A heavily fragmented file in an NTFS file system volume may not grow beyond a certain size

http://support.microsoft.com/kb/967351/en-us

Von interesse fuer SQL und Exchange Betreuer. Doch kein Gerücht! nun offiziell ;-) Defrag Firmen haben Freude.

A heavily fragmented file in an NTFS file system volume may not grow beyond a certain size caused by an implementation limit in structures that are used to describe the allocations.

System Update Readyness Tool

Ist KEIN precheck fuer 2008R2 oder W7 sondern behebt bestehende Fehler in Windows Komponenten, welche Updatess durch WSUS verhindern automatisch. Z.B. bei Framework. Korrigiert falsche MSI Source Pfade!

http://support.microsoft.com/kb/947821/en-us

Cached Logon Credentials

Update vom 12.09.11 fuer die Cached Credentials. Ein Laptop kann sich maximal 50 mal ohne Domain Controller anmelden. Dies kann man steuern und ist vielen nicht bekannt. Bei der Planung vom Hoe Site Offices wird dies oft vergessen.

http://support.microsoft.com/kb/172931/en-us

Blue/Black Screen nach Update von Service Pack 1 fuer Windows 7 oder Server 2008R2

http://support.microsoft.com/kb/975484/

975484 Your computer may freeze or restart to a black screen that has a "0xc0000034" error message after you install Service Pack 1 on Windows 7 or Windows 2008 R2

Windows 7 or Windows Server 2008 R2 stops responding when an application performs many I/O operations to a network share

http://support.microsoft.com/kb/2582112/

This issue occurs because of a new behavior of the Server Message Block (SMB) mini-redirector (mrxsmb.sys) in Windows 7 and in Windows Server 2008 R2.
In Windows 7 and Windows Server 2008 R2, a power request object is created and then destroyed for every SMB network file operation. When an application performs heavy I/O to the network share, many threads that read or write to the network share create many power request objects. Therefore, the Power service cannot process the power request objects as fast as they are generated.

Microsoft Patchday October 2011, 11.10.2011/12.10.2011

Uebersicht aller Patche:

http://technet.microsoft.com/en-us/security/bulletin/ms11-oct

Einstufung der Patche nach Wichtigkeit und wann etwas passieren könnte:

http://blogs.technet.com/b/srd/archive/2011/10/11/assessing-the-risk-of-the-october-2011-security-updates.aspx

Windows XP Sp3, Event 516, mfehdik, SLL-API, memory Leak, crypt32.dll

Memory leak in MFEVTPS.EXE

Recent Microsoft security updates for Windows XP SP3 and Server 2003R2 introduce a memory leak for the VirusScan Enterprise process MFEVTPS.EXE. The leak is actually from a Windows binary, Crypt32.dll, that MFEVTPS.EXE utilizes. A fix for this issue is available from Microsoft. Other security related products may also have such problems.

 http://support.microsoft.com/kb/959658/en-us

https://mysupport.mcafee.com/Eservice/Article.aspx?id=KB71083

Event: 516, Crypt32.dll

Product: Mcafee VSE 8.8 on WIndows XP, Server 2003R2

File: WindowsXP-KB959658-x86-DEU.exe

File: WindowsXP-KB959658-x86-ENU.exe

Install silent with: WindowsXP-KB959658-x86-DEU.exe -q -n -z

The Hotfix needs a Reboot you may surpress with Option -Z

66.218: Destination:C:\WINDOWS\system32\crypt32.dll (5.131.2600.5512)
66.218: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot] section is empty; nothing to do.
66.218: IsRebootRequiredForFileQueue: At least one file operation was delayed; reboot is required.
66.218: IsRebootRequiredForFileQueue: c:\windows\system32\crypt32.dll was delayed; reboot is required.
66.218: DoInstallation: A reboot is required to complete the installation of one or more files.
66.218: In Function SetVolatileFlag, line 11741, RegOpenKeyEx failed with error 0x2
66.218: In Function SetVolatileFlag, line 11758, RegOpenKeyEx failed with error 0x2
66.218: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot.RebootNotRequired] section is empty; nothing to do.
66.312: RebootNecessary = 1,WizardInput = 1 , DontReboot = 1, ForceRestart = 0

You have an application that uses the HttpSendRequest function of the WinHTTP API or of the Windows Internet (WinINet) API to send a Secure Sockets Layer (SSL) request. When you run this application in Windows XP Service Pack 3 (SP3) for some time, you may notice that the system performance decreases. This decrease occurs because of a memory leak in the application.

Prozess **\VSTSKMGR.EXE pid (1580) enthält signierten aber nicht vertrauenswürdigen Inhalt. Das Ausführen einer bevorzugten Operation mit einem McAfee-Treiber wurde jedoch zugelassen.

 Version after installing the Hotfix:

Please also read what Mcafee says to the Event:

https://community.mcafee.com/message/210329#210329

Re: mfehidk Warnings with VSE8.8 installed

Windows XP How to install Powershell 2.0 if Powershell 1.0 was installed

Installing WindowsXP-KB968930-x86-DEU.exe if WindowsXP-KB926141-v2-x86-ENU.exe is already installed.

Never delete any Directory under C:\Windows\$NtUninstallKB***$

Main problem was that people think they can delete all files under C:\Windows\$NtUninstallKB***$ which are the source files for the Windows Updates. You could save a lot of space with doing this. Some people MOVE the files to another partition or cheap NAS space. Which may be a better option?

Some of those files are chained and normally you could delete them after a few months. No problems with new patches so why the heck do we need those?

There are however some patches which you MAY have to remove after 1-2 years. Like Powershell 1.0 if you did not roll out 2.0 via WSUS. The solution was to install the SAME row of patches:

Powershell 1.0
Powershell Language Packs

On another Windows XP and then copy over the files to the machine you have the problems.
Finally use:

C:\Windows\$NtUninstallKB926139$\Spuninst\Spuninst.Exe

You may have to uninstall the language File or ANY Hotfix (You have to request) which
you did install in that direction.

In short terms just leave the Directory in there.

http://ali-portfolio.com/blog/?p=20
http://social.technet.microsoft.com/Forums/en-US/winserverwsus/thread/976c9c74-a840-4c67-b9a0-5f0aaf4600fd/
http://myitforum.com/cs2/blogs/dhite/archive/2007/04/08/uninstalling-windows-powershell-1-0-workaround.aspx

But just think of "The" Administrator finally getting his Exchange SAN-Cert Ready after doing a post doc on Powershell and Certs.

Finally he comes to the website where he should validate the Certificate and what does he see? ;-) I know the technical details and the revocation lists and patches and this even may be an old 2003 but it's just a funny picture....

There are several bugs or limitations with Outlook 2003 and Exchange 2010.

1) If you try to open more than two calendars you receive errors. There is also a hard limit of 16 additional calendars (Reception) which you may have to keep an eye on.

2) If you delete or move a single E-Mail you have a delay. This is due the fact that Outlook 2003 tries to reach the Exchange Server with another protocol. It will work but it tries first with wrong protocoll which has timeout and then gets the correct after that timeout.

Office Outlook 2003 does not connect to two or more additional mailboxes in a mixed Exchange Server 2007 and Exchange Server 2010 environment. http://support.microsoft.com/kb/978777/en-us

1) If you have Exchange 2010 SP1 then try following:

 $a = Get-ThrottlingPolicy | where-object {$_.IsDefault -eq $true}

$a | Set-ThrottlingPolicy -RCAMaxConcurrency 100

Screenshot shows the maximum value. Do not set to maximum to prevtn handys and "Virus" in worst case to open as many connections as the OS is limited to.

Restart the Service itself to make sure the new settings apply:

2) Also on the XP Office 2003 client which DID run before on 2000/2003 and other Exchange run:

 Check for Event 26 on the client:

Die Verbindung mit dem Microsoft Exchange Server wurde getrennt. Outlook wird die Verbindung so bald wie möglich wiederherstellen.

Weitere Informationen über die Hilfe- und Supportdienste erhalten Sie unter http://go.microsoft.com/fwlink/events.asp.

