As we have seen in previous articles [1] or download [2] it is now very simple to add Patch Compliance trending to your Symantec Management Platform. 

However the solution provided operates outside of the Symantec Management Console. So we will look at how to integrate the Patch Trending site and graphs into the Management Console, to further simplify management and increase visibility over the patch compliance trends.

In Part I  we'll integrate the site full trending into the management console [3].

In Part II (this article) we'll integrate the charts into the Management Console right click options, so anytime you right click on a bulletin you can access the charts.

Part II: Integrating the Patch Trending charts into the Management Console

Did you know that it IS possible to monitor web traffic using the SEP firewall? In this article, I will show you how to monitor web traffic using the SEP firewall.

Before we get started there are a couple of things you should be aware of:

1. While the SEP firewall can handle this task, Symantec Web Gateway is a better fit if you need to do this permanently
2. Monitoring web traffic will not work correctly if your web traffic goes through a proxy server. SEP cannot differetiate between proxied and non-proxied traffic. Another reason why SWG works better for this task.

With that in mind, let's get started.

Request: Monitor web traffic (port 80 and 443)

Solution: Configure the SEP Firewall to handle this task

The first step is to create a new network service for 80/44 traffic

Login to you SEPM and navigate to Policies >> Policy Components and highlight Networks Services. Under Tasks click Add a Network Service...

Type in a Service Name (Web Traffic) and click Add...

Leave the Protocol at TCP and add 80,443 in the Remote Port line. Click OK

You should see the following:

One that is created, we can move on to adding a rule to the SEP firewall to monitor the traffic

Go into the Policies page and highlight the Firewall policy. Add a Firewall policy and give it a name (Monitor Web Traffic)

Click Add Rule...

Give the rule a name (Log_Web_Traffic)

Select the radio button for Allow Connections

Select the radio button for Only the applications listed below: and click Add...

Enter iexplore.exe in the File Name field and click OK. You can add more browser names if you wish.

Click Next

Leave the radio button checked for Any computer or site. Click Next

Now, we need to select our newly created network service. Check the radio button for Only the communications selected below:

Put a check in the Web Traffic box and click Next:

Select the radio for Yes to create a log entry when the rule is matched. Click Finish and make sure the new rule is at the top of the stack.A ssign the new policy to the groups you want to monitor traffic on and ensure the clients get the new policy.

Once clients start browsing, you can verify the rule is working by checking the logs on the SEPM. Monitors >> set Log type to Network Threat Protection, set Log content to Traffic. Edit any advanced settings that you want and click View Log

You will get a log similar to the below screenshot:

You will likely need to highlight one of the lines and select Details to get more granular. Here we get a better view:

So there you have it. Monitoring web traffic using the SEP firewall. It's really just a quick and dirty way to do it if you need something temporarily. Hopefully this has been helpful for you.

This could be encountered in NetBackup versions 7.1 and higher where Automated Image Replication (AIR) is used. All versions of PureDisk 6.6 and higher when used in a PDDO (PureDisk Deduplication Option) configuration may also be affected.

A new Technical Article has been published today that discusses a number of possible causes and solutions for the source and target storage pools not being the same size, which has been a cause for concern for some NetBackup customers:

http://www.symantec.com/docs/TECH212537

Steve Murphy
Support Knowledge Engineer
NetBackup Support - Symantec Corporation
go.symantec.com/nb

Most of the organizations use SCCM to deploy Third party software, OS patches etc to endpoints.It’s a very tedious process for the SCCM admin to verify if all the endpoints are 100% compliant.

I would like to present a solution where you can ensure whether the SCCM agent is running / services are enabled / disabled. Depending on the result it can start the services or download the installation files and locally install the SCCM agent on the endpoint.

So here is how SNAC can help you tackle this problem.

The best part is this requires no Hardware enforcers or DHCP software plug-in to be configured.

Pre-requisites:

1.           Make sure your SEPM 11 / 12 is SNAC ready. In Policies Tab you see Host Integrity Policy option, if not you can add SNAC.xml file to the License folder in SEPM.

Note: Please restart SEPM services, on adding SNAC license.

2.           Ensure SEP is functioning properly on endpoints.

3.           Create an HI policy and assign it to groups

4.           Copy the required SCCM agent installation files to a shared network folder or an internal Http / FTP site

Let's see how to create an HI policy, to check if SCCM agent is installed / disabled / stopped / uninstalled.

1.      Login to SEPM

2.      Click on Policies and select Host Integrity

3.     On the Right Pane, right Click and Select “Add”

4.      Enter a description for the policy

5.      Click on “Requirements”

6.      Click on “Add”, select “Custom requirement” and click“OK”

7.      Click on “Add” and select “IF... THEN”

8.      Check for services “ccmexec” and “bits” if running on endpoint

o   On the right pane, In Select a condition --à Scroll and select “Utility: Service is running”

o   Under “Check if the following service is running” --à Enter the Service name  “CcmExec”

9.      On the Left Pane - check for another service

o   Right Click on “Utility Service is running”

o   Click on “Add”

o   Click on“AND”

10.   On the right pane

o   In Select a condition --à Scroll and select “Utility: Service is running”

o   Under “Check if the following service is running” --à Enter the Service name  “BITS”

11.   On the Left Pane ---àclick on “THEN” --àEnter the comment “SMS agent is running”

12.   On the Left pane, Click on “THEN” comment“SMS agent is running” --à click“ADD” --àSelect “Return”

13.   On the right pane, select “Pass”

Note:   If both the services are running on the endpoint the HI policy will “Pass”.

If both the services / either service is not running the HI policy will “Fail”.

If the services are disabled, we can start the service via HI policy.

If SMS agent is not installed, we can download the files and execute locally via the HI policy.

Restart of SCCM services – Disabled / stopped

14.   On the left Pane, click on “THEN” click on “Add”  and select “Else”

15.   Enter the comment “Start SCCM service”

16.   Click on “Else --->Comment ---->Start SMS service” click on “Add” click “Function” and select“Utility: Run a program”

17.   On the Right Pane, under specify the command type “net start bits”

18.   Click on “Add” click “Function” and select“Utility: Run a program”

o   On the Right Pane, under specify the command type “net start ccmexec”

Installation of SCCM Agent

19.   Check for services “ccmexec” and “bits” running on endpoint.

o   On the left pane click on “Utility: Run a program” click on “Add” click on “IF…..THEN”

20.   On the right pane

o   In Select a condition --à Scroll and select “Utility: Service is running”

o   Under “Check if the following service is running” --à Enter the Service name  “ccmexec”

21.   Add an check for another service

o   In Select a condition --à Scroll and select “Utility: Service is running”

o   Under “Check if the following service is running” --à Enter the Service name  “bits”

22.   Click on “THEN” and insert a comment “SMS agent is running”

23.   On the Left pane, Click on “THEN” comment“SMS agent is running” --à click“ADD” --àclick  “Return” and select“Pass” on the right pane

Note: If the services are not running / the agent is not deployed. Initiate installation files to be downloaded from an ftp / network shared folder and be executed locally.

24.   On the left Pane, click on “THEN” click on “Add”  and select “Else”

25.   On the Left Pane ---àclick on “ELSE” --àclick on “Add” --à click on “Function” and select “File: Download a File”

o   Under “Download the file” provide path to download the files and provide a “Target folder” locally to copy the files

Note: copy all the SCCM agent installation files ( MHosts.vbs, ccmclean.exe, ccmdelcert.exe, cmsetup.exe, delete.cmd, excluded.txt, local.vbs, lmhosts, sleep.exe, Trace32.exe, UI_local.cmd) to  %systemroot%\system32 folder

Execute the script: Cscript local.vbs

As per the screenshot above, customer created a bat file. It contained a script to copy the installation files and execute (Cscript local.vbs) locally

Click on “Add” --àclick on “Function” and select “Utility: Run a Program”

o   Under“Specify the command” enter the command “c:\temp\sccmagent.bat”

26.   On the Left pane, Click on “Utility: Run a program ” click“Add” click “Return”

o   Select “Pass”

Veritas Cluster Server from Symantec keeps your most important applications running 24x7 with no manual intervention and automates your disaster recovery plans with predictable results and efficiency. Cluster Server provides a foolproof solution for detecting risks to application availability and automates the recovery of applications for high availability and disaster recovery.

According to the previous article:

https://www-secure.symantec.com/connect/articles/i...

then, on this article, we will have a step-by-step guide to show how to install Veritas Cluster Server on Windows.

1. Launch VCS for Windows installer, choose 'Install Veritas Cluster Server' --> 'Complete/Custom'

2. On the Welcome page, click Next

3. Accept the license, then click Next

4. Add the license file, then click Next

5. Select server components and client components, then click Next

6. In the 'System Name or IP' field, input the hostname or IP address that need to install the VCS, after click Add, the installer will start to the discover and verify the hostname or IP address

7. After verify all the system, the VCS will be ready for install

8. Click to choose 'Automatically reboot systems after installer completes the operation', then click Next

9. Click OK the popup notification

10. The installation starts

After several minutes, the installation will finish and reboot all the system.

Symantec Management Platform 7.5 Red Hat Patching

1.      Configuration

2.      Initial Setup

3.      Policy Creation

4.      Agent Commands for Linux

Configuration

Assumptions:  SMP is configured properly, resides on domain, and sites are setup.

1.      Create an administrator account with Red Hat.  www.redhat.com

2.      In the Symantec Management Console select Home, Patch Management, Red Hat Linux. Under Settings select Remediation.

3.      Go to the Red Hat Network tab and type in the credentials from step 1.

4.      Use your company standards for the Software Update Options, Policy and PackageSettings and Programs tabs.

5.      Under Settings select Installation and Notification. (This is a default policy. If you have Development, QA, Test and Production Linux systems you may want to create a policy for each.)  Set the policy per your company standards.

