How to check the applicability of a Microsoft patch - windows

Environment:
I work in a lab that tests software against multiple domain configurations. I currently have 8 domains with no cross-domain trust. They each have a WSUS server that talks to our primary NOC WSUS Server. Other than talking to the primary WSUS server, there is no communication from one domain to the other. I cannot change GPO settings or install any software that isn't already installed. The domains range from Windows XP with Server 2003 to Windows 7 with Server 2008. Each domain has anywhere between 8-20 servers and 3-5 workstations.
I have a machine that can talk to each of the servers in all of the domains, and can also talk to the primary WSUS server. I primary work with PowerShell, but I'm not opposed to another language if it makes what I'm trying to do easier. I have PowerShell 2.0 installed, but I can easily installed PowerShell 3.0 if needed.
Scenario:
I am charged with checking if patches have been installed on each of the servers. This testing cannot rely on WSUS's built in reporting tools, per requirements I cannot change. I would receive a list of patches, and I need to check each server to see if the patches are installed. Since the patches can be anything from Windows XP to Server 2008, I also need to check if the patch is applicable to the server itself. I have tried to use PoshWSUS to check for applicability, but I cannot get a connection to the Primary WSUS server because of either IIS rules or a Firewall rule. I have search online, and followed several guides, but this WSUS's setup is very customized, and I can only do so much to the server itself.
Example:
I have the following Patches:
KB2604092
KB2676562
KB2686509
I want to check the following server:
DC01: A Windows Server 2008 Domain Controller
I am currently using the following PowerShell command to test if they are installed:
Get-HotFix -ID "KB2604092","KB2676562","KB2686509" -ComputerName DC01
This command shows the following patches are installed:
KB2676562
KB2686509
Leaving the following uninstalled:
KB2604092
This correctly tells me that KB2676562 and KB2686509 are installed, but it doesn't tell me if KB2604092 missing, or not applicable.
What I am stuck on is how to verify that KB2604092 is not applicable to DC01. I can easily search Microsoft's site to verify it is only for Windows Server 2003 or Windows XP, but how can I check it's applicability via a script. I would love to find a way to scrap the Microsoft KB article for the data, but I don't know how to pull the required information from the web page. I assume there has to be a check within WSUS to check applicability, but I don't know where to look for something like that.
Edit:
I forgot to mention, I have no control over what patches are approved, that is done by an outside company.

Well for security patches, Microsoft publishes a a spreadsheet that lists the all security bulletins since 1998. You can download from this page. (Direct link to spreadsheet)
You could then parse that spreadsheet (if you convert it to a CSV file, that would be easy to parse in powershell). It gives you all the information you are asking about.

If you're only interested in whether the update is applicable to the corresponding operating system, IUpdate.ProductTitles should give you the information you need.
There are more complicated cases, such as where an update is applicable only if a certain system component is installed. I don't think there's any way to handle those cases automatically.

Related

Can Informatica be used on Windows system?

I would like to know if Informatica can be used on Windows system ? If so what are the prerequisites?
Both the previous answers are wrong.
Windows 10 is supported for installing the client tools only.
For exact details which Windows server versions are supported, please log on (after initial sign-up if you haven't already done so) to the Informatica Network at https://network.informatica.com ; there's a section named Product Availability Matrices, here you find for each PowerCenter version the so-called Product Availability Matrix (PAM) indicating which Windows versions are supported for server installation and for client installation. You need both, and you can install both on the same Windows server system.
I won't go into this ugly ancient flame war here. Be it enough to say that some people managed to install the server part on Windows 10, but very few ever made it work reliably (in most cases the installation seems to work but doesn't, at latest after the next system restart). I wouldn't waste one single second trying to do so, it's not worth the time.

