Blogs

OVAL Scan Smart Labels

I created the following two MySQL queries to be used with OVAL scanning.  By using these I can be sure that all of my computers have OVAL scans once each month, but not more than once each month.  This solves the problem of computers that are offline when I perform the OVAL scan. 

The first query looks for all machines that have not had a successful scan in the past month, and the second query looks for all machines that have never had a successful scan.  I created a Smart Label for each query and then use both Smart Labels in my OVAL schedule.  I can then set my OVAL scan schedule to be some short period, like once every five hours, but it will only scan those computers that have not already had a successful scan in the past month.  This could be further improved by excluding any computer that cannot have an OVAL scan performed, but in our case that would not exclude too many computers so I'm not worried enough about it to try to improve it in that way.

*****First Query*****************************************************************************

SELECT DISTINCT
    MACHINE.*
FROM
    KBOT,
    KBOT_LOG,
    MACHINE
WHERE
    KBOT.ID = KBOT_LOG.KBOT_ID
        AND MACHINE.ID = KBOT_LOG.MACHINE_ID
        AND KBOT.NAME = 'OVAL Test Runner'
        AND KBOT_LOG.STATUS = '1'
GROUP BY MACHINE.ID
HAVING MAX(KBOT_LOG.START_TIME) < DATE_SUB(CURDATE(), INTERVAL 1 MONTH)

*****Second Query*****************************************************************************

SELECT
    *
FROM
    MACHINE
WHERE
    (MACHINE.ID NOT IN (SELECT
            MACHINE.ID
        FROM
            KBOT,
            KBOT_LOG,
            MACHINE
        WHERE
            KBOT.ID = KBOT_LOG.KBOT_ID
                AND MACHINE.ID = KBOT_LOG.MACHINE_ID
                AND KBOT.NAME = 'OVAL Test Runner'
                AND KBOT_LOG.STATUS = '1'))
Be the first to comment

A PowerShell terminating error in a post-installation action will not make the K2000 task engine to halt.

If a terminating error occurs in a PowerShell script used in a post-installation action the K2000 task engine will not spot it and will report that the task executed successfully despite the error.

This is normal due to the fact that when such errors happen in the PowerShell engine the return code to the Windows command line (ERRORLEVEL) is always 0.

The K2000 task engine looks for the ERRORLEVEL after executing a command and if it is different from 0 it becomes aware of the error.

 

To handle this situation and to make aware the task engine that something went wrong in the script it is possible to modify the code using the Exit-PSSession statement (or simply exit that is its alias) to return a not zero exit code.

Example:

 

#Original code
#Even if this code throws intentionally a terminating error the K2000 task engine will not spot it


throw “Personal Error Reason”

 

This need to be amended in this way:

#This script will handle the terminating
error and set a non zero ERRORLEVEL
#The task engine will spot this error
 try {
    #put your code here
}
catch {
    #we have an error…
    exit 99
}


If catch is used without parameters like in this example it will catch all the errors.
To catch and handle different types of error is possible to specify the error to catch immediately after the catch statement.

For more information you can have a look to this excellent article about exception handling in PowerShell:
http://blogs.technet.com/b/heyscriptingguy/archive/2014/07/05/weekend-scripter-using-try-catch-finally-blocks-for-powershell-error-handling.aspx

Be the first to comment

How to remove the files using remove file table in install shield 2012.

How to remove the files using remove file table. Also I want to delete my INSTALLDIR all files & folders how to do it remove file table. I did it in installscript some time it's deleting some time it's not deleting (due to admin rights ,UAC Enabling). That's why I'm asking about remove file table

Note : I'm using basic MSI project in install shield 2012. 

View comments (4)

Modifying USMT and KACE to capture Firefox settings and other specific programs

It's that time in the hardware refresh cycle again where you have to replace laptops on mass, well at least it is for me.

Our main challenge was migrating users Firefox bookmarks and also the desire to capture Outlook signatures and auto-complete information without capturing all Office applications information (we wanted to start as fresh as possible).

