API for MSP Providers

I need a solution

My company is an MSP Provider and we offer Symantec Cloud Endpointprotection to our clients.  We have hundreds of client’s utilizing this product, and we wish to continue using this product and offering to our clients, but our setup time is getting to be beyond our desired scope time frame.  We are looking for a way to utilize powershell that can connect to an API or the Partner Console itself to automate creating new clients under our Partner Portal.  We would then like the ability to be able to create the client admin and connect to the client portal with the client admin and configure the client via powershell with the hopes of finally being able to download the packages directly to our client servers. This type of functionality would greatly increase our productivity and more importantly allow us to ensure our clients are standardized with our setups across the board with no human error involvement.  I am sure other client’s would love to utilize this as well and could become an important selling tool for other MSP offerings.

0

Related:

  • No Related Posts

Error Id: XDDS:C46CE32B You may be unable to run Automatic/Manual Site Upgrade from Citrix Studio during an upgrade from XenApp 7.6 LTSR CU4 to XenApp 7.15 LTSR CU2

You may be unable to run Automatic/Manual Site Upgrade from Citrix Studio during an upgrade from XenApp 7.6 LTSR CU4 to XenApp 7.15 LTSR CU2

The upgrade fails with following exception

Error Id: XDDS:C46CE32B

Exception:

Citrix.Console.Models.Exceptions.ScriptException Cannot validate argument on parameter ‘DatabaseName’. The character length (0) of the argument is too short. Specify an argument with a length that is greater than or equal to “1”, and then try the command again.

DesktopStudio_ErrorId : UnknownError

Sdk Error Message : Cannot validate argument on parameter ‘DatabaseName’. The character length (0) of the argument is too short. Specify an argument with a length that is greater than or equal to “1”, and then try the command again.

Sdk Error ID : ParameterArgumentValidationError,Citrix.Monitor.Sdk.Commands.GetMonitorDBVersionChangeScriptCommand

ErrorCategory : NotSpecified

DesktopStudio_PowerShellHistory : GetDatabaseUpgradeScriptsScript

mm/dd/yyyy hr:mm:ss AM/PM

Get-ConfigRegisteredServiceInstance -AdminAddress “localhost” -MaxRecordCount 1

Get-ProvInstalledDBVersion -AdminAddress “<servername.domainname:80>” -Upgrade

Get-ProvDBVersionChangeScript -AdminAddress “<servername.domainname:80>” -DatabaseName “<Database name>” -TargetVersion “7.6.3000.0”

Get-HypInstalledDBVersion -AdminAddress “<servername.domainname:80>” -Upgrade

Get-HypDBVersionChangeScript -AdminAddress “<servername.domainname:80>” -DatabaseName “<Database name>” -TargetVersion “7.6.3.0”

Get-MonitorInstalledDBVersion -AdminAddress “<servername.domainname:80>” -DataStore “Site” -Upgrade

Get-MonitorDBVersionChangeScript -AdminAddress “<servername.domainname:80>” -DatabaseName “<Database name>” -DataStore “Site” -TargetVersion “7.6.2000.0”

Get-BrokerInstalledDbVersion -AdminAddress “<servername.domainname:80>” -Upgrade

Get-BrokerDBVersionChangeScript -AdminAddress “<servername.domainname:80>” -DatabaseName “<Database name>” -TargetVersion “7.6.3000.0”

Get-MonitorInstalledDBVersion -AdminAddress “<servername.domainname:80>” -DataStore “Monitor” -Upgrade

Get-MonitorDBVersionChangeScript -AdminAddress “<servername.domainname:80>” -DatabaseName “” -DataStore “Monitor” -TargetVersion “7.6.1000.0”

: Cannot validate argument on parameter ‘DatabaseName’. The character length (0) of the argument is too short. Specify an argument with a length that is greater than or equal to “1”, and then try the command again.

+ CategoryInfo : InvalidData: (:) [Get-MonitorDBVersionChangeScript], ParentContainsErrorRecordException

+ FullyQualifiedErrorId : ParameterArgumentValidationError,Citrix.Monitor.Sdk.Commands.GetMonitorDBVersionChangeScriptCommand

Related:

  • No Related Posts

Symantec Blocking Outlook Rule Powershell Script.

