Monday, December 31, 2007

SMS 2003 to SCCM 2007 Migratation

There are alot of resources to work on your upgrade.
One problem that we has run into is that our 2005 SQL server is 64bit and it isn't supported by SMS 2003 so our upgrade will be a slightly more complex process. I have run the database upgrade test on the 2005 for Sccm and it upgrades fine so I can move it but it will be more touchy.
These are just 2 guides that you can start with. Once I have my system upgraded I plan to have exactly what did here. Since every install is different not everyone will have the nice "Drop in a CD and upgrade."

Full SCCM documentation
http://technet.microsoft.com/en-us/library/bb735860.aspx

PKI for Native Mode
http://technet.microsoft.com/en-us/library/bb694035.aspx

Friday, December 14, 2007

Install as a specific user

"Question is there a way to tell SMS to run a package as a specified user? By default, I only see two options: User context or Administrative, which runs the package as localsystem (not good when my packages need to resolve env. variables not available to localsystem). Can I specify a specific account with special rights to install a package as? Thanks!"


The straight answer to this is no. You can only run as the local system or as the current user. If you need to run in an admin mode but using the current user for enviromental vars then you can't use the SMS depoly to to this. There are some "wrappers" that you can use that will elivate the install as the current user to an admin so it will install using their env variables. Their are some other ways but it is not easy. I was forced to install an app as the local system but I had it map some drives that the user would have and then afterwards I changed the "current user" registry so it will work for the local user and not the local system.

Saturday, December 8, 2007

Reinstalling Managment Point

Is it possible to reinstall the management point and not injure the SMS structure?
Yes, I have uninstall the MP, IIS, and reinstalled them both without failure. We had a MP error that of course prevented the clients to contact them. HTTP_ERROR. The only resolution from both the forums and Microsoft was to uninstall MP and IIS and start over. All the while the clients were in a tizzy since they couldn't get to the MP. Some would continue to run an Advertisement since it couldn't send the "complete" command and the policy said to install it until it was done. Well in my haste to get it all installed and working I forgot to put BITS on it. So I was forced to stop was I was doing and install BITS to it. But in the end it was all done. It took almost 5 hours to diagnose, get a response and get the whole thing redone. The nice part is that it has been almost a year and no sign to that problem again.

Wednesday, November 28, 2007

SMS tool: What collection is a computer or User in?

[NOTE: I have updated this with a new version to work with SCCM and Maintenance windows collections-with-maintenance-windows (May 2008)]
OK I have this pulled from my C# app to vbscript. It isn't pretty but it works. The one problem is that I didn't create an array to sort the list so if you wanted sorted you will need to do it. I will update this later with the sort feature. Obviously I make no warranty. You will need to add the sever data and change the path to match your computer. Copy the vbscript to your folder, run the reg file and you will then see it in the MMC when you right click on a computer.

This will work with SMS 2003. To work with SCCM you will need to change the GUID and possible look at the WMI query for changes
-----------------------------Addmmc.reg-----------------------
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\NodeTypes\{4D26C0D4-A8A8-11D1-9BD9-00C04FBBD480}\Extensions\SMS_tools\xCol Mem]
"Name"="Collection Membership"
"Description"="Show what collections a computer is in"
"CommandLine"="wscript.exe \"c:\\Program Files\\MCNS\\Collections\\computercols.vbs\" ##SUB:ResourceID##"
------------------------------------------------------------------

'------------ SCCM console -----------------
c:\program files Files\Microsoft Configuration Manager\AdminUI\XmlStorage\Extensions\Actions\7ba8bf44-2344-4035-bdb4-16630291dcf6

'------mcns.xml---------------------------

<actiondescription class="Group" displayname="MCNS" mnemonicdisplayname="MCNS" description="MCN Tools" sqmdatapoint="100">
<actiongroups>
<actiondescription class="Executable" displayname="Collection Listing" mnemonicdisplayname="Collection Listing" description="Display machine Collection membership">
<executable>
<filepath>C:\Program Files\MCNS\collections\computercols07.vbs
</filepath>
<parameters>##SUB:ResourceID##</parameters>
</executable>
</actiondescription>
</actiongroups></actiondescription>

'---------------------------------------------



---------------------------computercols.vbs -----------------------------------------------
Dim CollectionArray(100)
count=0

Set objArgs = WScript.Arguments
if (objArgs.count > 0) then
MyPos = InStr(objArgs(0), ":")
ResourceID = wscript.arguments.item(0)
end if

Set Shell = CreateObject("Wscript.Shell")
Set oFSO = CreateObject("Scripting.FileSystemObject")
Set SWbemLocator=CreateObject("WbemScripting.SWbemLocator")
set SWbemServices = SWbemLocator.ConnectServer("server","root\SMS\site_XXX")
strQuery = "select * from SMS_CollectionMember_a where ResourceID='"+ ResourceID +"'"
Set Collections = SWbemServices.ExecQuery(strQuery)
for each Collection in Collections
set Collectionfound=SWbemServices.Get("SMS_Collection='" & Collection.CollectionID & "'" )
CollectionArray(count)=Collectionfound.Name
count=count+1
Next
'''''''''''''''
'Sort Collection list
for i = count - 2 To 0 Step -1
for j= 0 to i
if CollectionArray(j)>CollectionArray(j+1) then
temp=CollectionArray(j+1)
CollectionArray(j+1)=CollectionArray(j)
CollectionArray(j)=temp
end if
next
next



''' print out the collection listing
For NC = 0 to count-1
WhatCollections= WhatCollections & CollectionArray(NC) & VbCrLf
Next
Wscript.echo WhatCollections
--------------------------------------------------------------------------

Friday, November 23, 2007

Add computer to collection, Vbscript

Edit: October 25, 2008
I have added a better way of doing this via a right click
Here at Sccm-tools.com. This uses a HTA file so you can right click on a computer and add it to collections or right click on a computer in a collection or query and add it to multiple collections.

*-------------

I didn't create the script but someone had asked if there was a way to add a computer to a collection. I have the .Net code to do it but here is the vbscript method. This can be used to add the current computer to a collection as soon as the computer has imaged or performed some other action.




