The D-Spot (The Deployment Spot)

1. Purpose:

Instead of using the ‘Devicepath’ method; with the Microsoft utility DPINST.EXE, it is possible to do a pre-installation of different device drivers; a major advantage is that de device can be attached later (even in a User context), without any intervention needed.
On installation with DPINST the drivers are installed in
C:\Windows\System32\DRVSTORE
Important: this method has nothing to do with the ‘Local Cache’.

2.     Prerequisites:
DPInst.exe
DPInst.xml

Is part of “Driver Installation Tools 2.01” downloaded from Microsoft

3.     Procedure:

 Download and/or extract the device drivers.

Normally the drivers are in the drivers folder of the extracted files, eventually under a sub-folder for the operating system (WinXP_32). 

A set of drivers should contain, one ore more:

*.cat files (Security Catalog)

*.inf files (Setup Information)

*.sys files (System File)

other files

 Add DPINST.exe and DPInst.xml in that folder.

The provided DPInst.xml file contains following parameters:

 <?xml version=”1.0″?>
<dpInst>
   <quietInstall/>
   <forceIfDriverIsNotBetter/>
   <suppressAddRemovePrograms/>
   <legacyMode/>  
</dpInst>

Manually Pre-Installation (stand-alone): 
Launch DPINST.EXE from the folder above created folder. Follow the instructions on screen.

Manually Pre-Installation (stand-alone with command-line switches on DPINST.exe):
Launch DPINST.EXE from the folder above created folder, with command-line switches: /lm /q /sw

IMPORTANT:

The command-switches are prior to the settings used in the DPInst.xml file.

 Command-switches explanation for above command-line:

/lm

The /lm command-line switch sets the legacyMode flag to ON, which configures DPInst to accept unsigned driver packages and driver packages that have missing files. For more information, see “Setting the legacyMode Flag” earlier in this paper.

/q or /s

The /q or /s command-line switch sets the quietInstall flag to ON, which suppresses the display of wizard pages, user dialog boxes, and other user messages that DPInst and Windows generate. The quietInstall flag works in combination with the presence of a EULA page and the suppressEulaPage flag, as described earlier in this paper in “Setting the quietInstall Flag” and “Setting the suppressEulaPage Flag”.

/sw

The /sw command-line switch sets the suppressWizard flag to ON, which suppresses the display of wizard pages and other user messages that DPInst generates. The suppressWizard flag works in combination with the presence of a EULA page and the suppressEulaPage flag, as described earlier in this paper in “Setting the suppressWizard Flag” and “Setting the suppressEulaPage Flag”.

I always struggle to import certificates. But with this commandline-tool (importpfx.exe) it is easy to install them.

———–

Go to http://home.fnal.gov/~jklemenc/dl/importpfx.zip and download importpfx.
Unzip it.
Usage: importpfx.exe -f -p -t USER|MACHINE -s [-r "Subject OU to remove" | -all]

This utility will import a PKCS12 certificate file (with a .p12 or .pfx extension) into the certificate store specified by the -s parameter.

The default behavior is to overwrite like certificates (if available). The -r “Subject OU” will remove all certificates matching the Subject CN
in from the CN in the PKCS12 file and the Subject OU set to the -r parameter.

PARAMETERS:
-f = PKCS12 filename
-p = Password to secure the private key with
-t = Store type (USER or MACHINE)
-s = The certificate store to import into (MY is a common param)

-r “Subject OU Text” = Delete all user certificates in which the Subject OU matches the -r “Subject OU Text” and the Subject CN matches the PKCS12 Subject CN
-r -all = Delete ALL user certificates in the

Import a PKCS12 file into the local machine Testing store and delete any stored certificates with a Subject containing OU=”Self-Signed CA”:
importpfx.exe -f x509.p12 -p “” -t MACHINE -s Testing -r “Self-Signed CA”

Delete ALL certificates in the USER MY store:
importpfx.exe -t USER -s MY -r -all

Examples:
Import a PKCS12 file into the MY store, overwriting if allowed:

importpfx.exe -f clientcert.p12 -p “testpwd” -t USER -s MY

Advantages : Silent install & You don’t have to know the username that is logged in.

source:http://www.symantec.com/connect/forums/install-p12-certificate-silently

Late last week, the Office engineering team announced that Office 2010 RTM has been released.

As it seems, the public beta was already downloaded by 7.5 million people, this latest Office release is going to be a success.

If you want to read more on the new features in this release, or are just curious, checkout here

The Final build number is 14.0.4763.1000.

Downloads for msdn/technet people should be available on April 22th, for existing Volume Licensing customers with SA the date is April 27th.

Retail boxes should be available from June on

A Virtual Launch event is also planned on May 12 : http://www.the2010event.com

Enjoy!

The Altiris Beta program moved from http://beta.altiris.com to http://www.symantec.com/connect/ogproduct/endpoint-management-solutions-beta

The beta process has been moved to Symantec Connect, where we can take advantage of the existing community.  As part of your beta experience, you may submit feedback in the form of articles, forum postings, and comments.  At any time, you may submit feedback directly to altrisbeta@symantec.com. 

Full post @  http://www.symantec.com/connect/blogs/altiris-beta-program-welcome-message

This morning a customer had 4 Win2000 servers with low memory problems. At first sight, task manager didn’t reveal any high memory-consuming processes. Aclient was consuming about 9000kb. Since these are production machines we can’t just reboot them whenever we feel like doing so.

We’ve upgraded the server to DS 6.9 SP3 two weeks ago. In the release notes (known issues), I’ve found an Altiris article that discusses our problem and the workaround was disabling the Agent autoupgrade feature and downgrading the Aclient Agent to 6.9 SP2 version on Win2000 servers. Luckily for me, Altiris posted a permanent solution this afternoon

Article #51997
https://kb.altiris.com/article.asp?article=51997&p=1

When you define Security groups in DS 6.9 SP3 in combination with the option “Display only computers and jobs the user has rights to manage”, users may experience a very very slow interface. By default, any user who can access the DS console, can see all jobs/computers. 

There’s a noticable difference in performance when you need to browse jobs via the ‘select a job’ option because here Altiris evaluates all jobs against the user’s permissions.

I didn’t experience this behaviour as a DS Admin. This would be a good option if it didn’t slow down the console so much!