I need a solution

I have a Outlook client rule running on a virtual machine that runs a VB script upon receiving mail. This script calls a powershell script that writes data from specific emails to a database. This worked great without fail for about a year. I’m not sure what exactly triggred the problem, probably an upgrade to the Symantec client or definitions I’m guessing, but now this script gets blocked by Symantec client. I have added exclusions to the file powershell.exe, but this does not seem to solve the problem. My only solution thus far has been to actually disable the Symantec client on that machine, and maybe that’s ultimately the final solution. I realize there are a lot of dangers going around with malicious powershell scripts and Outlook which is probably the reasoning behind this heightened security, but I am careful with this one box that has these rules, and really need this script to function. Is there any way to green light powershell scripts or specific ones without disabling Symantec entirely?

0

Related:

  • No Related Posts

StoreFront Loopback Feature

Citrix recommends that you modify the hosts file on your StoreFront servers to ensure that Receiver for Web always talks to the local StoreFront server instead of the load balancer. In StoreFront 3.0, we leverage a new feature in the .NET Framework 4.5 to implement loopback communication between Receiver for Web and the rest of StoreFront Services.

This is configurable using PowerShell cmdletSet-DSLoopback, which syntax is

Set-DSLoopback [-SiteId] <Int64> [-VirtualPath] <String> ` [-Loopback] <String>

[[-LoopbackPortUsingHttp] <Int32>]


User-added image

The valid values for Loopback are:

  • On – This is the default value for new Receiver for Web sites. Receiver for Web uses the schema (HTTPS or HTTP) and port number from the base URL but replace the host part with the loopback IP address to communicate with StoreFront Services. This works for a single server deployment and a deployments with a non SSL-terminating load balancer.

  • OnUsingHttp – Receiver for Web uses HTTP and the loopback IP address to communicate with StoreFront Services. If you are using an SSL-terminating load balancer, you should select this value. You have to also specify the HTTP port if it is not the default port 80.

  • Off – This turns off loopback and Receiver for Web uses the StoreFront base URL to communicate with StoreFront Services. If you perform an in-place upgrade this is the default value to avoid disruption to your existing deployment. For example, if you are using an SSL-terminating load balancer, your IIS is configured to use port 81 for HTTP and the path of your Receiver for Web site is /Citrix/StoreWeb, you can run the following command to configure the Receiver for Web site:

    Set-DSLoopback -SiteId 1 -VirtualPath /Citrix/StoreWeb ` -Loopback OnUsingHttp -LoopbackPortUsingHttp 81


Switch off loopback if you want to use any web proxy tool like Fiddler to capture the network traffics between Receiver for Web and StoreFront Services. Delegating Authentication to the Backend Providers StoreFront 2.x always communicates with the Active Directory to authenticate users. This requires that the domain hosting StoreFront servers has at least one-way external trust to the domain hosting the backend XenApp/XenDesktop farms/sites. This may not be possible in some deployments. StoreFront 3.0 adds the capability to delegate authentication to the XenApp/XenDesktop farms/sites. This can be enabled by running the following PowerShell commands. Replace the store and authentication virtual paths appropriately.

## set some variables relevant to your deployment $SiteId = 1 $StoreVirtualPath = “/Citrix/Store” $AuthenticationVirtualPath = “/Citrix/Authentication” # change auth service to use XML Service auth instead of domain auth Set-DSXmlServiceAuthentication -SiteId $SiteId -VirtualPath $AuthenticationVirtualPath $fs = @(Get-DSFarmSets -IISSiteId $SiteId -VirtualPath $StoreVirtualPath) | where { $_.Name -eq “Default” } Update-DSFarmSet -IISSiteId $SiteId -VirtualPath $AuthenticationVirtualPath -Farmset $fs

Note: From StoreFront 3.5 and newer, you can enable loopback in the StoreFront Console.

Related:

  • No Related Posts

Meltdown and Spectre patch report – need some help

I need a solution

Ok so first is first..

thank you @Brandon in this thread https://www.symantec.com/connect/forums/meltdown-p…

which he recommends custom inventory from here https://www.symantec.com/connect/forums/invaexosqu…

​This works… for windows 7. Works great… BUT Windows 10 and other Server O/S – it wont work.
 

