Trying to give something back to the Community...
Microsoft is currently building the update to System Center Configuration Manager 2007 (ConfigMgr07) titled Service Pack 2. The ConfgMgr Technology Adoption Program (TAP) team is pleased to announce that we are now soliciting participation in the System Center Configuration Manager Service Pack 2 Product validation program.
What's New? ConfigMgr07 SP2 will include new OS support along with improving on the Intel AMT integration.
New Operating System Support
(Intel) Active Management Technology Integration - Version 2
Configuration Manager 2007 Service Pack 2 will improve on the Intel AMT (iAMT) integration provided in Service Pack 1. SP2 will add full feature support for computers that have the Intel vPro chip set and iAMT firmware versions 4 & 5. In addition to providing feature parity with SP1 and iAMT firmware versions 3.2.1, 4.0 and 5.0, support for the below new features are being added:
OOB Wireless Management: Wireless Profile Management (mobile ONLY)
End Point Access Control: 802.1x support
Provision 802.1x settings on AMT wireless clients during AMT provisioning
Send 802.1x settings operations to the Intel translator on AMT systems with revisions earlier than 3.2.1
Persistent Data Storage: Non Volatile Memory or Third Party Data Store (3PDS)
Access Monitor: Audit Log
Enable or Disable Audit Log (no critical event settings)
View Audit Log through OOB Console
Remote Power Management: Power State Configuration
This program is designed to provide collaboration with your company and Microsoft. The purpose is to validate through lab testing and the deployment of pre-release builds. Your company will have the opportunity to provide design and performance feedback for the product. You can do this through the reporting of bugs and submission of Design Change Requests (DCRs), as well as provide general feedback for product group consideration. This program will provide customers with support from the Microsoft System Center Configuration Manager product group, as well as 24x7 support for production deployment issues. The program starts soon and finishes by the end of the calendar year 2009.
A short nomination survey is located here:
Full link: https://www.surveymonkey.com/s.aspx?sm=EFslbxTQdA6OCgbp_2fg8iNQ_3d_3d
The number of available slots in the program is limited. The selection is based on a broad set of criteria and not solely on a customer's commitment to fulfill program requirements.
Prioritization will be given to organizations that meet one or more of the following profiles:
February 2009
Initial Nomination period
Submission of System Center Configuration Manager SP2 Nomination Surveys by or on behalf of interested customers.
March 2009
Customers selected
Customers selected for the program are notified and given information regarding initial participation.
April / May 2009
Readiness/Planning
Online information sessions and conference calls to get familiar with feature set and initiate planning
June 2009
Beta
Deployment in production environment. Product validation and feedback submitted.
Summer
RC
More extensive deployment in production environment. Product validation and feedback submitted.
Win7 plus 90 days
Release to Manufacturing
Upgrade to released build and enterprise-wide deployment.
Please contact sccmtap@microsoft.com with any questions you may have regarding this communication or the nomination process.
Sincerely,
The System Center Configuration Manager Technology Adoption Program team
Feed: The Operations Manager Support Team Blog
If you've ever said "You know, if I was the one designing System Center Configuration Manager I'd add ____" or "Why did they do it this way? It would be much better like _____" then here's your chance to provide that feedback straight back to the source:
System Center Configuration Manager Study (Remote Survey) (Mar 11-Mar 16, 09) (US based participants Only)
Microsoft User Research is conducting a study focusing on design ideas for the next version of System Center Configuration Manager from March 11 to March 16, 2009. This is a great opportunity for System Administrators to provide feedback and help improve the user experience of the next version of System Center Configuration Manager.
You can participate in this study from anywhere in US (at home or work). We highly value your feedback and will be offering you a gratuity option in appreciation of your time and participation.
We are recruiting individuals:
· Who work with SMS/System Center Configuration Manager to distribute software OR use some other application to distribute software to groups of computers
· At least 500 computers at your organization are managed by you
· Who have not participated in a user research study in past 2 months
· Are based in US and can spare around 1 and half hour to participate in the study
If you are interested in participating, please email us at itusable@microsoft.com with Remote ConfigMgr in subject line.
View article...
For those of you with access to Microsoft Connect, the ConfigMgr SP2 TAP has just been announced.
To apply and for further details simply goto the ConfigMgr Home Page on Connect:
https://connect.microsoft.com/site/sitehome.aspx?SiteID=16
It’s looking good and can’t wait to get it in my lab ;-)
Due to unforeseen circumstances we’re going to have to postpone our next event planned for the 4th March.
