August 08/2022 Patch KB5012170 Update for Secure Boot DBX problem 0x800f0922

by butsch 15. August 2022 16:11

August 08/2022 Patch KB5012170 Update for Secure Boot DBX problem 0x800f0922

Problem: You can't install August 2022 Update KB5012170 on some systems under certain condition where Secure Boot is enbled and not latest BIOS/UEFI Firmware . You will receive an Error 0x800f0922

Error: Package KB5015730 failed to be changed to the Installed state. Status: 0x800f0922.

The patch does a revert



System which is not affected


The updates fixes some secure boot problems as example:

CVE-2022-34301 | Eurosoft Boot Loader Bypass

CVE-2022-34302 | New Horizon Data Systems Inc Boot Loader Bypass

CVE-2022-34303 | Crypto Pro Boot Loader Bypass


Microsoft main link:

KB5012170: Security update for Secure Boot DBX: August 9, 2022 (

What does the KB describe:

Describes the problem that certain firmware/Bios and GPO Settings should not patch KB5012170. The KB is very hard to dunerstand. We try to help a little. Please keep in mind that you can't update firmware without checking compatiblity on Laptops for docking station and maybe other things. In enterprise you can't can't just update laptop firmware over night and hope all is fine like microsoft thinks they can do with their M365/Azure solution and Autopolit clients. ;-)


Keypoint / problem:

If BitLocker Group Policy Configure TPM platform validation profile for native UEFI firmware configurations is enabled and PCR7 is selected by policy, it may result in the update failing to install.


So what does that mean if you don't have a post doc in IT?

Check if yout are affected with and have PCR7 active

You can find out the status of your UEFI / PCR7 / Bitlocker Setup with MSINFO32.exe (Elevated) or/and by running a DOS or PS command.


Some sample dumps and how to find out:


Affected product which has PCR7 mode shown:

Dell computer Precision 5530, Windows 10 21H2

msinfo32.exe commandline


Sicherer Startzustand    Ein    

PCR7-Konfiguration    Gebunden

DOS: manage-bde -protectors -get c:



Automate checking client for PCR7:


You may use a) Your software Deployment b) PSEXEC from systernals c) Do not use GPO to deploy software if you are not 100% fireproof with scripting

With psexec:

PsExec - Windows Sysinternals | Microsoft Docs


psexec -s \\computer001 c:\windows\system32\manage-bde.exe -protectors -get c:

PsExec v2.4 - Execute processes remotely

Copyright (C) 2001-2022 Mark Russinovich

Sysinternals -



BitLocker-Laufwerkverschlüsselung: Konfigurationstool, Version 10.0.19041

Copyright (C) 2013 Microsoft Corporation. Alle Rechte vorbehalten.


Volume "C:" [Windows]

Alle Schlüsselschutzvorrichtungen


Numerisches Kennwort:

ID: {6E770EF9-56D2-430D-81SAFE82-0E9A555D3D8A9}





ID: {9BE23A51-4A8B-4649-98SAFEDE-FAD6FB7165B9}


7, 11

(Verwendet den sicheren Start für die Integritätsüberprüfung)


c:\windows\system32\manage-bde.exe exited on pen10nb014 with error code 0.


Auotmate the msinfo32.exe with psexec

psexec -s \\computer001 C:\windows\system32\msinfo32.exe /nfo c:\edv\00_report\computer.txt /report c:\edv\00_report\computer_re.txt

Description of Microsoft System Information (Msinfo32.exe) Tool


Systeminformationsbericht erstellt am: 08/15/22 13:51:16

Systemname: SBBCARW10EL0145



Element    Wert    

Betriebsystemname    Microsoft Windows 10 Enterprise    

Version    10.0.19042 Build 19042    

Weitere Betriebsystembeschreibung     Nicht verfügbar    

Betriebsystemhersteller    Microsoft Corporation    

Systemname    PEN10NB014    

Systemhersteller    Dell Inc.    

