tag:blogger.com,1999:blog-87954987426799387722024-03-13T14:12:33.545-07:00Techo 3000halcoberryhttp://www.blogger.com/profile/15243465759264938277noreply@blogger.comBlogger10125tag:blogger.com,1999:blog-8795498742679938772.post-9921235059489257432015-08-26T18:14:00.000-07:002015-08-26T18:16:13.635-07:00Palo Alto UID Agent with NPS RADIUS SSO<div style="text-align: center;">
Don't get me wrong. I love my Palo Alto Firewall. Best decision i have ever made to be purchased, its a brilliant device, but the SSO functionality when it comes to RADIUS is a bit shit because well it isn't there.</div>
<div>
<br /></div>
<div>
The scenario I will give you is if you have NPS(RADIUS) running for your wireless and you would like SSO authenticated internet for you non-domain users, ie BYOD, then you are shit out of luck with Palo Alto, it will prompt the user for a login. Not the end of the world, but still annoying.</div>
<div>
<br /></div>
<div>
Thus this amazing script came which watches the NPS log file, comparing it to the DHCP leases, and will send and xml request through the Palo Alto UID(download UID with your Palo Alto login at <a href="https://support.paloaltonetworks.com/">link</a>).</div>
<div>
<br /></div>
<div>
It does create a little bit of load on the server and I think it could do with some refining to allow it to run a lot faster. If I ever get around to it I will make a multi threaded version allowing multiple subnets to be scanned at the same time and also do some subnet mapping based off the SSID of the wireless to reduce the load of requesting subnets from the DHCP which appears to be the most CPU intensive and the part that slows the script down the most.</div>
<div>
<br /></div>
<div>
There are two prereqs with </div>
<div>
- Remote DHCP Admin Console, which adds the Powershell Plugins used in the script</div>
<div>
- Palo Alto UID Agent with the following turned on</div>
<div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-tvi0tyNJNBQ/Vd5gt_8T-eI/AAAAAAAAJD4/ITrnuAruf88/s1600/PaloAlto.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="193" src="http://2.bp.blogspot.com/-tvi0tyNJNBQ/Vd5gt_8T-eI/AAAAAAAAJD4/ITrnuAruf88/s640/PaloAlto.jpg" width="640" /></a></div>
<br />
and here is the script<br />
<blockquote>
#original script from https://github.com/cesanetwan/uid-radius-script-ps<br />
# modified to remove config file to reduce load as well as fixed a few errors in the code<br />
param([string]$global:strEventUser, [string]$global:strCallingStation)<br />
$ErrorActionPreference = "Stop"<br />
$global:strVersion = "5.8ps"<br />
#create arrays - you can leave them as is<br />
$global:aClientIPs = @()<br />
$global:aExclusions = @()<br />
$global:aDHCPServers = @()<br />
#domain name<br />
$global:strDomain = "DOMAIN"<br />
#location of your NPS Log file<br />
$global:strLogPath = "C:\System32\LogFiles\"<br />
#IP Address of the Palo Alto UID Script<br />
#Runs best if it is installed on the same server as NPS<br />
$global:strAgentServer = "127.0.0.1"<br />
$global:strAgentPort = "5006"<br />
#subnets to exclude from the DHCP Request<br />
$global:aExclusions += ""<br />
#leave this as DHCP, its now the only option that works<br />
$global:strLogFormat = "DHCP"<br />
#DHCP Servers, if you set them up for resiliance you shuld only need one here<br />
$global:aDHCPServers += "PDC"<br />
$global:aDHCPServers += "DC"<br />
#settings for the UID Agent, leave them as is<br />
$global:strVsys = "vsys2"<br />
$global:strAPIKey = "key"<br />
$global:blnAgent = "1"<br />
$global:strTimeout = "120"<br />
#debug to create a log file in the following C:\Program Files (x86)\Palo Alto Networks\User-ID Agent\uiddebug.log<br />
$global:strDebug = "0"<br />
#the address of your Palo Alto for the API<br />
$global:strPostAddr = "https://192.168.1.1/api/"<br />
#do you have a proxy server set in the UID Agent?<br />
$global:strProxy = "0"<br />
#do you want it to run multiple passes? if you are running one DHCP you can leave this as 0<br />
$global:blnMultipass = "0"<br />
Function PostToAgent<br />
{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>param([string]$strUserAgentData)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>If ([int]$global:blnAgent -eq 1)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$url = "https://" + $global:strAgentServer + ":" + $global:strAgentPort + "/"<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>[System.Net.HttpWebRequest]$request = [System.Net.HttpWebRequest] [System.Net.WebRequest]::Create($url)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$request.Method = "PUT"<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>If ([int]$global:strDebug -gt 0)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$message = "Local agent installed, posting data to " + $url<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>add-content -Path "C:\Program Files (x86)\Palo Alto Networks\User-ID Agent\uiddebug.log" -Value $message -Force<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>Else<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>If ($global:strProxy -eq "1")<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span> $url = $global:strPostAddr<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>If ([int]$global:strDebug -gt 0)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$message = "Posting to XMLAPIProxy, URL: " + $url<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>add-content -Path "C:\Program Files (x86)\Palo Alto Networks\User-ID Agent\uiddebug.log" -Value $message -Force<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>Else<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span> $url = $global:strPostAddr + "?key=" + $global:strAPIKey + "&type=user-id&action=set&vsys=" + $global:strVsys + "&client=wget&file-name=UID.xml"<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>If ([int]$global:strDebug -gt 0)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$message = "Posting to XMLAPI on firewall, URL: " + $url<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>add-content -Path "C:\Program Files (x86)\Palo Alto Networks\User-ID Agent\uiddebug.log" -Value $message -Force<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>[System.Net.HttpWebRequest]$request = [System.Net.HttpWebRequest] [System.Net.WebRequest]::Create($url)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$request.Method = "POST"<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>If ([int]$global:strDebug -gt 0)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$message = "Starting post"<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>add-content -Path "C:\Program Files (x86)\Palo Alto Networks\User-ID Agent\uiddebug.log" -Value $message -Force<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$request.ContentType = "text/xml"<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$bytes = [System.Text.Encoding]::UTF8.GetBytes($strUserAgentData)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$request.ContentLength = $bytes.Length<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>[System.IO.Stream] $outputStream = [System.IO.Stream]$request.GetRequestStream()<br />
$outputStream.Write($bytes,0,$bytes.Length) <br />
$outputStream.Close()<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>If ([int]$global:strDebug -gt 0)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$message = "Finished Post"<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>add-content -Path "C:\Program Files (x86)\Palo Alto Networks\User-ID Agent\uiddebug.log" -Value $message -Force<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>try<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>[System.Net.HttpWebResponse]$response = [System.Net.HttpWebResponse]$request.GetResponse() <br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$sr = New-Object System.IO.StreamReader($response.GetResponseStream()) <br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$txt = $sr.ReadToEnd()<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>If ([int]$global:strDebug -gt 0)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$message = "Response: " + $txt<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>add-content -Path "C:\Program Files (x86)\Palo Alto Networks\User-ID Agent\uiddebug.log" -Value $message -Force<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>catch [Net.WebException] {<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>[System.Net.HttpWebResponse] $resp = [System.Net.HttpWebResponse] $_.Exception.Response <br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>add-content -Path "C:\Program Files (x86)\Palo Alto Networks\User-ID Agent\uidradiuserrors.log" -Value $resp -Force<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
}<br />
Function CleanMac<br />
{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>param([string]$strMac)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$strMac = $strMac -replace "-", ""<br />
$strMac = $strMac -replace "\.", ""<br />
$strMac = $strMac -replace ":", ""<br />
$strMac = $strMac.ToLower()<br />
return $strMac<br />
}<br />
<br />
Function ProcessDHCPClients<br />
{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>If ($global:strEventUser.contains("\"))<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$pos = $global:strEventUser.IndexOf("\")<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$global:strEventUser = $global:strEventUser.Substring($pos+1)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>} ElseIf ($global:strEventUser.contains("@"))<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$pos = $global:strEventUser.IndexOf("@")<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$global:strEventUser = $global:strEventUser.Substring(0,$pos)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>If (-Not ($global:strEventUser.contains("$")) -and -Not ($global:strEventUser.contains("host/")) )<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>If ($global:strCallingStation -match "\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b")<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$aMatchedIPs = @()<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$aMatchedIPs += $global:strCallingStation<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>If ([int]$global:strDebug -gt 0)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$message = "CallingStation is IP, no need for DHCP query"<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>add-content -Path "C:\Program Files (x86)\Palo Alto Networks\User-ID Agent\uiddebug.log" -Value $message -Force<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>Else<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>If ($global:blnMultipass -eq "0") {<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>If ([int]$global:strDebug -gt 0)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$message = "No MultiPass required, performing single pass"<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>add-content -Path "C:\Program Files (x86)\Palo Alto Networks\User-ID Agent\uiddebug.log" -Value $message -Force<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$aMatchedIPs = @()<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>foreach ($DHCPServer in $global:aDHCPServers)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>If ([int]$global:strDebug -gt 0)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$message = "Querying DHCP Server: " + [string]$DHCPServer<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>add-content -Path "C:\Program Files (x86)\Palo Alto Networks\User-ID Agent\uiddebug.log" -Value $message -Force<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$scopes = Get-DhcpServerv4Scope -CN $DHCPServer | select ScopeId<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>foreach ($scope in $scopes)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>If ([int]$global:strDebug -gt 0)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$message = "Checking Scope: " + [string]$scope<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>add-content -Path "C:\Program Files (x86)\Palo Alto Networks\User-ID Agent\uiddebug.log" -Value $message -Force<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
$aReservations = Get-DhcpServerv4Lease -CN $DHCPServer -ScopeId $scope.ScopeID -AllLeases | select IPAddress, ClientID<br />
foreach ($reservation in $aReservations)<br />
{<br />
$MAC = CleanMac($reservation.ClientID)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span> If ([int]$global:strDebug -gt 1)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span> {<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$message = $MAC<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>add-content -Path "C:\Program Files (x86)\Palo Alto Networks\User-ID Agent\uiddebug.log" -Value $message -Force<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span> }<br />
$global:strCallingStation = CleanMac($global:strCallingStation)<br />
If ($global:strCallingStation -eq $MAC)<br />
{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>If ([int]$global:strDebug -gt 0)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span> {<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span> $message = "MAC found, IP is: " + [string]$reservation.IPAddress<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span> add-content -Path "C:\Program Files (x86)\Palo Alto Networks\User-ID Agent\uiddebug.log" -Value $message -Force<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span> }<br />
$aMatchedIPs += $reservation.IPAddress<br />
}<br />
}<br />
