ConfigMgr 1710 Hotfix Rollup (KB4057517)

ConfigMgr Current Branch version 1710 now has a hotfix (KB4057517) available which addresses some issues, which you can read up here. The following are the fixes resolved with this hotfix (there are 13 of them):

  • Clients who use Azure Active Directory (Azure AD) for authentication do not successfully communicate with a management point
  • The Configuration Manager console may terminate unexpectedly after you browse to a content location in the Office 365 Client Installation wizard
  • Download of express updates may fail on Windows 10 clients because of an issue that affects files in temporary and cache folders
  • Configuration Manager current branch, version 1710 clients are not upgraded on systems that are running Windows Server 2008 SP2. The client Setup program, Ccmsetup.exe, terminates unexpectedly
  • The Office 365 Application Installation Wizard may try to download content from an incorrect channel. This causes download failures
  • The fallback time that is configured for content is not honored if distribution points or their content are inaccessible
  • The Client Notification Restart request is processed incorrectly by remote management points. This causes a .bld notification file to be left in the \MP\Outboxes\bgb.box folder on the remote management point
  • Retrying a large single-file download, such as an Office 365 update file, may fail on a site server
  • The Persist content in the client cache setting on Package Properties is not honored by clients
  • Decommission-related State messages from co-managed client computers are processed incorrectly
  • State messages sent by Azure AD users may not be processed
  • If a Configuration Manager client restarts during the process of retrying a task sequence policy download, that task sequence does not run automatically after the restart
  • Conditional access policies may block access to Office 365 applications for domain-joined devices after migrating to Intune standalone

Here are the steps on how to install this hotfix. You will find it available in the ConfigMgr console under Administration > Updates and Servicing. If you don’t see it, click on Check for Updates in the menu ribbon.

Right-click on Configuration Manager 1710 Hotfix Rollup (KB4057517) and click on Install Update Pack. I recommend that you run the prerequisite check first to make sure there are not issues reported with your site server.

Click Next and select the checkbox if you want to ignore the prerequisite check warning.

Pick your option to validate or not to validate the upgrade against a collection. I generally tend to select Validate in pre-production collection and choose one of my test collections for the first phase of the upgrade.

Select the license terms and click Next.

Click Next to confirm the settings.

Click Close.

You can now monitor the status of the upgrade under Monitoring > Updates and Servicing Status. Then select the update package name and click on Show Status in the menu ribbon.

The window below will show the stages of the upgrade process where you can monitor it’s progress. If there are any issues, you will see it listed here with a warning and the details provided in the description box in the bottom of the window.

Upon successful completion of the hotfix installation, you will be presented with the pop-up window as seen below to indicate a console upgrade from version 5.0.0.8577.1100 to 5.0.0.8577.1108 is available.

You can verify the console upgrade in the About System Center Configuration Manager drop down menu from the console.
Version 1710
Console version: 5.0.0.8577.1108
Site version: 5.0.8577.1000

Once you are comfortable with the client upgrade on your test collection which you selected during the validate in pre-production collection phase, you can deploy the client upgrade to all clients in the hierarchy by selecting the Promote Pre-production Client option as seen below.

Your ConfigMgr site is now upgraded with the KB4057517 hotfix.

 

ADMX Template For Windows 10 Fall Creators Update (1709) Now Available

On October 17, 2017, Microsoft has started to rollout Windows 10 Fall Creators Update (1709) to customers worldwide. The following tools to support this latest release has been made available, which includes Windows 10 Administrative Templates (.ADMX) and Windows Assessment and Deployment Kit (ADK) as previously mentioned in my blog post. I have also posted about the Remote Server Administration Tools (RSAT) for Windows 10 Fall Creators Update.

Windows 10 Administrative Template (.ADMX)

Remote Server Administration Tools for Windows 10 (RSAT)

Windows 10 Assessment and Deployment Kit (ADK)

Microsoft Office 2016 Administrative Templates and Office Customization Tool is also available for download.

