Sherry Kissinger at myITforum.com

MVP - 2008

I got an email (anxiously awaited for) that I've been awarded MVP status for another year.  I'm honored to be among such excellent company.  If you look at the list, most of them have written books, tools, or devote a good chunk of their lives to running a web site.

Security Certificates, Trusted Publishers, and ClickOnce Apps

Report on Local Administrators Group membership - updated

Ward Lange's original mof edit works great for 2000 and xp; but for Windows 2003 servers and Vista, the "BUILTIN" needed to be replaced with the local computer's name.  Unfortunately, I have yet to hear of a way to use a dynamic variable in the MOF.

Mike Seely posted a script on the forum. With his permission I've used it to show a different method to gather the contents of the local Administrators group.

• Edit inboxes\clifiles.src\hinv\sms_def.mof.  At the very bottom, add these lines.  These are identical to Ward Lange's mof edit, so if you've already implemented that one, no need to change anything.
  [ SMS_Report (TRUE),SMS_Group_Name ("LocalAdmins"),SMS_Class_ID ("MICROSOFT|LocalAdmins|1.0")]
  class Win32_LocalAdmins : SMS_Class_Template
  {
  [SMS_Report(TRUE), key] string AccountName;
  [SMS_Report(TRUE), key] string GroupName;
  };
• Do not add anything to Configuration.mof.  If you've previously implemented Ward Lange's, remove the section from configuration.mof.  If you are on SMS2003 (not configMgr) and have already implemended Ward Lange's edit, you will want to remove the data section, leaving just the reporting section (the section above).
• Attached is a .txt file; rename it to .vbs.  Place it in a Source folder, and create a package/program for it, to run whether or not user logged in. 
• The Collection Query I suggest using for the advertisement is this, I'd set it to be recurring every few days so if a machine loses the WMI information somehow, it gets it back.
  
  select SMS_R_SYSTEM.ResourceID
  from SMS_R_System
  where
  SMS_R_System.ResourceId not in
   (select SMS_R_System.ResourceId
    from  SMS_R_System
    inner join SMS_G_System_LOCALADMINS on SMS_G_System_LOCALADMINS.ResourceID = SMS_R_System.ResourceId
    where SMS_G_System_LOCALADMINS.AccountName is not null)

So, what does this combination do?  The sms_def.mof edit will set your hardware inventory policy to report on local administrators group membership.  The vbscript advertisement will create the WMI data entry using the computer name.  It doesn't really matter if configuration.mof built it or something else built it--once it's there, Hardware Inventory policy will be able to use it.

A sample report to use once you have this data:

select distinct Name0 as 'Computer Name', substring(AccountName0,charindex('Domain=',Accountname0)+8,(charindex('Name=',Accountname0)-charindex('Domain=',Accountname0)-10)) as 'Domain Name', substring(AccountName0,len(AccountName0)-charindex('"',reverse(AccountName0),2)+2,charindex('"',reverse(AccountName0),2)-2) as 'User Name'
from v_GS_SYSTEM INNER JOIN v_GS_LocalAdmins ON v_GS_SYSTEM.ResourceID = v_GS_LocalAdmins.ResourceID where (AccountName0 not like '%Administrator%' AND AccountName0 not like '%Domain Admins%')

Note 1: The vbscript specifically looks for members of the 'Administrators' group.  If you have alternate groups you need to look for, like Administrateurs, or Administraten, modify the script.

Note 2: The vbscript is currently specifically for x86; it will need adjusting to work on x64 OS'

Original article (includes screenshots of what the sample report looks like): http://www.myitforum.com/articles/8/view.asp?id=9735

MDT 2008 Tattoo mof edit

By request, and untested, the tattoo placed in the registry for the HKLM\software\deployment 4\Deployment Method string regkey. 

//`'`*._.*`'`*-
//  Reporting Class - for ConfigMgr, put this section in sms_def.mof
//`'`*._.*`'`*-
 
 [SMS_Report(TRUE), SMS_Group_Name("MDT2008 Tattoo"),SMS_Class_ID("Microsoft|MDT2008_Tattoo|1.0")]
 class MDT2008_Tattoo : SMS_Class_Template
{
 [SMS_Report(TRUE),key] string KeyName;
 [SMS_Report(TRUE)]     string DeploymentMethod;
};

//`'`*._.*`'`*-
//  Data Class - for ConfigMgr, put this section in configuration.mof
//`'`*._.*`'`*-

 [DYNPROPS]
 class MDT2008_Tattoo
{
 [key] string  Keyname="";
       string  DeploymentMethod;
};

[DYNPROPS]
instance of MDT2008_Tattoo
{
KeyName = "MDT2008 Tattoo";
[PropertyContext("local|HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Deployment 4|Deployment Method"),
Dynamic,Provider("RegPropProv")] DeploymentMethod;
};

NOTE:  The above was formatted for ConfigMgr, if you are on SMS2003 remember to add in #pragma namespace("\\\\.\\root\\cimv2\\SMS") under the // Reporting class comment, and #pragma namespace(\\\\.\\root\\cimv2)  under the //Data class comment.  Under sms2003, those #pragma namespace entries are to inform WMI where the following lines reference.  In ConfigMgr, sms_def.mof is only for stuff in root\cimv2\sms, and configuration.mof is only for stuff in root\cimv2, so you don't have to repeat yourself.  It won't hurt it to put in it, but it's kind of redundant.

McAfee 8.x Enterprise sms_def.mof Edit - ConfigMgr

I had a blog entry for SMS2003; but now that I'll be soon going to production w/ConfigMgr myself, thought I'd share some of the edits.

As you may or may not know, the main differences between SMS 2003 and ConfigMgr 07 are:

• No more need to mofcomp on the clients
• sms_def.mof is for the Reporting classes (what makes up the policy that the clients pick up from the MP)
• configuration.mof is for the Data classes (what the clients auto-compile when changes are detected, like this one)
• No more need to add the #pragma namespace("\\\\.\\root\\cimv2") or #pragma namespace("\\\\.\\root\\cimv2\sms"); because you are no longer switching between data & reporting classes within the same mof file.

