SP1 for Windows 7 and Server 2008 R2

24/02/201103/03/2014 / thomasgud / Leave a comment

I am sure many of you deployment guys out there have waited for the Windows 7 and Server 2008 R2 service pack. It is finally here. This raises two good questions.

Should we deploy it to our workstations and servers?
How should we deploy it?

When it comes to “should we install sp1” question, it leave it up to you guys to test and evaluate. But on the client side, the biggest reasons to install are:

Additional support for communication with third-party federation services
Improved HDMI audio device performance
Corrected behavior when printing mixed-orientation XPS documents

On the server side, some of the improvements include:

Dynamic Memory
Microsoft RemoteFX
Enhancements to scalability and high availability when using DirectAccess
Support for Managed Service Accounts (MSAs) in secure branch office scenarios
Support for increased volume of authentication traffic on domain controllers connected to high-latency networks
Enhancements to Failover Clustering with Storage

How to deploy?

First off all, personal computers should get their SP1 from Windows Update. That is an easy and safe solution.

For those of you that work with enterprise solution, we have several options.
If you have Configuration Manager 2007, you can either deploy the service pack as an application, or use the WSUS integration to deploy it as an update.

I still recommend capturing a new reference image, using Windows 7 with integrated SP1. Remember that a service pack is a cumulative update of most of the hotfixes and updates that have been released to Windows 7 and Server 2008 R2 thus far (ca. 800 in total!!). A new image with SP1 integrated will speed up deployment, because fewer updates have to be downloaded from Microsoft Update/WSUS. The Windows 7 image with SP1 integrated is available from the Microsoft Volume License Service Senter, or from Technet subscriptions, if you have the appropriate license agreements/subscription.

Configuration Manager 2012

19/02/201110/03/2011 / thomasgud / Leave a comment

In the coming weeks, I will write a series on the features of System Center Configuration Manager 2012 (formerly known as v.Next). I have been part of the Configuration Manager 2012 Community Evaluation Program (CEP), which is a forum where Microsoft showcases ConfigMgr 2012 using webcasts, discussions and labs.

So far, there has been nine CEP meetings on various topics, including:

Application management
Hierarchy siplification
Role based administration
OS deployment
Compliance and setting
Software update management
Mobile device management

I look forward to sharing some of these features with you, as they change the way we use SCCM for the better. Please comment if you have any questions, and I wil do my best to answer them. I will attend the MMS 2011 in Vegas, and get the latest on Systems management there. Check back soon for the first article.

Bitlocker and SCCM

19/02/201119/02/2011 / thomasgud / Leave a comment

Would you like to use SCCM to find out if your machines are using BitLocker or not? Not suprisingly harware inventory can help us with that. You have to configure the Managed Object Format (mof) files, but this is not as hard as it may sound. The files themselves are located in the \inboxes\clifiles.src\hinv directory.

These are the changes needed for the sms_def.mof:
[ SMS_Report (TRUE),
SMS_Group_Name (“Bitlocker”),
SMS_Class_ID (“MICROSOFT|Bitlocker|1.0”)]

class Bitlocker : SMS_Class_Template
{
[SMS_Report(TRUE), key]
string          DeviceID;
[SMS_Report(TRUE)]
string          DriveLetter;
[SMS_Report(TRUE)]
uint32          ProtectionStatus;
};

and here are the changes needed for the configuration.mof file:

#pragma namespace(“\\\\.\\root\\cimv2”)

[Union,ViewSources{“select * from Win32_EncryptableVolume”},ViewSpaces{“\\\\.\\root\\cimv2\\security\\MicrosoftVolumeEncryption”},
Dynamic,Provider(“MS_VIEW_INSTANCE_PROVIDER”)]
class Bitlocker
{
    [PropertySources{“DeviceID”},key]
    string          DeviceID;
    [PropertySources{“DriveLetter”}]
    string          DriveLetter;
    [PropertySources{“ProtectionStatus”}]
    uint32          ProtectionStatus;
};

Let this settings simmer for a while, and the create a collection or query with the following WSQL:

select sys.Name0, BL.DriveLetter0, BL.ProtectionStatus0 from v_GS_BitLocker BL Join v_r_system sys on sys.ResourceID = BL.ResourceID

The information in this blog entry is taken partly from J.C. Hornbecks support team blog , and in part from the TechNet library

Free antivirus from Microsoft

09/02/201112/04/2011 / thomasgud / Leave a comment

Did you know that Microsoft offers free antivirus? Check out Security Essentials from Microsoft. This 9,5 MB download will keep you computer safe – for free. As long as you have a genuine copy of Windows XP, Vista or Windows 7.

A new hotfix for USMT 4.0 was released Feb 2nd to support migrating Office 2010 settings

02/02/2011 / thomasgud / Leave a comment

A new hotfix for USMT 4.0 was released today to support migrating Office 2010 settings. (It includes other fixes too.) You may want to download this and integrate it
into your deployment processes. The full instructions for doing this
(including what needs to be done with MDT and ConfigMgr) are included in the
KB: http://support.microsoft.com/kb/2023591

Disclaimer: This info is copied from Michael Nihaus’ blog.

CLOUDWALKER

My notes from the field

Month: February 2011