All posts by osmancura

how to fix a corrupt profile

Occasionally, Windows might not read your user profile correctly, such as if your antivirus software is scanning your computer while you try to log on. Before you follow the methods here, try restarting your computer and logging on with your user account again to resolve the issue. If you restart your computer and it does not resolve this issue, use the following methods to resolve this issue.

Note You must be able to log on to an administrator account to fix your user profile or copy your data to a new account. Before you resolve the issue, log on to Windows by using another account that has administrative permissions, or restart in safe mode to log on with the built-in administrator account. For more information about how to start in safe mode, visit the following Microsoft website:

 

Method 1: Fix the user account profile

To fix the user account profile, follow these steps:

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756 How to back up and restore the registry in Windows How to back up and restore the registry in Windows
  1. Click Start, type regedit in the Search box, and then press ENTER.
  2. In Registry Editor, locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
  3. In the navigation pane, locate the folder that begins with S-1-5 (SID key) followed by a long number.
  4. Click each S-1-5 folder, locate the ProfileImagePath entry in the details pane, and then double-click to make sure that this is the user account profile that has the error.

    • If you have two folders starting with S-1-5 followed by some long numbers and one of them ended with .bak, you have to rename the .bak folder. To do this, follow these steps:
      1. Right-click the folder without .bak, and then click Rename. Type .ba, and then press ENTER.
      2. Right-click the folder that is named .bak, and then click Rename. Remove .bak at the end of the folder name, and then press ENTER.
      3. Right-click the folder that is named .ba, and then click Rename. Change the .ba to .bak at the end of the folder name, and then press ENTER.
    • If you have only one folder starting with S-1-5 that is followed by long numbers and ends with .bak. Right-click the folder, and then click Rename. Remove .bak at the end of the folder name, and then press ENTER.
  5. Click the folder without .bak in the details pane, double-click RefCount, type 0, and then click OK.
  6. Click the folder without .bak, in the details pane, double-click State, type 0, and then click OK.
  7. Close Registry Editor.
  8. Restart the computer.
  9. Log on again with your account.

Method 2: Log on to Windows and copy your data to a new account

Create a new account and copy the data from the old account to the new account. For information about how to do this, visit one of the following Microsoft websites:

Windows 7

Windows Vista

Method 3: Delete the error SID and create a new profile

To delete the error SID and create a new profile, follow these steps:

  1. Delete the error SID.

    Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

    322756 How to back up and restore the registry in Windows

    To resolve this problem yourself, follow these steps:

    1. Delete the profile by using the Computer Properties dialog box. To do this, follow these steps:
      1. Click Start, right-click Computer, and then click Properties.
      2. Click Change settings.

      3. In the System Properties dialog box, click the Advanced tab.

      4. In the User Profiles area, click Settings.
      5. In the User Profiles dialog box, select the profile that you want to delete, click Delete, and then click OK.
    2. Click Start, type regedit in the Search box, and then press ENTER.
    3. Locate and then click the following registry subkey:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
    4. Right-click the SID that you want to remove, and then click Delete.
  2. Log on to the computer and create a new profile.

How to add web site to Compatibility View List via GPO

Click “Tools -> Compatibility Settings” and input web site address in below windows:

 

It can also be applied from GPO for domain users. Here are several popular methods to achieve this task:

Solution 1 (Recommended as it exactly displays the result in client machine)

If you are on Windows 2008 DC, this policy can be deployed by Group Policy Preference that is new feature in Windows 2008.

 

Group Policy Preferences: Getting Started

http://technet.microsoft.com/en-us/library/cc731892(WS.10).aspx

 

  1. In Windows 2008 DC, open IE and add the web site to the Compability View Settings list
  2. You can verify the setting in the registry key path HKEY_CURRENT_USER\Software\Microsoft\Internet  Explorer\BrowserEmulation\ClearableListData\UserFilter
  3. Open Group Policy Management Editor for Domain Policy that you want to edit.

You can open it from mmc and then Add or Remove Snap-ins

Choose Group Policy Management Editor

  1. Choose path from either Computer configuration or User Configuration as below
  2. Computer or User Configuration->Preference->Windows Setting->Registry
  3. Right click New->Registry Wizard
  4. Select local machine and then check HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\ClearableListData\UserFilter as below.

