ConfigMgr Software Updates on an Isolated Network

The Windows Server Update Services (WSUS) 3 Deployment Guide documents a process by which update metadata and update content can be transferred from one server to another isolated server.  Since Configuration Manager 2007 relies upon WSUS for the software update plumbing, a similar process can be used to transfer updates to an isolated network for…


Customizing USMT Estimation with ConfigMgr Task Sequence

One of the advantages of integrating MDT 2008 with ConfigMgr 2007 is a more dynamic state capture process.  The MDT task “Determine Local or Remote” (ZTIUserState.wsf) gives you the ability to estimate the amount of space required for the state store, and then determine whether to store it on the local hard drive or across…


Mac: The Easiest Target

Several good articles at InfoWorld about CanSecWest security conference’s PWN 2 OWN hacking contest back in March. A few snippets that I especially enjoyed: Miller said that he chose to hack the Mac because he thought it would be easiest target. Vista hacker Macaulay didn’t dispute that assertion: “I think it might be,” he said. and…


Windows ‘Mojave’

Check out the Mojave Experiment.


MMS 2008

For the past week I’ve been out in Las Vegas for the Microsoft Management Summit (MMS) 2008.  Last year I did a better job of posting after each day, but I attribute a lot of that to the fact that a) I had just started my job at Microsoft the week before, and b) it…


ConfigMgr 2007 and SCW

The Security Configuration Wizard is new to Windows Server 2003 SP1 and provides very detailed ability to lockdown a server based on the roles, services and applications.  With SMS 2003, the toolkit provided security templates that would allow SMS to function when used in the context of the Enterprise Client (EC) or Specialized Security Limited…


Bitsadmin script

Attached is a script that I wrote to automate downloading a large file (e.g., ISO, WIM) by using BITS.  There are variables at the start that need to be updated with the URL from which to download the file(s), and then the file name(s).  If only one file is needed, remove the strFile2 variable as…


How to generate a custom LGPO based on FDCC

One of my customers requires additional security settings beyond the OMB-mandated Federal Desktop Core Configuration (FDCC) and I need to apply the settings as local policy during the MDT build process so that disconnected systems still get a baseline of policy.  So here’s the process I used to generate the policy objects and then apply…


Script to set Windows Vista audit policy

There’s probably a sexier way to do it, but the attached script (rename to .cmd) can be used to set Windows Vista SP1 audit policy using auditpol.  The current settings are based on the FDCC 2008 Q1 settings.  It must be run elevated.  I suggest using something like the following command line:CustomSetAuditPolicy-v2.cmd > C:\Windows\security\logs\CustomSetAuditPolicy.log 2>&1…


About the gpt.ini version

I recently did some research on the version variable in gpt.ini, what it means, and how to modify it.  Unfortunately I found some discrepancies: says to increase the value by one. says its an encoded representation of the user and machine settings versions says to add a 0 to the end or 1 to…