Friday, December 19, 2008

Addtional AD attributes

If you want to pull additional AD information you simply need to add the AD attribute to the Discovery Agent. Below is an example of adding additional information.

User Discovery

Add department
Add title
Add lastloggedin
etc

Now you can force a User Discovery or wait for the next round. Below is a query that you can use add to the Query Node and show computers and user information. The trick is that you need to create the query with instead of User or Resourse. Like other queries you will not have a right click function because it contains tables other than SMS_R_System.xxxxxx


select SMS_R_System.LastLogonUserName,SMS_R_System.Name, SMS_G_System_COMPUTER_SYSTEM.UserName,SMS_R_User.title , sms_r_user.department from SMS_R_System inner join SMS_R_User on SMS_R_User.Username= SMS_R_System.LastLogonUserName inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId

Sunday, December 14, 2008

SCCM Package stalled on IIS 7 / Server 2008

I admit that I didn't solve this problem, I found the solution via Michelle Chang.

I was trying to push out Blackberry Desktop Manager but for some reason it would just stall. Now before when I had SCCM running under 2003 server it would go so I know it should work. Well after 2 days of hitting my head I did a search like all good IT people and found a post by Michelle Chang. Alot of us have jumped on the 2008 bandwagon and are sorting out issues for admins that come after. This is no different. Here is a copy of the post from TechNet. And yes it solved my problem.

--------------------- From post ----------
I've had a similar problem with this all week and just got this resolved with Microsoft. Package would start downloading to the local cache folder and then hours later I'm left with BIT*.tmp files and a WaitingContent status.



My Setup:

Server 2008, MSCCM 2007 SP1, IIS7, Vista Enterprise



The problem was in the portion of the ApplicationHost.config file. My package had a "Bin" folder nested in the setup files and I removed this line from the section:
I then restarted IIS and redeployed the package successfully.


The problem was in the portion of the ApplicationHost.config file. My package had a "Bin" folder nested in the setup files and I removed this line from the section:




This is the KB for reference:

http://support.microsoft.com/kb/942047/


------------------------------------------------------
Link to original post:
http://social.technet.microsoft.com/Forums/en-US/configmgrswdist/thread/e3c06b14-d0b8-4b4c-9a52-7f920de06f8e/


Hope this helps!

Thursday, December 4, 2008

Can't Re-run Advertisment

Ever notice that some of your advertisements are missing the right click "Re-run" option. If so check the schedule for the advertisment. There is a good chance you have "As soon as possible" in the schedule." Remove it and then refresh. You should now have the re-run option back.

Thursday, November 27, 2008

IIS 7 Reporting Point

Well I had some issues setting up my Server 2008 Reporting point. Part of it could be that I had never used 2008 / IIS7 so I was flying kinda blind. After setting up the reporting point I found that I could only see the web reports when I use the address http://localhost/SMSReporting_XXX if I used the server name in place of the localhost then I would recieve the following error:

"You do not have permission to view this directory or page"
or
“HTTP Error 401.3 – Unauthorized”

Now I thought this was odd since I group "SMS Reporting Users" set for the correct users. Well after searching the web and confirming I had everything setup, I decided to look at everything else.

I found the the section "Authorization Rules" should have the following IIS setting for the SMSReporting_XXX folder in IIS. Authrized roles: "SMS Reporting Users"

As soon as I did this the reporting point accepted a login/pwd and worked with the server

Thursday, November 20, 2008

SCCM Exam

Well yesterday in the middle of repairing a crashed Primary Site I took my SCCM exam

Preparation Guide for Exam 70-401
TS: Microsoft System Center Configuration Manager 2007, Configuring
http://www.microsoft.com/learning/en/us/exams/70-401.mspx

I passed with a 942! This is a little better than what I did on my SMS exam. I was hoping to take the exam in September but things just kept coming up so last week I scheduled my exam. Of course I wasn't expecting a server failure. I was dreading the server problem and how I would do on the test. I had a massive headache by the end of the day but it paid off!!! I wish there were diagrams on the exam. It was hard but good.

I would suggest that people looking at taking the exam brush up on where and what WebDav is used for and authentication between forests.

MMS 2009 Call for sessions

Well ironically I predicted that the Call for session would go live today and it did

http://myitforum.com/cs2/blogs/rtrent/archive/2008/11/20/mms-2009-call-for-sessions-is-live.aspx

I hope to put together another session for this year. The difference is that I will see about doing a co-presentation.

Monday, November 10, 2008

MMS 2009

http://mms-2009.com/

Well it looks like the MMS 2009 site is now up and running. Submit a content survey to help Microsoft and don't forget to register starting Dec 9.

Friday, November 7, 2008

Collection query of multiple collections

Say you want to create a collection that was the combination of multiple collections. Well below is just one method you can use to pull systems from other collections.
You will first need to find the collection IDs and replace xxxxxxx1 with the ids


select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.ResourceId in (select ResourceId from SMS_CM_RES_COLL_xxxxxxx1) or ResourceId in (select ResourceID from SMS_CM_RES_COLL_xxxxxxx2) or ResourceId in (select ResourceID from SMS_CM_RES_COLL_xxxxxxx3)

Tuesday, November 4, 2008

Blog Accepted at techneteventsbloggers.net

Looks like my blog has now been added to the TechNet Events Bloggers

-------------
Your blog was added or updated in our blogger directory with the following information:
Title: Matthew Hudson
Html Url: http://sms-hints-tricks.blogspot.com/
Xml Url: http://sms-hints-tricks.blogspot.com/feeds/posts/default?alt=rss
Description: SMS/SCCM, Beyond Application Deployment is a blog by Matthew Hudson covering SMS 2003 and SCCM 2007 beyond package deployment. Here you will find hints, tips, and tricks to help with managing your infrastructure. It will focus mainly on Reg files, Batch, VbScript, WMI, and possibly other methods.
-------------------- Categories ---------------------
http://TechNetEventsBloggers.net/Bloggers/ITPros.category
http://TechNetEventsBloggers.net/Community/IT_Pros.category
http://TechNetEventsBloggers.net/Community/MCP/MCP.category
-----------------------------------------------------

Advertisment ran even though it was disabled

There are a few times that you might see an advertisment kick off even though it is disabled or set to run in the future, why is that?