With that in mind, below are what you would add to sms_def.mof and configuration.mof on your primary site servers' inboxes\clifiles.src\hinv in order to enable reporting on McAfee 8.x and EPO 3.x

Add to SMS_Def.mof, at the bottom

//  <:[-<>>>>>>>>>>>>>>>>>>>Start>>-Network Associates/McAfee Anti-Virus-<<Start<<<<<<<<<<<<<<<<<>-]:>
//`'`*._.*`'`*-
//  McAfee Reporting Class
//`'`*._.*`'`*-
[SMS_Report(TRUE),SMS_Group_Name("McAfee_Virus_Scan"),SMS_Class_ID("SMSExpert|McAfee_Virus_Scan|1.0")]
Class McAfee_Virus_Scan : SMS_Class_Template
{
  [SMS_Report(TRUE),key]  string  KeyName;
  [SMS_Report(TRUE) ]     string  szCurrentVersionNumber;
  [SMS_Report(TRUE) ]     string  szDatVersion;
  [SMS_Report(TRUE) ]     string  szEngineVer;
  [SMS_Report(TRUE) ]     string  szEngineVerMinor;
  [SMS_Report(TRUE) ]     string  szDatDate;
};
//  <:[-<>>>>>>>>>>>>>>>>END>>-Network Associates/McAfee Anti-Virus-<<END<<<<<<<<<<<<<<>-]:>
//  <:[-<>>>>>>>>>>>>>>Start>>-Network Associates/McAfee ePO Agent-<<Start<<<<<<<<<<<<<<>-]:>
//`'`*._.*`'`*-
//  McAfee ePO Agent Reporting Class
//`'`*._.*`'`*-
[SMS_Report(TRUE),SMS_Group_Name("McAfee_ePO_Agent"),SMS_Class_ID("SMSExpert|McAfee_ePO_Agent|1.0")]
Class McAfee_ePO_Agent : SMS_Class_Template
{
  [SMS_Report(TRUE),key] string  KeyName;
  [SMS_Report(TRUE) ]    string  szePOVersion;
  [SMS_Report(TRUE) ]    string  szePOName;
  [SMS_Report(TRUE) ]    string  szePOGUID;
  [SMS_Report(TRUE) ]    string  szePOInstallPath;
};
//  <:[-<>>>>>>>>>>>>>>>>END>>-Network Associates/McAfee ePO Agent-<<END<<<<<<<<<<<<<<>-]:>

Add to Configuration.mof, at the bottom

//  <:[-<>>>>>>>>>>>>>>>>>>>Start>>-Network Associates/McAfee Anti-Virus-<<Start<<<<<<<<<<<<<<<<<>-]:>
//`'`*._.*`'`*-
//  McAfee Data Class
//`'`*._.*`'`*-
[DYNPROPS]
Class McAfee_Virus_Scan
{
  [key] string  KeyName="";
        string  szCurrentVersionNumber;
        string  szEngineVerMinor;
        string  szDatVersion;
        string  szEngineVer;
        string  szDatDate;
};
//`'`*._.*`'`*-
// Instance of McAfee for Enterprise 8.5
// Contributed by Jane McLeish/Sherry Kissinger
//`'`*._.*`'`*-
[DYNPROPS]
instance of McAfee_Virus_Scan
{
  KeyName="McAfee Enterprise 8.5";
  [PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\McAfee\\AVEngine|EngineVersionMajor"), Dynamic, Provider("RegPropProv")] szEngineVer;
  [PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\McAfee\\AVEngine|EngineVersionMinor"), Dynamic, Provider("RegPropProv")] szEngineVerMinor;
  [PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\McAfee\\AVEngine|AVDatVersion"), Dynamic, Provider("RegPropProv")] szDatVersion;
  [PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\McAfee\\DesktopProtection|szProductVer"), Dynamic, Provider("RegPropProv")] szCurrentVersionNumber;
  [PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\McAfee\\AVEngine|AVDatDate"), Dynamic, Provider("RegPropProv")] szDatDate;
};
//  <:[-<>>>>>>>>>>>>>>>>END>>-Network Associates/McAfee Anti-Virus-<<END<<<<<<<<<<<<<<>-]:>
//  <:[-<>>>>>>>>>>>>>>Start>>-Network Associates/McAfee ePO Agent-<<Start<<<<<<<<<<<<<<>-]:>
//`'`*._.*`'`*-
//  McAfee ePO Agent Data Class
//`'`*._.*`'`*-
[DYNPROPS]
Class McAfee_ePO_Agent
{
  [key] string  KeyName="";
        string  szePOVersion;
        string  szePOName;
        string  szePOGUID;
        string  szePOInstallPath;
};
//`'`*._.*`'`*-
//  Instance of McAfee ePO 3x
//`'`*._.*`'`*-
[DYNPROPS]
instance of McAfee_ePO_Agent
{
  KeyName="McAfee ePO 3.x";
  [PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Network Associates\\ePolicy Orchestrator\\Agent|Installed Path"),Dynamic,Provider("RegPropProv")] szePOInstallPath;
  [PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Network Associates\\ePolicy Orchestrator\\Application Plugins\\EPOAGENT3000|Version"),Dynamic,Provider("RegPropProv")] szePOVersion;
  [PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Network Associates\\ePolicy Orchestrator\\Agent|ComputerName"),Dynamic,Provider("RegPropProv")] szePOName;
  [PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Network Associates\\ePolicy Orchestrator\\Agent|AgentGUID"),Dynamic,Provider("RegPropProv")] szePOGUID;
};
//  <:[-<>>>>>>>>>>>>>>>>END>>-Network Associates/McAfee ePO Agent-<<END<<<<<<<<<<<<<<>-]:>

MMS2008 - Thursday 1

Session:  Device Management on ConfigMgr.  It was interesting; but since we're 99.9% blackberries, and with SC Mobile Manager; I think if we're going to go with a management product, probably we'd go with Mobile Manager.  Although maybe (if time permits), deploy just the inventory piece, just so we know what's out there.

Session: SUS in ConfigMgr. 

Session: Case Studies Deep Dive.  Some good tips on log files to check, utilities to use (procmon) when troubleshooting an issue.  Pointed out a script for refreshingServerComplianceState if you happened to have accidentally deleted a record in the console--to get installed hotfixes reported correctly, you may need to deploy that to those clients.  A good walkthrough on what log files to hit when tracing a SW distrib. 

My favorite (because sms_def.mof/configuration.mof were mentioned, I'm such a geek): reporting stuff go in sms_def.mof, new classes go into configuration.mof.  I've actually seen that 2-3 times from people either in the forums or email to me; where they are trying a new mof snippet, and their Hardware Inventory Action disappears from the client's Agent listing.  That happens because technically the mof snippet added passes a mofcomp -check, so it is compiled successfully, but it confuses the client; so the client just gives up on HW Inv.

