Brandon Linton @ myITforum

Breaking stuff from the inside out!
Microsoft Assessment and Planning Toolkit 6.5 Now Available

Simplify cloud migration planning with MAP Toolkit 6.5

The Solution Accelerators team is pleased to announce the Microsoft Assessment and Planning (MAP) Toolkit 6.5 is now available for download.

Download the MAP Toolkit 6.5.

The journey to the cloud is now smoother than ever with the Microsoft Assessment and Planning (MAP) Toolkit 6.5. The MAP Toolkit’s new capabilities help users to securely assess heterogeneous IT environments while enabling the evaluation of workloads for migration to Microsoft’s private and public cloud platforms. Consolidate existing server workloads using the updated Microsoft Private Cloud Fast Track capacity planning feature. The Database Consolidation Appliance Assessment allows you to simplify SQL Server migration planning for the private cloud. The revamped Azure Migration feature in MAP 6.5 provides more in-depth analysis of the suitability of migrating on-premises applications to the Windows Azure platform. Additional new features in MAP 6.5 include the discovery of active Windows® devices, Software Usage Tracking for Forefront® Endpoint Protection (FEP), and the discovery of Oracle instances on Itanium-based servers with HP-UX to assist in the planning of migration to SQL Server®.

MAP HomePage: http://technet.microsoft.com/en-us/solutionaccelerators/dd537566.aspx

Posted: Dec 06 2011, 12:43 PM by brandonlinton | with no comments
Filed under:
ConfigMgr 2012–Move Console Items

For those of you that might be interested in Moving objects around in your ConfigMgr 2012 Hydration or test labs the following should help guide you on how to Move Console Items in ConfigMgr 2012. There is a decent amount of available options and I will try and provide them in the below table:

ObjectType ObjectTypeName
5000 SMS_Collection_Device
5001 SMS_Collection_User
31 SMS_Application
2 SMS_Package
17 SMS_StateMigration
9 SMS_MeteredProductRule
11 SMS_ConfigurationItem
2011 SMS_ConfigurationBaselineInfo
7 SMS_Query
1011 SMS_SoftwareUpdate
25 SMS_Driver
23 SMS_DriverPackage
18 SMS_ImagePackage
14 SMS_OperatingSystemInstallPackage
19 SMS_BootImagePackage
20 SMS_TaskSequencePackage

Below are the required parameters for Moving Console Items:

InstanceKeys, ContainerNodeID, TargetContainerNodeID, ObjectType

The itemObjectID in this scenario is the collection ID of the collection I want moved.  You can find this information in the console by Right clicking and going to properties of the collection to retrieve the collection id or by querying the class in WMI.

The TargetContainerNodeID can be retrieved from the appropriate instance of the  SMS_ObjectContainerNode class in WMI. Simply look for the ContainerNodeID of the folder that you want your object moved to for this parameter.

The following is an example script moving a collection to a Device Collection Folder created previously.  Use the table above to move any console item.

Or you can download the script from the following Link.

Disclaimer: This code was created and tested on ConfigMgr 2012 (Beta) 2 and is subject to change.

'/////////////////////////////////////////////////////////////////////////////////////////////////////
'//
'// Script: MoveConsoleFolderItem.vbs
'//
'// Purpose: Used to Move Console Folder Items
'//
'// Usage: cscript MoveConsoleFolderItem.vbs
'//
'// Version: 1.0 - 04 Sept 2011 - Brandon Linton
'//
'// Disclaimer: This script is provided "AS IS" with no warranties, confers no rights and
'//             is not supported by the authors or Inkbal Consulting, LLC.
'//
'//
'/////////////////////////////////////////////////////////////////////////////////////////////////////


' Setup a connection to the local provider.
Set swbemLocator = CreateObject("WbemScripting.SWbemLocator")
Set swbemconnection= swbemLocator.ConnectServer(".", "root\sms")
Set providerLoc = swbemconnection.InstancesOf("SMS_ProviderLocation")

For Each Location In providerLoc
    If location.ProviderForLocalSite = True Then
        Set swbemconnection = swbemLocator.ConnectServer(Location.Machine, "root\sms\site_" + Location.SiteCode)
        Exit For
    End If
Next

    '// Move Console Folder item
    Call MoveConsoleFolderItem(swbemconnection, "C0100108", 5000, 0, 16777220)