"C:\Program Files (x86)\Microsoft Office\Office14\Outlook.exe" /resetnavpane

 3) Check also for Events 4696 and if so:

If you know a certain user account that you have the problem because he reports it than also check the Exchange Stats:

get-Logonstatistics -Idnetity USERNAME | fl applicationID

Then count the "Client=MSExchangePPC which may not be over 16! If you have a full slot (16 connections) the change the hard coded limit of 16.

Here is an exmaple with 11 connections:

Here is a Outlook 2003 Sp3 running on a Exchange 2010 on a Small Business Server 2011.

This is a secretay/Phone client with a lot of calender or postboxes from other people.

This will not work stable as example. The Limit is 16 Connections she has 17.

"Mapi session "00cc3dde-64d7-4353-8050-00fc2057aae3: /O=xxxx/OU=xxxx/cn=Recipients/cn=customer.ch" exceeded the maximum of 32 objects of type "session"."

 Or you test on the client side:

Press "CTRL" and Right click on the Outlook tray icon (Where the watch is) and select "Verbindungstatus" or "Connection Status".

1) Chec the total amount of entries you see. They can't be near OR over 16 or you run into problems

2) Check the RPC Reaction time/Reaktionszeit

3) Check the Request/Error or in german Anfragen Fehler

http://technet.microsoft.com/en-us/library/ff477612.aspx

You need to use:

• Start Registry Editor (regedit).
• Navigate to the following registry subkey:
  \\HKEY_LOCAL_MACHINE \SYSTEM\CurrentControlSet\Services\MSExchangeIS\ParametersSystem.
• Right-click ParametersSystem, point to New, and then click DWORD (32-bit) Value.
  The new value is created in the result pane.
• Rename the key to one of the following values, and then press Enter:
  • Maximum Allowed Sessions Per User   This limit specifies the maximum allowable sessions per user.
  • Maximum Allowed Service Sessions Per User   This limit specifies the maximum allowed service sessions per user.
  • Maximum Allowed Exchange Sessions Per Service   This limit specifies the maximum allowed Exchange sessions per service. The default value is 10,000, and the Maximum value is 65536.
  • Maximum Allowed Concurrent Exchange Sessions Per Service   This limit specifies the maximum allowed concurrent Exchange sessions per service.
  • Disable Session Limit   This limit disables session limits. Set the value to 0 to turn off session limits. Set the value to 1 to turn on session limits.
• Right-click the newly created key, and then click Modify.
• In the Valuedata box, type the number of objects to which you want to limit this entry, and then click OK. Use the preceding table to view the default settings.

 See also:

http://social.technet.microsoft.com/wiki/contents/articles/1586.concern-is-having-outlook-2003-clients-going-to-prevent-me-from-deploying-exchange-2010.asp

Concern: Is Having Outlook 2003 Clients Going to Prevent Me from Deploying Exchange 2010?

 An these two hotfixes:

http://support.microsoft.com/kb/2212002/
Description of the Outlook 2003 hotfix package (Outlook.msp): July 1, 2010
Meeting Text Wrong

http://support.microsoft.com/kb/2510153/en-us
Description of the Office Outlook 2003 hotfix package (Olkintl.msp, Engmui.msp): March 9, 2011
The connection to the Microsoft Exchange Server is unavailable. Outlook must be online or connected to complete this action.

Issue that this hotfix package fixes

Consider the following scenario:

• You run Microsoft Office Outlook 2003 in an Exchange Server 2010 environment.
• You open another user's calendar folder or delegated mailbox that is located on the Exchange server.
• The connection to the Exchange server is lost and Outlook tries to reconnect automatically.

In this scenario, Office Outlook 2003 cannot reconnect to the Exchange server. Additionally, this may occur when you close and restart Office Outlook 2003. When this occurs, you receive the following error message:

Folders take a long time to update when an Exchange Server 2010 user uses Outlook 2003 in online mode

Problem:

If you delete or move a single E-Mail you have a delay. This is due the fact that Outlook 2003 tries to reach the Exchange Server with another protocol. It will work but it tries first with wrong protocoll which has timeout and then gets the correct after that timeout.

Solution:

1) Enable Outlook Cached Mode

2) Install Exchange 2010 Rollup 7 or later (Or go to SP2)

3) Install this FIXIT which changed a Regsitry Value

http://support.microsoft.com/kb/2009942/en-us

Error 1309, MS project, sku13a.cab

If you installed Software NOT from a SHARE that stays persistent you may run into trouble afterwards with Windows Updates (manual or via WSUS).

You may see errors like "Please insert media sku13a.cab" which you do not find on the Local PC / The setup Source of MS project 2003 or even i a MSP File which you can unpack with 7ZIP or Installshield.

Microsoft has a special tool which deletes the Information from th Registry. I had this case on my personal Admin Machine with the full Office 2003 suite.

For MS Project:

1) Copy the Install Source or CD to a local Drive like c:\edv

2) Run setup.exe oem_noprevious=1 (To automatic REMOVE any existing Project 2003 from your PC)

3) Download and run listool.exe /q remove=all

To resolve this issue, disable the local installation source for Microsoft Office. To do this, follow these steps:

1. Obtain the Local Installation Source Tool. To do this, visit the following Microsoft Web site:
   http://www.microsoft.com/office/orkarchive/2003ddl.htm (http://www.microsoft.com/office/orkarchive/2003ddl.htm)
2. Extract the LisTool.exe file and the LisTool.chm file to a particular location on the computer.
3. Run the LisTool.exe command together with the /q option to remove the local installation source. To do this, follow these steps:
   1. Click Start, click Run, type cmd in the Open box, and then click OK.
   2. At the command prompt, change to the directory to which you extracted the LISTool.exe file. For example, if you extracted the LISTool.exe file to the C:\LisTool folder, type cd\listool, and then press ENTER.
   3. Type the following command, and then press ENTER:
      listool.exe /q remove=all

Here is also a GOOD location to check from where software was installed:

Active Setup is used in Windows Installer technology to setup certain Registry or file changed to all users of a computer. If you have a shared computer with several different local users this method is used to apply a certain setting to all profiles that exist on the machine.

The Internet Explorer 9 setup uses Active Setup to Switch between two different versions of Internet Explorer. In this example from IE8 and IE9. This can only happen after the Reboot of the Internet Explorer Setup.

If a regular (Domain User) without Admin permissions does Logon after the Reboot the Active setup does not get handheld correct. This si not by design and is an error of the IE9 Setup (Also IEAK Version).

To fix this remove Following Registry Setting after the reboot and installion of Internet Explorer 9. We had this problem also under Germans Windows 64BIT with IEAK 9 Setup.

reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f

http://sccm.haas.se/?tag=ieak

http://social.technet.microsoft.com/Forums/en/ieitprocurrentver/thread/37689632-a687-4575-9080-91612d2832ae?prof=required

http://stefanhazenbroek.blogspot.ch/2011/06/configmgr-deploy-internet-explorer-9-as.html

http://blogs.technet.com/b/iede/archive/2011/09/12/installation-von-ie9-ohne-reboot.aspx

 Frontrange/Enteo V7.1 Package (Exported and packed with 7ZIP)

{B090D188-091B-4470-95D4-A422E4991B49}.7z (2.90 kb)

Subject: *URGENT* McAfee SNS ALERT: *UPDATE* Reports of W32/autorun.worm.aaeb-h infections

**Update to original message: Stinger tool now available. See Mitigation section below**

McAfee has received multiple reports of customers who are severely affected by variants of W32/autorun.worm.aaeb-h.

Impact
W32/Autorun.worm.aaeb-h has the ability to infect removable media devices and mounted network shares. It can also copy itself into .zip and .rar archive files.

The infection starts either with manual execution of an infected file or by navigating to a folder that contains infected files. This threat has the ability to download other malware or updates to itself as directed by a Command-and-Control (C&C) server.

Mitigation
McAfee has released an Extra.DAT and Stinger to detect and clean this threat.

