Copying files to all of the the user profiles is a snap with PowerShell.

It’s one of the more common questions that I’m asked, so I thought I’d get a blog post written about it so that people have something to reference.

Copying Files to All User Profiles

If you have ever used a computer, then you probably already know how to copy files. Copying files with PowerShell, however, makes things a great deal more interesting and fun.

Here are a few quick examples. They will copy single files or entire folder structures.

In my examples, I’m copying into the %USERPROFILE%\AppData\Local folder of every user on a computer. Feel free to modify these scripts to copy any files to any location that works best for you.

Copying a single file

$Source = '\\FileShare\FancyConfigurationFiles\Config.xml'
$Destination = 'C:\users\*\AppData\Local\'
Get-ChildItem $Destination | ForEach-Object {Copy-Item -Path $Source -Destination $_ -Force}

Copying a directory and its contents recursively

$Source = '\\FileShare\FancyConfigurationFiles\'
$Destination = 'C:\users\*\AppData\Local\'
Get-ChildItem $Destination | ForEach-Object {Copy-Item -Path $Source -Destination $_ -Force -Recurse}

Copying the contents of a directory recursively

$Source = '\\FileShare\FancyConfigurationFiles\*'
$Destination = 'C:\users\*\AppData\Local\'
Get-ChildItem $Destination | ForEach-Object {Copy-Item -Path $Source -Destination $_ -Force -Recurse}

That’s it. It’s very simple and straightforward. The $Source is the file or folder that you wish to copy. The $Destination is the target folder that you wish to copy to.

Let’s take our script and combine it with PDQ Deploy. We will be be copying files to all of our machines in no time!

Using PDQ Deploy to run PowerShell scripts remotely

Copying files to all your machines is a piece of cake with PDQ Deploy. We normally recommend using our File Copy step for copying files to your targets. The wonderful thing about using a PowerShell script is that it allows you to take copying files to a whole new level.

• Renaming files after copying? Yep.
• Dynamic creation of files? Yep.
• Copying files based on name, date, etc? Double yep.

If you can dream it up, you can probably do it with PowerShell. Get Creative!

Using PowerShell with PDQ Deploy

Here’s a quick overview of how to deploy your new PowerShell script.

• Create a package
• Add an install step to the package
• Add your PowerShell script to your install step
• Deploy your package to your computers

For more detailed information, you should check out our videos. Here’s one of our awesome videos that shows how to add PowerShell scripts to a package.

Our videos are very helpful and provide tons of great tips. Plus, Shane has an amazing beard that some believe can control the weather.

Creating a package

Creating a package using our new script is super easy. All that you need to do is create a package with an Install Step. Then, you just need to point the Install File to your script.

For more details on creating a package, check out this link. 

Deploying a Package

We can now deploy our new package to any targets. The PowerShell script will run on the targets that you deploy to. 

While you’re waiting for your deployments, go get yourself a drink and pat yourself on the back. You just saved yourself a ton of manual effort. Way to go!

Extra features

Adding machines manually is great for quick deployments. For more flexibility and power, you can team up with PDQ Inventory. You can make dynamic collections to deploy packages to targets based off of any number of criteria.

For example, you could create collections based on operating system, installed applications, amount of RAM, etc. There are so many possibilities! You can even use your own custom fields for data unique to your organization.

Additionally, with the Pro and Enterprise versions of PDQ Deploy, you can use more advanced features. You can set up packages to run on a schedule, automatically retry failed machines, email you the results, use Wake-On-LAN, and much more. Compare Free, Pro, and Enterprise here.

Final Notes

Using PowerShell gives you a lot of options for getting files copied. Give it a shot and have some fun! The sky is the limit for what you can do with a script.

There is one thing to keep in mind when using PowerShell with PDQ Deploy. When an install step runs a PowerShell script, it is only going to display whether or not the script was able to execute. In order to see more detailed information, you’ll need to examine the output log of your deployment step.

Go forth and PowerShell!

The post Copying Files to All User Profiles with PowerShell appeared first on Admin Arsenal.

There are two major zero day vulnerabilities for QuickTime for Windows…and the fix? Uninstall it. According to TrendMicro, Apple has indicated they will not fix these as QuickTime for Windows will no longer be receiving updates. It is recommended that QuickTime is uninstalled as quickly as possible. (Read more here.)

Uninstalling QuickTime

Package Library users will notice that all QuickTime packages have been removed. No sense in deploying a highly vulnerable application, right?

There is the Uninstall QuickTime package available to those with Enterprise level access to the Package Library. Free trials of PDQ Deploy Enterprise are available and include the ability to import up to THREE packages free during the 14 day trial. This deployment runs silently and will not interrupt any of your users while it is being deployed. A video tutorial on how to deploy will be added to this post soon.

The post QuickTime Zero Day Vulnerability appeared first on Admin Arsenal.

Death, taxes, and a new Java update…all inevitable. The worst of it is silently installing Java doesn’t always go smoothly. Let’s go over some of the most frequently seen Java errors and how you can get them resolved and on to the rest of your day.

Most Common Java Errors

1603 Error

The Java 1603 error is a common error, mostly because the error code encompasses so many possibilities. Basically, a 1603 error just tells you “Whoops! That didn’t work.” Not very helpful, is it? Possible issues range from a previous Java installation still running to issues with installation file itself. Troubleshooting this error can seem impossible.

1. Deploy the Java 8 Package If you tried doing a silent install of Java without success, try out the Package Library. The Java 8 package is ready-to-deploy and has been deployed successfully by thousands of sys admins.
2. Try the Java 8 – ALTERNATE Package If the first package didn’t work, you may have some prior Java installation remnants impeding your install. The Java 8 – ALTERNATE package is a heavy-hitting deployment. Only deploy this to computers that the first deployment failed on. This package deletes keys found in the registry, and as always, if you can avoid touching the registry, do. That said, this deployment is very effective when you do encounter errors with a typical Java deployment.

If you’re using Symantec End Point Protection in your environment, you might get a 1603 error if you run as the deploy user account. Change your deployments to run as the local system and your install should be successful. You can change the run as setting under the options tab for any step in your deployment.

