Google Chrome – Disable/Enable Auto Update

email me

Disable Update

REG.exe ADD “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Update” /v AutoUpdateCheckPeriodMinutes /t REG_DWORD /d 0 /f /reg:64

REG.exe ADD “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Update” /v UpdateDefault /t REG_DWORD /d 0 /f /reg:64

 

Enable Update

REG.exe ADD “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Update” /v AutoUpdateCheckPeriodMinutes /t REG_DWORD /d 1 /f /reg:64

REG.exe ADD “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Update” /v UpdateDefault /t REG_DWORD /d 1 /f /reg:64

 

Notes

You can also disable the Google Update service—gupdate—to prevent Chrome from updating.

Windows 10 – TLS Cipher Suites in Windows 10 v1709

email me

A cipher suite is a set of cryptographic algorithms. The schannel SSP implementation of the TLS/SSL protocols use algorithms from a cipher suite to create keys and encrypt information. A cipher suite specifies one algorithm for each of the following tasks:

  • Key exchange
  • Bulk encryption
  • Message authentication

Key exchange algorithms protect information required to create shared keys. These algorithms are asymmetric (public key algorithms) and perform well for relatively small amounts of data.

Bulk encryption algorithms encrypt messages exchanged between clients and servers. These algorithms are symmetric and perform well for large amounts of data.

Message authentication algorithms generate message hashes and signatures that ensure the integrity of a message.

Developers specify these elements by using ALG_ID data types.

In earlier versions of Windows, TLS cipher suites and elliptical curves were configured by using a single string:

NOTE

Different Windows versions support different TLS cipher suites and priority order. And, some protocol suites are disabled by default in newer operating systems—-causing a support nightmare if you’re using older servers, like Server 2003. Basically, TLS 1.0 is dead; most products have moved to TLS 1.2.

 

How does TLS work?

Basically, the client and server exchange hellos, compare supported protocols, exchange certificates, and create session keys.

The Handshake

The client sends a client hello message to the server. A client hello message contains the following information:

  • ProtocolVersion: The version of the TLS protocol by which the client wants to communicate during this session
  • Random: A random structure which contains the current time and date and 28 bytes of a secure random number generated by the client
  • SessionID: The ID of a session the client wishes to use for this connection
  • CipherSuite: The CipherSuite list which contains the combinations of cryptographic algorithms supported by the client
  • CompressionMethod: A list of compression algorithms supported by the client

The server responds with a server hello message in response to a client hello message if it was able to find an acceptable algorithm. A server hello message contains the following information:

  • ProtocolVersion: The version of the TLS protocol by which the server agrees to communicate with the client during this session
  • Random: A random structure which contains the current time and date and 28 bytes of a secure random number generated by the server
  • SessionID: The ID of a session the server wishes to use for this connection
  • CipherSuite: The single cipher suite selected by the server from the list of the cipher suite contained in the client hello message
  • CompressionMethod: The single compression algorithm selected by the server from the list of the compression method contained in the client hello message.

Immediately after the server sends the server hello message to the client, it sends a server certificate message and a server key exchange message to the client. The certificate request message can optionally be sent by the server to request a certificate from the client if the server chooses to authenticate the client. Then the server sends a server hello done message and will wait for a client to respond.

The client sends a client certificate message to the server if the server requests a certificate in response to the server hello done message. Immediately after the client certificate message is sent, a client key exchange message and a certificate verify message are sent by the client. The client sends a certificate verify message for the server to verify a client certificate.

If the server does not request a certificate, the client key exchange message will be the first message sent by the client. A change cipher spec message and a finished message are sent by the client. In response, the server will send a change cipher specification message and a finished message. At this point, the client and server can exchange application layer data. That should be fairly enough for now to understand overall picture of the protocol.

 

Cipher Suites

It is important to remember, cipher suites can only be negotiated for TLS versions which support them. The highest supported TLS version is always preferred in the TLS handshake.

Availability of cipher suites should be controlled in one of two ways:

  • Default priority order is overridden when a priority list is configured. Cipher suites not in the priority list will not be used.
  • Allowed when the application passes SCH_USE_STRONG_CRYPTO: The Microsoft Schannel provider will filter out known weak cipher suites when the application uses the SCH_USE_STRONG_CRYPTO flag. RC4, DES, export and null cipher suites are filtered out.

FIPS-compliance has become more complex with the addition of elliptic curves making the FIPS mode enabled column in previous versions of this table misleading. For example, a cipher suite such as TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is only FIPS-complaint when using NIST elliptic curves.

