November, 2013

  • Windows 8 and Windows 8.1 New Group Policy Settings

    Windows 8 RTM

    For full details, download the following file

    image

     Policy Setting Name 
     
     Allow all trusted apps to install 
     Allow deployment operations in special profiles 
     Block launching desktop apps associated with a file. 
     Block launching desktop apps associated with a protocol 
     Block launching desktop apps associated with a file. 
     Block launching desktop apps associated with a protocol 
     Do not display the lock screen 
     Prevent changing lock screen image 
     Prevent changing start menu background 
     Turn on PIN sign-in 
     Turn off picture password sign-in 
     Do not display the password reveal button 
     Do not display the password reveal button 
     Device compatibility settings 
     Driver compatibility settings 
     Specify the search server for device driver updates 
     Turn off smart multi-homed name resolution 
     Turn off smart protocol reordering 
     Allow NetBT queries for fully qualified domain names 
     Prefer link local responses over DNS when received over a network with higher precedence 
     Turn off IDN encoding 
     IDN mapping 
     Use solid color for Start background 
     Turn on misconversion logging for misconversion report 
     Turn off saving auto-tuning data to file 
     Turn off history-based predictive input 
     Turn off Open Extended Dictionary 
     Turn off Internet search integration 
     Turn off custom dictionary 
     Restrict character code range of conversion 
     Do not include Non-Publishing Standard Glyph in the candidate list 
     Boot-Start Driver Initialization Policy 
     Turn off switching between recent apps 
     Turn off tracking of app usage 
     Do not allow Windows to activate Enhanced Storage devices 
     Do not throttle additional data 
     Send additional data when on battery power 
     Send data when on connected to a restricted/costed network 
     Do not throttle additional data 
     Send additional data when on battery power 
     Send data when on connected to a restricted/costed network 
     Windows To Go Default Startup Options 
     Allow hibernate (S4) when starting from a Windows To Go workspace 
     Disallow standby sleep states (S1-S3) when starting from a Windows to Go workspace 
     Turn off File History 
     Configure maximum age of file server shadow copies 
     Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running on application server and File Share Shadow Copy Agent running on the file servers. 
     Enable / disable TXF deprecated features 
     Enable optimized move of contents in Offline Files cache on Folder Redirection server path change 
     Redirect folders on primary computers only 
     Redirect folders on primary computers only 
     Turn off offer text predictions as I type 
     Turn off insert a space after selecting a text prediction 
     Turn off autocorrect misspelled words 
     Turn off highlight misspelled words 
     Disallow copying of user input methods to the system account for sign-in 
     Block clean-up of unused language packs 
     Enable AD/DFS domain controller synchronization during policy refresh 
     Turn off Group Policy Client Service AOAC optimization 
     Configure Direct Access connections as a fast network connection 
     Change Group Policy processing to run asynchronously when a slow network connection is detected. 
     Configure Group Policy slow link detection 
     Specify workplace connectivity wait time for policy processing 
     Enable Hotspot Authentication 
     Turn off access to the Store 
     Turn off access to the Store 
     Turn off flip ahead feature 
     Turn on Enhanced Protected Mode 
     Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled 
     Always send Do Not Track header 
     Turn off encryption support 
     Show Content Advisor on Internet Options 
     Go to an intranet site for a one-word entry in the Address bar 
     Install binaries signed by MD2 and MD4 signing technologies 
     Prevent managing SmartScreen Filter 
     Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet 
     Turn off browser geolocation 
     Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects 
     Automatically activate newly installed add-ons 
     Turn off add-on performance notifications 
     Turn on ActiveX Filtering 
     Prevent deleting download history 
     Prevent deleting ActiveX Filtering and Tracking Protection data 
     Allow Internet Explorer 8 shutdown behavior 
     Specify default behavior for a new tab 
     Notify users if Internet Explorer is not the default web browser 
     Turn off URL Suggestions 
     Render legacy filters 
     Enable dragging of content from different domains within a window 
     Enable dragging of content from different domains across windows 
     Render legacy filters 
     Enable dragging of content from different domains within a window 
     Enable dragging of content from different domains across windows 
     Render legacy filters 
     Enable dragging of content from different domains within a window 
     Enable dragging of content from different domains across windows 
     Render legacy filters 
     Enable dragging of content from different domains within a window 
     Enable dragging of content from different domains across windows 
     Render legacy filters 
     Enable dragging of content from different domains within a window 
     Enable dragging of content from different domains across windows 
     Render legacy filters 
     Enable dragging of content from different domains within a window 
     Enable dragging of content from different domains across windows 
     Render legacy filters 
     Enable dragging of content from different domains within a window 
     Enable dragging of content from different domains across windows 
     Render legacy filters 
     Enable dragging of content from different domains within a window 
     Enable dragging of content from different domains across windows 
     Render legacy filters 
     Enable dragging of content from different domains within a window 
     Enable dragging of content from different domains across windows 
     Render legacy filters 
     Enable dragging of content from different domains within a window 
