anyweb

Introduction In an earlier post you installed System Center Configuration Manager (Current Branch), then you learned about configuring discovery. In this post you’ll take a look at configuring Boundaries to understand how automatic site assignment and content location works. What is a Boundary ? In System Center Configuration Manager, a boundary is a network location on the intranet that can contain one or more devices that you want to manage. Boundaries can be based on any of the following and the hierarchy can include any combination of these boundary types: IP subnet Active Directory site name IPv6 Prefix IP address range To use a boundary, you must add the boundary to one or more boundary groups. Boundaries are no longer site specific, but defined once for the hierarchy, and they are available at all sites in the hierarchy. Each boundary must be a member of a boundary group before a device on that boundary can identify an assigned site, or a content server such as a distribution point. You no longer configure the network connection speed of each boundary. Instead, in a boundary group you specify the network connection speed for each site system server associated to the boundary group as a content location server. What is a Boundary Group ? Boundary groups are collections of boundaries. By using boundary groups, clients on the intranet can find an assigned site and locate content when they have to install software, such as applications, software updates, and operating system images. What about Internet based clients ? When clients are on the Internet, or they are configured as Internet-only clients, they do not use boundary information. These clients cannot use automatic site assignment and always download content from any distribution point in their assigned site when the distribution point is configured to allow client connections from the Internet. Should I use automatic or manual boundary creation methods ? ConfigMgr can automatically create IP Address range and Active Directory Site based boundaries depending on your discovery preferences. This is useful in scenarios where you may have several subnet's or Active Directory Sites defined in Active Directory Sites and Services. If the number of subnets and sites in Active Directory Sites and Services is comparatively small, adding boundaries manually would be more suitable, however keep in mind that entering anything manually is prone to error. Ok now that you understand what boundaries and boundary groups are, let's continue. Step 1. Review AD Sites and Subnets in Active Directory Sites and Services Note: Perform the following on the Active Directory Domain Controller server (AD1) as Local Administrator To identify where ConfigMgr get's the information it needs to automatically create boundaries (depending on your discovery preferences) you can open Active Directory Sites and Services on the Active Directory Domain Controller. This tool allows you to edit, create, or delete Subnets or Active Directory sites or to change Forest or Domain Controller. To learn how to add new Sites or Subnets in Active Directory Sites and Services please review the following post on Technet: https://technet.microsoft.com/en-us/library/cc732761.aspx Note: A forest or domain consisting of a single site can be very efficient for a single location network connected completely by high-speed bandwidth. If your forest or domain contains multiple geographic locations that communicate over low-speed wide area network (WAN) connections, establishing multiple sites gives you more detailed control of Active Directory replication behavior, reduces authentication latency, and reduces network traffic on the WAN. In this sample setup I've already created 3 Active Directory Sites, and then I created 3 subnets and associated each of those subnets with an active directory site as listed below: NewYork - 192.168.5.0/24 London - 192.168.4.0/24 Stockholm - 192.168.3.0/24 Note: You will want to configure your Sites and Subnets according to your preferences as this is only an example configuration in a lab. Step 2. Review automatically discovered boundaries Note: Perform the following on your ConfigMgr server as a user with Full Administrator permissions in the ConfigMgr console. When you enabled Active Directory Forest Discovery in this guide, ConfigMgr automatically created boundaries for you based on the settings you selected. You can review those boundaries it created in the ConfigMgr console. To do so start the console and browse to the Administration workplace, select Hierarchy Configuration and then select Boundaries, the three Active Directory subnets detected by the discovery method are created as IP address range boundaries because you selected to automatically create IP address range boundaries for IP subnets when they are discovered in Active Directory Forest Discovery. Note: If you had configured Active Directory Forest Discovery to automatically create Active Directory Site boundaries when they are discovered then the active directory site names would be listed as boundaries also. If you change any subnets or sites within Active Directory Sites and Services they will not be shown until the Active Directory Forest Discovery method detects them as defined in it's schedule. In addition the discovery method will not remove previously detected subnets or sites. In addition to reviewing what boundaries are listed in the ConfigMgr console, you can use CMTrace to open the ADForestDisc.log file. The log file will be located in in the <InstallationPath>\LOGS folder. Tip: You can change the verbosity level of the logging engine for this discovery component by changing the Verbose Logs reg key found in HKLM\Software\Microsoft\SMS\Components\SMS_AD_FOREST_DISCOVERY_MANAGER from the default value of 0 to 2 for verbose logging. Thanks to my buddy Rob for reminding me. Once you've enabled the change, trigger Active Directory Forest Discovery by right clicking on the method and choose Run Forest Discovery Now. Step 3. Create a boundary group Note: Perform the following on your ConfigMgr server as a user with Full Administrator permissions in the ConfigMgr console. Start the ConfigMgr console and browse to the Administration workplace, select Hierarchy Configuration and then select Boundaries Groups. Right Click and choose Create Boundary Group. When the Create Boundary Group wizard appears, fill in some useful details about the boundary group you are creating. In this example you will name the Boundary Group as NewYork, USA. Tip: To make it easier to