For Windows 10, version 1709, the following cipher suites are enabled and in this priority order by default using the Microsoft Schannel Provider:

Cipher suite Allowed by SCH_USE_STRONG_CRYPTO  TLS/SSL Version
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Yes TLS 1.2
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 Yes TLS 1.2
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Yes TLS 1.2
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Yes TLS 1.2
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Yes TLS 1.2
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 Yes TLS 1.2
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Yes TLS 1.2
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 Yes TLS 1.2
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Yes TLS 1.2
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Yes TLS 1.2
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Yes TLS 1.2,
TLS 1.1, TLS 1.0
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA Yes TLS 1.2, TLS 1.1,
TLS 1.0
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Yes TLS 1.2, TLS 1.1,
TLS 1.0
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Yes TLS 1.2, TLS 1.1,
TLS 1.0
TLS_RSA_WITH_AES_256_GCM_SHA384 Yes TLS 1.2
TLS_RSA_WITH_AES_128_GCM_SHA256 Yes TLS 1.2
TLS_RSA_WITH_AES_256_CBC_SHA256 Yes TLS 1.2
TLS_RSA_WITH_AES_128_CBC_SHA256 Yes TLS 1.2
TLS_RSA_WITH_AES_256_CBC_SHA Yes TLS 1.2, TLS 1.1,
TLS 1.0
TLS_RSA_WITH_AES_128_CBC_SHA Yes TLS 1.2, TLS 1.1,
TLS 1.0
TLS_RSA_WITH_3DES_EDE_CBC_SHA Yes TLS 1.2, TLS 1.1,
TLS 1.0
TLS_RSA_WITH_NULL_SHA256

Only used when application explicitly requests.

No TLS 1.2
TLS_RSA_WITH_NULL_SHA

Only used when application explicitly requests.

No TLS 1.2, TLS 1.1,
TLS 1.0, SSL 3.0

 

The following cipher suites are supported by the Microsoft Schannel Provider, but not enabled by default:

Cipher suite string Allowed by SCH_USE_STRONG_CRYPTO  TLS/SSL Version
TLS_DHE_RSA_WITH_AES_256_CBC_SHA Yes TLS 1.2, TLS 1.1,
TLS 1.0
TLS_DHE_RSA_WITH_AES_128_CBC_SHA Yes TLS 1.2, TLS 1.1,
TLS 1.0
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 Yes TLS 1.2
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 Yes TLS 1.2
TLS_DHE_DSS_WITH_AES_256_CBC_SHA Yes TLS 1.2, TLS 1.1,
TLS 1.0
TLS_DHE_DSS_WITH_AES_128_CBC_SHA Yes TLS 1.2, TLS 1.1,
TLS 1.0
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA Yes TLS 1.2, TLS 1.1,
TLS 1.0, SSL 3.0
TLS_RSA_WITH_RC4_128_SHA No TLS 1.2, TLS 1.1,
TLS 1.0, SSL 3.0
TLS_RSA_WITH_RC4_128_MD5 No TLS 1.2, TLS 1.1,
TLS 1.0, SSL 3.0
TLS_RSA_WITH_DES_CBC_SHA No TLS 1.2, TLS 1.1,
TLS 1.0, SSL 3.0
TLS_DHE_DSS_WITH_DES_CBC_SHA No TLS 1.2, TLS 1.1,
TLS 1.0, SSL 3.0
TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
No TLS 1.2, TLS 1.1, TLS 1.0, SSL 3.0
No TLS 1.2, TLS 1.1,
TLS 1.0, SSL 3.0
TLS_RSA_WITH_NULL_MD5

Only used when application explicitly requests.

No TLS 1.2, TLS 1.1,
TLS 1.0, SSL 3.0
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA No TLS 1.2, TLS 1.1,
TLS 1.0, SSL 3.0
TLS_RSA_EXPORT_WITH_RC4_40_MD5 No TLS 1.2, TLS 1.1,
TLS 1.0, SSL 3.0
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA No TLS 1.2, TLS 1.1,
TLS 1.0, SSL 3.0

 

The following PSK cipher suites are enabled and in this priority order by default using the Microsoft Schannel Provider:

Cipher suite string Allowed by SCH_USE_STRONG_CRYPTO TLS/SSL version
TLS_PSK_WITH_AES_256_GCM_SHA384 Yes TLS 1.2
TLS_PSK_WITH_AES_128_GCM_SHA256 Yes TLS 1.2
TLS_PSK_WITH_AES_256_CBC_SHA384 Yes TLS 1.2
TLS_PSK_WITH_AES_128_CBC_SHA256 Yes TLS 1.2
TLS_PSK_WITH_NULL_SHA384 No TLS 1.2
TLS_PSK_WITH_NULL_SHA256 No TLS 1.2

 

To add cipher suites, either deploy a group policy or use the TLS cmdlets:

  • To use group policy, configure SSL Cipher Suite Order under Computer Configuration > Administrative Templates > Network > SSL Configuration Settings with the priority list for all cipher suites you want enabled.
  • To use PowerShell, see TLS cmdlets.

NOTE

Prior to Windows 10, cipher suite strings were appended with the elliptic curve to determine the curve priority. Windows 10 supports an elliptic curve priority order setting so the elliptic curve suffix is not required and is overridden by the new elliptic curve priority order, when provided, to allow organizations to use group policy to configure different versions of Windows with the same cipher suites.

