News Contact Company



November 22, 2011
Newsletter November 2011

Having trouble reading this email? View it in your browser.

TrueSec

News and Geek Stuff

November 2011

Welcome to some geeky reading in times filled with stuffed turkey, pumpkin pie and football (American football that is).

This month we have Kent writing about “Client remediation in ConfigMgr. 2012”.
If you want to know what the new ConfigMgr. is all about, join us in Atlanta. There is still openings for Kent’s class “Mastering ConfigMgr2012 RC1” December 12-15 . Kent started running this class back in May, then based on Beta 1 and has since then constantly updated the class to cover the latest release from Microsoft.

 

Be a Deployment master.  I have a few suggestions depending on your budgets and time on how to get there:

1.      Deployment Geek Week. This is the ultimate deployment training with Johan and Mike that goes for five really intense days, December 12-16

2.      Master the Windows 7 Deployment process with Lite & Zero Touch, 3 days in the classroom with, Mike December 5-7.

3.      Deploying Windows 7 using MDT 2010 and SCCM2007 SP2 R3 – Video Training. The complete 3 day class with its manuals, lab exercises and sample scripts as a video training.

4.      Deployment Fundamentals – Volume 1, updated revision of Johan & Mike’s bestseller book on Windows 7 deployment using MDT and WDS.

5.      Attend our free live meetings. Next up is Extending MDT on December 5.

 

Johan Arwidmark’s contribution this month is a very graphic article on “MDT 2012 Beta 2 - Configuring User Driven Installation (UDI) with ConfigMgr 2007/2012 “. Dont miss Mike’s article on “OS Deployment pre-planning tools” which will take you from Swedisn naval history to todays Windows deployment tools..

 

New contributor this month is Johan Persson, specialist in infrastructure with focus on  Small Business Server. He is looking into the new module that lets you integrate Office 365 with SBS Essentials.
And finally, dont miss Michael Petersen piece how to make you look good on TechNet.

 

Have a nice Thanksgiving holiday.

 

Kent Agerlund:

Configure Client remediation in ConfigMgr.2012 to monitor only

Johan Arwidmark:

MDT2012 Beta2 - Configuring User Driven Installaion (UDI)  with ConfigMgr 2007/2012

Michael Petersen
Make your Microsoft TechNet signature look real nice

Mikael Nystrom:
OS deployment Pre-Planning tools you should consider to use

 

 

                           Johan Persson:
Office 365 integration Module

Configure Client remediation in ConfigMgr. 2012 to monitor only

When you install the ConfigMgr. 2012 client, you also get a scheduled Windows task that run daily health checks on the client, and if needed remediates the client. That is a great feature for most our clients, but maybe not a feature you want to implement on all clients. On some servers you might not allow uncontrolled software installations, even if it is an attempt to reinstall the client. To prevent the client from being remediated configure the NotifyOnly registry key from FALSE to TRUE in HKLM\Software\Microsoft\CCM\Ccmeval\NotifyOnly

 

When knowing the registry key and value, it’s easy to configure a CI (Configuration Item) and deploy that using the new Settings Management feature.

1.     Navigate to the Assets and Compliance workspace and select Compliance Settings.

2.     Select Configuration Items and click Create Configuration Item on the ribbon.

3.     On the General page type a descriptive name like Disable automatic client remediation for the CI and click Next.

4.     On the Supported Platforms page, click Next.

5.     On the Settings page, click New.

6.     You now have to choices: 1, specify all the registry values manually or 2 use a reference computer that has the settings you are looking for. To use option 2, click Browse.

7.     In Computer name, type the name of the reference machine and click Connect.

8.     Browse to HKLM\Software\Microsoft\CCM\Ccmeval and select the key NotifyOnly.

9.     Select The registry value must exist on the client device and The registry value must satisfy the following rule if present: Equals TRUE

10.  Click OK.

11.  Select the Compliance Rules tab.

12.  Select NotifyOnly Equals TRUE and click Edit.

13.  Enable Remediate noncompliant Rules when supported and click OK.

14.  Finish the wizard using the default settings.

15.  Back in the Configuration Manager console, select Configuration Baselines and click Create Configuration Baseline on the Ribbon.

16.  Type a name for the baseline like Disable automatic client remediation and click Add Configuration Items.

17.  Select the Disable automatic client remediation CI and click OK.

18.  Back in the console, select the Baseline and click Deploy in the Ribbon. In this example I’ll deploy the baseline to a collection called SRV Domain Controllers.

19.  Enable Remediate noncompliant rules when supported.

20.  Click Browse and select the SRV Domain Controllers collection.

21.  Click OK to finish the deployment.

 

Hapy turkey holiday
//Kent

MDT 2012 Beta2 - Configuring User Driven Installation (UDI) with ConfigMgr 2007/2012

By Johan Arwidmark
Microsoft MVP – Setup and Deployment

User Driven Installation (UDI) is a solution, based on ConfigMgr 2007/2012, to allow technicians and/or end-users select various deployment settings during an installation: Settings like language settings, Bitlocker settings or what applications to deploy. Shorthand story, it’s a deployment Frontend. But it’s not only that – UDI also comes with a designer that allows you as an administrator to design the frontend.