SCCM: Add a client to the sccm console

I have installed a SCCM system. My problem now is that I don't know how to integrate clients that are on the same network like the SCCM.
I have already created a location in the SCCM-Console and i have to integrate application software into the SCCM.
The Testclient already has a Windows 7 installed.
My question: How do I connect a client with the SCCM?
It kind of seems like you are potentially asking a few different things here so I will give an answer to what I think you are asking and hopefully that helps
1. To add computers to sccm so they show up in your management console, you can either do it manually or via discovery. You can configure discovery in the administration tab. Normally you will want to discover computers from your AD setup.
2. To install the sccm client on the computers, you can either do it manually by running the software on the PC. Alternatively you can push out the client to computer by right clicking them and pushing out the client there.
3.To add software to sccm you can go to the software library tab and create either packages or applications.
Hope this helps.
You need to setup boundaries and boundary groups within SCCM based on subnet or AD sites.
Take a look at this example: http://shabaztech.com/sccm-2012-r2-client-installation/
If you have discovery turned on, you should be able to right-click a computer object within the SCCM console and install the client, assuming you have the proper accounts and firewall rules setup.

Visual Studio 2015 Community License update fails in Samba NT4 Domain due to proxy/firewall

First off, I read all other Questions, that relate to this, I did an extensive google search on this topic and could not get a working answer.
I installed the Community Version of Visual Studio 2015 in mid November and been using it since then. After finishing my project, I went back to pen and paper for new formulas and noe came back to implement all those neat things.
Now it says, that my trial license has expired and should be renewed. I already read, I should use my MicrosoftAccount to do that, and proceeded by doing that.
Now this happened
It says, I should check firewall and prxoy settings and I read about contactiong the administrator. So that, what I did, but he says, there is no proxy, no block by firewall or anything else.
When running VS as administrator (after entering my credentials) I can create new projects and debug existing ones, so no problem there. However I can not use the program as normal user.
I read somewhere here to try repair it via systemcontrol, but that did not work either.
Does anyone has a solution?
In addition: There is also no "Enter License Key here" field, so that is also not an option.
(several Days later)
Halleluja, I found the answer! After digging through some Microsoft Help-Forums, I came upon this Thread, that not only perfectly describes my problem, but also gives a solution. So dear visitor from the future, who googled the problem and came upen this Stackoverflow Question: Follow the link above!
So, after sniffing packets harder than a drug addict, trying to find a difference in TLS exchanges between my computer and VS licensing server when using a domain account and when a using local account, and noticing no difference, I recalled why I had pushed this hypothesis to the side: our network supports TLS 1.2 perfectly well, as I can connect to TLS 1.2-only remote hosts without any issue.
This means the issue lies elsewhere, and is caused by Visual Studio treating domain accounts and local accounts differently when trying to renew licensing information.
The good news is I've found why and how to fix it.
I recalled that earlier this year, when we upgraded our commercial department from Windows 7 to Windows 10, they all encountered issues while trying to configure their mail accounts on Microsoft Outlook: an unknown error 0x8004011c. If you search around for it you'll quickly find that this only happens when using domain accounts and not when using local accounts (sounds familiar, heh?). The fix to bypass this issue is to set a specific Windows cryptography-related registry key.
When digging a little deeper, you can find that this fix is related to KB 3000850 (which I sadly cannot link to due to my account not being verified) and is actually described in the "Known issues" section, as well as in Samba-related documentation ("Required Settings for Samba NT4 Domains").
In short: Windows 8.1+ clients (with KB3000850) joined to an NT-Style domain are not able to use Windows Credential Manager. This doesn't occur when not using a NT-Style domain. The fix seems to globally authorize using Windows Credential Manager whatever the domain context.
So, to wrap it up, if:
You have a NT-Style domain (such as when using a Samba domain controller)
You have Windows 8.1 or later
vYou encounter issues when renewing your Visual Studio license
Then, set the following registry key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-11d1-8c7a-00c04fc297eb]
"ProtectionPolicy"=dword:00000001
This solved the issue on our domain, for all machines and accounts tested.
As to why Visual Studio 2015 needs to use Windows Credential Manager and not Visual Studio 2013, someone from Microsoft will have to chime in there to explain because I have no clue.
You are using a very old Samba server that uses unsupported features. NT4 came out in 1995. Active Directory didn't exist back then. A lot has changed in the last 20 years, including strengthening security and gradually removing older, less secure features like LanMan and NT4 domains.
Instead of weakening security, you should follow the advice posted in the page you linked, Required Settings for Samba NT4 Domains:
Microsoft discontinued the official support for NT4 domains in their Windows operating systems. ... Anyway, consider migrating to a Samba Active Directory (AD) to avoid problems if a future update from Microsoft disables or removes the unsupported NT4 features.

