/build/static/layout/Breadcrumb_cap_w.png

Blog Posts tagged with Windows 10

Ask a question

Automatically enable new Windows 10 builds in KACE K1000 SMA

Hi everybody,

since Microsoft changed its Windows lifecycle policy in Windows 10 to release a new OS build about twice a year (more information here) you may get a mix of different builds in your network inventory after some time.
Quests KACE SMA (aka K1000) recognizes every Windows 10 build as a new, independent OS in most parts of the appliance software.
That's quite helpful in some usage scenarios and in some it is not.

When I recently added a new Windows 10 1703 machine for testing purposes, it did not receive any managed installs and custom inventory rules at all - because "Microsoft Windows 10 Pro x64 (10.0.15063)" as it is called in the OS list was not enabled yet for all the software installers and custom inventory objects in our KACE SMA.
So I had to edit all these items manually and add Windows 10 1703 to the list of supported operating systems - what took quite a while.
k8xjVD.jpeg

If you (like me) don't want to do that every time a new Windows 10 build appears on your network here is way to avoid it:

Create a ticket rule that automatically adds missing Windows 10 builds to all your software installers and custom inventory rules!

Note: the following instructions are provided without any warranty, make backups, test carefully and use this at your own risk!

1. Go to "Configuration" section of your Service Desk module and to the "Rules" then
Hint: you can create ticket rules like this even if you normally do not use the service desk module!
yfoPGT.jpeg

2. If you want, switch to the service desk queue where you want to create the rule in - but it does not really matter which one it is since this one does not change any tickets at all. In this example we stay in the default queue.
Now hit the "Choose action" button and select "New (SQL)" then.
E61KMr.jpeg

3. Enter a name for the rule like "Enable missing Windows 10 builds".
Be sure the check box "Enabled" is checked if you plan to run this scheduled - if you prefer manual execution, uncheck it!
Dakfob.jpeg
In the "Select SQL" section, write this:
SELECT 1 AS 'HD_TICKET.ID'
4. Leave all the following options unchecked except "Run update query". In this box, enter this:
INSERT INTO SOFTWARE_OS_JT 
SELECT
  softw.ID soID,
  ost.ID AS osID
FROM
  OPERATING_SYSTEMS ost,
  SOFTWARE softw
WHERE
  (softw.FILE_NAME <> '' OR softw.INVENTORY_RULE <> '') AND
  ost.NAME LIKE '%Windows 10 %' AND
  ost.ID NOT IN (SELECT
    softOSJT.OS_ID
  FROM
    SOFTWARE_OS_JT softOSJT
  WHERE
    softOSJT.SOFTWARE_ID = softw.ID
) AND
  ost.ID IN (SELECT
    machOS.OS_ID
  FROM
    MACHINE machOS
  GROUP BY
    machOS.OS_ID
) AND
  softw.ID IN (SELECT
    softOSJT.SOFTWARE_ID
  FROM
    SOFTWARE_OS_JT softOSJT
    INNER JOIN OPERATING_SYSTEMS osNAMES ON softOSJT.OS_ID = osNAMES.ID
  WHERE
    softOSJT.SOFTWARE_ID = softw.ID AND
    osNAMES.NAME LIKE '%Windows 10 %' AND
    osNAMES.ID IN
(SELECT
      machOS2.OS_ID
    FROM
      MACHINE machOS2
    GROUP BY
      machOS2.OS_ID
))

Some explanation:
Take care of software objects with file attachments (installers) or custom inventory rules
Only select OS that are not already in the list of enabled OS for this software
Only select OS that are currently present in your active inventory - we don't want abandoned builds
Only select software items that already have at least one Windows 10 build enabled and limit this list to active inventory builds as well

5. Now set your schedule in the last section below. "15 minutes" is the shortest interval to choose, I personally run this once every hour. This query should not cause much impact on your appliance database performance, but you should test this in your environment.
If you prefer to run this manually, leave the "Schedule" section and disable the rule. You can still run it by hitting the "Run Now" button on demand.
Don't forget to save your work by hitting the "Save" button!
FVw9rE.jpeg

That's it! Carefully test this (make a backup!!), the "Last run log" section in the ticket rule editor shows you the last query results with a number of all the newly inserted software/OS relations and any other output of the database engine.