}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>Else<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>If ([int]$global:strDebug -gt 0)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$message = "MultiPass required, performing two passes"<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>add-content -Path "C:\Program Files (x86)\Palo Alto Networks\User-ID Agent\uiddebug.log" -Value $message -Force<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$aMatchedIPs = @()<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$mp = 0<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>While ($mp -lt 2) {<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>If ([int]$global:strDebug -gt 0)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$message = "Pass " + [string]$mp + ":"<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>add-content -Path "C:\Program Files (x86)\Palo Alto Networks\User-ID Agent\uiddebug.log" -Value $message -Force<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>foreach ($DHCPServer in $global:aDHCPServers)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>If ([int]$global:strDebug -gt 0)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$message = "Querying DHCP Server: " + [string]$DHCPServer<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>add-content -Path "C:\Program Files (x86)\Palo Alto Networks\User-ID Agent\uiddebug.log" -Value $message -Force<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$scopes = Get-DhcpServerv4Scope -CN $DHCPServer | select ScopeId<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>foreach ($scope in $scopes)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>If ([int]$global:strDebug -gt 0)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$message = "Checking Scope: " + [string]$scope<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>add-content -Path "C:\Program Files (x86)\Palo Alto Networks\User-ID Agent\uiddebug.log" -Value $message -Force<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$aReservations = Get-DhcpServerv4Lease -ScopeId $scope.ScopeID -AllLeases | select IPAddress, ClientID<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>foreach ($reservation in $aReservations)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$MAC = CleanMac($reservation.ClientID)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>If ([int]$global:strDebug -gt 1)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span> <span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$message = $MAC<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>add-content -Path "C:\Program Files (x86)\Palo Alto Networks\User-ID Agent\uiddebug.log" -Value $message -Force<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span> <span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$global:strCallingStation = CleanMac($global:strCallingStation)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>If ($global:strCallingStation -eq $MAC)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>If ([int]$global:strDebug -gt 0)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span> <span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span> <span class="Apple-tab-span" style="white-space: pre;"> </span>$message = "MAC found, IP is: " + [string]$reservation.IPAddress<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span> <span class="Apple-tab-span" style="white-space: pre;"> </span>add-content -Path "C:\Program Files (x86)\Palo Alto Networks\User-ID Agent\uiddebug.log" -Value $message -Force<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span> <span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$aMatchedIPs += $reservation.IPAddress<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$mp = $mp + 1<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>foreach ($address in $aMatchedIPs)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>If ($global:strProxy -eq "1")<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>[string]$strXMLLine = "<uid-message><version>1.0</version><scriptv>" + $global:strVersion + "</scriptv><type>update</type><payload><login>"<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>Else<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>[string]$strXMLLine = "<uid-message><version>1.0</version><type>update</type><payload><login>"<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>If ($global:blnAgent -eq "1")<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$strXMLLine = $strXMLLine + "<entry name=""" + $global:strDomain + "\" + $global:strEventUser + """ ip=""" + $address + """/>"<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>Else<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>If ($global:strProxy -eq "1")<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$strXMLLine = $strXMLLine + "<entry name=""" + $global:strDomain + "\" + $global:strEventUser + """ ip=""" + $address + """ timeout=""" + $global:strTimeout + """ vsys=""" + $global:strVsys + """/>"<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>Else<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$strXMLLine = $strXMLLine + "<entry name=""" + $global:strDomain + "\" + $global:strEventUser + """ ip=""" + $address + """ timeout=""" + $global:strTimeout + """/>"<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$strXMLLine = $strXMLLine + "</login></payload></uid-message>"<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>If ([int]$global:strDebug -gt 0)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$message = "Posting mapping: " + $strXMLLine<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>add-content -Path "C:\Program Files (x86)\Palo Alto Networks\User-ID Agent\uiddebug.log" -Value $message -Force<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>PostToAgent $strXMLLine<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
}<br />
Try<br />
{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>If ([int]$global:strDebug -gt 0)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$ct = Get-Date<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$message = "Script launched at " + [string]$ct + " with arguments " + $global:strEventUser + " & " + $global:strCallingStation<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>add-content -Path "C:\Program Files (x86)\Palo Alto Networks\User-ID Agent\uiddebug.log" -Value "==========================================================================" -Force<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>add-content -Path "C:\Program Files (x86)\Palo Alto Networks\User-ID Agent\uiddebug.log" -Value $message -Force<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>add-content -Path "C:\Program Files (x86)\Palo Alto Networks\User-ID Agent\uiddebug.log" -Value "Config Loaded Successfully" -Force<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>If ($global:strLogFormat -eq "DTS")<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>#ProcessDTSLog<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>ElseIf ($global:strLogFormat -eq "IAS")<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>#ProcessIASLog<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>ElseIf ($global:strLogFormat -eq "DHCP")<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>If ([int]$global:strDebug -gt 0)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$message = "Script in DHCP mode, starting DHCP Process"<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>add-content -Path "C:\Program Files (x86)\Palo Alto Networks\User-ID Agent\uiddebug.log" -Value $message -Force<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>ProcessDHCPClients<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>If ([int]$global:strDebug -gt 0)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$message = "Finished processing DHCP Clients"<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>add-content -Path "C:\Program Files (x86)\Palo Alto Networks\User-ID Agent\uiddebug.log" -Value $message -Force<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>If ([int]$global:strDebug -gt 0)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$ct = Get-Date<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$message = "Script finished at: " + [string]$ct<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>add-content -Path "C:\Program Files (x86)\Palo Alto Networks\User-ID Agent\uiddebug.log" -Value $message -Force<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>add-content -Path "C:\Program Files (x86)\Palo Alto Networks\User-ID Agent\uiddebug.log" -Value "==========================================================================" -Force<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
}<br />
Catch<br />
{<br />
$ErrorMessage = $_.Exception.Message<br />
$FailedItem = $_.Exception.ItemName<br />
$ErrorLog = $FailedItem + " failed with message " + $ErrorMessage<br />
add-content -Path "C:\Program Files (x86)\Palo Alto Networks\User-ID Agent\uidradiuserrors.log" -Value $ErrorLog -Force<br />
Break<br />
}</blockquote>
</div>
<div style="text-align: center;">
<a href="https://drive.google.com/open?id=0B74TsOd-73NLakF5aG4zY3kxRms">Download</a></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: left;">
you will then need to create a task schedule which i have exported for you so you will need to change the script location and the user running</div>
<div style="text-align: center;">
<a href="https://drive.google.com/open?id=0B74TsOd-73NLa1JQQkUtZ3Jnemc">Download</a></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: left;">
The original script was from <a href="https://github.com/cesanetwan/uid-radius-script-ps">https://github.com/cesanetwan/uid-radius-script-ps</a> but it had quite a few errors in it that I have cleaned up and removed the config file from it as it was causing the script to slow down quite a lot. The next stage is to multi thread the sub net scanning to increase the rate at which the script can run and do mapping of subnets to wireless SSIDs coming through the NPS log file. I will most likely also remove all the debugging if statements and have a running/debug version.</div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
anywho i thought it would be a good script to share and credit to the cesanetwan script for the base of this one.</div>
halcoberryhttp://www.blogger.com/profile/15243465759264938277noreply@blogger.com4tag:blogger.com,1999:blog-8795498742679938772.post-5623508962297388582015-08-25T00:05:00.000-07:002016-02-07T19:54:02.778-08:00Reset User Passwords with AD Self Service PortalI ran across a problem when we wanted specific users to be able to reset there passwords through some sort of self service mechanism.<br />
<div>
<br /></div>
<div>
After looking at many services(very expensive services!) to reset passwords which a lot of required enrolling, and where a pain to setup, which I stumbled across the following page </div>
<div>
<a href="http://deployhappiness.com/reset-user-passwords-with-ad-self-service-portal/">link</a></div>
<div>
<br /></div>
<div>
Although I was explicitly looking for a method of password reset via email I went about and modified the script to suit my needs.</div>
<div>
<br /></div>
<div>
so without further ado i present</div>
<div>
<br /></div>
<div>
<blockquote>
function Create-RandomString()<br />
{<br />
$aChars = @()<br />
$aChars = "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "A", "C", "b", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "2", "3", "4", "5", "6", "7", "8", "9", "_", ";"<br />
$intUpperLimit = Get-Random -minimum 8 -maximum 10<br />
<br />
$x = 0<br />
$strString = ""<br />
while ($x -lt $intUpperLimit)<br />
{<br />
$a = Get-Random -minimum 0 -maximum $aChars.getupperbound(0)<br />
$strString += $aChars[$a]<br />
$x += 1<br />
}<br />
<br />
return $strString<br />
}<br />
<br />
#prereqs need to be installed<br />
# - Remote Admin tools for AD - RSAT<br />
# - Exchange pluggins http://www.microsoft.com/en-us/download/confirmation.aspx?id=42951<br />
#original script from<br />
#http://deployhappiness.com/reset-user-passwords-with-ad-self-service-portal/<br />
#password change script for changing the reset password<br />
#https://unopasscore.codeplex.com/<br />
#Configuration Block<br />
#SMTP Server that mail will go OUT through<br />
$SmtpServer = "smtp.email.com"<br />
#email address that will be used as the REPLY email address<br />
$ResetEmail = "donotreply@email.com"<br />
#the email account to check<br />
$Username = "PassReset@email.com"<br />
$Password = "P@ASSWORD"<br />
#exchange web address, this "should" work for any o365 install by changing the username and password above<br />
$MailServer = "https://outlook.office365.com/ews/exchange.asmx"<br />
$ExchangeVersion = "Exchange2013"<br />
#AD Field that the recovery email address is stored in AD. The email recieved needs to come from the email address specified in the AD Field<br />
$ADMailField = "mail"<br />
#AD Server to send the password reset to. You can use the FQN or IP Address<br />
$ADServer = "DC.local"<br />
<br />
#User who shold recieve email notifications that a password was reset or an invalid request was sent.<br />
$LoggingUser = "log@email.com"<br />
<br />
#Download for file is here: http://www.microsoft.com/en-us/download/confirmation.aspx?id=42951<br />
[Reflection.Assembly]::LoadFile("C:\Program Files\Microsoft\Exchange\Web Services\2.2\Microsoft.Exchange.WebServices.dll")<br />
<br />
$email = New-Object Microsoft.Exchange.WebServices.Data.ExchangeService([Microsoft.Exchange.WebServices.Data.ExchangeVersion]::$ExchangeVersion)<br />
$email.Credentials = New-Object Net.NetworkCredential($Username, $Password)<br />
$uri=[system.URI] $MailServer<br />
$email.Url = $uri<br />
$inbox = [Microsoft.Exchange.WebServices.Data.Folder]::Bind($email,[Microsoft.Exchange.WebServices.Data.WellKnownFolderName]::Inbox)<br />
<br />
if ($inbox.UnreadCount -gt 0) {<br />
