ConfigMgr 2012 R2 and DMZ Questions

I am working with a client who's security team has been a challenge.  They do not want to open any of the RPC Dynamic Range ports needed for communication between certain roles on the Primary Site server and a server they want setup in one of their
DMZ's. 
They have a domain in the DMZ and all devices are a member of that domain.  We successfully setup a management point but can't publish since the ports from the primary site server to a DC in the DMZ are not open.  We placed a DNS service locator
record in the DMZ and when we manually install the clients add the DNSSUFFIX and point to the MP in the DMZ.  The clients are reporting at this point.  However, they are not getting any software updates since the DP can't install and we don't allow
failover to any other DP.
The client has said that there has to be other solutions.  The solution we are using isn't best practice I know that.
I guess there are three solutions here, correct?
1.  Open DMZ site ports for clients to communicate only to ConfigMgr Server.  (Not secure)
2.  Keep current design of MP/DP/SUP in DMZ?
3.  Put a secondary site in DMZ?
I have two questions about 2 and 3.  Why should we add the SUP?  Shouldn't the client talk to the Management Point and the management point sends the request to the SUP on the ConfigMgr?   So can't we ditch that extra SUP?  
Also, even if we put a secondary site in the DMZ, we will still run into port issues since the client is refusing to open RPC Dynamic port ranges?
Kristopher Turner | Not the brightest bulb but by far not the dimmest bulb.

Yes 3 is out ConfigMgr wise.
I would not call 1 insecure though. Open ports are not insecure, that's a myth perpetuated by those who don't know what a port is. Network security is about controlling the traffic and securing the endpoints. Ultimately, that may be a battle you won't win
though because of political reasons and the perpetuation of myths in network security and the purpose of DMZs.
Option 2 is what most/nearly all folks go with. If one port is open, you may as well open them all because security wise there is no true difference so any resistance here is ignorance. As long as the traffic is confined to a single endpoint, the port its
using makes no difference and the level of security comes down to, as mentioned, the security posture and controls in place on that endpoint itself -- who cares that the traffic has a data field set to 80 or 443 or 1024 as long as the target is well controlled, "secured", and
monitored.
There ultimately aren't any other ways (besides 1 and 2) to accomplish this using only ConfigMgr proper. The ports required are well documented on TechNet so there's no magic to make these go away.
Another architectural solution however is to use reverse proxy. This is a twist on choice 1 except that all client traffic passes through the reverse proxy instead to reach the internal site systems.
Jason | http://blog.configmgrftw.com

Similar Messages

  • Scenario – Multi Tenant ConfigMgr 2012 R2 and Same IP Address range for multiple customer

    The service provider plans on managing customer’s workstation/desktop via ConfigMgr 2012 R2 CU3 which is hosted at Service Provider’s network however the Secondary Site (MP/DP Role) is hosted at customer’s physical location and on their network but
    not joined to customers domain. The service provide plans to have a one-way trust with each customer initiated from service provider to each customer and have a copy of customer’s DNS by way of ADC hosted at service providers network.
    Now the challenge is that we might end up having plenty of customers who will have same IP/subnet range such as 192.168.1.x and wanted to know the impact/issues around deployment. We may have challenges defining boundaries/boundary group for same IP range
    or subnet for each customer because you can't have two boundaries with same IP range or Subnet. Also, since we have one way trust, we don't get the option to view customer's AD sites and services...
    We are testing a scenario where we’ve defined the DNSSUFFIX on CM client so the client knows which MP to talk and MP presents with the nearest DP this works out quite well where you’ve defined IP boundary but haven’t tested anything with two or more customers
    with same IP Range – hence not sure how the same IP/subnet range would work.
    Wondering if we DO NOT define any boundary or boundary group so the client assume it's on slow or unreliable network and set the applications
    Deployment Option to "Download content from DP and run locally" and still receives the application – I know this works in workgroup scenario but will this be a feasible option when dealing with multiple customers with same IP range ?
    Please note that we are not planning on publishing MP or AD Schema on customer network but since we have a one way trust, we can do a discovery of customer’s AD forest.
    Thoughts ?

