Backup and restore the Local GPO

In this post, I would like to introduce the method to backup and restore the Local GPO.
LOCALGPO, A handy tool to apply security setting to non-domain joined computers or Local GPO in your organization.

1. You may download Security Compliance Manager (SCM) from Microsoft.
2. Extract "Security_Compliance_Manager_Setup.exe" to a new folder A via 7zip or WinRAR.
3. Extract the "data.cab" to a new folder B.
4. In the new folder B, add the .msi extension to file named "LocalGPO"
5. Install the new MSI Installer "LocalGPO.msi"
6. Launch command-line here.cmd from C:\Program Files\LocalGPO on 32-bit systems or C:\Program Files (x86)\LocalGPO on 64-bit systems

Export Policy
cscript LocalGPO.wsf /Path:C:\GPObackups /Export
- Exports a GPO Backup based on the Local Policy configuration to a folder in the specified path.

-New GPO GUID folder was created

Import Policy
cscript LocalGPO.wsf /Path:C:\GPObackups\{GPO Backup GUID}
- Applies the contents of the GPO Backup stored in the specified path to the Local Policy of a Windows computer.

Create GPOPack to deploy via Microsoft Deployment Toolkit (MDT) or Microsoft System Center Configuration Manager (SCCM)
cscript LocalGPO.wsf /Path:C:\GPObackups /Export /GPOPack
- Creates a GPOPack and stores it in the specified path. GPOPacks can be copied to other computers, and applied by double-clicking GPOPack.wsf.

Copy the folder and double click GPOPack.wsf from other machine to apply the same policy.
You may notice that you get a pop-up message when you run this command.

This can be suppressed by adding the “/silent” switch
Script to deploy via MDT and SCCM
GPOPack.wsf /silent

Restore Policy to default
cscript LocalGPO.wsf /Restore
- Restores the entire Local Policy to its default configuration.

It’s FREE!
You can get your hand on the LocalGPO tool right now as part of the Microsoft Security Compliance Manager

Update 18/10/2012
Download LocalGPO.msi

Windows 8 : Country Holiday Calendar

Looking on my calendar today, 3 Sept is Labor day …. something wrong with my calendar.

Found the article : Add holiday or other calendars to your calendar

1. Go to Malaysia (English) ( For Malaysian )

2. To add the calendar, click Subscribe to this calendar.

3. Got Malaysia Holiday in my calendar now. You can add more country’s calendar into your Microsoft account as you like.

Holiday calendars

Argentina
Australia
Austria (German)
Belgium (Dutch)
Belgium (French)
Bulgaria
Brazil
Canada (English)
Canada (French)
Chile
China
Croatia
Czech Republic
Denmark
Estonia
Finland
France
Germany
Greece
Hong Kong SAR
Hungary
India (English)
India (Gujurati)
India (Hindi)
India (Kannada)
India (Malayalam)
India (Marathi)
India (Tamil)
India (Telugu)
Indonesia (English)
Indonesia (Indonesian)
Italy
Ireland
Japan

Korea
Latvia
Lithuania
Malaysia (English)
Malaysia (Malay)
Mexico
Netherlands (Dutch)
New Zealand
Norway
Philippines
Poland
Portugal
Romania
Russia
Serbian (Cyrillic)
Serbian (Latin)
Singapore
Slovakia
Slovenia
South Africa
Spain (Catalan)
Spain (Spanish)
Sweden
Switzerland (French)
Switzerland (German)
Thailand
Turkey
Ukraine
United Kingdom
United States (English)
United States (Spanish)
Vietnam

Lunar and other calendars

China
Hong Kong SAR
Japan (lunar)
Japan (rokuyo)

How to activate Windows 8 RTM

Do you find any way to change product key for your Windows 8 RTM ?

Solution: 
1. Run Command Prompt as administrator
2. key in command as below :
    slmgr /ipk AAAAA-BBBBB-CCCCC-DDDDD-EEEEE ( Product key )
    slgmgr –ato

You will be prompt for the Windows Activation Successfully message.

Congratulation your Windows 8 RTM is activated now.