Sub MoveConsoleFolderItem(Connection, itemObjectID, ObjectType, SourceContainerNodeID, DestinationTargetContainerNodeID)

     Dim objInParam, objOutParams, objInstance, sourceItems

     On Error Resume Next

    ' Moving only one folder.
    sourceItems = Array(itemObjectID)

    ' Obtain the class definition object of a SMS_ObjectContainerNode object.
    Set objInstance = swbemconnection.Get("SMS_ObjectContainerItem")

    If Err.Number<>0 Then
    Wscript.Echo "Couldn't get container node item class"
    Exit Sub
    End If

    ' Set up the in parameters
    Set objInParam = objInstance.Methods_("MoveMembers").inParameters.SpawnInstance_()
    'wscript.echo sourceItems(0)
    objInParam.Properties_.Item("InstanceKeys") = sourceItems
    objInParam.Properties_.Item("ContainerNodeID") = SourceContainerNodeID
    objInParam.Properties_.Item("TargetContainerNodeID") = DestinationTargetContainerNodeID
    objInParam.Properties_.Item("ObjectType") = ObjectType

    ' Call the method.
    Set objOutParams = swbemconnection.ExecMethod("SMS_ObjectContainerItem","MoveMembers",objInParam)

    ' Return Results
    If objOutParams.ReturnValue<>0 Then
    Wscript.echo "Collection Failed to Move"
    Else
    Wscript.echo "Collection Moved Successfully!"
    End if

End Sub

ConfigMgr 2012–Create Console Folder Items

For those of you that might be interested in automating some of your folder structures for your ConfigMgr 2012 Hydration or test labs the following should help guide you on how to create Console Folder Items in ConfigMgr 2012. There is a decent amount of available options and I will try and provide them in the below table:

ObjectType ObjectTypeName
5000 SMS_Collection_Device
5001 SMS_Collection_User
31 SMS_Application
2 SMS_Package
17 SMS_StateMigration
9 SMS_MeteredProductRule
11 SMS_ConfigurationItem
2011 SMS_ConfigurationBaselineInfo
7 SMS_Query
1011 SMS_SoftwareUpdate
25 SMS_Driver
23 SMS_DriverPackage
18 SMS_ImagePackage
14 SMS_OperatingSystemInstallPackage
19 SMS_BootImagePackage
20 SMS_TaskSequencePackage

Below are the required parameters for creating Consoler Folders:

Name, ObjectType, ObjectTypeName, parentContainerNodeID

The following is an example script creating A Application Console Folder Item Structure. Use the table above to create any console folder item you would like to have.

Or you can download the script from the following Link.

Disclaimer: This code was created and tested on ConfigMgr 2012 (Beta) 2 and is subject to change.

'/////////////////////////////////////////////////////////////////////////////////////////////////////
'//
'// Script: CreateConsoleFolderItem.vbs
'//
'// Purpose: Used to Create console Folder Items
'//
'// Usage: cscript CreateConsoleFolderItem.vbs
'//
'// Version: 1.0 - 04 Sept 2011 - Brandon Linton
'//
'// Disclaimer: This script is provided "AS IS" with no warranties, confers no rights and
'// is not supported by the authors or Inkbal Consulting, LLC.
'//
'//
'/////////////////////////////////////////////////////////////////////////////////////////////////////

Dim objFolder, NewContainerNodeID, aNewContainerNodeID, newfolder, newfolderpath

' Setup a connection to the local provider.
Set swbemLocator = CreateObject("WbemScripting.SWbemLocator")
Set swbemconnection= swbemLocator.ConnectServer(".", "root\sms")
Set providerLoc = swbemconnection.InstancesOf("SMS_ProviderLocation")

For Each Location In providerLoc
If location.ProviderForLocalSite = True Then
Set swbemconnection = swbemLocator.ConnectServer(Location.Machine, "root\sms\site_" + Location.SiteCode)
Exit For
End If
Next

'// Create Application Console Folders
'// Create Application Console Root Folder
Call CreateConsoleFolder(swbemconnection, Location.SiteCode & " - Applications", 31, "SMS_Application",0)

'// Set Root Folder Variable for use later
set aNewContainerNodeID = NewContainerNodeID

