WMI Filter for GPO WIN 10 and 1709, 1803, 1809, 1903, 1909

Here is how to catch different Windows 10 OS release within WMI.

We used this the first time during a 1709 > 1909 Migration where we wanted to push customer startlayout.xml (Different new syntax and command for W10 1909)

with GPO ONLY to the 1909 clients. SBS/KMU seamless upgrades but often forget to handle GPO Policy side during the upgrade process. If you wan to modify

The startlayout/startmenu tiles this is often the first place you will need the WMI filters.

 

W10 Version Info:

Major   Minor   Version Build      Info       Released

10           0             1607       14393    2016 RTM LTSC 09/26/2016

10           0             1709       16299    2016 SAC            10/17/2017

10           0             1803       17134    2016 SAC            04/30/2018

10           0             1809       17763    2019 LTSC           11/13/2018

10           0             1903       18362    2019 SAC            5/21/2019

10           0             1909       18363    2019 SAC            11/12/2019

 

WMI Query to check which version you run of Windows 10.

NAMEPSPACE: Root\CIMv2

W10 1607:

SELECT * FROM Win32_OperatingSystem where version like '10%' and producttype='1' and BuildNumber = "14393"

W10 1709:

SELECT * FROM Win32_OperatingSystem where version like '10%' and producttype='1' and BuildNumber = "16299"

W10 1803:

SELECT * FROM Win32_OperatingSystem where version like '10%' and producttype='1' and BuildNumber = "17134"

W10 1809:

SELECT * FROM Win32_OperatingSystem where version like '10%' and producttype='1' and BuildNumber = "17763"

W10 1903:

SELECT * FROM Win32_OperatingSystem where version like '10%' and producttype='1' and BuildNumber = "18362"

W10 1909:

SELECT * FROM Win32_OperatingSystem where version like '10%' and producttype='1' and BuildNumber = "18363"

 

https://docs.microsoft.com/en-us/windows/win32/wmisdk/wql-sql-for-wmi

GPO WMI FILTER

Based on above info from us you can build the GPO filter for each W10 version.

 

Example: Use the Paessler WMI tester to check

If the query was successful then you get FEEDBACK from the Query (if not it would be empty)

 

Please also check these WMI related links from us:

http://www.butsch.ch/post/W10-Enable-Remote-Management-for-WMI-from-Commandline-silent.aspx

http://www.butsch.ch/post/How-to-identify-WSUSWindows-Update-Patches-installed-on-a-Windows-7-in-Batch.aspx

http://www.butsch.ch/post/Script-WMI-Fetch-modell-BIOS-Version-with-VB-like-SM_info-from-Dell.aspx

http://www.butsch.ch/post/Internet-Explorer-911-GPO-old-IE9-not-visible-WMI-checks.aspx

http://www.butsch.ch/post/IE11-GPO-Settings-PROXY-Explained-F5-F8.aspx

 


 
 

SRV2016, WSUS Server, Report Viewer 2012 CRL Types

Server 2016 running WSUS-Server if you click on a Report you the error with the Report Viewer as before.

If you did not install the WSUS in an SQL and used the WID (Windows Internal Database) or have a different Version

Of or many SQL Versionen mixed on that machine.

ERROR:

ENG: The Microsoft Report Viewer 2012 Redistributable is required for this feature

DEU: Für dieses Feature ist Microsoft Report Viewer 2012 Redistributable erforderlich

  1. Install Microsoft System CLR Types (If needed)

Microsoft System CLR Types for Microsoft® SQL Server® 2012

32BIT

http://go.microsoft.com/fwlink/?LinkID=239643&clcid=0x409

64BIT

http://go.microsoft.com/fwlink/?LinkID=239644&clcid=0x409

 

  1. Download and install MICROSOFT® REPORT VIEWER 2012 RUNTIME

https://www.microsoft.com/en-us/download/details.aspx?id=35747

These are the two files you need to install:

Close and reopen the WSUS console and it works now

McAfee ENS WEB CONTROL outlook.exe chart.dll crash

On several W10 machines we have seen Outlook.exe crash with Mcafee ENS Endpoint Security 10.7 Web Control active.

This behavior is seen up to Release 10.7.0.1675 and HOTFIX 10.7.0.1733 on 19.05.2020 and is because of the function "E-Mail annotations" in Mcafee Web Control Module from ENS (Endpoint security).

This function will check existing URL in existing E-Mail and if the URL is Malicious Block or warn the user WITHIN the E-Mail.

For Mcafee to draw that warning it needs chart.dll. On some systems there is know old story with mix of chart.dll (We are unsure of 32/64 or language MIX like German and English lead finally MS side to this error but Google is full of it). Mainly it's because Windows itself has a chart.dll and there is a version from Office. Those are different.