As soon as we get a new date finalised I’ll let you know.
Apologies.
Just to give you a “heads up” that our next event will be taking place on Wednesday March 4th at the Microsoft office in Cardinal Place, London.
At this event Stephen Porter from Microsoft is going to be talking about System Center Data Protection Manager and our very own David Allen is going to be be giving a technical overview of OpsMgr 2007.
We’ll be providing food, plenty of networking opportunities and SWAG giveaways so mark your diaries and we look forward to seeing you there.
As soon as we get the registration link finalised I’ll blog it and we’ll get it added to our home page.
Expression Web
967682 HTML template created in Expression Web is not seen within Expression Media
960715 Microsoft Security Advisory: Update Rollup for ActiveX Kill Bits
967728 You cannot deploy favorites with URLs that contain the % character
954882 You are prompted unexpectedly for credentials after you start Outlook 2003
959614 Description of the Outlook 2003 Junk E-mail Filter update: February 10, 2009
959456 Error message when you try to open an appointment in the calendar after you apply hotfix 955572: "Cannot open this item"
961812 Lotus Notes links are not clickable in Outlook 2007 or in Word 2007
959634 Description of the Outlook 2007 Junk E-mail Filter update: February 10, 2009
960082 MS09-004: Description of the security update for SQL Server 2000 GDR and for MSDE 2000: February 10, 2009
959420 MS09-004: Vulnerabilities in Microsoft SQL Server could allow remote code execution
967092 You cannot apply security update 960082 in a Windows 2000 or Windows Server 2003 environment
967094 ISA Server 2004 and ISA Server 2006 may be affected by the security updates in Microsoft Knowledge Base articles 960082 and 960083
967096 SharePoint users are incorrectly offered a SQL Server 2000 Desktop Engine (Windows) update when they try to install the security update in Microsoft Knowledge Base article 960082
967093 SQL Server 2000 Desktop Engine (Windows) (WMSDE) is uninstalled when you use the "Add or Remove Programs" item in Control Panel to uninstall a security update for SQL Server 2000 and for MSDE 2000
960083 MS09-004: Description of the security update for SQL Server 2000 QFE and for MSDE 2000: February 10, 2009
960089 MS09-004: Description of the security update for SQL Server 2005 GDR: February 10, 2009
967095 The Windows Internal Database (WYukon) is removed when you use the Add or Remove Programs item in Control Panel to uninstall a security update for SQL Server 2005
960090 MS09-004: Description of the security update for SQL Server 2005 QFE: February 10, 2009
967598 Error message when you use the SQL Server Error and Usage Reporting tool on a 64-bit Windows operating system: "The Error Reports Location path name cannot be empty"
967502 After you execute the SqlCeEngine.Compact method against a SQL Server Compact 3.5 client database that is synchronized to a central database server, some changes to the client database may not be uploaded
957634 MS09-005: Vulnerabilities in Microsoft Visio could allow remote code execution: February 10, 2009
955655 MS09-005: Description of the security update for Visio 2003: February 10, 2009
957831 MS09-005: Description of the security update for Visio 2007: February 10, 2009
967941 Navigation is canceled when you browse to Web pages that are in different Internet Explorer security zones
967753 You are unable to change the home page in Internet Explorer 7
961260 MS09-002: Cumulative security update for Internet Explorer
958585 A new set of public APIs lets Internet Explorer 7 add-ons add a "peer" tab thread for opening dialog boxes without unintended dialog suppression
958756 The customized properties for an .msi package installation are reset to their default values after you install Windows Installer 4.5
955986 The operating system may stop responding when you try to put the operating system into S3 sleep after you perform a surprise removal of a USB device on a Windows-based computer
967736 A Tape Backup Medium Changer may not detect properly in the Device Manager
956263 Description of the UDP Port Reservation Utility for Windows Server 2003
960077 Applications or services that call the LSA Kerberos functions by using 32-bit processes encounter an exception and crash in Windows Server 2003 64-bit or Windows XP 64-bit systems
953778 The SMTP service crashes intermittently and event errors 7031 and 1000 are logged on a Windows Server 2003 based-server that is running Exchange Server 2003
967500 The Set path for TS Roaming Profiles and TS User Home Directory Group Policy settings do not work with user environment variables
967887 Terminal Licensing Server may not issue Per Device CALs and event id 1004 is generated
959207 On a Windows Server 2003-based computer, the !heap command does not work when you debug a 32-bit process that runs in a 64-bit operating system
967510 Error message when you try to synchronize Active Directory user objects to ADAM: "Internal Error Occured:MultiByteWideChar"
958702 When you copy large files between two Windows Vista or Windows Server 2008-based computers in a high bandwidth WAN network environment, the copy speed may be very slow
959543 A hotfix is available for users of Windows Services for UNIX and of Utilities and SDK for SUA to incorporate DST changes in Mauritius, in Brazil, in Morocco, in Egypt, and in Argentina