$PropertySet = new-object Microsoft.Exchange.WebServices.Data.PropertySet([Microsoft.Exchange.WebServices.Data.BasePropertySet]::FirstClassProperties)<br />
$PropertySet.RequestedBodyType = [Microsoft.Exchange.WebServices.Data.BodyType]::Text;<br />
# Set search criteria - unread only<br />
$SearchForUnRead = New-object Microsoft.Exchange.WebServices.Data.SearchFilter+IsEqualTo([Microsoft.Exchange.WebServices.Data.EmailMessageSchema]::IsRead, $false)<br />
$items = $inbox.FindItems($SearchForUnRead,10) #return only 10 unread mail items<br />
Import-Module -Name ActiveDirectory<br />
<br />
foreach ($item in $items.Items) {<br />
# load the property set to allow us to view the body<br />
$item.load($PropertySet)<br />
<br />
if($item.Body.text -Like "*") {<br />
$EmailAddress = $item.From.address<br />
$user = Get-ADUser -Filter {$ADMailField -eq $EmailAddress} -Properties $ADMailField -Server $ADServer<br />
<br />
If ($user -ne $null) {<br />
$PW = Create-RandomString<br />
if ($PW.length -gt 1) {<br />
Set-ADAccountPassword -identity $user.SamAccountName -Server $ADServer -Reset -NewPassword (ConvertTo-SecureString -AsPlainText $PW -Force)<br />
Unlock-ADAccount -identity $user.SamAccountName -Server $ADServer<br />
<br />
$PasswordAge = (Get-ADUser $user -Properties PasswordLastSet | Select PasswordLastSet)<br />
if ($PasswordAge.PasswordLastSet -ge (Get-Date).AddMinutes(-1)) {<br />
$Body = "Password reset for " + $user.SamAccountName + "-" + $user.DistinguishedName<br />
$UsernameReset = $user.SamAccountName<br />
send-mailmessage -to $LoggingUser -from $ResetEmail -subject "Password Reset - $PW" -body $Body -SmtpServer $SmtpServer<br />
send-mailmessage -to $item.From.address -from $ResetEmail -subject "Pass Login" -body "Your Username and Password are the following,`nUsername: $UsernameReset `nPassword: $PW`nTo change yout password please visit `n`nIf you are still having problems with your login please contact " -SmtpServer $SmtpServer<br />
}<br />
}<br />
}<br />
else {<br />
send-mailmessage -to $LoggingUser -from $ResetEmail -subject "Invalid email" -body "email address was not found " $item.From.address -SmtpServer $SmtpServer<br />
send-mailmessage -to $item.From.address -from $ResetEmail -subject "Invalid email " -body "Your email was not found." -SmtpServer $SmtpServer<br />
}<br />
}<br />
$item.Isread = $true<br />
$item.Update([Microsoft.Exchange.WebServices.Data.ConflictResolutionMode]::AlwaysOverwrite)<br />
}<br />
}</blockquote>
<div style="text-align: center;">
<a href="https://drive.google.com/open?id=0B74TsOd-73NLbERwWjN4VXRLQ3c">Download</a></div>
<div style="text-align: center;">
<br /></div>
The script works by doing the following,<br />
- An email is sent from the account that cannot login to a specific account such as above PassReset@email.com, this is important that the email was sent FROM the account that has the associated email address you want to reset<br />
- AD lookup is done filtering by the email address that it was received from.<br />
- email sent back from a different address such as donotreply@email.com to prevent a mail loop from automatic replies with the username and password reset<br />
<br />
This works off the concept that the email address that is sending the email is secure and as such is the authoritative source to find the account and provide details for. <br />
<br />
I then used the following<br />
<a href="https://unopasscore.codeplex.com/">link</a><br />
to allow the user to change there password once they have logged in and that's it! we are all done.<br />
<br />
EDIT:<br />
I was also suggested this one which looks like it would work, over kill but would work.<br />
<a href="https://github.com/jrivard/pwm">https://github.com/jrivard/pwm</a><br />
<br />
EDIT2:<br />
I updated the script with a couple more variables to make it easier to configure<br />
forgot to update the download the link<br />
<br />
EDIT3: moved the function to the top<br />
<br />
EDIT4: updated with a prereq</div>
halcoberryhttp://www.blogger.com/profile/15243465759264938277noreply@blogger.com16tag:blogger.com,1999:blog-8795498742679938772.post-38468723715217104082012-07-05T18:51:00.002-07:002012-07-06T04:14:26.055-07:00How to deploy Adobe CS6 Master Collection<div>This is actually surprisingly easy to do. I mean I have come from deploying CS4 to CS6 and I skipped all the editions between so I don't know if it got better at any point between these two but it is certainly better for CS6. Adobe is now offering the CS6 for digital download as well as the physical copies which are received. In the download section you will also have access to this awesome little app called "Application Manager Enterprise" :)<br />
<br />
first thing to do is install the Application Manager Enterprise through the <a href="https://licensing.adobe.com/" target="_blank">Adobe Licensing Website </a>linky: <a href="https://licensing.adobe.com/">https://licensing.adobe.com</a> and of course you will need to have a valid adobe CS license to do<br />
this.<br />
<br />
<b>*EDIT*</b><br />
A new version of AAMEE is now available and can be downloaded directly without logging in now<b> </b> <br />
from there blog <a href="http://blogs.adobe.com/oobe/2012/05/aamee-3-0-for-cs6-available-now-removes-puffer-fishes.html" target="_blank">here</a> and a directly link to download AAMEE is <a href="http://download.macromedia.com/pub/developer/creativesuite/AAMEE/win/ApplicationManagerEnterprise_3_0_all.exe" target="_blank">here</a> . That blog also contains doco with a lot of in-depth deployment tips if you want to have a look.<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-i_53KQ56Fug/T_VJYfCHxdI/AAAAAAAAGjE/v9GZ-_AbZU0/s1600/1.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="http://2.bp.blogspot.com/-i_53KQ56Fug/T_VJYfCHxdI/AAAAAAAAGjE/v9GZ-_AbZU0/s1600/1.jpg" /></a></div>
Install AME and then you will get this awesome shortcut in your start menu under adobe, yes i know it doesn't make a desktop shortcut unless they have updated it since I installed it :p<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-0R6A9U1cVZA/T_VKL30SU-I/AAAAAAAAGjM/U7cgcOABtTM/s1600/2.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="228" src="http://4.bp.blogspot.com/-0R6A9U1cVZA/T_VKL30SU-I/AAAAAAAAGjM/U7cgcOABtTM/s320/2.jpg" width="320" /></a></div>
gee... i think we might select the "Create Install Package" :P<br />
Obviously we can also create update packages and also alter existing package settings<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/--9reAxPq5vk/T_Y4WXo3ATI/AAAAAAAAGjY/-8Jutkre5qU/s1600/3.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="228" src="http://1.bp.blogspot.com/--9reAxPq5vk/T_Y4WXo3ATI/AAAAAAAAGjY/-8Jutkre5qU/s320/3.jpg" width="320" /></a></div>
<a href="http://2.bp.blogspot.com/-CJqo-KZ4iLE/T_Y8pt1ewhI/AAAAAAAAGjk/qS9oiPGGxxA/s1600/4.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="228" src="http://2.bp.blogspot.com/-CJqo-KZ4iLE/T_Y8pt1ewhI/AAAAAAAAGjk/qS9oiPGGxxA/s320/4.jpg" width="320" /></a>Also pretty self explanatory, put the paths and package name you would like for the Adobe install<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
You can enter the serial number, or continue to build the package without a SN and have to enter it later<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-wcgBomNOdkw/T_Y9NoU-PxI/AAAAAAAAGjs/u9k_mquliJo/s1600/5.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="228" src="http://4.bp.blogspot.com/-wcgBomNOdkw/T_Y9NoU-PxI/AAAAAAAAGjs/u9k_mquliJo/s320/5.jpg" width="320" /></a></div>
now I feel silly because this really is so easy, select what you do or do not want to install and click next :p<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-LGaOyelj-3U/T_Y-lXpsKcI/AAAAAAAAGj0/fRvfR4aPn4g/s1600/6.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="228" src="http://2.bp.blogspot.com/-LGaOyelj-3U/T_Y-lXpsKcI/AAAAAAAAGj0/fRvfR4aPn4g/s320/6.jpg" width="320" /></a></div>
This is where you get to select some options about the install like removing the EULA prompt and ect<br />
The "Ignore conflicts and continue with installation" is especially handy if your computers already have the adobe reader installed when you want to install the CS6 pack. This will actually force the installer to simply upgrade the adobe reader to what ever it requires to run the rest of the pack contrary to simply ignoring the conflicts, it fixes them :)<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-6qknyg7t41g/T_Y_QRchtvI/AAAAAAAAGj8/F6heE-CrCjw/s1600/7.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="228" src="http://4.bp.blogspot.com/-6qknyg7t41g/T_Y_QRchtvI/AAAAAAAAGj8/F6heE-CrCjw/s320/7.jpg" width="320" /></a></div>
<br />
This i am particularly impressed with. It will roll any updates that are avalaibel for CS6 install you install pack meaning its still only a single install to deploy.<br />
<br />
Pretty nifty i reakon<br />
Select the build button once you have selected the updates to roll in to the install. <br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-V905jD6zoNY/T_Y_qfGrkgI/AAAAAAAAGkE/K91LsCsHVQM/s1600/8.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="228" src="http://2.bp.blogspot.com/-V905jD6zoNY/T_Y_qfGrkgI/AAAAAAAAGkE/K91LsCsHVQM/s320/8.jpg" width="320" /></a></div>
The pack that is building, can take a while and seems to be hard drive and ram intensive, not so CPU intensive.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-cTfI6uHh0lg/T_ZCLo4sy5I/AAAAAAAAGkM/XFFhy8taNro/s1600/9.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="228" src="http://3.bp.blogspot.com/-cTfI6uHh0lg/T_ZCLo4sy5I/AAAAAAAAGkM/XFFhy8taNro/s320/9.jpg" width="320" /></a></div>
its finished building. yep that's right that's all you need to do to build the CS pack.<br />
Honestly it actually feels like it should be harder.<span id="goog_769748224"></span><span id="goog_769748225"></span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-QxrzKmKM1mI/T_ZDAZRkvpI/AAAAAAAAGkU/p8nQWnXfKVs/s1600/10.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="67" src="http://4.bp.blogspot.com/-QxrzKmKM1mI/T_ZDAZRkvpI/AAAAAAAAGkU/p8nQWnXfKVs/s320/10.jpg" width="320" /></a></div>
now you can browse to where so selected the installer to save to which in my case was<br />
D:\AdobeCS6FullInstall\<br />
There will then be a folder name of the what you called the installer ie D:\AdobeCS6FullInstall\AdobeCS6FullInstall1\<br />
and within this there will be two folders and a file. The folder you want is the "Build" folder which will contain all of the setup files including the MSI file. The "Exceptions" folder contains a whole bundle of dependency installs which may be required by the installer.<br />
<br />
Now that you have the MSI you can choose your favorite deployment system and off you go!<br />
use the command<br />
msiexec /i "AdobeCS6.msi" /qb substitute what ever your msi is named into the command<br />
to install the software silently onto the computer.<br />
<br />
all up that's about it, the package with everything in it is roughly 6.5 to 7 gig so it is a large package to deploy probably not suitable for wireless based deployment.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-cTfI6uHh0lg/T_ZCLo4sy5I/AAAAAAAAGkM/XFFhy8taNro/s1600/9.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><br /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div></div>halcoberryhttp://www.blogger.com/profile/15243465759264938277noreply@blogger.com3tag:blogger.com,1999:blog-8795498742679938772.post-74215277561178712732012-05-07T17:56:00.003-07:002012-05-27T21:08:03.323-07:00How to redirect a specific browser in IIS7Web services is one of those funny things that once it is setup, you really can simply leave it running for eternity and it will just keep on working, besides the regular vulnerability patch, but that will almost never require you to change the config. Even if you do need to add some form of webpage to IIS(<a href="http://www.iis.net/" target="_blank">Internet Information Services</a>) it is very easy to configure and gone are the days of fiddling for endless hours to make something, which should be so easy, actually work properly.<br />
<br />
<i></i><br />
Having said all this, I found that trying to redirect specific browsers to specific pages to be a some what painful experience when it came to IIS7. It wasnt a "hard" process, but the syntax for it can be some what .... Annoying.<br />
<br />
It all started because we have users occasionally ring us up claiming they cannot install printers. We have now been, for a number of years, using the Microsoft IPP webpage solution to allow our users to install printers which works very well but here is the kicker. It only works properly in internet explorer. I don't care what anyone says or what the technet says. It simply works perfectly in IE, nothing else.<br />
So how do I go about trying to force my users who have already been told 1000 times they need to use IE and even with a note at the top of the webpage still ring up asking why it wont work... We force a page up telling them to open Internet Explorer of course :) and thus the saga begins<br />
<br />
<i></i><br />
To get started make sure you have at lease IIS7(no this will <b>NOT</b> work on IIS6, upgrade you slacko) and install the <a href="http://www.iis.net/download/URLRewrite" target="_blank">URL Rewriter</a> module from Microsoft.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-spRU4nCZDnA/T6iH9DUsTlI/AAAAAAAAGS0/OiMPeWxsMiM/s1600/IIS.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="256" src="http://2.bp.blogspot.com/-spRU4nCZDnA/T6iH9DUsTlI/AAAAAAAAGS0/OiMPeWxsMiM/s320/IIS.jpg" width="320" /></a></div>
