mmur...@csuchico.edu>

Remember, Chico State will NEVER ask you for your password via email!
For more information about recognizing phishing scam emails go to: 
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

[mssms] Allowing staff to add computers to collection

2016-10-06 Thread Murray, Mike

CM2012. I'd like to allow certain staff members to add computers to a
collection. I found this article:
https://social.technet.microsoft.com/Forums/en-US/c9d7531c-c8e1-4b0f-ab95-5a9ec5207e41/sccm-2012-security-to-allow-users-to-add-resource-to-a-collection?forum=configmanagersecurity

It says the below, which is confusing me. Can someone clear this up and let me
know if this is a good idea?

Here is a solution that should work for you. Perform this on a test account
with only the security role you are going to change for your users in question.

1. Create a new collection that is a copy of your collection limiting
collection mentioned above.
2. Set the limiting collection of this new collection to something other
than the limiting collection it defaults to, which is the copied collection.
3. Select the collections to which you wish to grant Add Resource
permissions to and set their limiting collection to this new collection.
4. Within your Administrative user or group properties, specify this new
limiting collection and the collections you wish to allow Add Resource
permissions under the "Associate assigned security roles with specific security
scopes and collections - don't forget to add your security scope.
5. Apply the changes and test - don't forget to restart the console of your
test account.
This does a couple things - it allows the Add Resource function to the specific
collections you wish for the specific Administrative user/group you wish. It
does NOT allow modify on the limiting collection. And it separates the specific
collections you tag as being modifiable by the specified group.

Best Regards,

Mike Murray
Desktop Engineer/IT Consultant - IT Support Services
California State University, Chico
530.898.4357
mmur...@csuchico.edu

Remember, Chico State will NEVER ask you for your password via email!
For more information about recognizing phishing scam emails go to:
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

RE: [mssms] Horrible food at Ignite

2016-09-27 Thread Murray, Mike

Well that makes attending conferences pretty much impossible!

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Heaton, Joseph@Wildlife
Sent: Tuesday, September 27, 2016 3:03 PM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] Horrible food at Ignite

If it’s in SF, I might even be able to attend.  I’m not allowed to go to 
anything out of state.  L

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Tuesday, September 27, 2016 2:10 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] Horrible food at Ignite

I’m so over Vegas. I’d much rather go to SF, SD, or even Minnesota.  :D

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Marcum, John
Sent: Tuesday, September 27, 2016 11:35 AM
To: SMS mailto:mssms@lists.myitforum.com> >
Subject: RE: [mssms] Horrible food at Ignite

Ah man! No more Vegas??? We need to get MMS moved to vegas!

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of rodtr...@myitforum.com 
<mailto:rodtr...@myitforum.com> 
Sent: Tuesday, September 27, 2016 1:31 PM
To: SMS mailto:mssms@lists.myitforum.com> >
Subject: RE: [mssms] Horrible food at Ignite

[External Email] 

If you just want/need System Center topics, MMS still exists:  
https://mmsmoa.com/ 

If you work with more than just System Center, check out ITDC. ITDC 2016 is in 
2 weeks, but 2017 will be moving to San Francisco.

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Roland Janus
Sent: Tuesday, September 27, 2016 2:23 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: AW: [mssms] Horrible food at Ignite

Yeah, 23000, well, another reason why I probably don’t want to attend Ignite 
anymore, it just got to big.

I miss MMS.

So, I guess I go outside to get something decent.

-Roland

Von: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] Im Auftrag von rodtr...@myitforum.com 
<mailto:rodtr...@myitforum.com> 
Gesendet: Dienstag, 27. September 2016 19:14
An: SMS mailto:mssms@lists.myitforum.com> >
Betreff: RE: [mssms] Horrible food at Ignite

There were only around 10k in Houston.

This is over twice that number. Plus, there’s a LOT of eateries in the downtown 
area. You don’t have to eat conference food like you did being stuck at the 
event center in Chicago last year. MSFT counts on offloading meals every year, 
which is why they spend a lot of cycles promoting local restaurants.

Consider, too, that Microsoft doesn’t intend to make money off the conference. 
This is free marketing for them, so they’ll save costs where they can.  Makes a 
lot of sense for a conference this size.

From: roland.ja...@hispeed.ch <mailto:roland.ja...@hispeed.ch>  
[mailto:roland.ja...@hispeed.ch] 
Sent: Tuesday, September 27, 2016 12:52 PM
To: rodtr...@myitforum.com <mailto:rodtr...@myitforum.com> 
Subject: AW: [mssms] Horrible food at Ignite

Nah, I don't and they managed in Houston, the last one i visited before.

I do think I pay enough.

Gesendet von meinem Windows 10 Phone

Von: rodtr...@myitforum.com <mailto:rodtr...@myitforum.com> 
Gesendet: Dienstag, 27. September 2016 12:46
An: SMS <mailto:mssms@lists.myitforum.com> 
Betreff: RE: [mssms] Horrible food at Ignite

You sort of have to expect that. Its difficult and costly to serve food to 23k. 

