This nice little tool will allow you to copy windows 7 to a USB drive with ease.

http://store.microsoft.com/Help/ISO-Tool

Installation

To install the Windows 7 USB/DVD Download tool:

1. Click here to download the Windows 7 USB/DVD Download tool installation file.
2. When you are prompted to either save the file to disk or run it, choose Run.
3. Follow the steps in the setup dialogs. You'll have the option to specify where to install the Windows 7 USB/DVD Download tool and whether to create shortcuts on your Start Menu or Windows Desktop.

Using the Windows 7 USB/DVD Download Tool

Before you run the Windows 7 USB/DVD Download tool, make sure that you have already purchased Windows 7 ISO download from Microsoft Store and have downloaded the Windows 7 ISO file to your hard drive. If you have purchased Windows 7 but have not yet downloaded the ISO file, you can download the file from your Microsoft Store Account.

To make a copy of your Windows 7 ISO file:

1. Click the Windows Start button, and click Windows 7 USB/DVD Download tool in the All Programs list to open the Windows 7 USB/DVD Download tool.
2. In the Source File box, type the name and path of your Windows 7 ISO file, or click Browse and select the file in the Open dialog box.
3. Select USB to create a copy on a USB flash drive or DVD to create a copy on a DVD disk, then click Next.
4. If you are copying the file to a USB flash drive, select your USB device in the dropdown list and click Begin copying. If you are copying the file up to a DVD, click Begin burning.

We use GPO’s here for all kinds of things and sometime we cant figure out why a machine is acting up when a GPO should be controlling the system. Prime example is out Health startup script.

If you use SCCM Software scan to collect the GPO Database secedit.sdb then you can see when it was last updated. The GPO Database should be updated every time the GPO is applied. I set this collection for 7 days to give the machine the benefit of the doubt that it was off the network for a few days, but you could always add the last hardware scan date in it if you where doing a daily scan (which i am no longer doing and why i don't have it in the WQL query)

Collection

Run the following collection you can figure out who is having an issue.

select SMS_R_SYSTEM.ResourceID

,SMS_R_SYSTEM.ResourceType

,SMS_R_SYSTEM.Name

,SMS_R_SYSTEM.SMSUniqueIdentifier

,SMS_R_SYSTEM.ResourceDomainORWorkgroup

,SMS_R_SYSTEM.Client

from

SMS_R_System inner join SMS_G_System_SoftwareFile  

on SMS_G_System_SoftwareFile.ResourceID = SMS_R_System.ResourceId  

where

SMS_G_System_SoftwareFile.FileName = "secedit.sdb"  

and DATEDIFF(dd,SMS_G_System_SoftwareFile.ModifiedDate,GetDate()) > 7

Report

Here is a report that will show you when the GPO was last applied for machines that have a secedit.sbd older then 7 days.

select a.Name0

,a.User_Name0

,a.Operating_System_Name_and0

, CONVERT(VARCHAR(12),b.ModifiedDate,107)As "GPO Date Last Applied"

from v_R_System a join v_GS_SoftwareFile b on b.ResourceID=a.ResourceID

where b.FileName='secedit.sdb'

and DATEDIFF(dd,b.ModifiedDate,GetDate()) > 7

order by b.ModifiedDate

Now you just have to figure out why the GPO DB is not getting updated.

Special thanks to a MS PFE for this little bit of info.

I’ve been bugged by an issue with Firefox 3.5.3 and Java 6.15. Every time I open FF or try and run a video from news sites  I get the UAC popup. Not a big deal but it is annoying none the less. the interesting part is that it was happening at work (Vista Business)  but not at home (Vista Home Premium)

After a little research I found this solution

Disable the extension "Java Quick Starter".

I had the same problem running 3.5.2 on Vista Business with java 6u15. I didn't have the problem on my vista home premium laptop running 3.5.2 with java 6u13, so I looked for differences. The first important thing I noticed with this add-on, which apparently gets installed with java versions of 6u10 and later (my other computer initially had an earlier version installed, so it never had the extension installed. As far as I can tell, java is working fine, and Vista isn't giving me UAC prompts when I open Firefox.