During my searching I hit this article… http://www.thewindowsclub.com/check-windows-update…

​Now it is awesome.. the top part didnt bring all i needed but if you follow down farther… he has code to query the update history. This is great…

I ran it but it didnt go back far enough so I changed his 0,50 to 0,550 and now the patch shows!!!!
2018-01 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4056890)

so.. now the help I need…

​How does one take a powershell script and create variables that can be then inventoried in via Altiris?

​I have done custom inventories but always using vbs to query registry, etc…
​Any guidance on this as I bet it will help many others!!!!

****************************
​try it –  put the following into powershell ise
​****************************
 

# Convert Wua History ResultCode to a Name # 0, and 5 are not used for history # See https://msdn.microsoft.com/en-us/library/windows/desktop/aa387095(v=vs.85).aspx
function Convert-WuaResultCodeToName
{param( [Parameter(Mandatory=$true)]
[int] $ResultCode)
$Result = $ResultCode
switch($ResultCode)
{2
{$Result = “Succeeded”}
3
{$Result = “Succeeded With Errors”}
4
{$Result = “Failed”}}
return $Result}
function Get-WuaHistory
{
# Get a WUA Session
$session = (New-Object -ComObject ‘Microsoft.Update.Session’)
# Query the latest 1000 History starting with the first recordp
$history = $session.QueryHistory(“”,0,550) | ForEach-Object {
$Result = Convert-WuaResultCodeToName -ResultCode $_.ResultCode
# Make the properties hidden in com properties visible.
$_ | Add-Member -MemberType NoteProperty -Value $Result -Name Result
$Product = $_.Categories | Where-Object {$_.Type -eq ‘Product’} | Select-Object -First 1 -ExpandProperty Name
$_ | Add-Member -MemberType NoteProperty -Value $_.UpdateIdentity.UpdateId -Name UpdateId
$_ | Add-Member -MemberType NoteProperty -Value $_.UpdateIdentity.RevisionNumber -Name RevisionNumber
$_ | Add-Member -MemberType NoteProperty -Value $Product -Name Product -PassThru
Write-Output $_}
#Remove null records and only return the fields we want
$history |
Where-Object {![String]::IsNullOrWhiteSpace($_.title)} |
Select-Object Result, Date, Title, SupportUrl, Product, UpdateId, RevisionNumber}

Then run this…
Get-WuaHistory | Format-Table

0

1526499238

1255181

Related:

  • No Related Posts

Symantec DLP 15 not applied a policy via an AD group until restart the agent

I need a solution

Hi guys, i made a policy to block all user’s action if it made 2+ incident per 10 minutes.

what i’ve done: i made a DLP policy, and linked it with AD Group

Then i’ve made powershell scrypt which check our information mailbox, and if there are 2 or more messeges per sender in 10 minutes (scrypt’s schedule), it’ll add user’s account to AD group which i’ve add to policy “BLOCK ALL” 

And it works, but only after PC’s agent restart. I tried to wait 2 days, and nothing, but if my scrypt add user to AD group, and then i restart agent it works now.

how to made quick work, without agent restart. 

Also if i add user via Enforce Server it works in a 2-3 minutes without agent restart

0

Related:

  • No Related Posts

How to Configure XenDesktop for SQL Database Mirroring

Configuring a Site for Use with a Mirrored Database

To configure a XenDesktop site for use with a mirrored SQL Server database, complete the following steps:

  1. Create an empty database on the principal with the “Latin1_General_100_CI_AS_KS” collation sequence.

    Note: If you plan to change the location of your secondary databases (Configuration Logging and Monitoring databases), you can create two more empty databases as above.

  2. Configure the mirror and notice that it starts mirroring. For more information, see How to: Prepare a Mirror Database for Mirroring (Transact-SQL)

  3. Deploy Desktop Studio using Advanced Deployment in one of the following ways:

    1. Create the database automatically; mirroring is detected without user intervention.

    2. Create the database manually; two scripts are generated: one to be executed on the principal and one to be executed on the mirror. If you are executing the scripts using SQL Server Management Studio, enable the SQLCMD mode before executing the scripts. After executing the scripts, test the database connection by clicking Test connection and continue through the remainder of the wizard.

