Sunday, 6 October 2013

iPhone Activation Error

So if you, like me have woken up on 6th October 2013 to find a nice little error on your crApple device asking you to "Activate" then you may want to find out how to fix it.


As the calendar rolls over to 6th Oct; Reports are coming in from all over the World of people with iOS7 beta6 being locked out of their phones due to the expiry of the test version of the nice shiney iOS7 being retired.

Blah blah blah I'm going to cut the crap and just get on with it as it's Sunday morning and I'm trying to enjoy my kids, a bacon butty & a cup of tea...

Get the stuff you need & back it up baby...
  • Download the latest crapTunes or update from within crapTunes.
  • Backup your crapPhone with crapTunes if you can (I couldn't).
  • You can still access photos so if you need to, back them up too.
  • Download the latest version of iOS 7.0.2 from one of these sources (not responsible for external content etc etc) then hold down on the option key (Mac) or the shift key (Windows) and click the “Check for Update” button in the Summary pane of crapTunes. Browse to the file you downloaded. (it will take an age!)
iPad2(Wi-Fi) (iPad2,1) 7.0.2 (11A501)
iPad2(AT&T) (iPad2,2) 7.0.2 (11A501)
iPad2(Verizon) (iPad2,3) 7.0.2 (11A501)
iPad2,4 (iPad2,4) 7.0.2 (11A501)
iPad2,5 (iPad2,5) 7.0.2 (11A501)
iPad2,6 (iPad2,6) 7.0.2 (11A501)
iPad2,7 (iPad2,7) 7.0.2 (11A501)
iPad3,1 (iPad3,1) 7.0.2 (11A501)
iPad3,2 (iPad3,2) 7.0.2 (11A501)
iPad3,3 (iPad3,3) 7.0.2 (11A501)
iPad3,4 (iPad3,4) 7.0.2 (11A501)
iPad3,5 (iPad3,5) 7.0.2 (11A501)
iPad3,6 (iPad3,6) 7.0.2 (11A501)
iPhone4 (iPhone3,1) 7.0.2 (11A501)
iPhone3,2 (iPhone3,2) 7.0.2 (11A501)
iPhone4(Verizon) (iPhone3,3) 7.0.2 (11A501)
iPhone4S (iPhone4,1) 7.0.2 (11A501)
iPhone5,1 (iPhone5,1) 7.0.2 (11A501)
iPhone5,2 (iPhone5,2) 7.0.2 (11A501)
iPhone5,3 (iPhone5,3) 7.0.2 (11A501)
iPhone5,4 (iPhone5,4) 7.0.2 (11A501)
iPhone6,1 (iPhone6,1) 7.0.2 (11A501)
iPhone6,2 (iPhone6,2) 7.0.2 (11A501)
iPodTouch(5G) (iPod5,1) 7.0.2 (11A501)

  •  Choose the file and let it do it's thing.  Don't worry - you won't loose any data either!!!



Thursday, 5 September 2013

There may be too many steps in the task sequence object.

So this was a new one on me.  Before you ask; no, we hadn't made any changes to our system - it just happened.  Yes - it just happened, just like I'm guessing has happened to you if you're reading this.

I fired up my SCCM console locally on my machine.  I went to edit a Task Sequence and then got this little gem: 

Good one uh?  I then jumped on the server and tried the server console.  Still the same.

A bit of twitchy bum moments, log file seaching and a touch of Googling I found that this could be caused by MDT going; what we in the industry call; "Tits up".

Do you have MDT integrated into SCCM too?  You do?  Good - read on...

Try re-running the MDT integration as per the start menu folder location for MDT on your SCCM server and you should find things fine and dandy.

It didn't work?  Oh... Sorry - try this link here.

Wednesday, 17 July 2013

'Consumerization of IT' Taking Its Toll on IT Managers

Upgrade Microsoft OCS 2007 to Lync 2013 in a Windows 7 x86 environment using SCCM 2007: Part 2

Continued from Part 1

Compressing the Lync Client (cont...)

