Saturday, December 31, 2011

Auto Discovery via Script

Ever wanted clients to auto-assign but you didn't know how to do it.
Well there are several ways to do this. You could create an export of all the boundarys, so with a script so the client can determine where it needs to be. Otherwise you can do this:

----------- Reassign.vbs -------------------
Set smsclient = CreateObject("Microsoft.SMS.Client")

Multi-Tier hiearchy. Imaging done at the central site. Computer is assigned during imaging to the Central Site.
At the end of the process run the script and it should auto discovery it's site code based on the boundaries. Obviously if the client stays at the Central site then you have a boundary or other problem that needs to be addressed.

Here is a link to my website that I made several years back. I it is one the slipped my mind until recently.Site Code Assignment

Saturday, December 24, 2011

Forefront Endpoint Protection Update 1 Updates tool

Have you been using Forefront Endpoint protection 2010. Hopefully you have found the time to update to the lastest release, Update 1.

What is critical to this update is the new update tool that allows you to really automate the download and push to the DPs. Before you had to do this manually, created a script or use another 3rd party script.

This tool should be copied to your Bin folder on machine performing the updates or referenced on the command line to run the program.

If you choose to create your own Deployment Management name and package name then you need to follow the switches for the application

SoftwareUpdateAutomation.exe” /AssignmentName FEP2010SignatureUpdates /PackageName FEP2010Signature

If you choose to use the defaults provided by the program then you simply need to run the .exe and sit back and watch. In the programsData folder there should be a log file name softwareupdateautomation.log. In here you can watch the program check the Deployment Management / Package and then download the files and update the DPs as necessary.

I recommend that you check your Deployment settings and set the program to use Binary Replication so you don't push all the files over and over again.

Thursday, November 17, 2011

MMS 2012 Registration is now open!

Book your spot now for MMS 2012 in Las Vegas, hosted at the Venteian.

This is a great time to learn as well as network with your fellow ConfigMgr peers!

space is limited so act now!

Thursday, October 27, 2011

ConfigMgr 2012 RC Released

Configuration Manager 2012 RC has been Released.

Just another step closer to RTM and to full deployment

One thing everyone should note is the Endpoint Protection is not included in the installer:

"System Center 2012 Configuration Manager and System Center 2012 Endpoint Protection are now provided as a single installation package"

Reprinted from Microsoft:Please note: System Center 2012 Configuration Manager and System Center 2012 Endpoint Protection are now provided as a single installation package.
System Center 2012 Configuration Manager helps you to empower people to use the devices and applications they need to be productive, while maintaining corporate compliance and control. As more and more consumer devices enter the workplace, IT faces the challenge of delivering a rich experience to users across multiple devices – both personal and corporate-owned – without giving up the control needed to protect company assets. Configuration Manager provides a unified infrastructure for mobile, physical and virtual environments. Configuration Manager also helps you to be more efficient with simplified administrative tools and improved compliance enforcement.

New features in the release candidate include:

•Improved endpoint protection functionality, with integrated setup, management and reporting of System Center 2012 Endpoint Protection. (see below)
•Improved application catalog design that provides a better, more responsive experience when requesting and downloading applications.
•New support for Windows Embedded devices, including Windows Embedded 7 SP1, POS-Ready 7, Windows 7 Think PC, and Windows Embedded Compact 7.
•Improved compliance enforcement and tracking, with the ability to create dynamic collections of baseline compliance and generate hourly compliance summaries.
•Platform support for deep mobile device management of Nokia Symbian Belle devices. Pending a platform update by Nokia later this calendar year for these devices, customers will be able to try out the management of Nokia devices with Configuration Manager.

System Center 2012 Endpoint Protection (previously known as Forefront Endpoint Protection 2012) protects client and server operating systems against the latest threats using industry-leading malware detection technologies. It is built on System Center 2012 Configuration Manager, giving customers a unified infrastructure for client security and compliance management. This shared infrastructure lowers ownership costs while providing improved visibility through user-centric malware reporting and control over endpoint management and security.

New features in the release candidate include:
•Support for System Center 2012 Configuration Manager, including integrated setup, management, and reporting.
•Role-based management across security and operations.
•Improved alerting and reporting, with near real-time and user-centric data views.
•More efficient delivery of signature updates using new automatic software deployment model.

Friday, September 30, 2011

MP has rejected a policy request from GUID:XXXX

Does your MP Control Manager log have nothing but errors about a machine not registered to the site?


MP has rejected a policy request from GUID:XXXXX-XXXX-XXX-XXX-XXXXXXXXXXXXXX because it was not approved.