' *************************************************************************
' === Initialize Variables and Constants
' *************************************************************************
Option Explicit ' --- Force Declaration of variables
' === Script arguments override ====
' These variables are for testing only. To test, assign values to the variables and then comment out
' the Comment-out the ValdateArguments()subrourtine. To restur, comment out the variables below, and
' uncomment the ValdateArguments() subroutine to allow original argument values to be passed to the script.
'TargetCollectionName = "#Test-AddUser"
'NewComputerName = "LT01385"
' *************************************************************************
' == SMS Envronment Variables
CONST SMSSiteCode = "xxx" ' --- SMS Server Central Site Code
CONST SMSServer = "xxxxx" ' --- SMS Server
' -------------------------------------------------------------
' === Script varables
DIM lLocator ' --- Object handle for WMI Scripting "Locator object" ?
DIM gService ' --- Object hanlde for WMI object model ConnectServer object ?
DIM ResID ' --- Store the SMS ResourceID for the desired resource
DIM RuleName ' --- Name for Membership Rule (label seen in SMS collection properties)
DIM AllComputersSet ' --- Object handle to store the query results of the SMS System_R_System table
DIM AllComputersItem ' --- Index variable used for the AllComputersSet Object Collection (Array)
DIM CollectionRule ' --- CollectionRule
DIM oCollectionSet ' --- Object handle to store collection names from table SMS_Collection
DIM CollListItem ' --- Index variable for Collection Object (Array)
DIM WshShell ' --- Object handle for WshShell object (Windows Script Host Shell)
DIM oFSO ' --- Object handle for the FSO (File System Object)
DIM AddMembRuleSuccess ' --- Flag to track added collection membership rule status
Public TargetCollectionName ' --- Store command-line argument for desired collection name to add a computer resource
Public NewComputerName ' --- Store command-line argument for desired computer resource to add to the collection
' === Script Environment
' *********************************************************************************************
' ===== Connect to provider namespace for local computer.
' *********************************************************************************************
Set lLocator = CreateObject("WbemScripting.SWbemLocator")
Set gService = lLocator.ConnectServer(SMSServer, "Root\SMS\Site_" & SMSSiteCode)
' -- /// FileSytemObject already instantiated in subroutine ScriptPath() into object handle oFSO
' ********************************************
' ===== Script Start =======================
' ********************************************
ValdateArguments() ' --- Load command-line arguments into variables
ValidateComputerResource() ' --- Find computer name match in SMS "All Systems" table SMS_R_System
FindCollandAddMembRule() ' --- Find specific collection and add membership rule to the collection
wscript.quit
' *************************************************************************************
' *************************************************************************************
' Subroutines
' *************************************************************************************
' *************************************************************************************
' *************************************************************************************
' **** Validate command-line parameters and load them into variables to be used
' **** by the script. Otherwise, display an error message and exit the script
' *************************************************************************************
Sub ValdateArguments() ' --- Load command-line arguments into variables
If wscript.arguments.count<> 2 Then
wscript.echo "Two arguments please - The collection followed by Computer Name"
wscript.quit ' --- quit if invalid number of arguments
Else
TargetCollectionName = wscript. arguments(0)
NewComputerName = wscript. arguments(1)
End if
End Sub
' **************************************************************************
' **** Search the SMS_R_System table for a match to the computer name passed by the
' **** command-line argument, then store the corresponding SMS ResourceID
' **** in a variable.
' **************************************************************************
Sub ValidateComputerResource() ' --- Find computer name match in SMS "All Systems" table SMS_R_System
' --- Create object with query results from the SMS SQL table SMS_R_System
Set AllComputersSet = gService.ExecQuery("Select * From SMS_R_System WHERE Name LIKE ""%" + NewComputerName + "%""")
' --- Iterate through the SMS_R_System table resultset (loaded into the variable "AllComputersSet")
' and match the name to be added. Then retreive the ResourceID for the corresponding computer record.
For Each AllComputersItem In AllComputersSet
If UCase(AllComputersItem.Name) = UCase(NewComputerName) Then
ResID = AllComputersItem.ResourceID
RuleName = "ResourceID = " & ResID & " " & AllComputersItem.NetBiosName
End If
Next
End Sub
'***************************************************************************
'**** Walk through the the whole list of SMS collections and search for a match to the
'**** desired collection. If the desired collection is sucessfully found, then
'**** add the Membership rule created in the subrioutine CreateSMSDirectRule() to the
'**** existing matched collection.
'***************************************************************************
Sub FindCollandAddMembRule() ' --- Find specific collection and add membership rule to the collection
' --- Create object with query results from the SMS_Collection table
Set oCollectionSet = gService.ExecQuery("Select * From SMS_Collection")
AddMembRuleSuccess = "False" ' --- Initialize flag to indicate Added Collection Membership Rule Failed
' --- Walk through the list of SMS collections and find a match to the collection name passed by the
' command-line argument. If the collection exists, then add the new direct rule that includes
' the new computer name to the collection.
For Each CollListItem In oCollectionSet
If CollListItem.Name = TargetCollectionName Then
'***************************************************************************
'**** Create a direct membership rule (spawn a blank instance) to add to an existing collection.
'**** Then give that instance the values it needs - this is REQUIRED
'***************************************************************************
Set CollectionRule = gService.Get("SMS_CollectionRuleDirect").SpawnInstance_()
CollectionRule.ResourceClassName = "SMS_R_System"
CollectionRule.RuleName = RuleName
CollectionRule.ResourceID = ResID
' ***** Add the direct membership rule to matched collection. ************
CollListItem.AddMembershipRule CollectionRule
If Err.Number = 0 Then ' --- If Error = 0, then adding membership was successful.
AddMembRuleSuccess = "True" ' --- Set flag to "True" to indicate memb. rule added Successfully
End If
End If
Next
End Sub

Wednesday, October 31, 2007

Excluding computers from a collection

There are many ways to exclude computers from a collection. One way is to have a sub collection and exclude that one. The next is to create a sub select statement with a few machines..

where SMS_G_System_COMPUTER_SYSTEM.Name not in ( "comp1", "comp2" )

Assuming you have a collection of computers and you want to exclude certain ones then simply append this statement to your Where clause. This will remove these two computer from your list. Test it and see what happens..

Thursday, October 25, 2007

Office 2007 updates

If you are deploying Office 2007 you might want to slipstream just like you did with 2003. Generally I don't talk about deployments but since this involves patches I thought I would give a little talk.

First we need to find out what patches are needed. Either use SMS to determine what Office 2007 patches are needed, install a fresh copy and do an office update or some other method.

After you have all the .exe patches you will need to extract the msp file from them. Some .EXE's you can use WinRAR or something else to open the file. With the patches you will need to use the extract method.

"patch.exe /extract" this will cause a window to popup and ask you where to put the msp file. It will need to be in your UPDATE folder. Once Office 2007 is installed then it will patch. Keep this folder up-to-date so that your new computers will come with a fully patched Office 2007.

For More information please see the Office 2007 patch link below

http://technet2.microsoft.com/Office/en-us/library/2ce70869-aa75-4a73-9c9b-8b74001f1c3c1033.mspx?mfr=true

Wednesday, October 17, 2007

Laptop Network Configuration Group

Do you have locked down laptops and you want to enable the users to change the ip address. This is assuming they are traveling and need a new ip at a hotel. There are several ways you can accomplish this. Here is a vbscript method.

*-------------------
'' This will add all the domain users to the network config group for laptopson error resume next
Set network = WScript.CreateObject("WScript.Network") strComputer = network.computernameSet objGroup = GetObject("WinNT://" & strComputer & "/Network Configuration Operators,group")Set objUser = GetObject("WinNT://DOMAIN/DOMAIN USERS")objGroup.Add(objUser.ADsPath)
--------------------------------

Sunday, September 30, 2007

Advertisements that won't stop

Did you ever experience a time when your client just kept running an advertisement over and over again. This can happen when the client is a unable to properly communicate with the Managment Point. The client sends the "I completed the install" to the MP but it never get there. The client has a policy that says install once a day at 10am. Since the MP is not contacted the policy is still in affect and the MP has no way of knowing that client has completed and the client can't stop running the advertisement.

I have seen this when a move of the old MP to a new MP and the clients haven't automatically moved over. It has also happend when the client can't contact theMP correctly. This can also happen if someone places their boundary over yours. The the MP communication is disrupted.

A solution involves fixing the MP or re-installing the client.

Saturday, August 25, 2007

Site boundaries are important

If you are in a single AD and you have multiple domains with SMS servers it is important for you to keep your boundaries out of other SMS servers. Configuring boundaries wrong can place computers in someone elses boundary or pull computers in. A adverse side affect of placing your boundary to the whole AD or not placing any boundaries at call can make your site the central site over all other sites. This will effictively disable all sms clients in the entire AD. Since they will consider their central/primary site as a proxy and will look to the "new" central site. Since computers cannot be controlled by that new site they will just sit in limbo until the site boundaries are fixed. A check of the Location Services.log file will confirm if boundaries are messed up for that client.

Tuesday, August 7, 2007

Query computers to find a specific file


First you will need to make sure that turn on the file inventory, not File collection (we don't want to copy all those files into SMS). A sample is shown to the left. Be sure to exclude the Windows directory at the least.
Once a SW inventory has run you will be able to pull this informaiton. Depending on the state of your machines it might take a while before all have run the check. Be aware that this could decrease the performance of the system if this is the first run of the search.
Now that we have all the information in SMS we need to get it out. The quickest way is to build a query. A more detailed approach would be a report.
-------------------
select SMS_G_System_COMPUTER_SYSTEM.Name, SMS_G_System_SoftwareFile.FilePath, SMS_G_System_SoftwareFile.CreationDate, SMS_G_System_SoftwareFile.FileDescription, SMS_R_System.ResourceType, SMS_R_System.ResourceId from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_SoftwareFile on SMS_G_System_SoftwareFile.ResourceID = SMS_R_System.ResourceId where SMS_G_System_SoftwareFile.FileName = "test.pdf"
--------------------------
This query can now be used to form a collection or exported to Excel. Limit the collection to the computers you see fit.

Thursday, July 5, 2007

SMS Tools

Have you ever wondered how to extend the MMC for SMS 2003. There is a reg key that allows users to enter any kind of right click menu the system. It will be called SMS Tools.