     Enable dragging of content from different domains across windows 
     Allow Internet Explorer to play media files that use alternative codecs 
     Prevent configuration of top-result search on Address bar 
     Do not display the reveal password button 
     Turn off the WebSocket Object 
     Set the maximum number of WebSocket connections per server 
     Display tabs on a separate row 
     Establish InPrivate Filtering threshold 
     Establish Tracking Protection threshold 
     Turn off Tracking Protection 
     Use Policy List of Quirks Mode sites 
     Turn off ability to pin sites in Internet Explorer on the desktop 
     Set default storage limits for websites 
     Allow websites to store indexed databases on client computers 
     Set indexed database storage limits for individual domains 
     Set maximum indexed database storage limit for all domains 
     Allow websites to store application caches on client computers 
     Set application cache storage limits for individual domains 
     Set maximum application caches storage limit for all domains 
     Set application caches expiration time limit for individual domains 
     Set maximum application cache resource list size 
     Set maximum application cache individual resource size 
     Start Internet Explorer with tabs from last browsing session 
     Open Internet Explorer tiles on the desktop 
     Set how links are opened in Internet Explorer 
     Turn off flip ahead feature 
     Turn on Enhanced Protected Mode 
     Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled 
     Always send Do Not Track header 
     Show Content Advisor on Internet Options 
     Go to an intranet site for a one-word entry in the Address bar 
     Install binaries signed by MD2 and MD4 signing technologies 
     Prevent managing SmartScreen Filter 
     Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet 
     Disable Import/Export Settings wizard 
     Turn off browser geolocation 
     Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects 
     Automatically activate newly installed add-ons 
     Turn off add-on performance notifications 
     Turn on ActiveX Filtering 
     Prevent deleting download history 
     Prevent deleting ActiveX Filtering and Tracking Protection data 
     Allow Internet Explorer 8 shutdown behavior 
     Specify default behavior for a new tab 
     Disable changing secondary home page settings 
     Turn off URL Suggestions 
     Render legacy filters 
     Enable dragging of content from different domains within a window 
     Enable dragging of content from different domains across windows 
     Render legacy filters 
     Enable dragging of content from different domains within a window 
     Enable dragging of content from different domains across windows 
     Render legacy filters 
     Enable dragging of content from different domains within a window 
     Enable dragging of content from different domains across windows 
     Render legacy filters 
     Enable dragging of content from different domains within a window 
     Enable dragging of content from different domains across windows 
     Render legacy filters 
     Enable dragging of content from different domains within a window 
     Enable dragging of content from different domains across windows 
     Render legacy filters 
     Enable dragging of content from different domains within a window 
     Enable dragging of content from different domains across windows 
     Render legacy filters 
     Enable dragging of content from different domains within a window 
     Enable dragging of content from different domains across windows 
     Render legacy filters 
     Enable dragging of content from different domains within a window 
     Enable dragging of content from different domains across windows 
     Render legacy filters 
     Enable dragging of content from different domains within a window 
     Enable dragging of content from different domains across windows 
     Render legacy filters 
     Enable dragging of content from different domains within a window 
     Enable dragging of content from different domains across windows 
     Turn off Print Menu 
     Allow Internet Explorer to play media files that use alternative codecs 
     Prevent configuration of search on Address bar 
     Prevent configuration of top-result search on Address bar 
     Do not display the reveal password button 
     Turn off the WebSocket Object 
     Set the maximum number of WebSocket connections per server 
     Display tabs on a separate row 
     Turn on Suggested Sites 
     Establish InPrivate Filtering threshold 
     Establish Tracking Protection threshold 
     Turn off Tracking Protection 
     Use Policy List of Quirks Mode sites 
     Turn off ability to pin sites in Internet Explorer on the desktop 
     Set default storage limits for websites 
     Allow websites to store indexed databases on client computers 
     Set indexed database storage limits for individual domains 
     Set maximum indexed database storage limit for all domains 
     Allow websites to store application caches on client computers 
     Set application cache storage limits for individual domains 
     Set maximum application caches storage limit for all domains 
     Set application caches expiration time limit for individual domains 
     Set maximum application cache resource list size 
     Set maximum application cache individual resource size 
     Start Internet Explorer with tabs from last browsing session 
     Open Internet Explorer tiles on the desktop 
     Set how links are opened in Internet Explorer 
     Install new versions of Internet Explorer automatically 
     KDC support for claims, compound authentication and Kerberos armoring 
     Warning for large Kerberos tickets 
     Specify KDC proxy servers for Kerberos clients 
     Disable revocation checking for the SSL certificate of KDC proxy servers 
     Fail authentication requests when Kerberos armoring is not available 
     Support compound authentication 
     Set maximum Kerberos SSPI context token buffer size 
     Kerberos client support for claims, compound authentication and Kerberos armoring 
     Hash Version support for BranchCache 
     Turn off Windows Location Provider 