For the record, the extension is supposed to help java applications load faster, but Sun (the makers of java) say that Vista has it's own pre-loading mechanisms which make it unnecessary. So good work on taking it out of the vista download guys :I

If having the extension showing in your list of extensions with the uninstall checkbox grayed out annoys you, you can delete it through the registry (probably best to do with Firefox closed), and if these instructions don't make sense, then don't try this:
1) Open the registry editor by typing "regedit" (without the quotes) in the search box in the start menu.
2) Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\
3) Delete the entry named jqs at sun.com (or something to that effect)
4) Enjoy your fixed Firefox

Thanks to Ahaolds for posting this fix on the Mozilla support forums.

Worked like a charm.

Ok so SCCM SP2 is officially released. Stay tuned for install directions.

As you can see ConfigMgr SP2 is now version 4.00.6587.2000

What's New in Configuration Manager 2007 SP2

http://technet.microsoft.com/en-us/library/ee344318.aspx

Configuration Manager 2007 SP2 Supported Configurations

http://technet.microsoft.com/en-us/library/ee344146.aspx

List of hotfixes and updates that are contained in System Center Configuration Manager 2007 Service Pack 2

http://support.microsoft.com/default.aspx?scid=kb;en-us;971348

You can download it here

http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=3318741a-c038-4ab1-852a-e9c13f8a8140

Quick Details

File Name:
ConfigMgr07SP2Upgrade_RTM_ENU.exe

Version:
4.0.6487.2003

Date Published:
10/22/2009

Language:
English

Download Size:
1314.3 MB

Feature Summary

• New Operating System Support
  • Windows 7
  • Windows Vista Sp2
  • Windows Server 2008 R2
  • Windows Server 2008 SP2
• New Features in Out of Band Management
  In addition to providing feature parity with SP1 and AMT firmware versions 3.2.1, 4.0 and 5.0, the following new features are supported:
  • Wireless management with up to 8 wireless profiles
  • End point access control: 802.1x support
  • Audit logging
  • Support for different power states
  • Power control options at the collection level
  • Data storage
  • Scheduling configuration for in-band provisioning
• Asset Intelligence Certificate Requirement Removal
  Configuration Manager Service Pack 1 introduced Asset Intelligence v1.5. This version allowed customers to configure an online synchronization to ensure that their catalog was up to date with the latest Microsoft inventory for both hardware and applications. This initial release required a certificate. With Service Pack 2, the requirement to have the certificate has been removed, so any customer can configure their Asset Intelligence capabilities to connect online and update their catalog. Software Assurance is not required for this functionality.
• 64-bit Architecture Development
  Service Pack 2 will also continue to deliver new support for x64 architectures, including the following:
  • X64 support for Operations Manager 2007 Client Agent
  • Update to Management Packs for 64-bit operating systems - SP2 will ship 64-bit performance counters (the management pack is a separate release)
  • Remote control support added for x64 XP and x64 Server 2003
• Improved Client Policy Evaluation
  • Faster policy processing
  • More efficient software distribution configured to run at user logon
• Branch Cache Support
  Support for scenarios where Windows Server 2008 R2 and Windows 7 Client are present and Branch Cache is enabled

System Requirements

• Supported Operating Systems: Windows 2000 Advanced Server; Windows 2000 Service Pack 4; Windows 7; Windows Embedded for Point of Service ; Windows Server 2003; Windows Server 2003 R2 (32-Bit x86); Windows Server 2003 R2 Enterprise Edition (32-Bit x86); Windows Server 2003 Service Pack 1; Windows Server 2003 Service Pack 2; Windows Server 2008 Datacenter; Windows Server 2008 Enterprise; Windows Server 2008 R2; Windows Server 2008 Service Pack 2; Windows Vista Ultimate

This collection will allow you to find machines that need approval.