'// Create Application Console Folders under Root Folder
Call CreateConsoleFolder(swbemconnection, "Adobe", 31, "SMS_Application", NewContainerNodeID)
Call CreateConsoleFolder(swbemconnection, "Microsoft", 31, "SMS_Application", aNewContainerNodeID)
Call CreateConsoleFolder(swbemconnection, "Oracle", 31, "SMS_Application", aNewContainerNodeID)
Call CreateConsoleFolder(swbemconnection, "Dell Inc.", 31, "SMS_Application", aNewContainerNodeID)
Call CreateConsoleFolder(swbemconnection, "Cisco", 31, "SMS_Application", aNewContainerNodeID)
Call CreateConsoleFolder(swbemconnection, "Citrix", 31, "SMS_Application", aNewContainerNodeID)
Call CreateConsoleFolder(swbemconnection, "7zip", 31, "SMS_Application", aNewContainerNodeID)

Sub CreateConsoleFolder(swbemconnection, name, objectType, objectTypeName, parentContainerNodeID)

Set newfolder = swbemconnection.Get("SMS_ObjectContainerNode").SpawnInstance_()
newfolder.Name = name
newfolder.ObjectType = objectType
newfolder.ObjectTypeName = objectTypeName
newfolder.ParentContainerNodeID = parentContainerNodeID

set newfolderpath = newfolder.Put_
set NewContainerNodeID = newfolderpath.Keys("ContainerNodeID")

End Sub

ConfigMgr 2012–Create Static Collection Script

For those of you that might be interested in automating some of your collections for your ConfigMgr 2012 Hydration or test labs the following should help guide you on how to create static configmgr collections. There have been a few changes with collections in ConfigMgr 2012 which make the process of scripting collections slightly different.

First there are no more subcollections so we no longer have to supply the ParentCollection Property.

Secondly collections are split up into two different groups which cannot be mixed together, Device and user groups. There is a property to specify which type of collection you want to create called CollectionType that accepts the following parameters: “1 = User, 2 = Device”.

Lastly every collection has to be limited to another collection regardless of the type of collection being created. If you are creating a device collection then you need to limit that collection to another device collection and the same applies to user based collections they need to be limited to user based collections.

Below are the required parameters for creating a static collection:

Name, Comment, OwnedByThisSite, CollectionType, LimitToCollectionID

The following is an example script creating both a Device and User Collection.

Or you can download the script from the following Link.

Disclaimer: This code was created and tested on ConfigMgr 2012 (Beta) 2 and is subject to change.

'/////////////////////////////////////////////////////////////////////////////////////////////////////
'//
'// Script: CreateStaticCollections.vbs
'//
'// Purpose: Used to Create Static Collections
'//
'// Usage: cscript CreateStaticCollections.vbs
'//
'// Version: 1.0 - 04 Sept 2011 - Brandon Linton
'//
'// Disclaimer: This script is provided "AS IS" with no warranties, confers no rights and
'//             is not supported by the authors or Inkbal Consulting, LLC.
'//
'//
'/////////////////////////////////////////////////////////////////////////////////////////////////////

' Setup a connection to the local provider.
Set swbemLocator = CreateObject("WbemScripting.SWbemLocator")
Set swbemconnection= swbemLocator.ConnectServer(".", "root\sms")
Set providerLoc = swbemconnection.InstancesOf("SMS_ProviderLocation")

For Each Location In providerLoc
    If location.ProviderForLocalSite = True Then
        Set swbemconnection = swbemLocator.ConnectServer(Location.Machine, "root\sms\site_" + Location.SiteCode)
        Exit For
    End If
Next

    '// Create Static Device Collections
     Call CreateStaticCollection(swbemconnection, "New Static Device collection", "New Static Device collection Comment", true, 2, "SMS00001")
   
    '// Create Static User Collections
     Call CreateStaticCollection(swbemconnection, "New Static User collection", "New Static User collection Comment", true, 1, "SMS00004")
 
Sub CreateStaticCollection(swbemconnection, newCollectionName, newCollectionComment, ownedByThisSite, CollectionType, ExistingLimitToCollectionID)

   
    '// Create the collection.
    Set newCollection = swbemconnection.Get("SMS_Collection").SpawnInstance_
    newCollection.Name = newCollectionName
    newCollection.Comment = newCollectionComment
    newCollection.OwnedByThisSite = ownedByThisSite
    newCollection.CollectionType = CollectionType
    newCollection.LimitToCollectionID = ExistingLimitToCollectionID
     
    '// Save the new collection and save the collection path for later.
    Set collectionPath = newCollection.Put_   
   
       
    '// Get the collection.
    Set newCollection = swbemconnection.Get(collectionPath.RelPath) 
 
    '// Call RequestRefresh to initiate the collection evaluator.
    newCollection.RequestRefresh False
   
End Sub

ConfigMgr 2012–Create Dynamic Collection Script

For those of you that might be interested in automating some of your collections for your ConfigMgr 2012 Hydration or test labs the following should help guide you on how to create dynamic configmgr collections.  There have been a few changes with collections in ConfigMgr 2012 which make the process of scripting collections slightly different.

