Speeding up LAN based Automation OS boot times using a Custom TFTP Server for Altiris (for WinPE and Linux)

(copied verbatim from http://www.winsysadminblog.com/2011/06/speeding-up-lan-based-automation-os-boot-times-using-a-custom-tftp-server-for-altiris-for-winpe-and-linux/)

One of the more easier ways of speeding up your WinPE boot times via PXE are changing the default TFTP server which comes with Altiris. First of all, open up the PXE Configuration Manager and disable Multicast since the WinPE image cannot be transferred over Multicast anyway(only DOS supports Multicast via TFTP). This simple tweak shaves around a second off your PXE Boot time.
Another tweak which can be performed is changing the TFTP Server itself. This sounds quite difficult but is quite easy to accomplish and is a significant benefit.  My own testing has shown that 10 Clients concurrently loading a WinPE image do it around 45-50% faster using another TFTP Server than if I was to continue using Altiris’s own server.
I was also going to cover compressing the WinPE image to reduce its file size, but found thatwhen doing so, the reduction in size was minimal shaving off around 10mb.
I’ll be using the Open Source Open TFTP Server, available from http://sourceforge.net/projects/tftp-server/. Download it and install it either on your Altiris Server or like I did, on my workstation and then copy it over to your server. You will also need to copy over your Settings file.
Firstly, open up the Services control applet and Stop the Altiris PXE MTFTP Server service.
Now comes the good part. Open an elevated command prompt. The following is based on our Altiris setup, with it installed on D drive and me creating a folder under PXE for OpenTFTP and pasting the OpenTFTP executable and Settings file into that folder.

sc config "Altiris PXE MTFTP Server" binpath= "D:\Deployment Server\PXE\OpenTFTP\OpenTFTPServerMT.exe"

That will reconfigure the MTFTP service path that Altiris uses to push out files from the Altiris supplied MTFTP to our Open TFTP server. You can go into the Services control applet and start the Altiris MTFTP service to begin using the new executable.
To try and get the most out of OpenTFTP server, have a play with the Settings file, primarly the blksize option. Ours is set to 1456 and can be changed depending on your network environment.
If for any chance you want to return to the Altiris MTFTP server then you simply need to run the sc config command pointing to your Altiris PXE MTFTP executable so stop the service again and enter the following into an elevated command prompt making sure to match the path to your Altiris location:

sc config "Altiris PXE MTFTP Server" binpath= "D:\Deployment server\PXE\PxeMtftp.exe"

Then start the service again and you are back to using the default Altiris multi-thread TFTP server.
This simple tweak shaves heaps of time off of WinPE (also Linux) automation boot times. If you are running the Dos based automation then there isn’t really a need to run this tweak as the transfer is small enough not to take long anyway.

Convert running Windows 7 to raid

NOTE: These instructions assume your workstation is equipped with an Intel chipset, no responsibility is taken for any loss of data.

To convert a running (ie previously installed) Windows 7 installation from AHCI to RAID do the following:

Step 1. Make a backup of your system
Step 2. Set HKLM\SYSTEM\CurrentControlSet\Services\iaStorv\Start to 0 (zero) - it's a DWORD value.

Step 3. Install Intel Storage Matrix Manager and drivers (look on Intels web site)
Step 4. Reboot.
Step 5. Open Intel Storage Matrix Console, Select Create RAID from the Actions Menu.

NOTE: It is possible to migrate the system drive to a raid system, follow the wizard in the Intel Storage Matrix Console.

Step 6. Wait for the raid array to rebuild - this can take hours :)

Disable Windows 7 Action Centre Backup Notification

(copied verbatim from MSDN)

DisableMonitoring

On Windows client platforms beginning with Windows 7, users are automatically prompted to configure the Windows Backup feature if they have not already done so. These notifications appear at computer startup time, beginning seven days after the operating system is installed. They also appear when the user plugs in a hard disk drive; in this case, the notifications appear immediately.
OEMs and developers of third-party backup applications can use the DisableMonitoring registry value to turn off these automatic notifications.
This value does not exist by default, so it must be created under the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsBackup
The DisableMonitoring registry value has the data type REG_DWORD and is interpreted as follows:

• If the value's data is set to 1 and if users have not already configured the Windows Backup feature, the automatic notifications are turned off. If an automatic notification is already present in Action Center, setting this registry value causes the notification to be removed at 10:00 the following morning.
• If the value does not exist, if its data is not set, or if its data is set to zero, the automatic notifications are not turned off.

Windows Vista and Windows XP/2000:  This registry value is not supported.

Adding Interface name to cacti graphs

First off, we only use Procurve switches but since those make use of standard SNMP OID's, this should work on other brands aswell.

If you name your switch interfaces (which i find very useful to do on for instance uplink ports), it makes sense to also bring that name into cacti when graphing a port.

It makes for easier identification of the port when you actually need the information on the graph (since that may often be during stressful situations, its worth the effort).

There are 3 steps, the options below are in the main menu to the left.

1. Under "Data Queries" -> "SNMP - Interface Statistics" -> "In/Out Bits", add an entry each under the data and graph sections:

|host_description| - Traffic - |query_ifDescr| (|query_ifAlias|)

with the field name values "name" and "title" respectivly.

