Customize Internet Explorer 11 with the IEAK

Posted by Annalisa Williams

Dec 17, 2014 4:43:28 PM

To customize Internet Explorer 11, first things first: download the Internet Explorer Administration Kit 11 here. In the video below, Shane steps through the wizard but as you go through the wizard, essentially you will be defining settings for Internet Explorer. There are only a couple settings I'd like point out to watch for to ensure a successful silent install of IE 11.

Package Type

When selecting Package Type, select Full Installation Package in order to also install IE 11 and configure it's settings. (Otherwise your resulting MSI will only change configurations on IE 11 if IE 11 is already installed.) 

User Experience

The key to a successful installation using PDQ Deploy is to make sure it is silent. In the User Experience section of the wizard be sure to select the Completely Silent Installation. (Not selecting this option could result in a hung deployment.)

You will probably want to select No Restart for the restart option. A reboot of the target computer will ultimately be needed before IE 11 but you may may wish to have your end-users reboot when they are ready. You can also use PDQ Deploy to restart machines by adding a reboot step at the end of the package.


Note: The customization wizard builds the install file per OS \ architecture. (e.g. Windows 7 32-bit or Windows 8 64-bit)



Deploying your Customized IE 11 Silently

Once you've created your MSI it's time to deploy.(The IEAK will create both a MSI and an EXE, use the MSI for a perfectly silent installation.)  In your PDQ Deploy console, create a new package with an install step. It's simple enough at this point, the trick is to make sure the right MSI is paired with the right architecture and OS as defined in the Conditions tab of the install step window. If you have Pro or Enterprise mode you can add as many install steps as you need to cover each customized IE 11 package. If you're in Free mode you'll have to create new packages for each but you can still get the job done. 

The video below shows bulding and deploying the completed package out to target machines:



Read More

Topics: IE

Silently Installing a VNC and Connecting

Posted by Annalisa Williams

Dec 15, 2014 9:48:00 AM

Using PDQ Deploy and PDQ Inventory in conjunction makes it easy to install and run a VNC session. Be sure to check out the accompanying video tutorials on installing and starting a VNC. 

Installing VNC

To initiate a remote session, you'll need to have a VNC server installed on the machine you want to control and the VNC viewer needs be installed on your own console. A VNC server provided in the Package Library is TightVNC. You can silently install this VNC server, but you will need to manually download and install a VNC viewer on your own console. 

Before you rush off to deploy TightVNC, you'll want to open up the package and look at steps three and four. These are two install steps for 32-bit and 64-bit. In each of these steps down at the parameters line a password is set for TightVNC. The parameter is: "VALUE_OF_PASSWORD= " if you're smart you'll set that equal to something a little more creative than "helpdesk". Make sure you make that change for BOTH the 32-bit and 64-bit install steps. 




Initiating a VNC Session

You can quickly start a VNC session from PDQ Inventory. To set up a VNC protocol in PDQ Inventory go to Preference>VNC. Here is where you will navigate to the viewer exe. (For TightVNC it will be called tvncviewer.exe) For TightVNC use 0 as the display number, other VNCs might have a different display number though. 

After that you're ready to select any computer that has the TightVNC installed on it right click>Tools>VNC. (For you shortcut keystroke junkies: Ctrl+Alt+V) You'll get a pop up requesting you to enter the password and you're good to go. 


Read More

Topics: remote management

Powershell: Silently Change Firefox Default Search Providers

Posted by Kris Powell

Dec 11, 2014 11:26:00 AM

By now, I’m sure many (if not all) of you are aware that the latest version of Firefox modified the default kris_resizedsearch provider to be Yahoo for all U.S. customers.

It’s simple enough to change on an individual basis for any particular user (instructions here).  As system administrators for our various organizations, the issue that we often run into is making sweeping changes for many machines all at once.

Enter PDQ Deploy 4

For users of PDQ Deploy 4, this script is available as a package in our Package Library. The package is called, “Mozilla Firefox - Set Google as Search Engine.” We’re providing this as a package for all PDQ Deploy 4 users. This includes those that use the Free version of our software.

If you’re not familiar with PDQ Deploy, you should drop what you’re doing right now and go grab it.

Seriously, though, it’s a snap to setup and to deploy software silently to all the users in your organization.

