Thursday, October 25, 2012

SCCM How to deploy a client


Within Config manager the client is within the "All Systems" collection however, under the column 'Client' the answer is NO.

Stage 1

First thing to do is click on "Client installation methods"  located under Site Settings.  Then right click on "Client Push Installation" and select properties.  On the general tab if you click on "Enable Client Push Installation to assigned resources" any system discovered throug AD (or other) will have a client automatically installed.  Depending on you environment consider this tick box.

On the Accounts tab you must input account credentials that will have administrative access to the admin$ share of the client system.  The account that can access desktops may be different to domain controllers so you can put multiple accounts in here and it will try them in order.

On the Client tab you can specify the Site code.  It is also possible to define SMS cache size rather than the 5gb default. See Microsoft for additional properties

Client agents under Site Settings will list the agents that will be pushed out with the SCCM client.
The computer client agent is critical.  On the properties tab is important you have set a Network access account.  This agent will connect back to the SCCM server looking installation folders so it must have suitable access delegated.

Stage 2

Now SCCM is configure correctly and agents have the appropriate account setup for connection.  Right click the system without the client, Then "Install Client".  This will bring up a wizard, i like to select include only clients in this site's boundaries and Always install (repair ...). Finish the wizard.

Stage 3

Check the log files for errors! c:\Prgram Files\Microsoft Configuration Manager\Logs

Using Trace32 open the CCM log on the SCCM server.  Which will show the client deployment process so we can see if it is succeeding.

On the client system you can open the CCMSetup log file to monitor the client installation (this can take a while to complete (located admin$\system32\ccmsetup\ccmsetup.log)

On the client there are three key log to know that your client install was successful (located dmin$\system32\ccm\logs)

"Clientlocation.log" confirm the current management point is correct.
"Location services.log" Confirm the current AD site of machine is "" correct
"Execmgr.log"  This log reads policy from the management point. So advertisements creates a policy which the client reads .  "Software distribution agent was enabled" will not be in red.

Stage 4

Within the control panel there will now be three additional icons.  The Configuration Manager, Run Advertised Programs, Remote control Properties, and Program Download monitor.

There are two services installed on the client system.
SMS Agent Host
SMS Task Sequence Agent

How to send internet traffic out the ISP (not through the BES server)

When you are on BES you have the three browsers by default, they are Internet Browser (use BlackBerry APN), BlackBerry Browser (uses BES MDS service) and the Carrier’s WAP Browser (Vodafone Live). If you use Vodafone Live you change be charged extra for the data usage so this isn't really recommended. What you should do on the BES is go "I.T Policy > Default Policy > Browser Policy Group" and change the following:

1. MDS Browser Title = MDS Internet
2. Allow IBS Browser = True
3. MDS Browser Use Separate Icon = True

After changing these policies you Internet Browser that uses the BES internet connection will be called "MDS Internet" and you should also see a separate "Browser" icon. This separate Browser icon will bypass your BES internet and use the free Blackberry APN get internet data

Monday, October 22, 2012

SCCM PXE Task Sequence

Step 1

1 Check DHCP scope has option 66 with the SCCM server name set as the value.
2 WDS service is installed and running.
3 Under site Systems select the SCCM server and make sure "ConfigMgr PXE service point" role is installed
3.1 For a lab environment. Enable "Allow this PXE... to repond to incoming PXE requests" and "Respond to PXE request on all network interfaces".
4 Create a Collection called "Bare Metal OSD deployment"

Step 2

5 Click on "Computer Asscocation"  > "Import computer Information" > Import single computer
5.1 Enter Computer name and MAC address to define system > Add to "Bare Metal OSD deployment" collection
6 Under the node OSD in SCCM click on "Task Sequence"> Select the TS you want to deploy to the collection > Right click and "Advertise", specify the "bare metal OSD deployments".
6.1 Set as mandatory assignemtn. Tick "Ignore maintenance windows when running program and "Allow system restart outside maintenance Window.
6.2 Select "access content directly from a DP ...."


Setup WDS, DHCP scope, PXE point service, Advertised Task Sequence, Imported system via MAC address and added to collection. SCCM is ready next step is to restart the computer defined for a network boot, typically F12.

The computer will advertise that it is looking for a PXE service, the DHCP server will point it to the SCCM server that will then pick up the computer and push a Win PE image following the TS options.


7 While SCCM WinPE  is deploying the WIM file it is possible to press F8 to bring up a DOS window and exam the SMSTSLog directory.

\\Map network drive: enter credentials
x:\> net use z: \\sccm\c$\tempsmslog

\\Copy all logs files to z:\
x:\> copy z:\ *.log

Now on your SCCM server\c$\tempsmslog folder you will find a smsts.log file.  Open with trace32 to troubleshoot.

7.1 Alternatively within SCCM select the Reporting Node and run the "Deployment status of all task sequence advertisements".  This report details the last action, exit code and Action output.

Blackberry How to factory reset your device.

Here's how to FACTORY RESET the device.

Install Blackberry Desktop Manager on a PC.  Connect the Blackberry to the PC with a USB cable.

From a DOS prompt (command) window on the users PC (from Start - Run  type cmd <OK>  then change directory path to:

C:\Program Files\Common Files\Research In Motion\Apploader     by typing cd\ (enter)  followed by cd Program Files (enter) then cd Common Files (enter)  etc etc

Run the command:   Loader.exe /resettofactory

That will bring the Blackberry back to the state it should be in when you get a brand new one out of the box.

BES Troubleshooting Enterprise Activation

Troubleshooting the enterprise activation process can be broken down into 4 stages – when troubleshooting activation issues, let the process complete or until an error messages appears.

For more help with Enterprise Activation issues – KB13852


1.1.1        Stage 1 – Authentication

1.       The BESAdmin creates a new user and assigns an activation password using the Blackberry Manager (4.1.x) or the Blackberry Administration Service (5.0.X). The user list store in the blackberry Configuration Database is updated with the new user name, email address, mailbox information, activation password, activation status and other user account information.

Points of Failure – BAS, Configuration Database


2.       The Blackberry Dispatcher assigns the new user to a Blackberry Messaging Agent. The Blackberry Messaging Agent starts to monitor the user’s mailbox on the messaging server for new email messages. An email message containing the ETP.dat file attachment is required to continue the activation process over the Vodafone Network.

Points of Failure – Dispatcher, Messaging Agent


3.       The user goes to the Enterprise Activation screen on the blackberry and enters the email address and activation password. The user selects the menu key and clicks Activate. The blackberry displays Activating

Points of Failure – Device


4.       The Blackberry creates an activation request email message that contains the email address, PIN and public key authentication information, based on the activation password typed in by the user. The activation request email message is encrypted and is sent to the RIM Relay over the Vodafone Network.