visualize what location your boundary groups deal with you could make the name descriptive of the Geographical location. For example for a boundary group that contains servers located in Sweden enter the name of the boundary group as Sweden, Europe. Another boundary group that contains servers in France could be called France, Europe and so on. Click OK when done. The newly created boundary group appears in the console. Step 4. Adding one or more boundaries to the boundary group Note: Perform the following on your ConfigMgr server as a user with Full Administrator permissions in the ConfigMgr console. To add one or more boundaries to a boundary group, start the ConfigMgr console and browse to the Administration workplace, select Hierarchy Configuration and then select Boundaries Groups. Right Click the previously created NewYork Boundary Group and choose choose Properties. The boundary group properties are shown. In this example you will add one IP Address Range boundary to this boundary group. Click on Add to add a boundary to the boundary group. Select the IP Address Range boundary that matches NewYork in the description. Alternatively if you have many boundaries, simply enter NewYork into the search field provided and select the available result. After clicking OK, the newly added boundary appears in the boundary group. Click OK to close the wizard, note that the member count in the boundary group has increased. Step 5. Enabling Automatic Site Assignment for the boundary group Note: Perform the following on your ConfigMgr server as a user with Full Administrator permissions in the ConfigMgr console. Site assignment is used by clients that use automatic site assignment to find an appropriate site to join, based on the clients current network location. After a client assigns to a site, the client will not change that site assignment. For example, if the client roams to a new network location that is represented by a boundary in a boundary group with a different site assignment, the client’s assigned site will remain unchanged. Source: Technet. To enable automatic site assignment for a boundary group, start the ConfigMgr console and browse to the Administration workplace, select Hierarchy Configuration and then select Boundaries Groups. Right Click the previously created NewYork Boundary Group and choose choose Properties. Click on the References Tab. Place a check mark in Use this boundary group for site assignment and using the drop down menu, select the site you wish to assign clients to. Click Apply and close the window by clicking on OK. Back in the console right click anywhere in the column view and choose Site from the list of available options as shown below. By default, the Site column is not selected. Once done, you'll see the site listed in that column provided that Automatic Site Assignment is enabled for that Boundary Group otherwise it will appear blank. Note: When you plan for boundary groups, to help avoid overlapping boundaries for site assignment, consider using of one set of boundary groups for site assignment, and a second set of boundary groups for content location. Step 6. Adding servers for Content and Policy retrieval for the boundary group Note: Perform the following on your ConfigMgr server as a user with Full Administrator permissions in the ConfigMgr console. In System Center Configuration Manager Current Branch you can add site servers to a boundary group for the following options: Content Location State Migration Points Preferred Management Point Note: If you intend to use preferred management points, you must enable this option for the hierarchy. To do so, in the Configuration Manager console, click Administration > Site Configuration > Sites > Hierarchy Settings. Then, on the General tab of the Hierarchy Settings, select Clients prefer to use management points specified in boundary groups as shown in the screenshot below. To enable automatic site assignment for a boundary group, start the ConfigMgr console and browse to the Administration workplace, select Hierarchy Configuration and then select Boundaries Groups. Right Click the previously created NewYork Boundary Group and choose choose Properties. Click on the References Tab. In the Site system servers section click on Add and place a check mark for each site system server you want added to this boundary group. Click OK when done and the selected site system servers will be listed. Note: If you want to change a Site System Servers connection speed from Fast (the default) to Slow, select the server name and click on Change Connection. Clients prefer Fast to Slow connections. Click Apply and then OK and you can now see that the Site System Count has increased. Step 8. Automate the above using PowerShell Note: Perform the following on your ConfigMgr server as a user with Full Administrator permissions in the ConfigMgr console. The above steps show how you can configure boundaries and boundary groups using the ConfigMgr console, however you could script it all using PowerShell. The ConfigMgr PowerShell cmdlets for Boundaries alone can be listed with the below command once you've connected to PowerShell in ConfigMgr. Get-Command -Module configurationmanager -Noun *boundary* To automate Boundary Group creation using Windows PowerShell either write your own script or take a look at this one I wrote, it will automate the above nicely and you can extend it to do multiple boundaries/boundary groups. Download the Create Boundary Groups.ps1 script in the Downloads section at the bottomg of this guide and extract it to C:\Temp. Open it with Windows PowerShell ISE by starting that as Administrator. Edit the variables in the script to match your environment, most are shown below in the Green box. When you are happy with the variables, Run the script by pressing F5 or clicking on the Green arrow. The following output will be observed. cool ! Summary Creating and configuring Boundaries and Boundary Groups helps Configuration Manager clients to locate content, use automatic site assignment and policy retrieval from preferred management points. Automating the process using Windows PowerShell is fun :-). Thanks for reading my guides ! until next time, adios. Downloads You can download a Microsoft Word copy of this guide dated 2015/12/28 here. How can I configure boundaries.zip The PowerShell script used in this guide is located here. Create Boundary Group.zip Note: There was a bug in the script up until Jan/14/2016. I've corrected it and uploaded the fixed script. Next Post > Updates and Servicing Offline mode