When you open your IIS Manager you will now get a pretty URL Rewriter icon, yay!!<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/--mxVYJhb_a8/T6iKDemUW2I/AAAAAAAAGS8/W-i6o6qxCCc/s1600/Rule.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="185" src="http://2.bp.blogspot.com/--mxVYJhb_a8/T6iKDemUW2I/AAAAAAAAGS8/W-i6o6qxCCc/s320/Rule.jpg" width="320" /></a></div>
<br />
<br />
Open the URL Rewriter and select "Add Rules" in the top right corner.<br />
<br />
Select Black Rule and press OK<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-z72_L789UoA/T6iKjicnQnI/AAAAAAAAGTE/1i5Cc-7lQYo/s1600/MatchURL.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="156" src="http://3.bp.blogspot.com/-z72_L789UoA/T6iKjicnQnI/AAAAAAAAGTE/1i5Cc-7lQYo/s320/MatchURL.jpg" width="320" /></a></div>
<br />
Match URL<br />
Name: IE Allow<br />
Using: Wildcards<br />
Pattern: *<br />
This means anything that hits this webserver will have this rule apply since the pattern we are searching for is * and wildcards apply, it applies to everything :)<br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-1OD-Xyl4zR4/T6iK3EoyRBI/AAAAAAAAGTM/Z5bUdEAsgpY/s1600/Conditions.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="156" src="http://3.bp.blogspot.com/-1OD-Xyl4zR4/T6iK3EoyRBI/AAAAAAAAGTM/Z5bUdEAsgpY/s320/Conditions.jpg" width="320" /></a></div>
Conditions<br />
Select Add<br />
Condition Input: {HTTP_USER_AGENT}<br />
Pattern: *MSIE*<br />
It
will search the User Agent to see if it contains MSIE in it, since
basically no third party browser ever wants to claim to be IE this works
pretty well.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-dyfaonVA-kY/T6iLMeGbjzI/AAAAAAAAGTU/0yADkm2c9jU/s1600/EditConditions.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="210" src="http://4.bp.blogspot.com/-dyfaonVA-kY/T6iLMeGbjzI/AAAAAAAAGTU/0yADkm2c9jU/s320/EditConditions.jpg" width="320" /></a></div>
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-YYPV39uJQpg/T6iLc-JWjqI/AAAAAAAAGTc/gDorcplw_ww/s1600/Actions.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="154" src="http://1.bp.blogspot.com/-YYPV39uJQpg/T6iLc-JWjqI/AAAAAAAAGTc/gDorcplw_ww/s320/Actions.jpg" width="320" /></a></div>
Action<br />
Action Type: Redirect<br />
Redirect URL: www.google.com<br />
This will redirect the webpage if the conditions are true, ie that Internet Explorer is used which will contain the MSIE in the User Agent. Google is just a place holder, you can forward it to what ever url you want, such as a page telling them to use firefox or chrome instead of IE :)<br />
<br />
This rule will now redirect IE to a different URL but all the other browsers will simply pass through to the webpage since the rule does not apply to them. Since the most common theme is to actually block IE, rather than force it as I have done.(I hope your happy, you know who I am talking to person that complained about the doco I originally typed!) Obviously with this you can basically get any combo of browser to connect or not connect to your website all you will need to do is change the User Agent strings it is searching for. A massive list of User Strings for basically any browser can be found <a href="http://www.useragentstring.com/pages/useragentstring.php" target="_blank">here</a> so now you can make weird and wonderful rules to your hearts content!<br />
<br />
Here is a list of website that helped me along the way in getting this working<br />
There are all posts/blogs that helped me understand the formatting, I actually did it through the XML, then worked out you can do it through the UI easily as well.<br />
<a href="http://www.58bits.com/blog/2009/07/11/how-to-ban-internet-explorer-6-from-your-site-using-the-iis7-url-rewrite-module/">- http://www.58bits.com/blog/2009/07/11/how-to-ban-internet-explorer-6-from-your-site-using-the-iis7-url-rewrite-module/</a><br />
- <a href="http://forums.iis.net/t/1169853.aspx">http://forums.iis.net/t/1169853.aspx</a><br />
- <a href="http://blogs.msdn.com/b/ie/archive/2010/03/23/introducing-ie9-s-user-agent-string.aspx" target="_blank">http://blogs.msdn.com/b/ie/archive/2010/03/23/introducing-ie9-s-user-agent-string.aspx </a><br />
- <a href="http://forums.iis.net/p/1186609/2012883.aspx">http://forums.iis.net/p/1186609/2012883.aspx</a><br />
The Microsoft doco on using URL Rewriter. its actually pretty good and easy to read<br />
- <a href="http://learn.iis.net/page.aspx/734/url-rewrite-module/">http://learn.iis.net/page.aspx/734/url-rewrite-module/</a><br />
<br />
<br />halcoberryhttp://www.blogger.com/profile/15243465759264938277noreply@blogger.com3tag:blogger.com,1999:blog-8795498742679938772.post-47859467165985009322012-04-03T19:58:00.000-07:002012-07-05T22:00:45.140-07:00Tick box HTA in a SCCM Task Sequence?I really like SCCM, <a href="http://technet.microsoft.com/en-us/systemcenter/cm/bb507744" target="_blank">System Center Configuration Manager</a>. I think its pretty awesome and I mean we are still only using the 2007 version since, well we are still following the golden rule of waiting for SP1 to come out and/or for Windows 8 to force us to SCCM 2012 but I guess we will cross that bridge when we come to it.<br />
<br />
The SCCM with all its goodness, can be a pain in the ass. It is incredibly flexible with the use of Task Sequences for deploying an OS and I believe that we have taken this to the most extreme point possible with SCCM. We are imaging our machines with only 2 task sequences for every model of computer in the school but why do we have two? because of one being x32 bit and one being x64. That's the only difference between the two since they both require enough differences that it was just easier to make two task sequences. Not to mention that our x64 Task Sequence is already massive and loads a little slow in the console :).<br />
Anyway onto the actual subject at hand which is that we had a problem during development that we wanted to select custom software options for the task sequence to install but we did not have a static information source that could be gained from the local computer to perform this. ie we want some computers of the same model to have the Adobe CS4 software installed, but not all, and more over we did not want to have a separate task sequence for every possible combination of custom software to be installed. We then thought about moving on to using a custom screen after the task sequence had started that would allow us to select what software we wanted installed. Sounds simple enough until you actually try to do this since SCCM has now native support for this what so ever which I find amazing that a system so flexible can sometimes be so limiting....<br />
So in our great search of the mighty google I stumbled across this post which kinda got me started on the whole saga<br />
<a href="http://technet.microsoft.com/en-us/systemcenter/cm/bb507744">http://technet.microsoft.com/en-us/systemcenter/cm/bb507744</a><br />
<br />
There are some other people that have also done a "similar" thing since we have now implemented(thanks a lot everyone! if you had done this a year earlier it would have made my job a lot easier!)<br />
So off I went and implemented the above post with one exception, that there was no good way to get rid of the Task sequence progress window, or was there?<br />
<br />
So lets get started<br />
<u>PreReqs</u><br />
You will need the following to get this all up and going<br />
-We will need to download the <b><a href="http://www.microsoft.com/download/en/details.aspx?id=5753" target="_blank">Windows AIK(Automated Installation Kit)</a> </b>from <a href="http://www.microsoft.com/download/en/details.aspx?id=5753" target="_blank">here</a><br />
and install it onto the computer. <br />
<u></u> <br />
<u>First we need to add HTA support to the WinPE which is not natively in the WinPE which MDT installs</u><br />
<br />
Now since someone else has done all the hard work for me I will just link to there instructions :P<br />
<a href="http://t3chn1ck.wordpress.com/2010/01/28/hta-support-in-sccm-boot-images/">http://t3chn1ck.wordpress.com/2010/01/28/hta-support-in-sccm-boot-images/</a><br />
<br />
<u>Once you have added the HTA support to the WinPE we can now add the scripts and package.</u><br />
The scripts I have been using are from a collection of sources but the main ideas came from <a href="http://technet.microsoft.com/en-us/systemcenter/cm/bb507744" target="_blank">here</a> and <a href="http://myitforum.com/cs2/blogs/xneilpetersonx/default.aspx" target="_blank">here</a> so credit where its due for these two websites :)<br />
The VBS Script I use is as follows<br />
<blockquote class="tr_bq">
' Hides current Progress UI to bring the HTA to the front<br />
Set ProgressUI = CreateObject("Microsoft.SMS.TsProgressUI")<br />
ProgressUI.CloseProgressDialog<br />
' Create a WshShell object<br />
set sh = CreateObject("Wscript.Shell")<br />
' Call the Run method, and pass your command to it (eg. "mshta.exe MyHTA.hta").<br />
' The last parameter ensures that the VBscript does not proceed / terminate until the mshta process is closed.<br />
call sh.Run("select.hta", 1, True)</blockquote>
My script name is "select.vbs" when I have used it and the HTA page script is as follows<br />
<br />
<blockquote class="tr_bq">
<html><br />
<head><br />
<title>OSD Front End Script</title><br />
<HTA:APPLICATION APPLICATIONNAME="OSD GATHER" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="normal" BORDER="thin"><br />
</head><br />
<br />
<script language="vbscript" type="text/vbscript"><br />
<br />
' Set objects and declare global variables<br />
Set env = CreateObject("Microsoft.SMS.TSEnvironment")<br />
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")</blockquote>
<blockquote class="tr_bq">
Sub Window_onLoad<br />
window.resizeTo 400,550 ' Resize the HTA window on first load<br />
window.moveTo 100, 10 ' Move the window to the center<br />
End Sub<br />
<br />
Sub ButtonFinishClick<br />
' ButtonFinishClick is executed by the "Finish" button.<br />
<br />
' Set value of variable to true/false based on whether the checkbox is selected or not<br />
If FullImage.Checked Then<br />
strFullImage = "true"<br />
else strFullImage = "false"<br />
End If<br />
<br />
If Office2010.Checked Then<br />
strOffice2010 = "true"<br />
else strOffice2010 = "false"<br />
End If<br />
If Office2007.Checked Then<br />
strOffice2007 = "true"<br />
else strOffice2007 = "false"<br />
End If<br />
<br />
If AdobeCS4.Checked Then<br />
strAdobeCS4 = "true"<br />
else strAdobeCS4 = "false"<br />
End If<br />
<br />
<br />
' Set value of variables that will be used by the task sequence, then close the window and allow the task sequence to continue.<br />
env("OSDFullImage") = strFullImage<br />
<br />
env("OSDOffice2010") = strOffice2010<br />
env("OSDOffice2007") = strOffice2007<br />
<br />
env("OSDAdobeCS4") = strAdobeCS4<br />
<br />
window.Close<br />
End Sub<br />
<br />
</script><br />
<br />
<body STYLE="font:14 pt arial; color:white; background-color: #000000"><br />
<span id = "List"></span><br />
<p>Disk Partition<br><br />
<input type="checkbox" name="FullImage"> Full Image - C: 100GB<br><br />
<br><br />
<br><br />
<input type="checkbox" name="Office2010"> Office 2010<br><br />
<input type="checkbox" name="Office2007"> Office 2007<br><br />
<br><br />
<input type="checkbox" name="AdobeCS4"> Adobe CS4<br><br />
<br><br />
<button accesskey=N type=submit id=buttonFinish onclick=ButtonFinishClick >Install</button><br />
</body><br />
</html></blockquote>
The HTA Script is called "select.hta". I know I am so creative with my naming!!<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-iRpDBJFXrfA/T6icEk1fdmI/AAAAAAAAGTo/ACcAMGJ77Ag/s1600/Tickbox.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="400" src="http://3.bp.blogspot.com/-iRpDBJFXrfA/T6icEk1fdmI/AAAAAAAAGTo/ACcAMGJ77Ag/s400/Tickbox.jpg" width="290" /></a></div>
As you can see in the script above I have environmental variables
being set with the tick boxes which you can customize to your own
including adding/removing some of the tick boxes to add more or less
options.<br />
piccy of HTA page<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
Once the enviromental variables are set, they are then accessible by the SCCM Task Sequencer which allows us to make variable dependent Software installs which I will go through how to add a bit later.<br />
both scripts can be downloaded from here<br />
<div style="text-align: center;">
<a href="https://docs.google.com/uc?id=0B74TsOd-73NLUm5tTFRKUDFZc2M&export=download"><b>Download </b></a></div>
<div style="text-align: center;">
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-MiXtV-JEsws/T6icpURAPLI/AAAAAAAAGTw/I45TKuNlxZQ/s1600/Account.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="107" src="http://4.bp.blogspot.com/-MiXtV-JEsws/T6icpURAPLI/AAAAAAAAGTw/I45TKuNlxZQ/s320/Account.jpg" width="320" /></a></div>
<div style="text-align: left;">
</div>
</div>
<div style="text-align: left;">
Once you have both the scripts you can dump them into a package to be added to the Task Sequence. As a side note for some reason I have to add Read Access for Guests to my package for it to run correctly but I have not seen anyone else having to do this and this is the only package I have had to do it for. To add a guests access to the package right click on the Access Accounts and Select Generic Access Account. </div>
<div style="text-align: left;">
</div>
<div style="text-align: left;">
