Adding Active Directory tools to your workstation

Grab this update from the Microsoft website, the one above I use is for 64 bit OS’s (x64), download 32 bit if you’re running 32bit OS.

Windows6.1-KB958830-x64-RefreshPkg.msu

http://www.microsoft.com/en-au/download/details.aspx?id=7887

 

After it’s been successfully installed go to the Start Menu > Control Panel and select “Programs”;

1

 

 

“Turn Windows Features on or off” under “Programs and Features”

 
 
 
The “Windows Features” dialog box will be displayed, scroll down to “Role Administration Tools” (under “Remote Server Administration Tools”) and select the the following items;
 
2
 

Click “OK” to make the changes.

In order to make finding these under the Start Menu a little easier right-click the Start Button and select “Properties”;

 
 
3
 

Taskbar and Start Menu Properties

 
 
Select “Customize …” and then scroll down the list until you see “System administrative tools” and choose where you want the tools to display;
 
4
 

Under the Start Menu you will now see an “Administrative Tools” option, under this you’ll see the new AD Tools;

 

5

 

Use Active directory Users and Computers to check if computers are in the “Unmanaged” OU and move them if needed to Desktop/Laptop OU’s.

Common signs a machine is in an unmanaged OU:

  • build process doesn’t complete.
  • When elevating rights, it doesn’t accept your username/password.
  • Prompts for username, password, domain when making an SCCM RT connection
  • Iprint printers don’t add after adding them via interface 

*Note: there are some machines purposely left in unamanged OU due to being a NAS server or a specific purpose, or a vendor managed machine, please leave these in unmanaged.

 

Summary

The following changes are required to allow a Samba/CIFS connection.
1. Create a local user account on Windows PC.
2. Share a folder and give local user read/write access to share.
3. Group policy change to network settings.
4. Windows registry change.

User account

Create a new Windows user account with either user or administrator privileges and assign a password. On Windows PC go to Control Panel > Administrative Tools > Computer Management or Start > Run > compmgmt.msc /s to open Computer Management, or [Win]+R, compmgmt.msc /s. The password must meet the following criteria
1. At least one capital letter
2. Contain non consecutive numbers eg. 1357
3. Six (6) to fourteen (14) characters long.
4. Must not match the user name. E.g Mforce1357

Ensure the following options are ticked
User cannot change password
Password never expires

Share folder

Configure or create the following items:
* Create a shared folder on the Windows computer for example C:\Forcefield
* Ensure that File and Printer Sharing is installed in the network setup. See Control Panel, Network Connections
* On the shared folder assign read/write security and sharing privileges to the above Windows user.
* Ensure that the Windows user has been allowed access to the shared folder on the share and security tabs

Group policy

To edit the group policy
1. Start > Run > gpedit.msc or [Win]+R, gpedit.msc or Search hard disk for “gpedit.msc”, then open
2. Click the + boxes to navigate to Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options.
3. In the right-hand pane, ensure that the following items are set:
*  Microsoft network server: Digitally sign communications (always) changed to Disabled
*  Microsoft network client: Digitally sign communications (always) change to Disabled
*  Network Security: LAN Manager Authentication Level is set to any that does not “Refuse LM”. Typically use             *  Send LM & NTLM and use NTLMv2 session security if negotiated
4. Exit from the Group Policy editor.

Registry keys

Caution: Always use extreme care when editing the Windows registry! Making a mistake while editing the registry can cause Windows to behave erratically. To fix this problem, you may need to reinstall your operating system.
To edit the Windows registry
1. Start > Run > regedit or [Win]+R, regedit or Search hard disk for “regedit.exe”, then open
2. Click the + boxes to navigate to HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control > Lsa.
3. In the right-hand pane, right-click lmcompatibilitylevel and then select Modify. Change the Value data to 1, and then click OK.
4. In the right-hand pane, right-click nolmhash and then select Modify. Change the Value data to 0, and then click OK.
5. Exit from the Registry Editor.