Follow @Hoorge on Twitter and join Tech Konnect on Facebook and Twitter to stay current on technology related matters.

Malware Isn’t Just For Windows Anymore – Fruitfly Is Hitting Macs Hard

This year’s cyber threat epidemic started with Windows, then spread over to Linux and third-party apps, and now is here for Macs. While the latest malware Fruitfly is targeting Mac computers, its malware library is also capable of running on Linux systems. 

Though it was recently found conducting surveillance attacks, it’s possible Fruitfly has been infecting Mac systems for over two years. It appears that the base code of Fruitfly is over a decade old, which begs the question: how can decade-old malware start breaching systems now? Haven’t our systems been updated over the last ten years?

It seems the Fruitfly developers have reused old code and modified it to give this malware extra power and capabilities. This cross-platform malware uses old APIs, but if there are any changes in the API, it will break the legitimate program to maintain reverse compatibility as long as possible. Fruitfly may have escaped detection for a long time because it appears that its creators have intentionally limited how many computers it targets. And since Mac systems don’t usually face as many threats as Windows, many administrators have been more lenient with patching their Macs, leaving them vulnerable to attacks such as Fruitfly.

You can identify Fruitfly infections by detecting suspicious network traffic. A file integrity monitor or log analyzer can help you identify an attack on your network, but a breach could be avoided altogether by keeping your systems up-to-date. Since most enterprises comprise different operating systems, it isn’t advisable to employ a separate patching tool for Windows, Mac, and Linux. The smarter alternative would be for an enterprise to employ a multi-platform patch management solution that helps update every computer from a single console. However, there are only a few solutions on the market that even support third-party patching, and even less that provide complete control over all enterprise devices, including mobile devices

These last few months have already given security professionals a lot to cover, and since cyber attacks are evolving at rapid rate, its high time enterprises maintain endpoint security by keeping their systems up-to-date. The best way to do this is to employ a patch management solution to stay safe from future ransomware and malware. One such solution is ManageEngine’s Desktop Central.

Desktop Central is integrated desktop and mobile device management software. This multi-platform solution helps automate your overall patch management process, and also has some other enhanced features to help secure your networkDownload ManageEngine Desktop Central Now and keep your Windows, Mac, Linux and all your third party applications completely safe and up-to-date. 

Follow me (@Hoorge) on Twitter and join Tech Konnect on Facebook and Twitter (@TechKonnect) to stay current on technology related matters.

Five Routine’s That Sums Up Desktop Management

IT departments play a major role in systems maintenance and it takes some effort for a system administrator to keep servers and end user workstations up and running for stability and productivity reasons. Lets take a look at system administrator’s daily routine and the importance of it.

1. Downloading and Deploying patches to user computers

System administrator has to identify required patches (3rd party) on systems, download them from the vendor websites and deploy them to end user computers. Managing these patches on a one of basis seems straightforward but it becomes cumbersome on a routine basis and especially when there are many systems to patch. Using a Patch Management solution, these routine tasks can be automated and scheduled to lessen the cumbersome workload on system administrators.

2. Installing software to user computers

Manually installing software on remote computers can be a daunting task and is challenging. A Software Management solution can resolve this complication by allowing a system administrator to deploy software from any location, handle tickets with ease and assist users demands in software installation with simplicity.

3.Troubleshooting remote computers

Troubleshooting servers and workstations for Operating System issues, software installations, security patches, system crashes can be remedied much easily with software management solutions, especially with remote capabilities and centralized management interface.

4. Managing IT assets in your network

Asset tracking for hardware and software in your organization is highly important and can be done with ease with the use of an asset management software. Apart from tracking the hardware and software in the organization, software license management, hardware warranty management, and identifying the usage of software particularly for licensing, restricting unwanted software in your network is important as well. An asset management solution provides a systems administrator the tools needed to effectively gather and manage this data.