Enjoy!
View comments (4)

Lockdown Windows 10 Spy

To lockdown most spying Windows 10 functions:
Create Batch:

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo" /v DisabledByGroupPolicy /t REG_DWORD /d 1 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v AllowTelemetry /t REG_DWORD /d 0 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\EnhancedStorageDevices" /v TCGSecurityActivationDisabled /t REG_DWORD /d 0 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\OneDrive" /v DisableFileSyncNGSC /t REG_DWORD /d 1 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers" /v authenticodeenabled /t REG_DWORD /d 0 /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v DisableSettingSync /t REG_DWORD /d 2 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v DisableSettingSyncUserOverride /t REG_DWORD /d 1 /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v EnableSmartScreen /t REG_DWORD /d 0 /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WcmSvc\Local" /v WCMPresent /t REG_DWORD /d 1 /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting" /v DontSendAdditionalData /t REG_DWORD /d 1 /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v AllowCortana /t REG_DWORD /d 0 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v DisableWebSearch /t REG_DWORD /d 1 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v ConnectedSearchUseWeb /t REG_DWORD /d 0 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v AllowIndexingEncryptedStoresOrItems /t REG_DWORD /d 0 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v AllowSearchToUseLocation /t REG_DWORD /d 0 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v AlwaysUseAutoLangDetection /t REG_DWORD /d 0 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v ConnectedSearchUseWebOverMeteredConnections /t REG_DWORD /d 0 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v PreventRemoteQueries /t REG_DWORD /d 1 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v ConnectedSearchPrivacy /t REG_DWORD /d 3 /f

reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" /v DownloadMode /t REG_DWORD /d 0 /f
View comments (2)

Dual Booting Macs with Windows 10 using K2000

Our institution was a Ghost campus and using Ghost I was able to easily image all macs using a computer built in audit mode and putting the drivers on the image. The other option we had was to use deploy studio to capture the image and re-deploy it that way, but that had other problems like partition sizing and speed that we didn't want to deal with.  All this aside, i'm here to describe my experience with imaging a Mac with the k2000.

Since I had searched the itninja site looking for some information on how to dual-boot a computer using the k2000 and found NOTHING, I thought it would actually be difficult.  WOW was i wrong.

To start I build my Windows 10 image using the k2000 following the instructions here: https://dell.app.box.com/s/wun9qwuw2sj6lg827kpv9yhj5s7u0px2 and then capture the image.  This creates the windows image on a single partition which is VERY IMPORTANT.

I then image the mac with a fresh 10.11 base image with no software on it at all.  Once imaged i partitioned the drive.  This part of the process is more important than you may think because it puts the Windows partition at disk0s4.  I can't find the documentation i read before, but i believe you cannot boot Windows on a partition higher than 4.

I then create a pre-installation Task with the following information in it:
select disk 1
select par 1
remove all noerr
select disk 0
select par 4
format fs=ntfs label="windows" quick
active
assign letter="C"
select disk 1
select par 1
assign letter="D"
exit

Then i boot from my Windows 10 PE created USB drive (again from the documentation linked above), deploy the system image with the pre-installation task above in it and wham-o it works! 

Setting the driver feed is another important part!  On my k2000 i have new folders setup for windows 10 like below:
\\k2000\drivers_postinstall\Apple_inc\windows_10_x64\iMac13,1
\\k2000\drivers_postinstall\Apple_inc\windows_10_x64\Macmini6,2
depending on what the driver feed building tool finds for me.  You also need to download the Windows 10 drivers from the macs themselves since they are not provided on Apples website as easy as they were before.

This page shows which models of Mac you can install Windows 10 on.  
https://support.apple.com/en-us/HT204990

If you're using windows 7, you can head here to get the bootcamp drivers.
https://support.apple.com/en-us/HT205016

IN ORDER FOR THE DRIVERS TO WORK YOU MUST EXTRACT ALL THE .EXEs THAT ARE IN THE SUB FOLDERS! I say that in CAPS to get your attention, otherwise the drivers will not work.

On an existing machine i set the computer to always boot to Windows and that allows the computer to reboot multiple times and set itself up immediately after imaging.  If you're working on a brand new format/install (fresh out of the box or all partitions were wiped) you'll need to boot back up to the USB drive and go to recovery and open up command prompt and run "bootsect /nt60 c: /mbr" to set the mbr correctly.  Once you do that you'll be able to hold ALT (or use bootcamp or refit) to select the Windows partition.

The same process SHOULD work with Windows 7, but all i've tried it with is Windows 10.  If someone else could also try and replicate what i've done or find errors with the process, that would be great.  I'll update the post if i'm out of order or things are wrong but this is all spewing out of my head as i type.

Good luck! 

***UPDATE***

With new 16,2 iMacs I found out that they don't seem to have the legacy bios available anymore, so running "bootsect /nt60 c: /mbr" doesn't do anything.  A work-around I found is to image with KACE, boot into Mac OS and run WinClone and select "make EFI bootable" You also will need to disable SIP during your mac deployment workflow.