it was relevant when i posted it and of course there's more than one way to do it, use whichever method works for you be it * capture media * build and capture process in ConfigMgr * use MDT to build and capture the image I wroted a book recently which covers how to do this in ConfigMgr, have you taken a look as it covers software updates also... http://www.amazon.com/Windows-noob-Guides-Configuration-Manager-2012/dp/9187445166

ok that's odd, works fine for me, are you sure you followed every step exactly as i explained in the guide above ? any deviation may cause problems.. prior to Configuration Manager 2012 SP1 you would not use the Install.wim file directly from the media as Windows would end up on D: or E:, however to deal with this natively you can add a new Configuration Manager variable called OSDPreserveDriveLetter to your task sequence and set it to False before the Apply Operating System Image step. OSDPreserveDriveLetter For System Center 2012 Configuration Manager SP1 and later: This variable determines whether or not the task sequence uses the drive letter captured in the operating system image WIM file when applying that image to a destination computer. In Configuration Manager with no service pack, the drive letter captured in the WIM file is used when applying the operating system image WIM file. In Configuration Manager SP1, you can set the value for this variable to False to use the location that you specify for the Destination setting in the Apply Operating System task sequence step. For more information about the Apply Operating System task sequence step, see the Apply Operating System Image section in the Task Sequence Steps in Configuration Manager topic.

ok and you are saying the Windows is on E: after the deployment is complete ?

good info, i wonder if you do an in-place upgrade of SQL Server will it remove the error, backup the DB first !

