Share tech news, updates, or what's on your mind.

Sign up to Post

I have been to many KB articles about CA root cert validation period and still have doubt about it and want to clear it. I am about to work on a root CA to increase the validity period as well to increases the issued certificate period.
We have a CA root server and this  server is issuing (no subordinate server in place) the certificate with five years . We now want to renew the CA 's root cert as well as the issued certs period to another 5 years.
My understanding from the EE, nothing I can do with issued certificates and they will expire what ever I do with root server. In this case , I first have to change the validity period in CApolicy.inf file and renew the certificate of CA root server to 10 years, hence this will increase the validation of CA's root certificate as desired (10 years or more).
But the old issued certificates to the clients are chained to old issued template, in this case, the old issued certificates will be expired soon even after changing the value of CAplicy.inf file .
To remediate the issue, the next step is that I have to create new issuing template and issue the certificates to client by GPO.
I have to issue the listed below commands to the server In order for me to set  the  AD's templates period to 5 years as we want otherwise the AD's templates will be staying with old's validation period?
certutil -setreg CA\ValidityPeriodUnits 10
certutil -setreg CA\ValidityPeriod Years
net stop certsvc && net start certsvc

In conclusion, I have to…
0
Ultimate Tool Kit for Technology Solution Provider
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Hi All

I have a WIM file that I am trying to deploy via USB.

Please can someone assist me.

The PC that I am using has Windows 10 1803 with the ADK installed.

The WIM only has one image.
0
Hi experts,
Is it possible to have portable ansible and python for Linux pls

At least portable ansible
0
If I grab the User State Migration Tools(USMT) executables from the Windows 10 "Windows Assessment and Deployment Kit" can I use them also on Windows 7 boxes? We are working on a non-SCCM OS migration.
0
Hello experts - I'm looking for a solution to save me time when preparing PCs for deployment.  I work for an architecture firm and we use primarily Dell Precision PCs but each it built to order and there are no two exactly the same.  I have a standard set of software that all architectural users get.  Right now, I prepare each one manually which takes nearly a full day to get ready.  I'd like to explore other options but am not sure where to start.  Ideally I'd create a standard image containing all the software we normally use and deploy that to new machines without having to go through the install process for every application.  I'm not sure how that would work with each machine having slightly different hardware, windows licenses etc.  Where would be a good place to start with this?
0
We are looking for a simple yet effective way todo the following,

Scenario. We order 100 laptops, from manufacturer with Windows 10 OEM locally. We want to install 1 laptop with OEM Windows 10, patch, Office package etc and create a standard image. Then we want to deploy the same image to all other 99 laptops and activate each laptop using its unique OEM key thats inside the BIOS (nowadays they do this).

What tool is the simplest best way to Capture image and Deploy it over network in a great way? We can use a Win server, NAS or whatever to store the server centrally.

Thanks
Joe
0
I am writing a software removal program, and want to uninstall a context menu driver. Just unregistering the driver while Windows File Explorer is open causes a Windows error "Program has stopped working" when trying to unregister the dll. Closing file explorer first and then running the program works fine.

Here is the unregister code I am using now:

HINSTANCE hLib = LoadLibraryW(szDllPath);

    if (hLib == NULL)
    {
		DWORD dwErrorCode = GetLastError();
		szError.Format(_T("\nWindows could not load library %s due to %s"),szDllName,getLastWinError(dwErrorCode));
		return false;            
    }

    typedef HRESULT (CALLBACK *HCRET)(void);
    HCRET lpfnDllRegisterServer;

    // Find the entry point
    lpfnDllRegisterServer = (HCRET)GetProcAddress(hLib, "DllUnregisterServer");



    if (lpfnDllRegisterServer == NULL)
    {
		szError = NEWLINE;
		szError = ERR_PROCEDURE_ADDRESS;
		return false;            
    }

    // Call the function by function pointer..
    if (FAILED((*lpfnDllRegisterServer)()))            
    {   
		szError.Format(_T("\nWindows could not unregister context menu driver %s!"),szDllName);
		return false;            
    }

    FreeLibrary(hLib);

Open in new window


What is the best way to go about this to avoid this Windows error?
0
Hi Experts,

I have to boot this device via LAN or USB.
But this is not possible until now.

