Deploy Adobe Flash Zero-Day Patch

Posted by Shane Corellian

Jan 22, 2015 3:33:00 PM

Hey Sys Admins,

Today Adobe released a critical update for Flash Player. This patch fixes a Zero Day vulnerability that is being actively exploited. This patch comes on the heels of the most recent Flash patch that was released just over one week ago. The new patch has a version 16.0.0.287. To verify if you have the proper Flash for your browser you can simply go to this Adobe page

You can use PDQ Deploy to push this patch out to your Windows computers on your network. 

There are 3 available Adobe Flash packages in PDQ Deploy. 

Adobe Flash: This package is intended for browsers that use plugin based browsers such as Firefox. 

Adobe Flash for IE: This package is intended for Internet Explorer (except for Windows 8.x machines) 

Adobe Flash (All IE): All supported versions of Windows and IE. (Requires active PDQ Deploy Pro or Enterprise license)

For PDQ Deploy Enterprise mode customers using Auto Deployment this version will be attached to your Auto Deployments based on your approval settings or when you manually approve the new version.

PDQ Deploy does not work on Home versions of Windows.

This video show deploying an older version but the process is still the same to silently install Adobe Flash. 

 

 

Start PDQ Deploy Trial

Read More

Topics: Adobe Flash

Silently Install Java 8 Update 31

Posted by Shane Corellian

Jan 21, 2015 9:00:00 AM

Oracle has released Java 8 update 31. They have also released two updates for Java 7. (Updates 75 and 76). Just a heads up that Oracle will no longer provide public updates to Java 7 after the Apriljava-logo 2015 update, so there's no time like the present to make the migration over to Java 8. Also, Java 8 does not work on Windows XP or 2013.

Java 8 Update 31 and Java 7 Update 75 are now available in the Package Library. This means that the hard part is already done for you. The packages in the Package Library do disable the Java Auto Update. If you decide to build your own Java package and do not disable auto update beware that  Java 7 may be updated to Java 8. If you would like to build your own Java package in PDQ Deploy then read on.

Silently Install Java 8 Update 31

1. Download the Offline version of Java. You will likely want to download the Offline 32-bit as most browsers are 32-bit (even on 64-bit machines).

2. Extract the MSI. While you can silently install the EXE the MSI is much easier to work with as it is silent without needing additional parameters. The easiest way to do this is to simply run the EXE but do not proceed through the install wizard. (Cancel right at the Welcome screen.) This will create a folder with all the CAB and MSI files that will be found under %APPDATA%\..\LocalLow\Sun\Java. Move this folder to your PDQ Repository (or another location on your computer). 

3. Build your deployment package. In PDQ Deploy you'll create a new package and in an install step add the MSI from the previous step into the Install File field. Click Include Entire Directory and add the following parameters into the Parameters field: 

JU=0 JAVAUPDATE=0 AUTOUPDATECHECK=0 RebootYesNo=No
Java8EasyPackage

JU=0 JAVAUPDATE=0 AUTOUPDATECHECK=0 are used to disable Java updating or even checking for updates. The RebootYesNo=No suppresses rebooting.

Multi-Step Packages and Pre-Built Packages

In the Java 8 package from the Package Library you'll notice we include a command step to kill browsers and other Java processes before installing Java which is recommended for a successful installation. If you don't do this and a user is running a Java applet during the deployment then there is a good chance that Java will be corrupted on that target. 

In order to run multi-step packages you'll need Pro or Enterprise mode of PDQ Deploy. If you are running the free version of PDQ Deploy then you are able to run one Install Step.

You can get a free trial of PDQ Deploy Enterprise mode here, and in your trial is included your choice of three packages to download and deploy. Make life easy and use Java 8 update 31 as one of your trial packages. 

Download PDQ Deploy

Read More

Using the Adobe Customization Wizard XI Tool

Posted by Annalisa Williams

Jan 15, 2015 4:03:00 PM

You can build a customized silent deployment of Adobe Reader (or Acrobat) utilizing the Adobe Customization Wizard. (We will be using Reader for this example.) Before we get started you'll need to download the Adobe Customization Wizard XI tool and the latest Adobe Reader EXE

Preparing to Customize Installation

1. Extract the MSI from the EXE. Go to Start>Run, in the Open field put in the path to the EXE file and add the following parameters:

-nos_o"%TEMP%\Reader" -nos_ne

(Where %TEMP%\Reader is the directory in which you want to extract the MSI to, don't forget the double quotes!)