You will now have a folder called Microsoft_Lync_2013_x86_01 containing:

  • This is now the source folder we will point our SCCM package to.  
  •  You will now need to create a program in the package and point it to the TSINSTALL.bat

Creating the Task Sequence

There were several factors involved in my choice to use a task sequence to do this.  Mainly because we can run command lines directly from the TS rather than having to come up with a massively long boring script.

  • Create a new task sequence under the Operating System Deployment section of SCCM
  • Choose "create a new custom task seqeunce"
  • Name it Install Lync 2013 x86 and click finish
  • Add an Install Software step and call it Install Microsoft Lync 2013 x86
  • Choose the package and program you created earlier (an assumption)
  • Create a run command line step to kill of the Communicator process.  Name it Kill Communicator Process and use the command: taskkill /im communicator.exe /f
  • Create a run command line step to kill of the Outlook process.  Name it Kill Outlook Process and use the command: taskkill /im outlook.exe /f
  • Create a run command line step called Remove Live Meeting with the command: MsiExec.exe /X{A98AFBC7-D5A7-46A1-8795-EABE2F55A7D6} /qn REBOOT=ReallySuppress
  • Create a run command line step called Remove OCS 2007 with the command: MsiExec.exe /X{E5BA0430-919F-46DD-B656-0796F8A5ADFF} /qn REBOOT=ReallySuppress
  • Create a run command line step called RemoveOutlook Plugin using the command: MsiExec.exe /X{1DE3088D-E607-4EB0-9223-106E7B5AF2F1} /qn REBOOT=ReallySuppress
  • Create a run command line step called Delete Source Files with the command del c:\lync2013x86 /F /Q - run this step with an admin account as per the tick box at the bottom.
Your Task Sequence should look this this.
*I ticked "Continue on error" in the options tab on every step EXCEPT the install Lync step.

Click OK to save the Task Sequence.

Now advertise the task sequence out to a collection - I advise not populating the collection yet - just test this on 1 computer for now and then add a few more once your happy it's working the way it should.  Tailor the advertisment in as way to suit you; Silently or with an on screen prompt etc. ASAP or a timed schedule...


This is what will happen.

  1. Target computer will recieve policy from SCCM
  2. TS will launch and copy over source folder
  3. Program will run which will create the extract source, extract the 7z install and run setup.exe
  4. Once Lync has installed the TS will kill off OCS & Outlook
  5. It will remove Live Meeting, OCS and the Outlook Plugin
  6. Source files are deleted.

I really hope this works for people and I welcome any constructive comments....


Upgrade Microsoft OCS 2007 to Lync 2013 in a Windows 7 x86 environment using SCCM 2007: Part 1

As part of our ongoing commitments to optimise our users desktop experience; our infrastructure team are currently implementing a Lync back end.  Of course it comes to me to package and deploy the client out to our estate.  As we are currently running a mixture of XP and Win7/8 there is a different method required for XP.

In this post I will explain how I went about packaging up Lync so it would remove any legacy installs of Office Communicator and replace it will Lync.

This is going to be a lengthy one so make coffee - LOTS of coffee.  Hopefully though it will help other people to achieve the same as me should that be what they require.

You will need the following:

Lync 2013 x86 client (I downloaded the ISO from our VLSC)
7zip (executable AND command line)


  • You are proficient in SCCM 2007 packaging and deploying
  • you have used the OCT to customise Office installs
  • You require a silent install 

Packaging the Lync client

Customising the install

Assuming you have the above we will first setup the Custom.MSP file via the OCT.  Once you have extracted the ISO your file structure will look like the above.  You will not have the "Admin" shortcut so we create that now.

