Friday, December 13, 2013

ADM Template for Date format - Short and Long Style

Here is the template for Date format - Short and Long Style


CATEGORY "Control Panel"

        CATEGORY "Regional Settings"

            POLICY "Specify Date Settings"

             KEYNAME "Control Panel\International"

            EXPLAIN !!expSetDateFormat

                        PART "Short date style"  DROPDOWNLIST REQUIRED

                        VALUENAME "sShortDate"


                                    NAME "M/d/yy"            VALUE "M/d/yy"

                                    NAME "M/d/yyyy"          VALUE "M/d/yyyy"

                                    NAME "MM/dd/yy"          VALUE "MM/dd/yy"

                                    NAME "MM/dd/yyyy"        VALUE "MM/dd/yyyy"

                                    NAME "yy/MM/dd"          VALUE "yy/MM/dd"

                                    NAME "dd-MMM-yy"         VALUE "dd-MMM-yy"

                    NAME "yyyy/MM/dd"        VALUE "yyyy/MM/dd"                       

            NAME "dd.MM.yyyy"        VALUE "dd.MM.yyyy" DEFAULT

                        END ITEMLIST

                        END PART       

                        PART "Long date style"   DROPDOWNLIST REQUIRED

                        VALUENAME "sLongDate"


                NAME "dddd d MMMM yyyy"        VALUE "dddd d MMMM yyyy" DEFAULT

                                NAME "dddd MMMM dd, yyyy"     VALUE "dddd MMMM dd yyyy"

                                NAME "MMMM dd yyyy"           VALUE "MMMMdd yyyy"

                                NAME "dddd dd MMMM yyyy"      VALUE "dddddd MMMM, yyyy"

                                NAME "dd MMMM yyyy"           VALUE "dd MMMM yyyy"

                NAME "MMMM d, yyyy"           VALUE "MMMM d, yyyy"

                        END ITEMLIST

                        END PART

                    END POLICY




expSetDateFormat="Specifies the format for client default date format"

Thursday, December 5, 2013

View the BitLocker Recovery Keys in AD

In order Help Desk Support Team to see BitLocker Recovery Keys in AD they must have appropriate permissions.

MS provided a script that should be executed on Domain Controller and will allow to the members of the specified AD Security Group to have Read permissions on BitLocker objects in AD.

Here is the link from MS. The script for delegating permission in AD is in Appendix A:

Tuesday, November 26, 2013

How to obtain the BitLocker Recovery Password Viewer tool

To obtain the BitLocker Recovery Password Viewer tool for Windows Server 2008, Windows Vista and older OS here is the link :

For Windows 7 first RSAT (Remote Server Administration Tools for Windows 7 with SP1) should be installed and after that from Turn WindowsFeatures on or off  »BitLocker Recovery Password Viewer« can be installed.

For Windows Server 2008 R2 it is in »Add Features«, »Remote Server Administration Tools«,  »Feature Administration Tools«, »BitLocker Diver Encryption Administration Utilities« and select »BitLocker Recovery Password Viewer«.

Tuesday, October 22, 2013

TPM cannot be enabled without physical presence.

During SCCM 2012 TS to enable start BitLocker encryption of OS drive, Task Sequence failed with following error:

The task sequence execution engine failed executing the action (BitLocker on C: Drive) in the group () with the error code 2147500037
Action output: ==============================[ OSDBitLocker.exe ]==============================
Command line: "OSDBitLocker.exe" /enable /wait:True /mode:TPM /pwd:AD
'IsSrkAuthCompatible' failed (2150105106)
'IsEndorsementKeyPairPresent' failed (2150105095)
TPM cannot be enabled without physical presence. The operating system reported error 2147500037: Unspecified error

Reason for this BitLocker Message issue is because TPM was not enabled during the SCCM Task Sequence.
For HP Models a solution is to export BIOS configuration in txt file and find right setting which enable TPM.
BiosConfigUtility.exe /getconfig:config.txt

Enter this BIOS setting in a file that will be used to modify BIOS settings.
This commands are particularly for HP machines:
BiosConfigUtility.exe /CurSetupPassword:"password" /setconfig:EnableTPM.REPSET

For model HP EliteBook 2570p EnableTPM.REPSET file should look like this:

TPM Activation Policy
    F1 to Boot
    Allow user to reject
    *No prompts
Activate TPM On Next Boot

BiosConfigUtility can be downloaded from HP web site.

Thursday, October 17, 2013

Enabling TPM on HP machines using SCCM 2012

To enable TPM on HP machines there is a tool from HP, Bios Configuration Utility, that modifies BIOS settings from Windows.To modify specified values to BIOS, first they can be exported using following command:
BiosConfigUtility.exe /getconfig:filename.txt

After verifying the exported file the values that we want to modify can be added in new file.
For example, to activate TPM on HP ProBook 6565b these value should be used:

OS Management of TPM
Embedded Security Activation Policy
    F1 to Boot
    Allow user to reject
    *No prompts
Activate Embedded Security On Next Boot

Next step is to execute the command to activate TPM on the specified model. Here it is important to note that to do this step there must be BIOS password enabled.
Here is the command:
biosconfigutility.exe /CurSetupPassword:"password" /setconfig:EnableTPM.REPSET

This command can be added in cmd file, and together with EnableTPM.txt can be added in SCCM package that latter can be executed in Task Sequence.