First there are no more subcollections so we no longer have to supply the ParentCollection Property.

Secondly collections are split up into two different groups which cannot be mixed together, Device and user groups.  There is a property to specify which type of collection you want to create called CollectionType that accepts the following parameters: “1 = User, 2 = Device”.

Lastly every collection has to be limited to another collection regardless of the type of collection being created.  If you are creating a device collection then you need to limit that collection to another device collection and the same applies to user based collections they need to be limited to user based collections.

Below are the required parameters for creating a dynamic collection:

Name, Comment, OwnedByThisSite, CollectionType, LimitToCollectionID, queryForRule, ruleName

The following is an example script creating both a Device and User Collection.

Or you can download the script from the following Link.

Disclaimer: This code was created and tested on ConfigMgr 2012 (Beta) 2 and is subject to change.

'/////////////////////////////////////////////////////////////////////////////////////////////////////
'//
'// Script: CreateDynamicCollections.vbs
'//
'// Purpose: Used to Create Dynamic Collections
'//
'// Usage: cscript CreateDynamicCollections.vbs
'//
'// Version: 1.0 - 04 Sept 2011 - Brandon Linton
'//
'// Disclaimer: This script is provided "AS IS" with no warranties, confers no rights and
'//             is not supported by the authors or Inkbal Consulting, LLC.
'//
'//
'/////////////////////////////////////////////////////////////////////////////////////////////////////


' Setup a connection to the local provider.
Set swbemLocator = CreateObject("WbemScripting.SWbemLocator")
Set swbemconnection= swbemLocator.ConnectServer(".", "root\sms")
Set providerLoc = swbemconnection.InstancesOf("SMS_ProviderLocation")

For Each Location In providerLoc
    If location.ProviderForLocalSite = True Then
        Set swbemconnection = swbemLocator.ConnectServer(Location.Machine, "root\sms\site_" + Location.SiteCode)
        Exit For
    End If
Next

    '// Create Dynamic Device Collections
    Call CreateDynamicCollection(swbemconnection, "New Dynamic Device Collection", "New Dynamic Device Collection Comment", true, "SELECT * from SMS_R_System", "New Rule Name", 2, "SMS00001")

    '// Create Dynamic User Collections
    Call CreateDynamicCollection(swbemconnection, "New Dynamic User Collection", "New Dynamic User Collection Comment", true, "SELECT * from SMS_R_User", "New Rule Name", 1, "SMS00004")

Sub CreateDynamicCollection(swbemconnection, newCollectionName, newCollectionComment, ownedByThisSite, queryForRule, ruleName, CollectionType, ExistingLimitToCollectionID)

   
    '// Create the collection.
    Set newCollection = swbemconnection.Get("SMS_Collection").SpawnInstance_
    newCollection.Name = newCollectionName
    newCollection.Comment = newCollectionComment
    newCollection.OwnedByThisSite = ownedByThisSite
    newCollection.CollectionType = CollectionType
    newCollection.LimitToCollectionID = ExistingLimitToCollectionID
     
    '// Save the new collection and save the collection path for later.
     Set collectionPath = newCollection.Put_ 

    '// Create a new collection rule object for validation
     Set queryRule = swbemconnection.Get("SMS_CollectionRuleQuery")

    '// Validate the query (good practice before adding it to the collection).
    validQuery = queryRule.ValidateQuery(queryForRule)

    '// continue with processing, if the query is valid.
    If validQuery Then

    '// Create the query rule.
     Set newQueryRule = QueryRule.SpawnInstance_
     newQueryRule.QueryExpression = queryForRule
     newQueryRule.RuleName = ruleName

    '// Add the new query rule to a variable.
     Set newCollectionRule = newQueryRule 
           
        '// Get the collection.
        Set newCollection = swbemconnection.Get(collectionPath.RelPath) 
 