Points of Failure – Device, Network


5.       The RIM Relay receives the activation email message and identifies uit as an activation request. The RIM Relay forwards the email message using SMTP to the email address that was used for the Enterprise Activation screen.

Points of Failure – Antivirus software, spam filters, provisioning, users mailbox, messaging server, network


IssueReason Solution
Failure to add user to the BESIncorrect permissions for the BESAdmin accountEnsure the permissions are correct for the BESAdmin account – KB02276
 Incorrect MAPI subsystem installed on the BESEnsure the MAPIsubsystem is equal or higher than the Exchange versions – KB10197

Recreate the MAPI profile – KB10285
 User Data cannot be written to the BB Configuration DatabaseBackup the BB Configuration Database - KB10292 and increase the size - KB10969
An Error has occurred. Please contact your system administrator appears on the BB deviceIncorrect password entered on the EA screenThe activation ETP.dat email message has reached the user’s mailbox and the BES has rejected the activation password and sent the error message to the BB device. The BES will allow 4 more attempts with the current password before a new EA password has to be created.
No EA application exists on the BB deviceThe BB device may not be provision correctlyConfirm that the provisioning of the BB device is correct via XML i.e. Enterprise or Dual provisioned. If necessary, refer to customer services to have the correct tariff applied to the account.
 The BB device may not be registered correctly on the VF networkConfirm that the BB device has in capital letters of either GPRS, EDGE, 3G. And is able to Register Now via the Hosting Routing Table – KB00014
 The BB device may not be running Ver. 4 or later of the device softwareConfirm that the BB device is running ver. 4 or higher of the software. To install BB device software – KB03901
The BB device stops responding at the Activating... status screen for 10 minutes. It then retries every 10 minutes, displaying a status of Retrying... after 40 minutes the process ends with the message The server is not responding. Please contact your System Administrator.

During this stage, the activation email messages do not arrive in the user’s mailbox.
The BB device may not be provision correctlyConfirm that the provisioning of the BB device is correct via XML i.e. Enterprise or Dual provisioned. If necessary, refer to customer services to have the correct tariff applied to the account.
The BB Device is not in a wireless network coverage area.Confirm that the BB device has the correct signal type. Can the BB device send a PIN message to check coverage?
The users has entered in an incorrect email address in the EA screenThe user must retry the EA process with the correct email address.
An activation password was not createdCreate an activation password
The activation email message was moved to another folder than the inbox.Confirm that there are no filtering or forwarding rules on the Messaging Server or the user’s mailbox to a folder other than the inbox.
The user’s mailbox is full.Confirm that the user’s mailbox can receive email messages.

The BB device stops responding at the Activating... status screen for 10 minutes. It then retries every 10 minutes, displaying a status of Retrying... after 40 minutes the process ends with the message The server is not responding. Please contact your System Administrator.

During this stage, the activation email messages do not arrive in the user’s mailbox.
The user’s email messages are being routed to a .pst folder or .ost folder.Confirm that the user’s email mailbox is configures to leave a copy of the messages on the Messaging Server.

Personal and Offline folders are inaccessible to the BES.
The ETP.dat message is not reaching the user’s inbox because it is being deleted or modified by a virus scanning application.Confirm that the company’s antivirus software is not rejecting activation email message and that the EPT.dat attachment is not being deleted, flagged or modified.
The ETP.dat attachment is not reaching the user’s inbox because it is being identified as spam.Confirm that the company’s firewall is not filtering email messages from the blackberry,net domain.

Confirm that the company’s anti spam software is not flagging the activation email message and modifying its title, contents or the ETP.dat attachment.

Confirm that the users email application is not moving the activation email message to the default junk email message folder.



1.1.2        Stage 2 - Encryption Verification

1.       On arrival in the user’s mailbox, the Blackberry Messaging Agent identifies the new activation request email message and removes it from the user’s mailbox. The Blackberry Messaging Agent recognises the EPT.dat attachment in the activation request email message and begins the authentication process.

Points of Failure – Messaging Agent, Messaging Server, Users Mailbox


2.        The Blackberry Messaging Agent compares the authentication key received in the activation request email message with the authentication key generated from the activation password and stored in the Blackberry Configuration Database. If the authentication keys match, the blackberry Messaging Agent notifies the Blackberry device that the activation request has been received. The Blackberry Messaging Agent and the Blackberry device then generate their encryption keys that will be used to encrypt and decrypt all data

Points of Failure – Blackberry device, Messaging Agent



IssueReason Solution
The BB device stops responding at the Activating... status screen for 10 minutes. It then retries every 10 minutes, displaying a status of Retrying... after 40 minutes the process ends with the message The server is not responding. Please contact your System Administrator.

During this stage, the activation email messages with the ETP.dat attachment appear in the user’s mailbox.
The BES does not receive the UDP notification for the new email message from the Messaging Server.Confirm that there BES can communicate with the Messaging Server
Incorrect MAPI subsystem installed on the BES.Ensure the MAPIsubsystem is equal or higher than the Exchange versions – KB10197

Recreate the MAPI profile – KB10285

The BESAdmin account does not have the correct permissions to access the user’s mailbox and retrieve the ETP.dat activation email message.Ensure the BESAdmin account permissions are correct for the users mailbox – KB10823

The EPT.dat activation email message must arrive in the user’s mailbox before the BESAdmin account is notified is notified that the email message has been received.
An Error has occurred. Please contact your system administrator appears on the BB deviceThe Enterprise Service Policy has restricted which BB devices can be activated on the BESConfirm that the Enterprise Service Policy allows the BB device to be activated on the BES



1.1.3        Stage 3 - Receiving services

3.       At this stage, the BES and the Blackberry device have established an encryption key and have verified their knowledge of the encryption key to each other. The Blackberry device now displays the message Encryption Verified. Waiting for Services. All data between the BES and the Blackberry device from now on is compressed and encrypted using this encryption key.

4.       The Blackberry Messaging Agent forwards the request to the Blackberry Policy Service to generate the service books. The Blackberry Policy Service adds the unique authentication key that the Blackberry Domain uses to sign IT policy data and then forwards the IT policy data through the Blackberry Dispatcher to the Blackberry Router and then to the Blackberry device. The Blackberry Policy Service waits for confirmation from the Blackberry device that the IT policy has been applied successfully.

Points of Failure – Configuration database, Messaging Agent, Policy Service, Blackberry device


5.       The Blackberry device applies the IT policy and sends a confirmation to the BES. The IT policy applied to the Blackberry device. The IT policy applied to the Blackberry device is now in a read-only state and can be modified only by IT policy updates sent from the same Blackberry Domain.