 

Note: If use Computer Configuration, check registry HKEY_LOCAL_MACHINE

 

  1. Finish the change
  2. Run gpupdate /force in DC

10.Run gpupdate /force in client machine or re-login

11.You can check the registry key value in client machine and test in IE

 

 

Solution 2(Workaround)

==========

 

Deploy from Administrative Templates via GPO. However, it does not get reflected in IE user interface, we see the sites loading in the compatibility mode by opening the developer tool bar (press F12) and checking the browser mode.

 

Also, we can verify the setting in the client machine registry. The configuration is written to registry under HKCU(HKLM)\Software\[Wow6432Node]\Policies\Microsoft\Internet Explorer\BrowserEmulation\PolicyList.

 

  1. Open Group Policy Management Editor for Domain Policy that you want to edit.

You can open it from mmc and then Add or Remove Snap-ins

Choose Group Policy Management Editor

  1. Choose path from either Computer configuration or User Configuration as below

 

Computer or User Configuration-> Policies-> Administrative Templates-> Windows Components ->Internet Explorer -> Compatibility View

 

Use Policy List of Internet Explorer 7 sites = Enabled and sites added to the list

  1. The syntax needs to be bing.com.  There is no preface of http or www needed for the site and should add the second top domain.

 

  1. Run gpupdate /force in DC

IE 11 Migration

IE11 Migration Guide: Create Internet Explorer 11 batch deployment package

Apr 15, 2015

Beginning January 12, 2016, older versions of IE browser (8~10) will not be supported anymore. A growing number of enterprises and individual customers start migrating to Internet Explorer 11. Upgrading to IE11 is an easy job for individual customers, however it could be challenging to IT administrators in large enterprise as they need to ensure the success of hundreds and thousands PCs.

There are always some PCs that fail to upgrade to IE11 when using official IE11 installation due to various reasons: missing prerequisites, system file corruption, etc. And it would be time consuming to troubleshoot such issue. This article is going to introduce a way to create a batch IE11 deployment package, you would have the following advantages by using this way to upgrade IE.

  1. You can deploy IE11 without internet access.
  2. Only one reboot is required.
  3. Much faster than official installation.

Following is the detailed steps of making the package.

  1. Download all IE11 prerequisites from https://support.microsoft.com/en-us/kb/2847882. Three of them are optional, but I would still recommend you to install them.
  2. Extract the 9 prerequisites by 7-Zip.

  3. Get following CAB files from the extract folders, put them into a folder: preqs. You can delete the MSU files and extract folders, they are no longer needed.
    • Windows6.1-KB2533623-x86.cab
    • Windows6.1-KB2639308-x86.cab
    • Windows6.1-KB2670838-x86.cab
    • Windows6.1-KB2729094-v2-x86.cab
    • Windows6.1-KB2731771-x86.cab
    • Windows6.1-KB2786081-x86.cab
    • Windows6.1-KB2834140-v2-x86.cab
    • Windows6.1-KB2882822-x86.cab
    • Windows6.1-KB2888049-x86.cab
  4. Download Internet Explorer 11 from http://www.microsoft.com/en-us/download/internet-explorer-11-for-windows-7-details.aspx.

    or

  5. For EIE11_EN-US_MCM_WIN7.exe and EIE11_EN-US_MCM_WIN764.exe, extract IE11 installation file by 7-Zip, open CMD and cd to the extract folder and run command:IE-REDIST.EXE /x:IE11_CAB to extract the installation content to folder: IE11_CAB.
  6. For IE11-Windows6.1-x86-en-us.exe and IE11-Windows6.1-x64-en-us.exe, you can directly extract the installation content by command: IE11-Windows6.1-x86-en-us.exe /x:IE11_CAB.
  7. Get IE-Win7.CAB from IE11_CAB folder, this is the main application package of IE11.
  8. In IE11_CAB folder, extract IE-Spelling-en.msu and IE-Hyphenation-en.msu, get following CAB files:
    • Windows6.3-KB2849696-x86.cab
    • Windows6.3-KB2849697-x86.cab
  9. Download the latest IE11 cumulative security update, the latest version is MS15-032 (KB3038314) when I am writing this article. You can download it from: https://technet.microsoft.com/en-us/library/security/ms15-032.aspx. Extract IE11-Windows6.1-KB3038314-x86.msu and get: IE11-Windows6.1-KB3038314-x86.cab.
  10. Ignore this step if you just want English version of IE. Download IE11 language package from: http://www.microsoft.com/en-us/download/details.aspx?id=40904. Take Simplified Chinese as an example, extract IE11-Windows6.1-LanguagePack-x86-zh-cn.msu and get Windows6.1-KB2841134-x86.cab.
  11. So far, all the CAB files we need are ready, let’s take a look at our package folder.

