Archive

Archive for the ‘Windows 7’ Category

Command Line Activation Tools for Windows and Office

November 21, 2013 Leave a comment

If your a Windows Administrator, you should be familiar with the following tools. slmgr.vbs is a command line software licensing management tool for Windows. It works with Windows Activation (Retail and MAK) as well as Key Management Service (KMS). You can call it from anywhere in a command prompt. slmgr.vbs has many options including installing a product key, uninstalling a product key, displaying license information, and activating. For a complete list of options, visit the following TechNet article.

opss.vbs is also a command line software licensing management tool but for Microsoft Office. It also works with Windows Activation (Retail and MAK) as well as Key Management Service (KMS).

  • Office 2010 (32-bit) on a 32-bit version of Windows:
  • cscript "C:\Program Files\Microsoft Office\Office14\OSPP.VBS"

  • Office 2010 (32-bit) on a 64-bit version of Windows:
  • cscript "C:\Program Files (x86)\Microsoft Office\Office14\OSPP.VBS"

  • Office 2010 (64-bit) on a 64-bit version of Windows:
  • cscript "C:\Program Files\Microsoft Office\Office14\OSPP.VBS"

  • Office 2013 (32-bit) on a 32-bit version of Windows:
  • cscript "C:\Program Files\Microsoft Office\Office15\OSPP.VBS"

  • Office 2013 (32-bit) on a 64-bit version of Windows:
  • cscript "C:\Program Files (x86)\Microsoft Office\Office15\OSPP.VBS"

  • Office 2013 (64-bit) on a 64-bit version of Windows:
  • cscript "C:\Program Files\Microsoft Office\Office15\OSPP.VBS"

For more information on opss.vbs visit the following TechNet article.

You can easily use these tools to install and activate a product key in a batch script and deploy it to a large number of machines.

How to Use a Command Prompt During GUI-Mode Setup

June 29, 2013 Leave a comment

In some cases, it may be helpful to have access to a command prompt during GUI-mode Setup for the purposes of troubleshooting, partitioning the disk, copying drivers, starting and stopping services, starting tools such as Task Manager, or other for other needs.

To gain access to a command prompt during GUI-mode Setup, press SHIFT+F10.

Latest Microsoft Update Causes Issues For Some

April 12, 2013 5 comments

For some, Microsoft’s latest set of patches for April 2013 has caused headaches. Microsoft is investigating behavior where systems may not recover from a restart or applications cannot load after installing security update KB2823324. This marks Microsoft’s second botched update this year. Microsoft recommends that customers uninstall this update. As an added precaution, Microsoft has removed the download links to the KB2823324 update while they investigate.

If you have installed this update but have not yet restarted your computer, you can uninstall the update by going to Control Panel > Programs and Features > View Installed Updates. Select “Security Update for Microsoft Windows (KB2823324)” and choose uninstall. If you manage a large number of machines, you can create a script to uninstall it with the command:

wusa.exe /uninstall /kb:2823324 /quiet /norestart

or by using Microsoft’s Sysinternals PsExec

Psexec -d -s \\remotemachine wusa.exe /uninstall /kb:2823324 /quiet /norestart

If you were among the unfortunate who installed the update, rebooted, and received a blue screen of death, chkdsk or other type of error, try one of the following procedures:

I suggest you try these in order. All of these require using ‘System Recovery Options’. You can get to this by pressing F8 during startup and choosing ‘Repair your Computer’ or by booting from a Windows 7 DVD or USB bootable media. The first two recover windows using System Restore points. The third tries to uninstall the update from the command line.

  1. Use ‘System Restore’ to restore Windows to an earlier point in time (before the Microsoft Update was installed)
  2. Use ‘Command Prompt’ and issue the command ‘dism /image:C:\ /cleanup-image /revertpendingactions’
  3. Use ‘Command Prompt’ and issue the command ‘dism /image:C:\ /remove-package /PackageName:Package_for_KB2823324~31bf3856ad364e35~x86~~6.1.1.1′

Reboot your computer after performing each step and hopefully you will be able to boot again normally. Good luck.

For more information visit: You receive an Event ID 55 or a 0xc000021a Stop error in Windows 7 after you install security update 2823324

EDIT: Microsoft has released KB2840149 to address the security issue that was suppose to be fixed by the botched update.

