I was trying to deploy some client AV packages today, there was an x86 version (x32 Bit) and a x64 bit version of the client software. As I was deploying the software via Group Policy I needed to write a different policy for each package. Then I needed to make sure the x32 bit client only deployed to x32 bit machines, and the 64 bit client only deployed to x64 bit machines.
To do that you need a simple WMI filter.
Create an x86 (32 Bit) WMI Filter
Open the Group Policy Management Console (gpmc.msc) on a domain controller > Drill down to your domain > WMI Filter > New > Give it a sensible name (you will be picking it from a list) > Add > Paste in the following;
[box]SELECT AddressWidth FROM Win32_Processor WHERE AddressWidth =’32′[/box]
Click OK > Accept the warning > OK.
Create a 64 Bit WMI Filter
Open the Group Policy Management Console (gpmc.msc) on a domain controller > Drill down to your domain > WMI Filter > New > Give it a sensible name (you will be picking it from a list) > Add > Paste in the following;
[box]SELECT AddressWidth FROM Win32_Processor WHERE AddressWidth =’64′[/box]
Click OK > Accept the warning > OK.
Applying a WMI Filter to a GPO
With the group policy selected > Scope Tab > WMI Filtering > Select the appropriate filter.
Related Articles, References, Credits, or External Links
Trend Worry Free is a nice product, though to deploy the client software out to your machines, you need them to be switched on, have the firewalls off, and the remote registry service running. You can of course connect the clients to the web portal and install the client on a machine by machine basis, (default https://servername:4343), but if you are rolling out a lot of machines this can get tedious.
So you can either script the install or use Group Policies.
Solution
1. Firstly you need to create the install file, on the server that Worry Free is installed navigate to;
2. We want a setup package, select your platform, I want it to install silently and NOT to do a prescan. Save the output file somewhere you can find it and click “Create”.
3. Note: If have x64 bit clients that you are also going to deploy software to, you will need to repeat the process and create another package for x64 bit installations as well.
4. After a while it should say it was successful, close down the client packager.
5. Create a network share and allow the “Everyone Group” read access to it, then copy the setup file you created above into this share.
6. On a domain controller, Start > Administrative tools > Group Policy Editor > Either edit an existing policy or create a new one. (Remember it’s a computer policy you need to link it to something with computers in it, if you link it to a users OU nothing will happen).
7. Browse to the UNC path of the setup file DO NOT browse to the local drive letter!
8. Set as “Assigned” > OK.
9. Make Sure: That if you have x64 bit clients, you open the advanced properties of this package, and remove the option to deploy this software to x64 bit clients.
10. Repeat the process for the x64 bit client if you also have x64 bit machines.
11. Close the policy and group policy editor window.
12. Then either reboot the clients, wait a couple of hours, or manually run “gpupdate /force” on them.
Related Articles, References, Credits, or External Links
Windows Server 2008 R2 and 2012 are a lot better with printing support over remote desktop, that their predecessors were. But to be able to print to your remote users ‘local’ machines. The TS/RDP server still likes to have the correct drivers installed.
What about Easy Print?
Easy Print (Introduced with Server 2008 R2) is a ‘proxy’ service that simply sends all print processes to the remote machine rather than the server itself, thus negating the need for a driver. That’s great! Unless your remote home users still have Windows XP or Vista (Pre SP1).
Solution
1. Before troubleshooting, make sure the printer actually works on the client machine, you don’t want to spend an hour trying to get it working when it’s actually out of paper or not turned on, (sorry but users are ‘challenging’).
2. Download the Drivers to the Remote Desktop Server. MAKE SURE if your clients are a mix of x86 and x64 bit versions of Windows you need to download BOTH versions of the driver.
Note: Download x86 and x64 bit versions of the SAME driver, i.e. Try and install an x86 PCL6 driver and an x64 bit PCL5 Driver and you may get an error.
Note 2: With some older printers, you can save a lot of time by simply plugging them into the server and letting Windows Update do the hard work for you. You might think that this is ‘time/cost prohibitive’. But I once spent an afternoon trying to get an HP multifunction printer to work that was worth about £60. The remote client was 45 minutes away, by the time I was finished the cost was greater than replacing this printer with 6 or 7 new ones that would have worked out of the box!
3. You can simply install the printer on the Server if you wish, then delete the printer and the drivers will remain, though the correct way is to add the drivers via the servers ‘Print Server Properties’.
Server 2000 / 2003
Start > Run > control printers {Enter}.
Server 2012/2008 R2
Windows Key+R > control printers {Enter}.
Note: Print server properties is not visible until you select a printer.