To pull the right click tools to SCCM 2007 the guid is:
{58105356-2B9C-11D1-B0D5-00C04FBBD480}

HKLM\SOFTWARE\Microsoft\MMC\NodeTypes\{58105356-2B9C-11D1-B0D5-00C04FBBD480}\Extensions\SMS_Tools

To pull into SMS 2003
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\NodeTypes\{4D26C0D4-A8A8-11D1-9BD9-00C04FBBD480}\Extensions\SMS_Tools\101]
"Description"="Client Assignment (ClientAssignment.exe)"
"Name"="Client Assignment"
"CommandLine"="C:\\Program Files\\SMS 2003 Toolkit 2\\ClientAssignment.exe"

==realize that this is for a specific computer. Please check out Microsoft for more guids that control SMS or simply open up your reg and you can see.

Use this to send a WMI command to a certain client or force a collection to perform a HW inventory. Though this started in SMS 2.0 it is still valid in 2003.

https://msdn2.microsoft.com/en-us/library/ms817015.aspx

There are many other places to find information. Once you learn the 3 or 4 nodes to use and how to create scripts or applications you can extend SMS far beyond the native deployment.

Here is an example of an sms tool http://sms-hints-tricks.blogspot.com/2007/11/sms-tool-what-collection-is-computer-in.html

Saturday, June 16, 2007

Package contains source files

Have you ever wondered why SMS asks you if the package contains source files? Does it always contain source files?
No, if you intend on running an application that is on the system then it doesn't. Say you want to copy files from one folder to another. You don't need to push the copy command down. You just run it on the system. In this aspect the package doesn't contain any source files. It does contain the program command "copy x to Y"

Sunday, June 10, 2007

Remove Lookout

If you are upgrading to Office 2007 you might want to uninstall Lookout if it is installed. The problem is that they don't have a silent uninstall. The only way to get rid of it (unless the user is an admin) is to blow away Lookout. Otherwise desktop search will not install.


-------------remove lookout.vbs -------------------------
on error resume next
Set Sh = WScript.CreateObject("WScript.Shell")
Key ="HKLM\SOFTWARE\Microsoft\Fusion\References\LookoutAddIn, Version=1.0.1868.24056, Culture=neutral, PublicKeyToken=b7aa31f2379f8c07\{2EC93463-B0C3-45E1-8364-327E96AEA856}\"
Sh.RegDelete Key
Key ="HKLM\SOFTWARE\Microsoft\Fusion\References\LookoutAddIn, Version=1.0.1868.24056, Culture=neutral, PublicKeyToken=b7aa31f2379f8c07\"
Sh.RegDelete Key
Key ="HKLM\SOFTWARE\Lookout Software\Lookout\"
Sh.RegDelete Key
Key ="HKLM\SOFTWARE\Lookout Software\"
Sh.RegDelete Key
Key ="HKLM\SOFTWARE\Microsoft\Office\Outlook\AddIns\LookoutAddInShim.Connect\"
Sh.RegDelete Key
Key ="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lookout\"
Sh.RegDelete Key
Key ="HKEY_USERS\.DEFAULT\Software\Microsoft\Office\Outlook\Addins\LookoutAddInShim.Connect\"
Sh.RegDelete Key
Key ="HKLM\SOFTWARE\Classes\LookoutAddInShim.Connect\CLSID\"
Sh.RegDelete Key
Key ="HKLM\SOFTWARE\Classes\LookoutAddInShim.Connect\"
Sh.RegDelete Key
Key ="HKCR\LookoutAddInShim.Connect\CLSID\"
Sh.RegDelete Key
Key ="HKCR\LookoutAddInShim.Connect\"
Sh.RegDelete Key
Key ="HKEY_CLASSES_ROOT\CLSID\{86e53597-10b0-4e2e-ad00-53044a23c550}\ProgID\"
Sh.RegDelete Key
Key ="HKEY_CLASSES_ROOT\CLSID\{86e53597-10b0-4e2e-ad00-53044a23c550}\InprocServer32\"
Sh.RegDelete Key
Key ="HKEY_CLASSES_ROOT\CLSID\{86e53597-10b0-4e2e-ad00-53044a23c550}\"
Sh.RegDelete Key'''now delete the folder
Set oFSO = CreateObject("Scripting.FileSystemObject")
sDirectoryPath = "C:\Program Files\Lookout Software"
set oFolder = oFSO.GetFolder(sDirectoryPath)
oFolder.Delete(true)
-----------------------------------------------

Friday, June 1, 2007

Computers with Old Scan catalogs

This collection will house computers with the scan packager version smaller than 47 and if they have been HW inventoried in the last 60 days. This assumes that your current scan package is 47. Send the scan advertisment to this collection.
-------------------------
select
SMS_R_System.ResourceID,SMS_R_System.ResourceType,SMS_R_System.Name,SMS_R_System.SMSUniqueIdentifier,SMS_R_System.ResourceDomainORWorkgroup,SMS_R_System.Client from SMS_R_System inner join SMS_G_System_SCANPACKAGEVERSION on SMS_G_System_SCANPACKAGEVERSION.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_WORKSTATION_STATUS on SMS_G_System_WORKSTATION_STATUS.ResourceID = SMS_R_System.ResourceId where SMS_G_System_SCANPACKAGEVERSION.PackageVer < "47" and SMS_G_System_SCANPACKAGEVERSION.PackageID = "SMS00032" and SMS_G_System_WORKSTATION_STATUS.LastHardwareScan >= DateAdd(dd,-60,GetDate())
--------------
What does this get us. You can now see what computers are not updating their scan package. Maybe they are offline, or broken. You can now send an adv every 3 hours to this to make sure these computers scan as soon as they are turned on. Or send down the fix as soon as they turn on.
If you will notice the HTA file I created a while back: We use this to push a popup to the user informing them that their machine is out of date and it will be scanned, please don't restart. "if you continue to see this please contact tech support." This gives you a more active approach to finding systems that have problems

Wednesday, May 30, 2007

Adobe 8 Pro Fast web viewing

Did you deploy Adobe 8 pro but you want to turn of the Fast Web viewing feature.

-----------------adobefwv.vbs------
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\8.0\Originals]"bAllowByteRangeRequests"=dword:00000000
----------------------------------

Send this registry change to your Adobe 8 Pro collection. Next time it is opened the selection will be disabled. To re-enable simply delete this reg key.

Friday, May 25, 2007

Office 2007 and Lookout

If you are looking at moving to Office 2007 and you have Office 2003 with Lookout you will run into a problem. Lookout needs to open Outlook and remove itself from the system. Unless you are an admin you can't do this. If you allow the users to interact with the system and run Outlook with admin privs then you can run into a serious security problem. The simplest way is to remove lookout manually before installing Office 2007


---------------removelookout.vbs------
on error resume nextSet Sh = WScript.CreateObject("WScript.Shell")Key ="HKLM\SOFTWARE\Microsoft\Fusion\References\LookoutAddIn, Version=1.0.1868.24056, Culture=neutral, PublicKeyToken=b7aa31f2379f8c07\{2EC93463-B0C3-45E1-8364-327E96AEA856}\"Sh.RegDelete KeyKey ="HKLM\SOFTWARE\Microsoft\Fusion\References\LookoutAddIn, Version=1.0.1868.24056, Culture=neutral, PublicKeyToken=b7aa31f2379f8c07\"Sh.RegDelete KeyKey ="HKLM\SOFTWARE\Lookout Software\Lookout\"Sh.RegDelete KeyKey ="HKLM\SOFTWARE\Lookout Software\"Sh.RegDelete KeyKey ="HKLM\SOFTWARE\Microsoft\Office\Outlook\AddIns\LookoutAddInShim.Connect\"Sh.RegDelete KeyKey ="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lookout\"Sh.RegDelete KeyKey ="HKEY_USERS\.DEFAULT\Software\Microsoft\Office\Outlook\Addins\LookoutAddInShim.Connect\"Sh.RegDelete KeyKey ="HKLM\SOFTWARE\Classes\LookoutAddInShim.Connect\CLSID\"Sh.RegDelete KeyKey ="HKLM\SOFTWARE\Classes\LookoutAddInShim.Connect\"Sh.RegDelete KeyKey ="HKCR\LookoutAddInShim.Connect\CLSID\"Sh.RegDelete KeyKey ="HKCR\LookoutAddInShim.Connect\"Sh.RegDelete KeyKey ="HKEY_CLASSES_ROOT\CLSID\{86e53597-10b0-4e2e-ad00-53044a23c550}\ProgID\"Sh.RegDelete KeyKey ="HKEY_CLASSES_ROOT\CLSID\{86e53597-10b0-4e2e-ad00-53044a23c550}\InprocServer32\"Sh.RegDelete KeyKey ="HKEY_CLASSES_ROOT\CLSID\{86e53597-10b0-4e2e-ad00-53044a23c550}\"Sh.RegDelete Key'''now delete the folderSet oFSO = CreateObject("Scripting.FileSystemObject")sDirectoryPath = "C:\Program Files\Lookout Software"set oFolder = oFSO.GetFolder(sDirectoryPath)oFolder.Delete(true)
------------------