Once the extraction is complete you'll notice a few files, but the ones to pay attention to are the AcroRead.msi and the AdbeRdreUpd11010.msp (numbers may vary per update, as of this posting this 11.0.10 is the latest release from Adobe.)

2. Open the Adobe Customization Tool and then open the install file. This is the AcroRead.msi that you extracted in the earlier step.  

Customizing to Silently Install Adobe Reader

As you go through the Adobe Customization Wizard here are the customizations to specify in order to achieve a silently install Adobe Reader. (Note: If the installation is not silent your deployment will hang.)

Personalization Options
Select to Suppress display of End User License Agreement (EULA).

Installation Options
In installation options make the follow selections in these sections.

  • Default viewer for PDF files: Make Reader the default PDQ viewer
  • Run Installation: Silently (no interface)
  • If reboot required at the end of installation: Suppress reboot

Optional, but recommended:

Shortcuts
Disable adding a desktop icon by right clicking and selecting Remove. 

Security
Select under Protected View "Files from potentially unsafe locations"

 

 

Deploying Your Silent Installation

After you save it, go to Transform>Generate a Transform. This will create a MST file. 

In PDQ Deploy you'll need two install steps to complete the installation. In the first step load the AcroRead.msi in the install field and use the following parameters:

TRANSFORMS=AcroRead.mst

Note: If you've saved the MST file as something other than the default and/or you have changed the location of the file to a directory separate from the other installation files you will need to set TRANSFORMS equal to the path to the MST file. 

Be sure to select Include Entire Directory.

Create a second install step and in this step for the install file add the MSP file (as of this post it will be an AdbeRdrUpd11010.msp) This file is the update to Adobe Reader XI.

Now you're good to go. Save it and deploy it!

 

 

PDQ Deploy Enterprise Trial

 

 

Read More

Topics: adobe reader

PowerShell: Copying Individual Files and Renaming Duplicates

Posted by Kris Powell

Jan 8, 2015 1:28:32 PM

There are many factors to consider when copying files within a script.kris_resized

In many instances, we check for the existence of a file and only copy the file if it does not exist. Sometimes we only copy if it’s older/newer than a certain file.  Sometimes we only copy if the file sizes are different...and so on and so forth.

I’m sure that you get the idea. There are many things to consider.

For this particular case, I wanted to keep all copies and rename any duplicates sequentially. I will be using Copy-Item to get this done.

Copy-Item

Normally, when using Copy-Item, you’ll find that it will overwrite any destination files. It will not create any nonexistent folders in your destination file path.

For example, if you try to copy the source file to a new location that doesn’t exist yet, you will see a similar error:

Copy-Item-Fails-Nonexistent-Directory

In this case, the C:\Temp\File.txt file exists but the subdirectory does not, as it mentions in the error above.

The only way to get Copy-Item to create the subdirectories if they don’t already exist is to copy a directory recursively. Unfortunately, it will not work with individual files, so it is out of the scope for this post.

Test-Path and New-Item

One of the simplest ways to get the nonexistent directories created when copying individual files is to test for missing files and manually create the file before you copy (similar to unix/linux “touch” command).

In order to verify if a file already exists, we will use the Test-Path cmdlet. Test-Path can verify if a file or folder exists. When using Test-Path, items that exist will return $true whereas items that do not exist (or cannot be verified) will return $false:

Powershell-Test-Path-Examples

Once we've verified that a file doesn't exist, we can use New-Item to create a placeholder for the file we're about to copy. Unlike Copy-Item, New-Item can create the nonexistent directory structure when creating new files.

Copying files and creating any nonexistent subdirectories

Here’s an example of creating the destination file before copying (in order to create the destination file’s directory structure):

#############################################################################

$SourceFile = "C:\Temp\File.txt"
$DestinationFile = "C:\Temp\NonexistentDirectory\File.txt"

If ((Test-Path $DestinationFile) -eq $false) {
    New-Item -ItemType File -Path $DestinationFile -Force
} 

Copy-Item -Path $SourceFile -Destination $DestinationFile 

#############################################################################

Breaking it down:

First, we test if $DestinationFile exists by using Test-Path. If the result of that Test-Path is false, we create an empty file by using the New-Item cmdlet.  

The New-Item cmdlet will create our file. Using -Force here tells New-Item to create all the directories necessary for that particular file.

Finally, we are able to successfully use the Copy-Item command to copy the $SourceFile to the newly-created $DestinationFile.

As awesome as this is, it only gets us partially there.  The normal behavior for Copy-Item will overwrite the destination file (with or without -Force). We’re trying to preserve all files and create duplicate destination files instead of overwriting.