Another good one... when the firmware on the client computer isn't up-to-date, and the end user turns off their computer by holding in the power button for several seconds; the WOL magic packet "doesn't work".  The read-between-the-lines I got out of that was </sarcasm on> 'of course ConfigMgr is broken' </sarcasm off> :-) .  The fix was to update the bios firmware and/or change the BIOS setting of "when holding down the power button, go into suspend, not power off".    The presenter mentioned that other computers doing start/shutdown worked just fine in this company.  Apparently, the train-the-user how to click Start, Shutdown to politely shutdown their computer was not an option for this particular call. *shrug*  I'm guessing that the solution of 'problem is between the chair and the computer' wasn't a politically correct response.  :-)

Tonight: the closing party.  If I remember right it's "themed bars" (whatever that means), and Xbox Rock Band competitions.  Since the MyItforum booth had RockBand available for people to practice on for tonight... I'm hoping for a couple good "bands"!

MMS2008 - Wednesday 3

Session: Ask the Experts; and interesting solution by Rod K to a question; the question was sending out a wakeup, then a task (like anti-virus scan), then shutdown; but only shutdown those computers that had to be woken up.  Other than the obvious (1E / sccmexpert or other 3rd party tools to manage that), he mentioned scripting finding win32_computersystem.wakeuptype, and if value is 5, shutdown the computer after the virus scan is complete. (because 5 is wakeonlan, and 6 is the power button)

MMS2008 - Wednesday 2

Session: Console Extensions (right-click) for ConfigMgr

Greg pointed out Rick Houchin's existing toolset, as well as reminding everyone about KB932303.  Also http://www.myitforum.com/articles/42/view.asp?id=10801, for converting any existing right-click tools you may have for SMS2003 to ConfigMgr

Remember /sms:nodeinfo=1 for the old console?  Greg mentioned there are several switches for the new console that can assist you in scripting your own console extensions.  A few were sms:debugview, sms:verboseerrors, sms:namespaceview=1; there were 1 or 2 more, check out http://technet.microsoft.com/en-us/library/bb693533.aspx.

Some great powershell demos; Greg mentioned he'll blog the scripts he used for the demos, so I'll just wait for those.

MMS2008 - Wednesday 1

Keynote:  A few announcements (probably mostly known): ConfigMgr 07 SP1 in May, R2 (release candidate) in July.  An update to Desktop Optimization Pack in Q3 2008; as a subscription service anticipate updates every 6 months.

A demo of the R2 Out of Band Management Console to (for example) remotely look at bios and change settings.

A demo of in-development product, Asset Knowledge Service.  They announced that anyone can ask to join, so if anyone might be interested in participating--your company would need to be willing to forward data upstream to Microsoft (they didn't explain it like this, but I equated the process involved to be similar to that question you see when a driver doesn't load correctly, or a app crashes of "send this information to Microsoft yes/no").  If you might want to join, email knowledge@microsoft.com .

MMS 2008 - Tuesday 2

Session: Advances in SMS & ConfigMgr Client Health Management.  Very good presentation; I won't repeat it here because it was Paul Thompson, and it's all on his blog already, or he said he'll be posting the missing bits soon.  He also mentioned a 1e product, coming out this summer, Wakeup 5.5 which does have some client remediation.

A lab on DCM; then caught the last half of Wally Mead's ConfigMgr07 Part II.  The main point I got out of that (because he mentioned it several times) was to implement a Fallback Status Point (FSP); and (this is the part apparently forgotten by many), in their installation line make sure to reference what that FSP is, so during client installation, messages are sent to the FSP.  He also demo'd (accidentally, I believe--he forgot to set it up in his demo before starting), setting verbose log to 1 for HKLM\software\microsoft\sms\data discovery manager\ verboselogs; this enabled your ddm.log to show the computer name in the log; not just "computer successful" entry.

Session: Community.  Mention was made of a Codeplex based offline reader.  People were reminded of Connect, and a virtual usergroup "systemcenterusergroup.com" mentioned.

MyITForum party: as always, it was fun reconnecting with people.  Also lost of new people got buttons, so it was great to meet new people, both to MMS and to Myitforum.

MMS2008 - Tuesday 1

Keynote.  Dynamic Datacenter.  There was a demo of task sequencer & custom tasks for deploying servers & their roles (like AD, HyperV enabled).

A couple of announcements, Virtual Machine Manager 2008 Beta, which will watch/manage ESX/Vmware as wall as VMMs; and that it's all powershell scripts on the backend.  Also the Beta of Cross Platform Extensions for OpsMan available today.  They had DVDs to hand out; so I wasn't clear if the download is available today already or not.  These Cross Platforms extensions demo illustrated managing a unix system (troubleshooting and fixing) from within OpsMan, without having to shell out to your unix box.

MMS2008 - Monday 3

The expo!  I didn't arrive in the expo until about 20 minutes after the doors opened, so I was not witness to the "race for the button", but I heard it was impressive again; with some newer attendees not knowing why this collection of technical geeks are that excited about an expo, and some vendors (who weren't in attendance last year) confused--what in the world is that booth giving out!?

Swag: a very nice luggage tag from Myitforum, a couple of demo DVDs/CDs, a squishy Octopus, a shirt.  I didn't go swag-nuts, although I did see several people with their bags stuffed w/swag!  Signed up for a few of the contests; checked out some of the new vendors.  But mostly, it was about (for me) wandering around, trying to recognize faces from previous years, or literally looking at people's badges and recognizing them from their names/posting.

MMS2008 - Monday 2

SQL query tuning; with Brian Mason and John Nelson (number 2)

It was mostly demo; which was great.  Especially for newer SMS admins, where SQL is not your first technical expertise (even for supposed old timers, like me, where I just stumble along, and lean heavily on sql experts out there), the demo of Query Analyzer & using views was useful.

After that demo, which they were careful to point out took ~5 minutes, John pointed out several steps to take to optimize the query, like:

• Reduce the # of joins, if possible.  For example, the same information is often available in multiple views.
• If possible (sometimes it is not), if you are using a % or _ for a wildcard in "where something.whatever0 like .." statement, try not to put the % or _ at the front of the search phrase.  I.e., if you are looking for Adobe products, try to use Adobe%, not %Adobe%.
• Avoid Functions in the where clause, i.e.,  where something.whatever0 UPPER like ..."
• Return only the columns and rows you need (no select *)
• And my personal favorite, use indexed fields (or even create indexes -- with the assistance of your SQL DBA, because you'll lose them in an upgrade) for your where clauses.  The example was in v_gs_system, netbios_name0 is indexed, and name0 is not.  Use the indexed field for faster searching.

During the demo, highlighted a few SQL query building tips, like going to wangz.net, SQLFormatter.  After you've built your query (and tested it), use that free web tool to reformat your query into an easier to read syntax.  They also mentioned (and I've been guilty of this), when using aliases, like v_gs_system sys, I should really use v_gs_system as sys -- it's compliant to some kind of standard...