5. Deploying configurations and managing mobile devices

Managing and configuring devices such as computers, tablets, phones, and peripherals in a growing organization with rapid demands for technology can be a challenging task for system administrators. MDM and desktop management solutions provide much flexibility and the tools needed to handle these technology challenges in the enterprise.

ManageEngine Desktop Central is one such ideal solution for desktop management, with its bundle of features and pricing compared to some known industry solutions. Desktop Central offers Patch management, Software management, Asset management, Remote support, Mobile device management, Failover Service, and Auditing capabilities. Desktop Central supports heterogeneous platform in 16 different languages. Finally, Desktop Central offers a fully functioning edition to manage 50 endpoints completely free with no hidden cost.

Download Desktop Central now and experience simplified IT management.

Follow @Hoorge on Twitter and join Tech Konnect on Facebook and Twitter to stay current on technology related matters.

ADMX Template For Windows 10 Creators Update (1703) Now Available

To coincide with the release of Windows 10 Creators Update (1703), the following tools to support this latest release has been made available, which includes Windows 10 Administrative Templates (.ADMX) and Windows Assessment and Deployment Kit (ADK) as previously mentioned in this blog post. The previous Remote Server Administration Tools (RSAT) works just fine with Windows 10 Creators Update.

Windows 10 Administrative Template (.ADMX)

Remote Server Administration Tools for Windows 10 (RSAT)

Windows 10 Assessment and Deployment Kit (ADK)

Microsoft Office 2016 Administrative Templates and Office Customization Tool is also available for download.

Follow me (@Hoorge) on Twitter and join Tech Konnect on Facebook and Twitter (@TechKonnect) to stay current on technology related matters.

Review – Microsoft Systems Center Endpoint Protection Cookbook

System endpoint security is a critical aspect of modern day computing and we all have had our fair share in dealing with malware infections, and in some cases ransomware and cryptolocker attacks in our organizations. Microsoft has made great efforts in mitigating these security risks by providing a superior product called System Center Endpoint Protection (SCEP) for enterprises and Windows Defender which by default is included with Windows 10.

A System Center Configuration Manager (ConfigMgr or SCCM) or a Microsoft Intune administrator is familiar with SCEP as it is the way to administer and manage SCEP in the enterprise. However, there are many aspects and intricacies of SCEP one is not aware of and has not fully utilized, and should. While I was dealing with some SCEP updates and anti-malware policies in my organization, I came across this awesome book written by Nicolai Henriksen, a Microsoft MVP in Enterprise Mobility. I decided to write a non-biased review of this book and credit the wonderful information contained within it.

Nicolai’s SCEP cookbook is well written and vetted by another well respected Microsoft MVP in Enterprise Mobility, Ronni Pedersen, who I often interact with on social media on all things ConfigMgr. This book is shy of 200 pages and is laid out in eight easily digestible chapters and covers everything you need to know about SCEP from soup to nuts. You’ll learn how to plan and get started with SCEP, configuration, operations and maintenance, updates, security and privacy, configure advance protection, troubleshooting, and malware handling to name a few. It’s an information filled book with great tips and how to’s, and I particularly enjoyed how Nicolai included little segments throughout the book with tidbits such as “Getting ready….”, “How it works….”, and “How to do it….” which was perfect for my learning and understanding of the various concepts presented.

The Table of Contents of this book:

As a ConfigMgr admin who has been working with the product for a number of years including working with System Center Endpoint Protection, I have learned things that I didn’t know, picked up some tips and tricks, have a better insight and understanding of SCEP, and I have gained a great reference for the product. I highly recommend this book to all ConfigMgr and Intune admins. This book is available for purchase in Kindle and Paperback format on Amazon. If you would like to connect with Nicolai and have some feedback or suggestions, you’ll find him on Twitter as @nicolaitwitt.

Follow me (@Hoorge) on Twitter and join Tech Konnect on Facebook and Twitter (@TechKonnect) to stay current on technology related matters.