1618 Error

1618 is another relatively common error code, but is not unique unique to Java deployments. The 1618 error code occurs with MSI installation files. The Microsoft Installer can only process one installation at a time, and if you’re seeing a 1618 error this means that another MSI file was being installed when you attempted to deploy your Java MSI file.

This error is pretty easy to solve…just wait. Let the installation in progress finish up. If you want to make sure all the installation processes are finished before attempting another deployment, you could reboot that computer.

You could also go in and stop the installation, just be aware that killing an in progress installation could leave you with a corrupted installation. With that in mind, use the following command to terminate the msiexec.exe.

taskkill.exe /f/im msiexec.exe

This is included in a command step in the Java ALTERNATE package

I Just Checked My Browser…it Doesn’t Have My New Java Installation!

You’ve just deployed the latest Java, the installation went smoothly. How exciting! But wait…you remote in to one of the computers you deployed to and checked if this new Java was being used and it still shows an old version of Java! What’s up with that?!

Likely, the deployed the wrong Java for that browser has been deployed. Most browsers are 32-bit, so you would want to deploy a 32-bit Java. Deploy 64-bit Java and your 32-bit browser won’t use it. Easy fix, just deploy the appropriate version of Java for your browsers and you’ll be good to go.

Modifying Your Java Installation

I want to configure the Java control panel and/or modify the exception site list

Awesome. Check out a full blog post on how to do that here.

I’d like to use a previous version of Java

If you have an Enterprise license of PDQ Deploy, you can access most past versions of any package. Select a package and you’ll notice in the right corner a list of past version of Java ready to be imported for you to deploy. If you don’t have an Enterprise level license, you can still create your own package by first, getting your install file from Oracle. You can then build your own deployment package in your free download of PDQ Deploy. (See step-by-step how to build your own deployment package here.)

The post Resolving Java Errors appeared first on Admin Arsenal.

Some applications have requirements for a certain version of .NET to be installed. In a case like this, not only do you need to make sure that you have the correct version of the application you want to install, but you also need to make sure you have the correct version of .NET. An example of this is Paint.NET

Updating Paint.NET

Paint.NET is a free (and quite handy) image editing tool. It is a fairly popular download from the PDQ Deploy Package Library. Tracking machines that have out-of-date versions of this application is fairly easy; however, there is one gotcha when you want to get the latest version out to some of these computers.

The issue is that the latest (as of this writing) versions of Paint.NET require that Microsoft .NET 4.6 or later is installed. If you attempt to deploy Paint.NET 4.09 to a computer that doesn’t have the correct .NET runtime you will get a 1603 error. This is why you will want to have two collections (if you use PDQ Inventory) to track old Paint.NET versions.

Getting Organized with Collections

The image below shows the Paint.NET collections in PDQ Inventory. These collections are available in the Collection Library, so you won’t need to build them yourself if you have PDQ Inventory in Enterprise mode. Notice how there is an extra “Old” collection titled “Paint.NET(Old – Require Microsoft .NET 4.6 or higher)”.

Below are two images showing the Old collections. The first shows machines that have an old Paint.NET and have the appropriate .NET runtime. The second shows machines with an old Paint.NET but also have an old .NET runtime. These computers will need to have Microsoft .NET 4.6 (or higher) deployed to them. Yes, this package is also available in the Package Library.

Creating custom collections like these are sometimes necessary when you have applications that must meet certain prerequisites before being upgraded.

It is very important to remember something when checking prerequisites. Usually you need to perform some extra magic with your collection filters when you are looking for machines that are missing certain applications. Tracking .NET versions is different than looking for old versions of software. PDQ Inventory places all detected versions of .NET in a single row with each version delimited by a comma. This is why we could use a simple filter of .NET Versions “Does Not Contain” 4.6.

Let’s say you have an application that requires a target computer to have the Microsoft Visual C++ 2015 runtime. To find computers that don’t have this runtime and also have an old version of your app would require filters that looks something like the image below. Notice the Group Filter that is set to Not Any.

The post Keeping .NET Dependent Applications Up-to-Date appeared first on Admin Arsenal.

PDQ Deploy 9 is now available! You can upgrade to PDQ Deploy 9 by clicking the link in the status bar at the bottom of your console. Once you’re up-to-date, you’ll probably like to know what new features you’ll see! Well, you’ve come to the right place, read on…

What’s New in PDQ Deploy 9

PowerShell Step

Include PowerShell cmdlets as a package step in your deployments. You can still include PowerShell scripts in an Install Step as a ps1 file, but with a PowerShell step you can enter your cmdlets(s) without having a separate script. Either type or paste your script in to the text box or add a ps1 file by clicking Insert PowerShell Script at the bottom of the text area. You’re ready to save and deploy! You can also add the PowerShell script step (as other steps such as the reboot or message) before and after Auto Deployments as well.

Why PowerShell? PowerShell is a sys admin’s best friend. Get acquainted with PowerShell with these tutorials on some handy scripts that will make your job that much easier. PowerShell helps you with tasks such as setting static and DHCP IP addresses and getting screenshots.

The PowerShell step is available in Pro and Enterprise levels of PDQ Deploy.

Automatic Database Backup

Below are the default settings for backing up your PDQ Deploy database. These settings can be found under File > Preferences > Database. Change them up as you see fit to what best suits you. You also have the option to run a back up at any time by clicking Backup Now. These backups do count against your set number of backups kept, and the oldest backup will be deleted to maintain the number of backups as set.

Clean Up Repository

Repository getting a bit full? Now you’re just a click away from clearing out those unused repository files with your PDQ Deploy Pro or Enterprise mode license. This option can be found under File > Preferences > Repository.

This only clears out unused files associated with a package. Clicking the See Unused Files button opens a new window that will show the files that will be removed if you were to click delete.

Join a free LIVE webcast this Thursday, May 5th, 2016 at 9 AM PDT/12 PM EDT for in depth tutorials and explanations on these features. We will be taking questions LIVE during the webcast as well, see you there! 

The post New in PDQ Deploy 9 appeared first on Admin Arsenal.

You’ve got some users that need access to Adobe Photoshop or Dreamweaver perhaps…that’s where deploying Adobe Creative Cloud comes in. This post will have two parts. First you will make configurations using the Creative Cloud Packager, then you will create a deployment package to silently install Adobe Creative Cloud.