"For Capture Settings, select This task sequence will never be used to capture an image" I didn't capture the image in this guide, so, how did you capture it ?

didn't you see this yet ? https://www.windows-noob.com/forums/topic/13368-how-can-i-install-system-center-configuration-manager-current-branch/

SCCM Current Branch is what you are referring to as SCCM 2016. There will be multiple updates released yearly for System Center Configuration Manager Current Branch to deal with new capabilities in mobile platforms and Windows 10. Therefore, if you are deploying Windows 10 now (and TH2 is the current release), and want to be able to support it in the future, you need to upgrade to the SCCM Current Branch release in order to deploy and patch the newer versions of Windows 10. The 'when' is when Windows 10 TH2 expires for Software Updates support and that would be 12 months after TH2 was released, so you 'could' stay on Configuration Manager 2012 R2 SP1 CUx until................... around November at the latest next year, and after that you'd have to move to Current Branch. Or, you'll be in a situation of having Windows 10 computers that you cannot patch with ConfigMgr. see https://technet.microsoft.com/en-us/library/mt598226%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396 for more details

you'll need to move to System Center Configuration Manager Current Branch if you want to service Windows 10 with updates for all releases of Windows 10 after TH2 (1511).

use a vm to build any reference image, always, I cover how to do this in my book here > http://www.amazon.com/Windows-noob-Guides-Configuration-Manager-2012/dp/9187445166

we are still waiting on a fix...

how did you capture the WIM file ?

Microsoft have released yet another Windows 10 build to insiders, details below With this build, you won’t see big noticeable changes or new features just yet. Right now, the team is focused on product improvements based on the feedback we’re hearing on the November update to Windows 10. This includes the changes that have also been going out as cumulative updates through Windows Update on your PCs running the Windows 10 November Update as well as on phones running Windows 10 too. We’re also working on some structural improvements to OneCore, which is the shared core of Windows across devices. Essentially, OneCore is the heart of Windows, and these improvements to OneCore make building Windows across PC, tablet, phone, IoT, Hololens and Xbox more efficient. We’re doing some code refactoring and other engineering work to make sure OneCore is optimally structured for teams to start checking in new features and improvements in the new year. https://blogs.windows.com/windowsexperience/2015/12/16/announcing-windows-10-insider-preview-build-11082/