4. Repeat the process to add additional driers for the CPU architecture of your remote clients (x86, x64, etc).
Related Articles, References, Credits, or External Links
Saw this last week, while trying to use an unattended file for the roll out of some machines with WDS.
Every time you try and enter a value you get “The network path was not found” error, no combination of file path or UNC path seems to cure the problem.
Solution
This is a “work around” not a fix, essentially it will not accept any value you put into the path without throwing and error. If you close and reopen this page the value you enter has not been accepted.
So we are going to populate the entry by editing the registry, if you go back and view the entry afterwards it will STILL ERROR but the value will say put and the unattended file will work (providing the path you specify is correct of course!)
3. Locate the “Enabled” value and change it from 0 to 1.
4. Below this key you will see there is a key for each “image processor type”. I’m adding a 32 bit (x86) Unattended file so expand that, and set the “FilePath” value to your unattended xml file (Note: the path is from the WDS root directory, keep it simple and put your unattended file in the WDSClientUnattend folder. In this example mines called WDSClientUnattend.xml).
5. Finally restart the “Windows Deployment Services Server” service.
Related Articles, References, Credits, or External Links
I’d been running Windows 8 for a while now. But was the first time I needed to use my Cisco VPN Client software. So I was not happy when this happened.
Note: Using VPN Client version 5.0.07.0440
Secure VPN Connection terminated locally by the Client. Reason 442: Failed to enable Virtual Adapter.
Solution
As it turns out this is a known problem with Windows 8, and there is a work-around.
1. Press Windows Key+R to open the run prompt > regedit {enter}
When Microsoft released Windows Vista and Server 2008 they had the brilliant Idea of putting all the versions you would require in the same install media. With Windows 7 they have changed their approach, and the install media is specific to the version that is going to be installed. Well actually that’s not true the version is decided by a file in the installation media called ei.cfg and all versions are STILL in there.
What they still do, is have their x32 bit and their x64 bit Operating Systems on different media. If you do a lot of installs you might want them all on one DVD. Below are two walkthroughs, the first shows you how to make an x32 and x64 bit install DVD with all the versions* on it, the second shows you how to unlock your exiting install media so that all the versions on it are accessible.
*When I say “all versions” I’m NOT including Windows 7 Enterprise, that comes on separate media, and is just for open value subscription customers, or customers with software assurance.
Solution
Create an x32 AND x64 bit Windows 7 Multi Install Media DVD
1. Download your Windows 7 ISO Images (x32 and x64), from VLSC, Technet, or MSDN etc.
2. Make two Directories on your Machine’s C: Drive called Master and Images.
3. Using 7Zip open the x32 bit ISO file you have downloaded, and extract the sourcesinstall.wim file to the C:Images folder.
4. Then rename the file you just extracted to x32.wim.
4. Using 7Zip open the x64 bit ISO file you have downloaded, and extract the sourcesinstall.wim file to the C:Images folder.
5. Then rename the file you just extracted to x64.wim.
6. Check the x32 image for the “Image Index” (these are the numbers of all the Windows versions in this image), Yours will probably be identical, but you may have different media so check! Launch the “Deployment Tools Command Prompt”
To check the image index, execute the following command;
[box]
imagex /info C:Imagesx32.wim
[/box]
You can see (above) this image has five images within it, scroll down and you can see them.
Mine is structured as follows;
Image 1 – Starter Edition Image 2 – Home Basic Image 3 – Home Premium Image 4 – Professional Image 5 – Ultimate
7. Create a new image from all these Windows 7 x32 images, by executing the following commands;
14. Test your new install media (Note: if you want to Burn a DVD from this ISO use ImgBurn (it’s free).
Create an x32 OR x64 bit Windows 7 Multi Install DVD.
So if you have the installation media in .iso format you can change it so you can see the other install versions. On THIS site there are some utilities to help you – the “eicfg removal utility” removes the pointer to the file (which means you can install any version by picking it from the install menu (like you did with Windows Vista). Or you can swap your version with the second tool “Windows 7 iso image edition switcher”. I deploy a lot of machines so the former is a much better option for me.
1. Drop the windows 7 .iso file somewhere you can get at it (i.e. on your desktop).
If that is the case then you need to exempt both your user and the computer from this method of printer deployment while you are troubleshooting.
Solution
1. As we cant be sure what printer/driver is causing the problem, we need to remove them ALL > Devices and Printers > Select each one in turn, and remove (Note: Keep one for the next step, but remember to delete that also when you have completed the next step).