Copying individual files and renaming any duplicates

Here is a simple way to copy a file from one location to another while preserving all destination files. We  increment the destination file names:

#############################################################################

$SourceFile = "C:\Temp\File.txt"
$DestinationFile = "C:\Temp\NonexistentDirectory\File.txt"

If (Test-Path $DestinationFile) {
    $i = 0
    While (Test-Path $DestinationFile) {
        $i += 1
        $DestinationFile = "C:\Temp\NonexistentDirectory\File$i.txt"
    }
} Else {
    New-Item -ItemType File -Path $DestinationFile -Force
}

Copy-Item -Path $SourceFile -Destination $DestinationFile -Force

#############################################################################

Breaking it down:

We test if the path $DestinationFile exists by using Test-Path. We then check if the file name already exists.

If $DestinationFile doesn’t exist, it will create the file and then copy the source over the destination file.

If $DestinationFile does already exist, it will jump into a While loop. It will modify the DestinationFile name by incrementing part of the name, testing each modified name until it finds a name that doesn’t match an existing file.

If File.txt doesn’t exist, it will create File.txt first. Subsequent runs will create, File1.txt, File2.txt, File3.txt and so forth.

Keep in mind that copying large or numerous files will result in increased disk usage, so be sure to keep an eye on your utilization.

Disclaimer and side notes

Use these scripts at your own risk. Be sure you understand what you're doing before using these in a production environment. As always, feel free to modify these to suit your environment.

I realize that there are many ways to tackle the issues above. In fact, the latest estimates place the possibilities at around 1.2 bajillion, though scientists predict even greater numbers.

Additional resources and tools for copying/moving/deleting files are also available, such as one of my favorite tools for copying: Robocopy.

Good luck!

Read More

Topics: powershell

Thunderbird Silent Install

Posted by Annalisa Williams

Jan 6, 2015 4:13:00 PM

Thunderbird is one of over 100 applications in the Package Library that are ready-to-deploy. A trial of PDQThunderbird silent install Deploy Enterprise will allow you to select three of these packages for deployment free during your trial. Otherwise, Thunderbird is a fairly simple package to build on your own. 

Thunderbird Silent Install

1. Download Thunderbird. Make sure you download the offline version. An online version will not give you a silent install of Thunderbird.

2. Open a new package. Simply right-click on the EXE and click "Deploy with PDQ Deploy". This will automatically open the new package window. Otherwise, from the new package window you can navigate to the file in an install step. 

3. Add silent parameters. Down in the parametersfield put -ms. That's it, you're ready to install Thunderbird silently. 

silently_install_thunderbird
If you've looked at the Thunderbird package provided in the Package Library, you might notice it uses a few more steps and an INI file. The reason the package is built as such is to end any currently running Thunderbird sessions and to remove the MMS (Mozilla Maintenance Service) for a cleaner install. 
INI file allows for more specific instructions for the deployment, which in this case is written to not create any shortcuts and to not install the maintenance service. 
|[Install]
QuickLaunchShortcut=false
DesktopShortcut=false
MaintenanceService=false
In the video above, Shane walks through some of the steps in this pre-built package.
Download PDQ Deploy
Read More

Topics: Thunderbird

Sys Admin New Year's Resolutions

Posted by Shane Corellian

Dec 30, 2014 1:40:23 PM

8 New Year's Resolutions for the Sys Admin sys admin new year resolutions

  1. Update last years resume (add two years experience to everything)
  2. Reprovision old 286s for users who install the Ask Toolbar
  3. Feign concern
  4. Modify Disaster Recovery plan to contain more alcohol
  5. Casual Friday and no clean pants? Two words: Cousin Eddie
  6. On second thought, for number 2 just give them a Heathkit catalog instead
  7. Change signature line for iPhones in Marketing to "Sent from my DynaTAC"
  8. Take CFO's browser history to next budget meeting
Share in the comments below some of your New Year's Resolutions.

 

Read More

Topics: System Administrators

Customize Internet Explorer 11 with the IEAK

Posted by Annalisa Williams

Dec 17, 2014 4:43:28 PM

To customize Internet Explorer 11, first things first: download the Internet Explorer Administration Kit 11 here. In the video below, Shane steps through the wizard but as you go through the wizard, essentially you will be defining settings for Internet Explorer. There are only a couple settings I'd like point out to watch for to ensure a successful silent install of IE 11.

Package Type

When selecting Package Type, select Full Installation Package in order to also install IE 11 and configure it's settings. (Otherwise your resulting MSI will only change configurations on IE 11 if IE 11 is already installed.) 