When in Query Analyzer, click "Ctrl+L" to see the "cost" of your query.  That way you can find any bottlenecks, like searching on %adobe%; if you switch it to adobe%, you'll shave off some execution time.

Ctrl + R, and Shoft + Alt + Enter to toggle some QA visual modes.

After optimizing the query (and switching to a database that had a non-indexed field indexed), the query which used to take 5 minutes to run, took less than 5 seconds!

They also shared their reasoning for deciding to use x64 OS, and x64 SQL 2005 SP2 for their ConfigMgr07 rollout; and why they'll not have SQL on a separate box.

MMS2008 Monday 1

Registered early; got the cool bag -- very nice, with a PowerShell book included and the empty bottle for water.

Noon lab with Wally Mead on WSUS w/ConfigMgr 2007.  I had played w/doing those tasks in my lab several times, but it's always good to have a lab w/Wally. You can always count on him to highlight the log files to watch (I'm a big log file watcher; although I do prefer trace32 (sorry Wally!))

First breakout I attended was the Docs team, where they highlighted some of there recent offerings:

• Superflow ; and shared that the next ones will be in Silverlight. (queue'd up: more Software Update ones, OSD (pxeboot), DCM, NAP, and navigating the Console itself.
• Feature Quizzes
• Local Help Hotfix
• VMM and OpsMan how-to videos
• Operations Manager "Jam" site (sorry, no link); will be a way to allow multiple resources to share custom content.
• Community Annotation on MSDN & Technet
• System Center Content Search gadget - they demo'd it; and it was very cool. [Edit: thanks Greg, so that's where it is!]

They also announced several off-conference sessions asking for more feedback, and opportunities to see some of the new stuff Tuesday and Wednesday.

MMS2008 - Sunday

I won't be blogging as often as I was last year -- I decided not to drag my laptop around w/me this year -- but I'm still going to post when I can.

 For Sunday, as just a regular attendee there was little to actually sign up for and do; just wandered around the conference center to familiarize myself with where CommNet was, and the Alumni lounge.

 Tried to meet up w/the Myitforum'ers at "La Scena Lounge"; unfortunately it was closed due to a Baccarat tournament.  Nevertheless met up with a person I've seen at MMS for several years, and we hung out and caught up for a while before decending on Zeffrino's to have a drink and wait for the 6:30 party.

 That party was great!  it was crowded because it was a smallish bar, but there were Microsoft people, smsexpert people, veterans of MMS and several first timers.  It was really nice.

Inventory WindowsFirewall policy

Ken Lutz forwarded me this mof edit that he's using; it reads and reports on a registry key:

 //  <:[-<>>>>>>>>>>>>>>>>>>>>>>>>>>>-Windows Firewall-<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>-]:>
//  Contributed by Ken Lutz
//  If ConfigMgr, this section goes in configuration.mof
#pragma namespace( "\\\\.\\root\\cimv2" )
#pragma deleteclass("Win32_WindowsFirewallStatus", NOFAIL)
 
[
  dynamic,
  provider("RegProv"),
  ClassContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall")
]

class Win32_WindowsFirewallStatus
{
  [key]
  string Component = "Windows Firewall Status";
  [PropertyContext("EnableFirewall")]
  uint32 Enabled;
};
 
// if ConfigMgr, this section goes in sms_def.mof

#pragma namespace( "\\\\.\\root\\cimv2\\sms" )
#pragma deleteclass("Win32_WindowsFirewallStatus", NOFAIL)
 
[
  SMS_Report(TRUE),
  SMS_Group_Name( "Windows Firewall Status" ),
  SMS_Class_ID( "MICROSOFT|WindowsFirewallStatus|1.0" )
]
 
class Win32_WindowsFirewallStatus : SMS_Class_Template
{
  [ SMS_Report( TRUE ), key ]  string Component;
  [ SMS_Report( TRUE )]        uint32 Enabled;
};
//  <:[-<>>>>>>>>>>>>>>>>>>>>>>>>END>>-Windows Firewall-<<END<<<<<<<<<<<<<<<<<<<<<<<<<>-]:>

Enabling Inventory for Environment Variables - SMS2003/ConfigMgr

I often receive queries about extending the MOF to pull in regkeys.  Occasionally, those regkeys happen to be located in HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment

Instead of creating a custom mof edit to pull in a value contained in that regkey; most Environment variables are also stored in WMI, in win32_environment; and the default sms_def.mof does have an existing segment to pull in those values.  By default, that segment is set as FALSE .  To enable inventorying of Environment variables:

• For paranoia, backup \inboxes\clifiles.src\hinv\sms_def.mof
• Using a log file viewer, (like trace32.exe from the sms toolkit), open up sms\logs\dataldr.log
• edit sms_def.mof using notepad
• Search for "Environment" and change that section from having FALSE to be TRUE for at least the following.  They can all be TRUE; but (at least for me) those additional values were not useful for the queries and reports I needed.

[ SMS_Report     (TRUE),
  SMS_Group_Name ("Environment"),
  SMS_Class_ID   ("MICROSOFT|ENVIRONMENT|1.0") ]

class Win32_Environment : SMS_Class_Template
{
    [SMS_Report (FALSE)     ] 
        string     Caption;
    [SMS_Report (FALSE)     ] 
        string     Description;
    [SMS_Report (FALSE)     ] 
        datetime   InstallDate;
    [SMS_Report (TRUE), key] 
        string     Name;
    [SMS_Report (FALSE)     ] 
        string     Status;
    [SMS_Report (TRUE)     ] 
        boolean    SystemVariable;
    [SMS_Report (TRUE), key] 
        string     UserName;
    [SMS_Report (TRUE)     ] 
        string     VariableValue;
};

• Save sms_def.mof, monitor dataldr.log for any errors.  It is highly unlikely that there will be any--this is just a policy change from FALSE to TRUE, but I'm trying to teach you good habits!

You have now triggered a Hardware Inventory Policy change.  You now simply need to wait--you are waiting for this policy to be compiled and forwarded to your Management Points, and then you are waiting for your clients to pick up this policy change, and then for the clients to run a Hardware Inventory action, using the new policy, and forward the new information to SMS or ConfigMgr.  How long those actions take depends upon your SMS/ConfigMgr environment. 