The original update created a conflict with certain third-party software installed on user machines. This resulted in system errors that caused the reboot loop. Microsoft immediately pulled the update to prevent any more issues from coming up. Microsoft eventually released a secondary update which removed the first update. If you are running Windows 7, head over to Windows Update to download the latest security fix. If you have automatic updates enabled, you probably already have it.

Sysprep Fatal Error With IE 10 (FIX)

March 15, 2013 30 comments

My fellow system administrators, there is a bug with sysprep and Internet Explorer 10 in Windows 7. My department maintains a Windows 7 image that we use on all our desktops. Today I installed some Windows updates which included Internet Explorer 10. When I tried to sysprep the machine like I usually do I received an error that a fatal error has occurred while trying to sysprep the machine. After looking at the logs (setupact.log and setuperr.log) I discovered what the issue was:

Error      [0x0f0085] SYSPRP LaunchDll:Could not load DLL C:\Windows\SysWOW64\iesysprep.dll[gle=0x000000c1]

It turns out that Internet Explorer 10 was the culprit. Strangely, ‘iesysprep.dll’ does exist within C:\Windows\SysWOW64. I have posted about it on the TechNet forums and it appears I am not the only one having this issue. Another user on the TechNet forums, sgennadi, has posted what appears to be a solution. It calls for modifying sysprep registry values and changing them back from SysWOW64 to System32. I personally have not tried his/her solution. I reverted back to a previous image and installed the new updates again, minus Internet Explorer 10, and sysprep works fine. Personally, I will be waiting for Microsoft to address this in a Windows Update before I upgrade to Internet Explorer 10.

EDIT:
I decided to add the proposed solution here in case anyone wants to fix it themselves. Again, credit goes to sgennadi for the solution.

After installing IE10, open the registry editor (regedit). You should make a backup of the registry before making any changes in the event that something goes wrong. You can do this by choosing File > Export and make sure you select ‘All’ under ‘Export range’.

Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Cleanup

Locate: Value Name {EC9FE15D-99DD-4FB9-90D5-5B56E42A0F80} Value Data C:\Windows\SysWOW64\iesysprep.dll,Sysprep_Cleanup_IE
Replace the value with: C:\Windows\System32\iesysprep.dll,Sysprep_Cleanup_IE

Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Generalize

Locate: Value Name {EC9FE15D-99DD-4FB9-90D5-CE53C91AB9A1} Value Data C:\Windows\SysWOW64\iesysprep.dll,Sysprep_Generalize_IE
Replace the value with: C:\Windows\System32\iesysprep.dll,Sysprep_Cleanup_IE

Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Specialize

Locate: Value Name {EC9FE15D-99DD-4FB9-90D5-676C338DC1DA} Value Data C:\Windows\SysWOW64\iesysprep.dll,Sysprep_Cleanup_IE
Replace the value with: C:\Windows\System32\iesysprep.dll,Sysprep_Cleanup_IE

Now you should be able to run sysprep successfully without receiving the IE10 related error.

Windows 7 receives Internet Explorer 10

February 26, 2013 3 comments

With the release of Windows 8, Microsoft launched the latest version of Internet Explorer; Internet Explorer 10. Windows 7 users, however, did not receive the Internet Explorer upgrade. Microsoft has now released Internet Explorer 10 for Windows 7. Internet Explorer 10 will be available through Windows Update in the next few weeks but if you want to download it now you can by visiting the link I have provided below.

Internet Explorer 10

New exploit for IE 7, 8 & 9 on Windows XP, Vista, and 7

September 17, 2012 1 comment

There is a new exploit for Internet Explorer 7, 8, and 9 browsers running Windows XP, Vista and 7. Computers can be compromised simply by visiting a malicious website, which gives the attacker the same privileges as the current user logged in. Since Microsoft has not released a patch for this vulnerability yet, Internet Explorer users are strongly advised to switch to other browsers, such as Chrome or Firefox, until a security update becomes available.

