Changes to Labs Task Sequences and Images on 30/11/18

Since July last year, when the Labs Images were finalised a number of issues have been found which have been mitigated using group policy preferences. These fixes have now been incorporated into the labs images and the group policy object reduced correspondingly.

Additionally, some other issues have now been fixed:

  • On iMacs, the keyboard layout at the welcome screen is now set to Apple UK (important if you have some symbols in your password).
  • Outlook error dialog on launch now fixed.
  • Issue with NI ELVISmx Instrument Launcher resolved (only on rebuilds currently – deployment to existing machines under development)

Support for Stone Computers on Labs will be added into the Labs Task Sequences. An extra step has been added to expedite software updates after imaging.

TIMESCALE

29/11/18– 08:00am-10:00 am

CAN I GET MORE INFORMATION AND HELP?

Please contact our Service Desk at it.services@lboro.ac.uk for more information

Nessus Scan Security Changes

A security scan was run against the W10 staff service and some vulnerabilities were dentified.

Timescale:

The changes are being applied via Group Policy in the following order…

1. 03/12/18 – IT-Depstaff
2. 05/12/18 – FM-Deptstaff
3. 10/12/18 – ProServ Staff
4. 12/12/18 – WS-SchoolStaff
5. Live to Windows 10 Service

Changes

The Nessus scan has identified several registry entries that need to be created or changed on the Staff Service.

1. Need to Disable Week Cyphers – https://littlehyenas.wordpress.com/2014/04/12/disable-rc4-cipher-suites-on-remote-desktop/
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client – Enable 0
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server – Enable 0
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128 – Enable 0

2. Fix CVE-2017-8529 – An information disclosure vulnerability exists when affected Microsoft scripting engines do not properly handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user’s computer. In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX\iexplorer – 1
HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX\iexplorer – 1

3. MS KB2960358: Update for Disabling RC4 in .NET TLS
HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\SchUseStrongCrypto – 1
HKLM\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727 – 1

4. MSIs can not run from the Downloads folder and need moving to another location to install if trusted.

November 2018a Task Sequence Media

A new November 2018a Task Sequence media has been created and can be found in the following location: –
\\ws2.lboro.ac.uk\DesktopResource\Windows\TaskSequenceMedia\ TS_Media_Nov18a.zip

This version eliminates the extra reboot which introduced in the previous version.

Documentation – “\\ws2.lboro.ac.uk\DesktopResource\Windows\TaskSequenceMedia\Create an SCCM WinPE disk or USB Flash Drive.docx”

Existing USB media will have to be updated. PXE imaging will work as normal.

CAN I GET MORE INFORMATION AND HELP?

Please contact our Service Desk at it.services@lboro.ac.uk for more information.

November 2018 Task Sequence Media

The new November 2018 Task Sequence media has been created and can be found in the following location: –
\\ws2.lboro.ac.uk\DesktopResource\Windows\TaskSequenceMedia\ TS_Media_Nov18.zip

Documentation – “\\ws2.lboro.ac.uk\DesktopResource\Windows\TaskSequenceMedia\Create an SCCM WinPE disk or USB Flash Drive.docx”

Existing USB media will have to be updated. PXE imaging will work as normal.

CAN I GET MORE INFORMATION AND HELP?

Please contact our Service Desk at it.services@lboro.ac.uk for more information.

Update to Windows 10 Staff Task Sequences on 26/10/18

The Windows 10 Staff Task Sequences will be updated on Friday 26th October. The Task Sequences will be at risk during this period. It is therefore recommended that you do not attempt to image any Windows 10 staff computers at this time or perform and In Place Updates from Windows 7.

The following changes will made:

Imaging and In-Place Update Task Sequences

  • Updating Intel HD4600 display driver which has been causing issues.

Imaging Task Sequences

  • Updating Symantec Endpoint Protection to version 14.2 MP1.

TIMESCALE

26/10/18– 07:00am-10:00 am

CAN I GET MORE INFORMATION AND HELP?

Please contact our Service Desk at it.services@lboro.ac.uk for more information

Update to Windows 10 Staff Re-imaging Task Sequence on 12/10/18

The Windows 10 Staff Re-imaging Task Sequence will be updated on Friday 12th October. The Task Sequence will be at risk during this period. It is therefore recommended that you do not attempt to image any Windows 10 staff computers at this time.

The following changes will made live:

  • Add support for Stone 1210 All in One desktop computer
  • Add support for Dell laptops and 2 in 1 devices

TIMESCALE

12/10/18– 08:00am-10:00 am

CAN I GET MORE INFORMATION AND HELP?

Please contact our Service Desk at it.services@lboro.ac.uk for more information

Windows 10 1709 Task Sequences Now Live – Introducing OneDrive Files on Demand

The Windows 10 1709 Task Sequences are now live.

Windows 10 1709 introduces the concept of “Files on Demand” to the OneDrive client. This allows users to access their files directly from the cloud rather than having to download all of their files to the local PC, which can be a problem for users of PCs with small hard drives or SSDs.

At present we have not enabled this feature by default, however users can enable it if they so wish. To do this, they should right-click their OneDrive icon, select Settings, go to the Settings tab and tick the box for Files on Demand there. This is advisable for any users who do not have the required disk space to download all of their files.

For more information on this, including how to ensure files are always available offline, please see https://support.office.com/en-us/article/learn-about-onedrive-files-on-demand-0e6860d3-d9f3-4971-b321-7092438fb38e.

Please report any issues or queries to the IT Service Desk as usual.

Deployment of Java 8u172 to Windows Staff Service

We shall be deploying Java 8 Update 172 to the Windows Staff Service (Windows 7 and 10) beginning next Tuesday.

The rollout plan is:-

  • ITS and Careers – 25th Sept
  • Professional Services – 8th Oct
  • Schools A-M – 11th Oct
  • All Staff – 17th Oct

The user will be offered the update each day until the installation is successfully completed. For the first two weeks the installation can be postpone if the timing is inconvenient. After two weeks the installation becomes mandatory.

CAN I GET MORE INFORMATION AND HELP?

Please contact our Service Desk at it.services@lboro.ac.uk for more information.

Windows 10 Staff Task Sequences to be updated to 1709

We will be updating all three Windows 10 staff task sequences (IPU, Provisioning and Re-imaging) to install Windows 10 1709 on Friday 21st September. This is in-line with the agreed strategy of supporting the latest-but-one available version of Windows 10 in Microsoft’s Semi-Annual servicing channel (previously known as Current Branch for Business).

Users who are already on Windows 10 will be upgraded to 1709 in the near future.

In addition to the update to 1709, the following other changes will be made live:

  • Support for new OneDrive functionality, including Files on Demand
  • Java updated to Java 8 Update 172
  • .NET updated to version 4.7.2
  • Forced removal of QuickTime added to In-Place Upgrade task sequence

TIMESCALE

21/09/18– 08:30am-10:00am

CAN I GET MORE INFORMATION AND HELP?

Please contact our Service Desk at it.services@lboro.ac.uk for more information.