Uninstall KB 2823324 using ConfigMgr

  1. Create a CMD file with the following content
    @echo off

    :: - - - - - Check if KB is installed - - - - - - - -

    systeminfo | findstr 2823324

    :: - - - - - If not installed (1), exit - - - - - - -

    IF %errorlevel% EQU 1 GOTO NOTFOUND

    GOTO FOUND

    :NOTFOUND

    Echo %date% - %time% KB 2823324 was not found. Exit. >> C:\Windows\Temp\Microsoft_Uninstall_Patch_KB2823324.log

    GOTO EXIT

    :: - - - - - If installed (0), uninstall - - - - - - -

    :FOUND

    Echo %date% - %time% KB 2823324 was found. Attempt uninstall. >> C:\Windows\Temp\Microsoft_Uninstall_Patch_KB2823324.log

    wusa.exe /uninstall /kb:2823324 /quiet /norestart /log:C:\Windows\Temp\Microsoft_Uninstall_Patch_KB2823324_WUSA.log

    Echo %date% - %time% KB 2823324 uninstall complete. Restart might be needed for operation to complete successfully. >> C:\Windows\Temp\Microsoft_Uninstall_Patch_KB2823324.log

    :EXIT

  2. Deploy this CMD file by creating a new package and program. Keep in mind that a restart is required to fully uninstall this patch.

Find computer name for a remote computer using PSExec

Let’s say you know the IP address of a computer but you don’t know the hostname. Seems to be an easy task with ping –a, if you have a working DNS Smile

If not, you can try the following approach:

  1. Create a cmd file on client’s computer. Say in \\IP\C$\Windows\Temp\FindHostname.cmd
  2. Edit FindHostname.cmd. Type in: echo %computername% >> C:\Windows\Temp\Hostname.log
  3. Run PSExec: C:\PSTools\PsExec.exe \\IP C:\Windows\Temp\FindHostname.cmd
  4. Look into \\IP\C$\Windows\Temp\Hostname.log, you will have the computer’s name.

Collection with Windows 7 computers without SP1

First, if you want your query to display the right information, you must have a collection with all Windows 7 computers, regardless of the service pack version installed.

Here is the simplest query to create “All Windows 7 computers” collection (please make this collection “Not collection limited”):

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceId = SMS_R_System.ResourceId where SMS_G_System_OPERATING_SYSTEM.Caption like “%Windows 7%”

And here is the query to create “Windows 7 computers without SP1”, you must limit this collection to “All Windows 7 computers” collection created earlier:

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.Name not in (select distinct SMS_G_System_COMPUTER_SYSTEM.Name from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceId = SMS_R_System.ResourceId where SMS_G_System_OPERATING_SYSTEM.Caption like “%Windows 7%” and SMS_G_System_OPERATING_SYSTEM.CSDVersion = “Service Pack 1”)

Computers without Java 6 Update 30

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier, SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS.Version < “6.0.300” and SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName like “Java(TM) 6%”

Collections with computers without Forefront Endpoint Protection 2010 client

A customer asked me today to help him with creating some collections with client computers that do not have FEP 2010 installed so he can advertise the antivirus client to those computers. You can find the queries bellow.

All Windows 7 without Forefront Endpoint Protection 2010

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier, SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.Name not in (select distinct SMS_G_System_COMPUTER_SYSTEM.Name from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName = “Microsoft Forefront Endpoint Protection 2010”) and SMS_R_System.Client = 1 and SMS_G_System_OPERATING_SYSTEM.Caption like “%Microsoft Windows 7%”

All Windows Vista without Forefront Endpoint Protection 2010

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier, SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.Name not in (select distinct SMS_G_System_COMPUTER_SYSTEM.Name from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName = “Microsoft Forefront Endpoint Protection 2010”) and SMS_R_System.Client = 1 and SMS_G_System_OPERATING_SYSTEM.Caption like “%Microsoft® Windows Vista%”

Windows XP Professional SP2 without Forefront Endpoint Protection 2010

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier, SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.Name not in (select distinct SMS_G_System_COMPUTER_SYSTEM.Name from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName = “Microsoft Forefront Endpoint Protection 2010”) and SMS_R_System.Client = 1 and SMS_G_System_OPERATING_SYSTEM.CSDVersion like “%Service Pack 2%” and SMS_G_System_OPERATING_SYSTEM.Caption = “Microsoft Windows XP Professional”

Windows XP Professional SP3 without Forefront Endpoint Protection 2010

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier, SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.Name not in (select distinct SMS_G_System_COMPUTER_SYSTEM.Name from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName = “Microsoft Forefront Endpoint Protection 2010”) and SMS_R_System.Client = 1 and SMS_G_System_OPERATING_SYSTEM.CSDVersion like “%Service Pack 3%” and SMS_G_System_OPERATING_SYSTEM.Caption = “Microsoft Windows XP Professional”

Create a report to count all computer models and manufacturer for computers inside a specific collection

SELECT    dbo.v_GS_COMPUTER_SYSTEM.Manufacturer0 AS Manufacturer, dbo.v_GS_COMPUTER_SYSTEM.Model0 AS Model,
                      COUNT(dbo.v_GS_COMPUTER_SYSTEM.Model0) AS Total
FROM         dbo.v_GS_COMPUTER_SYSTEM INNER JOIN
                      dbo.v_FullCollectionMembership ON dbo.v_GS_COMPUTER_SYSTEM.ResourceID = dbo.v_FullCollectionMembership.ResourceID
GROUP BY dbo.v_GS_COMPUTER_SYSTEM.Model0, dbo.v_GS_COMPUTER_SYSTEM.Manufacturer0, dbo.v_FullCollectionMembership.CollectionID
HAVING      (dbo.v_FullCollectionMembership.CollectionID = ‘CollectionID’)
ORDER BY Total DESC, Manufacturer, Model

I’ve been at Tech-Ed today…

Actually I just attended a local event organized by Microsoft Romania and the last session was Useful Hacker Techniques: Which Part of Hackers’ Knowledge Will Help You in Efficient IT Administration held by polish Enterprise Security MVP – Paula Januszkiewicz.

Geez… this girl presented some things that, I can bet, made half of all admins go home/work and revise their server’s security and configuration.

After seeing this presentation and demos, I will repeat what I said a couple of years ago: Romanian MVP’s still have to learn from the foreign ones. A lot!