In the good old days you could install SUS on your “home” server and have your own Windows update repository, however after WSUS version “whatnot” the requirements for WSUS has by far outgrown what I wish to allocate on my home/test rig..  Hell I only have 3 machines and a few servers anyhow….

Never the less, when installing new test VM’s etc it would be nice to avoid all the patching since SP1 :-/ well, now you can 🙂


Martin over at has reviewed an excellent utility that will do JUST that 🙂


Further uses is as he describe that you can download all patches for an OS (pt. Win 7 = 1.8GB since SP1) and put it on a stick so you can patch your friends and family’s machines with minimal Internet impact.

For now I have installed the thing and tried downloading patches for Windows 7, it seemed to work flawlessly – but I will try to do some install testing and see how this works out.  Looks solid enough though.

Project web site;

An odd SCCM bug, some of our DP (Distribution Points) recently stopped working, the Task Sequence would hang during the “Installing Updates” step and would never finish..  Now the updates (files/packages) were all there and refreshing them did nothing to resolve the issue – at the end one of our external consultants pointed me to a hotfix kb2509007 which quickly resolved the issue (thanks to Thomas Marchussen, Edgmo).

Deployment would just get stuck here and never finish.

Odd and annoying problem which caused a lot of wasted time 🙁 – however the patch once applied and replicated worked like a charm.

Keywords; Sccm 2007, Updates, Stuck, Hung, Installing, Windows, Microsoft

I have just installed Windows 2008R2 on a HP DC7900 machine and had a lot of problems finding all the device drivers, even after installing EVERY fu….. driver from the HP download site it still would not find the last 2-3 devices (PCI something something)..

Well I found this on a HP forum and it helped me, download and install these two packages and rescan for new hardware (you may have to reboot also) and viola problem gone…;

Re: dc7900 pci simple controller and pci port problem

01-12-2009 07:07 AM

Hi Scott,

These are most likely the Intel Active Client Manager HECI Device:​oftwareDescription.jsp?lang=en&cc=us&prodTypeId=1…

And the Intel AMT LMS/SOL device:​oftwareDescription.jsp?lang=en&cc=us&prodTypeId=1…

Hope this helps,
Another Scott

If you need to get the serial number of a workstation or a server, then this command may be of use to you (not this will likely not work on homebuild systems, but systems like Dell, HP, Lenovo, Acer etc. should work fine) ;

wmic bios get serialnumber
Type it in a command window like this;

WMIC csproduct get name

will get you the product name/model number of the pc (very useful when applying Driver Packs via SCCM with a WMI scope on it, this is the exact model number SCCM-WMI will also get).

A very strange problem with a very strange resolve.

So we are deploying a bunch of virtual servers and yesterday I found myself in a heap of trouble, I had a server that I needed to be ready but it kept failing the PXE boot.  Normally you would just delete the virtual server and create a new and the problem would likely be solved, however these servers are created by a script which creates a bunch of servers and a bunch of MDT settings and thus re-starting the process would require re-creating a bunch of servers.

The error I got was; PXE-E55: ProxyDHCP service did not reply to request on port 4011.

When I looked in the PXE log on the PXE server however I found;

MAC=02:00:AA:55:1E:02 SMBIOS GUID=4BDBDC9E-FD92-4BBB-BCA3-2D3A0752C049 > Device found in the database. MacCount=1 GuidCount=0 smspxe 01-06-2011 10:21:21 2364 (0x093C)

This appeared like everything was ok, so I tried logging on to the SCCM server and “Cleared last PXE advertisement” but still no luck, and following this I was unable to do so again as from now on SCCM stated that there was no PXE advertisement to clear (even though I tried PXE booting and got the “Device found in the database” in the pxe log).

Anyhow, I moved on to deleting the computer object on the SCCM server and then re-importing it manually (note; we use static ip on our virtual servers, these are created via the create script to avoid MAC conflicts) with the same MAC.  This did no difference, still the PXE log stated the same, Device found in database, but DHCP kept hanging.  I restarted both the SCCM, DHCP and PXE servers but no luck.

So after a bit of googeling which did not really turn up anything I out of fustration tried to set the MAC address to dynamic and booted the server again, this time everything worked fine as an unknown system – thus the connectivity was obviously fine – I even noticed that the GUID stayed the same.  Anyhow more puzzled I set the MAC address back to the static address from before and viola the PXE boot started and worked like a charm..

