Tag Archives: System Center Configuration Manager

Drivers Showing as Unsigned in Configuration Manager 2012 R2

A customer has a problem with importing drivers for their Surface Pro 3 devices in System Center Configuration Manager 2012 R2.

We keep noticing some of the drivers are unsigned. I immediately realized something is up as Microsoft releasing unsigned drivers isn’t going to happen. So I started digging and immediately came to KB3025419 which seems to cover my situation. My customer uses Windows 2008 R2 as the Host operating system for the Configuration Manager server and so this KB is relevant. Basically, Microsoft changed the way they signed drivers and now use a different method. This new method is different than what Server 2008 R2 recognizes and thus the change.

It affect Configuration Manager 2007, 2012 and 2012 R2 so you might see this as well down the road once hardware vendors use the new method.

Install the patches and don’t forget to reboot. A reboot is required even if it doesn’t prompt for a reboot. How do I know this, experience. Our server was patched by a different team but they didn’t reboot. The problem still persisted until the reboot.

Another thing you have to do is remove the “unsigned drivers”. This means delete the drivers that are showing unsigned before re-importing the drivers again. Once these two steps were performed we were back in business.

If you are running Windows Server 2008 R2 for your System Center Configuration Manager install you might just want to install this patch during your next maintenance schedule. As more vendors sign their drivers in the new method, you might start to see issues even if you don’t deploy Surface Pro. Of course, if you are running Windows Server 2012 R2 you probably have never saw this issue and the patches are not required.


Installing and Updating Adobe Reader

I am working with a customer and assisting them with their application updates. One of the applications needing updating is Adobe Acrobat Reader MUI. This version of Adobe Reader allows it to be displayed in English or French depending on what language the user is using. Reader is also one of those pain in the ass applications that nag the user to update all the time, so getting in front of this one and updating proactively is always a good way to get ahead of the bullshit calls you’ll get to the service desk. The users shouldn’t have to be asked if they want to update. We should be managing that for them and we know if we can update based on testing those patches.

If you already have Adobe Reader installed, just follow the part in regards to the MSP file. But if you don’t have Adobe Reader installed yet, basically it’s a quick install and update. Here is the link to the Adobe ftp site if you need to download the files. ftp://ftp.adobe.com/pub/adobe/reader/win/11.x/ When you download the Enterprise build, Adobe includes an admin customization tool, but I just ignore that crap. Seriously, unless there is a good reason to run that junk I don’t use it. In my opinion and in my case, there isn’t a good reason to use it as I don’t deviate from the standard install.



Adobe Reader Directory with install files.

Run msiexec.exe /I AcroRead.msi /q. This will install the base of Adobe reader. In my case it’s version 11.0.00. Next grab the current msp file. If you already had Adobe Reader installed, this is your starting step. These are similar to an MSI file but updates. The command to execute these is msiexec.exe /update AdbeRdrUpd11010_MUI.msp /q. This will install the update bringing the MUI up to in my case 11.0.10.

For those of you using System Center Configuration Manager as I am, there are a couple of ways to ensure the order is maintained. Out of Order will cause a failure or at least the base version of Adobe Reader without the update. Create two packages, one package with source files for the Adobe Reader install (msiexec.exe /I AcroRead.msi /q) and the second package will be the Adobe Reader MSP (msiexec.exe /update AdbeRdrUpd11010_MUI.msp /q). Once you have the packages, you have two ways you can do this.

One way to do this is to roll a task sequence with the Adobe Reader msi install first followed by the Adobe MSP patch in the next step. Advertise that task sequence to your collection and Bob’s your uncle.

The other way is to edit the program properties of the patch and tell it to run another package first. In this case, Adobe Reader will be the package you will select to run first. Save that and then the patch will be the package you advertise to your collections.


Program Properties in Configuration Manager 2012 SP1

Here is after the deployment. My machine in English language –


Adobe Reader welcome screen on an english computer.

And then changing my language to french, notice the recycle bin name. –


Adobe Reader welcome screen on a french computer.