UDI version 2

In MDT 2012 Beta 2 you will find a completely rewritten version of UDI, a version where extensibility has been the major driver. The UDI Designer is all new, built from the ground up that supports all the features of version but a lot easier to manage.

Another big thing is that UDI is written for all major ConfigMgr 2007/2012 deployment scenarios – New Computer, Refresh and Replace. It is also the first UDI to support the Pre-staged Media feature that shipped with ConfigMgr 2007 R3.
 

 

The default sample Install Programs pane for the New Computer scenario

 

Using UDI in ConfigMgr 2007/2012

To use UDI you obviously need to install MDT 2012 Beta 2, and make sure to run the integration script (Configure ConfigMgr Integration) that extends the ConfigMgr 2007/2012 console with the additional MDT menus and task sequence templates. You also need to create at least one Task Sequence using any of the MDT templates so that the MDT 2012 Files package is created.

After doing that you can open the UDI Designer which you want on the start menu, in the Microsoft Deployment Toolkit node.

 

UDI Wizard Designer in the start menu

Configuring the UDI Designer

After starting the UDI designer, in order to add packages and applications to it, you need to configure the Site Settings with your Site Server Name and Site Code.

 

Site Settings in the UDI Designer

Please go to Johan's blog to continue read this article. MDT 2012 Beta 2 - Configuring User Driven Installation (UDI) with ConfigMgr 2007/2012

OS Deployment Pre-Planning tools you should consider to use. (Part 1 of 2)

Back in 1628

The disaster was a fact; the Kings' new ship sank on the maiden voyage, the reason? Basically it was bad planning, bad construction, and bad decisions. The ship was too high, had one cannon deck too many, too much cannons (like 500 or so). It was just one of those bad days, it sailed for about 1300 meters and then came out of lee, the sails was filled with wind and it heeled over to port, then once more and then the water started to rush in to the open gun ports and then it sank. Around 30 of the 150 in the crew died.

It was not a glorious day for the Swedish Navy.

You can avoid this disaster when it comes OS Deployment by using tools that are available from Microsoft for free and let us start with the most important tool:

Microsoft Assessment and Planning Toolkit

A starting point, MAP gives you the “what do I have and what options do I have”. I use this tool to create reports (it seems that business people have an easier understanding for pie charts and MAP can create those very nicely), get inventories, and get ideas. I call it an “illuminate-or”, since it illuminates the environment so that you then know what your options are. Below are some screenshots of the tool. There is new version of this toolkit soon to be released, it has some nice new/improved features, most of them related to the “cloud”.

There is very useful training kit, it contains a sample database so you can see how reports and pie charts would like in your or your customers environment. You can download it here

Highlights:

  • Does not install any agent
  • very light weight
  • Works in almost any kind of environment
  • A variety of different reports and inventory's

A Windows 7 readiness overview:


A Web application discovery:


A Web Browser discover (Normally it does not look as “clean” as this):


An Office 365 Discovery:

Infrastructure Planning and Design Guide’s

Hey, this is one really nice thing. This is not really White Papers, not really TechNet stuff, this. “Blue Prints”. That means that in these documents Microsoft have explain what technology works in what scenarios, for example, using Direct Access a solution for Contract Workers does not really work, there are other technology that works better. There are MANY documents and here is my list that I think you should read:

Windows Optimized Desktop Scenarios

So, this document helps to understand basically what features and functions that works in different environment and it helps to get a better understanding why most networks are a subject for improvement, you should read this.

Windows User State Virtualization.

Here is the document that describes how to deal with Offline Files, Roaming Profiles and Folder Redirection, you should know all this. But if you don’t know, download and read.

Application Compatibility Toolkit

Since applications tend to be one of the issues we need to take care of, ACT is one of the tools that could help you. It contains multiple applications. The one you normally start with is Microsoft Application Compatibility Manager. In this tool you can create an Inventory packet as an MSI file, distribute that and get data from all the machines back in a short while so you can see what apps you really have. You then use the tools as part of testing apps, planning what apps to test, create reports of applications. You can use a connector between SCCM and ACT to make it even better and here is how it looks:

The one and only (that I know of) that could call himself “King of ACT” is Chris Jackson. If you in any way are responsible for the application to work in the new OS, you should listen to him, very carefully. Check out his blog

Note: If you install ACT 5.6, Chris has done a really horrible application for you to “fix”, it is called Stock viewer. To make it work in Windows 7, just follow the instructions in the self-paced training material that is included in ACT.

And hey, don’t start testing applications BEFORE you have read this very carefully, ok?
Chris Jackson’s Formula (for When to Test For Application Compatibility)

Security Compliance Manager

I have no clue on how many times people have asked me “-How do you secure a Windows 7 client", is there any Whitepaper?”

