01 July 2010

Microsoft Security Bulletin Minor Revisions

********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: June 30, 2010
********************************************************************

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS10-041 - Important
* MS10-040 - Important
* MS10-038 - Important
* MS09-040 - Important

Bulletin Information:
=====================

* MS10-041 - Important

- http://www.microsoft.com/technet/security/bulletin/ms10-041.mspx
- Reason for Revision: V1.3 (June 30, 2010): Corrected the registry
   key verification for Microsoft .NET Framework 3.5 and
   Microsoft .NET Framework 2.0 Service Pack 2.
- Originally posted: June 8, 2010
- Updated: June 30, 2010
- Bulletin Severity Rating: Important
- Version: 1.3

* MS10-040 - Important

- http://www.microsoft.com/technet/security/bulletin/ms10-040.mspx
- Reason for Revision: V1.1 (June 30, 2010): Added a link to
   Microsoft Knowledge Base Article 982666 under Known Issues in
   the Executive Summary to address the issue where specific
   installations of IIS fail on restart after installing this
   security update.
- Originally posted: June 8, 2010
- Updated: June 30, 2010
- Bulletin Severity Rating: Important
- Version: 1.1

* MS10-038 - Important

- http://www.microsoft.com/technet/security/bulletin/ms10-038.mspx
- Reason for Revision: V1.2 (June 30, 2010): Added a link to
   Microsoft Knowledge Base Article 2027452 under Known Issues
   in the Executive Summary.
- Originally posted: June 8, 2010
- Updated: June 30, 2010
- Bulletin Severity Rating: Important
- Version: 1.2

* MS09-040 - Important

- http://www.microsoft.com/technet/security/bulletin/ms09-040.mspx
- Reason for Revision: V1.1 (June 30, 2010): Added a link to
   Microsoft Knowledge Base Article 971032 under Known Issues in
   the Executive Summary.
- Originally posted: August 11, 2009
- Updated: June 30, 2010
- Bulletin Severity Rating: Important
- Version: 1.1

at Thursday, July 01, 2010 0 comments
Labels:

29 June 2010

All Available IMP Links for SCCM destination

Many times people things about the destination of SCCM Available resources below are some i can suggest

Books:- Yep there are Three Books available below are the links

1) System Center Configuration Manager (SCCM) 2007 Unleashed by Kerrie Meyler $37.79 http://www.amazon.com/System-Center-Configuration-Manager-Unleashed/dp/0672330237

2) Mastering System Center Configuration Manager 2007 R2 by Chris Mosby $37.79

3) System Center Operations Manager 2007 Unleashed by Kerrie Meyler $40.94

 

CBT’s,

Yes there are two best CBT’s offered these are most popular

cbtnuggets

http://www.cbtnuggets.com/webapp/product?id=421

Exam-Pack 70-401: Microsoft Systems Center - Configuration Manager
$299.00 - Includes 20 Videos

 

CBT Planet

http://www.cbtplanet.com/microsoft-it/microsoft-system-center-configuration-manager-training-video.htm

Microsoft System Center Configuration Manager 2007 (SCCM) CBT Training Course

 

Topics Based Courses also offered from

http://blogcastrepository.com/level5/sccm/default.aspx

for some of them it is free and for most of them you need to pay :D

 

OK, Now Cools free supported WebPages for SCCM & SMS is below

and also…..

Rod Trent's Blog

Great people Blogs:

at Tuesday, June 29, 2010 0 comments
Labels: , , , , ,

SMS 2003 Client Health : GP Based Script

Source:-http://www.myitforum.com/absolutenm/templates/Articles.aspx?articleid=17217&zoneid=87

 