Rod Trent

 <http://itdevconnections.com/> 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Roland Janus
Sent: Tuesday, September 27, 2016 12:21 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] Horrible food at Ignite

I’m kind of surprised that there are not a zillion comments about the horrible 
food we get at Ignite.

Cold sandwiches? Seriously and like the same every day?

I’ve good better food on any airplane and it’s warm.

That is just not acceptable.

-R

Sent from Mail <https://go.microsoft.com/fwlink/?LinkId=550986>  for Windows 10

  _  

Confidentiality Notice: This e-mail is from a law firm and may be protected by 
the attorney-client or work product privileges. If you have received this 
message in error, please notify the sender by replying to this e-mail and then 
delete it from your computer.

smime.p7s
Description: S/MIME cryptographic signature

RE: [mssms] Horrible food at Ignite

2016-09-27 Thread Murray, Mike

I’m so over Vegas. I’d much rather go to SF, SD, or even Minnesota.  :D

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Marcum, John
Sent: Tuesday, September 27, 2016 11:35 AM
To: SMS 
Subject: RE: [mssms] Horrible food at Ignite

Ah man! No more Vegas??? We need to get MMS moved to vegas!

From: listsad...@lists.myitforum.com   
[mailto:listsad...@lists.myitforum.com] On Behalf Of rodtr...@myitforum.com 

Sent: Tuesday, September 27, 2016 1:31 PM
To: SMS mailto:mssms@lists.myitforum.com> >
Subject: RE: [mssms] Horrible food at Ignite

[External Email] 

If you just want/need System Center topics, MMS still exists:  
https://mmsmoa.com/ 

If you work with more than just System Center, check out ITDC. ITDC 2016 is in 
2 weeks, but 2017 will be moving to San Francisco.

From: listsad...@lists.myitforum.com   
[mailto:listsad...@lists.myitforum.com] On Behalf Of Roland Janus
Sent: Tuesday, September 27, 2016 2:23 PM
To: mssms@lists.myitforum.com
Subject: AW: [mssms] Horrible food at Ignite

Yeah, 23000, well, another reason why I probably don’t want to attend Ignite 
anymore, it just got to big.

I miss MMS.

So, I guess I go outside to get something decent.

-Roland

Von: listsad...@lists.myitforum.com   
[mailto:listsad...@lists.myitforum.com] Im Auftrag von rodtr...@myitforum.com 

Gesendet: Dienstag, 27. September 2016 19:14
An: SMS mailto:mssms@lists.myitforum.com> >
Betreff: RE: [mssms] Horrible food at Ignite

There were only around 10k in Houston.

This is over twice that number. Plus, there’s a LOT of eateries in the downtown 
area. You don’t have to eat conference food like you did being stuck at the 
event center in Chicago last year. MSFT counts on offloading meals every year, 
which is why they spend a lot of cycles promoting local restaurants.

Consider, too, that Microsoft doesn’t intend to make money off the conference. 
This is free marketing for them, so they’ll save costs where they can.  Makes a 
lot of sense for a conference this size.

From: roland.ja...@hispeed.ch   
[mailto:roland.ja...@hispeed.ch] 
Sent: Tuesday, September 27, 2016 12:52 PM
To: rodtr...@myitforum.com  
Subject: AW: [mssms] Horrible food at Ignite

Nah, I don't and they managed in Houston, the last one i visited before.

I do think I pay enough.

Gesendet von meinem Windows 10 Phone

Von: rodtr...@myitforum.com  
Gesendet: Dienstag, 27. September 2016 12:46
An: SMS  
Betreff: RE: [mssms] Horrible food at Ignite

You sort of have to expect that. Its difficult and costly to serve food to 23k. 

Rod Trent

From: listsad...@lists.myitforum.com   
[mailto:listsad...@lists.myitforum.com] On Behalf Of Roland Janus
Sent: Tuesday, September 27, 2016 12:21 PM
To: mssms@lists.myitforum.com  
Subject: [mssms] Horrible food at Ignite

I’m kind of surprised that there are not a zillion comments about the horrible 
food we get at Ignite.

Cold sandwiches? Seriously and like the same every day?

I’ve good better food on any airplane and it’s warm.

That is just not acceptable.

-R

Sent from Mail   for Windows 10

  _  

Confidentiality Notice: This e-mail is from a law firm and may be protected by 
the attorney-client or work product privileges. If you have received this 
message in error, please notify the sender by replying to this e-mail and then 
delete it from your computer.

smime.p7s
Description: S/MIME cryptographic signature

RE: [mssms] Horrible food at Ignite

2016-09-27 Thread Murray, Mike

MMS is excellent. I went last year and plan on attending next year as well.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of rodtr...@myitforum.com
Sent: Tuesday, September 27, 2016 11:31 AM
To: SMS 
Subject: RE: [mssms] Horrible food at Ignite

If you just want/need System Center topics, MMS still exists:  
https://mmsmoa.com/ 

If you work with more than just System Center, check out ITDC. ITDC 2016 is in 
2 weeks, but 2017 will be moving to San Francisco.