Microsoft Security Updates Guide (Portal)

For the last 20 years, Microsoft has provided security bulletins as individual web pages which were available from the Microsoft Security Bulletin website, and January 10, 2017 was the last time this was made available. Going forward starting in February 2017, the new Security Update Guide portal will provide the security information via a dashboard. Knowledge Base (KB) number, CVE number, vulnerability, Windows version, or date of release can be searched on the online Security Update Guide (SUG) database.

According the the blogpost by the MSRC Team, using the new portal, you can:

  • Sort and filter security vulnerability and update content, for example, by CVE, KB number, product, or release date.
  • Filter out products that don’t apply to you, and drill down to more detailed security update information for products that do.
  • Leverage a new RESTful API to obtain Microsoft security update information. This eliminates the need for you to employ outdated methods like screen-scraping of security bulletin web pages to assemble working databases of necessary and actionable information.

If you have any feedback, you can send them to: [email protected].

Follow me (@Hoorge) on Twitter and join Tech Konnect on Facebook and Twitter (@TechKonnect) to stay current on technology related matters.

How To Fix: Bitlocker Recovery Key Prompts On Every Reboot

windows-10-bitlocker-featured

There are few reports of users having Bitlocker issues following the October 2016 patches.

The issue: On every reboot, the Bitlocker recovery key is required which is quite disruptive and cumbersome. As a workaround in order to solve this issue, the following steps can be taken:

On the next reboot and once in Windows, reset Bitlocker by disabling and re-enabling it.
In administraive command prompt, do the following:
manage-bde -protectors c:-disable
then do this:
manage-bde -protectors c:-enable

At this time, I’m not certain on which patch is causing the issue but I wanted to share this info to help. You can also discuss in this TechNet post.

Follow (@Hoorge) on Twitter and join Tech Konnect on Facebook and Twitter (@TechKonnect) to stay current on technology related matters.

Updated – Microsoft Update Catalog Site

new-ms-update-catalog

The Microsoft Windows team mentioned on August 15, 2016 that they were working on releasing an updated version of the Microsoft Update Catalog which would eliminate the need for ActiveX requirements in order for the site to work in any browser.

The Microsoft Update Catalog website is being updated to remove the ActiveX requirement so it can work with any browser. Currently, Microsoft Update Catalog still requires that you use Internet Explorer. We are working to remove the ActiveX control requirement, and expect to launch the updated site soon.

Good news! As of yesterday, the site has been updated and you can now access the Microsoft Update Catalog site using any browser including Edge, Google Chrome, and others with the following URL: http://www.catalog.update.microsoft.com. Here’s the blog post by Michael Niehaus with the announcement.

Follow (@Hoorge) on Twitter and join Tech Konnect on Facebook and Twitter (@TechKonnect) to stay current on technology related matters.

System Center Operations Manager (SCOM) Console Crash

scom-gsx-solutions

** UPDATE**
(October 19, 2016)
A fix for the SCOM console crash issue as previously blogged below has been released. See the following KB320006 article to obtain the hotfix.

***************************************************************************************************

**Posted on October 18, 2016**

There is a widespread report of System Center Operations Manager (SCOM) 2012 R2 / 2016 console crashes due to some bugs in October 2016 Cummulative Updates, in particular with the following patches: KB3194798 / KB3192392 / KB3185330 / KB3185331.

The product team has acknowledged the issue on their blog post and is said to be working on releasing a fix soon. The current recommendation is to uninstall the problematic patches as a temporary workaround. According to the blog post, an announcement will be made on the SCOM Team blog when a fix has been made available. So, keep a close eye on it.

Links related to this post:

SCOM Product Team Console Issue Ackowledgement
TechNet Discussion
SCOM Product Team Blog
Microsoft Tech Community Discussion

Follow (@Hoorge) on Twitter and join Tech Konnect on Facebook and Twitter (@TechKonnect) to stay current on technology related matters.