How to set the Internet Explorer Home Page via GPO?

There are a few different ways to do it. Do you want to force everyone's home page, and disallow changes? Or do you just want to set a default home page that people can modify?

If you want to force a home page: 

• Create a new GPO or edit the existing one.
• In the Group Policy Management Editor, go to User Configuration -> Policies -> Administrative Templates -> Windows Components -> Internet Explorer.
• Find the policy Disable changing home page settings.
• Set it to Enabled, and specify the URL for your home page.
• Once it applies, the option in IE will be grayed out on the client PC.

If you want to specify a default that people can change:

• My preferred method would be to use Group Policy Preferences to set the necessary Registry values. (Others may disagree.)
• In the Group Policy Management Editor, go to User Configuration -> Preferences -> Windows Settings -> Registry.
• Right click -> New -> Registry Item
• Action = Update
• Hive = HKEY_CURRENT_USER
• Key Path = Software\Microsoft\Internet Explorer\Main
• Value Name = Start Page
• Value Type = REG_SZ
• Value Data = your Home Page URL
• On the Common Tab, check Apply Once and Do not Re-Apply
• This will set the home page by default for everyone, but the user will be free to edit it afterwards.
• If you go this route, I also recommend that you set a value for Default_Page_URL as well,without checking Apply Once and Do not Re-Apply. This will give your users the ability to click the Use Default button in the IE settings and get back to the company home page.
• You probably also want to delete the Secondary Start Pages and Default_Secondary_Page_URL registry values as well.
• If you are unfamiliar with these registry values, it would probably be a good idea to open the Registry Editor and look at HKCU\Software\Microsoft\Internet Explorer\Main to understand how they work.

How to import Duplicate Drivers on SCCM - SMS Provided reported an error

I found a quick script to automate this process.

@ECHO OFF
for /f "tokens=*" %%G IN ('dir /ad /b /s') DO (
echo. > "%%G\%~n0.txt"
)

Just put the above code into a batch file at the root of your directory structure for a given model and name it for that hardware model; e.g., name it Optiplex755.bat and put it in the root of the folders housing the Optiplex 755 drivers.

Executing this simple batch file will create an empty text file named Optiplex755.txt in every sub-directory.

Repeat as necessary for each model and each model’s top-level driver folder.

If you add or change any drivers for a model, just re-execute the script.

Updating Surface Pro 3 drivers and firmware with SCCM and SCUP

Our company has been rolling out Surface Pro 3 devices for several months now. We use SCCM with MDT integration to image these devices and we integrate the latest driver and firmware packages as part of the build process.

As we deployed more Surface Pro 3’s, it was clear that we needed an automated method to update firmware and drivers. We started down the path of creating an application in SCCM but preferred to update our Surface Pro 3’s during monthly patches so we didn’t create an extra reboot for our end users.

I discovered you can use SCUP to deliver Surface Pro 3 drivers and firmware updates as part of your monthly patch process. In the past, it was difficult to do this but as it turns out, Microsoft recently released an .MSI package that installs the latest Surface Pro 3 drivers and firmware making our job much easier.

This guide will help you

Items you will need to create this package:

• WinRAR or a similar compression program with the ability to create a self extracting .exe
• Psexec from Windows Sysinternals
• Working SCCM 2012 and SCUP environment
• At least one Surface Pro 3 to test with
• A directory on local PC’s that can be used to extract temporary data

Start by downloading the latest drivers and firmware updates from Microsoft. You only need to download the latest .MSI file http://www.microsoft.com/en-us/download/details.aspx?id=38826

Download Windows Sysinternals PsExec http://technet.microsoft.com/en-us/sysinternals/bb897553

Download WinRAR, use IExpress.exe or use an alternative self extracting program.

Create a folder named SurfacePro3_15_01_1. I chose this folder name as it matches the .MSI file name for this month and will easily be identifiable as time goes on.

Place the downloaded .MSI file in this folder.

Also place the PsExec file in this folder

Using WinRAR, right click the folder and select Add to Archive

Place a check in the box Create SFX Archive and click OK

On the newly created SurfacePro3_15_01_1.exe file, right click and left click Open with WinRAR

On the WinRAR toolbar, click on SFX, then click on Advanced SFX options

On the General tab on the path to extract section enter the path you want to extract the .MSI file. I use the absolute path of C:\Windows\Defminl\Drivers

On the Setup tab, in the Run after extraction section enter in“C:\Windows\Defminl\Drivers\SurfacePro3_15_01_1\psexec.exe” -s -accepteula msiexec /i  “C:\Windows\Defminl\Drivers\SurfacePro3_15_01_1\SurfacePro3_15_01_1.msi” /qn REBOOT=ReallySuppress

On the Modes tab, ensure the Hide all radio button is selected.

On the Update tab, ensure the Extract and replace files and Overwrite all files radio button is selected.

Click OK, then OK again to save the file

I recommend to test the packaged .exe on a test VM before proceeding. It’s much easier to get any issues corrected now rather than to find out after you publish it with SCUP.