Note: These steps will ONLY work for Team, Enterprise, or Education plans of Creative Cloud, NOT individual.

Making Configurations with the Creative Cloud Packager

You’ll need to have administrator access to the Creative Cloud account. Log in at Adobe.com and select Manage team. From there you will be able to download the Creative Cloud Packager under Deployment Tools > Download Win.

This will download the CCPLauncher.exe. Launch the executable and login, then you will be able to select Create Package.

Now you’ll need to give the package a name, a location where the package should be saved, architecture (32 or 64-bit), and the license type. License type will vary from plan to plan. Named License is available for the Teams plan. Serial Number License is available for the Enterprise plan, and Device License is available for the education plan. You should only see the license(s) applicable to your account.

In Package configurations, de-select the Applications & Updates via the Apps Panel options if the users are not also local administrators. This will keep your users from getting update notifications or otherwise being prompted to install updates. 

Next, select the applications and/or updates you wish to build into your installer.

That’s it! Click build and the Creative Cloud Packager will create a directory containing your MSI installer.

Silently Install Adobe Creative Cloud Package

For these next steps you’ll need to have PDQ Deploy downloaded. The free version works great for deploying to either 32-bit or 64-bit architectures. However if you want to create a deployment package that will deploy to both the 64-bit installer and the 32-bit installer to the respective target computers, you’ll want a two-step package that allows you to specify which architecture each package is to be deployed.

For our example we will create a two step package to silently install Adobe Creative Cloud Package to both architecture types.

1. In PDQ Deploy click New Package or select File > New Package. 
2. Name the Package and make sure you have your copy mode set to pull. Pull is recommended due to the size of this installation. Using the pull copy mode also requires that you place the Repository on an accessible file share. (Learn more about Push vs. Pull Deployments.) 
3. Click on Step 1, give the step a title. For the Install File, navigate to the directory where you downloaded the Creative Cloud 32-bit installer. Make sure you select Include Entire Directory. If left unchecked your deployment WILL FAIL as you will be missing important pieces required for the installation. 

4. Click on the Conditions tab and select the O/S Version. Since Adobe Creative Cloud products will only run on Windows 7 and above, exclude XP and Vista. Exclude servers unless required.

   Select the appropriate architecture. Since this step is installing the 32-bit Creative Cloud applications, select 32-bit from Architecture.

5. If you have PDQ Deploy Pro or Enterprise mode and need to deploy another architecture type, add a new Install step. Repeat steps 1-4 with the new install file. If you are using the free version of PDQ Deploy or only need to deploy to one architecture type you’re ready to save and silently install Adobe Creative Cloud. 

After you save the package you will find it in the Packages folder in the left side tree. Highlight the package, and click Deploy > Deploy Once in the right corner of the console.

IMPORTANT: While we make every effort to test on multiple platforms and architectures, it is highly recommended you test the deployment before a general release into production. Given the possibility of the package being substantially sized, testing will provide important information on bandwidth limitations and deployment times. In our tests, a single instance of Photoshop took anywhere from 15 – 20 minutes to deploy.

Troubleshooting Deployment Issues

If the package deployment fails and/or you receive a 1603 error, please try the following.

• Machines should be fully patched and not in need of a reboot.
• Check to ensure sufficient space is available on the drive where Adobe CC will be installed. Some Creative Cloud deployments can be several gigabytes in size, which includes the files copied to the target and the installed size.
• Clear out %WINDIR%\Temp directory.
• Review the troubleshooting steps in this article: http://support.adminarsenal.com/entries/448443

This post was adapted from a Knowledge Base article available at support.adminarsenal.com. 

The post Silently Install Adobe Creative Cloud appeared first on Admin Arsenal.

Microsoft has really gone all-in when it comes to alerting (some would say “annoying”) their Windows 7 and 8.1 users about upgrading to Windows 10. As a sys admin, you’re probably wanting to disable Windows 10 upgrade notice for all of your computers. (Note: These notifications do not occur in the Enterprise and Embedded editions of 7 and 8.1)

There are several methods for preventing either an OS upgrade or the notifications but, as usual, let’s focus on how to disable these silently across many computers in your organization.

Disable Windows 10 Upgrade Notice

Option I – Import the pre-built package from the Package Library

If you use PDQ Deploy and you have access to the Package Library you can import the package called Disable Windows 10 (GWX) Notification.

After importing you can simply deploy this package to your existing Windows 7 and 8.1 computers. If you use PDQ Inventory you can select a the appropriate collections for these OSes as your targets. This will help you avoid deploying this unnecessarily to Non 7/8.1 targets.

The package in the Package Library already has the OS conditions set to only use Windows 7 and 8.1.

Option II – Build your own PDQ Deploy package

I am going to use a batch file so that this can accommodate the users of the Free version of PDQ Deploy. In the Pro and Enterprise versions you could simply use Command steps.

1. Create a batch file using an appropriate editor such as Notepad or Notepad++. Enter the following four lines into your new batch file.

   ECHO OFF
   %SYSTEMROOT%\System32\taskkill.exe /f /im GWX.exe /im GWXUX.exe
   
   REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows\Gwx" /v DisableGwx /t REG_DWORD /d 1 /f
   REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v DisableOSUpgrade /t REG_DWORD /d 1 /f

2. Save your new batch file. In this example I am calling the file DisableGWX.bat and placing it in a new folder on my C:\ drive called Deploy.
3. In PDQ Deploy create a new package and name it appropriately (or inappropriately, I don’t care).
4. Add your batch file to the Install File field. In this example you don’t really need to modify the Success Codes field. Just a note, if you are using Command Steps and you are separating the Taskkill line into a separate command then make sure to use the following Success Codes: 0,128
5. If you are using the Pro or Enterprise version of PDQ Deploy go to the Conditions tab and deselect all the O/S Versions except Windows 7 and Windows 8.1.           
6. Save and close your new PDQ package.
7. Click the Deploy button and deploy this to a few test computers. If you have a computer near-to-hand that has the Get Windows 10 (GWX) icon in the systray then you will be able to get pretty fast feedback as to whether or not this deployment works. The batch file will simply kill the gwx.exe and gwxux.exe processes (if they are running) and then add some registry values which will prevent further notifications and/or upgrades.

