KB4011273 – CAUSES OUTLOOK ADD-IN ISSUES

Recently Microsoft released office security that created lot of issues for the clients who heavily uses outlook add-ins for business purposes.

Some of them are Enterprise vault, Sales force and so on.

Thought there is a fix released by MS on February release, upon testing the result didn’t change.

So, if you decide to uninstall that patch you can either use your patch management software like SCCM or WSUS. But if you want a quick if you don’t have a patch management software, the follow the instructions,

  1. Create a .bat file with the following and save in sysvol folder on a DC@echo offmsiexec.exe /package {90140000-001A-0409-0000-0000000FF1CE} /uninstall {6DE885AE-8E0F-4FEA-8AA2-77D455F8A6AA} /qn /quiet /norestart

    exit

  2. Create a GPO that applies to all the workstations (if that is what you intended to do)
  3. Edit the policy and Navigate to “Policies->Windows settings->Scripts->Go to properties of Startup, Add the script to the list

User needs to reboot the machine to make sure it removes the patch successfully.

Note: I’ve seen cases that this patch got installed directly but not through SCCM or WSUS.  Though there is a GPO to restrict the update.  If you have an idea how this patch could have installed, comment.

Microsoft Intune – Things to remember before you use new Azure integrated Intune

As you may already know that Microsoft decided and moved from Classic Intune to Azure integrated Intune.  There are few things that needs to considered before you decide to use Azure integrated Intune for patch management.

  • The app groups that are created in Classic intune are being migrated to Azure integrated Intune.  These groups cannot be used in Classic intune anymore.  If you would like to patch the workstations with the existing group or create a new groups, it wont work – Microsoft acknowledged this as bug and awaiting resolution (This has been resolved now)
  • If there is a policy that exists in the Classic portal and you are using Azure integrated intune, and has a software update ring, then there might be a policy conflict.  Make sure the Classic Intune are removed.
  • Classic Intune can only manage the devices using Intune management agent.  Azure integrated Intune can manage the devices only if the device is enrolled as Mobile Device.  If the agent is present in the workstations, it cant be enrolled as mobile device.  So first thing you should do is to remove the Agent.
  • If the Agent is present in the workstation it cant be enrolled to new Azure integrated Intune.  You have to uninstall the agent, you can use https://gallery.technet.microsoft.com/Uninstall-the-Intune-b42111d1.  This will create a Schedule Tasks.  It may take about 5 to 10 mins.  It uses ProvisioningUtil.exe located under C:\Program Files\Microsoft\OnlineManagement\Common.  If you have custom installation path or if the exe doesn’t exist, then you might need to install the Agent again and run this script again.
  • If you are planning to migrate to Azure integrated Intune from Classic Intune, make sure the device is not listed in the Classic portal.  If the device is visible, then before enrolling, make sure the workstation entry is removed from the Classic portal.  Sometimes you may see entries in both the portal, In that case, you have to remove the device from both the portal, and re-enroll.
  • Finally, version upgrade of windows 10 is not straight forward.

Hope this helps

VJ