Systemmodell    Precision 5530    

Systemtyp    x64-basierter PC    

System-SKU    087D    

Prozessor    Intel(R) Core(TM) i9-8950HK CPU @ 2.90GHz, 2904 MHz, 6 Kern(e), 12 logische(r) Prozessor(en)    

BIOS-Version/-Datum    Dell Inc. 1.12.0, 27.06.2019    

SMBIOS-Version    3.1    

Version des eingebetteten Controllers    255.255    

BIOS-Modus    UEFI    

BaseBoard-Hersteller    Dell Inc.    

BaseBoard-Produkt    0FP2W2    

BaseBoard-Version    A00    

Plattformrolle    Mobil    

Sicherer Startzustand    Ein    

PCR7-Konfiguration    Gebunden    


Other samples not affected:

An HP Elitedesk 800 G3 (Older) with a NON UEFI BIOS

Binding not possible becauee older machine and NOT UEFI BIOS (Legacy used) because of better Deployment OS reasons.

DOS: manage-bde -protectors -get c:







Some newer Home system from HP Elitedesk with UEFI no Bitlocker GO or Bitlocker active (Out of the box enduser system)


manage-bde -protectors -get c:

Below you see under PCR7 that you did NOT run msinfo32 under "Administrative/Elevated" it says "Elevation required to view".

Here is msinfo32.exe with run as admin, PCR7 would be possible but is not activated


You can see in this specfic machine where PCR7 "Binding Possible" is shown there is not Bitlocker. That's why withou the Fimrware Update which was offered by HP this was the patch has installed.




  1. Check that you have the latest Bios/Firmware
  2. Check if you have PCR7 enabled like mentioned above

If not possible > as example because your docking station is not comaptible with latest firmware

To workaround this issue, do one of the following before you deploy this update

On a device that does not have Credential Gard enabled, run following command from an Administrator command prompt to suspend BitLocker for 1 restart cycle:


Manage-bde –Protectors –Disable C: -RebootCount 1


Then, deploy the update and restart the device to resume the BitLocker protection.


On a device that has Credential Guard enabled, run the following command from an Administrator command prompt to suspend BitLocker for 2 restart cycles:


Manage-bde –Protectors –Disable C: -RebootCount 3    


Then, deploy the update and restart the device to resume the BitLocker protection.


Some further links and infos regarding the path:

ADV200011 - Security Update Guide - Microsoft - Microsoft Guidance for Addressing Security Feature Bypass in GRUB

Troubleshoot the TPM (Windows) - Windows security | Microsoft Docs

R730xd, BitLocker, Secure Boot, PCR7 issue - Dell Community


Windows Server shows PCR7 configuration as "Binding not possible" - Windows Server | Microsoft Docs

In this scenario, when you run msinfo32 to check the PCR7 Configuration, it's displayed as Binding not possible.

Windows Server shows PCR7 configuration as "Binding not possible"

Article, 02/24/2022


This article introduces the Binding not possible issue in msinfo32 and the cause of the issue. This applies to both Windows clients and Windows Server.


PCR7 Configuration in msinfo32

Consider the following scenario:


Windows Server is installed on a secure boot-enabled platform.

You enable Trusted Platform Module (TPM) 2.0 in Unified Extensible Firmware Interface (UEFI).

You turn on BitLocker.

You install chipset drivers and update the latest Microsoft Monthly Rollup.

You also run tpm.msc to make sure that the TPM status is fine. The status displays The TPM is ready for use.


In this scenario, when you run msinfo32 to check the PCR7 Configuration, it's displayed as Binding not possible.




Client Management | Deployment | Hotfixes / Updates | Microsoft SCCM/MEM/MDT | WSUS

Server 2016, MDT 2013, W10 1809 6.3.8456.1000 SQL Compact Database

by butsch 28. March 2019 16:34

If you don't connect MDT on Server 2016 to an SQL Database it will use SQL Server Compact to store information

You see in MONITOR. You ONLY access the Info from the Compact Edition with SQL Management Studio 2008R2

And NOT the newer Version I have read somewhere. With the SQL Management Studio 2008R2 we

Can open the SDF database from C:\Program Files\Microsoft Deployment Toolkit\Monitor\MDT_Monitor.sdf


You can also access through API Web:





It's written that they keep the information in there for 3 days. So this is only a temporary solution until the client runs.