Microsoft has issue a security advisory about the situation: http://technet.microsoft.com/en-us/security/advisory/2757760

UPDATE:

  • Sep 19th, 2012 – Microsoft released a “fix-it” solution. It has been verified working. More information can be found here.
  • Sep 20th, 2012 – Microsoft updates the “fix-it” advisory to revision 2.0.  Requirements clarified: 1) “For computers that are running 64-bit operating systems, the following Fix it solution only applies to 32-bit versions of Internet Explorer.” 2) Before you apply this Fix it solution, you must ensure that Internet Explorer is fully updated by using the Windows Update service.
  • Sep 21st, 2012 – Microsoft releases Security Bulletin MS12-063 and Cumulative Security Update for Internet Explorer (KB2744842). Users and Administrators should install the update as soon as possible.

Google Chrome User Settings with Roaming Profiles

September 4, 2012 Leave a comment

Google Chrome is becoming increasingly popular among users. Google Chrome recently surpassed Internet Explorer in market share. According to numbers from StatCounter, Google’s browser finally averaged higher traffic than Internet Explorer for the first time over a full seven-day stretch. From May 14th through May 20th, the Google’s Web browser garnered a 32.76% share, ahead of Microsoft’s 31.94% and Mozilla Firefox’s 25.47% share. It has grown quite popular among students and professors at my university and among enterprise environments.

A problem was recently reported to me that Google Chrome was not storing user’s information once they logged out of a computer. Looking into the issue, I realized what was going on. Google Chrome stores information in the local application data folder of the user’s profile. This folder is not uploaded when the user logs off a computer.

Windows XP/2003:

C:\Documents and Settings\<username>\Local Settings\Application Data\Google\Chrome\User Data\Default

Windows Vista/7:

C:\Users\<username>\AppData\Local\Google\Chrome\User Data\Default

I needed to be able to tell Google to save it’s user data in the Roaming folder which is uploaded when they log off, and not the local application data folder. This can be achieved by passing the user data directory as an argument when running Chrome’s executable but that would require making that change manually of hundreds of computers.

Luckily, Google has provided administrators with tools to make deployment and management easier.

I had recently installed the ADM template that Google provides administrators to set the home page as well as some other common settings for our public laboratory computers. In that ADM template, is the option to set the user data directory to one of your choosing. Google Chrome uses it’s own set of variables rather than using the standard Windows environmental variables.

The current list of Chrome variables on Windows includes:

  • %APPDATA% = ${roaming_app_data}
  • %LOCALAPPDATA% = ${local_app_data}
  • %USERNAME% =  ${user_name}
  • %COMPUTERNAME% = ${machine_name}
  • %USERPROFILE% = ${profile}
  • %PROGRAMFILES% =  ${program_files}
  • %WINDIR% =  ${windows}
  • ${documents} – The “Documents” folder for the current user. (“C:\Users\Administrator\Documents”)
  • ${global_app_data} – The system-wide Application Data folder. (“C:\AppData”)

So what I did was set the user data directory to the roaming data directory like so:

${roaming_app_data}\Google\Chrome\User Data

After performing a group policy update, the machines were correctly storing user’s data in their roaming profiles.

Activate Windows Vista, Windows Server 2008R2, and Windows 7 From the Command Line

August 28, 2012 1 comment

Beginning with Windows Vista, Microsoft introduced a powerful command line tool to handle Windows activations. This tool is called ‘slmgr‘. Slmgr works under Windows Vista, Windows 7, and Windows Server 2008 R2. The most common options you may need to use are ‘/ipk‘ which installs a product key, and ‘/ato‘ which tells Windows to try and connect to Microsoft’s servers and activate. This tool can also be used to manage remote clients. I have included below some more advanced parameters and examples.

NOTE: All actions (other than displaying status) require elevated administrator privileges. Slmgr.vbs script is not intended to work across platforms i.e. between Vista and Windows 7

Syntax
slmgr [MachineName [Username Password]] [Option]

Key
machinename   The machine to administer, by default the current local machine.

username      An administrator equivalent user account for the remote computer.

password      The password for the user account on the remote computer.

/ato   Activate Windows license and product key against Microsoft’s server.

/atp Confirmation_ID   Activate Windows with user-provided Confirmation ID

/ckms  Clear the name of KMS server used to default and port to default.

/cpky  Clear product key from the registry (prevents disclosure attacks)

/dli   Display the current license information with activation
status and partial product key.

/dlv   Verbose, similar to -dli but with more information.

