Rod Trent posted an update in the group IT Fit: New Exercise App Turns Wherever You Are Into an Obstacle […] Posted: 28 Dec 2012 07:54 PM PST |
System Center Configuration Manager (SCCM) 2012 PKI Certificate Setup with XP Machines Posted: 01 Nov 2012 11:32 AM PDT This post is about setting up SCCM 2012 in HTTPS mode. Mainly though, this is a post on making sure the certificates issued by the Certificate Authority (CA) are issued properly. To do the bulk of the work for setting up SCCM in HTTPS this blog post by Marius Sandbu SCCM 2012 and PKI is an excellent resource and one that I recommend following. It also includes the setup for the Certificate Authorities something quite helpful in this process. The Microsoft Technet Documents also provide a great resource Step-by-Step Example Deployment of the PKI Certificates for Configuration Manager: Windows Server 2008 Certification Authority. It's a great resource that provides steps for where Sandbu leaves off, namely at setting up the certificates for the distribution point. However what I mainly wanted to focus on was something that didn't seem to be documented thoroughly; the Group Policy affecting our PC's to cause them to auto-enroll for certificates from the CA. Our network contains both Windows 7 and Windows XP machines. Something we discovered about Windows XP machines is that they don't like certificates with SHA256 encryption or higher. Now this isn't a problem if you want to setup your CA with a lower encryption, but otherwise it's a problem. XP Machines attempt autoenrolling SHA256 certificates. When an XP machine requests a SHA256 certificate, the CA issues one but the XP machine can't install it. This causes a loop, and can result in thousands of bad certificates issued per hour. Microsoft released a hot-fix to fix this problem Windows Server 2003 and Windows XP clients cannot obtain certificates from a Windows Server 2008-based certification authority (CA) if the CA is configured to use SHA2 256 or higher encryption This allows XP machines to accept the higher encrypted certificates. The next step is making sure that our Group Policy doesn't cause XP machines without this HotFix to enroll for Certificates. The key is WMI Queries. Goals of this Project - Create a Group Policy Object (GPO) to apply Auto-Enrollment.
- Create WMI Filters.
- Apply WMI Filters to GPO.
Create a Group Policy Object (GPO) to apply Auto-Enrollment - Open Group Policy Management.
- Right click on the OU you will be applying the GPO to and create a new GPO.
- Name it something like "Certificate Auto-Enrollment for Windows 7 & Above
- Click on the GPO object and go to the Details tab and Disable it. (This way it doesn't start doing anything till we're all done).
- The next step is to right click the GPO object and click Edit.
- Then a window titles "Group Policy Management Editor" will open and we want to navigate to Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Public Key Policies.
- Then we want to right click on Certificate Services Client – Auto-Enrollment and click Properties.
- Then the Properties window will open and you will want to set the configuration model to Enabled and place a check mark in the first two boxes "Renew…" and "Update…" then click apply.
- After this you close this window and the GPO Editor window and your GPO has the right settings.
- Now Repeat steps 1-9 instead naming the GPO "Certificate Auto-Enrollment for XPs with HF".
Create WMI Filters These WMI filters are used to apply the GPO's to certain objects so that we don't see any errors in certificate issuing. - In the Group Policy Management window scroll down to WMI Filters.
- Right click on the WMI Filters and click new.
- Then the "New WMI Filter" window will open.
- Give your filter a name like "Win7 & Up" and a description about what it does
- Then click add and paste in "
SELECT * FROM Win32_OperatingSystem WHERE Version like "6.%" ". - Now Repeat steps 1-3.
- Then name it "WinXP with HF" and give it a description.
- Then click add and paste in "
SELECT * FROM Win32_QuickFixEngineering WHERE HotFixID = "KB968730"" (This identifies if the PC has the hotfix installed). Apply WMI Filters to GPO - In the "Group Policy Management" window go back to our GPOs.
- Click on the GPO.