User Experience

The key to a successful installation using PDQ Deploy is to make sure it is silent. In the User Experience section of the wizard be sure to select the Completely Silent Installation. (Not selecting this option could result in a hung deployment.)

You will probably want to select No Restart for the restart option. A reboot of the target computer will ultimately be needed before IE 11 but you may may wish to have your end-users reboot when they are ready. You can also use PDQ Deploy to restart machines by adding a reboot step at the end of the package.

IEAKSilent

Note: The customization wizard builds the install file per OS \ architecture. (e.g. Windows 7 32-bit or Windows 8 64-bit)

 

 

Deploying your Customized IE 11 Silently

Once you've created your MSI it's time to deploy.(The IEAK will create both a MSI and an EXE, use the MSI for a perfectly silent installation.)  In your PDQ Deploy console, create a new package with an install step. It's simple enough at this point, the trick is to make sure the right MSI is paired with the right architecture and OS as defined in the Conditions tab of the install step window. If you have Pro or Enterprise mode you can add as many install steps as you need to cover each customized IE 11 package. If you're in Free mode you'll have to create new packages for each but you can still get the job done. 

The video below shows bulding and deploying the completed package out to target machines:

 

 

Read More

Topics: IE

Silently Installing a VNC and Connecting

Posted by Annalisa Williams

Dec 15, 2014 9:48:00 AM

Using PDQ Deploy and PDQ Inventory in conjunction makes it easy to install and run a VNC session. Be sure to check out the accompanying video tutorials on installing and starting a VNC. 

Installing VNC

To initiate a remote session, you'll need to have a VNC server installed on the machine you want to control and the VNC viewer needs be installed on your own console. A VNC server provided in the Package Library is TightVNC. You can silently install this VNC server, but you will need to manually download and install a VNC viewer on your own console. 

Before you rush off to deploy TightVNC, you'll want to open up the package and look at steps three and four. These are two install steps for 32-bit and 64-bit. In each of these steps down at the parameters line a password is set for TightVNC. The parameter is: "VALUE_OF_PASSWORD= " if you're smart you'll set that equal to something a little more creative than "helpdesk". Make sure you make that change for BOTH the 32-bit and 64-bit install steps. 

Deploy-TightVNC-Parameters

 

 

Download PDQ Deploy

Initiating a VNC Session

You can quickly start a VNC session from PDQ Inventory. To set up a VNC protocol in PDQ Inventory go to Preference>VNC. Here is where you will navigate to the viewer exe. (For TightVNC it will be called tvncviewer.exe) For TightVNC use 0 as the display number, other VNCs might have a different display number though. 

After that you're ready to select any computer that has the TightVNC installed on it right click>Tools>VNC. (For you shortcut keystroke junkies: Ctrl+Alt+V) You'll get a pop up requesting you to enter the password and you're good to go. 

 

PDQ Inventory Trial

Read More

Topics: remote management

Powershell: Silently Change Firefox Default Search Providers

Posted by Kris Powell

Dec 11, 2014 11:26:00 AM

By now, I’m sure many (if not all) of you are aware that the latest version of Firefox modified the default kris_resizedsearch provider to be Yahoo for all U.S. customers.

It’s simple enough to change on an individual basis for any particular user (instructions here).  As system administrators for our various organizations, the issue that we often run into is making sweeping changes for many machines all at once.

Enter PDQ Deploy 4

For users of PDQ Deploy 4, this script is available as a package in our Package Library. The package is called, “Mozilla Firefox - Set Google as Search Engine.” We’re providing this as a package for all PDQ Deploy 4 users. This includes those that use the Free version of our software.


If you’re not familiar with PDQ Deploy, you should drop what you’re doing right now and go grab it.

Seriously, though, it’s a snap to setup and to deploy software silently to all the users in your organization.

Until this latest version, the preference option browser.search.selectedEngine is what was used to set the default search engine. There are many other preferences that can be configured and, indeed, are centrally configured in organizations that utilize Firefox. It is fairly straightforward to change different preferences. Here is a quick link to more information on the many configuration settings available in Firefox.

With the new version of Firefox, when you change your default search engine provider, the setting is no longer stored with the other configuration settings. The value is stored as a hashed value in a json file called search-metadata.json. It is created in the active Firefox profile for the current user. These settings may be changed in subsequent releases of Firefox.