     Show first sign-in animation 
     Do not enumerate connected users on domain-joined computers 
     Enumerate local users on domain-joined computers 
     Turn off app notifications on the lock screen 
     Automatic Maintenance Activation Boundary 
     Automatic Maintenance Random Delay 
     Automatic Maintenance WakeUp Policy 
     Turn off shared components 
     Prevent embedded UI 
     Support Email Address 
     Friendly Name 
     User Interface 
     Prefer Local Names Allowed 
     DirectAccess Passive Mode 
     Corporate Resources 
     IPsec Tunnel Endpoints 
     Custom Commands 
     Specify passive polling 
     Do not use NetBIOS-based discovery for domain controller location when DNS-based discovery fails 
     Specify address lookup behavior for DC locator ping 
     Use urgent mode when pinging domain controllers 
     Internet proxy servers for apps 
     Intranet proxy servers for  apps 
     Private network ranges for  apps 
     Proxy definitions are authoritative 
     Subnet definitions are authoritative 
     Remove "Work offline" command 
     Remove "Work offline" command 
     Enable file synchronization on costed networks 
     Detect compatibility issues for applications and drivers 
     Enable Automatic Hosted Cache Discovery by Service Connection Point 
     Configure Client BranchCache Version Support 
     Configure Hosted Cache Servers 
     Set age for segments in the data cache 
     Turn on Module Logging 
     Set the default source path for Update-Help 
     Turn on Module Logging 
     Set the default source path for Update-Help 
     Isolate print drivers from applications 
     Always rasterize content to be printed using a software rasterizer 
     Do not allow v4 printer drivers to show printer extensions 
     Change Microsoft XPS Document Writer (MXDW) default output format to the legacy Microsoft XPS format (*.xps) 
     Turn off storage and display of search history 
     Always use automatic language detection when indexing content and properties 
     Do not sync 
     Do not sync app settings 
     Do not sync passwords 
     Do not sync personalize 
     Do not sync other Windows settings 
     Do not sync desktop personalization 
     Do not sync browser settings 
     Do not sync on metered connections 
     File Classification Infrastructure: Display Classification tab in File Explorer 
     File Classification Infrastructure: Specify classification properties list 
     Enable access-denied assistance on client for all file types 
     Clear history of tile notifications on exit 
     Prevent users from uninstalling applications from Start 
     Show "Run as different user" command on Start 
     Do not allow taskbars on more than one display 
     Set IP Stateless Autoconfiguration Limits State 
     Specify default connection URL 
     Limit maximum display resolution 
     Suspend user sign-in to complete app registration 
     Configure image quality for RemoteFX Adaptive Graphics 
     Configure RemoteFX Adaptive Graphics 
     Allow RDP redirection of other supported RemoteFX USB devices from this computer 
     Configure RemoteFX 
     Optimize visual experience when using RemoteFX 
     Enable RemoteFX encoding for RemoteFX clients designed for Windows Server 2008 R2 SP1 
     Select network detection on the server 
     Select RDP transport protocols 
     Turn Off UDP On Client 
     Turn off Fair Share CPU Scheduling 
     Use the hardware default graphics adapter for all Remote Desktop Services sessions 
     Configure image quality for RemoteFX Adaptive Graphics 
     Configure RemoteFX Adaptive Graphics 
     Enable Remote Desktop Protocol 8.0 
     Select network detection on the server 
     Select RDP transport protocols 
     Turn Off UDP On Client 
     Turn on TPM backup to Active Directory Domain Services 
     Configure the level of TPM owner authorization information available to the operating system 
     Standard User Lockout Duration 
     Standard User Individual Lockout Threshold 
     Standard User Total Lockout Threshold 
     User management of sharing user name, account picture, and domain information with apps (not desktop apps) 
     Download roaming profiles on primary computers only 
     Set user home folder 
     Choose drive encryption method and cipher strength 
     Configure use of passwords for operating system drives 
     Reset platform validation data after BitLocker recovery 
     Disallow standard users from changing the PIN or password 
     Use enhanced Boot Configuration Data validation profile 
     Enforce drive encryption type on operating system drives 
     Allow network unlock at startup 
     Enable use of BitLocker authentication requiring preboot keyboard input on slates 
     Allow Secure Boot for integrity validation 
     Enforce drive encryption type on fixed data drives 
     Enforce drive encryption type on removable data drives 
     Prohibit connection to non-domain networks when connected to domain authenticated network 
     Minimize the number of simultaneous connections to the Internet or a Windows Domain 
     Prohibit connection to roaming Mobile Broadband networks 
     Disable power management in connected standby mode 
     Location where all default Library definition files for users/machines reside. 
     Start File Explorer with ribbon minimized 
     Location where all default Library definition files for users/machines reside. 
     Configure Windows SmartScreen 
     Show lock in the user tile menu 
     Show sleep in the power options menu 
     Show hibernate in the power options menu 
     Do not show the 'new application installed' notification 
     Start File Explorer with ribbon minimized 
     Set a default associations configuration file 
     Allow the use of remote paths in file shortcut icons 
     Disallow WinRM from storing RunAs credentials 
     Require use of fast startup 
     Turn off the Store application 
     Turn off the Store application 
     Allow Store to install apps on Windows To Go workspaces 
     Turn off Automatic Download of updates 
     Set Cost 
     Turn off tile notifications 
     Turn off toast notifications 
     Turn off toast notifications on the lock screen 
     Turn off notifications network usage 
     Set 3G Cost 
     Set 4G Cost 