6.      Under Settings select MetaData Import Task.

Note: Base channel for the first import must be selected for all required major updates. (You don’t have to select all child channels, also dependency resolving will not work without a base channel.)

Save changes and Select Import channels.

7.      Setting a schedule to import MetaData from Red Hat.  Under Task Status select New Schedule and create the schedule.

Initial Setup

1.      Log into Red Hat website to ensure you see the SMP reporting to Red Hat.

Select Customer Portal, Subscriptions, RHN Classic, Registered Systems.

For each Channel you selected in step 6 there will be a separate entry.

2.     Select each system. Than select Alter Channel Subscriptions.

3.    Ensure all channels are checked

Policy Creation

1.       In the Symantec Management Console select Home, Patch Management, Red Hat Linux. Under Software Updates select Errata.

2.      Select the Bulletin and right click.  Select Distribute Packages. 

The bulletin will be applied to the default filter discussed in Configuration step 5.   Select the appropriate filter and select Next.  Select the advertisements and select Distribute software updates. 

Agent Commands for Linux

Solution   http://www.symantec.com/business/support/index?page=content&id=TECH29115

# ./aex-bootstrap -h
aex-bootstrap - Usage:

        aex-bootstrap [options]

   Version 2.0.

This program will get all files at a URL/NS Package into the specified directory. It can also be used to download a file from a URL (see -onefile option). When started with no NS/URL argument, configuration must be provided in an XML file present in the same directory, or (in the case of a automatic reschedule) at one of the standard locations.

Generic options:

·         --help, -h -   Display this usage information and exit immediately.

·         -v -               Display Agent's full version and name.

·         --version -    Display version of the application.

Specific options:

·         <NS|URL> - arg 1 = name of Notification Server, URL of a package or file. If the Notification Server is configured to work with the non-default port, it is desirable to provide the full URL info. Example: https://www.altiris.com:3476 -test - output version

·          

·         -dir <dir> - specify Agent installation directory

·         -speedlimit <N> - limit download to n KB/sec

·         -onefile - URL is for a single file, download to current directory, no other action.

# ./aex-configure -h
Altiris Agent for UNIX and Linux Configuration utility.

Usage:

·         aex-configure [options]

·         aex-configure <command> [command-options]

Options:

·         --help, -h -   Display this usage information and exit immediately.

·         -v -              Display Agent's full version and name.

·         --version -   Display version of the application.

Commands:

·         -clean         Remove aex-configure created files prior to uninstall.

·         -configure  Automatically configure/upgrade an installation from an XML config file.

·         -iconfigure  Interactively configure/reconfigure an installation ignoring any XML file.

·         help           Display help on the specified command

Run 'aex-configure help <command>' to learn more information on how to use certain commands.

# aex-diagnostics -h
Agent diagnostics tool - Usage:

        aex-diagnostics [options]

Collect diagnostics information from the agent and its plug-ins

Generic options:

·         --help, -h -   Display this usage information and exit immediately.

·         -v -              Display Agent's full version and name.

·         --version -   Display version of the application.

Specific options:

·         -com -           Diagnose the default set of plugins

·         -com <ids> - Diagnose the specified components

·         -log -             Dump the contents of the log file

#./aex-env

No parameters

#./aex-filesurveyor -h
FileSurveyor Utility

  Usage: ./aex-filesurveyor [options]

  Options:
       --help, -h, -? : Display this usage information and exit immediately.
       -v : Display full version and name information.
       --version : Display version of the FileSurveyor Utility.
       -c <config file> : A user-specified cfg file name
       -f : Set file mode
       -m : Enables scanning of the mounted partitions (by default disabled) - NOTE: This option has not been implemented.
       -p : A user-specified product file
       -x <dir1>...<dirN>] : Specify a list of directories to be excluded during the scan
 

# aex-helper -h
Usage:

·         aex-helper [options]

·         aex-helper <command> [command-options]

Command line utility for working with Altiris Agent for UNIX and Linux.

Options:

·         --help, -h -   Display this usage information and exit immediately.

·         -v -               Display Agent's full version and name.

·         --version -    Display version of the application.

Commands:

·         adddep      Register dependencies between solutions.

·         agent         Perform various tasks with the UNIX Agent.

·         changerc   Change properties of registered RC services.

·         check        Check whether the Altiris Agent for UNIX and Linux is running.

·         clean         Clean items from the XML registry.

·         help          Display help on the specified command.

·         info          Query agent for various information.

·         installrc     Install and register RC scripts.

·         link           Create wrapper scripts and links for libraries and executables.

·         list            List objects in the Agent's registry.

·         query       Query agent for various information.

·         rc             Start, stop and list registered RC services.

·         register     Add an object to the Agent's registry.

·         uninstall     Uninstall solutions.

·         uninstallrc  Uninstall RC scripts.

·         unlink        Remove wrapper scripts and links for libraries and executables.

·         unregister  Remove object from the Agent's registry.

·         upgrade    Upgrade Notification Server Agent Plugin.

Run 'aex-helper help <command>' to learn more information on how to use certain commands.

# aex-mkmanifest -h
Manifest File utility - Usage:

        aex-mkmanifest [options]

Create an SWD manifest file for a directory.

Generic options:

·         --help, -h - Display this usage information and exit immediately.

·         -v - Display Agent's full version and name.

·         --version - Display version of the applications.

Specific options:

·         -o <file> - Write output to <file> (defaults to ./aex-manifest.xml)

·         -s <dir> - Base directory for scanning (defaults to the current dir)

# aex-pluginmanager -h

Altiris Agent for UNIX and Linux Core

Usage:

·        aex-pluginmanager [options]

Manages plug-ins, which do all the job.

Generic options:

·        --help, -h - Display this usage information and exit immediately.

·        -v - Display Agent's full version and name.

·        --version - Display version of the application.

Specific options:

·        -F - Work in the foreground mode

·        -D - Work in the background mode (default)

·        -nm - Do not start the monitor

·        -nc - Do not check if the agent is already running

# aex-refreshpolicies -h

Refresh policies from the Notification Server.

Usage:

·         aex-refreshpolicies

·         aex-refreshpolicies [options]

Options:

·         --help, -h -  Display this usage information and exit immediately.

·         -v -             Display full version and name information about Agent.

·         --version -   Display full version of the Agent.

# aex-sendbasicinv -h

Send the basic inventory to Notification Server.

Usage:

·         aex-sendbasicinv

·         aex-sendbasicinv [options]

Options:

·         --help, -h -   Display this usage information and exit immediately.

·         -v -               Display full version and name information about Agent.

·         --version -    Display full version of the Agent.

# aex-swdapm -h
Software Delivery Advertised Package Manager - Usage:

·         aex-swdapm [options]

Manual execution of Notification Server tasks and installation of packages.

Generic options:

·         --help, -h -    Display this usage information and exit immediately.

·         -v -               Display Agent's full version and name.

·         --version -    Display version of the application.

Specific options:

·         -np - Do not use paging mode, list all tasks at once.

# ./aex-uninstall -h

aex-uninstall": usage: aex-uninstall" [-f]
        -f force remove, do not ask to continue

# ./rcscript -h
rcscript: usage: rcscript: [start|stop|restart|status]

Hi Connect,

It has been in discussion since long, which would be best for environment. Choice between legends  have been concern of corporates. 

Attached are comparison sheet for Backup exec and NetBackup. Have outlined feature sets which i've worked till far and as per Product documentations.

Feel free to comment for your views to improve the same.

Best Regards

AD (Active Directory) is part of the system state of a DC (domain controller).  When you back up the system state of a DC, the AD also gets backed up.  The BESA needs to be a domain admin in order to backup the system state of a DC because of AD.

Method 1 - Backup and Restore the entire AD

All you need to back up the system state of a DC which includes AD is a RAWS licence.  No additional licence is required.   You need to install the remote agent on the DC to do the backup.

With this method, you cannot selectively choose an AD object to restore.  You either restore the entire AD or not at all.  Suppose the id of a VIP is accidentally deleted and it needs to be restored.  If the last good backup of a DC is done last night and this backup has the VIP id, then you can do an authoritative restore of the AD to roll-back AD to the state it was at the time of the DC backup.  All the changes made to AD since the backup would be lost, e.g. if someone changes his password after the DC backup, it will be lost and he will have to use his previous password.  The changes lost by reverting AD to the time of the DC backup may be minimal if the AD is not active or the DC backup is not far back from the present.  However, if the backup of the DC is done some time ago, then the information loss caused by reverting the AD to the time of the DC backup may not be acceptable.  Thus, if you are using this method, make sure that the backups of your DC is frequent enough so that the information loss caused by reverting AD to the time of the DC backup is minimised.

To learn more about authoritative AD restore, read the Preparing for Disaster Recovery chapter of the Admin Guide.

Method 2 - Backup and Restore a single AD object for one DC

Suppose your AD is very active and any information loss like that described in Method 1 is not acceptable, then you would need the capability to restore each individual AD object.  To have this capability, you would need to purchase an ADRA (Active Directory Recovery Agent) licence for BE 2010 and below, or an Agent for Applications and Databases licence for BE 2012.

With the proper licence installed, you would be able to do GRT restores of AD.  When you expand the system state backup of the DC, you would be able to see the individual AD objects, like a user-id, and you can select this object to restore to the DC.  Note that in this scenario, I am assuming that you have purchased only one ADRA or Agent for Applications and Databases licence.  You would have to designate a particular DC to have the capability of GRT restore for AD.  For the other DC's, you would have to manually turn off GRT for AD.  Otherwise, you would be in violation of licencing terms.  For example, for BE 2010, you would edit the backup jobs for the other DC's and use this dialog to turn off GRT for AD.