Optionally, you could uninstall the offending patch (KB3035583)  that placed GWX on the system but, depending on how your Windows updates get delivered, it could get reinstalled.  By making the registry changes listed above you should be covered.

I won’t go into deleting the Task Schedules created by the KB3035583 patch because the registry settings above effectively neuter these tasks.

Option III – Group Policy

You can also use Group Policy to disable Windows 10 upgrade notice as well as upgrades. You can see how to do this (as well get some other useful information) by visiting this Microsoft KB article.

The post Disable Windows 10 Upgrade Notice On All Computers appeared first on Admin Arsenal.

If you missed this week’s live webcast, well, you’re in luck! We have a recording available as well as some of the scripts used in this webcast for your copy+paste pleasure.

Clearing Event Logs

# This will clear a single log
Clear-EventLog -Log Application, System 
# This will clear all the logs
Get-EventLog -List | Foreach-Object {Clear-EventLog -Log $_.Log}

Note: The Get-EventLog cmdlet only grabs the classic Event Log logs. If you need to view all the windows logs, including the more modern logs in modern OSes, you may wish to use the Get-WinEvent cmdlet.
To see the difference, compare:

Get-EventLog -List

with

GetWinEvent -ListLog *

DISM

Enable-WindowsOptionalFeature -Online -FeatureName TelnetClient

In this video…

PowerShell improvements – 1:46
Package Library installing PowerShell 5 – 2:42
Is it worth upgrading all my clients to Win 10 for PS5? – 4:51
Common tasks for administrators / Batch vs PowerShell – 6:13
Clearing event logs using cmd – 7:02
Clearing event logs using PowerShell – 8:09
Can I upgrade from PS2 to PS5 in Win7, or do I need to install PS3 then PS4, then PS5? – 10:26
Making PowerShell scripts silent with PDQ Deploy – 13:08
Enabling and disabling Windows features using DISM- 16:34
Enabling and disabling Windows features using PowerShell – 17:20
Should I use PowerShell to set (not force) a users default ‘open with’ program, or would a group policy be better? – 23:35
PS5 (Win 10) has an Execution Policy Change that prevents security risks from running scripts. How do you bypass this without having to press [A] – yes to all? – 25:06

The post Real World Applied PowerShell appeared first on Admin Arsenal.

Time to upgrade to the new PDQ Inventory 9. Yes, there are new features. Read on to see what’s new in this version. If your PDQ Inventory license is current, you can get these upgrades at no extra charge. Learn more about our licensing.

What’s New in PDQ Inventory 9

Network Discovery

Add computers to PDQ Inventory with the network discovery tool. This handy new feature will scan supplied IP ranges and add the discovered devices to your PDQ Inventory database. This feature does require a current PDQ Inventory license of Pro or higher. Simply to go Add Computers > Network Discovery.

This will bring up the Network Discovery window that will allow you to specify a Subnet or IP addresses or IP address ranges to find computers. Click Start Discovery to begin adding computers and devices to PDQ Inventory, which will open the Network Discovery Status window to allow you to see the progress.

Automatic Backups

Now your PDQ Inventory database is automatically backed up. These settings can be found under File > Preferences > Database. The image below shows the default setting for backups. Change them up as you see fit to what best suits you. You also have the option to run a back up at any time by clicking Backup Now. These backups do count against your set number of backups kept, and the oldest backup will be deleted to maintain the number of backups as set. Pro or Enterprise mode required.

Feature Improvements

Registry Scanner Improvements

PDQ Inventory 9 introduces wildcards for use in creating registry scanners (these are similar to the changes introduced in the File Scanner back in version 8). Registry scanners are a Pro or higher feature. Add a registry scanner in File > Preferences > Scan Profiles. Click New and in the Scan Profile: New Scan Profile window, select Add > Registry. Available wildcards are listed for your reference. For example the Registry scanner below scans all subkeys and values under HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState. The data collected can be used to determine if the 32 or 64-bit version of Chrome is installed.

Edit IP Address

In PDQ Inventory 8 the ability to add non-Windows devices was added to help you better keep track of various devices that cannot be scanned like your Windows computers. In this new release, you can now add or edit the IP address listed for these devices. To edit fields for these items (that have Allow Scan disabled), simply double click on the device listed in the PDQ Inventory console. Fields that are white can be edited.

Adding Product Keys

Save product key information in PDQ Inventory. Double-click on a computer and select Product Keys from the left pane to enter in keys.

The post What’s New in PDQ Inventory 9 appeared first on Admin Arsenal.

Let’s walk through setting up DFS on Windows Server 2012 R2. If reading is not your thing, there is a video tutorial down below that goes through these same steps. The following steps assume that you already have both of your servers set up. You’ll just be setting up roles and replication.

Setting Up DFS on Windows Server 2012 R2

Let’s start with your first server:

1. Open Site Manager, Manage>Add Roles and Features. This will open the add roles and features wizard, click next to start set up.
2. Select role-based or feature based installation
3. Select server, in our example that will be SITE1.
4. The next section will be Server Roles under file and storage services. Check DFS Namespaces and DFS Replication both on this (your main) server. When you go to check Namespaces it there will be a pop up that asks you if you would like to add features. Click Add Features.
5. Hit next twice to confirm features. Then install.

Now you’re ready to go over and set up site two, go through all the same steps for site one except for in step four in Server Roles. You will only need to select DFS Replication, do select to Add Features. You do not need to select DFS namespaces.

Setting up Namespaces and Replication

Next steps in setting up DFS on Windows Server will be to set up your namespaces and replication. First you’ll set up Namespaces. Namespaces are how you are going to call your shared file area you are replicating.

Go to DFS Management. Once DFS Management is up, right click on Namespaces in the left panel and click New Namespace.

Enter the name of the server (in our example that’s site1). Click next, then give your namespace a name (our example will use LMFAO). You’ll be given the option to select a Domain-based or Stand-alone namespace. For our example we’ll do a domain-based namespace (which is much easier, so I heartily recommend it).

Lastly you will be shown a summary; click create to finish making your new namespace.