If you are impatient, you can spot-check a test client by:

• Wait a few minutes for the policy change to be complied and forwarded to your Management Points
• At a client, perform a "Machine Policy Retrieval and Evaluation Cycle" Action; wait ~2 minutes for retrieval to complete.
• At a client, perform a "Machine Policy Retrieval and Evaluation Cycle" Action; wait ~2 minutes for evaluation of the just-received new policies.
• At a client, perform a "Hardware Inventory" action.
• Monitor the client log file windir\system32\ccm\logs\inventoryagent.log; you will be looking for something like "Select Name, SystemVariable, UserName, VariableValue from win32_environment" to be requested.  If you do not see that line; either your editing of the SMS_DEF.MOF was rejected and the one containing "FALSE" for that class was replaced from backup automatically, or you need to do another "Machine Policy Retrieval and Evaluation Cycle"; and another "Hardware Inventory" action.

Once clients begin reporting on this new class, you will be able to create queries, collection queries, or reports on Environment variables.

Internet Explorer, Right-click 'Convert to Adobe PDF' Fails - Adobe Acrobat 8.1.1

Product: Adobe Acrobat Pro 8.1.1

Symptoms: In Internet Explorer, with Adobe PDF integration enabled, right-click on a web page and choosing "Convert to Adobe PDF" does nothing.

Cause:  Actually, not 100% sure on what the cause really is, but in testing of machines exhibiting this problem, it seemed to be centered around "Adobe PDF Content Menu Helper", which is an ActiveX control with AcroIEFavClient.dll. On some machines, the option was missing completely, and would not appear until the fix was done. On others, the option was there; but the fix below had to be done in order for the ActiveX control to be successfully registered.

Fixing: I tried various combinations, repairing Adobe, reboots in between, etc. These steps, in this specific order, fixed the problem in the shortest amount of time.

1. Close all open applications
2. Launch Add or Remove Programs, Adobe Acrobat 8.1.1 Professional, Change, Next, Modify. Under the choices presented, select +Create Adobe PDF, + Acrobat PDFMaker. For the feature "Microsoft Internet Explorer", modify the selection from "This will be installed on local hard drive." to "This feature will not be available". Next, Update. Click Finish when done.
3. Right-click on the computer desktop, properties. Settings tab. Change "Color Quality" from "Highest (32 bit)" to "Medium (16 bit)". Click OK. Confirm you can still see the display by clicking Yes at the prompt.
4. Add or Remove Programs, Adobe Acrobat 8.1.1 Professional, Change, Next, Modify. Under the choices presented, select +Create Adobe PDF, + Acrobat PDFMaker. For the feature "Microsoft Internet Explorer", modify the selection from "This feature will not be available." To "This will be installed on local hard drive." Next, Update. Click Finish when done.
5. Launch Internet Explorer and confirm you can right-click "Convert to Adobe PDF".
6. If it does not work at first (it’s about 50/50 success while I was testing this fix), go to Tools, Internet Options, Programs Tab, Manage Addons… Highlight "Adobe PDF Content Menu Helper". At the bottom, "Disable" this addon; confirm, OK, OK. Exit Internet Explorer. Go back into IE, the same location, and "Enable" this addon; Ok. Ok. Test again (should work now).
7. Optional: Now that it’s working, you can go back and change Color Quality back to ‘Highest (32 bit)’. In my testing, that did work; but I noticed online for others which had to use the 16-bit to fix the issue; if they went back to 32-bit, after some undeterminite time the right-click Convert to Adobe PDF stopped working, and they had to run through the fix again. I suspect if this control has to be re-registered, when you are running at 32-bit Color Quality the re-registration fails. You may want to ask the person if they notice any different in color / video from 32bit to 16bit. You may decide to leave the setting at 16bit to avoid possible future problems.

Ok, now for the minor rant… I’m by no stretch of the imagination a programmer, so perhaps some activex / IE plugin programmer out there can tell me… why would my Color Quality set at 32bit prevent a plugin from registering?  I’m sure there’s a sound, valid technical reason—but I just don’t get it.

By the way.. yes, I know Adobe Acrobat 8.1.2 update was released a few weeks ago.  I haven’t tested it to see if it fixes this specific issue yet.

Finding computers with 'AutoAdminLogon' configured

Below is a mof edit and a suggested report to assist in finding computers which are configured to login automatically.  By design, your imaging process may leverage AutoAdminLogon.  In that case, AutoLogonCount will have a value--I would guess generally 2 or 3 would be your highest count reported.  If AutoLogonCount is in the hundreds or thousands or AutoLogonCount is blank that may point you to a security risk in your environment.

//`'`*._.*`'`*-
//  Reporting Class - for ConfigMgr, put this section in sms_def.mof
//`'`*._.*`'`*-
 
 #pragma namespace("\\\\.\\root\\cimv2\\SMS")
 
 [SMS_Report(TRUE), SMS_Group_Name("AutoAdminLogon"),SMS_Class_ID("SMSExpert|AutoAdminLogon|1.0")]
 class AutoAdminLogon : SMS_Class_Template
{
 [SMS_Report(TRUE),key] string KeyName;
 [SMS_Report(TRUE)]     string DefaultDomainName;
 [SMS_Report(TRUE)] string DefaultUserName;
 [SMS_Report(TRUE)] string DefaultPassword;
 [SMS_Report(TRUE)] string AutoAdminLogon;
 [SMS_Report(TRUE)]     uint32 AutoLogonCount;
};

//`'`*._.*`'`*-
//  Data Class - for ConfigMgr, put this section in configuration.mof
//`'`*._.*`'`*-

#pragma namespace("\\\\.\\root\\cimv2")
 [DYNPROPS]
 class AutoAdminLogon
{
 [key] string  Keyname="";
       string  DefaultDomainName;
       string  DefaultUserName;
       string  DefaultPassword;
       string  AutoAdminLogon;
       uint32  AutoLogonCount;
};

[DYNPROPS]
instance of AutoAdminLogon
{
KeyName = "AutoAdminLogon";
[PropertyContext("local|HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon|DefaultDomainName"),
Dynamic,Provider("RegPropProv")] DefaultDomainName;
[PropertyContext("local|HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon|DefaultUserName"),
Dynamic,Provider("RegPropProv")] DefaultUserName;
[PropertyContext("local|HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon|DefaultPassword"),
Dynamic,Provider("RegPropProv")] DefaultPassword;
[PropertyContext("local|HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon|AutoAdminLogon"),
Dynamic,Provider("RegPropProv")] AutoAdminLogon;
[PropertyContext("local|HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon|AutoLogonCount"),
Dynamic,Provider("RegPropProv")] AutoLogonCount;
};

A report to get you started: 

select sys.name0, aal.AutoAdminLogon0 [Auto Logon Enabled], aal.AutoLogonCount0 [Number of Auto Logons Remaining (BDD/MD)], aal.DefaultDomainName0 [Domain Name], aal.DefaultPassword0 [Default Password], aal.DefaultUserName0 [Default UserName]
from v_gs_AutoAdminLogon0 aal join v_r_system sys on sys.resourceid=aal.resourceid
where aal.AutoAdminLogon0 = 1

Outlook Cached Mode via Hardware Inventory

We're in the midst of a project to get all users into Outlook Cached mode.  We're using two methods to confirm this process, one is to look for a specific Group Policy being applied successfully (http://www.myitforum.com/articles/8/view.asp?id=11254) and checking the value of HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\UserNameHere\13dbb0c8aa05101a9bb000aa002fc45a\00036601, which, according to http://www.howto-outlook.com/howto/cachedmoderegkey.htm, contains information about cached or not cached.