I have no idea why, my guess would be that the GUID somehow was cached in some stalled state and the the change of MAC somehow jolted that state.

Anyway, changing the MAC address may be worth a try if you find yourself in a similar situation.

In a recent post ( I mentioned Driver Magician Light the free version of Driver Magician, now it would seem I managed to find yet another product that does the same completely for free (and this not as a limited light version)..

Double Driver (odd name, but hey..)

Get it here;

An older review here (older version);

Also there is still DriverMax;
However I never really liked this product, it’s complicated navigating and as I recall it requires some kind of registration (free as I reacll, but I don’t like having to register anyhow).

If you have ever worked with MS-SCCM then you may have faced the problem of creating a new distribution point!?  You will need to copy a lot of packages to the new distribution point, but just which packages will you need and how to copy them in an easy way?

Well some clever guy (Cory Becht) actually wrote an excellent app for this;

Are you as annoyed as me in regard to the “first run wizard” thingy that IE8 is displaying the first time it runs?? It’s as annoying as the older IE’s that also launched the Email creation wizard… as if it was not enough that they always start off by launching some stupid intro site..

Anyhow, no reason to get TOO upset, as with most things there are ways around this, so take a look here;
many lovely ways to get rid of this stupidity.

One of the simplest is this;

DWORD : “DisableFirstRunCustomize” set to 1 under HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

Getting started with Microsoft Windows KMS server..

Updated to include info on Windows 8 + 2012.

Update 2013-06
I just found a cool video by Microsoft that explain how to install on Windows 2008 R2, and it’s very clear if you just need a basic install;

Original Post begin here;
So I had to install a KMS server today, up till now we had not needed one so I was a total NOOB on how to do so..

One would expect that this would be a walk in the park, however I tend to think that it has been made overly complicated and inaccessible.

First things first;
This is a great intro video to KMS’ing on a Win 2008 box, it will cover all the basics and give you a good idea on how this works.

You likely need this patch to upgrade the KMS service on the Win 2008/2003 box to allow Win7 etc. to register; – for Win 2008 kms– for Win 2003 kms

Now you will need to add a KMS key to the server you got this key from Microsoft as part of your license (NOT a MAK key, a KMS key).. This might confuse you as it did me, I was thinking, oh I will need to add KMS keys for all the versions of windows I need the KMS to work for, but this is not so..

On this page;
you will find a document “Volume Activation 2 0 Changes for Windows Server 2008 and Windows Vista SP1.doc” explaining this in more detail, but basically if you install a server 2008 R2 KMS key then this will also work for Win7, Vista etc.

How do i register a key on the KMS server;
Start an elevated CMD.exe and
change dir to c:\windows\system32

write: slmgr -IPK <YOUR KMS KEY HERE>
wait for a confirmation dialogbox, this can take a long time up to 1 min or more..
then activate the KMS key: slmgr -ATO
wait for a confirmation dialogbox, this can take a long time up to 1 min or more..
Now check the status of the KMS server: cscript slmgr.vbs -dlv
It will take a while before it is displayed.

Damn if I understand why there is no GUI for this!?

Help, I have machines registered with a MAK key, and now want to change this to my new KMS server – how do I do this? It is not that complicated, all you need to do is to change the license key of the workstation/officepack to a KMS key, IMPORTANT!! we are NOT talking YOUR KMS KEY, but the default KMS key from MS – confused!!? I was too, well it is not that complicated when it comes to it, when you install a MVLS product like eg. Office 2010 then it carries a default key this is the default KMS key with a limited lifespan, once you click activate this key tells the product to seek out a KMS server and try to register – if no KMS server is found the activation fails.  If you entered a MAK key at the time of installation then the product is activated and you need to unactivate it with the KMS key for that product, a list of default KMS keys can be found here;