From: listsad...@lists.myitforum.com   
[mailto:listsad...@lists.myitforum.com] On Behalf Of Roland Janus
Sent: Tuesday, September 27, 2016 2:23 PM
To: mssms@lists.myitforum.com  
Subject: AW: [mssms] Horrible food at Ignite

Yeah, 23000, well, another reason why I probably don’t want to attend Ignite 
anymore, it just got to big.

I miss MMS.

So, I guess I go outside to get something decent.

-Roland

Von: listsad...@lists.myitforum.com   
[mailto:listsad...@lists.myitforum.com] Im Auftrag von rodtr...@myitforum.com 

Gesendet: Dienstag, 27. September 2016 19:14
An: SMS mailto:mssms@lists.myitforum.com> >
Betreff: RE: [mssms] Horrible food at Ignite

There were only around 10k in Houston.

This is over twice that number. Plus, there’s a LOT of eateries in the downtown 
area. You don’t have to eat conference food like you did being stuck at the 
event center in Chicago last year. MSFT counts on offloading meals every year, 
which is why they spend a lot of cycles promoting local restaurants.

Consider, too, that Microsoft doesn’t intend to make money off the conference. 
This is free marketing for them, so they’ll save costs where they can.  Makes a 
lot of sense for a conference this size.

From: roland.ja...@hispeed.ch   
[mailto:roland.ja...@hispeed.ch] 
Sent: Tuesday, September 27, 2016 12:52 PM
To: rodtr...@myitforum.com  
Subject: AW: [mssms] Horrible food at Ignite

Nah, I don't and they managed in Houston, the last one i visited before.

I do think I pay enough.

Gesendet von meinem Windows 10 Phone

Von: rodtr...@myitforum.com  
Gesendet: Dienstag, 27. September 2016 12:46
An: SMS  
Betreff: RE: [mssms] Horrible food at Ignite

You sort of have to expect that. Its difficult and costly to serve food to 23k. 

Rod Trent

From: listsad...@lists.myitforum.com   
[mailto:listsad...@lists.myitforum.com] On Behalf Of Roland Janus
Sent: Tuesday, September 27, 2016 12:21 PM
To: mssms@lists.myitforum.com  
Subject: [mssms] Horrible food at Ignite

I’m kind of surprised that there are not a zillion comments about the horrible 
food we get at Ignite.

Cold sandwiches? Seriously and like the same every day?

I’ve good better food on any airplane and it’s warm.

That is just not acceptable.

-R

Sent from Mail   for Windows 10

smime.p7s
Description: S/MIME cryptographic signature

RE: [mssms] RE: Removing suggested and various "paid" apps from Win10 during imaging

2016-09-23 Thread Murray, Mike

I figured it out.  J

 

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael Niehaus
Sent: Friday, September 23, 2016 4:23 PM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] RE: Removing suggested and various "paid" apps from Win10 
during imaging

 

Are you using Windows 10 Pro or Windows 10 Enterprise?  The “consumer 
experiences” policy does control that, but it’s only supported on Enterprise 
with 1607.

 

Thanks,

-Michael 

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Adam Juelich
Sent: Friday, September 23, 2016 12:36 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: Re: [mssms] RE: Removing suggested and various "paid" apps from Win10 
during imaging

 

>From Mr. Niehaus:

 

https://blogs.technet.microsoft.com/mniehaus/2015/12/31/updated-remove-apps-script-and-a-workaround/

 

On Fri, Sep 23, 2016 at 12:56 PM, Murray, Mike mailto:mmur...@csuchico.edu> > wrote:

Well, never mind again. I set the “turn off Microsoft consumer experiences” in 
group policy, but I still see the suggested apps. Any ideas?

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com> 
] On Behalf Of Murray, Mike
Sent: Friday, September 23, 2016 9:56 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] RE: Removing suggested and various "paid" apps from Win10 
during imaging

 

NM, found the group policy setting.  J

 

From: Murray, Mike 
Sent: Friday, September 23, 2016 9:41 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: Removing suggested and various "paid" apps from Win10 during imaging

 

We’re playing with the 1607 build of Win10. The “suggested apps” and sneaky 
“paid” apps are annoying. Anyone have some PowerShell to disable/remove these 
during imaging?

 



 



 

 

Best Regards,

 

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357  
mmur...@csuchico.edu <mailto:mmur...@csuchico.edu> 

 

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to: 
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

 

 

 

 

 

 

 






smime.p7s
Description: S/MIME cryptographic signature

[mssms] RE: Removing suggested and various "paid" apps from Win10 during imaging

2016-09-23 Thread Murray, Mike

Sheesh, NM again. I had already logged in before I made the GPO change.
Sorry for the clutter.  L

 

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Murray, Mike
Sent: Friday, September 23, 2016 10:56 AM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Removing suggested and various "paid" apps from Win10
during imaging

 

Well, never mind again. I set the "turn off Microsoft consumer experiences"
in group policy, but I still see the suggested apps. Any ideas?