Points of Failure – Blackberry device


6.       When the Blackberry Policy Service receives the confirmation that the IT policy has been applied successfully, the Blackberry Policy Service generates and sends the service books to the Blackberry device.

Points of Failure – Configuration database, Policy Service, Blackberry device


7.       The Blackberry device receives the service books and displays the following message Services Received. Your email address, is now enabled. At this point the users can send and receive email messages on the Blackberry device.

Points of Failure – Blackberry device


IssueReason Solution
The BB device stops responding at Waiting for Services...The BB Policy Service or the BB Synchronisation Service is not started or responding.Confirm that the BB Policy Service and the BB Synchronisation Service are started or restart the services if required.
The BB Policy Service is processing the service books and the IT policy.Allow sufficient time for the BB Policy Service to process the service books and the IT policy.
Another user with the same PIN is active in the BB Configuration Database.Remove the duplicate user account from the BES.
IT Policy Rejected. Please wipe handheld and try again appears on the BB device.The BB device was previously active on another BES and has a conflicting IT policy.

This happens when the previous BES and the current BES do not share the same BB configuration database.
The user must delete all data using the Security Wipe option on the BB device to allow the new BES to overwrite the IT policy from the previous BES.


1.1.4        Stage 4 – Slow Synchronisation

8.       The slow synchronisation process begins. The Blackberry device requests the synchronisation configuration information from the Blackberry Synchronisation Service, the configuration information indicates whether wireless data synchronisation on the BES is turn on and which PIM databases can be synchronised. The configuration information also provides database synchronisation types (one way or two way) and conflict resolution settings.

Points of Failure – Synchronisation Service, Blackberry device


9.       The Blackberry Synchronisation Service returns the configuration information and synchronises the databases in the Blackberry device.

Points of Failure – Configuration Database, Blackberry device, users’ mailbox, Synchronisation Service


10.   The slow synchronisation process is complete when all the databases are synchronised between the Blackberry device and the BES. The blackberry device displays Activation Complete and the user account status displays Completed in the BAS console.


IssueReason Solution
The EA process only completes the synchronisation process of the Calendar database.The BB Synchronisation Service is not started or responding.Confirm that the BB Synchronisation Service are started or restart the services if required.

Confirm that the MS XML parser is installed.
The BES has network connection issues with the MS SQL Server.Confirm that there are no network connectivity issues between the BES and the BB Configuration Database.
Not all databases synchronised successfully – Address Book appears on the BB device.Due to requirements for contact information, some entries in the Address Book application might have been skipped.Confirm that all contacts have a first name, last name or company name. When a contact entry is missing information in all 3 fields then the entry is not synchronised and this error message is displayed on the BB device.
PIM databases are not synchronised after the enterprise activation process has finished.The IT policy is disabling wireless bulk load, PIM synchronisation or individual PIM applications.Confirm that the IT policy allows for wireless synchronisation of PIM applications.
The EA process stops responding and the slow synchronisation process cannot complete.Content Protection is enabled on the BB Device.Turn off Content Protection before stating the EA process again.
Multiple users are attempting the slow synchronisation process at the same time.If Multiple users are attempting the slow synchronisation process at the same time, then it may take long to complete depending on BES settings and workload and the Messaging Server performance.
The Desktop [SYNC] service is corrupt.Delete and undelete the Desktop [SYNC] service books – if necessary resend from the BES.

Friday, October 19, 2012

Logs in c:\windows\system32\LogFiles\W3SVC1 filling up C: drive

A solution is to periodically purge the oldest logfiles. This is easily done by creating a scheduled task with following command:

C:\>Forfiles.exe /P C:\WINDOWS\system32\LogFiles\W3SVC1 /M *.log /D -30 /C "Cmd.exe /C del @path"



Thursday, October 18, 2012

Cannot open your default email folders Microsoft exchange is not available.Either there are network problems or the exchange server is down for maintenance.

You'll probably see Event ID 9646 is logged in the application event log of your Exchange Server 2003 computer for a client opening many MAPI sessions.

This KB relates to the error below:

However, i found that moving the users mailbox to another store resolved this issue without making registry changes.

On a server that is running Microsoft Exchange Server 2003, an event that resembles the following event is logged in the Application log:

Event Type: Error
Event Source: MSExchangeIS
Event Category: General
Event ID: 9646
Closing Mapi session "/o=Organization/ou=Administrative Group/cn=Recipients/cn=Recipient" because it exceeded the maximum of 32 objects of type "session".

When this issue occurs, you may also receive the following error message in Microsoft Office Outlook 2003:

Unable to open your default e-mail folders. The Microsoft Exchange Server computer is not available. Either there are network problems or the Microsoft Exchange Server is down for maintenance.

Ports that Systems Management Server 2003 uses to communicate through a firewall or through a proxy server

Port Requirements: SMS site server to Active Directory

SMS 2003 site servers require access to the Active Directory global catalog server in order to do the following:

  • Publish site systems to Active Directory

  • Publish and query for Active Directory site boundaries

  • Run Active Directory discovery methods

Service NameUDPTCP
RPC Endpoint Mapper135135
Global Catalog LDAPN/A3268
Global Catalog LDAP SSLN/A3269

Port requirements: SMS 2003 site server to the child site, to the secondary site, or to the SMS SQL Server

Port 445Server Message Block (SMB)

Port requirements: SMS 2003 site server to remote SMS SQL Server database. Proxy management points, management point, server locator points, and reporting points to the SMS SQL Server database

Port 1433TCP (SMS site server to SQL server)

Note For more information about SQL server ports, see the section “Microsoft SQL Server ports” section.

Port requirements: SMS 2003 Advanced Client to Active Directory

In an Active Directory environment, the Advanced client makes a Lightweight Directory Access Protocol (LDAP) query to the global catalog server to find a management point that matches the client’s IP address. The following ports are required in Active Directory to allow the client to contact the global catalog server.