967754 Cross-platform iSCSI boot deployment scenarios are not supported.
959662 The CDS_RESET flag of the ChangeDisplaySettingsEx function does not work as expected in Windows Vista or in Windows Server 2008
967893 Input method editor keyboard shortcut (CTRL+SHIFT+0) switches the input language in Vista
967678 You will be unable to set Stereo Mix as the default audio device after enabling it for the first time
Here's another interesting issue I came across the other day that I thought I would share with you just in case you happen to find yourself in a similar situation. Hopefully if you do then this will help you get all this working the way it should.
Scenario: An RMS in a parent domain and client agents that are domain controllers in a child domain in a DMZ.
The manual agent install goes fine on the clients but the agents never appear in the operators console despite Review New Manual agent installations in pending management View and Auto–approve New manually installed agents settings in SETTINGS—SECURITY –GENERAL.
The following event shows up on the agents:
Event Type: Error Event Source: OpsMgr Connector Event Category: None Event ID: 20070 Computer: DC Description: The OpsMgr Connector connected to <domain>, but the connection was closed immediately after authentication occurred. The most likely cause of this error is that the agent is not authorized to communicate with the server, or the server has not received configuration. Check the event log on the server for the presence of 20000 events, indicating that agents which are not approved are attempting to connect.
This event shows up on the server:
Event Type: Error Event Source: OpsMgr Connector Event Category: None Event ID: 20002 Description: A device at IP <addr> attempted to connect but could not be authenticated, and was rejected.
None of the agents show up in any of the following tables under Opsmgrdb:
Dbo.Mt_Computer Dbo.Mt_healthservice Dbo.Mt_healthservicewatcher dbo.AgentPendingActions
The following powershell command returns nothing:
get-agentpendingaction
The product documentation does not talk much about this scenario other than having port 5723 open from the agent to the server:
http://technet.microsoft.com/da-dk/library/cc540431(en-us).aspx
Regardless, what I’ve found is that we also need to have port 88 and port 389 opened between the agent and the RMS if they’re separated by a firewall. This has worked for me just about every time I’ve found myself in this situation.
Hope this helps,
Rohit Kaul
Welcome to the Microsoft Security Communications Centre. This centralised online hub lets you quickly and easily sign up for the free Microsoft Security Notification Service and the free Microsoft Security Newsletter—two important components in our ongoing effort to provide regular and relevant information about the latest security issues…
http://www.microsoft.com/uk/security/newsletter_signup.mspx
Feed: Michael Niehaus' Windows and Office deployment ramblings
A lot of fuss has been made about the number of available Windows 7 SKUs. Read the full breakdown at http://windowsteamblog.com/blogs/windows7/archive/2009/02/04/a-closer-look-at-the-windows-7-skus.aspx. Fortunately for enterprises, you really just need to be concerned with two:
You might think that Windows 7 Ultimate should be included in that list, but for enterprises it doesn’t really add anything over the Enterprise version – except for headaches, as the Ultimate version does not come in a volume license version so you need to use individual retail license keys if you deploy it to many machines.
See http://windowsteamblog.com/blogs/business/archive/2009/02/11/windows-7-enterprise-edition-customer-benefits.aspx for the details of what is included in Windows 7 Enterprise. Notice that Media Center and and the DVD playback codec are now available in Windows 7 Enterprise (so Ultimate isn’t required for either of those now, nor is the separately-priced DVD codec add-on for Windows Vista Enterprise). And look at the list of new and improved Windows 7 Enterprise features. I’ve already been leveraging a few of these features:
Windows 7 Enterprise, like Windows Vista Enterprise, is available only through Software Assurance. Fortunately, that also gives you access to the Microsoft Desktop Optimization Pack (MDOP), http://www.microsoft.com/windows/enterprise/products/mdop.aspx, which is also expanding. New is the Microsoft Enterprise Desktop Virtualization (MED-V) product, which enables you to run seamless VMs on a host – yet another tool in the growing list of ways to deal with application compatibility issues.
