Clients upgrade to 1702


En attendant que la 1702 s’installe, comme d’habitude, je prépare la collection de suivi des clients devant encore être mis à jour…

image

La MAJ se fait automatiquement depuis quelques versions maintenant, mais cette collection me permet de brusquer un peu les choses avec les right click tools Smile

Bonne mise à niveau à tous!

Pierre.

Publié dans Uncategorized | Laisser un commentaire

Installer la CB1702 des aujourd’hui…


Si vos serveurs sont à jour coté OS et SQL (entendez par là qu’ils exécutent à la fois Windows Serveur et SQL serveur en version 2012 ou +), la mise à jour 1702 est pour vous….sinon, un prochain post vous expliquera comment les mettre à jour ‘in-place’.

Par contre Microsoft a mis a disposition la 1702 dans le fast ring, qui n’est pas le ring par défaut sur SCCM…il faut donc changer vos serveurs de Ring si vous voulez installer des aujourd’hui..

Pour cela téléchargez le script mis à disposition par MS , puis exécutez dans une invite PowerShell en admin, la commande suivante (ici mon serveur de prod en exemple).

Windows PowerShell
Copyright (C) 2014 Microsoft Corporation. Tous droits réservés.
PS C:\> cd .\EnableFastRing1702
PS C:\EnableFastRing1702> .\EnableFastUpdateRing1702.ps1

applet de commande EnableFastUpdateRing1702.ps1 à la position 1 du pipeline de la commande
Fournissez des valeurs pour les paramètres suivants :
(Tapez !? pour obtenir de l’aide.)
siteServer: CM01.corp.redkaffe.com
-Message Determine the providers on the siteServer: ‘CM01.corp.redkaffe.com’
-Message SiteCode: ‘RK1’
-Message Provider Machine Name: ‘CM01.corp.redkaffe.com’

Path          : xxxxx= »SMS_DMP_DOWNLOADER|SM
                S Dmp Connector »,ItemType= »Component »,SiteCode= »RK1″
RelativePath  : SMS_SCI_Component.FileType=2,ItemName= »SMS_DMP_DOWNLOADER|SMS Dmp
                Connector »,ItemType= »Component »,SiteCode= »RK1″
Server        : CM01.corp.redkaffe.com
NamespacePath : root\SMS\site_RK1
ClassName     : SMS_SCI_Component
IsClass       : False
IsInstance    : True
IsSingleton   : False

The command(s) completed successfully

PS C:\EnableFastRing1702>

 

Relancez votre console SCCM et lancez la recherche de mise à jour, si elle n’apparait pas redémarrez votre serveur, elle devrait vous être proposée à la prochaine ouverture de la console…

image

Ensuite comme d’habitude, validez les prérequis puis installez..

Bonne journée,

Pierre.

Publié dans Deployment, Scripting, Security, System Center, vNext | Tagué , , , , , , , , | Laisser un commentaire

Sccm cb1702…plus de support pour 2008R2 ni SQL 2008!


Attention aux deadlines et au support de vos serveurs si vous ne les avez pas encore upgradés…

Version 1702 drops support for the following products:

SQL Server 2008 R2, for site database servers. Deprecation of support was first announced on July 10, 2015. This version of SQL Server remains supported when you use a Configuration Manager version prior to version 1702.
Windows Server 2008 R2, for site system servers and most site system roles. Deprecation of support was first announced on July 10, 2015. This version of Windows remains supported when you use a Configuration Manager version prior to version 1702.
Windows Server 2008, for site system servers and most site system roles. Deprecation of support was first announced on July 10, 2015.

Publié dans 2008R2, Deployment, Migration, System Center | Laisser un commentaire

Configuration Manager 1610 Hotfix: KB4016483


Le 5eme hotfix pour SCCM CB 1610 est disponible des aujourd’hui dans toutes les consoles à jour Smile

CORRECTIF : Nouveaux déploiements ne sont pas disponibles dans le centre de logiciel sur les clients Configuration Manager

Symptômes

Lorsque vous ouvrez le centre du logiciel sur un client Configuration Manager, les nouveaux déploiements ne figurent pas si les conditions suivantes sont remplies :

  • Un client de succursale en cours de Configuration Manager a été déployé à l’aide de l’étape de séquence de tâches d’installation Windows et ConfigMgr .

  • Une fois que vous mettez à niveau vers la version de client 1610, une mise à jour du client (hotfix) est installé, ou un pack de langue client est installé ou supprimé à l’aide de la fonctionnalité de Mise à niveau automatique du Client .

Dans ce scénario, le client est bloqué en Mode de mise en service.

Remarque Pour confirmer qu’un client est affecté par ce problème, recherchez ProvisioningMode la valeur true dans le Registre sous HKEY_LOCAL_MACHINE\Software\Microsoft\CCM\CcmExec.

Résolution

Cette mise à jour empêche ce problème sur des clients qui ne sont pas déjà en Mode de mise en service.

Pour les clients qui sont déjà bloqués en Mode de mise en service, Utilisez la méthode SetClientProvisioningMode à partir d’une invite de commandes avec élévation de privilèges :

Powershell.exe Invoke-WmiMethod -Namespace root\CCM -Class SMS_Client -Name SetClientProvisioningMode -ArgumentList $false
Informations de mise à jour pour System Center Configuration Manager, version 1610

Cette mise à jour est disponible pour l’installation via le nœud mises à jour et la maintenance de la console Configuration Manager.
Si le point de connexion de service est en mode hors connexion, vous devez réimporter la mise à jour afin qu’il ne figure pas dans la console Configuration Manager. Pour plus d’informations, consultez mises à jour pour System Center Configuration Manager.

Informations sur le redémarrage

Vous n’êtes pas obligé de redémarrer l’ordinateur après avoir appliqué cette mise à jour.

Mettre à jour les informations sur le remplacement

Cette mise à jour ne remplace aucune mise à jour précédemment publiée.

à vos consoles, prets, patchez!

Pierre.

Publié dans Deployment, System Center | Tagué , , , | Laisser un commentaire

Patch Tuesday!


Et la liste est longue Smile

(forcement on en a pas eu le mois dernier…)

********************************************************************

Microsoft Security Bulletin Summary for March 2017

Issued: March 14, 2017

********************************************************************

This bulletin summary lists security bulletins released for March 2017.

The full version of the Microsoft Security Bulletin Summary for March 2017 can be found at <https://technet.microsoft.com/library/security/ms17-mar>.

Critical Security Bulletins

============================

MS17-006

– Affected Software:

– Windows Vista Service Pack 2:

– Internet Explorer 9

– Microsoft Internet Messaging API

– Windows Vista x64 Edition Service Pack 2:

– Internet Explorer 9

– Microsoft Internet Messaging API

– Windows Server 2008 for 32-bit Systems Service Pack 2:

– Internet Explorer 9

– Microsoft Internet Messaging API

(Windows Server 2008 Server Core installation not affected)

– Windows Server 2008 for x64-based Systems Service Pack 2:

– Internet Explorer 9

– Microsoft Internet Messaging API

(Windows Server 2008 Server Core installation not affected)

– Windows Server 2012:

– Internet Explorer 10

(Windows Server 2012 Server Core installation not affected)

– Windows 7 for 32-bit Systems Service Pack 1:

– Internet Explorer 11

– Windows 7 for x64-based Systems Service Pack 1:

– Internet Explorer 11

– Windows Server 2008 R2 for x64-based Systems

Service Pack 1:

– Internet Explorer 11

(Windows Server 2008 R2 Server Core installation

not affected)

– Windows 8.1 for 32-bit Systems:

– Internet Explorer 11

– Windows 8.1 for x64-based Systems:

– Internet Explorer 11

– Windows Server 2012 R2:

– Internet Explorer 11

(Windows Server 2012 R2 Server Core installation not affected)

– Windows RT 8.1:

– Internet Explorer 11

– Windows 10 for 32-bit Systems:

– Internet Explorer 11

– Windows 10 for x64-based Systems:

– Internet Explorer 11

– Windows 10 Version 1511 for 32-bit Systems:

– Internet Explorer 11

– Windows 10 Version 1511 for x64-based Systems:

– Internet Explorer 11

– Windows 10 Version 1607 for 32-bit Systems:

– Internet Explorer 11

– Windows 10 Version 1607 for x64-based Systems:

– Internet Explorer 11

– Windows Server 2016 for x64-based Systems:

– Internet Explorer 11

(Windows Server 2016 Server Core installation not affected)

– Impact: Remote Code Execution

– Version Number: 1.0

MS17-007

– Affected Software:

– Windows 10 for 32-bit Systems

– Microsoft Edge

– Windows 10 for x64-based Systems

– Microsoft Edge

– Windows 10 Version 1511 for 32-bit Systems

– Microsoft Edge

– Windows 10 Version 1511 for x64-based Systems

– Microsoft Edge

– Windows 10 Version 1607 for 32-bit Systems:

– Microsoft Edge

– Windows 10 Version 1607 for x64-based Systems:

– Microsoft Edge

– Windows Server 2016 for x64-based Systems:

– Microsoft Edge

(Windows Server 2016 Server Core installation not affected)

– Impact: Remote Code Execution

– Version Number: 1.0

MS17-008

– Affected Software:

– Windows Vista x64 Edition Service Pack 2

– Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

– Windows 7 for x64-based Systems Service Pack 1

– Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

– Windows 8.1 for x64-based Systems

– Windows Server 2012

(Windows Server 2012 Server Core installation affected)

– Windows Server 2012 R2

(Windows Server 2012 R2 Server Core installation affected)

– Windows 10 for x64-based Systems

– Windows 10 Version 1511 for x64-based Systems

– Windows 10 Version 1607 for x64-based Systems

– Windows Server 2016 for x64-based Systems

(Windows Server 2016 Server Core installation affected)

– Impact: Remote Code Execution

– Version Number: 1.0

MS17-009

– Affected Software:

– Windows 8.1 for 32-bit Systems

– Windows 8.1 for x64-based Systems

– Windows Server 2012

(Windows Server 2012 Server Core installation not affected)

– Windows Server 2012 R2

(Windows Server 2012 R2 Server Core installation not affected)

– Windows RT 8.1

– Windows 10 for 32-bit Systems

– Windows 10 for x64-based Systems

– Windows 10 Version 1511 for 32-bit Systems

– Windows 10 Version 1511 for x64-based Systems

– Windows 10 Version 1607 for 32-bit Systems

– Windows 10 Version 1607 for x64-based Systems

– Windows Server 2016 for x64-based Systems

(Windows Server 2016 Server Core installation not affected)

– Impact: Remote Code Execution

– Version Number: 1.0

MS17-010

– Affected Software:

– Windows Vista Service Pack 2

– Windows Vista x64 Edition Service Pack 2

– Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

– Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

– Windows Server 2008 for Itanium-based Systems Service Pack 2

– Windows 7 for 32-bit Systems Service Pack 1

– Windows 7 for x64-based Systems Service Pack 1

– Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

– Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

– Windows 8.1 for 32-bit Systems

– Windows 8.1 for x64-based Systems

– Windows Server 2012

(Windows Server 2012 Server Core installation affected)

– Windows Server 2012 R2

(Windows Server 2012 R2 Server Core installation affected)

– Windows RT 8.1

– Windows 10 for 32-bit Systems

– Windows 10 for x64-based Systems

– Windows 10 Version 1511 for 32-bit Systems

– Windows 10 Version 1511 for x64-based Systems

– Windows 10 Version 1607 for 32-bit Systems

– Windows 10 Version 1607 for x64-based Systems

– Windows Server 2016 for x64-based Systems

(Windows Server 2016 Server Core installation affected)

– Impact: Remote Code Execution

– Version Number: 1.0

MS17-011

– Affected Software:

– Windows Vista Service Pack 2

– Windows Vista x64 Edition Service Pack 2

– Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

– Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

– Windows Server 2008 for Itanium-based Systems Service Pack 2

– Windows 7 for 32-bit Systems Service Pack 1

– Windows 7 for x64-based Systems Service Pack 1

– Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

– Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

– Windows 8.1 for 32-bit Systems

– Windows 8.1 for x64-based Systems

– Windows Server 2012

(Windows Server 2012 Server Core installation affected)

– Windows Server 2012 R2

(Windows Server 2012 R2 Server Core installation affected)

– Windows RT 8.1

– Windows 10 for 32-bit Systems

– Windows 10 for x64-based Systems

– Windows 10 Version 1511 for 32-bit Systems

– Windows 10 Version 1511 for x64-based Systems

– Windows 10 Version 1607 for 32-bit Systems

– Windows 10 Version 1607 for x64-based Systems

– Windows Server 2016 for x64-based Systems

(Windows Server 2016 Server Core installation affected)

– Impact: Remote Code Execution

– Version Number: 1.0

MS17-012

– Affected Software:

– Windows Vista Service Pack 2

– Windows Vista x64 Edition Service Pack 2

– Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

– Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

– Windows Server 2008 for Itanium-based Systems Service Pack 2

– Windows 7 for 32-bit Systems Service Pack 1

– Windows 7 for x64-based Systems Service Pack 1

– Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

– Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

– Windows 8.1 for 32-bit Systems

– Windows 8.1 for x64-based Systems

– Windows Server 2012

(Windows Server 2012 Server Core installation affected)

– Windows Server 2012 R2

(Windows Server 2012 R2 Server Core installation affected)

– Windows RT 8.1

– Windows 10 for 32-bit Systems

– Windows 10 for x64-based Systems

– Windows 10 Version 1511 for 32-bit Systems

– Windows 10 Version 1511 for x64-based Systems

– Windows 10 Version 1607 for 32-bit Systems

– Windows 10 Version 1607 for x64-based Systems

– Windows Server 2016 for x64-based Systems

(Windows Server 2016 Server Core installation affected)

– Impact: Remote Code Execution

– Version Number: 1.0

MS17-013

– Affected Software:

– Windows Vista Service Pack 2

– Windows Vista x64 Edition Service Pack 2

– Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

– Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

– Windows Server 2008 for Itanium-based Systems Service Pack 2

– Windows 7 for 32-bit Systems Service Pack 1

– Windows 7 for x64-based Systems Service Pack 1

– Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

– Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

– Windows 8.1 for 32-bit Systems

– Windows 8.1 for x64-based Systems

– Windows Server 2012

(Windows Server 2012 Server Core installation affected)

– Windows Server 2012 R2

(Windows Server 2012 R2 Server Core installation affected)

– Windows RT 8.1

– Windows 10 for 32-bit Systems

– Windows 10 for x64-based Systems

– Windows 10 Version 1511 for 32-bit Systems

– Windows 10 Version 1511 for x64-based Systems

– Windows 10 Version 1607 for 32-bit Systems

– Windows 10 Version 1607 for x64-based Systems

– Windows Server 2016 for x64-based Systems

(Windows Server 2016 Server Core installation affected)

– Microsoft Office 2007 Service Pack 3

– Microsoft Office 2010 Service Pack 2 (32-bit editions)

– Microsoft Office 2010 Service Pack 2 (64-bit editions)

– Microsoft Word Viewer

– Skype for Business 2016 (32-bit editions)

– Skype for Business Basic 2016 (32-bit editions)

– Skype for Business 2016 (64-bit editions)

– Skype for Business Basic 2016 (64-bit editions)

– Microsoft Lync 2013 Service Pack 1 (32-bit) (Skype for

Business)

– Microsoft Lync Basic 2013 Service Pack 1 (32-bit) (Skype for

Business Basic)

– Microsoft Lync 2013 Service Pack 1 (64-bit) (Skype for

Business)

– Microsoft Lync Basic 2013 Service Pack 1 (64-bit) (Skype for

Business Basic)

– Microsoft Lync 2010 (32-bit)

– Microsoft Lync 2010 (64-bit)

– Microsoft Lync 2010 Attendee (user level install)

– Microsoft Lync 2010 Attendee (admin level install)

– Microsoft Live Meeting 2007 Console

– Microsoft Live Meeting 2007 Add-in

– Microsoft Silverlight 5 when installed on all supported

releases of Microsoft Windows clients

– Microsoft Silverlight 5 Developer Runtime when installed on

all supported releases of Microsoft Windows clients

– Microsoft Silverlight 5 when installed on all supported

releases of Microsoft Windows servers

– Microsoft Silverlight 5 Developer Runtime when installed on

all supported releases of Microsoft Windows servers

– Impact: Remote Code Execution

– Version Number: 1.0

MS17-023

– – Affected Software:

– Windows 8.1 for 32-bit Systems:

– Adobe Flash Player

– Windows 8.1 for x64-based Systems:

– Adobe Flash Player

– Windows Server 2012:

– Adobe Flash Player

(Windows Server 2012 Server Core installation not affected)

– Windows Server 2012 R2:

– Adobe Flash Player

(Windows Server 2012 R2 Server Core installation not affected)

– Windows RT 8.1:

– Adobe Flash Player

– Windows 10 for 32-bit Systems:

– Adobe Flash Player

– Windows 10 for x64-based Systems:

– Adobe Flash Player

– Windows 10 Version 1511 for 32-bit Systems:

– Adobe Flash Player

– Windows 10 Version 1511 for x64-based Systems:

– Adobe Flash Player

– Windows 10 Version 1607 for 32-bit Systems

– Adobe Flash Player

– Windows 10 Version 1607 for x64-based Systems

– Adobe Flash Player

– Windows Server 2016 for x64-based Systems

– Adobe Flash Player

(Windows Server 2016 Server Core installation not affected)

– Impact: Remote Code Execution

– Version Number: 1.0

Important Security Bulletins

============================

MS17-014

– Affected Software:

– Microsoft Excel 2007 Service Pack 3

– Microsoft Word 2007 Service Pack 3

– Microsoft Office 2010 Service Pack 2 (32-bit editions)

– Microsoft Office 2010 Service Pack 2 (64-bit editions)

– Microsoft Excel 2010 Service Pack 2 (32-bit editions)

– Microsoft Excel 2010 Service Pack 2 (64-bit editions)

– Microsoft Word 2010 Service Pack 2 (32-bit editions)

– Microsoft Word 2010 Service Pack 2 (64-bit editions)

– Microsoft Excel 2013 Service Pack 1 (32-bit editions)

– Microsoft Excel 2013 Service Pack 1 (64-bit editions)

– Microsoft Word 2013 Service Pack 1 (32-bit editions)

– Microsoft Word 2013 Service Pack 1 (64-bit editions)

– Microsoft Excel 2013 RT Service Pack 1

– Microsoft Word 2013 RT Service Pack 1

– Microsoft Excel 2016 (32-bit edition)

– Microsoft Excel 2016 (64-bit edition)

– Microsoft Word 2016 (32-bit edition)

– Microsoft Word 2016 (64-bit edition)

– Microsoft Excel for Mac 2011

– Microsoft Word for Mac 2011

– Microsoft Office 2016 for Mac

– Microsoft Excel 2016 for Mac

– Microsoft Office Compatibility Pack Service Pack 3

– Microsoft Excel Viewer

– Microsoft Word Viewer

– Excel Services on Microsoft SharePoint Server 2007 Service Pack 3

(32-bit editions)

– Excel Services on Microsoft SharePoint Server 2007 Service Pack 3

(64-bit editions)

– Excel Services on Microsoft SharePoint Server 2010 Service Pack 2

– Word Automation Services on Microsoft SharePoint Server 2010

Service Pack 2

– Excel Services on Microsoft SharePoint Server 2013 Service Pack 1

– Microsoft Office Web Apps 2010 Service Pack 2

– Microsoft Office Web Apps Server 2013 Service Pack 1

– Microsoft SharePoint Foundation 2013 Service Pack 1

– Microsoft Lync for Mac 2011

– Impact: Remote Code Execution

– Version Number: 1.0

MS17-015

– Affected Software:

– Microsoft Exchange Server 2013 Service Pack 1

– Microsoft Exchange Server 2013 Cumulative Update 14

– Microsoft Exchange Server 2016 Cumulative Update 3

– Impact: Remote Code Execution

– Version Number: 1.0

MS17-016

– Affected Software:

– Windows Vista Service Pack 2

– Windows Vista x64 Edition Service Pack 2

– Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

– Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

– Windows Server 2008 for Itanium-based Systems Service Pack 2

– Windows 7 for 32-bit Systems Service Pack 1

– Windows 7 for x64-based Systems Service Pack 1

– Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

– Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

– Windows 8.1 for 32-bit Systems

– Windows 8.1 for x64-based Systems

– Windows Server 2012

(Windows Server 2012 Server Core installation affected)

