Wednesday, May 30, 2007

Adobe 8 Pro Fast web viewing

Did you deploy Adobe 8 pro but you want to turn of the Fast Web viewing feature.

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\8.0\Originals]"bAllowByteRangeRequests"=dword:00000000

Send this registry change to your Adobe 8 Pro collection. Next time it is opened the selection will be disabled. To re-enable simply delete this reg key.

Friday, May 25, 2007

Office 2007 and Lookout

If you are looking at moving to Office 2007 and you have Office 2003 with Lookout you will run into a problem. Lookout needs to open Outlook and remove itself from the system. Unless you are an admin you can't do this. If you allow the users to interact with the system and run Outlook with admin privs then you can run into a serious security problem. The simplest way is to remove lookout manually before installing Office 2007

on error resume nextSet Sh = WScript.CreateObject("WScript.Shell")Key ="HKLM\SOFTWARE\Microsoft\Fusion\References\LookoutAddIn, Version=1.0.1868.24056, Culture=neutral, PublicKeyToken=b7aa31f2379f8c07\{2EC93463-B0C3-45E1-8364-327E96AEA856}\"Sh.RegDelete KeyKey ="HKLM\SOFTWARE\Microsoft\Fusion\References\LookoutAddIn, Version=1.0.1868.24056, Culture=neutral, PublicKeyToken=b7aa31f2379f8c07\"Sh.RegDelete KeyKey ="HKLM\SOFTWARE\Lookout Software\Lookout\"Sh.RegDelete KeyKey ="HKLM\SOFTWARE\Lookout Software\"Sh.RegDelete KeyKey ="HKLM\SOFTWARE\Microsoft\Office\Outlook\AddIns\LookoutAddInShim.Connect\"Sh.RegDelete KeyKey ="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lookout\"Sh.RegDelete KeyKey ="HKEY_USERS\.DEFAULT\Software\Microsoft\Office\Outlook\Addins\LookoutAddInShim.Connect\"Sh.RegDelete KeyKey ="HKLM\SOFTWARE\Classes\LookoutAddInShim.Connect\CLSID\"Sh.RegDelete KeyKey ="HKLM\SOFTWARE\Classes\LookoutAddInShim.Connect\"Sh.RegDelete KeyKey ="HKCR\LookoutAddInShim.Connect\CLSID\"Sh.RegDelete KeyKey ="HKCR\LookoutAddInShim.Connect\"Sh.RegDelete KeyKey ="HKEY_CLASSES_ROOT\CLSID\{86e53597-10b0-4e2e-ad00-53044a23c550}\ProgID\"Sh.RegDelete KeyKey ="HKEY_CLASSES_ROOT\CLSID\{86e53597-10b0-4e2e-ad00-53044a23c550}\InprocServer32\"Sh.RegDelete KeyKey ="HKEY_CLASSES_ROOT\CLSID\{86e53597-10b0-4e2e-ad00-53044a23c550}\"Sh.RegDelete Key'''now delete the folderSet oFSO = CreateObject("Scripting.FileSystemObject")sDirectoryPath = "C:\Program Files\Lookout Software"set oFolder = oFSO.GetFolder(sDirectoryPath)oFolder.Delete(true)

Friday, May 18, 2007

Out of date Hardware Inventory sms

Here is a query to create a collection of computers (last hardware scan > 60 days ) that haven't had there HW inventory updated in 60 days, you can change this to what ever time period you want. This will work on both SCCM or SMS

select SMS_R_System.ResourceID,SMS_R_System.ResourceType,SMS_R_System.Name,SMS_R_System.SMSUniqueIdentifier,SMS_R_System.ResourceDomainORWorkgroup,SMS_R_System.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.Name not in (select SMS_R_System.Name from SMS_R_System inner join SMS_G_System_WORKSTATION_STATUS on SMS_G_System_WORKSTATION_STATUS.ResourceID = SMS_R_System.ResourceId where SMS_G_System_WORKSTATION_STATUS.LastHardwareScan >= DateAdd(dd,-60,GetDate()) )

You could also add a query to this collection to pull all computers with no SMS client then you have all your comptuers in one collection to work with. You could force HW scans on the collection, force Client installs or whatever maintenance you need.

Thursday, May 17, 2007

Disabled Addins in Office

Many times the help desk will get a call from someone saying their addin is not installed. So you check in SMS and sure enough it is there. It would be nice if IT could know ahead of time if there are disabled addins so they can fix it.

