Uninstalling silently SP 2 (Service Pack) for Microsoft Office 2010

Uninstalling line of SP 2 for MS Office 2010 can be found in registry:

Uninstalling string contain:

"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}" "1033" "0"

Applying this string in CMD doesn't provide silent uninstall. Tried separately Oarpmany.exe with help switch doesn't show any silent switches.

Workaround for silent uninstall of SP2 for Office 2010 was to apply the following command:


MsiExec.exe /package {90140000-0011-0000-0000-0000000FF1CE} /uninstall {DE28B448-32E8-4E8F-84F0-A52B21A49B5B} /qn

where {90140000-0011-0000-0000-0000000FF1CE} is Office 2010 GUID and {DE28B448-32E8-4E8F-84F0-A52B21A49B5B} is SP2 GUID specified in the uninstall string.

 

Software Updates in SCCM fail to download and install; Failed to download update Error = 0x80040669

Deploying Software updates using SCCM 2007 on Windows 7 stuck on update: KB2675662

Analyzing UpdatesHandler.log showed: Failed to download update Error = 0x80040669

 WUAHandler.log files shows that this updated contains two updates where one is missing.

 Checking this updates in SCCM Console shows that Content ID 90811, related with MS012-034, is missing.

After downloading this updates again and applying to the machine, the update was successfully installed.

After machine restarting all other updates started to come and to install.

Add Menu Bar in IE Internet Explorer using registry key

Using this registry key allows Menu Bar to be shown when you open IE 9 on Windows 7 64bit.

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main]
"AlwaysShowMenus"=-

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main]
"AlwaysShowMenus"=dword:00000001

To remove Menu Bar from IE:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main]
"AlwaysShowMenus"=-

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main]
"AlwaysShowMenus"=dword:00000000

To allow Menu Bar to be turned on and off by the user:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main]
"AlwaysShowMenus"=-

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main]
"AlwaysShowMenus"=-

Disable Windows Defender using registry key in SCCM TS

Windows Defender can be disabled with following two registry keys which can be included in SCCM 2007 Task Sequence:

reg add "HKLM\SOFTWARE\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f /reg:64

reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f /reg:64


The following two components are successfully tested on Windows 7 SP1 x64:

“This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator.”

This messаge “This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator.”

 

appears on Internet Options on Internet Explorer 8 installed on Windows 7 SP1.

 Solution for this issue to install KB2936068

SCCM Dynamic Collection based on OS, Architecture and Machine model

Here is the SCCM Dynamic Collection query based on OS, Architecture and Machine model.
In this case: Windows 7 Enterprise, x64 and model: HP ProBook 6570b.

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceId = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.Model in ("HP ProBook 6570b") and SMS_G_System_OPERATING_SYSTEM.Caption = "Microsoft Windows 7 Enterprise" and SMS_G_System_COMPUTER_SYSTEM.SystemType = "x64-based PC" and SMS_R_System.OperatingSystemNameandVersion = "Microsoft Windows NT Workstation 6.1" and SMS_R_System.Client = 1 and SMS_R_System.Obsolete != 1

Installation failed with error: 0x80070656. The operating system reported error 2147944022: Error opening installation log file.

Deploying HP WebCam 1.0.26.3 with SCCM 2007 on Windows 7 64-bit resulted with following error:

Installation failed with error: 0x80070656. The operating system reported error 2147944022: Error opening installation log file

This software was deployed regularly using Install Software SCCM Task Sequence component.

After spending some time with testing and log analyzing, I tried Command line Task Sequence component where I specified setup.exe command, the package and credentials for admin user.
After TS launching, the issue was successfully resolved and HP WebCam software installed on the machine.

An error occured while starting the task sequence (0x80070032).

SCCM TS failed with starting Windows 7 OSD:

Solution for this issue is to format HDD with diskpart:

1. F8 for Command prompt.
2. Diskpart
3. Select disk 0
4. clean
5. Exit

After restarting the machine TS start without to report any issue.

Disable Windows features on Windows 7 x64 with SCCM 2007 TS

DISM command can be used to Disable Windows features on Windows 7  with SCCM 2007 TS.