Attached are 2 files, one is a vbscript you would run on a recurring basis, only when a user is logged in, with user rights, to read the contents of that registry key for the user and transfer the information to the HKLM part of the registry which SMS Hardware Inventory can pick up.  The other file is the mof edit you would add to sms_def.mof and/or mini.mof/configuration.mof (depending upon your version of SMS/ConfigMgr and whether or not you use a mini)

A couple of caveats to be aware of.  In the howto-outlook.com article, they mention that the enabled value is  84 01 00 00.  That is the HEX value of the registry key.  SMS reports on the Decimal value of the registry key, so in Resource Explorer you will see 132,1,0,0    If you happen to come across some great article explaining all of the possible values for this key, and what they mean, please remember to change hex to dec values (Run Calculator, view Scientific, if you've never done hex to dec conversions before).

Caveat #2:  Although in my environment the majority of computers reporting back show either 132,1,0,0 (Cached mode on) or 4,0,0,0 (not cached), there are a total of 19 different values reported back.  Read the howto-outlook.com article for the reasons why.

Other notes: the script pulls back 4 pieces of information:  The value of the registry key, the name of the default Outlook Profile from which that value was taken, the currently logged in username, and the time the script ran to gather that information.

PS: If you DO happen to know what all of the values of that key mean, please share!

Configuring SystemCenterTools.com's Enhanced User Discovery 1.1

Last summer, I had to rebuild our central primary site after hardware failure.  At the time, I took detailed notes of how I setup http://www.systemcentertools.com 's EUD, or Enhanced User Discovery 1.1, for SMS 2003.  I recently came across my notes and thought "This would be a good blog entry." 

After installation on your primary site server, you need to edit 1 file to configure.  There is another file to edit if you wish to pull in more AD Attributes than those in the default settings file.

File #1:   \program files\Enhanced AD user Discovery v1.1\Enhanced AD User Discovery.exe.config
Line 6:  change value="SMSDomain" to be your (shortname) domain.  I assume it might be something like   MYCOMPANY  (not mycompany.com)
Line 11: change value="" to be your fqn domain name.  Like   mycompany.com
Line 15: change value="SMSSERVER"  to be the name of your smsserver.
Line 19: change value="RC2" to be the site code of your smsserver.
Line 22: change value="c:\sms\inboxes\ddm.box\" to be the correct location for that folder on that sms server.  For me, we install sms to the E: drive, so I had to change it.
Line 27: (optional) change value="c:\enhancedaduserdisc.log" to   <yourdriveletter>:\sms\logs\enhaduserdisc.log.
 
(I called that optional simply because I like all my sms logs in the sms\logs folder, not on the root of c:
 
File #2 \program files\Enhanced AD user Discovery v1.1\aduserattribs.xml.  This next file you can leave alone forever; but if you want to pull in more ad attributes, you'd add them to aduserattribs.xml.  For me, I added 2 additional attributes.  I wouldn't mess with that file until you've confirmed success for the defaults attributes.

  <ADAttrib>
  <ADAttribName>telephoneNumber</ADAttribName>
  <DDRPropertyName>Telephone</DDRPropertyName>
  <DDRPropertyLength>128</DDRPropertyLength>
 </ADAttrib>
  <ADAttrib>
  <ADAttribName>ipPhone</ADAttribName>
  <DDRPropertyName>IPPhone</DDRPropertyName>
  <DDRPropertyLength>64</DDRPropertyLength>
 </ADAttrib>
 
The reason I added them was because at my company we have a VOIP phone system, and I wanted that attribute available for SMS reports for the helpdesk and techs.

How to test:
 
Double-click the executable (assuming your logged-in account has the credentials to read user objects in AD)
Open up the log file (for me, that was e:\sms\logs\enhaduserdisc.log) using trace32.exe
You'll either see if fail almost immediately if a configuration is incorrect; or, you'll see it start enumerating all of your user accounts out of AD.  For me, it only takes ~3 minutes to finish gathering data.  Then it has to send the DDRs into the ddm.box folder, and your SMS server has to pull in the information.  Depending upon your server, and the number of user objects in AD for you, I can't estimate how long that might take; but give it at least 5-10 minutes.  Then in the SMS console, the All Users collection, pick a user (like yourself) that will most likely have entries for email, department, title, description, first name, last name (which are the default attributes pulled in); right-click that user, and scroll through the list of things--you should hopefully see the new attributes (with data) listed!

How to automate so it pulls in any new or changed user information:
I set up a scheduled task on my primary site server to run that executable at 3 a.m. daily, using a service account.  On whatever schedule you normally use when checking on overall SMS Health, check the enhaduserdisc.log to confirm it is working as expected.

Notes: at this time, EUD 1.1 is not needed if you are running ConfigMgr 07; you can pull in additional Active Directory user attributes by modifying the existing Discovery Method for "Active Directory User Discovery", the Active Directory Attributes tab.

SMS/BDD Engineer Needed - Milwaukee, WI

Posted in the job board 

Our imaging expert got lured away by Dell.  And who could blame him?  It was an excellent opportunity and career move for him.  So we're looking for a new team member.

Adobe FlashPlayer 9.0.115 cab updated for ITCU

If you use the Custom Updates Publishing Wizard (ITCU) to deploy Adobe Flash Player, they've released the catalogue update.  So if you haven't created your own rules; or used the one I posted previously as a starting point, you can go to your server, Custom Updates Publishing Tool, and download the updated detail for publishing to SMS.

 It might be because I had previously made up my own rules... but for me the Article ID is still APSB07-12; but it now has the info for 9.0.115 inside.  When the Aritlcle ID (according to Adobe) I thought was supposed to be APSB07-20 for 9.0.115.  Well... it's just a label.  I know it doesn't really mean anything.  But in case it isn't me; and that's the way they sent it out; just so you're aware of that anomoly.