General Notes

1 TLS/SSL – How and Why PCI Flags it but why do we care? By: MadHat Unspecific

2 SSL – How and Why What is TLS/SSL? How does TLS/SSL work? What is the difference between TLS and SSL? What is it used for? Weak Ciphers How this relates to PCI Exploitable SSL-Cipher-Check (tool from Unspecific.com)

3 What is TLS/SSL? Transport Layer Security Secure Socket Layers Application Layer Protocols Public/Asymmetric Key Cryptography OSI Layer 6

4 How does TLS/SSL work? Encryption Protocol, Key Length, Hashing Algorithm Authentication Handshake – Request – Protocols Supported – Digital Certificate – Session Keys

5 What is it used for? Security & Data Integrity Prevents Eavesdropping, tampering & message forgery HTTP is most famous as HTTPS Any layer 7 protocol, POP3, IMAP, SMTP, FTP OpenVPN Stunnel Ncat (included with Nmap)

6 Weak Ciphers Old Protocols – SSLv2 Key Strength – 40bit & 56bit ciphers – RC2, RC4, NULL Weak Hash Algorithms – DES ADH – anonymous DH cipher

7 How this relates to PCI & Other Standards PCI 4.1 – Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.

8 Exploitable Man in the Middle Decryption of Communications

9 SSL-Cipher-Check OpenSSL binary Checks ALL supported Ciphers openssl ciphers openssl s_client -$protocol -cipher $cipher -connect $host:$port ssl_dump.log Raw openssl output

10 SSL-Cipher-Check $./ssl-cipher-check.pl : SSL Cipher Check: 1.1 : written by Lee ‘MadHat’ Heath (at) Unspecific.com Usage:./ssl-cipher-check.pl [ -dvwas ] [ ] default port is 443 -d Add debug info (show it all, lots of stuff) -v Verbose. Show more info about what is found -w Show only weak ciphers enabled. -a Show all ciphers, enabled or not -s Show only the STRONG ciphers enabled.

Windows 10 – Download Windows Apps (AppX) – Install without Store

email me

This is how you would download Windows Store apps, without being required to use the Microsoft Store every time—useful if your company has disabled the Store, or in the scenario where you would like to customize the App install.

(1) Download and install Fiddle on a reference computer—a computer that currently needs the Windows Store application; this one reference machine does require a working Windows Store.

(2) Prepare Fiddler to capture Win App URL (you need this direct URL to actually download the APP). In Fiddler, select WinConfig, check Microsoft Store, and click the Save Changes button.
Begin capturing.

 

(3) Install App from the Microsoft Store.

 

(4) Monitor Fiddler for URL changes. Normally, when you see the mp.microsoft.com URLs popping up, you can stop capturing. Click Find, search for appx, and the following will be highlighted. Just right-click on one of the highlighted links, click Copy, click Just Url. Now you have the direct URL.

 

(5) Use URL to download App. Just paste the URL into a browser.

 

(6) The App will download. Take the App and repackage or install it.

* this process works for .appxbundle and .msixbundle

 

Notes

Removal

Remove-AppxPackage Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe
Remove-AppxPackage Microsoft.MicrosoftStickyNotes_3.6.76.0_x64__8wekyb3d8bbwe


Install using DISM

DISM /image:c:\mount\windows /add-ProvisionedAppxPackage /packagepath:e:\apps\amd64\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe.appxbundle /licensepath:e:\apps\amd64\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe.xml /dependencypackagepath:e:\apps\amd64\Microsoft.VCLibs.x64.14.00.appx /dependencypackagepath:e:\apps\amd64\Microsoft.VCLibs.x86.14.00.appx /dependencypackagepath:e:\apps\amd64\Microsoft.NET.Native.Framework.x64.1.3.appx /dependencypackagepath:e:\apps\amd64\Microsoft.NET.Native.Framework.x86.1.3.appx /dependencypackagepath:e:\apps\amd64\Microsoft.NET.Native.Runtime.x64.1.3.appx /dependencypackagepath:e:\apps\amd64\Microsoft.NET.Native.Runtime.x86.1.3.appx

PowerShell – Return Disk Space in Chart/Graph

email me

Snapshot

 