- Go to the bottom of the window where it says "WMI Filtering" and apply the appropriate filter.
- Go to the "Details" tab and enable the GPO.
- Repeat this for the other GPO.
After this PCs should begin Auto-Enrolling for certificates and you shouldn't have any problems with your XP machines mishandling things. |
SCCM 2012 SP1 Beta - Build Task Sequence is not available after deploying Posted: 19 Oct 2012 10:55 AM PDT I recently created a new task sequence to capture Windows 8. I have other task sequences but they were created before I installed the SP1 beta. After creating my Windows 8 task sequence, I deployed to the All Unknown Computers device collection with my normal settings. I booted my reference machine but did not see the Windows 8 capture task sequence. I only saw the task sequences that I created before the SP1 beta was installed. I checked my deployment settings and confirmed that I had configured everything correctly. After further examination, I noticed that the checkbox [Make available to boot media and PXE] was gone. There was now a dropdown. The dropdown defaults to Only Configuration Manager Clients. Since my reference machines was unknown, it did not meet this requirement. I changed the dropdown to Only media and PXE. Now, when I booted my reference machine the Windows 8 capture task sequence was available.
|
SCCM Guide and Links Posted: 18 Oct 2012 08:24 PM PDT |
Citrix Administrator Job opening Location PA Posted: 17 Oct 2012 11:13 AM PDT AurionPro Solutions Leading Global IT Consulting Services. We've Urgent requirement with one of our client for Citrix Administrator Job opening Location Hershey PA Position Title: Citrix Administrator Position Type & Length:6 month Contract-to-Hire Location: Hershey, PA Technical Expertise and Experience Requirements Must Have: • Citrix XenApp 4.5/5 / 6.5 (CCA Preferred – Must have 2 years' experience with v5) • Configuration and troubleshooting of Applications, Users, Printers, Citrix client software, Active Directory Group Policy Objects, UPM, and Licensing (both Citrix & Terminal Services) • Citrix Web Interface – configuration, customization and troubleshooting • Citrix Secure Gateway & ICA Proxy configuration, customization and troubleshooting • Citrix NetScaler & Access Gateway configuration, customization and troubleshooting • EdgeSight experience is preferred • Minimum MCSE Windows Server 2003 – 4 years or MCITP on Windows Server 2008 R2 – 2 years • IIS & PKI certificate knowledge • A solid understanding of Active Directory configuration and administration, DNS, and Group Policy Nice To Have: • Datacenter Experience • Experience with Mobile Device Access using Citrix (ipad, android devices etc.) • Citrix XenServer • Experience with VMware ESX server or other virtualization solutions Bachelor's Degree Required Thanks Vignesh Sr. Talent Acquisition e mail: vignesh.renikuntla@aurionpro.com Linkedin: http://www.linkedin.com/in/viggy1 Phone: 408-754-6161 Fax: 732 909 2221 AurionPro Solutions, Inc. www.aurionpro.com |
iOS Mobile Developer Job opening GE Posted: 16 Oct 2012 09:13 AM PDT AurionPro Solutions Leading Global IT Consulting Services. We've Urgent requirement with one of our client for iOS Mobile Developer Job opening Location Berlin, Germany Position Title: iOS Mobile Developer Position Type & Length: Permanent Location: Berlin, Germany Note: candidate should willing to go to Germany from USA and client would take care of expenses. Description: The client is an innovative and rapidly growing Internet start-up. They provide flexible, easy and cheap cashless payment solutions to our customers. No matter whether it is a small shop around the corner or a door-to-door-business – their technology will finally enable you to take any card payments anywhere. About the job - Development and implementation of iOS-Apps
- Technical support on the concept development
- Agile development and modern project management with Scrum
- Assessment of requirements
- A team leader position is optional
Required skills and experience - Consultant should have university degree in Computer Science or similar education and a minimum of 3 years of experience as a developer