  12. Create the deployment batch file in package folder: DeployIE11.bat and edit it with notepad.
  13. First of all, install all the prerequisites:
    ECHO OFF
    ECHO Installing IE 11 prerequisite: KB2834140
    dism /online /add-package /packagepath:preqs/Windows6.1-KB2834140-v2-x86.cab /quiet /norestart
    ECHO Installing IE 11 prerequisite: KB2670838
    dism /online /add-package /packagepath:preqs/Windows6.1-KB2670838-x86.cab /quiet /norestart
    ECHO Installing IE 11 prerequisite: KB2639308
    dism /online /add-package /packagepath:preqs/Windows6.1-KB2639308-x86.cab /quiet /norestart
    ECHO Installing IE 11 prerequisite: KB2533623
    dism /online /add-package /packagepath:preqs/Windows6.1-KB2533623-x86.cab /quiet /norestart
    ECHO Installing IE 11 prerequisite: KB2731771
    dism /online /add-package /packagepath:preqs/Windows6.1-KB2731771-x86.cab /quiet /norestart
    ECHO Installing IE 11 prerequisite: KB2729094
    dism /online /add-package /packagepath:preqs/Windows6.1-KB2729094-v2-x86.cab /quiet /norestart
    ECHO Installing IE 11 prerequisite: KB2786081
    dism /online /add-package /packagepath:preqs/Windows6.1-KB2786081-x86.cab /quiet /norestart
    ECHO Installing IE 11 prerequisite: KB2888049
    dism /online /add-package /packagepath:preqs/Windows6.1-KB2888049-x86.cab /quiet /norestart
    ECHO Installing IE 11 prerequisite: KB2882822
    dism /online /add-package /packagepath:preqs/Windows6.1-KB2882822-x86.cab /quiet /norestart
    
  14. Install IE11 application:
    ECHO Installing IE 11 main application
    dism /online /add-package /packagepath:IE-Win7.cab /quiet /norestart
    
  15. Install IE-Spelling and IE-Hyphenation:
    ECHO Installing IE-Spelling
    dism /online /add-package /packagepath:Windows6.3-KB2849696-x86.cab /quiet /norestart
    ECHO Installing IE-Hyphenation
    dism /online /add-package /packagepath:Windows6.3-KB2849697-x86.cab /quiet /norestart
    
  16. Install language package (ignore this step if you are just want English version):
    ECHO Installing IE 11 Simplified Chinese language package
    dism /online /add-package /packagepath:Windows6.3-KB2849697-x86.cab /quiet /norestart
    
  17. Install cumulative security update:
    ECHO Installing latest IE cumulative security update: KB3038314
    dism /online /add-package /packagepath:IE11-Windows6.1-KB3038314-x86.cab /quiet /norestart
    