– Windows Server 2012 R2

(Windows Server 2012 R2 Server Core installation affected)

– Windows RT 8.1

– Windows 10 for 32-bit Systems

– Windows 10 for x64-based Systems

– Windows 10 Version 1511 for 32-bit Systems

– Windows 10 Version 1511 for x64-based Systems

– Windows 10 Version 1607 for 32-bit Systems

– Windows 10 Version 1607 for x64-based Systems

– Windows Server 2016 for x64-based Systems

(Windows Server 2016 Server Core installation affected)

– Impact: Elevation of Privilege

– Version Number: 1.0

MS17-017

– Affected Software:

– Windows Vista Service Pack 2

– Windows Vista x64 Edition Service Pack 2

– Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

– Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

– Windows Server 2008 for Itanium-based Systems Service Pack 2

– Windows 7 for 32-bit Systems Service Pack 1

– Windows 7 for x64-based Systems Service Pack 1

– Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

– Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

– Windows 8.1 for 32-bit Systems

– Windows 8.1 for x64-based Systems

– Windows Server 2012

(Windows Server 2012 Server Core installation affected)

– Windows Server 2012 R2

(Windows Server 2012 R2 Server Core installation affected)

– Windows RT 8.1

– Windows 10 for 32-bit Systems

– Windows 10 for x64-based Systems

– Windows 10 Version 1511 for 32-bit Systems

– Windows 10 Version 1511 for x64-based Systems

– Windows 10 Version 1607 for 32-bit Systems

– Windows 10 Version 1607 for x64-based Systems

– Windows Server 2016 for x64-based Systems

(Windows Server 2016 Server Core installation affected)

– Impact: Elevation of Privilege

– Version Number: 1.0

MS17-018

– Affected Software:

– Windows Vista Service Pack 2

– Windows Vista x64 Edition Service Pack 2

– Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

– Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

– Windows Server 2008 for Itanium-based Systems Service Pack 2

– Windows 7 for 32-bit Systems Service Pack 1

– Windows 7 for x64-based Systems Service Pack 1

– Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

– Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

– Windows 8.1 for 32-bit Systems

– Windows 8.1 for x64-based Systems

– Windows Server 2012

(Windows Server 2012 Server Core installation affected)

– Windows Server 2012 R2

(Windows Server 2012 R2 Server Core installation affected)

– Windows RT 8.1

– Windows 10 for 32-bit Systems

– Windows 10 for x64-based Systems

– Windows 10 Version 1511 for 32-bit Systems

– Windows 10 Version 1511 for x64-based Systems

– Windows 10 Version 1607 for 32-bit Systems

– Windows 10 Version 1607 for x64-based Systems

– Windows Server 2016 for x64-based Systems

(Windows Server 2016 Server Core installation affected)

– Impact: Elevation of Privilege

– Version Number: 1.0

MS17-019

– Affected Software:

– Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

– Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

– Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation not affected)

– Windows Server 2012

(Windows Server 2012 Server Core installation affected)

– Windows Server 2012 R2

(Windows Server 2012 R2 Server Core installation affected)

– Windows Server 2016 for x64-based Systems

(Windows Server 2016 Server Core installation affected)

– Impact: Information Disclosure

– Version Number: 1.0

MS17-020

– Affected Software:

– Windows Vista Service Pack 2

– Windows Vista x64 Edition Service Pack 2

– Windows 7 for 32-bit Systems Service Pack 1

– Windows 7 for x64-based Systems Service Pack 1

– – Impact: Information Disclosure

– Version Number: 1.0

MS17-021

– Affected Software:

– Windows Vista Service Pack 2

– Windows Vista x64 Edition Service Pack 2

– Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

– Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

– Windows Server 2008 for Itanium-based Systems Service Pack 2

– Windows 7 for 32-bit Systems Service Pack 1

– Windows 7 for x64-based Systems Service Pack 1

– Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation not affected)

– Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

– Windows 8.1 for 32-bit Systems

– Windows 8.1 for x64-based Systems

– Windows Server 2012

(Windows Server 2012 Server Core installation not affected)

– Windows Server 2012 R2

(Windows Server 2012 R2 Server Core installation not affected)

– Windows RT 8.1

– Windows 10 for 32-bit Systems

– Windows 10 for x64-based Systems

– Windows 10 Version 1511 for 32-bit Systems

– Windows 10 Version 1511 for x64-based Systems

– Windows 10 Version 1607 for 32-bit Systems

– Windows 10 Version 1607 for x64-based Systems

– Windows Server 2016 for x64-based Systems

(Windows Server 2016 Server Core installation not affected)

– Impact: Information Disclosure

– Version Number: 1.0

MS17-022

– Affected Software:

– Windows Vista Service Pack 2

– Windows Vista x64 Edition Service Pack 2

– Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

– Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

– Windows Server 2008 for Itanium-based Systems Service Pack 2

– Windows 7 for 32-bit Systems Service Pack 1

– Windows 7 for x64-based Systems Service Pack 1

– Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

– Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

– Windows 8.1 for 32-bit Systems

– Windows 8.1 for x64-based Systems

– Windows Server 2012

(Windows Server 2012 Server Core installation affected)

– Windows Server 2012 R2

(Windows Server 2012 R2 Server Core installation affected)

– Windows RT 8.1

– Windows 10 for 32-bit Systems

– Windows 10 for x64-based Systems

– Windows 10 Version 1511 for 32-bit Systems

– Windows 10 Version 1511 for x64-based Systems

– Windows 10 Version 1607 for 32-bit Systems

– Windows 10 Version 1607 for x64-based Systems

– Windows Server 2016 for x64-based Systems

(Windows Server 2016 Server Core installation affected)

– Impact: Information Disclosure

– Version Number: 1.0

Publié dans 2008R2, 2012R2, 2016, Audit, Deployment, Security, System Center, vNext, Windows 7, Windows 8, Windows 8.1, Windows10 | Laisser un commentaire

Update 1702 for Configuration Manager Technical Preview Branch


 

News from Yvette Smile : la Mise à jour 1702 est dispo pour SCCM TP!!!

 

Hello everyone! We are happy to let you know that update 1702 for the Technical Preview Branch of System Center Configuration Manager has been released. Technical Preview Branch releases give you an opportunity to try out new Configuration Manager features in a test environment before they are made generally available. This months new preview features include:

  • Azure Active Directory Domain Services support You can install a ConfigMgr site on an Azure virtual machine that is connected to Azure Active Directory Domain Services, and use the site to manage other Azure virtual machines connected to the same domain.
  • Improvements for in-console search Based on User Voice feedback, we have added several improvements to in-console search, including searching by Object Path, preservation of search text and preservation of your decision to search sub-nodes.
  • Windows Update for Business integration You can now implement Windows Update for Business assessment results as part of Conditional Access compliance policy conditional rules.
  • Customize high-risk deployment warning You can now customize the Software Center warning when running a high-risk deployment, such as a task sequence to install a new operating system. The default string regarding data may not apply in scenarios like in-place upgrade.
  • Close executable files at the deadline when they would block application installation – If executable files are listed on the Install Behavior tab for a deployment type and the application is deployed to a collection as required, then a more intrusive notification experience is provided to inform the user, and the specified executable files will be closed automatically at the deadline.

This release also includes the following improvements for customers using System Center Configuration Manager connected with Microsoft Intune to manage mobile devices:

  • Non-Compliant Apps Compliance Settings – Add iOS and Android applications to a non-compliant apps rule in a compliance policy to trigger conditional access if the devices have those applications installed.
  • PFX Certificate Creation and Distribution and S/MIME Support – Admins can create and deploy PFX certificates to users. These certificates can then be used for S/MIME encryption and decryption by devices that the user has enrolled.
  • Android for Work Support – You can now manage Android for Work devices. This enables you to enroll devices, approve and deploy apps, and configure policies for Android for Work devices.

Update 1702 for Technical Preview Branch is available in the Configuration Manager console. For new installations please use the 1610 baseline version of Configuration Manager Technical Preview Branch available on TechNet Evaluation Center.

