Category Archives: Windows Server

Windows 10, Windows Server

Computers Not Reporting To WSUS

I had an issue where I had several computer that were downloading and updating from the WSUS server, but they were not reporting.  I could see the in WSUS the computers checking in, but the last report date was not changing.  To resolve the issue I performed the following steps on the PC

  1.  Open a command prompt as administrator.
  2. net stop wuauserv
  3. Open regedit as administrator
  4. Delete the following keys
    1. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate \SusClientId
    2. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate \SusClientIdValidation
  5. Back in the command prompt – netstart wuauserv
  6. wuauclt /resetauthorization /detectnow
  7. Go into update settings and check for updates
  8. Back in the command prompt – wuauclt /reportnow (This step is not necessary, but it should force the PC to report now instead of waiting 20 minutes)

After performing the above steps I check WSUS to make sure the PC is reporting.

Windows Server

Delete Sub-Directories And Files

I came across a situation where I wanted to delete all the files and sub-directories out of a a directory.  I wanted to leave my main directory and just delete every thing in it.

I tried using the del command but it does not remove sub-directories.  There is the rd command to remove directories, but it only removes directories that are empty.  The other problem with the RD command is that you need to know the name of the directory.  The solution was to script a file, which is fine because I wanted to schedule this job to run weekly.  I found a script on the Internet that did what I wanted but I had to modify it slightly.  Below is the script along with explanations in red.

echo off

REM Edit your folder path
set CAT=C:\path name
(Set the path of the folder you wish to empty out)

dir “%%CAT%%”/s/b/a | sort /r >> %TEMP%\files2del.txt
(This line scans the directory and saves a list of all sub-directories)
for /f “delims=;” %%D in (%TEMP%\files2del.txt) do (del /F /Q /a:h “%%D” & rd “%%D”)
(Deletes all hidden files and removes directory if empty)
for /f “delims=;” %%D in (%TEMP%\files2del.txt) do (del /F /Q “%%D” & rd “%%D”)
(Deletes all files and removes empty directory)
del /q %TEMP%\files2del.txt
(Deletes temporary list of sub-directories)

The only modification I made to the script was adding the line that deletes all the hidden files.  I had to do this because the original script would leave sub-directories with hidden Thumbs files.

Windows Server

Setting Java Security level in MSI

Starting with Java 7 Update 51, Java started blocking certain Java applications.  These applications were deemed outdated and a security risk by Java.  You can still get these to run by changing the security level of Java to allow these to run.  If you need to set the security level of many machines and are pushing Java out through Group Policy you can edit the msi file to push out the desired security setting.  Below are the setting you can add to the Property Table in the msi to change the security level to your needs.

  • On installation, the WEB_JAVA argument has the following effect:
    WEB_JAVA=1 enables Java in the browser
    WEB_JAVA=0 disables Java in the browser
  • On installation, the WEB_JAVA_SECURITY_LEVEL argument has the following effect:
    WEB_JAVA_SECURITY_LEVEL=VH sets the security level to very high
    WEB_JAVA_SECURITY_LEVEL=H sets the security level to high
    WEB_JAVA_SECURITY_LEVEL=M sets the security level to medium

You will need to set the WEB_JAVA_SECURITY_LEVEL=M to be able to run blocked Java applications.

Windows 7, Windows Server

Goup Policy Program Assignments Not Installing

After installing some newer Windows 7 computers I ran into a problem where several computers would not install program that were assigned through Group Policy.  The majority of these computers were at remote locations using slower network connections.  I knew that the computer was receiving the policy because I could perform a gpupdate /force and the computer would indicate that a restart was needed to install the program.  After checking the event logs of these computer I saw 2 different events.

Event 1129: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.

Event 1055:  The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

I figured out the issue was slow connectivity to the network, so I had to make a few changes in Group Policy accommodate for this.

1.  Computer Configuration > Policies > Admin Templates > System > Logon
Setting Name: Always wait for network at computer startup and logon
I changed this to enabled.