C:\Program Files\Microsoft Deployment Toolkit\Monitor\MDT_Monitor.sdf


To see or view data itself you could use:




Client Management | Deployment | Microsoft SCCM/MEM/MDT

KB 4489881 Breaks WDS MDT on Server 2016 PXE boot

by butsch 20. March 2019 21:08

To date there are two Social MSDN Threads where people and very und-happy and Microsoft DOES not think it's important

to mention the Problem on their KB Article under Problems. This has just come into our timeline range where

we rollout and MDT/WDS Server for medium sized customer who has no Enterprise Agreement and thus no SCCM.

Manage over 15 WSUS servers for SBS to Enterprise but has no info in that direction. (Not mentioned on MS/TechNet or Ask Woody which we mostly consult for good info)


Problem during PXE Boot:

Windows failed to start a recent hardware or software change might be the cause.

"Status 0xc0000001"


Here is how to fix it:

Uncheck under TFTP the option Enable Variable Window Extension

Reboot the WDS/MDT Server or restart the WDS Service.


Deployment | Microsoft SCCM/MEM/MDT | W10 | Microsoft Server OS

Missing entry in Fortigate Application Filter ROOT.CERTIFICATE.URL and OCSP source of W10 Setup failing

by butsch 31. October 2018 21:35

Fortigate Application Filter Certificate wrong/missing Entry sample for an important laptop driver (W10 Deployment fails because of signed Driver Revocation Lookup)

OR HOW a missing small ENTRY I a FORTIGATE FIREWALL IPS/APP filter can ruin your Windows 10 OS-Deployment work.


Reason: Missing entry in Fortigate Application Filter "ROOT.CERTIFICATE.URL" and "OCSP" source of failing deployment


Windows 10 Deployment with commercial Deployment Products (This includes HP client hardware, Microsoft SCCM, Landesk or Ivanti Frontrange).

During the Unattend phase the driver for MASS storage or NIC does a Certificate Revocation Lookup. However the as sample mentioned

URL (Hardware Driver URL, CRL FQDN) is missing in Fortiguard definitions. Thus the Fortigate does block the access to WAN. Since this is an early setup phase of W10, group Policy or special GPO do not pull at that moment.


Fortigate has already missed several PKI URL the last few months confirmed by ticket resulting in large trouble and delay on client and Server OS of customers who route their Client or Server traffic through Web proxy and because of security do not want to route computer account proxy traffic standard to the proxy.


Why this is so important. Why this is generating a lot of work and trouble for OS-Deployment teams.


The normal way in larger companies is that all outgoing traffic from client VLAN goes to Firewall which it blocks. All Web/Application/Socks traffic that should go outside goes to a Proxy, Web filter.

Because in early phase of Deployment those options are not set already and normally not needed. However if the driver is older than the Expiration of the Code Signing Certificate W7/W10 will check

The Certificate Revocation list from WAN/Internet. If that fails it may refuse to integrate the driver in Windows PE or early Windows Setup phase. If example this is a driver which

handels NIC (network) or mass Storage driver (Disk) they deployment can't run through this early process.