Well lets say you set an advertisment to run 3 months in the future and all machines pick it up. A month later a machine is turned off and remains off. The admin discovers a problem and disables the adv or sets the date even farther into the future. When the machine is finally turned on it might not pick up the policy in time to stop and it could kick off. Is this a common occurance, no. It is just a split second decision that the client makes and it chooses wrong. We typically see it with adv that are set to ASAP with no user logged in. The client will execute what it knows to be the correct order until the new policy is retrieved.

Monday, November 3, 2008

MMS 2009

As some of you know I presented at MMS 2008 and I am looking to submit a topic to MMS 2009. Registration begins 12/9/2008

on myITforum a person asked when we expect MMS 2009 to open. Well if you use Google :) you can watch the site slowly come up.

Per when registrations and call for sessions:

Last year it happend just before Thanksgiving. It looks like they are getting ready for it.
https://www.mms-2009.com/wizard/call_for_sessions/wp1.aspx
https://www.mms-2009.com/Callforsessions.aspx - blank
The old text has been ported over now but they need to modify it.
I think it will be announced in the next 2 weeks with the dead line around the end of December again

Watch here for information
https://www.mms-2009.com/public/registrationoverview.aspx

Tuesday, October 28, 2008

MMS 2008 Hands on DVD

This is ironic because I received the DVDs already LOL
-----------------
Dear MMS 2008 Attendee,



We are pleased to inform you that additional collateral has been created and is being sent to you. The MMS 2008 Hands-on Lab Walkthrough DVD contains video recordings of the most popular Hands-on Lab topics offered during the event with an audio commentary, allowing you to review the labs with a step-by-step commentary explaining the key procedures covered. In addition, the DVD contains soft copies of the Hands-on Lab manuals used at the event.



This e-mail serves as confirmation that your MMS 2008 Hands-on Lab Walkthrough DVD set has been shipped and you should be receiving it within 1-2 weeks (International locations may take longer). The DVD set has been sent via the U.S. Postal Service to the address included with your registration information.



If you do not receive your DVD set within the specified time, please e-mail MMS2008HOL@paragongroup.com for further assistance.







Thanks again for your participation in MMS 2008!

Saturday, October 25, 2008

Add computer to a collection

I have vbscript on this blog that will give you the ability to add a computer to a collection but it command line based. I have created a HTA file that has 2 parts.

1. Allows the user to right click on a collection and add multiple computers
2. Allow the user to right click on a computer in a collection or query and add it to multiple collections

The output list is limited to 50 currently but you can change it per your enviroment. Also I am pulling System Resource from "All computers" collection. I am sure this could be modified to add groups and OUs and such.

Here is the link to look at the code and download the program
http://www.sccm-tools.com/tools/rightclick/rightclick-Collectionaddcomputers.html

I have some ideas to improve it so I might be posting those changes here.

Sunday, October 19, 2008

ODBC Report

I have create a MOF extension for SCCM
You will find it here http://www.sccm-tools.com/tools/other/other-ODBCMOF.html on my sccm tools website.

Report Right click tool

Here is an SCCM console extension that could also be used for SMS if changed for the MMC GUID system.

The Tool is designed to allow the admin to run any of the reports. All that is needed is the reporting point server name, the report ID and the values that need to be passed.

report.vbs

Example:
Report.vbs sms-serve1 170 MachineName ##Sub:name##

Currently I have it set for the individual computer and collection GUIDS. This can be added and set to run for almost any one of the guids. Instead of trying to post all the code here I will give you a link to my sccm tools website and you can download the code from there.

http://www.sccm-tools.com/tools/rightclick/rightclick-webreports.html

Right click tool order

What order do the xml files for console extensions execute?

Well they run in alphabetical order. So if you want to add a seperator above and below you tools then you need to make them as say 1.xml and zz.xml

Create the XML line to ready.

Wednesday, October 8, 2008

Exclusions based on a Group or OU

All the computers that are only in the A and not the A & B?
Computer 1 Group A
Computer 2 Group B
Computer 3 Group A+B
Computer 4 Group A+B

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.Name not in (select distinct SMS_G_System_COMPUTER_SYSTEM.Name from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_R_System.SystemOUName = "Group B" ) and SMS_R_System.SystemOUName = "Group A"

Cross link on my blog to other exclusions

http://sms-hints-tricks.blogspot.com/2007/10/excluding-computers-from-collection.html


Monday, October 6, 2008

Helping others with SCCM Errors

I work for The Texas A&M University System Offices (TAMUS) in College Station, TX. We have many universities and Agencies that report directly to us. The closest is Texas A&M University (TAMU), just down the road. Since we are so close we tend to help each other not only in IT but other projects. When I was hired by TAMUS in 2005 I was asked if I could learn SMS 2003 and manage their systems. Well not only did I learn but I became somewhat of the the regional expert and even presented at MMS 2008. I routinely help IT admins at TAMU as they implement SMS/SCCM as well as if they have it implemented and they would like some help with some part of the application.

I recieved an email today from one of the IT admins that had tested SCCM 2007 and was now moving to the actual installation phase. On his Windows 2008 Site server box he attempted to install SCCM 2007 SP1 on a Domain computer only to have an error (Domain Membership)... his computer "needed to be part of a domain."

So I started with some general questions and it struck me that possibly the firewall was on between the systems and it couldn't determine the domain it was on. After having him reconfigure his firewall on the SQL box and the Site server it was able to install. Now we are working to move him into Native mode. Since I was the first to move to SCCM I had already work with the Enterprise group to configure the Certificates for Native and Out of Band Mangement point. I think right now there are about 4 or 5 SCCM servers and 2 SMS servers left over at TAMU. It has been my goal for the last couple of years to get the community of SMS/SCCM IT people together so everyone can learn about it and see how to implement it. I even had them watch my MMS 2008 presentation before I left to give me pointers. In the next 1 or 2 years the campus will modify its AD structure pulling all the domains in to a single domain with departmental OUs and that means a change of how we utilize SCCM. I would hope by that time we can all work together on the single SCCM structure and bring all the computers together. Talk about a challange. Thank you for allowing me to assist you with SMS/SCCM. For every problem we work on, I learn something and I hope they learn something as well.