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Friday, September 23, 2016 9:56 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] RE: Removing suggested and various "paid" apps from Win10
during imaging

 

NM, found the group policy setting.  J

 

From: Murray, Mike 
Sent: Friday, September 23, 2016 9:41 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: Removing suggested and various "paid" apps from Win10 during
imaging

 

We're playing with the 1607 build of Win10. The "suggested apps" and sneaky
"paid" apps are annoying. Anyone have some PowerShell to disable/remove
these during imaging?

 



 



 

 

Best Regards,

 

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
 <mailto:mmur...@csuchico.edu> mmur...@csuchico.edu

 

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

 

 

 

 





smime.p7s
Description: S/MIME cryptographic signature

[mssms] RE: Removing suggested and various "paid" apps from Win10 during imaging

2016-09-23 Thread Murray, Mike

Well, never mind again. I set the "turn off Microsoft consumer experiences"
in group policy, but I still see the suggested apps. Any ideas?

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Murray, Mike
Sent: Friday, September 23, 2016 9:56 AM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Removing suggested and various "paid" apps from Win10
during imaging

NM, found the group policy setting.  J

From: Murray, Mike 
Sent: Friday, September 23, 2016 9:41 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: Removing suggested and various "paid" apps from Win10 during
imaging

We're playing with the 1607 build of Win10. The "suggested apps" and sneaky
"paid" apps are annoying. Anyone have some PowerShell to disable/remove
these during imaging?

Best Regards,

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
 <mailto:mmur...@csuchico.edu> mmur...@csuchico.edu

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

smime.p7s
Description: S/MIME cryptographic signature

[mssms] RE: Removing suggested and various "paid" apps from Win10 during imaging

2016-09-23 Thread Murray, Mike

NM, found the group policy setting.  J

From: Murray, Mike 
Sent: Friday, September 23, 2016 9:41 AM
To: mssms@lists.myitforum.com
Subject: Removing suggested and various "paid" apps from Win10 during
imaging

We're playing with the 1607 build of Win10. The "suggested apps" and sneaky
"paid" apps are annoying. Anyone have some PowerShell to disable/remove
these during imaging?

Best Regards,

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
 <mailto:mmur...@csuchico.edu> mmur...@csuchico.edu

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

smime.p7s
Description: S/MIME cryptographic signature

[mssms] Removing suggested and various "paid" apps from Win10 during imaging

2016-09-23 Thread Murray, Mike

We're playing with the 1607 build of Win10. The "suggested apps" and sneaky
"paid" apps are annoying. Anyone have some PowerShell to disable/remove
these during imaging?

 



 



 

 

Best Regards,

 

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
  mmur...@csuchico.edu

 

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:

http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

 

 





smime.p7s
Description: S/MIME cryptographic signature

RE: [mssms] RE: Help with computer models report

2016-09-22 Thread Murray, Mike

This is perfect, thanks Daniel!

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Daniel Ratliff
Sent: Thursday, September 22, 2016 6:00 AM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] RE: Help with computer models report

That’s just looking at the hardware inventory class, which doesn’t eliminate 
inactive or obsolete records. 

Join it to v_r_system_valid and that should clean up your data. 

Here is what we use:

SELECT csp.Vendor0 [Vendor], csp.Version0 [Model_Name], csp.Name0 
[Model_Number], COUNT(*) AS [Count]

FROMv_R_System_valid sys INNER JOIN

v_GS_COMPUTER_SYSTEM_PRODUCT csp ON sys.ResourceID = 
csp.ResourceID

GROUP BY csp.Vendor0, csp.Version0, csp.Name0

ORDER BY Model_Name, Model_Number

Daniel Ratliff

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Marcum, John
Sent: Thursday, September 22, 2016 8:41 AM
To: mailto:mssms@lists.myitforum.com> > 
mailto:mssms@lists.myitforum.com> >
Subject: RE: [mssms] RE: Help with computer models report

When you are doing a count don’t you have to add anything from the select in to 
the group by?

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Miller, Todd
Sent: Thursday, September 22, 2016 7:32 AM
To: mailto:mssms@lists.myitforum.com> > 
mailto:mssms@lists.myitforum.com> >
Subject: Re: [mssms] RE: Help with computer models report

[This message is from outside Bradley. Exercise caution in opening attachments 
or links.] 

What if you group just by model?  Is the report being thrown off by the double 
group by?  I seem to always have trouble when double grouping.  As long as you 
don't have two manufacturers with the same model- should be ok to group by 
model only.  

Sent from my iPhone

On Sep 22, 2016, at 05:12, Garth Jones mailto:ga...@enhansoft.com> > wrote:

What is the other report?