To download the Extra.DAT and Stinger, see KB76807:
https://kc.mcafee.com/corporate/index?page=content&id=KB76807

For more information on McAfee product coverage and mitigation for this threat, see PD24169 - Threat Advisory: W32/Autorun.worm.aaeb:
https://kc.mcafee.com/corporate/index?page=content&id=PD24169

http://support.microsoft.com/kb/2775511

WIN7 32 & 64BIT / Server 2008 R2 ML / language Neutral

 Das soll es verbessern:

• Logon Schneller
• Policy Handling mit viel Policies auf clients schneller
• Web-based Distributed Authoring and Versioning (WebDAV)
• DFSN-client
• Ordnerumleitung
• Offline-Dateien und Ordner (CSC)
• SMB-client
• Umgeleiteten Drive Buffering Subsystem (RDB)
• multiple UNC Provider (MUP)

Es gibt neu ein Enterprise Pack Update, welches vorwiegend fuer Firmen Umgebungen gedacht ist. Darin sind rund 90 Patche resp. Hotfixe enthalten.

Gibt einige Blogs die schreiben, dass einzelne enthaltene Hotfixe darin mit Ihrer Drittsoftware Probleme macht. Meist kleinere Datenbank Formate.

Fehler dann auch bei SMB 2.0:

http://blogs.msdn.com/b/winsdk/archive/2013/05/13/roll-up-update-kb-2775511-reports-with-smb-2-0-data-truncation.aspx

http://windowssecrets.com/forums/showthread.php/153760-Beware-KB-2775511-a-special-hotfix-rollup-post-Windows-7-SP1

Eventuell wenn jemand gerade an einigen W7 client ist und überhaupt nicht weiter kommt – Vor dem neu aufsetzen > Als letztes den HOTFIX Patch installieren.

Bei den einzelnen Patchen steht teils nicht installieren oder nur in Test Umgebung resp wenn Problem vorhanden. Daher an sich lieber nicht für alle und jeden...

 Ich vermute, dass dies ein SP2 Pre Check auf Kosten der Kunden ist. Aber immer noch besser als 10 Hotfixe Pro Problem anzufordern wenn es eilt…

Man kann diesen nicht direkt downloaden sondern muss in via Windows Update Catalog im WSUS integrieren lassen (Import). ,am kann das File aber aber ab einem client von

C:\Windows\Downloaded Installations drab kopieren oder mit Glueck (oder wissen ;-) das entsprechen File auf dem WSUSCONTENT finden.

These single Patches are included and people who have an idea of Deployment or Server Managment know what the single terms are.

The page is Language Neutral and has for some patches diffrent languages

language="neutral"

It's for Windows 7 32BIT and 64BIT and i think same patch for 2008R2? At least the package goes for sure in that direction FailoverCluster-Core-WOW64-Package or the FX RDP.

1. Download IE10 for Windows 7, http://windows.microsoft.com/en-us/internet-explorer/downloads/ie-10/worldwide-languages
2. Block IE10 on all system which are NOT connected to Windows Update Server WSUS, http://www.microsoft.com/en-us/download/details.aspx?id=36512

    

Notes in German from the field:

1. Kommt nicht automatisch WENN WSUS Anbindung vorhanden
2. Kommt automatisch bei allen kleinen Kunden die KEIN WSUS haben da gestuft als "important Update"

Toolkit to Disable Automatic Delivery of Internet Explorer 10

http://www.microsoft.com/en-us/download/details.aspx?id=36512

• For computers running Windows 7 or Windows Server 2008 R2, the Blocker Toolkit prevents the machine from receiving Internet Explorer 10 via Automatic Updates on the Windows Update and Microsoft Update sites.
• The Blocker Toolkit will not prevent users from manually installing Internet Explorer 10 from the Microsoft Download Center, or from external media.
• Organizations do not need to deploy the Blocker Toolkit in environments managed with an update management solution such as Windows Server Update Services or SystemsManagement Server 2003. Organizations can use those products to fully manage deployment of updates released through Windows Update and Microsoft Update, including Internet Explorer 10, within their environment.
• Even if you used the Blocker Toolkit to block Internet Explorer 8 or Internet Explorer 9 from being installed as a high-priority or important update, you will still need to use the Internet Explorer 10 version of the Blocker Toolkit to block Internet Explorer 10 from being installed. There are different registry keys used to block or unblock automatic delivery of Internet Explorer 8, Internet Explorer 9 and Internet Explorer 10.

Files within the EXE

HKLM\SOFTWARE\Microsoft\Internet Explorer\Setup\10.0\

DoNotAllowIE10 =1

Toolkit to Disable Automatic Delivery of Internet Explorer 10

Overview

To help our customers become more secure and up-to-date, Microsoft will distribute Internet Explorer 10 as a high-priority update through Automatic Updates for Windows 7 Service Pack 1 (SP1) x86 and x64, and Windows Server 2008 R2 SP1 x64. This Blocker Toolkit is intended for organizations that would like to block automatic delivery of Internet Explorer 10 to machines in environments where Automatic Updates is enabled. The Blocker Toolkit will not expire.

• For computers running Windows 7 or Windows Server 2008 R2, the Blocker Toolkit prevents the machine from receiving Internet Explorer 10 via Automatic Updates on the Windows Update and Microsoft Update sites.
• The Blocker Toolkit will not prevent users from manually installing Internet Explorer 10 from the Microsoft Download Center, or from external media.
• Organizations do not need to deploy the Blocker Toolkit in environments managed with an update management solution such as Windows Server Update Services or Systems Management Server 2003. Organizations can use those products to fully manage deployment of updates released through Windows Update and Microsoft Update, including Internet Explorer 10, within their environment.
• If you used the Blocker Toolkit to block Internet Explorer 9 from being installed as a high-priority update, you need to use the Internet Explorer 10 version of the Blocker Toolkit to block Internet Explorer 10 from being installed. There are different registry keys used to block or unblock automatic delivery of Internet Explorer 9 and Internet Explorer 10.

Toolkit Components

This toolkit contains two components:

• An executable blocker script
• A Group Policy Administrative Template (.ADM file)

Supported Operating Systems

Windows 7 Service Pack 1 (SP1) x86 and x64 and Windows Server 2008 R2 SP1 x64 

Blocker Script

The script creates a registry key and sets the associated value to block or unblock (depending on the command-line option used) automatic delivery of Internet Explorer 10 on either the local machine or a remote target machine.

Registry key:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Setup\10.0

Key value name:DoNotAllowIE10

The script has the following command-line syntax:

IE10_Blocker.cmd [<machine name>] [/B] [/U] [/H]

Machine Name

The <machine name> parameter is optional. If not specified, the action is performed on the local machine. Otherwise, the remote machine is accessed through the remote registry capabilities of the REG command. If the remote registry can't be accessed due to security permissions or the remote machine can't be found, an error message is returned from the REG command.

Switches

Switches used by the script are mutually exclusive and only the first valid switch from a given command is acted on. The script can be run multiple times on the same machine.

Group Policy Administrative Template (.ADM file)

The Group Policy Administrative Template (.ADM file) allows administrators to import the new Group Policy settings to block or unblock automatic delivery of Internet Explorer 10 into their Group Policy environment, and use Group Policy to centrally execute the action across systems in their environment.

Users running Windows 7 (SP1) or Windows Server 2008 R2 (SP1) will see the policy under Computer Configuration / Administrative Templates / Classic Administrative Templates / Windows Components / Windows Update / Automatic Updates Blockers v3. This setting is available only as a Computer setting; there is no Per-User setting.

Note: This registry setting is not stored in a policies key and is thus considered a preference. Therefore if the Group Policy Object that implements the setting is ever removed or the policy is set to Not Configured, the setting will remain. To unblock distribution of Internet Explorer 10 by using Group Policy, set the policy to Disabled.