    Wondering if we DO NOT define any boundary or boundary group so the client assume it's on slow or unreliable network and set the applications
    Deployment Option to "Download content from DP and run locally" and still receives the application – I know this works in workgroup scenario but will this be a feasible option when dealing with multiple customers with same IP range ?
    This is a complex scenario which requires a lot of planning and even testing. Having no boundaries will work, but all DPs are treated as slow/remote then and it's not possible to define which one will be used then.
    Torsten Meringer | http://www.mssccmfaq.de

  • ConfigMgr 2012 R2 and SQL Collation

    I am planning to install a new ConfigMgr 2012 R2 server and use SQL Server 2012 SP2.
    Does ConfigMgr 2012 R2 already support other SQL Collations than "SQL_Latin1_General_CP1_CI_AS"?
    In other System Center 2012 R2 products "SQL_* collations are being deprecated for their Windows equivalents" according to
    http://technet.microsoft.com/library/dn281933.aspx

    Generally speaking, no. There are two exceptions for use in China, see also:
    http://technet.microsoft.com/en-us/library/gg682077.aspx#BKMK_SupConfigSQLSrvReq
    My Blog: http://www.petervanderwoude.nl/
    Follow me on twitter: pvanderwoude

  • ConfigMgr 2012 R2 and managing clients in untrusted forest

    I have read documentations and I'm still not 100% sure what are the possible limitations in my situation. I have 2 AD forests without any trusts between them. I'm planning to deploy ConfigMgr 2012 R2 in forest A. I also have clients in forest B.
    I need to install operating systems via PXE, applications and windows updates to clients in untrusted forest. I'm also planning to support internet clients. 

    You can manage clients in un-trusted forests. This blog is a good place to start.
    http://blogs.technet.com/b/manageabilityguys/archive/2012/09/05/system-center-2012-configuration-manager-and-untrusted-forests.aspx
    Managing internet clients is called IBCM (Internet Based Client Management). You can read about it here
    http://blogs.technet.com/b/configurationmgr/archive/2013/12/11/a-closer-look-at-internet-based-client-management-in-configmgr-2012.aspx
    Gerry Hampson | Blog:
    www.gerryhampsoncm.blogspot.ie | LinkedIn:
    Gerry Hampson | Twitter:
    @gerryhampson

  • Domain Join to a specific OU based on Computer Name - ConfigMgr 2012 R2 / MDT 2013

    Hi all
    i need to build an OS deployment task sequence with ConfigMgr 2012 R2 and MDT 2013. my requirement is to be able to join a computer based on its computer name. there are three types of computers. Sales / Marketing and Technical. based on the prefix of the
    computer name i need to place them on 3 different OUs. Computer Names would be SAL1100, MKT1100 or TEC1100, i would like to refer first three characters of the computer name and the decided on which OU they need to be allocated to. 
    i would appreciate if someone could tell me how i can do this within my task sequence 

    I don't think you can accomplish this by using conditions. Instead I'd use the script that Jörgen provided. Here's an edit of that so that it would suit your environment requirements of the first 3 characters of the OSDComputerName:
    set env = CreateObject("Microsoft.SMS.TSEnvironment")
    sComputerName = env("OSDComputerName")
    threeChars = UCase(Left(sComputerName,3))
    sBuiltOU = "NOT_set!"
    If threeChars = "ABC" Then
    sBuiltOU = "LDAP://OU=ABC,OU=Computers,DC=DOMAIN,DC=COM"
    If threeChars = "DEF" Then
    sBuiltOU = "LDAP://OU=DEF,OU=Computers,DC=DOMAIN,DC=COM"
    If threeChars = "GHI" Then
    sBuiltOU = "LDAP://OU=GHI,OU=Computers,DC=DOMAIN,DC=COM"
    env("OSDDomainOUName") = sBuiltOU
    Wscript.quit
    Save this as 'SetOU.vbs' and create a package in ConfigMgr where you specify the source content to the location where you placed the script file. As Jason described, put a Run Command Line step right before Apply Windows Settings, use 'cscript.exe SetOU.vbs'
    as the command line and point to the package you created. This script assumes that the OSDComputerName variable is already properly populated with the correct computer name.
    Regards,
    Nickolaj Andersen | www.scconfigmgr.com | @Nickolaja

  • MDT Application Mapping in ConfigMgr 2012 questions.