When satisfied with the results of your custom .exe, copy to your user profile on your server with SCUP installed to C:\Users\\Documents\LocalSourcePublishing

Adding the drivers and firmware updates to SCUP

Open SCUP

Add a new product to SCUP. I named mine Microsoft Corporation (Drivers and Firmware)

Create a new Software Update in your newly created product group.

In the Package source field click Browse and then navigate to your SurfacePro3_15_01_1.exe file

Click the checkbox Use a local source to publish software update content

Click Next

On the Required Information screen, fill in the information as shown

On the Optional Information screen, fill in the information as shown

On the Prerequisites screen, click Next

On the Superseded Updates screen, click Next

On Installable Rules screen click on the star icon to add a new rule.

Choose rule type of System/WMI Query
In the WMI namespace field type in: root\cimv2
In the WMI query filed type in: Select * From Win32_ComputerSystemProduct WHERE Name LIKE “Surface Pro 3″

Click OKThis WMI query ensures that this package is only intended for Surface Pro 3 computers.

While still in the Installable Rules click on the star icon to add another rule.
In this rule, change the following: Common path: Windows Path: Firmware File Name:UEFI.3.11.450.0.cap

Click OKHighlight the line you just added that starts with File ‘[Windows] and click on the explanation point so the file reads NOT: File ‘[Windows]

Click Next

On the Installed Rules screen, click the star icon to add a rule.
In this rule, change the following: Common path: Windows Path: Firmware File Name:UEFI.3.11.450.0.cap

Click OK

Click Next

Review the summary screen and click Next and then Close.

Publish this update with SCUP and then synchronize your Software Update point. If your new update doesn’t appear in All Software Updates you may need to add your new product under SCCM>Administration>Site Configuration>Sites>Site Server name>Configure Site Components>Software Update Point>Products, then synchronize again.

Add your new update to a test Software Update Group, deploy and test.

Hope this helps in getting your Surface Pro 3’s up to date.

Setup Office to be installed in a task sequence

To customize Office Setup, use the command line setup.exe /admin to start the Office Customization Tool. In this example (using Configuration Manager 2007 to deploy the Office Professional Plus 2010), at a command prompt, run setup.exe /admin from the package source directory,

To ensure that Office Professional Plus 2010 is silently installed, modify and configure the settings as follows:

In the Licensing and user interface dialog box, set the Display Level to None, which will then enable the Suppress modal check box.

Verify that the Completion notice and No Cancel options are not selected.

Enter a valid 25-character volume license key in the Product Key box that is located under Licensing and user interface.

Select the “I accept the terms in the License Agreement check box”.

Save and name the newly created .msp file, and then put it in the \Updates folder for Office Professional Plus 2010 on the computer that contains the package source directory, which in this example is …Office14\Updates\CustomOffice2010SilentInstall.MSP.

Caution:

During the initial installation of Office Professional Plus 2010 if there are multiple .msp files that are located in the Updates folder (the Setup customization file that was created by using the OCT), you need to ensure that the Setup customization file is the update applied at the beginning of the installation. This is performed by ensuring the desired .msp file is alphabetically first. In this example, if there were more than one .msp file, you would rename the file CustomOffice2010SilentInstall.MSP to 1_CustomOffice2010SilentInstall.MSP. For additional information about how to deploy updates during an initial installation of Office Professional Plus 2010, see Distribute product updates for the 2007 Office system (http://go.microsoft.com/fwlink/?LinkID=146924).

How to fix UEFI PXE boot Error

as shown in the screenshot below

 Solution

There are a few solutions to this problem, but basically all involve the same thing, make sure that the task sequence that ‘answers’ your UEFI hardware, contains a 64 bit boot image as shown below

In general, the task sequence that answers is the last task sequence deployed to the collection that your computer you are booting is a member of.

You can either add the computer in question (computer+mac address) to a collection that has a task sequence deployed to it with a 64bit boot image or re-deploy a task sequence with a 64 bit boot image to the collection that this computer is a member of, or change the current task sequence to use a 64 bit boot wim instead of a x86 bit boot wim.

TiP: If you cannot make a change to any of the UEFI Network deployments then another idea is to use usb or ISO based Standalone or boot media containing the 64bit boot image.

Be aware that changing the architecture of your boot wim may cause some executables to fail to run in Windows PE  as the ‘subsystem’ in WinPE will have changed architecture from 32bit to 64bit.  This also means that you can only install a 64 bit operating system using this boot image.

“To install Windows to an EFI-based computer, you must enable EFI mode in the computer’s firmware and boot with 64-bit pre-installation media. ” – source, Technet.

Once you’ve made the changes above, UEFI network boot a client computer again, and you should see it’s using the boot.wim file (package ID) that you attached to the task sequence, in this case it’s using a 64bit boot wim (P0100002.wim)

as you can see here…

The end result, is a working UEFI network boot !

Create a "Build and Capture" Task Sequence for Windows 8.1

Extract ISO

Download and extract MS provided Windows 8.1 Professional ISO to a network share

Add and distribute Install.wim

The only file that we really need from the extracted source above is Install.wim under Sources folder. We will need to add that wim file to ConfigMgr Operating System Images

In the Configuration Manager console, click Software Library. In the Software Library workspace, expand Operating Systems, and then expand Operating System Images . For my convenience, I have created a folder structure as below and you can define your own. After selecting your target folder, click Add Operating System Image on the ribbon.