Office Professional Plus 2013 (x64) 12/12/2012

----------------------------------------------

15.0.4420.1017    Word

15.0.4420.1017    Excel

15.0.4420.1017    Outlook

15.0.4420.1017    Access

15.0.4420.1017    PowerPoint

15.0.4420.1017    Publisher

15.0.4420.1017    Lync

Office Professional Plus 2010 (x64) [SP2, 31/07/2013]

----------------------------------------------------------------

14.0.7015.1000    Word

14.0.7015.1000    Outlook

14.0.7015.1000    Excel

14.0.7015.1000    Access

14.0.7015.1000    PowerPoint

14.0.7015.1000    Publisher

14.0.7015.1000    Visio

14.0.7015.1000    Project

Office Professional Plus 2010 (x64) 28/06/2011 [SP1, 13/07/2012]

----------------------------------------------------------------

14.0.6112.5000    Word

14.0.6112.5000    Outlook

14.0.6112.5000    Excel

14.0.6112.5000    Access

14.0.6112.5000    PowerPoint

14.0.6112.5000    Publisher

14.0.6112.5000    Visio

14.0.6112.5000    Project

Office Professional Plus 2010 (x64) 10/05/2010 [v14]

------------------------------------------

14.0.5128.5000    Word

14.0.5128.5000    Outlook

14.0.5128.5000    Excel

14.0.5128.5000    Access

14.0.5128.5000    PowerPoint

14.0.5128.5000    Publisher

14.0.5128.5000    Visio

14.0.5128.5000    Project

Office 2007 Enterprise 13:00 24/04/2009 (SP2)

---------------------------------------------

12.0.6425.1000    Word

12.0.6423.1000    Outlook

12.0.6423.1000    Access

12.0.6425.1000    Excel

12.0.6425.1000    PowerPoint

12.0.6423.1000    Publisher

Office 2007 Enterprise 11:13 13/12/2007 (SP1)

---------------------------------------------

12.0.6213.1000    Word

12.0.6213.1000    Outlook

12.0.6213.1000    Access

12.0.6213.1000    Excel

12.0.6213.1000    PowerPoint

12.0.6213.1000    Publisher

Office 2007 Enterprise 22:44 15/11/2007

---------------------------------------

12.0.6015.5000    Word

12.0.6023.5000    Outlook

12.0.4518.1014    Access

12.0.6024.5000    Excel

12.0.4518.1014    PowerPoint

12.0.6023.5000    Publisher

Office 2007 Enterprise

---------------------------------------

12.0.4518.1014    Word

12.0.4518.1014    Outlook

12.0.4518.1014    Access

12.0.4518.1014    Excel

12.0.4518.1014    PowerPoint

12.0.4518.1014    Publisher

Office 2003 Professional SP3 18:57 24/09/2007

-------------------------------------------------------

11.8169.8172    Word

11.8169.8172    Outlook

11.8166.8172    Access

11.8169.8172    Excel

11.8169.8172    PowerPoint

11.8164.8172    FrontPage

11.8166.8172    Publisher

Office 2003 Professional SP2 20:17 16/02/2006 (Refresh)

-------------------------------------------------------

11.6566.6568    Access

11.8010.6568    Excel

11.6564.6568    PowerPoint

11.6552.6568    FrontPage

11.6565.6568    Publisher

11.6568.6568    Word

11.8010.8107    Outlook

Office 2003 Professional SP2 20:17 27/09/2005

---------------------------------------------

11.6566.6568    Access

11.6560.6568    Excel

11.6361.6408    PowerPoint

11.6552.6568    FrontPage

11.6565.6568    Publisher

11.6568.6568    Word

11.6568.6568    Outlook

11.2.2005.1801.5    Project

11.5509.6568        Visio

Office 2003 Professional SP1 20:24 14/09/2005

---------------------------------------------

11.6355.6360    Access

11.6355.6408    Excel

11.6361.6408    PowerPoint

11.6361.6408    FrontPage

11.6255.6408    Publisher

11.6502.6408    Word

11.6359.6408    Outlook

11.1.2004.1707.15    Project

11.4301.6408        Visio

Office 2003 Professional SP1

----------------------------

11.6355.6360    Access

11.6355.6360    Excel

11.6361.6360    PowerPoint

11.6255.6360    Publisher

11.6359.6360    Word

11.6359.6360    Outlook

--

11.6356.6360        FrontPage

11.1.2004.1707.15    Project

11.4301.6360        Visio

Office 2003 Professional

------------------------

11.5614.5703    Access

11.5612.5703    Excel

11.5612.5703    PowerPoint

11.5525.5703    Publisher

11.5604.5703    Word

11.5608.5703    Outlook

--

11.5516.5703        FrontPage

11.0.2003.0816.15    Project

11.3216.5703        Visio

Office 2002 SP2

---------------

10.4524.4219    Excel

10.4524.4219    Word

10.4712.4219    Outlook

Office 2000

-----------

9.0.0.2414 Std

9.0.0.4402    SR1A

9.0.0.4527    SP2

9.0.0.6926    SP3

Outlook 2000

------------

9.0.0.5414    SP2

9.0.0.6926    SP3

9.0.0.6927    Oct 2002 Sec Update

SQL Server 2012 SP1

-------------------

11.0.3000.0 SP1 Oct 19 2012 13:38:57

11.0.2100.60 RTM Feb 10 2012 19:39:15

SQL Server 2008R2

-----------------

10.50.4000.0 SP2 Jun 28 12

10.50.1600.1 RTM Apr 02 10

SQL Server 2008

---------------

10.0.4000.00 SP2 Sep 16 10

10.0.2531.00 SP1 Mar 29 09

10.0.1600.22    RTM Aug 06 08

10.0.1049.14 CTP4 Sep 07

SQL Server 2005

---------------

9.00.5057.00 Mar 25 2011 13:33:31

9.00.5000.00 Dec 10 2010 10:38:40 Service Pack 4

9.00.4035.00 Nov 24 2008 13:01:59 Service Pack 3

9.00.3186.00 Cumulative Update 3 (On request only)

9.00.3050.00 Mar 02 2007 20:01:28 Service Pack 2 (Fix for Task Scheduler

9.00.3042.00 Feb 09 2007 22:47:07 Service Pack 2

9.00.2047.00 Apr 14 2006 01:12:25 Service Pack 1

9.00.1399.06 Oct 14 2005 00:33:37

SQL Server 2000 & MSDE Version

------------------------------

8.00.2039    SP4 May 3 2005

8.00.996    Hot-Fixes (not released unless required) [March 2004]

8.00.818    Cumulative Security Fix: 815495 July 2003

        Login fix after above: http://support.microsoft.com/default.aspx?scid=kb;en-us;826161

8.00.760    SP3a May 2003

8.00.760    SP3 January 2003

8.00.686     SP2 Security Rollup Package (Oct 2002) (10/10/2002)

8.00.679     SP2 Security Rollup Package (Oct 2002)

8.00.534     Database Components SP2

8.00.194    Original SQL Server 2000

SQL Server & MSDE Versions

--------------------------

7.00.623 Original SQL Server 7.0 or MSDE 1.0 release

7.00.699 Database Components SP1

7.00.842 Database Components SP2

7.00.961 Database Components SP3

Windows 2008R2 Server

---------------------

Version 6.1 (Build 7601) 15/02/2011 w/Service Pack 1

Windows 2008R2 Server

---------------------

Version 6.1 (Build 7100) 11/08/2009

Windows 2008 Server

-------------------

Version 6.1 (Build 7100) May 2009 R2 (RC)

Version 6.0 (Build 6001) XXX 2007 Service Pack 1

Windows 2003 Server

-------------------

Version 5.2 Build 3790 (Original)

Version 5.2 Build 3790.srv03_sp1_rtm.050324-1447 : Service Pack 1    (March 30 2005)

Version 5.2 Build 3790.srv03_sp1_rtm.050324-1447 : Service Pack 1 R2    (Dec 2005)

Version 5.2 Build 3790.srv03_sp2_rtm.070216-1710 : Service Pack 2 R2    (Mar 2007)

Windows 8

---------

Version 6.2 (Build 9200) Oct-2012 RTM

Windows 7

---------

Version 6.1 (Build 7100) May-2009 RC

Version 6.1 (Build 7600) Aug-2009 Gold

Version 6.1 (Build 7601) Feb-2011 Service Pack 1

Windows Vista

-------------

Version 6.0 (Build 6000) Feb-2007

Version 6.0 (Build 6001) Mar-2008 Service Pack 1

Version 6.0 (Build 6002) May-2009 Service Pack 2

Windows XP

----------

Version 5.1                (SP3, v3311) Mar-2008 (RC2)

Build 2600.xpsp.080212-0005

Version 5.1                (SP2) Mar-2005

Build 2600.xpsp_sp2_gdr.050301-1519

Version 5.1                (SP2) Aug-2004

Build 2600.xpsp_sp2_rtm.040803

Version 5.1                (SP1a)

Build 2600.xpsp2.021108-1929, KB837001, KB828741, KB835732

Version 5.1                (SP1)

Build 2600.xpsp1.020828-1920

Version 5.1                (Original)

Build 2600.xpclient.010827-1803

Windows 2000

------------

Build 2195 SP3

Windows NT 4.0

--------------

SP6a

Internet Explorer 9 Gold Mar 15 2011

---------------------------------------

    9.0.8112.16421 Gold Mar 15 2011

    9.0.8080.16413 RC1 Feb 14 2011

    9.0.7930.16406 Beta Sep 19 2010

Internet Explorer 8 Gold Mar 19 2009

---------------------------------------

    8.0.7600 16386 (Ships with Win7)

    8.0.6001.18762 (Mar'09)

    8.0.6001.18702

Internet Explorer 8 RC1 Jan 26 2009

---------------------------------------

    8.0.6001.18372

Internet Explorer 8 B2 Sep 12 2008

---------------------------------------

    8.0.6001.18241

Internet Explorer 7.0 Preview Feb 2006

---------------------------------------

    7.0.5296.0

Internet Explorer 7.0 Preview2 Mar 2006

---------------------------------------

    7.0.5346.0

Internet Explorer 7.0 Gold Nov 2006

---------------------------------------

    7.0.5730.11

Internet Explorer 6.0 SP2 March 2005

-------------------------------------

6.0.2900.2180.xpsp_sp2_gdr.050301-2158

Internet Explorer 6.0 SP2 August 2004

-------------------------------------

6.0.2900.2180.xpsp_sp2_rtm.040803-2158

Internet Explorer 6.0 SP1a October Cumulative Patch 828750)

---------------------------------------------------

6.0.2800.1106.xpsp2.030422-1633

    SP1;Q328389;Q328970;Q324929;Q810847;Q813951;Q813489;Q330994;Q818529;Q822925;Q828750, KB831167

Internet Explorer 6.0 SP1a Cumulative Patch 822925)

---------------------------------------------------

6.0.2800.1106.xpsp2.030422-1633

    SP1;Q328389;Q328970;Q324929;Q810847;Q813951;Q813489;Q330994;Q818529;Q822925

Internet Explorer 6.0 SP1a

-------------------------

6.0.2800.1106.xpsp2.021108-1929

    SP1;Q328389;Q328970;Q324929;Q810847;Q813951;Q813489;Q330994

Internet Explorer 6.0 SP1

-------------------------

6.0.2800.1106.xpsp1.020828-1920

    SP1;Q328389;Q328970;Q324929;Q810847

Internet Explorer 6.0

---------------------

6.0.2600.0000.xpclnt_qfe.010827-1803

Outlook Express 6.0

-------------------

6.0.2900.2180    XP_SP2 (Aug-2004)

6.0.2800.1123

6.0.2800.???? KB837009

ODBC

----

3.525.1117.0 (XP SP2/MDAC 2.8SP2) (Aug-2004)

3.525.1022.0 (MDAC 2.8)    MS04-003

3.525.1022.0 (MDAC 2.8)

3.520.9030.0 (XPsp1a)

3.70.09.61 (SQL SP3)    

SQL Server Driver

-----------------

2000.85.1117.00 (XP SP2) (Aug-2004)

2000.81.7713.00 (WinXP) (SQL 2000)

2000.81.9031.14 (WinXP) (SQL 2000 SP3)

2000.81.9031.38 (WinXP) (SQL 2000 SP3a)

2000.85.1022.00 (WinXP) (MDAC 2.8)

2000.85.1025.00 (WinXP) (MDAC 2.8 832483)

Crystal Decisions

-----------------

Crpe32.Dll    8.5.3.979

crw32.exe    8.5.3.975

Connect to SQL Internal WSUS Datbase on diffrrent OS:

Auf 2003:    \\.\pipe\MSSQL$MICROSOFT##SSEE\sql\query
Auf 2012R2: \\.\pipe\microsoft##WID\tsql\query

Missing "SelfUpdate" in Default Website when running WSUS under 8530

To make sure that the self-update tree is working correctly, first make sure that there is a Web site set up on port 80 of the WSUS server. You must have a Web site that is running on port 80, even if you put the WSUS Web site on a custom port. The Web site that is running on port 80 does not have to be dedicated to WSUS. WSUS uses the site on port 80 only to host the self-update tree. After verifying the Web site on port 80, you should run the WSUS script to guarantee a correct configuration of self-update on port 80. Open a Command prompt on the WSUS server and type the following:

cscript WSUSInstallDirectory\setup\installselfupdateonport80.vbs (WSUSInstallDirectory is the directory in which WSUS is installed).

For more information about SelfUpdate, see Issues with Client Self-Update on Microsoft TechNet or download the Windows Server Update Services 3.0 SP2 Operations Guide from the Microsoft Download Center.

Sample from WSUS Server running under Server 2008R2 on Port 8530

Wrong WSUS:

Missing Virtual Directories under the "Default Web Site"

Correct:

Fix the self-update virtual directory on port 80:

C:\>cd "Program Files"

C:\Program Files>cd "Update Services"

C:\Program Files\Update Services>cd setup

C:\Program Files\Update Services\setup>cscript installselfupdateonport80.vbs

Missing ASPNET_Client Folder in WSUS

Reset ASP-NET in IIS

Remove: aspnet_regiis –u

Install: aspnet_regiis -u

http://technet.microsoft.com/en-us/library/cc708545(v=ws.10).aspx

Make sure you install this Update for WSUS 3.0 SP2

An update for Windows Server Update Services 3.0 Service Pack 2 is available

• Öffnen Sie cmd.exe im erhöhten Modus auf dem Windows-Client.
• Geben Sie die folgenden Befehle ein.
  
  Net Stop wuauserv
  
  RD/s %windir%\softwaredistribution\
  
  Net start wuauserv

http://support.microsoft.com/kb/2720211

Check the WSUS Server with wsusutil.exe

C:\Program Files\Update Services\Tools>wsusutil.exe

Windows Server Update Services-Verwaltungsdienstprogramm. Versuchen Sie Folgendes:
        wsusutil.exe help checkhealth
        wsusutil.exe help configuressl
        wsusutil.exe help configuresslproxy
        wsusutil.exe help deletefrontendserver
        wsusutil.exe help listinactiveapprovals
        wsusutil.exe help removeinactiveapprovals
        wsusutil.exe help export
        wsusutil.exe help healthmonitoring
        wsusutil.exe help import
        wsusutil.exe help listfrontendservers
        wsusutil.exe help movecontent
        wsusutil.exe help reset
        wsusutil.exe help usecustomwebsite
        wsusutil.exe help listunreferencedpackagefolders

DB slow, unstable console, Check WSUS SQL Database (Internal)

http://blogs.technet.com/b/gborger/archive/2009/02/27/exploring-the-wsus-windows-internal-database.aspx

http://technet.microsoft.com/en-us/library/dd939795(v=ws.10)

http://gallery.technet.microsoft.com/scriptcenter/6f8cde49-5c52-4abd-9820-f1d270ddea61

http://social.msdn.microsoft.com/Forums/sqlserver/en-US/67448f5f-0135-4605-901a-defc76894dbe/sqlcmd-command-not-working

http://blogs.technet.com/b/sus/archive/2008/07/15/wsus-how-to-migrate-your-wsus-windows-internal-database-to-sql-server-2005-express-edition.aspx