Friday, May 18, 2007

Out of date Hardware Inventory sms

Here is a query to create a collection of computers (last hardware scan > 60 days ) that haven't had there HW inventory updated in 60 days, you can change this to what ever time period you want. This will work on both SCCM or SMS



---------------------------------------------
select SMS_R_System.ResourceID,SMS_R_System.ResourceType,SMS_R_System.Name,SMS_R_System.SMSUniqueIdentifier,SMS_R_System.ResourceDomainORWorkgroup,SMS_R_System.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.Name not in (select SMS_R_System.Name from SMS_R_System inner join SMS_G_System_WORKSTATION_STATUS on SMS_G_System_WORKSTATION_STATUS.ResourceID = SMS_R_System.ResourceId where SMS_G_System_WORKSTATION_STATUS.LastHardwareScan >= DateAdd(dd,-60,GetDate()) )

-----------------------
You could also add a query to this collection to pull all computers with no SMS client then you have all your comptuers in one collection to work with. You could force HW scans on the collection, force Client installs or whatever maintenance you need.

Thursday, May 17, 2007

Disabled Addins in Office

Many times the help desk will get a call from someone saying their addin is not installed. So you check in SMS and sure enough it is there. It would be nice if IT could know ahead of time if there are disabled addins so they can fix it.

If you have a disabled items in office you will find this key
----------------
HKEY_CURRENT_USER\\Software\\Microsoft\\Office\11.0\\Access\\ResiliencyDisabledItems
----------------
Where 11.0 is the version number
Resiliency will only be there when an item is disabled.

The key might look something like this
----------------------
[HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Word\Resiliency\DisabledItems]"12C71C2"=hex:02,00,00,00,a0,00,00,00,04,00,00,00,63,00,3a,00,5c,00,64,00,6f,\ 00,63,00,75,00,6d,00,65,00,6e,00,74,00,73,00,20,00,61,00,6e,00,64,00,20,00,\ 73,00,65,00,74,00,74,00,69,00,6e,00,67,00,73,00,5c,00,62,00,70,00,6f,00,6c,\ 00,61,00,73,00,65,00,6b,00,5c,00,61,00,70,00,70,00,6c,00,69,00,63,00,61,00,\ 74,00,69,00,6f,00,6e,00,20,00,64,00,61,00,74,00,61,00,5c,00,6d,00,69,00,63,\ 00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,77,00,6f,00,72,00,64,00,5c,00,\ 7e,00,77,00,72,00,61,00,30,00,30,00,30,00,30,00,2e,00,77,00,62,00,6b,00,00,\ 00,00,00,00,00
---------------------------

I am currently working on a MIF or MOF to collect the information. Because the DisabledItems key (12C71C2) is a dynamic name you can't easily make a MOF, well you can, but since you have several other reg keys you need to make putting them in a single group isn't easy or possible. I am no MOF expert but I am trying to find experts to let me know. The easiest way would be to create a VbScript that would search for the keys for the current use and create/modify a MIF file so it contains all the disable items for the current and previous users.

Once located you can create an advertisment that deletes the Resiliency key forcing the addin to load the next time. If you see the computer again after the next inventory then you know there is a real problem and to go fix it.

Soon I hope to have a simple MIF file available. I am still checking to see if MS uses it in Office 2007. If so then I might spend more time on making a good reporting tool.

Wednesday, May 9, 2007

Defrag a computer

Just like doing a disk clean up, you may not have a policy that runs disk defragment at a given time. Maybe you have DiskKeeper. This will allow you to force your computers to run a defrag through SMS. We have a defrag set to run once a month. This can keep the computers running a bit faster and keeps the help desk calls down. Granted if you have a policy or software inplace you can just ignore this one :) I recommend you run the file with "cscript defrag.vbs" so if an error occurs it will not try to force a popup.


-----------defrag.vbs--------------
Set objShell = CreateObject("WScript.Shell")
'Run the Defrag Utility
intRetVal = objShell.Run("%comspec% /c %WinDir%\system32\defrag.exe c: -f -v ", 0, True)
If intRetVal <> 0 Then WScript.Quit intRetVal
-----------------------------------------

Sunday, May 6, 2007

Lock down SMS Control Panel

There are several ways to lock down the control panel I will address the one I know or found. Since this has come up in other forums and newsgroups I thought I would add my 2 cents.
Why would you want to lock it down. Well, if you have a user that is an admin on their machine they might revolt and turn off the service or fool around with the cache to prevent SMS from doing its job. It is a fact of life that some users will have admin rights to their machine. This will hopefully deter or slow them down. There isn't a way to totally stop them.

1. Hide the SMS Control Panel for current user (Systems Managment)
This will require a restart, force it or just wait for them to restart.
-------no show.reg------------------
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Control Panel\don't load]
"SMSCFGRC.cpl"="No"
---------------------------------------------
2. Disable sections of the Contol Panel [Courtesy of Rune Norberg, MS Newsgroup]
For site assignment:>
HKLM\Software\Microsoft\SMS\Mobile Client\Configuration\CP Site Assignment> Options=Disabled (REG_SZ)
For cache:>
HKLM\Software\Microsoft\SMS\Mobile Client\Configuration\CP Cache> Options=Disabled (REG_SZ)
----------------------------------

3. Restart CCM Service on remote machine
If the admin keeps turning off the service you can setup a scheduled task to run say every 3 hours to turn it back on. If they turn off WMI then you have a problem but you can use this to give you a return value if it is failing to start it.

-------------restart sms agent.vbs------------
strComputer = "YourComputer"
strCommand = "net start ccmexec"
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" _
& strComputer & "\root\cimv2")


Set oStartup = objWMIService.Get("Win32_ProcessStartup")
Set objConfig = oStartup.SpawnInstance_
objConfig.ShowWindow = 1

Set oProcess = objWMIService.Get("Win32_Process")
intReturn = oProcess.Create (strCommand, Null, objConfig, intProcessID)
‘’use the intReturn if you want to log success or failure, maybe they turned off Dcom or WMI
--------------------------------------


None of these are top secret and it will only take a little bit of digging for them to fix it. But it will deter some people. You can only try so much.

Monday, April 30, 2007

On Vacation

I will be back May 7.

Friday, April 27, 2007

SMS Client Actions

This has been posted may places but I will post it here too since they are all relative.
You can do many actions from the client side manually but you can also pass down the command from the SMS server.

What are some of these good for? Maybe you want to push an application down through some collections but the collection require a HW inventory to check the add/remove programs first. If your HW inventory is set for every 3 days it could then take 3 days to get that software fully installed. Now you can push a VBS file to force the HW inventory at the end of the package adv. If you have your collection updating say every 8 hours or less then it will install quicker.



Force the client to change the SMS cache size in MB
---------------------cachesize.vbs-------
Dim oUIResourceDim oCache
Set oUIResource = CreateObject("UIResource.UIResourceMgr")Set objCacheInfo = oUIResource.GetCacheInfo
'change to 2000MB
objCacheInfo.TotalSize = 2000
Set oUIResource = NothingSet objCacheInfo = Nothing
-------------------------------------------------------------------

Force the cleaning of SMS Cache
-------------------clean cache.vbs---------------------------------------------
on error resume next
dim oUIResManager
dim oCachedim oCacheElement
dim oCacheElements
set oUIResManager = createobject("UIResource.UIResourceMgr")
if oUIResManager is nothing then
wscript.quit
end if
set oCache=oUIResManager.GetCacheInfo()
if oCache is nothing then
set oUIResManager=nothing
wscript.quit
end if
set oCacheElements=oCache.GetCacheElements
for each oCacheElement in oCacheElements
oCache.DeleteCacheElement(oCacheElement.CacheElementID)
next
set oCacheElements=nothing
set oUIResManager=nothing
set oCache=nothing
wscript.quit
--------------------------------------



