WSUS to Foreground Mode using PowerShell

Enable Foreground Mode:
(get-wsusserver).GetConfiguration().BitsDownloadPriorityForeground = $true

Disable Foreground Mode:
(get-wsusserver).GetConfiguration().BitsDownloadPriorityForeground = $false

This has been tested on Windows Server 2008 R2 and 2012 R2 using both Internal and SQL databases.

Thanks to John Weeks for this post http://www.robertskinner.com/2013/01/wsus-on-windows-server-2012-setting.html

Adobe Flash 11.2 Background Updates from an Internal Server

One major problem with Adobe Flash Player is that the software often has vulnerability which allow code to take control of a users system. The issue is gets worse by the fact most enterprise environments wont allow their users to have Administrator user rights to reduce the amount of viruses, malware and spyware installed thus not allowing the same users to install the latest version of Adobe Flash Player and leaving them with outdated versions which are vulnerable.

After GOOGLING to try and find a workable restitution I found http://helpx.adobe.com/flash-player/kb/administration-configure-auto-update-notification.html which talked about a new option in Adobe Flash Player called SilentAutoUpdate. This new option allows System administrators to push settings to Adobe Flash Player by creating a text file called mms.cfg in the users C:\Windows\System32\Macromed\Flash for Windows 32bit or C:\Windows\SysWOW64\Macromed\Flash for Windows 64bit. I’m not going to go into to much detail but I at my work I could use Group Policy to copy this file I’ve created to all my users computer to allow SilentAutoUpdate. SilentAutoUpdate works by a task in the systems Task Scheduler being created and running once a day. This task starts a service called  AdobeFlashPlayerUpdateSvc. The service program is located in the same location as the mms.cfg file called FlashPlayerUpdateService.exe. The FlashPlayerUpdateService.exe reads the mms.cfg file. To enable the SilentAutoUpdate option to log add SilentAutoUpdateVerboseLogging=1 into the mms.cfg file.

The only issue I have with the SilentAutoUpdate option is that the software must have direct access to the internet via ports 443 and 80. In some enterprise environments such as mine must access the internet via a proxy which causes the SilentAutoUpdate to fail to update.

1 way around the SilentAutoUpdate not working via a web proxy is to create an internal mirror. This can be done by following the instructions on the http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/devnet/flashplayer/pdfs/flash_player_11_2_admin_guide.pdf pages 17-19. Once creating a local mirror you can add the option SilentAutoUpdateServerDomain=server.domain.com to your mms.cfg file which tells your FlashPlayerUpdateService access the update files via your web server rather than the internet directly.

My MMS.CFG file for testing looks like this but once working I would remove the VerboseLoging option to reduce the log file size. The settings below turn off gui updates and enable silent updates:

AutoUpdateDisable=0
SilentAutoUpdateEnable=1
SilentAutoUpdateServerDomain=firewall.cloudportal.local
SilentAutoUpdateVerboseLogging=1

Then my other issue was how to I keep my mirror synced with Adobes so I created a Shell Script to do it for me in a daily cron job. The script creates the folder structure, uses wget to download the files and logs everything it does. Save the text below as adobe-flash-background-updates.sh and ensure the paths are correct before running. To run the script run the command sudo sh ./adobe-flash-background-updates.sh once you know to the script is working for you add it to cron.

#!/bin/sh

########## INTOMATION ABOUT SCRIPT ##########

# This Script Titled adobe-flash-background-updates and was written by Tyrone Wyatt of www.cloudportal.org.
# This Script is open to use by everyone and is not under any licence.
# See flash_player_11_2_admin_guide.pdf for more infomation on how this script is required to function.

