Month: July 2016

This is how you would remove any version of the Google Toolbar. See notes on how to deal with surveys.

64 bit
CD /d “C:\Program Files (x86)\Google\Google Toolbar\Component”
for /r %%f IN (GoogleToolbarManager_*.exe) DO (
START /WAIT “” “%%f” /uninstall
)

32 bit
CD /d “C:\Program Files\Google\Google Toolbar\Component”
for /r %%f IN (GoogleToolbarManager_*.exe) DO (
START /WAIT “” “%%f” /uninstall
)

 

Notes

If you would like to suppress the survey (or just kill it), it is recommended you add a browser detection routine before the removal begins. That way…you can just close all browsers at the end of the removal process.

For example, these coded segments would detect a user’s open browsers, wait for them to close—via a splash screen—then uninstall all Google Toolbars, and close all browsers (including the survey that comes up).

REM DETECT OPEN BROWSERS
start /min /b /low /wait %windir%\system32\TASKLIST.exe /FI “IMAGENAME eq iexplore.exe” | %windir%\system32\find.exe /i “iexplore.exe” && “%CD%\splash_ie.hta”

start /min /b /low /wait %windir%\system32\TASKLIST.exe /FI “IMAGENAME eq chrome.exe” | %windir%\system32\find.exe /i “chrome.exe” && “%CD%\splash_chrome.hta”

start /min /b /low /wait %windir%\system32\TASKLIST.exe /FI “IMAGENAME eq firefox.exe” | %windir%\system32\find.exe /i “firefox.exe” && “%CD%\splash_firefox.hta”

REM UNINSTALL TOOLBARS
REM FIND INSTALLED COMPONENT
CD /d “C:\Program Files (x86)\Google\Google Toolbar\Component”
for /r %%f IN (GoogleToolbarManager_*.exe) DO (
REM WAIT FOR IT TO BE UNINSTALLED
START /WAIT “” “%%f” /uninstall
REM SOME TIMING
%windir%\system32\ping.exe -n 4 127.0.0.1>nul
)

REM CLOSE BROWSERS
%windir%\system32\taskkill.exe /f /im iexplore.exe
%windir%\system32\taskkill.exe /f /im chrome.exe
%windir%\system32\taskkill.exe /f /im firefox.exe

 

References

ITNinja
Microsoft
LANDesk
MSFN (remove via MSI/GUID)
PowerShell

There are three methods to controlling the TLS settings in Internet Explorer

1 – Local GP

2 – Domain GP

3 – Registry

* In GP, User Configuration, Administrative Templates, Windows Components, Internet Explorer, Internet Control Panel, Advanced Page, Turn off encryption support

The settings in Internet Explorer, Tools, Internet Options, Advanced

 

Today, we’re looking number at 3, the registry.

Reg path

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings

Reg key

SecureProtocols, a DWORD

Each protocol modifies the same registry key, the DWORD value
will be a hexadecimal sum of the decimal value of each check box

For example (notice how the value is changing):

Checking all protocols will yield a new value of 0x00000aa8 (2728)

All but SSL 2.0, 0x00000aa0 (2720)
All but SSL 1.0, 0x00000a28 (2600)

 

In my case, I wanted to enable all but TLS 2.0.

Take a look,

TLS 1.2 Disabled vs. Enabled

Verified working after reg key was applied

Microsoft Surface Deployment Accelerator (SDA) provides a quick and simple deployment mechanism for organizations to reimage Surface devices.

SDA includes a wizard that automates the creation and configuration of a Microsoft recommended deployment experience by using free Microsoft deployment tools. The resulting deployment solution is complete with everything you need to immediately begin the deployment of Windows to a Surface device. You can also use SDA to create and capture a Windows reference image and then deploy it with the latest Windows updates.

SDA is built on the powerful suite of deployment tools available from Microsoft including the Windows Assessment and Deployment Kit (ADK), the Microsoft Deployment Toolkit (MDT), and Windows Deployment Services (WDS). The resulting deployment share encompasses the recommended best practices for managing drivers during deployment and automating image creation and can serve as a starting point upon which you build your own customized deployment solution.