For Is Approved

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_CM_RES_COLL_SMS00001 on SMS_CM_RES_COLL_SMS00001.ResourceId = SMS_R_System.ResourceId where SMS_CM_RES_COLL_SMS00001.IsApproved= '1'

Replace this section for not approved and unknown

For not aporved
SMS_CM_RES_COLL_SMS00001.IsApproved= '0'

For Unknown
SMS_CM_RES_COLL_SMS00001.IsApproved= '2'

FYI, I did not write this collection, I can not find who did but will gladly give credit to whom ever it was :-)

SCCM allows you to create collections based on Security groups but it does not allow you to create collections based on Distribution lists. Well not directly anyhow.

http://kb.iu.edu/data/ajlt.html

In Microsoft Active Directory, when you create a new group, you must select a group type. The two group types, security and distribution, are described below:

• Security: Security groups allow you to manage user and computer access to shared resources. You can also control who receives group policy settings. This simplifies administration by allowing you to set permissions once on multiple computers, then to change the membership of the group as your needs change. The change in group membership automatically takes effect everywhere. You can also use these groups as email distribution lists.

• Distribution: Distribution groups are intended to be used solely as email distribution lists. These lists are for use with email applications such as Microsoft Exchange or Outlook. You can add and remove contacts from the list so that they will or will not receive email sent to the distribution group. You can't use distribution groups to assign permissions on any objects, and you can't use them to filter group policy settings.

I’ve been getting a lot of requests lately to distribute software to a Distribution group in Exchange but ConfigMgr Doest recognize Distribution Groups so I end up exporting the list of users then one by one running those users thought a report in ConfigMgr that tells me what machine is most likely the users machine based on the Top User for that machine. This works but it takes for ever and waste a lot of time that my team and I could be doing something else.

Well it turns out you can actually nest Distribution groups inside of Security Groups.

So the solution is simple. Create a new Security group then enter the Distribution groups that need the advertisement in the Security Group that you created.

Then simply use the Collection Query from my last Post

You can read more about Group Security here

http://technet.microsoft.com/en-us/library/cc776995%28WS.10%29.aspx

Nested Groups

http://technet.microsoft.com/en-us/library/cc776499%28WS.10%29.aspx

We needed to create a collection to send out a product to a specific group of users. After scouring the net I found this query. Looks like MyITForum guys figured it out a while ago :-)

Create a collection and paste this into the code section. Make sure to change the "<domain>\\<group>" to what you need.

select distinct SMS_R_System.Name

from  SMS_R_System inner join SMS_G_System_SYSTEM_CONSOLE_USAGE on SMS_G_System_SYSTEM_CONSOLE_USAGE.ResourceID = SMS_R_System.ResourceId

where SMS_G_System_SYSTEM_CONSOLE_USAGE.TopConsoleUser in

(select distinct UniqueUserName from  SMS_R_User where UserGroupName = "<domain>\\<group>")

Thanks to guess where :-)

http://www.myitforum.com/forums/m_181172/printable.htm

We had an issue were 2 of our SCCM servers stopped having successful backups.

If I rebooted the server I could get 1 successful backup, but then the next backup would fail and would continue to fail until I rebooted, then the process would repeat.

This is the error I was getting in the smsbkup.log

Error: Failed to backup \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy7\SQL\SCCM_DB\SMS_XXX.mdf up to D:\SCCM_Backup\XXXBackup\SiteDBServer: CopyFile failed: Insufficient system resources exist to complete the requested service.      SMS_SITE_BACKUP          10/8/2009 9:08:22 AM      14456 (0x3878)

STATMSG: ID=5043 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_SITE_BACKUP" SYS=SCCMXXX SITE=XXX PID=3944 TID=14456 GMTDATE=Thu Oct 08 13:08:22.998 2009 ISTR0="\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy7\SQL\SCCM_DB\SMS_XXX.mdf" ISTR1="D:\SCCM_Backup\XXXBackup\SiteDBServer" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0          SMS_SITE_BACKUP  10/8/2009 9:08:22 AM      14456 (0x3878)

Failed to copy file(s) XXXBackup\SiteDBServer.  SMS_SITE_BACKUP  10/8/2009 9:08:22 AM   14456 (0x3878)

Error: Backup Failed  for Component - SMS_XXX.         SMS_SITE_BACKUP          10/8/2009 9:08:22 AM      14456 (0x3878)

In the SCCM Component status –> SMS_SITE_BACKUP you will see this error

Error    Milestone    XXX    10/14/2009 2:04:44 AM    OASCCM01    SMS_SITE_BACKUP    5043    SMS Site Backup was unable to back up file system object \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy11\SQL\SCCM_DB\SMS_XXX.mdf to D:\SCCM_Backup\XXXBackup\SiteDBServer.   

