Frontrange Upgrade 7/2014.x/2015.1

by butsch 5. July 2015 23:20

Here is where to find the mentioned setting in Enteo/Frontrange for updates:

Configure the Polling Frequency for Package Preparation on the ORG Master Depot

The Polling Frequency for Package Preparation of the Distribution Service (in charge of the

ORG Master Share) should be reduced to 5 minutes to ensure the update packages are

prepared in a timely fashion. The default value is 120 minutes.

 

Tags:

Exchange 2010 EMC / Console Kerberos load quota 1000 of 2

by butsch 30. June 2015 06:45

It0s unclear from what this comes but we suspect scripts querying Exchange Objects in some form or a third party software

Which Querys some Exchange objects to fast. For some MDM/Blackberry solutions things where made open (Throttling). The client does not have Kerberos Authentication / SPS activated,.

Error:

The WS-Management service cannot process the request. The system load quota of 1000 requests per 2 seconds has been exceeded

Solve this with:

Cmd

Try:

Iisreset /noforce

If that get stucks full reset with:

Iisreset

Solved:

 

Tags:

LAN/WIFI Switching when using Windows 7 and corporate WIFI access

by butsch 30. June 2015 03:36

This is a problem which is often under estimated and there since Windows i don't know. Often a source for problem with WSUS-Agents, Deployment Agents etc.

Problem often seen:

On many HP-laptops in my environment is LAN/WLAN-switching not working well. The device is always connecting first the Wi-Fi. Bios-settings are correct.

https://social.technet.microsoft.com/Forums/windowsserver/en-US/6f550108-91f4-4228-88dc-5888410132c3/lanwlanswitching?forum=winserverGP

Here is how to get it done on Windows 7 client.

  1. The BIOS has an OPTION LIKE in HP ('LAN/WLAN Switching')
  2. Script the BINDING Order depending on analyses of routes or netsh info (nvspbind.exe)
  3. Use a Third Party Tool which can install but pay

 

Some links in that direction:

http://community.spiceworks.com/topic/190709-force-laptop-to-prefer-wired-lan-over-wlan-when-both-are-available

http://superuser.com/questions/112585/how-can-i-disable-wifi-when-computer-is-connected-to-lan-with-wire-using-gpo

https://social.technet.microsoft.com/Forums/windowsserver/en-US/007da9d4-c029-4751-97bc-dd55b798cfa1/disable-wifi-connection-with-gpo-when-network-cable-is-plugged?forum=winserverGP

All HP laptops:

There is an option named 'LAN/WLAN Switching' in BIOS. This option is listed under System Configuration > Built-In Device Options. Please enable this and check. This should disable the WLAN when the LAN is connected.

HP: G1 Series had some problem which was solved in G2 version in that direction.

Windows 8/10 this should work seamless without losing open files or connection. But this generated a delay of up to 40 seconds.

HP Notebook PCs - the Computer Does Not Automatically Switch Between the LAN/WLAN Connections in Microsoft Windows 8 and 8.1

http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c03707130

RESOLUTION

This is a built-in feature of Microsoft Windows 8 and 8.1. The computer may take up to 40 seconds to switch from one network to the other. This delay is by design to avoid interrupting file transfers and other processes.

 

Tags:

Windows 10 NAG screen active, How to prevent (on W7/W8)

by butsch 10. June 2015 05:56

Microsoft macht vorwärts mit Windows 10 im Juli 2015 ist Launch. Galt es 8.0 und 8.1 zu verhindern sollte man hier am Ball bleiben. Die Systemhäuser setzen W10 ein und es wird migriert so bald wie dies möglich ist.

Dieses ICON ist wohl mit KB3035583 im Mai 2015 gekommen. An sich auf dem WSUS geblockt bei den kleinen Kunden ohne WSUS durchgerutscht

  • BlockWindows10.cmd deinstalliert 3 Patche (Und ruft das VBscript auf)
  • VBscript HideWindowsUpdates.vbs HIDE'd die 3 Patche vor dem Windows Update Client (wuapp.exe)

 

Derzeit kommen vier Patche in Frage, welches Teile davon auslösen. Workaround: Diese Deinstallieren und von Windows Update verstecken.

 

KB2952664

Compatibility update for upgrading Windows 7

KB2990214

Update that enables you to upgrade from Windows 7 to a later version of Windows

KB3022345

Update to enable the Diagnostics Tracking Service in Windows

KB3035583

Update enables additional capabilities for Windows Update notifications in W 8.1 and W7 SP1

 

Guter Haupt Link zum Problem:

http://superuser.com/questions/922068/how-to-disable-the-get-windows-10-icon-shown-in-the-notification-area-tray

 

User OPMET posted some script which we slightly modified:

 

 

FILE: BlockWindows10.cmd

@echo off

cls

:: remember to invoke from ELEVATED command prompt!