Port 389UDP (User Datagram Protocol) LDAP Ping
Port 389TCP LDAP
Port 636TCP LDAP (SSL Connection)
Port 3268TCP (explicit connection to Global Catalog)
Port 3269TCP (explicit SSL connection to Global Catalog)

Port requirements: SMS 2003 Advanced Client to Management Point or to distribution point

Port 80Hypertext Transfer Protocol (HTTP)
Port 139Client sessions (for non BITS-enabled DPs)
Port 445Server Message Block (for non BITS-enabled DPs)

Note When you use a Background Intelligent Transfer Service (BITS)-enabled distribution point through a firewall, only port 80 needs to opened both the management point and BITS-enabled distribution point. All communications will be initiated from the client. If you are only opening port 80, you will need to specify the management point by using the following script:

dim oSMSClient 
set oSMSClient = CreateObject ("Microsoft.SMS.Client")
oSMSClient.SetCurrentManagementPoint "MP NetBIOS name",0
set oSMSClient=nothing

Without access to the active directory or WINS in the environment, the advanced client will need an lmhosts file on the client computers. You will need entries for one or more MPs. For example, the following MP has an IP address of a site code of AAA10.0.0.1 "MP_AAA x1A" #PRE. For more information about how to write an LMHOSTS file, click the following article number to view the article in the Microsoft Knowledge Base:
180094 How to write an Lmhosts file for domain validation and other name resolution issues

Port requirements: SMS Remote Control System service: Wuser32

Application protocolProtocolPorts
SMS Remote ChatTCP2703
SMS Remote ChatUDP2703
SMS Remote Control (control)TCP2701
SMS Remote Control (control)UDP2701
SMS Remote Control (data)TCP2702
SMS Remote Control (data)UDP2702
SMS Remote File TransferTCP2704
SMS Remote File TransferUDP2704

SMS Remote Control UDP

When you use NetBIOS over TCP/IP for SMS Remote Control, the following ports are used:

Port 137Name resolution
Port 138Messaging
Port 139Client sessions

Note When you use NetBIOS over Novell NWLink, you must configure the router to forward type 20 packets. Type 20 packets provide NetBIOS support.

Microsoft Windows NT UDP

The following list includes the core UDP ports that Windows NT uses, and it also lists their respective functions:

Domain Name System (DNS)UDP53
Dynamic Host Configuration Protocol (DHCP)UDP67
Remote procedure call (RPC)TCP135
Windows Internet Name Service (WINS)UDP138
NetBIOS datagramsUDP138
NetBIOS datagramsTCP139

Note The SMS Administrator console must have TCP port 135 open for communication. Otherwise, the console cannot display all the items in the console tree.

Microsoft SQL Server ports

If you use the TCP/IP Net-Library, enable port 1433 on the firewall. Use the Hosts file or an advanced connection string for host name resolution.

If you use named pipes over TCP/IP, enable port 139 for NetBIOS functions.

Microsoft does not recommend that you enable UDP ports 137 and 138 for NetBIOS name resolution by using B-node broadcasts. Instead, you can use a WINS server or an Lmhosts file for name resolution.

By default, SQL Server uses TCP (not UDP) port 1433 to listen on TCP/IP. To change the port, run SQL Server Setup on the server and then click Change Network Support. If SQL Server uses port 1433, the client Net-Library works. If SQL Server uses a custom port number, the client must specify that port in the Data Source Name (DSN).

SMS RAS Sender

SMS can also use the SMS RAS Sender with Point to Point Tunneling Protocol (PPTP) to send and to receive SMS site, client, and administrative information through a firewall. Under these circumstances, the following port is used:



To help improve the security of your computer, you can configure your firewall to use Internet Protocol (IP) filters that permit only registered addresses to pass through the firewall.

If you enable specific ports on a proxy server or on a firewall, this may affect the security of your computer. For additional information about security issues, visit the following Microsoft Web site:

For more information about how to restrict TCP/IP ports for DCOM, click the following article number to view the article in the Microsoft Knowledge Base:
300083 How to restrict TCP/IP ports on Windows 2000 and Windows XP

Tuesday, October 16, 2012

Modify Exchange 2003 Quotas above the 2Gb GUI AD Users and Computers Limit

Modify Exchange 2003 Quotas above the 2Gb GUI AD Users and Computers Limit

  1. Login to DC with ADSI Edit installed

  2. Create an MMC and add the ADSI Edit snap in

  3. Connect to the domain

  4. Navigate through ADIS Edit GUI to find user

  5. Right click and choose "properties"

  6. Modify these values

MDBOverQuotaLimit (Prohibit Send at.... value)

MDBStorageQuota (Issue Warning at....value)


Set MDBOverQuotaLimit = "3000000" to set a 3.0Gb limit

Set MDBStorageQuota = "2800000" to set a 2.8Gb warning


Tips- How to package software


Causes Setup.exe automatically to generate a silent setup file (.iss file), which is a record of the setup input, in the Windows folder.



cmd files must have drive letter
more info at
tick "suppress program notifications" to stop systray bubble/add and remove programs

Useful silent (un)install code:

  • msiexec /I "xxxx.msi" transforms="xxxx.mst" /qn /norestart (/qn shows no interface, /qb shows basic progress bar)

  • msiexec /x "xxxx.msi" /qn /norestart

  • C:\WINDOWS\IsUninst.exe -fC:\xxx\xxx.isu -a (-a is for silent)


Enter “imagex /info img_file“, where “img_file” represents the location of the WIM file. You should see now the description of the WIM file as an XML file. The name of the tag for the image number is IMAGE INDEX.

Create a new folder where the image shall be mounted. This is the image path. Now, you can mount the image:

imagex /mount img_file img_number img_path

imagex /mountrw img_file img_number img_path

Once you’ve modified the image you can unmount it with this command:

imagex /unmount /commit img_path


dism /Mount-Wim /wimfile:d:\boot.wim /index:1 /MountDir:d:\mount
dism /Mount-Wim /wimfile:d:\boot.wim /index:2 /MountDir:d:\mount
dism /Mount-Wim /wimfile:d:\install.wim /index:3 /MountDir:d:\mount

dism /Mount-Wim /wimfile:"E:\DeploymentShare\Operating Systems\Windows7x64-Aug12\Windows7x64.wim" /index:1 /MountDir:e:\mount
dism /Unmount-Wim /MountDir:e:\mount /commit
Dism /image:e:\mount /Set-UserLocale:EN-gb
Dism /image:e:\mount /Set-UILang:EN-us
Dism /image:e:\mount /Set-SysLocale:EN-gb
Dism /image:e:\mount /Set-InputLocale:EN-gb
Dism /image:e:\mount /Set-AllIntl:EN-gb
Dism /image:e:\mount /Set-SKUIntlDefaults:EN-gb


Add Drivers to Vista Boot Image

1. Update the WDS boot image to include the new third-party network driver. To do this, follow these steps.

Note The following procedure assumes that the Windows Automated Installation Kit (AIK) is installed on the WDS server. If the Windows AIK is not installed on the WDS server, you can perform the same procedure on another computer that does have the Windows AIK installed. Then, map a network drive to the WDS server.
a. On the WDS server, click Start, click Run, type wdsmgmt.msc, and then press OK.
b. Under your WDS server, double-click Boot images.
c. Right-click the boot image that you want, and then click Disable.
d. Right-click the same boot image, click Properties, and then click General.
e. Note the name and location of the boot image that is displayed in the File name box.
f. At a command prompt, type the following:
C:\program files\windows aik\tools\petools\copype.cmd x86 c:\windowspe-x86
Note Keep this command prompt window open for the next step.
Imagex /info o:\remoteinstall\boot\x86\images\kinstall.wim

  • Drive:\remoteinstall represents the path at which the Remoteinstall folder is installed.