Locate the machine by running a SQL query on the database:
select SMS_Unique_Identifier0, Name0 from V_R_System where SMS_Unique_Identifier0 = 'GUID:xxxxx-xxx-xx-xx-xxx-x'

1. Mixed mode: Check to see if machine has been approved in the console
2. Native Mode: Check to see if the client is installed correctly or registered correctly. Also check to make sure the client certificate is correct on the machine

You may need to uninstall the client or repair it if the the data in the console looks correctly. Hopefully the problem will stop after a while and logs will clear out.

Sunday, August 21, 2011

ConfigMgr 2012 Console Extensions

Hopefully this will be one of many SCCM 2012 "Console Extensions". One thing you have already noticed is that 2012 is now Ribbon Based so we can't call them "Right Click" tools. You may already be familiar with Greg Ramsey's Guid Locator method for 2007.

Here is the version I created for 2012. Basically I looped through the XML Console files and create a tools folder and file based on each GUID in the Default section of the Ribbon. This might not be a totally exhaustive list but I think it should be a good start. The file/folders are pulled from the Beta 2 version currently downloaded from Microsoft.

The Zip file is the actions folder and should be extracted in the Actions Folder (
%ProgramFiles%\Microsoft Configuration Manager\AdminUI\XmlStorage\Extensions\Actions)

I hope to update this as the SDK is updateded. This way you can see the changes in the Console Extensions. Once everything is published I hope to see about creating a tool to converted the XML 2007 format to the XML 2012 format, which is slightly different.

Wednesday, August 17, 2011

Role keeps installing.

Role on server keeps installing, every hour. Let's say is it is the MP role, yet in the MPsetup.log file it shows that the role installed sucessfully but the Compmon.log shows that the services are not installed. You also might find the registry entries for the server are not there. If found several errors in the event log as listed below about the performance counter error. After searching I finally located the "repair" command for the performance counter. After several hours I went back and checked and found the server had stopped repairing/reinstalling and the logs look good. All logs were moving as they should. Below is the data I found in the logs and the command to run.

Windows Event Log:

The performance counter explain text string value in the registry is not formatted correctly. The malformed string is #%$*>)@}#. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Can not get the current execution state for component SMS_MP_CONTROL_MANAGER since it is not installed or completed installing.
Can not get the current execution state for component SMS_EXECUTIVE since it is not installed or completed installing.
Can not get the current execution state for component SMS_COMPONENT_MONITOR since it is not installed or completed installing
Can not get the current execution state for component SMS_OUTBOX_MONITOR since it is not installed or completed installing.
Can not get the current execution state for component SMS_MP_FILE_DISPATCH_MANAGER since it is not installed or completed installing.
Waiting until the next polling cycle in 5 seconds from now.
Checking components ...

Installation was successful.

lodctr /r: c:\windows\system32\perfstringbackup.ini

Saturday, July 9, 2011

Where is my collection

Everyone asks in the forum, "I need to find a collection, how do I do that?" Well there are reports that you can run. You can ask your peers where they stuck it or you can look. If you have several levels it can take awhile.

So I decided to come up with a new tool: Where is my collection?

It will help you locate your collection using a simply HTA program. Simply type in a few characters of the collection and it will return the top 100 matches. Then you find your collection and click on the "Locate collection" It will then give you a read out like this:

Root Collection
----Adobe Professional
------Machines still needing Adobe Profressional

It is accomplished by using the SMS_CollectToSubCollect namespace. Generally this is used to create a subcollection. It occured to me that this property is also read only so it was a good choice to use.

I have the tool on my site as stand alone tool since no arguments are passed from the console to the machine via right click, but I have also included how to add this to the console. I only spent several hours on the tool one evening so if you see something that can be improved, please let me know.

Enjoy, and as always, use at your own risk :)

Since this is also echoed in the Advertisments and Packages I could also create a tool or expand this one. Some of this has already been solved in ConfigMgr 2012 so go check it out!!

Wednesday, July 6, 2011

Not all machines in Collection

Did ever create a collection and realize that not all the computers were appearing?
When you create a collection you need to make sure you use:

SMS_R_System.Name or in some cases SMS_R_System.NetbiosName

Using the SMS_G_System_COMPUTER_SYSTEM.Name or other similar options might not reveal all your systems. When creating collections of large amounts of machines use the SMS_R_System.

I have seen large collections lack 1 or even hundres of machines when using a SMS_G_System_XXXXX

Sunday, June 12, 2011

ConfigMgr Beta 2 2010 Release

So are you wanting to see more of ConfigMgr 2012, then download the latest VHD.

VHD Test Drive - System Center Configuration Manager 2012 Beta 2 on Windows Server 2008 R2

See the Ribbon Menu at its best as well as other components as they come along.