WsusDBMaintenance.sql (4.64 kb)

WsusDBMaintenance.sql

http://go.microsoft.com/fwlink/?LinkId=87027

sqlcmd -S np:\\.\pipe\MSSQL$MICROSOFT##SSEE\sql\query -i c:\edv\WsusDBMaintenance.sql

2012 R2 erscheint nicht im WSUS sondern unter 6.1

Installieren 2 Hotfixe auf 2003 R2 WSUS 3.0

1. http://support.microsoft.com/kb/2720211
2. http://support.microsoft.com/kb/2734608
3. Cleanup SQL script laufen lassen (Achtung die Funktion COPY CODE nicht benutzen!)
4. Cleanup Wizard im WSUS selber laufen lassen

    

http://www.vmwareandme.com/2014/03/Solved-Windows-8.1-Shows-as-Windows-6.3-in-WSUS-SP2.html#.UzQlt2pbDAV

Command Line Options fuer WSUS Client

The following are the command line for wuauclt.exe

http://technet.microsoft.com/en-us/library/cc708617(ws.10).aspx

Most used:

wuauclt.exe /reportnow

wuauclt.exe /reportnow /detectnow

wuauclt.exe /UpdateNow

wuauclt.exe /resetauthorization /detectnow

Client Version XP/W7:

/AutomaticUpdates
/DemoUI
/IdleShutdownNow
/ShowOptions
/ShowWUAutoScan
/UpdateNow
/SelfUpdateUnmanaged
/SelfUpdateManaged
/CloseWindowsUpdate
/ShowWindowsUpdate
/ShowWU
/ResetEulas
/ResetAuthorization
/ShowSettingsDialog
/RunHandlerComServer
/ReportNow
/DetectNow

2003R2 Server version:

/DetectNow
/ReportNow
/RunHandlerComServer
/RunStoreAsComServer
/ShowSettingsDialog
/ResetAuthorization
/ResetEulas
/ShowWU
/ShowWindowsUpdate
/SelfUpdateManaged
/SelfUpdateUnmanaged
/UpdateNow
/ShowWUAutoScan
/ShowFeaturedUpdates
/ShowOptions
/ShowFeaturedOptInDialog
/DemoUI

Most of these options don't give any noticable response, but that may be because of the state of the service. The command 'wuauclt /ResetAuthorization /DetectNow' worked for me right away.

Batch to Reset WSUS client

gpupdate

net stop wuauserv
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v LastWaitTimeout /f
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v DetectionStartTime /f
Reg Delete "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v NextDetectionTime /f
net start wuauserv
wuauclt /detectnow

Windows Update Client Stuck on Server

 Windows Update Client Stuck on Server

1) Als erstes wuauclt.exe /resetauthorization /detectnow

Reboot des Server und Kontrolle ob es schon geht.

2) Siehe http://support.microsoft.com/kb/555175/en-us

3) Loeschen der Registry Keys:

• HKEY_LOCAL_MACHINE\COMPONENTS\PendingXmlIdentifier
• HKEY_LOCAL_MACHINE\COMPONENTS\NextQueueEntryIndex
• HKEY_LOCAL_MACHINE\COMPONENTS\AdvancedInstallersNeedResolving

4) Loeschen der Datei pending.xml in Ordner %systemroot%/winsxs

Missing or corrupt WSUS Console.

Check the File "wsus" in Profile:

C:\Dokumente und Einstellungen\admin.butsch\Anwendungsdaten\Microsoft\MMC

-------------------------------------------------------------------------------------------

BATCH to Full reset alls WSUS clients components:

-------------------------------------------------------------------------------------------

@echooff
cls
@echo Please read:
@echo -----------------------------------------
@echo:
@echo This totally resets all of your Windows Update Agent settings.
@echo:
@echo Many times, the computer will do a full resetand will not be able to
@echo install updates for the rest of the day. This is so that the server
@echo does not get overutilized because of the reset.
@echo:
@echoIf you don't receive any updates after this script runs, please
@echo wait until tomorrow.
@echo:
@echo Re-running this script will resetthe PC again and it will have
@echo to wait again.
@echo:
PING 1.1.1.1 -n 1 -w 30000>NUL
cls
net stop bits
cls
net stop wuauserv
cls
regsvr32/u wuaueng.dll /s
cls
@echo Deleting AU cache...
del/f/s/q%windir%\SoftwareDistribution\*.* del/f/s/q%windir%\windowsupdate.log
cls
@echo Registering DLLs...
regsvr32 wuaueng.dll /s
REGSVR32 MSXML.DLL /s
REGSVR32 MSXML2.DLL /s
REGSVR32 MSXML3.DLL /s
regsvr32.exe %windir%\system32\wups2.dll /s
regsvr32.exe %windir%\system32\wuaueng1.dll /s
regsvr32.exe %windir%\system32\wuaueng.dll /s
regsvr32.exe %windir%\system32\wuapi.dll /s
%windir%\system32\regsvr32.exe /s%windir%\system32\atl.dll
%windir%\system32\regsvr32.exe /s%windir%\system32\jscript.dll
%windir%\system32\regsvr32.exe /s%windir%\system32\msxml3.dll
%windir%\system32\regsvr32.exe /s%windir%\system32\softpub.dll
%windir%\system32\regsvr32.exe /s%windir%\system32\wuapi.dll
%windir%\system32\regsvr32.exe /s%windir%\system32\wuaueng.dll
%windir%\system32\regsvr32.exe /s%windir%\system32\wuaueng1.dll
%windir%\system32\regsvr32.exe /s%windir%\system32\wucltui.dll
%windir%\system32\regsvr32.exe /s%windir%\system32\wups.dll
%windir%\system32\regsvr32.exe /s%windir%\system32\wuweb.dll
cls
@Cleaning registry...
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f
cls
net start bits
cls
net start wuauserv
cls
@echo Checking in...
@echo:
@echo It's possible the server will not release the updates in
@echo just one session, so it's ok if this script does not immediately
@echo install updates.
@echo:
@echo This is due to the full reseton this PC. Just let it be for a few
@echo hours and updates should resume as normal.
wuauclt.exe /resetauthorization/detectnow
PING 1.1.1.1 -n 1 -w 30000>NUL
cls
@echo Script has completed. Please restart your PC.
@echo:
PING 1.1.1.1 -n 1 -w 30000>NUL
exit
-------------------------------------------------------------------------------------------

• Event 4002, Exchange 2010 CAS, MSExchange Availability

• Microsoft KB 3011780 (V2) gets re-releases on 19.11.2014
• Microsoft KB 2992611 (V3) gets re-releases on 19.11.2014 (V2) / 09.12.2014 (V3)

https://technet.microsoft.com/en-us/library/security/ms14-066.aspx

V1.0 (November 11, 2014): Bulletin published.

V2.0 (November 18, 2014): Bulletin revised to announce the reoffering of the 2992611 update to systems running Windows Server 2008 R2 and Windows Server 2012. The reoffering addresses known issues that a small number of customers experienced with the new TLS cipher suites that were included in the original release. Customers running Windows Server 2008 R2 or Windows Server 2012 who installed the 2992611 update prior to the November 18 reoffering should reapply the update. See Microsoft Knowledge Base Article 2992611 for more information.

V3.0 (December 9, 2014): Bulletin revised to announce the reoffering of the 2992611 update to systems running Windows Vista and Windows Server 2008. The reoffering addresses an issue in the original release. Customers running Windows Vista or Windows Server 2008 who installed the 2992611 update prior to the December 9 reoffering should reapply the update. See Microsoft Knowledge

2992611-V2 complete revert the things done before and does not fix the high risky security leak. There are too many Tird party components and even MS Products like Exchange WITH Plugins from Third Party which don't work anymore.