URL we need open in our sample: which prevents a complete Enterprise Deployment system to fail




Sample from Fortigate for other Certs they missed:


F-SBID( --name "Root.Certificate.URL_Custom"; --protocol tcp; --app_cat 17; --service HTTP; --flow from_client; --pcre "/(crl\.microsoft\.com|\.omniroot\.com|\.verisign\.com|\.symcb\.com|\.symcd\.com|\.verisign\.ne t|\.geotrust\.com|\.entrust\.net|\.public- trust\.com|\.globalsign\.|\.digicert\.com|crl\.startcom\.|crl\.cnnic\.cn|crl\.identrust\.com|crl\.thaw te\.com|crlsl\.wosign\.com|www\.d\-trust\.net)/"; --context host; --weight 15; )


In our case:


F-SBID( --name ""; --protocol tcp; --app_cat 17; --service HTTP; -- flow from_client; --pcre "/(pki\.infineon\.com)/"; --context host; --weight 15; )

Please also see: | The certificate is invalid for exchange server usage Exchange 2010 SAN/UC

So you understand that this is a problem which persists over all firewall producers:

Symantec: About the Install Readiness Check for Certificate Revocation List access

TEND MICRO: After upgrading OfficeScan, users complained that the server started to rename all files in the OfficeClient Directory to "_invalid".
Below is a sample list of files in the D:\app\Trend Micro\OfficeScan\PCCSRV\Admin directory:


If there is no Internet connection, then CRL fetch and intermediate CA fetch will fail (this will be logged). The inspection will take place; however, URL-based or Category-based bypassing will not work.

Note: The CRL verifications are performed in the background asynchronously while matching the security policy (this mimics the behavior of the major web browsers).

Untrusted certificates and lack of CRLs can be configured as reasons to drop the connection






Deployment | Microsoft SCCM/MEM/MDT | Scripting | Ivanti Frontrange Enteo | W10 | M365/AZURE | SECURITY | FW Fortigate | FW Sophos | Mcafee ENS, EPO, DLP, TIE, ATD, VSE, MSME

IE11 GPO Settings, PROXY Explained F5-F8

by butsch 14. October 2015 19:42

Internet Explorer, Group Policy, Gruppenrichtlinien, IE11 GPO Settings, PROXY Explained F5-F8

  1. IE11 has to be installed so you see the IE10 Option
  2. There is not IE11 Option > That's ok > Choose IE10 it will work fir IE11
  3. You are on a SRV 2012 R2 or W8 to see this option or W7 with installed updated
  4. You did try it always fails or you get too MUCH Gpo settings from the GUI Mode.


This is what we talk about and seems to make confusions. People set if with it and at the end did with HKCU keys.

You can configure the options with F5, F6, F7 and F8 keys from the GUI. Only choose the options you want to change.

ALL RED > Will not be touched (Like GPO Settings DEFAULT)

ALL GREEN > Will be touched or changed (Like GPO setting ENABLE/DISABLE) depending on the GUI if you have a checkbox selected or not.

GREEN = Stuff you want to change

RED = LEAVE IT at it is

Some sample settings

If you go back one step on the GPO Console and do an F5 / Refresh

You should only see the option which you marked GREEN with F7 or F8


Lets make a sample (That i don't want touched)

See forgot two things and not clear how to select under security

Back in GPO Console one step, Update F5, Refresh

The above mentioned is RED THUS Gone / Not touched

We recommend to enable a check if you DO Registry KEYS or such Settings with GPO and not deployment.

Make sure you have a WMI Filter to also capture IE11

Check out I11 LINKS:









Client Management | Deployment | Ivanti Frontrange Enteo | Microsoft SCCM/MEM/MDT | Scripting | WMI

NIC Intel(R) Ethernet Connection I217-LM Deployment Driver

by butsch 16. April 2015 17:27

Intel(R) Ethernet Connection I217-LM Deployment problems

HP Zbook, Probook 650G1 (See below for full range info)


OS Deployment problems with Intel NIC i217-V (I217V) under Windows 7 64BIT and different Deployment Software Like Frontrange-Enteo, SCCM, Symantec and also with Windows Deployment.

Main problem is that the Windows PE 3.X that most Deployment solutions use accepts a less DEVICEID (A shorter). Also the NIC somehow seems to have timing problems and just behaves different than others during unattended setup.