    '// Add the rules to the collection.
     newCollection.AddMembershipRule newCollectionRule


    '// Call RequestRefresh to initiate the collection evaluator.
     newCollection.RequestRefresh False
    End If

End Sub

Microsoft Security Advisory “DigiNotar” (2607712) Removal

A recent Security Advisory is getting some attention and there are a few easy ways to remove the certificate files that are present and allowing the spoofing scams.  Below are two different code examples on how to remove these certficates.

http://www.microsoft.com/technet/security/advisory/2607712.mspx

Powershell:

$certs = dir cert:\LocalMachine\Root | where {$_.Subject -match "DigiNotar Root CA" -OR $_.Subject -match "DigiNotar Root CA G2"}

If ($certs -ne $Null)
{
   Foreach ($cert in $Certs)
   {
   $store = New-Object System.Security.Cryptography.X509Certificates.X509Store "Root","LocalMachine"
   $store.Open("ReadWrite")
   $store.Remove($cert)
   $store.Close()
   }
}

Console Application:

using System;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.IO;

public class X509store2
{
    public static void Main(string[] args)
    {
        //Create new X509 store called teststore from the local certificate store.
        X509Store store = new X509Store("ROOT", StoreLocation.LocalMachine);
        store.Open(OpenFlags.ReadWrite);

        //Loop through the certs
        foreach (X509Certificate2 cert in store.Certificates)
        {
           // Console.WriteLine("");
           //Console.WriteLine("SubjectName:" + cert.SubjectName.Name);

            if (cert.SubjectName.Name.Contains("DigiNotar Root CA"))
            {
                Console.WriteLine("Removed: " + cert.SubjectName.Name);
                store.Remove(cert);
            }
        }

        //Close the store.
        store.Close();
    }
}

Posted: Aug 30 2011, 09:50 PM by brandonlinton | with no comments
Filed under:
SMP: Failed to import the client certificate store (0x80070005)

So I ran into an interesting issue today with a client working an SMP issue.  We checked all of the usual items KB977203 or KB977384 installed check,  Ccmcertfix.exe ran check, SMP installed and healthy verified server logs etc… After some digging around on the client we noticed that it was failing with an access denied message in the smsts.log

Loading client certificates.
::DecompressBuffer(65536)
Decompression (zlib) succeeded: original size 3014, uncompressed size 3211.
this->hCertStore != NULL, HRESULT=80070005 (e:\nts_sms_fre\sms\client\osdeployment\osdsmpclient\smpclient.cpp,880)
m_ClientInfo.init(), HRESULT=80070005 (e:\nts_sms_fre\sms\client\osdeployment\osdsmpclient\smpclient.cpp,1014)
pClientRequestToMP->DoRequest(), HRESULT=80070005 (e:\nts_sms_fre\sms\client\osdeployment\osdsmpclient\smpclient.cpp,2668)
ExecuteCaptureRequestToMP(migInfoFromMP), HRESULT=80070005 (e:\nts_sms_fre\sms\client\osdeployment\osdsmpclient\smpclient.cpp,2745)
ExecuteCaptureRequest(), HRESULT=80070005 (e:\nts_sms_fre\sms\client\osdeployment\osdsmpclient\main.cpp,72)
OSDSMPClient finished: 0x00000005
Failed to import the client certificate store (0x80070005)
ClientRequestToMP::DoRequest failed (0x80070005).
ExecuteCaptureRequestMP failed (0x80070005).
ExecuteCaptureRequest failed (0x80070005).. The operating system reported error 5: Access is denied.

so we started looking in the event log and saw failure object access messages in the security event log.

We verified access to the folder that was mentioned in the eventvwr and sure enough SYSTEM was removed from “C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys”

After adding SYSTEM back to the folder the task seqeunce kicked off without a hitch and we no longer had problems capturing userstate up to the SMP. a relativley easy fix is to do a simple cacls run command line step in your task sequence to fix this of use GPO to fix if it’s a broader issue.

Below is a list of the default permissions needed on this folder.

http://support.microsoft.com/kb/278381

Windows Intune July 2011 Beta Now Available

Looks like lots of new feautures in this release get ahold of the beta before it fills up…

http://www.microsoft.com/windows/windowsintune/pc-management-how-to-try-and-buy.aspx

Posted: Aug 02 2011, 09:12 PM by brandonlinton | with no comments
Filed under:
Oldie: How to remove Padlocks from ConfigMgr Collections

It has come up from time to time how do I remove those stinking pad locks from my collections so I can modify them if needed???  Most of the time you should not be doing this and you are most likely locked down by your central or parent site administrator so you should advise with them before doing this but it is a simple query and update to remove the lock and then it can be reset if needed.