hi Leon, yup i'm aware i'll adjust this post accordingly, thanks

Introduction In an earlier post you installed System Center Configuration Manager (Current Branch). In this post you will learn about configuring discovery. Planning for discovery in ConfigMgr is an important step while configuring your sites and hierarchies. You need to discover objects in locations that you select and these discovered resources are what you want to manage (devices/users). These discovered resources can be targeted with software and/or get the ConfigMgr client agent installed via Client Push functionality. Discovery within System Center Configuration Manager (Current Branch) has 6 methods listed below: Active Directory Forest Discovery Active Directory Group Discovery Active Directory System Discovery Active Directory User Discovery Heartbeat Discovery Network Discovery When a discovery method successfully finds a new resource, discovery puts information about that resource into a file that is called a discovery data record (DDR), which is processed by a primary or central administration site. Processing of a DDR creates a new record in the site database for newly discovered resources, or updates existing records with the DDRs new information. [source: Technet] Step 1. Enable Active Directory Forest Discovery Note: Perform the following on your ConfigMgr server as a user with Full Administrator permissions in the ConfigMgr console. In the Configuration Manager console, click on Administration and select Hierarchy Configuration, click on Discovery Methods. The first discovery method listed is Active Directory Forest Discovery. This discovery method can be enabled on CAS or Primary site(s). Unlike other discovery methods, Active Directory Forest Discovery does not discover resources that you can manage. Instead, this method discovers Active Directory network locations and can convert those locations into boundaries for use throughout your hierarchy. To discover Active Directory network locations and convert those locations into boundaries open the ConfigMgr console, in the Administration workspace, select Hierarchy Configuration, then select Discovery Methods and right click Active Directory Forest Discovery for the primary site and right click, choose Properties. The General window appears with one option, Enable Active Directory Forest Discovery. Select it and two more choices are revealed: Automatically create active directory site boundaries when they are discovered Automatically create IP address range boundaries for IP subnets when they are discovered. Select the second option and leave the default schedule for every 1 weeks. Tip: Selecting both options above is fine in a LAB. In Production however, you should consider only selecting to discover IP address ranges. For clarification about this point please review this post from Jason Sandys (Enterprise Mobility MVP) about why IP Subnet Boundaries are EVIL Click Apply, you'll be prompted if you want to run a discovery as soon as possible, answer Yes. Tip: If you want to review the discovery of objects via this discovery method, you can use CMTrace to open the ADForestDisc.log file. The log file will be located in in the <InstallationPath>\LOGS folder. When publishing is enabled for a forest and that forests schema is extended for Configuration Manager, the following information is published for each site that is enabled to publish to that Active Directory forest: SMS-Site-<site code> SMS-MP-<site code>-<site system server name> SMS-<site code>-<Active Directory site name or subnet> To verify that you've enabled publishing browse to Administration, Site Configuration, Sites, and check the properties of your Primary site server. Click on the Publishing tab. Step 2. Enable Active Directory Group Discovery Note: Perform the following on your ConfigMgr server as a user with Full Administrator permissions in the ConfigMgr console. You can use Active Directory Group Discovery to search Active Directory Domain Services (AD DS) to identify the group memberships of computers and users. This discovery method searches a discovery scope that you configure, and then identifies the group memberships of resources in that discovery scope. By default, only security groups are discovered. However, you can discover the membership of distribution groups when you select the checkbox for the option Discover the membership of distribution groups on the Option tab in the Active Directory Group Discovery Properties dialog box. When you discover a group, you can also discover limited information about its members. Note: This does not replace Active Directory System Discovery or Active Directory User Discovery and is usually insufficient to build complex queries/collections or to serve as the bases of a client push installation. Active Directory Group Discovery can discover the following information: Groups Membership of Groups Limited information about a groups member computers and users, even when those computers and users have not previously been discovered by another discovery method Tip: This step assumes you want to discover resources recursively in the windowsnoob OU. Therefore, it may be necessary to move servers into their respective OU which is a child OU under the windowsnoob OU created in this guide otherwise they will not be discovered by this discovery method. You can do that via Active Directory Users and Computers on AD1. In the ConfigMgr console, in the Administration workspace, select Hierarchy Configuration, then select Discovery Methods and right click Active Directory Group Discovery and choose properties. Select the option to Enable Active Directory Group Discovery and click on Add to see two more choices, Groups and Location. These options are explained below: Groups: Use groups if you want to search one or more specific Active Directory groups. You can configure the Active Directory Domain to use the default domain and forest, or limit the search to an individual domain controller. Additionally, you can specify one or more groups to search. If you do not specify at least one group, all groups found in the specified Active Directory Domain location are searched. Location: Use a location if you want to search one or more Active Directory containers. This scope option supports a recursive search of the specified Active Directory containers that also searches each child container under the container you specify. This process continues until no more child