How many more does it see?

This query look right, you should only see a few extra at best, due to dupe and 
deleted pcs.

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: September 21, 2016 7:26 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] Help with computer models report

Hello,

I am using the following query to get a list of all computers models in our DB 
plus the count of each. But this report returns more values than should exist. 
Example, it says we have 450 of Dell X, but through other reports I count 
far less. Ideas?

SELECT  

Manufacturer0 

,   Model0 

,   COUNT(*) AS 'Count'  

FROM  v_GS_COMPUTER_SYSTEM 

GROUP BY  Manufacturer0, Model0 

ORDER BY Count DESC

Best Regards,

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
 <mailto:mmur...@csuchico.edu> mmur...@csuchico.edu

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to: 
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

  _  

Notice: This UI Health Care e-mail (including attachments) is covered by the 
Electronic Communications Privacy Act, 18 U.S.C. 2510-2521 and is intended only 
for the use of the individual or entity to which it is addressed, and may 
contain information that is privileged, confidential, and exempt from 
disclosure under applicable law. If you are not the intended recipient, any 
dissemination, distribution or copying of this communication is strictly 
prohibited. If you have received this communication in error, please notify the 
sender immediately and delete or destroy all copies of the original message and 
attachments thereto. Email sent to or from UI Health Care may be retained as 
required by law or regulation. Thank you. 

  _  

  _  

Confidentiality Notice: This e-mail is from a law firm and may be protected by 
the attorney-client or work product privileges. If you have received this 
message in error, please notify the sender by replying to this e-mail and then 
delete it from your computer.

The information transmitted is intended only for the person or entity to which 
it is addressed
and may contain CONFIDENTIAL material. If you receive this material/information 
in error,
please contact the sender and delete or destroy the material/information.

smime.p7s
Description: S/MIME cryptographic signature

[mssms] Help with computer models report

2016-09-21 Thread Murray, Mike

Hello,

 

I am using the following query to get a list of all computers models in our
DB plus the count of each. But this report returns more values than should
exist. Example, it says we have 450 of Dell X, but through other reports
I count far less. Ideas?

 

 

SELECT  

Manufacturer0 

,   Model0 

,   COUNT(*) AS 'Count'  

FROM  v_GS_COMPUTER_SYSTEM 

  

GROUP BY  Manufacturer0, Model0 

  

ORDER BY Count DESC

 

 

Best Regards,

 

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
  mmur...@csuchico.edu

 

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:

http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

 

 





smime.p7s
Description: S/MIME cryptographic signature

[mssms] RE: OT: PowerShell help?

2016-09-14 Thread Murray, Mike

Perfect, thanks!

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Rowley, Craig
Sent: Tuesday, September 13, 2016 3:07 PM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: OT: PowerShell help?

Hi Mike,

Try this for your select statement.

select Name, @{Name="SAMAccName";Expression={(get-aduser
$_.managedby).SamAccountName}}

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Wednesday, 14 September 2016 6:48 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] OT: PowerShell help?

I'm trying to retrieve the ManagedBy field with Get-ADComputer, but it comes
out as "CN=Last\, First,CN=Users,DC=csuchico,DC=edu". In the below script is
there a way to take that result and find the SamAccountName instead? Maybe
by looping through using Get-ADUser?

$ou = 'DC=csuchico,DC=edu'

$ou | ForEach {Get-ADComputer -Filter * -Properties ManagedBy -SearchBase $_
} |

Select Name, ManagedBy |

Sort -Property Name |

Export-Csv -Path C:\Scripts\ADManagedBy\ADManagedBy.csv 

Best Regards,

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
 <mailto:mmur...@csuchico.edu> mmur...@csuchico.edu

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

  _  

**
Information contained in this e-mail, including accompanying
documents, is intended for use of the addressee only. If
you are not the intended recipient, please notify the sender
as soon as possible and delete the e-mail. If you are not
the intended recipient, you may not distribute, copy, act
upon, retain or otherwise use this e-mail or information
contained here. The confidential and possibly privileged
nature of the information contained in this e-mail is not
waived by reason of mistaken delivery to other than the
intended recipient. Your use or reproduction of this e-mail
and accompanying documents may also breach South
East Water's copyright.
**
South East Water
ABN 89 066 902 547
101 Wells Street, Frankston
VIC 3199 Australia
Phone: (+61 3) 9552 3000 Fax: (+61 3) 9552 3001
Web: http://www.southeastwater.com.au

smime.p7s
Description: S/MIME cryptographic signature

[mssms] OT: PowerShell help?

2016-09-13 Thread Murray, Mike

I'm trying to retrieve the ManagedBy field with Get-ADComputer, but it comes
out as "CN=Last\, First,CN=Users,DC=csuchico,DC=edu". In the below script is
there a way to take that result and find the SamAccountName instead? Maybe
by looping through using Get-ADUser?