Silently changing the default search engine

This is the PowerShell script that we use to modify the search provider of Firefox:

#############################################################################

$Provider = "Google"

$Disclaimer = "By modifying this file, I agree that I am doing so only " $Disclaimer += "within Firefox itself, using official, user-driven search " $Disclaimer += "engine selection processes, and in a way which does not " $Disclaimer += "circumvent user consent. I acknowledge that any attempt " $Disclaimer += "to change this file from outside of Firefox is a malicious " $Disclaimer += "act, and will be responded to accordingly."
# The above disclaimer is required verbatim. Yeah... we think it's silly too.  
$Pattern    = "{`"\[global\]`"\:{`"current`"\:`"(.*)`",`"hash`"\:`"(.*)`"}}"
$Encoding   = [System.Text.Encoding]::UTF8
$Hasher     = New-Object ([System.Security.Cryptography.SHA256]::Create())

Get-ChildItem "$env:public\..\*\AppData\Roaming\Mozilla\Firefox\Profiles\*" | 
    Where-Object { $_.PSIsContainer } | ForEach-Object {

    $ByteData   = $Encoding.GetBytes($_.Name + $Provider + $disclaimer)
    $HashResult = $Hasher.ComputeHash($ByteData)
    $Result     = [System.Convert]::ToBase64String($HashResult)
    $File = "$($_.FullName)\search-metadata.json"
    $Data = "{`"[global]`":{`"current`":`"$Provider`",`"hash`":`"$Result`"}}"

    If (-Not (Test-Path $File)) {New-Item -Path $File -ItemType file}

    (Get-Content $File) | Foreach-Object {
        If ($_ | Select-String -Pattern $Pattern) { 
            $_ -replace $Pattern, $Data
        } Else {
            $data 
        } 
    } | Out-File $File -Encoding utf8

    If ((Get-Content $File) -eq $Null) {
        $Data  | Out-File $File -Encoding utf8
    }
}
#############################################################################

By utilizing the System.Security.Cryptography namespace in .NET, we calculate a SHA-256 hash from the combined values of the $Disclaimer, the firefox profile name and the name of the provider you wish to configure. We store the value of the result to the search-metadata.json in the current user’s firefox profile folder.

After running the script for any given machine, the change will be reflected when Firefox is restarted.

You can use any installed search provider as a value to update. By default in the US-version of Firefox, these values include:

  • Amazon.com
  • Bing
  • DuckDuckGo
  • eBay
  • Google
  • Twitter
  • Wikipedia (en)
  • Yahoo

This script will update all user profiles on a given machine, so long as the firefox profile folder exists for a user. The profile gets created when a user runs Firefox for the first time.

That’s it.

It’s not a terribly long script, though it does certainly look fancy.

Try it out on a test machine and see if it works for you. You can decide if you want to use this in your organization. If you decide you would like to use this, we recommend the easy method of using this script.


The easy way

Install PDQ Deploy (4 or later) and grab our package and simply deploy it to all your users in your organization. If you have any questions along the way, we have a large variety of helpful videos - link.

The harder way

Take this script directly and manipulate it to run for all machines in your organization. This option is for the more advanced user who is familiar with scripting languages such as PowerShell.


It goes without saying that you should use this script at your own risk. 

Good luck!

 
Read More

Topics: powershell

What's New PDQ Inventory 4

Posted by Annalisa Williams

Dec 8, 2014 3:00:37 PM

After the release of PDQ Deploy 4 soon after the question became: When is PDQ Inventory 4 coming out? pdq-invWell, it's now here with new features for Pro and Enterprise users. When you update PDQ Inventory, you also may notice a slicker look and feel to the console (at least that's what we were going for). 

What's New?

  • Scanning for Active Directory computer group membership. 
  • Ability to scan for Other Version (for files that maintain two fields for the file or product version). 
  • Allows you to create basic reports from collections and collections from basic reports.
  • Speed improvement and minor bug fixes.

Active Directory Scanning

Adding ability to scan for group membership means you can now see which groups any computer belong to AD. A computer in Active Directory can belong to more than one group and one group can have multiple computers. 

Scanning for Other Version

This scanner can be added to a scan to catch the odd file that does not have what is displayed by Windows Explorer in the product or file version. 

Converting from Reports to Collections and Collections to Reports

To understand this feature it is helpful to know the key difference between a report and a collection. Reports are most useful for nailing down specific data, a collection on the other hand has its best use as a way to group computers to deploy to.

You cannot deploy to a report, you can only deploy to a collection. So, if you've got a report built filtering down to just the computers you want you no longer have to go in and create a whole new collection to reflect your report. You can convert your report into a collection, presto change-o (it rhymes...run with it) you have a ready to be deployed to collection. 

PDQ Inventory Trial

 

 

Read More

Admin Arsenal Blog

Subscribe to Email Updates