  1. Right click "setup.exe" and click "create shortcut"
  2. Rename "setup.exe - shortcut" to "Admin"
  3. Right click "Admin" and at the end of the Target path you need to add "/admin".  Mine looks like this: "\\MYSCCMSERVER\Packages\Microsoft_Lync_2013_x86\setup.exe" /admin
  4. Click OK
  5. Double click Admin and you will be prompted to create or open an MSP file - just click OK to create a new one.
  6.  Under Setup, click Install location and organisational name - enter your org name here.
  7. Under Licensing & User Interface choose your method of entering the product key - I use KMS.
  8. Click I accept the terms... box, change display level to "none" and tick suppress modal
  9. Under "Additional content" click "Add registry entries" and add the following:
  10. Machine setting
    1. Root : HKEY_Local_Machine
    2. Type: DWORD
    3. Key: Software\Policies\Microsoft\Office\15.0\Common\General
    4. Name: ShownFirstRunOptin
    5. Value: 0×00000001
  11. User Setting
    1. Root : HKEY_Current_User
    2. Type: DWORD
    3. Key: Software\Microsoft\Office\15.0\Common\General
    4. Name: ShownFirstRunOptin
    5. Value: 1
Once you are happy that you have customised your install accordingly click "file" "save as" and save the file into the "updates" folder of the Lync package as "custom.msp".

Compressing the Lync Client

Using 7zip we will now compress the source folder.  Simply right click the folder that contains your install and select 7-Zip>Add to "(foldername).7z"

Create a second folder and add the resulting 7z file - this is the folder that will be deployed over to the clients machines.  For this example mine is called "Microsoft_Lync_2013_x86_01"

Add the 7za.exe command line tool you downloaded (you did download it right?)
Create a batch file called "TSINSTALL.bat".  In the batch file add the following lines:

md c:\lync2013x86
7za.exe x Microsoft_Lync_2013_x86_01.7z -oC:\lync2013x86
cd c:\lync2013x86

Continue to PART 2

Friday, 28 June 2013

Enabling Bitlocker on a Windows 2 Go Device

When you try to turn on BitLocker on the Windows 2 Go device you created in the previous post  you'll possibly see the following message:

This device can't use a Trusted Platform Module.  Your administrator must set the "Allow BitLocker without a compatible TRP" option in the "Require additional authentication at startup" policy for OS volumes.


1. "Windows+R" to start the Run command .

2. Type "gpedit.msc" and click OK.

3. A new window will open.

4. Click on Administrative Templates under Computer Configuration

5. Double Click on Windows Components (right window pane).

6. Double Click on BitLocker Drive Encryption.

7. Double Click on Operating System Drives.

8. Double Click on Require Additional Authentication at Startup

9. A new window will be opened.

10. Click "Enabled"

11. Click OK and close the window.


  • Load gpedit.msc
  • Local computer policy\Administrative Templates\Windows Components\Bit Locker Encryption
  • Turn on the following :
o   ‘Store BitLocker recovery information in AD DS’
  • Local computer policy\Administrative Templates\Windows Components\Bit Locker Encryption\Fix data drives

o   ‘Choose how bitlocker-protected fix drives can be recovered’

  • Local computer policy\Administrative Templates\Windows Components\Bit Locker Encryption\Operating System Drives
o   ‘Choose how Bitlocker-protected OS drives can be recovered’
  • Local computer policy\Administrative Templates\Systems\Trusted Platform Module services

o   ‘Turn on TPM backup to AD DS’

  • Open CMD
  • Type ‘manage-bde -protectors -get c:’
  • You should get a similar return
o    BitLocker Drive Encryption: Configuration Tool version 6.1.7601
o    Copyright (C) Microsoft Corporation. All rights reserved.
o    Volume C: [OSDisk]
o    All Key Protectors
o    TPM:      ID: {1B86C47C-B81E-4F1A-A8C2-598B9F54C99C}
o    Numerical Password:  ID: {FE3311F0-0ED2-419D-8455-B10D3A104887}
o    Password:  551463-589820-493438-138534-340098-388795-215589-457996
  • Then type ‘manage-bde -protectors -adbackup c: -id {Numerical Password}’
                                 you should get:
o    BitLocker Drive Encryption: Configuration Tool version 6.1.7601
o    Copyright (C) Microsoft Corporation. All rights reserved.

o    Recovery information was successfully backed up to Active Directory.

