Jump to content




ingram59

Established Members
  • Content count

    25
  • Joined

  • Last visited

Community Reputation

0 Neutral

About ingram59

  • Rank
    Member
  1. Please read the full posting before answering. I've searched extensively for a GPO fix to my issue but I can't find one. I've got a lot of users that work wit IE. Under Internet Options / Programs / Default Web Browser there are two options, "Tell me if Internet Explorer is not the default web browser" and "Make default". Both are grayed out on some machines and of course, cannot be modified. On other machines the "Tell me...." option is active and can be checked and the "Make Default" is grayed out. Machines with both conditions have the SAME group policies applied to them. I have a PS script on my DC allowing me to search GPO's for specific content. However I don't know what to search for in order to find the GPO that has these settings in them. Google searches have proved fruitless in finding the GPO options that need to be changed. I'm less concerned about the "Make Default" than I am about the "Tell me...." option. Where are these settings located and what are they titled? If they are not specific settings, what registry changes can I push that allows me to activate the "tell me..." option in IE? Also, why, if the same policies are being applied (meaning they are not being blocked by security filtering), are the settings on these machines different. This is extremely frustrating and I'm really looking for a solution to this. Thanks in advance for your assistance.
  2. One addition. It does appear that after I reboot the SCCM server the device DOES NOW appear in the collection AND the Content status properly updates and is available. However, a REBOOT is REQUIRED every time a change like this is made. That WAS NOT and SHOULD NOT be the case.
  3. Here is the scenario. Please read the entire post before responding. Sccm 2012 recently updated to the latest release. Device collection with a Query rule to retrieve computers based on a certain condition. Collection and query rule built prior to the upgrade. Collection limited to All Systems I create a Direct Rule under the Membership Rules for that collection and add a device. I select the device and it does show up in the Membership Rules After closing the window, refreshing the collection, Updating Membership AND waiting overnight, the member count DOES NOT change and my direct add machine DOES NOT appear in the collection I go back in to the collection Properties / Membership Rules and it IS listed there as the Direct entry, along with my Query rule that was previously added The device in question is present in All Systems (it is my workstation) 2nd testing step Created a BRAND NEW TEST COLLECTION Did a direct add of my machine Collection shows zero entries following update and refresh Added two other random machines Collection shows zero entries following update and refresh Rebooting the sccm server has no impact. This is only one of the symptoms of some issue indicating that it is NOT just collection related. Another symptom relates to updating distribution points after adding new drivers. The update completes but the date and time stamp on the Content status DOES NOT reflect the update that was executed. Even when waiting overnight. Your assistance is greatly appreciated.
  4. The issue I'm describing is VERY FRUSTRATING. We are decommissioning a proxy server yet our firewall is still showing windows 7 computers hitting the proxy server. Here are the steps that I've taken and what I've looked at on one of the computers in question. DESELECTED "Automatically Detect Settings" Set "Use automatic configuration script" to reference the CORRECT proxy server that is currently in use DESELECTED AND CLEARED the entry under the "Proxy Server" entry for "Use a proxy server for your LAN......" Fields are blank and UNCHECKED Edited the registry and removed ALL references to the proxy server that we DO NOT want to reference (the one being decommissioned) both IP address and the hostname that references the proxy server. Changed the one installed application to point to the correct proxy server. Flushed the DNS cache on the workstation. With ALL these steps taken, can someone tell me where to look or tell me why the machine is still trying to reach out to the proxy that we're decommissioning?
  5. Tracking down account lockout