containers are found. Note: When you configure a discovery scope, select only the groups that you must discover. This is because Active Directory Group Discovery attempts to discover each member of each group in the discovery scope. Discovery of large groups can require extensive use of bandwidth and Active Directory resources. Select Location from the drop down menu. Give it a name like Active Directory Group Discovery - P01 and select browse to decide where to recursively search. In this example I select the previously created windowsnoob Organizational Unit (OU) which will contain your servers, users, computers and devices. Click on the Polling schedule tab and decide what is appropriate for your setup, the default is 7 days for a full Active Directory Group Discovery and you can enable Delta Discovery (enabled by default). This discovery method finds resources in Active Directory Domain services that are new or modified since the last discovery cycle in the time interval specified (default is 5 minutes). Next, you can review the three options on the Options tab and click Apply when ready and answer Yes to running the full discovery. Tip: If you want to review the discovery of objects via this discovery method, you can use CMTrace to open the adsgdis.log file. The log file will be located in in the <InstallationPath>\LOGS folder. Step 3. Enable Active Directory System Discovery Note: Perform the following on your ConfigMgr server as a user with Full Administrator permissions in the ConfigMgr console. Use Configuration Manager Active Directory System Discovery to search the specified Active Directory Domain Services (AD DS) locations for computer resources that can be used to create collections and queries. You can then install the client to discovered computers by using client push installation. To successfully create a discovery data record (DDR) for a computer, Active Directory System Discovery must be able to identify the computer account and then successfully resolve the computer name to an IP address. By default, Active Directory System Discovery discovers basic information about the computer including the following: Computer name Operating system and version Active Directory container name IP address Active Directory site Last Logon Timestamp In the ConfigMgr console, in the Administration workspace, select Hierarchy Configuration, then select Discovery Methods and right click Active Directory System Discovery and choose Properties, place a checkmark in Enable Active Directory System Discovery. Click on the yellow starburst to add some Active Directory containers. For path click on browse and browse to the location you want to discover systems in. Tip: You can add several locations by repeating this process and selecting different locations, but only add the locations you need to add as you don't want to generate unnecessary network and CPU bandwidth. On the Polling schedule tab, stick to the defaults and then select the Active Directory Attributes tab, if you want to add an attribute to discover select one from the list and choose Add >> in the example below you are adding an Active Directory attribute called msTPM-ownerinformation. There are many attributes to choose from, use only the ones you need to get your job done. and click Apply and Ok and answer Yes to run a full discovery as soon as possible. Tip: If you want to review the discovery of objects via this discovery method, you can use CMTrace to open the adsysdis.log file. The log file will be located in in the <InstallationPath>\LOGS folder. Step 4. Enable Active Directory User Discovery Note: Perform the following on your ConfigMgr server as a user with Full Administrator permissions in the ConfigMgr console. Use Configuration Manager Active Directory User Discovery to search Active Directory Domain Services (AD DS) to identify user accounts and associated attributes. You can view the default list of object attributes returned by Active Directory User Discovery, and configure additional attributes to be discovered in the Active Directory User Discovery Properties dialog box on the Active Directory Attributes tab. By default, Active Directory User Discovery discovers basic information about the user account including the following: User name Unique user name (includes domain name) Domain Active Directory container names In the ConfigMgr console, in the Administration workspace, select Hierarchy Configuration, then select Discovery Methods and right click Active Directory User Discovery and choose Properties. Place a checkmark in Enable Active Directory User Discovery as shown below. Select the Enable Active Directory User Discovery box and click on the yellow starburst to add some active directory locations to discover users. You can configure the Polling tab and Active Directory Attributes tab settings if you wish, then click apply and answer yes to Run a Full Discovery now. Tip: If you want to review the discovery of objects via this discovery method, you can use CMTrace to open the adusrdis.log file. The log file will be located in in the <InstallationPath>\LOGS folder. Step 5. Review what has been discovered in the console Note: Perform the following on your ConfigMgr server as a user with Full Administrator permissions in the ConfigMgr console. In the ConfigMgr console, in the Assets and Compliance workspace, select Users, then select All Users, the discovered Users should appear. In the Assets and Compliance workspace, select All User Groups, the discovered User Groups should appear. In the ConfigMgr console, in the Assets and Compliance workspace, select Devices, then select All Systems, the discovered Systems should appear. Note: If you are wondering why AD1 does not appear it is because that server is placed under the Domain Controllers container and that container path was not added to any system discovery method. Summary In this guide you configured Discovery methods in System Center Configuration Manager (Current Branch) to discover resources that you want to manage. In the next part of this new series you will configure Boundaries. until next time, adios and thanks for reading. Related Reading Run discovery for System Center Configuration Manager - https://technet.microsoft.com/en-us/library/mt621991.aspx Downloads You can download a Microsoft Word copy of this guide (dated 2015/12/17) here: Configuring Discovery for System Center Configuration Manager (Current Branch).zip Next Post > Configuring Boundaries