    I have set it up. ZTIGATHER logs says its mapping my package LYNC but the package is not installing.
    I have "Gather" in "Capture User Files and Setting". Is this correct or should it be somewhere else in the TS?
    The blog
    http://blog.configmgrftw.com/mdt-application-mapping-in-configmgr-2012/ states:
    ZTIGather translates the Applications property list into a series of task sequence variables, one for every application in the list, named
    Application01, Application02, Application03, etc.
    4. Finally, the Install Applications task in the task sequence uses
    Applicationxy task sequence variables to install the applications from the ConfigMgr applications.
    Does anyone know if I need to set a variable? Or touch anything except the "Gather" task? The blog really dosent go into any detail at all bout setting up the "Gather" part at all.
    Entry from ZTIGATHER.log:
    OPENING TRUSTED SQL CONNECTION to server w8v-sccmpri1.domain.org. ZTIGather 4/4/2014 12:53:14 PM 0 (0x0000)
    Connecting to SQL Server using connect string: Provider=SQLOLEDB;OLE DB Services=0;Data Source=w8v-sccmpri1.domain.org;Initial Catalog=MDT;Network Library=DBNMPNTW;Integrated Security=SSPI ZTIGather 4/4/2014 12:53:14 PM 0 (0x0000)
    Successfully opened connection to database. ZTIGather 4/4/2014 12:53:14 PM 0 (0x0000)
    Only the first MACADDRESS value will be used in the stored procedure call. ZTIGather 4/4/2014 12:53:14 PM 0 (0x0000)
    About to issue SQL statement: EXECUTE RetrievePackages '18:03:73:4B:99:83' ZTIGather 4/4/2014 12:53:14 PM 0 (0x0000)
    Successfully queried the database. ZTIGather 4/4/2014 12:53:16 PM 0 (0x0000)
    Records returned from SQL = -1 ZTIGather 4/4/2014 12:53:16 PM 0 (0x0000)
    Property PACKAGES001 is now = 00100148:Java 6.24 ZTIGather 4/4/2014 12:53:16 PM 0 (0x0000)
    Added PACKAGES value from SQL:  PACKAGES = 00100148:Java 6.24 ZTIGather 4/4/2014 12:53:16 PM 0 (0x0000)
    Property PACKAGES001 is now = 00100148:Java 6.24 ZTIGather 4/4/2014 12:53:16 PM 0 (0x0000)
    Property PACKAGES002 is now = 0010014A:Microsoft LYNC 2010 ZTIGather 4/4/2014 12:53:16 PM 0 (0x0000)
    Added PACKAGES value from SQL:  PACKAGES = 0010014A:Microsoft LYNC 2010 ZTIGather 4/4/2014 12:53:16 PM 0 (0x0000)
    tconners

    I have set it up. ZTIGATHER Property PACKAGES001 is now = 00100148:Java 6.24 ZTIGather 4/4/2014 12:53:16 PM 0 (0x0000)
    Added PACKAGES value from SQL:  PACKAGES = 00100148:Java 6.24 ZTIGather 4/4/2014 12:53:16 PM 0 (0x0000)
    Property PACKAGES001 is now = 00100148:Java 6.24 ZTIGather 4/4/2014 12:53:16 PM 0 (0x0000)
    Property PACKAGES002 is now = 0010014A:Microsoft LYNC 2010 ZTIGather 4/4/2014 12:53:16 PM 0 (0x0000)
    Added PACKAGES value from SQL:  PACKAGES = 0010014A:Microsoft LYNC 2010 ZTIGather 4/4/2014 12:53:16 PM 0 (0x0000
    That should answer your question. The base variable is PACKAGES.
    Torsten Meringer | http://www.mssccmfaq.de

  • Direct Access 2012 R2 - Problems with Force Tunneling and other questions

    I have just setup a Direct Access 2012 R2 server in my network, 2012 domain and all Windows 8 clients. 
    Internal CA environment (no external CRL) using a public issued cert for IPHTTPS tunnel, 2 interfaces for the DA server, 1 internal and 1 in the DMZ behind a NAT firewall (1 public IPv4 address) and my test clients are connecting fine to internal resources.
    1.  When I enable Force Tunneling the clients no longer are able to access the external internet.  Is there anything I need to add to make this work?
    2.  I am having trouble with our Remote Desktop Session Hosts.  I can only assume it has something to do with the DNS  as we have our AD domain performing internal DNS of the int.contoso.com domain and public DNS performing for the external
    Contoso.com domain (RDWA etc).  DA has only int.contoso.com set as a DNS Name Suffix in the Infrastructure Setup.  Should I add the external contoso.com Name Suffix in there too?
    3.  I have a Kaspersky Security Center server for centralized AV admin, can I still push out AV updates to the clients that connect with DA.  Do I add my KSC server to the Management Servers list in the Infrastructure Server Setup page on the DA
    setup.   Does that list allow those servers to access the DA clients?

    Hi,
    Let's solve problems one by one. Force tunneling. When enabled, all network trafic from DirectAccess clients goes throught IPSEC tunnels. Just configure a proxy on your DirectAccess clients (with a FQDN of course) and your clients should be able to surf
    internet again.
    RDS : Depend. Where are your RDS servers registred internal zone DNS or external DNS zone. If a DirectAccess client cannot resolve a name it does not know if it has to go throught the tunnel. At last can you ping your RDS Server?
    Remote Management : Right. Adding servers in this list allow them to use the IPSEC infrastructure tunnel (computer established tunnel) without users being logged.
    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

  • Manage SCCM 2012 clients in DMZ (OS Deploy, Windows updates) via DP/MP

    Hi,
    We ’d like to manage (=OS Deploy, Packages,Windows updates) Windows clients (Windows 2008/2012 R2 servers for now, about 20 of them) in a DMZ (= different domain).
    There is this article
    https://nikifoster.wordpress.com/2011/01/31/installing-configmgr-clients-on-servers-in-a-dmz/ which explains what to do … in 2011. Since then lots of things are changed I guess
    Before I dive in, I’d need to have an overview + do some administrative tasks (like asking for firewall accesses).
    Current setup DMZ:
    Our SCCM 2012 R2 server is on a Windows 2008 R2 OS
    Client communication is done via HTTP (not HTTPS)
    An extra physical Distribution point is setup (only DP, nothing more) in our current domain
    A new Windows 2012 server is setup in the DMZ which should host the DP and probably management point (since it should manage the clients over there)
    There are clients in DMZ that are currenlty managed by SCCM 2007 but 
    this server will be phased out, these client have:
    Correct sccm functionality
    Correct DNS resolution
    My steps/questions, please comment:
    Add the DMZ ip range to SCCM 2012 boundary as “DMZ”
    Add the network access account to be able to deploy as well clients as distribution point in DMZ
    In the DMZ accesses on firewall for server VLAN have to be asked
    When we have a distribution point and communication is “HTTP only” then http (port 80) from DMZ to sccm server should suffice, correct? Or are
     extra firewall openings needed for management point access/packages and windows updates sync?
    Now the sccm clients will be deployed to the servers in DMZ: deploy SCCM clients to hosts in DMZ, how this should be done: we connect a console to the SCCM-server in the DMZ then deploy the discovered clients?
    OS Deploy should be made available, but no dhcp is available in DMZ and it is not an option either, therefore we would boot from an ISO then enter an ip (or pre-enter it so there is already filled in an ip?). So tasksequences/deployments
    for servers in DMZ, where are they configured/deployed then? Via console access on DMZ management point or can we deploy on our domain SCCM management point (not in DMZ) and it will be synced to the DMZ management point? Not clear
    Selective sync of software to this distribution point (howto? not sure), we don’t need any Windows 8 software/drivers to be synced.
    Thanks for your input!
    J.
    Jan Hoedt

    No comment;
    I think you mean the client push installation account and the site system installation account;
    More ports are required, see site server > distribution point and distribution point > management point from the provided link;
    The console will always be connected to your primary site server. The client will be pushed from the primary site server and it will provide the initial files. The other files will be downloaded from the local distribution point;
    The task sequence deployment will be just like a normal taks sequence deployment. The only difference is the location of the server;
    Only the content that's distributed to the distribution point in the DMZ will be available on that distribution point.
    My Blog: http://www.petervanderwoude.nl/
    Follow me on twitter: pvanderwoude

  • Windows 8.1 Update (with WinPE 5.1) ADK + SCCM 2012 R2 and WinXP

    Hello,
    I see new ADK version (8.1 Update) is released
    http://www.microsoft.com/en-US/download/confirmation.aspx?id=39982
    It contains WinPE 5.1 and new USMT (which version?), does it support migration from WinXP to Win7?
    Previously I used USMT5 (instead of 6.3) and modified WinPE 5.0 with bootsect.exe from WinPE 4.0 (from ADK 8.0) on SCCM 2012 R2 CU3.
    And can I use ADK 8.1 Update with SCCM 2012 R2?