First right click the collection in question and select properties note the “Collection ID” then open SQL Server Management Studio and run the below query with ABC0001E replaced by your collection ID.

select * from Collections
where SiteID='ABC0001E'

One you have confirmed this is indeed the collection you want to modify.  Stop the SMS_Executive Service and  Run the below query to remove the pad locks replacing ABC0001E with your collection ID, Once finished start the SMS_Executive Service and open your console.

Dont forget to note the Flags value before running the query so you can set it back after you are done.

update Collections
set Flags='18'
where SiteID='ABC0001E'

Thanks,

Brandon

FEP Default Collection Queries

A question came up on the list today about what the actual collection queries were for the FEP Default collections. 

Two tables can help you with this in the ConfigMgr DB the Collection_Rules and Collection_Rules_SQL Tables can be joined together to give you the collection name, collection comments and the collection query in WQL or SQL.

The default collections should NOT be modified but hopefully this will give you a better idea on what the criteria is for when systems do fall into these collections.

Attached is an excel document with all the information and below is query to return the same information.

FEP Default Collection Querys.xlsx

Thanks,
Brandon

select QueryName, QueryComment, WQL, SQL
from Collection_Rules inner join Collection_Rules_SQL 
on Collection_Rules_SQL.CollectionID = Collection_Rules.CollectionID
where QueryName in ('Deployment Succeeded','Deployed Desktops',
'Deployed Servers','Out of Date','Deployment Failed',
'Deployment Pending','Locally Removed','Not Targeted',
'Policy Distributed','Distribution Failed','Distribution Pending',
'Up to Date','Up to 3 Days','Up to 7 Days','Older Than 1 Week',
'Infected','Restart Required','Full Scan Required',
'Recent Malware Activity','Protection Service Off','Not Reporting',
'Healthy')
MDT 2012 Beta 1 Now Available!!!

The next version of the Microsoft Deployment Toolkit—version 2012— is now available for beta download. To participate, register for MDT 2012 Beta 1 at Microsoft Connect.

Microsoft Deployment Toolkit (MDT) 2012 Beta 1 rides the next wave of System Center releases with support for System Center Configuration Manager 2012. For Lite Touch installations, MDT 2012 improves the overall client-side user experience, while also providing behind-the-scenes enhancements for partitioning, UEFI, and user state migration. These features, combined with many small enhancements, bug fixes, and a smooth and simple upgrade process, make MDT 2012 Beta 1 more reliable and flexible than ever.

Key Benefits:

  • Fully leverages the capabilities provided by System Center Configuration Manager 2012 for OS deployment.
  • Improved Lite Touch user experience and functionality.
  • A smooth and simple upgrade process for all existing MDT users.

Tell the MDT team what you think! To participate in the MDT 2012 Beta 1 program, download and test the tool in your environment and then provide timely feedback and suggestions to our development team. MDT 2012 Beta 1 runs through August 2011. Please submit your feedback through Connect and direct any support questions you may have to satfdbk@microsoft.com. Thank you for taking the time to help us improve the MDT product feature and functions. Your time and assistance are much appreciated.

Next steps:

· Join MDT 2012 Beta 1 and tell the MDT team what you think!

· Help spread the word—share the beta invitation link with your friends.

· Send your comments to the MDT Team.

· Learn more about the MDT.

Get the latest tips from Microsoft Solution Accelerators—in 140 characters or less! Follow us on Twitter: @MSSolutionAccel.


http://blogs.technet.com/b/msdeployment/archive/2011/06/01/microsoft-deployment-toolkit-2012-beta-1-now-available.aspx

Powershell–Check Task Sequence for Referenced Packages with Filtered DP

Michael Niehaus wrote an awesome powershell script last year to check a task sequence to ensure any referenced packages are distributed to all distribution points.  This is awesome but sometimes you just want to target a specific DP for testing before you open the flood gates.  I added some additional logic to prompt for the Distribution Point name and optionally give you the choice to update that particular DP.

