Internet Explorer 9/11 GPO old IE9 not visible / WMI checks

by butsch 17. March 2015 22:31

 

Problem 1, Internet Explorer Maintenance Tab not visible

 

E: Internet Explorer Maintenance Tab not visible

D: Internet Explorer Wartung nicht sichtbar (Fehlende Einstellungen der Internet Explorer-Wartung für Internet Explorer 11) (IEM-Einstellungen)

 

During an Internet Explorer 11 Migration you discover that you can see your old IE8/9 settings which you made under Internet Explorer Maintenance Tab but you can't adapt or change them.

PROXY, Favorites, Quicklinks etc.

 

Solution:

You can only modify the OLD IE7/8/9 setting on a DC or ADMIN PC where IE10/11 is NOT installed and you have the GPO management console. So during migration you need two GPO machines

  1. One for the NEW GPO with IE10/11 and RSAT Remote Administration Tools (Or Domain Controller)
  2. One for the OLD GPO with IE8/9 and RSAT Remote Administration Tools

 

TO install the RSAT GPO management console a Windows 7 Admin PC:

  1. Search and download: Windows6.1-KB958830-x64-RefreshPkg.msu (http://www.microsoft.com/de-de/download/details.aspx?id=7887) [Remoteserver-Verwaltungstools für Windows 7 mit Service Pack 1 (SP1)]
  2. Over Software / Add Windows Features install GPO Console

 

 

Now on the GPO machine you can open an edit the old parts from IE7/8/9

Problem 2, WMI Filter because you have two GPO (IE9/11)

 

Because you PC's with IE9 and IE11 as example you may have to separate the GPO.

This is best done with WMI-Filters or Active Directory user groups:

Here is how to check in WMIExplorer.

SELECT path,filename,extension,version FROM CIM_DataFile WHERE path="\\Program Files\\Internet Explorer\\" AND filename="iexplore" AND extension="exe" AND version like "9.%"

Checks if client has IE9

SELECT path,filename,extension,version FROM CIM_DataFile WHERE path="\\Program Files\\Internet Explorer\\" AND filename="iexplore" AND extension="exe" AND version like "11.%"

Checks if client has IE11

 

Please also see our post from MSDN Social and Blog:

http://www.butsch.ch/post/IE11-IEAK-11-Setup-9-PRE-Deployment-Patches-2b-1-Hotfix.aspx

 

MSDN:

Fehlende Einstellungen der Internet Explorer-Wartung für Internet Explorer 11

https://msdn.microsoft.com/de-de/library/dn338129.aspx

Microsoft HAS made a list what goes where this FROM IE9 to (IEAK or/AND NEW SETTINGS). Most can be done with a clean and good IEAK setup.

https://technet.microsoft.com/de-de/library/jj890998.aspx (Where goes what)

Below is for people or team WHO don't know how to use IEAK (Please be carefull if you don't NEED to change Favorites or PROXY every month)

there is NO need to do the Regsitry HKCU things metioned. This can setup in IEAK 11 setup and then the regular GPO things.

 

https://thommck.wordpress.com/2013/11/08/the-new-way-to-configure-internet-explorer-proxy-settings-with-group-policy/

http://www.alexheer.co.uk/it-blog/configuring-ie11-settings-via-group-policy

http://blogs.msdn.com/b/asiatech/archive/2014/05/12/how-to-apply-the-content-of-ie-settings-in-gpo-which-used-iem-ie-maintenance-before-ie10-to-ie10-version-since-iem-has-been-deprecated-begin-from-ie10.aspx

 http://www.windowspro.de/wolfgang-sommergut/zentrale-ie-konfiguration-internet-explorer-wartung-vs-gpo-vs-ieak

http://blogs.msdn.com/b/asiatech/archive/2014/12/16/how-to-apply-favorites-amp-links-to-ie10-ie11-in-gpo-without-iem.aspx

 

 

Tags:

Client Management | Deployment | Hotfixes / Updates | WSUS

WSUS: Windows Fonts Update February KB3013455 (MS15-010) FIXED with 3037639

by butsch 26. February 2015 04:07

 

After you install security update 3013455 you may notice some text quality degradation in certain scenarios.

This problem occurs on computers that are running the following operating systems:

  • Windows Server 2008 Service Pack 2 (SP2)
  • Windows Server 2003 SP2
  • Windows Vista SP2

 

Patch defect Fonts:                  KB3013455 (Patchday February 2015 / MS15-010)

Patch corrected Fonts:            KB3037639 (https://support.microsoft.com/kb/3037639/en)

 

http://answers.microsoft.com/en-us/windows/forum/windows_vista-windows_update/kb3013455-ms15-010-causes-font-corruption/8640d38d-19bd-46b6-9af0-6213c05107d3

You may have to get rid of Patch if you're Windows Update or WSUS-Client already downloaded it to your system.