This method takes advantage of AD's ability to replicate changes from one DC to another.  If there are a lot of DC's  in the domain and/or a geographically dispersed or busy network, then this replication may take some time.  For example, a VIP's user-id is accidentally deleted at a remote site which is in the same domain as the main office.  When the deleted user-id is restored onto a DC in the main office, it will take time for it to be replicated to the DC at the remote site.  This delay may not be acceptable because until the user-id is replicated to the remote site, the user cannot logon to the domain.  It is not possible to speed things up by restoring the user-id to the DC on the remote because the user-id is part of the AD from the DC in the main office and it can only be restored to that particular DC.

Note that for this method, the other DC's AD would still be backed up using Method 1.  This is for redundancy, in case the DC with the AD GRT fails and its AD backups are no good.

Method 3 - Backup and Restore a single AD object for every DC

To avoid the AD replication delay described above, each DC would need to have GRT restores of its AD.  In this case, you would need to purchase an ADRA (Active Directory Recovery Agent) licence (for BE 2010 and below), or an Agent for Applications and Databases licence (for BE 2012) for each DC.  With these licences, if a VIP user-id is deleted at the remote site, it can be restored to the DC at the remote site and it is accessible immediately.

Summary

Method 1 - This is the cheapest option because only a RAWS licence is required.  The disadvantage is that the entire AD needs to be restored to recover any AD object.

Method 2 - Only 1 ADRA (Active Directory Recovery Agent) licence (for BE 2010 and below), or an Agent for Applications and Databases licence (for BE 2012) is required for each domain.  There will be a delay for the restored AD object to be propagated to all the DC's in the domain.

Method 3 - 1 ADRA (Active Directory Recovery Agent) licence (for BE 2010 and below), or an Agent for Applications and Databases licence (for BE 2012) is required for each DC in the domain.  The advantage of this is that the AD object can be restored to which DC that it is required.  Most installations will not require this extra AD recovery speed and Method 2 would suffice.

The following process is a guide on how to migrate endpoints from previous versions of Altiris to Symantec Management Platform 7.5 utilizing a side by side infrastructure method.  (Version 6.x current and Version 7.5 future)

Assumptions:  The Symantec Management Platform has been installed, properly configured and endpoints are reporting to Notification Server 6.x platform.

1.       Download the launchclean.vbs file to the NSCap share on the version 6.x server.

2.       Download the agent_clean.bat file to the NSCap share on the version 6.x server.

3.       Located and copy AeXNSC.exe from the Altiris 7.5 server.  Paste the file to the Altiris share (NSCap) on the version 6.x server.

Ensure all three files are in the same directory folder.

Explanation of the files:

1.       The launchclean.vbs file will create a new directory on the local machine (C:\Windows\Source\Altiris7Migration) and moves the files from the Software Delivery Package (Created later in this document) to this new directory.  This is done because we will be uninstalling agents, deleting registry entries and deleting directories and files. (Including the Software Delivery folder) It will than run the agent_clean.bat file.

2.       The agent_clean.bat file will stop the Altiris Agent Service, uninstall subagents, uninstall the Altiris Agent, delete files, delete registry entries and install the new Altiris 7.5 Agent.

****Right click on the agent_clean.bat file and select Edit.  At the bottom replace servername with the name of the SMP 7.5 server.****

C:\WINDOWS\SOURCE\Altiris7Migration\aexnsc.exe /install /ns="servername" /nsweb="http://servername/Altiris" NOTRAYICON /s  >> C:\Windows\Source\Altiris7Migration\myaexnsc.log

3.       AeXNSC.exe is the new agent file that is utilized by the agent_clean.bat file to install the new agent.

Notes:  The GUIDS found in the agent_clean.bat are registry GUIDS and not Altiris GUIDS.  These GUIDS are specific to the version of Altiris and the version of the subagents.  (multiple entries are utilized to ensure the subagents are uninstalled)

If a subagent has not been uninstalled search the registry and find the GUID:

****Software Inventory Agent utilizes the same msi or GUID as the Altiris Software Update Agent.  When  the Software Update Agent  is removed  the Software Inventory Agent will be removed.

The agent_clean.bat uses the /va switch to remove registry. (this keeps the folder structure) This is important to understand because you may find entries of the old NS server name or ip in the registry.  Issues can arise from having these types of old entries.  To remediate the potential issue utilize only the /f as the registry is rebuilt by the new agent installation.

For more information on registry delete you can find it here. http://technet.microsoft.com/en-us/library/cc742145.aspx

Creating Altiris Notification Server 6.x Software Delivery

1.       Open the Notification Server 6.x console.

2.       Select the Resource tab, Select Resources, Software Management, Software Delivery Packages

3.       Right Click Windows and select New, Software Delivery Package.

4.       Fill in the required fields.  The Package Location is where the files were saved in steps 1,2 and 3 above. (NSCap)

5.       Select the Programs tab

6.       Fill in the required fields.  Make changes to the configuration in accordance with company policy.  Ensure the command line is cscript “launchclean.vbs”.

7.       Select Apply.

8.       Select Update Distribution Points.

9.       From the Altiris Console select the Tasks tab.

10.   Select Software Management, Windows.

11.   Right Click Software Delivery Tasks, Select New, Select Software Delivery Task.

12.   Name the Task.

13.   Click Select a Package and select the package form the list.  The program will auto populate.

Blank Template:

14.   Select the Collection.

15.   Create the schedule.

16.   Enable the Task

17.   Click Apply.

Test Template:

18.   Log into the managed endpoint and check the registry for old NS server information, ensure all old files have been removed, open new SMP 7.5 agent and ensure agents and subagents are installed and the agent is communicating with the SMP.

Source Files provided by Intuitive Technology Group            

As the 7.1.2 MP1.1 v7RU Console does not contain any reports that display this information, the following two queries will help you achieve this goal:

-- display all privileges associated with one (or more) security roles.

declare @my_role varchar(max)
-- set @my_role='%Security Role%'
set @my_role='symantec admin%'

    select vsr.name [Role],
        v5.name [Solution], spdg.NameRef [Privilege Type], sp.Name [Privilege]
        -- , st.Trustee
    from SecurityRole vsr
        left join SecurityPrivilegeTrustee spt on spt.TrusteeGuid = vsr.TrusteeGuid
        left join securityprivilege sp on sp.guid = spt.PrivilegeGuid
        left join securityprivilegedisplaygroup  spdg on spdg.guid = sp.DisplayGroupGuid
        left join vitem v5 on v5.guid = spdg.Solution
        -- left join SecurityTrustee st on st.guid = vsr.TrusteeGuid
    where vsr.name like @my_role
    order by [Role], [Solution], [Privilege Type], [Privilege]

-- for a given security role
-- display all the non-inherited security permissions.

declare @my_role varchar(max)
-- set @my_role = '%Security_Role%'
set @my_role = 'symantec admin%'

    declare @c1 table (
        zRole varchar(max),
        zGroup varchar(max),
        zPerm varchar(max),
        zInherited int,
        zguid uniqueidentifier,
        zItemName varchar (max),
        zClassName varchar (max),
        zParentGuid uniqueidentifier
        )

    -- get all the "easy" stuff abou each item.
    insert into @c1
    select sr.Name, spdg.NameRef , sp.name,
        sa.Inherited,  sa.Entityguid,
        v1.name, c.Type, vif.ParentFolderGuid
    from
        SecurityRole sr
        left join SecurityTrusteePermission stp on stp.TrusteeGuid = sr.TrusteeGuid    
        left join SecurityPermission sp on sp.guid = stp.PermissionGuid
        left join SecurityPermissionDisplayGroup spdg on spdg.guid = sp.DisplayGroupGuid
        join SecurityACENonResource sa ON sa.TrusteePermissionId = stp.[Id]
        left join vitem v1 on v1.guid=sa.Entityguid
        left join class c on c.guid = v1.ClassGuid
        left join vItemFolder vif on vif.ItemGuid = sa.Entityguid
    where sr.name like @my_role
        and sa.Inherited = 0

    -- select * from @c1 c1

    -- now include the path to the item, this is faster after limiting to just non-inherited permissions
    select
        c1.zRole [Role],
        (SELECT v2.name + '; '
        FROM FolderBaseFolder fbf
            left join vitem v2 on v2.guid=fbf.ParentFolderGuid
        WHERE fbf.FolderGuid = c1.zParentGuid
            and fbf.ParentFolderGuid <> '00000000-0000-0000-0000-000000000000'
        ORDER BY fbf.depth desc
        FOR XML PATH('')
        ) AS [Path],
        c1.zItemName [Item],
        -- c1.zClassName [ItemClass], c1.zguid [ItemGuid],
        c1.zGroup [Permission Type], c1.zPerm [Permission]
    from @c1 c1
    group by c1.zRole, c1.zGroup, c1.zPerm, c1.zItemName, c1.zguid, c1.zParentGuid, c1.zClassName
    order by c1.zRole, [path], c1.zItemName, c1.zGroup, c1.zPerm

script_end:
    delete @c1

Archiving

Backup

• The Enterprise Vault Server
• The Vault Store partition data
• The index data
• The SQL Server databases
• The Exchange Server

SQL Maintenance

Storage Expiry

Shortcut Expiry

Conclusion

As a Disaster Recovery and High-Availability Consultant, I've participated in several disaster recovery exercises, for different customers in different industries, most of them large financial institutions, that are severely regulated here in Brazil and, I believe, all around the world.

Regulated or not, everyone should test their DR plan from time to time, to ensure it's ready and will work in case of a real need, no matter if your DR plan for a specific system/application is based on backup/restore, local clustering, cold backup site (data is replicated to remote site) or a sophisticated metro/geo clustering technology.

Exercising is the only way to ensure that your DR plan is likely to work when needed! Really?