Here is the syntax for disabling Fax Services:

DISM /online /Disable-Feature /FeatureName:FaxServicesClientPackage /Quiet /NoRestart

This syntax can be added in TS component and it works for Windows 7 x86 architecture.

For Windows 7 x64, SCCM 2007 reports an error:

The operating system reported error 11: An attempt was made to load a program with an incorrect format.

In order to resolve the error, Disable 64-bit file system redirection check box should be enabled.

 

SCCM 2007 OSD Build and Capture Task sequence failled during installing Windows updates

Installing Software Updates fails during Build and Capture Task sequence.
This issue can be caused from multiple reasons, requiring restarts, dependencies from other updates..etc
To clear all these issues, I implemented three Software updates component, configured with Continue on error followed with Restart after each Software updates component.
Using this way  all errors, restarts, after installation issues were resolved and Capture part of TS can continue without any issue.

WMI Filter for Windows 7 x86 or x64 OS

If you want to use WMI Query in SCCM TS to make difference between Windows 7 x86 and Windows 7 x64 then this WMI query should be used:

Win 7 32 bit machines:

select * from Win32_OperatingSystem WHERE Version like "6.1%" AND ProductType="1" AND NOT OSArchitecture = "64-bit"

Win 7 64Bit machines:

select * from Win32_OperatingSystem WHERE Version like "6.1%" AND ProductType="1" AND OSArchitecture = "64-bit"

SCCM 2007 Build and Capture Task Sequence with Software update failed

During Build and Capture Task Sequence, Software update installing is failing and Capture of the image does not start.
smsts.log file shows following error:

!sVolumeID.empty(), HRESULT=80004005
!sTSMDataPath.empty(), HRESULT=80070002
TS::Utility::GetTSMDataPath( sDataDir ), HRESULT=80070002
Failed to set log directory. Some execution history may be lost.
The system cannot find the file specified. (Error: 80070002; Source: Windows)
Executing task sequence
!sVolumeID.empty(), HRESULT=80004005
!sTSMDataPath.empty(), HRESULT=80070002

Task Sequence environment not found

This issue is reported by Microsoft: http://support.microsoft.com/kb/2894518

Here is the explanation of the cause from MS:

The first restart that is initiated by the software update is controlled by the task sequence. However, the second restart request is initiated by a Windows component (typically, Component-Based Servicing) and therefore is not controlled by the task sequence. Because the second restart is not controlled by the task sequence, the task sequence execution state is not saved before the restart. When the task sequence resumes after the second restart, no state is available to continue successfully.
______________________________________________________

To resolve this issue, it is recommended to remove following updates:

2862330 MS13-081: Description of the security update for 2862330: October 8, 2013
2771431 A servicing stack update is available for Windows 8 and Windows Server 2012
2871777 A servicing stack update is available for Windows RT, Windows 8, and Windows Server 2012: September 2013
2821895 A servicing stack update is available for Windows RT and Windows 8: June 2013

2545698 Text in some core fonts appears blurred in Internet Explorer 9 on a computer that is running Windows Vista, Windows Server 2008, Windows 7, or Windows Server 2008 R2

2529073 Binary files in some USB drivers are not updated after you install Windows 7 SP1 or Windows Server 2008 R2 SP1
2871690 Microsoft security advisory: Update to revoke noncompliant UEFI boot loader modules


In my case I had only 2862330 and 2529073. After their removal TS finished successfully.

BIOS/TCG Memory Overwrite Control: Error changing value

As a result of not properly restarted, the machine cannot boot and it asks for BitLocker recovery password. Turning off and turning on the machine enables Windows to start properly. 
The machine is Windows 7 with BitLocker encrypted HDD.


This specified error appears in System Log in Event Viewer:

BIOS/TCG Memory Overwrite Control: Error changing value

The Event ID: 24626 is explained in Technet:

http://technet.microsoft.com/en-us/library/cc733884(v=ws.10).aspx

Microsoft recommends to Revert or to Upgrade Computer BIOS.

BitLocker and repair-bde

In a case of  HDD damaging and failing BitLocker Encryption where the status of the partition is unknown then repair-bde command for recovering folders and files can be used on Windows 7.