<a href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAkAAAAC/CAIAAACZo/SEAAAgAElEQVR4nO2de3QT173v55y/7j333nXuuXetc9vV9Ky2qzcl9PS2IfHUVR85bdOV5t00p3nHKA5RSEgCpAECJOZhYxnjgHgY8zQmvGzLIU4wIiQ4EB4xNkQOGAJEPG2DX7IsyXrYMmbuHyON9szsmZHtsUayv5/1W4m0Z8/D0m/2h71nNJvhlDl27FggEFCpIDA4OFi4NL/SNvVY+YzjldNPfjBjzeyHtsydVL7kntKc387PyliSl9vb25vIptIOh4VhTDaX0YcBjKWvr6+kpCQYDAYCAZ/P7/H0uN3dHR1dF769ePbs+VOnznz11am6uhOHDh1tbDxVvLa4s7OT47jFVps3RllZ2SuvvOIlWGy1Gf1nAZDSMDpuq729vbR085I5z3+6ybzqrftWvznpjefv3bhhQ3t7u457SQ1cNhMTw+Iw+miA4UBgACQfPQUGwLgFAgMg+UBgAOgABAZA8oHAANABCAyA5AOBAaADEBgAyUd/gVVUuIXQfeMApCYQGADJR2eBVVS4IwO3mpvDJeu/KFn/hbWoXt/tA5CaQGAAJB89BcbbKzJw60hdc8n6L7Ztr99zqGPq9L11dXVqqzkstPvRifvURb+ykpc7LLRb2V02k+z3WQ6LqIR/G9sgfssFRgAEBkDy0UFgLperuHhNoXVBRYW7uTnc3ByeOn3v1Ol79xzq4AXWeX5PUf47q1etpK1sMwnycdlsDqGQUJJGucPCmEwmuavkUqIKTF4OwJCBwABIPjoIrGxLac/F/RzXU1Hhdl3xHqlrnjp974ZNDXxMnb63o2Fl74XKSwdpAqO4g3RaIuUOC2OyWMQGc1gYi0W2aQgMjBYQGADJJyGBHTx4sKCgQGmp1+v9+OOPDuyavavs4Ed7nfbqc/bqc8ddfVV7vi1a/snc2aWOVQ8VL3ymqqqKtrbsSUxD9VdUPw5LfKnLZuJLIDCQJCAwAJKPtsBqa2t/+tOf3n777UoV8hYv2L911qkDaw9W5a3KXbg8d8GmsqM79zrXb95WunzpcXvOmU9XnD24Lv/dGQobiF6FsgjjhFSbKJXH9BM3WLQmBAaSBwQGQPLREBhvr6eeekpFYBzHHT58uGlf7vlDxa4vt9ZWbVi1YNqCN17evLyopWHjpaMbPlg9ZdFLrNPpVNuTcH1rmD2wuOFiJoPAQPKAwABIPmoCE+z19NNPqwuM47hzBwr7Lu++fHT5+dql10+sWznr4emP/Etu9u1zn/n+q/f9w0v3/nNbW5v6FmKGGs41MJuLixrMIXTU5FoSd+Li24PAwEiBwABIPooCI+2lKbD+/v7T+wrcp99vqS9pqV/Xe27n2nl/mfHwP+U8973FL/zQ9sYdOeafXr16lbKmwxYzh8tmUrgxXrgLkV5O6MdhIW49pGiJvODmsAjbgsDASIHAAEg+igIrKCi4nSA/P19lK/39/c6axa31Jd98lt+0L/fyoWXFbz+Sb/nR2rfYNW9N2jyfzX95El1gxK/AlH4GJpILpZzUj8tmErZC1ZL8Z2T4HRjQAQgMgOSjzw+ZQ6FQw+75LcdWNDkWntw9p8mRs3ruoyten7hxXubWBb+pXvb7916/++LFi7rsC4AUBAIDIPnoI7DxPCMzABwEBoARYEZmAHQAAgMg+WA6FQB0AAIDIPlAYADoAAQGQPIxQGA3B2/Vnu5es+9aXtUlhC6xZt+12tPdNwdvJf/bBDykwAKBYCAQ7O3t9fn8bW0dra03mptbr1xpbmr6BgJLGt23/Tj1w+gPKe0xQGA1Jzv3Ot1Wa37V9hVklGzc4u/jEMOIVs/AXqe75mRn8r9NwEMKLBQK/9pkejE7++05c/hYabNVf/ihy3UZAksQw9WSFmH0t2Q8BgissPpyd3CwavsKT/tnYa897LX3e3YOdG2p3Prenk+/cAc5xFCjO8R1BwcLqy8n/9sEPBKBWV56aWtZ2UcxamtrGxoaIDAOZoLndMUAgeVVXfL1cfb3lwdbCvkInJvuP/lYbc26XaVLt63P37Jm8QZbTknRvNUFc7oCHCKR8PVxeVWXkv9tAh4MIfIY3lgjhhFGZ83wMUZg3jBXXrZMMoS4c3PhHf/3NoZhvnfbj7iOshNVD7z96rMdvZx67HqBYV5waFbTNwzZqXp4wxCYkYyrIUTDG1xE0sLoXNPAGIF5QtyOTQWRQO1AsDbS+8mA9+OIxz7N/ADDMP+DYf7XPzIPZfzpQNnLM1/8W5ufU4tG292s5TnWtKhRtZq+YchO/Y7nGLU9ekIQmJGMySFEw1vPMdnmSjD840rrD9kggQW5bRvyg+4d4fZ1wealgYvzA9+8ZnnqJ/fc9j93z3740wWPzfz1z97P/e20rEev+ziVOGY13WV18f9Vr6ljGLLT6z7Hc4xpYaNiBU8QAjOSMTCEaHibmILtY4pj+Ndk+FdmjMC6AtyW4lxf67pQa0Hw4tuBs6/0Nj59fPn9DbYnu04svXF08entr3yy+g+WJx9o7uGUw7Uww7TQyTU7bXdl2A6LyqMP7H22UqHEabsr9gjhrZQK8i3ou1OhjuNZxrTQKXnteJYxLcyPPuX4rnxXc4/jWeERxmYH9fC6AhCYkaTjEOI4aeMAN3a/a2ME1tHLbVq5sOvckuDF2f4zFv9XT/TUP7R05r15D/xr82fLrux7u2nF7x3bXnnh8T9d8XCK8ZVtUobtkIe74nHlZJhyvuLLXTkZzKR8F1FTXuJ4monVr7RMynddqbQwkx3xCpK3uu2UeboytpHoARBHEn/teJphogdQaWEYyxbZMcsPr6MXAjMSicAWL1pU/eGHn8eoq6s7deqU4QIbM80W0Jf0TQxjBNbey61b/u71EzODZ7L9Jx47+tnCsibuB7/Le/WR585tem7V1Hvfeuq5t4ubZln3Z71etLVq/yU3J4/P80yT8lzCaybLccnNXWqwTWIsm8ma9BKCLAdfImytBICxwmg0Rkb/TSB5JCF/RmITYwR23ccVF867dmRK0PmI/8t7Zu1q29xwa9UX3PEvQ2dsL1q3fTNn7ednj2Vz4e/MmDP7ib9vO3O979suThyOJxkJlk1d3Lf1tjv5F0IkUtLFfdvFfZZnYhjmyXKupKQkCIAR6JJ7OrY1Iz8YMPbQV2YjsYkxAmv1cquscxrs99ftuu/wtnsX7wnVtw1sqB+YUx7k/O28vT75+In8bW/kf9r++tyl5zo4aeyyMHfb9sdLXHPvZp7YFX1xZ67rnHiRuMTxBCMpicb+XNOduS4IDBjFSHIPugJGMfLcG55NjBFYSw+3cWXOmqVzihZNX/L21MV7QqX1A38vH/hjIbflKFdSdf7y4WIu/B3uwm3fbJp48nLgbDsniXXPM79Y7CJL9i02Mc87zrZzZ9sdf4t1yv62k6OXHLf9Qui5Pe84u1OYF9qyrj3eA+vx+pxXAntPh3c36hD2k4GPmwZ02RRirMYwcm/YTYbhfyxiDEdyTGaMwK55uKYb8XhlU8fMHYEHlwb/Y2HgwcWR/8yNzFn7+YX9T/Xt+68lM+88ff0WWTkJITQizqvBxmv93kB/X19k5OH3BwYHuXC4H4FQiiHl3lCbBsP/OsS4jVEymTECu+LhTt2Ix8SXau+Zd9b0xolfTW24a8qJO15syq+6/tC0lQdLJvIOO/xNN1l/tENoRGqa+nzBSCDU1xsMjzw63Z6BQc4fCCEQSpFg7iXeCiD3ECkVQ8peTZsYILDle66eb7/ZdIP7+rpiFFd//dC0lV9f5wSHqVTWPYRGZHdjONQX8QfCukRHlydyk/P1hhAIpdDMvQTPfOQeImUjGO7f3RhO/MqZik0MENg+Z1f1iW5X56DKb7xsu44/NG0l//pgycSSmXeq/SBM75A0Ir5AWJdo7/L03+S8vSEEQinUc0/9PEfuIdIiBIEFg8GSkpKampq6urrhOcwAgfUPDO450VlYfdnweSCVQtqI9IZ1ifZOT/8A5/WHEAilUMk9NXUh9xDpExKBbdy4saam5sKFC36/f6gOM0BgqQ/ZiAT7It7esC7R1unpG+B6/CEiqs0Mw7xQLS7JzG8Miashxkso5Z7SWT2C3Av1+EM9jYUZwu24bKFTrz+ksTAj4TSufEFyCiQjDNkpgo+AWGA2m62qqurs2bM+n+/mzZuc8pNB5G21YQI7d+qQZDqVc6cOGXUwEkSNSDjS0xvWJW50esIDnMcfIqJ6MpOZwTKTq0Ql+Y0hcTXE2IkJEyaoLFXKPfnJPOLcC3limuHfVr6QXZn8D6SxMIPNnswmN+cN2SlO7VgEQiKBLV++3G63nzlzRhAYT0oLrGr7imBPLRc+IETV9hVGHYwEshEJhCMef1iXuN7hCUW4bl+IiOrJTOaSqsIMtvAkWdIYEldDjJ2YMGHChAkTlJZSc09+JuuRe01LWGZylcGfxklrZoa1if/v2N4pTm0hehMTGJeAwwwVmHhG5pKieZIw6thEjUgo0u0P6xKtHZ5ghHP7QkRUZzGZeY2hcjOTYW0iS9y+kDs+vJNd7guVm5msqhCljrlavE1ESseEGNSl9NyTnMa65F5jYQaTXU49SHHiRfPNms0XxRKVXi3LnMkw2eVkivqa8tjYY0erJPtqymMz8xpD7sbCDLawQVQuWUVWIt27pMJo75R2MsZfyz+x6ixhqHbcn7C9wUQFxskcJllqmMB2bCqQDCFeOzKF6yjj40TVA5Mf/7PqBhzCwzMYhjHZXNFil81EvNMmXt9hia1INiK9oUi3L6xLtLZ7gv2c2xsiojqLycxzqr8Iue3ZGdYmtz2bMVdH37KZGdYmtzfUYI2+QKRLTCCQL6Xnnvx6wMhzz1mYwRY2eENub6jBmskwDKOUeN7qLL7Z9Ybc9myGyS73KlaLZaOwtCmPZRRTNH4MTXlsbGuUVeQlymeHN1ooeqvbTpkse2wj8o9LdPKqfmLjO/wJCyx1e2A7NhdEArUDgQMR/95Iz+5+987+jlL/iUe8R37jOTDRUfSzBAQmiMphYRjG4ki4vkYFIwQmnHKxEidxdZ0/GWInXrk5M8/OvybPQER6hIq93EoCG7HD6AKLNqx8KCcetY0eQjVyL6Ig//nVYM2MtvjyVeglsrODIXwjeavbTuMl5WZeZkoCUy8c15GgwFL6GtjW9UuC7h2hG6sDVxYFzs/48shHO8o/XFNSaluzcWPp9k1lu0pKK1U3IBaSy2bSMNjwBeb2hXWJlnZPoJ/r8oaIiOZ0lzfU5W3KY5kse6wkdrYQlXldVWexhfXepjw2u9xZmMEW1ovqIFI9eHspLVXKPaX7snTKPeItJfHImiOvRtaXkF3upa2SSIk31OUN1VszGYbJstPf6rtTXmD0v1q7cFyHpsDS4C7EzcWLfa3rQtcWBs691tv4zO6PHeFw2OP1dnn8bV2+85fdxVuqVTcgEZJgMKHcZTNFM9TiIMYbLQ6+jsViYhiLI17fYWFMNofNxDBkI+IPRbq8YV2iuc3T28d19oSIqM5iMnOdsbfOwrsZhomWVGcxzN35TWT9+vzMuzMy+cL6/Mwsc7akAiL1Y8KECSpLVXJP5Scyw8q9UH1+JsNk74q+FVJRnnhklg61WlNuhjSNo1GZzWQU1sdLmnIzmKxK6iryEsrZIfxRZLnk7ch3mlUZ6uzhT1X+oxO2EOqszCZOXuonRpzs4zh8ygJLm9+BrV+Z03V+SeDcq/6vnvAd++P72+3h/oGrN3qbLvkavvHaD1wuWFOuugEtgTks4i6ZdMgx9oYUWLSUbER8wUinN6xLXGvz+Pu4jp4QEdXPM5m5znjJ8fxMRiiJ+iw6SBIrIZeK1kWMgVDPPZXTu/u2Hw8x90IdPaGOymwhxe7Ob4oWShOPzFLidYLVeqqfj9V6vjK+611mYo89oQ4++fk8p6wiK5HsPf6HZO8S/V3Zu3pGY6fEqSfsy5wd+6vpH8UuM3Euj+PwBigCU89tJQ0YJrDionnXT8zsO/14sO53gUMT15fuami68snhUx/VnqyoOVpWVbtoxXbVDcgFJr4Xw2UzkTd3SAUmf00fQvQFIx09YV3i6g2PL8y1e0IIhFJo5p76ec4Hcg+RykEKLJF8VtGAYQJbWTC7wX7/lQ9+frHy3y/svH196U6O4yI3uYGbnM/dcvHrT1yHlp7cPdu24r2LFy/SNqB0DUxUzg8jiocWlV5DYAjjI8HcS+S0J2WG3EOkTiSevZoeMUxgRblvWt99bdGcl+fPfGHWtOdWri1zfnOlcm/dR9uWHtr+2uUjtosHck99+NaJqpmflE5b9M4s2QakQ4Kx8ULpzRqxrlkiAou+IhsRbyDS3hPWJa7c8HjDXJsnhEAoReK5l3grIIThfx1i3MYw0jURj6TKsxBXr9vW3tXd1uU/sOWl+g/erlj21805f9q25P6Vb2bmvnj7vKe/I1uD/B0YaSziGhhx20Z8hdhNHNQemMViYsQ3cXgDkTZPWJe4fN3TE+JudIcQCKUYRu4No2ngw/A/FjGGY9hpOSRxpIrAbCXve3z+c83hs/vz/Bcquk5vPlqRs2TKjwqm3rHm73ctyvq3ZB4MOalgpy/S3gOBIZIUw869YbcX8BlClxh5BlKfxKFOqghs2eotnZ7eRlfguP2t6w3FVw4XfVo6fe7T3187666N8365cvrEZB4MOa37iav9Hd7+nkBk5NHhCQT6OU9vPwKhFLrk3sibEj4M/zQQKRt65Zjmo6TUSRWBFazY4jzbvPvzq/YN79SWvnSiauae4imLJv9w8/y7i2f90pqfm8yDERqRHq/v5OVgzenw7kYdwn4y8HHTgC6bQozV0Df39GplyDD8I0IkOUYjizw93gSfhahOqghs3js5M+cuffHv72W/Omv6tBfXvfOnrbmP5Ez+ycJ359fX1yf5YIRGxKcrzS0tHMd5AVBm9HJvNJohSRj94YHhk/z0GFMCSykgMGAUScu9JDRYMFzqkIJfNwQ2WkBgwCgMzD1D2jh4boQY/mUN+1uDwEYLCAwYRUrlnuFt4jjxn+GfmCEfMgQ2WqRUIwLGFamfe4Y3nYgkhy5pIyftBVZRUSGZ07KiosLA4xFI/UYEjFXSOvcMb2oRw47Rzg05aS+wqu0rgj21XPiAEFXbVyS8ttKTOHQg2Y2I08oKfwprdUZL+FdDwm6OfybDWd/rtZuj6wkvhr0FMBySlnt2M2O2k++Ib41fNoQkTPRLN7yZHreRcAImjzEhsJZCPgLnpvtPPlZSNE8SymvHHwflspn0VVhSBSZuJuxmolUZMiOXBwRmMMnLPdJgTitL/IvHaWWH+BXq/KUb3tynUSTh6xgl0l5gOzYVSIYQrx2ZwnWU8XGi6oHJj/9ZeW2lh/PqQBIF5rSyzEiUJQYCS3uSl3uEppxW1my1stFEHLq/9P/SJRsc2vYNl8qIDaTvp5eipL/ANhdEArUDgQMR/95Iz+5+987+jlL/iUe8R37jOTDRUfSzoQuMnGqZnJOZmNsyVmiy2ahrOSxMUhsRur/4FBQvFtIyPuQoWZeWuPLKyiWs1SoSmF0odwo7kO1ZsjlSgbIDBFok9x9PQj6xVqfQIyNfEMlgNUuHpilpIxoPl2xOlJ9O3pdKqawkMFl9aYHdzLBmMyvLvNgfK7VzAqeHtEDyXvFs1GmntE9P7ashriOk9tmX9gLbun5J0L0jdGN14MqiwPkZ/lNZvvoHvIczez79Sfee71QX/PzZv9yrvDZ1CFEy1XLMW/Ea8UJiwktyLY5LZg9M/K9gon2IJaj47Bcbwuu1m8W+El0DU6hMLSFPTUI/ihfkRA2K7Bhk6gUJk8zh63hGRfNAknK0f4vEk0UxbYgmWLxBu5llRc6UXIgTHxpNYNL69GSm9D7iJxopE3n2KuUzsQvJMSj+CSPcqexjVBQY9atBD2z02Vy82Ne6LnRtYeDca72Nz/iO3+f9IqNn/4+79/xr1wf/zZ73/5588PfKa5M3cQj9K6JbFp/iMrrA4iDmbRZVFo9AOizG9cDkI3jk2S/5N6j8H1myxJVXppaQ1+BoQ4iiNo0h/rVH8ZTdzLDssG5BAd4k34XIf6+xb5dPBCIdqMkQe01NG9mQQbSXJQjSzr8muib0u40UBCapTzkX6G23VCBx8Yqzl15COYMkx0DN9pHtVPYxqvTA1ApTl7QX2PqVOV3nlwTOver/6gnfsT/2HLzTs++H7ur/3Vn1Xzoq/nHnwl/8559/q7w29brXiAXmspmYJApMcagkXi5tVtT6NlSBJXC2aAgsto7oLFQRGMOy6H8Nk2TfQMRa7eTFL7OVyAadBCYMUUbVZbaLh9R4R6gkpWSz8foK/36Std2ikYn4v/uG7hJRMXHMtD9Bt51CYCoYKbDionnXT8zsO/14sO53gUMTe/d/17/nv/t3/2OPnekuZ7bl/OIvfzIpr60lMOkQIv9SaQiRGHc02ZLZiDit5Hg9LQWdVpY1m1myjlJ6yhNXXpleQh0LkiqTMnCoOOSSHudQ6pHcn3DwDS/ZAjIa2SgevNIaQiRuCyEGD81mydA35b4RMk2JjUrqU5NZlnfSMuHIEh3N0+xgUf6EEe9U9jESH2j8oCAw41hZMLvBfv+VD35+sfLfL+y8/ezWH53a/IOvNvxb3dofHFn9w83v3PXIHzKV19YUGHkTh2iEMFZkow0humymJN7EwUP8W002euOVOi5WkNAQIrWyvCR2AJKbOMxmVrwT4Tqd2cxKWj2hmvh6exqcR6lFknNP0naKVaEuMGrakNkl6UKRFaRboN1vQKSpUq555clMOQXkRRIViLcoK5HsQp7viZ2Kw92p5OvhK5nVv5poxdQeBUl7gRXlvml997VFc16eP/OFWdOemzHlyVcm/3XKMw9PfvzPzz76x0f/8KuH/oMdxd2LxxhJ0vppCCCtQe6BcULaC8xYpLceEqARAUaB3APjBAhsGBA/DVPofnEQGDAO5B4YJ0BgowUaEWAUyD0wToDARgs0IsAokHtgnACBjRZoRIBRIPfAOCHtBfbB59+ohIEHhkYEGAVyD4wT0lxgrW927mJyV+3i33mDN3uCAxzH+QJ93uDN5Vs/u+vBaUYdGhoRYBRC7gEwHkhXge3L/+76yiP867bu0K9er7vb8lmXp5fjuG7fAAQGxicQGBhXpKvAOI5bX3lkcPAWx3GRgcEl759dUnaqr3+A47iOnkgCAhv2jMzak4dBYMAoSgAYZ6SnwIghxBudoa9dXa1dfn7JdXd/YgIb3ozMEBhIA/gMXLFixdy5c+fOnbto0aKCgoKioqLlAIwtNm7cWFNTc+HCBb/fPzg4mGhDznHcKAns2LFjgUBAvc6+/O9aN9T0RW5xHPfhF1d+/vz+R9860NHdy3HctY6+IQlsiDMyGyywqwAkAJ+Bq1atysnJWbJkydq1a7dt21ZRUWEHYGxRU1NTV1fX0tISDAZTQmA7d+4sLy93u93q1awbaoJ9gxzHnTjf/stnDt+Tva+ly8Nx3KUbwxdYfGBRPgdztIycRSVeRNYYVYEBkAh8Bq5ZsyY/P3/dunU1NTX19fWnT58+A8DY4sKFCy0tLT6fLxKJ3Lp1a0inyWgJrLOzc+PGja2trYqViCHEry92/ubZA0vL29fu9a/Z4yu0e9/Z2vXq6hsv5DY+ltP44NzGp1+zydZXH0IUlsoX8ouoj/KNroUhRGA4fAauXbt22bJl27dvr6+vb21t9Xg8+uYkAIbj9/tDoVAkEhkcHEwVgXEc53a7bTbbt99+S62zL/+7M/PKenoHOI775lr3r/+6f5m9a01NYOkHvvnbeqaVdD9T2PnQgvY/zr3xh7k3Hnt5pWwD1BmZyWKTzUV95LzDwphMEquJ14LAgOEIAnvvvfcqKytPnz7t8Xj6+/tvAjC2GBwc5NU1VHtxoyowjuPa2toWLVrk8Xio1Wbmlbm9EY7jvjzT+X8mVe5ynOTLb93iIgODwfCgxz/Q1h35qqkl4/4XZWvTLmXFdRWbepkuMMZkIopla0FgwHB0uckYgLHNKAqsu7tbpQdGDiHu2Hf+jkd3lH14lF8yMHgr1DfoC9zs7Im0dPbXfd2cqMAoA4dKQ4ji62biuhAYMBwIDABNRktgXV1d6tfA9uV/d8rba1u7+q+29V28Hr7QHFq741OO424O3uqLDPaGbrq9A9e7+i/f6Dv61bVEBSbcr2GyWEzkLR7UmzhcNhM/ZChdCwIDhgOBAaCJkXchTnl77fKtnwmx+v19t27digzcig4eevqvtvWdbw4drL9CE9goAoEBw4HAANDEsN+B8dz14DQhVr+/b+AmF+ob9AYGOnsizR39rtZw05Xgp19ehsDAeAMCA0CTFJpOZfX7+1pa2y5fvXHedf3UudaGU81Hv7p2oO6K4wgEBsYdEBgAmqSWwDLuf1EpknkkSROY3cywVqfovdnudVpZcTEYh0BgAGiSQgJLHZLXA+ONRX8HxiYTJkxIpBoEBoAmEBiF5AnMaWXjzoK/xgUTJkxIxGEQGACaQGAUkngNjDBY3F/EyKLTykZ/AmC2ixQnrgPxpQ8TYqhXg8AA0ER/gVVUuIXQfePJIZk3cTitLC8impwIS9nNrNUZr2Q3s2x0RWELIC2YQKBSDQIDQBOdBVZR4Y4M3GpuDpes/6Jk/RfWonp9t58cknoXYtQ/pIZi3op3v2J9sFgtu5m12uUrgjQAPTAA9EJPgfH2igzcOlLXXLL+i23b6/cc6pg6fW9dXZ3SKg6L5EG8xMM1+GVqs1WSz/OVz8sseVTHEOYMS+5t9E4rK9iIhxSYZHCQ1xXfHXNaWbMd/ko3cA0MAL3QQWAul6u4eE2hdUFFhbu5OdzcHJ46fe/U6Xv3HOrgBdZ5fk9R/jurV8mfKC82mPBop9i7kU2znC4Ci3a0CA2RQ4jSG+qdVpYcPDSbzfBXeoG7EAHQCzWBJfhAjbItpT0X93NcT0WF20PhTugAAAvDSURBVHXFe6Sueer0vRs2NfAxdfrejoaVvRcqLx2kCYzQlMtmsthspqjPRuyv9BGY7Idf1Js4mGhnjKyMX4yNXSAwADRRE1iCjzT0er0ff/zRgV2zd5Ud/Giv0159zl597rirr2rPt0XLP5k7u9Sx6qHihc9UVVXR1hZExb8QemTkC2ECZZPNZqENF1LlpCQw+nbIJ/7iSRzAcCAwADTREJj2xMocl7d4wf6ts04dWHuwKm9V7sLluQs2lR3dude5fvO20uVLj9tzzny64uzBdfnvzqCuHjOVw2KyuYj/xYYWSfEwcakpXztTKE1gO7FqEBgwHAgMAE00BMZpTazMc/jw4aZ9uecPFbu+3FpbtWHVgmkL3nh58/KiloaNl45u+GD1lEUvsU6nk74y76qYsfiOGDGAKO45xftLcTkpDA6q9sDk2yEmZYbAgOFAYABooi0wTmtiZZ5zBwr7Lu++fHT5+dql10+sWznr4emP/Etu9u1zn/n+q/f9w0v3/nNbWxt9TZfNZLI5yItfFpvNJHeMksCULm6Jr6LFp12mrSuelBkCA4YDgQGgibbANCZW5jiO4/r7+0/vK3Cffr+lvqSlfl3vuZ1r5/1lxsP/lPPc9xa/8EPbG3fkmH969epVhbX5+SQlV6OEkT0NgancZu+wMKL+lXRMkngtnpQZAgOGA4EBoImGwDQnVubp7+931ixurS/55rP8pn25lw8tK377kXzLj9a+xa55a9Lm+Wz+y5OUBSaVkPjKlLrA1H4mFp+gWXTXh+J2hEmZITBgOBAYAJrocBcix3GhUKhh9/yWYyuaHAtP7p7T5MhZPffRFa9P3Dgvc+uC31Qv+/17r9998eJF/Q57dIHAgOFAYABoosPvwDiOGxwcLFyaX2mbeqx8xvHK6Sc/mLFm9kNb5k4qX3JPac5v52dlLMnL7e3t1emYRx0IDBgOBAaAJno+Sqq9vb20dPOSOc9/usm86q37Vr856Y3n7924YUN7e7uOe0kCEBgwHAgMAE0wnQoFCAwYDgQGgCYQGAUIDBgOBAaAJhAYBQgMGA4EBoAmEBgFCAwYDgQGgCaYkZlCEgVmNwuPmY+XDP8B88S0zrJN8cuG8AD7ER1JfBuMbEqYkSI/MD0ONcWAwADQBDMyU0iuwFiWVbbOUCEN5rSyhDuGPvPlyK1gNzPSGTn1AAIDAHBcms/ILNnSEOYPkyE8icPmSrrA6NMxDw9CU04ra7Za2ahAhjFzsy4CGw2vQGAAAI4bOzMyj1Rgoi0kW2BOsgGmzmZptos6V+I6oj6OICr+hbAS+UKY7pm1Ws38DuLNf2ynrNVKnVdTsjnlg7GbY6uwVidfzWxmoxuQbTDu8lihUEWmJlWBiT805f2OQs9QVyAwADQZIzMyp7vAVF94vXZz1HKxNpllRZqSbNFsF9aJ/y/WYpPbJxp52StiAJIYCRQuoSV0MKRp7GaGlLRsg/zxyF7ShiHjaiRQ+NCk+5UsTV0gMAA0SbMZmS0WEyPMGybMoCyqJl8keS9dHCO+IyMEJighVkL0UeJdEsFJ0VFH2sAgv52YYPgaRD2aIMmdygcznVbyIl10wwkdDG0XXoUNKlVOaMBQ+UOjd87SoA8GgQGgSZrNyCyb5ZJcQfbQen6R+Dqb9K1ogaECi7brdG3EKrBWJ993cFpZs516YctpZVmrnbz4ZbYS9XQSWEIHY4jA5N01+n5THAgMAE3Sc0ZmYpqUWE+KnJpSvEh8aU36VnQcxgpM6CLEx9Ek7bTTypLjdWYzdRyM34po7I7obqgKLKEhROK2EI2DUXGSfIN6CIzyoSkNY6Y6EBgAmqTnjMzxCZQF5HMrS3dCjhlK3kp2ZJjAJLe+k0NecauQS+mtsWSJ+CqSusDiF5gUbuKQ6Fb9YJQ9RNmgLgKTf2hK+8UQIgBpT/rOyCzpRVFHGqW7Ictld4kYIjAA6EBgAGiSpjMyi4cKySFE+SJeiIIUJW8lmzPZXBAYSAEgMAA0wYzMFCAwYDgQGACaYEZmChAYMBwIDABNMCMzBQgMGA4EBoAmmE6FAgQGDAcCA0ATCIwCBAYMBwIDQBMIjAIEBgwHAgNAEwiMAgQGDAcCA0ATCIwCBAYMBwIDQBMIjAIEBgwHAgNAE4nA5LNqDWWeLf4hF/yzeEc6O5eRjKrArgKQABAYAJqMUGDS5xPSJypJN0ZVYAAkAgQGgCb6CiyNe10kGEIEhgOBAaDJUARGPCRX8lhcxmIRXhPTSxIjiWllNwgMGA4EBoAmcoHJiU9TEp+yiz7FCXUSL2K2yjQBAgOGA4EBoEnCPTDxRJExI2kKLOrEdNIXBAZSAAgMAE0gMAoQGDAcCAwATRK/BiYZQuRfYggRAgOjAgQGgCbDu4kjXid60UwyJ7LsJo70+mEYBAYMBwIDQBM8iYMCBAYMBwIDQBMIjEISBWY3E7d7mu3K7RlfkbU6h9YM2s1DXwekAhAYAJpAYBSSK7CYYOxmZYWpLVMFAktXIDAANIHAKBgjMDXZDNtDEFi6AoEBoAkERsGwHpjgGqeVjQ8rxocZWauTr2c2s9Eumaim/L3dzLBWe7QMKksjIDAANIHAKBhzDSw+RCiymiAtoqNGkx5f024WDzXazYK4hj0MCYwAAgNAEwiMggE9MKeVFewS70QJYlMYaZTXdFpZUU8rwSFKkHJAYABoAoFRMGQI0Wll46+kXSUVgVE6VbzX4kOIEFgaAoEBoAkERsHomzjIQUKVatSaUWI6hMDSFQgMAE1oT6OXPfXJZTMx8ScijvITNYRpndUqETO7DONwtGaONkhgXqeVjb4jxwZVhhDlNePX1PieGQSWrkBgAGhCeZSUySR/mtTwRDEMyGmdFeYQc9lMpGRdNtvQHrOoPXM0nsQBDAcCA0ATisAsFrHBHBbGYknWfJSaUzyLn4o/0l3QgcCA4UBgAGhCfZgv+fB4l83El8hnsIyP4wlTq1gssd6RdPpmeX21KZ5NNhsx3TPhKxV/UfbosBBbik0VzYjfSh9VbLLZIDBgOBAYAJrQn0YfNxjvL04uMPnlI4clPs5Im75ZOqfKkKZ4jhE9HjlKW2PiE7+oTQETX+yymSAwYDgQGACaKEynEvOEbOJK+vyWonU5hdkv47eCKNdJRGDUHtgQtkYrFHnRAYEBw4HAANBEaT4wl81ksjmEZl0PgQlLGMFnQxeYksEgMDC2gMAA0ER5QkuHhRENCSYyhEiKQT59cxSid5f4FM/i/VDuQkx8axhCBGkABAaAJiozMrtsJkETSq2/9CaOuG/k0zdLqlPriDdCTPcshrhfg3ZPCXVr6gKLHx5u4gCpAAQGgCZ4EocMFwQGjAcCA0ATCEyKw8JAYMBwIDAANIHAeMhBSQsEBgwHAgNAEwiMwqgK7CoACQCBAaAJBEZhVAUGQCJAYABoAoFRwBAiMBwIDABNIDAKEBgwHAgMAE0gMAoQGDAcCAwATSAwChAYMBwIDABNxuWMzFpAYMBwIDAANBmHMzJrA4EBw4HAANBkHM7IrA0EBgwHAgNAk7E/I3PskBwWxmRzCNMuu1TWgsCA4UBgAGgy9mdkpkwPI64gXyuJArObGdbqVC9JZBEYa0BgAGgyDmdklhwSZS0IDBgOBAaAJuNwRmaiNgQGUhUIDABNxtWMzLE3ogqUtVJFYE4rG708Z7aLFtnNDGu1R5fCaWMSCAwATcbXjMwWi0l6XwhtreQKTA5hKWe0Fmt1igUWq+W0slDYWAQCA0CT8fMkDoX+HI2U6IHFu19CH0zcA3PGV+A7aGAsAYEBoAkERiFlBCYRE1VglHpgDACBAaAJBEYhJQTmtZul17doi+CvMQoEBoAm40dgQyA1BCYeRZQNIZrNLHmDBxhjQGAAaAKBUUj5J3HgfvqxDwQGgCYQGAUIDBgOBAaAJhAYBQgMGA4EBoAmEBiFlBcYGPtAYABoAoFRgMCA4UBgAGiCGZkpQGDAcCAwADTBjMwUIDBgOBAYAJpgRmYKgsAAMBYIDAAV/j/lOdiFsFuO1AAAAABJRU5ErkJggg==" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><br /></a></div>
