Silent install of Advanced Group Policy Management (AGPM) console

A quick post regarding silent installation of the Advanced Group Policy Management Console that comes with Microsoft MDOP (Microsoft Desktop Optimisation Pack). This tool gives you access to a change controlled group policy console, very useful if you have lots of admins working in an environment with tight SLAs!

At the time of writing the following command installs the latest client (4.0.2) silently, choose x86 or amd64 as fit for your environment and change the server address next to the ARCHIVELOCATION switch! I couldn’t find a straight answer to this question online so I’m posting it here to save you the same hassle.

Share this article...

    Copy group memberships from one active directory group to another using Powershell

    A quick way to copy group memberships from one AD group to another.

    A loop is required as Add-ADPrincipalGroupMembership will fail and error out if one the users of the first group is already a member of the second group. The loop ignores these errors and allows the command to continue.

    $ErrorActionPreference = "SilentlyContinue"
     Get-ADGroupMember -Identity "Group1" | % { $_ | Add-ADPrincipalGroupMembership -MemberOf "Group2" }
     $ErrorActionPreference = "Continue"
    Share this article...

      Diving in to App-V 5.0

      I’ve been spending a lot of time with App-V 5.0 recently and just thought i’d write a quick post on some strange problems I came across …

      1. I was referring to some online blogs that showed screenshots of the client GUI … however I couldnt for the life of me find it when installing from the latest version on the MDOP 2014 DVD. What’s also annoying is that if you upgrade from 5.0 to 5.0 SP2, it actually REMOVES the GUI during the installation process! I was convinced my installation was broken, or i’d done something wrong. After much reading online, it turned out that the client GUI was removed from the 5.0SP2 client installation package and you have to download it separately from … easy when you know how, right?

      2. If you’re using roaming profiles, folder redirection and Windows 8.1 (this limitation might extend to other OS versions, I only tested 8.1) make sure you have App-V 5.0 SP2, when I initially deployed I was using App-V 5.0 with no updates, and applications failed to lauch with the error code 0x00001525-00000057. After upgrading the client to SP2 all is well!

      Once you know the ins and outs though and what it can and can’t do it’s a fantastic product .. the way you can have an application executing locally but available almost instantaneously to the user blows me away!

      Share this article...

        SCCM 2012 R2 – where are my Windows 8.1, Server 2012 R2, Office 2013 updates?

        A quick post on some weird behaviour I came across in SCCM 2012 R2,

        When configuring the Software Update point in a brand new SCCM 2012 R2 installation, I needed to select to synchronise the updates for Windows Server 2012 R2, Windows 8.1 and Office 2013 that would be used in this envrionment. However, this is what the product selection screen looked like (Under Administration > Site Configurating > Sites > Right click on site > Configure Site Components > Software Update Point, Products tab)

        Notice the problem? Windows 8.1 nor Server 2012 R2 are visible (nor Office 2013, not shown). I went ahead and selected 2012 and Windows 8 anyway.

        I looked in WSUS itself and this actually shows the correct options:

        Weird … however I resisted the temptation to select them here as I know from experience that you shouldn’t mess with WSUS directly as SCCM likes to control it. I went ahead and clicked the “Sychronize Software Updates” button in SCCM but received the following strange messages in the WCM.log file:

        However, after letting the sync finish, as if by magic the products THEN became available:

        The moral of the story is, let SCCM 2012 do a synchronisation BEFORE you try to select the products you wish to update!

        Share this article...

          Snags with sticky MACs

          I recently inherited a network which uses port-security with sticky MACs. I’d not used this configuration in a long time and one limitation I was not aware of which caused me some trouble is that a MAC address can only be sticky on a single port per config, so if a device is moved from one port to another, and it’s not working, you will need to check that the MAC of the device isn’t sticky on another port.

          “sh log” on the switch shows the error:

          Switch port-security tshoot 1

          Normally in this situation one would clear the gi2/0/45 sticky MAC, but in this case this will not work, as the MAC is already assigned to another port.

          “sh port-security address” can be used to identify which port the MAC exists on

          Switch port-security tshoot 2
          This shows that the offending device has been moved from port gi2/0/44 (as it exists in the port-security config) to gi2/0/45.
          We then can go ahead and clear the stored MAC for both gi2/0/44 and gi2/0/45 to allow these ports to be used once more. Don’t forget to shut and un-shut the ports after this!

          Switch port-security tshoot 3
          Switch port-security tshoot 4

          Share this article...