 

Microsoft Surface Deployment Accelerator prerequisites

Before you install SDA, your environment must meet the following prerequisites:

• SDA must be installed on Windows Server 2012 R2 or later
• PowerShell Script Execution Policy must be set to Unrestricted
• DHCP and DNS must be enabled on the network where the Windows Server 2012 R2 environment is connected
• To download Surface drivers and apps automatically the Windows Server 2012 R2 environment must have Internet access and Internet Explorer Enhanced Security Configuration must be disabled
• To support network boot, the Windows Server 2012 R2 environment must have Windows Deployment Services installed and configured to respond to PXE requests
• Access to Windows source files or installation media is required when you prepare a deployment with SDA
• At least 6 GB of free space for each version of Windows you intend to deploy

 

The Setup

Launching the SDA software on the server

I select Windows 10 and enter the share info

I select the Surface Pro 4, the only model I need at the time

At this point, SDA has completed setup on the server. I did make a few minor changes to the Bootstrap.ini (adding credentials) and the CustomSettings.ini (a few items I wanted automated). More info about those files here.

I now start my client machine.

I select PXE boot.

I boot into deployment mode. The image, drivers, and settings are applied from the server.

Completed imaging with no errors

more to come…

 

References

http://blog.thomasmarcussen.com/automating-windows-10-enterprise-technical-preview-with-mdt-2013-update-1-preview/

https://4sysops.com/archives/capture-an-image-in-mdt-customsettings-ini-and-bootstrap-ini/

https://technet.microsoft.com/en-us/itpro/windows/deploy/build-a-distributed-environment-for-windows-10-deployment

 

Notes

CustomSettings.ini
[Settings]
Priority=Default
Properties=MyCustomProperty

[Default]
OSInstall=Y
SkipBDDWelcome=YES
SkipCapture=NO
SkipTaskSequence=YES
TaskSequenceID=WIN_01
SkipAdminPassword=YES
SkipDomainMembership=YES
JoinDomain=contos.local
MachineObjectOU=OU=Workstations,DC=contos,DC=local
DomainAdmin=administrator
DomainAdminPassword=xyz123
DomainAdminDomain=CONTOS.LOCAL
_SMSTSORGNAME=Constos Inc.
UILanguage=en-US
UserLocal=en-US
KeyboardLocal=en-us;0409:00000409
SkipTimeZone=YES
TimeZoneName=Romance Standard Time
SkipLocaleSelection=YES
USMTOfflineMigration=FALSE
UserDataLocation=NONE
SkipComputerName=NO
OSDComputerName=Workstation1
SkipCapture=YES
SkipProductKey=YES
SkipApplications=YES
SkipPackageDisplay=YES
SkipAppsOnUpgrade=YES
SkipComputerBackup=YES
SkipUserData=YES
SkipBitLocker=YES
SkipFinalSummary=YES
SkipSummary=YES
FinishAction=REBOOT
SLShare = \\mdt\deploymentshare$\logs
SLShareDynamicLogging = \\mdt\deploymentshare$\logs\%OSDComputerName%

if you are using SkipBDDWelcome then add this to Bootstrap.ini
SkipBDDWelcome=YES

DomainAdmin=administrator
DomainAdminPassword=xyz123
DomainAdminDomain=CONTOS.LOCAL

If you changed or added anything to Bootstrap.ini
Do not forget to regenerate the boot images and replace them in WDS as well.

The change the accent color in Windows 10, just open Run (Windows key + R) paste the following command, hit [Enter].

rundll32.exe shell32.dll,Control_RunDLL desk.cpl,Advanced,@Advanced

After installing Internet Explorer 11 in the enterprise (on a few test machines), we were receiving the User Profile Service failed the logon, user profile service cannot be loaded prompt during login, but only for ‘new’ users that logged into a machine; it did not affect existing users.

Digging into a machine, I found this in the Event Log

Windows cannot copy file \\?\C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\SQM\iesqmdata_setup0.sqm to location \\?\C:\Users\TEMP\AppData\Local\Microsoft\Windows\Temporary Internet Files\SQM\iesqmdata_setup0.sqm. This error may be caused by network problems or insufficient security rights.

 

Quick Fix

Notice the C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\SQM\iesqmdata_setup0.sqm in the error above. I just deleted that file, and suddenly new users could log into computers just fine.

This problem may happen in all situations if you run the IE installation package under SYSTEM account (or any other account, besides the logged in user), which, most desktop management software uses the SYSTEM account.

 

Why does it happen?