GPO Tools - RCrumbaker's Web Remote Console

This was originally written to assist the local techs in gathering GPO log files several months ago when there appeared to be GPO issues in our environment.  Thankfully, that particular issue ended up not being GPO related--but the legacy of that is a tool set to share!  There are 3 elements to this on-the-side-htm page; toggling verbose logging on/off (which of course is optional), invoking a GPUpdate /force remotely (and monitor EventVwr to confirm it's done), then (optionally) opening up the log files from the target machine to look for any errors/problems.

3 Steps to implement:

1. Place the attached "GPOTools.htm" into the same folder where machrest.asp resides.
2. Edit MachRest.asp, near all of the other button definitions (near the top) add
   <input style="WIDTH: 180px" type="button" value="GPO Tools" name="Btnl724">
3. In Machrest.asp, near the bottom, after all of the other Sub/End Sub routines, just before </script> add
   Sub Btnl724_OnClick
    parent.frames.output.location.href "/SMSRemote/GPOTools.htm"
   End Sub

I strongly suggest you copy your existing machrest.asp somewhere safe; so you can roll-back to a working version if necessary.

Group Policy History via SMS Inventory

Due to some interest on the SMS list, attached is a vbscript (rename the .txt to .vbs), and a .jpg of how it looks in Resource Explorer on 1 test lab client. 

I only tested it on 1 XP client in the lab; and I used fake User GPOs 'cause I was too lazy to create real User GPOs.  So please test the results from the HKCU area really thoroughly.  Please test, test, test.  If there's something missing you want added, let me know.  I had it all done and tested and then I thought "how about a column with the machine name for the machine ones, and the username of the current user for the HKCU user ones?"  I thought of another column--the date the script ran so you know how dated the info might be.

Adobe FlashPlayer 9.0.115 via ITCU

This is Part 3 of 3 

A bit of background, see http://www.myitforum.com/articles/6/view.asp?id=11240 and http://www.myitforum.com/articles/6/view.asp?id=11243

Essentially, because ITCU worked so well with deploying 9.0.47, I really wanted to continue to use ITCU for 9.0.115; but I ran into some snags, one of which was that Adobe hasn't updated their .CAB for ITCU to support 9.0.115--so I wrote my own rules (attached, extract the .cab from the .zip).  If you've tested the .MSI deployment independently of ITCU and it is acceptable, here's how to import this ruleset into your ITCU; and some post-publishing of the rules steps.

Assumptions:

- You've already configured ITCU, and tested it, for Flash Player 9.0.47.0 (that's a big assumption, I know)
- You've already tested the 9.0.115 MSI, and it works exactly as you expect it to work. (possibly with a .MST and cab files, for example, following part 2 of 3)
- You do NOT have an Article ID of APSB07-020 in Adobe Systems, Inc., Adobe Flash Player 9 Section.

Assuming the above is true, this will outline the steps for importing (and customizing) the Rules to 'publish' to SMS 2003, running through the Distribute Software Updates Wizard (DSUW), and post-creation, adding files to the source, and updating distrib points.

1. Importing/Customizing the ITCU Rules

Download the attached file.

Launch “Custom Updates Publishing Wizard”.
Click “Import Update(s)”
Click “Single Catalog Import”
Browse to the downloaded .cab file, click Open, Next, next; Accept any Catalog validation, Close.

Go to +Adobe Systems, Inc. then Adobe Flash Player 9.
You will now have an Article ID of “APS07-20”
You *will* need to edit this before publishing.  Right-click and Edit.
Click Next until you get to the “Select Package” section.  You will need to change the “Download URL (or UNC)” to be a valid location on your network or server which contains the 9.0.115 MSI you’ve downloaded/customized from the licensing page at Adobe.
Click Finish.

You can now Set the publish flag for this update, and publish it (just like you did for 9.0.47.0). 

2. Creating a new DSUW Package for this 1 update.

In your SMS Console, launch 'Distribute Software Updates'
Select an update type: (pick the Custom Update choice)
New
Package Name example:  FlashPlayer
Next
Input the Organization name, rtf if you use one.
Next, Next
Choose the 9.0.115 update, Next.
Modify the Package Source Directory to match your normal Source Folder, if necessary,
Next (it will download the .msi from the folder\share you defined in step 1)
Next
Do not add DPs at this point, Next, OK
Configure Installation Agent Settings: each company is different, choose the options your company uses.
Next.  Again; each company is different, choose the options your company uses.  Next.  Choose the options your company uses.  Next.  If you've already defined a Test Collection, choose to Advertise; and browse to the collection.  Otherwise, Next. Finish.

Base package is now created!  But it's nowhere near ready...

3.  Customizing the Package source to use the .mst & .cab

The 'download' of the .MSI only downloaded the .msi, not the .CAB, nor the .MST (assuming you followed step 2 of 3 to create a transform).  Copy the .cab and the .mst from where you have them, to the location specified as the source for this new Package, into the {characters} folder, the same place the .MSI is.

In Package Properties, Program, go to properties.  Since during my testing I noticed IE needed to be closed, I went to the Environment tab, and changed it to "Only when no user is logged in".  I also went to the Advanced tab, and picked "run another program first", and chose the Package/Program of the Custom Updates Tool (the scanner), Run this other program every time, and for this... Suppress program notifications.

Add Distribution Points to this package.

If you haven't created an Advertisement yet; do so.  I strongly suggest a test collection with 1 or 2 test computers as members!

Test, test, test!

The zip containing the cab: http://myitforum.com/cs2/blogs/skissinger/Flash115CabforITCU.zip

Adobe FlashPlayer 9.0.115 MSI Customize via Transform

This is Part 2 of 3 

Part 1 of 3: see http://www.myitforum.com/articles/6/view.asp?id=11240

In production, we had deployed version 9.0.47 via ITCU.  During testing, we noticed that although 9.0.115 was installed and in use, the 9.0.47 version was still listed in Add or Remove Programs.  That was a relatively easy fix.  This one you could do without having Wise or Installshield to create a transform--you could use ORCA to edit the MSI.  What I did was obtain the UpgradeCode from 9.0.47 (we record that as part of our packaging process--so that was easy to find for me), and go to Direct Editor, Upgrade Table, and added a line with these values:
UpgradeCode = {42463807-970B-4257-BC95-5C348D61DF1C}
VersionMin = 9.0.47.0
Versionmax = 9.0.115.0
Attributes = 769
ActionProperty = ISACTIONPROP1

Assuming you have Wise or Installshield, and already know all about Transforms, create a Transform/.MST for this .MSI. 