Operating System Edition  Product Key

Windows 7 Professional -  FJ82H-XT6CR-J8D7P-XQJJ2-GPDD4
Windows 7 Professional N -  MRPKT-YTG23-K7D7T-X2JMM-QY7MG
Windows 7 Enterprise -  33PXH-7Y6KF-2VJC9-XBBR8-HVTHH
Windows 7 Enterprise N - YDRBP-3D83W-TY26F-D46B2-XCKRJ
Windows 7 Enterprise E - C29WB-22CC8-VJ326-GHFJW-H9DH4
Windows Server 2008 R2 HPC Edition -  FKJQ8-TMCVP-FRMR7-4WR42-3JCD7
Windows Server 2008 R2 Datacenter -  74YFP-3QFB3-KQT8W-PMXWJ-7M648
Windows Server 2008 R2 Enterprise - 489J6-VHDMP-X63PK-3K798-CPX3Y
Windows Server 2008 R2 for Itanium-Based Systems -  GT63C-RJFQ3-4GMB6-BRFB9-CB83V
Windows Server 2008 R2 Standard - YC6KT-GKW9T-YTKYR-T4X34-R7VHC
Windows Web Server 2008 R2 - 6TPJF-RBVHG-WBW2R-86QPH-6RTM4
Windows Vista Business   YFKBB-PQJJV-G996G-VWGXY-2V3X8
Windows Vista Business N    HMBQG-8H2RH-C77VX-27R82-VMQBT 
Windows Vista Enterprise    VKK3X-68KWM-X2YGT-QR4M6-4BWMV 
Windows Vista Enterprise N    VTC42-BM838-43QHV-84HX6-XJXKV
Windows Server 2008  Datacenter    7M67G-PC374-GR742-YH8V4-TCBY3 
Windows Server 2008 Datacenter without Hyper-V     22XQ2-VRXRG-P8D42-K34TD-G3QQC 
Windows Server 2008 for Itanium-Based Systems      4DWFP-JF3DJ-B7DTH-78FJB-PDRHK 
Windows Server 2008 Enterprise    YQGMW-MPWTJ-34KDK-48M3W-X4Q6V 
Windows Server 2008 Enterprise without Hyper-V     39BXF-X8Q23-P2WWT-38T2F-G3FPG 
Windows Server 2008 Standard  TM24T-X9RMF-VWXK6-X8JC9-BFGM2 
Windows Server 2008 Standard without Hyper-V     W7VD6-7JFBR-RX26B-YKQ3Y-6FFFJ 
Windows Web Server 2008    WYR28-R7TFJ-3X2YQ-YCY4H-M249D
Microsoft Office 2010 - VYBBJ-TRJPB-QFQRF-QFT4D-H3GVB

You can change the license key via this command (remember it has to be launched from an Elevated CMD.exe);
cscript Slmgr.vbs /ipk <SetupKey, the key from above>

Advanced tips and tricks;
Use other than the default KMS server (force a specific KMS server)
If for some reason you need to specify WHICH KMS server you wish to use (or if you need to use a remote KMS) then you do like this;
1. open an elevated cmd.exe
2  type; cscript slmgr.vbs -ipk <KMS KEY (not your own, one of the default microsoft once>
3  type; cscript slmgr.vbs -skms <IP OF KMS SERVER>:<PORT NO On KMS SERVER>  (default port is 1688)
4  type; cscript slmgr.vbs -ato

Command lines;
cscript slmgr.vbs -dlv (show status of KMS)
cscript slmgr.vbs -dli (show quick status of KMS)
cscript slmgr.vbs -dlv all (show advanced status of KMS)
cscript slmgr.vbs -upk (Remove key – unactivate Windows CAUTION!! – this may however be needed if you wish to remove the KMS role from a server)

Upgrade your KMS to accept Office 2010 clients;
Microsoft Office 2010 KMS Host License Pack
IMPORTANT! Strangely enough this is NOT supported for Windows 2008 KMS servers, it works for 2003, 2008 R2 but NOT 2008. (more here;

There is also some additional info here;

Debugging Office 2010 KMS;
Our KMS server somehow “lost” it’s office key, and no matter how many times I added it it kept a state of “unlicensed”, I eventually found out that entering the right key using the “slmgr -ipk <kms key>” and then issuing this command “cscript slmgr.vbs /ato bfe7a195-4f8f-4f0b-a622-cf13c7d16864” triggered the activation of the Office 2010 key.  There is more debugging tricks here;

Error codes;
If you get an errorcode; Error: 0xC004F015
This may indicate that you are trying to import a KMS key that is already covered, eg. you installed a KMS key for servers KMS_B key and are trying to install a KMS for Windows7 then this Errorcode will be shown – Windows 7 is already covered by your KMS_B server key (yeah strange I agree, but that is how it works)..
(more here;

Stop the KMS server (stop the KMS service on a machine) – I had problems finding the service under 2003 though;
open a commandprompt (elevated);
type; net stop slsvc – to stop the service
type; net start slsvc – to run it again

Check that the DNS records are created properly;
open a commandprompt (elevated);
type; nslookup -type=srv _vlmcs._tcp

you should see something similar to this: SRV service location:
priority = 0
weight = 0
port = 1688
svr hostname = internet address = x.x.x.x

You need to check that the firewall is set to allow KMS traffic on the KMS host server (there is a standard service for that).


