How to do provisioning with the KSMA in Windows | 2018 guide

In this article I will list all things you need to modify in your machines in order to get the KSMA to do provisioning on Windows

* Be sure that you can access the K1/SMA Samba 
    * If you can't open the samba, check if SMBv1 is enable, and if it isn't, enable it and follow this other ITNinja enablesmb1
* Turn off your firewall (for both Win7 and Win10)
* Allow netlogon in your firewall
* Disable UAC, or set it to never notify
* In your Local GPOs, set to "Disabled" the User Account Control: Admin Approval Mode for the Built-in Administrator account (see image for detailed location)
* Use a Local admin account ALWAYS
* Disable any antivirus in your machine, if using Defender in Windows 10 disable the Real-Time protection every time you reboot the machine




If after doing all of this you keep getting NT_STATUS_ACCESS_DENIED, do this to FULLY disable UAC.

With all those settings I was able to fully provision even a Windows 10 1803 machine.
Be the first to comment

Report/Custom Inventory Rule (CIR) on all installed USB Devices

Had a request from someone this week about a way to pull every single USB device that Windows is reporting into the KACE SMA

Here's what I came up with:

ShellCommandTextReturn(cmd /q /c powershell.exe -command "Get-WmiObject -Class CIM_LogicalDevice | Where-Object -FilterScript {$_.Description -like 'USB*'} | Format-List -Property Manufacturer,Name,Caption,Status,StatusInfo)

Here is what the output looks like:


This could also be massaged down and filter out unwanted items, such as the Generic USB Host Controller an stuff like that. 

What do you guys think?

Be the first to comment

Windows 10 is coming!! Are you ready to migrate?


As the "End of Life" date for Windows 7 grows ever closer, are you ready to move from a tried and tested operating system to the brave new world of Windows 10?

Whether your environment is 20 or 2000 there is a level of consideration that must be given to understanding what you currently support, from an application and functional perspective. As knowing what you will need to keep your business running is key to surviving the migration.

You need an understanding of the impact that the perpetual development and release life cycle of Windows 10 will have on your approach to ongoing support, control of your standard image and strategy for updating and patching, to ensure that support costs do not escalate.

You will need to design a fresh build or set of builds that can be deployed efficiently and satisfies the ongoing requirements of your business, ensuring that downtime during the migration is minimised and data is protected.YnV1Ue.jpeg

Join us for an informative web session, hosted by Quest Software, to learn how KACE has the power to help you plan, design and implement a standardised Windows 10 environment.

We will show you how to gather valuable business information using the System Management Appliance and demonstrate how the System Deployment Appliance provides a flexible platform from which you can implement all that is powerful in Windows 10 and remove all the non corporate distractions. We will also talk through the shortcuts you can take with our help for key initiatives such as encryption, domain management and application deployment using the KACE platform

Click this link to register - 11th October 2018 @ 3pm GMT

Be the first to comment

Import-StartLayout KACE SDA


Seen a lot of post's regarding Import-StartLayout and I thought I'd share how I got it working for KACE users and hopefully it will help you all out too.

You can do this a few ways, I find the best way is to Export to a Share and call it via KACE or Upload to KACE and call it from the Directory. 

  1. On a machine standardize your Start bar & Taskbar
  2. Open Powershell ISE as Admin and use the following command line

    Export-StartLayout.xml -Path \\PATH\Share\StartTaskLayout.xml

  3. Open & Edit the 'StartTaskLayout.xml' by copying the following to the very beginning of the XML.

    <?xml version="1.0" encoding="utf-8"?>

  4. Now add the following below '<\DefaultLayoutOverride>' this allows for Taskbar customisation

    <CustomTaskbarLayoutCollection PinListPlacement="Replace">

  5. You must now add in the applications you want to be pinned to the taskbar, these must be correct folder locations. ##See below for Word,Excel,Outlook,FileExplorer,Chrome & Snipping tool, taskbar layout.

    <taskbar:DesktopApp DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Word.lnk" />
        <taskbar:DesktopApp DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Excel.lnk" />
        <taskbar:DesktopApp DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Outlook.lnk" />
        <taskbar:DesktopApp DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk" />
        <taskbar:DesktopApp DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk" />
        <taskbar:DesktopApp DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk" />

  6. Now add the end code below the above code.


  7. Save this file in your UNC path.

  8. In Powershell ISE (Admin) use the following and save it as 'ImportStartLayout.ps1' file.

    Import-StartLayout -LayoutPath "\\Path\Share\StartTaskLayout.xml" -MountPath -C:\

  9. You can now upload 'ImportStartLayout.ps1' to your KACE SDA as a Post Installation Task > Choose Action New > Powershell Script and you're good to go.


  10.  For anyone not wanting to call it from a NAS you can zip up the 'StartTaskLayout.Xml' along with a Powershell Script containing the following

    Import-StartLayout -LayoutPath "$PSScriptRoot\StartTaskLayout.xml" -MountPath -C:\

    ##$PSScriptRoot calls the current directory just like %dp0

  11. After all of that you should get something like this

One of my first blogs on here, so apologies if I've missed something, if you'd like more info drop me a message and I'll get back to you, hopefully this helps in standardising Windows 10.

Hopefully this helps.
View comments (1)

Netburner Virtual Comm Port 2.1 - Silent Setup Nightmare

We’re trying to package the following software: Netburner Virtual Comm Port 2.1
Source location: https://www.netburner.com/support/doc-s-and-downloads/sb800-ex/deployment-tools-25

If run in mode 'win32' (attended installation) the software installs fine except for the fact that the vsbsetup.exe has an expired certificate.

Prepopulating that certificate in the ‘Trusted Publishers’ store for the local machines suppresses the ominous warnings during the install, but this is of course not a recommended way of working in a production environment and should be fixed by Netburner as soon as possible.

When deploying this application for enterprise use we need to be able to do an unattended silent setup… This is when the real misery starts…

The installer package uses a Bitrock InstallBuilder package framework. Parameters can be passed to the setup file as explained by the ‘VirtualCommPort-2.1.exe --help’ command.

A pretty straight-forward packaging job, right?

The attended setup has 2 dialog windows with choices:

- Installation folder
  Our company policy prohibits us from installing directly on the root drive, so we wish to change this to another location than the default proposed ‘C:\nburn’
- Operating system
  Weird that the setup does not know which operating system it is running on, but okay… Let’s roll with it.

Running the below command seems to be what we want:
VirtualCommPort-2.1.exe --unattendedmodeui none --mode unattended --installer-language en --prefix "C:\Program Files (x86)\VirtualCommPort-2.1" --os nt6x64

Warning: case-sensitive parameters!!

The result is that the alternative installation directory is completely ignored and the installation happens anyway in the default C:\nburn folder.
But even worse, the installation only succeeds in half of its actions as can be read in the log file created in the %temp% folder.

By reading the Bitrock InstallBuilder user guide, I believe this is just a poor packaging job by NetBurner as unattended mode installs are possible with the framework.

The only way we could make this work is:
1) Prepopulate the expired certificate in the Trusted Publishers store for the local machine
2) Copy the C:\nburn folder manually (captured from a manual install) before starting the setup
3) Run the unattended setup by executing command:
VirtualCommPort-2.1.exe --unattendedmodeui none --mode unattended

Then the setup runs silently but still installs to the C:\nburn folder instead of our preferred location.

Hope they fix this in a future release...

Be the first to comment
Showing 1 - 5 of 3230 results