How to transfer contact from Nokia to Samsung Phone

 

I need to transfer my contact from Nokia N73 phone into Samsung phone. Using Kies, ONLY able to import single VCF file in one time. Found a solution to import multiple *.vcf contact file instead of import 1 by 1. Almost 600 contacts in my old NOKIA phone.

1. Mark all contact in NOKIA phonebook, select COPY and TO MEMORY CARD.

2. Read the memory card from PC under directory Others\Contacts

3. Go to CMD, type COPY *.vcf <new file name>.vcf

4. Done and you can import new VCF file into Samsung phone via Kies now

Wireless Connection in Windows 8 Release Preview Hyper-V

In previous Windows, we need setup network bridge to share wireless connection from host. Now, Windows 8 Release Preview Hyper-V are supported wireless connection. Let’s do it now !

1. Go to Hyper-V Manager, click on Action and select Virtual Switch Manager

2. On Create Virtual Switch windows, Click button Create Virtual Switch.

3. Enter the name and under Connection type, Select your Wireless Device from drop down list of External network as below.

4. Add this Wireless virtual network switch in your Virtual Machines.

5. You are Connected Now !

Editing Report in SCCM 2012

 

For System Center Configuration Manager 2012 with SQL Server 2008 R2, you will receive this error while create/edit report from Console.

Error: Report Builder not available
Report Builder 2.0 is not installed as a click-once application on report server

To fix this, please change registry value to :

[HKLM\SOFTWARE\Wow6432Node\Microsoft\ConfigMgr10\AdminUI\Reporting]
"ReportBuilderApplicationManifestName"="ReportBuilder_3_0_0_0.application"

Download : ReportBuilder3.reg

P/S: after fix the registry still not work, please run Console as Administrator

If you need standalone Report Builder 3.0, download here.

More details from Microsoft

Windows Live Messenger Contact List Empty

 

My Windows Live Messenger contact list was empty for 2 days. After restart PC still the same. Finally this trick help me fix it.

1. Exit Messenger

2. Go to Run and enter

    Windows 7
    %LOCALAPPDATA%\Microsoft\Windows Live\Contacts

    Windows XP
    %userprofile%\Local Settings\Application Data\Microsoft\Windows Live\Contacts

2. Delete folder name with your HOTMAIL email address

3. Launch Messenger and Hooray ! Your contact is BACK !

XP & Win7: All User Desktop

 

Are you looking a script that can copy a file into all user desktop which work on either XP or Win7. Below is the script that modify from Michael Hex .

PUBLIC folder is the location for All Users in Windows 7.

Example: Copy a URL shortcut into Win XP & Win 7 desktop.

   1: @echo off

   2: IF "%PUBLIC%"=="" GOTO NO_PUBLIC 

   3: GOTO PUBLIC_FOUND

   4:  

   5: :NO_PUBLIC 

   6: Rem Win XP 

   7: copy "Bing.url" "%ALLUSERSPROFILE%\Desktop"

   8:  

   9: :PUBLIC_FOUND 

  10: Rem Win Vista or Win 7

  11: copy "Bing.url" %PUBLIC%\Desktop 

Don’t forget to turn off User Account Control ( UAC ) in Vista & Win7

SCCM : How to Configure the Proxy Settings for the Software Update Point

 

During configuration of System Center Configuration Manager 2012, Software Update Point was failed to download from internet. After few check point, found that internet access in client environment required proxy.

Applied To: SCCM 2007, SCCM 2012

To configure the proxy settings for the software update point

1. In the Configuration Manager console, navigate to System CenterConfiguration Manager / Site Database / Site Management / <site code> - <site name> / Site Settings / Site Systems / <SiteSystemName>.
2. Right-click Software update point, and then click Properties.
3. Enter proxy server name, port number, and whether credentials are used to connect to the proxy server.

Done !
Source from TechNet

DNS: Enable Aging and Scavenging

During the SCCM 2012 deployment, sometime the progress was delayed due to duplicate DNS record.

To do a housekeeping of DNS, we need to enable aging and scavenging for the DNS server.

Here you go

Applies To: Windows Server 2008, Windows Server 2008 R2

1. To open DNS Manager, click Start, click Administrative Tools, and then click DNS.
2. In the DNS console tree, right-click the applicable DNS server, and then click Properties.
3. Click the Advanced tab.
4. Select the Enable automatic scavenging of stale records check box.
5. To adjust the Scavenging period, in the drop-down list, select an interval in either hours or days, and then type a number in the text box
6. Click OK.