Tuesday, September 30, 2008

Blog stats


Well I started this blog in March 2007.
In the last 6 months I have had these stats:

15,254 Hits
28,342 Page Views
125 Counties/ Territories (3,596 cities)
Top City: London (591 hits)
Top Key word from search engines: SCCM tools
Top ISP: Road Runner
Top company: Microsoft (This is probably due to the MS Forums)
This is by no means the best blog or the one with the most hits. I though it would be interesting to look at what is going on with it. It gives you a good feeling when someone looks at your work

Friday, September 26, 2008

SCCM support for SQL 2008

SQL Server 2008 is now supported on Configuration Manager 2007 RTM and SP1
System Center Configuration Manager 2007 (RTM and SP1) now supports the use of SQL Server 2008 as a site database. In order to upgrade a site-server database to SQL 2008 there are 2 hot fixes required:
· ConfigMgr 2007 RTM customers must apply hot fix KB955229
· ConfigMgr 2007 SP1 customers must apply hot fix KB955262

The following are requirements when performing a clean install on a SQL Server 2008 database:
· A clean install of ConfigMgr 2007 RTM on a SQL Server 2008 database is not supported. You must first install SQL Server 2005, upgrade to SQL Server 2008 and then apply hot fix KB955229
A clean install of ConfigMgr 2007 SP1 on a SQL Server 2008 database is supported, but should apply hot fix KB955262

Orignal link: http://social.technet.microsoft.com/Forums/en-US/configmgrannouncements/thread/729a17a4-eafa-4c98-b5d5-280aaa063f3a/

Thursday, September 18, 2008

Glitch in Software Distribution SP1

I don't think I saw this in RTM but it might be there.
Here are the steps to reproduce the problem.


1. Right click on your collection and select properties
2. Under membership rules create a new query for the collection
3. Type in the Name and set Resource Class to System Resource
4. Under Collection Limiting select Limit to Collection and browse to a collection to limit
5. Select Import Query Statement select any query to import and click ok
6. Now look at the Collection Limiting, is now set back to No collection limited

Monday, September 15, 2008

update to www.SCCM-tools.com

Well I have made some changes to my site http://www.sccm-tools.com It should be more firefox friendly. I needed to make some changes to the CSS and the Ajax. Take a look and play with the site.

Friday, September 5, 2008

SCCM Backup of a seperate SQL database

When you edit your Backup tasks one item it asks about is where you want to store your Backups for both the site server and the SQL databse. You have 2 options:
1. UNC path
2. Local HD

When you choose option 2 you need to be aware of the context of the backup. The site server will backup to the site server hard disk to your desired folder say c:\xxxx-site. If you set the database to be backup to c:\xxxx-database be aware of it is asking. Checking of you log will show that the backup was completed with no errors yet the folder isn't there. ahh check the SQL server under c:\xxxx-database The SQL database will be saved to its local HD. In this context you need to keep this in mind if you do C:\ of your servers or if prefer go ahead and save both to a UNC path for backup in a single folder

More Excluding Collections

Say you want to create a collection that will be all computer except certian OUs and maybe some other computers:

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.Name not in (select distinct SMS_G_System_COMPUTER_SYSTEM.Name from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_R_System.SystemOUName = "domain/OU/OU" or SMS_R_System.SystemOUName = "domain/OU/OU2" or SMS_G_System_COMPUTER_SYSTEM.Name = "computer2")

now this assumes 1 computer. You could add multiple " or SMS_G_System_COMPUTER_SYSTEM.Name = "computer2") " but this is not really a well formed statement. Other ways to do this is use the "or SMS_G_System_COMPUTER_SYSTEM.Name in ("computer2","computer3") " and so forth.

Don't forget you can also do something like this if you want to exclude an entire collection :

and ResourceId not in (select ResourceID from SMS_CM_RES_COLL_XXXxxxxx)

More cross link of exclusions
http://sms-hints-tricks.blogspot.com/2008/10/exclusions-based-on-group-or-ou.html

Wednesday, September 3, 2008

Help with sccm-tools

Well as some of you have seen I have http://www.sccm-tools.com up but not really running. I need items tested. Take a look at the site and you can use the contact address at the bottom to submit problems and improvements. My hope is to have the site "operational" by Oct 1.

Saturday, August 30, 2008

SCCM R2 Now Available

Well its official, yesterday R2 was released.
Here is the official link
http://technet.microsoft.com/en-us/configmgr/cc761485.aspx
to the site.

SQL Reporting Services
App-V Support
ForeFront client support
--and more


check it out. You must have Software Assurance in order to obtain it. Now it is just a matter of time before all the Software Vendors that supply it can get it to us.

Thursday, August 28, 2008

SCCM Tools

Well I have decided to launch my own website / community. Bascially I will host a site where users can request SCCM tools, download SCCM tools, and have discussions about creating tools.

http://www.sccm-tools.com

Is the URL. I hope to have the site up in the next few weeks. This site will be a beta test so people can just go wild on the site to see what needs to be improved. Then I will delete everything and launch the site. Lets hope it goes well. It isn't easy to launch and IT site for IT people, we are very picky. I can't match myITforum but I don't want to compete with them but work along side. I am hoping this fills a niche where people can locate tools. It seems to be a common question "Where can I find SCCM tools" Where there are my blogs and many places to get them. This won't house all the tools but will have links to those that we can't or don't want to host. There more diverse places you have to download programs the more likely you are to have an older version. So this way we can link to SourceForge or someother "original" location so the author doesn't need to police the we. Nor do we need to hunt for the latest release

Wednesday, August 27, 2008

Request fix for SP1 --fixed!!1

Back in March I talked about a glitch in SCCM.
http://sms-hints-tricks.blogspot.com/2008/03/sccm-collections-with-apostrophes.html
Well I submitted it to Microsoft. They didn't know if they would be able to include it in SP1. Well over the weekend I upgraded to SP1 and it works now!

Yeah for me!

Wednesday, August 20, 2008

Policy Refresh

There are many tools out today that will help you force a policy refresh. I have one here on this blog. I also have an vbscript adv that I can pass to a collection that will run policy refresh on certain machines.

This can all be accomplished on SCCM through the Collection properties. You can now change a collection policy refresh to be different from your global policy. This is nice for test machines, lab machines or anything you want to be able to grab Adv and other information faster than normal.

Tuesday, August 19, 2008

Deploy Shortcut

I give credit to a co-worker of mine. We were deploying Hummingbird (3270 Terminal program) and we needed to create a shortcut to a predefined location for each person.