Possible cause: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy11\SQL\SCCM_DB\SMS_XXX.mdf is not readable, or D:\SCCM_Backup\XXXBackup\SiteDBServer is not writable. 

Solution: Adjust file attributes and/or permissions of \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy11\SQL\SCCM_DB\SMS_XXX.mdf and/or D:\SCCM_Backup\XXXBackup\SiteDBServer.   

Possible cause: The destination directory D:\SCCM_Backup\XXXBackup\SiteDBServer did not already exist, and SMS Site Backup was unable to create it. 

Solution: Verify that a regular file with the same name as D:\SCCM_Backup\XXXBackup\SiteDBServer or one of its parent directories does not exist, or replace D:\SCCM_Backup\XXXBackup\SiteDBServer with an existing directory.   

Possible cause: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy11\SQL\SCCM_DB\SMS_XXX.mdf or D:\SCCM_Backup\XXXBackup\SiteDBServer are on remote computers that SMS Site Backup does not have sufficient access rights to administer. 

Solution: Verify that the Site System Connection accounts are properly configured to allow SMS to administer the remote computer.   

Possible cause: An application is using D:\SCCM_Backup\XXXBackup\SiteDBServer or some component of its path (for example, Windows Explorer may be viewing D:\SCCM_Backup\XXXBackup\SiteDBServer's parent directory.)

Solution: Verify that D:\SCCM_Backup\XXXBackup\SiteDBServer and its parent directories are not in use by any application.   

Possible cause: Source \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy11\SQL\SCCM_DB\SMS_XXX.mdf being copied to D:\SCCM_Backup\XXXBackup\SiteDBServer may cause a recursive operation 

Solution: Verify that destination folder does not exist within the source folder.   

Possible cause: Source \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy11\SQL\SCCM_DB\SMS_XXX.mdf contains some file(s) that is opened exclusively by some application. 

Solution: Retry backup

*****************************************************************************************

NONE OF THESE SOLUTIONS WORK

When your backup log has this error try this solution.

Software setup

Server 2003 SP2 R2

SCCM 2007 SP1 R2

SQL 2005 SP3

Following solutions were applied

First apply this patch and reboot

http://support.microsoft.com/default.aspx?scid=kb;EN-US;940349

Then apply this reg key value at 60 and reboot

http://support.microsoft.com/default.aspx?scid=kb;EN-US;304101

Registry setting 1

1. Click Start, click Run, type regedit in the Open box, and then click OK.

2. Locate and then click the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management

3. On the Edit menu, point to New, and then click DWORD Value.

4. Type PoolUsageMaximum as the entry name, and then press ENTER.

5. Right-click PoolUsageMaximum, and then click Modify.

6. Click Decimal.

7. In the Value data box, type 60, and then click OK.
Important

• Use 60 as your initial value. If your backup does not succeed, use 40 as your value. If that does not work, you must change the behavior of your backup program to reduce the demand of paged pool. If the value works, you may want to increase the value by approximately 25 percent until the backup does not work. If the backup is unsuccessful, use the second registry setting that is described in this article.
• Make sure that the value for this registry setting is not more than 60.
• If you are using the /3GB switch, use 40 as your initial setting. Note that this value is a percentage value.

8. Quit Registry Editor.

9. Restart your computer.

Because you must test these settings during the most stressful backups, you may have to wait a month for a whole backup cycle to complete if you are not sure which backup consumes the most resources. Because of this situation, Microsoft recommends that you test low values first. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

312362 (http://support.microsoft.com/kb/312362/ ) Server is unable to allocate memory from the system paged pool

Hope this helps someone else out.

I had to call Premier Support today for an issue I m having. I will post more about the issue in a later blog.

This website has lots of helpful links for things that you can try for SCCM before calling :-)

http://blogs.technet.com/configmgrcallback/

This link is for all System Center Products:

http://blogs.technet.com/SystemCenterCallback