Refer to TechNet for details.

Windows Services: Task scheduler greyed out in Windows Server 2008. Cannot restart

 

Do you notice that Task Scheduler in Windows Server 2008 is greyed out and your can’t perform any action of START,  STOP, RESTART ?

Found a workaround from TechNet.

To STOP Services

1. Go to Registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule

2. Find the DWORD called START, change its value from 2 to 4."

3. Reboot OS

 

To START Services

1. Go to Registry

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule

2. Find the DWORD called START, change its value from 4 to 2."

3. Reboot OS

 

Reference for the value of REG_DWORD.

1	Automatic (Delayed Start)
2	Automatic
3	Manual
4	Disabled

Hope this can help you :-)

SCCM 2012: Right Click Tools

An add-on tools that you can’t miss. Tested and working fine in SCCM 2012 Console. COOL !

Just run Right Click Tools Install.cmd, then close and reopen Configuration Manager Console and enjoy it!

Please read Ryan Ephgrave’s blog from myitforum for details. Thank you for his effort and contribution.

Download:  Right Click Tools ( myitforum )
                 Right Click Tools (SkyDrive)

When you right click on a device, you will see three new menus.

Client Actions:

•      Branch Distribution Point Maintenance Task
•      Discovery Data Collection Cycle
•      Hardware Inventory Cycle
•      Machine Policy Retrieval and Evaluation Cycle
•      Software Inventory Cycle
•      Software Metering Usage Report Cycle
•      Software Updates Deployment Evaluation Cycle
•      Software Updates Scan Cycle
•      Windows Installer Source List Update Cycle

Client Tools:

•      Restart SMS Agent Host Service
•      Generate new SCCM GUID
•      Rerun Advertisement
•      Open Client Log File Folder
•      Open Client Installation Log File Folder
•      Assign Client to Another Site
•      Change Cache Size
•      Uninstall SCCM Client

Console Tools:

•      Manage Computer
•      Ping System
•      Wake On LAN
•      RDP to Console
•      System Info
•      Show Collections
•      Running Processes
•      Computer Management
•      Connect to C$
•      Interactive Command Prompt
•      Reboot System
•      Schedule Reboot

When you right click on a collection you will have three new menus.

SCCM Client Actions on Collection:

•      Branch Distribution Point Maintenance Task
•      Discovery Data Collection Cycle
•      Hardware Inventory Cycle
•      Machine Policy Retrieval and Evaluation Cycle
•      Software Inventory Cycle
•      Software Metering Usage Report Cycle
•      Software Updates Deployment Evaluation Cycle
•      Software Updates Scan Cycle
•      Windows Installer Source List Update Cycle

SCCM Client Collection Tools:

•      Restart SMS Agent Host Service
•      Generate new SCCM GUID
•      Rerun Advertisement
•      Uninstall SCCM Client

SCCM Console Collection Tools:

•      Ping Collection
•      Wake on LAN

 

Merging obsolete records in Configuration Manager 2007

 

To setup training room for my company, I need to reinstall windows as per needed. Common issue was console will automatically create new client records for duplicate hardware IDs. To overcome this, a script will do a clean up job for us.

Followed Jörgen Nilsson’s blog, and it’s work for me.

Below is the step:

1. Download script from here or Skydrive and save into C:\SCCMTools

2.  Go to Site Settings, create New Status Filter Rules

 

 

 

 

 

 

 

 

 

3. Key in the value as below.

    Name          : SMS_DISCOVERY_DATA_MANAGER
    Message ID : 2642

4. Change tab to Actions, update Run a program
    Program:
    (OS x86) cscript.exe C:\SCCMTools\merge.vbs    
    (OS x64) C:\Windows\SysWOW64\cscript.exe C:\SCCMTools\merge.vbs

4. Change the site settings to “Manually resolve conflicting records” under the Advanced tab in site properties in the SCCM Console.

Done and no more obsolete records.