Setting up Replication

1. Back at your home window in DFS Management you’ll now right click on new replication group.
2. Select the Multipurpose replication group option.
3. You’ll name your replication group in the next window (our example will use the name REPO). After that, you will add both of your servers.
4. Once added, the next window select Full mesh. This will ensure that anything on the first server will be on the other server and vice versa.
5. Next, you’ll set the bandwidth. Here you’ll need to consider your network traffic and set it accordingly.
6. Select primary server and then add a local path of a folder to replicate. Be sure to select Permissions > Custom Permissions to add groups or users and give permissions as appropriate.
7. Once you have made all those changes and hit next, you’ll double click on the servers listed to enable them for replicating. Click enable and specify the path you want to synchronize with.

That’s it, the next window will provide you with a summary of your selections. If all looks good to you, click create.

In your DFS Management Console, double click on your replication folder and go to the Replicated Folder tab. You’ll notice that the publication status is Not Published. Right click on that and select Share and Publish in Namespace.

Click next until you get to the Namespace path. Browse to the parent folder and name the folder. A preview of the namespace path is listed.

Again, after clicking next you’ll see a summary and can click Share. That’s it! Congrats, you’ve successfully finished setting up DFS on Windows Server 2012 R2.

The post Setting Up DFS on Windows Server 2012 R2 appeared first on Admin Arsenal.

Today we’ll look at automating software installs for imaged computers, all while saving yourself some storage space and more importantly…time.

Before you get started here, you’ll want to have an Active Directory security group and OU for imaged machines set.

Automating Software Installs for Imaged Computers

PowerShell Code

The PowerShell code is really pretty straightforward. It looks to the OU you created where machines will be dropped after they are added to Active Directory by the imaging process. You can set the frequency to whatever fits best with your environment.

New additions to this OU will be assigned to the security group you create, and once they are deployed and moved out of the Imaging OU and into the OU where they will serve their life sentence, the script removes them from the security group. This all syncs up with the dynamic collection you will create in PDQ Inventory!

It’s pretty slick in once you have an image created, and machines in the OU, the PowerShell script works with PDQ Deploy and PDQ Inventory to deploy your baseline applications to the machines. The script will also generate email notifications, alerting you to any changes that it has made to the security group.

#######################################################
# END USER DEFINED VARS #
#######################################################

#Array for computers that will be removed
$removed = @()
#Array of hostnames stripped from $search
$sanitized = @()
#Array of hostnames stripped from $members
$memsanitized = @()


#########################################################
# CONTAINERS FOR CHANGED HOSTS #
#########################################################

#table for hosts added to the Baseline group
$addedtable = New-Object System.Data.DataTable "Added Hosts"
$addedcolumn = New-Object System.Data.DataColumn Name, ([string])
$addedtable.Columns.Add($addedcolumn)

#table for hosts removed from the baseline group
$removedtable = New-Object System.Data.DataTable "Removed Hosts"
$removedcolumn = New-Object System.Data.DataColumn Name, ([string])
$removedtable.Columns.Add($removedcolumn)


####################################
# ADD TO GROUP #
####################################
Foreach ($s in $search){

$sanitized += $s.SamAccountName

}

#If exists in group, skip, else add.
Foreach ($san in $sanitized){

If (Get-ADGroupMember "TUSC Baseline" | Where { $_.SamAccountName -eq $san}){

 Out-Null

 }
Else {

 Add-ADPrincipalGroupMembership -Identity $san -MemberOf "$securitygroup" 

 #actually add data to added table.
 $addedrow = $addedtable.NewRow()
 $addedrow.Name = $san
 $addedtable.Rows.Add($addedrow)
 
 }
}

########################################
# REMOVE FROM GROUP #
########################################

#Trim group members down to a new array of just hostnames
Foreach ($mem in $members){

 $memsanitized += $mem.SamAccountName

}
 
#Do some logic that compares the array and dumps differences to a new array. This array will contain members that need the group stripped away. 
Foreach ($ms in $memsanitized){

 If ($sanitized -contains $ms){

 Out-Null
 
 }
 Else {

 $removed += $ms

 }

}

#If there is actually something in the $removed array, take action and removed that machine from the group.
If ($removed -ge 1) {

 Foreach ($rem in $removed){

 Remove-ADPrincipalGroupMembership -Identity $rem -MemberOf "$securitygroup" -Confirm:$False

 #add data to removed table
 $removedrow = $removedtable.NewRow()
 $removedrow.Name = $rem
 $removedtable.Rows.Add($removedrow)
  }
}

#Counts on the datatables to determine if email will be sent.
$acount = $addedtable.Rows.Count
$rcount = $removedtable.Rows.Count

If ($acount -and $rcount -eq 0) {

Out-Null

}

Else {

###########################################################
# CONVERSION TO HTML TABLE FOR EMAIL #
###########################################################

#This builds the table for machines added to TUSC Baseline
$ahtml = "<br><table><tr><td>Hostnames Added to TUSC Baseline</td></tr><br>"
foreach ($arow in $addedtable.Rows){
 $ahtml += "<tr><td>" + $arow.Name + "</td></tr>"
}

$ahtml += "</table> <br>"

#This builds the table for machines removed from TUSC Baseline
$rhtml = "<br><table><tr><td>Hostnames Removed from TUSC Baseline</td></tr><br><br>"
foreach($rrow in $removedtable.Rows) {

$rhtml += "<tr><td>" + $rrow.Name + "</td></tr>"
}
$rhtml += "</table>"

########################################################
# SEND EMAIL REPORT #
########################################################
#Send the message
#Send-MailMessage -SmtpServer $smtpserver -From $from -to $to -Subject $subject -Body $body -BodyAsHtml
}
$addedtable.Dispose()
$removedtable.Dispose()

Exit

Run this script as a scheduled task. You will want to create the task to run as an account that has been delegated access to manage group memberships in Active Directory. I recommend setting up the scheduled task as a Service Account that has been delegated access to change group memberships in Active Directory.

Also, the Start A Program line you will want to use for the executable is the path for Powershell (Typically C:\windows\WindowsPowershell\v1.0\powershell.exe) and in the Arguments field use:

-noprofile –ExecutionPolicy Bypass –File <path to .ps1 script>

Setting Up Automated Software Deployments

Create a new dynamic collection in PDQ Inventory using the filters as show below. Change the value to match the name of your security group in Active Directory.