Good Luck!

-Steve Davis
View comments (9)

Capturing Windows 10 WIM’s to locations other than the kbox (externally capturing) using DISM

This is an update of the hta code to use DISM vs imagex from this Blog:

http://www.itninja.com/blog/view/capturing-wim-s-to-locations-other-than-the-kbox-externally-capturing

This update will work with WinPE 10 and windows 10 imaging.

'<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="deployment_client.css" />

<title>WIM Capture</title>
<HTA:APPLICATION
APPLICATIONNAME="DISM Capture"
SCROLL="no"
SINGLEINSTANCE="yes"
>
</head>

<script language="VBScript">
'Resize window
Sub Window_onLoad
window.resizeTo 400,400
End Sub

'Verify t:\imagestore exists
Sub StartCapture

Dim imgForm
Set imgForm = Document.forms("imgForm")

Set objFSO = CreateObject("Scripting.FileSystemObject")
If objFSO.FolderExists ("t:\imagestore") Then
Else
Set objFolder = objFSO.CreateFolder("t:\imagestore")
End if

'Verify image is not already on T:\imagestore
Set objFSO = CreateObject("Scripting.FileSystemObject")
If objFSO.FileExists("t:\imagestore\" & imgForm.imgName.value & ".wim") Then
MsgBox("The WIM image already exists. Please use a different name")
ElseIf imgForm.imgName.value = "" Then
MsgBox("A blank name is not allowed.")
Else
'Start Image Capture
strCommand = "%systemdrive%\windows\system32\dism.exe /Capture-Image /ImageFile:t:\imagestore\" & imgForm.imgName.value & ".wim /CaptureDir:" & imgForm.srcDrive.value & ":\ /Name:" & imgForm.imgName.value & " /compress:" & imgForm.comPrs.value & " /logpath:t:\imagestore\" & imgForm.imgName.value & ".log"
Set wshShell = CreateObject("WScript.Shell")
WshShell.run strCommand
'MsgBox("Process Complete. Check T:\imagestore\" & imgForm.imgName.value & ".log for errors" )
Set WshShell = nothing
End If
End Sub

</script>


<body>
<h1>DISM WIM Capture</h1>

<form id="imgForm" action="">
<div class="list">Image Name: <input type="text" name="imgName" id="imgName" size="20" maxlength="10">.wim</div>
<div class="list">Source Drive: <input type="text" name="srcDrive" id="srcDrive" size="1" maxlength="1">:</div<br/>
</div>

<table><tr><td VALIGN="baseline">
<div class="list">Compression: </div>
</td>
<td VALIGN="baseline">
<select name="comPrs" id="comPrs">---
<option value="fast">Fast</option>
<option value="maximum">Maximum</option>
<option value="none">None</option>
</select>
</form>
</td>
</tr>
</table>
<br>
<div class="text"><em>Note: Images will be sent to t:\imagestore\.</em></div<br/>
<br>
<br>
<input type="button" value="Start Capture" name="StartCapture" onClick="StartCapture">

<span id = "DataArea"></span>


</body>
Be the first to comment

Setting DNS server statically before joining domain script

In my lab testing, I always have to change my DNS servers manually before I can join to my domain since I use my router’s DHCP server, so I can’t tell what DNS servers my test machines use.

I finally got around to doing a simple google search and voila! I found the below .bat  file that queries for the adapter name, and sets the DNS servers for you. Very nicely written bat script. 

 

Tested this on Windows 10 and worked perfectly on my e6420.

 

SOURCE: http://superuser.com/questions/463096/change-dns-with-script


Just change the IP Addresses in teh code below and run this script before your join domain post install task runs on your K2000. 

NOTE: I tested this on Windows 10 successfully


.bat file code:


:: Set primary and alternate DNS for IPv4 on Windows Server 2000/2003/2008 & 
:: Windows XP/Vista/7
@ECHO OFF
SETLOCAL EnableDelayedExpansion
SET adapterName=
FOR /F "tokens=* delims=:" %%a IN ('IPCONFIG ^| FIND /I "ETHERNET ADAPTER"') DO (
SET adapterName=%%a
REM Removes "Ethernet adapter" from the front of the adapter name
SET adapterName=!adapterName:~17!
REM Removes the colon from the end of the adapter name
SET adapterName=!adapterName:~0,-1!
netsh interface ipv4 set dns name="!adapterName!" static 10.0.0.120 primary
netsh interface ipv4 add dns name="!adapterName!" 8.8.8.8 index=2
)
ipconfig /flushdns
:EOF

Be the first to comment
Showing 1 - 5 of 20 results

Top Contributors

Talk About appdeploy-downloads