2.  Computer Configuration > Policies > Admin Templates > System > Group Policy
Setting Name: Startup policy processing wait time
I enabled this setting and set the wait time to 60 seconds.  This forces the computer to wait at least 60 seconds before moves on without network connection.

I had to make these changes on the local PC Group Policy using the gpedit.msc because these setting were not on our Server 2003 Group Policy. I would assume that these setting are in later versions of MS Server.

Windows 7, Windows Server, Windows Vista, Windows XP

Adobe Flash Player Error 2753

While trying to push out the 2 different Adobe Flash Player .msi install files via Group Policy, I noticed a few computers were not being updated by one or both of the installers.  I looked in the Event Viewer of these computers and found my error on the Applications tab.  The error was 2753: The file “InstallAX.exe” is not marked for installation.  I found the file name varied based on the system and which file or files were not installing.

The files names could be any of these:
InstallAX.exe
InstallAX64.exe
InstallPlugin.exe
InstallPlugin64.exe

You may also receive this error if you try to manually install the .msi file.  After a little research I found that this error is caused by some incorrect registry values for Adobe Flash Player.

Resolution

Uninstall the current version of Adobe Flash Player.  It is best to uninstall both the plugin and the activex version if they are both installed, but I found if you are only having problems with the plugin or activex you only need to uninstall that version of it if you are careful when modifying the registry in the next step.

Open up the registry editor (regedit.exe), and navigate to HKEY_CLASSES_ROOTInstallerProducts.  The sub-keys in this registry key contains the installer registry settings the the software installed on the computer.

Before editing the registry, it is always best to make a backup in case you accidentally delete or change you didn’t mean to.

Every piece of software installed will be represented with a unique GUID.  Use the find function (CTRL+F) in this registry key only and search for “Adobe Flash”.  Delete the corresponding GUID key.  If you only unistalled the plugin or activex version pay attention that you only delete the keys associated with that version.  There could be more than one GUID entry that needs to be deleted so make sure to continue searching the entire HKEY_CLASSES_ROOTInstallerProductskey for “Adobe Flash” until you have deleted all the keys.

After you have deleted all the keys, close the registry editor.  Your Flash Player .msi file should now install correctly.

Windows 7, Windows Server

Windows Start Up Messages

One of the things I don’t like about Windows 7 is that it lacks any kind of start up messages, for my domain users.  When they boot up their computer all they see is “Please Wait”  I have had users think that their computer was frozen and pull the plug on it when actually it was installing a software patch via group policy.  But I found an easy fix for this in group policy.

The setting is found under Computer Configuration / Administrative Templates / System / Verbose vs Normal Status Messages
By enabling this setting you will get descriptive messages when your domain computers boot up and shut down.  I have found that it gets a little too descriptive on XP machines, but I would rather have too much info than not enough.

Windows Server

Installing Adobe Flash Using Group Policy

Downloading The MSI’s

Before you can download the full installation msi files you must sign up with Adobe to distribute Flash.  This is free and relatively easy to do so.  At the time of this posting this was the link used to sign up.
https://www.adobe.com/cfusion/mmform/index.cfm?name=distribution_form&pv=rdr
After you sign up Adobe will send you a link to the full install files.

There are 2 types of installation.  If you are only going to be running Internet Explorer on your machines you only need to download the Active X version.  You will need to download the plugin version if you are running browsers like Firefox and Chrome.

Editing The MSI’s

The msi files can be edited using Orca.  I have not tested any of the switches at this time.

Deploying Via Group Policy (GPO)

Now you are ready to deploy the package via Group Policies. The general process is to do the following:

  1. Create new GPO (or use existing GPO for same software title)
  2. Copy the install files to a network share
  3. Add MSI package
  4. Add MST transforms file (note you can only do this at the beginning, and it cannot be changed later).

Turning Off Auto Update

You can turn off the auto update by editing or creating the mmc.cfg file.  The file is located in different spots depending on you OS.  For Windows 32 bit OS’s it will be located in the C:WINDOWSSystem32MacromedFlash directory.  For Windows 64 bit OS’s It will be located in both the C:WINDOWSSystem32MacromedFlash and the C:WINDOWSSysWOW64MacromedFlash directories.