Until this latest version, the preference option is what was used to set the default search engine. There are many other preferences that can be configured and, indeed, are centrally configured in organizations that utilize Firefox. It is fairly straightforward to change different preferences. Here is a quick link to more information on the many configuration settings available in Firefox.

With the new version of Firefox, when you change your default search engine provider, the setting is no longer stored with the other configuration settings. The value is stored as a hashed value in a json file called search-metadata.json. It is created in the active Firefox profile for the current user. These settings may be changed in subsequent releases of Firefox.

Silently changing the default search engine

This is the PowerShell script that we use to modify the search provider of Firefox:


$Provider = "Google"

$Disclaimer = "By modifying this file, I agree that I am doing so only " $Disclaimer += "within Firefox itself, using official, user-driven search " $Disclaimer += "engine selection processes, and in a way which does not " $Disclaimer += "circumvent user consent. I acknowledge that any attempt " $Disclaimer += "to change this file from outside of Firefox is a malicious " $Disclaimer += "act, and will be responded to accordingly."
# The above disclaimer is required verbatim. Yeah... we think it's silly too.  
$Pattern    = "{`"\[global\]`"\:{`"current`"\:`"(.*)`",`"hash`"\:`"(.*)`"}}"
$Encoding   = [System.Text.Encoding]::UTF8
$Hasher     = New-Object ([System.Security.Cryptography.SHA256]::Create())

Get-ChildItem "$env:public\..\*\AppData\Roaming\Mozilla\Firefox\Profiles\*" | 
    Where-Object { $_.PSIsContainer } | ForEach-Object {

    $ByteData   = $Encoding.GetBytes($_.Name + $Provider + $disclaimer)
    $HashResult = $Hasher.ComputeHash($ByteData)
    $Result     = [System.Convert]::ToBase64String($HashResult)
    $File = "$($_.FullName)\search-metadata.json"
    $Data = "{`"[global]`":{`"current`":`"$Provider`",`"hash`":`"$Result`"}}"

    If (-Not (Test-Path $File)) {New-Item -Path $File -ItemType file}

    (Get-Content $File) | Foreach-Object {
        If ($_ | Select-String -Pattern $Pattern) { 
            $_ -replace $Pattern, $Data
        } Else {
    } | Out-File $File -Encoding utf8

    If ((Get-Content $File) -eq $Null) {
        $Data  | Out-File $File -Encoding utf8

By utilizing the System.Security.Cryptography namespace in .NET, we calculate a SHA-256 hash from the combined values of the $Disclaimer, the firefox profile name and the name of the provider you wish to configure. We store the value of the result to the search-metadata.json in the current user’s firefox profile folder.

After running the script for any given machine, the change will be reflected when Firefox is restarted.

You can use any installed search provider as a value to update. By default in the US-version of Firefox, these values include:

  • Bing
  • DuckDuckGo
  • eBay
  • Google
  • Twitter
  • Wikipedia (en)
  • Yahoo

This script will update all user profiles on a given machine, so long as the firefox profile folder exists for a user. The profile gets created when a user runs Firefox for the first time.

That’s it.

It’s not a terribly long script, though it does certainly look fancy.

Try it out on a test machine and see if it works for you. You can decide if you want to use this in your organization. If you decide you would like to use this, we recommend the easy method of using this script.

The easy way

Install PDQ Deploy (4 or later) and grab our package and simply deploy it to all your users in your organization. If you have any questions along the way, we have a large variety of helpful videos - link.

The harder way

Take this script directly and manipulate it to run for all machines in your organization. This option is for the more advanced user who is familiar with scripting languages such as PowerShell.

It goes without saying that you should use this script at your own risk. 

Good luck!

Read More

Topics: powershell

What's New PDQ Inventory 4

Posted by Annalisa Williams

Dec 8, 2014 3:00:37 PM

After the release of PDQ Deploy 4 soon after the question became: When is PDQ Inventory 4 coming out? pdq-invWell, it's now here with new features for Pro and Enterprise users. When you update PDQ Inventory, you also may notice a slicker look and feel to the console (at least that's what we were going for). 

What's New?

  • Scanning for Active Directory computer group membership. 
  • Ability to scan for Other Version (for files that maintain two fields for the file or product version). 
  • Allows you to create basic reports from collections and collections from basic reports.
  • Speed improvement and minor bug fixes.

