Security Compliance Manager 4.0 – Download Resources

Back in July 2016 Microsoft released Security Compliance Manager 4.0 with support for Windows 10 and Server 2016. For some reason (at the moment) it seems to be hard to find so here are all the bits one might need to get started.

Solution Accelerator Article about SCM4:
Security Compliance Manager (SCM)

A TechNet blog announcing SCM4 availability:
Security Compliance Manager 4.0 now available for download!

An article about the security baselines available and links to download them:
Windows Security Baselines

Download: Windows 10, version 1607 and Windows Server 2016 security baseline
Download: Microsoft Security Compliance Manager 4.0

SQL is needed to install it (yay) and it comes with SQL Express 2008, but here’s a link to SQL 2016 Developer with SP1, which is free now:
MSDN article: Developer Guides for SQL Server
Download: SQL Server Management Studio 16.5.3
Download: SQL 2016 Developer with SP1 (2,590MB ISO)

 

Get the latest* SCEP 2012 R2 client easily without updating SCCM

[Updated 2015-03-03]

If you need to get hold of the latest System Center Endpoint Protection 2012 R2 client installer, normally you’d have to download the original installer from the Volume Licensing Center and install from that, then update using the latest cumulative update for SCCM – on your SCCM server – which is really annoying. However there’s a cheeky back-door method that I’ve found. It’s publicly available and I’ve read nothing that says you shouldn’t do it this way.

If you have SCEP installed already, then as of 3rd Feb 2015 when you do a Microsoft Update it will be updated to version 4.7.209.0 – and luckily the installer will be left behind in your SoftwareDistribution folder. Just go here on your updated PC as soon as it finishes installing: C:\Windows\SoftwareDistribution\Download\Install and there you should find the scepinstall.exe installer waiting for you.
If for some reason it’s not there all you need to do is look in your C:\Windows\WindowsUpdate.log file for scepinstall and you’ll find a line in the log where the update system downloaded the install from. It should look like this:

http://au.v4.download.windowsupdate.com/c/msdownload/update/software/crup/2015/02/scepinstall_230274d8b20bbe30fb94a287fd82670af0309ea4.exe

Much easier than it used to be, but still not as easy as it should be.


Here’s the old and much harder way if you’re a bit of a masochist and don’t want the newest version(!):

Basically the answer was to get the March 2014 anti-malware platform update from its KB article and keep extracting its nested contents until you get to the scepinstall.exe file.

Here’s a list of the steps we’ll go through:

  1. Download the ConfigMgrV5 component of KB2952678
  2. Extract the hotfix by double-clicking
  3. Extract the hotfix contents using /extract
  4. Extract the msi using msiexec /a cm12-sp1cu4-qfe-kb2952678-x64-enu.msi TARGETDIR=<path>
  5. Copy and use the scepinstall.exe file

And here’s the detail:

First the latest version of the client as of this post is 4.5.216.0 – and Microsoft are providing an updater for that on Microsoft Update. Unfortunately the updater is purely that, an updater, and does not include all the installation bits we need. However if you go to the KB article for this updater (KB2952678) then we can find a “Hotfix Download Available” button.

Click to get the Hotfix and choose only the item named ConfigMgrV5 with a fix name of ConfigMgr_2012_SP1_CU4_KB2952678_ENU. Do the usual and give it your email address and fill in the captcha. You’ll then get a link to get the update from. To save visitors time the url you’ll get follows:

http://hotfixv4.microsoft.com/ConfigMgrV5/sp1/ConfigMgr_2012_SP1_CU4_KB2952678_ENU/05.00.7804.1508/free/474251_ENU_x64_zip.exe

We now need to extract this 3 times to get to what we want!

Run the .exe file to extract its contents somewhere. You’ll end up with a 26MB file called CM12-SP1CU4-QFE-KB2952678-X64-ENU.exe – we now need to extract this too. Run this in an admin command-prompt using the /extract switch, eg.:

CM12-SP1CU4-QFE-KB2952678-X64-ENU.exe /extract

You’ll be prompted for a place to put it, give the extracter an empty folder somewhere. Now you have a folder with the contents of this supposed ‘hotfix’. The magic we are looking for is buried inside the .msi file that’ll be in the root of the folder… cm12-sp1cu4-qfe-kb2952678-x64-enu.msi

Finally, we have to extract this msi. You might be able to use a universal extract to explode it, but it’s easier to just turn it into an administrative installation point, thusly, from an admin command-prompt:

msiexec /a cm12-sp1cu4-qfe-kb2952678-x64-enu.msi TARGETDIR="<full path to an existing empty folder>"

So, now you have an administrative installation point for the hotfix… and if we have a look inside we see the final target, scepinstall.exe

It’ll have the version we want (4.5.216.0) and can be used on 32-bit and 64-bit machine types. Copy that somewhere then tidy up all the bits we had to extract to get to it and you’re done.

