Posted by Shane Corellian on Wed, Aug 25, 2010
We have added some sick features to Admin Arsenal in version 1.5.
My favorite is the ability to extend the Admin Arsenal Tools menu by adding your own Custom Tools. A Custom Tool is a command that exists on the Admin Arsenal console machine. When the Custom tool is selected (either from the Tools menu or a keyboard shortcut that you assign) the command is executed along with any respective command line arguments.
Want to be able to automatically go to the C$ of a target computer? Go to your Admin Arsenal Preferences and, in the Custom Tools pane, add the following line:
Open C$ Share=explorer.exe "\\%TARGET%\C$"
The syntax for a custom tool line is
Name [;keyboard shortcut]=command [ARGS]
Admin Arsenal will contain the computer name in the %TARGET% variable.
If you use DameWare Mini Remote Control, you can have initiate a Remote Control session from within Admin Arsenal by adding a custom tool entry like this:
DameWare Remote Control;CTRL+ALT+Z="C:\Program Files (x86)\DameWare Development\DameWare Mini Remote Control\dwrcc.exe" -m:%TARGET% -a:1
See additonal arguments that can be passed to DameWare Mini Remote Control.
Would you like to automatically connect to a network registry? Feel free to download one of our free utilities called StartReg.exe. Place this file on your Admin Arsenal console machine and add the following line to your custom tools:
Connect Remote Registry;CTRL+SHIFT+E="StartReg.exe" %TARGET%
In the above example I didn't pass the Path for StartReg.exe because I put it in my System32 directory which is, obviously, included in my PATH variable.
See a Video example on Admin Arsenal's YouTube Channel
Note: Any download from our Free Utilities is not supported and is provided without warranty of any kind.
Posted by Shawn Anderson on Wed, Aug 11, 2010
This is the last in a series of posts dedicated to Adobe Reader. The first post discussed how to customize Adobe Reader for your company, the second discussed how to deploy Adobe Reader to your entire company, and today we'll tackle the last portion - patching Adobe basebuild from 9.3.0 to 9.3.3.
If you don't already have the Adobe Reader 9.3.3, the patch must be obtained directly from Adobe.
Step 1: Open PDQ Deploy and select the Adobe Reader patch.
NOTE: If you are at the base build version of 9.3.0, you will need to install the 9.3.2 patch before applying 9.3.3.
Step 2: Select the target computers for the software deployment
There are three methods to select targerts:
- Import (from a text file)
- Active Directory
- Admin Arsenal
Step 3: Select the account to initiate the installation
This can be an Active Directory or a local account.
Step 4: Verify your settings and deploy
Much like the instructions on a shampoo bottle, if you are deploying 9.3.2 first, then wash, rinse, repeat. This will get you to the latest secure version of 9.3.3.
If you haven't taken the time to join Adobe's mailing list for security patch notification, I suggest you do so. This is a different list than their marketing distros.
You can sign up for their patch notification when you enter into your EULA to distribute Adobe Reader. The same notifications are also available for Adobe Flash and other Adobe products.
Since Adobe Reader is such a widely used application we get many requests from users on how to remotely install the program. Here is a video that demonstrates deploying the Adobe Reader 9.3.3 patch.
Note: For optimal viewing select HD playback.
If you have a software application that you would like us to demonstrate deployments in a step-by-step blog and video, shoot us the request.
Install software, patches, and more using our free application deployment software PDQ Deploy.
Get your free copy today.
Follow me on Twitter @ShawnAnderson
Follow Admin Arsenal on Twitter: @AdmArsenal
Posted by Shawn Anderson on Mon, Aug 09, 2010
There are three methods that Adobe provides for deploying Adobe Reader to all of your computers:
- EXE - (AdbeRdr933_en_US.exe)
- MSI - (AcroRead.msi)
- MST - (AcroRead.mst)
The self contained version of Adobe Reader simply deploys the application as packaged by Adobe with no ability to customize. If you want to simply push Adobe Reader with all defaults, use this method. The /sAll and /rs switches make the install silent for all products and suppress required reboots, respectively.
The .MSI version of Adobe Reader is obtained by extracting it from the EXE. With the MSI you have a little more flexibility in certain aspects, like suppressing EULA acceptance.
The .MST (transform file) requires the AcroRead.msi and is created using the Adobe Customization Wizard. This method and its associated benefits were demonstrated in last weeks blog "Adobe Reader 9.3 - The Adobe Customization Wizard".
Here are the three examples of deploying Adobe Reader 9.3.
Example 1: The self contained Adobe Reader file.
Example 2: The .MSI installation.