Installing process of DotNetNuke (Dnn.Platform-8.0.2)

Downloaded source package of DotnetNuke and I am new in dotnetNuke. Can anyone help me to clarify the process of installing DotnetNuke.
I am following this Install DNN
I've got a tutorial on installing DNN8 found here.
You can also follow this text tutorial
Setting up your development environment can vary based on what your
end goal is. If you are doing module development for your own use, and
within your own DNN environments, you can ignore a few of the settings
below. If you are doing module development with the idea that you
might turn around and give the modules away, or sell them, then you
will likely want to follow the guidelines set forth below to support
the widest array of DNN installation environments.
I recommend that each developer have their own local development
environment, with a local IIS website running DotNetNuke, and a SQL
Server 2008/2012 (not express, though you can use it) database for the
website. Having an individual development environment makes group
module development far easier than if you share
environments/databases.
Choosing a DotNetNuke Version Choosing a version of DotNetNuke is
important when you start your development for couple of reasons. For
modules that you are developing for yourself, you need to ask, what is
the minimum version of DotNetNuke that you have in production. Are you
running DNN 5.6.1? Are you running 6.2.6, 7.0.0, 7.0.6? Based on the
answer you can determine what version of DNN you should setup as your
development environment. You shouldn't be developing on a newer
version of DNN than what you have running in production. As with
everything there are ways around this, but I am not going to go into
the details on that in this tutorial.
As a developer working to create modules and release those, you might
have production sites that are running on the latest and greatest
version of DNN, but what about your customers? Or your potential
customers? You have to ask yourself, do you want to provide support
for really old versions of DotNetNuke? From a development perspective
you will probably say no, but from a business perspective, you might
say yes, and here’s why. Not everyone upgrades DotNetNuke websites as
they should, and often times you will find that some people never
upgrade. While I don’t advise taking that approach to managing a
DotNetNuke website, it is a fact of life that people don’t always
upgrade and there are thousands of people, if not tens of thousands,
that have sites that aren’t running on the latest version of DNN. You
should take that into account when you are doing your module
development, if you compile your module against an older version of
DNN then your module should run on newer versions of as well, for
example. If you compile your module against DotNetNuke 6.2.6 it will
likely run on every version of DNN released since then. Though there
are extended cases where this won’t always work, DNN strives to
maintain backwards compatibility, this isn't always possible.
You might also want to use features that are only available starting
with a specific version of DotNetNuke, such as the workflow
functionality found starting in DNN 5.1, in that case you may choose
not to support older versions of the platform out of necessity. This
will minimize the market in which you can sell your modules, but also
can make for less support and an easier development cycle due to the
features that DNN provides.
Choosing a Package Now here’s one that may baffle you a bit. I’m going
to recommend that you use the INSTALL package for whatever version of
DotNetNuke that you download. What? The INSTALL package? What about
the SOURCE package? Well you can use the source, but you don’t need
it. The module development that I’m setting you up for doesn't require
the DNN source, and using the INSTALL package makes your development
environment cleaner. We aren't going to be opening the DotNetNuke
project when we do our module development, so why have the files
sitting around for nothing? Also, if you've ever tried to use the
SOURCE package for anything, you'll know it isn't easy.
The steps for setting up your development environment will apply to
both the Community and Professional editions of DotNetNuke.
Installation Configuration Once you have the version selection out of
the way you can go through the installation process. While I’m not
going to walk you through the minutest of details of each step of
installing DotNetNuke in this post, I will at least try to point you
in the right direction for each step.
Download the INSTALL package of the version of DotNetNuke you want to
use in your development environment.
Extract the files in the INSTALL package to a location of your
choosing, this location is where you will point IIS (the web server)
when we can configure the website. In my environment I typically use
