How to patch only systems that have had a system restore point in the last 24 hours

Had an interesting request come up this week. Someone asked me, 

"I want to patch my servers, but I'd like to have a System Restore done before hand, and also be able to have patching verify this has been done before hand."

So that got me thinking; well I know we could run a PowerShell command to enable and create a system restore point. 

enable system restore:
Enable-ComputerRestore -drive "c:\"

Create a restore point:
Checkpoint-Computer -description "My first checkpoint" -restorepointtype "Modify_Settings"


However, I wanted to take that a step further, and setup a Smart Label that includes only systems that have had a system restore point in the last 24 hours. 
To accomplish this, i would need to get a date of the last checkpoint into the K1000 in a date type format so I can use date operators on it. 
For that, I introduce to you the ShellCommandDateReturn custom inventory rule!

To get the last date of the last system restore point created, I run this:
get-computerrestorepoint | format-table @{Label=" "; Expression={$_.ConvertToDateTime($_.CreationTime)}} -HideTableHeaders

This should output something like this:

(If you want to see the whole enchilada, you can run just get-computerrestorepoint to see all the details and verify the output above)

From there, I tried using just the command above in my shellcommanddatereturn rule:

ShellCommandDateReturn(cmd /q /c powershell.exe -command "get-computerrestorepoint | Sort-Object -property CreationTime -descending | Select-Object -first 1 | format-table @{Label=' '; Expression={$_.ConvertToDateTime($_.CreationTime)}} -HideTableHeaders")

And it worked beautifully!

Now I can make a smart label based off of that date:

Someone shared this with me a while ago and thought I'd share it here since it helps me immensely when looking for my custom inventory rules under Software:
Create a Software Custom Inventory Label with the following MySQL query:


This will show you all your custom inventory rules. Enjoy!
View comments (2)

Change iTunes/iCloud/App Store old E-mail Account

AppleID 'Just works'

Until it doesn't...

Right now I'm dealing with my Father, like so many before him, with the inevitable issue of a changed Email address. The problem resides with old Apple devices set up with the old iTunes/iCloud email account that doesn't automatically update to the new AppleID when changed. 
For example, we have one iPad setup with which has been transitioned to This worked honky-dory until updates became an issue as of tonight. TVNZ OnDemand had a big update to enable streaming of New Zealand TV Shows and newer content (This app is equivalent of poor-mans Netflix). As such THE IPAD NEEDS IT NOW!! (Like all clients, right sysadmins?)

And of course no-one seems to understand these steps when you tell them how to fix it. Why? 
Because it's daft that such a system that syncs magically over the air can't manage to change the ID to an account when it's changed or updated... 
The best part about this is you can't remove the old account until you log in as well... 

How to fix old linked AppleIDs step by step:

De-register the new AppleID

Yes.. That's right.. You have to go back to your old ID..

  • Head over to My Apple ID
  • Click on 'Manage your Apple ID'

  • Sign in with your new email address/current Apple ID
  • Change/update your password as needed if asked
  • When My Apple ID screen comes up, click 'edit' under 'Apple ID and Current Email'

  • Enter in your old AppleID/Old Email address and click save i.e.
  • Don't worry about the verification email as it won't matter.

De-register old AppleID on old devices

  • For each device with the old user name go to Settings > iCloud
  • Scroll right down the bottom and press 'Sign Out'
  • If asked sign out with your old email ( 
  • Use your current password (password for AppleID:

  • Go back to Settings, and go into iTunes & App Store
  • Press on your AppleID at the top of the page
  • Press 'Sign Out'
  • If asked sign out with your old email ( 
  • Use your current password (password for AppleID:

Register 'New' AppleID Email

  • If you've signed out, log back into My Apple ID 
    • If asked you will have to use
  • Again, click on 'edit' for primary email, and change it to the 'new-old' email address i.e.
  • Click save
  • Check your new email address for the verification email from apple
  • Click on the link to verify the 'new' Email address account

Register New AppleID on old devices

  • For each device which you have de-registered your old account
  • Go to Settings > iTunes & App Store
  • Log in with
  • Use current password
  • Go back to Settings, then go into Settings > iCloud
  • Log in with
  • Use current password
Congratulations, You've now moved your old device's AppleID to the new current AppleID or email that you call home.
Hope this helps...

Be the first to comment

Successful Dual-Boot Windows 7 and Windows 7 and how I did it

Over the past couple of months as a preparation for future deployment of computers at my company, I've been working on building a new dual-boot windows 7 image.  Both of the boots will need to be Windows 7 which made it a little more difficult to accomplish.  Through trial and error, I've been able to finalize the settings and have one up and working with computers through several trials so far.  I thought I would share some of the basics that helped us get on our feet and got everything working.