Example 3: The .MST (transform) installation.
Simply open PDQ Deploy and select your .MSI in the "Installer File to Deploy" field. You call your .mst file in the Parameters field (TRANSFORMS="AcroRead.mst").
Complete the next three steps within PDQ Deploy (select targets, verify administrative account, and deploy). It's that simple.
Here's a video of deploying Adobe Reader 9.3 using PDQ Deploy.
Last of all - patching. We've noticed something decidedly odd about Adobe 9.3.3. If you install using the EXE you will install the latest security patches, up to 9.3.3. However, by extracting and using the MSI you will only be installing the base version of 9.3.0.
Be sure to patch your systems, and note that if you are at 9.3.0, you must first install 9.3.2 and then 9.3.3. The instructions for this will be posted on our next blog.
Free Deployment Tool: PDQ Deploy
|
Install applications, like Adobe Reader, quickly and without the fuss.
PDQ Deploy is free to use and distribute.
Get your copy today!
|
Follow me on Twitter @ShawnAnderson
Follow Admin Arsenal on Twitter @AdmArsenal
Posted by Shawn Anderson on Wed, Jul 21, 2010
Photo by HikingKid
I was working on a problem last week that caused me to, more than once, blaspheme various deities known to humankind. I had 10 servers each running SQL 2008 Express. An application that was supposed to process data in these databases had unexpectedly quit and, thus, I had 4 tables in each DB that had more than 60,000 rows of data to process and more data coming in. The application which had to process the data was using 2 GB of memory and quickly rising. 2 GB may not seem like a lot but we are talking an x86 server with 4 GB of RAM.
The thing about all this data, however, is that it is largely time specific. Online status, computer logons (not user logons) etc. After 30 minutes or so, the data was not important any longer (as it had been replaced by other logon events and online status updates.)
The amount of data that had to be processed at each of the servers was so immense that the servers were not responding the way I needed them to. Since I didn't need the data, I simply decided to purge the outdated data from certain tables.
I opened up Admin Arsenal and selected and ran a Remote Command against a collection which held all my servers on which Microsoft SQL Express was installed.
Since Admin Arsenal's Remote Command feature will actually run the command on each selected system there was no need for me to provide a server name.
Within 2 minutes all of my databases were processing current data and all was well.
I needed a quick solution and I got one. I couldn't log on to each system from the SQL Database Manager application provided by Microsoft. The overhead of each connection was so great that even increasing the timeout to 300 seconds was not enough. Plus, even if I COULD have attached to each DB via the Manager I would have been working against myself. I needed all the unneccesary data gone from all the systems fast. Individual attention to each would take too long.
Remember, sometimes your solution is just one command away...
Follow me on Twitter @ShaneCorellian
Posted by Shawn Anderson on Fri, Apr 02, 2010
Admin Arsenal may encounter an error when invoking remote commands or software deployments on some systems running UAC on Windows Vista or Windows 7. As a result of this UAC feature, some processes cannot be invoked remotely, regardless of the permissions that the invoker may possess.
As a result of this UAC feature, we're changing the way that Admin Arsenal runs remote commands and software deployments. It's currently in beta testing, and if you've run into this problem you can send a request to support@adminarsenal.com and we'll send you the new software to try.
The new remote connection method isn't turned on by default. To enable it select Admin Arsenal > Preferences and choose Remote Service on the left tree. Ensure that the checkbox for "Use new remote service" is selected.
Here's a video showing the error 5 displayed on a Windows 7 UAC error and corresponding fix.
YouTube blocked? Try here.
Follow me on Twitter
@ShawnAndersonRemote Application Installation is a snap. Try it for free now.
Posted by Shawn Anderson on Wed, Mar 31, 2010
Photo by fdecomite
"We don't have the funds to buy a dedicted server to host WSUS."
I've heard that concern before and I am hopeful that smaller organizations that don't have an automated deployment solution will take heed.
You don't need a dedicated server for WSUS. In fact, if funds are so low your company is running on memories of the good times then you are ready for a workable solution.
Virtualize.
Don't delay patching your systems. Even if you have to load VMWare on your workstation and then load Windows Server 2008 you can set this up to be your WSUS server.
Make sure that you allocate enough hard disc space for your data store. If you are a smaller shop with only a few dozen clients then you shouldn't have much to worry about.
Microsoft just released an out-of-band security patch (MS10-018) for all supported versions of IE (5.1, 6, 7, and 8) on all of their platforms. The patch is rated as critical for XP, Vista, and Windows 7. (Some of the server platforms rated as important or moderate.)