Here is a vbscript example of how to create a shortcut link on the fly


--------------------------------------------
'declare variables
dim WshShell, fso, oShellLink, strDesktop, strAppData

'set variables
set WshShell = WScript.CreateObject("WScript.Shell")
set fso = CreateObject("Scripting.FileSystemObject")
strDesktop = WshShell.SpecialFolders("Desktop")
strAppData = WshShell.ExpandEnvironmentStrings("%AppData%")

'do they have the profile data in their My Profile Space
if fso.FileExists(strAppData & "\Hummingbird\Connectivity\13.00\Profile\XYZ.hep") then
'create shortcut
set oShellLink = WshShell.CreateShortcut(strDesktop & "\VTAM.lnk")
oShellLink.TargetPath = strAppData & "\Hummingbird\Connectivity\13.00\Profile\VTAM.hep"
oShellLink.WindowStyle = 1
oShellLink.Description = "Hover description here"
oShellLink.Save
else
'they don't have them in the My Profile Space, should I move them there?
end if
--------------------------------------------------

Saturday, August 16, 2008

sms last Hardware Scan < 60 days

Here is a query that will create a collection of computers that have not been seen in 60 days .
This will work in both SCCM and SMS. If the computer has not been inventoried in 60 days or more then it will be placed in this collection.


-------------------
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.Name not in (select SMS_R_System.Name from SMS_R_System inner join SMS_G_System_WORKSTATION_STATUS on SMS_G_System_WORKSTATION_STATUS.ResourceID = SMS_R_System.ResourceId where SMS_G_System_WORKSTATION_STATUS.LastHardwareScan >= DateAdd(dd,-60,GetDate()) )
-------------------------------

Friday, August 15, 2008

Client actions for SCCM

Before I showed you how to launch client actions via VbScript in SMS. The same code can be used. There are some changes to the action names though. Here are the names you should use:

Software Inventory Collection Cycle
MSI Product Source Update Cycle
Hardware Inventory Collection Cycle
Software Updates Assignments Evaluation Cycle
Standard File Collection Cycle
Updates Source Scan CycleDiscovery Data Collection Cycle
Request & Evaluate User Policy
Peer DP Maintenance Task
Request & Evaluate Machine Policy
Software Metering Usage Report Cycle

Monday, August 11, 2008

Level 5 Guide free for short time.

Brian Tucker has decided that he will open the SCCM Guide to all registered users from 10:00 am - 12:00 pm next Wednesday August 13th for the people in the USA and eastern Europe time zones. The guide will also be open from 10:00 pm - 12:00 AM the same day to accommodate the users on the other side of the world.

http://blogcastrepository.com/blogs/brian_tucker/archive/2008/08/07/level-5-limited-event-wednesday-august-13th-2008.aspx

Sunday, August 3, 2008

"##sub:netbiosname## doesn't work

If you moved from SMS 2003 to SCCM 2007 some of your right click tools might use "##sub:netbiosname## for the name of the computer as it is passed from the MMC to a tool. Some of these tools may fail. You will need to change it to "##sub:Name##. Most likely the tool should still function.

Thursday, July 31, 2008

Client action revamp

I have blown this old post away:
http://sms-hints-tricks.blogspot.com/2008/06/client-actions-for-entire-collection.html

I have deleted code for this tool and rewritten from scratch.
I have a problem with textarea tag in that it put breaks
in the text area. Sorry about that. Until I get that fixed you will need to just to do a search and replace. The tool will allow that admin to right click and force an action on a collection or single computer. Unlike other tools for policy and inventory I don't kick the inventory key forcing the machine to do a Full inventory. I kick off a standard Inventory so it will be a delta and fast.

Friday, July 25, 2008

Remote machines

Many times admins need to remote to another machine or work with virtual machines. For the seasoned admin this might be trival but people have asked in the forums so:

CTRL ALT DEL -> CTRL ALT END

When using remote desktop to another machine use CTRL ALT END to force the CTRL ALT DEL function on the other machine.

Monday, July 21, 2008

I have my MMS 2008 DVDs

Wow!! That was fast. One of my female co-workers came down the hall all gitty and handed me the DVDs. Yes I popped it in and listened to myself..yuck. Don't you just hate how you sound. Well I plan to go through the entire DVD Set to see what I can learn :)

Thursday, July 17, 2008

MMS 2008 DVD

Looks like they are on their way!!!!!



Dear MMS 2008 Attendee,

This e-mail serves as confirmation that your MMS 2008 DVD set has been shipped and you should be receiving it within 1-2 weeks (International locations may take longer). The DVD set has been sent via the U.S. Postal Service to the address included with your registration information.

Tuesday, July 15, 2008

SMS to SCCM upgrade and Client Cache Issues

If you perform an upgrade of your SMS 2003 server to SCCM 2007 you should be aware of a potentional problem with your client cache. Client cache is not cleared when the new client is installed. This could cause problems with client tombstoning correctly. There are several ways to fix this. You should do a manual "clear cache" on every system. I know you are laughing... I have a vbscript that clears the cache of a client that can be used with a login script. I am currently working on making it a right click tool. This could be used once the site is upgraded and it could also be used at any time you feel the need to clear the cache of a client.

I have it 90% written, since I plan to use it in my enviroment. I will at a convention in Las Vegas presenting my research in the area of GIS so I won't have time to work on it. I hope to have it done by Friday if not the weekend. I will post it here for those that wish to use it.

Thursday, July 10, 2008

Back to Las Vegas

Well this has absolutely nothing to do with SCCM or SMS but I thought I would share it. I am going back to Las Vegas next week. After spending the week and presenting at MMS 2008, I don't have a real good reason to stay. I will be making just a day trip, yes a day trip from Texas to Nevada. I will be presenting my research in GIS ("Developing A GIS-Based System for Analyzing Medical Transportation Activities ") at the 2008 International Information and Knowledge Engineering Conference. Guess I will be spending my evening practing another presneation :)

Thursday, July 3, 2008

Reasons for Secondaries

The question arises sometimes about why install a secondary site server. Well here is why you would want to do it. This obviously won’t cover all the possibilities:

1. Slow site across the WAN with say 10 or more computers. By installing a secondary and adding a proxy MP to it you can control the chit chat between the clients and the MP. You will also have 1 package pulled down that will then be pulled by the 10 machines

2. Secondary location where it is not necessary to have a primary site. This group of computers could number in the low thousands. Exact numbers depends on the Hardware specs and hierarchy arrangement.