To verify mirroring after the wizard has completed, run the PowerShell cmdlet get-configdbconnection and ensure that the Failover Partner is set in the connection string to the mirror.

Note: If you created separate database locations for the Secondary databases, you can follow the instructions at http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-5/cds-install-config-intro/cds-change-db-location.html to change the location of Configuration Logging and Monitoring database. At this point the main database along with the secondary databases are in the same location.

Joining a Controller

To join a XenDesktop controller to an existing site that is configured to use a mirrored SQL server database, run the Join Existing Site wizard in one of the following ways:

  • Update the database automatically; mirroring is detected without user intervention.

  • Update the database manually; two scripts are generated: one to be executed on the principal and one to be executed on the mirror. If you are executing the scripts using SQL Server Management Studio, enable the SQLCMD mode before executing the scripts.

To verify mirroring after the wizard has completed, run the PowerShell cmdlet get-configdbconnection and ensure that the Failover Partner has been set in the connection string to the mirror.

Removing a Controller

To remove a XenDesktop controller from an existing site that is configured to use a mirrored SQL server database, run the Remove Controller wizard in one of the following ways:

  • Update the database automatically; mirroring is detected without user intervention.

  • Update the database manually; two scripts are generated: one to be executed on the principal and one to be executed on the mirror. If you are executing the scripts using SQL Server Management Studio, enable the SQLCMD mode before executing the scripts.

Related:

  • No Related Posts

Windows Login Prompt When Launching Published Resources

On StoreFront

1. At a command prompt, type the following command to configure the user authentication method for users accessing the store through the XenApp Services URL.

& “installationlocationScriptsEnablePnaForStore.ps1” –SiteId iisid

–ResourcesVirtualPath storepath –LogonMethod {prompt | sson | smartcard_sson}


Where installationlocation is the directory in which StoreFront is installed, typically C:Program FilesCitrixReceiver StoreFront. For iisid, specify the numerical ID of the Microsoft Internet Information Services (IIS) site hosting StoreFront, which can be obtained from the Internet Information Services (IIS) Manager console. Replace storepath with the relative path to the store in IIS, for example, /Citrix/Store. To enable explicit authentication, set the -LogonMethod argument to prompt. For domain pass-through, use sson and for pass-through with smart card authentication, set the argument to smartcard_sson.

See the following screen shot for reference :

User-added image

2. Go To C:inetpubwwwrootCitrix<Storename>ViewsPnaConfigconfig.aspx and add <LogonMethod>sson</LogonMethod> to the top from where the <LogonMethod> starts.

<Logon>

<LogonMethod>sson</LogonMethod>

<LogonMethod>prompt</LogonMethod>

<EnableSavePassword>false</EnableSavePassword>

<EnableKerberos>false</EnableKerberos>

<SupportNDS>false</SupportNDS>

<NDS_Settings>

<DefaultTree></DefaultTree>

</NDS_Settings>

</Logon>

3. On the StoreFront Server and select Authentication->Add /Remove Methods. Select Domain pass-through.

User-added image

Web Interface configuration

To configure SSON on Web Interface, select Citrix Web Interface Management-> XenApp Sevices Sites-> Authentication Methods and enable Pass-through.

User-added image

IIS Settings

1. Open IIS Manager and navigate to the level you want to manage (storefront site).

2. In Features View, double-click Authentication.

3. On the Authentication page, select Windows Authentication.

4. In the Actions pane, click Enable to use Windows authentication.

Endpoint settings

1. Install CitrixReceiver.exe /includeSSON Enable_SSON=YES

2. Start regedit HKEY_LOCAL_MACHINESOFTWAREWow6432NodeCitrix

In Dazzle, set AllowAddStore value to A

Set AllowSavePwd value to A

Create the following value :

Name: ConnectionSecurityMode

Value Type: REG_SZ

Value: Any

3. Exit and restart receiver.

4. Add the storefront site to the Trusted Sites list on endpoint.

5. Open IE-> Tools-> Internet Options->Trusted sites-> Security-> Custom level, then choose “Automatic logon with current user name and password” in “User Authentication”.

6. Load group policy files. For installations using Citrix Receiver 4.3 and later, use Receiver.ADMX or Receiver.ADML located in the %SystemDrive%Program Files (x86)CitrixICA ClientConfiguration folder.