  • Boot.wim is the name of the boot image.
    g. Note the boot index number of the bootable image that is displayed. To identify the boot index number, locate the line that contains "boot index: X."

Note X is the boot index number. The number indicates that image number X is marked as bootable and that the image is to be updated. The second image is the default image that you would typically modify. However, always verify which image is marked as bootable.
h. At a command prompt, type the following:
Imagex /mountrw Drive:\remoteinstall\boot\x86\images\boot.wim 2 mount
peimg /inf=driver.inf mount\Windows
imagex /unmount /commit mount

  • Drive:\remoteinstall represents the path at which the Remoteinstall folder is installed.

  • Driver.inf is the name of the third-party driver.

  • The Imagex /mountrw command mounts the specified image, with read/write permissions, to the specified directory.
    2. Enable the boot image on the WDS server. To do this, follow these steps:
    . On the WDS server, click Start, click Run, type wdsmgmt.msc, and then click OK.
    a. Under WDS server, double-click Boot images.
    b. Right-click the boot image that you want, and then click Enable.


copype.cmd x86 c:\windowspe-x86

imagex /info O:\RemoteInstall\Boot\x86\Images\Kcapture.WIM

imagex /mountrw O:\RemoteInstall\Boot\x86\Images\Kcapture.WIM 3 mount


[ option1- one driver]

peimg /inf="[path to .inf]" /image=C:\windowspe-x86\mount


[ option2- multidriver]

for /R O:\RemoteInstall\driver_to_inject\network\760-960\780 %i in (*.inf) do peimg /inf=%i c:\windowspe-x86\mount\windows\


imagex /unmount /commit C:\windowspe-x86\mount

imagex /unmount /commit mount




Microsoft deployment Toolkit (MDT)

These instructions are brief and hopefully a useful first step.

How to deploy and Windows server 2003 image to bare metal (set to capture the file at the end of the task sequence)

1 On the computer you wish to deploy an OS instance power on and press F12 when prompted.  Select network boot (PXE boot).  Be ready to press F12 again when prompted otherwise it will time out and proceed to the next item in the boot order. Proceeding will Format the computer and delete all data!
2 Select 'Lite Touch Windows PE (x64)-Engineering' to pull down the WinPE file.
3 This produces a MDT Wizard, enter your domain credentials.
4 Select 'Microsoft Server 2003 Standard x64' from the task sequence.
5 Complete the wizard and 'begin'.
5.1 If you choose to capture the image after deployment specify the capture location as \\contoso\DeploymentShareEng$\captures
6 Upon completion you will have Server 2003 installed (and if selected a captured image).

How to sysprep and capture a current image.

1 On the computer you wish to capture click Start > Run and type \\contoso\DeploymentShareEng$\scripts\LiteTouch.vbs
2 This produces a MDT Wizard, enter your domain credentials.
3 Select 'sysprep and capture' from the task sequence.
4 Save the capure to \\contoso\DeploymentShareEng$\captures
5 Complete the wizard and 'begin'.
6 Upon completion you will have a WIM file located in \\contoso\DeploymentShareEng$\captures which can be used in other task sequences.

Microsoft Office 2007 Pro Plus troubleshooting

Microsoft Office 2007 Pro Plus

Microsoft Office 2007 Pro Plus 

Microsoft Office Excel 2007 to analyze your business information, create spreadsheets, and track time, costs, resources, and people
Microsoft Office Word 2007 to create, manage, save, and edit documents
Microsoft Office Publisher 2007 to produce professional publications
Microsoft Office Outlook 2007 to manage tasks, daily appointments, and email
Microsoft Office PowerPoint 2007 to create dynamic sales presentations
Microsoft Access 2007 to create a database and then filter, sort, graph, and visualize business information
InfoPath 2007 to lower the cost of executing business transactions and processes with advanced electronic forms technologies

Trouble shooting section

Issue: Error starting Outlook: "Cannot start Microsoft Office Outlook. Cannot open the Outlook window."

Cause and FIX
This problem can occur when file that maintains the Navigation Pane settings becomes corrupted. This file is called profilename.xml, where profilename is the name of your Outlook profile. This file is stored in the following folder:

•Windows XP

C:\Documents and Settings\username\Application Data\Microsoft\Outlook

•Windows Vista, Windows 7

A good indication this file is corrupted is when the file size is 0 KB.

To resolve this problem, use the following steps.

1.On the Start menu click Run.
2.In the Run dialog box, type the following command:

Outlook.exe /resetnavpane

Note: There is a space between "Outlook.exe" and "/resetnavpane"

3.Click OK
Issue: Exchange 2003 SP2 and Outlook 2007, mapped mailbox indicates the inbox has one or more unread messages.  However, they are not being displayed in the reading pane.

Connecting directly to the mailbox via wmail reveals the unread messages as well many more read emails that were not present in the mapped mailbox.

Cause and FIX

1 You are able to see all emails when connecting to the mailbox directly (i.e via wmail) but not as a mapped mailbox. The reason is the emails are being sent with a special properties set. The 'sensitivity' setting is defined as 'Private' which mean only the intended recipient user can see the email not users sharing the mailbox.
Issue: Outlook starts with the error message "There is no email program associated to perform the requested action"

Cause and FIX
After clicking on the OK button Outlook appears to respond correctly. Does not relate to missing Plugins or other messages, only when you start Outlook the first time.  Looking at Default file extensions in Windows 7 was not revealing as the current settings mimic another working computer.

After investigation the FIX involved copying [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Microsoft Outlook] registry from another working computer.  The computer with the error message was missing all of the keys even after re-installing the software.

Issue: If a user has an issue where PowerPoint changes the hyperlink the user inputs from (e.g.) M:\Eng\pdfexample.pdf to ../../root/eng/pdfexample.pdf then please follow the below instructions to fix:

Following stops PowerPoint messing with links on save.

Tools -> Options -> General -> Web Options -> Files -> Update links on save.
Needs to be unchecked.

How to enable Sharepoint, Kerberos and NTLM on Firefox

Sharepoint compatibility with firefox

This is to enable Sharepoint,  Kerberos and NTLM on Firefox.

Filter for network.automatic-ntlm-auth.trusted-uris
Enter: domain.local,,

Filter for: network.negotiate-auth.delegation-uris

Enter: domain.local,,

Filter for: network.negotiate-auth.trusted-uris

Enter: domain.local,,

PDF writer returns multiple PDF documents not just one!

