Update to the Windows 10 Staff Task Sequence on 25/01/19

The Windows 10 Staff Task Sequences will be updated on Friday 25th January. The Task Sequence will be at risk during this period. It is therefore recommended that you do not attempt to image any Windows 10 staff computers at this time.

The following change will be made….

Add Step to reset USB Hubs just before reboot out of WinPE. This is necessary if the Dell DA300 USB-C Mobile Adapter is being used for imaging. The step is only applied to when imaging the following Dell devices:

 Latitude 3390
 Latitude 5290
 XPS 13 9365
 XPS 13 9370

Please note we do not advise imaging computers via a docking station. For the listed machines we recommend using the Dell DA200 or DA300 Adapters.

The McAfee Agent will also be updated to version 5.5.0.447 at the same time.

TIMESCALE

25/01/19 – 08:00am-10:00 am

CAN I GET MORE INFORMATION AND HELP?
Please contact our Service Desk at it.services@lboro.ac.uk for more information

Update to Windows 10 Staff Task Sequence on 14/01/19

The Windows 10 Labs Task Sequences will be updated on Friday 18th January. The Task Sequence will be at risk during this period. It is therefore recommended that you do not attempt to image any Windows 10 staff computers at this time.

The following change will be made. Add Step to reset USB Hubs just before reboot out of WinPE. This is necessary if the Dell DA300 USB-C Mobile Adapter is being used for imaging. The step is only applied to when imaging the following Dell devices:

  • Latitude 3390
  • Latitude 5290
  • XPS 13 9365
  • XPS 13 9370

Please note we do not advise imaging computers via a docking station. For the listed machine we recommend using the Dell DA200 or DA300 Adapters.

TIMESCALE

18/01/19 – 08:00am-10:00 am

CAN I GET MORE INFORMATION AND HELP?

Please contact our Service Desk at it.services@lboro.ac.uk for more information

Re: Implementing “MAC Address Pass Through” on the Windows 10 service on 04/01/19

These changes have now been completed.

The task sequences should be considered at risk for the rest of the day until testing is completed.

A new January 2019 Task Sequence media has been created and can be found in the following location: \\ws2.lboro.ac.uk\DesktopResource\Windows\TaskSequenceMedia\TS_Media_Jan19.zip

Documentation – \\ws2.lboro.ac.uk\DesktopResource\Windows\TaskSequenceMedia\Create an SCCM WinPE disk or USB Flash Drive.docx

Existing USB media will have to be updated. PXE imaging will work as normal.

All the following Dell accessories support “MAC Address Pass Through”:-

CAN I GET MORE INFORMATION AND HELP?

Please contact our Service Desk at it.services@lboro.ac.uk for more information.

Implementing “MAC Address Pass Through” on the Windows 10 service on 04/01/19

Many premium laptops no longer have an Ethernet Port. This necessitates the use of an USB to Ethernet Adapter when imaging, because SCCM does not support wireless imaging. However, each adapter has a unique MAC Address of its own, so all the machines images using a single adapter will appear to be the same to SCCM OSD. This causes various issues.

Dell (and some other manufacturers, but not Microsoft) use a system called “MAC Address Pass Through”. This allows SCCM to see a unique MAC address for each computer. To use this system you must use a Dell USB to Ethernet Adapter or Docking station and have the appropriate driver in the WinPE image on your Task Sequence Media.

Before “MAC Address Pass Through” will on the Windows 10 Service work, we need to update the Task Sequence Media and the Task Sequences with a new WinPE image.

The Windows 10 Task Sequences will be updated on Friday 4th January 2019 between 8:00am and 10:00am. All the Windows 10 Task Sequences (Staff and Labs) will be at risk during this period. It is recommended that you do not attempt to image any Windows 10 computers at this time.

Following the changes you will need to update your Task Sequence Media with a new version.

TIMESCALE

04/01/19– 08:00am-10:00 am

CAN I GET MORE INFORMATION AND HELP?

Please contact our Service Desk at it.services@lboro.ac.uk for more information

Configuration Manager Unavailable – 19/12/2018 AM

The RAID Controller battery in sccm-lu1-store has failed and needs replacing. This server contains all the source files for software, images, software updates etc. At present this is causing slower write speeds from the software source location to the Distribution Points.
We advise not imaging or downloading applications from the Software Centre during this time.

If the time scales change or we encounter any problems after testing then a further correspondence will be sent out.

Timescale: – 19/12/2018 11:00am 13:00pm approx.

CAN I GET MORE INFORMATION AND HELP?

Please contact our Service Desk at it.services@lboro.ac.uk for more information.

Update to Windows 10 Labs Task Sequences on 07/12/18

The Windows 10 Labs Task Sequences will be updated on Friday 7th December. The Task Sequences will be at risk during this period. It is therefore recommended that you do not attempt to image any Windows 10 labs computers at this time.

The following change will made:

  • Replace Adobe Acrobat DC 2017 with a new fully patched version with a new licence key

TIMESCALE

07/12/18– 08:00am-10:00 am

CAN I GET MORE INFORMATION AND HELP?

Please contact our Service Desk at it.services@lboro.ac.uk for more information

Changes to Labs Task Sequences and Images on 30/11/18

Since July last year, when the Labs Images were finalised a number of issues have been found which have been mitigated using group policy preferences. These fixes have now been incorporated into the labs images and the group policy object reduced correspondingly.

Additionally, some other issues have now been fixed:

  • On iMacs, the keyboard layout at the welcome screen is now set to Apple UK (important if you have some symbols in your password).
  • Outlook error dialog on launch now fixed.
  • Issue with NI ELVISmx Instrument Launcher resolved (only on rebuilds currently – deployment to existing machines under development)

Support for Stone Computers on Labs will be added into the Labs Task Sequences. An extra step has been added to expedite software updates after imaging.

TIMESCALE

29/11/18– 08:00am-10:00 am

CAN I GET MORE INFORMATION AND HELP?

Please contact our Service Desk at it.services@lboro.ac.uk for more information

Nessus Scan Security Changes

A security scan was run against the W10 staff service and some vulnerabilities were dentified.

Timescale:

The changes are being applied via Group Policy in the following order…

1. 03/12/18 – IT-Depstaff
2. 05/12/18 – FM-Deptstaff
3. 10/12/18 – ProServ Staff
4. 12/12/18 – WS-SchoolStaff
5. Live to Windows 10 Service

Changes

The Nessus scan has identified several registry entries that need to be created or changed on the Staff Service.

1. Need to Disable Week Cyphers – https://littlehyenas.wordpress.com/2014/04/12/disable-rc4-cipher-suites-on-remote-desktop/
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client – Enable 0
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server – Enable 0
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128 – Enable 0

2. Fix CVE-2017-8529 – An information disclosure vulnerability exists when affected Microsoft scripting engines do not properly handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user’s computer. In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX\iexplorer – 1
HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX\iexplorer – 1

3. MS KB2960358: Update for Disabling RC4 in .NET TLS
HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\SchUseStrongCrypto – 1
HKLM\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727 – 1

4. MSIs can not run from the Downloads folder and need moving to another location to install if trusted.