Thursday, June 9, 2011

Signature verification failed for PolicyAssignmentID

I will say the sometimes in Native mode I have seen this problem and it was due to a problem with the certificate on the MP but this article assumes you have tested your site system and found no such problem


1. Run Advergtised Programs is blank or partially populated

2. PolicyAgent log : Signature verification failed for PolicyAssignmentID


Locate all the Programs from Packages that have bad OS Requirements. This means if you have a program set to run "All x86 XP workstations as well as x86 XP SP1, x86 SP2. Because you cannot have both All systems as well as the individual versions of the OS. The policy cannot be compiled due to this conflict.

When you check the client it appears to be working fine. It can update hardware but otherwise it looks fine.

Signature verification failed for PolicyAssignmentID {6dc2328f-1dd7-4cc3-95a9-3ca5aa34ec8a}.

The problem is that how do find the offending Program? Well there are many ways but I will just give you the one I used and I am sure I will find a faster way and repost. First connect to machine via Wbemtest (ROOT\ccm\Policy\Machine\requestedConfig). Enum Classes and select Recursive to list everything.

Next find the CCM_Policy_Assignment2 and click on it

Click on the Instances and you should see something similar to this below. Now find the line with your policy. You could create a query to find it but this is a manual approach.

When you find your line click and select "Show MOF" You sould see something like this

instance of CCM_Policy_Assignment2
AssignmentCondition = "{BA0997BC-AA74-498E-8D8E-B0A691F46F6F}";
AssignmentCookie = "2011-06-07 16:53:17.550";
AssignmentID = "{ef6d2778-3b08-4fdf-a989-cc48458c1bd6}";
AssignmentPolicy = "CCM_Policy_Policy4.PolicyID=\"C0220033-C020009D-7D1B5B9B\",PolicyVersion=\"4.00\",PolicySource=\"SMS:P03\"";
AssignmentSource = "SMS:P03";
AssignmentVersion = "4.00";

SELECT TOP 1000 [PolicyID]
FROM [dbo].[SoftwarePolicy]
where PolicyID like '%C0220033%'

Advertisment - PackageID -xxxxxxx

This query will help you find the offending program and now you can find the offending program

Wednesday, May 18, 2011

SCCM 2007 Performance Considerations

Many times in the forum you will see administrators ask how to setup their hard disk arrays for best performance with SCCM. While this is not approached directly in the ConfigMgr documenation it is understood that you should always install the Configuration Manager application on a different drive than your OS. With that in mind, Microsoft has a document that will help with performance considerations for sites between 10,000 and 200,000 machines. If you are running a site less than 1,000 machines you could easily install everything on one drive and not see performance degredation but I would not consider is a best practice.

What is great about this document is the detailed information on Volumes, Raid type and number of disks.

10k clients (Single machine) Configuration
Site Server / management point:
* 2x2 Xeon @ 3 GHz
* SAS write back / read ahead cache (with battery backup) options for all volumes

VolumePurposeRAID Type# of Disks
1Operating System/SQL Server Temp DatabaseRAID 12
2Configuration Manager 2007 installation files and SQL Server site databaseRAID 12

This document and other valuable White papers can be found here:

Exact white paper:
Configuration Manager 2007: Sample Configurations and Common Performance Questions

Please note that the document was created in July 2008 but still contains valuabe information that can be used today! Microsoft cannot keep up with every change in Disk and CPU technology so please adjust as necessary. For this reason Microsoft cannot recommend how to setup every different enviroment because there is no way of knowing the performance of your hardware.

Tuesday, March 29, 2011

Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 as supported platforms for Configuration Manager 2007 Service Pack 2

Looks like Microsoft is set approve the use of Sp1 for 2008 R2 and Win7. There is a hotfix that needs to be installed.

Hopefully no one jumped the gun and installed Sp1 in their enviroment before it was certified by the ConfigMgr group. As a general rule when something new comes out you should look to MS for their 45 to 90 day rule of testing. Once they says it works then you can install/upgrade. This goes for SQL versions.

Running this hotfix on your site systems will add the capabilities you desire. There were problems with this site earlier in the day so keep trying if you have a problem. Many people are dowloading it I bet

Wednesday, January 5, 2011

MMS 2011 session Listing

MMS session listing is up and running:

This morning they had 73, tonight they have 86. There are more sessions added all the time. Look for the list to be complete by the end of the month. Keep checking back for your favorite presenter or topic. You will notice that v.Next is now Configuration Manager 2012 so you might see both titles in the session listing. This is because it was given a formal name after the sessions had been submited.