Code

function Get-DiskInfoChart{ 
clear-host 

$diskData = gwmi win32_logicaldisk -ComputerName $env:COMPUTERNAME -Filter "DriveType = 3" 
$charCount = "="*75 
$usedSpace = " "*20 
$freeSpace = " "*10 
$barLength = 45
Write-Host  
Write-Host  $charCount -ForegroundColor Yellow 
Write-Host  
Write-Host $table -NoNewline  
Write-Host " " -BackgroundColor Blue -NoNewline 
Write-Host " Used Space" -NoNewline "  "  
Write-Host " " -BackgroundColor Green -NoNewline 
Write-Host " Free Space" -NoNewline 
Write-Host 
 
foreach($disk in $diskData) 
{ 
    $usedSpaceSize = ($disk.size -$disk.FreeSpace)/$disk.Size 
    $freeSpaceDisk =  $disk.FreeSpace/$disk.Size 
    $percentDisk = "{0:P2}" -f $freeSpaceDisk 
    Write-Host 
    Write-Host " "$disk.DeviceID "Drive" -ForegroundColor White -NoNewline 
    Write-Host "  "-NoNewline  
    Write-Host (" "*($usedSpaceSize * $barLength))-BackgroundColor Blue -NoNewline 
    Write-Host (" "*($freeSpaceDisk * $barLength)) -BackgroundColor Green -NoNewline      
    Write-Host " " $percentDisk "Free" 
} 
Write-Host  
Write-Host  $charCount -ForegroundColor Yellow
Write-Host  
} 
Get-DiskInfoChart 

SCCM – Change Site Code

email me

#new site code
$newSiteCode = '002'

$smsClient = New-Object -ComObject Microsoft.SMS.Client

#return current site code
$Result = $smsClient.GetAssignedSite()

#test current site code
if ($Result -eq $newSiteCode)
{
  Exit
} 

Else 

{
   
$smsClient.SetAssignedSite($newSiteCode)

#set reg path
$regPath = 'HKLM:\SOFTWARE\Microsoft\SMS\Mobile Client'

If (Get-ItemProperty -Path $regPath -Name GPRequestedSiteAssignmentCode -ErrorAction SilentlyContinue -OutVariable outvar)

{ #remove current site code
Get-Item -Path $regPath | Remove-ItemProperty -Name 'GPRequestedSiteAssignmentCode' -Force -ErrorAction SilentlyContinue
Get-Item -Path $regPath | Remove-ItemProperty -Name 'GPSiteAssignmentRetryInterval(Min)' -Force -ErrorAction SilentlyContinue
Get-Item -Path $regPath | Remove-ItemProperty -Name 'GPSiteAssignmentRetryDuration(Hour)' -Force -ErrorAction SilentlyContinue
$regRemediation = 'TRUE'
}

Else
{
$regRemediation = 'FALSE'
}

$timeStamp = Get-Date -Format dd-MM-yy:HH:mm:ss
Write-Output "$env:COMPUTERNAME : Site code changed from $result > $newSiteCode | Registry Remediated = $regRemediation | $timeStamp" | Out-File .\site.log -Append
$timeStamp = ""
}

SCCM – Logs

< SCCM Category   |   SCCM Tracker

 

Client Logs

%WINDIR%\CCM\Logs

 

SCCM Server Logs

SMS_CCM\Logs

 

IIS Logs

%WINDIR%\System32\logfiles\W3SVC1

 

Download Log Tool (to view logs)

CMTrace.exe  |  more

CMPowerLogViewer.exe  |  more

 

 

Common, critical troubleshooting logs are in orange…

 

SCCM Agent Log (Agent setup)

Path: C:\Windows\ccmsetup\Logs\ccmsetup.log

 

Client Log Files

Path: C:\Windows\ccm\logs

  • CAS – Content Access Service. Maintains the local package cache.
  • Ccmexec.log – Records activities of the client and the SMS Agent Host service.
  • CoManagementHandler.log – validate workloads and determine where policies and apps come from.
  • CertificateMaintenance.log – Maintains certificates for Active Directory directory service and management points.
  • ClientIDManagerStartup.log – Creates and maintains the client GUID.
  • ClientLocation.log – Site assignment tasks.
  • ContentTransferManager.log – Schedules the Background Intelligent Transfer Service (BITS) or the Server Message Block (SMB) to download or to access SMS packages.
  • DataTransferService.log – Records all BITS communication for policy or package access.
  • Execmgr.log – Records advertisements that run.
  • FileBITS.log – Records all SMB package access tasks.
  • Fsinvprovider.log (renamed to FileSystemFile.log in all SMS 2003 Service Packs) – Windows Management Instrumentation (WMI) provider for software inventory and file collection.
  • InventoryAgent.log – Creates discovery data records (DDRs) and hardware and software inventory records.
  • LocationServices.log – Finds management points and distribution points.
  • Mifprovider.log – The WMI provider for .MIF files.
  • Mtrmgr.log – Monitors all software metering processes.
  • PolicyAgent.log – Requests policies by using the Data Transfer service.
  • PolicyAgentProvider.log – Records policy changes.
  • PolicyEvaluator.log – Records new policy settings.
  • Remctrl.log – Logs when the remote control component (WUSER32) starts.
  • Scheduler.log – Records schedule tasks for all client operations.
  • Smscliui.log – Records usage of the Systems Management tool in Control Panel.
  • StatusAgent.log – Logs status messages that are created by the client components.
  • SWMTRReportGen.log – Generates a usage data report that is collected by the metering agent. (This data is logged in Mtrmgr.log.)