<div style="text-align: left;">
<br />
<br /></div>
<div style="text-align: left;">
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-2mod6RfjoXY/T6idBBgKAgI/AAAAAAAAGT4/qXhdp8BkfQo/s1600/GenAccount.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="157" src="http://3.bp.blogspot.com/-2mod6RfjoXY/T6idBBgKAgI/AAAAAAAAGT4/qXhdp8BkfQo/s320/GenAccount.jpg" width="320" /></a></div>
Click Set, select Guests and OK. Make sure that the Permissions is set to "Read" then select OK</div>
<div style="text-align: left;">
</div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
All this means is the Distribution Point(DP) share can be accessed by anyone, not that there is anything particularly interesting to look at in the scripts but it is something to be aware of because if you have anything with sensitive data that you where planning to include in this bundle, you may want to make another one that doesn't have Guests Access :) I suspect that the problem "may" have to do with the way a VBS script tries to open the HTA page which doesn't really make sense but the important thing is that this fixes it!</div>
<br />
<div style="text-align: left;">
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-vn1WisM3yYE/T6ie3z2deCI/AAAAAAAAGUA/XcKDjA4ae8k/s1600/Deploy.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="290" src="http://2.bp.blogspot.com/-vn1WisM3yYE/T6ie3z2deCI/AAAAAAAAGUA/XcKDjA4ae8k/s320/Deploy.jpg" width="320" /></a></div>
<div style="text-align: left;">
The package name I have used is SCCM UI(yeh i know another creative name:P) and now </div>
<div style="text-align: left;">
<u>Its time to add the Package to the Task Sequence</u></div>
<div style="text-align: left;">
Add
a "Run Command Line" step to the TS and enter the "cscript select.vbs"
or what ever your vbs script is called and select the Package that
currently contains the scripts</div>
</div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<h3>
<b>*Edit</b>*</h3>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-2sl1P1mQhCA/T_VDsodgw-I/AAAAAAAAGi4/JQOJS54PNIg/s1600/sucode.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="292" src="http://3.bp.blogspot.com/-2sl1P1mQhCA/T_VDsodgw-I/AAAAAAAAGi4/JQOJS54PNIg/s320/sucode.jpg" width="320" /></a></div>
I have had a couple of people have problems with the Task Sequence not continuing when you click finish because the TS is not correctly detecting that the VBS has actually finished and closed. I didn't get this problem, but I have seen it with other software installs. If this happens to you change the following under "Option", "Success codes:"<br />
<br />
<br />
And Viola! next time you start the TS you will be prompted on which Tick Boxes you would like!</div>
<div style="text-align: left;">
<br />
<br />
<br />
<br />
<br />
<br /></div>
<div style="text-align: left;">
</div>
<div style="text-align: left;">
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-7rKk_mz_2ao/T6ifNupzFpI/AAAAAAAAGUI/9FeKjNsrrm0/s1600/Depent.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="320" src="http://3.bp.blogspot.com/-7rKk_mz_2ao/T6ifNupzFpI/AAAAAAAAGUI/9FeKjNsrrm0/s320/Depent.jpg" width="305" /></a></div>
<br />
<div style="text-align: left;">
but how do we make the Software installs variable dependent? Its actually surprisingly easy</div>
<div style="text-align: left;">
Select
a package or Group you would like the variable dependence to be on and
select Options, Add Condition then Task Sequence Variable</div>
</div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br /></div>
<div style="text-align: left;">
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-WdAssMD9brM/T6ifiGY1gUI/AAAAAAAAGUQ/CipIRl6TxkM/s1600/VarName.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="252" src="http://3.bp.blogspot.com/-WdAssMD9brM/T6ifiGY1gUI/AAAAAAAAGUQ/CipIRl6TxkM/s320/VarName.jpg" width="320" /></a></div>
</div>
<div style="text-align: left;">
Type the name of the Variable, set the Condition to equals and the Value as True</div>
<div style="text-align: left;">
<br />
This will cause the group/software to only run if that task sequence "condition" is met, which is this case is that OSDOffice2010 is set to true and since all Env variables will return a null or false value unless otherwise set the Variable will only be set during the HTA page.</div>
<div style="text-align: left;">
<br />
<br />
<br />
<br />
<br /></div>
<div style="text-align: left;">
Since we have our package to download locally from the DP I have then run into the problem of the package generating an error when it tries to run sometimes. This turned out to be that if the Hard Drive did not have a usable NTFS partition, the software would not be able to download and then be run locally. To fix this problem a format and partition setup step must be added <b>before</b> the HTA page that runs to check for a partition and if it does not exist, to create one on the drive.</div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-1ace6BsWkQo/T6if5n-CdbI/AAAAAAAAGUY/HRY7cuYQAwc/s1600/Part.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="218" src="http://2.bp.blogspot.com/-1ace6BsWkQo/T6if5n-CdbI/AAAAAAAAGUY/HRY7cuYQAwc/s320/Part.jpg" width="320" /></a></div>
<div style="text-align: left;">
To do this add a "Format and Partitions Disk" prior to the HTA Page running</div>
<div style="text-align: left;">
Create the partitions that are used in a clean disk scenario since this will only run if it is a clean disk.</div>
<div style="text-align: left;">
and don't forget to select the "Quick format" tick box under the properties of the partition created</div>
</div>
<div style="text-align: left;">
</div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<br />
<br />
<br /></div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<a href="http://4.bp.blogspot.com/-0_dlJJblbO8/T6igLQJg-fI/AAAAAAAAGUg/MuqvW6bUK20/s1600/WMI.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="142" src="http://4.bp.blogspot.com/-0_dlJJblbO8/T6igLQJg-fI/AAAAAAAAGUg/MuqvW6bUK20/s320/WMI.jpg" width="320" /></a> After that this is where we add the condition to only run if there is not an existing partition.<br />
Go to options add add the "If" Statement specifying if "None" of the conditions are true. This will cause the Partitioning to run if the following query returns a <b>false</b> value which would mean that the partition infact does not exist.</div>
<div style="text-align: left;">
<br />
Select the If statement then add a Query WMI with the following statement </div>
<blockquote class="tr_bq">
<div style="text-align: left;">
SELECT * FROM Win32_DiskPartition WHERE Caption LIKE "%Disk #0, Partition #0%"</div>
</blockquote>
<div style="text-align: left;">
</div>
<div style="text-align: left;">
</div>
<div style="text-align: left;">
this will run a WMI Query which will check to see if a partition on Disk
0, and if it does it will cause the Query to return a True value which
will then cause the disk partitioning to not run. Simple enough :)<br />
<br /></div>
<div style="text-align: left;">
Please note because you are playing with disk partitions, you could potentially wipe disks if you make a mistake so please <i><u><b>PLEASE</b></u></i> test these before going into production</div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
HAVE FUN!!!<br />
<br />
EDIT <br />
I have also been made aware of yet another way of doing the same thing I have done(great, more work wasted, but I will stick with what I have :P). Feel free to have a look<br />
linky: <a href="http://osdappchooser.codeplex.com/" target="_blank">http://osdappchooser.codeplex.com/ </a></div>
<div style="text-align: left;">
</div>
<div style="text-align: left;">
</div>
<div style="text-align: left;">
</div>
<div style="text-align: left;">
</div>
<div style="text-align: left;">
</div>
<div style="text-align: left;">
</div>
<div style="text-align: left;">
</div>
<div style="text-align: left;">
</div>
<div style="text-align: left;">
</div>
<div style="text-align: left;">
</div>
<div style="text-align: left;">
</div>
<div style="text-align: left;">
</div>
<div style="text-align: left;">
</div>
<div style="text-align: left;">
</div>halcoberryhttp://www.blogger.com/profile/15243465759264938277noreply@blogger.com13tag:blogger.com,1999:blog-8795498742679938772.post-86128484790462023712012-02-29T23:03:00.005-08:002012-05-07T21:50:30.387-07:00Installing Windows 8 Consumer Preview on Acer Iconia W500... and its still better than when it had Windows 7So our department a while ago was asked about getting some iPads..DUN! DUN! DAHHH<br />
yep its all fun and games till we asked for an actual real word use for them that a laptop couldn't do. I don't have problem with the iPad as a device per-say but don't really see very many valid business uses for them ontop of the fact that they are a down right pain in the ass to manage both Policy wise and User wise. Yeh don't try and pretend like its easy.... its still easier to manage full fledged computers so don't even bother arguing fanbois.<br />
<br />
Anyway off topic a little, we ended up buying a whole raft of different computers to let them choose from, including the Acer Iconia Tab W501, which was running Windows 7. Honestly? it was horrible. The touch was horrbile, it was unbelievably slow and just a pain to use so when the Windows 8 Dev Preview we jumped on board and installed it on the Iconia straight away.<br />
<br />
BEST THING EVER...<br />
<br />
It was pretty funny the fact that a Dev Preview ie pre-beta Windows 8 OS was nicer on the touch interface than the Windows 7 machine, but who are we to argue. The other big plus was the much faster boot times. Windows 7 took roughly 5 minutes to boot on the Iconia, including logins. The Win 8 Preview took under a minute from startup to login. All in all we where very impressed.<br />
The Consumer Preview has now come out for Windows 8 now and is even nicer to use on the Icionia than the Dev Preview. Its clear that Microsoft has put alot of work into startup times and the touch interface is really very nice.<br />
<br />
It was no mean feat to install the Windows 8 on the Iconia either. What would seem like a simple task was actually a bit of a pain in the umm hmm finger?<br />
<br />
So we start with downloading.<br />
<br />
If you already have the Dev Preview installed you can go <a href="http://windows.microsoft.com/en-US/windows-8/download?ocid=W_MSC_W8P_DevCenter_MetroApps_EN-US" target="_blank">here</a> and download the <a href="http://windows.microsoft.com/en-US/windows-8/download?ocid=W_MSC_W8P_DevCenter_MetroApps_EN-US" target="_blank"><b>Windows 8 Consumer Executable</b></a> file which you simply run on the Dev Preview and Viola! you have now upgraded to the Consumer Edition of Windows 8. Ignore everything below this :P<br />
<br />
A Clean install is a little more fun. First you want to download the <a href="http://windows.microsoft.com/en-US/windows-8/iso" target="_blank"><b>Windows 8 Consumer</b></a> <a href="http://windows.microsoft.com/en-US/windows-8/iso" target="_blank"><b>ISO</b></a> file <a href="http://windows.microsoft.com/en-US/windows-8/iso" target="_blank">here</a> and extract the iso into a folder once it has finished downloading. If you are doing this for the Acer Iconia, x64 runs well on it.<br />
<br />
The Serial Key you will need for the install is <b>DNJXJ-7XBW8-2378T-X22TX-BKG7J</b><br />
<br />
Next we need to make a bootable thumbdrive since out Iconia doesn't have DVD-ROM. The Thumb drive needs to be a minimum of 4GB.<br />
We will need to download the <b><a href="http://www.microsoft.com/download/en/details.aspx?id=5753" target="_blank">Windows AIK(Automated Installation Kit)</a> </b>from <a href="http://www.microsoft.com/download/en/details.aspx?id=5753" target="_blank">here</a><br />
and install it onto the computer. <br />
Use the following commands to format a USB and make it bootable to install Windows 8 from.<br />
All commands are without quotes<br />
- Plug the thumb drive in. Make sure there is nothing on it you want to keep because we are going to need to format it. <br />
- Start the <b>Deployment Tools Command Prompt</b> which is installed with the AIK<br />
- "diskpart"<br />
- "list disk"<br />
This will display a list of disks which are currently connected to your computer, including your thumb drive. Look at the sizes listed to determine which of the drive numbers is the thumb drive<br />
ie <br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-akS7X4XH7Hk/T07zJkDxWZI/AAAAAAAAFr8/_3dKtpGiBQU/s1600/ListDisk.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="161" src="http://2.bp.blogspot.com/-akS7X4XH7Hk/T07zJkDxWZI/AAAAAAAAFr8/_3dKtpGiBQU/s320/ListDisk.jpg" width="320" /></a></div>