    That doesn't make senses to me. If you look at the 2nd screen shot, the computer name is different. The "Computer" listed is the machine that I was on when I viewed the event log. I did this on a member server and on a DC.
  6. I have a GPO containing User and Computer settings. It is 'enabled' in the Details tab and 'Authenticated Users' was added under the Delegation tab. It is linked to the proper OU's and the Security Filtering contains the group containing members needing the GPO. Also for added measure, Domain Computers was added in the Delegation Tab. However, the policy is not applying, even with a reboot, and I HAVE given it adequate time to replicate. When I run a GPUPDATE /Force and then a GPRESULT /r from the command line on my test workstation, logged in as my Domain Admin account, the policy does not show up and does not appear in the HTML file when I create it using GPRESULT. This machine is in an OU for which the GPO is applied. When I run the GPO Modeling Wizard, the policy shows up as Denied... Access Denied (Security Filtering) See attached screen shot. How do I get this policy to apply the the computer and associated user when policy refreshes. I've attached two screen shots:The results of the modeling wizard: and the RSOP run from 'elevated' command line: This is time sensitive. I'm needing input as soon as reasonably possible. Thanks in advance for your input. Thanks, Dino
  7. I have a Domain Admin account in one of our domains containing six DC's. My account is being locked out on a DAILY basis. I don't use that account to run any services. I'm attaching screen shots of the messages. They are nondescript from the standpoint of directing me to the server or computer that is generating the lockouts. How can I track down the machine that is locking out my account? Event log screen shots attached.
  8. I've created a User GPO to map a drive for users in a SUB-OU who need it. The GPO is linked to the user SUB-OU for the department in question. There are about 50 users in that SUB-OU and I only need the GPO to apply to about ten of them. I created a Global Security group with only those ten users and added it to Security Filtering for the GPO thinking that would work. However the GPO refuses to apply unless I leave Authenticated Users in Security Filtering. (Authenticated Users is now required for applying User GPO's). In this scenario, the mapping then applies to ALL users in the linked SUB-OU and not simple to the ten users in the security group that I created. How do I get the GPO to apply to the SUB-OU but still only set the mapping for the few users who need it? I don't want to make another SUB-OU just to accommodate drive mapping for these users since this is a process that will have broader implications for other department.
  9. I appreciate the feedback so far. The installer and the uninstaller are VERY POORLY WRITTEN. There are no unattended or silent flags to use for the removal. Also, I already looked at the link in this thread and ran it. The application does not show up when I run the powershell commands. LOTS of Microsoft software shows up though. It is not an MSI install. It is an EXE install. There is no uninstall key. I've attached a screen shot of the uninstall options. The "console mode" in the screen shot simply opens a GUI uninstall.