General tips and tricks;

Volume Activation Technical Reference Guide (very useful)

in the technical reference guide you can among other thing find this;

Customizable Activation Help

For product activation in managed environments, the Activate Windows now dialog box can be configured to display an optional Learn About Activation Online link, as shown in Figure 4.


Figure 4 Learn about activation online

Clicking this custom link loads an administrator-defined URL in the user’s default browser. This URL can point to a custom Web page or other file stored on the local computer or on a network share. A Volume Licensing customer can use this link to direct their users to the customer’s Helpdesk or other activation-related resources. Displaying the link requires setting the REG_SZ value AlternateURL to the URL of the Web page to display when the user clicks it. The value AlternateURL is in the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\SoftwareProtectionPlatform\ACTIVATION registry subkey.

A bit more info from MS in both webcast and written form;
KMS setup Windows 7 – webcast
Activating with KMS in Windows 7

Windows 8 KMS (and Server 2012) (Running on Windows 2008 R2)

The default KMS service on Windows 2008R2 does likely not support a Windows 8/2012 KMS key (you try to add it via slmgr -IPK xxxxx…..), well there is a HotFix for this;  –  it’s free but you need to request it, link is shipped via email within seconds.  I was unable to add a Windows 8 KMS key, but the 2012 server key was accepted and as far as I can tell this will both work for Windows 8 and server 2012.

Error code; 0xC004F015 (got this for Windows 8/2012 keys before the hotfix above).

Office 2013;

OMG the “fun” never ends when it come to KMS, so when you try to activate your KMS for Office 2013 you may get;
Office KMS host setup error “0xC004F050 The software licensing service reported that the product key is invalid”
Well, that is just because you need some extra stuff on your KMS server before you can “install” the Office 2013 keys *sigh*, you need to download;

read even more here;

As I work for a large company with 700+ workstations we strive to minimize the need for PC support whenever we can, one of the problems is when users use different browsers or install strange add-ins, one of the more annoying IE additions is the Google Toolbar.  Now I am sure the toolbar offers some great options to some users, however in our corporate structure we like that all browsers function the same as this minimize the development time for our intranet and other internal solutions.

Informing the users that corporate policy does not allow for installation of Google toolbar (and others) does not help that much, it is almost impossible to avoid installing Google Toolbar today, it comes with numerous applications (even with Java as I recall) and if you just miss one checkbox then it is installed (reminds me about the terrible Real player from years back).  One good thing about the Toolbar is however that it is easy to get rid of, it uninstalls without too much hassle.

Anyway I got my heart set on disabeling the Google Toolbar from installing, but how?

Well I found this interesting article on Google Groups;

---[FROM GOOGLE GROUPS]---------------------------------------
Hi Alan,
You actually have a couple options to prevent the Toolbar from being
installed on your school's network:
1. You can block the Toolbar through the IE policy, or blacklist
everything and selectively whitelist specific add-ons. The relevant
path to the add-on management policy is:
Console Root/(Local or Global) Policy/(Computer or User Configuration)/
Administrative Templates/Windows Components/Internet Explorer/Security
Features/Add-on Management
>From there, you should be able to block each add-on through its GUID.
The Toolbar's GUID is {2318C2B1-4965-11d4-9B18-009027A5CD4F}.
2. You mentioned not wanting students to install the Toobar because it
shrinks the usable area of the screen. More than preventing the
installation of just the Toolbar, you may want to prevent the
installation of all IE BHO's in general. These can be disabled through
group policy in the admin console. There's an IE key that disables
BHO's at:
Console Root/(Local or Global) Policy/(Computer or User Configuration)/
Administrative Templates/Windows Components/Internet Explorer/Internet
Control Panel/Advanced Page/Allow third-party browser extensions
Setting that to "Disabled" will prevent all BHO's from launching.
And for any network admins out there concerned with privacy but who
still want to enable the Toolbar, you should be able to disable
features like PageRank or AutoLink through the group policy file
(that's the .ADM file that's included with the Toolbar for
---[FROM GOOGLE GROUPS]---------------------------------------

Option 1 actually sound quite good, Option 2 will likely disable way too much – some things actually need to install browser additions (certificates for public signature, banking add-ins, PDF readers/printers and many other)..

When I have the time I will take a further look at it.