Software / Hardware Inventory
----------------------SW-HW.vbs---------------
On Error Resume Next
Dim oCPAppletMgr
Set oCPAppletMgr = CreateObject("CPApplet.CPAppletMgr")
Dim oClientActions
Set oClientActions = oCPAppletMgr.GetClientActions()
Dim oClientAction
For Each oClientAction In oClientActions
If oClientAction.Name = "Software Inventory Collection Cycle" Then
oClientAction.PerformAction
End If
If oClientAction.Name = "Hardware Inventory Collection Cycle" Then
oClientAction.PerformAction
End If
Next
-----------------------------------

Policy Refres
----
On Error Resume Next
Dim oCPAppletMgr
Set oCPAppletMgr = CreateObject("CPApplet.CPAppletMgr")
Dim oClientActions
Set oClientActions = oCPAppletMgr.GetClientActions()
Dim oClientAction
For Each oClientAction In oClientActions
If oClientAction.Name = "Discovery Data Collection Cycle" Then
oClientAction.PerformAction
End If
If oClientAction.Name = "Request & Evaluate Machine Policy" Then oClientAction.PerformAction
End If
Next
------

Wednesday, April 25, 2007

Fixing WMI Errors in your Repository

Microsoft has a nice Utility, WMIDiag v 2.0 releaseed 1/25/2007

http://www.microsoft.com/technet/scriptcenter/topics/help/wmidiag.mspx
http://www.microsoft.com/technet/scriptcenter/topics/help/wmi.mspx

This tool helps you run reports to determine erorrs with WMI on your machine.

"This document (developed in conjunction with the WMI team at Microsoft) is designed to help you troubleshoot problems with WMI scripts and the WMI service. Although the focus here is on scripting, the same troubleshooting information can be applied to other WMI consumers, such as Systems Management Server (SMS). Scenarios – and the error codes they produce – will often be the same regardless of whether you encounter problems using a script, the WMIC command line, a compiled application (such as SMS) that calls WMI, etc."

WMI fixes can still be used:

Windows XP
rundll32 wbemupgd, UpgradeRepository

Windows 2003
rundll32 wbemupgd, RepairWMISetup

A sample of the report is listed below:
DCOM Status: ................................ OK.
WMI registry setup: ............................ OK.
WMI Service has no dependents: ................. OK.
RPCSS service: ................................. OK (Already started).
WINMGMT service: ............................... OK (Already started).
--------------------------
WMI service DCOM setup: ........................ OK.
WMI components DCOM registrations: ............. OK.
WMI ProgID registrations: ...................... OK.
WMI provider DCOM registrations: ............... OK.
WMI provider CIM registrations: ................ OK.
WMI provider CLSIDs: ........................... OK.
WMI providers EXE/DLL availability: ............ OK.

If you are having problem with WMI connection or errors check this out. Running on your SMS server might just find a an error or security setting that you need to change.

Monday, April 23, 2007

The failure description was "11412"

Everyone has seen this error at least once or more. Sometimes it fixes itself other times you have figure out the problem. Granted there are other fixes but this works for me so think of it as another thing to try before banging your head on the wall.

The error you see is:

--------From logfile SmsWusHandler-----
The program for advertisement "SMS20002" failed ("SMS00032" - "Microsoft Updates Tool"). The failure description was "11412". User context: NT AUTHORITY\SYSTEM

The client refused to update to the new windows update client (V3)
-----------
First I try manually running the scan agent (SmsWusHandler.exe /Catalog:C:\WINDOWS\system32\VPCache\SMS00032\wsusscn2.cab /OutputXml:C:\WINDOWS\system32\VPCache\SMS00032\Results.xml)

If I receive the error about an invalid folder then I follow these steps...

First looking at the client data it says that it hasn't been patched in 1 month, but a manual scan will confirm that it is patching and that the only problem is the scan function and reporting it back to the SMS server.

Checking the vpcache folder reveled that the new cab file and new ITMU had downloaded but the windows update function didn't install correctly.

I went to my WUSPkgSource folder and manually run the WindowsUpdageAgent30-x86.exe to force the update on the client.

Once that was done I again ran the scan agent manually, this time it succeeded and all is now well with the client.

This error
Local WUS client version = 5.8.0.2469. Required version = 5.8.0.2678

Now shows as:

WUS client version detected on the machine = 5.8.0.2694.

A HW invetory returns the data to SMS and another client is backup and running.
----------
Once you have tested it on a machine and you have determined that this is the way to solve the problem you can easily send this down as an adv to the affected computers. This can be 100% automated. But remember this error can have 20 different solutions. Once you find the one that works lets hope it will solve it on all the systems.

Saturday, April 21, 2007

Microsoft VPN Client Setup

I don't want to focus on how to deploy application since there are number of sites out there but this is less of an install and more of setting up a client. We have laptop and remote users. At image time they are automatically placed in a unique collection. Once in the Microsoft VPN client is setup on their system. Here is how I do it. First I setup the connection manually, place a shortcut on your desktop. Then I pull out the connection information of the link.

------------------from rasphone.pbk --------vpn.txt-----------
[Corporate-VPN]
Encoding=1
Type=2
AutoLogon=0
UseRasCredentials=1
DialParamsUID=19215656
Guid=146A6DB03341F147B8F58280E0E2E729
BaseProtocol=1
VpnStrategy=2
ExcludedProtocols=0
LcpExtensions=1
----------------------------
Here just the beginning of the file, there is no need for me to place the whole file since your settings would be different. The Guid is random to your system.
This section is stored in a file called VPN.txt. Next I copy the link file to my package folder (corp-vpn.lnk)

Lastly I have this vbscript to run and complete the setup.
--------vpn.vbs-------------------
Dim objFSO, objFolder, objShell, objTextFile, objFile
Dim strFile, strText
strFileOrig = "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk"
strFileData = "vpn.txt"
set objFile = nothing
set objFolder = nothing
Const ForAppending = 8
Const ForReading = 1


Set objFSO= CreateObject("Scripting.FileSystemObject")
If not objFSO.FileExists(strFileOrig) Then
objFSO.CreateTextFile strFileOrig, False

end if

Set objOrigFile = objFSO.OpenTextFile(strFileorig, ForAppending, True)
Set objVpngFile = objFSO.OpenTextFile(strFileData, ForReading)

Do Until objVpngFile.AtEndOfStream
strCharacters = objVpngFile.Read(1)
objOrigFile.Write(strCharacters)
Loop
objOrigFile.Close

'copy link over
set Copyfile = objFSO.GetFile("corp-vpn.lnk")
Copyfile.copy ("C:\Documents and Settings\All Users\Desktop\")
-----------------------------

You have now setup a MS Vpn connection for the computer.
The only tricky part is the GUID and getting the lnk file to move and maintain its connection to your vpn connection.

This makes setting up a VPN for remote users easy at provision time, no more walking users through it and no more manually doing it.
I don't consider this application installation since there is not setup.exe or install.msi.

Use / modify as needed.

Wednesday, April 18, 2007

Collection Based on File needed (outlook.hol)

Sometimes you need to send a file to the computer multiple times. This is true with the Outlook.hol file. For those that are new to it, this file contains calendar entries for custom and standard information. Use this to file to say give the dates of company vacations or events. Of course users still need to import the functions in to Outlook. At the end of this I will show you how to add it in. To push this file you will need 1 collection with 2 queries.

Query 1: Old HOL file
---------------------
select SMS_R_System.ResourceID,SMS_R_System.ResourceType,SMS_R_System.Name,SMS_R_System.SMSUniqueIdentifier,SMS_R_System.ResourceDomainORWorkgroup,SMS_R_System.Client from SMS_R_System inner join SMS_G_System_SoftwareFile on SMS_G_System_SoftwareFile.ResourceID = SMS_R_System.ResourceId where SMS_G_System_SoftwareFile.FileName = "OUTLOOK.HOL" and SMS_G_System_SoftwareFile.FileModifiedDate < "20070206 23:00:00.000" ------------------------- Query 2: No HOL file ------------------ select SMS_R_System.ResourceID,SMS_R_System.ResourceType,SMS_R_System.Name,SMS_R_System.SMSUniqueIdentifier,SMS_R_System.ResourceDomainORWorkgroup,SMS_R_System.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.Name not in (select distinct SMS_G_System_COMPUTER_SYSTEM.Name from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_SoftwareFile on SMS_G_System_SoftwareFile.ResourceID = SMS_R_System.ResourceId where SMS_G_System_SoftwareFile.FileName = "OUTLOOK.HOL") -------------------- As you update the new HOL change the date on the OLD hold query so it will pull in computers that need the new file. As they inventory they will be removed from the query. In your package you will need to create a batch file that copies over the old one. -----copyHOL.bat----- copy /y Outlook.hol "C:\Program Files\Microsoft Office\OFFICE11\1033" -------------------- This will copy over the old file. Then simply send out a message to let people know it is up to date. Or if you update monthly or weekly let the users know. Use the popup I have listed earlier for a notice after it installs. Please note that if Outlook it open then it won't update. It is better to install when no user is logged in. To add to your outlook access the Tools Options >Calendar Options> Add Holidays

Select the new categories or click ok to update the ones you have. Please note that you need to turn on File Inventory and search for the outlook.hol file.