Overview

Workstation Client Health maintenance is a continuous process that must be maintained. The following document gives an overview on how to fix several common workstation issues.
CliFix GPO startup script :- Can be downloaded from here http://myitforum.com/cs2/blogs/scassells/Public_SMS_CLIFIX_4.19.vbs.txt
In an effort to reduce the amount of common workstation issues I have developed a script to check and change the following common issues. This script is to be run via GPO startup scripts. This requires the script to work as the system account and have intranet connectivity. Both are accomplished by running as a GPO. Script Requirements
  1. Script must be in a location where the computers system account has access. Usually on your domain controller ex. \\FQDNDomain\sysvol\ FQDNDomain\
  2. sc.exe must be present for full successful run.
    1. Either in the run path
    2. system32
    3. system32\DLLCache
    4. Note: there are multiple versions floating around in the average environment
  3. regsvr32.exe needs to be present
  4. %systemroot%\system32 needs to be in system path
Script Settings

All, unless I missed some, sections of the script can be turned on and off in the top of the script. Please review the script as some features will fail without modification.

Please Review the following CONFIG SETTINGS Variables:

  • SMSVersion
  • ConfigMgrVersion
  • WKS_ASSIGNSITECODE
  • WKS_CacheSize
  • WKS_LocalAdminGroup
  • WKS_admACCT
  • RegPath
  • strWebAddress
  • StrCCRServer
  • strCCRSiteCode
  • CCMSetUP
What the Script Does
  1. Checks to make sure the script has not run in X many hours.
    1. Example if X = 12 the script will not run again until at least 12 hours after the last occurrence.
    2. This will prevent a slow down on multiple reboots.
  2. Sets DCOM permissions to be correct for SMS / SCCM configuration
  3. Checks to make sure System Path has the 3 required windows paths enabled. (does NOT use WMI or require a restart to change values)
    1. C:\windows
    2. C:\windows\sysetm32
    3. C:\windows\system32\wbem
    4. Also removes %systemroot% from path replacing it with correct full path value
    5. If one of the 3 paths is missing, it will parse the full path removing duplicates and adding a,b,or c to the beginning of the path statement leaving all else unchanged.
  4. Check to see if sc.exe exists in the run from directory and if not in the system32 directory
  5. Checks to see if this script is run on a workstation or server. If a server kills the script
  6. Checks to make sure the correct local admin group is present (value is set in header of script)
  7. Checks WMI service to see if it is set to auto and running. If not executes sc.exe to start the service.
  8. Attempts to connect to WMI object
  9. If the WMI object connect fails
    1. Attempt to do a repair (if no previous status is present in the registry and approved via script switches)
    2. Attempt to do a rebuild (if ‘repair’ status is present in the registry and approved via script switches)
    3. If both the above have failed then do nothing and report major error
  10. Checks to see if Admin$ is present, if not forces existence via WMI
  11. Checks to see if msxml3.dll is registered, if not forces existence via WSH
  12. Checks to see if Qmgr.dll and qmgrprxy.dll are registered, if not forces existence via WSH
  13. Checks to see if OLEAut32.dll is registered, if not forces existence via WSH
  14. Checks to make sure the following services are set to appropriate Status and Mode
    1. RPC
    2. WMI
    3. Firewall/ICS
    4. Server Service
    5. Remote Registry
    6. BITS
    7. Windows Update Services
    8. Terminal Services
    9. Windows Installer
    10. Note: You may want to review the settings for your environment on each of these services. All of the above services are set to default and either Manual or Automatic.
  15. Check the SMS version
  16. Checks the CCMExec service
  17. If SMS is not correct version can be forced to do an install
    1. Needs Review
  18. If the all of the above test passed without issue you have a healthy workstation. The following two checks are for SMS.
    1. Check log file last update time. If the PolicyEvaluator.log file has not been modified in past 14 days do a repair of the client.
    2. Check client assignment. If no assignment set new site code based on AD boundaries in which the client is present.
      1. Note: Some people may want to disable this as it relies on AD
  19. If any fixes above had to be preformed
    1. Check the advanced client state. Which client policies have enabled.
    2. Check the cache size
    3. Send a Client Configuration Request (CCR) to have client installed
    4. Run CCMSetup from the install share on the server.
Note during this script several forms of reporting, logging, and information submitting have been preformed. The standard methods of reporting are:
  • Event log
  • Log file in the %temp% directory for the account used to run
    • GPO = C:\windows\temp
  • Reporting to a website that submits client status to a SQL table.
    • Future WebPost on how to do this
Other verbose methods include:· Two levels of command line reportingo Log to Command lineo Verbose to command line· network share copy