Error your see:

"Required file chart.dll not found in your path. Install Microsoft Outlook again"

"Die erfoderliche Datei chart.dll wurde"

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

 

Event

Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 16.0.4954.1000, Zeitstempel: 0x5df956bf

Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.18362.628, Zeitstempel: 0x54734dee

Ausnahmecode: 0xc06d007e

Fehleroffset: 0x00113db2

ID des fehlerhaften Prozesses: 0x2bac

Startzeit der fehlerhaften Anwendung: 0x01d5e67e5d8b1520

Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Office\Office16\OUTLOOK.EXE

Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll

Berichtskennung: 55ace164-ec8b-4166-8170-8616d13f0366

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

 

Version 16.0.4924.1000 +"chart.dll"

 

For Mcafee to draw that warning it needs chart.dll. On some systems there is know old story with mix of chart.dll (We are unsure of 32/64 or language MIX like German and English lead finally MS side to this error but Google is full of it). Mainly it's because Windows itself has a chart.dll and there is a version from Office. Those are different.

You can see what happens here. The YELLOW is when it does not find the chart.dll at that certain path.

 

 

SOLUTION:

McAfee ENS > Web Control > Optionen > Advanced Options > TURN off the FIRST OPTION (Uncheck)

View German Mcafee ENS

View EPO Policy English

 

This is what the function does. It highlights malicious URL. Here a sample from a Mcafee SECURITY FOR Exchange

Alert warning which had a malicious URL link. (This is a double alert but just to show what we talk about)

 

 

 

 

You don't have to reinstall Outlook.exe, Office, or ENS Modules. Just turn off the option.

Some Links with chart.dll (Not related to McAfee)

https://answers.microsoft.com/en-us/office/forum/office_2016-outlook/2016-outlook-has-error-message-required-file/772b47c6-ead1-4d6f-9ad1-41da627cb9c7

Links with Mcafee at askwoody.com

https://www.askwoody.com/forums/topic/outlook-2016-and-chart-dll-error-multiple-pcs/

https://community.mcafee.com/t5/Endpoint-Security-ENS/Outlook-2016-and-chart-dll-error/m-p/651239

HP W10 Phonewise Install Bluetooth error

ERROR: Install a driver failed because Bluetooth is off or unavailable.

Product: HP Phonewise Driver Install Error

Finally found a solution to a HP W10 Setup brand Problem. Had that under 1803/1809/1903. We are unsure If this was related to a CLEANUP tool we use to remove/Uninstall certain

HP bloat ware from Github. Install a driver failed because Bluetooth is off or unavailable.

This seems a rather complex installation because HP has to make sure that the BLUETOOTH drive is ON in BIOS, is active in W10 itself

And only then can install or uninstall the driver. If you look at the twi batch they are rather complex and handle reboot persistence etc.

We finally found a way to get rid of the error. There is a schedule Task running which handles the reboot persistence.

Remove that entry and you get of the warning. The RED Error we could not explain since the correct file was there AND the used

Mcafee ENS 10.7 virus protection DID not block the file.

HP PhoneWise Device Maintenance

 

 

Exchange 2016 numeric larger files under C:\Windows\Temp\SAFe\ if c: no space

Exchange 2016

McAfee Security for Exchange 8.6 SP2 (Safeservice.exe, RPCserv.exe (two instances), Postgres.exe (multiple instances))

D:\Program Files (x86)\McAfee\MSME\bin\SAFeService.exe

Server 2016

Source was: C: had no space in test lab server

If you see random Files with 96'201'998 (96MB) size under "C:\Windows\Temp\SAFe\" on your Exchange 2013/2016 those are from McAfee Security for Exchange 8.6. The shown server was a test lab running for long times a space on c: Drive did run out because it was unattended. You also see the "SAFe" directory under "D:\Program Files (x86)\McAfee\MSME\bin\lang\0409\SAFe"

Problem is finding something about thise issue since 99% google result end up in is it "safe" to delete "c:\windows\temp" ;-)

We used procmon.exe from Systernals to see what generates the files since the content is encrypted. You always have a bad feeling if you

See such files since Ransomware so maybe this helps someone once.

(From a first peek and moving files you think this is some kind of breach. Not very smart done by Mcafee…)

 

 

This event (IF your send E-Mail Alerts) should help too.

Since the Mcafee Security for Exchange OFTEN throws too much errors (RPC Crash > and it's back) people often turn those reports OFF we have seen in Mcafee Forum.

Loading the Anti-Virus Engine failed on '11/01/2018 19:19:53'.

1. Check whether the Product Update Information in the user interface is correct.
2. Check whether the corresponding folders with respect to DATs/Anti-Virus Engine version exists in the installation\\bin directory.
3. contact McAfee Technical Support.