Original Post by Michael Niehaus

CheckPromptedTaskSequences Filtered by DP.ps1

Thanks,
Brandon Smile

ConfigMgr Script to Update Default Boot Images to WinPE 3.1

After completing steps 1-4 in my previous post you can continue on or download the below script to Automatically update your Default Boot Images to WinPE 3.1.

Required parameters are auto determined if possible and entered for you.

Required Method Parameters:

Architecture, ExportImagePath, ImageIndex

1) Supply Architecture Value: x86 or x64

image

2) If launched from Site server “expected” path will be auto-determined. (Change if required)

image

3) Enter Image Index if required.

image

4) If successful a Message Box will Prompt Confirming execution!

image

UpdateDefaultBootImage.zip

How to Manually Update ConfigMgr to WinPE 3.1

1) Download the Waik 3.1 Supplement from the following Link.

2) Extract the ISO on your Primary Site Server i.e. “E:\Waik3.1”

3) Open an elevated command prompt and enter the following cmd substituting your extracted ISO location and Waik install Directory like below.

clip_image001

4) Once Complete output should look similar to the below screenshot.

clip_image002

5) Next open wbemtest from an elevated cmd prompt and select Connect.

clip_image004

6) Type in the WMI Namespace for your Primary Site and select connect.

a. Site_PA1 should be changed to match your site code.

clip_image005

7) Next select Execute Method

clip_image006

8) Enter the SMS_BootImagePackage Object and select OK

clip_image007

9) Select ExportDefaultBootImage from the Method Dropdown box.

clip_image008

10) Next select Edit In Parameters

clip_image009

11) Select Hide system Properties to show only settings that need configured

clip_image010

12) Enter all fields like the below example:

a. Select Not NULL and enter Architecture = x86 or x64 then Save Property

clip_image011

b. Select Not NULL and enter the ExportImagePath = \\<site _server>\sms_<site_code>\OSD\boot\i386\boot.wim or \\site_server>\sms_<site_code>\OSD\boot\x64\boot.wim Then Save Property.

clip_image012

c. Select Not NULL and enter ImageIndex = 1 then Save Property

clip_image013

d. Next you have to Save Object

clip_image014

e. Now you can execute the method

clip_image015

f. If successful you should see the below popup.

clip_image016

13) Repeat step 12 for all boot images present.

14) Expand “Site Database –> Computer Management –> Operating System Deployment —> Boot Images” Right click the boot image and select properties then click on the Images Tab and click Reload

clip_image017

15) Select ok

clip_image018

16) Notice the OS Version has changed to 6.1.7601.17514 ensure Command line support is re enabled if required and drivers are added to the boot image.

clip_image019

17) Select ok then update the Distribution Points.

ConfigMgr - Auto Approve Clients "The Easy way..."

A question came up yesterday on the myITforum mailing list on how to view unapproved clients in ConfigMgr.  I knew of an easy way to create a collection of those systems but Brian Mason responded with a very EASY way to setup an Auto Approval for unapproved clients using SQL Tasks in ConfigMgr.  Below is the how to on setting up the SQL Task and some queries to view status of your unapproved systems.

Thanks goes out to Brian Mason for sharing this little gem! :)

1)      Expand Site Database --> Site Management --> Site --> Site Settings --> Site Maintenance --> SQL Commands right click and select "New SQL Commands"

2)      Enter the Name, Query and Schedule like below or to suit your needs.



Query:

UPDATE v_CM_RES_COLL_SMS00001

SET IsApproved=1

FROM v_CM_RES_COLL_SMS00001

            INNER JOIN v_R_System

            ON v_CM_RES_COLL_SMS00001.ResourceID = v_R_System.ResourceID

WHERE v_CM_RES_COLL_SMS00001.IsApproved<>1

3)      All done now you have a scheduled SQL Task to keep your clients approved.  Optionally if you would like to view status of your approved clients you could create an SRS Report with the following SQL Query or with the below Collection Query:

SQL:

SELECT *

FROM v_CM_RES_COLL_SMS00001

            INNER JOIN v_R_System

            ON v_CM_RES_COLL_SMS00001.ResourceID = v_R_System.ResourceID

WHERE v_CM_RES_COLL_SMS00001.IsApproved<>1

Collection:

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_CM_RES_COLL_SMS00001 on SMS_CM_RES_COLL_SMS00001.ResourceId = SMS_R_System.ResourceId where SMS_CM_RES_COLL_SMS00001.IsApproved<>'1'

More Posts Next page »