Next in PDQ Deploy, you’ll create a new schedule. (Either select Deploy > New Schedule or go to File > New Schedule.) Set the trigger to Heartbeat (requires a Pro or higher license).  Under the Targets tab, select Link to and select the PDQ Inventory collection you created in the last step. Click OK.

Now that you have your schedule saved, you may attach packages to it for deployment. When the Heartbeat trigger detects a new machine in the PDQ Inventory Collection you have linked to, these packages will be deployed to those target machines.

That’s all there is to it! Now when you image a machine, and it goes into the OU, PowerShell will add it to the appropriate groups, PDQ Inventory will add it to your collection, and PDQ Deploy will push your selected applications to it. When you move the machine out of your Imaging OU, the PowerShell script will detect the change and remove that machine from the Security group, which will update your Dynamic Collection.

The post Automating Software Installs for Imaged Computers appeared first on Admin Arsenal.

If you’ve used RDP  and run the gpupdate /force you may have seen the “Remote Desktop Services session has ended” error which forces your RDP to disconnect. Here’s how to prevent a disconnect during GP Update. It just requires a simple registry edit.

Prevent a Disconnect During GP Update

Reconnect to the machine and go to your registry editor.

Then go to HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet. Once under Current Control Set do a search for fDenyTSConnects. Odds are you’ll see a “1”. Double-click to edit and change the Value data field to 0.

That’s it! When you go to run gpupdate /force again, the policy will successfully update.

The post How to Prevent a Disconnect During GP Update appeared first on Admin Arsenal.

There are a few ways to remotely install printer drivers. This post will cover two methods, using a print server and setting up an IP port. Both of these methods are also covered in a tutorial done at a webcast. A recording of this webcast is available below. Let’s dive in!

Remotely Install Printer Drivers

Using Print Server

This method is the easiest and adds the printer for all users on the target machine. To add a printer using print server you’ll need run a couple commands. Using PDQ Deploy, create a new package and add two command steps.

The first command step will delete the printer if it does already exist. Doing this prevents errors that can occur from adding an already existing printer.

%WINDIR%\system32\Printui.exe /gd /q /n"\\TOKEN\Lexmark MS310dn North"

In the second command step, you’ll add the printer. The difference between these commands is the /gd (for global delete) is now a /ga (for global add).

%WINDIR%\system32\Printui.exe /ga /q /n"\\TOKEN\Lexmark MS310dn North"

In both commands /q is critical for a silent deployment. Without that parameter your deployment will hang. You can see other parameters by entering the following into a command prompt:

printui /?

For your changes to take effect you may need to stop and start the print spooler. If after deploying the printer does not appear, add the following commands to your deployment:

NET STOP SPOOLER 
NET START SPOOLER

IP Port

In this method, you will create a TCP/IP port and then install your printer.

First, spare yourself possible errors and clear out the printer and port. For this deployment package you’ll start off with a command step with the following command (of course, substitute your own printer name and IP address in your commands):

cscript %WINDIR%\system32\Printing_Admin_Scripts\en-US\prnmngr.vbs -d -p "Lexmark MS310"
cscript %WINDIR%\system32\Printing_Admin_Scripts\en-US\prnport.vbs -d -r "IP_10.0.0.246"

In the next command step, you’ll add the port. Again, substitute the appropriate IP address in quotes.

cscript %WINDIR%\system32\Printing_Admin_Scripts\en-US\prnport.vbs -a -r "IP_10.0.0.246" -h 10.0.0246

Your next two steps (one for each architecture type, 32-bit vs. 64-bit) will install your printer using an install step. You’ll want to get your install files from the printer vendor and research what parameters you may need to silently install your printer driver.

For our example, (which you can watch in the video below starting at 21:53) we got a batch file from the vendor which is listed in the install step as the install file.  Then, the “Include Entire Directory” box is also checked. This is important if your installation does require multiple files.

The post Remotely Install Printer Drivers appeared first on Admin Arsenal.

Let’s get WinZip deployed to your computers. After you silently install WinZip, you’ll then define the settings you want on all devices in your network. Below is a video that will walk you through all the steps.

Silently Install WinZip

Because WinZip is a paid product (you’ll need your own license handy), it’s not available in the Package Library. However, it is a very simple application to create a deployment package for (and the free download of PDQ Deploy is all you’ll need to get the job done).

In PDQ Deploy, create a new package and for the install field add your extracted MSI file for WinZip. You’ll need the following parameters to silently install WinZip. Without parameters your deployment could time out and fail.

INSTALLCD="/noqp /noc4u /noip /nopredefinedjobs /autoinstall"

Before you exit out, make sure you have “Include Entire Directory” checked so that you have all the needed files for installation. You’re ready to deploy.

Managing WinZip

Watch this video to learn how to set up PolicyPak, the video will also show you where to find and how to add these “Paks” you’ll need to help quickly manage hundreds of applications.

1. First things first…in your Group Policy editor, add a new GPO. Right click and select edit.
2. In the GroupPolicy Management Editor, right click and select WinZip. (Refer to the video on setting up PolicyPak to see how to set up these paks.)
3. Double-click on the WinZip application listed to open the panel you’ll use to adjust settings for WinZip in Group Policy. Make your changes and adjustments, right click within the panel to Disable corresponding control in target application” or if you have particularly clever end users, you may also want to select “Perform ACL Lockdown” to make sure your settings are not tampered with. You can also make certain none of your users adjust the settings you select in any tab, by right clicking on the tab you want to lock and select “Disable whole tab in target application”. 

After applying GPUpdate your settings will take effect. It’s that easy!

The post How to Silently Install WinZip (and then Globally Manage it) appeared first on Admin Arsenal.

The PDQ Deploy 10 beta release has new features that make it even easier to get deployments out to the correct computers and with more precision. Depending on your environment, some users may find this means faster deployments.

Additionally, there are improvements to repository clean up and added integration with PDQ Inventory. To get the beta, make sure you have included betas in your upgrade checks under File > Preferences > Auto Update Alerts.

