13 Apr 2015
I’ve recently needed to work with some services in a group of computers where only one service can be active at a time. This particular service I needed to work with is a printing service responsible for printing labels in a shared directory. If more than one service is enabled at a time, we get duplicate labels! (It led to a lot of confusion during user testing when a server was rebooted).
To automate the work required to make sure only one service is running when maintenance or other work occurs, I decided to write a script.
The script can be downloaded from here.
I used PowerShell workflow, as this seemed like a good bet for something that would benefit from the parallelism benefits that a workflow provides. The idea for me is to use it as part of a System Center Orchestrator Runbook to run the script on an alert from Operations Manager.
I worked on making the script take parameters for the computers to run against, the service to work on and how many services should be running at any one time.
Hopefully this also helps some people working to learn some of the basics of workflow, I’ll make sure to add some comments in the script to explain parts of it. Some things certainly confused me for a little while till I got things working!
09 Apr 2015
UPDATE: The May download links are here.
I recently noticed a few people looking around for the SCEP/FEP February update direct download links. I pulled these download links from SCCM 2012 R2, viewing the Content Information in the update view for KB3041687.
System Center Endpoint Protection 2012
Forefront Endpoint Protection 2010
These files are hosted by Microsoft and may disappear at any time!
Have fun!
03 Mar 2015
The revised February update for Microsoft Endpoint Protection products is out (KB3041687) and brings with it a couple of changes to registry keys introduced in the first February update.
This update deprecates the DisableGenericReports subkey and adds a new DWORD called SubmitSamplesConsent to the following place:
HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft Antimalware\SpyNet
This new key will allow configuration of sample submissions to Microsoft for analysis.
I have added these updates to my ADMX template for SCEP 2012 R2, which can be downloaded from GitHub.
Endpoint Protection may request file samples to be sent to Microsoft for further analysis. By default, Endpoint Protection will always prompt before it sends such samples. There is an option available to send samples automatically. To opt in to automatic sample submission, open the Endpoint Protection UI, click the Settings tab, select the Advanced section, and then click *Send file samples automatically when further analysis is required.*
Administrators can manage automatic sample submission with additional configuration options through WMI, PowerShell, and Group Policy by using the following registry subkeys:
MAPS Configuration
Registry location:
HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft Antimalware\SpyNet
DWORD name: SpyNetReporting
DWORD values:
- 0 - Off
- 1 - Basic Membership
- 2 - Advanced Membership
Sample Submission
Registry location:
HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft Antimalware\SpyNet
DWORD name: SubmitSamplesConsent
DWORD values:
- 0 (default) – Automatic sample submission disabled. End-users will always be prompted for samples.
- 1 – Most samples will be sent automatically. Files that are likely to contain personal information will still prompt and require additional confirmation.
- 2 – All sample submission disabled. Samples will never be sent and end-users will never be prompted.
- 3 – All samples will be sent automatically. All files determined to require further analysis will be sent automatically without prompting.
23 Dec 2014
Over the past couple of months I’ve occasionally been working with Microsoft Dynamics AX 2012 and moving model and data sets between different environments.
Once of the downsides to this is overwriting the user and role memberships at the destination. To combat this, I had two options, the AX Data Import/eXport Framework (DIXF), or the AX PowerShell module. I think you can guess which one I went for!
Unfortunately the AX module need to be loaded in a wonderfully manual way and there are a lot of features not provided. The cmdlets even have a horrible lack of support for the very things that make PowerShell so great, like pipelining!
Even lacking these things, it’s still PowerShell, so I soldiered on. It took a little while and some features still have to be implemented, but the two scripts allow users to be imported and exported to/from a CSV, which is good enough to release for a first version.
The two scripts can be downloaded from GitHub.
There are also some features I’ll implement if I get the time, such as complete overwrite on import and support for importing/exporting user data from remote servers.
30 Oct 2014
We ran into an issue yesterday with Group Policy Results when using SCEP 2012 R2, the problem exactly follows this particular issue on the TechNet Forums, but appears to affect a couple of extra registry keys.
It’s really unfortunate that this still isn’t fixed in SCCM 2012 R2, having also been an issue in 2012, as the post describes.
To resolve the problem, I used my existing SCEP Group Policy ADMX template in creating a GPO to replicate the default settings pushed out to clients with SCCM, which solves the problem, as the exceptions and settings we push out to standard clients aren’t any different from the Microsoft recommended settings.
In the GPO I had to specify the exclusion settings and also the default threat actions, which are specified in the registry here:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Antimalware\Threats\ThreatSeverityDefaultAction
Previously these settings were defined as REG_DWORD, but need to be REG_SZ, as shown below: