Uninstall SEP client Through GPO

Hello,

I have found one of the Best way to uninstall SEP clients in a large numbers with the help of GPO.I have tested this in my test environment. By the help of this Article you will be able to uninstall the SEP client through Group Policy Object.

What you have to do is create a startup or shut down script.

Note:-In SEPM side you need to remove uninstall password.

  1. To Remove Uninstall Password settings in SEPM go to

SEPM console->Clients tab ->Policies ->General Settings-> Security Settings.

To Get Uninstall String in SEP client

Uninstall String is different for Every version of Sep client

SEP Client  12.1.671.4971.105

MsiExec.exe /I{A3AEEA68-AC93-4F6F-8D2D-78BBF7E422B8}

SEP 12.1.2

MsiExec.exe /I {C2103AF2-E66C-446B-9791-9207840EC821}

Follow these steps to get Uninstall Strings.

  1. Start->RUN->Regedit
  2. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3AEEA68-AC93-4F6F-8D2D-78BBF7E422B8}.

Uninstal_1.JPG

Create Batch File

@Echo off

MsiExec.exe /x {C2103AF2-E66C-446B-9791-9207840EC821}  /qn

Exit

Create Batch file as uninstall.bat and save it into AD net logon folder (Shared Location).

How to run Batch file Through Group Policy

1. Start Run ->GPMC.MSC.

2. Right click on Domain name and select create a GPO in the domain

Uninstall1_0.jpg

3. Give the GPO name (SEP uninstall)

Uninstal2.jpg

4. Edit Newly Created GPO SEP uninstall.

Uninstal3.jpg

5. Go to Computer Configuration ->Policies ->Windows Settings ->Select Script (Startup/Shutdown).

Uninstal4.jpg

6. Select Startup Script ->Add.

Uninstal5.jpg

7. Browse Batch file ( Shared Location) -> Ok.

Uninstal6.png

Uninstal7.jpg

8. Apply Ok.

Uninstal8.jpg

9. Select AD OU where you want to apply and  select Link an Existing GPO.

Uninstal9.jpg

10. Select GPO and OK.

Uninstal10.jpg

10 Restart Computer.

11.This process will take 5 to 10 min. for removing Sep client.

Note:-

  • In SEPM side you need to remove uninstall password.
  • I have tested this process in my testing environment successfully
  • Please use this article First in your test environment then apply to your production environment.

I hope this Article will helpfull to you all……

Loopback processing of Group Policy, explained.

http://kudratsapaev.blogspot.com/2009/07/loopback-processing-of-group-policy.html

Hi guys,

Today I want to write a few words about Loopback processing of Group Policy. When you deal with this setting for the first time it may be a little bit confusing. You can find explanations of this policy setting on the internet, but in my case I will try to explain everything in simple words.

As we know group policy has two main configurations, user and computer. Accordingly, the computer policy is applied to the computer despite of the logged user and the user configuration is applied to the user despite of the computer he is logged on.
For example we have a Domain, this Domain has two different organizational units (OU) Green and Red, Green OU contains a Computer account and Red OU contains User account. The Green policy, which has settings “Computer Configuration 2” and “User Configuration 2” is applied to the OU with the computer account. The Red policy, which has settings “Computer Configuration 1” and “User Configuration 1”, is applied to the OU with the User account. If you have a look at the picture below it will become clearer.


If Loopback processing of Group Policy is not enabled and our User logs on to our Computer, the following is true:


As we can see from the picture, the User gets Computer Configuration 2 and User Configuration 1. This is absolutely standard situation, where policies are applied according to the belonging to the OU. User belongs to the Red OU, he gets the Red User configuration 1 accordingly.

Now let’s enable the Loopback processing of Group Policy for the Green OU. In this case if the User logs on to the Computer, the policies applied in the following way:

As we can see, now the User is getting User Configuration 2 despite of the fact that he belongs to the Red OU. So, what has happened in this scenario, the User Configuration 1 was replaced with the User Configuration 2, i.e. with the configuration applied to the Computer account.

As you have probably noticed, the picture above says “Loopback in replace mode”. I have to mention that the Loopback processing of Group Policy has two different modes, Replace and Merge. It is obvious that Replace mode replaces User Configuration with the one applied to the Computer, whereas Merge mode merges two User Configurations.


In Merge mode, if there is a conflict, for example two policies provide different values for the same configuration setting, the Computer’s policy has more privilege. For example in our scenario, in case of the conflict the User Configuration 2 would be enforced.

In the real work environment Loopback processing of Group Policy is usually used on Terminal Servers. For example you have users with enabled folder redirection settings, but you do not want these folder redirection to work when the users log on to the Terminal Server, in this case we enable Loopback processing of Group Policy in the Policy linked to the Terminal Server’s Computer account and do not enable the folder redirection settings. In this case, once the User logged on to the Terminal Server his folder redirection policy will not be applied.

To enable Loopback Processing navigate to: Computer Configuration/Administrative Templates/System/Group Policy/Configure user Group Policy loopback processing mode

What is a SPN and why should you care?

http://blogs.msdn.com/b/autz_auth_stuff/archive/2011/04/28/what-is-spn-and-why-should-you-care.aspx

I remember the first time I saw the acronym SPN when I were introduced to WCF some years ago.

After reading the article in MSDN I didn’t feel better. What is a ServicePrincipalName?

The way I usually think now (and I apologize for you that don’t know the DNS lingo) is that it is conceptually the same as a CNAME record.

A SPN is nothing more fancy than an alias (or pointer) for a domain account, e.g.

HTTP/HRWeb is an alias for the domain account  MyDomain\HRWebAct

You can have more than one SPN pointing to the same domain account:

HTTP/HRWeb2 is also an alias for the domain account MyDomain\HRWebAct

In fact, the SPN: “HTTP/HRWeb is an entry in the attribute servicePrincipalName for the account HRWebAct in the Windows Active Directory Domain MyDomain.com §

The next obviously question would be: why do you need an alias?

The answer to that is a bit longer, and this is the beginning of the journey into the mystery of Kerberos.

Let me start with a little quiz that illustrates the complexity of Kerberos and the reason why people shy away from using Kerberos. The quiz is based on a real customer experience but sanitized to protect the customer identity.

(The following could also be a question in a certification test in Windows and Kerberos).

  • You have a Windows Server 2008 R2 server called MyWebServer that is member of the Active Directory domain MyDomain.com
  • The Active Directory is configured on Windows Server 2003 server using the default options during installation.
  • On the web server you have several web sites including an HR Application: HRWeb
  • You prefer that your users is navigating to the application using a simple url like http://HRWeb
  • The HRWeb application need to connect to a SQL Server 2008 R2 database using “Integrated Security=SSPI” in the connection string
  • Only authorized people may use the HRWeb application
  • You want to manage permission on the database

Then (as usual for this kind of certification test) a list of what you are doing to solve this requirement:

  • Create a DNS Alias for HRWeb that refer to MyWebServer.MyDomain.com
  • Configure binding for the site with hostname HRWeb and port 80
  • Create an application pool with the identity of a domain account MyDomain\HRWebAct
  • Configure the web site to use impersonation
  • Create a SPN using the command line to setspn.exe with the following parameters: HTTP/HRWeb MyDomain\HRWebAct
  • Grant users the appopriate permissions on the SQL Server to access the HRWeb database

Will this list of action satisfy the requirement? [Yes / No ]

I will supply the answer and explanations to the question in my next post. Feel free to comment with your answer and explanation.

How to Find the Best WiFi Channel For Your WiFi Network

Sys4ARAB

Most of the time, we just connect the router to the LAN port, do some simple configuration and start using the WiFi network. In some instances, the WiFi connection is fast, but for the rest of the time, it is slow like turtle. While there are many ways to increase WiFi connection speed, one of the easiest way is to switch the default WiFi channel to one that is less congested.

For those who are not sure what WiFi channels are, they are basically a spectrum of frequency space that the WiFi signal can transmit to. Different frequency bands (2.4GHz, 3.6 GHz, 4.9 GHz, 5 GHz, and 5.9 GHz) come with its own range of channels. Most routers are using the 2.4GHz band and there is a total of 14 channels for this band, though only 13 (or less) are mostly used throughout the world.

The main issue with…

View original post 623 more words

How to Find the Best WiFi Channel For Your WiFi Network

http://www.maketecheasier.com/find-best-wifi-channel/

Most of the time, we just connect the router to the LAN port, do some simple configuration and start using the WiFi network. In some instances, the WiFi connection is fast, but for the rest of the time, it is slow like turtle. While there are many ways to increase WiFi connection speed, one of the easiest way is to switch the default WiFi channel to one that is less congested.

For those who are not sure what WiFi channels are, they are basically a spectrum of frequency space that the WiFi signal can transmit to. Different frequency bands (2.4GHz, 3.6 GHz, 4.9 GHz, 5 GHz, and 5.9 GHz) come with its own range of channels. Most routers are using the 2.4GHz band and there is a total of 14 channels for this band, though only 13 (or less) are mostly used throughout the world.

The main issue with channel is that most routers are configured to use the same channel. In a place where there are many routers, this specific channel will become congested and other WiFi networks will interfere with your WiFi signal, causing it to go slow.

Here are the ways to find the best WiFi channels to use.

Detecting WiFi Channels in Windows

For Windows, you can use the software Wi-Fi Inspector by Xirrus to get the work done. Download, install and launch the WiFi Inspector. It will scan all the WiFi networks in the vicinity and shows all the information on the screen.

wifi-inspector-results

There is a lot of information in the dashboard. To get it to display what you want, simply click the “Networks” button and sort the results by “Channel”. You can then find all the channels used by various networks and which channel is the least used.

Another free software that you can use is WifiInfoView by Nirsoft. It is a lightweight application that doesn’t require any installation. Just fire it up and it will show you the information about the WiFi networks in the vicinity.

wifi-info-view-results

Detecting WiFi Channels in Linux

There are several tools in Linux that you can use to scan the neighboring WiFi network, but the easiest I have come across is Wifi Radar. It has a simple interface that scan all the WiFi networks and display their information, including the WiFi channels they are on, on the screen.

wifi-radar-detect-channel-strength

From there, you can see which channel is not being used and switch the channel settings in your router.

WiFi Radar is available in most distro’s package manager. In Ubuntu, you can install directly from the Ubuntu Software Center. Alternatively, use the commands:

sudo apt-get install wifi-radar

to install from the terminal.

Alternatively, for those command-line geeks, here is an easier way to find out which channels are congested. In the terminal, type:

sudo iwlist wlan0 scan | grep Frequency | sort | uniq -c | sort -n

wifi-scanning-channel-users

This will show you how many networks are on each channel.

You can also use the following command to find out which channels your WiFi adaptor supports.

iwlist wlan0 channel

Detecting WiFi Channels in Mac

Mac OS X comes with a useful tool that allows you to find out which channel is least congested and most optimum for your router. However, the tool is hidden and not easily accessible.

1. Press the “Alt” button and click the “Wifi” icon at the system tray. In the dropdown, you should see an option “Open Wireless Diagnostic”.

mac-open-wifi-diagnostic

2. In the “Wireless Diagnostic” window, move your cursor to the menu bar and select “Windows -> Utilities”. Go to the “Wifi Scan” tab and click “Scan Now”.

mac-wifi-scan-best-channel

3. Once it has finished scanning, you will be able to see which are the best channels for your router and WiFi network.

Changing the Wifi Channel in your router

As there are thousands of routers around, it is impossible for us to cover the instruction for all of them. However, most of them follow the same method to modify the channel settings.

1. Connect to your WiFi network and check its IP address. Most of the time, it will be of the form “192.168.x.x”.

2. Open a browser and type the IP address into the URL bar, but change the last string of digits (after the last dot) to 1 (or 0 if 1 doesn’t work). For example, for an IP address of 192.168.1.22, you will use 192.168.1.1. Press Enter. This should bring up the router admin page.

3. Login to the router admin page and go to the Wireless section. From there, you will be able to configure your Wifi settings, as well as change the channel for your WiFi network.

3 Ways To Backup User Profile In Windows 7

If you are a Windows 7 user and have gone through the C drive, you’ll have probably seen a folder called Users. This Users folder stores all your user profiles, which includes all your settings and user data.