If you have a disabled items in office you will find this key
Where 11.0 is the version number
Resiliency will only be there when an item is disabled.

The key might look something like this
[HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Word\Resiliency\DisabledItems]"12C71C2"=hex:02,00,00,00,a0,00,00,00,04,00,00,00,63,00,3a,00,5c,00,64,00,6f,\ 00,63,00,75,00,6d,00,65,00,6e,00,74,00,73,00,20,00,61,00,6e,00,64,00,20,00,\ 73,00,65,00,74,00,74,00,69,00,6e,00,67,00,73,00,5c,00,62,00,70,00,6f,00,6c,\ 00,61,00,73,00,65,00,6b,00,5c,00,61,00,70,00,70,00,6c,00,69,00,63,00,61,00,\ 74,00,69,00,6f,00,6e,00,20,00,64,00,61,00,74,00,61,00,5c,00,6d,00,69,00,63,\ 00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,77,00,6f,00,72,00,64,00,5c,00,\ 7e,00,77,00,72,00,61,00,30,00,30,00,30,00,30,00,2e,00,77,00,62,00,6b,00,00,\ 00,00,00,00,00

I am currently working on a MIF or MOF to collect the information. Because the DisabledItems key (12C71C2) is a dynamic name you can't easily make a MOF, well you can, but since you have several other reg keys you need to make putting them in a single group isn't easy or possible. I am no MOF expert but I am trying to find experts to let me know. The easiest way would be to create a VbScript that would search for the keys for the current use and create/modify a MIF file so it contains all the disable items for the current and previous users.

Once located you can create an advertisment that deletes the Resiliency key forcing the addin to load the next time. If you see the computer again after the next inventory then you know there is a real problem and to go fix it.

Soon I hope to have a simple MIF file available. I am still checking to see if MS uses it in Office 2007. If so then I might spend more time on making a good reporting tool.

Wednesday, May 9, 2007

Defrag a computer

Just like doing a disk clean up, you may not have a policy that runs disk defragment at a given time. Maybe you have DiskKeeper. This will allow you to force your computers to run a defrag through SMS. We have a defrag set to run once a month. This can keep the computers running a bit faster and keeps the help desk calls down. Granted if you have a policy or software inplace you can just ignore this one :) I recommend you run the file with "cscript defrag.vbs" so if an error occurs it will not try to force a popup.

Set objShell = CreateObject("WScript.Shell")
'Run the Defrag Utility
intRetVal = objShell.Run("%comspec% /c %WinDir%\system32\defrag.exe c: -f -v ", 0, True)
If intRetVal <> 0 Then WScript.Quit intRetVal

Sunday, May 6, 2007

Lock down SMS Control Panel

There are several ways to lock down the control panel I will address the one I know or found. Since this has come up in other forums and newsgroups I thought I would add my 2 cents.
Why would you want to lock it down. Well, if you have a user that is an admin on their machine they might revolt and turn off the service or fool around with the cache to prevent SMS from doing its job. It is a fact of life that some users will have admin rights to their machine. This will hopefully deter or slow them down. There isn't a way to totally stop them.

1. Hide the SMS Control Panel for current user (Systems Managment)
This will require a restart, force it or just wait for them to restart.
-------no show.reg------------------
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Control Panel\don't load]
2. Disable sections of the Contol Panel [Courtesy of Rune Norberg, MS Newsgroup]
For site assignment:>
HKLM\Software\Microsoft\SMS\Mobile Client\Configuration\CP Site Assignment> Options=Disabled (REG_SZ)
For cache:>
HKLM\Software\Microsoft\SMS\Mobile Client\Configuration\CP Cache> Options=Disabled (REG_SZ)

3. Restart CCM Service on remote machine
If the admin keeps turning off the service you can setup a scheduled task to run say every 3 hours to turn it back on. If they turn off WMI then you have a problem but you can use this to give you a return value if it is failing to start it.

-------------restart sms agent.vbs------------
strComputer = "YourComputer"
strCommand = "net start ccmexec"
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" _
& strComputer & "\root\cimv2")

Set oStartup = objWMIService.Get("Win32_ProcessStartup")
Set objConfig = oStartup.SpawnInstance_
objConfig.ShowWindow = 1

Set oProcess = objWMIService.Get("Win32_Process")
intReturn = oProcess.Create (strCommand, Null, objConfig, intProcessID)
‘’use the intReturn if you want to log success or failure, maybe they turned off Dcom or WMI

None of these are top secret and it will only take a little bit of digging for them to fix it. But it will deter some people. You can only try so much.