/dti   Display Installation ID for offline activation

/ipk Key  Enter a new product key supplied as xxxxx-xxxxx-xxxxx-xxxxx-xxxxx

/ilc License_file   Install license

/rilc               Re-install system license files

/rearm Reset the evaluation period/licensing status and activation state of the machine

/skms activationservername:port
Set the Volume Licensing KMS server and/or the port used for KMS activation
(where supported by your Windows edition)

/skhc  Enable KMS host caching (default), this blocks the use of DNS priority and
weight after the initial discovery of a working KMS host.
If the system can no longer contact the working KMS host, discovery will be attempted again.

/ckhc  Disable KMS host caching. This setting instructs the client to use DNS auto-discovery
each time it attempts KMS activation (recommended when using priority and weight)

/sai interval
Sets the interval in minutes for unactivated clients to attempt KMS connection.
The activation interval must be between 15 minutes and 30 days, although the default (2 hours)
is recommended.
The KMS client initially picks up this interval from the registry but switches to the KMS
setting after the first KMS response has been received.

/sri interval
Sets the renewal interval in minutes for activated clients to attempt KMS connection.
The renewal interval must be between 15 minutes and 30 days.
This option is set initially on both the KMS server and client sides.
The default is 10080 minutes (7 days).

/spri  Set the KMS priority to normal (default).
/cpri  Set the KMS priority to low.
Use this option to minimize contention from KMS in a co-hosted environment.
Note that this could lead to KMS starvation, depending on what other applications
or server roles are active. Use with care.

/sprt port
Sets the port on which the KMS host listens for client activation requests. The default TCP port is 1688.

/sdns  Enable DNS publishing by the KMS host (default).
/cdns  Disable DNS publishing by the KMS host.

/upk   Uninstall current installed product key and return license status back to trial state.

/xpr   Show the expiry date of current license (if not permanently activated)

Token-based activation:
/lil   List the installed token-based activation issuance licenses.

/ril ILID ILvID
Remove an installed token-based activation issuance license.

/stao  Set the Token-based Activation Only flag, disabling automatic KMS activation.
/ctao  Clear the Token-based Activation Only flag (default), enabling automatic KMS activation.
/ltc   List valid token-based activation certificates that can activate installed software.
/fta Certificate Thumbprint [PIN]
Force token-based activation using the identified certificate.
The optional personal identification number (PIN) is provided to unlock the private
key without a PIN prompt when using certificates that are protected by hardware
(for example, smart cards).

Examples
C:\> cscript C:\windows\system32\slmgr.vbs wkstn64 administrator pa55w0rd1 -dli
C:\> cscript slmgr.vbs -skms 192.168.10.1:8090
C:\> cscript slmgr.vbs -skms KMSServer:8090

Windows 7 Problem Steps Recorder

July 9, 2012 Leave a comment

I found an interesting tool built-in to Windows 7 that I wanted to share with you all. The Problem Steps Recorder in Windows 7 is a feature that enables users to record their interactions with an application and provide a detailed screen-by-screen view with accompanying information. You can use Problem Steps Recorder to automatically capture the steps you take on a computer, including a text description of where you clicked and a picture of the screen during each click (called a screen shot). When you record steps on your computer, anything you type will not be recorded. If what you type is an important part of recreating the problem you’re trying to solve, use the comment feature described below to highlight where the problem is occurring. It can be used by clients trying to describe an issue or by administrators trying to show users how to complete easy tasks. Once you capture these steps, you can save them to a file that can be sent to an individual for viewing.

Here is how you use it:

There are several ways that you can invoke the application. 1. Click Start and type ‘psr’ in the search box of Windows 7 start menu and press Enter. 2. In Run, type ‘psr’ and press Enter. 3. Or in a command prompt, type ‘psr’ and press Enter. After you have invoked the application, simply click ‘Start Record’ and perform the necessary procedures. The Problem Steps Recorder will not record any text that you have typed.If you want to add some sort of explanation, just click the “Add Comment” button while recording. Once you have finished, select ‘Stop Record’. A save dialog will open, prompting you to select where you would like to save your new instructions. The instructions are saved as a ZIP file. Once you extract the ZIP file, you will have an MHTML web archive file that can be viewed in a web browser such as Internet Explorer.

