I'm currently working for a project, where we are actively monitoring installed applications in our Windows environment (We have lot's of Windows 7 Workstations + SCCM 2012)
We are currently struggling to keep track of Spotify, Dropbox and all of these programs that install under user profile. They will show up locally in Add&Remove Programs list, but when using SCCM reports or queries, we cannot get any results anywhere.
Is it possible to detect these installations somehow through SCCM or other methods?
Thanks!
If it is not detected by hard or software inventory then it should at least always be possible using software metering.
A detailed guide on how to use it can be found here.
The basic steps to make it work are
- Enabling it in the client settings
- Generating a rule under "Assests and Compliance" - "Software Metering"
Note that you can use a * as placeholder for version number.
Before you look to expand your configuration(possibly enabling additional features), run "resource explorer" on one of your SCCM clients that you know this software to be installed on. Flip through all of the resources inventoried to verify there is no mention of "dropbox". It's quite possible that installation is might be reflected in a different attribute class than what you are querying.
I wrote a comphensive guide, using Spotify as the example on how to inventory and then report and even automatically uninstall using SCCM if you want to take a look at that.
Its a long guide that shows ways of using Power BI, inventory exe files and auto removal, so this is the full article: https://blog.techygeekshome.info/2019/10/remove-spotify/
However, if you just want to report on Spotify, the jist of it is this:
Open the SCCM Console
Go to Administration > Overview > Client Settings
Edit Your Default Device Settings
Go to Software Inventory
Click Set Types button
Click the yellow sun (new) icon
Type in spotify.exe
Configure the other settings how you want or leave as default
Click OK and exit the Settings
Query the collected data then using an SQL query like this:
SELECT DISTINCT
COMP.UserName0 AS [User],
COMP.Manufacturer0 AS [Make],
COMP.Model0 AS [Model],
COMP.Name0 AS [Computer],
SYS.SystemType0 AS [Architecture],
SWI.ModifiedDate AS [Install Date],
SWF.FileName AS [Filename],
SWF.FileDescription AS [Product],
SWF.FileVersion AS [Version]
FROM v_GS_SYSTEM SYS
INNER JOIN SoftwareInventory SWI
on SYS.ResourceID = SWI.ClientId
INNER JOIN SoftwareFile SWF
on SWF.ProductId = SWI.ProductId
INNER JOIN v_GS_COMPUTER_SYSTEM COMP
on SYS.ResourceID = COMP.ResourceID
WHERE SWF.FileName = 'spotify.exe'
Related
I have approx 22 vb.net windows form based projects that are run by different users throughout my company. I publish them using one-click to a network server, then install on each user computer using the set-up file on that server. That way, when I publish an update, it is automatically pushed to each user when they open their programs.
I'd like to consolidate all of this into 1 program. So for example, the Accounting dept, IT Dept, and Customer Service Dept would all have the same icon/program to open, and they choose which program specific to them to open from that main menu. The goal is to remove all 22 programs from user computers and only have 1 installed that runs each individually (somehow).
My dilemma is program updates. When I update a program for the Accounting Dept, IT doesn't need that update. But since it would be only 1 installation and 1 publish, every user on the network would receive updates not relevant to them. So how do I create one main program "hub" for all users that only receives updates to the programs that they need?
You can launch the click once programmatically
Dim url = "\\Software\Production\ClickOnceApp\ClickOnceApp.application"
Process.Start("rundll32.exe", "dfshim.dll,ShOpenVerbApplication " & url)
Just point to the url on your server, where it's installed from. This will launch the app the same way windows does, so it would check for updates when it's run as if it's run from the start menu.
Then you could maintain a list of 22 applications' names and locations in the 23rd app's settings, xml, sql, etc., and add user groups, permissions, etc.
It could be a winforms app which provides buttons according to the configuration above for launching all these apps. Yes, I think this is actually a pretty neat idea.
We recently upgraded from TFS 2010 to TFS 2015. Everything appears to be fine post-upgrade, but we are getting the error "The item is locked in workspace (null);(null)." on some source control files. It looks like we have some orphaned locks that need to be tracked down and cleaned up, but the tbl_lock database table is not on the database, so the following select query won't work:
select * FROM tbl_Lock l
LEFT JOIN tbl_PendingChange pc
ON l.PendingChangeId = pc.PendingChangeId
WHERE pc.PendingChangeId IS NULL
Does anyone know how to detect and remove these locks in TFS 2015?
I also installed the TFS power tools, and neither Visual Studio 2015 nor the power tools are picking up the locks.
Updated:
BTW, when I run the SELECT query to find out where PendingChangeId is NULL, I get back no rows. I think the trick is the LEFT JOIN. PendingChangeId would be NULL when tbl_Lock also had no record for the PendingChangeId on tbl_PendingChange (and thus the lock was orphaned). So I'd still need to know where the PendingChangeId should normally be joined to in TFS 2015, to identify which files have a lock that is bad. (Or where a workspace no longer exists, which may be another possible source for the issue.)
And I also still need to know how to clean up those bad locks. I'd prefer to do this using the tools, either via the GUI or the command line, but could also do this programmatically either using the API or the TFS Object Model files for TFS 2015.
I really would rather only touch the database directly as a last ditch resort. And I would also rather use tf vc destroy on the item as a last ditch resort as well, since that would wipe out all history on the files.
Update 2
Aha! I think I found a way to identify the files, and it looks like my thinking for what happened may be correct. Unfortunately, I had to probe the database using a READ UNCOMMITTED query to find the information. I couldn't get at this information programmatically or using the tools. (They all showed or acted like the file is not checked out.) The query that I used on TFS 2015 was:
select pc.* from tbl_PendingChange pc
left join tbl_Workspace ws on pc.WorkspaceId = ws.WorkspaceId
where ws.WorkspaceId is null
This returned the three files that have the (null);(null) lock on our database, because the WorkspaceId listed on tbl_PendingChange does not exist anymore on tbl_Workspace.
How did this happen? Our CI server uses temporary TFS workspaces. I think what happened after the upgrade is that our CI server went to check out the file and apply an update to it. (For example, to increment version numbers as part of the build process.) It checked out the file, but failed to apply the update. (Our tools like working with Server workspaces, but it may have ended up with a Local workspace and thus the file was still checked in Local, but checked out on the Server. Thus the change to the file couldn't be applied.) The code that we are using performs a workspace.Delete operation when the process completes, so the workspace was deleted - even though the workspace still had the file checked out! So this created an orphan record on tbl_PendingChange that isn't linked to any Workspace, and thus the file is still locked with pending changes. But the GUI and tools aren't seeing it as such, because they're not realizing the pending change's workspace is non-existent.
So this brings me back around to how do I fix this? If someone knows of a way to get at these orphaned pending changes, I'd appreciate it. I tried using:
TfsTeamProjectCollection tfsTeamProjectCollection = TfsTeamProjectCollectionFactory.GetTeamProjectCollection(new Uri(szProjectUri));
VersionControlServer versionControlServer = tfsTeamProjectCollection.GetService<VersionControlServer>();
string[] items = new[] { ... server item path ... };
PendingSet[] queryPendingSets = versionControlServer.QueryPendingSets(items, RecursionType.None, null, null);
PendingSet[] getPendingSets = versionControlServer.GetPendingSets(items, RecursionType.None);
but these aren't finding the orphans.
Update 3
I finally installed Team Foundation Sidekicks 2015 and gave it a try - status tool specifically, but then other tools. It's finding pending changes, but not the orphaned ones.
You can use Team Foundation Sidekicks to search and undo lock by following steps:
Install the tool and launch it.
Select TFS server to connect.
Select "Tools\Status Sidekick".
Set the "Search criteria" for the information you want.
Click "Search" button.
Select the locked file and click "Unlock lock" button.
You can using below command to undo the pending changes:
tf undo "file_path" /workspace:workspace_name
Or you can just use below command to delete the old workspace
tf workspace /delete /server:your_tfs_server workspace;username
From Visual Studio 2015 GUIļ¼
File -> Source Control -> Advanced -> Workspaces...
In the dialog that came up, check "Show remote workspaces" and the locked workspace came up in the window. Then selected it and click "Remove".
Details about it, please check this blog and more ways to resolve this you can refer the similar question: What do you do if the file in TFS is locked by someone else?
Update:
According to the sql query. It's looking for .PendingChangeId IS NULL . You can use the similarly tbl_PendingChange under collection database. However, it's not a commendatory method. Since operate directly in the TFS database is not recommended.
The following command has cleared up the pending changesets that were orphaned:
tf vc destroy <itemspec> /startcleanup
After running this command, the file was able to be added back to TFS, and the file could be checked in and out and edited as normal. Running the query:
select pc.* from tbl_PendingChange pc
left join tbl_Workspace ws on pc.WorkspaceId = ws.WorkspaceId
where ws.WorkspaceId is null
also showed that the pending changeset record related to this file was gone as well.