  10. There is an older application (Fishbowl 2013) running on over 100 machines. It was manually installed. We just recently moved to SCCM. It was an EXE install and there is NO uninstall value in the registry to reference. The uninstall uses "uninstall.exe", located in the "program files (x86)\Fishbowl" folder. There are no flags that will allow me to provide input to the uninstaller. I am able to do a removal on the local machine without incident. The vendor was of no help. What I want to do is use SCCM to uninstall this application so that we don't have to touch over 100 machines. I've tried creating a 'package' and an 'application', with a CMD file containing the full path to the uninstall command, but it doesn't work in either scenario. I don't want to 'install', the uninstaller, which is what both options want to do. I simply want to run the uninstaller 'hidden', so users get no prompts and so it completes automatically. I am not a powershell coder. I find it cryptic and confusing and am not able grasp it. Any help would be greatly appreciated. Dino
  11. I've got two forests (Forest A and Forest B ) with a validated two-way non-transitive trust between the domains in each forest. I login as a domain admin to a server in Forest B and can open AD users and computers and browse as needed. I can also open AD in Forest A from that same server in Forest B and can I see all objects. Where I'm having a problem is trying to grant access to a user in the domain on Forest A to a folder on a server in the domain in Forest B. On the server in the domain in Forest B, I open "Share and Storage Management and select the share to which I want to grant the user access. I right-click on the share and go to Properties / Permissions / NTFS Permissions. I click on "Add" / "Locations" and select the domain in Forest A. (See attachment) I see the icon as displayed in the attached JPG. However, when I click on the "+" sign, the domain indicated at the arrow does not open or populate. This is a crucial issue that I need to resolve. What am I missing or what else do I need to do to grant the required access. Thanks in advance for timely responses.
  12. Re: your previous reply. I don't see Add/Remove Program anywhere. It looked like it had been replaced with installed software references. What am i missing. And, if I disable the software inventory, where do I make the change that will get me the installed programs...? I'm new to 2012, although I worked extensively in 2007.... Thanks, Dino
  13. SMSTS log file contents are listed below. I hilighted the lines in red that were errors in the log file. The Blue lines are the warnings. Dino LOGGING: Finalize process ID set to 944 TSBootShell 6/22/2016 4:54:12 PM 948 (0x03B4) ==============================[ TSBootShell.exe ]============================== TSBootShell 6/22/2016 4:54:12 PM 948 (0x03B4) Succeeded loading resource DLL 'X:\sms\bin\x64\1033\TSRES.DLL' TSBootShell 6/22/2016 4:54:12 PM 948 (0x03B4) Debug shell is enabled TSBootShell 6/22/2016 4:54:12 PM 948 (0x03B4) Waiting for PNP initialization... TSBootShell 6/22/2016 4:54:12 PM 972 (0x03CC) RAM Disk Boot Path: MULTI(0)DISK(0)RDISK(0)PARTITION(1)\SOURCES\BOOT.WIM TSBootShell 6/22/2016 4:54:12 PM 972 (0x03CC) WinPE boot path: C:\SOURCES\BOOT.WIM TSBootShell 6/22/2016 4:54:12 PM 972 (0x03CC) Booted from removable device TSBootShell 6/22/2016 4:54:12 PM 972 (0x03CC) Found config path C:\ TSBootShell 6/22/2016 4:54:12 PM 972 (0x03CC) Booting from removable media, not restoring bootloaders on hard drive TSBootShell 6/22/2016 4:54:12 PM 972 (0x03CC) C:\WinPE does not exist. TSBootShell 6/22/2016 4:54:12 PM 972 (0x03CC) C:\_SmsTsWinPE\WinPE does not exist. TSBootShell 6/22/2016 4:54:12 PM 972 (0x03CC) Executing command line: wpeinit.exe -winpe TSBootShell 6/22/2016 4:54:12 PM 972 (0x03CC) The command completed successfully. TSBootShell 6/22/2016 4:54:15 PM 972 (0x03CC) Starting DNS