It's the delay that can really hurt some companies. When a vendor does an out of cycle release it's usually because the exploits are public knowledge, or worse, actively being exploited.
If you don't already have an automated WSUS solution then start on one today. If it's going to take you a little time, you can find other methods to deploy.
If you're in bind and want to deploy right now you can use Admin Arsenal to do the deployment (see video below).
Please note that when it comes to automation of Windows security patches, we suggest that you use WSUS. (You can use Admin Arsenal to push all of your other applications and patches).
YouTube blocked? Try here.
Follow me on Twitter
@ShawnAndersonQuickly discover
what's installed on the computers in your domain.
Posted by Shawn Anderson on Wed, Mar 24, 2010
The new password that Brian scribbled down was easy to come up with. Now to get it applied to all of his workstations.
He sighs. Nothing like managing local admin accounts. It makes him appreciate Active Directory even more.
Brian likes his job, mostly. Today, however, seems to be an exception. While reviewing his installed software inventory reports, Brian discovers that a user has installed some unauthorized software. Looks like the local admin account password has gotten out.
Upon further digging he discovers that Randy in accounting has installed his home version of Adobe Acrobat. Brian cracks his knuckles and reaches for the Extra Strength Excedrin that he keeps on his cubicle shelf.
Randy has now exposed the company to two serious threats:
- An application has been on its network that IT wasn't aware of. Brian remembers that Adobe released a critical security patch a couple of months ago. (Thanks for leaving the back door open, Randy.)
- They now have unlicensed software in their environment. This opens the company up to possible legal action. (The fines alone are higher than Brian's entire IT budget.)
In short, it's time to change the local admin password... again.
Brian opens Admin Arsenal, right-clicks on his "Online Workstations" collection, and selects Tools> Remote Command.
In four words he changes the local password on 175 workstations:
The net user command is deployed to all 175 of his workstations in less than two minutes. No users are interrupted.
With the easy part now done, Brian walks toward the office of Randy's manager. Yep, sometimes he likes his job.
******************************************************
Step-by-step video of changing the local account password on all your computers.
(YouTube blocked? Try viewing it here.)
Side notes: It's a good idea to rename your local admin account from default Administrator (but you already knew that).
Need to roll-out software to all of your Windows computers? Do it free with a 30-day trial of Admin Arsenal.
Want to share this video? http://www.youtube.com/watch?v=njmlz87z2Ag
Posted by Shawn Anderson on Fri, Feb 19, 2010
Here's the question that I posed to my Twitter followers last week (@ShawnAnderson):
Why can Domino's do minute-by-minute tracking of a $10 pizza but Dell can only say that your server is either "In Production" or "Shipped"?
Three weeks ago I decided to enhance my in-house lab with a server that could host about 20 virtual machines. Afterall, what better way to freshen up on newer products as well as enhance my blogs with step-by-step videos? Lastly, which perhaps I should have stated firstly, I wanted to add a little extra after-hours customer support for our Software Deployment tool Admin Arsenal.
About three hours after I placed the order I could see that my status was "In Production".
Fast forward 2 weeks. Dell is displaying the same "In Production" status. Has nothing changed in two weeks? Really? It's getting very close to the estimated delivery time, but no status change. Finally an email arrives at 2AM informing me of the delay.
Fast forward another week. I check status. No change. Bummer. It's 6:02 PM Friday evening. The kids are hungry, nothing had been prepared for dinner so I jump to Dominos.com and order pizza.
Maybe it's because I have Dell on the brain, but the online order process for my pizza was quite similar to ordering my server. As I selected an online coupon and started building my pizzas, I was reminded with a bright colored dialog box that my order had a problem, I had ommited the included 2-liter bottle of root beer offered on the coupon. I recall a similar shining notice on Dell when I was selecting the hard drives and had inadvertantly selected the wrong type for my desired configuration.
Way to go Dell and Dominos. You've both perfected the ordering process. So how about the production and delivery phases? Here's how it goes with Dominos.
6:05 PM, ordered online. Order accepted and in production. The pizza started preparation at 6:07 PM by someone named Dean (you can see his name at the bottom of the image).
Sweet. I let my wife know that I had ordered pizza (she was just preparing to send me a text asking me to do that very thing). I resumed my work, but I kept the Dominos website up to stay abreast of the status.
The next time I glanced at the screen it looked something like this (actually it looked exactly like this). Dean had removed the pizzas from the oven and was boxing 'em up.
With the next status change I learned that our delivery driver would be Bryan and that he had left the store at 6:26 with our healthy dinner in tow.