Microsoft's documentation on this command can be found at https://msdn.microsoft.com/en-us/library/bb386005.aspx. Before using this command, you should review the documentation carefully and be sure to understand the consequences of using it.
Because this command permanently removes files and potenally all history from TFS - and does so recursively - you need to take precautions and be absolutely certain that you are targeting the command correctly. So before using this command, I would recommend taking the following additional precautions:
Stop all user and external accesses to TFS and any other software that may be running from the machine.
Make sure to run a full backup of TFS and any other databases located on the machine.
If you can, take a snapshot in time of the server.
That way if something goes horribly wrong, you will have one or more points to fall back on.
I use TFS , My question is how can i sure about that developer who work on a project can not copy source file and evict or extract them from office by Email,flash memory,USB,... ?
Is there any solution with TFS?
Can anyone help me?
TFS has no ability to do this, once a file has been retrieved from TFS it is just another text file on your computer you will have to use other tools to do what you want.
Opening it up to tools outside of TFS it is extremely difficult to do what you want to do but it is possible. Your best option is contact a security firm that often works with government defense contractors and have them set up your network IT security, some government defense contractors have the same requirements as you list and they would know all the things you would need to do.
Off the top of my head some of the things you will likely need to do is:
Use group policy to block writeable media from being used to block flash drives and CD-Rs.
Block internet access to stop webmail.
Block printing to stop people printing out the source then using a scanner and OCR software on another computer to turn it back in to code.
Not allow any device that can take photographs in areas where source code may be on screen as the same OCR procedure could be done with photographs.
This list is no where near complete and I would recommend contacting a security firm to get a complete list.
I am extremely new to Ms-Access. I have a central back end access database in server computer. And all the users have the front end user interface installed on their system.
Now, whenever I make any changes to the interface in my local, i need to re-install the updated interface on each of their system. Is their any way that i can do so that i will make the changes only on my local and it will be automatically reflected on all the users' systems.
Thank you.
Ok there are a couple of options that you can do to either fully or paritally automate this process.
Partial Automation
If you don't have a lot of users and you don't want to do a great deal of coding you can write a simple batchfile or vbs file which you set up on the users desktop as an icon. Batch file code would show the following type of information.
#Echo Off
REM Copy your file from server location to local user machine
xcopy "F:\ServerDirectory\databasename.mdb" "C:\ClientDirectory\databasename.mdb" /E /Y /R
Set this up on the users machine as an icon and whenever you want them to update their front end ask them to double click the icon. This will overwrite their client with whatever you place in the location on the server. It is advisable to create all table links to the database back end having UNC paths as well.
I have used this successfully for various applications - I make changes to the front end place in appropriate location on the server and then do a quick e-mail to people just to ask them to double click the bat file icon.
Full Automation
Programmatically set version control up using visual basic so the client checks version number of the client against a server number and if the client is not the latest will download a new version.
This is more involved and full instructions are available here.
Front End Auto Update
When you deploy an MS Access solutions like this, you need to decide whether to share the client MDB file between all users, or distribute copies to each user. It sounds like you have taken the second option. Each choice has merits and disadvantages. If you stay with the current approach, you might look at a scripting option to deploy updated client MDB files between users.
I need to dual boot 2 different task sequences (Win7 images) for different Pc types which require different drivers, we have 2 images one for staff and student which can be added to a particular task sequence.
I need to create a portable solution for cloning without the network using 2 different SCCM (System Center Configuration Manager) task sequences. At the moment I go through the usual steps of creating a boot media via the Configuration manager, but there seems to be know way to create a script that changes the task media on the fly so you can select which OS image.
I was looking at a possible solution using YUMI (a Usb boot tool) but each bootable image requires an ISO. The task sequence image is around 8GIG.
We use SCCM 2007. (Still awaiting for a budget to upgrade to 2012 :) )
It sounds like you want to boot two different .WIM images.
Out of the box, I haven't found any tool from MS that will allow this. I have gotten around this discrepancy by renaming the .WIM I want to use to BOOT.WIM in the \SOURCES directory.
That is the name of the .WIM that gets used by all the default settings. You have to rename the file before you attempt to boot from the USB device, but it doesn't take long and could be scripted without much effort.
Theoretically, it should be possible to configure the BCD on the USB device (\EFI\MICROSOFT\BOOT\BCD or BOOT\BCD, depending on how the computer is configured to boot) so that you could choose which .WIM to use at boot time without the need to do any messy renaming. I haven't gotten this to work yet (mostly due to lack of time/urgency), but I did write down what I had done so far. I found some useful information about booting to .WIM's from windowsitpro.com.