    Windows 8.1

    For full details, download the following file

    image

     Policy Setting Name 
     
     Allow development of Windows Store apps without installing a developer license 
     Prevent enabling lock screen slide show 
     Prevent enabling lock screen camera 
     Force a specific background and accent color 
     Force a specific Start background 
     Force a specific default lock screen image 
     Allow users to select when a password is required when resuming from connected standby 
     Restrict delegation of credentials to remote servers 
     Prevent adding
     App switching 
     Charms 
     WinX 
     Automatically send memory dumps for OS-generated error reports 
     Automatically send memory dumps for OS-generated error reports 
     Configure Group Policy Caching 
     Configure Logon Script Delay 
     Turn off loading websites and content in the background to optimize performance 
     Turn on the swiping motion on Internet Explorer for the desktop 
     Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows 
     Allow Internet Explorer to use the SPDY/3 network protocol 
     Turn off phone number detection 
     Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar 
     Don't run antimalware programs against ActiveX controls 
     Don't run antimalware programs against ActiveX controls 
     Don't run antimalware programs against ActiveX controls 
     Don't run antimalware programs against ActiveX controls 
     Don't run antimalware programs against ActiveX controls 
     Don't run antimalware programs against ActiveX controls 
     Don't run antimalware programs against ActiveX controls 
     Don't run antimalware programs against ActiveX controls 
     Don't run antimalware programs against ActiveX controls 
     Don't run antimalware programs against ActiveX controls 
     Turn off loading websites and content in the background to optimize performance 
     Turn on the swiping motion on Internet Explorer for the desktop 
     Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows 
     Allow Internet Explorer to use the SPDY/3 network protocol 
     Turn off phone number detection 
     Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar 
     Don't run antimalware programs against ActiveX controls 
     Don't run antimalware programs against ActiveX controls 
     Don't run antimalware programs against ActiveX controls 
     Don't run antimalware programs against ActiveX controls 
     Don't run antimalware programs against ActiveX controls 
     Don't run antimalware programs against ActiveX controls 
     Don't run antimalware programs against ActiveX controls 
     Don't run antimalware programs against ActiveX controls 
     Don't run antimalware programs against ActiveX controls 
     Don't run antimalware programs against ActiveX controls 
     Prevent deleting ActiveX Filtering
     Prevent deleting ActiveX Filtering
     Allow cut
     Allow cut
     Allow cut
     Allow cut
     Allow cut
     Allow cut
     Allow cut
     Allow cut
     Allow cut
     Allow cut
     Allow cut
     Allow cut
     Allow cut
     Allow cut
     Allow cut
     Allow cut
     Allow cut
     Allow cut
     Allow cut
     Allow cut
     KDC support for claims
     Kerberos client support for claims
     Automatic Maintenance Random Delay 
     Use DNS name resolution when a single-label domain name is used
     At logoff
     Run Windows PowerShell scripts first at computer startup
     Run Windows PowerShell scripts first at user logon
     Run Windows PowerShell scripts first at user logon
     Disable indexing of removable drives 
     Don't search the web or display web results in Search 
     Don't search the web or display web results in Search over metered connections 
     Set what information is shared in Search 
     Set the SafeSearch setting for Search 
     Do not sync Apps 
     Do not sync start settings 
     