As we know, C:\Users\Default is the template user profile folder, everything under this folder and its subfolders will be copied to the new user profile folder when you try to logon a new user. If the copying fails, or there are privilege issues, the user cannot login successfully. And, that’s exactly what was happening in our case.

 

Now, how is this iesqmdata_setup0.sqm file created?

When you try to install IE9/10/11 via IEAK, it will try to create the %USERPROFILE%\AppData\Local\Microsoft\Windows\Temporary Internet Files\SQM\iesqmdata_setup#.sqm file and upload to SQM server (http://sqm.microsoft.com/sqm/ie/sqmserver.dll). If the uploading succeeds, it will be deleted automatically; otherwise, the file will be kept in the C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\SQM folder.

The *.sqm file is created because of CEIP (aka Microsoft Customer Experience Improvement Program). Please note there are several Experience Improvement Programs in Windows (one for Windows, one for Windows Live, one for Office and one for Windows Media Player and perhaps more. Internet Explorer uses your Windows CEIP setting, which is enabled by default.

 

How do you resolve it?

Now that we have figured out why this happens, here are the solutions to the problem. To resolve the SQM file problem, there are 3 options.

 
—Option 1—

You may create scripts  to delete the file.

VBScript

strFile = “c:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\SQM\iesqmdata_setup0.sqm”

Set objFSO = CreateObject(“Scripting.FileSystemObject”)

objFSO.DeleteFile(strFile)

 

Batch

Del /q “c:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\SQM\iesqmdata_setup0.sqm”

If you are using SCCM to deploy IE, you may refer to the “Scenario 2 : Internet explorer 9 Post install hotfix” section of this article to resolve the issue:

http://scug.be/sccm/2012/12/28/configmgr-2012-rtmsp1-part-1-not-so-basic-applications-and-there-detection-methods/

 
—Option 2—

Set “HKLM\Registry\Machine\Software\Microsoft\SQMClient\Windows\CEIPEnable” to 0 to disable Windows CEIP before installing IE. For more options to disable CEIP, please refer to http://support.microsoft.com/kb/951282

 
—Option 3— (not really a great option)

Make sure the computer has access to: http://sqm.microsoft.com/sqm/ie/sqmserver.dll

 
 
Reference

https://blogs.msdn.microsoft.com/asiatech/2014/01/29/new-user-gets-event-1509-after-deploying-ie91011-through-sccm/

{ updated 2/23/2019 – see personal notes }

When thinking about buying a ‘corporate’ tablet/slate device, it’s important to factor in repairability. While one may be inclined to purchase a palette of beautiful looking devices, but you really have to think about what happens when the units break down or need some basic repair. Who is going to repair them? How easy will it be? What costs will be associated with the repair?

When reviewing just the HP X2 and Surface Pro 4 batteries, I wanted to see just how difficult it would be to do a battery swap (a common task in the corporate world). So, I did a little research.

Well, what I found out was that the Surface Pro basically isn’t repairable, not in the sense you would just have all your site technicians do a battery swap. I also noticed that the MS price for batteries range from $400-$500, and were very hard to find. Wow! That’s expensive.

In contrast, the HP X2 was easier to swap the battery (using a repair kit) and, best of all, the battery only costs $40 bucks, which was available anywhere. This may not seem like a big deal, but in a business, even a dollar or two can make all the difference in the world. While the  Surface Pro 4 is a pretty solid device (hardware speaking), thinking about maintenance and costs sound like a nightmare.

Check out the battery replacement videos:

SP4

HP X2 general disassembly or…check out this web site: LINK

HP Split X2 13    or     HP ENVY X2

 

Personal Notes

The Surface Deployment Accelerator Image.wim includes trash
—The image.wim from MS still includes things like XBox, XBox live, 3D Builder, etc.
—RECOMMENDED: There is pretty much no scenario where a business needs these extra apps—please remove, or add GP options.

Chrome kept crashing (no issues with Firefox or Edge)
—I could not get Chrome working; it kept crashing.

Edge browser
—Google Hangout plugin would not install (no issues in Firefox).
—I tried restarting and reinstalling the latest hangout plugin. Does not work.

Pen is awkward in landscape mode
—RECOMMENDED: There needs to be a magnet at the the top of the SP4 in landscape mode.
—Taking the pen off and laying it to the side is unacceptable.