 

$ou = 'DC=csuchico,DC=edu'

 

$ou | ForEach {Get-ADComputer -Filter * -Properties ManagedBy -SearchBase $_
} |

Select Name, ManagedBy |

Sort -Property Name |

 

Export-Csv -Path C:\Scripts\ADManagedBy\ADManagedBy.csv 

 

 

 

Best Regards,

 

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
  mmur...@csuchico.edu

 

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:

http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

 

 





smime.p7s
Description: S/MIME cryptographic signature

[mssms] RE: Bitlocker recovery keys - MBAM console vs. AD

2016-09-07 Thread Murray, Mike

Although we do have a similar setting under Windows
Components\BitLocker.\Operating System Drives - Choose how
BitLocker-protected operating systems drives can be recovered

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Murray, Mike
Sent: Wednesday, September 7, 2016 12:33 PM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Bitlocker recovery keys - MBAM console vs. AD

That key is not set.

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Phil Schwan
Sent: Wednesday, September 7, 2016 11:54 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] RE: Bitlocker recovery keys - MBAM console vs. AD

What GPOs do you have in place for the systems in question? In particular,
do you have the GPO option enabled or disabled for storing the recovery key
in AD?

Path: Computer Configuration\Administrative Templates\Windows
Components\BitLocker Drive Encryption

Setting: Store BitLocker recovery information in Active Directory Domain
Services

-Phil

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Wednesday, September 7, 2016 11:55 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] Bitlocker recovery keys - MBAM console vs. AD

Hey folks,

Yesterday I ran a few recovery keys through the MBAM console with no
results. I tried the same ones in AD, they showed up. Later I tried another
one via AD, no result. It showed in the console, though. Weird? Anyone know
why this would be?

Best Regards,

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
 <mailto:mmur...@csuchico.edu> mmur...@csuchico.edu

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

smime.p7s
Description: S/MIME cryptographic signature

[mssms] RE: Bitlocker recovery keys - MBAM console vs. AD

2016-09-07 Thread Murray, Mike

That key is not set.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Phil Schwan
Sent: Wednesday, September 7, 2016 11:54 AM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Bitlocker recovery keys - MBAM console vs. AD

What GPOs do you have in place for the systems in question? In particular,
do you have the GPO option enabled or disabled for storing the recovery key
in AD?

Path: Computer Configuration\Administrative Templates\Windows
Components\BitLocker Drive Encryption

Setting: Store BitLocker recovery information in Active Directory Domain
Services

-Phil

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Wednesday, September 7, 2016 11:55 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] Bitlocker recovery keys - MBAM console vs. AD

Hey folks,

Yesterday I ran a few recovery keys through the MBAM console with no
results. I tried the same ones in AD, they showed up. Later I tried another
one via AD, no result. It showed in the console, though. Weird? Anyone know
why this would be?

Best Regards,

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
 <mailto:mmur...@csuchico.edu> mmur...@csuchico.edu

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

smime.p7s
Description: S/MIME cryptographic signature

[mssms] Bitlocker recovery keys - MBAM console vs. AD

2016-09-07 Thread Murray, Mike

Hey folks,

 

Yesterday I ran a few recovery keys through the MBAM console with no
results. I tried the same ones in AD, they showed up. Later I tried another
one via AD, no result. It showed in the console, though. Weird? Anyone know
why this would be?

 

 

Best Regards,

 

Mike Murray

Desktop Engineer/IT Consultant - IT Support Services

California State University, Chico

530.898.4357
  mmur...@csuchico.edu

 

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:

http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

 

 





smime.p7s
Description: S/MIME cryptographic signature

RE: [mssms] RE: Query for TPM capable systems

2016-08-26 Thread Murray, Mike

I’m collecting that data, but it only seems to populate if TPM is actually ON.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Todd Hemsell
Sent: Friday, August 26, 2016 11:49 AM
To: mssms@lists.myitforum.com
Subject: Re: [mssms] RE: Query for TPM capable systems

Win32_TPM is where my data is.

On Fri, Aug 26, 2016 at 11:29 AM, Murray, Mike mailto:mmur...@csuchico.edu> > wrote:

Which one?

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com> 
] On Behalf Of Marcum, John
Sent: Friday, August 26, 2016 7:34 AM
To: 'mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> ' 
mailto:mssms@lists.myitforum.com> >
Subject: [mssms] RE: Query for TPM capable systems

I don’t think that one is enabled by default.

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Thursday, August 25, 2016 5:30 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] Query for TPM capable systems

Howdy,

I’m finding if I try to just use the TPM section of hardware inventory, it’s 
not reporting all of the TPM-capable systems (I’m assuming it only reports 
systems that have TPM on?). What hardware inventory value would you look for in 
a query?  I suppose I could look under DCIM BIOS Enumeration, which will list 
Trusted Platform Module, but not all systems have this section in hardware.