New Features in PDQ Deploy 10

Additional Deployment Conditions

PDQ Deploy 10 boasts new conditions in deployment steps to allow you to run (or not run) steps on certain deployment targets. Deployment step conditions are a Pro and Enterprise level feature.

File and Registry Conditions

Set steps within your deployments to only go to target computers with particular registry keys or values. With file conditions you also have some wildcards you can use as you which you can add by clicking the green plus symbol.

PowerShell Condition

This allows you to limit steps in deployments to computers with particular versions of PowerShell. Use the drop down to check versions of PowerShell you want target computers to have for a particular environment. If a computer does not have a PowerShell version you have selected, then the package will not deploy.

Repository Exclusions

In PDQ Deploy 9, repository clean up was introduced (see File > Preferences > Repository). Now you have the option to chose which individual files or directories to exclude from clean up. Check multiple files to exclude or select one and click Exclude Directory to add items to your exclusion list.

Open in PDQ Inventory Option

Need to see more information on a computer you see in PDQ Deploy? Easy. Right click on any computer name and select Open in PDQ Inventory. This will open the computer window in PDQ Inventory. You can also select multiple computers before right-clicking to see information for those computers.

Delete Deployment History

Clear the deployment history in your scheduled deployments for any computer. This feature is handy if you have imaged a new computer using the same name as a previous computer. Clearing the history will allow PDQ Deploy to send deployments to the new computer that otherwise might have been marked as already successfully deployed to.

In your schedule under the Computer History tab, when a computer is highlighted you have the option to delete the history for that computer. Next time a schedule is run, the deployment will be sent to the computer as no record of that deployment being run exists. You can also click Delete from All Schedules to remove all history of that computer from any and all schedules it may have been a part of.

The post What’s New in PDQ Deploy 10 appeared first on Admin Arsenal.

Java’s quarterly release for July 19, 2016 (Java 8 update 101) contains fixes for security vulnerabilities. Admins are advised to apply this critical patch to systems as soon as possible to protect against potential attacks. Here’s a quick guide to silently install Java 8 and then manage Java settings for added security and control. Below is a video tutorial on these steps.

Silently Install Java 8

In PDQ Deploy you have a couple options to silently install Java 8. You can use the Package Library which has a Java 8 deployment package that is ready to import and silently install across your network. (PDQ Deploy trial users have access to up to three free package imports from the Package Library during their trial.) Alternatively, you can build your own package using the free version of PDQ Deploy.

Using the Package Library

We’re a little lot biased and do recommend using the Java 8 package available in the Package Library. This deployment package contains additional steps that ensure your deployment will be successful such as uninstalling past versions of Java and exiting programs that can cause deployments to fail.

Bonus, the work building the package is already done…so why not use what’s already there?

1. Import your package Navigate to the Package Library and select Java 8 Update 101 64 or 32-bit (depending on what machines you are deploying to). Click “Import” to begin downloading your package.
2. Send your deployment to target computers Your import can be found (by default) in the left tree under the Packages folder. Highlight the Java Package and click “Deploy”. From there you’ll be able to select target computers from AD, Spiceworks, or PDQ Inventory. Click deploy and you’re done!

Building Your Own Deployment Package

1. Download the offline version of Java. Online versions are smaller in size and will not silently install successfully.
2. Extract the Java MSI. You will want the Java MSI over the EXE because MSIs have already defined silent parameters, which you must have for a successful deployment. If you don’t have silent parameters you could see error messages, have failed deployments or worse.
3. Now you’re ready to build your deployment package. Add the Java MSI to the Install File line, and be sure to select Include Entire Directory. Then you’ll want to add the following parameters on the parameters line to disable auto updates and machine reboots:

     JU=0 JAVAUPDATE=0 AUTOUPDATECHECK=0 RebootYesNo=No

Manage Java Settings

Now that you have that deployed…it’s time to manage Java settings.

1. Create a new GPO for managing Java settings in your Group Policy editor.
2. In your Group Policy Management Editor, right click and select the Oracle Java pak. (Refer to this video to learn how to set up PolicyPak and add your Java “pak”.
3. Double-click on your newly added Java pak to start managing. You’ll see several tabs of options for settings in Java. Here are a few suggested settings to look at:

• Update Uncheck “Check for Updates Automatically”. Having this checked means you can decide when Java gets updated and can deploy patches on your terms and not leave it to Oracle (or your user) to decide.
• Security Select “Very High” from the Security Level dropdown.
• Exception Site List You can set MODE=REPLACE to override any site list settings or you can set MODE=MERGE to add site to possibly existing site lists.

With your settings you can (and probably should for utmost protection against users tampering with your settings) right click and select “Perform ACL Lockdown”.

The post How to Manage Java Settings appeared first on Admin Arsenal.

We made some pretty big changes in PDQ Deploy 10. One change that may have caught a few PDQ Deploy users off guard is the need to add console users for access to the PDQ console instead of simply having local admin privileges. Adding console users is especially important for those using the command line interface to use PDQ Deploy.

Adding Console Users to PDQ Deploy

If you go to File > Preferences > Background Service, you will see which user processes all background tasks for PDQ Deploy. It is also in this window that you can add console users. Console users are Windows users that have access to the PDQ Deploy console.

After adding the computer name you’ll need to type the password for the background service user (not the user you are adding). 

Alternatively, admins are added by logging in after starting PDQ Deploy. If the user opening PDQ Deploy is not a registered console user then they’ll see this message:

At this point, you have two options:

1. You need to add this user to the list of console users (using the method shown above).
2.  In this window you (or the user) may enter the password for the Background Service (Quintana in our example). Once they’ve logged in at this screen, their machine is added to the list of console users.

The post Adding Console Users to PDQ Deploy appeared first on Admin Arsenal.

Deploying AutoCAD may seem like a daunting task, however PDQ Deploy makes it’s easy to silently deploy AutoCAD.  We’ve also included a step-by-step instruction video at the bottom of this page. Let’s dive in.

The first step is to grab your installation files. We recommend placing the installation files on an accessible file share location. Now navigate to the installation files on your file share location, and run “setup.exe”. 

By running the setup.exe file, you will be given the option to install or create a deployment. We will choose to create a deployment using the AutoCAD deployment tool.