     
     
     Pin Apps to Start when installed 
     Start Screen Layout 
     Default 
     Default app 
     Default search 
     Sort 
     Multimon 
     Pin Apps to Start when installed 
     Start Screen Layout 
     Remove and prevent access to the Shut Down
     For tablet pen input
     For tablet pen input
     For touch input
     For touch input
     Include rarely used Chinese
     Include rarely used Chinese
     Set remote control session UAC desktop 
     Use advanced RemoteFX graphics for RemoteApp 
     Set remote control session UAC desktop 
     Set remote control permission request timeout 
     Enable Remote Desktop Protocol 8.0 
     User management of sharing user name
     Choose drive encryption method and cipher strength (Windows Vista
     Configure TPM platform validation profile (Windows Vista
     Allow antimalware service to startup with normal priority 
     Turn on virus definitions 
     Configure local administrator merge behavior for lists 
     Define addresses to bypass proxy server 
     Define proxy server for connecting to the network 
     Randomize scheduled task times 
     Allow antimalware service to remain running always 
     Extension Exclusions 
     Path Exclusions 
     Process Exclusions 
     Turn on protocol recognition 
     Turn on definition retirement 
     Define the rate of detection events for logging 
     IP address range Exclusions 
     Port number  Exclusions 
     Process Exclusions for outbound traffic 
     Threat ID Exclusions 
     Specify additional definition sets for network traffic inspection 
     Configure local setting override for the removal of items from Quarantine folder 
     Configure removal of items from Quarantine folder 
     Turn on behavior monitoring 
     Turn on Information Protection Control 
     Turn on network protection against exploits of known vulnerabilities 
     Scan all downloaded files and attachments 
     Monitor file and program activity on your computer 
     Turn on raw volume write notifications 
     Turn on process scanning whenever real-time protection is enabled 
     Define the maximum size of downloaded files and attachments to be scanned 
     Configure local setting override for turn on behavior monitoring 
     Configure local setting override for monitoring file and program activity on your computer 
     Configure local setting override to turn off Intrusion Prevention System 
     Configure local setting override for scanning all downloaded files and attachments 
     Configure local setting override to turn on real-time protection 
     Configure local setting override for monitoring for incoming and outgoing file activity 
     Configure monitoring for incoming and outgoing file and program activity 
     Configure local setting override for the time of day to run a scheduled full scan to complete remediation 
     Specify the day of the week to run a scheduled full scan to complete remediation 
     Specify the time of day to run a scheduled full scan to complete remediation 
     Configure time out for detections requiring additional action 
     Configure time out for detections in critically failed state 
     Configure Watson events 
     Configure time out for detections in non-critical failed state 
     Configure time out for detections in recently remediated state 
     Configure Windows software trace preprocessor components 
     Configure WPP tracing level 
     Allow users to pause scan 
     Specify the maximum depth to scan archive files 
     Specify the maximum size of archive files to be scanned 
     Specify the maximum percentage of CPU utilization during a scan 
     Scan archive files 
     Turn on catch-up full scan 
     Turn on catch-up quick scan 
     Turn on e-mail scanning 
     Turn on heuristics 
     Scan packed executables 
     Scan removable drives 
     Turn on reparse point scanning 
     Create a system restore point 
     Run full scan on mapped network drives 
     Scan network files 
     Configure local setting override for maximum percentage of CPU utilization 
     Configure local setting override for the scan type to use for a scheduled scan 
     Configure local setting override for schedule scan day 
     Configure local setting override for scheduled quick scan time 
     Configure local setting override for scheduled scan time 
     Turn on removal of items from scan history folder 
     Specify the interval to run quick scans per day 
     Start the scheduled scan only when computer is on but not in use 
     Specify the scan type to use for a scheduled scan 
     Specify the day of the week to run a scheduled scan 
     Specify the time for a daily quick scan 
     Specify the time of day to run a scheduled scan 
     Define the number of days before spyware definitions are considered out of date 
     Define the number of days before virus definitions are considered out of date 
     Define file shares for downloading definition updates 
     Turn on scan after signature update 
     Allow definition updates when running on battery power 
     Initiate definition update on startup 
     Define the order of sources for downloading definition updates 
     Allow definition updates from Microsoft Update 
     Allow real-time definition updates based on reports to Microsoft MAPS 
     Specify the day of the week to check for definition updates 
     Specify the time to check for definition updates 
     Allow notifications to disable definitions based reports to Microsoft MAPS 
     Define the number of days after which a catch-up definition update is required 
     Specify the interval to check for definition updates 
     Check for the latest virus and spyware definitions on startup 
     Configure local setting override for reporting to Microsoft MAPS 
     Specify threats upon which default action should not be taken when detected 
     Specify threat alert levels at which default action should not be taken when detected 
     Display notifications to clients when they need to perform actions 
     Display additional text to clients when they need to perform an action 
     Always automatically restart at the scheduled time 
     Specify Work Folders settings 
     Turn off tile notifications 
     Turn off toast notifications 
     Turn off toast notifications on the lock screen 
     Turn off notifications network usage 
     Turn off Quiet Hours 
     Set the time Quiet Hours begins each day 
     Set the time Quiet Hours ends each day 
     Turn off calls during Quiet Hours 
     Set 3G Cost 
     Set 4G Cost 
  • Software Update Compliance Reports – Detection State Unknown