Since your user profile has all your important documents and settings, it makes sense to back up a copy so that if your PC crashes, you can easily restore back the settings. However, you can not back up the user profile folder by just copying the folder to a safe place because it will always be in use when you’re logged in. There is a risk that files are not copied properly and leads to data loss.

There are several methods by which we can backup the complete user profile.

1. Backup User Profile Using Windows Backup

The Windows Backup method is the easiest method to back up a user profile in Windows 7.

  • Go to Windows Start Menu Search and type “backup and restore“. Select the first search result which will be Windows Backup and Restore utility.
  • Select the destination where you would like to back up your user profile. You can either choose a drive in your computer or a network share. There is no option to select a specific folder to back up to.
  • Once you have selected the drive, it will create a folder called Backup and back up all your data in the Backup folder.
  • On the next screen, you should choose “Let me choose” radio button to select the profile to back up.

windows-setup-backup-location

On the next screen, you have to choose what you want to back up. You should un-check everything and only select the user profile folder that you want to back up. Also make sure that you have unchecked “Include a system image of drives: (C:).

windows-backup-location

Clicking on “Next” will take you to the next screen to check your backup settings. Make sure everything is correct. Click “Save settings and exit”. You may also schedule the backup to automatically backup the specified folder at regular intervals. You can also run the backup now from Backup and Restore Control Panel item.

2. Backup User Profile Using Windows User Profile Tool

The second method is much simpler to use. Windows provides a User Profile Tool to copy, delete or move a user profile.

  • Go to Windows Start Menu Search and search for “View advanced system settings“. Select the first result which will open Advanced System Properties.
  • There are three settings: performance, user profiles and startup and recovery. Click the Settings button under User Profiles.
  • This will open up the User Profiles settings. The user profiles of all the users are listed here. You can select any user and delete the profile or change its type.

In most cases, you will find that the “Copy To” button is disabled. To enable it, download Enabler and run it (the Enabler is portable, you just need to unzip and run. There is no need to install).

Run Enabler and click Enable.

Note: When you run Enabler, make sure that only the User Profiles settings window is open. If there is more than one window open, Enabler will try to process each window and will hang in the middle if there are many windows open.

windows-enabler

This will, most probably, enable the “Copy To” button. If it is not enabled, just close the window and open the User Profile settings again. You’ll need to select the user profile from the list to enable to “Copy To” button.

windows-copy-to-button

In most cases, the Enabler will work but there are times when it will not be able to enable the “Copy To” button. You’ll need to try again and again until it works.

3. Backup User Profile Using DataGrab

DataGrab is a portable user profile backup tool with lots of options for backup customization. Once you open DataGrab, it will automatically find the user profile folder in the system drive. You can also select other drives if there are user profile data placed in any other drive other than the Windows system drive.

windows-DataGrab

You can select which folders in the user profile to back up. DataGrab will automatically list all the folders under the user profile of that user. It also gives options to back up application data of important software like Outlook, Firefox etc. There are several other options that you can configure if you want further customization. The last thing to check out before hitting the Copy button is the Backup Location. You should change the backup location from the default C:\\ClientData to some other drive other than the system drive. This will give you more security of the backup. DataGrab also allows you to append the date to the backup folder. This is beneficial if you are taking regular backups through DataGrab.

The biggest advantage of DataGrab is that it can also be use to back up an Offline Windows installation. If your Windows get corrupted, you only need to attach that hard drive to a running Windows System and backup the user profiles from the dead Windows. You can even burn DataGrab on a CD-ROM and boot from the CD-ROM to back the problematic system.

Another feature of DataGrab worth mentioning is the different copy methods supported. It supports different methods to copy the data to a safe location. This ensures that if one method fails, there’s always another method to work on. The recommended copying method is using Unstoppable Copier. By default, Unstoppable Copier is not included in DataGrab and you need to download it and place it in the DataGrab folder. If DataGrab finds Unstoppable Copier, it’ll will automatically use this preferred method.

You can download DataGrab from the author’s site.

What other ways do you use to back up your Windows user profile?

4 out of 5 dentists recommend this WordPress.com site