 

Path: "C:\Windows\SoftwareDistribution\Download"

Find following file with:

dir *3013455*.* /s

dir windows6.1-kb3013455-x64-express.cab /s

 

Just delete the Directory in which you find the File under C:\Windows\SoftwareDistribution\Download

To uninstall on 2008 if you did install already and made the Reboot:

wusa /uninstall /kb:3013455 /quiet /norestart

On 2003 and Vista use Software/ADD-Remove

 

 

Tags:

Client Management | Deployment | Hotfixes / Updates | WSUS

Microsoft Updates 2992611 / 3011780 from 18/19.11.2014 re-releases Exchange/IIS/DC’s

by butsch 19. November 2014 06:08

 

  • Event 4002, Exchange 2010 CAS, MSExchange Availability

 

 

  • Microsoft KB 3011780 (V2) gets re-releases on 19.11.2014
  • Microsoft KB 2992611 (V3) gets re-releases on 19.11.2014 (V2) / 09.12.2014 (V3)

 

https://technet.microsoft.com/en-us/library/security/ms14-066.aspx

V1.0 (November 11, 2014): Bulletin published.

V2.0 (November 18, 2014): Bulletin revised to announce the reoffering of the 2992611 update to systems running Windows Server 2008 R2 and Windows Server 2012. The reoffering addresses known issues that a small number of customers experienced with the new TLS cipher suites that were included in the original release. Customers running Windows Server 2008 R2 or Windows Server 2012 who installed the 2992611 update prior to the November 18 reoffering should reapply the update. See Microsoft Knowledge Base Article 2992611 for more information.

V3.0 (December 9, 2014): Bulletin revised to announce the reoffering of the 2992611 update to systems running Windows Vista and Windows Server 2008. The reoffering addresses an issue in the original release. Customers running Windows Vista or Windows Server 2008 who installed the 2992611 update prior to the December 9 reoffering should reapply the update. See Microsoft Knowledge

 

2992611-V2 complete revert the things done before and does not fix the high risky security leak. There are too many Tird party components and even MS Products like Exchange WITH Plugins from Third Party which don't work anymore.

I general the first patch could break all authentications against as example IIS, Exchange, Domain Controllers and Proxy Servers as example.

Remark:

The Event 4002, MSExchange Availability on Exchange 2010 has been there before [example May 2014] (Before release of 2992611). But we see it more often and just in the times range the patch was installed. This mainly in environments with Load Balancers and dedicated CAS-Server for as example Activesync and RSA. (Which is unsupported by MS still ;-)

We have also seen Event 4002 related to OWA/IIS rsa-plugin on our RSA CAS Server

The MS14-066 update also includes support for new SSL/TLS cipher suites. The new suites "...all operate in Galois/counter mode (GCM), and two of them offer perfect forward secrecy (PFS) by using DHE key exchange together with RSA authentication."

Process 2432: ProxyWebRequest CrossSite from S-1-1-0 to https://*.*.ch:443/ews/exchange.asmx failed. Caller SIDs: NetworkCredentials. The exception returned is Microsoft.Exchange.InfoWorker.Common.Availability.ProxyWebRequestProcessingException: System.InvalidOperationException: Client found response content type of 'text/html;charset=utf-8', but expected 'text/xml'.

The request failed with the error message:

--

<html><head><title>RSA SecurID PASSCODE Request</title>

 

Event 4002

Details

Product:

Exchange

Event ID:

4002

Source:

MSExchange Availability

Version:

8.0

Symbolic Name:

ProxyWebRequestFailed

Message:

Process %1: %2 failed. Caller SIDs: %3. The exception returned is %4. Make sure that Active Directory site/forest containing the user mailbox has at least one local Exchange 2007 server running Exchange Availability service. Turn up logging for MSExchange Availability service and test basic network connectivity.

    

Explanation

This Error event indicates that the Microsoft Exchange Availability service could not successfully send a proxy Web request to another instance of the Exchange Availability service that is running in a different Active Directory directory service site or a different Active Directory forest. The Exchange Availability service retrieves the Schedule+ Free Busy and Out-of-Office (OOF) data for a set of mailboxes that resides on a computer that is running Exchange 2007 Server. This event may occur when an Exchange 2007 Client Access server and user mailbox are in different Active Directory sites or forests. Because the Exchange Availability service cannot directly connect to a mailbox that resides in a remote Active Directory forest, it sends a proxy Web request to another instance of the Exchange Availability service that is running in the remote Active Directory forest. The Exchange Availability service that is running in the remote Active Directory forest retrieves the requested information locally and passes the information back to the Exchange Availability service that requested the information.

