/build/static/layout/Breadcrumb_cap_w.png

Blog Posts by Timokirch

Ask a question

SDA (K2000) - Hide PopUps during deployment

Hi all,

me again with a little add-on for the SDA. Recently i had the request to hide every popup like Dos-Boxes or PowerShell-Windows during the system deployment. For a better understanding here is a picture of my task :)

focus001.png





  




 As you can see the popup is blocking the view to the task list and the progress bar.








I've created a little tool which will run as a pre- & post install task. It will set the focus to the deployment window every second. So every script, application or whatever will switch to the background and you will always have the clean status page in front of you and your customers. Of course you need to duplicate the task and run it again after a restart in your post-install routine.

If there is an error in your deployment and the error page appears the script will pause. So you can work with notepad / cmd or whatever until you resume your task execution. You can manually pause the script with the key combination mentioned in the task description (you'll see it after an import to your SDA).

The tool is delivered as it is and has no support - questions will be answered here.

Download here: Download
Be the first to comment

SDA (K2000) - Windows 10 MUI Installation

Hi Guys,

i recently created a little PS-Script which will help you if you need to deploy an MUI version of Windows 10.
My scenario:
  • deploy Windows 10 1803 x64 in US-English
  • depending on the hostname: Install a language pack and set the default locales.
    • hostname starts with "US" then do nothing
    • hostname starts with "DE" then target language & keyboard layout German
    • hostname starts with "FR" then target language & keyboard layout French
    • hostname starts with "NL" then target language & keyboard layout Dutch

The solution can be found here: Download

The Post-Install task can be imported easily to your SDA but needs some modification on your site. For legal reasons i removed the language packs from the specific folder. Feel free to add and change the needed files / folder / whatever. Remember that every Windows 10 Build got his own language packs.

If you want to remove the en-US Keyboard then add the following line to the XML files:
<gs:InputLanguageID Action="remove" ID="0409:00000409"/>

The script is delivered as it is and has no support. If you have any questions feel free to ask here on ITNinja.

Helpful links:
Inputprofiles: Link
GeoIDs: Link


Be the first to comment

KACE SMA (K1000) | Spectre & Meltdown Analysis

01/09/2018 update: added a Report and another CIR.
01/12/2018 update: updated the script to use the current script version of today (1.0.4)  > Download
                                Scriptchangelog from Microsoft:
                                        Added message directing users to explanation of output
                                        Addressed feedback regarding multiple CPUs when setting $cpu 
02/02/2018 update: corrected & updated the vulnerable report. Added a new report with secured devices.
                                Vulnerable Report: Download
                                Secured Report: Downlaod

For an official statement from quest please visit: https://support.quest.com/kb/237193

Hi all, 

here a quick blog to check the hardware vulnarabilities CVE-2017-5715, CVE-2017-5753, CVE-2017-5754 or better known as Spectre and Meltdown.
I am using the Microsoft security guidance ADV180002 as base script with KACE modifications. 

The outcome of this blog will be that you can easily see, filter, report and label all your Windows clients higher than Windows 7 SP1 or Server 2012 R2 which are vulnerable or secure against Spectre and / or Meltdown. To archive this we first need a script. 

The script looks like this and can be downloaded here
If you need assistance to import it to your KACE SMA (K1000) please feel free to contact me. 
cpu01.png

The script will create the logfile: "C:\Windows\Logs\KACE_CPU_Check.log" and rewrite it every time. 

To have the posibility to search, label and report these data we need a CustomInventoryRule.
Here you have a screenshot and can find the export as a download here.
cpu02.png
ShellCommandTextReturn(cmd /c type ""C:\Windows\Logs\KACE_CPU_Check.log"")

After that you should be able to filter everything like you know to do it. 
Enabled protections appear in the output as "true".

Example for filtering for vulnerable devices:
cpu03.png
If you go to the details you would see that this device is vulnerable against both.
cpu04.png


Now you want to check with one klick which devices are vulnerable and compatible to get patches through Patching. To do that we first need again a custom inventory which checks if the compatibility registry key is available. You can download the ready to use package here.

RegistryValueReturn(HKEY_LOCAL_MACHINE64\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat, cadca5fe-87d3-4b96-b7fb-a231484277cc, REG_DWORD) 

The next step is to import a report which shows all vulnerable devices. The package can be downloaded here
Additionaly i have created a report which will list you all devices which are secure. You can downoad it here.

You can modify / add / delete everything wihtin the scripts, custom inventories or SQL-Reports. 
If you rename your custom inventory rules change the names in the SQL query too.


Cheers Timo

View comments (11)

KACE SMA - Adding Clients to AD Groups

Hi All,

this is a little AddOn to my previous post: KACE SDA - Adding Clients to AD Groups during deployment
This blog will focus on an ongoing management of AD security groups. 

First i have to say the main script is written by OneScript Team.

The idea here is to use KACE SMA to have an sheduled or an adhoc script wich will assign devices to specific AD securitygroup(s). 
First we will create an online KScript like this: 
sma_aag_001.png

After that we have to decleare on which device(s) it should be deployed to. Here you can choose to leave it empty or using a specific smartlabel or whatever you need it for.
After that you have to add credentials of a user who has the right to add the targeted devices to the targeted AD securitygroups.
Pro Tipp: Only use Domain Administrator if you are in a lab :)  
sma_aag_002.png

We don't need a notification and the shedule is up to you. Maybe you wan't to run it every monday to be sure that every device is in the correct group(s). 
Necessary to check is the "Allow run without a logged-in user". 
sma_aag_003.png

And now the final step: Upload the VBS as dependency and configure a task (or multiple).
sma_aag_004.png

Of course you can do here whatever you want. Feel free to proof registry keys or whatever you like before adding a computer to an AD securitygroup. 
You can add all securitygroup names seperated by a space as an argument. So you are able to create different sets of joining ad groups in one task. 

You can download the script together with my AutoIt Wrapper for KACE SDA:  Here 

Please note that this is a selfmate script without vendor support.

Kind Regards
Timo
Be the first to comment

KACE SDA - Adding Clients to AD Groups during deployment

Hi All, 

you are right here if you are looking for a solution to add your Windows Clients to AD groups during the inital deployment.

First i have to say the main script is written by OneScript Team.
I only added a short AutoIt wrapper to start this tool as a user which has the rights in the AD to add the actual client to the selected security group(s). 

Why did i use an AutoIt Wrapper? Because the Username and Password will not be stored as plaintext in the task.xml during the postinstallation task sequence. 

And that's the whole magic:
sda_aag_001.png
You only have to edit the script in the red marked square to your enviroment credentials. Then compile it via AutoIt SciTE and you will get an executable. 

After that you have to zip the VBS (AddGroup.vbs) and the executable to a normal compressed .zip file without password. 
Upload it afterwards to your SDA Postinstall-Tasks:
sda_aag_002.png

Now you are done. You can add all securitygroup names seperated by a space as an argument to the executable. So you are able to create different sets of joining ad groups in one task. 

If you have any problems or question reach out to me in the comments or contact me by mail (included in the AutoIt-Script). 

You can download my AutoIt Script together with the AddGroup.vbs from OneScript Team: Here

Please note that this is a selfmate script without vendor support.

Kind Regards
Timo

Be the first to comment
Showing 1 - 5 of 12 results

Top Contributors

Talk About appdeploy-downloads