    He does answer your question about the USMT version.
    The rest still applies in terms of XP support. See below.
    http://blogs.technet.com/b/mniehaus/archive/2014/01/09/migrating-from-windows-xp-to-windows-8-1-using-mdt-2013.aspx
    Yes, ConfigMgr 2012 R2 is supported.
    http://blogs.technet.com/b/configmgrteam/archive/2014/04/03/understanding-the-adk-for-windows-8-1-update-and-configmgr-osd.aspx
    Daniel Ratliff | http://www.PotentEngineer.com
    in the article I found:
    Windows PE version 5.1 is not needed for Configuration Manager and can actually be problematic if you try to use it. Windows PE 5.0 can continue to be used to deploy Windows 8.1 Update. There is a documented process to upgrade Windows PE to version 5.1,
    but this should be considered incompatible with Configuration Manager at this time.
    So for a new installation of SCCM 2012 R2 I can install ADK 8.1 update because in contains WinPE 5.0 and option to update to 5.1. And unclear about XP, it seems XP is not supported again.
    Also fourth release was in September 2014, but article was posted in April 2014.

  • SCCM 2012 R2 and Windows 8.1

    Hi,
    I have installed SCCM 2012 R2. SCCM client deployed on 10 PCs and I can explore Hardware resources on all PCs except 1 PC which is 8.1
    so my question now does SCCM 2012 R2 supports 8.1?
    Thanks,
    Kareem Behery

    Hi,
    Yes, ConfigMgr 2012 R2 supports Windows 8.1. Check the Windows 8.1 computer to make sure that the SCCM client is operational and sends in Inventory to the Site server. Inventpryagent.log file on the computer is a good place to start.
    Regards,
    Jörgen
    -- My System Center blog ccmexec.com -- Twitter
    @ccmexec

  • SCCM 2012 R2 and SQL

    I have Two Questions
    Should SCCM 2012 and SQL be installed on the same server?
    Should SCCM 2012 be installed on the OS partition or have its own? C: Server 2012 and D:SCCM 2012
    What size should my partition be for OS and SCCM either way?
    I have a server running esxi.
    One option I have would be to install SCCM and SQL on one (VM server) with Server 2012 OS. Its will be 8 processors and 32 RAM.
    Option two will be to split into two VM's One running SCCM 2012 with 4 processors 16 Ram and another VM running SQL with 4 processors and 16 RAM
    My environment is small, 3,500 users
    Thanks

    For the SQL question, you will probably get as many answers as there are ConfigMgr admins.  I typically co-locate SQL on the site server.  As long as enough CPU, disk, and memory resources are allocated, this should be fine.  Consider limiting
    SQL's maximum memory use to a reasonable amount based on the environment.  Many times the answer to the question depends on the environment and how database administration is handled.
    I just found a good article here:
    http://myitforum.com/myitforumwp/2014/12/20/why-you-should-not-use-remote-sql-server-with-configmgr-2012/
    For the disk partition question, I always install ConfigMgr on a separate partition.  Keep in mind that a distribution point will be installed as well.  You don't want content for ConfigMgr filling up the OS partition.  Use the no_sms_on_drive.sms
    file to prevent DP content from being stored on your OS partition.
    I am sure others will have advice as well.  Hopefully that helps.
    Jeff

  • SCCM 2012 R2 and folder SMSPCKSIG??

    Hello!
    My question is simple, SCCM 2012 SMSPCKSIG folder contains another folders and no more tar files, is a change in design?
    I' ve been looking for any article or doc in internet that explains this change but I don't find anything, please anyone can help me?
    Thanks!! 
    MCITP Exchange 2007, MCITP Windows Server 2008, MCSE Windows Server 2003 + Messaging

    This should explain all
    As of ConfigMgr 2012, Configuration Manager uses a new feature called Content Library that includes a feature for SIS / Single Instance Store. You can read more about it in the link provided by iainrobins above.
    Tim Nilimaa | Blog: http://infoworks.tv | Twitter: @timnilimaa