Specify the network UNC path to the extracted install.wim file and click Next.

On the General page, add optional version and/or comments and click next

On the Summary page, click Next

Make sure there is no error on the Completion Page and click Close.

Now distribute this OS image to the DP associated with your target VM. You do not need to distribute it to all your DPs.

With the image selected, click on Distribute content on the ribbon

On the General page, click Next

On the Content Destination page, click Add and then click Distribution Point. Check the target DP and click OK. Then click Next

On the Summary page, click Next and then click Close on the Completion page.

Step 3: Create & Deploy Build and Capture Task Sequence

In the Configuration Manager console, click Software Library. In the Software Libraryworkspace, expand Task Sequence. For my convenience, I have created a folder structure as below and you can define your own. After selecting your target folder, click Create Task Sequence on the ribbon.

On the Create New Task Sequence page, select Build and capture a reference operating system image and click next

On the Task Sequence information page, specify a Task sequence name and select a boot image.

On the Install Windows page, click browse and select the Microsoft provided image that we imported and distributed in the previous step. There is only one image to choose. I have specified KMS key as my product key. You can look at KMS client setup keys at:http://technet.microsoft.com/en-us/library/jj612867.aspx

On the Configure Network page, we will choose to add this machine to a workgroup (remember this is just a capture TS and not the one that will go on all our user machines). Click Next

On the Install Configuration Manager Client page, click Next

On the Include Updates page, we will stick with the default option to not install any.

On the Install Applications page, add your Tier 0 apps and click Next. If you added your applications as packages you will have to add them to the task sequence later

On the System Preparation page click next.

On the Image Properties page add optional image properties

On the Capture Image page, specify the network UNC path of the file where the capture image will be saved. Click Set to specify a domain account which has access to write to that share. Click next.

On the Summary page click next and then close the completion page.

Task sequences are deployed to collections, I have created a collection to target this TS with an Include Collections membership rule.

Our new VM will not be in CM database and hence will see the TS advertised. To deploy the TS, select the TS and click Deploy on the ribbon.

On the General page browse and select your target collection and click Next

On the Deployment Settings page, select Available as the purpose and we will make this TS available to Only media and PXE. Click Next

On the Scheduling page, select the deployment availability time appropriately. Deployment expiration is optional. Click Next

On the User Experience ,Alerts  Distribution Points and Summary pages click next.

When you see the completion page, make sure there are no errors and click Close.

This will create a basic build of Windows 8.1 and will capture it with your settings, You can edit the task and add programs or updates

Deploy Adobe Reader XI with SCCM 2012 R2

To deploy Adobe Reader with SCCM 2012 you can download and extract the latest Adobe Reader .EXE to get to the system files ( .msi, .ini, .msp etc..) using the method below.

From the command prompt: AdbeRdr11004_en_US.exe -nos_ne

The following screen will appear.. Adobe Reader XI (11.0.04) – Setup

In this case the Adobe Reader EXE (AdbeRdr11007_en_US.exe)  was extracted on a Windows 7 PC and the extracted files can be found in C:\ProgramData\Adobe\Setup.

The sub-directory under Setup in my case was {AC76BA86-7AD7-1033-7B44-AB0000000001} which is also the GUID or Product ID for this particular MSI.

Now that the Updated Adobe Reader Files are extracted, you can create a SCCM 2012 Adobe Reader Application or create a Package to deploy the Adobe Reader .MSP directly.

 The extracted directory name in this case will also be the uninstall GUID (shown below) when you create your Adobe Reader 11.0.07 application with Configuration Manager 2012.

The extracted Adobe Reader files are shown below.

Create a MST transform

1. Download Adobe Customization Wizard XI from here.
2. Install the application and launch it when done.
3. Click on File -> Copy Package.
4. Enter the information as in the picture below:

5. In the left pane on the Personalization Options, check EULA Option: Suppress display of End User License Agreement (EULA).

6.  On the Installation Options page, select Make Reader the default PDF Viewer, Silently (no interface) and Suppress reboot.

7. On the Shortcuts page, remove Adobe Reader XI under Desktop.

8. On the Security page under Protected View, select All files. Under Enhanced Security Settings, select Enable & Lock for both Standalone and Browser. Under Privileged Locations, add the network shares your company stores common data. You can also add C:\ and other local drives. Check the box next to Prevent end user from adding trusted hosts. See the picture below for how I’d recommend to tighten the security in Adobe Reader. Remember though, these security settings may not apply in your environment. Perform thorough tests before deploying the application.

9. On the Online Services and Features page, check the following boxes:

• Disable product updates
• In Adobe Reader, disable Help > Purchase Adobe Acrobat
• Disable Product Improvement Program
• Disable Viewing of PDF with Ads for Adobe PDF
• Disable all Adobe online services based workflows and entry points

10. Click File -> Save Package.

When creating your package just select the Setup.exe file which will take care of the rest, the only issue I had so far is that it wouldn't uninstall Adobe Reader X, but with the use of a batch file I was able to accomplish this.