Your Windows PE will work with any driver DeviceID:


But the Windows 7 Setup that your Deployment does need is more specific driver and checks behind that base DeviceID:

PCI\VEN_8086&DEV_153B&SUBSYS_00008086 (Sample)

06.09.2013, < GEHT NICHT
06.06.2014, < GEHT NICHT
31.07.2014, (
) < GEHT von HP Carepaq, sp68420



Screenshot shows Driver 12.8.33 from original HP factory setup W7 64BIT which DOES not work for Deployment.

The HP Factory NIC Setup shows following Device-ID (W7 64BIT) which does not work for deployment










Errors your will see in c:\windows\panther with wrong driver (No NIC in OS phase / Not Windows PE)


»¿2015-04-15 09:57:35, Error [DJOIN.EXE] Unattended Join: NetJoinDomain failed error code is [1355]

2015-04-15 09:57:35, Error [DJOIN.EXE] Unattended Join: DsGetDcName test failed: 0x54b, last error is 0x0, breaking if debugger attached...

2015-04-15 09:57:35, Error [DJOIN.EXE] Unattended Join: Unable to join; gdwError = 0x54b


DSJOIN error in Logfiles (C:\Windows\Panther\UnattendGC\UnattendedJoinDCLocator.etl)

2015-04-15 09:50:34, Warning [DJOIN.EXE] Unattended Join: DsGetDcName failed: 0x54b, last error is 0x0, will retry in 5 seconds...

2015-04-15 09:50:39, Warning [DJOIN.EXE] Unattended Join: DsGetDcName failed: 0x54b, last error is 0x0, will retry in 5 seconds...

2015-04-15 09:50:44, Warning [DJOIN.EXE



Working Driver, 07/31/2014,


You need the INF file with the three DeviceID:

%E153BNC.DeviceDesc% = E153B.6.1.1, PCI\VEN_8086&DEV_153B

%E153BNC.DeviceDesc% = E153B.6.1.1, PCI\VEN_8086&DEV_153B&SUBSYS_00008086

%E153BNC.DeviceDesc% = E153B.6.1.1, PCI\VEN_8086&DEV_153B&SUBSYS_00011179


Extract File: e1d62x64.inf (Working Driver which should work for the PHASE after Windows PE Format/Copies the Disk with your deployment. {Unattended phase}) (NOT Windows PE)


Signature = "$Windows NT$"