Let's compare this 24 minute Dominos experience with my yet-to-be-completed three week order with Dell.
Here's what the Dell status read after my order was placed and my purchase funds verified:
7 days later here is what my status read:
17 days after my order (and three days after my delay notice) here is what my status read:
And this morning, 18 days after my order was placed, and after two customer service calls where the reps were kind and professional but still could not see the cause of the delay, here is what I see:
But wait! That's not true. If I drill down into my order, I'll eventually see this:
Awesome! Let me get my shipping and tracking info. But when I click on the "Shipped" link I see this pop-up:
Oh, OK. I guess the "Shipped" link won't take me to my shipping information but will provide me with the English definition of 'shipping'. That's OK because I was a little unclear about what it meant.
Let's click on another link to get my shipping info. Ummm, how about clicking on the order number? (Do I dare click on this?) I'm a little worried that I will be sent to wikipedia for the comprehensive history of order numbers... but no where else to click, so let's roll the dice baby.
Alas! It takes me to my shipping detail page so that I can get my up-to-the-intersection status of my delivery... or not.
OK. I want to cut Dell some slack here. It changed status on a Friday night and they probably don't do weekend shipping for non-premium, non-enterprise, completely inconsequential customers (I mean that sincerely, by the way). So I would expect tracking info on Monday... oh wait, Monday is a federal holiday... so by Monday I mean Tuesday.
When I spoke with Dell they informed me that server would arrive before my delayed deadline. With the federal holiday looming that means that Dell will be footing the bill for 2-day shipping. OK. I'm good with that.
Dell really did have great customer service, but imagine what it could've been if Dell only followed Dominos lead on a $10 pizza.
OK - I admit that I don't need to know which person is working on my system at any given moment (though it's a cool feature and really humanizes a company). But a status that is as broad as "In Production" is useless.
There are too many phases wrapped in that definition. There is part ordering from within Dell, part ordering from vendors, part shipment from within or without the manufacturing plant, assembly, testing, and finally acceptance.
Imagine how cool it would be if I saw that my order was delayed due to short supply of 750GB hard drives. Even cooler would be if I could have interacted with Dell and opted instead for their plentiful stock of 1TB drives. The difference in cost would have been perhaps $200-$300 but could've saved me a week of waiting.
I don't know if delayed parts were the issue, and neither does Dell customer service. However, someone at Dell knows why my server was delayed, but in the era of instant data transmission that information is eerily absent.
Who'd of thought that a multi-billion dollar company that sells servers and workstations could learn from a... umm... multi-billion dollar company that sells pizza. OK, that's not as profound as I'd hoped.
But still... imagine the possibilities.
Need to install software remotely on all your Windows computers? Do it for free using with a 30-day trial of Admin Arsenal Software Deployment.
Windows Administrator? Follow me on twitter @ShawnAnderson
Posted by The Admin Arsenal Team on Fri, Jan 08, 2010
In this article we will create a Custom Inventory Report inside of Admin Arsenal. This report will show all computers that do NOT have Symantec Antivirus service installed / configured.
From the main window in Admin Arsenal select "New Report..." item in the Reports menu.
Now we write our query. I used the Fields dropdown menu to select the appropriate Table / Field.
This query simply requests that the Computer Name, AD Description, OS Name and Last Inventory Scan Date be returned for every computer that does NOT have a Windows Service called Symantec Antivirus.
Click here to download the video if you cannot access the YouTube version above
Posted by Shawn Anderson on Fri, Jan 01, 2010
We get a number of requests for assistance with deploying Adobe Reader. Here's a quick way to install the software remotely using Admin Arsenal.
Step 1: Download the latest version of Adobe Reader
Step 2: Place the installation file(s) on your computer or on a networked share
Step 3: Select which computer, collection, or OU that you will be installing to and double click to open
Step 4: The Deploy Software window opens. Select the Deployment File button and navigate to the downloaded Adobe Reader installation file. (If additional files were downloaded, be sure to select the Include Entire Directory check box.)
Step 5: Check the Send Password option and enter the following into the Command Line field:
/sAll /rs /rps /msi"ALLUSERS=TRUE EULA_ACCEPT=YES SUPPRESS_APP_LAUNCH=YES"
NOTE: Always test before doing a large push. We've found the above command line to work but Adobe Reader versions change regularly.
The deployment should be very quick and should not be noticed by any users currently logged onto any of the computers receiving the software push.
We have a handful of step-by-step instructions for deploying common applications. If you have an app that is not listed please let us know and we'll get it tested in our lab and post the steps.
The biggest challenge for many is determining the correct command line usage, as was discussed last year.