:: or start the batch with context menu "run as admin".

 

SETLOCAL

 

echo uninstalling updates ...

echo - 2952664

start "title" /b /wait wusa.exe /kb:2952664 /uninstall /quiet /norestart

echo - 2990214

start "title" /b /wait wusa.exe /kb:2990214 /uninstall /quiet /norestart

echo - 3022345

start "title" /b /wait wusa.exe /kb:3022345 /uninstall /quiet /norestart

echo - 3035583

start "title" /b /wait wusa.exe /kb:3035583 /uninstall /quiet /norestart

echo - done.

timeout 10

 

:: Update WMI Information betreffend Patche

echo - Update WMI Info der Patche fuer Windows Update

C:\Windows\System32\wbem\wmic.exe qfe > nul

 

echo hiding updates ...

start "title" /b /wait cscript.exe HideWindowsUpdates.vbs 2952664 2990214 3022345 3035583

 Then to HIDE the Updates from Windows so they will not appear next time you run WUSA.EXE

https://gist.github.com/florianbeisel/7805795 

 

If Wscript.Arguments.Count = 0 Then
    WScript.Echo "Syntax: HideWindowsUpdate.vbs [Hotfix Article ID]" & vbCRLF & _
                 "Examples:" & vbCRLF & _
                 "  - Hide KB940157: HideWindowsUpdate.vbs 940157"
    WScript.Quit 1
End If

Dim hotfixId
hotfixId = WScript.Arguments(0)

Dim updateSession, updateSearcher
Set updateSession = CreateObject("Microsoft.Update.Session")
Set updateSearcher = updateSession.CreateUpdateSearcher()

Wscript.Stdout.Write "Searching for pending updates..."
Dim searchResult
Set searchResult = updateSearcher.Search("IsInstalled=0")

Dim update, kbArticleId, index, index2
WScript.Echo CStr(searchResult.Updates.Count) & " found."
For index = 0 To searchResult.Updates.Count - 1
    Set update = searchResult.Updates.Item(index)
    For index2 = 0 To update.KBArticleIDs.Count - 1
        kbArticleId = update.KBArticleIDs(index2)
        If kbArticleId = hotfixId Then
            WScript.Echo "Hiding update: " & update.Title
            update.IsHidden = True
        End If       
    Next
Next
 

 

Please see posting on how to block on Firewall if it's already there:

http://www.butsch.ch/post/WSUS-Do-not-Install-KB3022345-it-sends-info-back-to-MS-over-SSL.aspx

 

 

Tags:

Microsoft enables Strict Transport Security in Windows 7 and 8.1 with Internet Explorer 11

by butsch 10. June 2015 01:21

Microsoft enables Strict Transport Security in Windows 7 and 8.1 with Internet Explorer 11

Patch: Update KB3058515 (MS15-056)

For: Internet Explorer 11 ONLY

What for: Will make a pseudo SSL connection if Website supports and ONLY on second visit.

With the Microsoft July Update KB3058515 (MS15-056) Microsoft finally activates HSTS under IE11. This was planned for Window 10 now on Window 7 and 8.1. Since 2013 this was a wish from certain customers.

https://connect.microsoft.com/IE/feedback/details/793747/ie11-feature-request-support-for-the-strict-transport-security-header

Some points to know.

  • Die Site muss auf der anderen Seite HSTS aktiviert sein / Die website has to activated for HSTS Server side (See the secure net paper on how to do that)
  • Erst beim zweiten Besuch der Site nützt es was / Only after the second contact to the website this will be active
  • Keep in mind that Browser performance MAY be hit. See the First presentation in the Link for related info to that.
  • Alle US-Behörden ab sofort nur noch https (Nach den Hacks von Ende 2014)

 

http://www.internet2.edu/presentations/fall11/20111004-stsauver-hsts-performance.pdf

http://tech.slashdot.org/story/15/06/09/2219211/internet-explorer-11-gains-http-strict-transport-security-in-windows-7-and-81

https://www.securenet.de/fileadmin/papers/HTTP_Strict_Transport_Security_HSTS_Whitepaper.pdf

http://caniuse.com/#feat=stricttransportsecurity

https://status.modern.ie/httpstricttransportsecurityhsts

https://support.microsoft.com/de-de/kb/3058515

 

 

 

See our IE11 Deployment Links:

http://www.butsch.ch/post/IE11-IEAK-11-Setup-9-PRE-Deployment-Patches-2b-1-Hotfix.aspx

http://www.butsch.ch/post/Internet-Explorer-911-GPO-old-IE9-not-visible-WMI-checks.aspx

 

 

Tags: