Create Java 1.7 Ruleset – create JAR File – sign JAR File

We are all happy, how fast the Java versions are changing and also, that in every version new “security” features are integrated. It’s not so easy to follow all the changes (started with version 1.7 upd 07), so it’s very important to test the deployments of java everytime! Unfortunately, not all settings can be tested… but for this, I will write another post later. In this blog we take a look how to deploy a Java RULESET, so java will run for specific sites without prompting the user, if he is really sure, to use java.

General

  1. Identify critical applets and web start applications, either by location (e.g. http://test.exam.com), name (e.g. MindMan), or code-sign hash.
  2. Create a file called ruleset.xml
  3. Package your ruleset.xml into a signed DeploymentRuleSet.jar
  4. Deploy your DeploymentRuleSet.jar to user desktops
  5. Verify usage of your rule set on a client desktop

Continue reading

Advertisements

OSD for Dell e7440 / e7240 – NIC Driver Problem / KMDF Update

The OS Deployment for the hardware models “Dell Latitude E7440” and “Dell Latitude E7240” is full of pitfalls. O.k., two things are a little bit special (I think the same will be for other hardware vendors):

  • NIC Driver from Dell Homepage not working
  • OSD error while installing drivers –> Kernel Mode Driver Framework (KMDF) Update needed (error: Windows installation cannot proceed. To install Windows click OK to restart the computer, and then restart the installation)

Continue reading

SCCM 2012 Configuration Pack for Microsoft User Experience Virtualization (UE-V)

With the SCCM 2012 Configuration Pack for UE-V you can check your clients, if they are compliant with your desired UE-V client settings. If not, SCCM will configure the settings on the client…

The UE-V Agent Baseline does the following:

1. Starts the OfflineFiles service if it is not running.

2. Validates the SettingsStoragePath and sets it if needed.

3. Validates the SettingsTemplateCatalogPath and sets it if needed.

4. Verifies that the UE-V Agent is enabled.

5. Starts the UE-V Agent Service if it is not running.

6. Verifies that the Template Auto Update script runs as a scheduled task.

7. Validates that synchronized settings packages are within the recommended size.

Continue reading

SCCM 2012 SP1: Agent install problem starting 11th of January 2013

Starting today, it’s not possible to install the SCCM 2012 SP1 Agent! So it’s also not possible anymore to deploy an Operating System!

The problem is the MSI named “MicrosoftPolicyPlatformSetup.msi” in the %InstallDir%\Client\x64 or x86! The file is signed with a certificate, which was valid until yesterday, 10th of January 2013! And the Agent installation checks this certificate…

The error is: Couldn’t verify ‘C:\Windows\ccmsetup\MicrosoftPolicyPlatformSetup.msi’ authenticode signature. Return code 0x800b0101 ccmsetup

SCCM 2012 without SP1 (Cum Upd 1): The certificate will be available until the 1st of February 2013.

We will blog and twitter when the MS Patch is available…

Kind regards
Chris

SCCM 2012 SP1–Upgrade Silverlight on the clients to still use the WebShop

Do you use the SoftwareShop (WebBased) integrated in SCCM 2012 RTM? If yes, take a look here before upgrading to SCCM 2012 SP1…

The Softwareshop in SCCM 2012 SP1 needs Silverlight 5.1.x to connect! If you have installed an older Version on the clients, they cannot connect anymore to the shop after an upgrade to SCCM 2012 SP1! The easiest way to solve it: Deploy the new sccm agent to the clients, this will install all prerequisites automatically – including Silverlight 5.1.10411.0!

You have several possibilities to deploy the agent: http://technet.microsoft.com/en-us/library/gg712298.aspx. My favorite is by “Automatically Upgrade the Configuration Manager Client for the Hierarchy” or “How to Upgrade Configuration Manager Clients by Using a Package and Program”.

That’s it!

Regards
Chris