DR exercises have their own associated risks, and usually are very costly, involving a lot of people, and is time consuming too. Because of that, they cannot be done every day/week/month, by almost any company. Normally, a DR exercise is scheduled annually, semiannually, or quarterly at most.

Meanwhile, lots of different things happen in the whole infrastructure, either on active and passive systems: OS and applications are updated, configurations are adjusted, hardware is upgraded or changed, storage areas are allocated or reallocated, network and storage switches receive new/changed configurations, and so on. The safest thing to do is to redo the DR tests on every single small change done on the environment, for all affected or likely affected systems and applications. That's unfeasible, impossible!

So, that’s where regular DR exercises take place, to TRY ensure that everything that happened in between has not affected the ability to activate the DR infrastructure when needed, either if the DR is automated or not. If something doesn’t work as expected during the DR exercise, it’s fixed right away.

I’ve seen lots of different situations taking place during complex DR exercises. I don’t really remember a quarterly exercise that happened exactly as expected and every single thing went fine (I’m not saying it didn’t happen at least once, I just don’t remember that).­

• I saw restores not working because backup was being done in the wrong way or tape/media damaged;
• Primary systems not been able to offline application or OS gracefully;
• Passive nodes on local clusters not able to start the application by many different reasons;
• Replicated data missing or corrupted on DR site so application didn’t started;
• Customers forcing application to start on passive nodes and corrupting data because part of the volume was missing;
• Application that have been left running on DR environment for months, because could not failback to primary datacenter and, could not be fixed during the DR exercise window.
• And other things too.

Doesn’t matter which hardware or application vendor you are using, almost anything can go wrong during a DR exercise causing frustration, downtime, high costs and in the worst case, data loss.

Getting back to the quote I did on the third paragraph, “exercising is the only way to ensure that your DR plan is likely to work when needed”, that’s unfortunately true but, Symantec has a tool that is able to, unobtrusively and with no impact on the environment, automatic validate thousands of different conditions that can lead a DR strategy or a DR exercise to fail or do not achieve the expected results. Remotely scanning, from storages, to hosts, to specific applications, automatic discovering DR specific configurations, and comparing them to a list of more than 5000 different gaps (and constantly increasing), it can report on almost any condition that can lead a DR to fail. Also, it helps educating the different administration teams showing, for each trouble ticket, the gap/issue found, why it’s wrong or misconfigured, the impacted systems/applications and business services, where is the gap on the structure (including a detailed graphical view), how to fix it, why to fix it and the expected results.

Symantec Disaster Recovery Advisor (DRA) is a powerful tool that works for Symantec and non-Symantec DR infrastructures. It shifts the maturity of your company, taking it from a reactive state, where you wait for the issues to come and fix them, to a proactive state, where you got alerted for the hidden issues on the infrastructure that can impact the ability to execute DR succesfully - don’t matter if it is a local cluster failover, a replicated environment (either by storage, or by application, like Oracle DataGuard), a complex metro/geo cluster, if it’s synchronous or asynchronous, DRA understand them all.

It’s now on version 6.2 so, has a lot of market experience and maturity. A customer that had a recent failure on a DR exercise of a critical financial application, was the first time I saw DRA in action and let me understand the business value of the tool. It was the second time in a row that the semiannually DR test for that specific application failed, despite the huge investment to keep that application high-available. Gartner says that 80% of mission critical downtime is caused by people and process, and that is exactly the case. This environment was not secured by Symantec High-Availability tools but actually, it wasn't goint to matter, because from the configuration issues found during the DR exercise, most environmental (storage, network, OS kernel parameters), it would have failed with Symantec tools (Compared to native cluster and replication tools, VCS has aditional checks to ensure is right configured and can control the application, but doesn't go that deep to ensure the infrastructure as a whole).

The point is, customer did the semiannually DR exercise, found a lot of different issues, corrected them during the DR exercise weekend and, two weeks after, a partner of Symantec did an assessment with DRA in that same environment, finding dozens of hidden issues, some probably pre-existents before the DR test, some that came after that, during scheduled changes on the environment and other applications that share same Network, SAN, Storage infrastructure.

For me, that’s the value of DRA for any customer, no matter big or small, regulated or not. If there is any investment on high-availability or disaster recovery capabilities, obviously customer expect that it will work when needed. As I said before, the safest thing to do if you have a critical application is to redo DR test for every single little change on the environment, even if the change happened in other application and you suspect that your critical application might be somehow affected.

But as this not only sounds but seems to be impossible, DRA is a unique tool, with no competition on the market that helps you getting the most from your investments in HA and DR, from cheap and simple local clusters (even native tools), thru storage/application replication, to expensive and complex geo clusters. It will help you be succesful not only on your DR tests, but when a real disaster happen.

From the previous article:

https://www-secure.symantec.com/connect/articles/i...

we introduced the installation of the VCS on Windows OS. After the installation, we need to configure the VCS to make it startup and work.

Here are the detailed steps to configure the VCS.

1. After the installation of the VCS and reboot the Windows OS, select 'Cluster Configuration Wizard' from start menu:

2. Click Next on the Welcome windows:

3. Input the computer name of the system that installed the VCS software:

4. The configuration wizard will check the requirements on the systems:

5. Select 'Create New Cluster':

6. Input the cluster name and select the system availabled:

7. The wizard will validate the systems selected:

8. Select the heartbeat ethernet for LLT:

These two ethernet should be located on the same separated VLAN.

9. Select No on the warning popup:

10. Specify the user credential of the VCS administrator:

11. There will be a summary windows to display all the configurations:

12. The configuration of the VCS will be finished in minutes:

After then, from the start menu, we can select to open the Veritas Cluster Manager to manage the cluster.

The attached PDF explores the following three most common scenarios for consideration when leveraging Symantec Altiris Endpoint Management Suite Products:

1. Altiris Symantec Management Platform Recovery using the same hardware

2. SQL Environment Recovery

3. Altiris Symantec Management Platform Recovery using dissimilar hardware.

Wondering how to handle your cold site environment?  How to plan for hard drive failures as part of your business continuity plan?    The attached document should help.

Thanks,
Jim

Disclaimer: this may not be an exaustive description of the solution and is intended to be used as a guideline. All information is available in the product documentation, including the Administrator's guide.
 

There are usually three important aspects for the recovery of encrypted data:

• Data and Key backups
• Key recovery (and ADK)
• Disk recovery

Data and Key backups
This point is simply the basilar of IT best practices - Backups are your friends, but only if tested!!!

Additional note: much of the time data backups can be kept stored in safe locations in clear, i.e. not encrypted.
 

Among others, you should keep up-to-date and good backups of:

• Symantec Encryption Management Server backups (stored outside of the server)

• Virtual Disk images you may have

• Organization Key (full keypair) and its correspondent passphrase - this is probably the most critical key in the encryption environment (Used to sign all user keys the Symantec Encryption Management Server creates and, to encrypt server backups!)

• Symantec Encryption Desktop keyrings (including private ones), especially if using standalone installations and/or Client Key Mode (CKM) and Server-Client Key Mode (SCKM)

• Ignition Keys (you don't really backup those, but you need the credentials, so have them safe) - most environments don't really require this one. This is only needed when there is a risk of an unauthorized person gaining physical control of the server hardware. If used, the server will be kept locked until unlocked using the proper method.

There are two types of Ignition Keys:

• Hardware Token: You need to have the PKCS#11 token and its respective PIN
• Soft-Ignition Passphrase: You need to know the passphrase you have specified.

Key recovery (and ADK)
How to recover a lost key or decrypt data with an alternative key? Key Reconstruction - Enabling key reconstruction ensures that users can reconstruct their PGP keys.

Key reconstruction is useful if the user loses their key material, or forgets their key passphrase. Key reconstruction is not suitable for enterprise data recovery, since only the user knows the answers to the reconstruction questions.

Additional Decryption Key (ADK) - The ADK is only available in Symantec Encryption Management Server environments. An ADK can be used to decrypt encrypted data and messages if an end user is unable or unwilling to do so. For different purposes two types of ADK can be defined in a managed environment:

• Policy ADK - this can be defined per consumer policy
• Organization ADK - this will be applied to every user in the environment

For standalone instalation you can use the Master Key in a similar way of an ADK, however, this would imply a trust with the users (that they won't remove that key) and the value of this would be only for recovery of encrypted data when the user key is lost.

Disk recovery
Which are the recovery options configurable for Disk Encryption in Symantec Encryption Management Server?

There are some ways to to ensure access to encrypted disks. Note that, if none of the options above was enabled *before* losing access to the disk, it will not be possible to access to the content because the records cannot be modified after losing access to the disk.

The options can be configured in the consumer policy:
Consumers > Consumer Policy > select the policy > in the section Symantec Encryption Desktop click the Desktop (button) > Drive Encryption (tab).

Under Symantec Drive Encryption there are some options which should be enabled and must be defined according company policy/local regulations.

• Enable Whole Disk Recovery Tokens - this will send a one-time token to the management server and can be used to regain access to the encrypted disk. Once used a new token will be automatically sent to the server.

• Encrypt Windows Drive Encryption disks and PGP Virtual Disks to a Disk Administrator Key. Attention!: Use the Symantec Drive Encryption administrator key to log in to a user's system at the Symantec Drive Encryption BootGuard screen using two-factor authentication (with a smart card or token). Before deployment check for token support.

• Encrypt Drive Encryption disks to a Disk Administrator Passphrase - this adds a permanent passphrase to the disk which can be used by administrators. This passphrase should be kept private.

• Use the WDE-ADMIN Active Directory group membership - Any member of the WDE-ADMIN Active Directory group can remotely access a system to add or remove users from Symantec Drive Encryption, encrypt or decrypt a drive, and so on, using the Symantec Drive Encryption command-line tool. These administrative functions can be performed without having to request the user's passphrase.

