Deploy the Trend Worry Free Business Client via Group Policy

KB ID 0000491

Problem

Trend Worry Free is a nice product, though to deploy the client software out to your machines, you need them to be switched on, have the firewalls off, and the remote registry service running. You can of course connect the clients to the web portal and install the client on a machine by machine basis, (default https://servername:4343), but if you are rolling out a lot of machines this can get tedious.

So you can either script the install or use Group Policies.

Solution

1. Firstly you need to create the install file, on the server that Worry Free is installed navigate to;

[box]

Worry Free Version 7

C:\Program Files (x86)\Trend Micro\Security Server\Admin Utility Client Packager

Worry Free Version 8

C:\Program Files (x86)\Trend Micro\Security Server\PCCSRV\Admin Utility ClientPackager\

[/box]

Locate the ClnPack.exe file and run it.

2. We want a setup package, select your platform, I want it to install silently and NOT to do a prescan. Save the output file somewhere you can find it and click “Create”.

3. Note: If have x64 bit clients that you are also going to deploy software to, you will need to repeat the process and create another package for x64 bit installations as well.

How to Tell if Windows is 32 or 64 bit

You can use a WMI filter to make sure the right policies apply to the right clients;

Using 32 and 64 Bit WMI Filters For Group Policy

4. After a while it should say it was successful, close down the client packager.

5. Create a network share and allow the “Everyone Group” read access to it, then copy the setup file you created above into this share.

6. On a domain controller, Start > Administrative tools > Group Policy Editor > Either edit an existing policy or create a new one. (Remember it’s a computer policy you need to link it to something with computers in it, if you link it to a users OU nothing will happen).

Navigate to:

[box] Computer Configuration > Policies > Software installation [/box]

And create a new package.

7. Browse to the UNC path of the setup file DO NOT browse to the local drive letter!

8. Set as “Assigned” > OK.

9. Make Sure: That if you have x64 bit clients, you open the advanced properties of this package, and remove the option to deploy this software to x64 bit clients.

10. Repeat the process for the x64 bit client if you also have x64 bit machines.

11. Close the policy and group policy editor window.

12.  Then either reboot the clients, wait a couple of hours, or manually run “gpupdate /force” on them.

Related Articles, References, Credits, or External Links

Original article written 11/08/11

Windows – Stop “Do you trust this printer?” Message

KB ID 0000508 

Problem

While setting up a new printer you might see this message on the screen, if you are manually installing a printer that’s fine, but if you are scripting the printer installs you DONT want all your users to see this popping up on their screens, it makes them flap, and then they will ring you up.

Printers
Do you trust this printer?
Windows needs to download and install software from the {print server name} computer to print to {printer name}. Proceed only if you trust the {print server name} computer on the network.

So using group policy let’s tun this off.

Solution

1.  Go to your domain controller. Start > Administrative tools > Group Policy management console > either create a new policy and link it to your domain (or required OU’s) or edit an existing policy.

2. Edit the policy and navigate to:

[box]Computer Configuration > Policies > Administrative Templates > Printers[/box]

3. Locate the “Point and Print Restrictions” policy and set it to enabled with the following settings:

When installing drivers for a new connection = Do not show warning or elevation prompt

When updating drivers from an existing connection = Do not show warning or elevation prompt

4. This is also set in user policy so now navigate to:

[box]User Configuration > Policies > Administrative Templates > Control Panel > Printers[/box]

5. Locate the “Point and Print Restrictions” policy and set it to enabled with the following settings:

When installing drivers for a new connection = Do not show warning or elevation prompt

When updating drivers from an existing connection = Do not show warning or elevation prompt

6. Apply the policies then close the policy editor. Then get the clients to reboot, wait a couple of hours, or manually run “gpupdate /force” on them.

Related Articles, References, Credits, or External Links

NA

Cisco VPN Client Install Error 28000

KB ID 0000945 

Problem

Seen when attempting to install or remove the Cisco VPN client software.

Error 28000: Before installing the Cisco Systems VPN Clients {version}, you must uninstall the previous version of Cisco Systems VPN Client {version}, using the Add/Remove Program Files option in the Control Panel. Then restart your system.

Solution

1. Firstly Windows Key +R > appwiz.cpl {Enter} > Locate and remove the VPN Client. Though sometimes you will not find it.

2. Locate ‘VPN Client’ Folder in program files > Locate the vpnclient.ini file and open it with Notepad, add the following two lines;

[box]

Remove Previous = 1
DelayRebot = 1

[/box]

Save the file.

3. Run the VPN Client software setup file with a ‘/quiet’ switch on it (as below). it will look like nothing is happening, go and have a coffee, then reboot and try to reinstall.

Manually Remove Cisco VPN Client

This is a little extreme, but if you have no other choice!

4. Windows Key +R > regedit {Enter} > Navigate to;

[box]

HKEY_LOCAL_MACHINE > SOFTWARE > Cisco Systems

[/box]

Delete the VPN Client Key.

5. Navigate to;

[box]

HKEY_LOCAL_MACHINE > SOFTWARE > DeterministicNetworks

[/box]

Delete the ALL the sub-keys (in the example below, there are two).

6. Navigate to;

[box]

HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows > CurrentVersion > Uninstall

[/box]

Delete the ANY keys that match;

  • {1CE60928-8325-49A8-8B06-633E48DD2B67}
  • {51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}
  • {5624C000-B109-11D4-9DB4-00E0290fCAC5}

7. Navigate to;

[box]

HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services

[/box]

Delete ANY keys that match;

  • CVirtA
  • CVPND
  • CVPNDRVA

8. Drill all the way back to the top of the registry (i.e. select Computer) > F3 (to launch ‘Find’) > Locate and delete all instances of the following;

  • Vpngui
  • Vpnapi
  • CVPND
  • CVPNDRA
  • Ipsecdialer

9. Windows Key +R > services.msc {Enter} > Locate and stop the Cisco systems, Inc VPN Service.

10. Delete the ‘C:Program FilesCisco SystemsVPN Client’ folder.

11. Delete the ‘C:Program FilesCommon FilesDeterministic Networks’ folder.

12. Delete the following files;

  • From %SystemRoot%system32drivers delete dne2000.sys (if it exists).
  • From %SystemRoot%inf delete dne2000m.inf and dne2000m.pnf (if they exist).
  • From %SystemRoot%system32 delete dneinobj.dl (if it exists).
  • From %SystemRoot%system32drivers delete cvpndrv.sys (if it exists).

 

Related Articles, References, Credits, or External Links

NA