7. Open gpedit.msc, right-click Computer Configuration > Administrative Templates – > Citrix Component-> Citrix Receiver->User Authentication.

8. Enable the following local computer GPO settings (on the user’s local machine and/or in the VDA desktop golden image):

a. Choose the local user name and password.

b. Select Enabled.

c. Select Enable pass-through authentication.

Reference :

User-added image

9. Reboot the end point (on which Citrix Receiver is installed) or the VDA desktop golden image.

Endpoint installation of Receiver

If the above installation does not work , try installing receiver as per the following article :

https://support.citrix.com/article/CTX132447

Once installation is done , reboot the machine and check the following in task manager of endpoint :

Go to processes–>select columns–>check command line and see if the command line for ssonsvr.exe shows /HTC:random number. If it shows something like C:Program Files….ssonsvr.exe /HTC:<Number> then passthrough is configured properly on the endpoint , we need to troubleshoot other components.

Also, Right-click the Citrix Receiver icon in the notification area and select Advanced Preferences > Configuration Checker.

The Configuration Checker window appears. Verify if it says everything is configured correctly or not.

Changes on the Delivery Controller

Use the following procedure to configure SSON on StoreFront and Web Interface : (These settings might lead to failures of app launch if the XML port is not trusted by the environment’s firewalls of if there are any issues related to XML ports , kindly enable this if you are certain that there are no port related issues. Disable these settings if the app launch fails)

1. Log onto the Delivery Controller(s) as an administrator.

2. Open Windows PowerShell (with administrative privileges). Using PowerShell, you’ll issue commands to enable the Delivery Controller to trust XML requests sent from StoreFront.

3. If not already loaded, load the Citrix cmdlets by typing Add-PSSapin Citrix*, and press Enter.

4. Press Enter.

5. Type Add-PSSnapin citrix.broker.admin.v2, and press Enter.

6. Tpe Set-BrokerSite -TrustRequestsSentToTheXmlServicePort $True, and press Enter.

7. Close PowerShell.

For server OS VDAs

1. Go to Gpedit.msc on server OS VDA –>Administrative templates –>windows components –>remote desktop services –>remote desktop connection client –>prompt for credentials on the client computer –>disabled.

User-added image


2. Go to Remote desktop services in same tree–>remote desktop session host–>security–>always prompt for password upon connections–>disabled.

User-added image

Related:

  • No Related Posts

Windows 10 1803 Update Symantec must be manually uninstalled.

I do not need a solution (just sharing information)

This is going to be a long post.  it is to fix issues with Windows 10 1803 getting notification that Symantec must be manually uninstalled.

First you have to be at SEP Client 14.0.3 for Windows 10 1803 update of this to work. My version is 14.0.3929.1200.105 on server and most of my clients.

Script is saved as .txt and attached (I think) on this post,

Bottom of post has the text of the powershell script.

Some suggested fixes that did not work:

Cleanwipe will not resolve this issue, I tried that.

Re-installing windows also will not work unless you delete everything on the drive or format the drive during install.

Causes:

Essentially, what happened is that Symantec install is sent by a zipped package that has the executables in it.

Once you unzip the package, the executables that Windows update looks for is found in the install folder.

Windows 1803 update does not look everywhere, but will look anywhere that the system can access.

So if you are deploying with SCCM, there is an install package in ccmcache from the last install.

If you contacted support on a previous version and they sent you a 7zip exe to extract, then the exe’s are somewhere else.

If you deployed using SCCM then the exe’s will be in a subdirectory under the c:windowsccmcache directory.

If you deployed using a single exe, then it extracted somewhere and you may have the exe’s there.

I called support for a script to fix this.  Got nowhere.  That is anothe story, best left out.

My Solution

I made a powershell script to find and rename the 2 executables if they are outside of Program Files or Program Files (x86)

For SCCM to be able to use this, the .ps1 probably needs to be signed.

Attached is a sample of the script.