Samba Setup for Windows 7 Enterprise

untitled

Creating user on Windows 7 Enterprise

untitled3

Changing share permissions on the folder

untitled3

 

Changing security permissions on the folder

untitled4

gpedit policy changes

untitled5

Registry changes

untitled6

Successful connection Windows 7

http://blogs.technet.com/b/configmgrteam/archive/2013/10/29/understanding-the-configuration-manager-content-library.aspx

MSI Error Codes

Posted: November 9, 2013 in Windows Installer
Value Description Error Code
0 Action completed successfully. ERROR_SUCCESS
13 The data is invalid. ERROR_INVALID_DATA
87 One of the parameters was invalid. ERROR_INVALID_PARAMETER
120 This function is not available for this platform. It is only available on Windows 2000 and Windows XP with Window Installer version 2.0. ERROR_CALL_NOT_IMPLEMENTED
1259 This error code only occurs when using Windows Installer version 2.0 and Windows XP or later. If Windows Installer determines a product may be incompatible with the current operating system, it displays a dialog informing the user and asking whether to try to install anyway. This error code is returned if the user chooses not to try the installation. ERROR_APPHELP_BLOCK
1601 The Windows Installer service could not be accessed. Contact your support personnel to verify that the Windows Installer service is properly registered. ERROR_INSTALL_SERVICE_FAILURE
1602 User cancel installation. ERROR_INSTALL_USEREXIT
1603 Fatal error during installation. ERROR_INSTALL_FAILURE
1604 Installation suspended, incomplete. ERROR_INSTALL_SUSPEND
1605 This action is only valid for products that are currently installed. ERROR_UNKNOWN_PRODUCT
1606 Feature ID not registered. ERROR_UNKNOWN_FEATURE
1607 Component ID not registered. ERROR_UNKNOWN_COMPONENT
1608 Unknown property. ERROR_UNKNOWN_PROPERTY
1609 Handle is in an invalid state. ERROR_INVALID_HANDLE_STATE
1610 The configuration data for this product is corrupt. Contact your support personnel. ERROR_BAD_CONFIGURATION
1611 Component qualifier not present. ERROR_INDEX_ABSENT
1612 The installation source for this product is not available. Verify that the source exists and that you can access it. ERROR_INSTALL_SOURCE_ABSENT
1613 This installation package cannot be installed by the Windows Installer service. You must install a Windows service pack that contains a newer version of the Windows Installer service. ERROR_INSTALL_PACKAGE_VERSION
1614 Product is uninstalled. ERROR_PRODUCT_UNINSTALLED
1615 SQL query syntax invalid or unsupported. ERROR_BAD_QUERY_SYNTAX
1616 Record field does not exist. ERROR_INVALID_FIELD
1618 Another installation is already in progress. Complete that installation before proceeding with this install. ERROR_INSTALL_ALREADY_RUNNING
1619 This installation package could not be opened. Verify that the package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package. ERROR_INSTALL_PACKAGE_OPEN_FAILED
1620 This installation package could not be opened. Contact the application vendor to verify that this is a valid Windows Installer package. ERROR_INSTALL_PACKAGE_INVALID
1621 There was an error starting the Windows Installer service user interface. Contact your support personnel. ERROR_INSTALL_UI_FAILURE
1622 Error opening installation log file. Verify that the specified log file location exists and is writable. ERROR_INSTALL_LOG_FAILURE
1623 This language of this installation package is not supported by your system. ERROR_INSTALL_LANGUAGE_UNSUPPORTED
1624 Error applying transforms. Verify that the specified transform paths are valid. ERROR_INSTALL_TRANSFORM_FAILURE
1625 This installation is forbidden by system policy. Contact your system administrator. ERROR_INSTALL_PACKAGE_REJECTED
1626 Function could not be executed. ERROR_FUNCTION_NOT_CALLED
1627 Function failed during execution. ERROR_FUNCTION_FAILED
1628 Invalid or unknown table specified. ERROR_INVALID_TABLE
1629 Data supplied is of wrong type. ERROR_DATATYPE_MISMATCH
1630 Data of this type is not supported. ERROR_UNSUPPORTED_TYPE
1631 The Windows Installer service failed to start. Contact your support personnel. ERROR_CREATE_FAILED
1632 The temp folder is either full or inaccessible. Verify that the temp folder exists and that you can write to it. ERROR_INSTALL_TEMP_UNWRITABLE
1633 This installation package is not supported on this platform. Contact your application vendor. ERROR_INSTALL_PLATFORM_UNSUPPORTED
1634 Component not used on this machine ERROR_INSTALL_NOTUSED
1635 This patch package could not be opened. Verify that the patch package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer patch package. ERROR_PATCH_PACKAGE_OPEN_FAILED
1636 This patch package could not be opened. Contact the application vendor to verify that this is a valid Windows Installer patch package. ERROR_PATCH_PACKAGE_INVALID
1637 This patch package cannot be processed by the Windows Installer service. You must install a Windows service pack that contains a newer version of the Windows Installer service. ERROR_PATCH_PACKAGE_UNSUPPORTED
1638 Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. ERROR_PRODUCT_VERSION
1639 Invalid command line argument. Consult the Windows Installer SDK for detailed command line help. ERROR_INVALID_COMMAND_LINE
1640 Installation from a Terminal Server client session not permitted for current user. ERROR_INSTALL_REMOTE_DISALLOWED
1641 The installer has started a reboot. This error code not available on Windows Installer version 1.0. ERROR_SUCCESS_REBOOT_INITIATED
1642 The installer cannot install the upgrade patch because the program being upgraded may be missing or the upgrade patch updates a different version of the program. Verify that the program to be upgraded exists on your computer and that you have the correct upgrade patch. This error code is not available on Windows Installer version 1.0. ERROR_PATCH_TARGET_NOT_FOUND
1643 The patch package is not permitted by system policy. This error code is available with Windows Installer versions 2.0 or later. ERROR_PATCH_PACKAGE_REJECTED
1644 One or more customizations are not permitted by system policy. This error code is available with Windows Installer versions 2.0 or later. ERROR_INSTALL_TRANSFORM_REJECTED
3010 A reboot is required to complete the install. This does not include installs where the ForceReboot action is run. This error code not available on Windows Installer version 1.0. ERROR_SUCCESS_REBOOT_REQUIRED