I general the first patch could break all authentications against as example IIS, Exchange, Domain Controllers and Proxy Servers as example.

Remark:

The Event 4002, MSExchange Availability on Exchange 2010 has been there before [example May 2014] (Before release of 2992611). But we see it more often and just in the times range the patch was installed. This mainly in environments with Load Balancers and dedicated CAS-Server for as example Activesync and RSA. (Which is unsupported by MS still ;-)

Bulletin Information:
=====================

MS14-068 - Critical

- https://technet.microsoft.com/library/security/ms14-068 (Link ist extern)
- Reason for Revision: V1.0 (November 18, 2014): Bulletin
  published.
- Originally posted: November 18, 2014
- Updated: November 18, 2014
- Bulletin Severity Rating: Critical
- Version: 1.0


MS14-066 - Critical

- https://technet.microsoft.com/library/security/ms14-066 (Link ist extern)
- Reason for Revision: V2.0 (November 18, 2014): Bulletin revised
  to announce the reoffering of the 2992611 update to systems
  running Windows Server 2008 R2 and Windows Server 2012. The
  reoffering addresses known issues that a small number of
  customers experienced with the new TLS cipher suites that were
  included in the original release. Customers running Windows
  Server 2008 R2 or Windows Server 2012 who installed the 2992611
  update prior to the November 18 reoffering should reapply the
  update. See Microsoft Knowledge Base Article 2992611 for more
  information.
- Originally posted: November 11, 2014
- Updated: November 18, 2014
- Bulletin Severity Rating: Critical
- Version: 2.0

After you install security update 3013455 you may notice some text quality degradation in certain scenarios.

This problem occurs on computers that are running the following operating systems:

• Windows Server 2008 Service Pack 2 (SP2)
• Windows Server 2003 SP2
• Windows Vista SP2

Patch defect Fonts:                  KB3013455 (Patchday February 2015 / MS15-010)

Patch corrected Fonts:            KB3037639 (https://support.microsoft.com/kb/3037639/en)

http://answers.microsoft.com/en-us/windows/forum/windows_vista-windows_update/kb3013455-ms15-010-causes-font-corruption/8640d38d-19bd-46b6-9af0-6213c05107d3

You may have to get rid of Patch if you're Windows Update or WSUS-Client already downloaded it to your system.

Path: "C:\Windows\SoftwareDistribution\Download"

Find following file with:

dir *3013455*.* /s

dir windows6.1-kb3013455-x64-express.cab /s

Just delete the Directory in which you find the File under C:\Windows\SoftwareDistribution\Download

To uninstall on 2008 if you did install already and made the Reboot:

wusa /uninstall /kb:3013455 /quiet /norestart

On 2003 and Vista use Software/ADD-Remove

Problem 1, Internet Explorer Maintenance Tab not visible

E: Internet Explorer Maintenance Tab not visible

D: Internet Explorer Wartung nicht sichtbar (Fehlende Einstellungen der Internet Explorer-Wartung für Internet Explorer 11) (IEM-Einstellungen)

During an Internet Explorer 11 Migration you discover that you can see your old IE8/9 settings which you made under Internet Explorer Maintenance Tab but you can't adapt or change them.

PROXY, Favorites, Quicklinks etc.

Solution:

You can only modify the OLD IE7/8/9 setting on a DC or ADMIN PC where IE10/11 is NOT installed and you have the GPO management console. So during migration you need two GPO machines

1. One for the NEW GPO with IE10/11 and RSAT Remote Administration Tools (Or Domain Controller)
2. One for the OLD GPO with IE8/9 and RSAT Remote Administration Tools

TO install the RSAT GPO management console a Windows 7 Admin PC:

1. Search and download: Windows6.1-KB958830-x64-RefreshPkg.msu (http://www.microsoft.com/de-de/download/details.aspx?id=7887) [Remoteserver-Verwaltungstools für Windows 7 mit Service Pack 1 (SP1)]
2. Over Software / Add Windows Features install GPO Console

Now on the GPO machine you can open an edit the old parts from IE7/8/9

Problem 2, WMI Filter because you have two GPO (IE9/11)

Because you PC's with IE9 and IE11 as example you may have to separate the GPO.

This is best done with WMI-Filters or Active Directory user groups:

Here is how to check in WMIExplorer.

Please also see our post from MSDN Social and Blog:

http://www.butsch.ch/post/IE11-IEAK-11-Setup-9-PRE-Deployment-Patches-2b-1-Hotfix.aspx

MSDN:

Fehlende Einstellungen der Internet Explorer-Wartung für Internet Explorer 11

https://msdn.microsoft.com/de-de/library/dn338129.aspx

Microsoft HAS made a list what goes where this FROM IE9 to (IEAK or/AND NEW SETTINGS). Most can be done with a clean and good IEAK setup.

https://technet.microsoft.com/de-de/library/jj890998.aspx (Where goes what)

Below is for people or team WHO don't know how to use IEAK (Please be carefull if you don't NEED to change Favorites or PROXY every month)

there is NO need to do the Regsitry HKCU things metioned. This can setup in IEAK 11 setup and then the regular GPO things.

https://thommck.wordpress.com/2013/11/08/the-new-way-to-configure-internet-explorer-proxy-settings-with-group-policy/

http://www.alexheer.co.uk/it-blog/configuring-ie11-settings-via-group-policy

http://blogs.msdn.com/b/asiatech/archive/2014/05/12/how-to-apply-the-content-of-ie-settings-in-gpo-which-used-iem-ie-maintenance-before-ie10-to-ie10-version-since-iem-has-been-deprecated-begin-from-ie10.aspx

 http://www.windowspro.de/wolfgang-sommergut/zentrale-ie-konfiguration-internet-explorer-wartung-vs-gpo-vs-ieak

http://blogs.msdn.com/b/asiatech/archive/2014/12/16/how-to-apply-favorites-amp-links-to-ie10-ie11-in-gpo-without-iem.aspx

Internet Explorer 10 / 11 IE Warnung, GPO, Gruppenrichtlinien, Group Policy

Error or PUP UP in IE10/IE11

Deutsch:

Sie sind im Begriff, sich Seiten über eine sichere Verbindung anzeigen zu lassen. Keine Information, die Sie mit dieser Seite austauschen, kann von anderen Personen im Web gesehen werden.

English:

You are about to view pages over a secure connection.

https://social.technet.microsoft.com/Forums/en-US/65e8f915-6300-4367-8aa5-626539a62240/disable-ie-10-11-security-alert-popup-w-group-policy?forum=winserverGP

This seems not be possible with GPO or within an ADM/X from MS. You need to deploy a HKCU key.

Change this key from 1 > 0 per USER (HKCU)

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings

WarnOnIntranet

REG_DWORD

0

WarnonZoneCrossing

REG_DWORD

0

0 = ZERO = DO NOT SHOW WARNING

Integrate that into a GPO

Make sure you have a WMI filter so you only catch IE11 on clients:

See our Blog for infos on how to do that

Internet Explorer 11 Setup with IEAK11 for Deployment

We have seen several posting on Social MSDN but also deployment blogs with people struggling with the IEAK Setup of IE11 or better the 9 PRE patches the IE setup 10/11 needs.

Technet http://support.microsoft.com/kb/2847882 describes the Updates that have to be installed before you can Install IE11 silent.

Error Source 1, Setup tries to fetch updates in the back and fails because of Proxy

If these are not on the machine the Setup will try to fetch them from internet. Because the "Computer account" (Not the user) mostly has no PROXY information this will fail. I will not show you how you change that here; Target would be to have all files ready from deployment.

Error Source 2, Reboot OR WMI Update for Patches after installing PRE Patches

If you install the 9 patches with a batch or script you should:

a) Reboot the client which makes it a Reboot and advance package which some deployment can't handle

b) Solution> Rebuild the Patch Inventory by "c:\windows\system32\wbem\wmic.exe qfe" (Does not work on 19.03.2015)

The IEAK 11 Version from March 2015 does actualy check the Version of the files AS they are in place. So no Patches are checked to decide if add. Updates are downloaded. Thus the Reboot may be needed IF in use FIles are present.