Now let’s configure our deployment. Give your deployment a name in the “Deployment configuration name” field. The “Administrative image path”  field is where you will designate a location on a file share where you want the AutoCAD deployment files to be copied. The other fields on this screen provide additional options. Remember to check “Run installation in silent mode” under the “Installation Settings” section in order to silently deploy AutoCAD.

Next, you’ll need to accept the EULA and input your serial number or whatever method you use to license your AutoDesk products. 

The next window will allow you to further customize the AutoCAD deployment. Once you’ve determined your deployment settings, click “Create”. Now AutoCAD will compile the prerequisites for installation and prepare everything that you selected for this deployment. This process may take several minutes, so be patient.

Once AutoCAD has finished creating the deployment, you may want to click “Add Updates” to check for any product updates that may be available. If there are updates available, the auto deployment tool will append them to the installation.

Navigate to the designated location on your file share where you copied your deployment files. You’ll notice there is a shortcut file with the name you created for your deployment. Right click and go to the properties of that shortcut file and copy the information in the target field. 

It’s time to open up PDQ Deploy. Go to “New Package” and create a deployment name.

Next, click “New Step” and create a “Command” step. In the package properties window delete the default install step.  Now paste the information that you previously copied from the shortcut properties into the command step field. If you see a “/Trial” within the string you can remove it.

This next step is very important. Right after “\Setup.exe \” you will insert a “/W /” (with a space after the W).  It should look like this; “\Setup.exe  /W /qb”. The “W” tells the deployment to run the command and then wait for the other sub-processes to finish before it returns. Without, you will likely get a 259 error code.

A couple of other items to take note of:

• If you have spaces in your path you will need to put them in double quotes up to the “/I” Anything after that you do not need to use double quotes.  
• Notice the “/qb” . This means “Quiet Basic”. Under this setting if a user is logged on they may see status updates appearing on their screen. To enable a totally silent deployment, you may use a “/q”. DO NOT to use a “/qn” as this will cause your deployment to hang. We recommend using “/qb” for a higher success rate.

Now go to the Conditions tab and change your OS to Windows 10, 8.1, and 7. You’ll also want to change the Architecture to 64-bit.

Under the “Options” tab,  if you are deploying with the “/qb” previously mentioned, you’ll want to change the “Run As” field to “Deploy User (Interactive)”.

Next, since we are doing a command step, we need to enter success codes. For this deployment enter the codes; 0,1641,3010

That’s all you need to do to build the deployment. Now let’s choose our targets and silently deploy AutoCAD. You can choose your targets several ways, but for our example we’ve chosen two targets using PDQ Inventory. Once your targets have been selected, click “Deploy Now”.  

Remember, this deployment could take anywhere from 5  to 30 minutes depending on the speed of your network, so be patient. Once the deployment has finished, you’ll see the AutoCAD desktop icon on your target computers. You could also verify a successful installation by using PDQ Inventory. Congratulations! You’ve silently deployed and installed AutoCAD. To view a step by step tutorial, click the video below. 

The post How To Silently Deploy AutoCAD with PDQ Deploy appeared first on Admin Arsenal.

It’s simple enough to get Mozilla Firefox remotely installed on your computers, but how do you keep users from changing settings and potentially leaving your network vulnerable? In this post we’ll first silently install Firefox on machines, and then enforce Firefox settings using group policy.

Silently Installing Firefox

Mozilla Firefox is one of the many deployment packages available in the Package Library. With a PDQ Deploy Enterprise licence you can import this ready-to-deploy package (which we recommend as the package has additional steps to uninstall past versions of Firefox and other steps that also help avoid installation errors). With the free version you can also create this package to quickly install Firefox.

1. Add the Firefox Setup exe in the Install File field in your install step
2. Add silent parameter -ms to the Parameters field.
3. Save and close, you’re ready to deploy. Simply highlight your newly created package in the left tree and click the Deploy button in the right corner. From there you’ll be able to deploy right away or schedule (Pro or higher) and select deployment targets. 

Enforce Firefox Settings

Watch this video to learn how to set up PolicyPak, the video will also show you where to find and how to add  “Paks” which you’ll need to help quickly manage hundreds of applications.

1. First things first…in your Group Policy editor, add a new GPO. Right click and select edit.
2. Now you’re ready to hit up the PolicyPak module. Click Application Settings Manager, right click and select the Mozilla Firefox pak. (The video link above will show you how to set up these paks.)
3. Double-click on the Firefox application now listed to start editing you settings. As you make changes right click and select the lock down option you desire to enforce settings in Firefox. 

The post How to Enforce Firefox Settings appeared first on Admin Arsenal.

So let’s say you’ve got some specialty computers such as lab computers, sales computers or conference room computers. These computers have different users logging on at different times throughout the day. You’d like these specialty computers to eat just “some” user side policy settings enabling them to maintain the same user settings regardless of who logs on. Normally you’d have to use very complicated Group Policy loopback mode to force your computers to eat user side policy. The downside is that you’ll end up with way more settings than you need making it impossible to manage the experience. The answer? PolicyPak Admin Templates Manager. With PolicyPak Admin Templates Manager you’ll be able to gently force your computers to eat user side functions.

Force Computers To Eat User-Side Functions

From the PolicyPak console, go to “Standard Computers” and create a new GPO. Then simply create a name for your new GPO.

Now go to the Computer Configuration side to the PolicyPak node and click on Administrative Templates Manager. Click “Add New Policy”.

In the upper left of the New Admin Template Entry window, you’ll want to check the “User Policy” button. Now, under the Administrative Templates window, you’ll see several options that you can access. Let’s go to “Start Menu and Taskbar”.  Once clicked, you’ll be presented with a list of available options. Let’s select “Remove Help menu from Start Menu”.

In the new window, click “enable” and you’re set. 

Now, in this example, all users who logon to this machine will have the “Help Menu” removed from the Start Menu. You’ve successfully taken a user side function and delivered it to your specialty computers for all users using the PolicyPak Admin Templates Manager. To see each step in action, check out the video below.

The post Set User-Side Group Policy With PolicyPak Admin Templates Manager appeared first on Admin Arsenal.