ConfigMgr : Adding KMDF 1.11 (KB2685811) to Build and Capture Taks Sequences

Download the KMDF 1.11 driver for X86 and X64 architectures using this link: https://support.microsoft.com/en-us/kb/2685811

Extract the MSU files using the commands:

mkdir C:\Temp
mkdir C:\Temp\Windows6.1-KB2685811-x86\"
mkdir C:\Temp\Windows6.1-KB2685811-x64\"

expand –f:* kmdf-1.11-Win-6.1-x86.msu "C:\\Temp\Windows6.1-KB2685811-x86\\"
expand –f:* kmdf-1.11-Win-6.1-x64.msu "C:\\Temp\\Windows6.1-KB2685811-x64\\"

Create a ConfigMgr package (not Application) as indictaed below:

Package name: Microsoft KMDF 1.11 Hotfix

Folder structure / contents:
\X86\Windows6.1-KB2685811-x86.cab (extracted from downloaded MSU, as above)
\X64\Windows6.1-KB2685811-x64.cab (extracted from downloaded MSU, as above)

Ensure content for this package is distributed to all of your DPs prior to continuing.

Now we will modify your “Build and Capture” Task Sequence.

Create a new folder/ group just prior to the “Setup Windows and Configuratipn Manager” task:

kmdf

Below, I have detailed actions for x64 architecture, replace X64 with X86 for 32-bit.

This group will contain two actions:

Run Command Line: Create Temp Folder
Command: cmd.exe /c mkdir %OSDSystemDrive%\Temp
Package: No Package

Run Command Line: Inject KMDF 1.11 x64
Command: cmd.exe /c X:\windows\system32\dism.exe /ScratchDir:%OSDSystemDrive%\Temp /Image:%OSDSystemDrive%\ /Add-Package /PackagePath:%_SMSTSMDataPath%\Packages\M010038D\X64\Windows6.1-KB2685811-x64.cab
Package: Microsoft KMDF 1.11 Hotfix

This driver will now be injected automatically everytime you re-create your master image via the Buld and Capture Task Sequence.

Debian 8, Jessie, Configuring a Static IPv4 Address

If you’re enabling RDP support, or other services on a Debian Linux machine that you want to connect to from a remote device, a static IP is an obvious requirement (be-that, ideally, a DHCP reservation or manually configured IP).

Considering I couldn’t opt for a DHCP reservation for my home set-up (long story) I went for a manually configured IP address, using the commands / configuration files below.

Edit /etc/network/interfaces:

sudo vi /etc/network/interfaces

   auto eth0
    iface eth0 inet static
        address 192.168.1.249
        netmask 255.255.255.0
        gateway 192.168.1.1

Edit resolv.conf:

sudo vi /etc/resolv.conf 

   nameserver 192.168.1.1

I found that after this change, in order for Network Manager to “release” control of the interface, I had to restart the device – I’m sure there is a better solution, let me know if you find one…

Debian 8, Jessie, Middle-Button Scrolling in Firefox

One annoyance I’ve had since using Debian 8 / Firefox was that every time I pressed the middle-mouse button and tried to scroll on a web page I’d get a new page load, or nothing would happen.

This was a Firefox-specific issue, that can be resolved by configuring as below in about:config:

Setting: general.autoScroll
Set to: True

Setting: middlemouse.contentLoadURL
Set to: False

Internet Privacy : Is this even possible?!

I’ll be clear from the off-set here, anonymity is not my aim, but my  privacy is. I am happy to be held accountable for my actions, for my bank to know my purchases and to have a presence on LinkedIn and other such sites.

My aim is however simple, I don’t want “various companies” (such as Facebook) mining my data and/or sharing it and in effect using it to target me with products and services or to “profile” me. At the very least, I’d like to make it harder for them to do this.

I’ll state, for the record, I am in no way affiliated with any company listed within this article – there is no sponsorship or similar going on here.

Be aware, much of “the solution” involves you changing how you consume Internet-based services. Start thinking about one thing, when a service or product is free consider how you might actually be paying for it – in some cases the provider is privacy aware and has a robust privacy policy in-place, in other cases this is simply not true, and in-fact flies against the commercial model of the product or service. Continue reading “Internet Privacy : Is this even possible?!”

Debian 8, Jessie, Installing Sudo

I was surprised to find that sudo was not installed by default on Debian 8 as it is with Ubuntu. You can debate whether the root account should, or should not be enabled however, I would recommend the use of sudo for audit logging the use of elevated privileges.