The mmc.cfg file I created has the following entries.
AutoUpdateDisable=1  <– “1” turns off the AutoUpdate
SilentAutoUpdateEnable=0  <–  “0” Leaves Silent off “1” Turns it on

The file must be saved using UTF-8 encoding
The file is created automatically if you install Flash using the .exe installer.  If the .msi installer is used the file will not be created.  Be aware that if you have modified the file and update your Flash using the .exe installer, your modified file will be overwritten.

I decided I didn’t want to manually copy the file so I created a startup script that copies the file for me.  I read that a logon script does not work because users may not have permissions to copy the files.  Here is what my startup script looks like.

Set oFSO = CreateObject(“Scripting.FileSystemObject”)
sNetworkFlashPath = “\SERVERpathmms.cfg”
sLocalFlashPath = “C:WINDOWSSystem32MacromedFlashmms.cfg”
sLocalFlashPath64 = “C:WINDOWSSysWOW64MacromedFlashmms.cfg”

If oFSO.FolderExists (“C:WINDOWSSystem32MacromedFlash”) Then
oFSO.CopyFile sNetworkFlashPath, sLocalFlashPath, True

End If

If oFSO.FolderExists (“C:WINDOWSSysWOW64MacromedFlash”) Then
oFSO.CopyFile sNetworkFlashPath, sLocalFlashPath64, True

End If

Set oFSO = Nothing

I put this startup script in my GPO that deploys the Flash software.

Windows Server

Installing Java Using Group Policy

Download Java

You need to download the full offline installation package.  As of the time of this post the link is
http://www.java.com/en/download/manual.jsp

Extracting The MSI

Double click on the EXE file and leave the installation window open.

Now while that window is still open open up Windows Explorer and go to the below location and you will see the CAB and MSI files that are needed to deploy via GPO.

1 C:Users%username%AppDataLocalLowSunJavajre1.6.0_26

Note: You need to keep the setup window open for 64bit version because it removes the temp files when you cancel the install process. 32 bit doesn’t but its good practice.

Copy these files to your distribution location (or your staging area where you can modify the file using ORCA)

Modifying The MSI

So now we need to make some changes to the Java MSI installation so that it installs correctly and does not try to auto update seeing as most admins don’t give their users local admin rights. The tool that I use is ORCA, and is available for download from the Microsoft website.

Here are some common properties you can modify.  I have found that changing the update settings work, but if you check in the control panel, it appears as if nothing has changed.

Table Property Original Value Proposed Value Description
Property JAVAUPDATE 1 0 All three need to be changed to completely disable Java automatic updates
Property AUTOUPDATECHECK 1 0
Property JU 1 0
Property IEXPLORER 0 1 Activates Internet Explorer plugin
Property MOZILLA 0 1 Activates Mozilla plugin
Property SYSTRAY 1 0 Disables system tray icon when Java applets are active
Property RebootYesNo Yes No Suppresses the need to reboot – not affected by GPO that I’m aware of but does when installed manually.
Property EULA 0 1 I leave this setting to 0, however if you are installing it via the msiexec through cmd prompt you may need to set this to 1 to install without interuptions.

Once you have made the changes you are happy with you can simply save the changes to a MST (transforms) file. The transforms file simply tells the MSI to use its preferred settings, and the benefit is you can have one MSI to multiple MST files.

NOTE: if you wanted to use a transforms file, you need to create a transforms in ORCA first by clicking Transform -> New Transform, and then when you are finished you need to go to Transform -> Generate Transform.

Deploying Via Group Policy (GPO)

Now you are ready to deploy the package via Group Policies. The general process is to do the following:

  1. Create new GPO (or use existing GPO for same software title)
  2. Copy the install files to a network share
  3. Add MSI package
  4. Add MST transforms file (note you can only do this at the beginning, and it cannot be changed later).