  18. The final version of DeployIE11.bat:
    ECHO OFF
    ECHO Installing IE 11 prerequisite: KB2834140
    dism /online /add-package /packagepath:preqs/Windows6.1-KB2834140-v2-x86.cab /quiet /norestart
    ECHO Installing IE 11 prerequisite: KB2670838
    dism /online /add-package /packagepath:preqs/Windows6.1-KB2670838-x86.cab /quiet /norestart
    ECHO Installing IE 11 prerequisite: KB2639308
    dism /online /add-package /packagepath:preqs/Windows6.1-KB2639308-x86.cab /quiet /norestart
    ECHO Installing IE 11 prerequisite: KB2533623
    dism /online /add-package /packagepath:preqs/Windows6.1-KB2533623-x86.cab /quiet /norestart
    ECHO Installing IE 11 prerequisite: KB2731771
    dism /online /add-package /packagepath:preqs/Windows6.1-KB2731771-x86.cab /quiet /norestart
    ECHO Installing IE 11 prerequisite: KB2729094
    dism /online /add-package /packagepath:preqs/Windows6.1-KB2729094-v2-x86.cab /quiet /norestart
    ECHO Installing IE 11 prerequisite: KB2786081
    dism /online /add-package /packagepath:preqs/Windows6.1-KB2786081-x86.cab /quiet /norestart
    ECHO Installing IE 11 prerequisite: KB2888049
    dism /online /add-package /packagepath:preqs/Windows6.1-KB2888049-x86.cab /quiet /norestart
    ECHO Installing IE 11 prerequisite: KB2882822
    dism /online /add-package /packagepath:preqs/Windows6.1-KB2882822-x86.cab /quiet /norestart
    ECHO Installing IE 11 main application
    dism /online /add-package /packagepath:IE-Win7.cab /quiet /norestart
    ECHO Installing IE-Spelling
    dism /online /add-package /packagepath:Windows6.3-KB2849696-x86.cab /quiet /norestart
    ECHO Installing IE-Hyphenation
    dism /online /add-package /packagepath:Windows6.3-KB2849697-x86.cab /quiet /norestart
    ECHO Installing IE 11 Simplified Chinese language package
    dism /online /add-package /packagepath:Windows6.3-KB2849697-x86.cab /quiet /norestart
    ECHO Installing latest IE cumulative security update: KB3038314
    dism /online /add-package /packagepath:IE11-Windows6.1-KB3038314-x86.cab /quiet /norestart
    
  19. Deploy the whole folder to the client PC, run CMD as administrator and execute DeployIE11.bat, reboot the PC after installation and IE11 will be installed. Of course, you can use SCCM to deploy this package widely.

If the the installation still fails by using the method above, you can perform an In-Place Upgrade and try again.

User Profile Service service failed the logon (OSD)


The “User Profile Service service failed the logon (OSD)” error was given to me after I updated the task sequence at a customer a while back. The only thing updated was a new core-image with the latest updates and a new package for Internet Explorer 11.

profile

Other clients that were installed with the older task sequence stilled work and clients that were in use that had gotten the updates stilled worked, so this lead me to the package for IE 11. The installer was created using IEAK 11, described HERE, and as I thought this was the application causing the issue.

When creating a new package using IEAK, there is a bug, that prevents the default profile from loading correctly and a specific file from being copied. The file is named “iesqmdata_setup0.sqm” and is located somewhere under C:\Users\Default\. It seems the complete path is different on every system, but removing this file will solve the issue.

To verify that this is causing the error, you could check the event-viewer and look for the error code 1509.

To solve the issue, I put the following PowerShell script after IE 11 was installed to search for the file and remove it.

1 $filePath = "C:\Users\default\"
2 $fileName = "iesqmdata_setup0.sqm"
3 $item = Get-ChildItem -Recurse -Force $filePath -ErrorAction SilentlyContinue | Where-Object { ($_.PSIsContainer -eq $false) -and  ( $_.Name -like "*$fileName*") }
4 $file = $item.FullName
5 Remove-Item $file -Force

This is a bug, something that I hope MS will fix. I’ve seen this error from IE 9 and forward.

Deploy IE 11 using SCCM 2012


This post might seem big, but don’t worry, it’s like the favorite book you had in school, mostly pictures. Today I will show you how to deploy Internet Explorer 11 with SCCM 2012, something that might sound easy. In fact, it is quite easy, but there are still a few steps that isn’t that obvious and that needs to be done for the installation to complete successfully!

Before we begin, Internet Explorer 11 is installed by default on Windows 8 and 8.1 so this guide is intended for you who are going to deploy it to Windows 7 clients.
The steps bellow can be performed on any computer, it doesn’t need to be the SCCM-server or a client that is joined to the domain.