Active Directory Scanning

Adding ability to scan for group membership means you can now see which groups any computer belong to AD. A computer in Active Directory can belong to more than one group and one group can have multiple computers. 

Scanning for Other Version

This scanner can be added to a scan to catch the odd file that does not have what is displayed by Windows Explorer in the product or file version. 

Converting from Reports to Collections and Collections to Reports

To understand this feature it is helpful to know the key difference between a report and a collection. Reports are most useful for nailing down specific data, a collection on the other hand has its best use as a way to group computers to deploy to.

You cannot deploy to a report, you can only deploy to a collection. So, if you've got a report built filtering down to just the computers you want you no longer have to go in and create a whole new collection to reflect your report. You can convert your report into a collection, presto change-o (it with it) you have a ready to be deployed to collection. 



Read More

Silently Change Firefox Search Engine Back to Google on All Computers

Posted by Shane Corellian

Dec 5, 2014 1:45:15 PM

As we all know Mozilla signed a deal that will make Yahoo the default search engine for Firefox in the USA. This change is made starting with Version 34.0.5.

In previous versions of Firefox you could create a config file to force a specific search engine on all of your Firefox computers. While Mozilla still supports the use of config files to enforce specific Firefox configurations the ability to modify the search engine has apparently (big surprise) been removed in version 34x. 

Let's jump right into how to silently change the Firefox search engine to Google on all computers. First of all, the solution we are going to outline is for System Administrators who want to revert back to Google on many (dozens, hundreds or thousands of Windows computers). If you are reading this and only want to change your search engine on your own installation of Firefox then simply click the search symbol in your Search field and choose Change Search Settings. Make your change to Google and move on. This solution will not work on Home versions of Windows.

We will show you how you can change your existing Firefox installations by using PDQ Deploy 4. This will work in the Free mode of PDQ Deploy (as well as Pro and Enterprise modes). 

Silently Changing the Default Search Engine

In PDQ Deploy 4 go to your Package Library and import the package called Mozilla Firefox - Set Google as Search Engine.

After importing the package select it and click the Deploy... button and choose Deploy Once. Choose your target computers. (I would recommend choosing a few test computers first to make sure this does what your want). You can type in the names of the computers or you can choose them from Active Directory, PDQ Inventory, Spiceworks, etc.

Once you have your target computers simply push the Deploy Now button.

This will only make the change to computers running version 34.x of Firefox. If Firefox is running during the deployment the changes won't be visible until Firefox is closed and re-opened.

What does the Package actually do?

This package will simply run one Powershell script that was written by our Powershell guru, Kris. (Yes, the same Kris who writes our semi-regular Powershell blogs). This script will traverse the Users directory on the target computer. It will visit every user profile and only make the change on profiles that have previously used Firefox.

Can I change the Search Engine to something other than Google?

Yes. You can modify the existing Parameters field and replace "Google" with another supported search engine. Valid parameters are: "Google", "Bing", "Yahoo", "", "DuckDuckGo", "eBay", "Twitter" or "Wikipedia (en)".


Read More

Topics: mozilla firefox

Remote Command: GPUpdate

Posted by Annalisa Williams

Dec 3, 2014 1:05:12 PM

Are you comfy in that office chair? Do you want to stay there? Sending remote commands from your workstation can be done in just a few clicks from the PDQ Inventory console. The ability to send remote commands is a free feature. (See bottom of post for video and free download link.) 

Pull open the remote command feature either by selecting the computer (or computers) you want to send the command to by pressing Ctrl+Alt+C or under Tools>Remote Command.

Running GPUpdate 

Here is an example. I selected 6 specific computers in Inventory and called Tools > Remote Command. To run GPUpdate in the command field put the following:

echo n | gpupdate /force /target:computer


The /target:computer tells the command to only refresh the computer policy and not the user policy. I recommend this parameter because it will save you a bit of time. The /force parameter is useful when you want to reapply all of the Group Policy settings. Without the /force parameter GPUpdate will only apply policies that have changed since the last run time.