• Local Self Recovery Security Questions - also useful for standalone installations. Note: The Security Questions for Local Self Recovery cannot be created until the until the disk is fully encrypted.

Some companies/regulations have strict policies for the usage of these bypass mechanism and they should be documented in an internal "paper" policy.
For the ADK is also possible to use key splitting for obliging the presence of multiple stakeholders for unlocking access to encrypted data.

Last but not the least, deploying system images with Symantec Encryption Desktop pre-installed is not supported. This may cause that some or more of the options above will not be available, potentially leading to data loss due to no recovery option.

Each environment has its own specificities, thus testing is also part of IT best practices and whenever possible should be done in test machines.

Hello All,

Symantec Endpoint Protection 11 RU7 MP4 (11.0.7400.1398) is Released.

This build's version is: 11.0.7400.1398

SEP all version release details are available here: http://bit.ly/m0vOJp

Note: If in case you do not see the SEP 11 RU7 MP4 Release on Fileconnect, you may see the same in coming few days on your Fileconnect Account.

You may find the Latest Release of Symantec Endpoint Protection 11 RU7 MP4 at: https://symantec.flexnetoperations.com/control/symc/registeranonymouslicensetoken

Select and start the download process using JAVA downloader

 If you wish to download using HTTPS download, click on +sign & will see HTTPS download option.

This release contains all of the features that were delivered in versions 11.0.7 (11 RU7) through 11.0.7.3 (11 RU7 MP3).

This release includes the following new features:

1) Support for Java Runtime Environment (JRE) 7, update 25 (7u25) - For improved security and stability, the Symantec Endpoint Protection Manager console runs on JRE 7u25.

2) Support for PHP 5.4.16 -  Symantec Endpoint Protection Manager includes PHP 5.4.16.

3) Support for Apache Tomcat 7.0.42 - Symantec Endpoint Protection Manager includes Apache Tomcat 7.0.42

4) Additional component updates -  This release provides updates to the following Symantec Endpoint Protection components, which improves stability and security.
■ cURL 7.31.0
■ LibPNG 1.5.15
■ LibXML 2.9.1

Supported upgrade paths to Symantec Endpoint Protection 11.0.7.4 (11 RU7 MP4)

Symantec Endpoint Protection 11 RU7 MP4 supports an upgrade from the following earlier versions:

■ 11.0.7000.793 - Release Update 7 (RU7)
■ 11.0.7101.1056 - Release Update 7 Maintenance Patch 1 (RU7 MP1)
■ 11.0.7200.1147 - Release Update 7 Maintenance Patch 2 (RU7 MP2)                                                                                                                      ■ 11.0.7300.1294 - Release Update 7 Maintenance Patch 3 (RU7 MP3)

If your Symantec Endpoint Protection version is earlier than 11 RU7, you must first install SEP 11 RU7.

Articles:

Symantec™ Endpoint Protection and Symantec Network Access Control 11.0.7.4 (11 RU7 MP4) Release Notes

http://www.symantec.com/docs/DOC7074

New fixes for Symantec Endpoint Protection 11 and Symantec Network Access Control 11

http://www.symantec.com/docs/TECH103087

In questo articolo sono stati raccolti e catalogati gli articoli pubblicati in precedenza su questo sito e che riguardano tool freeware portatili.
La caratteristica principale di questi tool è quella della portatilità , infatti non richiedono una installazione locale nel computer e possono essere eseguiti da una qualsiasi pendrive o hard disk USB.

I programmi rivolti a utenti Power user e Amministratori di Sistema, sono stati suddivisi in varie categorie, con una breve descrizione della sua funzione ( in lingua inglese e in Italiano dove è già stata pubblicata la traduzione).

La lista verrà aggiornata anche in base alle Vs. segnalazioni, con la speranza che questi programmi possano essere utili per semplificare il Vs. lavoro giornaliero e di gestione dei problemi hardware e software.

English article : USB Swiss Army Tools Collection

OFFICE
Articolo	Descrizione	Tool
Commands in Demand Portable	This portable tool can be used to quickly access commonly used essential Windows Commands and Settings via an easy GUI.	Commands in Demand
Database Browser	Portable tool for IT admins and advanced users, that allows to connect to any database and browse or modify data, run sql scripts, export and print data.	Database browser
Desktop Translation Tool Dictionary .NET	The Dictionary .NET is a tiny, easy and smart multilingual dictionary translating from/to 65 languages using Google’s services. Integrates Google Dictionary, Translate, Search, Suggest, Virtual Keyboard, Text To Speech, Wikipedia search, Bing wallpaper, and more Google APIs without installing anything.	Dictionary .NET
Portable tool to Detect and Repair Stalled Print Jobs	Freeware and portable tool designed to clear the printer spool if any jobs get stuck in there.	Stalled Printer Repair
Free Commander	Freecommander is a useful Windows explorer portable alternative, this freeware tool is a easy and small file manager (2,4 MB) with lots of advanced and helpful features. It can be used to manage local computer and also configure network location or an FTP drive	Freecommander
Portable File Management and Search Tool	Snowbird is a portable software program that can be considered an easy and light alternative to Google Desktop or Microsoft Search. This small tool , only 267 Kb , provides a basic search interface that allows users to select a folder and search files and folders.	Snowbird
Change Drive letter assignments	The DriveLetterView tool allows to view and change drive letter assignments in your system even if drives are not currently plugged. The nice GUI shows all local drives, remote network shares, DVD drives and USB drives.	DriveLetterView
Portable Freeware Photoeditor	MobaPhoto allows you to manage pictures (resize, crop and also red-eyes correction), create photo galleries and rename/resize in batch mode.	MobaPhoto
HARDWARE
Easily Jump to Special Folders in Windows	SpecialFoldersView by Nirsoft shows the list of all special folders in your current Windows operating system, and allows you to easily jump to the desired folder.	SpecialFoldersView
Alternative Device Manager	DevManView 1.0 is a portable software program made by Nirsoft. It allows you to manage devices on your local computer and also of another computer on your network.	DevManView
How to Check the Speed of a USB Flash Drive	Speedout is a freeware tool to perform a USB Driver performance speed test.	Speedout
Troubleshooting for USB Devices on Your System	This tool help to see all USB devices configured on a local or remote computer, and other helpful information like: device name and description, device type, serial number, the date/time that device was added, VendorID, ProductID, and many others. Also you can perform other maintenance tasks, in addition to report functions, there are basic commands to disconnect or delete USB devices.	USBDeview
A Portable PC Doctor, Open Hardware Monitor	This portable freeware application allows you to monitor temperature sensors, fan speeds, voltages, load and clock speeds of your computer, etc.	Open Hardware Monitor
DriverBackup, Portable Device Drivers Backup and Restore	DriverBackup is a nice small free tool to easily backup and restore your system drivers.	DriverBackup
NETWORKING
Parkdale, Drive Speed Tester	Parkdale, free and portable utility to quickly perform a speed test on disks, cdroms and network shares. Helpful to investigate how and where are bottlenecks in local and network connections.	Parkdale
How to quickly monitor open internet ports	CurrPorts is network monitoring software that displays the list of all currently opened TCP/IP and UDP ports on your local computer. For each port in the list, information about the process that opened the port is also displayed, including the process name, full path of the process, version information of the process (product name, file description, and so on), the time that the process was created, and the user that created it.	CurrPorts
SICUREZZA
How To See Who Logged Into a Windows Computer	WinLogOnView is portable tool that scan the security event log of Windows operating system, and detects the date/time that users logged on and logged off. For every time that a user log on/log off to your system, the following information is displayed: Logon ID, User Name, Domain, Computer, Logon Time, Logoff Time, Duration, and network address.
Utilità di Sistema
Free Portable Inventory Software	This tool extracts hardware and software details of all components of the PC, shows installed software with version and product key.	Free PC Audit
Find the Exact Version Number of Windows	This freeware tool provides in few seconds a report which operating system and Service Packs are installed on your computer.	CheckOsVer
Check quickly Software Updates	The Update Notifier made by Cleansoft.org  is a good solution to check the software installed on a client and compare to the latest version available on internet.	Update Notifier
Repair & Fix Windows Updates with Fix WU Utility	The Fix WU V1.0   is a simple utility to re-register a total of 114 .dll,  ocx and .ax files which are required for the proper functioning of Windows Updates.	Fix WU
7 Quick Fix	This small freeware application is designed to fix common errors and also enable system features that could be happens after a virus attack. There are 21 different settings to change basic features on your operative system link Slow Shutdowns, Slow Thumbnails, Missing System Tray Icons, Missing DVD Drives , etc.	7 Quick Fix
The perfect portable killer for your system processes	KillProcess can terminate almost any process on a Windows machine, including any service and process running in the system. Even protected Microsoft system processes can be terminated. It can be helpful to terminate certain unknown processes that can be impossible shut down in other normal ways.	KillProcess
How to find the uninstall string	MyUninstaller tool is an helpful to find the correct uninstall string for whatever installed software application. This portable tool shows a list of all installed application with a lot of details and additional information that the standard Add/Remove applet doesn't display: product name, company, version, uninstall string, installation folder, etc.	MyUninstaller
GUI for Nirsoft utilities	NirLauncher is portable front-end that collects Nirsoft tools divided by categories, like Password Recovery Tools, Network Tools, Web Browser Tools, etc. This portable tool allows you to easily find and run the desired utility.	NirLauncher
Graphical Interface for Nirsoft and Sysinternals Tools	WSCC is a free, portable program that allows you to install, update, execute and organize the utilities from Sysinternal and Nirsoft utilities through a friendly GUI.	WSCC
How to Check what Version of Microsoft .NET Framework is installed	This portable tool helps you to collect and report all information about the different versions installed on a machine. Also detailed information is given on where the .NET Frameworks are installed with links to the directories. This information can easily be copied by a user, to paste in a mail. If a certain version isn't on the machine, you can simply follow the link that .NET Version Detector suggests, so it is easy for the novice user to find the runtimes.	.NET Version Detector
Partition Saving Tool	Partition Saving is DOS, Windows program that is used to save, restore and copy hard-drive, partitions, floppy disk and DOS, Windows or Linux devices. It allows to save all data on a partition to a file.	Partition Saving
Make a Customized Windows Icon	Portable freeware application which let you convert any image file into ICO format for use as icons.
All-in-one tool to manage , convert and extract ISO	ISO Toolkit is a portable tool to manage ISO images, it allows to create ISO image, copy ISO image from CD/DVD, convert ISO, NRG, CUE images, extract content of ISO, NRG, BIN and CUE images and mount ISO, NRG, BIN and CUE image files in Windows Explorer
Repair Browser and network settings changed by Malware	Repair browser settings and networking settings changed by rogueware or malwares. This tool help you to restore some important configurations and settings ( for example , homepage, safe startup items, DNS settings, Title Bar, BHO plug-in, etc ) after an virus attack.	Anvi Browser Repair Tool

Have you ever wondered how the "Manage > Software" items information is obtained from within the database?