Tuesday, April 17, 2007

Remote Activation of SMS Agent on Client

In an SMS enviroment you must have the SMS Agent running on the client or you can't do anything. In a strickly user enviroment this doesn't matter since the user can't turn it off, but if you have a user that has admin rights to his/her machine then they have the power to turn you off. Finding them is simple enough, look at the computers that haven't sent in an inventory in quite a while, heart beat or other options. The problem is getting that service restarted.

Here is a vbscript that will turn the service back on for a number of computers.
-------------------------
Const SW_NORMAL = 1
'change comps to match the number of computers in your array
Dim Comps(1)
Comps(0)="computer1"
Comps(1)="Computer2"
for each strComputer in Comps
strCommand = "net start ccmexec"
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" _
& strComputer & "\root\cimv2")
Set objStartup = objWMIService.Get("Win32_ProcessStartup")
Set objConfig = objStartup.SpawnInstance_
objConfig.ShowWindow = SW_NORMAL
Set objProcess = objWMIService.Get("Win32_Process")
intReturn = objProcess.Create (strCommand, Null, objConfig, intProcessID)
'remark lines if you don't want to see the success or failure of the program
If intReturn <> 0 Then
Wscript.Echo "Process could not be created." & _
vbNewLine & "Command line: " & strCommand & _
vbNewLine & "Return value: " & intReturn
Else
Wscript.Echo "Process created." & _
vbNewLine & "Command line: " & strCommand & _
vbNewLine & "Process ID: " & intProcessID End If
Next
----------------------------

This is simple but effective. You can run it manually or set it as a Scheduled Task on the server.
Remember you must have admin rights on the computer to run this, so we are talking about an local admin account or domain admin.

Thursday, April 12, 2007

DateAdd in Query/Collection

Many of you have already discovered some of the nice features and added benifits of upgrading to Sp 2 for SMS 2003. What you might not be aware of is that you can now use the DateAdd function in your query. The only down side is that you can only add it while editing the query manually. There is no WYSISYG method of adding or editing it. So once you add it you no longer have the editor.

Below is an example of how to use it to keep a computer in a collection for 2 days based on the MCNSDATA.ImageDate. I will describe this more later. Basically we are using a custom MIF file to add a computer to a new computer collection where it will stay until the end of the second day. It will then automatically remove itself. Expect to see more of the "New Computer" subject. I will have more about what we are doing with new computer provisioning.
------------------------------
select SMS_R_System.ResourceID,SMS_R_System.ResourceType,SMS_R_System.Name,SMS_R_System.SMSUniqueIdentifier,SMS_R_System.ResourceDomainORWorkgroup,SMS_R_System.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_MCNSDATA on SMS_G_System_MCNSDATA.ResourceID = SMS_R_System.ResourceId where SMS_G_System_MCNSDATA.ImageDate >= DateAdd(dd,-2,GetDate())
---------------------------------

Tuesday, April 10, 2007

Remote Assistance, and other computer info

Sometimes a user says they need assistance. To remote into their machine you need the computer name, this can be hard to find or search for. It also is hard sometimes for the user to give it to you. This query will help you put all that information together. You don't necessarily need to use this for remote assistance. With the user data (current & Last logged on) as well as the computer information you also have full access to the right click menu within SMS. Ever notice when you right click on a query of computers you don't always see the Remote Assistance or the Event view option. For these to appear you need to have the Resource ID and Resource type. This is a simple query that can be expanded to include the IP address or some other useful information. I have this labeled as Remote Assistance because I use it for assistanting users remotely. Please feel free to call it and modify it as needed or desired.



Object type:System Resource
Collection Limiting: No limited
---------------------Remote Assistance -------------------------------
select SMS_R_System.LastLogonUserName, SMS_G_System_COMPUTER_SYSTEM.UserName, SMS_G_System_COMPUTER_SYSTEM.Name, SMS_R_System.ResourceId, SMS_R_System.ResourceType from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId order by SMS_R_System.LastLogonUserName
------------------------------------------------
--no SMS_G_System-- (This is better for most right click tools and passing commands from the MMS)

select SMS_R_System.LastLogonUserName, SMS_R_System.Name, SMS_R_System.ResourceId, SMS_R_System.ResourceType from SMS_R_System order by SMS_R_System.LastLogonUserName

Sunday, April 8, 2007

Custom Popup Message

HTA or HTML Applications can be used for many things, installers, configurations pages, popups and much more. Here I demonstrate how to use them as a custom popup that your network users will recognize not as a spyware/trojan but has a message from the admin group. The background can consist of your company logo and the Admin pictures or something distinguishable.
This particular HTA file can be pushed to the machine and displayed to let the user know that he is out of compliance for patches. This can be accomplished by many ways:
1. Create a collection where the scan package is 1 or 2 versions back from where it should be. Pushing this down can warn the users that many many patches are about to install or that he/she needs to bring their laptop in for repairs because the Windows update feature isn't working correctly
2. Create a collection where the latest patch number MS07-0xx is not installed 2 weeks after Patch Tuesday.


---------------Popup.hta ----------
<head> <title>Message from <network admin group></title> <body background = "background.jpg">
<HTA:APPLICATION APPLICATIONNAME="NetworkGroup" SCROLL="NO" SINGLEINSTANCE="yes" WINDOWSTATE="normal" SYSMENU="no">
</head>
<script language="VBScript">
Sub Window_Onload window.moveTo 200,200 window.resizeTo 820,600 end sub
Sub Closeme window.close() end sub
</script>
<body >
<table width="790" border=0> <tr bgcolor="Yellow" height="8"> <td align="center"> Caution Caution Caution Caution Caution Caution Caution Caution Caution Caution Caution
</td> </tr> <tr height="350"> <td valign="center" > <font size="5" color="#0000FF" >
This system is not fully patched and is therefore a risk to our office. You are receiving this notification because your system is out of compliance for the following reason: <;br><br> This system may be experiencing problems receiving the MS updates. Please restart your PC. More patches may install after the restart. <br></font> </td> </tr>
<TR valign="bottom"> <td align="center" height="80" > <input type="button" value="Close Window" name="Closeout" onClick="Closeme" style="background:#f3f; "> </td> </tr> <tr bgcolor="Yellow" height="8"> <td align="center"> Caution Caution Caution Caution Caution Caution Caution Caution Caution Caution Caution </td> </tr> </table>
</body>


---------------------------
The color is to get your attention, change as needed.

See this MSDN article for more information:
http://msdn.microsoft.com/library/default.asp?url=/workshop/author/hta/overview/htaoverview.asp

Friday, April 6, 2007

Collection of Computers based on Users

SMS has a nice feature that allows you to create a collection based on users. That way when a users logs into a computer SMS will then run an advertisement for whatever computer they are on. The problem is maybe you want to have a collection of computers not the users. The worst flaw this the collection query I have created below and using collections based on users is that if a person logs in to another machine, for whatever reason, SMS will find them and push software to them.
That in mind, here is a collection that will take any OU group of users and create a collection of computers.


---------------------------------------
select SMS_R_System.ResourceID,SMS_R_System.ResourceType,SMS_R_System.Name,SMS_R_System.SMSUniqueIdentifier,SMS_R_System.ResourceDomainORWorkgroup,SMS_R_System.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.UserName in (select UniqueUserName from SMS_R_User where UserOUName = "xxxx /SECURITY USERS & GROUPS” )
--------------------------------------
Windows User account and group discovery must be enabled and run on your server to use this.

How does this work. It first grabs the list of users. Then matches them to the comptuers that SMS currently sees them logged into. To change this to Last Logged in user you need to change the SMS_G_System_Computer_System to SMS_R_System.LastLogonUserName for computers. This will give you last logged in user.