c:\websites\dnndev.me\ (One item of note: you may need to right click
on the ZIP file and choose Properties before extracting, on the
properties window if you have an UNBLOCK option, click that. Some
versions of Windows have started blocking files within the DotNetNuke
ZIP files, which will cause you problems later during the actual
install.)
Setup IIS IIS is the web server that comes with Windows computers. DNN
7 requires IIS 7 or later (7,7.5,8.0), so you will need at least
Windows Vista, Windows 7, Windows 8, or Windows Server 2008 R2,
Windows Server 2012.
In IIS you should create a new website (Note: If you use an existing
website in IIS be sure to add the HOST binding for DNNDEV.ME), and
point to the folder where you extracted the INSTALL package.
Note: With DotNetNuke 7.0+, .NET Framework 4.0 is required, so be sure
that your application pool is configured to run under 4.0, and not
2.0.
Set File Permissions Setting up the file permissions for your DNN
install is often the step that causes the most trouble. You should
right click on the FOLDER in which you extracted DNN
(c:\websites\dnndev.me) and choose properties. Choose the Security
tab. You need to add permissions for the account in which your
website's application pool is running under. You will want to setup
the permissions to give the account Full or Modify permissions for the
DNNDEV.ME folder. Which account you will use will vary based on your
version of IIS, here’s a simple list of some of the default accounts
based on the version of IIS.
IIS Version Operating System Account IIS 7 Windows Vista, Windows
Server 2008 localmachine\Network Service IIS 7.5 Windows 2008 R2,
Windows 7 IIS AppPool\APPPOOLNAME IIS 8 Windows 2012, Windows 8 IIS
AppPool\APPPOOLNAME
Note: If you are using IIS7.5/8.0 you’ll notice in the above table
that we have APPPOOLNAME in the identity, this is because when you
setup a new website in IIS a new application pool is created. In place
of you should type in the name of the application pool that was
created. You can also bypass this and configure your application pool
to use the Network Service account instead of a dynamic account if you
would like.
Database Configuration In SQL Server you should go through and create
a new database. I always create a database with the same name as the
website, so in this case DNNDEV.ME. Once you have created the
database, create a user that can access that database. I always use
SQL authentication, turn off the enforce password requirements, and
give the user DB Owner and Public access to the DNNDEV.ME database.
Remember the username and password you create here as you will need
them when you walk through the Installation screen for DotNetNuke.
DotNetNuke Installation Screen Populate the installation screen with
the standard DNN information, Host username, password, etc. For the
Database option, choose Custom and configure your database connection,
providing the Server IP/Name, the Database name (dnndev.me). For the
database authentication you'll want to choose the option that allows
you to enter the username/password for the database user that you
created previously.
Now there are two additional options you can configure, normally I
would tell you not to modify these, but from a development environment
perspective I do recommend that you change the objectQualifier
setting. It should be blank by default, you should type in “dnn”
(without quotes), this will prepend “dnn_” to all of the objects that
get created by DNN such as Tables and Stored Procedures. This is not
something I recommend from a production stand point, but if you are
developing modules for sale, then supporting objectQualifier in your
development is recommended. It will save you time down the road if you
have a customer who has an objectQualifier defined on their production
databases.
Follow the following video and it has total two parts one and two part links are givenbelow
Part one
Part two

Checking with VBScript if server has all critical updates installed -- managed by WSUS

I am developing a script that gets deployed and executed on a server (so it is as if I am running it locally and not remote).
I need to check to see if all critical updates are installed. Each server has a WSUS server managing its updates. Is there a way for me to do this with VBScript.
I was looking at this post,
Windows Update Check with vbscript
but I don't know if it will help me since I'm not too familiar with how windows update works, but I only need critical updates.
If I follow the method that the selected answer in the post I linked, will
CreateObject("Microsoft.Update.Session")
work if WSUS is managing updates? What do I use to only grab updates that WSUS deems critical?
The Microsoft.Update.Session object will query whatever update server a host is pointed towards, be it Microsoft's servers or a local WSUS. It reports only approved updates that apply to the host.

Resources