Class = Net

ClassGUID = {4d36e972-e325-11ce-bfc1-08002be10318}

Provider = %Intel%

CatalogFile =

DriverVer = 07/31/2014,




%Intel% = Intel, NTamd64.6.1, NTamd64.6.1.1, NTamd64.6.2



ExcludeFromSelect = \







; DisplayName Section DeviceID

; ----------- ------- --------

%E153ANC.DeviceDesc% = E153A.6.1.1, PCI\VEN_8086&DEV_153A

%E153ANC.DeviceDesc% = E153A.6.1.1, PCI\VEN_8086&DEV_153A&SUBSYS_00008086

%E153ANC.DeviceDesc% = E153A.6.1.1, PCI\VEN_8086&DEV_153A&SUBSYS_00011179

%E153BNC.DeviceDesc% = E153B.6.1.1, PCI\VEN_8086&DEV_153B

%E153BNC.DeviceDesc% = E153B.6.1.1, PCI\VEN_8086&DEV_153B&SUBSYS_00008086

%E153BNC.DeviceDesc% = E153B.6.1.1, PCI\VEN_8086&DEV_153B&SUBSYS_00011179

%E155ANC.DeviceDesc% = E155A.6.1.1, PCI\VEN_8086&DEV_155A

%E155ANC.DeviceDesc% = E155A.6.1.1, PCI\VEN_8086&DEV_155A&SUBSYS_00008086

%E155ANC.DeviceDesc% = E155A.6.1.1, PCI\VEN_8086&DEV_155A&SUBSYS_00011179

%E1559NC.DeviceDesc% = E1559.6.1.1, PCI\VEN_8086&DEV_1559

%E1559NC.DeviceDesc% = E1559.6.1.1, PCI\VEN_8086&DEV_1559&SUBSYS_00008086

%E1559NC.DeviceDesc% = E1559.6.1.1, PCI\VEN_8086&DEV_1559&SUBSYS_00011179

%E15A0NC.DeviceDesc% = E15A0.6.1.1, PCI\VEN_8086&DEV_15A0

%E15A0NC.DeviceDesc% = E15A0.6.1.1, PCI\VEN_8086&DEV_15A0&SUBSYS_00008086

%E15A1NC.DeviceDesc% = E15A1.6.1.1, PCI\VEN_8086&DEV_15A1

%E15A1NC.DeviceDesc% = E15A1.6.1.1, PCI\VEN_8086&DEV_15A1&SUBSYS_00008086

%E15A2NC.DeviceDesc% = E15A2.6.1.1, PCI\VEN_8086&DEV_15A2


Device ID from working I217V for Deployment Driver,, 2014, HP Softpaq68420

PCI\VEN_8086&DEV_153A;PCI\VEN_8086&DEV_153A&SUBSYS _00008086;PCI\VEN_8086&DEV_153A&SUBSYS_00011179;PC I\VEN_8086&DEV_153A&SUBSYS_1909103C;PCI\VEN_8086&D EV_153A&SUBSYS_190A103C;PCI\VEN_8086&DEV_153A&SUBS YS_2253103C;PCI\VEN_8086&DEV_153A&SUBSYS_2255103C; PCI\VEN_8086&DEV_153B;PCI\VEN_8086&DEV_153B&SUBSYS _00008086;PCI\VEN_8086&DEV_153B&SUBSYS_00011179;PC I\VEN_8086&DEV_1559;PCI\VEN_8086&DEV_1559&SUBSYS_0 0008086;PCI\VEN_8086&DEV_1559&SUBSYS_00011179;PCI\ VEN_8086&DEV_155A;PCI\VEN_8086&DEV_155A&SUBSYS_000 08086;PCI\VEN_8086&DEV_155A&SUBSYS_00011179;PCI\VE N_8086&DEV_155A&SUBSYS_198F103C;PCI\VEN_8086&DEV_1 55A&SUBSYS_1991103C;PCI\VEN_8086&DEV_155A&SUBSYS_1 993103C;PCI\VEN_8086&DEV_155A&SUBSYS_2101103C;PCI\ VEN_8086&DEV_155A&SUBSYS_213E103C;PCI\VEN_8086&DEV _15A0;PCI\VEN_8086&DEV_15A0&SUBSYS_00008086;PCI\VE N_8086&DEV_15A1;PCI\VEN_8086&DEV_15A1&SUBSYS_00008 086;PCI\VEN_8086&DEV_15A2;PCI\VEN_8086&DEV_15A2&SU BSYS_00008086;PCI\VEN_8086&DEV_15A2&SUBSYS_0001117 9;PCI\VEN_8086&DEV_15A2&SUBSYS_2216103C;PCI\VEN_80 86&DEV_15A2&SUBSYS_221B103C;PCI\VEN_8086&DEV_15A2& SUBSYS_225A103C;PCI\VEN_8086&DEV_15A2&SUBSYS_22701 03C;PCI\VEN_8086&DEV_15A2&SUBSYS_2271103C;PCI\VEN_ 8086&DEV_15A2&SUBSYS_22DA103C;PCI\VEN_8086&DEV_15A 2&SUBSYS_22FB103C;PCI\VEN_8086&DEV_15A3;PCI\VEN_80 86&DEV_15A3&SUBSYS_00008086;PCI\VEN_8086&DEV_15A3& SUBSYS_00011179



INF file HP CVA / Softpaq 68420 Infos

TITLE: Intel I217LM/V and I218LM Gigabit Ethernet Driver

This package contains the driver installation package for the Intel I217LM/V and
I218LM This build has post-beta drivers that are Intel-Signed Gigabit Ethernet
Controller in the supported notebook models and operating systems.