Disabling the firewall in Windows Server 2008 Core Edition

 

For certain reason, system administrator always prefer to disable the windows firewall. You can do this with the following Netsh command:

[netsh advfirewall set allprofiles state off]

Now the Windows Firewall is disabled for all network profiles.

C:\Users\Administrator>netsh advfirewall show

The following commands are available:

Commands in this context:
show allprofiles - Displays properties for all profiles.
show currentprofile - Displays properties for the active profile.
show domainprofile - Displays properties for the domain properties.
show global    - Displays the global properties.
show privateprofile - Displays properties for the private profile.
show publicprofile - Displays properties for the public profile.
show store     - Displays the policy store for the current interactive session.

Visit TechNet for more information about Netsh in the advfirewall context.

SCCM: Physical Memory and Memory Slots Hardware Inventory extension

 

This will be my first assignment on reporting in SCCM. Find out the details as below:

• The total amount of DIMM-Slots
• The free amount of DIMM-Slots

After reading Sherry Kissinger’s blog. I managed to pull the RAM information with SCCM.

What you need to do is to modify the SMS_DEF.MOF which is located in the following location: <smsinstalldir>\inboxes\clifiles.src\hinv

Just add the following code at the bottom of the MOF-File and save it.

---

//Physical Memory

[SMS_Report (TRUE),
SMS_Group_Name ("Physical Memory"),
SMS_Class_ID   ("Microsoft|Physical_Memory|1.0")]
class Win32_PhysicalMemory : SMS_Class_Template
{  
                [SMS_Report (TRUE)] string BankLabel;  
                [SMS_Report (TRUE), SMS_Units("Megabytes")]  uint64 Capacity;  
                [SMS_Report (TRUE)] string Caption;  
                [SMS_Report (TRUE)] string DeviceLocator[];  
                [SMS_Report (TRUE)] uint16 FormFactor;  
                [SMS_Report (TRUE)] string Manufacturer;  
                [SMS_Report (TRUE)] uint16 MemoryType;  
                [SMS_Report (TRUE)] uint32 PositionInRow;  
                [SMS_Report (TRUE)] uint32 Speed;  
                [SMS_Report (TRUE),Key] string    Tag;  
                [SMS_Report (TRUE),Key] string    CreationClassName;
};

// Physical Memory Array

[SMS_Report (TRUE),
SMS_Group_Name ("Physical Memory Array"),
SMS_Class_ID   ("Microsoft|Physical_Memory_Array|1.0")]
class Win32_PhysicalMemoryArray : SMS_Class_Template
{  
                [SMS_Report (FALSE)] string Caption;
                [SMS_Report (FALSE)] string CreationClassName;
                [SMS_Report (FALSE)] string Description;
                [SMS_Report (FALSE)] uint16 Location;
                [SMS_Report (FALSE)] string Manufacturer;
                [SMS_Report (TRUE), SMS_Units("Megabytes")] uint32 MaxCapacity;
                [SMS_Report (TRUE)] uint16 MemoryDevices;
                [SMS_Report (FALSE)] uint16 MemoryErrorCorrection;
                [SMS_Report (FALSE)] string Model;
                [SMS_Report (FALSE)] string Name;
                [SMS_Report (FALSE)] string OtherIdentifyingInfo;
                [SMS_Report (FALSE)] string PartNumber;
                [SMS_Report (FALSE)] boolean PoweredOn;
                [SMS_Report (FALSE)] boolean Removable;
                [SMS_Report (FALSE)] boolean Replaceable;
                [SMS_Report (FALSE)] string SerialNumber;
                [SMS_Report (FALSE)] string SKU;
                [SMS_Report (FALSE)] string Status;
                [SMS_Report (TRUE), Key] string Tag;
                [SMS_Report (FALSE)] uint16 Use;
                [SMS_Report (FALSE)] string Version;
};