"Limit to Collection" for all your computer Workstations or further limit it to based on departments

If you don't know what group then you can create a query of just (select UniqueUserName from SMS_R_User where UserOUName = "") click values until you have the value you need and paste it into the larger query.

Wednesday, April 4, 2007

Collection where XYZ needs to install

Sometimes you want to create a collection that will find all the computers that don't have a particular software installed and push it to it. This is a good dynamic way to use SMS instead of direct computer addition.

Assuming you have Adobe Reader setup to install to all computers you can key this off of the Workstation collection or all computers if you wish. You notice that I use the "LIKE" condition instead of the "equals." I do this because you never know what version you might have. Look at Reader 7.09, even though you update your package with the latest reader you would need to change the collection. This way it will always look for the computers with no reader. This is assuming of course, that you push the updates to reader and not uninstal and reinstall the whole application each time.
--------------------------------
select SMS_R_System.ResourceID,SMS_R_System.ResourceType,SMS_R_System.Name,SMS_R_System.SMSUniqueIdentifier,SMS_R_System.ResourceDomainORWorkgroup,SMS_R_System.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.Name not in (select distinct SMS_G_System_COMPUTER_SYSTEM.Name from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName like "%Adobe Reader 8%")
--------------------------------

Monday, April 2, 2007

Admin Run As with IE 7

After you push down IE 7 through SMS you will find a curious problem. As a security fix Microsoft will no longer allow you launch Internet Explorer as an administrator then type in a c:\ and get to Explorer as an administraor. The new window will launch in the current user's security context. So to get around it you can use this reg file. Once installed it will allow you to right click on any folder or the start button and launch explorer as the system administrator or the Domain Admin.
Granted this can be done easily by just using the RunAs command but this is faster and a click away.

-----------------------------
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\OpenAsAdminUser0]
@="Open An Explorer Window as the Domain Admin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\OpenAsAdminUser0\command]
@="runas.exe /user:MyDomain\\administrator \"explorer.exe /SEPARATE\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\OpenAsAdminUser1]
@="Open An Explorer Window as the Local Administrator"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\OpenAsAdminUser1\command]
@="runas.exe /user:Administrator \"explorer.exe /SEPARATE\""

-----------------------------

ODBC Connections

After installing software or during routine application changes, it becomes necessary to add ODBC Settings. Most users don't or won't add these changes. Below is an example of how to add an ODBC connection to System (all users). If you want to do it for a certain user use the Current_User key.

ODBC for Project 2002 Sample
------------------------------------------------
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBC.INI\Project2002]
"Driver"="C:\\WINDOWS\\System32\\SQLSRV32.dll"
"Server"="Server-sql"
"LastUser"="LUser"
"Trusted_Connection"="Yes"

[HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBC.INI\ODBC Data Sources]
"Project2002"="SQL Server"
---------------------------

This can also can be achived by setting it up manually and then exporting the Registry key.

Wednesday, March 28, 2007

Vista SMS Report

When reviewing Vista requirements I put this together. In the SMS console create 2 new reports and copy these in. Next create a dash board using both reports. Now you can see total minimum and total premier. Obviously the premier machines meet the minimum requirements. I made a minimum to see what computers can run Vista (no Aero) [Vista Minimum] and those that would do very well [Vista Premier]
I tried to grab all the video cards, video ram, desktop ram. Granted this is no subsitute for the Vista, are you ready, software. But it atleast gives us a sign.
Premier Ram is set to 1.5GB though we are looking at 2GB but it should be enough to have a good performance. Modify as you like.
--------------------------------- Vista Minimum
SELECT Distinct SYS.Netbios_Name0,MEM.TotalPhysicalMemory0/1024 As Memory,vc.name0 as VideoCard,
pr.name0 as Processor,man.model0 as Model, pr.MaxclockSpeed0 as Speed
FROM v_R_System SYS
JOIN v_GS_X86_PC_MEMORY MEM on SYS.ResourceID = MEM.ResourceID
join v_GS_VIDEO_CONTROLLER vc on SYS.ResourceID = VC.ResourceID
join V_GS_processor pr on SYS.ResourceID = pr.ResourceID
join V_GS_Computer_System Man on SYS.ResourceID = man.ResourceID
WHERE MEM.TotalPhysicalMemory0/1024 >= 990
and SYS.Operating_System_Name_and0
Like '%Workstation%' and (vc.AdapterRam0 > 64000) and vc.name0 not


---------------------------------

-------------------------Vista Premier
SELECT Distinct SYS.Netbios_Name0, MEM.TotalPhysicalMemory0/1024 As Memory,vc.name0 as VideoCard,pr.name0 as Processor,man.model0 as Model
FROM v_R_System SYS
JOIN v_GS_X86_PC_MEMORY MEM on SYS.ResourceID = MEM.ResourceID
join v_GS_VIDEO_CONTROLLER vc on SYS.ResourceID = VC.ResourceID
join V_GS_processor pr on SYS.ResourceID = pr.ResourceID
join V_GS_Computer_System Man on SYS.ResourceID = man.ResourceID
WHERE MEM.TotalPhysicalMemory0/1024 >= 1400
and SYS.Operating_System_Name_and0
Like '%Workstation%' and (vc.name0 Like '%X600%'
or vc.name0 like '%RADEON X300%' or vc.name0 like '%Radeon X1300%' or vc.name0 like '%GeForce Go 7300%' or vc.name0 like '%GeForce FX Go5200%'
or vc.name0 like '%X700%' or vc.name0 like '%X600%'or vc.name0 like '%RADEON X300%'or vc.name0 like '%X550%' or vc.name0 like '%82945G%' or vc.name0 like '%82g965%' or vc.name0 like '%945GM%' or vc.name0 like '%GMA950%'
or vc.name0 like '%NVIDIA Quadro nvs%') and vc.name0 not like '%secondary%'
and (pr.name0 like '%pentium(r) 4%' or pr.name0 like '%pentium(r) D%' or pr.name0 like '%Genuine Intel(R) %' ) and pr.MaxClockSpeed0>=2900
order by netbios_name0
-----------------------------

Exiting Batch Files

Sometimes when using SMS you want to use a Batch file to see if a file is present and preform an action, or maybe delete a file. When using batch files you can get the current error level for validation or set the error level to your liking. For instance you have a batch file that checks to see if a file is present, if so run a program, else exit. Lets say for instance that the Batch always exits with a error 1 but it should exit with a 0 and continue on with the next program. To get around do this in the batch file
---
Exit /b [error level]
Exit /b 0 <- this will allow you to exit with a successful exit code
----

or try this

-----
set errorlevel=0 <- this will allow you to exit with a successful exit code

-----


This should only be done if you have tested and know the desired out come. Forcing a successful exit can lead to other problems. Make sure you cover any possible errors that might occur in the Batch file

Saturday, March 24, 2007

Google Search in IE 6

There are several ways to change your search engine. You could just click search and change it. You can use the IE 6 deployment tool to change it and then push it out to your computers. But that seems to only affect the search bar. What happens if you want to change it in the address bar as well. Here is a vbscript that you easily change to a reg file. Either way you can push it through SMS to your clients. I really don't know why I did this a vbscript and not a reg file. I guess I was looking to see what I could do with VBS and the registry. When this is run per user it will set their search default to Google but it will also change the address bar into a google search. No need for the Google tool bar.

--------------------------google-search.vbs
Dim objShell, RegLocate
Set objShell = WScript.CreateObject("WScript.Shell")
On Error Resume Next

'Set Search Assistant

RegLocate = "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Search Asst"
objShell.RegWrite RegLocate,"yes","REG_SZ"

RegLocate = "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page"
objShell.RegWrite RegLocate,"http://www.google.com","REG_SZ"

RegLocate = "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar"
objShell.RegWrite RegLocate,"http://www.google.com/ie","REG_SZ"

RegLocate = "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\"
objShell.RegWrite RegLocate,"http://www.google.com/keyword/%s","REG_SZ"

RegLocate = "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\provider"
objShell.RegWrite RegLocate,"gogl","REG_SZ"

RegLocate = "HKEY_CURRENT_USER\Software\Microsoft\search Assistant\DefaultSearchURL"
objShell.RegWrite RegLocate,"http://www.google.com/search?q=","REG_SZ"
--------------------------

Friday, March 23, 2007

Html Help Files CHM

There are some increased security that prevents some applications from showing the help file. This CHM file might be stored on the server while the application is running on the desktop. When to you open the help you receive and error that it is blocked or inaccessible.
Below you will find a reg file that will help you change that:

------------------------
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\HHRestrictions]"UrlAllowList"=\\\\Server\\folder\\folder\myhelp.chm;file://;
"MaxAllowedZone"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\ItssRestrictions]"UrlAllowList"=\\\\Server\\folder\\folder\myhelp.chm;file://;
"MaxAllowedZone"=dword:00000000
------------------------

Now does this all mean. Well it tell Windows to open a call to the server/file mentioned and allow it through. There are several ways to do this. I am only showing you a UNC path to a file.