1. We suppress AutoUpdates for Flashplayer, if you do so as well, create an mms.cfg file in Notepad with 1 line in it:  AutoUpdateDisable=1  In notepad, "Save As" to %windir%\system32\macromed\Flash with a name of mms.cfg, AND (this is the important bit) Encoding of "UTF-8", not ANSI, the default.  In your Transform, add this file to system32\macromed\flash. (if prompted, pick to save files in a .CAB)
2. Download "uninstall_flash_Player.exe" from Adobe, doc 14157.  In your Transform, add this file to system32\macromed\flash. (if prompted, pick to save files in a .cab)
3. (These instructions presume Installshield, since that's what I have).  These 2 custom actions are to support truly uninstalling FlashPlayer 9.0.115 during an msiexec.exe /x action, and to allow for a rollback to a previous version (like 9.0.47) if required by the end user.  Go to Custom Actions. We'll be creating two custom vbscript actions.  New VBScript, stored in custom action.  
1. Name:  CopyUninstaller
   
   Contents of the script:
   
    strFolderName = Session.Property("INSTALLDIR")
    Set fso = CreateObject("Scripting.FileSystemObject")
    set sho = CreateObject("Wscript.Shell")
    fso.copyfile strFolderName & "\uninstall_flash_player.exe",strFolderName & "\unFP115.exe"
   
2. Name:  UninstFLEXE
   
   Contents of the script:
   
   strFolderName = Session.Property("INSTALLDIR")
    Set fso = CreateObject("Scripting.FileSystemObject")
    set sho = CreateObject("Wscript.Shell")
    sho.run strFolderName & "\unFP115.exe /s",0,vbtrue
    Set f1 = fso.GetFile(strFolderName & "\unFP115.exe")
    Sho.regdelete "HKLM\Software\Macromedia\FlashPlayer\SafeVersions\9.0"
    f1.Delete True
   
4. Then, in Sequences, Installation Execute area, input the custom actions; both with Conditions of   REMOVE="ALL"
1. Put 'CopyUninstaller' between "AllocateRegistrySpace" and "ProcessComponents"
   Put 'UninstFLEXE' after 'ISSelfRegisterFinalize' (yes, the very, very last thing, even after InstallFinalize)
   
   Save your Transform, if prompted, additional files should be in a CAB.
   
5. TEST this thoroughly.  The installation source is the .MSI the .MST, and the .CAB file.  The command line would be something like this (all on 1 line):
   
   msiexec.exe /i install_flash_player_active_x.msi TRANSFORMS=install_flash_player_active_x.mst /qn
   
   One thing I noticed was if IE was open, it wouldn't successfully upgrade/install.  For that reason, I set the Package/program to only run when no user was logged in (more in Part 3 of 3, using ITCU to deploy FlashPlayer 9.0.115 tomorrow).

Standard disclaimers... your mileage may vary... test this yourself... this is just what I did... no promises... don't blame me...

Teasers:

Part 1 of 3: How to really uninstall Adobe FlashPlayer 9.0.115, the redistributable MSI (yesterday)
Part 2 of 3: Customizing the .MSI so it'll really uninstall (this entry)
Part 3 of 3: If you use ITCU, delivering your customized Flash Player.msi + .mst via ITCU. (tomorrow)

Adobe FlashPlayer 9.0.115 via MSI doesn't really uninstall

A bit of background: In production, whenever we deploy an application, we always have to know what the rollback plan will be, in case we need it.  We've been burned too many times by "it's just a minor update" to take nothing for granted anymore. 

After downloading the .MSI version of 9.0.115.0 (Go to http://www.adobe.com/licensing to Apply for a license--it's the same place you go to signup/get the .CAB file for use with SMS' ITCU)  In testing the uninstall of 9.0.115, I found that although the entry would be removed from Add or Remove Programs, the registry keys, files, and more importantly, IE would still be using version 9.0.115.  And attempts to install 9.0.47 (there may have been multiple intermediate releases, but 9.0.47 was the one we deployed last) failed.  I also noticed that 9.0.115 wouldn't upgrade from 9.0.47--both were still listed in Add/Remove Programs; although only 9.0.115 was in use.

In research, I found two things were required to really do what I expected an MSI installation/uninstallation do to:

• when uninstalling from Add or Remove Programs, actually uninstall 9.0.115
• allow for an older version to be installed after 9.0.115 has been uninstalled 

To really uninstall it, you had to either use multiple SUBINACL to fix permissions on multiple regkeys and files, or just use the Adobe provided "uninstall_flash_player.exe", (Google for that name, or it's Adobe doc 14157).  To allow for an older version to be installed, you had to delete this regkey: HKLM\Software\Macromedia\FlashPlayer\SafeVersions\9.0

If you've already deployed the .MSI, just keep the above in mind for the next release--if you find it won't upgrade/uninstall 9.0.115, you may need to script a solution.  If you haven't yet deployed 9.0.115, AND you know all about transforms, stay tuned.  I'll blog 'what I did' to the Transform to make the MSI upgrade from 9.0.47, really uninstall flash, and clear that regkey.  (It's not pretty, I'm sure a real packager would do it better/correctly, but it works.)

Teasers:

Part 1 of 3: How to really uninstall Adobe FlashPlayer 9.0.115, the redistributable MSI (this entry)
Part 2 of 3: Customizing the .MSI so it'll really uninstall (tomorrow)
Part 3 of 3: If you use ITCU, delivering your customized Flash Player.msi + .mst via ITCU. (next day)

Save To WordPerfect from Word 2003

I happen to work for a company where the users occasionally need to save from Microsoft Word 2003 to a WordPerfect format.  About a year ago, a co-worker and I went through this exercise to ensure that this capability was available.  For some unknown reason, the method we had employed no longer worked.  The new solution is a two-part solution, below.

1. By default, the .cnv (convert files) deployed with a standard installation of Word allow for conversion of WordPerfect files into Word format, but not the other way around.  This was done for security reasons.  However, if you need to have the ability to save to WordPerfect, you will need to replace two files: WPFT532.cnv and WPFT632.cnv.  These files reside in %program files%\Common Files\Microsoft Shared\TextConv.  You can obtain these files from an older version of Word.
2. In searching the internet, theoretically replacing these files is all that is necessary to restore the Save to WordPerfect.  For some as-yet-undetermined reason, that was not the case in our environment.  To restore that capability, the attached Registry key import was needed.

So if you run into the same issue:  Word 2003, and need to Save to WordPerfect format; those are the two steps that worked for us.  Since it took us several hours to find this combination--just sharing with the world!

MMS2008: Registered!

Approval obtained, registration completed!  And, an extra added bonus, a co-worker gets to come this year as well.  It's been a few years since I've had a coworker along.  I look forward to the conference every year; there is always so many new things to see and learn.