Q) When i go to produce a PDF from an Excel spreadsheet, it will break my multi worksheet document into several PDF requests.

A) The issue was caused by having different page properties on different worksheets. When sent through the Adobe PDF printer (or Cute PDF) as soon as it got to a worksheet with different properties is will see it as a different request and prompts for a PDF file name.

To resolve this issue see below.

1 Right click a worksheet and "select all sheets"
2 Select 'Page Layout' tab and 'Print Titles'
3 On the 'Page' tab select the print quality to 600 DPI and click OK

This will make a change on all worksheets, and if you go to file print or through Acrobat > combine it will convert all

How to collect information on a computer remotely

Open a command prompt and type  wmic csproduct get identifyingnumber,vendor,name
This will query WMI and return the Serial number, Computer model, Manufacturer.

Windows keyboard shortcuts

1. Windows Logo + L

Walking away from the screen for a while? Keep prying eyes out of your stuff with this quick shortcut that locks the PC instantly.

2. Shift + Delete

The lazy way to delete stuff in Windows is to drag it to the Recycle Bin. An even lazier way is to highlight the file and press Delete. And if you're ultra-lazy (and smarter than the average user), you can bypass the Recycle Bin entirely by pressing Shift + Delete. The downside is that you won't get the opportunity to easily restore the file from the Recycle Bin if you later decide you want it back, but you also won't have to bother emptying the Recycle Bin if you use this method to ditch unwanted files.

3. Shift + CTRL + N

Windows 7 made it a little easier to create new folders in Windows Explorer. Now you can just hit Shift + Ctrl + N in any folder to create a new untitled folder right where you are. The new folder will appear with the name ‘New folder' already highlighted so you can type in your own name for it and hit Enter to move on to the next task.

4. Windows + M (or Windows + D)

Got a bazillion windows cluttering your screen? Press Windows + M to instantly minimize all current windows to the Taskbar. It's a great way to restore your sanity, and an even better way to hide what you're working on from unexpected interlopers. When you want all the windows back again, press Windows + Shift + M and every currently running window will pop open again.

5. Windows + Spacebar

If you just want to take a quick peek at your desktop (for instance, to locate a file you've dropped there), there's no need to completely minimize all your windows with the Windows + M shortcut. Instead, press Windows + Spacebar, and all of your open windows will turn transparent so you can see right through them. This even works with maximized windows and full-screen views. To return your view to normal, simply let go of the keys.

6. Windows + Shift + Left or Right Arrow

If you use a dual-monitor setup to maximize your screen real estate, you might like to use one monitor as your primary working screen and the other as a holding pen for active windows. Or maybe you just need to move a window from one side to the other for some reason. In either case, hitting Windows + Shift + Left Arrow will move a current window to from the right display to the left, and using Right Arrow will move it from the left display to the right. If you only have one monitor, these commands will dock your window to the designated side of the screen.

7. Windows + 1, 2, 3, etc.

Windows 7 introduced a new feature that lets you pin apps to your Taskbar for quick access. An even quicker way to access those apps is with this slick keyboard shortcut. Press Windows + 1 to launch the first pinned app in your Taskbar (from left to right). Windows + 2 launches the second one, Windows + 3 launches the third one, and so on.

8. Windows + T

Windows + number launches pinned apps in your Taskbar, but if your apps are already open, there's a quick way to scroll through them. Press Windows + T and you'll highlight the first open app in your Taskbar. Press it again and you'll move to the second open app. As you scroll through them, you'll get a preview box just as you would if you were hovering over the icon with your mouse. When you get to the app you want, hit Enter to bring it to the foreground. This shortcut only works with open apps, and ignores unopened apps that you've pinned to your Taskbar.

9. Windows + (+/-)

Want a closer look at whatever's on your screen? Hit Windows and + to zoom in for a magnified view. While you're magnified, moving the mouse around the screen will move you to the far corners and bring them into view. Windows and - zooms you back out again.

10. How to quickly open browser tabs in the background

You could right-click the link and choose "Open Link in New Tab," but this little keyboard shortcut can save you the trouble. All you have to do is hold down the Control key (on Windows) or Command (on Mac) and click the link you want to open. This will open a tab in the background and you won't have to deal with it right away. You can also do this with bookmarks and bookmark folders that are sitting in your toolbar.

How to remove Windows 7 Offline files (I tested this on Win7 and it worked for me):

1. Navigate to the following location in the registry:

2. Create a new DWORDValue called FormatDatabase , with the value 1
3. Reboot (the new key we created will delete itself after rebooting along with the Offline cache)

Transparent Caching

When you enable transparent caching, Windows 7 keeps a cached copy of all files that a user opens from shared folders on the local volume. The first time a user opens the file, the file is stored in the local cache. When the user opens the file again, Windows 7 checks the file to ensure that the cached copy is up to date and if it is, opens that instead. If the copy is not up to date, the client opens the copy hosted on the shared folder, also placing it in the local cache. Using a locally cached copy speeds up access to files stored on file servers on remote networks from the client. When a user changes a file, the client writes the changes to the copy of the file stored on the shared folder. When the shared folder is unavailable, the transparently cached copy is also unavailable. Transparent caching does not attempt to keep the local copy synced with the copy of the file on the remote file server as the Offline Files feature does. Transparent caching works on all files in a shared folder, not just those that you have configured to be available offline.

Transparent caching is appropriate for WAN scenarios and has several similarities to BranchCache. Some significant differences are that clients on the local area network do not share the cache and that file servers hosting the shared folders do not need to be running Windows Server 2008 R2 to support transparent caching. It is also possible to use transparent caching on clients running Windows 7 Professional and on clients that are not members of an AD DS domain, something that is not possible with BranchCache. Windows 7 triggers transparent caching when the round-trip latency value exceeds the amount specified in the Enable Transparent Caching policy

Before Windows 7, to open a file across a slow network, client computers always retrieved the file from the server computer, even if the client computer had recently read the file. With Windows 7 transparent caching, client computers cache remote files more aggressively, reducing the number of times a client computer might have to retrieve the same data from a server computer.

The first time a user opens a file in a shared folder, Windows 7 reads the file from the server computer and then stores it in a cache on the local disk. The second and subsequent times a user reads the same file, Windows 7 retrieves it from disk instead of reading it from the server computer.

To provide data integrity, Windows 7 always contacts the server computer to ensure the cached copy is up-to-date. The cache is never accessed if the server computer is unavailable, and updates to the file are always written directly to the server computer. Transparent caching is not enabled by default on fast networks.