For testing purposes I was repairing D: partition using repair-bde D: U: -rp (BitLocker Recoverry password) -Force

The content of D: was restored to U: partition which is external drive.
-rp switch is BitLocker Recovery Password.
 -Force is switch to force moving files from D: to U: because they are locked.

repair-bde usage:

repair-bde[.exe] InputVolume

                  { OutputVolumeOrImage | {-NoOutputVolume|-nov} }

                  { {-RecoveryPassword|-rp} NumericalPassword |

                    {-RecoveryKey|-rk} PathToExternalKeyFile }

                  [{-KeyPackage|-kp} PathToKeyPackage]

                  [{-LogFile|-lf} PathToLogFile]

                  [{-?|/?}]

Description:

  Attempts to repair or decrypt a damaged BitLocker-encrypted volume using th

  supplied recovery information.

  WARNING! To avoid additional data loss, you should have a spare hard drive

  available. Use this spare drive to store decrypted output or to back up the

  contents of the damaged volume.

Parameters:

  InputVolume

                The BitLocker-encrypted volume to repair. Example: "C:".

  OutputVolumeOrImage

                Optional. The volume to store decrypted contents, or the file

                location to create an image file of the contents.

                Examples: "D:", "D:\imagefile.img".

                WARNING! All information on this output volume will be

                overwritten.

  -nov or -NoOutputVolume

                Attempt to repair a BitLocker-encrypted volume by modifying t

                boot sector to point to a valid copy of BitLocker metadata.

                WARNING! To avoid additional data loss, use a sector backup

                utility to back up the input volume before using this option.

                If you do not have such a utility available, specify an outpu

                volume or image instead.

  -rk  or -RecoveryKey

                Provide an external key to unlock the volume.

                Example: "F:\RecoveryKey.bek".

  -rp  or -RecoveryPassword

                Provide a numerical password to unlock the volume.

                Example: "111111-222222-333333-...".

  -kp  or -KeyPackage

                Optional. Provide a key package to unlock the volume.

                Example: "F:\ExportedKeyPackage"

            If this option is blank, the tool will look for the key package

            automatically. This option is needed only if required by the tool

  -lf  or -LogFile

                Optional. Provide a path to a file that will store progress

                information. Example: "F:\log.txt".

  -f   or -Force

                Optional. When used, forces a volume to be dismounted even if

                it cannot be locked. This option is needed only if required b

                the tool.

  -?   or /?

                Shows this screen.

Examples:

  repair-bde C: -NoOutputVolume -rk F:\RecoveryKey.bek -Force

  repair-bde C: D: -rp 111111-222222-[...] -lf F:\log.txt

  repair-bde C: D: -kp F:\KeyPackage -rp 111111-222222-[...]

  repair-bde C: D:\imagefile.img -kp F:\KeyPackage -rk F:\RecoveryKey.bek

BitLocker Pre-Provisioning: The operating system reported error 255: The extended attributes are inconsistent.

 The operating system reported error 255: The extended attributes are inconsistent. - error message appears in SCCM 2012 log during BitLocker Preprovisiong to Windows 7 machine.

Here is the explanation from MS for BitLocker Pre-Provisioning:

The Pre-provision BitLocker task sequence step in Microsoft System Center 2012 Configuration Manager allows you to enable BitLocker from the Windows Preinstallation Environment (Windows PE) prior to operating system deployment. Only the used drive space is encrypted, and therefore, encryption times are much faster. This is done with a randomly generated clear protector applied to the formatted volume and encrypting the volume prior to running the Windows setup process. The ability to pre-provision BitLocker was introduced with Windows 8 and Windows Server 2012. However, you can pre-provision BitLocker on a hard drive and install Windows 7 as long as you follow specific steps. After Windows 7 Setup completes, you must set a BitLocker key protector because the Windows 7 BitLocker control panel does not support BitLocker with a clear protector. You must add a key protector by using the Enable BitLocker step or by using the manage-bde.exe command-line tool.
________________________________________________________________________________
The scenario is to have C: and D: partitions on Windows 7 machine and both partitions to be BitLocker encrypted.
BitLocker Pre-Provisioning TS embeded components for C: and D: are applied in WinPE, before Image applying. That means both drives are pre-provisioned, only the used drive space is encrypted.