---

SQL statement for Report

select sys.netbios_name0, mem.banklabel0 [Bank Label], mem.capacity0 [Capacity in MB], mem.FormFactor0 [Form Factor],
MEM.memorytype0 [Memory Type], mem.tag0 [TAG] from v_gs_physical_memory as MEM
inner join v_r_system as SYS on SYS.resourceid=MEM.resourceid
where
sys.netbios_name0 = @compname
order by MEM.tag0

select MEMA.MemoryDevices0 [Total Number of Memory Slots] from v_gs_physical_memory_array as MEMA
inner join v_r_system as SYS on SYS.resourceid=MEMA.resourceid
where
sys.netbios_name0 = @compname

select mema.memoryDevices0 - Count(mem.tag0) [Number of Free Slots available] from v_gs_physical_memory as MEM
inner join v_r_system as SYS on SYS.resourceid=MEM.resourceid
inner join v_gs_physical_memory_array as MEMA on sys.resourceid=mema.resourceid
where
sys.netbios_name0 = @compname
group by mema.memorydevices0

---

With a prompt for compname, provide and sql statement of:

begin
if (@__filterwildcard = '')
  SELECT DISTINCT SYS.Netbios_Name0 from v_R_System SYS ORDER By SYS.Netbios_Name0
else
  SELECT DISTINCT SYS.Netbios_Name0 from v_R_System SYS
  WHERE SYS.Netbios_Name0 like @__filterwildcard
  ORDER By SYS.Netbios_Name0
end

---

This will be the result of the Physical Memory Inventory Report.

Download: Physical Memory MOF
                  Physical Memory Report

SCCM OSD: Migrate Network Settings

Currently I’m working on Windows 7 Pilot project which required for network settings due to Static IP address environment. Refer to this blog, finally managed to capture the network settings and apply to new Windows 7.
1. Create new CAPTURE NETWORK SETTINGS and tick Migrate network adapter configuration as below:

2. Add new SET TASK SEQUENCE VARIABLE then enter OSDAdapterCount and value 1 to restore the network settings

NOTE:

Action Variable Name
OSDAdapterCount      
Description
Specifies the number of network adapters installed on the target computer.

How to: Rename Category in Report SCCM

After google for Report Category rename method, I found that so simple.

1. Go to Properties of Report

2. Enter New Category Name under Category.

Prerequisites setup for SCCM

 

Before proceed to installation of SCCM 2007 SP1, we need to add roles & features in the Windows server 2008.

A. Roles

1. Open Server Manager, Click on Add Roles

2. In Add Roles Wizard, Click Next 

3. Select Web Server (IIS), Click Next

4. Click Next 

5. Select ASP.NET

6. Click Add Required Role Services 

7. Please ensure roles are checked as below:

Static Content
Default Document
Directory Browsing
HTTP Errors
ASP.NET
.NET Extensibility
ASP
ISAPI Extensions
ISAPI Filters
HTTP Logging
Request Monitor
Windows Authentication
Request Filtering
Static Content Compression
IIS Management Console
IIS 6 Metabase Compatibility
IIS 6 WMI Compatibility

8. Click Next

9. Click Install

10. Installation Completed. Click Close

B. Add Features 

1. Click Add Features

2. Select Background Intelligent Transfer Service (BITS)

3. Click Add Required Role Services 

4. Select Remote Differential Compression, Click Next

5. Click Next

6. Select WebDAV Publishing, Click Next

7. Click Install 

8. Installation completed. Click Close 

C. Enabling WebDAV Publishing by Using IIS Manager

1. Go to select Roles > Web Server (IIS) > Internet Information Service

2. In Connection Pane, Select Sites > Default Web Site. Double Click on WebDAV Authoring Rules

3. When the WebDAV Authoring Rules page is displayed, click the Enable WebDAV task in the Actions page.

4. Once WebDAV has been enabled, click the Add Authoring Rule task in the Actions pane.

5. In Add Authoring Rule window, Select All Content, All users, READ then OK

6. Result will shown on WebDAV Authoring Rules window.

7. Click WebDAV Setting in Action pane

8. Change Allow Anonymous Proper value to True 

9. Change Allow Custom Properties value to False 

10. Change Allow Property Queries value to True 

11. Change Allow Hidden File… value to True

12. Once complete, click Apply in Action pane.

13. After apply, The changes have been successfully saved.

14.  From C:\Windows\System32\inetsrv\config open applicationHost.config file.

15. At the <requestFiltering> section verify that allowUnlisted=”true”. The file extensions from the list are blocked if they are part of the packages on the Distribution Points.

16.  At the <handlers accessPolicy=”Read, Script”> section verify that a WebDAV entry exists.