IT Professionals can use Group Policy to enable transparent caching, to improve the efficiency of the cache, and to save disk space on the client, configuring the amount of disk space the cache uses and preventing specific file types from being synchronized.

These benefits are transparent to end-users and provide an experience for users at branch offices that more closely resembles the experience of being on the same LAN as servers. Additionally, the improved cache efficiency can reduce utilization across WAN links.

Microsoft TechNet Web page:


Removing device drivers from Windows machines

Applies to: All versions of Windows.

Follow these steps to view and remove these unnecessary device drivers:

  1. Press [Windows]+[Break] to bring up the System Properties dialog box.

  2. Select the Advanced tab and click the Environment Variables button.

  3. Click the New button below the System Variables panel.

  4. In the New System Variable dialog box, type devmgr_show_nonpresent_devices in the Variable Name text box and 1 in the Variable Value text box.

  5. Click OK to return to the System Properties dialog box and then click OK again.

  6. Select the Hardware tab and click the Device Manager button.

  7. In Device Manager, go to View | Show Hidden Devices.

  8. Expand the various branches in the device tree and look for the washed out icons, which indicate unused device drivers.

  9. To remove an unused device driver, right-click the icon and select Uninstall.

How to sign a powershell script

How to sign a powershell script

$cert=(dir cert:currentuser\my\ -CodeSigningCert)

Set-AuthenticodeSignature demoscript2.ps1 $cert -TimestampServer

My PKI root is called pki.harper.labs, and it is already trusted by my domain members, as shown in the following image.

I will follow these steps:

  1. Make the code signing certificate template available on my issuing certificate server.

  2. Request a code signing certificate for my user.

  3. Sign my Windows PowerShell script and run it.

  4. Deploy the code signing certificate as a trusted publisher through Active Directory.

Step 1: Make the code signing certificate template available on my issuing certificate server

Let’s start with making the code signing certificate available on the issuing certificate server so that our certificate server will issue code signing certificates. I do this at the issuing certificate server, and I start the Server Manager console and open the Active Directory Certificate Services node.

We will start with a look at the code signing certificate template. Find the template in the Certificate Templates node right under the Enterprise PKI node. This is called the Certificate Templates snap-in (and if you want you can open it up as a standalone snap-in in the Microsoft Management Console [mmc.exe]). This is shown in the following image.

I will not discuss how to create copies of the template here, so I will just use the existing certificate template. If you double-click the code signing template, you will get a property sheet with a few tabs, as shown in the following image.

Because we are not creating a duplicate copy, we cannot change any of the values on the General tab. If we created a duplicate, we could change those. For example, how long should the certificate be valid? The same goes for Request HandlingSubject Name, and Extensions. If we wanted to change those, we would have to create a duplicate.

What we will look at is the Security tab. We are interested in the permission to enroll---who should be able to enroll for a code signing certificate? I create a group in Active Directory called Codesigners, and I grant the Read and Enroll permissions shown in the following image.

Then I make members of this group the users who should be able to get a code signing certificate. I click OK, and continue to the make the certificate template available on my issuing certificate server.

Next, I open the Certificate Authority console (the node is named pki.harper.labs in my environment, and is found under the Certificate Templates node in Server Manager, as shown in the next image). In the Certificate Authority console, you also see a Certificate Templates node. If you want to check if the code signing certificate template is available for enrollment, see if it is shown in the list. This is shown in the following image.

If the code signing template is not shown, we will add it. Right-click the Certificate Templates node, point to New, and then click Certificate Template to Issue, as shown in the following image.


From the list that appears, such as is shown in the following image, select the code signing template, and then click OK. This list is read from Active Directory, and if you just created the template, you might have to wait until it is replicated to all domain controllers.

We are now able to request a code signing certificate, and enroll the users we gave Enroll permission on the template.

Step 2: Request a code signing certificate for my user

This step is done from my client computer, as a user that is member of the Codesigning group. I open the certificates snap-in through the Microsoft Management Console (mmc.exe). Then I add the Certificates snap-in by clicking File, and then clicking Add/Remove Snap-in. This is shown in the following image.

Click Certificates in the left pane, as shown in the following image. Click Add, and then click OK.

You want the snap-in to manage your user account, so click My user account. Now that you have loaded the snap-in, let’s request a code signing certificate. Right-click Personal, point to All Tasks, and then click Request New Certificate.

Just click Next in the first dialog box. Because we are requesting a certificate from our enterprise PKI, in the next dialog box, select the Active Directory Enrollment Policy, and then click Next, as is shown in the following image.

Because we made the code signing template available in step 1, you should see the template for code signing available for enrollment. You only see the certificates you have permissions for in the list, so if the code signing template does not show up, have a closer look at the permissions. Click the Code Signing certificate. If you look at the details, you will see the validity period of the certificate (the default template is one year or 365 days, as the details say).

All the information that is needed to create the certificate is automatically configured, but if you want, you can change some of it if you click Properties. For example, if you want to make the private key exportable so that you can export/import the private keys to other computers, you can configure this by clicking Properties, and then clicking the Private Key tab, as shown in the following image. This is necessary if you want to use the same certificate on multiple computers.

When you are ready, click Enroll. Wait while the certificate is being generated and issued. Click Finish. You have now created a certificate for code signing!

Just a quick reminder that your requirements for signed scripts are set using the Set-ExecutionPolicy cmdlet (or by Group Policy).

UnrestrictedNo requirements; all scripts allowed
RemoteSignedAll local scripts allowed; only signed remote scripts
AllSignedAll scripts need to be signed
RestrictedNo scripts allowed

For this demonstration, my executionpolicy is set to AllSigned. If I just try to run my script, it will fail, as shown in the following image.

We will use the cmdlet Set-AuthenticodeSignature to sign the script. I will start storing the code signing certificate in a variable named $cert.

$cert=(dir cert:currentuser\my\ -CodeSigningCert)

Then I am ready to sign my script with the Set-AuthenticodeSignature cmdlet. This is shown in the following image.

As you see, the status is valid, so the signing was successfully done. Please note that I recommend that you supply theTimeStampServer parameter. This will make sure the script works even though the certificate that signed it is expired. It will tell the system that the code signing certificate was valid at the time of signing. (Okay, I can imagine there are some situations where this might not be correct, but I also guess it will be good enough for most of us.) If you do not use theTimeStampServer parameter, the script will stop to work when the certificate used for signing expires. There are multiple sources for timestamping out there. Use one that suits you.

Let us try to run the scripts again, and see what happens. The results are shown in the following image.

We get a question if we want to run the script or not. The question says that this is a script from an untrusted publisher. In Step 4, I will show you how to make the publisher (code signing certificate) trusted for your domain.