If you need to verify if TPM is enabled in the BIOS then this WMI command can be used:

SELECT * FROM Win32_Tpm where IsEnabled_InitialValue="False"

This command is considered for following WMI Namespace:

This command can be placed in Task Sequence:


Friday, October 4, 2013

Initializing the TPM Security hardware. Access denied.

Durring manual activation of Bitlocker in order to encrypt Operating system drive there is a message Access Denied.

To mention that TPM is already configured on the local machine. The reason why this message appears is that GPO is configured to write TPM Backup information in AD.

Here the question is that there is not enough permissions to write requested TPM information in AD.

If you follow this article and give enough permissions to SELF account then Bitlocker Encryption will continue.

Tuesday, August 6, 2013

Migrating a virtual machine from Windows XP to Windows 7 in VM Ware Workstation during SCCM 2007/2012 TS Migration

If there is Windows XP SP3 32-bit installed on VMWare Workstation with chosed Windows XP Professional platform then after migration to Windows 7 64-bit then Network card is not recognized in Windows 7.

In order to install Network Card in Windows XP SP3 which should be automatically recognized during migration to Windows 7 local VMWare vmx for the specified VMWare machine file should be modified.
After the line: ethernet0.addressType = "generated"

add the following line:

ethernet0.virtualDev = "e1000"

This line specify adding of Intell e1000 NIC.

After Windows XP booting you will be asked to install NIC drivers.

Here is the link from where Intel NC drivers can be downloaded:

During the installation, instal just the drivers, not other components.

Monday, July 29, 2013

Migrate Regional Settings -Text Services and Input Languages using USMT 5.0

To migrate Text Services and Input Languages using USMT 5.0 from Windows XP to Windows 7 this specified setting should be configured in config.xml file:

<component displayname="Microsoft-Windows-Win32k-Settings-DL" migrate="no" ID=""/>

Also I specified following settings:

<component displayname="Microsoft-Windows-International-TimeZones-DL" migrate="no" ID=""/>

    <component displayname="Date, Time, Language and Region" migrate="no" ID="date_time_language_and_region">

      <component displayname="Regional Language Options" migrate="no" ID="date_time_language_and_region\regional_language_options">

        <component displayname="Microsoft-Windows-TextServicesFramework-Migration-DL" migrate="no" ID=""/>

        <component displayname="Microsoft-Windows-MUI-Settings-DL" migrate="no" ID=""/>

        <component displayname="Microsoft-Windows-International-Core-DL" migrate="no" ID=""/>


To get prepared config.xml create firs with /genconfig and /targetwindows7 switches.

Monday, February 4, 2013

Task Sequence failed with the error code (0×80070002); Network access account credentials not supplied

Task Sequence on SCCM 2012 has failed with following error:

Task Sequence failed with the error code (0×80070002)

Smsts.log file from target machine showed following:

Network access account credentials not supplied

After that Task Sequence failed:

To resolve this issue, Network Access Acount has to be configured in SCCM 2012.

Click on Sites-> Right click on Distribution Point -> Click on Configure Site Components ->Software Distrubition.

Click on Network Access Account and specify account with natwork access location perimisions.

Friday, February 1, 2013

Task sequence execution failed with error code 80004005

Durring OS deployment SCCM 2007 Task Sequence can crash and on the target machine in the C:\SMSTSLog\smsts.log file there is a following line:
The step (HP QuickLaunch Buttons 1.0) must be running in full OS

Failed to run the action: HP QuickLaunch Buttons 1.0.
The request is not supported. (Error: 80070032; Source: Windows) TSManager 1/31/2013 8:02:24 PM 260 (0x0104)


This issue is result that the machine is still in Windows PE mode.
To run in Windows OS Full Mode, Restart Windows component in SCCM Task Sequence should be modified to "The currently installed default operating system".

Monday, January 7, 2013

Firefox Bookmarks and USMT 4.0

Firefox Bookmarks and profile migration using USMT 4.0 is supported.
In migapp.xml there is a section which support migration of Firefox  3.0.
To support migration of all version of Mozila Firefox the original migapp.xml  should be modified.

This line:

MigXmlHelper.DoesObjectExist("Registry","%HklmWowSoftware%\Mozilla\Mozilla Firefox 3.*\bin [PathToExe]")

should be replaced with this line:

MigXmlHelper.DoesObjectExist("Registry","%HklmWowSoftware%\Mozilla\*.*\bin [PathToExe]")