client service. TSBootShell 6/22/2016 4:54:15 PM 972 (0x03CC) Executing command line: X:\sms\bin\x64\TsmBootstrap.exe /env:WinPE /configpath:C:\ TSBootShell 6/22/2016 4:54:16 PM 972 (0x03CC) The command completed successfully. TSBootShell 6/22/2016 4:54:16 PM 972 (0x03CC) ==============================[ TSMBootStrap.exe ]============================== TSMBootstrap 6/22/2016 4:54:16 PM 1180 (0x049C) Command line: X:\sms\bin\x64\TsmBootstrap.exe /env:WinPE /configpath:C:\ TSMBootstrap 6/22/2016 4:54:16 PM 1180 (0x049C) Succeeded loading resource DLL 'X:\sms\bin\x64\1033\TSRES.DLL' TSMBootstrap 6/22/2016 4:54:16 PM 1180 (0x049C) Succeeded loading resource DLL 'X:\sms\bin\x64\TSRESNLC.DLL' TSMBootstrap 6/22/2016 4:54:16 PM 1180 (0x049C) Current OS version is 10.0.10586.0 TSMBootstrap 6/22/2016 4:54:17 PM 1180 (0x049C) Adding SMS bin folder "X:\sms\bin\x64" to the system environment PATH TSMBootstrap 6/22/2016 4:54:17 PM 1180 (0x049C) Failed to open PXE registry key. Not a PXE boot. TSMBootstrap 6/22/2016 4:54:17 PM 1180 (0x049C) Media Root = C:\ TSMBootstrap 6/22/2016 4:54:17 PM 1180 (0x049C) WinPE boot type: 'Ramdisk:SourceIdentified' TSMBootstrap 6/22/2016 4:54:17 PM 1180 (0x049C) Failed to find the source drive where WinPE was booted from TSMBootstrap 6/22/2016 4:54:17 PM 1180 (0x049C) Executing from Media in WinPE TSMBootstrap 6/22/2016 4:54:17 PM 1180 (0x049C) Verifying Media Layout. TSMBootstrap 6/22/2016 4:54:17 PM 1180 (0x049C) MediaType = BootMedia TSMBootstrap 6/22/2016 4:54:17 PM 1180 (0x049C) PasswordRequired = false TSMBootstrap 6/22/2016 4:54:17 PM 1180 (0x049C) dwResult == 0L, HRESULT=80004005 (e:\nts_sccm_release\sms\client\tasksequence\tsmbootstrap\tsmbootstraputil.cpp,499) TSMBootstrap 6/22/2016 4:54:17 PM 1180 (0x049C) Failed to find a valid network adapter. Please ensure that this machine has a network adapter and appropiate network drivers. Unspecified error (Error: 80004005; Source: Windows) TSMBootstrap 6/22/2016 4:54:17 PM 1180 (0x049C) Failed to find a valid network adapter. For more information, contact your system administrator or helpdesk operator. TSMBootstrap 6/22/2016 4:54:17 PM 1180 (0x049C) 0, HRESULT=80004005 (e:\nts_sccm_release\sms\client\tasksequence\tsmbootstrap\tsmediawizardcontrol.cpp,2645) TSMBootstrap 6/22/2016 4:54:18 PM 1180 (0x049C) oTSMediaWizardControl.Run( sMediaRoot, true, sTSLaunchMode ), HRESULT=80004005 (e:\nts_sccm_release\sms\client\tasksequence\tsmbootstrap\tsmbootstrap.cpp,1070) TSMBootstrap 6/22/2016 4:54:18 PM 1180 (0x049C) Execute( eExecutionEnv, sConfigPath, sTSXMLFile, uBootCount, &uExitCode ), HRESULT=80004005 (e:\nts_sccm_release\sms\client\tasksequence\tsmbootstrap\tsmbootstrap.cpp,1254) TSMBootstrap 6/22/2016 4:54:18 PM 1180 (0x049C) Exiting with return code 0x80004005 TSMBootstrap 6/22/2016 4:54:18 PM 1180 (0x049C) hMap != 0, HRESULT=80070002 (e:\nts_sccm_release\sms\framework\tscore\environmentscope.cpp,493) TSMBootstrap 6/22/2016 4:54:18 PM 1180 (0x049C) m_pGlobalScope->open(), HRESULT=80070002 (e:\nts_sccm_release\sms\framework\tscore\environmentlib.cpp,335) TSMBootstrap 6/22/2016 4:54:18 PM 1180 (0x049C) this->open(), HRESULT=80070002 (e:\nts_sccm_release\sms\framework\tscore\environmentlib.cpp,561) TSMBootstrap 6/22/2016 4:54:18 PM 1180 (0x049C) Execution complete. TSBootShell 6/22/2016 4:54:18 PM 972 (0x03CC) hMap != 0, HRESULT=80070002 (e:\nts_sccm_release\sms\framework\tscore\environmentscope.cpp,493) TSBootShell 6/22/2016 4:54:18 PM 972 (0x03CC) m_pGlobalScope->open(), HRESULT=80070002 (e:\nts_sccm_release\sms\framework\tscore\environmentlib.cpp,335) TSBootShell 6/22/2016 4:54:18 PM 972 (0x03CC) this->open(), HRESULT=80070002 (e:\nts_sccm_release\sms\framework\tscore\environmentlib.cpp,561) TSBootShell 6/22/2016 4:54:18 PM 972 (0x03CC) ::RegOpenKeyExW (HKEY_LOCAL_MACHINE, sKey.c_str(), 0, KEY_READ, &hSubKey), HRESULT=80070002 (e:\nts_sccm_release\sms\framework\tscore\utils.cpp,878) TSBootShell 6/22/2016 4:54:18 PM 972 (0x03CC) RegOpenKeyExW is unsuccessful for Software\Microsoft\SMS\Task Sequence TSBootShell 6/22/2016 4:54:18 PM 972 (0x03CC) GetTsRegValue() is unsuccessful. 