Worth noting, when IE 11 has been deployed to the clients, you might run into a problem where you get an error message saying “The user profile service failed the logon user profile cannot be loaded”, when trying to log on. To solve this bug, follow the easy steps on this post: The user profile service service failed the logon

The first thing we need to do is to download a few files from Microsoft, to start with, we need Internet Explorer Administration Kit 11, IEAK11, which can be downloaded from this link: https://www.microsoft.com/en-in/download/details.aspx?id=40903

Before IE 11 can be installed on a Windows 7 client, a few prerequisites needs to be installed and these are normally downloaded and installed by the exe that you can download. But since most companies have a policy for updates and installations, these will most likely fail and the installation of IE 11 stops. So, what we need to do is to download the files ourselves and add them to the installation media.

There is a total of six files that needs to be downloaded and they can be found on the following page: https://support.microsoft.com/en-us/kb/2847882

When downloaded, extract each *.msu file to its own folder using your favorite tool, I prefer Universal Extractor that can be found here.

3

 

Install IEAK 11

Next up is the installation of IEAK 11, which is quite forward. Run the file that you downloaded from Microsoft and on the first screen select “Next”

4

 

Accept the license terms and click on “Next”

5

For “License Type”, select “Internal Distribution via a Corporate Intranet” and chose the path for the installation.

6

Enter the name of your organization and continue.

7

To begin the installation, click on “Install”

8

Right about now is a good time to go and refill your cup of coffee, tea or other choice of beverage. When you return, the installation will have completed and you can close the wizard by clicking on “Finish”.

10

 

In some cases the Internet Explorer Customization Wizards starts automatically, but if it doesn’t, it can be started from the start menu. Click on “Next” to get started.

11

 

Select the folder where you would like to save the finished package, this is where we will get the new MSI-file.

12

 

Next, select the target OS. This is the OS on which IE 11 will be installed, so don’t choose the currently running OS if it is different!

13

 

Select the language that should be used in Internet Explorer.

14

 

Since we shall install IE 11 on clients, we need to create a “Full Installation Package” and not a “Configuration-only package”.

15

For the most basic setup, you need to select “Setup Customization” and “Internal Install”. In most cases, the other settings are set by GPOs.

16

 

To get the latest version available of IE 11, we need to synchronize with Microsoft, click on “Synchronize” and when completed, the “Next-button” will be available.

17

18

Now, remember the prerequisites we downloaded earlier? This is the time to add them to the new media we are creating. Click on “Add”.

19

 

In the new window, click on browse and select the *.cab file that was extracted. Make sure you don’t select the one called “WUSSCAN.cab”. Then under “Name” type the KB-number to easily see what has been added.

Also, make sure that it is set to install before Internet Explorer. (Setting it to install after will result in the same error as running the exe-file directly.)

21

 

Do this for all six updates that were downloaded and then click on “Next”.

22

 

On the next page, select “Allow users to choose”. (You will most likely already override this with a GPO)

23

 

On the next page, select “Completely Silent Installation” and “No restart”. Choosing these two options will hide everything from the user and there is no nasty surprise with a reboot of the client. (Usually happens when your boss is in a meeting presenting otherwise)

24

 

What follows now is completely optional and in most cases it should not be configured since these settings are in 99% of the cases controlled by GPOs or not needed. But I will add the pictures so you can see what can be configured and check before you start.

25 26 27 28 29 30

To start creating the customized package, click on “Next”. This is also another perfect time for a second refill since it will take a few minutes.

31 32

 

When completed, note the path to where the package has been created. In this folder there will be two other folders, but since we are only interested in the MSI-file created, go to .PackagePath\FLAT\WIN32_Win7\SV-SE (This will be different depending on what target OS you picked and which language you selected)

33 34

Create the Application in SCCM 2012

Okay, now we have the MSI-file and are just a few clicks away from completing the whole procedure. These steps are likely familiar to most of you, but a little repetition is never a bad idea.

Start by copying the MSI-file to your source-directory for SCCM 2012 and the create a new Application. Select the MSI-file we have just created.

35

Depending on what client you used to build the package and what security-settings that were set, you might get the following message. As long as you use the file you created, you are good to go!

36

Then, on “General Information”, enter the information needed and verify that the “Install Program” is correct.

