To Enable or Disable Program Compatibility Assistant in Group Policy

1. Open the all users, specific users or groups, or all users except administrators Local Group Policy Editor for how you want this policy applied.

2. In the left pane, click on to expand User Configuration, Administrative Templates, Windows Components, and Application Compatibility.
3. In the right pane, right click on Turn off Program Compatibility Assistant and click on Edit.

4. To Enable Program Compatibility Assistant
A) Select (dot) either Not Configured or Disabled.
NOTE: Not Configured is the default setting.

B) Go to step 6.
5. To Disable Program Compatibility Assistant
A) Select (dot) Enabled.
6. Click/tap on OK.
7. Close the Local Group Policy Editor window.
That's it,
Be the first to comment

K2 Macintosh USB Imaging Tool - K-Image Only

As i noted in my other USB Boot article USB 2.0 is not fast enough to boot the OS is a reasonable amount of time. Apple has done the work for us and gave us a fast booting USB OS on their Installation media. One downside is there is no SMB support which Kace needs. I have worked around it, but its not ideal. If you modify your pre or post image scripts you must manually copy them to your USB drives. Also, this only supports K-Image, it may work with DMG but you will need a large USB Drive. I would suggest you use the other method and install a full OS X to the drive.

I am going to use Mavericks in the example, but any OS X should work. You need the installation media and a running system.

Mount the DMG that is in Install OS X Mavericks -> Contents -> Shared Support

There is a hidden DMG called BaseSystem.dmg which you can mount from terminal via.

open /Volumes/OS\ X\ Install\ ESD/BaseSystem.dmg 

Write this DMG to your usb key. After this is done we are going to make some changes.

Kace needs some Perl libraries. Copy the following:

/System/Library/Perl and /Library/Perl to the same location on your USB

Create the following folders

{USB}/opt/kace/peinst and {USB}/opt/kace/petemp

Copy the following directories from  your K2/peinst to {USB}/opt/kace/peinst. If you have a large PC post job you can delete it from applications after you copy the directory.

applications, macosx, and preinstall

Edit the following file:

{USB}//System/Installation/CDIS/OS X

And add the following dict to the buttons array.



<string>/opt/kace/peinst/macosx/bin/K2000 Imaging</string>


<string>Kace Imaging Tool.</string>


<string>/opt/kace/peinst/macosx/bin/K2000 Imaging Imaging Utility</string>


<string>Kace Imaging Tool</string>


Edit /etc/rc.cdrom and insert the following before launchctl towards the bottom.

RAMDisk /opt/kace/petemp 8024

create the following file make sure it is executable (chmod +x)


This should return the IP or Name of your K2 or RSA. The most simplest form of this scripts can be

echo k2000

if your k2 is named K2000. Your you can add custom logic in this file to find the nearest server.

You Should now have a USB key that has less than 2GB of data that you can image machine from.

Be the first to comment

Procedure to install Microsoft office 2010 silently (BASIC)

Required softwares and tools.
1. CMD 
2. Microsoft office 2010
3. Office customization tools... download link

Prepare all the above on your Desktop 

First extract the OCT tool which you have downloaded to the Microsoft office 2010 folder
after extracting the folder should look like below pic with admin folder.

Now Run CMD as administrator 

Go to the office folder from CMD

Type: setup.exe /admin

The above command will open OCT as below PIC

For basic silent installation follow the below steps 

First go to Licensing and user interface 

1. Add your license key or use Kms option to skip the licensing step.
2. check mark on accept the license agreement.
3. change display level to none and check mark on suppress modal and no cancel. 

Click file on the top and save as and save the file in the same office 2010 folder
you can give any name. My file name is silentinstall.msp as in below pic

after saving close the OCT tool.

Now office 2010 is ready to silent install.

Procedure to test Office 2010 before uploading to KACE
open CMD and go to office folder 

type the below command to start the silent install 

setup.exe /adminfile silentinstall.msp 

Note; change silentinstall.msp to the file name which you created in OCT.
installation will take time to complete.

First go to your office folder and add all the files to compressed shown in below pic

now go to your K1
go to inventory 
then software 
choose action 

now upload the office zip file 

Now the software is in inventory and ready to install 

Go to Distribution then managed installations 
choose action 
change EXECUTION from disable to anytime or others as required
In SOFTWARE choose the office installation from the list

change default installation to override default installation 
In full command line: 
type setup.exe /adminfile silentinstall.msp

now choose the system you want to install the office and save. 

wait for installation to complete. 

You have successfully silently install office 2010 from k1 to the system. 

Procedure to deploy office 2010 to k2 will be uploded in next post soon. 

Thank you for reading my post. Sorry if there is any mistakes, please comment if there is any mistake or any step is not clear... 

Be the first to comment

Allow an app through firewall

Hi All,

This is my first post and I thought I should share something on how can "Allow an app through Windows Firewall" setting for Windows be played with while packaging an application.

Sometimes, the shortcut of a software might required to be allowed through the firewall as part of the automation (as a part of your package), so that when the users launch that shortcut, they don't see the prompt and can use the software. Something like the below snapshot:

This can be suppressed through UI by going to the following in "All Control Panel Items":
Control Panel\All Control Panel Items\Windows Firewall\Allowed applications

Cleck on "Change Settings".
Then click on "Allow another app..." and browse you application exe.


Now to accomplish this programmatically, there is a command line utility called "netsh". Below are listed, two commands, which add and remove a respective firewall rule:
The command line options can be explored and used by typing "netsh advfirewall /?" on command prompt to suit your needs.

In some cases/organizations/client environments, you might not want to configure such settings via your package. Never mind, these commands can come in handy, when you are trying to push a script through GPO or something.

Add a rule:
 netsh advfirewall firewall add rule name="Test" profile=domain,private protocol=any enable=yes DIR=In program="%ProgramFiles%\Test\Test.exe" Action=Allow

Remove the rule:
 netsh advfirewall firewall delete rule profile=domain,private name="Test"

These commands can be called as deferred custom actions in an MSI (or MST) to be run in System Context.

Any additions/comments to this blog are most welcome. Please do share your views if you find it helpful.


Be the first to comment

K2 USB/Thunderbold Booting netboot alternative

This is more of an FYI.

If you build a Mac bootable usb key and manually make the following changes you can image your macs from a external device without having to netboot. This is from memory and may have to be tweaked.

create the directory /opt/kace with permissions 777 and change the owner to user:wheel. User being the user account that you logon with. SMB mount /opt/kace/peinst and /opt/kace/petemp to your k2 or rsa. You will also need get_kbox_server in /usr/local/sbin that outputs the server IP or Name. It can be as simple as echo k2000. Run the imaging tool that is in peinst.

If you browse the scripts inside the k2000 media manager you can get a better understanding how this all works.

In testing this is too slow with usb 2.0 drives. I am working on another method based of the installation media.
Be the first to comment
Showing 1 - 5 of 2563 results