This event may occur if one or more of the following conditions are true:

  • The Active Directory site or forest that contains the user mailbox does not have a local Exchange 2007 server that runs the Exchange Availability service.
  • The Exchange Availability service finds issues when it tries to connect to the remote Active Directory forest.
  • There are insufficient permissions to request data from the remote Active Directory forest.

Bulletin Information:
=====================

MS14-068 - Critical

- https://technet.microsoft.com/library/security/ms14-068 (Link ist extern)
- Reason for Revision: V1.0 (November 18, 2014): Bulletin
  published.
- Originally posted: November 18, 2014
- Updated: November 18, 2014
- Bulletin Severity Rating: Critical
- Version: 1.0


MS14-066 - Critical

- https://technet.microsoft.com/library/security/ms14-066 (Link ist extern)
- Reason for Revision: V2.0 (November 18, 2014): Bulletin revised
  to announce the reoffering of the 2992611 update to systems
  running Windows Server 2008 R2 and Windows Server 2012. The
  reoffering addresses known issues that a small number of
  customers experienced with the new TLS cipher suites that were
  included in the original release. Customers running Windows
  Server 2008 R2 or Windows Server 2012 who installed the 2992611
  update prior to the November 18 reoffering should reapply the
  update. See Microsoft Knowledge Base Article 2992611 for more
  information.
- Originally posted: November 11, 2014
- Updated: November 18, 2014
- Bulletin Severity Rating: Critical
- Version: 2.0

Tags:

Client Management | Deployment | Hotfixes / Updates | WSUS

APP-V: Debug App-V Environment from package

by butsch 8. December 2013 02:08

 

On an APP-V Client crate a shortcut to the Desktop of the Existing APP-V Application you would like to debug.

 

Open the Properties of the Shortcut change the TARGET as marked and include

/EXE cmd.exe

Between

sftray.exe"

and

/launch.exe

Existing Target:

"C:\Program Files\Microsoft Application Virtualization Client\sfttray.exe" /launch "LeechFTP 1.3.1.202"

New Target for Command line Box (Changes red)

"C:\Program Files\Microsoft Application Virtualization Client\sfttray.exe" /exe cmd.exe /launch "LeechFTP 1.3.1.202"

If you open that Link now you are inside the Bubble and are able to check code, Path or Registry Keys.

 

 

 

Here is how to CHECK what may be wrong inside the BUBBLE.

Download and copy PROCMON.EXE PROCEXP.EXE from Technet/Microsoft/Systernals.

http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx

 

If you WANT to DEBUG as Domain user without special rights (Why is it slow as USER and not as Administrator)

you may have to RUN procmon.exe with RUNAS. be sure to use /NONPROFILE otherwise the MON will see diffrent data.

 Exclude the PROCESS you don't need. You SEE WANT TO see like vmware, virus protection, winlogon, windows services etc.

  

 

You want to check the Virtuell EXE itself:

Example: GIMP-2.6.exe

 

Also check the APP'V process itself:

SFTLIST.EXE

SFTTRAY.EYE

If the TRY to write files/open files or change Files on the Q: Drive that they may not have access as the Logged on user.

If you FOUND the file which the PROCESS has no Change permission OPEN the APPV package

Example FILE made problems: users30.mpm

Change the Sequencer File type from "Application Data" to "user data" and REDO the package

Tags:

APP-V | Client Management | Deployment

Swisscom EAPSIM, Mobile automatic connects to payed WIFI even with unlimited ABO

by butsch 26. May 2013 02:05

 

Swisscom has sent a minor automatic change to all their mobile customers. The IPHONE or HTC new automatic connects to their Swisscom WIFI Hotspot if in range (Stores/Malls/Airport).

 

Because you handy is connected to WIFI it may think you are HOME or in the OFFICE where you may have unlimited bandwidth access.

 

In most applications/Apps you can tell the IPHONE when and OVER what connection to UPDATE. In this case the IPHONE

is connected to WIFI and think it's at home and does larger updates.

 

The transfer size will clearly swap over the limit of 250MB/500MB/1000MB you have with Swisscom and thus for any fuirther MB you pay.

 

In the report from SFDRS is a short movie how to turn this off.

 

http://www.srf.ch/konsum/themen/multimedia/mobile-eapsim-swisscom-trickst-kunden-aus

http://www.tagesanzeiger.ch/digital/mobil/Der-Aerger-mit-dem-kostenpflichtigen-SwisscomWLAN/story/18874269

http://www.id.uzh.ch/dl/mobil/wlan/CheckSSID/iphoneEAPSIM.html

http://www.fhnw.ch/services/ict/email/smartphone/deaktivierung-eapsim_iphone

 

Please make sure you turn off this option of you are a Swisscom mobile customer.

 

 

Tags:

Client Management | Deployment | Exchange 2007 | Exchange 2010