38

 

That’s it! Now you are ready to deploy the application to the desired collection and let your users run Internet Explorer 11. Just remember to distribute the content to your DPs.

java uninstall

It’s time to fight back against Oracle and their crappy ways of supporting Java. This two punch script will uninstall any version in your org.. Even if multiple versions exist on a machine. Use it today and Screw oracle like you mean it 🙂

 

—- java-uninstall.bat —–
REM <start>
@echo off
if not exist c:\temp\. mkdir c:\temp
REM Export the Uninstall registry keys
start /wait “” REGEDIT /E c:\temp\registry.tmp HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\uninstall
REM Filter only the {} keys that Java might be in
type c:\temp\registry.tmp | find /i “{” | find /i “}]” > c:\temp\uninstall.tmp
type c:\temp\registry.tmp | find /i “JRE 1” >> c:\temp\uninstall.tmp

REM Run the Vbscript that uses this file to find Java Sun entries to uninstall
cscript “java-uninstaller.vbs
REM <end>
—- java-uninstall.bat —–

—- java-uninstaller.vbs —–
On Error Resume Next
Set WshShell = WScript.CreateObject(“WScript.Shell”)
Dim fso, MyFile
Set fso = CreateObject(“Scripting.FileSystemObject”)
Const ForReading = 1, ForWriting = 2
TempDir = “c:\temp”
TempISS = “c:\temp\iss”
LogFile = “uninst.log
UnString = ” -s -a /s /f1″
Set MyFile = fso.OpenTextFile(TempDir & “\uninstall.tmp”, ForReading)
Set ts = fso.CreateTextFile(LogFile)
Set f = fso.CreateFolder(TempISS)

Do While MyFile.AtEndOfStream <> True
ReadLineTextFile = MyFile.ReadLine
Uninstall = ReadLineTextFile
CLSID = Mid(Uninstall, 73, 38)
search5 = Instr(Uninstall, “JRE 1”)
search6 = Instr(Uninstall, “]”)
If search5 > 0 AND search6 > 0 Then
JRE1 = Replace(Mid(Uninstall, search5, search6),”]”,””)
End If

‘DisplayName
DisplayName=WshShell.RegRead(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\” & CLSID & “\DisplayName”)
‘Publisher
Publisher=WshShell.RegRead(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\” & CLSID & “\Publisher”)

‘UninstallString
UninstallString=WshShell.RegRead(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\” & CLSID & “\UninstallString”)

‘JREUninstallString
JREUninstallString=WshShell.RegRead(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\” & JRE1 & “\UninstallString”)

If JREUninstallString <> “” Then
JREUN = Replace(JREUninstallString,” -f”,” -s -a /s /f”)
ts.writeline JREUN
Return = WshShell.Run(JREUN , 1, TRUE)
End If

‘Search for presence of Java and Sun in DisplayName and Publisher
search1 = Instr(1, DisplayName, “Java”, 1)
search2 = Instr(1, Publisher, “Sun”, 1)
search3 = Instr(1, DisplayName, “J2SE”, 1)
search4 = Instr(1, UninstallString, “setup.exe”, 1)
‘Execute removal if there is a match
Uninstaller=”MsiExec.exe /X”&CLSID+” /QN”
if search1 > 0 or search3 > 0 and search2 > 0  Then
ts.writeline Uninstaller

Set iss = fso.CreateTextFile(TempISS & “\” & CLSID & “.iss”)

‘Create Response file for any Java Version
iss.writeline “[InstallShield Silent]”
iss.writeline “Version=v6.00.000”
iss.writeline “File=Response File”
iss.writeline “[File Transfer]”
iss.writeline “OverwrittenReadOnly=NoToAll”
iss.writeline “[” & CLSID & “-DlgOrder]”
iss.writeline “Dlg0=” & CLSID & “-SprintfBox-0”
iss.writeline “Count=2”
iss.writeline “Dlg1=” & CLSID & “-File Transfer”
iss.writeline “[” & CLSID & “-SprintfBox-0]”
iss.writeline “Result=1”
iss.writeline “[Application]”
iss.writeline “Name=Java 2 Runtime Environment, SE v1.4.0_01”
iss.writeline “Version=1.4.0_01”
iss.writeline “Company=JavaSoft”
iss.writeline “Lang=0009”
iss.writeline “[” & CLSID & “-File Transfer]”
iss.writeline “SharedFile=YesToAll”

If search4 > 0 Then
ss = Left(UninstallString,search4 + 9)
setupuninstal =  ss & UnString & Chr(34) & TempISS & “\” & CLSID & “.iss” & Chr(34)
ts.writeline setupuninstal
Return = WshShell.Run(setupuninstal , 1, TRUE)
End If
Return = WshShell.Run(Uninstaller , 1, TRUE)
End If
Loop
MyFile.Close
fso.DeleteFolder(TempDir)
—- java-uninstaller.vbs —–

Java install

Anyone can go to the control panel on their windows OS and shut down Java running in their browser. But how the hell are you going to do it for over 10,000K + non it people.

javacp-250

First a shopping list of sorts.