Server Log Files

  • Ccm.log – Client Configuration Manager tasks.
  • Cidm.log – Records changes to the client settings by the Client Install Data Manager (CIDM).
  • Colleval.log – Logs when collections are created, changed, and deleted by the Collection Evaluator.
  • Compsumm.log – Records Component Status Summarizer tasks.
  • Cscnfsvc.log – Records Courier Sender confirmation service tasks.
  • Dataldr.log – Processes Management Information Format (MIF) files and hardware inventory in the Configuration Manager 2007 database.
  • Ddm.log – Saves DDR information to the Configuration Manager 2007 database by the Discovery Data Manager.
  • Despool.log – Records incoming site-to-site communication transfers.
  • Distmgr.log – Records package creation, compression, delta replication, and information updates.
  • Hman.log – Records site configuration changes, and publishes site information in Active Directory Domain Services.
  • Inboxast.log – Records files that are moved from the management point to the corresponding SMS\INBOXES folder.
  • Inboxmgr.log – Records file maintenance.
  • Invproc.log – Records the processing of delta MIF files for the Dataloader component from client inventory files.
  • Mpcontrol.log – Records the registration of the management point with WINS. Records the availability of the management point every 10 minutes.
  • Mpfdm.log – Management point component that moves client files to the corresponding SMS\INBOXES folder.
  • MPMSI.log – Management point .msi installation log.
  • MPSetup.log – Records the management point installation wrapper process.
  • Ntsvrdis.log – Configuration Manager 2007 server discovery.
  • Offermgr.log – Records advertisement updates.
  • Offersum.log – Records summarization of advertisement status messages.
  • Policypv.log – Records updates to the client policies to reflect changes to client settings or advertisements.
  • Replmgr.log – Records the replication of files between the site server components and the Scheduler component.
  • Rsetup.log – Reporting point setup log.
  • Sched.log – Records site-to-site job and package replication.
  • Sender.log – Records files that are sent to other child and parent sites.
  • Sinvproc.log – Records client software inventory data processing to the site database in Microsoft SQL Server.
  • Sitecomp.log – Records maintenance of the installed site components.
  • Sitectrl.log – Records site setting changes to the Sitectrl.ct0 file.
  • Sitestat.log – Records the monitoring process of all site systems.
  • Smsdbmon.log – Records database changes.
  • Smsexec.log – Records processing of all site server component threads.
  • Smsprov.log – Records WMI provider access to the site database.
  • SMSReportingInstall.log – Records the Reporting Point installation. This component starts the installation tasks and processes configuration changes.
  • SMSSHVSetup.log – Records the success or failure (with failure reason) of installing the System Health Validator point.
  • Srvacct.log – Records the maintenance of accounts when the site uses standard security.
  • Statmgr.log – Writes all status messages to the database.
  • Swmproc.log – Processes metering files and maintains settings.

Admin Console Log Files

  • RepairWizard.log – Records errors, warnings, and information about the process of running the Repair Wizard.
  • ResourceExplorer.log – Records errors, warnings, and information about running the Resource Explorer.
  • SMSAdminUI.log – Records the local Configuration Manager 2007 console tasks when you connect to Configuration Manager 2007 sites.

Management Point Log Files

  • MP_Ddr.log – Records the conversion of XML.ddr records from clients, and copies them to the site server.
  • MP_GetAuth.log – Records the status of the site management points.
  • MP_GetPolicy.log – Records policy information.
  • MP_Hinv.log – Converts XML hardware inventory records from clients and copies the files to the site server.
  • MP_Location.log – Records location manager tasks.
  • MP_Policy.log – Records policy communication.
  • MP_Relay.log – Copies files that are collected from the client.
  • MP_Retry.log – Records the hardware inventory retry processes.
  • MP_Sinv.log – Converts XML hardware inventory records from clients and copies them to the site server.
  • MP_Status.log – Converts XML.svf status message files from clients and copies them to the site server.

Mobile Device Management Log Files

  • DmClientHealth.log – Records the GUIDs of all the mobile device clients that are communicating with the Device Management Point.
  • DmClientRegistration.log – Records registration requests from and responses to the mobile device client in Native mode.
  • DmpDatastore.log – Records all the site database connections and queries made by the Device Management Point.
  • DmpDiscovery.log – Records all the discovery data from the mobile device clients on the Device Management Point.
  • DmpFileCollection.log – Records mobile device file collection data from mobile device clients on the Device Management Point.
  • DmpHardware.log – Records hardware inventory data from mobile device clients on the Device Management Point.
  • DmpIsapi.log – Records mobile device communication data from device clients on the Device Management Point.
  • dmpMSI.log – Records the MSI data for Device Management Point setup.
  • DMPSetup.log – Records the mobile device management setup process.
  • DmpSoftware.log – Records mobile device software distribution data from mobile device clients on the Device Management Point.
  • DmpStatus.log – Records mobile device status messages data from mobile device clients on the Device Management Point.
  • FspIsapi.log – Records Fallback Status Point communication data from mobile device clients and client computers on the Fallback Status Point.