  1. Make an initial boot of Windows 7 using either the disk or an image already stored that you can change the unattend file to work properly for the next boot.
  2. Get all the updates needed for the system (Windows, Java, Flash) if you need them.
  3. Have the unattend ready to go inside of the sysprep folder.
  4. Run the Sysprep for the first system using OOBE and ensure that the Generalized box is checked and have the shutdown go to Shutdown not reboot.
  5. Have a Windows 7 install disk, depending on the system, hit the "F" key that will go to the one time boot menu.
  6. Go to the CD/DVD drive and run from disk.
  7. Start the install like you normally would.
  8. When you get to the spot where you would choose the disk, create a new partition for the new drive.
  9. Run the install as usual.  When the PC will reboot, it will automatically choose the right boot to go into.  (I would advise to let the PC choose the boot).
10. After the install has finished, as before run updates and ensure that the 2nd boot has an unattend file also.
11. Next we need to name the two boots.  We will use BCDedit for this.
11.a. First you will need to know the names of the two drives.  From an elevated command prompt run bcdedit /v
11.b. Next naming will help differentiate which boot you want to use. While still in the elevated command prompt run bcdedit /set (insert identifier) description "XXX"
11.c. Next you will want to run the same for the other boot.
11.d. Next will be to select the display order.  If you want a different order then just type the following in the elevated command prompt: bcdedit /displayorder (insert identifier) /addlast or /addfirst depending on which you want.
12. Now run Sysprep for the second boot ensuring that the OOBE, Generalize, and shutdown are prepared.
13. This time when you start up the PC, make sure to go through the NIC and go to the K2000 server to take the image of the PC.
14. Run the procedure as usual, ensure that you get all of the drives when you run this!!
15. After the image has been saved to K2000, go into the web client and start setting up for the actual image.
16. Ensure the Pre-Installation Tasks have creating a System (C) and two Partitions D xxxGB and E XXXGB (make sure the HDD can handle the room you want to give!)
17. Next set up the Mid-Level tasks as necessary.
18. For the post-installation tasks, there is one that will need to be created for the dual-boot to work.  We need to make a BCDedit file.
19. To create the bcdedit we would go to Library, post-installation tasks, Choose action, Add Application.
20. We created a .ps1 script to work for this (I'll attach a basic idea at the bottom of the page).  For our paramer to work we used the following:
20.a. C:\Windows\System32\WindowsPowerShell\v1.0\powershell -nologo -executionpolicy bypass -noprofile -file bcdedit.ps1
20.b. This has tested to work as long as the file has been attached.
21. Save the script and add it to the post-install task list and save.
22. After the changes have been made to the manifest, now it's time to test and see if the boot works!!
23. Boot into the K2000 with the PC that will be taking the image, run your new image to the PC.
24. After the PC has finished up, It will automatically reboot into one of the drives.  To ensure that the two drives have seperate names, it's run through the powershell script for BCDedit.
25. Next ensure that you have logged into both of your boots and everything should be ready for the next steps including getting IP addresses and naming the PC.

The bcdedit.ps1 script we use is as follows:  *as a note, when we did our testing and checkup, our drives were backwards that's why the ps1 script has a lot of steps in it.  If your order is correct you wouldn't need to add all of this.  However, ensure that you do have the device and osdevice to enable the second boot.

#Set the colors for the console window
$Host.Ui.RawUi.BackGroundColor = "Black"
$Host.Ui.RawUi.ForeGroundColor = "White"
#Clear the screen

Function WriteValue ($Label, $Value)
    Write-Host $Label -foregroundcolor "Gray" -NoNewLine
    Write-Host ": " -foregroundcolor "Gray" -NoNewLine
    Write-Host $Value
Function WriteSuccess
    Write-Host ": " -foregroundcolor "Gray" -NoNewLine
    Write-Host Success -foregroundcolor "Green"
$otherboot = bcdedit /enum `
  | Select-String "path" -Context 2,0 `
  | % { $_.Context.PreContext[0] -replace '^identifier +' } `
  | ? { $_ -ne "{current}" }
bcdedit /set $otherboot description "YYY"
bcdedit /set $otherboot device partition=D:
bcdedit /set $otherboot osdevice partition=D:
bcdedit /displayorder $otherboot /addlast
bcdedit /set '{current}' description "XXX"
WriteValue "Boot ID is" $otherboot

If this is confusing or if you have other suggestions I'd be glad to hear about it!  This is just the basics of how I was finally able to get this to work!
Be the first to comment

Classifying Applications - Why bother??

Every project I do..