Future Additions:

Area's that need improvement

at Tuesday, June 29, 2010 0 comments
Labels: , , ,

Below are the port Numbers used in SMS 2003

• Site Server to child and secondary sites as well as SMS SQL Server.
445 - Server Message Block (SMB)
389 - Lightweight Directory Access Protocol (LDAP)
636 - LDAP (Secure Sockets Layer (SSL) connection)


• Proxy Management point to parent SQL Server
1433 - TCP (SMS Site Server to SQL Server)
389 - LDAP
636 - LDAP (Secure Sockets Layer (SSL) connection)


• Advanced Client to Management Point and Distribution Point
80 - Hypertext Transfer Protocol (HTTP)
139 - Client sessions (for non BITS-enabled DPs)
445 - Server Message Block (for non BITS-enabled DPs)
389 - UDP (User Datagram Protocol) LDAP Ping
389 - TCP LDAP
636 - TCP LDAP (Secure Sockets Layer (SSL) connection)
3268 - TCP (Explicit connection to Global Catalog)


• Remote Control System service (Wuser32)
2703 - TCP SMS Remote Chat
2703 - UDP SMS Remote Chat
2701 - TCP SMS Remote Control (Control)
2701 - UDP SMS Remote Control (Control)
2702 - TCP SMS Remote Control (Data)
2702 - UDP SMS Remote Control (Data)
2704 - TCP SMS Remote File Transfer
2704 - UDP SMS Remote File Transfer


• Remote Control UDP *
137 - Name resolution
138 - Messaging
139 - Client sessions
* Only applies if you use NetBIOS over TCP/IP for SMS Remote Control
• Microsoft SQL Server
1433 - TCP SQL server
139 - TCP Named pipes


• Active Directory Discovery methods
389 - TCP LDAP
389 - UDP LDAP
636 - TCP LDAP (Secure Sockets Layer (SSL) connection)
135 - TCP RPC Endpoint Mapper
135 - UDP RPC Endpoint Mapper
3268 - TCP Global Catalog LDAP
3269 - TCP Global Catalog LDAP (Secure Sockets Layer (SSL) connection)
88 - TCP Kerberos
88 - UDP Kerberos


• Microsoft Windows NT UDP
53 – UDP Domain Name System (DNS)
67 – UDP Dynamic Host Configuration Protocol (DHCP)
135 – TCP Remote procedure call (RPC)
138 – UDP Windows Internet Name Service (WINS)
138 – UDP NetBIOS Datagram Service Computer Browser
139 – TCP NetBIOS Datagram Service Messenger

at Tuesday, June 29, 2010 0 comments
Labels: , ,

28 June 2010

OSD Log Files Location

Unfortunately, the smsts.log can be stored in one of 7 locations, depending on the stage of the build and the architecture of the OS:

  • WindowsPE, before HDD format:
          x:\windows\temp\smstslog\smsts.log
  • WindowsPE, after HDD format:
          x:\smstslog\smsts.log and copied to c:\_SMSTaskSequence\Logs\Smstslog\smsts.log
  • Full version windows, before SCCM agent installed:
          c:\_SMSTaskSequence\Logs\Smstslog\smsts.log
  • Full version windows, after SCCM agent installed:
          c:\windows\system32\ccm\logs\Smstslog\smsts.log
  • Full version x64 windows, after SCCM agent installed:
          c:\windows\sysWOW64\ccm\logs\Smstslog\smsts.log
  • After Task Sequence has finished running
          c:\windows\system32\ccm\logs\smsts.log
  • After Task Sequence has finished running(x64)
          c:\windows\sysWOW64\ccm\logs\smsts.log
at Monday, June 28, 2010 0 comments
Labels: , ,
Subscribe to: Posts (Atom)