Taking back control of Windows Update: Install Updates when you want to!

For years we were more than unsatisfied with the options we had to choose from to patch our Microsoft Windows Servers. Without additional utility you are restricted to the few options Group Policy offers. So as I am always searching for a simple but efficient solution to such a painful problem, I combined two fantastic tools, to a powerful Windows Update Scheduler: PDQ Deploy and ABC Update.

tl;dr: If you choose option “3 – Auto download and notify for install” for your WSUS Group Policy, you can take any advanced Task Scheduler like PDQ Deploy in combination with ABC-Update to install Windows Updates scheduled the way YOU want it to be!

Prologue, where is my problem?

First let’s take a look at the options Microsoft offers us and why I refuse to rely on those. If I’m not completely mistaken the only Policy to choose when to patch Windows Updates has been “Configure Automatic Updates” since ever: Continue reading “Taking back control of Windows Update: Install Updates when you want to!”

Fix: Google Chrome Enterprise 58.0.3029.96 breaks on XenApp 6.5 / Windows Server 2008 R2 – UPDATE

Fast published to help everyone else, so sorry for any typos or grammatical errors! ty

On Tuesday the 2nd May 2107 Google published a new update for Google Chrome Enterprise 58.0.3029.96. After this update, nearly all of our XenApp 6.5 customers informed us, that Google Chrome stopped working for them. The browser itself opens, but it never displays any content:

Continue reading “Fix: Google Chrome Enterprise 58.0.3029.96 breaks on XenApp 6.5 / Windows Server 2008 R2 – UPDATE”

Tablacus Explorer is an awesome replacement for explorer.exe as a #XenApp published Application!

In XenApp projects you always face the challenge to decide whether to deploy a published Desktop or different published applications for the users. Many times you will have to use a combination of both. Especially in the published application use-case, you have to find a way to allow your users manage their files with a file explorer. This might not be a problem for Fat-Client users with their Windows 10 Notebooks inside the corporate LAN. Those can simply run their local file explorer and access smb shares.

Continue reading “Tablacus Explorer is an awesome replacement for explorer.exe as a #XenApp published Application!”

HowTo fix Windows Update on a fresh Windows 7 or Windows Server 2008 R2 installation

A common problem on fresh Windows 7 or Windows Server 2008 R2 installations is, that the Windows Update Agent is way to old to contact Microsoft for updates. After quite a bit research and help from my twitter colleague René Bigler I found the necessary updates to fix this issue.
Continue reading “HowTo fix Windows Update on a fresh Windows 7 or Windows Server 2008 R2 installation”

Windows Server 2008 R2 – Update cleanup with cleanmgr.exe

After many years with with Windows Server 2008 R2, we received over 200 different Windows Updates. The c:\ partition grows year after year. Among other things, Windows Updates creates uninstall information for every installed update. So if you ever needed, you could revert a single update. There are systems where this is crucial, but there are also many Windows Servers, where we know that this will never be necessary. In this case, you have the ability to use cleanmgr.exe to remove the following things automatically:

  • Downloaded Program Files
  • Internet Cache Files
  • Offline Pages Files
  • Previous Installations
  • Recycle Bin
  • Service Pack Cleanup
  • Temporary Setup Files
  • Thumbnail Cache
  • Update Cleanup
  • Upgrade Discarded Files
  • Windows Upgrade Log Files

The trouble is, that these options are only available, if you install the Desktop Experience feature. And we all know that we don’t want that on each and every system.

But there is a solution, although it’s unsupported. This description, although thoroughly tested, is provided as-is, and I grant no warranty. Continue reading “Windows Server 2008 R2 – Update cleanup with cleanmgr.exe”

Update: Microsoft veröffentlicht “SP1 convenience rollup” für Windows 7 statt Service Pack 2

Grade eben im Technet Blog gelesen. Da die Update-Orgie bei Windows z und Server 2008 R2 inzwischen zu einem wahrem Horror verkommen ist, veröffentlicht Microsoft ein “SP1 convenience rollup” was alle Updates seit dem SP1, bis einschließlich April 2016 beinhaltet! Dass ich das noch erleben darf. Der Name Service Pack wird meines Wissens nach bewusst weg gelassen, da sich mit einem SP in der Vergangenheit auch immer der Support Zeitraum verlängert hat.

Continue reading “Update: Microsoft veröffentlicht “SP1 convenience rollup” für Windows 7 statt Service Pack 2″

HowTo: Enable LDAP over SSL with a third-party certification authority

Nachdem ich letzte Woche den neusten NetScaler 11 Kurs für XenApp Administratoren besuchen durfte (CNS-222 Early Access), stand ich vor dem Problem, mich endlich mal mit Secure LDAP (LDAPS) auseinander setzen zu müssen. Bei uns wird fast immer auf die Microsoft eigene PKI (Microsoft Certificate Authority aka the AD-CS role) verzichtet. Stattdessen setzen wir auf OpenSSL in Verbindung mit TinyCA (Linux) oder xca (Windows). Nach ein bisschen Recherche hat sich das ganze als doch Recht einfach herausgestellt. Hier nun meine Ergebnisse:

Continue reading “HowTo: Enable LDAP over SSL with a third-party certification authority”