In this list we can see that the thumb drive I am using is a 16GB(listed as 14GB) Disk number 2<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
In the following examples I will be using "Disk 2". you will need to substitute the relevant disk number in-place of Disk 2<br />
<br />
- "sel disk 2"<br />
<b>***Warning*** </b><br />
This will format and delete all the contents on the thumbdrive, there is no turning back if you have anything on it you want to keep after this command<br />
- "clean"<br />
ie<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-ezMpBqgX8O0/T071Fge8dOI/AAAAAAAAFsE/TGZs-52yUNk/s1600/Clean.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="161" src="http://4.bp.blogspot.com/-ezMpBqgX8O0/T071Fge8dOI/AAAAAAAAFsE/TGZs-52yUNk/s320/Clean.jpg" width="320" /></a></div>
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
- "create part primary"<br />
- "format fs=ntfs quick label=BOOT"<br />
- "active"<br />
After this a new Thumb Drive should popup on the computer, in my case drive letter "L:"<br />
ie<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-xuIyQmNUucA/T08DstxP-3I/AAAAAAAAFsM/ugwV2YPxyYw/s1600/Drive.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-xuIyQmNUucA/T08DstxP-3I/AAAAAAAAFsM/ugwV2YPxyYw/s1600/Drive.jpg" /></a></div>
<br />
<br />
<br />
<br />
<br />
In the following examples I will be using Drive Letter "L:". You will need to substitute the relevant letter for your computer.<br />
<br />
- "exit"<br />
<br />
- "cd amd64" or "cd x86" based off whether you are using the x64 installer or x86 installer<br />
- "bootsect /nt60 L:"<br />
ie<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-zMSFQxSCnbw/T08bg5InwgI/AAAAAAAAFsY/aup62i67u9s/s1600/bootsect.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="161" src="http://4.bp.blogspot.com/-zMSFQxSCnbw/T08bg5InwgI/AAAAAAAAFsY/aup62i67u9s/s320/bootsect.jpg" width="320" /></a></div>
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
The thumb drive should now be bootable and ready to copy the extracted Windows files from the ISO onto the thumb drive. That's not ISO onto the thumb drive.... Extract the ISO and copy all the contents onto the thumb drive. It should look something like this once is all copied to the thumb drive.<br />
ie<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-8z0MldpSSgQ/T08fKMKp7DI/AAAAAAAAFsg/YD_hFEo_V-4/s1600/folder.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="146" src="http://1.bp.blogspot.com/-8z0MldpSSgQ/T08fKMKp7DI/AAAAAAAAFsg/YD_hFEo_V-4/s320/folder.jpg" width="320" /></a></div>
<br />
Don't forget to remove the thumb drive safely from the computer. Since the thumb drive is now using an NTFS partition we can't have any more of that RIP THAT PUPPY OUT SHEEL BE RIGHT!! because it will break it the partition and make it unbootable.<br />
<br />
<br />
Turn the Iconia off and if you have a Dock, take it off the dock and plug in a USB Keyboard and Thumb Drive. Funny stuff they make a dock that doesn't work properly in the BIOS :) Hold the Windows button on the Iconia and Turn it on while pressing the F2 key. If your like me you will need another person to help you with this.<br />
Change the USB drive to be first boot, save the BIOS and reboot.<br />
<a href="http://support.acer.com/product/default.aspx?modelId=3853" target="_blank">Here</a> is a link to the <a href="http://support.acer.com/product/default.aspx?modelId=3853" target="_blank">Acer Iconia Tab W500 Manual</a> if you want more detailed instructions on getting into the BIOS<br />
<b>*EDIT*</b> I have also had a problem recently with booting off the thumb drive again after Win 8 was installed when I stumbled upon this post<br />
<a href="http://www.mayanksrivastava.com/2012/03/installing-windows-8-consumer-preview.html">http://www.mayanksrivastava.com/2012/03/installing-windows-8-consumer-preview.html</a><br />
which fixed the problem for me <br />
I tip my hat to you <span class="post-author vcard">
<span class="fn">Mayank Srivastava :)</span>
</span><br />
Also Drivers are now available at Acer for Win 8<br />
<a href="http://support.acer.com/us/en/product/default.aspx?tab=1&modelId=3853">http://support.acer.com/us/en/product/default.aspx?tab=1&modelId=3853</a><br />
<br />
You will now be able to run the Windows 8 Consumer Preview from the Thumb Drive. Happy installing!halcoberryhttp://www.blogger.com/profile/15243465759264938277noreply@blogger.com0tag:blogger.com,1999:blog-8795498742679938772.post-83449293031442052792012-02-15T23:59:00.000-08:002012-07-05T22:02:18.359-07:00You can add the logging in user as a local admin? Thats impossabarble!The debate had gone on for a long time as to whether we should allow users to have local admin rights on there computer. Where I currently work it is a requirement to allow users to have local admin rights over there computer but then that raised the interesting question of how do you secure the network and/or devices where you do give them local admin rights?<br />
<br />
Alot of people simply add Domain Users to the Administrators group on the local computer to give there domain users local admin rights. This also unfortunately give the user local admin rights on every other computer in the school also so what can be done about this?<br />
<br />
Besides the obligatory GPO settings to limit the amount of access a user has at a local admin level over another computer across the network, we also came up with the solution of only giving local admin rights to a user which has logged into a computer. ie as they login to a computer at a user level they will be granted local admin rights with a login script. I already here you thinking to yourself "but they are at a user level. They can't give themselves local admin rights!" and you are right, you cant give yourself local admin rights if you are logged in as a normal user, thus the fun-ness of this script :)<br />
<br />
I wrote the script to check to see if it has admin rights, if it doesn't, to re-run the script under different user permissions to allow the local user to be added to the Administrators.<br />
<br />
as always before we start :P<br />
[Rant]Now before we get started on the scripting lets get one thing straight,<br />
<br />
<br />
<div style="text-align: center;">
<i><u><b>I AM NOT A PROGRAMMER!! </b></u></i> </div>
Yes there will be a better way of doing it, could I make it work? no so
if you can make it work feel free to make a post and I will change the
script :) [/Rant]<br />
<br />
<blockquote class="tr_bq">
$pathTemp = "C:\Temp\Login.tmp"<br />
$password = "lotsofnumbersandlettersinheretotisthepasswordinitsecryptedformandiwllpostthescriptandtalkaboutitlaterintheblogandyesitreallyisthislongimademine256ithinkohhandthekeyisover9000"<br />
$key = "111 111 111 111 111 111 111 111 111 111 111 111 111 111 111 111 111 111 111 111"<br />
<br />
$domain = "domain"<br />
$strComputer = "$env:computername"<br />
<br />
#downloaded from http://gallery.technet.microsoft.com/scriptcenter/63fd1c0d-da57-4fb4-9645-ea52fc4f1dfb/<br />
<br />
function Test-Admin { <br />
$currentPrincipal = New-Object Security.Principal.WindowsPrincipal( [Security.Principal.WindowsIdentity]::GetCurrent() ) <br />
if ($currentPrincipal.IsInRole( [Security.Principal.WindowsBuiltInRole]::Administrator )) { <br />
return $true <br />
} <br />
else { <br />
return $false <br />
} <br />
} <br />
#downloaded from http://myitforum.com/cs2/blogs/yli628/archive/2007/08/30/powershell-script-to-add-remove-a-domain-user-to-the-local-administrators-group-on-a-remote-machine.aspx<br />
function AddLocal {<br />
if(Test-Path $pathTemp){<br />
$username = Get-Content $pathTemp<br />
}<br />
$computer = [ADSI]("WinNT://" + $strComputer + ",computer")<br />
$Group = $computer.psbase.children.find("administrators")<br />
$Group.Add("WinNT://" + $domain + "/" + $username)<br />
Remove-Item $pathTemp -Force<br />
break<br />
}<br />
<br />
start-sleep -s 3 <br />
<br />
$Invocation=(Get-Variable MyInvocation).Value <br />
if ($Invocation.MyCommand.Path -ne $null) { <br />
$arg="-file "+$Invocation.MyCommand.Path<br />
if (!(Test-Admin)) { <br />
Out-File -FilePath $pathTemp -InputObject $env:username -Force<br />
$passwordSecure = ConvertTo-SecureString -String $password -Key ([Byte[]]$key.Split(" "))<br />
$credential = New-Object system.Management.Automation.PSCredential("domain\usertorunas", $passwordSecure)<br />
Start-Process "$psHome\powershell.exe" -Credential $credential -ArgumentList $arg<br />
break <br />
} <br />
else { <br />
if(Test-Path $pathTemp){<br />
$username = Get-Content $pathTemp<br />
AddLocal<br />
}<br />
#downloaded from http://www.powershellcommunity.org/Forums/tabid/54/aft/1528/Default.aspx<br />
$group =[ADSI]"WinNT://./Administrators"<br />
$members = @($group.psbase.Invoke("Members"))<br />
$UsersInGroup= $members | foreach {$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)} <br />
foreach($DomainUsers in $UsersInGroup) {<br />
if ($DomainUsers -eq "Domain Users") {<br />
$Group.Remove("WinNT://" + $domain + "/Domain Users")<br />
$username = $env:username<br />
AddLocal<br />
}<br />
}<br />
}<br />
} </blockquote>
<div style="text-align: center;">
<a href="https://docs.google.com/uc?id=0B74TsOd-73NLYkY3VGlMcVNxNHc&export=download">Download </a></div>
<br />
simply add the powershell script to start and login, and viola! you will now have users granted local admin rights at login. For the astute people that noticed(so I bet no one) you will notice the script actually checks to see if there is a Domain Users group under local admin and if so removes it then adds the user and your probably thinking whats the point in that?<br />
The one problem with this script is that if you are logging in as a user you will not have local admin rights unless you logoff the computer then back on as you have started that login session as a normal user and the effect of being in the local admin group will not be picked up until the next login. Since the majority of our school is 1 Device to 1 User we add Domain Users to the local admin group in our SOE which means the first user login will be granter admin rights on the computer without having to logoff and in again and the Domain Users group will be removed from the local admin group.<br />
<br />
The Username and Password used to run the script at elevated privileges should be added to the local admin group of all computers and should have absolutely no network access to anything except to add the local user to the local administrator group. This means even if they get the username and password of the user, they are still limited in what they can actually do with it.<br />
<br />
To encrypt the password for the user in the script you can use the following<br />
<blockquote class="tr_bq">
# Path to the script to be created: <br />
$path = 'c:\temp\template.ps1' <br />
<br />
# Create empty template script: <br />
New-Item -ItemType File $path -Force -ErrorAction SilentlyContinue <br />
<br />
$pwd = Read-Host 'Enter Password' -AsSecureString <br />
$user = Read-Host 'Enter Username' <br />
$key = 1..32 | ForEach-Object { Get-Random -Maximum 256 } <br />
$pwdencrypted = $pwd | ConvertFrom-SecureString -Key $key <br />
<br />
$private:ofs = ' ' <br />
('$password = "{0}"' -f $pwdencrypted) | Out-File $path <br />
('$key = "{0}"' -f "$key") | Out-File $path -Append <br />
<br />
'$passwordSecure = ConvertTo-SecureString -String $password -Key ([Byte[]]$key.Split(" "))' | <br />
Out-File $path -Append <br />
('$cred = New-Object system.Management.Automation.PSCredential("{0}", $passwordSecure)' -f $user) | <br />
Out-File $path -Append <br />
'$cred' | Out-File $path -Append <br />
<br />
ise $path <br />
<br />
# http://powershell.com/cs/media/p/7968.aspx</blockquote>
<br />
<div style="text-align: center;">
<a href="https://docs.google.com/uc?id=0B74TsOd-73NLQTI2NVo5MXpINGc&export=download">Download</a></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: left;">
These scripts do the job fine. The debate of whether we should be giving the local admin rights to users I am sure will continue on for many years to come. I think that as the software changes and the lines between local admins and users blurs even more as it has in Windows 7, this problem will disappear.</div>halcoberryhttp://www.blogger.com/profile/15243465759264938277noreply@blogger.com0tag:blogger.com,1999:blog-8795498742679938772.post-79630523744568795792012-02-14T23:37:00.000-08:002012-02-14T23:37:39.559-08:00JSON Why for you hurt my brain so?You know how I said it would be easy to pull a JSON stream for our portal in my previous blog post?<br />
here I will quote it<br />
<blockquote class="tr_bq">
"The local sharepoint portal display will be very easy to implement once a
gadget has been made to interpret a JSON stream which the Paper Cut
server makes available and has the added bonus of showing the total
impact throughout the entire schools printing."</blockquote>
Yep well its not. In fact it made my brain hurt. ALLOT.<br />
<br />
So I did get some web code working, but every time I tried putting it on our sharepoint site, it would stop working.<br />
Here is the Code I was using<br />
<blockquote class="tr_bq">
<html><br /><head><br /><script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.js"></script><br /><script type="text/javascript"><br />$("document").ready(function () {<br /> $.getJSON('http://papercut:9191/rpc/api/web/print-stats.json', function (data) {<br /> $("#PaperCut").html('');<br /> $.each (data.items, function (i, item) {<br /> $("#PaperCut").append('<div class="print-stats"><div class="TreesFormatted">' + item.TreesFormatted </div><div class="clear"></div>');<br /> });<br /> });<br /> $("#PaperCut").fadeIn(1000);<br />});<br /></script><br /><br /><br /><div class="main"><br /><div id="PaperCut"><img src="images/ajax-loader.gif" alt="Loading..." /></div><br /></div><br /></body><br /></html> </blockquote>