  • ConfigMgr 2012 R2 Deployment Using a SAN

    I am working on deploying a SCCM 2012 R2 Standalone Primary Site with a co-located CM12 SQL (aka "on box") database .
     I try to follow best practices as much as possible and I split up the drives to break up the CM12 SQL DB and Log files according to what I have researched. 
    I have 3 questions:
    First Question:
    I was then asked by the IT Manager of the company why I required so many drives to break up the SQL files if all the data will be held on the SAN anyway and I didn’t really know how to respond. 
    If a SAN is going to be used, why should I use multiple drives to break up the CM12 SQL site database files if they are just going to be contained on one SAN anyway?
    Second Question:
    This question relies on how the first question is answered. 
    If the consensus is to still use multiple drives to break up the CM12 SQL DB files (.mdf, .ldf, TempDB) should I use just one BIG .vhd and partition it, or use multiple VHD files?
    I did read that when virtualizing SQL you should use multiple Fixed VHDs. 
    Third Question
    How do I determine the size needed for the Content Library and would I need to use a Dynamic VHD for that?
    That's all I have. 
    Thanks a lot everyone. Your help is always greatly appreciated. 

    Thanks again Jason.
    I read this article here by Johan Arwidmark that seemed pretty interesting regarding sizing an SCCM 2012 using the SQLIO tool:
    http://www.deploymentresearch.com/Research/tabid/62/EntryId/115/Sizing-your-ConfigMgr-2012-R2-Primary-Site-Server.aspx
    Also, I used Kent Agerlund's nice lil Excel spreadsheet he put together that helps SCCM Admins with SQL sizing and he also provides an SQL script that will dynamically create the SCCM 2012 DB files (I think the .sql file was built by Microsoft) located here:
    http://blog.coretech.dk/kea/slides-and-scripts-from-the-system-center-2012-configuration-manager-r2-advanced-infrastructure-session-wcl307/
    So, putting your feedback along with their info, I can get a pretty good idea of what I need to get done. By the way, I am NOT a SAN guy by any means so this has helped. I just always want to make sure I have everything in order prior to deployment and receiving
    advice from multiple MVPs is golden. 
    Thanks again for your help, Jason. I really do appreciate it brother. 
    Also, if you two fellas happen to come across this thread, thank very much as well Johan and Kent.

  • How import or publish ConfigMgr 2012 client into WSUS

    Hi, I'm trying to deploy ConfigMgr 2012 r2 client through WSUS. But, I do not want to install SUP role on that WSUS server. What are my options.
    I've tried Local update publisher to publish ConfigMgr client to WSUS and it works but not as I expected.
    Whenever a client installs the ConfigMgr client from WSUS it downloads the client packages from DP and does not use the files available in the cab file. Is there a way to specify current directory as Source in ccmsetup switches?
    I see I am left with installing the pre-requisites as separate update then execute client.msi to install sccm client. But that's a pain.. Anybody have any ideas? 
    Kindly mark as answer/Vote as helpful if a reply from anybody helped you in this forum. Delphin

    Jason, That branch is not poorly connected. It has relatively lower bandwidth when compared with the centralized network. It can handle the client communication well and good. (I feel that I've not stated clearly in my previous reply)
    The real question that I currently have(No offence), if at all I want to use the WSUS server as the main source for client deployment, what are my options?
    Can I specify current directory as Source in ccmsetup.exe command line? (I don't see that can be done)
    I'm thinking of a Vbscript to install pre-requisites and execute client.msi with required switches, but this would be my last approach. Do we have any better approach to accomplish this?. 
    Kindly mark as answer/Vote as helpful if a reply from anybody helped you in this forum. Delphin