If you have, the following SQL queries will tell you (taken from a 7.1.2 MP1.1 v7RU ITMS system):

-- Newly Discovered Software
DECLARE @v1_TrusteeScope nvarchar(194)
   SET @v1_TrusteeScope = N'2e1f478a-4986-4223-9d1e-b5920a63ab41,582029e2-fc5b-4717-8808-b80d6ef0fd67,7091a13c-55c3-4e51-b164-8955ee25e1c2,b760e9a9-e4db-404c-a93f-aea51754aa4f'
SELECT
   [vri2_Software Component].[Guid] AS [Guid],
   [vri2_Software Component].[Name] AS [Name],
   [ajs6_ItemPresentation].[ImageUrl] AS [Image Url],
   [ajs3_vAC_InstalledSoftware].[IsManaged] AS [Managed],
   [vri2_Software Component].[ResourceTypeGuid] AS [ResourceTypeGuid],
   [ajs5_vRM_Company_Item].[Name] AS [Manufacturer]
FROM
   [vRM_Software_Component_Item] AS [vri2_Software Component]
      INNER JOIN [vAC_InstalledSoftware] AS [ajs3_vAC_InstalledSoftware]
         ON ([vri2_Software Component].[Guid] = [ajs3_vAC_InstalledSoftware].[Guid])
      LEFT OUTER JOIN ([ResourceAssociation] AS [ajs4_ra]
         LEFT OUTER JOIN [vRM_Company_Item] AS [ajs5_vRM_Company_Item]
            ON ([ajs4_ra].[ChildResourceGuid] = [ajs5_vRM_Company_Item].[Guid]))
         ON ([vri2_Software Component].[Guid] = [ajs4_ra].[ParentResourceGuid])
            AND
            (
               ([ajs4_ra].[ResourceAssociationTypeGuid] = '292dbd81-1526-423a-ae6d-f44eb46c5b16')
            )
      LEFT OUTER JOIN [ItemPresentation] AS [ajs6_ItemPresentation]
         ON ([vri2_Software Component].[Guid] = [ajs6_ItemPresentation].[Guid])
WHERE
   (
      (
         ([ajs3_vAC_InstalledSoftware].[IsManaged] = 0)
      )
   )
ORDER BY
   [Name] ASC
 

--Installed Products
DECLARE @v1_TrusteeScope nvarchar(194)
   SET @v1_TrusteeScope = N'2e1f478a-4986-4223-9d1e-b5920a63ab41,582029e2-fc5b-4717-8808-b80d6ef0fd67,7091a13c-55c3-4e51-b164-8955ee25e1c2,b760e9a9-e4db-404c-a93f-aea51754aa4f'
SELECT
   [vri2_Software Product].[Guid] AS [Guid],
   [vri2_Software Product].[Name] AS [Name],
   [ajs7_Inv_Software_Image].[ImageUrl] AS [Image Url],
   [dca3_Software Product State].[IsManaged] AS [Managed],
   [ajs6_vRM_Company_Item].[Name] AS [Manufacturer]
FROM
   [vRM_Software_Product_Item] AS [vri2_Software Product]
      INNER JOIN [Inv_Software_Product_State] AS [dca3_Software Product State]
         ON ([vri2_Software Product].[Guid] = [dca3_Software Product State].[_ResourceGuid])
      INNER JOIN [vAC_InstalledProducts] AS [ajs4_vAC_InstalledProducts]
         ON ([vri2_Software Product].[Guid] = [ajs4_vAC_InstalledProducts].[Guid])
      LEFT OUTER JOIN ([ResourceAssociation] AS [ajs5_ra]
         LEFT OUTER JOIN [vRM_Company_Item] AS [ajs6_vRM_Company_Item]
            ON ([ajs5_ra].[ChildResourceGuid] = [ajs6_vRM_Company_Item].[Guid]))
         ON ([vri2_Software Product].[Guid] = [ajs5_ra].[ParentResourceGuid])
            AND
            (
               ([ajs5_ra].[ResourceAssociationTypeGuid] = 'd5c66d5a-7686-4ca2-b7c1-ac980576ce1d') --Software Product to Company
            )
      LEFT OUTER JOIN [Inv_Software_Image] AS [ajs7_Inv_Software_Image]
         ON ([vri2_Software Product].[Guid] = [ajs7_Inv_Software_Image].[_ResourceGuid])
WHERE
   (
      (
         ([dca3_Software Product State].[IsManaged] = 1)
      )
   )
ORDER BY
   [Name] ASC

--Licensed
DECLARE @v1_TrusteeScope nvarchar(194)
   SET @v1_TrusteeScope = N'2e1f478a-4986-4223-9d1e-b5920a63ab41,582029e2-fc5b-4717-8808-b80d6ef0fd67,7091a13c-55c3-4e51-b164-8955ee25e1c2,b760e9a9-e4db-404c-a93f-aea51754aa4f'
SELECT
   [vri2_Software Product].[Guid] AS [Guid],
   [vri2_Software Product].[Name] AS [Name],
   [dca3_Software Product State].[IsManaged] AS [Managed],
   [ajs10_Inv_Software_Image].[ImageUrl] AS [Image Url],
   [ajs8_ScopeMembership].[ScopeCollectionGuid] AS [Organizational Group],
   [ajs9_FolderBaseFolder].[ParentFolderGuid] AS [ParentFolderGuid],
   [ajs7_vRM_Company_Item].[Name] AS [Manufacturer]
FROM
   [vRM_Software_Product_Item] AS [vri2_Software Product]
      INNER JOIN [Inv_Software_Product_State] AS [dca3_Software Product State]
         ON ([vri2_Software Product].[Guid] = [dca3_Software Product State].[_ResourceGuid])
      INNER JOIN [vAC_LicensedProducts] AS [ajs4_vAC_LicensedProducts]
         ON ([vri2_Software Product].[Guid] = [ajs4_vAC_LicensedProducts].[Guid])
      INNER JOIN [vAC_InstalledProducts] AS [ajs5_vAC_InstalledProducts]
         ON ([vri2_Software Product].[Guid] = [ajs5_vAC_InstalledProducts].[Guid])
      LEFT OUTER JOIN ([ResourceAssociation] AS [ajs6_ra]
         LEFT OUTER JOIN [vRM_Company_Item] AS [ajs7_vRM_Company_Item]
            ON ([ajs6_ra].[ChildResourceGuid] = [ajs7_vRM_Company_Item].[Guid]))
         ON ([vri2_Software Product].[Guid] = [ajs6_ra].[ParentResourceGuid])
            AND
            (
               ([ajs6_ra].[ResourceAssociationTypeGuid] = 'd5c66d5a-7686-4ca2-b7c1-ac980576ce1d') --Software Product to Company
            )
      LEFT OUTER JOIN ([ScopeMembership] AS [ajs8_ScopeMembership]
         LEFT OUTER JOIN [FolderBaseFolder] AS [ajs9_FolderBaseFolder]
            ON ([ajs8_ScopeMembership].[ScopeCollectionGuid] = [ajs9_FolderBaseFolder].[FolderGuid]))
         ON ([vri2_Software Product].[Guid] = [ajs8_ScopeMembership].[ResourceGuid])
      LEFT OUTER JOIN [Inv_Software_Image] AS [ajs10_Inv_Software_Image]
         ON ([vri2_Software Product].[Guid] = [ajs10_Inv_Software_Image].[_ResourceGuid])
GROUP BY
   [vri2_Software Product].[Guid],
   [dca3_Software Product State].[IsManaged],
   [vri2_Software Product].[Name],
   [ajs7_vRM_Company_Item].[Name],
   [ajs8_ScopeMembership].[ScopeCollectionGuid],
   [ajs9_FolderBaseFolder].[ParentFolderGuid],
   [ajs10_Inv_Software_Image].[ImageUrl]
ORDER BY
   [Name] ASC