Best Regards,

Mike Murray

Desktop Management Coordinator - IT Support Services

California State University, Chico

530.898.4357
mmur...@csuchico.edu <mailto:mmur...@csuchico.edu> 

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to: 
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

  _  

Confidentiality Notice: This e-mail is from a law firm and may be protected by 
the attorney-client or work product privileges. If you have received this 
message in error, please notify the sender by replying to this e-mail and then 
delete it from your computer.

smime.p7s
Description: S/MIME cryptographic signature

[mssms] RE: Query for TPM capable systems

2016-08-26 Thread Murray, Mike

Which one?

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Marcum, John
Sent: Friday, August 26, 2016 7:34 AM
To: 'mssms@lists.myitforum.com' 
Subject: [mssms] RE: Query for TPM capable systems

I don't think that one is enabled by default.

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Thursday, August 25, 2016 5:30 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: [mssms] Query for TPM capable systems

Howdy,

I'm finding if I try to just use the TPM section of hardware inventory, it's
not reporting all of the TPM-capable systems (I'm assuming it only reports
systems that have TPM on?). What hardware inventory value would you look for
in a query?  I suppose I could look under DCIM BIOS Enumeration, which will
list Trusted Platform Module, but not all systems have this section in
hardware.

Best Regards,

Mike Murray

Desktop Management Coordinator - IT Support Services

California State University, Chico

530.898.4357
 <mailto:mmur...@csuchico.edu> mmur...@csuchico.edu

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:
http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

  _  

Confidentiality Notice: This e-mail is from a law firm and may be protected
by the attorney-client or work product privileges. If you have received this
message in error, please notify the sender by replying to this e-mail and
then delete it from your computer.

smime.p7s
Description: S/MIME cryptographic signature

[mssms] Query for TPM capable systems

2016-08-25 Thread Murray, Mike

Howdy,

 

I'm finding if I try to just use the TPM section of hardware inventory, it's
not reporting all of the TPM-capable systems (I'm assuming it only reports
systems that have TPM on?). What hardware inventory value would you look for
in a query?  I suppose I could look under DCIM BIOS Enumeration, which will
list Trusted Platform Module, but not all systems have this section in
hardware.

 

 

Best Regards,

 

Mike Murray

Desktop Management Coordinator - IT Support Services

California State University, Chico

530.898.4357
  mmur...@csuchico.edu

 

Remember, Chico State will NEVER ask you for your password via email!  

For more information about recognizing phishing scam emails go to:

http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

 

 





smime.p7s
Description: S/MIME cryptographic signature

[mssms] RE: Current Branch Planning - 400 slow connected stores

2016-08-25 Thread Murray, Mike

If you do end up considering 1E Nomad, it worked great for us when we had
some slow connections. 

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Burke, John
Sent: Thursday, August 25, 2016 7:34 AM
To: mssms@lists.myitforum.com
Subject: [mssms] Current Branch Planning - 400 slow connected stores

Hi Folks,

I'm wondering what folks think about branch cache for dealing with these
poorly connected locations.  They apparently get massive packages that need
to  go in 1 night of 20 GB.  There are about 1500 systems at these locations
in total.

I was going to look into 1e nomad, but wondering if I could get away with
branch cache.  Thoughts?

FYI - currently they get a drive mailed to them and copy it manually to 1
system then they either manually do it, or copy it  1 by 1.

smime.p7s
Description: S/MIME cryptographic signature

RE: [mssms] Microsoft set to change Windows patching in a disasterous way

2016-08-15 Thread Murray, Mike

I've been told "get used to it" on the patch management list. Not good
enough. I think this is ridiculous.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Roland Janus
Sent: Monday, August 15, 2016 4:08 PM
To: mssms@lists.myitforum.com
Subject: AW: [mssms] Microsoft set to change Windows patching in a
disasterous way

1+

If they include such updates, like 3170455 which we also excluded, that's
certainly going the mess up things..

Von: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] Im Auftrag von Miller, Todd
Gesendet: Montag, 15. August 2016 22:42
An: mssms@lists.myitforum.com  
Betreff: [mssms] Microsoft set to change Windows patching in a disasterous
way

https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/further-simplify
ing-servicing-model-for-windows-7-and-windows-8-1/

Wow, this could be a disaster.

We have had 4 or 5 cases in the last 12 months where we have had to delay
the installation of a security update so that applications could be modified
to work with updates.  In a couple of cases, one ongoing, Microsoft has
released a security update, then acknowledged a bug in that update and
released a fix several months later.  We currently have KB3170455 denied in
our environment because it breaks point - and -print driver installation.
In the new world, I will need to decide which is worse - no security updates
for 3 months, or break printing for all non-admin users.  Currently I can
decide to pull or hold an individual patch, but it looks like that option is
being removed from Windows 7 and 8. This comes at a time where it seems
like patch quality has hit a rough patch, making this decision more
troubling.