  • Account with an icon of a face and a question mark

    Same issue of other user in Yosemite Apple Support.
    Following advises on that thread I also installed the ETRECHECK software tool, report is as follows:
    Problem description:
    At the login screen I find an icon with a face and a question mark in it - with a message it needs an update.
    EtreCheck version: 2.1.5 (108)
    Report generated 02 gennaio 2015 12:37:26 CET
    Click the [Support] links for help with non-Apple products.
    Click the [Details] links for more information about that line.
    Click the [Adware] links for help removing adware.
    Hardware Information: ℹ️
      MacBook Pro (13-inch, Mid 2012) (Verified)
      MacBook Pro - model: MacBookPro9,2
      1 2.5 GHz Intel Core i5 CPU: 2-core
      16 GB RAM Upgradeable
      BANK 0/DIMM0
      8 GB DDR3 1600 MHz ok
      BANK 1/DIMM0
      8 GB DDR3 1600 MHz ok
      Bluetooth: Good - Handoff/Airdrop2 supported
      Wireless:  en1: 802.11 a/b/g/n
    Video Information: ℹ️
      Intel HD Graphics 4000
      Color LCD 1280 x 800
    System Software: ℹ️
      OS X 10.10.1 (14B25) - Uptime: 1:22:54
    Disk Information: ℹ️
      APPLE HDD HTS545050A7E362 disk0 : (500,11 GB)
      EFI (disk0s1) <not mounted> : 210 MB
      Recovery HD (disk0s3) <not mounted>  [Recovery]: 650 MB
      Macintosh HD (disk1) / : 498.89 GB (467.03 GB free)
      Encrypted AES-XTS Unlocked
      Core Storage: disk0s2 499.25 GB Online
      MATSHITADVD-R   UJ-8A8 
    USB Information: ℹ️
      Apple Inc. FaceTime HD Camera (Built-in)
      Apple Computer, Inc. IR Receiver
      Apple Inc. BRCM20702 Hub
      Apple Inc. Bluetooth USB Host Controller
      Apple Inc. Apple Internal Keyboard / Trackpad
    Thunderbolt Information: ℹ️
      Apple Inc. thunderbolt_bus
    Gatekeeper: ℹ️
      Mac App Store and identified developers
    Launch Daemons: ℹ️
      [loaded] com.adobe.fpsaud.plist [Support]
    User Login Items: ℹ️
      iTunesHelper Applicazione (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
      Dropbox ApplicazioneHidden (/Applications/Dropbox.app)
    Internet Plug-ins: ℹ️
      FlashPlayer-10.6: Version: 16.0.0.235 - SDK 10.6 [Support]
      Flash Player: Version: 16.0.0.235 - SDK 10.6 [Support]
      QuickTime Plugin: Version: 7.7.3
      Default Browser: Version: 600 - SDK 10.10
    Safari Extensions: ℹ️
      Pin It Button [Installed]
      Save to Pocket [Installed]
      Add To Amazon Wish List [Installed]
    3rd Party Preference Panes: ℹ️
      Flash Player  [Support]
    Time Machine: ℹ️
      Time Machine not configured!
    Top Processes by CPU: ℹ️
          14% WindowServer
          3% hidd
          2% Safari
          1% Dock
          0% fontd
    Top Processes by Memory: ℹ️
      333 MB com.apple.WebKit.WebContent
      155 MB mds_stores
      137 MB Safari
      137 MB Finder
      86 MB Dropbox
    Virtual Memory Information: ℹ️
      7.76 GB Free RAM
      4.88 GB Active RAM
      3.28 GB Inactive RAM
      1.26 GB Wired RAM
      4.73 GB Page-ins
      0 B Page-outs
    Diagnostics Information: ℹ️
      Jan 2, 2015, 11:15:06 AM Self test - passed
      Jan 2, 2015, 12:06:57 AM /Library/Logs/DiagnosticReports/Dropbox109_2015-01-02-000657_[redacted].cpu_res ource.diag [Details]
    ---------- is there any troubleshooting for delete that fake account every time I start my Macbook Pro?
    thanks and regards
    Edoardo

    Smiley face with a ? means a bootable system is not found.
    There maybe  a problem with either system software or hard drive itself.
    Try this.
    Repair Disk
    Steps 2 through 8
    http://support.apple.com/kb/PH5836
    Best.

Maybe you are looking for

  • Write Permission Error Save for Web Adobe CC 2014

    Upon downloading and installing the recently released CC '14 apps, I've run into a problem with Photoshop CC 2014. When I click "save for web" in the file menu, it returns an error message of "The operation could not be completed. A write permissions

  • Looping through HUGE directory - How to do so most efficiently?

    Hello, I have a HUGE directory (200k files or so) - currently I'm using the below method to read the file names and place the results into a map. However, this is on a windows box and to run the class that uses this, I have to increase the memory usa

  • Dunning on profit center level

    I have following situation: I have customer which have 4 open items relevant for dunning. The difference between then are the profit center. If I run the dunning and use free selection profit center the system selects only 2 items (correct). However

  • In  tcode   ME2o SC Stock monitoring for vendor  for creating delivery

    hi This scenario in AFS for creating , for creating delivery in  tcode   ME2o SC Stock monitoring for vendor,  for creating delivery iam getting error like this Essential transfer parameters are missing in record:  000001., Depending on the category

  • How to read and parse a remote XML file with Java

    Hi. Using J2SE v1.4.2, I'd like to read and parse a remote file: http://foo.com/file.xml Is it possible with Java? I'd be extremely grateful if someone could provide me any webpage showing a very simple code. Thank you very much.