Battery lasts just under 4 hours, with heavy use. In comparison, the Samsung Note lasts 8 hours
—RECOMMENDED: The keyboard needs to have extended battery capability,
—RECOMMENDED: Or, there needs to be a way to add on an extended battery.

The kickstand doesn’t work great for a laptop; it’s awkward and needs to be readjusted often
—RECOMMENDED: The keyboard (with an extended battery), ‘should’ be attached to the screen…keeping the kickstand only for those who want to use it.

The battery replacement is a nightmare
—RECOMMENDED: Battery needs to become easily accessible from outside the SP4.

An untethered pen is just asking to be lost
—RECOMMENDED: The pen needs to snap into the SP4 or have some kind of proximity alarm.
—At $50 per replacement, the current pen placement is unacceptable.

When using the SP4 for reading, in portrait orientation, the keyboard doesn’t stick to the back of the SP4. It is constantly falling away.
—RECOMMENDED: A simple magnet strip under the space bar area will take care of the keyboard flopping back and forth.

Screen gets really hot
—Screen gets so hot, it is uncomfortable to hold. The heat is eventually going to fry the unit or kill the batteries.

Freshly imaged machine, using the Surface Pro Accelerator image, was locking up
—Locked up after apparently receiving updates that I don’t remember checking.
—Locked up after logging in.
—Lockup up just sitting on desk.
* This may have been the Chrome browser causing this, so I uninstalled it.

When using the device as an eReader, or just browsing social media sites, I noticed the pinch and zoom content will not stay centered
—RECOMMENDED: There needs to be a way to disable the X axis on the the X Y axis to prevent strafing to the left and right, when all you want to do is navigate up and down.

Doesn’t function all that well as an eReader
—RECOMMENDED: I would like to see a sensor on the side/edge of the SP4 just for scrolling…flipping pages, rather than touching the screen.

The portable docking station needs to be re-engineered
—A horrible black block is unacceptable.
—RECOMMENDED: A wireless docking station would also be nice.

Keyboard
—RECOMMENDED: While the keyboard works fine, it would be nice if it could be used in a detached state, as in through bluetooth or IR.
—RECOMMENDED: A little thicker, sturdier keyboard would be nice.

Final assessment of the SP4, do not buy. Wait for the next model, or look to HP.

 

References

http://ifixit.org/blog/8135/hats-off-to-hps-repairable-tablet/

https://answers.microsoft.com/en-us/surface/forum/surfpro-surfgetstart/new-battery-replacement-cost-from-ms/c5c8264b-c8cc-4a3a-9815-106270ce1bad?page=1

tags: Surface Pro, SP4

I just received a Surface Pro for the enterprise, and will be building an enterprise imaging solution. I’m starting with the Microsoft Surface Deployment Accelerator and seeing where that takes me. I will be adding screenshots and new posts as I build the imaging server.

From Microsoft…

Microsoft Surface Deployment Accelerator (SDA) provides a quick and simple deployment mechanism for organizations to reimage Surface devices.

SDA includes a wizard that automates the creation and configuration of a Microsoft recommended deployment experience by using free Microsoft deployment tools. The resulting deployment solution is complete with everything you need to immediately begin the deployment of Windows to a Surface device. You can also use SDA to create and capture a Windows reference image and then deploy it with the latest Windows updates.

SDA is built on the powerful suite of deployment tools available from Microsoft including the Windows Assessment and Deployment Kit (ADK), the Microsoft Deployment Toolkit (MDT), and Windows Deployment Services (WDS). The resulting deployment share encompasses the recommended best practices for managing drivers during deployment and automating image creation and can serve as a starting point upon which you build your own customized deployment solution.

You can find more information about how to deploy to Surface devices, including step-by-step walkthroughs of customized deployment solution implementation, on the Deploy page of the Surface TechCenter.

Download Microsoft Surface Deployment Accelerator

You can download the installation files for SDA from the Microsoft Download Center. To download the installation files:

1. Go to the Surface Tools for IT page on the Microsoft Download Center.
2. Click the Download button, select the Surface_Deployment_Accelerator_xxxx.msi file, and then clickNext.

References

https://technet.microsoft.com/en-us/itpro/surface/microsoft-surface-deployment-accelerator

https://www.microsoft.com/en-us/download/details.aspx?id=46703