Mobile Device Client Log Files

  • DmCertEnroll.log – Records certificate enrollment data on mobile device clients.
  • DMCertResp.htm (in \temp) – Records HTML response from the certificate server when the mobile device Enroller program requests a client authentication certificate on mobile device clients.
  • DmClientSetup.log – Records client setup data on mobile device clients.
  • DmClientXfer.log – Records client transfer data for Windows Mobile Device Center and ActiveSync deployments.
  • DmCommonInstaller.log – Records client transfer file installation for setting up mobile device client transfer files on client computers.
  • DmInstaller.log – Records whether DMInstaller correctly calls DmClientSetup and whether DmClientSetup exits with success or failure on mobile device clients.
  • DmInvExtension.log – Records Inventory Extension file installation for setting up Inventory Extension files on client computers.
  • DmSvc.log – Records mobile device management service data on mobile device clients.

Operating System Deployment Log Files

  • CCMSetup.log – Provides information about client-based operating system actions.
  • CreateTSMedia.log – Provides information about task sequence media when it is created. This log is generated on the computer running the Configuration Manager 2007 administrator console.
  • DriverCatalog.log – Provides information about device drivers that have been imported into the driver catalog.
  • MP_ClientIDManager.log – Provides information about the Configuration Manager 2007 management point when it responds to Configuration Manager 2007 client ID requests from boot media or PXE. This log is generated on the Configuration Manager 2007 management point.
  • MP_DriverManager.log – Provides information about the Configuration Manager 2007 management point when it responds to a request from the Auto Apply Driver task sequence action. This log is generated on the Configuration Manager 2007 management point.
  • MP_Location.log – Provides information about the Configuration Manager 2007 management point when it responds to request state store or release state store requests from the state migration point. This log is generated on the Configuration Manager 2007 management point.
  • Pxecontrol.log – Provides information about the PXE Control Manager.
  • PXEMsi.log – Provides information about the PXE service point and is generated when the PXE service point site server has been created.
  • PXESetup.log – Provides information about the PXE service point and is generated when the PXE service point site server has been created.
  • Setupact.log Setupapi.log Setuperr.log Provide information about Windows Sysprep and setup logs.
  • SmpIsapi.log – Provides information about the state migration point Configuration Manager 2007 client request responses.
  • Smpmgr.log – Provides information about the results of state migration point health checks and configuration changes.
  • SmpMSI.log – Provides information about the state migration point and is generated when the state migration point site server has been created.
  • Smsprov.log – Provides information about the SMS provider.
  • Smspxe.log – Provides information about the Configuration Manager 2007 PXE service point.
  • SMSSMPSetup.log – Provides information about the state migration point and is generated when the state migration point site server has been created.
  • Smsts.log – General location for all operating system deployment and task sequence log events.
  • TaskSequenceProvider.log – Provides information about task sequences when they are imported, exported, or edited.
  • USMT Log loadstate.log – Provides information about the User State Migration Tool (USMT) regarding the restore of user state data.
  • USMT Log scanstate.log – Provides information about the USMT regarding the capture of user state data.

Network Access Protection Log Files

  • Ccmcca.log – Logs the processing of compliance evaluation based on Configuration Manager NAP policy processing and contains the processing of remediation for each software update required for compliance.
  • CIAgent.log – Tracks the process of remediation and compliance. However, the software updates log file, *Updateshandler.log – provides more informative details on installing the software updates required for compliance.
  • locationservices.log – Used by other Configuration Manager features (for example, information about the client’s assigned site) but also contains information specific to Network Access Protection when the client is in remediation. It records the names of the required remediation servers (management point, software update point, and distribution points that host content required for compliance), which are also sent in the client statement of health.
  • SDMAgent.log – Shared with the Configuration Manager feature desired configuration management and contains the tracking process of remediation and compliance. However, the software updates log file, Updateshandler.log, provides more informative details about installing the software updates required for compliance.
  • SMSSha.log – The main log file for the Configuration Manager Network Access Protection client and contains a merged statement of health information from the two Configuration Manager components: location services (LS) and the configuration compliance agent (CCA). This log file also contains information about the interactions between the Configuration Manager System Health Agent and the operating system NAP agent, and also between the Configuration Manager System Health Agent and both the configuration compliance agent and the location services. It provides information about whether the NAP agent successfully initialized, the statement of health data, and the statement of health response.