2. Select your last printer > Print Server properties > Drivers > Remove them ALL.
3. Launch ‘appwiz.cpl’ and ensure there is no printing software installed, if there is uninstall it.
4. Launch ‘services.msc’ > Locate the Print Spooler service and ensure it is set to log on as ‘Local System’.
Note: As shown, from here you can manually start the service, but for now we will leave it as it is.
8. Start > In the search/run box type ‘regedit’ > navigate to;
[box]
HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control > Print > Environment > Windows NT x86
[/box]
Here there should be two sub keys called Drivers and Print Processors, if there are any more delete them.
Warning: You might want to right click and ‘Export’ the keys in case anything explodes, you can simply double click the ‘exported’ file to merge it back in.
9. If your machine is running x64 bit Windows navigate to;
[box]
HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control > Print > Environment > Windows x64
Here there should be two sub keys called Drivers and Print Processors, if there are any more delete them.
Warning: You might want to right click and ‘Export’ the keys in case anything explodes, you can simply double click the ‘exported’ file to merge it back in.
10. Now navigate to;
[box]
HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control > Print > Monitors
[/box]
Here delete ALL Keys Except,
AppleTalk Printing Devices (This may not be present)
BJ Language Monitor (This may not be present)
PJL Language Monitor (This may not be present)
Local Port
LPR Port (This may not be present)
Microsoft Document Imaging Writer Monitor (This may not be present)
Microsoft Shared Fax Monitor
Standard TCP/IP Port
USB Monitor
WSD Port
11. At this point, physically unplug all printers from the PC, (make sure no scripts or group policies are going to attempt to reinstall the printers). Then reboot the machine.
12. When the reboot is complete, make sure the Print Spooler service stays up without error.
13. Get the latest drivers for your printer(s) and reinstall them one by one, (I would say after each printer install, let the system run until you trust it, before installing the next printer).
Print Spooler Fails when attempting to print from Internet Explorer.
If this problem only manifests itself when printing from IE, then go to Internet options > Advanced > Reset.
12. If that does not rectify the problem, make sure you are running the latest version of Adobe flash (or for troubleshooting remove the current version).
Related Articles, References, Credits, or External Links
Originally I wrote this back for Windows 7, but I have now updated it for Windows 10. How to add an IP network printer.
Setup a Windows Printer
1. If you don’t have a CD/DVD that came with the printer, then get onto the manufacturers website and download the correct drivers for your printer, you will need to know if you require 32 or 64 bit drivers.
4. Choose “Add a local printer“. I only ever choose the network printer option if I’m connecting to a printer by name in the win7printer name format, or I’m going to browse Active Directory for a printer.
5. Select a new port > Set the type of port to “Standard TCP/IP Port” > Next.
6. Enter the IP address of the printer. Either you have set this up manually, or you have got it from a configuration page that you printed off the printer > Next.
7. Have Disk.
8. Navigate to your drivers.
9. Some drivers are for multiple printer types, select yours. Note: It’s not unusual for multiple manufacturers models to be listed here > Next.
10. Give the printer a name > Next.
11. Choose whether you want to share the printer or not > Next.
Test Your Windows Printer
12. Print a test page.
13. There’s your new printer setup and ready (the green tick denotes it’s the default printer).
Note: The Default Printer, is where your print jobs are sent if you have multiple printers installed, and you simply hit the print button in an application.
Related Articles, References, Credits, or External Links
I saw this whilst installing Office on a machine today.
Solution
1. In my case I had just removed Office 2010 x64, (I needed the x32 bit version for some PST/MAPI stuff). So I knew that there was not a version of office installed.
Note: If you are unsure, click Start > appwiz.cpl {enter} and MAKE SURE. Remember most PC’s come with a trial version of Office these days, and that’s the most likely culprit!
2. Once you have discounted the obvious, make sure you DO NOT have any ‘Collaboration and Data Objects’ still installed, if so remove them (that was my problem).
Related Articles, References, Credits, or External Links
What used to be the simplest task, has now been overly complicated (Thanks Microsoft!) Simply deploying from a single .msi file would have been far too easy! This procedure uses group policy to install Microsoft Office 2010 via group policy. It uses the Microsoft preferred method of employing startup scripts.
Below I’ve also disabled UAC, I found it was stopping my automated install, (If I ran the script manually I was prompted by UAC to continue – that took me about 3 hours to work out).
It also automatically “Activates” Office as soon as its installed, (using a MAK key). In the following scenario I deployed Office 2010 (Pro Plus) x32 bit to Windows 7 machines. In a clean VMware test environment my target machine took 6 minutes to silently install. So on a production network it will probably take a little longer (be patient). But any more than 10 minutes and the process will time out, if that’s happening make sure you do this.