With SCM you can create security policy's based on different templates that is provided by Microsoft (for now), you can then tweak them using the built help that explain all the settings and then you “lock” it, export it as a GPO, import that in to AD (or apply it locally) and then import the DCM file into SCCM to verify those settings, a neat little toolkit that just have been upgraded to version 2

Internet Explorer Administration Kit (IEAK)

This tool is new for IE9, but has been around for other versions of IE. If possible you should use this tool. It will give you the capability to customize IE pretty much exactly the way you would like it to be. It is easy to use and gives you so much flexibility in IE. The wizard will download the files for IE needed and then you run the Wizard, make all selections and when you are done you have one .EXE file and one .MSI file for the version you just configured, you need one for x86 and x64 for you just run it twice to create two folders, one for x86 and one for x64

There are “some” features to configure. J

Some of the settings you might never seen

This customer wanted me to change the default search provider to another vendor…

Next time I’ll cover the other tools.

/mike

Technorati Tags: OS Deployment,Windows 7,MAP,ACT,SCM

 

Office Integration Module

Microsoft has finally released the long awaited add-in to integrate Office 365 with Small Business Server Essentials for beta testing. The add-in is called Office Integration Module and is available for download from Microsoft Connect.

This is how you can start testing:

Verify that your SBS 2011 Essentials server is updated with Update Rollup 1

Download Office integration Module from Microsoft Connect.

To install Office integration module, run the downloaded file and restart the server.

Start the SBS Console and click the link Set up Microsoft Office 365 Integration

Check the “I already have a subscription for Office 365” checkbox if you have already bought Office 365. If you do not check it the guide will give you the possibility to eighter buy a subscription or create a trial account.

Enter your Office 365 login credentials and you are up and running.

We will start by looking at the section Office 365 in the console

 


Here we can see information about our Office 365 subscription. We can see which licenses we have bought, how many we are using. We can also see which domains we have registered.

The idea behind the Office Integration Module is to be able to manage our SBS 2011 Essentials users and their Office 365 properties from one place. So we start by creating a new user.

In the Users tab we click on Add User Account. We enter what we are used to and continue the guide until we get to the page Assign an Office 365 Account

 

Here we are able to create an Office 365 account for the new user. If we already have an Office 365 account, we can assign it to the new user. When we have created the account we can continue through the guide as usual.

The Office Integration Module has now helped us create a mailbox in Office 365 for our SBS 2011 Essentials user.

 


We can also use the console to assign or create an Office 365 account for an existing user. If we open the properties page for a user there is now an extra tab where we can handle the users Office 365 properties. Office Integration Module will also add links to Remote Web Access, making it easier for your users to find their way to Office 365.

    
 

As I wrote in the beginning, this is a very awaited add-in for Small Business Server 2011 Essentials which makes the administration of Office 365 much easier for SMB customers.

 

//Johan Persson

Make your Microsoft TechNet signature look real nice!

By Michael Petersen: http://blog.coretech.dk/mip 
Microsoft MCC – Deployment

For everyone posting and answering questions on the Microsoft TechNet forums, you might know that you can add a signature to you profile which will then be added to your Question/reply/answer.

This is a nice feature, as you are then able to tell “the world” about yourself, every time you poste something.

Now if we look at my dear Boss, Kent Agerlund’s signature, you will see that it’s actually quite nice. Simple yet informative!

One thing you might notice though is the lack of hyperlinks to Blogs, Twitter and Linkedin. It also does not stand out from the text in the answer.

Now if you look at mine, you will notice that all links are highlighted, meaning they are hyperlinks, and all text is in bold character, making it stand out from the answer text.


So how is this achieved?

Quiet simple actually. Just open you Settings and type in the HTML syntax to support this in your signature field.

________________________________________________________________________

<b>Your Name | My blogs: <a href=http://blog1.com>Blog1 display name</a> and
<a href=http://blog2>Blog2 display name</a> | Twitter: <a href=https://twitter.com>
@Twitter</a> | Linkedin: <a href=http://www.linkedin.com>Your Name</a></b>

_______________________________________________________________________

The text in BLUE should be replaced with links to the actual places, and the text in BOLD should be replaced with what you want to show in the hyperlink.

You could add other stuff like font size, line breaks, color etc. That’s all up to you!

Happy signature makeover!!

Where to find us......

 

Master the deployment process with Lite & Zero Touch with Mikael Nystrom

Minneapolis

December 5-7, 2011

Deployment Geek Week with Johan Arwidmark and Mikael Nystrom

Redmond

December 12-16, 2011

Mastering ConfigMgr2012
with Kent Agerlund

Atlanta December 12-15
Master the deployment process with Lite & Zero Touch with Johan Arwidmark Minneapolis
January 31- February 2, 2012

Full schedule at http://www.truesec.com

 

 

This message was intended for '%%emailaddress%%'
Unsubscribe | To contact us please email info@truesec.com

TrueSec Inc.
8201 164th Ave NE, Redmond, WA 98052


 




TrueSec Inc    |     +1(425) 285-4477     |     info[at]truesec.com    |     Infrastructure    |     Security    |     Pentesting    |     TrueSec Inc. Website Privacy Statement