--Adobe
DECLARE @v1_TrusteeScope nvarchar(194)
   SET @v1_TrusteeScope = N'2e1f478a-4986-4223-9d1e-b5920a63ab41,582029e2-fc5b-4717-8808-b80d6ef0fd67,7091a13c-55c3-4e51-b164-8955ee25e1c2,b760e9a9-e4db-404c-a93f-aea51754aa4f'
DECLARE @g3_SoftwareProductContainsSoftwareComponent uniqueidentifier
   SET @g3_SoftwareProductContainsSoftwareComponent = '9d67b0c6-beff-4fcd-86c1-4a40028fe483' --Software Product Contains Software Component
DECLARE @g7_SoftwareProducttoCompany uniqueidentifier
   SET @g7_SoftwareProducttoCompany = 'd5c66d5a-7686-4ca2-b7c1-ac980576ce1d' --Software Product to Company
SELECT
   [vri2_Software Product].[Guid] AS [Guid],
   [vri2_Software Product].[Name] AS [Name],
   [vri9_Company].[Name] AS [Manufacturer],
   [ajs11_ScopeMembership].[ScopeCollectionGuid] AS [Organizational Group],
   [ajs12_FolderBaseFolder].[ParentFolderGuid] AS [ParentFolderGuid],
   [ajs13_Inv_Software_Image].[ImageUrl] AS [Image Url]
FROM
   [vRM_Software_Product_Item] AS [vri2_Software Product]
      LEFT OUTER JOIN ([ResourceAssociation] AS [ra4_Software Product Contains Software Component]
         LEFT OUTER JOIN ([vRM_Software_Component_Item] AS [vri5_Software Component]
            INNER JOIN [Inv_InstalledSoftware] AS [ajs6_Inv_InstalledSoftware]
               ON ([vri5_Software Component].[Guid] = [ajs6_Inv_InstalledSoftware].[_SoftwareComponentGuid]))
            ON ([ra4_Software Product Contains Software Component].[ChildResourceGuid] = [vri5_SoftwareComponent].[Guid]))
         ON ([vri2_Software Product].[Guid] = [ra4_Software Product Contains Software Component].[ParentResourceGuid])
      LEFT OUTER JOIN ([ResourceAssociation] AS [ra8_Software Product to Company]
         LEFT OUTER JOIN [vRM_Company_Item] AS [vri9_Company]
            ON ([ra8_Software Product to Company].[ChildResourceGuid] = [vri9_Company].[Guid]))
         ON ([vri2_Software Product].[Guid] = [ra8_Software Product to Company].[ParentResourceGuid])
      INNER JOIN [vAC_LicensedProducts] AS [ajs10_vAC_LicensedProducts]
         ON ([vri2_Software Product].[Guid] = [ajs10_vAC_LicensedProducts].[Guid])
      LEFT OUTER JOIN ([ScopeMembership] AS [ajs11_ScopeMembership]
         LEFT OUTER JOIN [FolderBaseFolder] AS [ajs12_FolderBaseFolder]
            ON ([ajs11_ScopeMembership].[ScopeCollectionGuid] = [ajs12_FolderBaseFolder].[FolderGuid]))
         ON ([vri2_Software Product].[Guid] = [ajs11_ScopeMembership].[ResourceGuid])
      LEFT OUTER JOIN [Inv_Software_Image] AS [ajs13_Inv_Software_Image]
         ON ([vri2_Software Product].[Guid] = [ajs13_Inv_Software_Image].[_ResourceGuid])
WHERE
   (
      (
         ([ra4_Software Product Contains Software Component].[ResourceAssociationTypeGuid] = @g3_SoftwareProductContainsSoftwareComponent)
         OR
         ([ra4_Software Product Contains Software Component].[ResourceAssociationTypeGuid] IS NULL)
      )
      AND
      (
         ([ra8_Software Product to Company].[ResourceAssociationTypeGuid] = @g7_SoftwareProducttoCompany)
         OR
         ([ra8_Software Product to Company].[ResourceAssociationTypeGuid] IS NULL)
      )
      AND
      (
         (LOWER([vri9_Company].[Name]) LIKE '%' + N'adobe' + '%')
      )
   )
GROUP BY
   [vri2_Software Product].[Guid],
   [vri2_Software Product].[Name],
   [vri9_Company].[Name],
   [ajs11_ScopeMembership].[ScopeCollectionGuid],
   [ajs12_FolderBaseFolder].[ParentFolderGuid],
   [ajs13_Inv_Software_Image].[ImageUrl]
ORDER BY
   [Name] ASC

--Microsoft
DECLARE @v1_TrusteeScope nvarchar(194)
   SET @v1_TrusteeScope = N'2e1f478a-4986-4223-9d1e-b5920a63ab41,582029e2-fc5b-4717-8808-b80d6ef0fd67,7091a13c-55c3-4e51-b164-8955ee25e1c2,b760e9a9-e4db-404c-a93f-aea51754aa4f'
DECLARE @g3_SoftwareProductContainsSoftwareComponent uniqueidentifier
   SET @g3_SoftwareProductContainsSoftwareComponent = '9d67b0c6-beff-4fcd-86c1-4a40028fe483'  --Software Product Contains Software Component
DECLARE @g7_SoftwareProducttoCompany uniqueidentifier
   SET @g7_SoftwareProducttoCompany = 'd5c66d5a-7686-4ca2-b7c1-ac980576ce1d'  --Software Product to Company
SELECT
   [vri2_Software Product].[Guid] AS [Guid],
   [vri2_Software Product].[Name] AS [Name],
   [vri9_Company].[Name] AS [Manufacturer],
   [ajs11_ScopeMembership].[ScopeCollectionGuid] AS [Organizational Group],
   [ajs12_FolderBaseFolder].[ParentFolderGuid] AS [ParentFolderGuid],
   [ajs13_Inv_Software_Image].[ImageUrl] AS [Image Url]
FROM
   [vRM_Software_Product_Item] AS [vri2_Software Product]
      LEFT OUTER JOIN ([ResourceAssociation] AS [ra4_Software Product Contains Software Component]
         LEFT OUTER JOIN ([vRM_Software_Component_Item] AS [vri5_Software Component]
            INNER JOIN [Inv_InstalledSoftware] AS [ajs6_Inv_InstalledSoftware]
               ON ([vri5_Software Component].[Guid] = [ajs6_Inv_InstalledSoftware].[_SoftwareComponentGuid]))
            ON ([ra4_Software Product Contains Software Component].[ChildResourceGuid] = [vri5_SoftwareComponent].[Guid]))
         ON ([vri2_Software Product].[Guid] = [ra4_Software Product Contains Software Component].[ParentResourceGuid])
      LEFT OUTER JOIN ([ResourceAssociation] AS [ra8_Software Product to Company]
         LEFT OUTER JOIN [vRM_Company_Item] AS [vri9_Company]
            ON ([ra8_Software Product to Company].[ChildResourceGuid] = [vri9_Company].[Guid]))
         ON ([vri2_Software Product].[Guid] = [ra8_Software Product to Company].[ParentResourceGuid])
      INNER JOIN [vAC_LicensedProducts] AS [ajs10_vAC_LicensedProducts]
         ON ([vri2_Software Product].[Guid] = [ajs10_vAC_LicensedProducts].[Guid])
      LEFT OUTER JOIN ([ScopeMembership] AS [ajs11_ScopeMembership]
         LEFT OUTER JOIN [FolderBaseFolder] AS [ajs12_FolderBaseFolder]
            ON ([ajs11_ScopeMembership].[ScopeCollectionGuid] = [ajs12_FolderBaseFolder].[FolderGuid]))
         ON ([vri2_Software Product].[Guid] = [ajs11_ScopeMembership].[ResourceGuid])
      LEFT OUTER JOIN [Inv_Software_Image] AS [ajs13_Inv_Software_Image]
         ON ([vri2_Software Product].[Guid] = [ajs13_Inv_Software_Image].[_ResourceGuid])
WHERE
   (
      (
         ([ra4_Software Product Contains Software Component].[ResourceAssociationTypeGuid] = @g3_SoftwareProductContainsSoftwareComponent)
         OR
         ([ra4_Software Product Contains Software Component].[ResourceAssociationTypeGuid] IS NULL)
      )
      AND
      (
         ([ra8_Software Product to Company].[ResourceAssociationTypeGuid] = @g7_SoftwareProducttoCompany)
         OR
         ([ra8_Software Product to Company].[ResourceAssociationTypeGuid] IS NULL)
      )
      AND
      (
         (LOWER([vri9_Company].[Name]) LIKE '%' + N'microsoft' + '%')
      )
   )
GROUP BY
   [vri2_Software Product].[Guid],
   [vri2_Software Product].[Name],
   [vri9_Company].[Name],
   [ajs11_ScopeMembership].[ScopeCollectionGuid],
   [ajs12_FolderBaseFolder].[ParentFolderGuid],
   [ajs13_Inv_Software_Image].[ImageUrl]
ORDER BY
   [Name] ASC