"how much time/days to package our applications"

If ever there was a 'piece of string question' that's got to be it.
I work on a day rate, I dont have enough people or mental resolve to handle the scheming that goes on with the 'fixed price' approach. Oh, actually I did do a fixed cost project. I had to do 5 versions of Sage and one similar product, to install on Win 2000, WinXP and Vista. Best 3 days of my life (at the time,I think it was Dec 2006 or 2007)

But, back to this topic, conversation drifts to, 'well you must be able to estimate, you know some hard apps but most are easy..'.

We have arrived at 'classifying appsville'.
My method (day rate) is based on doing one application a day, if you have 100 applications you will need 100 days of packaging effort. Generally a bit less, but I would rather have PO for 100 days, get it done in 92 days, then the client has 8 days surplus. If I say 90 and it takes 92, I have to swallow two days, or ask for another PO for 2 days. Simple is best.

Then the discussion around easy and hard apps becomes heated, (before I phase out) I try and explain, as much as I like the binary approach of most things in IT, apps dont follow that. They aren't 1's or 0's.
So then, (this is boring in meetings, its even more boring to write about, but bear with me readers...)

Punchline is something like this (2 hours later)
We have 100 applications, we reckon the hard ones, about 15 will take 3 days each. Most are really easy, say 40, they should take 0.5 days, leaving about 44 'normal apps' not really hard or easy, they should take 1.5 days.

Did anyone do the maths??
hard 45
easy 20
normal 66
total  125

Ok, so you think its going to take 125 days, but my estimate, in 40 seconds, I can do it in 100 days.

This is getting WAY too commercial and boring, way too boring.

But lets say the you end up finding out there is actually 20 hard apps, and only 30 easy apps that skews your figures in a very bad way. (total 75 days PLUS the remaining 'normal apps', you only need a few extra hard ones to make it ugly)

The usual result, this involves project managers, to make sure we know what we really have, lets spend a big wedge of money on a tool that will rate the applications for us.
Seriously, people will pay €40k on a tool to analyse the apps (yes cheaper options are available, so are more expensive ones), by the time they get the report done, I could have had their core application set packaged and probably a department or seven. Normally I get called back, "yeh, we have some greens, some reds, and a whole heap of ambers, now what do we do???"
        Answer, "What you should have done 2 months ago, start packaging."

A quick note on assessment tools, they work very well when you have something to assess (if you are in a mature environment with nice tidy packages). Normally we get 4 network shares (or more), numerous scripts (bat, vbs, vbs calling a cmd, ps1 calling a vbs that launches a bat etc.). The simplest thing, here is some free common sense advice, please, just make a reasonable effort to get newer versions of the software that is actually supported or known to work on your intended platform and try not to have more than one version of an application, yep, that would be called rationalisation. Spend that €40k on a nice big party for everyone, especially the IT heroes.

What has been achieved??
It doesnt really matter if its easy, hard, really easy, so hard its nearly impossible. Its an app that your users need in the environment, just get it done!! This is getting close to a previous blog packaging vs manual installs, where you just choose a number of required installs and use that as a baseline.
Now I understand why a project manager wants a fixed cost, if you go in and say 'Well its more of an art than a science, applications are so intricate, they can have over 40,000 files!! It normally takes between a day, but they are rare, it normally takes 5 days to completely package an application, even more in some cases.'

Budget wise for 100 apps, the PM has to ask for somewhere between 100 and 500 days budget (maybe even more) so I am mildly sympathetic to their plight. Very mildly. So we start going through the projects that we have done...
I would put some numbers in here, but they need to be explained, I am not sure if anyone has read this far...

But EVERY PM and IT Director wants to assure me, there place is or project is 'special' there is no way I could possibly get an app a day done. Every project I have done they all say that, so far I have yet to say anybody who is actually the worst.

Here's something to remember.
     Its not the size of the dog in the fight, its the size of the fight in the dog that matters.

Be the first to comment

Discovering New Flash Versions

I find it difficult to keep up with the release schedule of Flash Player updates, but I can rely on the fact that some users on my campus will upgrade on a regular basis. The following report will detect versions of Flash Player that have been installed the previous day. I schedule this report to run in the morning so when there is a new version released I get notified quickly and can login to the Adobe distribution site to download the installers for deployment.

concat("https://k1000/adminui/software.php?ID=",SOFTWARE.ID) AS LINK
WHERE DISPLAY_NAME like "Adobe Flash Player%"

I include a link to the software title so that I can quickly access it, be sure to adjust the URL to match your server name. If you would prefer to run this report weekly then adjust the INTERVAL 1 DAY to read 7 DAY. 

Be the first to comment
Showing 1 - 5 of 2684 results