From a deployment perspective, MDT 2010 will support deploying all three of the SKUs mentioned above, although we don’t expect many people to be using Windows 7 Ultimate. We will also cover all the supported upgrade paths:
Historically though we haven’t seen too many enterprises actually do in-place upgrades, just wipe-and-load refreshes. Maybe that will change for those looking to move from Windows Vista to Windows 7.
As was disclosed earlier, there is no “in place upgrade” for those going from Windows XP to Windows 7, so you have to do a wipe-and-load refresh deployment in that case. (See http://technet.microsoft.com/en-us/library/dd446674.aspx for a description of the process, although for those of you who have been using SMS, ConfigMgr, or MDT to do this you’ll recognize that you’ve already been doing the same thing – except not manually.) That’s not a bad thing though, as it gives you the opportunity to wipe out the “garbage” that has collected over the years.
Full Title: Recurring advertisements or maintenance windows start to run an hour later or earlier than expected when the time is changed because of DST in System Center Configuration Manager 2007 Service Pack 1
IMPORTANT: This KB applies to ConfigMgr SP1. The other KB with the SAME title (956259) applies to RTM. If you need to apply this hotfix please make sure you apply the correct version for the version of ConfigMgr you are running.
Consider the following scenarios:
http://support.microsoft.com/default.aspx?scid=kb;en-us;959257
Summary ======= The following bulletins have undergone a major revision increment. Please see the appropriate bulletin for more details. * MS09-003 – Critical
Bulletin Information: ============== * MS09-003 - Critical - http://www.microsoft.com/technet/security/bulletin/ms09-003.mspx - Reason for Revision: V2.0 (February 16, 2009): Added the Microsoft Exchange Server MAPI Client as affected software. Also, added several entries to the section, Frequently Asked Questions (FAQ) Related to This Security Update, relating to updating the MAPI Client and the Exchange System Management tools. No other update packages are affected by this re-release. Customers running all other supported and affected versions of Microsoft Exchange Server who have already successfully applied the original security update packages do not need to take any further action. - Originally posted: February 10, 2009 - Updated: February 16, 2009 - Bulletin Severity Rating: Critical - Version: 2.0
Summary ======= The following bulletins have undergone a minor revision increment. Please see the appropriate bulletin for more details. * MS09-002 – Critical
Bulletin Information: ============== * MS09-002 - Critical - http://www.microsoft.com/technet/security/bulletin/ms09-002.mspx - Reason for Revision: V1.1 (February 16, 2009): Added a link to Microsoft Knowledge Base Article 961260 under Known Issues in the Executive Summary. - Originally posted: February 10, 2009 - Updated: February 16, 2009 - Bulletin Severity Rating: Critical - Version: 1.1
Full Title: Recurring advertisements or maintenance windows start to run an hour later or earlier than expected when the time is changed because of DST in System Center Configuration Manager 2007.
IMPORTANT: This KB applies to ConfigMgr RTM. The other KB with the SAME title (959257) applies to SP1. If you need to apply this hotfix please make sure you apply the correct version for the version of ConfigMgr you are running.
Consider the following scenarios.
http://support.microsoft.com/default.aspx?scid=kb;en-us;956259
Feed: The Configuration Manager Support Team Blog
Is there anything Carol Bailey doesn't know about certificates and Configuration Manager? Doesn't seem like it as the Configuration Manager Team Blog has another great post on how to renew the Site Server Signing Certificate using Microsoft Certificate Services:
Have you tried to renew the existing site server signing certificate for a native mode site, and wondered how to do this without creating a new certificate? This post provides a procedure to do this that is suitable for when the site server is on either Windows Server 2003 or Windows Server 2008, and your PKI uses Microsoft Certificate Services.
To read more visit http://blogs.technet.com/configmgrteam/archive/2009/02/11/how-to-renew-the-site-server-signing-certificate-microsoft-certificate-services.aspx.
J.C. Hornbeck | Manageability Knowledge Engineer
Looks like the public beta for System Center Operations Manager 2007 R2 is now open. To find out how to apply for the beta, download it and provide feedback, click here.