<#
This Script is to look for any Symantec Endpoint Protection files that prevent Windows 10 Update to 1803
If a computer has any install folder for an older version these files will exist in the install folder.  Windows update checks the version.
ccsvchst.exe Version 13.3.1.14
smc.exe Version 14.0.3929.1200
Windows Update to 1803 gives error that 2 Symantecs must be uninstalled, 1 for each file.
To find the offending file names look in this folder (after the update has failed or they will not be listed.)
C:$WINDOWS.~BTSourcesPanthersetupact.log
Search for ‘Manual uninstall required’ (no tick marks.)
References:
https://www.symantec.com/connect/forums/solved-windows-10-1709-cant-update-and-clean-wipe-cant-full-remove-endpoint-protection

Point of contact, Brian VanTassel
Agency for Persons with Disabilities, Florida.

Notes:  This has to be signed to run through SCCM
Built for deployment through SCCM Task Sequence.

#>

Script renames either ccsvchst.exe Version 13.3.1.14 or smc.exe Version 14.0.3929.1200 if version is less than what is shown

In this script, change ‘SomeServerName’ in the line to your share path.  Create the folders for the path.  The script writes results to the file.  The results are attempted.  Depending on system rights, it may not be the case.  This indicates the steps ran, but you should test it.

$outfile=”\SomeServerNameDeployLogsSymantecWin10-1803RenameFixWin10-FilesRenam_Status-Apps.txt

This is where the accumulated log is written to.  Domain users and Domain Computers will need read and write to this share.

You will also need a share for deploy files.  This will need to be read for domain users and domain computers.

Sign the script using a code signing certificate (another story there.)

Example of results shows Computer name, path to file, version information and what was attempted:

ComputerName-10;;C:Program Files (x86)SymantecSymantec Endpoint Protection14.0.3929.1200.105BinccSvcHst.exe;13.3.1.14;Not Modified
ComputerName-10;;C:Program Files (x86)SymantecSymantec Endpoint Protection14.0.3929.1200.105BinSmc.exe;14.0.3929.1200;Not Modified
ComputerName-10;;C:Program Files (x86)SymantecSymantec Endpoint ProtectionSmc.exe;14.0.3929.1200;Not Modified
ComputerName-10;;C:ProgramDataSymantecSymantec Endpoint Protection14.0.3929.1200.105DataCached InstallsProgram FilesSymantecNameVersionBinccSvcHst.exe;13.3.1.14;Not Modified
ComputerName-10;;C:ProgramDataSymantecSymantec Endpoint Protection14.0.3929.1200.105DataCached InstallsProgram FilesSymantecNameVersionBinSmc.exe;14.0.3929.1200;Not Modified
ComputerName-10;;C:ProgramDataSymantecSymantec Endpoint ProtectionCurrentVersionDataCached InstallsProgram FilesSymantecNameVersionBinccSvcHst.exe;13.3.1.14;Not Modified
ComputerName-10;;C:ProgramDataSymantecSymantec Endpoint ProtectionCurrentVersionDataCached InstallsProgram FilesSymantecNameVersionBinSmc.exe;14.0.3929.1200;Not Modified
ComputerName-10;;C:UsersAll UsersSymantecSymantec Endpoint Protection14.0.3929.1200.105DataCached InstallsProgram FilesSymantecNameVersionBinccSvcHst.exe;13.3.1.14;Not Modified
ComputerName-10;;C:UsersAll UsersSymantecSymantec Endpoint Protection14.0.3929.1200.105DataCached InstallsProgram FilesSymantecNameVersionBinSmc.exe;14.0.3929.1200;Not Modified
ComputerName-10;;C:UsersAll UsersSymantecSymantec Endpoint ProtectionCurrentVersionDataCached InstallsProgram FilesSymantecNameVersionBinccSvcHst.exe;13.3.1.14;Not Modified
ComputerName-10;;C:UsersAll UsersSymantecSymantec Endpoint ProtectionCurrentVersionDataCached InstallsProgram FilesSymantecNameVersionBinSmc.exe;14.0.3929.1200;Not Modified

To deploy the script in SCCM I used a Task Sequence, with 2 run command steps.

it will probably work with one step, but I copy the script to a folder I use on the computers for local install logs.