  _  

Notice: This UI Health Care e-mail (including attachments) is covered by the
Electronic Communications Privacy Act, 18 U.S.C. 2510-2521 and is intended
only for the use of the individual or entity to which it is addressed, and
may contain information that is privileged, confidential, and exempt from
disclosure under applicable law. If you are not the intended recipient, any
dissemination, distribution or copying of this communication is strictly
prohibited. If you have received this communication in error, please notify
the sender immediately and delete or destroy all copies of the original
message and attachments thereto. Email sent to or from UI Health Care may be
retained as required by law or regulation. Thank you. 

  _  

smime.p7s
Description: S/MIME cryptographic signature

RE: [mssms] Easy way to remove MS16-087

2016-08-03 Thread Murray, Mike

The patch management list is saying you can’t remove only one patch with 
Windows 10 systems, that it would remove all July updates. I’m flabbergasted. 
If MS releases an update that breaks something in our org, I need to be able to 
pull it without affecting the remaining patches.

 

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Miller, Todd
Sent: Wednesday, August 3, 2016 12:04 PM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] Easy way to remove MS16-087

 

I am leaning towards removing this patch too…  I’ve had a case open for 5 days 
and the problem has been known for almost three weeks with no repair or 
workaround even being hinted at.  For our part, it is only affecting new 
computers because the universal print drivers cover 95% of our printers and 
users would have already added one printer covered by the UPD –so other 
printers using the same driver happily use it.

 

Recently, the print server team updated one print driver and all hell broke 
loose because no one could download the updated drivers from the print server.

 

I see a lot of people suggesting to do this with a custom task sequence, but I 
can’t figure out why.  Why can’t this be a sourceless package that just runs 
the wsua command as the program instead of building a TS around it?  What is 
gained by having it be a one step task sequence that calls a command line?

 

I guess if you did do it as a task sequence you could filter TS steps based on 
applicability.

 

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Wednesday, August 03, 2016 12:44 PM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: RE: [mssms] Easy way to remove MS16-087

 

That’s pretty cool! Thanks!

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Sherry Kissinger
Sent: Wednesday, August 3, 2016 10:05 AM
To: mssms@lists.myitforum.com <mailto:mssms@lists.myitforum.com> 
Subject: Re: [mssms] Easy way to remove MS16-087

 

This doesn't answer your question--but as long as a kbarticle id (well, the 
ci_id) isn't yet expired... here's cheat way to get collection queries for 
"machines which have  installed".  It won't work forever, though.  
the second that article goes expired, the data isn't there anymore to build the 
collection query.  You first run the sql query against your cm database to 
learn the exact ci_id that something is in YOUR environment (everyone will be 
different).  Once you know the exact ci_id; you can make a collection 
query--just remember it ain't perfect.  with hotfix Tuesday coming up in a less 
than a week, it's highly likely it'll go expired, and the collection query will 
then be useless.

 

--#This is where you put in the specific articleID you want to get the unique 
ci_id for
Declare @ArticleID varchar(10) = '3139923'

select ucs.ci_id, ucs.status,
case when ucs.status=3 then 'installed'
when ucs.status=2 then 'required/missing'
else 'other'
end as 'result',
ui.title, ui.articleid
,count(distinct fcm.resourceid) [Count]
from v_updateComplianceStatus ucs
join v_updateinfo ui on ui.ci_id=ucs.ci_id
join v_FullCollectionMembership fcm on fcm.resourceid=ucs.resourceid
where ui.ArticleID=@ArticleID <mailto:ui.ArticleID=@ArticleID> 
--and fcm.collectionid='ThatSpecificcollectionIDYouWantedToLookAt'
--and ucs.status=3 --well, you could leave this out; to get all status'
group by ucs.ci_id, ucs.status, ui.title, ui.articleid
order by ucs.status

 

Once you *know* the exact specific ci_id that is the one you want to build a 
collection for, here's the trick:


--WQL / Collection Query for Machines WITH that particular ci_id
Select SMS_R_System.ResourceID
  from SMS_R_System
Where resourceid in (
  Select MachineID from SMS_UpdateComplianceStatus
  Where CI_ID=The value in the ci_id column from the above query for that 
particular articleid and Status=3
)

--EXAMPLE
Select SMS_R_System.ResourceID
  from SMS_R_System
Where resourceid in (
  Select MachineID from SMS_UpdateComplianceStatus
  Where CI_ID=16783193 and Status=3
)

 

On Wed, Aug 3, 2016 at 11:29 AM, Murray, Mike mailto:mmur...@csuchico.edu> > wrote:

We’ve already deployed this update, now I’d like to remove it. Would there be 
any issue just deploying one removal batch file to all workstations (rather 
than trying to identify which workstations have each one)? 

 

BAT:

 

@echo off 

wusa /uninstall /kb:3172985 /quiet /norestart

wusa /uninstall /kb:3163912 /quiet /norestart 

wusa /uninstall /kb:3170455 /quiet /norestart

 

 

Best Regards,

 

Mike Murray

Desktop Management Coordinator - IT Support Services

1 2 3 4 5 >

1 - 100 of 451 matches

Mail list logo