We would love to hear your thoughts about the latest Technical Preview! To provide feedback or report any issues with the functionality included in this Technical Preview, please use Connect. If theres a new feature or enhancement you want us to consider for future updates, please use the Configuration Manager UserVoice site.

Thanks,

The System Center Configuration Manager team

Configuration Manager Resources:

Documentation for System Center Configuration Manager Technical Previews

Try the System Center Configuration Manager Technical Preview Branch

Documentation for System Center Configuration Manager

System Center Configuration Manager Forums

System Center Configuration Manager Support

Download the Configuration Manager Support Center

Afficher l’article…

Publié dans Deployment, System Center | Laisser un commentaire

Auditer les serveurs de fichiers (part2)


 

Aujourd’hui, juste un très court post pour noter ces deux petites astuces, toujours sur les File Servers…

Contexte: on veut savoir exactement à quoi a accès un user de notre AD sur un de nos file servers… si mon user s’appelle PEJOUBERT, on doit aller voir rapidement à quels groupes de sécurité il appartient et recouper ces informations avec les groupes utilisés sur le partage de fichiers afin d’établir la correspondance….

  • PEJOUBERT est membre du groupe “GS_FILER1_Compta”.
  • Sur le serveur FILER1, le Répertoire “Compta” est partagé avec le groupe “GS_FILER1_Compta” en lecture-écriture.
  • >>  Donc PEJOUBERT a Accès en lecture-écriture au répertoire Compta sur Filer1.

Simple mais ça devient vite compliqué quand on multiplie les répertoires, sous répertoires et partages …bb545021.hero_windows_sysinternals(fr-fr)

Encore une fois, SYSINTERNALS à la rescousse, il nous suffit de prendre accesschk.exe!

et là il suffit de tout simplement ouvrir un prompt cmd, se positionner dans le répertoire contenant Accesschk.exe, et de lancer la commande suivante:

>Accesschk.exe –s –d PEJOUBERT f:\FileShares\*.* > AuditPEJOUBERT_FILER1.txt

le résultat de cette commande sera un fichier texte dans lequel chaque répertoire et sous-répertoire partagé sous f:\FileShares\ sera testé, et les permissions que PEJOUBERT a sur ce dernier seront notée en face…un dossier par ligne.

(le –d c’est pour DIRECTORIES et le –s pour le RECURSIF: le fait d’aller chercher dans le répertoire enfant, puis son enfant, puis son enfant, etc.)

typiquement un exemple de sortie serait:

    • RW F:\FileShares\Compta
    • RW F:\FileShares\Compta\SRV-FACTURES
    • RW F:\FileShares\Compta\SRV-DEVIS
    • RW F:\FileShares\Compta\SRV-CLIENTS
    • R F:\FileShares\Compta\SRV-PARTAGE
    • R F:\FileShares\Compta\PERSO

R pour Read (Lecture seule)

W pour Write (Ecriture, et donc modification…)

plus rapide non? Et si vous voulez aller un peu plus loin dans la démarche, vous pouvez, toujours sur le même modèle mais sans le –d, et en ciblant sur un répertoire particulièrement sensible, vous pouvez alors obtenir une liste des FICHIERS et leur permissions pour PEJOUBERT…

>Accesschk.exe –s PEJOUBERT f:\FileShares\Compta\SRV-DEVIS\*.* > AuditPEJOUBERT_FILER1.txt

Sympa non, et facile! au passage comme la plupart des outils Sysinternals, ils sont disponibles gratuitement sur le site de Microsoft, et n’ont pas besoin d’être installés…alors mettez les dans votre boite à outils car vous en aurez tôt ou tard besoin!

https://technet.microsoft.com/en-us/sysinternals/bb842062.aspx

C’est tout pour cette fois…mais si vous avez le temps jetez un œil aux autres utilitaires SYS INTERNALS disponible dans la suite complète… vous avez entre autres merveilles, et toujours pour nos serveurs de fichiers: AccessEnum et  ShareEnum, listant respectivement les droits d’accès et les partages présents…toujours utiles!

image

@+

PierrE

Publié dans Audit, File Server, Formation, Security, Storage | 1 commentaire