Solution
1. On a server create a shared folder called Office_2010, give Authenticated Users – read access.
2. . In that folder create a folder called LogFiles.
3. Copy the contents of the Office DVD to this share.
4. Open the shared folder locate the ProPlus.WW folder and open it.
5. Locate config.xml open it with notepad.
Change:
6. You can also change Username and companyname if you wish.
7. Save and exit config.xml
8. While in the Office_2010 folder Shift+Right Click > Open New command windows here.
9. Run setup.exe /admin
10. Accept the defaults on the popup menus.
11. Locate “Licensing and User interface.”
12. Enter a valid MAK license key (Take out the dashes and/or spaces). Tick to accept the EULA, and set the display level to none.
13. Locate “Set feature installation stats”, and set for the Office features you require.
To Set Office to Auto Activate (Without user intervention).
14. Locate “Modify Setup properties” , add a new one.
15. Set the name the value to AUTO_ACTIVATE.
16. Set the value to 1 (number one), and click OK.
Note: If you need to remove previous versions of Office you will find the option to do that in here also.
17. Click File > Save as > Save the msp file in the shareupdates folder (you can call it what you want).
18. Open notepad and paste in the following text:
[box]
setlocal
REM *********************************************************************
REM Environment customization begins here. Modify variables below.
REM *********************************************************************
REM Get ProductName from the Office product’s core Setup.xml file, and then add “office14.” as a prefix.
set ProductName=Office14.PROPLUS
REM Set DeployServer to a network-accessible location containing the Office source files.
set DeployServer=DC2AOffice_2010
REM Set ConfigFile to the configuration file to be used for deployment (required)
set ConfigFile=DC2AOffice_2010ProPlus.WWconfig.xml
REM Set LogLocation to a central directory to collect log files.
set LogLocation=DC2AOffice_2010LogFiles
REM *********************************************************************
REM Deployment code begins here. Do not modify anything below this line.
REM *********************************************************************
IF NOT “%ProgramFiles(x86)%”==”” (goto ARP64) else (goto ARP86)
REM Operating system is X64. Check for 32 bit Office in emulated Wow6432 uninstall key
:ARP64
reg query HKEY_LOCAL_MACHINESOFTWAREWOW6432NODEMicrosoftWindowsCurrentVersionUninstall%ProductName%
if NOT %errorlevel%==1 (goto End)
REM Check for 32 and 64 bit versions of Office 2010 in regular uninstall key.(Office 64bit would also appear here on a
REM If 1 returned, the product was not found. Run setup here.
:DeployOffice
start /wait %DeployServer%setup.exe /config %ConfigFile%
echo %date% %time% Setup ended with error code %errorlevel%. >> %LogLocation%%computername%.txt
REM If 0 or other was returned, the product was found or another error occurred. Do nothing.
:End
Endlocal
[/box]
19. Change the ProductName to the correct one you are deploying (search for ProductName in the setup.xml file that’s in the same folder you found config.xml in).
20. Change the THREE values in this script “DC2A” to your servername.
21. Save the file as a batch file (not a .txt file!) and right click the file > copy.
22. On your domain controller Start > Administrative tools > Group Policy management console > either create a new policy and link it to your COMPUTERS or edit an existing policy.
24. Add the batch file you created earlier (open the folder and right click > paste).
Note: That should be all you need to do however – The first time I did this, UAC on the Windows 7 machines blocked the install, so I had to turn it off. You can do that in the same policy.
25. Navigate to:
[box] Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options[/box]
Set the Following:
a. User Account Control Behaviour of the elevation prompt for administrators in Admin approval mode – No Prompt or Elevate without Prompting.
b. User Account Control Detect Application installations and prompt for elevation – Disabled.
c. User Account Control Run all administrators in Admin approval mode – Disabled.
Timing
Policies like this will “time out” if running for more than 600 seconds (10 minutes). Our install may take longer than that, so you may need to set the time out in the policy, Navigate to:
Select “Maximum wait time for group policy scripts” set it to 0 (zero) for unlimited.
26. Close the policy editor.
Note: At this point every time Office starts for a new user, it presents you with:
27. To Suppress that you need to create a USER policy with a Custom ADM Template, download the template here.
28. Note this is a USER Policy, so if you add it to the policy you have already created to deploy Office, then that policy needs to be linked to your users. So I would just create a new user policy and link it separately. Navigate to:
[box] User Configuration > Administrative Templates > Classic Administrative Templates (ADM) > Microsoft Office 2010 > Miscellaneous [/box]
29. Locate the “Suppress recommended settings dialog” and enable it.
Related Articles, References, Credits, or External Links