attach the logs here so we can see

try this link instead http://lmgtfy.com/?q=+install+internet+explorer+11+by+group+policy

search by the product name, then once done, count the results.

I would change it like so 1) Uninstall ADK 8.1 and install ADK 10, reboot 2) Upgrade MDT 2013 to MDT 2013 update 1 3) Install SCCM 2012 R2 SP1 CU1( KB KB3074857) and SCCM 2012 R2 SP1 CU2 (KB3100144) once everything is in place, you can then consider doing an inplace upgrade to CM1511

using System Center 2012 Configuration Manager - Part 9. Deploying Monthly Updates using System Center 2012 Configuration Manager - Part 10. Monitoring our Monthly Updates Automatic Deployment Rule

look at this https://www.windows-noob.com/forums/topic/2758-how-can-i-copy-files-from-a-package/

We received a report from a user of an unusual alert from their anti-malware software, where it appeared that a domain known to host malicious JavaScript was accessed from a Windows-Noob page. An analysis at the time did not detect any unusual changes to the forum software and concluded that the most likely scenario was a malicious advertisement in the Google/DoubleClick ecosystem. At this time, the skins for the IP.Board software were re-cached as a precaution. Some time later, some proxy servers' content categorisation system began to categorise Windows-Noob.com as "Suspicious". We were frustrated at the time to have little to no further information as to why this was the case. Only one of the website scanners we used to try and externally determine if there was an infection showed an issue: it had "Detected reference to malicious blacklisted domain myitforum.com". This domain obviously is quite legitimate, but had been compromised in the past, as have many websites that accept user generated content. We were assured that the infection issue on myitforum.com had been resolved, but in an effort to remove the "Suspicious" category from Windows-Noob.com, removed all outbound links to myitforum.com from our site. We did not at this stage connect the earlier report and this issue. None of the highly respected external systems like Google Webmaster Tools at any point suggested that we had been infected, and the 'detection' was limited to this one website scanner, which gave us these results referencing myitforum.com. Later still, we received another report from a user that their browser had been redirected to a malicious domain after visiting Windows-Noob from a search engine result page. We also finally received detailed information from the proxy server categorisation system provider that gave specific detail as to our “Suspicious” categorisation. A packet capture on the Windows-Noob server was taken over a few hours and then analysed. With the reported information from the user, we quickly identified injected JavaScript based on the reported malicious domain. The injected JavaScript was located in the theme cache files and was removed. Additional aggressive monitoring was put in place to try and determine if there was an active entry vector for the attacker. Later on that evening, malicious JavaScript re-appeared, detected by our additional monitoring that was put in place, and we promptly removed it again. Detailed analysis, including log file and packet capture analysis was performed to try and determine the attack vector, but no promising leads were found. The injected JavaScript then did not re-appear after that second appearance, and we unfortunately remain in the dark as to how the attack occurred. Our improved monitoring systems remain in place. The code, once unpacked and analysed, was actually quite rudimentary and simply injected references to the malicious JavaScript if certain conditions were met (user was referred from a search engine result page, and using certain browsers). Extensive reviewing of log files revealed no evidence of any other intrusion, but we accept that given our lack of understanding of the original attack vector, we cannot determine if any other actions were taken. Because we were unable to determine with confidence the source of the injected JavaScript and the attack vector used, we took the step of a complete server reinstall from known good media. The forum software has been completely reinstalled from a fresh download of the IP.Board software and all old and non-essential files removed. At the same time, we have taken other steps to protect users, including implementing mandatory HTTPS across the site (long overdue!), which would have, in this scenario, prevented injected JavaScript on HTTP domains executing in users' browsers and also protects passwords in transit. We apologise to users that this happened and particularly that we didn't spot it quickly enough. We hope as fellow IT professionals you appreciate the challenges in defending complex systems that are exposed to the world, especially on a very modest budget. We have learned a lot from this incident, despite the frustration of not knowing the original attack vector, and will continue to work hard to do better. It is a good idea, given what has happened, to reset your password for this site. This will also have the effect of invalidating the passwords that used to transit in the clear over HTTP and mean that your new password will not have traversed the public internet unencrypted. The standard advice about also resetting any other password that you might have shared with this site applies too.

yeah the errors you are seeing is what everyone else is seeing so we have to wait for a fix from microsoft I guess.

why not let Active Directory DNS do it's job ? why do you want to copy this file to every system, please explain

it seems that EDU and ENT editions are not available in WSUS/SUP yet, so i'd suggest you wait, the ones that currently are there don't work properly either, see my bug on Connect here.