Remote commands must be able to run silently. If any user interaction is required after the command runs then the command will ultimately timeout. Sometimes GPUpdate will ask if you want to restart the computer after the policies are updated. When you run this interactively you would either type in Y (yes) or N (no). In anticipation of this happening I'd recommend pre-emptively answering no. This is why I run the echo command first. Basically I ran echo n and then piped that output (which would be the letter 'n') to following command of GPUpdate. Just an FYI, this will only answer no to one question. If GPUpdate asked multiple times to reboot then it will, using this example, hang waiting for an answer.

Here are some other examples of GPUpdate commands:

Refresh all User and Computer policies and then reboot if necessary:

gpupdate /force /boot

Refresh only computer policies whose versions have changed since the last update:

gpupdate /target:computer 



Read More

Topics: command line

LibreOffice Silent Install Parameters

Posted by Annalisa Williams

Nov 21, 2014 9:01:50 AM

Ah, LibreOffice...whether you're a cheapskate or just don't want to give Gates any more of your money than you already have to here's how to silently install it. (Don't forget to check out the video tutorial below to see Shane show how to run the deployment.)

If you have an active Pro or Enterprise license of PDQ Deploy, you have access to the Package Library which has this package pre-built and ready to go. In which case, you'll just need to import the package from the library and deploy. 

You can make modifications to this package or build it yourself if you're using Free mode. (Download PDQ Deploy Free mode here.)

Silently Installing LibreOffice

1. Point to the MSI. Use the ellipses next to the Install File field to navigate to the LibreOffice MSI file. You do not need to worry about selecting Include Entire Directory. 

2. Add Silent Parameters LibreOffice silent install parameters can be a bit tricky. Below will be the parameters that come with the pre-built package from the Package Library, for those who have PDQ Deploy Pro or Enterprise. You can make changes to these parameters if you so wish.

If you're using the free download of PDQ Deploy, no problem, copy and paste these parameters:


LibreOffice Silent Install Parameters

Breakdown of LibreOffice Silent Install Parameters

ADDLOCAL=ALL: This parameter instructs the MSI to install all LibreOffice features.

CREATEDESKTOPLINK=0: When set to "0" no desktop icon is created, if you do want a desktop icon on your user's computer change this to 1. 

REGISTER_ALL_MSO_TYPES=1: Registers all Office types (Writer, Calc, Impress, etc.)

REMOVE=gm_o_Onlineupdate: Adding this disables alerts from LibreOffice that your users would otherwise see asking them to update. (If you want to keep up-to-date and never miss a new release for LibreOffice you might want to look into using Auto Deployment.)

RebootYesNo=No: This parameter prevents a reboot after installation, change to =Yes to reboot. 

You can look at more potential arguments on this wiki.



Read More

Retry Queue

Posted by Annalisa Williams

Nov 17, 2014 3:23:24 PM

Bigger and badder than ever, PDQ Deploy 4 is here. This new version has great solutions to making sure computers receive updates even if they are offline at the time you kick off your deployment. Below is the beginning of a playlist of video tutorials on using the Retry Queue.

Retry QueueRetryQueue250

Retry Queue is an Enterprise mode feature. The Retry Queue screen (the icon on left side of screen) is where your computers that are offline, but listed to be deployed to will appear with the computer name and name of the application package you were attempting to deploy. 


Managing Settings 

Under Preferences>Deployments, you'll notice a new section: Offline Retry Queue. This is where you set the interval at which PDQ Deploy will attempt to re-deploy. The interval value is a global setting. Below that is where you'll set the number of retry attempts before it is dropped from the queue. The number of attempts may be overwritten at the Package and Deploy levels.


Settings at the Package and Deployment Level

To change a package's settings, simply double-click a package to open it up and go into "Package Properties" and there you'll see "Offline Settings" where by default it will use the setting from preferences. Uncheck that to modify the number of retries on that package. 

The retry queue attempts can be about as granular as you need them. You can adjust on the package level and individual deployment levels as well. To adjust and individual deployment, when you select the package and click "Deploy Once". In the Deploy Once or Schedule windows you'll have the option to change number of retries before the computer is removed from the queue. 

Forcing a Retry


You're not stuck waiting until the interval completes to retry a deployment on a computer. When in the Retry Queue, highlight a queued deployment and on the right side of the window you'll see the Try Now option. The deployment will reattempt and increment one of your tries. 