Copy the following into a VBS script and run it to pull the information over to  AD

' This script demonstrates the addition of an Access Control Entry (ACE)
' to allow computers to write Trusted Platform Module (TPM)
' recovery information to Active Directory.
' This script creates a SELF ACE on the top-level domain object, and
' assumes that inheritance of ACL's from the top-level domain object to
' down-level computer objects are enabled.
' Last Updated: 07/01/2006
' Last Reviewed: 09/19/2009
' Microsoft Corporation
' Disclaimer
' The sample scripts are not supported under any Microsoft standard support program
' or service. The sample scripts are provided AS IS without warranty of any kind.
' Microsoft further disclaims all implied warranties including, without limitation,
' any implied warranties of merchantability or of fitness for a particular purpose.
' The entire risk arising out of the use or performance of the sample scripts and
' documentation remains with you. In no event shall Microsoft, its authors, or
' anyone else involved in the creation, production, or delivery of the scripts be
' liable for any damages whatsoever (including, without limitation, damages for loss
' of business profits, business interruption, loss of business information, or
' other pecuniary loss) arising out of the use of or inability to use the sample
' scripts or documentation, even if Microsoft has been advised of the possibility
' of such damages.
' Version 1.0.1 - Tested and re-released for Windows 7 and Windows Server 2008 R2


' --------------------------------------------------------------------------------
' Access Control Entry (ACE) constants
' --------------------------------------------------------------------------------

'- From the ADS_ACETYPE_ENUM enumeration
Const ADS_ACETYPE_ACCESS_ALLOWED_OBJECT      = &H5   'Allows an object to do something

'- From the ADS_ACEFLAG_ENUM enumeration
Const ADS_ACEFLAG_INHERIT_ACE                = &H2   'ACE can be inherited to child objects
Const ADS_ACEFLAG_INHERIT_ONLY_ACE           = &H8   'ACE does NOT apply to target (parent) object

'- From the ADS_RIGHTS_ENUM enumeration
Const ADS_RIGHT_DS_WRITE_PROP                = &H20  'The right to write object properties
Const ADS_RIGHT_DS_CREATE_CHILD              = &H1   'The right to create child objects

'- From the ADS_FLAGTYPE_ENUM enumeration
Const ADS_FLAG_OBJECT_TYPE_PRESENT           = &H1   'Target object type is present in the ACE
Const ADS_FLAG_INHERITED_OBJECT_TYPE_PRESENT = &H2   'Target inherited object type is present in the ACE

' --------------------------------------------------------------------------------
' TPM and FVE schema object GUID's
' --------------------------------------------------------------------------------

'- ms-TPM-OwnerInformation attribute

'- ms-FVE-RecoveryInformation object

'- Computer object
SCHEMA_GUID_COMPUTER = "{BF967A86-0DE6-11D0-A285-00AA003049E2}"

'Reference: "Platform SDK: Active Directory Schema"

' --------------------------------------------------------------------------------
' Set up the ACE to allow write of TPM owner information
' --------------------------------------------------------------------------------

Set objAce1 = createObject("AccessControlEntry")


objAce1.Trustee = "SELF"
objAce1.AccessMask = ADS_RIGHT_DS_WRITE_PROP
objAce1.InheritedObjectType = SCHEMA_GUID_COMPUTER

' --------------------------------------------------------------------------------
' NOTE: BY default, the "SELF" computer account can create
' BitLocker recovery information objects and write BitLocker recovery properties
' No additional ACE's are needed.
' --------------------------------------------------------------------------------

' --------------------------------------------------------------------------------
' Connect to Discretional ACL (DACL) for domain object
' --------------------------------------------------------------------------------

Set objRootLDAP = GetObject("LDAP://rootDSE")
strPathToDomain = "LDAP://" & objRootLDAP.Get("defaultNamingContext") ' e.g. string dc=fabrikam,dc=com

Set objDomain = GetObject(strPathToDomain)

WScript.Echo "Accessing object: " + objDomain.Get("distinguishedName")

Set objDescriptor = objDomain.Get("ntSecurityDescriptor")
Set objDacl = objDescriptor.DiscretionaryAcl

' --------------------------------------------------------------------------------
' Add the ACEs to the Discretionary ACL (DACL) and set the DACL
' --------------------------------------------------------------------------------

objDacl.AddAce objAce1

objDescriptor.DiscretionaryAcl = objDacl
objDomain.Put "ntSecurityDescriptor", Array(objDescriptor)

WScript.Echo "SUCCESS!"