Hope that helps.

* Of course this was the latest version available as of the date of this post, so there might be a newer update out there when you read this – it’s up to you to find it and apply this method.

Orca 5 for Windows 8

Now that Windows 8 has hit RTM there is a slightly newer version of Orca the MSI editing tool available. This one is version 5.0.9200.0, but when it’s installed, in the Programs and Features dialog it’ll show up as 8.59.25584.

To grab yourself a copy get the Windows SDK for Windows 8, install using the option to ‘download for installation on a separate computer‘, and make sure only ‘Windows Software Development Kit‘ is selected in the features list. You won’t be able to de-select the .NET 4 download.

After your download is complete you can either install Orca from the download directory, or collect up the files you need to keep a copy for use later on. The files you’ll need are listed here and are linked directly to Microsoft download location for ease of collection:

a35cd6c9233b6ba3da66eecaa9190436.cab
fe38b2fd0d440e3c6740b626f51a22fc.cab
Orca-x86_en-us.msi

To install Orca just double-click on Orca-x86_en-us.msi and allow it to install. Job done!

PowerShell 3 for Windows 7, Server 2008 R2, Server 2008 and Vista

Following up on my post of a few years ago on PowerShell 2 being available, Microsoft have now released the bits needed to give you PowerShell 3 on Windows 7, Server 2008 R2, Vista and Server 2008. Sadly no PowerShell 3 lovelyness for XP, but then who really cares. I can barely remember how to use XP now I’m using Windows 8…

So without further a-do here is the download link for PowerShell 3:
http://www.microsoft.com/en-us/download/details.aspx?id=34595

Long startup and logon delays with a shared Windows 7 desktop

I’m writing with reference to a colleague’s blog post where he has found a very useful fix for a very annoying start up and log-on delay issue in Windows 7 SP1. Here’s his post, worth a read:
http://blog.solarfusion.co.uk/2011/12/windows-7-please-wait-or-welcome-screen.html

We were finding that computers in shared areas which had been logged on by many users (i.e. 50+ user profiles) were experiencing massive delays starting up and logging on. Until he found the fix the only solution was to leave the computers on all the time, or get them to start up really early in the morning.

One fix we tried was removing all the user profiles from the computers, and this only worked some of the time. Then my colleague found the right hot-fix and all of a sudden our startup and logon times dropped back to a few minutes. Big relief!

Here’s the relevant hotfix: http://support.microsoft.com/kb/2617858

See the blog entry (linked above) for a detailed explanation.

Latest Lync Server 2010 Resource Kit Tools

As of 1st December 2011 there is now a new version of the Lync Server 2010 Resource Kit Tools available to download. You should uninstall the old version before you install the new one.

This update brings us to version 4.0.7577.172 (now .197) and it is downloadable from here:
http://www.microsoft.com/download/en/details.aspx?id=21165

It is recommended that you also update any other components of Lync Server 2010 to the latest versions by downloading and running the LyncServerUpdateInstaller from here:
http://www.microsoft.com/download/en/details.aspx?id=11551

Office 2007 SP3 available for download

I read last night that the latest (and last) service pack for Office 2007 was out. After googling this morning I found it way too hard to find the ‘actual’ download for the damned thing, so I’m presenting the results of my efforts here for easy finding…

List of all 2007 Office system SP3, 2007 Office servers SP3, and Windows SharePoint Services 3.0 SP3 packages: http://support.microsoft.com/kb/2591018

And the real download for the Office 2007 SP3 is here (351 MB)

Orca 5 – msi editing tool for Windows 7

I finally realised where to get hold of version 5 of Orca – the one most suitable for Windows 7 able to validate .msi files for Windows Installer 5. It was of course in the Windows SDK for Windows 7 and .NET Framework 4. Unfortunately there’s no mini-download for the msi sdk like with version 4.5, so for simplicity I’ve acquired the .msi for orca and put it online for download…

Orca 5.0.7693.0 (2.1MB)

If you would rather download the official version from Microsoft you need to install the debugging tools from the Windows SDK, then go in to Program Files\Windows SDK\7.1\Bin and orca.msi will be in there.

[Update 2012-09-08: there’s now a slightly newer version available here]