Things to note with the Retry Queue...there are actually instances when you would not want a deployment to place computers in the Retry Queue. If you send out a package to reboot computers that are offline...well, if you have some sort of sick sense of humor then, sure...put a computer in the Retry Queue and have it restart right after your user turns on the computer.



Read More

Topics: pdq deploy

PowerShell: Running .NET 4 with PowerShell Version 2.0

Posted by Kris Powell

Nov 13, 2014 4:25:00 PM

Let me start by saying that I am as excited as the next person to try new technology and upgrade all my software. Unfortunately, we cannot always upgrade the hardware/software in our production environments due to a variety of factors.

If you are able to upgrade your version of PowerShell to the latest and greatest, then please upgrade to the latest and greatest version (PowerShell 5 preview, anyone?). This blog post is for a (hopefully) small percentage of people who may find themselves stuck with an older version of PowerShell while needing to leverage something in a newer version of .NET Framework.


Running .NET 4 with PowerShell 2.0

There are two ways to tell PowerShell version 2.0 to utilize .NET Framework 4.  

You can modify for all .NET applications or just for PowerShell itself. I cannot think of many situations where I'd want to force this setting globally for all .NET applications, so we're going to address it just for PowerShell via some configuration files. All we need to do is create those configuration files and place them into their appropriate locations.

You'll want to create powershell.exe.config and powershell_ise.exe.config and place them in your $pshome directory.  

Here is what you want in both of those .config files:

<?xml version="1.0" encoding="utf-8"?>
      <supportedRuntime version="v4.0.30319" />
      <supportedRuntime version="v2.0.50727" />

Here is the location of $pshome by default:

  • 32-bit machines: C:\Windows\System32\WindowsPowershell\v1.0
  • 64-bit machines
    • 32-bit version: C:\Windows\SysWOW64\WindowsPowershell\v1.0
    • 64-vit version:  C:\Windows\System32\WindowsPowershell\v1.0

The quick and easy way to overwrite those files and place them where they need to be would be to run this as a script.

We place the entire content of the xml file into a variable via what's known as a here-string. They let us use multi-line strings very easily. We output the new variable directly to two new files (overwriting existing files, so be careful). 

$xml = @"
<?xml version="1.0"?>
    <startup useLegacyV2RuntimeActivationPolicy="true">
        <supportedRuntime version="v4.0.30319"/>
        <supportedRuntime version="v2.0.50727"/>

$xml | Out-File $pshome\powershell_ise.exe.config 
$xml | Out-File $pshome\powershell.exe.config

Voila! Like magic, the new files are created. Simply restart your PowerShell console and you should be able verify which .NET CLR Powershell is using by using $PSVersionTable. We're looking for the CLRVersion value, which is 4.0.30319.18444 in my case. That tells me I'm using .NET 4.


Hopefully you never find yourself in a position where you're limited with your PowerShell versions. But, if you ever do find yourself in such a pickle, hopefully this can point you in the right direction.


Read More

PDQ Deploy 4.0 is Here

Posted by Annalisa Williams

Nov 12, 2014 9:56:01 AM

Coming to a console near you...PDQ Deploy 4.0

For Enterprise Users...

The Retry Queue: RetryQueue250

The Retry Queue is the answer to making sure every deployment is completed whether a computer is online or not. When a computer is offline during a deployment it is added to the queue to attempt to deploy at a later time.

You can adjust the number of times a deployment is attempted and how frequently attempts are made in Preferences>Deployments under the Offline Retry Queue section. 

Enterprise users also get features included in Pro mode. Read on to see what's new for Pro mode users. 

For Pro Users...


Heartbeat Trigger:

This is another feature that, like the Retry Queue, ensures deployments are received when a computer is online. To use the Heartbeat Trigger you will need to have PDQ Inventory Pro mode or higher to utilized this feature. 

Heartbeat is a schedule-type that deploys to computers that have gone from offline to online. (In other words, if a computer is continously online it will not be deployed to until it has been rebooted.) 


Message Step: 

The most frequent use for this step is warning users of a coming reboot. It works the same way as running the command:  msg * "Your computer will be reboot in 60 seconds" and is there for quick and easy addition to deployment packages. 

Read More

Admin Arsenal Blog

Subscribe to Email Updates