I've never really dug in depth into the USMT and K2000 before now and I've found it in needed of a little massaging.

USMT Problem

The USMT definition XML file for applications (MigApp.xml) included with USMT 5.0 does provide support for many non Microsoft productions including Firefox, Chrome and Adobe Acrobat amongst other. The only problem is Microsoft hasn't had the inclination to keep it up-to-date.

Thanks to some clues from fellow ITNinja Jegolf, I found that the MigApp.xml is hard coded to look for Mozilla Firefox 3 (hello cira 2008).

USMT FIX: (assuming WAIK 8)

Edit the MigApp.xml files in both the C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\User State Migration Tool\amd64   and   C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\User State Migration Tool\x86 folders.

The line to modify:

DEFAULT:  <condition>MigXmlHelper.DoesObjectExist("Registry","%HklmWowSoftware%\Mozilla\Mozilla Firefox 3.*\bin [PathToExe]")</condition>

MODIFIED: <condition>MigXmlHelper.DoesObjectExist("Registry","%HklmWowSoftware%\Mozilla\Mozilla Firefox *.*\bin [PathToExe]")</condition>


After making these modifications, re-upload the USMT tool into the K2000.

Now if you choose the User Data tick box under Documents To Be Scanned in the K2000 USMT Scan Template, any version of Firefox will correctly be migrated.


Firefox specific migration (and other) without migrating ALL User Data

In the K2000 USMT Scan Template, if you tick User Data then it migrates anything in the MigApp.xml template which is anything from Firefox to all Office components to Acrobat etc etc.

This is not particularly helpful if you want to be more granular about what you take to ensure you don't pass on redundant or out of date settings.

To customize the USMT Scan Template created in the K2000 is not as easy as it could be.

  • Create a KACE USMT Scan Template and customize it with any visible settings but DO NOT tick User Data
  • Export this USMT Scan Template from the Package Management area of the K2000
  • Browse to the <K2000>\restore Samba share and find the exported package
  • Extract the package with 7-Zip
  • Open the extracted file with notepad and copy the USMT XML component out to a new file.

        This begins with <Configuration> and ends with </Configuration>

  • Save this file with XML file extension
  • In the K2000, open your USMT Scan Template and under the Content Configuration tick Specify config file.
  • Browse and select the XML file you created and then Save the USMT Scan Template.

When you reopen this USMT Scan Template, the K2000 shows it in the Template GUI format but as this GUI is not aware of the Applications section of the config file it won't be displayed. It does exist and modifying and saving the USMT Scan Template will not overwrite it (an export of the USMT Scan Template proves this).


So, what have we learned:

a) Microsoft didn't bother fixing this Firefox version number hard coding in the MmigApp.xml file. This is possibly a problem for Chrome and other applications mentioned in it.

b) KACE USMT Scan Template GUI is not aware of Applications section of config file.

c) KACE USMT Scan Templates are ALL or nothing for applications. Granularity of applications already built into USMT (anything listed in MigApp.xml) would be better.

d) the 'Specify config file' option in the KACE USMT Scan Templates is ambiguous as to the required format of the config file. I only got this working when I exported a template from the KACE (thank KACE support as I wasn't aware you could extract the packages) and copied the XML.
The ability to directly save an example config or the current config out for modification would make it simple to add customisation.


Be the first to comment

Offload Kbox services / Replicas

I've seen that I can setup remote site replications, but in my environment I don't think that solution will really work best.  Is it possible to just offload a service such as the KACE updates to another appliance to reduce the load on my kbox 1000?  If I setup a few replicas on additional hardware here at the main office where my kbox is located will they balance their work load or would I need to set machines from different subnets to checkin to a specific server?

I've got 6300 machines connecting back to a single kbox, when I use all of the services it's causing major slowdowns... Each of my 30 remote locations have a 1gb backbone back to the main office where the kbox is located, bandwidth is not an issue for me.  Replicas might work, but many of the remote location have no servers or hardware that I can dedicate as a replica.

Thanks for any thoughts!
View comments (1)
Showing 1 - 5 of 2648 results