- should have profound knowledge of software architecture, especially for mobile customers on the basis of Web-Backend and Data Base
- should have experienced in App development for iOS
- should have already worked with Cross-Platform-Development and Web-APIs Framework
- familiar with modern development methods and instruments, as well as with test driven development
- must possess distinct analytical capabilities as well as very good communications and coordination skills
- able to speak English or German
Why joining the client - Work with a revolutionary product which inspires not only us but also our customers and business partners
- A dynamic, entrepreneurial and friendly working environment
- Attractive and performance-based salary
- Flexible structure, flat hierarchies and opportunities for career advancement
Thanks Vignesh Sr. Talent Acquisition e mail: vignesh.renikuntla@aurionpro.com Linkedin: http://www.linkedin.com/in/viggy1 Phone: 408-754-6161 Fax: 732 909 2221 AurionPro Solutions, Inc. Edsion, NJ www.aurionpro.com |
Attempting to Connect to the Database Generates an Error Posted: 16 Oct 2012 09:00 AM PDT If your account does not have Remote Activation permission on the site server and the SMS Provider computer, you get an error message telling you that you cannot connect to the site database. Solution Grant Remote Activation permission on the site server and the SMS Provider computer. If you are attempting to manage a secondary site, you must have rights to the SMS Provider at the parent site. |
Error Message: This Function Is Not Supported on This Site System Posted: 16 Oct 2012 08:58 AM PDT If you do not have permissions to the files and registry keys needed to run the Configuration Manager 2007 console, you get the error message "This function is not supported on this site system." Solution Verify that your account is a member of the SMS Admins group on the SMS Provider computer. You might also see this error if you are not a member of the local Administrators group; however, you can first run MMC and then add the Configuration Manager 2007 console as a snap-in instead of being a local Administrator on the Configuration Manager 2007 console computer. After the new console session is saved, you can also run the new console without being a local Administrator. |
Fynatic started the forum topic The Power of Task Seqence - Run as Administrator not Different User in the group System Center Configuration Manager 2007 Posted: 28 Dec 2012 01:10 PM PST Sorry for the nubbie questions. I havent had any formal training on this and Im doing my own research for now until I get the training in the new year. Anyway, Im pretty sure this has come up in the past by i […] Comments: 0 |
Svetozar Nedeljkovic joined the group SCCM Right-click tools Posted: 28 Dec 2012 12:51 PM PST Comments: 0 |
Fynatic joined the group System Center Configuration Manager 2007 Posted: 28 Dec 2012 12:44 PM PST Comments: 0 |
Garth Jones wrote a new post, File not in a list Posted: 28 Dec 2012 10:57 AM PST |
Svetozar Nedeljkovic joined the group System Center Configuration Manager 2007 Posted: 28 Dec 2012 12:24 PM PST Comments: 0 |
Rick Stanley became a registered member Posted: 28 Dec 2012 12:11 PM PST Comments: 0 |
gabidias commented on the post, Beware the Windows 8 to Windows RT Profile Sync Posted: 28 Dec 2012 11:46 AM PST Any follow-up on this? I've just bought a Surface and configured everything, but now my Win 8 Pro laptop doesn't seem to get the settings I've made there... Comments: 0 |
Garth Jones wrote a new post, File not in a list Posted: 28 Dec 2012 10:57 AM PST |
Garth Jones wrote a new post, File not in a list Posted: 28 Dec 2012 10:57 AM PST |
File not in a list Posted: 28 Dec 2012 10:57 AM PST |
Rod Trent posted an update in the group Windows Intune: Download: Windows Phone 8 Device Management with Windows Intune Posted: 28 Dec 2012 10:05 AM PST |
Rod Trent wrote a new post, Download: Windows Phone 8 Device Management with Windows Intune Posted: 28 Dec 2012 10:03 AM PST Download this paper and get a step-by-step overview for the topics required to manage a Windows Phone 8 device using Windows Intune. This is not an elaborate, screen-captured extravaganza, but instead a brief, […] Comments: 0 |