- Create a CMD file with the following content
@echo off:: - - - - - Check if KB is installed - - - - - - - -
systeminfo | findstr 2823324
:: - - - - - If not installed (1), exit - - - - - - -
IF %errorlevel% EQU 1 GOTO NOTFOUND
GOTO FOUND
:NOTFOUND
Echo %date% - %time% KB 2823324 was not found. Exit. >> C:\Windows\Temp\Microsoft_Uninstall_Patch_KB2823324.log
GOTO EXIT
:: - - - - - If installed (0), uninstall - - - - - - -
:FOUND
Echo %date% - %time% KB 2823324 was found. Attempt uninstall. >> C:\Windows\Temp\Microsoft_Uninstall_Patch_KB2823324.log
wusa.exe /uninstall /kb:2823324 /quiet /norestart /log:C:\Windows\Temp\Microsoft_Uninstall_Patch_KB2823324_WUSA.log
Echo %date% - %time% KB 2823324 uninstall complete. Restart might be needed for operation to complete successfully. >> C:\Windows\Temp\Microsoft_Uninstall_Patch_KB2823324.log
:EXIT
- Deploy this CMD file by creating a new package and program. Keep in mind that a restart is required to fully uninstall this patch.
Find computer name for a remote computer using PSExec
Let’s say you know the IP address of a computer but you don’t know the hostname. Seems to be an easy task with ping –a, if you have a working DNS 
If not, you can try the following approach:
- Create a cmd file on client’s computer. Say in \\IP\C$\Windows\Temp\FindHostname.cmd
- Edit FindHostname.cmd. Type in: echo %computername% >> C:\Windows\Temp\Hostname.log
- Run PSExec: C:\PSTools\PsExec.exe \\IP C:\Windows\Temp\FindHostname.cmd
- Look into \\IP\C$\Windows\Temp\Hostname.log, you will have the computer’s name.
Open local group policy settings on a remote system
From Run or Command Prompt window: gpedit.msc /gpcomputer: Computername
Collection with Windows 7 computers without SP1
First, if you want your query to display the right information, you must have a collection with all Windows 7 computers, regardless of the service pack version installed.
Here is the simplest query to create “All Windows 7 computers” collection (please make this collection “Not collection limited”):
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceId = SMS_R_System.ResourceId where SMS_G_System_OPERATING_SYSTEM.Caption like “%Windows 7%”
And here is the query to create “Windows 7 computers without SP1”, you must limit this collection to “All Windows 7 computers” collection created earlier:
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.Name not in (select distinct SMS_G_System_COMPUTER_SYSTEM.Name from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceId = SMS_R_System.ResourceId where SMS_G_System_OPERATING_SYSTEM.Caption like “%Windows 7%” and SMS_G_System_OPERATING_SYSTEM.CSDVersion = “Service Pack 1”)
Find OS Architecture using Win32_OperatingSystem class
WMI queries to find 64 and 32 bit computers:
SELECT * FROM Win32_OperatingSystem WHERE OSArchitecture = “64-bit”
SELECT * FROM Win32_OperatingSystem WHERE OSArchitecture = “32-bit”
Computers without Java 6 Update 30
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier, SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS.Version < “6.0.300” and SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName like “Java(TM) 6%”
Count Adobe Reader versions
SELECT DISTINCT TOP (100) PERCENT DisplayName0, Version0, COUNT(Version0) AS Total
FROM dbo.v_GS_ADD_REMOVE_PROGRAMS
GROUP BY DisplayName0, Version0
HAVING (DisplayName0 LIKE ‘%Adobe Reader%’)
ORDER BY Total DESC, DisplayName0
Collections with computers without Forefront Endpoint Protection 2010 client
A customer asked me today to help him with creating some collections with client computers that do not have FEP 2010 installed so he can advertise the antivirus client to those computers. You can find the queries bellow.
All Windows 7 without Forefront Endpoint Protection 2010
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier, SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.Name not in (select distinct SMS_G_System_COMPUTER_SYSTEM.Name from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName = “Microsoft Forefront Endpoint Protection 2010”) and SMS_R_System.Client = 1 and SMS_G_System_OPERATING_SYSTEM.Caption like “%Microsoft Windows 7%”
All Windows Vista without Forefront Endpoint Protection 2010
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier, SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.Name not in (select distinct SMS_G_System_COMPUTER_SYSTEM.Name from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName = “Microsoft Forefront Endpoint Protection 2010”) and SMS_R_System.Client = 1 and SMS_G_System_OPERATING_SYSTEM.Caption like “%Microsoft® Windows Vista%”
Windows XP Professional SP2 without Forefront Endpoint Protection 2010
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier, SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.Name not in (select distinct SMS_G_System_COMPUTER_SYSTEM.Name from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName = “Microsoft Forefront Endpoint Protection 2010”) and SMS_R_System.Client = 1 and SMS_G_System_OPERATING_SYSTEM.CSDVersion like “%Service Pack 2%” and SMS_G_System_OPERATING_SYSTEM.Caption = “Microsoft Windows XP Professional”
Windows XP Professional SP3 without Forefront Endpoint Protection 2010
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier, SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.Name not in (select distinct SMS_G_System_COMPUTER_SYSTEM.Name from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName = “Microsoft Forefront Endpoint Protection 2010”) and SMS_R_System.Client = 1 and SMS_G_System_OPERATING_SYSTEM.CSDVersion like “%Service Pack 3%” and SMS_G_System_OPERATING_SYSTEM.Caption = “Microsoft Windows XP Professional”
Create a report to count all computer models and manufacturer for computers inside a specific collection
SELECT dbo.v_GS_COMPUTER_SYSTEM.Manufacturer0 AS Manufacturer, dbo.v_GS_COMPUTER_SYSTEM.Model0 AS Model,
COUNT(dbo.v_GS_COMPUTER_SYSTEM.Model0) AS Total
FROM dbo.v_GS_COMPUTER_SYSTEM INNER JOIN
dbo.v_FullCollectionMembership ON dbo.v_GS_COMPUTER_SYSTEM.ResourceID = dbo.v_FullCollectionMembership.ResourceID
GROUP BY dbo.v_GS_COMPUTER_SYSTEM.Model0, dbo.v_GS_COMPUTER_SYSTEM.Manufacturer0, dbo.v_FullCollectionMembership.CollectionID
HAVING (dbo.v_FullCollectionMembership.CollectionID = ‘CollectionID’)
ORDER BY Total DESC, Manufacturer, Model
I’ve been at Tech-Ed today…
Actually I just attended a local event organized by Microsoft Romania and the last session was Useful Hacker Techniques: Which Part of Hackers’ Knowledge Will Help You in Efficient IT Administration held by polish Enterprise Security MVP – Paula Januszkiewicz.
Geez… this girl presented some things that, I can bet, made half of all admins go home/work and revise their server’s security and configuration.
After seeing this presentation and demos, I will repeat what I said a couple of years ago: Romanian MVP’s still have to learn from the foreign ones. A lot!