To the end of TS, regular BitLocker TS embeded components for C: and D: are applied in Windows mode and Recovery passwords are updated to the computer object in AD.  

Checking the SCCM Logs show this specified error:  The operating system reported error 255: The extended attributes are inconsistent for C: partition (on the first picture in this article)

Encryption of D: is without an error message. (the picture below:)

In order to avoid this specified error, Pre-Provisioning of D: should be removed and only C: drive should be Pre-Provisioned. D: drive should be encrypted using regular BitLocker TS embeded component.

The error  The operating system reported error 255: The extended attributes are inconsistent. appear because during D: partition BitLocker Pre-Provisioning, TPM is again reinitialized and proper attributes are created. Now, when the regular BitLocker TS embeded component for C: to the end of TS should close Pre-Provisioning encryption, it finds attributes related to D: drive but not to C: which should suppose to get and for that reason we get this error. 

SetBIOSSetting: Dependency Condition is not met returnCode="32769"

This error happened on HP 6565b:


<BIOSCONFIG Version="2.60.13.1" Computername="Win7-comp1" Date="2014/02/21" Time="10:53:06" UTC="-5" >
<SETTING changeStatus="fail" name="Embedded Security Activation Policy" reason="SetBIOSSetting: Dependency Condition is not met" returnCode="32769">
    <OLDVALUE><![CDATA[F1 to Boot]]>
    <NEWVALUE><![CDATA[No prompts]]></SETTING>
<SETTING changeStatus="fail" name="Activate Embedded Security On Next Boot" reason="SetBIOSSetting: Dependency Condition is not met" returnCode="32769">
    <OLDVALUE><![CDATA[Disable]]>    <NEWVALUE><![CDATA[Enable]]></SETTING>
<ERROR msg="Failed to set BIOS config" />
<Warning msg="BCU return value" real="16" translated="16" />
</BIOSCONFIG>

This issue was detected using Biosconfig.exe utility to modify BIOS Value and to activate TPM  on the specified model.

Possible cause: The right BIOS password was not used to access and modify BIOS Values.
Verifying...

Solution:

BIOS password needs to be set.

This can be done by adding the two commands: 

 

biosconfigutility.exe /nspwd:xxxxx 

biosconfigutility.exe /cspwd:xxxxx /setconfig:test.txt

Invalid namespace (Error: 8004100E; Source: WMI)

SCCM TS Deployment of BitLocker failed with this error in local machine smsts.log file:

Invalid namespace (Error: 8004100E; Source: WMI)

Also SCCM Deployment log shows this error:

The task sequence execution engine failed executing the action (BitLocker ) in the group () with the error code 2147749902
Action output: ==============================[ OSDBitLocker.exe ]==============================
Command line: "OSDBitLocker.exe" /enable /wait:True /mode:TPM /pwd:AD
Failed to open namespace 'root\CIMv2\Security\MicrosoftVolumeEncryption' (0x8004100E)

To resolve this issue WMI repository should be recreated and BitLocker SCCM TS will start with encryption on C: drive.

For WMI repository recreation you can use SCCM Client Center tool:

http://sourceforge.net/projects/smsclictr/

Failed to set log directory. Some execution history may be lost. The system cannot find the file specified. (Error: 80070002; Source: Windows)

SCCM Task Sequence during execution failed. Log file smsts.log shows following error message:

Failed to set log directory. Some execution history may be lost. The system cannot find the file specified. (Error: 80070002; Source: Windows)

This error message points to MS Support site:

http://support.microsoft.com/kb/2894518

As it is specified in the article it explains that the issue is caused by multiple restarts inside the Windows Software Updates.
In this case was another restart after finishing Windows Software Updates TS step:

BitLocker encrypting commands for Fixed drives (non OS)

To encrypt manually Non OS - Fixed drive, in our case D: partition, these two command should be used:

manage-bde –on D: -RecoveryPassword

manage-bde –autounlock –enable D:

First command starts  encryption of D: partition and write Recovery password in AD.

Second command enables autounlock of D: partition. 

There is no need to wait encryption to finish to execute the second command.

To write Recovery password in AD requirement is to have GPO for BitLocker configured.