As for this computer, you can now make this publisher trusted by choosing A for Always run. If you choose V for Never run, you will explicitly make this publisher untrusted, and scripts signed by this certificate will not run.

Let’s stop and see what exactly is happening here. If you make any choice persistent (such as Always run or Never run), the code signing certificate is stored as a trusted or untrusted publisher on your computer. You can see this through the GUI if you open mmc.exe and load the Certificates snap-in, as shown in the following image.

Or, you could also do this from Windows PowerShell:

dir cert:\CurrentUser\TrustedPublisher

dir cert:\CurrentUser\Disallowed

As you will see in Step 4, you can also control this setting through Group Policy. For now, you can just click Run Once, and the script is allowed to execute. If you open the script, you will see that the signature is attached at the bottom.

You can also use validate the signature using the Get-Authenticode cmdlet.

In this step, I showed you how to sign a Windows PowerShell script, and also how to make it trusted or untrusted on your computer. In the next step, we will make the code signing certificate trusted in our domain using group policy.

Step 4: Make the code signing certificate trusted in my domain

If you were to deploy this in your domain, you would probably use Group Policy to make sure the code signing certificate in use is a trusted publisher. To do this there a two steps:

1. Export the code signing certificate.

2. Create a policy and import the code signing certificate into trusted publishers.
Export the code signing certificate

Let’s start with exporting the code signing certificate from the client computer where we requested the certificate.

Start the Certificates snap-in as shown in Step 2 yesterday. Open the Personal node, and then Certificates. In the content pane, you will now see your certificate. (The one with Intended Purpose set to Code Signing). Right-click the certificate, click All Tasks, and then click Export. You can see this in the following image.

Click Next in each of the three dialog boxes you see. Make sure that you save the certificate somewhere you can access it from the computer on which you are going to run Group Policy Management. There is no security risk making the public part of this certificate available, so you can store it wherever you want.

This finishes the export part from the client. Now we need to open up the Group Policy Management Console. This is a part of the Server Administration tools and is usually found if you have installed RSAT (Remote Server Administration Tools) on your client or on your domain controller. For this demonstration, I will run this from one of my domain controllers.
Create a policy and import the code signing certificate into trusted publishers

When I open the Group Policy Management Console, I start by creating a new policy. I open my domain (harper.labs), right-click it, and click Choose Create a GPO in this domain, and link it here.

Make sure that you create this Group Policy object (GPO) where you want it in your own domain. For this demonstration, I create it at the domain level. I give the policy the name Certificates Policy, and I click OK.

Select the policy (Certificates Policy) in the navigation pane, right-click it, and click Edit, as shown in the following image.

Wait for the Group Policy Editor to start, and then click Computer Configuration, click Policies, click Windows Settings, and then click Public Key Policies. You are now ready to start the import. Right-click Trusted Publishers, and then clickImport.

In the dialog box that asks you for the certificate to import, select the certificate you exported earlier. Then click Next.

As shown in the following image, make sure the certificate is placed in the Trusted Publishers store, and click Next.

Now finish the wizard by clicking Finish. You have imported the certificate as a trusted publisher, which is shown in the following image.

You can confirm this by looking inside the Trusted Publishers node in the Group Policy Editor as shown in the following image.


So, the next time the policy is updated on computers in your domain, they will add this certificate as a trusted publisher. You can now run scripts signed by this certificate without being asked if the certificate is trusted or not. You can also do the same with untrusted certificates if you want.

I will test this from my client computer. I will first make sure that the certificate is not in my trusted publishers list. This should be done through the Certificates snap-in on my client.

Then I run gpupdate /force from my Windows PowerShell window. The results are shown in the following image.

When the update is finished successfully, I refresh the Trusted Publishers list in my Certificates snap-in. My certificate should now be listed as trusted, as shown in the following image.

Psh[Cookham8]>Set-AuthenticodeSignature .\helloworld.ps1 -cert $cert

   Directory: C:\foo

SignerCertificate                         Status                                       Path                                        

-----------------                         –----                                       –--                                        

                                         UnknownError                                 helloworld.ps1      

If I then use notepad to save the file as ansii, the results are what you want.

Psh[Cookham8]>Set-AuthenticodeSignature .\helloworld.ps1 -cert $cert

   Directory: C:\foo

SignerCertificate                         Status                                       Path                                        

-----------------                         –----                                       –--                                        

D42B4A6B4DBB8C697E5CA2CDD51A7F1F9325B632  Valid                                        helloworld.ps1     

Thursday, October 11, 2012

VAMT Find out what kind of Product Key you have

We will use the VAMT 2.0 tool to accomplish this task. VAMT 2.0 can decode the following types of keys:

MAK keys
KMS keys
Retail keys
OEM keys

Monday, October 8, 2012

Client push fails when the System Center Configuration Manager 2007 Management Point is installed in Windows Server 2008

When the System Center Configuration Manager 2007 Management Point (MP) is installed on a Windows Server 2008 based computer, client push installations may fail with an error message that resembles the following:

Failed to correctly receive a WEBDAV HTTP request.

Failed to successfully complete HTTP request. (StatusCode at WinHttpQueryHeaders: 405)

Sending Fallback Status Point message, STATEID='301'.

State message with TopicType 800 and TopicId {44ECCF16-A66D-4FD0-B127-808F39B21380} has been sent to the FSP

Sunday, October 7, 2012

OS WIM WAIK 1.1 Tools command lines

Adding Drivers Using WAIK 1.1 Tools

If you were wondering how to execute the procedure using the WAIK 1.0 or 1.1 tools, here it is:

1. Mount the WIM file using imagex tool:
IMAGEX /MOUNTRW "O:\Windows7.wim" 1 o:\mount

2. Inject drivers using peimg tool:
peimg /inf=O:\H8DA8-2\S2K3_64\*.inf /image=o:\mount

*.inf is representing all the previous drivers that we added above. Repeat the command line for each file.

3. Commit changes:
imagex /unmount /commit o:\mount

4. Add the new “Lite Touch Windows PE.WIM” on WDS as a “Boot Image”

dism /online /get-drivers /Format:Table > c:\Driver-online.txt

Dism.exe /mount-wim /wimfile:"O:\Windows7.wim" /index:1 /mountdir:o:\mount
dism /image:"o:\Temp\mount" /add-driver /driver:"O:\temp\drivers\iaAHCI\iaStor.inf"
Dism /unmount-wim /Mountdir:o:\mount /commit



reg load HKLM\MY_SYSTEM "Windows\System32\config\system"
reg delete HKLM\MY_SYSTEM\WPA /f
reg unload HKLM\MY_SYSTEM

slmgr /dlv

slmgr /ipk HMG6P-

Windows Server 2008 R2 Standard