2. Under "Graph Templates" -> "Interface - Traffic (bits/sec)" (or whatever template you want to change), add the same value under "title" and uncheck the box "Use Per-Graph Value (Ignore this Value)", assuming you only want default values (i do).

3. Do the same for "Data Templates".

Im not sure how to apply this to old graphs, but I'f you have that problem, i do believe i have read somewhere that its doable. Just google abit and im sure you will find it. If you still get no interface names after doing this, its a fair bet your switch does not support the standard OIDs procurve switches does and you will have to mess around with SNMP querys to get the names into cacti. 

 

Source: Emil Waldersten

Managing Flash Player auto-update

Flash Player supports auto-updating itself by periodically checking for new versions of the player on the macromedia.com site. IT administrators can customize the parameters of this update.

The auto-update settings can be configured in two ways:

User settings in Flash Player
mms.cfg file in user's "home" directory
Users can disable the auto-update process or set the periodicity of the checks by using the properties panel in Flash Player. These user-configured auto-update settings are stored in a local shared object.

The second method for configuring the auto-update settings is to create a file named mms.cfg. The mms.cfg file is intended to be configured by an IT administrator and stored on the user's computer. The file is not created by Flash Player installation. You might use a third-party administration tools, such as Microsoft System Management Server, to replicate the configuration file to the user's desktop.

Store the mms.cfg file in the following location, depending on your operating system:
Windows XP/7 %Systemroot%\system32\macromed\flash

Macintosh /Application Support/Macromedia The format of the mms.cfg file is a series of name=value pairs separated by carriage returns. If a parameter is not set in the file, Flash Player assumes the default value. When set, values in this file override the user-configured settings.

The following table describes settings in the mms.cfg file:

AutoUpdateDisable
0 allows auto-update based on user settings.
1 disables auto-update.

AutoUpdateInstallerUrl
String specifies URL as download location for player update.

If this parameter is not set, Flash Player uses the Macromedia server.

AutoUpdateInterval
0 checks for updates every time the player launches.
>0 specifies the minimum number of days between check for updates.

AutoUpdateSettingsUrl
String specifies URL as destination for "Settings..." button in auto-update dialog. If this parameter is not set, Flash Player uses the Macromedia server.

AutoUpdateVersionUrl
Specifies the URL to retrieve XML file containing Flash Player update data. If this parameter is not set, the player uses the Macromedia server.

To disable the auto-update:
Open the mms.cfg file in a text editor.
Add the following auto-update setting:

AutoUpdateDisable=1

Save the mms.cfg file.

Close and restart Flash Player or the browser in which Flash Player is running.

You are not required to remove any other settings so that you can re-enable the auto-update feature and restore your original settings by removing this line (or setting its value to 0).

Disable Java Auto Download

The following article discusses this in more detail :

http://java.sun.com/j2se/1.5.0/docs/guide/deployment/deployment-guide/properties.html

For example, you could try creating a deployment.config file in the folder C:\Windows\Sun\Java\Deployment, which would contain the following line :

deployment.system.config=file\:C\:/WINDOWS/Sun/Java/Deployment/deployment.properties
 
and then create a new deployment.properties in the folder C:\Windows\Sun\Java\Deployment which would contain the following lines

deployment.javaws.autodownload=NEVER
deployment.javaws.autodownload.locked=
  

NOTE: Administrators will still be able to update via control panel, and will also be notified of available updates.

Update !

It seems that this still does not prevent the annoying java updater from nagging my users.
The easiest way to disable the updater is to rename the jucheck.exe and jusched.exe located in C:\Program Files (x86)\Common Files\Java\Java Update or C:\Program Files\Common Files\Java\Java Update on a 32bit installation.
 

How to add a manifest to a legacy application.

Copied verbatim from Klaus Bjorn Jensen's blog 

How to add a manifest to a legacy application (which you cannot or will not recompile)

I used mt.exe from Windows SDK

"C:\Program Files\Microsoft SDKs\Windows\v6.0A\bin\mt.exe"

to add a manifest to an existing legacy exe to make it Run As Administrator (with elevated privileges) on UAC enabled systems (Vista, Win7 , Win 2008 ...). Here's how:

1)Got a legacy exe file named KSDiag.exe

2)In the same folder create a text file named KSDiag.exe.manifest

3)Put the following lines into the text file:

[?xml version="1.0" encoding="UTF-8" standalone="yes"?]

[assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"]

[trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"]

[security]

[requestedPrivileges]

[requestedExecutionLevel

level="requireAdministrator"

uiAccess="False"/]

[/requestedPrivileges]

[/security]

[/trustInfo]

[/assembly]

Replacing [ with LessThan and ] with GreaterThan

4) Run command:

mt.exe /manifest KSDiag.exe.manifest /outputresource:KSDiag.exe;1

(1 for an EXE, 2 for a DLL
mt.exe –manifest MyApp.exe.manifest -outputresource:MyApp.exe;1
or
mt.exe –manifest MyLibrary.dll.manifest -outputresource:MyLibrary.dll;2
See also: http://msdn.microsoft.com/en-us/library/ms235591.aspx
http://msdn.microsoft.com/en-us/library/aa375649(VS.85).aspx )

Now KSDiag.exe has the manifest added to its resource section. On a UAC enabled OS it gets the shield icon and you get the administrator prompt when you try to run it.

Of course if the file was signed to start with you'll have to resign it.