Removing McAfee VirusScan Enterprise 8.x & McAfee Agent

May 3, 2012 5 comments

The organization I work for uses McAfee VirusScan Enterprise on all machines. You should always try and use Add/Remove Programs (Windows XP) or Programs & Features (Windows 7) first before attempting the solutions below.

Removing VirusScan Enterprise (VSE) 8.x (Assuming traditional uninstall methods above failed!)

**These actions must be performed by a user with Administrator privileges**

Step 1: frminst

  1. Click Start, Run
  2. Type cmd and press Enter
  3. For 64-bit operating systems, change directory (cd) to C:\Program Files (x86)\McAfee\Common Framework\ or For 32-bit operating systems, change directory (cd) to C:\Program Files\McAfee\Common Framework\
  4. Type frminst.exe /forceuninstall and press Enter

Step 2: msiexec

  1. Click Start, Run.
  2. Type the removal string for your version of VSE, then click OK.

VirusScan Enterprise 8.8
msiexec /x {CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF} REMOVE=ALL REBOOT=R /q

VirusScan Enterprise 8.7i
msiexec /x {147BCE03-C0F1-4C9F-8157-6A89B6D2D973} REMOVE=ALL REBOOT=R /q

VirusScan Enterprise 8.5i
msiexec.exe /x {35C03C04-3F1F-42C2-A989-A757EE691F65} REMOVE=ALL REBOOT=R /q

VirusScan Enterprise 8.0i
msiexec.exe /x {5DF3D1BB-894E-4DCD-8275-159AC9829B43} REMOVE=ALL REBOOT=R /q

Switches that you can use with msiexec:
/q The quiet switch ensures the removal is done silently – nothing is displayed.
/x This switch will automatically remove an installation.
/i  This switch will communicate via the UI (User Interface) and is used to Repair, Remove, or Modify an installation.
/? This switch provides additional information on all msiexec.exe command switches.

If you were able to uninstall McAfee VirusScan Enterprise (VSE) but not the McAfee Agent because you received an error stating that “McAfee Agent cannot be removed because other products are still using it” or “McAfee Agent cannot be removed while it is in managed mode”, you can follow the steps in Method 2 and when you get to Step 4, instead of /forceuninstall, use /remove=agent

So it would be frminst.exe /remove=agent

Optional Step 3: When I was uninstalling VirusScan Enterprise 8.8, an extra step was involved. It uses another component called Host Intrusion Prevention (HIP). To remove HIP 8.0:

  1. Right-click on the Host Intrusion Prevention (HIP) icon in the taskbar. If you do not see the HIP icon, you may need to restart the machine after completing the first two steps. Then it should appear.
  2. Select disable IPS
  3. Start up an elevated command prompt (Click Start, type cmd, and right click on command prompt and choose Run as Administrator)
  4. Execute: msiexec.exe /x{D2B9C003-A3CD-44A0-9DE5-52FE986C03E5} EPOSPAWNED=True /q /l+*v C:\Windows\Temp\McAfeeLogs\McAfeeHip8_UnInstall.log

This will remove Host Intrusion Prevention. After uninstalling any of the mentioned components, you should restart your computer for all changes to take effect. Be advised that McAfee leaves orphaned files behind in the hard drive and registry. If you want to remove every trace of McAfee, look at the ‘Useful Links’ below and follow the steps for deleting left-over files for the version of VirusScan Enterprise that you removed.

Useful Links:

https://kc.mcafee.com/corporate/index?page=content&id=KB52648 (removing VSE using msexec)
http://www.growse.com/news/comments/want-to-remove-mcafee-virusscan-enterprise-here-s-how/ (backup of article KB52648)
https://community.mcafee.com/thread/30300 (removing mcafee agent)
https://kc.mcafee.com/corporate/index?page=content&id=KB73127 (remove HIP versions 7&8)
https://kc.mcafee.com/corporate/index?page=content&id=KB58597 (deleting left-over files from VirusScan Enterprise 8.0)
https://kc.mcafee.com/corporate/index?page=content&id=KB50602 (deleting left-over files from VirusScan Enterprise 8.5)
https://kc.mcafee.com/corporate/index?page=content&id=KB59996 (deleting left-over files from VirusScan Enterprise 8.7)
https://kc.mcafee.com/corporate/index?page=content&id=KB71179 (deleting left-over files from VirusScan Enterprise 8.8)

Follow

Get every new post delivered to your Inbox.