0x80070002. TSBootShell 6/22/2016 4:54:18 PM 972 (0x03CC) End program: TSBootShell 6/22/2016 4:54:18 PM 972 (0x03CC) Finalizing logging from process 944 TSBootShell 6/22/2016 4:54:18 PM 972 (0x03CC) Finalizing logs to root of first available drive TSBootShell 6/22/2016 4:54:18 PM 972 (0x03CC) Successfully finalized logs to D:\SMSTSLog TSBootShell 6/22/2016 4:54:18 PM 972 (0x03CC) Cleaning up task sequencing logging configuration. TSBootShell 6/22/2016 4:54:18 PM 972 (0x03CC) TS::Environment::SharedEnvironment.isInitialized() == true, HRESULT=80004005 (e:\nts_sccm_release\sms\framework\tscore\tslogging.cpp,694) TSBootShell 6/22/2016 4:54:18 PM 972 (0x03CC) TS environment is not initialized TSBootShell 6/22/2016 4:54:18 PM 972 (0x03CC)
  14. Which one should I be looking at? There are a lot of them. Also, I was going to add a prestart command to the boot image, based on a couple KB articles that I read. When I updated the distribution point I got the following error. Ironically enough, the drive that I need is the one that is not injecting. However, if that was the problem to begin with, how would I be able to get an IP address as mentioned above? We ha a MS consultant on site a couple weeks ago and he built the image for us. Also, according to the Drivers tab in the Boot image in question, the Realtek PCI GBE Family Controller IS Signed. Error: Boot image to update: • Microsoft Windows PE (x64) Error: Actions to perform: • Add ConfigMgr binaries • Set scratch space • Enable Windows PE command line support • Add drivers Success: Boot image will include these drivers after update: • Broadcom NetLink Gigabit Ethernet • Intel® 82579LM Gigabit Network Connection • Intel® Ethernet Connection I217-LM • Intel® 82580 Gigabit Network Connection • Intel® 82579LM Gigabit Network Connection • Intel® Ethernet Connection I217-LM • Intel® 82580 Gigabit Network Connection • Broadcom NetLink Gigabit Ethernet • Intel® Ethernet Connection I217-LM Optional components: • Scripting (WinPE-Scripting) • Startup (WinPE-SecureStartup) • Network (WinPE-WDS-Tools) • Scripting (WinPE-WMI) Error: Failed to import the following drivers: • Realtek PCI GBE Family Controller - Failed to inject a ConfigMgr driver into the mounted WIM file Error: The wizard detected the following problems when updating the boot image. • Failed to inject a ConfigMgr driver into the mounted WIM file The SMS Provider reported an error.: ConfigMgr Error Object: instance of SMS_ExtendedStatus { • Description = "Failed to inject OSD binaries into mounted WIM file (often happens if unsigned drivers are inserted into x64 boot image)"; • ErrorCode = 2152205056; • File = "e:\\nts_sccm_release\\sms\\siteserver\\sdk_provider\\smsprov\\sspbootimagepackage.cpp"; • Line = 4970; • ObjectInfo = "CSspBootImagePackage::PreRefreshPkgSrcHook"; • Operation = "ExecMethod"; • ParameterInfo = "SMS_BootImagePackage.PackageID=\"KHE00005\""; • ProviderName = "WinMgmt"; • StatusCode = 2147749889; };
  15. I'm getting the "failed to find a valid network adapter" message. However, when I F8 at the message and run an IP Config i HAVE a valid IP Address. Any suggestions or links? Dino
×