3. You have a site that you can’t afford to have a Primary site. A primary site would require an additional license, SQL connection / Database

4. Maybe you just have that many subnets and you want to disperse what machines grab from what DP / MP.



Example Assignment Scenarios for Configuration Manager: Secondary Sites
http://technet.microsoft.com/en-us/library/bb680569(TechNet.10).aspx

Configuration Manager Site Capacity Planning
http://technet.microsoft.com/en-us/library/bb680869(TechNet.10).aspx


Branch DP: If you have a very small number of computers (100 ) you could opt for a branch DP. Note that this is runs on a client machine. The more computers that connect the slower that persons machine will become.


This does cover Branch DP, shared DPs and such. Just the basics of installing a Secondary Site Server. Be aware that you don’t need to install a MP proxy if you just want the client to pull packages from here. The client will then talk directly to the MP.

Wednesday, July 2, 2008

Usability study for System Center Configuration Manager Users

This was taken from a MS annoucment:


Microsoft Usability is conducting a study focusing on the on design ideas for the next version of System Center Configuration Manager (SCCM) starting July, 2008. Studies will be conducted once every month. Sessions are limited, though we do have openings we are currently scheduling into. This is a great opportunity for SCCM users who have experience working with System Center Configuration Manager to provide feedback and help improve the user experience of SCCM’s next version.



The study will be conducted in a lab setting on Microsoft’s main campus in Redmond, Washington. It is important for you to know that you do not need to prepare anything for this. We want to learn from you, the experts, to determine what needs to be improved in our software.



If you are interested or know someone who could be interested in participating, please email us at itusable@microsoft.com with SCCM in subject line. For information on other studies and to learn more about Microsoft's User Research program email us.



We are considering running some Configuration Manager usability studies in other cities. If you live outside the Puget Sound area and would like to be contacted in the future about studies in your area, please email us at itusable@microsoft.com




--------------------------------------------------------------------------------
Wally Mead

Laptop Collection

When creating a collection for laptops you have to include the "Chassis Type" numbers. The problem with this is that laptops/portables/pen tops all have different enclosures



select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_SYSTEM_ENCLOSURE on SMS_G_System_SYSTEM_ENCLOSURE.ResourceID = SMS_R_System.ResourceId where
SMS_G_System_SYSTEM_ENCLOSURE.ChassisTypes in ( "8", "9", "10", "14" )

You may change this as needed here is the complete list from Micrsoft:

Value Description
1 Other
2 Unknown
3 Desktop
4 Low Profile Desktop
5 Pizza Box
6 Mini Tower
7 Tower
8 Portable
9 Laptop
10 Notebook
11 Hand Held
12 Docking Station
13 All in One
14 Sub Notebook
15 Space-Saving
16 Lunch Box
17 Main System Chassis
18 Expansion Chassis
19 Sub Chassis
20 Bus Expansion Chassis
21 Peripheral Chassis
22 Storage Chassis
23 Rack Mount Chassis
24 Sealed-Case PC

MP does't work after switching from Mixed to Native Mode in SCCM

Many people have discovered that after they migrate to Native Mode that the MP doesn't work or that they clients don't receive advertisements.

This is a known issue that is being worked out. To solve the problem you should uninstall and reinstall the MP. I personally can't say that I have had this problem. We decided that if were going to take the leap to SCCM we would do it with both feet.


http://blogs.technet.com/wemd_ua_-_sms_writing_team/archive/2008/05/30/is-the-documentation-for-migrating-a-site-to-native-mode-missing-a-step-to-uninstall-reinstall-the-management-point.aspx


Granted I work in Higher Education so we don't have many of the same limitations that corporations face. Thank you Microsoft for giving us technology at a lower cost for easier adoption.

Tuesday, July 1, 2008

The Matrix of SCCM

Well I occasionally get called across the room to take a look at a computer log or something dealing with SCCM. As I run down the client logs and jump through them people always ew and ah. First off we are looking via notepad since the log reader is only on the Server and because it looks like just a bunch of junk. As I run through different logs and say.."see here..oh and here" the guys have decided to call it the Matrix. "Hey we see log files but he see a blonde girl." It funny how you get use to looking at log files :)

Rock on Neo!

Friday, June 27, 2008

OU collection tool update

Edit: 12/2008 I have the tool on myITforum under the beta section SCCM OU Collection Creator - Matthew Hudson
----------
Well I had 2 people beta test my collection tool and it work for both of them! I still need to make some more adjustments before I call it ver .2. I would hope that once it is all done and working I can release it to the community for further testing and use. Obviously it will come up short in someones enviroment. I can't test every kind of SCCM structure. If you missed what the tool does:

Running from any computer the program will hook to SCCM and the AD. The user will have the option of selecting any OU tree. Once submitted the program will build the OU struction, with queries, directly into SCCM.

Wednesday, June 25, 2008

SCCM unable to deploy patches to SMS 2003 clients

If you noticed that your 2003 clients were not receiving their patches then you should check out this KB http://support.microsoft.com/kb/954474

This affects only 2003 clients attached to a 2007 architecture.

"You use Microsoft System Center Configuration Manager 2007 or Configuration Manager 2007 with Service Pack 1 (SP1) to deploy updates to Microsoft Systems Management Server (SMS) 2003 clients. In this scenario, the Microsoft Windows Server Update Services (WSUS) Offline Scan Catalog cab file (Wsusscn2.cab) may not correctly synchronize with the site server database when you use the Inventory Tool for Microsoft Updates (ITMU). This problem may prevent the June 10, 2008 security updates from being deployed to SMS 2003 clients."

I am sure there are many of your pulling your hair out wondering...what did I do wrong!!!!

Tuesday, June 17, 2008

SMS 2003 Right click tools on Queries

If you are using SMS 2003 (not SCCM 2007) you have the ability to perform a right click on query outputs. First you must have the Resource ID and Resource Type in the query output. Next you can ONLY have "System Resource" (SMS_R_System) queries. If you use SMS_G_System then the right click will not pass the parameter ###Sub:xxxx## to your application. In SCCM it just won't show you the right click menu correctly.

If you want to use a query to right click and start Resource Explorer/Remote tools you must that the Resource ID and Type in your query.

SCCM Right Click Tools by Rick Houchins

Rick over at MyITforum (a place I love to visit) has updated his Right click tool program.