The device is : Lenovo Miix 720

Can you help me out ?
I get always this error....
Error
0
Hello Everyone !

I have to create a W10 1703 template on my vCenter infrastructure.
To do this, I just repeated the same process than for the 1607 version.

1/ Create a VM and deploy our W10 1703 image
2/ Add the VM in WORKGROUP
3/ Convert in template
4/ Deploy a machine from this template with the associated customization

We have to use custom sysprep answer file (unattended file). I tried with the customization used by 1607 version but it doesn't work.

 UnattendedFile.xml :
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
    <settings pass="oobeSystem">
        <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <InputLocale>040c:0000040c</InputLocale>
            <SystemLocale>fr-FR</SystemLocale>
            <UILanguage>fr-FR</UILanguage>
            <UserLocale>fr-FR</UserLocale>
        </component>
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <OOBE>
                <HideEULAPage>true</HideEULAPage>
                …
0

Deploying our service is a grudge match between customer benefits and customer pain. In one corner, rolling out fixes (yay!) and delivering new features (double yay!). In the other corner, training on new features (boo – sounds like work), and change management processes (more work).


We put a great deal of effort into optimizing these processes, so it’s important to share how we think through these optimizations. For now, I’ll narrow focus on the issue-fix aspect of the deployment process, and in later blogs I’ll cover new feature delivery.


The fine printBefore I start, a quick disclaimer: what I’m about to describe is subject to change. We’ve been a fanatical agile shop for nearly seven years and we believe change is an important principle of the agile approach. So, if you’re reading this in 2017 or later, please understand that we might have tweaked some of these details. OK, now for the good stuff…


Bug zapping

You might not be surprised to hear that bugs are occasionally found in our service (I know, the horror!). Nobody likes bugs, so we need to address them as soon as possible. And because our service uses a number of telecommunication providers to make text messages flong (on my iPhone, anyway), phones ring, and other third-party communication channels do their thing, managing the infrastructure related to these providers requires constant effort. In short, we need to be able to release and deploy fixes FAST.


Keep those cards and letters coming

It also might not surprise you to hear that our customers ask for new features (the audacity!). From July 1st to Sept 30th, we received 133 service enhancement requests – that’s 2+ per business day. The product managers who handle these requests interpret them into new features and then work with our engineers to build them.


So far, so good – and in theory we should be getting these features into your hands ASAP. But these features are product changes: while the customers who asked for a change are willing to take on any additional testing and training work to get their new features, customers who don’t intend to use the new features don’t want that burden imposed on them. That means we need a process that doesn’t force new features on customers too quickly.


Balancing the need for speed

Okay, so we can probably agree we want fixes fast and features not too fast – how can we possibly strike this balance?


First, by using deployment speed: we deploy at least weekly, if not more frequently. Our core sprint work uses a continuous delivery process which we deploy on a weekly schedule so that we can seamlessly deliver non-critical fixes at that cadence. We can also generate and deploy critical fixes in between these weekly deployments as necessary to address issues like zero-day vulnerabilities.


Second, by using feature flags: deployments include the latest feature developments, but some features are not quite ready for your use after just one sprint. And as previously mentioned, your user base might be confused if new buttons and features show up every week. So we use feature flags/toggles on our new features so that we can conditionally turn them on when we’re ready to release them. That allows the new fixes to get out the door without having new features show up. (We’ll talk more about feature flags in another blog, but those of you who are new to xMatters might want to check out our Early Access Program if you want to play with new features faster).


Third, through thoughtful communication: because fixes can cause behavior changes in the system, we have implemented a new communication process to advertise the parts of the service we worked on so customers can keep an eye out for any unexpected behavior. Our support notes are designed to provide this information (here’s a sample from the deployments leading up to our Rogue release). Those notes work in conjunction with the scheduled maintenance posts on our status page to ensure this information is delivered by the latest technologies.


Using these three mechanisms, we can offer the best mix of quick fixes – without forcing training and change management on our customers.

0
How do you know if your security is working?
LVL 1
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

Hi,
      semaphore timeout period has expired while executing script/query in SQL management studio 2008 R2.What should i do?What is the issue?
0
Hello,

Can you please tell me how to upgrade OS( window server 2012 r2 to window server 2016) using scripting language .



