Monday, September 13, 2010

Dell Latitude E6500 Broadcom USH Driver

The Driver you need to get this to be found properly in device manager is the Dell ControlPoint Security Device Driver.

Dell link below but this is for Windows 7 64Bit, so find your specific one when looking on the Dell site.

I don’t have this fingerprint scanner installed on our standard hardware set but its listed as a device in the Bios so I assume its still there and I just don’t have the physical fingerprint scanner connected.

Dell Link

Monday, May 12, 2008

WSUS Gotchas

Firstly, use this tool for extended troubleshooting, the Client Diagnostic Tool is invaluable in seeing what is going wrong.

Gotcha 1. - updates failling with error : Windows Update is disabled by policy for user

Make sure this is not disabled:
“Turn off access to all Windows Update features”
Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings

I find that although this is stated as ok and recommended in the MS documentation here its actually not ok and breaks all my users.

Gotcha 2. - Assign one pc to multiple WSUS groups

The big gotcha can come if you assign a computer to more than one group in your WSUS organisation and like me have more than one WSUS server.
Scenario: you are using site based OU’s to assign people to their respective WSUS server, this does wonders when people move sites and they are assigned to their local WSUS server based on IP address. This means they don’t span your WAN links for updates and you don’t have to be as on top of employees moving offices.

If like me you like to have a different set of rules for your employees machines to that of your servers then you will create a servers group, move all your servers into an OU so they are assigned that group exclusively and apply your server patches only to that group.

Problem: my servers are all assigned the root server as their location for updates, because of site based OU’s the group policy is pushing them their local sites server and assigning them to their site based wsus location where they are fed the rules the clients get. This causes some sort of conflict which means WSUS just gives up, it sees them assigned the “Server” group as well as a “Site based OU” which are different and assigned to different servers and as such wsus will never update for this server until you get it out of one of those groups.

Solution: at this stage my only advice is to make sure your normal(site based OU) WSUS update isn’t forcibly rebooting systems and take your servers out of their “SERVER” group and let site based OU’s take over. This required assigning all server updates to that group as well so don’t forget that if you were like me and trying to be neat.

This site here is a great resource for client deployment and explaining all the various fields in the Group Policy that you may need to use.

Friday, May 02, 2008

WU client failed Searching for update with error 0x80244018

I installed an ISA Server with a single NIC config and wanted it to hit my internal WSUS server for updates but when i ran a wuauclt /detectnow at the commandline my windowsupdate.log file would give me this erroneous error.

Error Message:

WU client failed Searching for update with error 0x80244018

The Issue is related to the fact the ISA firewall is locked down to the max by default and so its being blocked.
By following this article Link Here
You need to allow http, https and kerberos-sec UDP in a new access rule from localhost to your wsus box and that fixes the errors for a wsus update.

Wednesday, April 16, 2008

you do not have security rights to perform this operation - MS Config Manager 2007

When building a lab System Center Configuration Server i came across an odd issue, I accidentally logged in as the local admin when i was building it and when i then tried to login as the domain admin I didn’t have permissions to anything in the SCCM console.

Error Message:

you do not have security rights to perform this operation

Log back in as local admin
Expand config manager
Expand site database
Right click site management -> Properties (Security Tab)
and add the appropriate people with rights as per your requirements, in my case i added domain admins and gave them all rights.

Extending your Schema for Microsoft System Configuration Manager 2007

This is a guide for Extending your Schema for Microsoft System Configuration Manager 2007

Root Technet Resource

Note: Windows support tools required for these processes

1. Extend schema with ExtADSch.exe

2. Create sys mgmt container in AD

3. Set Security on the sys mgmt container

4. Publish Config mgr site info

5. Verify site info is published

Thursday, April 03, 2008

Handy WSUS Commands

When im doing troubleshooting i always find random commands that help me along the way, this is the best of the best for WSUS.
Note: all are done at the commandline unless specified otherwise

wuauclt /detectnow
Explanation: Forcing an update/install of a client against the server, this command will force the client to check for new updates and install them if thats enforced in a group policy.

wuauclt /detectnow /reauthorize
Explanation: A variant that can be used when really trying to update a machine in the WSUS database.

wuauclt.exe /resetauthorization
Explanation: This will reauthorize the machine for WSUS updates,

All commands will create an entry in the windowsupdate.log file this is located in the root of your system root (usually WINNT or WINDOWS), make sure its the one without a space as the ‘windows update.log” file is different.

Explanation: This will send reports to the report server immediately.

Wsus Not Applying Group Policy Groups(OU’s) To Computers

Computers would not go into groups thanks to this tickbox—assign-computers-t.aspx

“3. Open WSUS console, click Options->Computers, select “Use Group Policy or
registry settings on computesr” setting and click OK.”

I had initally set it up using the internal WSUS listings then i changed to using site based OU’s to apply their groups but had forgotten about that tickbox from the initial install.

Installing WSUS 3.0 SP1

So i was installing WSUS 3.0 SP1 and I thought I would put all the links i used here.

You need to download the installer HERE
you will need the .net framework installed before installing this or you will get the following error.

Error Message:

WusSetup.exe – Unable To Locate Component

This application failed to start because mscoree.dll was not found. Re-installing the application may fix this problem.

Ms article related to it HERE

.net Framework download link HERE

Wednesday, March 05, 2008

Deploying Vista using WDS

Or maybe you are just curious to see how the new XML format has turned out as i was, this gives you a good indication of what you can expect to have to do to get things running.
I’m using WDS to deploy XP myself, so this isn’t exactly how i do my deployments but its good to see where its going and maybe by the time vistas replacement comes out i’ll be ready to replace the desktop OS in my company.

Link to article HERE.

Page 1 of 1 pages