System Health Validator Point Log Files

  • Ccmperf.log -Contains information about the initialization of the System Health Validator point performance counters.
  • SmsSHV.log – The main log file for the System Health Validator point; logs the basic operations of the System Health Validator service, such as the initialization progress.
  • SmsSHVADCacheClient.log – Contains information about retrieving Configuration Manager health state references from Active Directory Domain Services.
  • SmsSHVCacheStore.log – Contains information about the cache store used to hold the Configuration Manager NAP health state references retrieved from Active Directory Domain Services, such as reading from the store and purging entries from the local cache store file. The cache store is not configurable.
  • SmsSHVRegistrySettings.log – Records any dynamic changes to the System Health Validator component configuration while the service is running.
  • SmsSHVQuarValidator.log – Records client statement of health information and processing operations. To obtain full information, change the registry key LogLevel from 1 to 0 in the following location:HKLM\SOFTWARE\Microsoft\SMSSHV\Logging\@GLOBAL

Desired Configuration Management Log Files

  • ciagent.log – Provides information about downloading, storing, and accessing assigned configuration baselines.
  • dcmagent.log – Provides high-level information about the evaluation of assigned configuration baselines and desired configuration management processes.
  • discovery.log – Provides detailed information about the Service Modeling Language (SML) processes.
  • sdmagent.log – Provides information about downloading, storing, and accessing configuration item content.
  • sdmdiscagent.log – Provides high-level information about the evaluation process for the objects and settings configured in the referenced configuration items.

Wake On LAN Log Files

  • Wolmgr.log – Contains information about wake-up procedures such as when to wake up advertisements or deployments that are configured for Wake On LAN.
  • WolCmgr.log – Contains information about which clients need to be sent wake-up packets, the number of wake-up packets sent, and the number of wake-up packets retried.

Software Updates Site Server Log Files

  • ciamgr.log – Provides information about the addition, deletion, and modification of software update configuration items.
  • distmgr.log – Provides information about the replication of software update deployment packages.
  • objreplmgr.log – Provides information about the replication of software updates notification files from a parent to child sites.
  • PatchDownloader.log – Provides information about the process for downloading software updates from the update source specified in the software updates metadata to the download destination on the site server.
  • replmgr.log – Provides information about the process for replicating files between sites.
  • smsdbmon.log – Provides information about when software update configuration items are inserted, updated, or deleted from the site server database and creates notification files for software updates components.
  • SUPSetup – Provides information about the software update point installation. When the software update point installation completes, Installation was successful is written to this log file.
  • WCM.log – Provides information about the software update point configuration and connecting to the Windows Server Update Services (WSUS) server for subscribed update categories, classifications, and languages.
  • WSUSCtrl.log – Provides information about the configuration, database connectivity, and health of the WSUS server for the site.
  • wsyncmgr.log -Provides information about the software updates synchronization process.

WSUS Server Log Files

  • Change.log – Provides information about the WSUS server database information that has changed.
  • SoftwareDistribution.log – Provides information about the software updates that are synchronized from the configured update source to the WSUS server database.

Software Updates Client Computer Log Files

  • CAS.log – Provides information about the process of downloading software updates to the local cache and cache management.
  • CIAgent.log – Provides information about processing configuration items, including software updates.
  • LocationServices.log – Provides information about the location of the WSUS server when a scan is initiated on the client.
  • PatchDownloader.log – Provides information about the process for downloading software updates from the update source to the download destination on the site server. This log is only on the client computer configured as the synchronization host for the Inventory Tool for Microsoft Updates.
  • PolicyAgent.log – Provides information about the process for downloading, compiling, and deleting policies on client computers.
  • PolicyEvaluator – Provides information about the process for evaluating policies on client computers, including policies from software updates.
  • RebootCoordinator.log – Provides information about the process for coordinating system restarts on client computers after software update installations.
  • ScanAgent.log – Provides information about the scan requests for software updates, what tool is requested for the scan, the WSUS location, and so on.
  • ScanWrapper – Provides information about the prerequisite checks and the scan process initialization for the Inventory Tool for Microsoft Updates on Systems Management Server (SMS) 2003 clients.
  • SdmAgent.log – Provides information about the process for verifying and decompressing packages that contain configuration item information for software updates.
  • ServiceWindowManager.log – Provides information about the process for evaluating configured maintenance windows.
  • smscliUI.log – Provides information about the Configuration Manager Control Panel user interactions, such as initiating a Software Updates Scan Cycle from the Configuration Manager Properties dialog box, opening the Program Download Monitor, and so on.
  • SmsWusHandler – Provides information about the scan process for the Inventory Tool for Microsoft Updates on SMS 2003 client computers.
  • StateMessage.log – Provides information about when software updates state messages are created and sent to the management point.
  • UpdatesDeployment.log – Provides information about the deployment on the client, including software update activation, evaluation, and enforcement. Verbose logging shows additional information about the interaction with the client user interface.
  • UpdatesHandler.log – Provides information about software update compliance scanning and about the download and installation of software updates on the client.
  • UpdatesStore.log – Provides information about the compliance status for the software updates that were assessed during the compliance scan cycle.
  • WUAHandler.log – Provides information about when the Windows Update Agent on the client searches for software updates.
  • WUSSyncXML.log – Provides information about the Inventory Tool for the Microsoft Updates synchronization process. This log is only on the client computer configured as the synchronization host for the Inventory Tool for Microsoft Updates.