MSI Install Basics

Posted: November 9, 2013 in Windows Installer
Tags: ,

Windows Installer Basics (MSI’s)

Description Option
Install the specified MSI /i
Remove the specified MSI /x=remove
Install to the C drive, not just the drive with the most free space ROOTDRIVE=C:\
Install silently with no user interface /qn
Create a verbose a the path and filename specified /l*v c:\windows\ccm\logs\<uniqueID>_<applicationname>.log
Do not allow the machine to be rebooted following installation REBOOT=ReallySuppress

InstallShield Legacy Setup

Description

Option

Execute the installation while recording any wizards responses in an ISS answer file at the specified name and path

/r /f1 “path to ISS file”

Run a silent installation using the specified ISS answer file

/s /f1 “path to ISS file”

Do not release the current session until the installation is complete

/sms

InstallShield Windows Installer Setup

Description

Option

Silently install and pass the specified parameters to be included Windows Installer Setup

/s /v/qn”Windows Installer parameters”

Description

Option

Install the specified MSI

/i

Remove the specified MSI

/x=remove

Install to the C drive, not just the drive with the most free space

ROOTDRIVE=C:\

Install silently with no user interface

/qn

Create a verbose a the path and filename specified

/l*v <location of logfile + name>.log

Do not allow the machine to be rebooted following installation

REBOOT=ReallySuppress