Thankyou
0
Hi Experts;
I have an application in VB6 which uses this code to import from a .csv file.

    Set adbMain = New Access.Application
    adbMain.AutomationSecurity = 1 'Set Macro Security to Low
    adbMain.OpenCurrentDatabase "c:\<path>\Mydb.mdb", False
    adbMain.DoCmd.TransferText acImportDelim, , sTable, sFile, True
    adbMain.CloseCurrentDatabase
    Set adbMain = Nothing

99% of the time it works like a dream - however some users do not have Access and they are getting an Automation Error.

I'm referencing Microoft Access 11.0 in my project, and tried having the user install & manually register the underlying file:
(c:\program files (x86)\Microsoft Office\OFFICE11\msacc.olb)
but this didn't solve the error, and also caused a sister-app to throw an error on launch.

I've read MDAC_TYP.exe could be the answer, but my searches indicate it isn't available for Win10; and is x86 only.
My current user is x86, but no doubt I'll have 64-bit users in the same situation.

My question is this: Is MDAC_TYP.exe the answer?
If yes, Is there a recommended version of MDAC_TYP.exe I should have him use.
Does it pose any danger to the user's system?

Thank you for any advice!
KH
0
I have had a working MDT deployment (6.3.8443) environment for a year or so but now I have my first UEFI only computer, I have added all the latest win7x64 drivers to the task sequence (chipset, VGA, LAN etc etc) and there is a (built-in) task step "Format and Partition Disk (UEFI)" which formats the drive as GPT, this applies correctly when I run the task sequence.

The sequence finishes imaging the computer but on first boot to Windows it hangs at the 'Starting Windows' logo.
Safe mode hangs at CLASSPNP.sys

Any ideas?
0
For the life of me, I can't figure this one out.

I am trying to create an image, using MDT, that will have a custom Start Menu and Taskbar Layout. I have created a Start Menu with the code (See Below), then exported it to the imaged machine, and have imported the file using PowerShell.   The Start Menu layout does not work, but the taskbar layout appears correctly.

I'd like to get the start menu for all new users, while allowing them the freedom to change this as they use it.  I'd prefer not to use GPO, as this will change their start menu each time, or at the very least, lock certain areas down.

I should note that these are all new setups, not reimages.

Here are the steps in the Task Sequence:
1. Copy the LayoutModification file to C:\Windows\Temp

xcopy "%SCRIPTROOT%\Customizations\StartMenu\LayoutModification.xml" "C:\Windows\Temp" /Q /Y

Open in new window


2. Restart Computer
3. Set Execution Policy Bypass
powershell.exe -command "Set-ExecutionPolicy Bypass"

Open in new window


4. Apply LayoutModification file
%SCRIPTROOT%\Customizations\StartMenu\ApplyCustomMenu.ps1

Open in new window


ApplyCustomMenu.ps1 is as follows:
import-startlayout -layoutpath "C:\Windows\Temp\LayoutModification.xml" -MountPath $env:SystemDrive\

Open in new window


5. Restart Computer

Here is the code for my Start Menu and Taskbar Layout - all in one file:
<?xml version="1.0" encoding="UTF-8"?>
<LayoutModificationTemplate 
   

Open in new window

0
Hi
 I am imaging a Win7 Pro machine that will be deployed to similar systems of the make.  I would like to Sysprep the machine but would like it to keep the device drivers after it is Syprep. I would appreciate any assistance on how l can do this.
0
Hi all, we currently use Acronis to deploy images to desktops / laptops, however i'm looking to automate OS and application deployment.

Do you have any recommend ways to deploy.

Thanks
0
I am brand new to imaging. I have been tasked with deploying Windows 10 through SCCM 2012 R2. I am looking for step by step instructions on how to create a boot.wim including the setup binaries.

I am able to create a boot.wim that is just PE, but I am completely in the dark with how to create the second index with the Windows 10 installation setup.
0
Just purchased a new HP DL380 Gen8 server with no optical drive..

I have connected a external optical drive to the server but the server does not see it.. I can boot all my Gen7 & Gen6 servers from this, but this one will not.

I am not familiar with iLo, is it possible to installed the server OS using iLo?


I need to install Server 2012 Standard R2 but have run out of ideas on how to do this since the optical server is not working.  