Windows Update Agent Log File

  • WindowsUpdate.log – Provides information about when the Windows Update Agent connects to the WSUS server and retrieves the software updates for compliance assessment and whether there are updates to the agent components.

 

Notes


SysWOW64
 is a folder created by Microsoft for storing 32-bit .dll files. WOW64 is the x86 emulator that allows 32-bit Windows-based applications to run on 64-bit Windows. This means SysWOW64 equates to “Windows 32-bit on Windows 64-bit”. This folder contains all the 32-bit .dll files required for compatibility which run on top of the 64-bit version of Windows. WOW64 is the x86 emulator that allows 32-bit Windows-based applications to run on 64-bit Windows but x86 applications are re-directed to the x86 \syswow64 when seeking the x64 \system32. The C:\Windows\System32 folder still exists in the 64-bit version of Windows but it is used as a repository for 64-bit .dll files.

 

 

< SCCM Category

Windows – Add Certificate to Stores

email me

CERTUTIL -addstore -enterprise -f -v root “Certificate.cer”
CERTUTIL -addstore -f CA “Certificate.cer”
CERTUTIL -addstore -enterprise -f -v TrustedPublisher “Certificate.cer”

 

Notes

View CA Configuration

If you want to view the configuration settings for the CA, which includes the type of information that is set by the CAPolicy.inf or afterward installation by running post configuration scripts, you can issue the following commands:

certutil -dump
certutil -getreg
certutil -getreg CA

 
Publish expired certificates in the CRL

If you want to maintain a revoked certificate in the CRL beyond the certificate’s expiration date, you can enable the publication of expired certificates to the CRL by running the following command at a command-line prompt and then restarting Certificate Services.

certutil –setreg ca\CRLFlags +CRLF_PUBLISH_EXPIRED_CERT_CR

 
Dump certificate templates and settings from the CA

certutil -v -template

Variations of that command

certutil -v -template > templatelist.txt
certutil -v -template clientauth > clientauthsettings.txt

 
Copy a CRL to a file

If you want to copy a certificate revocation list and name it corprootca.crl to removable media (like a floppy drive of a:), then you can run the following command:

certutil -getcrl a:\corprootca.crl

 
View Certificate Templates

If you want to dump a list of certificate templates and their settings to a text file (MyTemplates.txt), you can run the following command:

certutil -v -template > MyTemplates.txt

 
View AIA container

To view the contents of the AIA container in Active Directory Domain Services (AD DS) for a domain named contoso.com, run the following command:

certutil -viewstore “ldap:///CN=AIA,CN=Public Key Services,CN=Services,CN=Configuration,DC=contoso,DC=com?
cACertificate?base?objectclass=certificationAuthority”

 
View Intermediate CA certificate store

To view the content of the client computer’s Intermediate Certification Authorities certificate store, type the following command at a command-line prompt.

certutil -enterprise -viewstore CA

 
View NTAuth Container

To view the content of the NTAuth container in AD DS for a domain named Corp.contoso.com, you would type the following command on a single line and press ENTER:

certutil -viewstore “ldap:///CN=NTAuthCertificates,CN=Public Key Services,CN=Services,CN=Configuration,DC=corp,DC=contoso,DC=com”

 
View Trusted Root CAs

To view the content of the client computer’s Trusted Root Certification Authorities Enterprise certificate store, type the following command at a command-line prompt.

certutil -enterprise -viewstore Root

 

Purge policy cache

When you are working with Certificate Enrollment Policy Web Services servers, there is a cache located on the local computer of cached policies. You may want to clear when the resulting certificate policies are not what you expect. You can clear this certificate policy cache by running the following command:

certutil -f -policyserver * -policycache delete

 
Check the certificate revocation chain

certutil -verify -urlfetch
certutil -URL

SCCM – Force DP/MP to Remove Quickly

email me

#1 – Set Reg Keys

HKLM\Software\Microsoft\SMS\Components\SMS_SITE_COMPONENT_MANAGER\Component Servers\SERVERNAME

Set subkey ‘Deinstallation Start Time’ to 1

 

#2 – Set Connection

Select the DP, Select Site System Role, Properties, enable ‘Require the site system to initiate connections to this site system’

 

#3 – Restart Services

Restart SMS Executive and SMS Site Component Manager services.

 

SCCM – Change MP

email me

on error resume next

' Create variables.
Dim newInternetBasedManagementPointFQDN
Dim client

newInternetBasedManagementPointFQDN = “mp.domain.com”

' Create the client COM object.
Set client = CreateObject (“Microsoft.SMS.Client”)

' Set the Internet-Based Management Point FQDN by calling the SetCurrentManagementPoint method.
client.SetInternetManagementPointFQDN newInternetBasedManagementPointFQDN

' Clear variables.
Set client = Nothing
Set internetBasedManagementPointFQDN = Nothing