> THUS only working solution would be on march 2015 to do a 3 STEP package

1) Install PRE Deployment Patches (Reboot)

2) Install IEAK (Reboot)

3) Install Post Deployment Patches (may need Reboot)

00:01.841: INFO:    Version Check for (KB2834140) of C:\Windows\System32\d3d11.dll: 6.1.7601.17514 >= 6.2.9200.16570 (False)
00:01.841: WARNING: Checking version for C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll.  The file does not exist.
00:01.841: INFO:    Version Check for (KB2639308) of C:\Windows\System32\Ntoskrnl.exe: 6.1.7601.17803 >= 6.1.7601.17727 (True)
00:01.841: INFO:    Version Check for (KB2533623) of C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll: 6.1.7600.16385 >= 6.1.7601.17617 (False)
00:01.841: INFO:    Version Check for (KB2731771) of C:\Windows\System32\conhost.exe: 6.1.7601.17514 >= 6.1.7601.17888 (False)
00:01.841: INFO:    Checking for correct version of C:\Windows\Fonts\segoeui.ttf.
00:01.856: INFO:    Version Check for (KB2786081) of C:\Windows\System32\taskhost.exe: 6.1.7601.17514 >= 6.1.7601.18010 (False)
00:01.856: INFO:    Version Check for (KB2888049) of C:\Windows\System32\drivers\tcpip.sys: 6.1.7601.17514 >= 6.1.7601.18254 (False)
00:01.856: INFO:    Version Check for (KB2882822) of C:\Windows\System32\tdh.dll: 6.1.7600.16385 >= 6.1.7601.18247 (False)
00:02.621: INFO:    Download for KB2834140 initiated. Downloading http://go.microsoft.com/fwlink/?LinkID=303935 -> KB2834140_amd64.MSU.
00:02.636: INFO:    Download for KB2533623 initiated. Downloading http://go.microsoft.com/fwlink/?LinkID=254722 -> KB2533623_amd64.MSU.
00:02.636: INFO:    Download for KB2731771 initiated. Downloading http://go.microsoft.com/fwlink/?LinkID=258387 -> KB2731771_amd64.CAB.
00:02.636: INFO:    Download for KB2786081 initiated. Downloading http://go.microsoft.com/fwlink/?LinkID=273751 -> KB2786081_amd64.CAB.
00:02.652: INFO:    Download for KB2888049 initiated. Downloading http://go.microsoft.com/fwlink/?LinkID=324542 -> KB2888049_amd64.MSU.
00:02.668: INFO:    Download for KB2882822 initiated. Downloading http://go.microsoft.com/fwlink/?LinkID=324541 -> KB2882822_amd64.MSU.

Error Source 3

KB2670838, Blurry Fonts Patch

KB2898202, Hotfix for Blurry Fonts Patch

If you take a closer look at the patches in KB2847882 you will see that thy want to install the "blurry Fonts patch / KB2670838" which caused a lot of trouble a few months ago. On most WSUS this is denied. However the IE11 needs that Patch. Even worse if you UNINSTALL the Blurry Fonts patch IE will get uninstalled fully.

Solution is to install KB2670838 and then KB2898202 the HOTFIX.

• FIX: Font smoothing and antialiasing for some fonts do not occur after hotfix 2670838 is installed in Windows 7 Service Pack 1 or Windows Server 2008 R2

  http://support.microsoft.com/kb/2898202

Thanks to Karen HU from Pactera/china for pointing us in that direction.

https://social.technet.microsoft.com/Forums/de-DE/0bb37a16-f8a3-4648-897e-6a1a5986a437/not-wanted-fonts-patch-kb2670838-and-ieak11-silent-last-status?forum=ieitprocurrentver

Here is how a Failed Logfile will look for the IE11 Setup c:\windows\IE11_main.log

01:52.679: ERROR:   WMI query for Hotfixes timed out. Query string: 'Select HotFixID from Win32_QuickFixEngineering WHERE HotFixID="KB2729094"'  Error: 0x00040004 (262148).
01:52.711: INFO:    Download for KB2729094 initiated. Downloading http://go.microsoft.com/fwlink/?LinkID=258385 -> KB2729094_amd64.MSU.
01:52.726: INFO:    Waiting for 1 prerequisite downloads.
02:23.880: INFO:    Prerequisite download processes have completed. Starting Installation of 1 prerequisites.
02:23.880: ERROR:   Error downloading prerequisite file (KB2729094): 0x800b0109 (2148204809)
02:24.098: INFO:    PauseOrResumeAUThread: Successfully resumed Automatic Updates.
02:24.114: INFO:    Setup exit code: 0x00009C47 (40007) - Required updates failed to download.

Here is a list of Binaries:

Uninstall described with IE10 but also valid for IE11

----------

WMI Hotfixes to date 29.07.2015

During IE11 projects we have seen problems with some WMI and WUSA.EXE KB installations. It sometimes seems that the WMI provider

who offers that info hangs or is out of date. Even with some command to refresh it0s stuck. This is a list of Hotfixes we found in that direction

For Existing Windows 7 64BIT Deployments with SP1.

YES = Installs on W7 SP1 64BIT with all Updates from WSUS do date 29.07.2015

NO  = Does not install on same system

001 (YES)

https://support.microsoft.com/en-us/kb/2705357

2705357

Windows6.1-KB2705357-v2-x64.msu

002 (YES)

http://support.microsoft.com/kb/2692929

2692929

Windows6.1-KB2692929-x64.msu

003 (YES but choose 2617858)

Unexpectedly slow startup or logon process in Windows Server 2008 R2 or in Windows 7

http://support.microsoft.com/kb/2465990

2465990 > SUPERSEEDED > Replaced by > 2617858 (https://support.microsoft.com/en-us/kb/2617858)

2465990 > Windows6.1-KB2465990-v3-x64.msu (Older)

2617858 > Windows6.1-KB2617858-x64.msu (Newer, Superseeds the old one)

004 (YES)

https://support.microsoft.com/en-us/kb/2492536

2492536

Windows6.1-KB2492536-x64.msu

005 (NO)

https://support.microsoft.com/en-us/kb/982293

982293

Windows6.1-KB982293-x64.msu

Check this LINK:

http://www.butsch.ch/post/IE11-IEAK-11-Setup-9-PRE-Deployment-Patches-2b-1-Hotfix.aspx

WMI Hotfixes to date 29.07.2015

During IE11 projects we have seen problems with some WMI and WUSA.EXE KB installations. It sometimes seems that the WMI provider

who offers that info hangs or is out of date. Even with some command to refresh it0s stuck. This is a list of Hotfixes we found in that direction

For Existing Windows 7 64BIT Deployments with SP1.

IE11patch Infos:

http://www.butsch.ch/post/IE11-IEAK-11-Setup-9-PRE-Deployment-Patches-2b-1-Hotfix.aspx

YES = Installs on W7 SP1 64BIT with all Updates from WSUS do date 29.07.2015

NO = Does not install on same system

001 (YES)

https://support.microsoft.com/en-us/kb/2705357

2705357

Windows6.1-KB2705357-v2-x64.msu

002 (YES)

http://support.microsoft.com/kb/2692929

2692929

Windows6.1-KB2692929-x64.msu

003 (YES but choose 2617858)

Unexpectedly slow startup or logon process in Windows Server 2008 R2 or in Windows 7

http://support.microsoft.com/kb/2465990

2465990 > SUPERSEEDED > Replaced by > 2617858 (https://support.microsoft.com/en-us/kb/2617858)

2465990 > Windows6.1-KB2465990-v3-x64.msu (Older)

2617858 > Windows6.1-KB2617858-x64.msu (Newer, Superseeds the old one)

004 (YES)

https://support.microsoft.com/en-us/kb/2492536

2492536

Windows6.1-KB2492536-x64.msu

005 (NO)

https://support.microsoft.com/en-us/kb/982293

982293

Windows6.1-KB982293-x64.msu