Windows SDK – http://www.microsoft.com/en-us/download/details.aspx?id=3138

Manual Java Download link – http://www.java.com/en/download/manual.jsp

I will show how to manipulate the MSI based installed of Java so that you can build a custom transform with the settings you feel is appropriate to deploy. First steps is to download the Windows 7 SDK. You do not need to install the full SDK. Follow my second link on how to install ORCA. The second article tells you which options you will need to install.

So what is ORCA? ORCA is a Microsoft based utility that allows you to see property database tables of MSI installers. This will be an important thing to do so we can build a custom transform of Java.

Download Java from the manual download link. So you will start to think. Hey wait a minute. This only has executable versions of Java. That’s ok. I suggest installing it in a Windows 7 VM.

Install Java 7 update 10 in a Windows 7 VM. Once you are finished navigate to the following folder.

C:\Users\{username}\AppData\LocalLow\Sun\Java\jre1.7.0_10 (for Win 7)

You will see two files:

files1

Pull those and make two separate copies in two separate places. I suggest making some copies of it in case you end up messing something up. Next you will need to run ORCA and do a file Open on the jre1.7.0_10.msi file.

When orca pulls up the MSI you will see a lot of property table files. The first thing you need to do. Generate a new transform before you start editing.

transform1

Once you have selected new Transform on the right you will see a listing of tables. Scroll down until you see a Table called “Property”.

There are a few properties to take note of.

(AUTOUPDATECHECK=0 JAVAUPDATE=0, MOZILLA=1, IEXPLORER=1 and REBOOT=No)

In their current order. This will prevent Java from Auto updating and performing update checks. Why do this? In your org it is wise to test application compatibility related to java applications before you choose to upgrade. It’s all about quality control.

The other settings enable java in Mozilla Firefox and IE. Reboot’s are suppressed with the setting “No”. This is done for obvious reasons. If you only run IE in your org. Mozilla can be set to = 0

Some new settings to take note of which are not in the “Property” Table

WEB_JAVA=0/1

WEB_JAVA_SECURITY_LEVEL=VH/H/M/L

These are two settings you can add as a property row in the table “Property” all you need to do is right click on the right hand side of the window pane and click on “add row”

WEB_JAVA=0

This will disable java content inside the browser. IF you do this. Setting WEB_JAVA_SECURITY_LEVEL will not be needed.

WEB_JAVA=1

This will enable Java inside the browser. Setting WEB_JAVA_SECURITY_LEVEL will be needed. Assign your security level as you see fit.

Once you are done with adding in the settings. Go to Transform toolbar and select “Generate Transform”. This will make a mst of your customized JAVA settings for you org.

Rollout Time

Uninstall previous version of Java. Refer to my script located here to do that. This will uninstall any version of Java. Even if multiple versions exist on the machine.

Next rollout customized version of Java.

Here is what your customized rollout deployment would look like from a command line

msiexec /i c:\temp\jre1.7.0_10.msi TRANSFORMS=”c:\temp\untitled.mst” /passive

This will automatically install Java only showing a progress bar to the machine.

Roll the uninstall script and this command line into your org’s deployment tool. MSI’s can also be accomplished as a GPO software based policy install.

Adding a little Extra security sauce to your landscape

Only do this if you enabled web_java setting

If you have well documented apps in your org then you should start whitelisting sites in the trust sites zone.

Do this to the registry first:

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3

Set the value data from 10000 to 0

This effectively removes java from being ran in the “internet zone”

I normally do reg add modifications as batch scripts and then I deploy.

Next set up your trusted sites by group policy. This will eliminate a lot of risk if you absolutely have to run Java in your internet browser. Be aware of XSS exploits though

How to install Microsoft Orca?