It worked fine on the papercut server itself. It showed the number of trees that had been cut down as a percentage, as it is in the JSON data. But would not work on the sharepoint site. I posted it on the <a href="http://www.mitie.edu.au/">MITIE</a> forum and with a few replys, Kane Rogers from <a href="http://www.bluereef.com.au/">Bluereef</a> (shameless plug, we don't even use bluereef so i was pretty impressed that Kane helped me as much as he did) mentioned the answer when i sent him my code.<br />
The <a href="http://en.wikipedia.org/wiki/Same_origin_policy">Same Origin Policy</a> was the problem. I don't like it :P<br />
<br />
So without making the job a whole lot harder I scrapped that method of getting it in sharepoint and chose the most likely dodgiest method ever. I wrote a powershell script which pulls the json data from PaperCut, formats it and dumps it into a static location on the sharepoint server as a html file. Yep that's right a local script on the server :P, I added it to Task Schedueler to run hourly and viola! a simple formatted Total Environmental Impact page in the portal.<br />
<br />
Here is the powershell code i used<br />
ohh and my obligatory disclaimer<br />
<br />
[Rant]Now before we get started on the scripting lets get one thing straight,<br />
<br />
<div style="text-align: center;">
<i><u><b>I AM NOT A PROGRAMMER!! </b></u></i> </div>
Yes there will be a better way of doing it, could I make it work? no so
if you can make it work feel free to make a post and I will change the
script :) [/Rant]<br /><br />
<blockquote class="tr_bq">
# the json source<br />$source = "http://papercut:9191/rpc/api/web/print-stats.json"<br /># temp location to save the json file<br />$pathTemp = "C:\Temp\temp.json"<br /><br /># location to save the html file<br />$pathSave = "C:\inetpub\wwwroot\PaperCut\PaperCut.html"<br /><br /># webget request for the file<br />$wc = New-Object System.Net.WebClient<br />$wc.DownloadFile($source, $pathTemp)<br /><br /># dumps the json file into an array spliting it via the ","<br />$jsonString = Get-Content $pathTemp<br />$jsonArray = $jsonString.split(",")<br /><br /># Total Trees used<br /># grabs the invidual array item and splits it again using the ":"<br />$jsonTree = $jsonArray[2].split(":")<br /># Removes the " from around the value<br />$jsonTreeString = $jsonTree[1].Replace("`"", "")<br /><br /># Total CO2 Produced<br /># grabs the invidual array item and splits it again using the ":"<br />$jsonCO = $jsonArray[3].split(":")<br /># Removes the " from around the value<br />$jsonCOString = $jsonCO[1].Replace("`"", "")<br /><br /># Total No of hours a 60W lightbulb could be run<br /># grabs the invidual array item and splits it again using the ":"<br />$jsonBulb = $jsonArray[5].split(":")<br /># Removes the " from around the value<br />$jsonBulbString = $jsonBulb[1].Replace("`"", "")<br /># the number got split twice in the array because they used a comma ie 4,000<br /># which would be 4 as one array item and 000 as the second array item<br /># so I had to add the second half of the number <br />$jsonBulbString = $jsonBulbString + ($jsonArray[6].Replace("`"", ""))<br /><br /># pulls all the values into a single string, including some html tags so it displays in a browser<br />$htmlString = "<html>" + $jsonTreeString + "<BR>" + $jsonCOString + "<BR>" + $jsonBulbString + "</html>"<br /><br /># spits out the html file, overwrites the old file if it exists<br />Out-File -FilePath $pathSave -InputObject $htmlString -Force</blockquote>
No error checking because well, does it really matter if it breaks? I guess you could put some trap exits if you felt the need. <br />
<br />
Since its a simple HTML page, you can embedded it into sharepoint and put pretty graphics around it etc etc and your done :)halcoberryhttp://www.blogger.com/profile/15243465759264938277noreply@blogger.com0tag:blogger.com,1999:blog-8795498742679938772.post-11057259921492835092012-02-12T22:14:00.000-08:002012-07-05T22:00:05.170-07:00Forcing Gadgets on a Desktop? COMPUTER SAYS NO!We recently decided to implement a new software solution for printing called <a href="http://www.papercut.com/">PaperCut</a> to try and decrease the amount of paper wasted through out the school. Although PaperCut does do account balances, crediting and print job releases, we where wanting it more for the monitoring of print jobs and to display a users environmental impact of there printing. This will mean lower maintenance for the IT Department for the new system as we will not be having to credit users as they begin to run low and the ethos of printing will be changed to the users considering the environmental impact of there printing rather than our department being seen as "The Big Bad Wolf".<br />
<br />
This is working well, but to display the individual user impact could be done a few different ways:<br />
- Client run on login<br />
- Local web gadget on sharepoint portal<br />
- Win 7 Gadget on the desktop<br />
<br />
The local sharepoint portal display will be very easy to implement once a gadget has been made to interpret a JSON stream which the Paper Cut server makes available and has the added bonus of showing the total impact throughout the entire schools printing.<br />
This works well but we also discussed and decided that we wanted something more confronting than a web gadget in the portal to show an immediate consequence to there printing so it was decided to force a Win 7 Gadget onto the desktop of the computers.<br />
I had thought this would have actually been a simple task with the flexibility that has been added to Win 7 with group policies I had assumed this had extend to gadgets also but as I quickly found out, this isn't so.<br />
<br />
Pushing a gadget out was not a problem, simply building an MSI using <a href="http://www.witemsoft.com/">wItem Installer</a> to install a gadget folder that comes with PaperCut to C:\Program Files\Windows Sidebar\Gadgets and viola you can now open and add the Gadget using the right-click menu on the desktop!<br />
To easy, except if you want the gadget to be automagically forced onto the desktop and not allow it to be closed :S That is where fun part came in!<br />
<br />
We eventually settled on the fact that you cannot prevent the users from closing the Gadget since we also still wanted to allow users to install and use there own gadgets, as well as still displaying our PaperCut Gadget so we moved on the idea that if it is closed can we make it re-appear?<br />
We ended up writing a small script which checks the gadget ini file and adjusts the file to re-add PaperCut if it has been closed.<br />
<br />
The How:<br />
The Gadgets on a Users desktop are Profile dependent and can be found under <br />
C:\Users\%username%\AppData\Local\Microsoft\Windows Sidebar\Settings.ini<br />
The Settings.ini file will change dynamically based off what gadgets are currently being displayed on the desktop.<br />
Below is a blank Settings.ini file<br />
<b>[Root]</b><br />
<b>SettingsVersion="00.00.00.02"</b><br />
<b>ShowGalleryPrivacyStatementOnceComplete="true"</b><br />
<b><br /></b><br />
<b>[Hashes]</b><br />
<b> </b><b>C:\Program Files\Windows Sidebar\Gadgets\PCEnvironmentalImpact.gadget="%7B5E373E6F-DE7E-76D7-A10B-DA294544DC6B%7D"</b><br />
<br />
Once a Gadget has been added to the desktop Settings.ini file changes<b> </b>to<br />
<b><br /></b><br />
<b>[Root]<br />SettingsVersion="00.00.00.02"<br />ShowGalleryPrivacyStatementOnceComplete="true"<br />Section0="1"<br /><br />[Hashes]<br />C:\Program Files\Windows Sidebar\Gadgets\PCEnvironmentalImpact.gadget="%7B5E373E6F-DE7E-76D7-A10B-DA294544DC6B%7D"<br /><br />[Section 1]<br />PrivateSetting_GadgetName="C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CPCEnvironmentalImpact.gadget"<br />server.hostName="SERVER"<br />server.port="9191"<br />PrivateSetting_GadgetDropLocationX="1520"<br />PrivateSetting_GadgetDropLocationY="0"<br />PrivateSetting_GadgetSize="small"</b><br />
<br />
We can see it has added a Root setting <b>Section0="1" </b>which indicates which order the gadget is in with the <b>Section0= </b>.If there is a second gadget this would be <b>Section1=</b> . The <b>"1" </b>indicates <b>[Section 1] </b>of the ini file to tell the gadget where it should pull its settings and location from. The <b>[Hashes] </b>info will now stick in the ini file statically after the gadget was installed using the MSI and will not need to be altered to force the gadget to display on the desktop.<br />
<br />
Since we now have all the information that needs to be in the Settings.ini file to display our gadget on the desktop we can now write a script to re-apply these settings if this gadget is ever closed. We have made the script run during login since this software only works while there notebooks are onsite but it could theoretically be made to run on a timed basis to permanently place the gadget on the desktop, even when they are logging in locally.<br />
<br />
[Rant]Now before we get started on the scripting lets get one thing straight,<br />
<div style="text-align: center;">
<i><u><b>I AM NOT A PROGRAMMER!! </b></u></i> </div>
Yes there will be a better way of doing it, could I make it work? no so if you can make it work feel free to make a post and I will change the script :) [/Rant]<br />
<br />
The script has been written in Powershell then used <a href="http://ps2exe.codeplex.com/">PS2EXE</a> to convert the script into an exe so we can run it through our login script. Even with the wrapper the EXE file is only 32k and runs very quickly.<br />
<b># file path to the ini file<br />$fileName = "C:\Users\"+$env:username+"\AppData\Local\Microsoft\Windows Sidebar\Settings.ini"<br /># folder path to the ini file, the file is locked while in use so Test-Path generates an error thus we use Folder Path to check for Win 7<br />$filePath = "C:\Users\"+$env:username+"\AppData\Local\Microsoft\Windows Sidebar"<br />#a variable to loop to check for the section value<br />$replaceNo = 0<br />#check if the process need resarting<br />$ProcessRestart = 0<br /><br />function PaperCutFun {<br /><br />#filepath check to make sure this computer can run gadgets<br />if(Test-Path $filePath){<br /> #Checking to see if the settings are already in the ini<br /> if (!(Get-Content $fileName | Select-String "Section0=`"50`"" -quiet)){<br /> #killing the sidebar.exe if it is running to edit the Settings.ini file<br /> if ((Get-Process sidebar -ea 0)) {<br /> Stop-Process -Force -processname sidebar<br /> #sleeping the kill to give sidebar time to close<br /> sleep -Seconds 5<br /> }<br /> #Searching the Settings.ini file to see if the gadget has been re-opened in a different order, thus causing a duplicate gadget<br /> if (Get-Content $fileName | Select-String "Section0=" -quiet) {<br /> do{<br /> (Get-Content $fileName) | <br /> Foreach-Object {$_ -replace ("Section0=`""+$replaceNo+"`""), "Section0=`"50`""} | <br /> Set-Content $fileName<br /> $replaceNo++<br /> }<br /> while($replaceNo -le 100)<br /> }<br /> #if it hasnt been re-opened, add it back in<br /> else {<br /> (Get-Content $fileName) | <br /> Foreach-Object {$_ -replace "\[Root\]", "[Root]<br />Section0=`"50`""} | <br /> Set-Content $fileName<br /> }<br /> $ProcessRestart++<br /> }<br /> <br /> #Checking to see if the settings are already in the ini<br /> if (!(Get-Content $fileName | Select-String "Section 50" -quiet)) {<br /> #killing the sidebar process to edit the ini<br /> if ((Get-Process sidebar -ea 0)) {<br /> Stop-Process -Force -processname sidebar<br /> }<br /> #adding the Section settings to the ini<br /> Add-Content $fileName ("<br />[Section 50]<br />PrivateSetting_GadgetName=`"C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CPCEnvironmentalImpact.gadget`"<br />server.hostName=`"STUDENTFILE`"<br />server.port=`"9191`"")<br /> $ProcessRestart++<br /> }<br /> #Start the sidebar again if it has had to be killed to edit the ini file<br /> if ($ProcessRestart -ge 1){<br /> #checking to make sure it really is closed before we restart it.<br /> if ((Get-Process sidebar -ea 0)) {<br /> Stop-Process -Force -processname sidebar<br /> }<br /> #start sidebar<br /> Start-Process "C:\Program Files\Windows Sidebar\sidebar.exe"<br /> }<br />}<br />}<br /><br />PaperCutFun</b><br />
<br />
<u>Download </u><br />
<a href="https://docs.google.com/uc?id=0B74TsOd-73NLVFVjbkR3clJjMnc&export=download">PaperCutDemo.ps1</a><br />
<br />
Add a prompt to start the script, we still use vbs as out login script<br />
<br />
<b>' Launch PaperCut Gadget Check<br />Set WshShell = WScript.CreateObject("WScript.Shell")<br />WshShell.Run "\\domain\NETLOGON\papercut.exe", 0</b><br />
<br />
And viola!, even if the gadget is closed, it will now get dumped back onto the desktop.halcoberryhttp://www.blogger.com/profile/15243465759264938277noreply@blogger.com2tag:blogger.com,1999:blog-8795498742679938772.post-68219174668429744222012-02-12T18:51:00.000-08:002012-02-12T18:51:43.844-08:00Who what when what?I work as a Network Admin quasi System Admin in a school which teachers K-12 with a notebook program. What this means is I run into weird and wonderful problems that most people in the enterprise world don't see or simply doesn't exist. I decided to make this blog to try and keep a running sheet of problems that I have either solved or simply to post small projects which I have worked on and completed. This is my first attempt at blogging so if you don't like it, feel free to abuse everyone around you and not me. :)halcoberryhttp://www.blogger.com/profile/15243465759264938277noreply@blogger.com0