Most of my Task Sequences create this folder if it does not exist:  “C:ProgramDataCM_Install_logs”

Copy Command line: 

cmd.exe /c copy /y “\ServerNameDeploy File ShareScriptsWin101803SymFileRenamFix.ps1″ “C:ProgramDataCM_Install_logs”

Run powershell cmd:

cmd.exe /c PowerShell.exe -executionpolicy unrestricted -file “C:ProgramDataCM_Install_logsWin101803SymFileRenamFix.ps1”

Powershell Script (was named Win101803SymFileRenamFix.ps1) Start below this line

<#
This Script is to look for any Symantec Endpoint Protection files that prevent Windows 10 Update to 1803
If a computer has any install folder for an older version these files will exist in the install folder.  Windows update checks the version.
ccsvchst.exe Version 13.3.1.14
smc.exe Version 14.0.3929.1200
Windows Update to 1803 gives error that 2 Symantecs must be uninstalled, 1 for each file.
To find the offending file names look in this folder (after the update has failed or they will not be listed.)
C:$WINDOWS.~BTSourcesPanthersetupact.log
Search for ‘Manual uninstall required’ (no tick marks.)
References:
https://www.symantec.com/connect/forums/solved-windows-10-1709-cant-update-and-clean-wipe-cant-full-remove-endpoint-protection

Point of contact, Brian VanTassel
Agency for Persons with Disabilities, Florida.

Notes:  This has to be signed to run through SCCM
Built for deployment through SCCM Task Sequence.

#>
$outfile=”\SomeServerNameDeployLogsSymantecWin10-1803RenameFixWin10-FilesRenam_Status-Apps.txt

#$env:COMPUTERNAME
#Get-Childitem –Path C: -Include ccsvchst.exe,smc.exe -File -Recurse –force -ErrorAction SilentlyContinue | Select *
#$Paths2Files = Get-Childitem –Path “C:” -Include ccsvchst.exe,smc.exe -File -Recurse –force -ErrorAction SilentlyContinue | Select name,Fullname
$Paths2Files = Get-Childitem –Path “C:” -Include ccsvchst.exe,smc.exe -File -Recurse -ErrorAction SilentlyContinue | Select name,Fullname
foreach ($file in $Paths2Files){

$VersionInfo = (Get-Item $file.fullname).VersionInfo
    $FileVersion = (“{0}.{1}.{2}.{3}” -f $VersionInfo.FileMajorPart,
    $VersionInfo.FileMinorPart,
    $VersionInfo.FileBuildPart,
    $VersionInfo.FilePrivatePart)

#Write-Host $file.fullname $fileversion

If ($file.fullname -like “*Program Files*SymantecSymantec Endpoint Protection*”) {$action=”ProgramFiles Not Modified”}
ElseIf ($file.name -eq “ccsvchst.exe”) {
If ($FileVersion -lt “13.3.1.14”) {$action=”renamed”
Rename-Item -Path $file.fullname -NewName “ccsvchst.ex_”}
ElseIf ($FileVersion -eq “13.3.1.14”) {$action=”Not Modified”}
}

ElseIf ($file.name -eq “smc.exe”) {
If ($FileVersion -lt “14.0.3929.1200”) {$action=”renamed”
Rename-Item -Path $file.fullname -NewName “smc.ex_”}
ElseIf ($FileVersion -eq “14.0.3929.1200”) {$action=”Not Modified”}
}

Write-Host $file.fullname $fileversion $action
$out2file=$env:COMPUTERNAME+”;”+$date+”;”+$file.fullname+”;”+$fileversion+”;”+$action
$out2file | out-file -filepath $outfile -append
}

# SIGNATURE BLOCK WAS HERE
# End signature block WAS HERE

End of script above this line

    File Attachments:
    0

    Related:

    • No Related Posts

    A Citrix XenApp/XenDesktop Controller Service failed to connect to the database with current connection settings

    Check database connection settings and user permissions.

    To check the database connection settings:

    1. On the Delivery Controller, open a PowerShell command window.

    2. Type `asnp Citrix*`.

    3. Type `Get-AdminDBConnection` to generate the database server hostname.

    4. Confirm that the server hostname is valid. If mirroring is used, confirm that the failover partner is correct.

    To check database user permissions, refer to the topic [Determining Effective Database Engine Permissions] https://docs.microsoft.com/en-us/sql/relational-databases/security/authentication-access/determining-effective-database-engine-permissions on the Microsoft web site for more information.

    Related:

    • No Related Posts