Version 1.7 (6/17/2008)
http://myitforum.com/cs2/blogs/rhouchins/archive/2008/04/09/sccm-right-click-tools.aspx

I will update this page as he updates the application. It is a very nice collection of tools. I suggest you check it out.

Wednesday, June 11, 2008

Client actions for an entire collection

This page still isn't displaying correclty.
Here is a link on the SCCM tools website
http://www.sccm-tools.com/tools/rightclick/rightclick-clientactions.html


Ok I have deleted this whole section since I re-wrote this tool...

Files: (files names are case sensative)
clientactions.vbs : File that controls everything
Clearcache.vbs : Client clear cache file
Inventory.vbs: Client HW/SW inventory file
Policy.vbs: Client machine policy refresh
Computer.XML : This will be the xml file for right click on a computer
Collection.XML: This will be the xml file for right click on a collection
C:\Program Files\MCNS\ClientActions\ : Location where all the files are stored on the server

7ba8bf44-2344-4035-bdb4-16630291dcf6 - computers
fa922e1a-6add-477f-b70e-9a164f3b11a2 - this GUID is for first-level collections
dbb315c3-1d8b-4e6a-a7b1-db8246890f59 - this GUID is for all subcollections
---
x:\Program Files\Microsoft Configuration Manager\AdminUI\XmlStorage\Extensions
Under this folder create the guid and place the appropriate XML file
-------------------------------------------------------------------------
******Clientactions.vbs***************

******Clearcache.vbs***************



******Inventory.vbs***************



******Policy.vbs***************



******Computer.XML***************



******Collection.XML***************

Sunday, June 8, 2008

Right click Tool: Status Messages

This will work for both SMS or SCCM. This is a neat trick. We will use the status message viewer from Microsoft to look at a computer but with a right click. No longer do you need to run through the MMC.

<ActionGroups>
<actiondescription class="Executable" displayname="Status Messages" mnemonicdisplayname="Status Messages" description="Display machine status messages">
</executable> <filepath>D:\Program Files\Microsoft Configuration Manager\AdminUI\bin\i386\statusmessages.exe <parameters>##SUB:Name## </actiongroups>

D:\Program Files\Microsoft Configuration Manager\AdminUI\XmlStorage\Extensions\Actions\7ba8bf44-2344-4035-bdb4-16630291dcf6\Tools.xml

This needs to go into your XML file in the previous folder. Please consult the MS documentation. This is only the inset not the whole file. You will need to change the location of the file path to C, E, or whatever your drive it.

To make this work in SMS see my section on SMS tools and the MMC registry. You only need to add the path and sub:netbiosname to the script. Now you can right click on a client and get the status messages very easily now. Be aware that this will pull in ALL messages so you will need to click stop or you will be there all day.

If the application has problem the first time you run it then you need to just double click on StatusMessages.exe and type in your server name and ok. Then the tool will work correctly the next time for you.

[Update June 2009]
Well I created this back in 2005 when I first started working with SMS. Well Robert Mitsch has an update which I think is great

The changes are as follows
<FilePath>C:\xxxxxxx\AdminUI\bin\i386\statview.exe</FilePath>
<Parameters>/SMS:Server=\\##SUB:__Server## /SMS:Path=##SUB:__Namespace## /SMS:System=##SUB:Name##</Parameters>

update blog entry: http://sms-hints-tricks.blogspot.com/2009/06/right-click-status-messages.html

Friday, June 6, 2008

Disclaimer

I wanted to make sure I put this on my blog as many people are getting in trouble with their blogs these days:

This blog represents my views and opinions and not those of my employers. Use all code and instructions on this blog at your own risk. There is no warranty or documentation other than what is represented on this site.

A now our feature presentation :)

Wednesday, June 4, 2008

Collections with the same name

In SMS 2003 you probably noticed that you couldn't have the collections with the same name unless they were linked collections. Through one of the tools I was creating I discovered that you can create as many collections with the same name (different IDS) as you want in SCCM 2007. This poses a problem if you have a tool that is searching for a collection name. Now you could have 2 or more collections that have the same name and different IDs.

Saturday, May 31, 2008

SMS / SCCM helpful forums

Here a few of the places I haunt to give or received information

SCCM Forum

SMS Newgroups

MyITForum

Vbscript behavior


Wscript Method wscript x.vbs



Cscript Method cscript x.vbs


Do you have right click tools that run in a command (DOS) box. And you have an "Enter" key function so it will stay open so you can see the data.

There are 2 things you can do.
1. Run with a wscript xxx.vbs
This will force it to use the wscript method and data will be placed in a nice popup box
2. Set the default method for vbscript to wscript
wscript /H:WScript
A popup will tell you that the default is now wscript do the same with a cscript to change it back


This will make some of the right click tools that display information alot easier to read and gives it a more professional look.

Friday, May 30, 2008

SMS OU to Collection Tool

Edit: 12/2008 I have the tool on myITforum under the beta section SCCM OU Collection Creator - Matthew Hudson

Well I have a new tool that I might give to the community to test. I have finished but it is very rough. The basic idea came several years ago when I was creating our SMS collections. We have a collection called Departments. In it I have the different OU represent so I can do limits or deployments. The problem is that we have many departments so I only make a collection as needed. The new tool will query your AD via LDAP. It will look to your SCCM control file for the correct ldap path. It will then give you the structure for you to click on for import. Once you have all your OUS you click import and about 4 to 6 seconds later you have your entire AD struction in SCCM with the queries written for it as well. I have a few bugs to work out but I hope to give it to some people for testing. I think it would be a good tool. Granted most people might only use it 1 or 2 times.

When it gets posted it will most likely be via MyITforum.

SMS Exam

Well after dragging my feet I finally took the SMS Exam 70-089. I passed with a 936. Now on to 70-401, SCCM exam.

Tuesday, May 20, 2008

Internet Based Client setup

Did you already deploy the client to your machines? Did you want to setup some laptops or computers with Internet Based management. Use this vbscript to push the change to the necessary computers:

-------Internetclient.vbs----------------
On Error Resume Next

Dim newInternetBasedManagementPointFQDN
Dim client

newInternetBasedManagementPointFQDN = "foo.com"

set client = CreateObject ("Microsoft.SMS.Client")
client.SetInternetManagementPointFQDN newInternetBasedManagementPointFQDN

' Clear variables.
Set client = Nothing
Set internetBasedManagementPointFQDN = Nothing
--------------------------------------------------------

Tuesday, May 13, 2008

Collections with Maintenance Windows

Here is an update to my previous vbscript file that had collection listings.
This vbscript can be run from the console of SCCM. It will tell you what user a collection is in, what collection a computer is in. You also have the option of seeing if a maintenance window is set to the collection. This is my first version of this. Please let me know any changes

------------------compmain.vbs----------------------
'Matthew Hudson
'There is no warranty, run code at your own risk

''' sytanx: Application ResourceID Option
' option= blank No tag
' option=1 Collections with Maintenance windows will have a *
' option=2 Collections with Maintenance windows will have a description next to them


on error resume next
Dim CollectionArray(100)
Dim MainWindowArray(100)
count=0

Set objArgs = WScript.Arguments
if (objArgs.count > 1) then
Mainoption = wscript.arguments.item(1)
end if
ResourceID = wscript.arguments.item(0)


Set Shell = CreateObject("Wscript.Shell")
Set oFSO = CreateObject("Scripting.FileSystemObject")
Set SWbemLocator=CreateObject("WbemScripting.SWbemLocator")
set SWbemServices = SWbemLocator.ConnectServer("SERVER","root\SMS\site_XXXX")
Set connection= swbemServices
strQuery = "select * from SMS_CollectionMember_a where ResourceID='"+ ResourceID +"'"
Set Collections = SWbemServices.ExecQuery(strQuery)

'''''''''''''''''' move through the collections
for each Collection in Collections
set Collectionfound=SWbemServices.Get("SMS_Collection='" & Collection.CollectionID & "'" )
CollectionArray(count)=Collectionfound.Name
'''''' see if there is a maintenance window
Set collectionSettingsInstance = SWbemServices.Get("SMS_CollectionSettings.CollectionID='" & Collection.CollectionID &"'" )
Set allCollectionSettings = connection.ExecQuery("Select * From SMS_CollectionSettings Where CollectionID = '" & Collection.CollectionID & "'")
If allCollectionSettings.Count > 0 then
MaintenanceWindowArray = collectionSettingsInstance.ServiceWindows
'wscript.echo Collectionfound.Name & len(MaintenanceWindowArray(0).Name)
if Mainoption="2" then
MainWindowArray(count)=MaintenanceWindowArray(0).Description
end if
if Mainoption="1" then
MainWindowArray(count)="*"
end if
end if

count=count+1
Next
'''''''''''''''
'Sort Collection list
for i = count - 2 To 0 Step -1
for j= 0 to i
if CollectionArray(j)>CollectionArray(j+1) then
temp=CollectionArray(j+1)
temp2=MainWindowArray(j+1)
CollectionArray(j+1)=CollectionArray(j)
MainWindowArray(j+1)=MainWindowArray(j)
CollectionArray(j)=temp
MainWindowArray(j)=temp2
end if
next
next
''' print out the collection listing
For NC = 0 to count-1
WhatCollections= WhatCollections & CollectionArray(NC) & " " & MainWindowArray(NC) & VbCrLf

Next
Wscript.echo WhatCollections

'''''''''''''''


'
-------------------------------------
<ActionDescription Class="Group" DisplayName="MCNS" MnemonicDisplayName="MCNS" Description="MCNS Tools" SqmDataPoint="100">

<ActionGroups>
<ActionDescription Class="Executable" DisplayName="Collection Listing" MnemonicDisplayName="Collection Listing" Description="Display machine Collection membership">
<Executable>
<FilePath>C:\Program Files\MCNS\collections\compmain.vbs</FilePath>
<Parameters>##SUB:ResourceID## 1</Parameters>
</Executable>
</ActionDescription>
</ActionGroups>
</ActionDescription>


If the tool vbscript just runs a black box and disappears then check out this link

http://sms-hints-tricks.blogspot.com/2008/05/vbscript-behavior.html

Friday, April 25, 2008

Where are you?

Sorry I haven't posted in a while. I have been working on my MMS 2008 presentation and it doesn't help my family moved and we have no internet at the new house. I have my Blackberry tethered to the computer so I can get internet access. oh how slow 115kbs is. Of course I started out with a 2400 baud modem back in the day.

Friday, April 11, 2008

MMS presentation prep

Well I have most of my stuff ready for MMS. I received my copyright release from Dell that allows me to use information from them in my presentation. I just need the MS Legal and my Legal office to hammer out the contract. Then I am on my way. Woho...

Wednesday, April 2, 2008

Collection tool change

http://sms-hints-tricks.blogspot.com/2007/11/sms-tool-what-collection-is-computer-in.html

Well I have updated my Collection tool. Now it will have the collections sorted and I have the code to add it to the SCCM Console.

Rememeber this tool will work for computers and Users

Sunday, March 30, 2008

SMS / SCCM Books

I have been asked if I have any SMS or SCCM books.
Well in the beginning I typically purchase the companion guide that is produced. I haven't purchansed other books. I do read alot of tech articles and community posts that help out. Below is just one link to a collection of SMS/SCCM books. Many of the scripts that worked for SMS 2003 will continue to function in SCCM.


http://faqshop.com/books/smsbooks.htm

System Center Configuration Manager 2007 Administrator's Companion

Mastering System Center Configuration Manager 2007 R2

System Center Configuration Manager (SCCM) 2007 Unleashed

System Center Configuration Manager 2007 R3 Complete

Tuesday, March 18, 2008

SCCM SDK

The Configuration Manager 2007 Software Development Kit (SDK) has been released and is now available on the Microsoft Download Center:

http://www.microsoft.com/downloads/details.aspx?FamilyId=064A995F-EF13-4200-81AD-E3AF6218EDCC&displaylang=en

This concludes the beta program for this release. Please discontinue use of and remove all copies of the pre-release builds.

Thank you for your participation and feedback.
-ConfigMgr SDK Team-

Wednesday, March 5, 2008

SCCM Collections with apostrophes '

In SMS you could have a collection with an apostrophe but in SCCM you currently can't do limited queires based on the collection.

Example:

Example 1
Collection: Bob's Department
Limted: Not limited
Query:xxxxxxxxxx

Example 2
Collection: Departments
Limted: Bob's Department
Query:xxxxxxxxxx

If you created a collection with a limit based on a collection that has an apostrophe the Admin UI will crash. Sorry. Hopefully this will be corrected in SP1. This had to do with passing the characters safely.