--Usage Tracking
DECLARE @v1_TrusteeScope nvarchar(155)
   SET @v1_TrusteeScope = N'2e1f478a-4986-4223-9d1e-b5920a63ab41,582029e2-fc5b-4717-8808-b80d6ef0fd67,7091a13c-55c3-4e51-b164-8955ee25e1c2,b760e9a9-e4db-404c-a93f-aea51754aa4f'
DECLARE @g4_SoftwareProductContainsSoftwareComponent uniqueidentifier
   SET @g4_SoftwareProductContainsSoftwareComponent = '9d67b0c6-beff-4fcd-86c1-4a40028fe483'  --Software Product Contains Software Component
SELECT
   [vri2_Software Product].[Guid] AS [Guid],
   [vri2_Software Product].[Name] AS [Name],
   [ajs13_Inv_Software_Image].[ImageUrl] AS [Image Url],
   [dca3_Software Product State].[IsManaged] AS [Managed],
   [ajs8_Inv_Software_Product_Usage].[IsUsageTracked] AS [IsUsageTracked],
   [ajs9_ra].[ResourceAssociationTypeGuid] AS [ResourceAssociationTypeGuid],
   [ajs11_ScopeMembership].[ScopeCollectionGuid] AS [Organizational Group],
   [ajs12_FolderBaseFolder].[ParentFolderGuid] AS [ParentFolderGuid],
   [ajs10_vRM_Company_Item].[Name] AS [Manufacturer]
FROM
   [vRM_Software_Product_Item] AS [vri2_Software Product]
      INNER JOIN [Inv_Software_Product_State] AS [dca3_Software Product State]
         ON ([vri2_Software Product].[Guid] = [dca3_Software Product State].[_ResourceGuid])
      LEFT OUTER JOIN ([ResourceAssociation] AS [ra5_Software Product Contains Software Component]
         LEFT OUTER JOIN ([vRM_Software_Component_Item] AS [vri6_Software Component]
            INNER JOIN [Inv_InstalledSoftware] AS [ajs7_Inv_InstalledSoftware]
               ON ([vri6_Software Component].[Guid] = [ajs7_Inv_InstalledSoftware].[_SoftwareComponentGuid]))
            ON ([ra5_Software Product Contains Software Component].[ChildResourceGuid] = [vri6_SoftwareComponent].[Guid]))
         ON ([vri2_Software Product].[Guid] = [ra5_Software Product Contains Software Component].[ParentResourceGuid])
      LEFT OUTER JOIN [Inv_Software_Product_Usage] AS [ajs8_Inv_Software_Product_Usage]
         ON ([vri2_Software Product].[Guid] = [ajs8_Inv_Software_Product_Usage].[_ResourceGuid])
      LEFT OUTER JOIN ([ResourceAssociation] AS [ajs9_ra]
         LEFT OUTER JOIN [vRM_Company_Item] AS [ajs10_vRM_Company_Item]
            ON ([ajs9_ra].[ChildResourceGuid] = [ajs10_vRM_Company_Item].[Guid]))
         ON ([vri2_Software Product].[Guid] = [ajs9_ra].[ParentResourceGuid])
            AND
            (
               ([ajs9_ra].[ResourceAssociationTypeGuid] = 'd5c66d5a-7686-4ca2-b7c1-ac980576ce1d')  --Software Product to Company
            )
      LEFT OUTER JOIN ([ScopeMembership] AS [ajs11_ScopeMembership]
         LEFT OUTER JOIN [FolderBaseFolder] AS [ajs12_FolderBaseFolder]
            ON ([ajs11_ScopeMembership].[ScopeCollectionGuid] = [ajs12_FolderBaseFolder].[FolderGuid]))
         ON ([vri2_Software Product].[Guid] = [ajs11_ScopeMembership].[ResourceGuid])
      LEFT OUTER JOIN [Inv_Software_Image] AS [ajs13_Inv_Software_Image]
         ON ([vri2_Software Product].[Guid] = [ajs13_Inv_Software_Image].[_ResourceGuid])
WHERE
   (
      (
         ([ra5_Software Product Contains Software Component].[ResourceAssociationTypeGuid] = @g4_SoftwareProductContainsSoftwareComponent)
         OR
         ([ra5_Software Product Contains Software Component].[ResourceAssociationTypeGuid] IS NULL)
      )
      AND
      (
         ([dca3_Software Product State].[IsManaged] = 1)
         AND
         ([ajs8_Inv_Software_Product_Usage].[IsUsageTracked] = 1)
      )
   )
GROUP BY
   [vri2_Software Product].[Guid],
   [vri2_Software Product].[Name],
   [dca3_Software Product State].[IsManaged],
   [ajs8_Inv_Software_Product_Usage].[IsUsageTracked],
   [ajs9_ra].[ResourceAssociationTypeGuid],
   [ajs10_vRM_Company_Item].[Name],
   [ajs11_ScopeMembership].[ScopeCollectionGuid],
   [ajs12_FolderBaseFolder].[ParentFolderGuid],
   [ajs13_Inv_Software_Image].[ImageUrl]
ORDER BY
   [Name] ASC

--Software Products
DECLARE @v1_TrusteeScope nvarchar(155)
   SET @v1_TrusteeScope = N'2e1f478a-4986-4223-9d1e-b5920a63ab41,582029e2-fc5b-4717-8808-b80d6ef0fd67,7091a13c-55c3-4e51-b164-8955ee25e1c2,b760e9a9-e4db-404c-a93f-aea51754aa4f'
SELECT
   [vri2_Software Product].[Guid] AS [Guid],
   [vri2_Software Product].[Name] AS [Name],
   [ajs4_Inv_Software_Image].[ImageUrl] AS [Image Url],
   [ajs5_ra].[ResourceAssociationTypeGuid] AS [ResourceAssociationTypeGuid],
   [ajs6_vRM_Company_Item].[Name] AS [Manufacturer]
FROM
   [vRM_Software_Product_Item] AS [vri2_Software Product]
      INNER JOIN [vAC_DeliverableSoftwareProducts] AS [ajs3_vAC_DeliverableSoftwareProducts]
         ON ([vri2_Software Product].[Guid] = [ajs3_vAC_DeliverableSoftwareProducts].[Guid])
      LEFT OUTER JOIN [Inv_Software_Image] AS [ajs4_Inv_Software_Image]
         ON ([vri2_Software Product].[Guid] = [ajs4_Inv_Software_Image].[_ResourceGuid])
      LEFT OUTER JOIN ([ResourceAssociation] AS [ajs5_ra]
         LEFT OUTER JOIN [vRM_Company_Item] AS [ajs6_vRM_Company_Item]
            ON ([ajs5_ra].[ChildResourceGuid] = [ajs6_vRM_Company_Item].[Guid]))
         ON ([vri2_Software Product].[Guid] = [ajs5_ra].[ParentResourceGuid])
            AND
            (
               ([ajs5_ra].[ResourceAssociationTypeGuid] = 'd5c66d5a-7686-4ca2-b7c1-ac980576ce1d')  --Software Product to Company
            )
ORDER BY
   [Name] ASC

--Software Releases
DECLARE @v1_TrusteeScope nvarchar(155)
   SET @v1_TrusteeScope = N'2e1f478a-4986-4223-9d1e-b5920a63ab41,582029e2-fc5b-4717-8808-b80d6ef0fd67,7091a13c-55c3-4e51-b164-8955ee25e1c2,b760e9a9-e4db-404c-a93f-aea51754aa4f'
SELECT
   [vri2_Software Release].[Guid] AS [Guid],
   [vri2_Software Release].[Name] AS [Name],
   [ajs5_ItemPresentation].[ImageUrl] AS [Image Url],
   [dca3_Software Component State].[IsManaged] AS [Managed],
   [ajs6_ra].[ResourceAssociationTypeGuid] AS [ResourceAssociationTypeGuid],
   [ajs7_vRM_Company_Item].[Name] AS [Manufacturer]
FROM
   [vRM_Software_Release_Item] AS [vri2_Software Release]
      LEFT OUTER JOIN [Inv_Software_Component_State] AS [dca3_Software Component State]
         ON ([vri2_Software Release].[Guid] = [dca3_Software Component State].[_ResourceGuid])
      INNER JOIN [vAC_DeliverableSoftware] AS [ajs4_vAC_DeliverableSoftware]
         ON ([vri2_Software Release].[Guid] = [ajs4_vAC_DeliverableSoftware].[Guid])
      LEFT OUTER JOIN [ItemPresentation] AS [ajs5_ItemPresentation]
         ON ([vri2_Software Release].[Guid] = [ajs5_ItemPresentation].[Guid])
      LEFT OUTER JOIN ([ResourceAssociation] AS [ajs6_ra]
         LEFT OUTER JOIN [vRM_Company_Item] AS [ajs7_vRM_Company_Item]
            ON ([ajs6_ra].[ChildResourceGuid] = [ajs7_vRM_Company_Item].[Guid]))
         ON ([vri2_Software Release].[Guid] = [ajs6_ra].[ParentResourceGuid])
            AND
            (
               ([ajs6_ra].[ResourceAssociationTypeGuid] = 'd5c66d5a-7686-4ca2-b7c1-ac980576ce1d')  --Software Product to Company
            )
ORDER BY
   [Name] ASC

--Software Updates
DECLARE @v1_TrusteeScope nvarchar(155)
   SET @v1_TrusteeScope = N'2e1f478a-4986-4223-9d1e-b5920a63ab41,582029e2-fc5b-4717-8808-b80d6ef0fd67,7091a13c-55c3-4e51-b164-8955ee25e1c2,b760e9a9-e4db-404c-a93f-aea51754aa4f'
SELECT
   [vri2_Resource].[Guid] AS [Guid],
   [vri2_Resource].[Name] AS [Name],
   [ajs4_ItemPresentation].[ImageUrl] AS [Image Url],
   [ajs5_ra].[ResourceAssociationTypeGuid] AS [ResourceAssociationTypeGuid],
   [vri2_Resource].[ResourceTypeGuid] AS [ResourceTypeGuid],
   [ajs6_vRM_Company_Item].[Name] AS [Manufacturer]
FROM
   [vRM_Resource_Item] AS [vri2_Resource]
      INNER JOIN [vAC_DeliverableSoftwareUpdates] AS [ajs3_vAC_DeliverableSoftwareUpdates]
         ON ([vri2_Resource].[Guid] = [ajs3_vAC_DeliverableSoftwareUpdates].[Guid])
      LEFT OUTER JOIN [ItemPresentation] AS [ajs4_ItemPresentation]
         ON ([vri2_Resource].[Guid] = [ajs4_ItemPresentation].[Guid])
      LEFT OUTER JOIN ([ResourceAssociation] AS [ajs5_ra]
         LEFT OUTER JOIN [vRM_Company_Item] AS [ajs6_vRM_Company_Item]
            ON ([ajs5_ra].[ChildResourceGuid] = [ajs6_vRM_Company_Item].[Guid]))
         ON ([vri2_Resource].[Guid] = [ajs5_ra].[ParentResourceGuid])
            AND
            (
               ([ajs5_ra].[ResourceAssociationTypeGuid] = 'd5c66d5a-7686-4ca2-b7c1-ac980576ce1d')  --Software Product to Company
            )
ORDER BY
   [Name] ASC