First a shopping list of sorts.

Windows SDK – http://www.microsoft.com/en-us/download/details.aspx?id=3138

Manual Java Download link – http://www.java.com/en/download/manual.jsp

Required:

Cisco VPN Client for windows 10

1. Download and install the Sonicwall 64-bit VPN client from HERE (as of this writing).

2. Install the Cisco VPN client.  Edit:  If you get an error that it cannot run on this operating system then just extract the .exe file and run the .msi file.  Problem solved.

3. Optional if needed:
  • Open regedit
  • Browse to the registry key HKLM\SYSTEM\CurrentControlSet\Services\CVirtA
  • Select the display name to modify:
    • x86 – “@oem8.ifn,%CVirtA_Desc%;Cisco Systems VPN Adapter” to “Cisco Systems VPN Adapter”
    • x64 – “@oem8.ifn,%CVirtA_Desc%;Cisco Systems VPN Adapter for 64-bit Windows” to “Cisco Systems VPN Adapter for 64-bit Windows”
  • Reboot

The first two steps worked for me without the need for registry edit.  I checked and the settings were already spelled correctly on my machine.  Full disclosure my systems are clean Windows 10 installs without being upgrades.

Without installing the Sonicwall client first you will get Error 433 after trying to connect.  Checking the logs shows that it cannot download the key to complete the secure connection.

What happens is that the Sonicwall client adds the DNE Lightweight filter network client on the machine.  I tried getting it directly from Citrix and installing it that way but was unsuccessful.

Using this method you can now get some more use out of the Cisco VPN client.  If you prefer you can uninstall the Sonicwall client afterwards.  I’ve been told by several people that the DNE software remains even after the Sonicwall client is removed.

BUILD 1511 EDIT:

I’m getting a lot of feedback about networking being broken after 1511.  I would highly advise you remove the Cisco VPN client and Sonic Global client software prior to installing build 1511.

I have now upgraded three different systems to 1511.  By removing both the Sonicwall and Cisco VPN software first, I had zero issues with it working properly afterwards.

However if the upgrade went through already, here’s what you can do to help mitigate these issues.  There’s no guarantee this is going to work but I have had two instances where the Cisco VPN software was removed by the 1511 upgrade and this worked after following the steps above.

You will need to reset all networking on Windows 10.  Luckily this is pretty easy to do.

– Open an administrator command prompt
– Run “netcfg -d”
– Reboot and reconfigure your networking as needed.

Creating an Archive PST file

Below you will find the steps for creating an archive/offline PST File within Outlook 2010. Retaining a large number of emails on the actual mail server can have a negative impact on your account’s performance within Outlook and within the webmail client. By creating an offline archive, you can retain the files in the same mail profile while improving your account’s performance within it.

To start, you will select File. Within the File menu, click on Account Settings to display the Account Settings drop-down menu, where you will select Account Settings to open the Account Settings dialog.

 

Outlook_2010_Archive_PST_1.png

 

Within the Account Settings dialog, select the Data Files tab. Next, select the Add icon to open the New Outlook Data File dialog.

 

Outlook_2010_Archive_PST_2.png

 

Within the Outlook Data File dialog, you will select Outlook data file (.pst) from Types of storage: then select OK to move forward to the next step.

 

Outlook_2010_Archive_PST_3.png

 

Within the Create or Open Outlook Data File dialog, you will name the PST file you wish to create and select the location you wish to save it. After choosing the location and giving the file a name, select OK to create the file.

Note: By default, it generally opens to C:\Users\<User’s name>\Documents\Outlook Files

 

Outlook_2010_Archive_PST_4.png

 

After creating the PST file, you will be returned to the Account Settings dialog. You will notice that the newly created PST file is now listed. Select Close to exit the Account Settings dialog.

 

Outlook_2010_Archive_PST_5.png

 

After creating your new PST File, you will notice that the file now appears within the mail navigation pane below your email account(s). Simply expand the carat down to view the pst file. You can now create folders to store/archive historical email correspondence you wish to retain offline. To move mail, all you have to do is select the messages then drag and drop them into the desired offline folder.

 

Outlook_2010_Archive_PST_6.png