For more indepth information look here:
http://support.microsoft.com/kb/896054

Tuesday, March 20, 2007

Remove Adobe

Ever wanted to just remove all the old version of Adobe Acrobat from a system but didn't want to create a package for each one

Modify as needed.

-------------------------- uninstall-adobe.vbs
Dim objShell, RegLocate
Set objShell = WScript.CreateObject("WScript.Shell")
On error resume next
Dim sngVersion
'''' Adobe Readers
sngVersion = objShell.RegRead ("HKLM\SOFTWARE\Adobe\Acrobat Reader\8.0\Installer\ENU_GUID")
if NOT sngVersion="" then
objShell.run("msiexec /x " & sngVersion & " /qb /norestart"), 0, True
end if
sngVersion = objShell.RegRead ("HKLM\SOFTWARE\Adobe\Acrobat Reader\7.0\Installer\ENU_GUID")
if NOT sngVersion="" then
objShell.run("msiexec /x " & sngVersion & " /qb /norestart"), 0, True
end if
sngVersion = objShell.RegRead ("HKLM\SOFTWARE\Adobe\Acrobat Reader\6.0\Installer\ENU_GUID")
if NOT sngVersion="" then
objShell.run("msiexec /x " & sngVersion & " /qb /norestart"), 0, True
end if
''''Adobe Acrobat
sngVersion = objShell.RegRead ("HKLM\SOFTWARE\Adobe\Adobe Acrobat\7.0\Installer\ENU_GUID")
if NOT sngVersion="" then
objShell.run("msiexec /x " & sngVersion & " /qb /norestart"), 0, True
end if
sngVersion = objShell.RegRead ("HKLM\SOFTWARE\Adobe\Adobe Acrobat\6.0\Installer\ENU_GUID")
if NOT sngVersion="" then
objShell.run("msiexec /x " & sngVersion & " /qb /norestart"), 0, True
end if
objShell.run("isuninst.exe -f""c:\program files\common files\adobe\acrobat 5.0\nt\uninst.isu"" -c""c:\program files\common files\adobe\acrobat 5.0\nt\uninst.dll"" -a ")

WScript.Quit
---------------------------

Saturday, March 17, 2007

Shutdown Logged Out computer

This is a simple procedure that can be done via WMI or the application. Say you want to shutdown computers in SMS that are logged out. Maybe to save money on long breaks for for whatever reason. Simply send the command:

shutdown.exe -s -t 30 -c "SMS Shutting system down"

If you wish you can run it from the computer or place it in a package and send it down to the computer. This will shutdown in 30 seconds with a warning. If you what you can add the -f to force any applications that might be running to close

Friday, March 16, 2007

Recover Deleted Items in Outlook 2003

When most people delete items in Outlook they really mean to do it. What if someone clears their Deleted Items folder but needs something back. Then the admin must pull backups or try other tricks. If you send down this Reg entry to the machines it will Give you a Recover Deleted items option in Outlook.

--------------------------------------
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Client\Options]"DumpsterAlwaysOn"=dword:00000001
-------------------------------------

Thursday, March 15, 2007

Logged out Background and Screen saver

Here is a simple script that will allow you to have a background when someone is logged out, say company logo or something. It will also set a special screen saver when no one is logged.

Because you are working in the .Default regfile I recommend running this adv when no one is logged on. Changes will not be see until you do a reboot.

Reg file
----------------
Windows Registry Editor Version 5.00
[HKEY_USERS\.DEFAULT\Control Panel\Desktop]
"ScreenSaverIsSecure"="1"
"ScreenSaveTimeOut"="60"
"ScreenSaveActive"="1"
"SCRNSAVE.EXE"="Custom.scr"
"Wallpaper"="CompanyLogo.bmp"

[HKEY_USERS\.DEFAULT\Control Panel\Screen Saver.Slideshow]
"PaintInterval"=dword:00000000
"ChangeInterval"=dword:00001770
"DisplayFilename"=dword:00000000
"MaxScreenPercent"=dword:0000005a
"DisableTransitions"=dword:00000000
"AllowStretching"=dword:00000000
"AllowKeyboardControl"=dword:00000000
"MaxFailedFiles"=dword:000003e8
"MaxSuccessfulFiles"=dword:00010000
"MaxDirectories"=dword:000000c8
"ImageDirectory"="c:\\windows\\screensaver\\"
-------------------------
User.reg
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Control Panel\Desktop]
"SCRNSAVE.EXE"="Custom.scr"
"Tilewallpaper"=0"
"ScreenSaveTimeOut"="600"
"ScreenSaverIsSecure"="1"
"ScreenSaveActive"="1"
------------

user screensaver.reg

[HKEY_CURRENT_USER\Control Panel\Screen Saver.Slideshow]
"PaintInterval"=dword:00000000
"ChangeInterval"=dword:00001770
"DisplayFilename"=dword:00000000
"MaxScreenPercent"=dword:0000005a
"DisableTransitions"=dword:00000000
"AllowStretching"=dword:00000000
"AllowKeyboardControl"=dword:00000000
"MaxFailedFiles"=dword:000003e8
"MaxSuccessfulFiles"=dword:00010000
"MaxDirectories"=dword:000000c8


Install.bat
------------
rem This file must be run as admin since it sets the main default setting for the computer
rem Use company logo for screen saver.
regedit.exe /s no-one.reg
md "%windir%\screensaver\"
copy /y CompanyLogo.jpg"%windir%\screensaver\"
-------------------------

Wednesday, March 14, 2007

Disk Cleanup

Ever wanted to do a disk clean up on your own schedule? Here is some code that will allow you to just that.

Install:
regedit.exe /s disk-cleanup.reg
------------------
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Compress old files]"StateFlags0200"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Content Indexer Cleaner]"StateFlags0200"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Downloaded Program Files]"StateFlags0200"=dword:00000002
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Internet Cache Files]"StateFlags0200"=dword:00000002
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Memory Dump Files]"StateFlags0200"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Microsoft_Event_Reporting_2.0_Temp_Files]"StateFlags0200"=dword:00000002
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Office Setup Files]"StateFlags0200"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Offline Files]"StateFlags0200"=dword:00000002
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Old ChkDsk Files]"StateFlags0200"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Recycle Bin]"StateFlags0200"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Remote Desktop Cache Files]"StateFlags0200"=dword:00000002
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Setup Log Files]"StateFlags0200"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Temporary Files]"StateFlags0200"=dword:00000002
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Temporary Offline Files]"StateFlags0200"=dword:00000002
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\WebClient and WebPublisher Cache]"StateFlags0200"=dword:00000002
------------------------------
Execute:
cleanmgr.exe /sagerun:200


*****************************
Now what does all this mean...
StateFlags0200 is the level or setting I have created. You can have 0001 to 9999 different ways of doing diskclean up.
dword:00000002 Sets this setting to active.

So now you can control what type of file will be cleaned, including the recycle bin if you wanted.
There are more registry keys that you can control than the ones listed above. Now you can force a disk clean up several times a month with different version.

http://support.microsoft.com/kb/315246

Welcome to my Blog

I wanted to create this blog to post information for Systems Management Server (SMS). This blog will focus more on doing things with SMS beyond the normal Application Deployment. There are alot of places like App Deploy that will show you how to deploy an application. I would like to post items that will give you hints, tricks, and tips to utilizing SMS. Granted some of these can be done with Group Policy but with SMS you have the reporting and auditing. Some items I will cover might be as such:
How do you recover deleted items in Outlook 2003 once I have cleared my Deleted items?
How do I change the default screen saver when no one is logged on?
How can I setup the Microsoft VPN client on the computer?
How can I push OBDC setting to a computer?

If I find items from other sources, links and credits will be given when known.

Disclaimer:
As with any scripts, applications, and Registry changes, please test all items before deploying them in a production enviroment. Do not hold me responsible for any problems or errors my code causes to your network or computers. Use the code at your own risk, no warranty.