########## SCRIPT CONFIG ##########

# The TITLE option is the scripts name
TITLE=adobe-flash-background-updates

# The LOG option is the log file.
LOG=/var/log/$TITLE.log

# The SOURCE option is the mirror on which you would like to download the flash files from.
SOURCE=http://fpdownload2.macromedia.com

# The DESTINATION option is where you would like your downloaded files to go so they are accessable by your web service.
DESTINATION=/var/www

# The VERSION option is the current major version of Flash Player (for Flash Player 11.2, the major version is 11).
VERSION=11

########## SCRIPT CORE ##########

touch $LOG

echo “Welcome to $TITLE Script!”
echo “=O====== $(date) ========” >> $LOG 2>&1

if [ -d $DESTINATION/pub/flashplayer/update/current/sau/$VERSION/xml ];
then
echo ‘Skipping destination folder structure creation.’
else
echo ‘Creating destination folder structure.’
sudo mkdir -v $DESTINATION/pub/ >> $LOG 2>&1
sudo mkdir -v $DESTINATION/pub/flashplayer/ >> $LOG 2>&1
sudo mkdir -v $DESTINATION/pub/flashplayer/update/ >> $LOG 2>&1
sudo mkdir -v $DESTINATION/pub/flashplayer/update/current/ >> $LOG 2>&1
sudo mkdir -v $DESTINATION/pub/flashplayer/update/current/sau/ >> $LOG 2>&1
sudo mkdir -v $DESTINATION/pub/flashplayer/update/current/sau/$VERSION/ >> $LOG 2>&1
sudo mkdir -v $DESTINATION/pub/flashplayer/update/current/sau/$VERSION/xml/ >> $LOG 2>&1
sudo mkdir -v $DESTINATION/pub/flashplayer/update/current/sau/$VERSION/install/ >> $LOG 2>&1
fi

echo ‘Downloading files…’
wget -nv $SOURCE/pub/flashplayer/update/current/sau/$VERSION/xml/version.xml -O $DESTINATION/pub/flashplayer/update/current/sau/$VERSION/xml/version.xml >> $LOG 2>&1
wget -nv $SOURCE/pub/flashplayer/update/current/sau/$VERSION/install/install_all_win_ax_sgn.z -O $DESTINATION/pub/flashplayer/update/current/sau/$VERSION/install/install_all_win_ax_sgn.z >> $LOG 2>&1
wget -nv $SOURCE/pub/flashplayer/update/current/sau/$VERSION/install/install_all_win_pl_sgn.z -O $DESTINATION/pub/flashplayer/update/current/sau/$VERSION/install/install_all_win_pl_sgn.z >> $LOG 2>&1
wget -nv $SOURCE/pub/flashplayer/update/current/sau/$VERSION/install/install_all_win_64_ax_sgn.z -O $DESTINATION/pub/flashplayer/update/current/sau/$VERSION/install/install_all_win_64_ax_sgn.z >> $LOG 2>&1
wget -nv $SOURCE/pub/flashplayer/update/current/sau/$VERSION/install/install_all_win_64_pl_sgn.z -O $DESTINATION/pub/flashplayer/update/current/sau/$VERSION/install/install_all_win_64_pl_sgn.z >> $LOG 2>&1

echo “Script complete! See log file for more infomation $LOG”
echo “=X====== $(date) ========” >> $LOG 2>&1

echo ‘ ‘ >> $LOG 2>&1

########## END OF SCRIPT ##########

I have been testing the script and am pleased to see it works well. The log file that the script creates looks much like the flashinstall.log for ease of reading.

If you require more infomation as I sometimes cut corners on documenting then you should read these other usful pages

New Server Missing 50% of RAM

So today one of the schools I support received a new server from Dell we ordered. Its fearly well spec’d with 2x quad-core 2.2Ghz Xeons, 2x 300Gb 15,000RPM SAS 4x 600Gb 15,00 RPM SAS Hard Drives and 64Gb of RAM!

I did what I normally do with any new server I receave and wipe what ever manufacture  installed and start again. So I put the Windows Server 2008 R2 DVD in the disk drive and installed as per usual. After installing I loaded into Windows and opened to the resource manager. Then a student tech asks me a question “Why goes it say that only 32Gb of RAM can be used by Windows?” Well I didn’t know what to say. I wasn’t sure why it said this. All our other servers are running no more than 24Gb and it all shows up.

I did some quick GOGGLING to find out that Server 2008 R2 Standard has a MAX memory of only 32GB! Well I was pissed off. I spent all this time installing windows to find out that during the first part of the installation I should have selected Enterprise edition not Standard like I normally would.  Oh well lesion learnt!