I have tried creating a bootable 32GB thumb drive with the installation files on it, the server sees the thumb drive but when I select that as a boot volume I get a black screen until I force a reboot.

Any help would be appreciated!
0
Making Bulk Changes to Active Directory
LVL 8
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

hi all ,

i have one question regarding what could be the best deployment tools from windows for end user  . i .e. we have 2000 PC and we need to have them all the same image  what is the best deployment tools for such situation ?

like we are doing zero touch for the deployment
0
BACKGROUND
Our company has several offsite datacenters (remote). We also have a small datacenter onsite (physically accessible to our Engineers) for lab use, as well as for "staging" and building out physical servers (Windows, VMware, Linux, etc.), etc. then shipping them off to the appropriate locations (around the world). But let's just focus on Windows for this discussion.

At the moment we are using a Windows Server 2012 R2 image on a flash drive to boot to. You select your options (we have pre-defined), and the rest is automated from there. Right now the WHOLE build time takes about 1 hour to complete.

NOTE: This whole process and the way we do it was done before I started, so as the newer guy, I'm looking into better ways.

SERVERS
HP DL360p (rack mount servers).

QUESTION
What is the most efficient way to deploy our image and configuration to lets say 20+ (or more) physical servers at a time, instead of
doing one at a time with a flash drive?

I know there are a lot of different ways/options, but I wanted to get all of your opinions and experiences on how you have done/currently are doing this kind of process?
0
I successfully deployed image using MDT and got the physical machine joined to domain. When I switch user the customizations I made to image are not visible. Am I missing anything?
0
I created a TS in MDT for sysprep and capture. I checked in reference computer the default admin account is disabled and local admin account 'abc' is enabled. I ran the litetouch.vbs and successfully captured the image. I created a TS to deploy and deployed that image successfully on physical machine. On physical machine it logs directly into admin account and also admin account and local admin 'abc' are enabled. Is there anyway after deploying the system logs into 'abc' account and admin account is disabled

Thanks
0
Hi,

Trying to create a portable install for Surface Pro 4

Created image with MDT, mounted with DISM /Mount-Image command to c:\Test\OffLine then after preparing USB stick (D:) used this command from c:\Test\OffLine folder in elevated command prompt - xcopy *.* /s /e /f /c /q d:\

Initially there was a folder that was inaccessible even in Explorer due to security but this example has no such source security problem: D:\Windows\WinSxS\x86_wpf-uiautomationprovider_31bf3856ad364e35_10.0.14393xxxxxxxxxxxxxxxxxxxxxxxxxxxxx where xxxxx is the rest or the file name.  I can go into the folder on the source.

I have seen some posts about USB file system errors and the solution being NTFS but apparently that won't fly for a Surface Pro 4 bootable image USB.

Any suggestions?

Thank You
0
Dear Experts.

I installed Ubuntu-server 16.04 64 bit inside of the VirtualBox.
I am adding "minimal" GUI over it. I need Gnome 2.
I did two experiments.

1. sudo apt-get install ubuntu-gnome-desktop
      This created apparently very slow VM. Perhaps due "bloated" GUI.
      This seems not acceptible.

2. sudo apt-get install gnome-session-flashback
      There were no errors, but graphical logon does not appear: only shell logon
      appears after the boot.
      What must I do to make X-window logon default at boot?
      Do I must install these too?:

            sudo apt-get install gnome-desktop-environment –no-install-recommends
            sudo apt-get install gnome-panel gnome-flashback gnome-session-flashback \ indicator-applet-appmenu
            dpkg-reconfigure gdm?  ?
      
Details:
      130Gig Windows partition on SSHD.

      My laptop is
      Acer Aspire E 15 E5-575G-76YK
      Windows 10 Home 64-bit Edition
    6th Generation Intel Core i7-6500U Processor (Up to 3.1GHz)
    15.6-inch Full HD Display, NVIDIA GeForce 940MX with 2GB DDR5 VRAM
    8GB DDR4 Memory, 256GB SSD; Memory Speed - 2133 MHz
      
The purpose is not the server productivity, but full combination of server and effective-for-development-work GUI.      
      
Thank you.
0
Top Experts In
OS Deployment
<
Monthly
>