Install sudo itself using the command:

apt-get install sudo

Now add your personal account to the sudo group

adduser <username> sudo

You’ll need to either logoff or reload your groups.

Should you chose to disable the root account itself, use the following commands:

sudo passwd -l root
usermod --expiredate 1

Debian 8, Jessie, Firefox Locked Preferences

Firefox has recently become my go-to browser of choice, not becuase of speed, but because of privacy – more to come on this subject at a later time.

Having established a configuration I am happy with – following guides on sites such as privacytools.io – I like to be sure no add-ons or Firefox updates can reset the configuration, so I opt for locked preferences. More information from Mozilla on this here.

To lock preferences on Debian, you’ll need to create two files as outlined in the Mozilla article – mozilla.cfg and local-settings.js.

mozilla.cfg

//
lockPref("privacy.trackingprotection.enabled", true);
lockPref("geo.enabled", false);
lockPref("browser.safebrowsing.enabled", false);
lockPref("browser.safebrowsing.malware.enabled", false);
lockPref("browser.safebrowsing.downloads.enabled", false);
lockPref("dom.event.clipboardevents.enabled", false);
lockPref("network.cookie.cookieBehavior", 1);
lockPref("network.cookie.lifetimePolicy", 2);
lockPref("browser.cache.offline.enable", false);
lockPref("browser.send_pings", false);
lockPref("webgl.disabled",true);
lockPref("dom.battery.enabled", false);
lockPref("browser.sessionstore.max_tabs_undo", 0);
lockPref("media.peerconnection.enabled", false);
lockPref("media.peerconnection.turn.disable", true);
lockPref("media.peerconnection.use_document_iceservers", false);
lockPref("media.peerconnection.video.enabled", false);
lockPref("media.peerconnection.identity.timeout", 1);
lockPref("browser.search.suggest.enabled", false);
lockPref("datareporting.healthreport.service.enabled", false);
lockPref("datareporting.healthreport.uploadEnabled", false);
lockPref("signon.rememberSignons", false);

local-settings.js

pref("general.config.obscure_value", 0);
pref("general.config.filename", "mozilla.cfg");

Now copy these files to the required directories, close and open Firefox.

cp mozilla.cfg /usr/lib/firefox-esr/
cp local-settings.js /usr/lib/firefox-esr/defaults/pref/

 

Debian 8, Jessie, Enable RDP Server

As an avid, die-hard Windows user I struggle to make the move to VNC considering how fast RDP is in comparison. When I discovered it was possible to enable RDP support on Debian, I quickly set-to.

Install XRDP on Debian

This wil both install and configure XRDP:

sudo apt-get install xrdp

Fix Key-Mapping Issues

There is one “bug” with key-mapping that requires a custom key-map file to be used with XRDP specifically, the below is for en-GB / UK keyboards – save the below as km-0809.ini – see last step after text file contents!

Continue reading “Debian 8, Jessie, Enable RDP Server”

Installing OpenVAS and Greenbone Security Assistant on Debian 8, Jessie

First, some background – in a recent attempt to get a better handle on Internet privacy I began to look at various areas from mobile operating systems, browsers to the network I was connecting to the Internet from, and the various risks all entailed. In terms of my local network I was intrigued to better understand the “health” of devices on that network, and any risks they exposed.

I started to re-visit the use of Linux, and initially rediscovered Kali Linux “2016.2.” This proved to be a nightmare within a Hyper-V machine – a memory leak consumed all available host memory (12GB) in a couple of days, plus an “apt-get dist-upgrade” resulted in a failure of Xfce on boot… all I wanted was a vulnerability scanner, not a headache! Sadly, getting OpenVas running on Kali is very easy – see here.

My next port of call was Ubuntu, however, from a privacy perspective this proved less than ideal, so I opted for a distro I had not used for many years in its original form, Debian – specifically Debian 8, or Jessie.

Continue reading “Installing OpenVAS and Greenbone Security Assistant on Debian 8, Jessie”

Journey to the Surface (Pro) and Back – A Surface Pro 4 Review

My wife would be the first today that I am a “geek.” New hardware, new devices, new technology trends – I’m there, working in IT for many years technology is both my work life and home life and I love it.

So, when Microsoft announced the original Surface series I was thrilled at the idea of a what looked to be a “useful” iPad. I appreciate my definition of useful will be different to your definition, so take that statement with a little salt.

Continue reading “Journey to the Surface (Pro) and Back – A Surface Pro 4 Review”