    I have been working with a number of customers recently that have had issues running their monthly Software Update compliance reports due to a high number of “DETECTION STATE UNKOWN” results reporting back long after the update deployment has successfully run.

    As usual the first thing we want to identify is whether it is on the client side or server side.

    State Message IDs are used to define specific state messages for each topic type. For our issue a State Message for a Software Updates has a TopicType=500 which has status Message ID state of 0, 1, 2 or 3 which would then depict the actual state of the given update on a client machine as below:

    Topic Type

    State Message ID

    State Message Description

    500

    0

    Detection state unknown

    500

    1

    Update is not required

    500

    2

    Update is required

    500

    3

    Update is installed

    To determine what information your clients are sending back to your Management Point we can use WMI queries to see what is happening on the client.

    1. Open wbemtest with elevated permissions

    image

    2. Connect to the WMI Namespace: root\CCM\StateMsg

    image

    3. Select Query and run the query  SELECT * FROM CCM_StateMsg

    image

    image

    Find any software update deployment which can be determined by looking for “TopicType=500” and what we want to check is the below values in yellow as this will determine if the client has indeed sent a message back to the MP and if so what it sent back, If we see it sent back a “0” and confirm that the KBs are installed then we know it is something on the client side, we would expect to see 1, 2 ,3 pending the state listed above

    image

    image

    image

    image

    Example below:

    instance of CCM_StateMsg

    { Criticality = 0;

    MessageSent = TRUE;      Message is sent

                                                MessageTime = "20101027211908.749000+000";           UTC Time

                                                ParamCount = 1;

                                                StateDetails = "";

                                                StateDetailsType = 0;

    StateID = 2;   Update is required

                                                TopicID = "9d4681d5-46fa-4250-bedc-480ac7bce3aa";

                                                TopicIDType = 3;

    TopicType = 500;   Update Detection

                                                UserFlags = 0;

                                                UserParameters = {"102"};

    Hope this helps..