Monday, March 3, 2008

MMS 2008 presentation

Well I have been working on my presentation. Hopefully it goes well. I gave it to several people that I know work with both SMS and SCCM and they were impressed. None of them had extended like I had. Now I am sure their are others that have done more than I have. Lets see how it goes in April.

Thursday, February 14, 2008

SCCM Client Certificate Problems

Do you have a client that refuses to finish the install of the SCCM client because the certificate doesn't have a private key?

There are 2 different solutions. The easiest is to check the cert store under personnal and see if there are any invalid certs. Delete and restart. The other is a more dangerous solution but will correct the problem

I only recommend this solution if you see all the of the following problems:
CCM Setup Log:
Client sucessfully installed
Applicationn Event Log:

Automatic certificate enrollment for local system failed to enroll for one Computer
certificate (0x80090016). Keyset does not exist

ClientIDManagerStartup:
Certificate issued to 'computer.domain.com' doesn't have private key.
RegTask: Failed to get certificate. Error: 0x80040280
RegTask: Failed to get certificate. Error: 0x80040281
Error initializing client registration (0x80040222).


Solution:
Stop the Crypto Service
Rename the folders under the Crypto Folder
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto

Restart the machine and watch the ClientIDManagerStartup log

See this other post on Certification issues
http://sms-hints-tricks.blogspot.com/2009/03/native-machine-will-not-pull-down.html

Monday, February 11, 2008

Sessions for MMS 2008

I have been selected to present MMS 2008. A very big honor and I hope I will do well. I have never been, nor have I presented in front of more than say 50 people. Besides the scare factor it should be nice. I guess I will need to start pulling information together I might post some of my topics here as well as use some of my previous topics.




https://www.mms-2008.com/public/headlines.aspx
SY34 SMS / SCCM: Beyond Package Deployment
Speaker(s): Matthew Hudson
Track(s): Systems Management
Session Type(s): Breakout
Products(s): Configuration Manager 2007, Windows PowerShell
SMS / SCCM can do more than just the standard package/patch deployment. Here we will discuss tool development in scripting languages and .NET and how to utilize these tools through the SMS/SCCM MMC add-on, via Windows services or as a stand-alone tool. See how creating and deploying script files, special registry files, BIOS modifications (using the Dell OMCI) and custom HTA popup messages to users can expand the usefulness of SMS/SCCM. Learn how MIF/MOF data can be used to trigger special collection changes as well as the use of special collections and queries to aid in the computer management process. Learn about what other free tools have been created for SMS/SCCM to help with the management process.

Tuesday, February 5, 2008

SMS tools and the Netbios name

Have you ever created a SMS tool that passes the NetBios name but realize that sometimes it doesn't work. Test after test shows the Netbios name not working.


"CommandLine"="wscript.exe \"c:\\Program Files\\xxx " ##SUB:NetBIOSName## "

If your right clicking on a query and it fails then you have a SMS_G_System in your query. You can only have items from SMS_R_System. Anything else and for some reason SMS can no longer pass the netbios name...

Thursday, January 31, 2008

"Run Advertised Programs" with a limited account

If you have SCCM installed and you have an advertisement that has no manditory time then the user will see it in the Run Advertised programs (or add/remove depending on their settings) An issue has occured that if you are running in a locked down enviroment you might have a problem when sending advs down. We have our systems locked down so only a very few systems have Admin Rights. Even the IT dept runs with limited rights. We only use our admin account when necessary. The problem arises if you have this situation:

User only mode
No Manditory time on Advertisement
No Network Access Account

Bits 2.5 will fail at 99% or just not even start. Even though the Access Account is not used it prevents the download from occuring. When the same settings are used with an admin the problem is not seen. The solution is to configure a user account for use as the Network Access Account and downloads will work. Hopefully this will be fixed in the SP1 that should be out First Quarter of 2008

Wednesday, January 23, 2008

SCCM upgrade II

Well it seems I have it up and running, now I just need to configure everything. Seems that I needed the Enterprise AD admins to grant some permissions on the certificates for us little people. I was seeing that my certificate was not a valid cert and that SLL Client Authentication was not on the cert. As soon as that was solved I was able to add 2 computers to the SCCM computer collection. Of course it was well after work and I was very happy after fighting it for 3 days.

Monday, January 21, 2008

SCCM upgrade problems

Well I ran into some problems today while working on my SCCM upgrade. Seems I have a MP problem. It looks like my certificate might not have all the necessary options such as Client Authentication. I am waiting for the Enterprise guys to check the certificate. It is all install correctly and working but alas the clients can't talk to the server. There are multiple certificate problems. Well I will let you know exactly what was wrong and how I fixed it

Thursday, January 3, 2008

Patch Managment, the restart method

I have been asked and responded many times on various forums on how I do my patch management. Granted every organization is different so take it with a grain of salt. In an organization that is only 8am to 5pm with some people working late or early and where IT has been been given the power to control the machines on Patch Tuesday from 8pm to 6am here is what I do.

1. My patches are set to pre authorize and not have any user interaction
2. Patches are approved and setup to install by 4pm on Patch Tuesday
3. A system scan is done at 4:30pm when I can be assured the computers are on
4. A WOL packet is sent all over the state to all machines by 6pm, we have an inhouse software for this
5. A system scan is done at 7:30pm when I can be assured the computers are on
6. At 8pm all logged out machines are started and restarted when complete
7. At 11pm all logged on machines are patched and restarted when complete
8. At 1 AM all machines are restarted and scanned and patched again.
9. This is done every 3 hours until 5am when they are all set to stop. This insures that if a computer failed to install a patch that it will retry and have a restart if something happened
10. At 9:30AM a system scan is done for the morning report
11. At 10am patch install is set to install logged in/logged out but popup a message to the user for a restart


Out side of this we have a collection for each MS07-0XX patch and a Collection that has the previous scan package version. This is so we can target HTA popup messages. On unscanned machines (scan package version is current -1) we push a message box as soon as it comes on line and so the users understands a scan is about to start and then a patch will begin. On Thursday we send down a popup for the MS07-0XX patch subcollections with apopup telling the user they are missing a patch and to be aware it will attempt to install. If they recieve it more than 3 times they are to notify us. This means a patch is having an issue and IT needs to check it out.

This requires many complex collections and adv but we can have more than 80% patched the night of patch tuesday and then catch the rest later. These could be laptops, computers in closets, or messed up machines.