PURPOSE: Routine
SOFTPAQ MD5: a369c6b348bb54a453afae2435f988a3
EFFECTIVE DATE: August 26, 2014
CATEGORY: Driver-Network


HP ZBook 17 G2 Mobile Workstation
HP ZBook 17 Mobile Workstation
HP EliteBook Folio 9480m Notebook PC
HP EliteBook Folio 1040 G1 Notebook PC
HP EliteBook 840 G1 Notebook PC
HP ZBook 14 Mobile Workstation
HP EliteBook 740 G1 Notebook PC
HP EliteBook 850 G1 Notebook PC
HP EliteBook 750 G1 Notebook PC
HP ZBook 15 G2 Mobile Workstation
HP ProBook 640 G1 Notebook PC
HP ProBook 650 G1 Notebook PC
HP ZBook 15 Mobile Workstation








Deployment | Ivanti Frontrange Enteo | Microsoft SCCM/MEM/MDT

HP biosconfigutility.exe and password in BIOS options, error 10

by butsch 22. April 2013 16:24
HP this is absolue confusing! Not all syntax provided in the "Biosconfigutlity.exe" seem to work in a certain order!

Here is the correct syntax and a working example under Windows PE 3.X 32BIT boot media:

Biosconfigutlity.exe /cspwd:"youroldbiospassword" /cspws:"yournewbiospassword"

And an example to renew the existing BIOS password and write new BIOS Setting in one command:

BiosConfigUtility.exe /cspwd:"youroldbiospassword" /nspwd:"yournewbiospassword" /set:"%cd:~0,3%bios\6300\settings\6300.txt"

  • %cd:~0,3% = Current Drive letter your batch is on
  • bios\6300\settings\6300.txt (The config file with the new bios settings in some file Directory structure bios\modelltype\settings\modelltypeconfigfile.txt (Just an example)
  • Yes, you have to mention the "-chars (Quotation marks)
  •  "IF" you provider a existing password (cspwd), AND it does not match, it will be overseen and the NEW password written (cspws)
  • The exact syntax and ORDER of the options have to be followed

Make sure you don't mess UP with this tool. On certain newer laptops if you mess UP the BIOS password you "Can't" reset it with a jumper. There are two way (Send device to HP or buy a unlock key from russia for USD50). A cutomer from us has tried and did not understand the tool correct.

 If you don't want plain text passwords in your scripts you may have to use "HPQPswd.exe" which makes a password.BIN file from your entrys with the password encrypted.



Client Management | Deployment | Ivanti Frontrange Enteo | Microsoft SCCM/MEM/MDT | Scripting

Deployment Time HP 6560 all Major super OS-Deployment fail!

by butsch 27. July 2011 13:27
OS-Deployment Time:
HP 6560 all Major super OS-Deployment fail!

With our Deployment system Storage and nic driver intergation is very easy! ;-)
A short look in google show you that all those new fancy OS-Deployments did work a few months. But
now with new hardware and new Nic and mass stroage drivers they (as allways) fail and people have problems.
All the regualr non-deployemtn people who took OS Deployment for easy and thought they can do it theirself have problems.
The HP 5660 seems to fail with. Fails mean you will have to integrate a NIC and Mass Driver into the PE and maybe the WIndows 
XP SP3 silent setup if you still run Windows XP.
Even Windows 7 seems to have problems with the RIS. Back to the roots and hiring expensive Deployment people ;-)
·         WDS Windows Deployment
·         SCCM/SMS
·         Acronis 
·         Symantec Ghost und Deployment Suites wie Altiris



Client Management | Deployment | Ivanti Frontrange Enteo | Microsoft SCCM/MEM/MDT

SCCM 2007R2 Links

by butsch 24. October 2010 19:39


Microsoft SCCM/MEM/MDT

Werbung von Drittfirmen (Nicht Butsch Informatik):

Werbung von Drittfirmen via Google Adsense: