Joseph Hinkle at MyITForum.com

Presented by Michael Kelley. Some guy decided to answer his phone in the middle of this session. If you were him, stop it. It's rude. Continued from part 1.

• Multicast
  • Multicast of OS images to PE - no multicast for other packages, no multicast from PXE Service Point
  • Multicast is an option on the DP - requires Windows Server 2008 with WDS, builds on WDS
  • ScheduleCast - reaches minimum group size or maximum wait time
  • AutoCast - late joiners will catch up with parts they missed at end - less time delay, but less efficient
  • Only one Multicast session per image at a time - Multiple images at same time ok
  • DP lookups prefer multicast-enabled DPs
  • There are no remote multicasts
  
  
• Driver Catalog
  • Auto Apply Driver - scans hardware and transmits to site server, site server sends list of drivers down, client determines best driver and downloads correct ones from DP - puts drivers in Drivers folder, in subfolders for each, Windows PnP logic installs drivers as normal
  • Apply Driver Package - forces one driver to installed - for disconnected USB or Boot-critical drivers
  • Drivers can be in more than one package - Separate packages can be used to direct drivers to DPs, non-PnP drivers that can't be used in Auto Apply, Pre-Vista boot critical drivers
  • Use categories for driver lifecycle management
  
  
• Driver Versions
  • Catalog can hold different versions - different version is difference in any binary
  • Categories can be set in OSDAutoApplyDriverCategory
  
  
• Exe Drivers
  • Run exe an unpack and add resulting files to catalog
  • Run exe on reference computer an manually pull out INF
  • Check web-site for .inf
  • treat the install as a software distribution package
  
  
• Multi-level devices - Auto-apply drivers may not see child devices - Include both devices in same folder with parent device
• Boot-Critical devices - put drivers in separate drivers, select driver from combo box, or use build mass storage
• Get driver category GUID from View, Add/Remove Columns, add Category Unique ID in Drivers view in console
• Bare Metal and PXE
  • WDS is PXE server - For 2008 compatibility, use ConfigMgr SP1
  • Mixed and native modes will work, legacy will work
  • Install WDS, but don't configure
  • Add a PXE service point site role for that computer, creates a server share DP to hold boot images
  • Replicate boot images to PXE DP as well as to a regular DP
  • Must replicate x86 and x64 boot images
  • Check log file to troubleshoot - %program files%\SMS_XXX\logs\smspxe.log - look for PXE boot, found matching computer, found advertisement, used abortpxe.com because the adverisement already ran, ignore log entries for all "F" self-check run
  • Stop and restart WDS service
  
  
• Zero-Touch - Boot media, no way to get rid of wizard - PXE, Mandatory advertisement does not require F12, optional does
• Resetting PXE - ignored if same mandatory advertisement is pending, choose "Clear Last PXE Advertisement" action to force reapplication, optional always asks
• User Input - Task Sequence can't show UI - Collection and computer variables with no value will be prompted in R2 - In R1, use a pre-execution hook to use own UI, use Microsoft.SMS.TSEnvironment to script in VBS
• Pre-exec hook - create a tsconfig.ini, put in root of WinPE, use as boot image
• Unknown computers - MDT has an add-in for WDS that will fix in R1, R2 adds new resource type of unknown (x86 computer or x64 computer) - Task sequence advertised to collection for them - they will show up in Unprovisioned Computers node until deployment is complete - Must be enabled for PXE or Boot media
• Client Identity - Mixed mode: ConfigMgr Client in Full OS will retain identity, Bare Metal will apply conflict resolution rules (by default, new identity and old is obsolete; there can be a manual process in the "Conflicting Records node", Merge, New, or Block); Native Mode: based on PKI subject name
• State Migration
  • State Migration Point - Client can only use site migration point that are associated with the site they are assigned to - Can be protected - Admin controls disk space - Request State Store: finds an SMP with available space and sets OSDStateStorePath
  • USMT - 32-bit and 64-bit versions - wrapped by a task sequence - actions manage encryption key - specify more command line options in OSDMigrateAdditionalCaptureOptions
  • Computer Association entries for same computer or side-by-side
  
  

Presented by Michael Kelley

• Task Sequence Structure
  • Old PC stuff - Capture files and settings, validation, add other save actions
  • WinPE - Partitioning and install OS, custom BIOS. RAID, deploy to other volumes custom unattend
  • New OS - Setup, configure, restore state, enable BitLocker, custom config
  
  
• Computer/Collection variables
  • Arbitrary name (256 char limit)/value (4000 limit) pairs
  • Set using the Admin UI
  • Used to initialize task sequence variables
  • Stored in DB - obfuscated
  • Transmitted encrypted to client
  • Propagated via policy down the site hierarchy
  • Computer variables can only be set only at site where assigned - don't propagate down
  
  

• Task Sequence Variables
  • Scope is single task sequence
  • Created from collection variables, computer variables, predefined variables. Computer variables take precedent over collection variables
  • Can be used to set task sequence variable, do string replacement using %varname%, test as a condition on task sequence, retrieve from a command prompt
  • Most can be overridden - variable names are in the help, text fields in Task Sequence Editor accept %varname%
  • Package ID references can not be overridden
  • Value of collection variables is determined by all of the collections the computer is a part of, depending on precedence.
  • Variables that begin with _ are read-only
  • http://technet.microsoft.com/en-us/library/bb632442.aspx has data about all variables, what they store, and when they are consumed.
  
  
• Multiple disks and images
  • Deploy multiple images to multiple disks
  • OS on any volume
  • must be installed to \Windows
  
  
• Preserving content
  • Must be moved to _SMSTSUserStatePath
  • Must not repartition if stored on same drive
  • Apple Data Images optionally retains existing content
  
  
• Drive Letter problems
  • You have no control over drive letters
  • Drive letters assigned by PE are transient and may not be the same as the permanent assignment
  • Use drive letter assignment in Pe if it will be used later in PE
  
  
• Runtime selection of an image
  • Combine all images into one WIM and use OSDImageIndex at runtime to control which images - Recommended
  • Multiple apply Operating System image steps and condition them - all WIMs will be pre-cached if using caching
  
  
• Unattend file
  • Start with base unattend file - can contain variable references that are not yet resolved
  • Apply Operating System generated settings and merge
  • Apple Window Settings and Apply Network Settings make updates
  • Setup Windows and ConfigMgr replaced task sequence variables then boots to Windows
  
  
• Ways to get an image
  • Full build and capture task sequence - builds and captures WIM from scratch, setup.exe-based install
  • Standard capture media - Technician follows build doc
  • Outside of ConfigMgr - imagex.exe - client does not have to be preinstalled, multiple images supported
  • Create own capture media - can include or exclude any part of the process
  
  
• Imaging media
  • Bootable media accesses ConfigMgr Infrastructure
  • Stand-alone media contains everything needed to deploy
  • Capture media is the default image capture
  
  
• Encryption actions
  • TPM prep that can happen without user interaction
  • Optionally, escrow recovery password is stored
  • start process of encryption, can wait for completion - takes a lot of disk space during encryption
  • Can encrypt multiple drives in Vista SP1
  • Disable BitLocker disables it, but does not decrypt - makes key available in cleartext, PE picks it up automatically, does tasks, then re-encrypts
  • 3rd parts products might require password to be inputted manually in BIOS
  • USMT 3.0 can migrate EFS - if moving from XP to Vista certs automatically migrated
  
  

• Application Installation
  • Apps are in image
  • Install on new OS
  • Determine apps to install at runtime - use custom script to put list of PackageID, Program pairs into the variable, numeric order SAP001, 002, 003 - process stops if next one is missing, installed in order
  • Depended programs are not automatically installed (Program A depends on Program B) - If B is installed already, A will install, else not
  • Virtual apps can be installed with install software action in R2 - can be captured in WIM as well
  
  

Brad Anderson is doing the second keynote of the week. I missed him at the State of the Union yesterday. He did a good job a couple of years ago

The Dynamic Desktop

• Stop thinking of the client as a device, but as a user (user-centric computing) - giving users access to all of their apps, anywhere
• User focused
  • people transition across many user scenarios everyday - laptop to mobile phone to web accessible applications
  • Application delivery - software is virtualized
  • Data delivery - Offline files and folders, also keeping settings, wallpaper, desktop items
  • 750000 stolen laptops last year
  • Hosted solutions for people not on corporate asset
  • Demo - Softgrid goodness, too bad the price of admission is so high, Windows Server 2008 Terminal Services Gateway to connect to a corporate terminal server, same desktop and apps are presented, Virtual Desktop Infrastructure hosted desktop to prevent data leakage (Xen from Citrix)
  
  
• SCCM 2007 SP1 due in May, R2 RC in July
• All reporting now done in SQL Reporting Services in R2
• New version of MDOP in Q3, 2008 - fastest selling V1 product in volume licensing history - new version of Virtualization, Error Reporting, and ERD
• Unified and Virtualized - all in separate containers
  • Data and User Settings
  • Applications
  • OS
  • Hardware
  
  
• Callista and Kidaro acquisitions
• Comprehensive management - managing Physical and Virtual together in one platform
• Intel vPro
  • Power control - turn on, off, restart
  • Out of band management console
    • authenticate integrated with AD
    • Choose boot options
    • Serial connection window - see output from display on console, navigate BIOS from console
    • IDE Redirection - Boot from network file share (iso)
    
    
  
  

• Process-led, Model-driven
  • Operations Manager management packs
  • SCCM Configuration Packs - compliance with SOX and HIPPA
  • Service Manager solution packs - business processes
  • MOF v4 is RTW today
  
  
• Network Access Protection in Windows Server 2008 and System Center Configuration Manager
  • Forefront Client Security is integrated - what about others?
  
  
• Service Enabled
  • Finished Services - Allows access from anywhere - Microsoft Update
  • Attached Services - Allows access inside the firewall - WSUS
  
  
• System Center Attached Knowledge Services - Data pulled from SCCM and SCOM with business intelligence applied to it. Allows comparison with other companies anonymously.

• Why does energy matter?
  • Gartner estimates that energy is 4%-7% of IT budget
  • Energy costs continue to increase
  • 60 billion KWh went to commercial datacenters in US, 1.5% of total, more than all color TVs
  • Consumption up 12% annually in datacenter environments
  
  
• Optimized datacenter
  • Floor layout - hot aisle/cold aisle
  • clean up areas - get rid of debris that is blocking ventilation
  
  
• Get rid of sleepers - 10-30% of server do "nothing" - find by looking at average utilization
• Consolidate servers as much as possible
  • Combine older servers
  • Single or clustered file servers
  • Virtualization
  
  
• Use the right hardware

Presented by Wally Mead. I carbed up for this at lunch. Maybe he slows down at lunch.

• Supported client platforms
  • Windows 2000 SP4
  • Windows XP SP2 and SP3 (upcoming)
  • Windows Server 2003 SP1 and SP2
  • Windows Server 2003 R2
  • Windows Vista Ultimate, Enterprise, and Ultimate including SP1
  • Windows Server 2008 - no server core
  • Windows XP Tablet SP2
  • Windows XP Embedded SP2
  • Windows Mobile 6
  
  
• Issues with 2003 client deployment
  • Client push - No visibility, firewalls.
  • Not bandwidth aware
  • Multiple binaries needed
  
  
• Client deployment methods
  • Client push installation - Auto or admin controlled, can use site server computer account as the installation account
  • Logon installation for high-rights users - must be an admin
  • Software distribution - upgrade from 2003 or to SP1
  • Manual installation
  • Software update point client deployment through WSUS
  • Group Policy installation
  
  
• Components
  • CCMSETUP.EXE - bandwidth aware, used for install, uninstall, and upgrade
  • BITS - 2.0 for W2K, 2.5 for most Windows Clients, 3.0 already on Vista
  • Windows Installer 3.1 v2 - KB893803 for all except Windows Server 2003 SP1 and later
  • Windows Update Agent
  • MSXML6 SP1
  • MSRDC - Remote Differential Compression required for branch distribution point
  • wimgapi.msi - custom tools for image management
  • client.msi
  
  
• Client Assignment
  • Configuration Manager clients can only be assigned to ConfigMrg sites
  • In order to validate site assignment, must verify site version - AS Schema or SLP, can't point to an invalid site
  
  
• Client Registration
  • Must be registered as a client to talk to site server
  • Automatic process with PKI or self-signed certificates
  • For multiple forests - FQDN publishing of MP (ConfigMgr AD Schema extension)
  
  
• Client approval
  • Clients must be approved to use the network access account
  • Can't download policy until approved
  • Three approval options - automatic for domain joined, automatic for all, no automatic approval
  • Only in mixed mode - not necessary for any other modes
  
  
• Site roles for client installation
  • Site server - for client push
  • Management Point - download client files for deployment, retrieve policies after install
  • Server locator point
  • Distribution Point - software distribution client upgrade
  • Software Update Point - deploying clients through WSUS
  • Fallback Status Point - failed client installs report here
  • PXE service point - bare metal installs
  • State Migration Point - moving settings from one PC to another through USMT
  
  
• Client push installation
  • Basically the same as 2003
  • Default site code is now SMSSITECODE=Local
  • Site server account can be the client push installation account - tried if others fail
  • No longer uses remote registry - now uses remote WMI ("netsh firewall set service remoteamin enable" for windows firewall support)
  • If AD is extended, settings a published to AD - used when CCMSETUP is used with no parameters
  • FSP=SERVERNAME for Fallback Status Point in push settings
  • SMSSLP=SERVERNAME for Server Locator Point in push settings or it needs to be in WINS
  • Site server computer account must be a local admin on remote boxes
  • For verbose logging - HKLM\software\Microsoft\SMS\DiscoveryDataManager Verbose logging = 1
  • Windows 2000 clients require a reboot
  
  
• Software update client deployment
  • Client installed as a WSUS mandatory update to non-client systems- no firewall or low-rights issues
  • Client must point to the SUP via group policy
  • Site admin enables the Software Update Point Client install method - checkbox
  
  
• Group Policy client deployment
  • True AD deployment - CCMSetup.msi
  • No more auto-removal because of the additional MSI
  • ADM templates for settings - one for command line client install, another for client assignment
  
  
• Client upgrades - Software distribution or client push
• New client in SP1, SP1 clients can not connect to SP0
• No new client in SP1
• No SMSClient share - installdir\client directory, programs for CCMSETUP.EXE, include params in override needed
• Tips
  • Consider pre-deploying BITS because of reboot on W2K
  • Configure heartbeat and discovery to daily while deploying
  • Extend AD Schema
  • Deploy clients in phased manner
  • Deploy a test application to upgraded clients
  
  

Presented by Wally Mead, also known as Speedy Gonzales. I'm sorry for the sloppy notes. Wally was moving pretty fast.

Prerequisites for SCCM 2007

• Updated schema
• Platform support - Virtual Server R2 guest, dropped Windows 2000 server
• Prerequisite checker - all new
• Site deployment progress - real-time notification of deployment
• 
  Schema
  • Active Directory is a requirement for site systems. Schema extensions are not required, but highly recommended. SMS 2003 can publish to AD if extended for ConfigMgr.
  • Setup does not automatically extend the schema. Must run extadsch.exe. Log file is c:\extadsch.log.
  • Must grant site servers right to publish to AD schema.
  • Must have an AD site to use as a boundary.
  
  
• 
  Other Requirements
  • All servers must be on Windows Server 2003 SP1 or later
  • SQL 2005 SP2
  • All roles require IIS
  • .Net framework 2.0
  • MMC 3.0
  • Prerequisite checker - Admin rights on all site systems, sysamin rights on SQL instance, WSUS admin console locally installed on Primary.
  
  
• 
  SP1 Updates
  
  • Verifies SPN registration with SQL Server
  • FQDN for site systems
  • Installed version of WAIK
  • WSUS 3.0 SP1
  • Windows Server 2008 for all roles - no server core as site system
  • KB 936059 and 942841 for iAMT support
  • Two new roles in SP1 - Out of Band Management service point for iAMT, Asset Intelligence Synchronization Point to access System Center Online
  
  
• 
  R2 Updates
  • Requires SP1
  • SQL Reporting Services Point
  • Multicast support is there, but limited. Windows Server 2008 distribution point.
  • Unknown computer support for OSD
  
  

• 
  Installation
  • 
    Security
    • Mixed mode - SMS 2003 Advanced Security plus, no PKI
    • Native mode - PKI, new install defaults to mixed mode, Wally recommends Mixed mode initially, Can not report to mixed mode site
    • Keep Secondaries same as parent
    • Native mode required for Internet-based client management
    
    
  • Install modes - Custom and Simple, Simple turns everything on, so never use it
  • Still can't change Site Code post install
  • Supports clustered SQL
  • User Setup /download to pre-stage client prerequisites
  
  
• 
  Deploying Site Systems
  • Most roles stay the same
  • Removed Client Access Point, Sender component server because of deprecated legacy client
  • New Roles
  • 
    
    • State Migration Point for USMT state migration storage
    • PXE Service Point - network boot (WDS)
    • Software Update Point - WSUS 3.0, only one needed
    • System Health Validator - Must be Windows Server 2008
    • Fallback Status Point - client installation status, needs to be separate
    • Branch Distribution Point - workstation system for software distribution
    
    

    Server Locator Point not required if AD schema is extended, all clients joined to AD, and single forest.

  
  

• 
  Boundaries
  • Removed site boundaries and roaming boundaries
  • Fast or slow boundaries
  • Centralized boundaries node - all in one view
  • Can still have overlapping boundaries - still a problem
  • No default boundaries
  
  

• 
  Upgrades from 2003
  • In-place - keep hardware and data, All SMS 2003 feature packs must be uninstalled
  • Side-by-side - Upgrade and re-assign clients
  • ITMU will be upgraded automatically to new version
  • Install ConfigMgr, then upgrade current 2003 to ConfigMgr. Add new primary as a child, let it replicate, then break the relationship.
  • SMS 2003 can never be a parent of ConfigMgr.
  • Can not upgrade central site if there are any legacy clients
  • Always do a testdbupgrade
  • No 2.0 in hierarchy.
  
  

The State of the Nation address by Bill Anderson should be the highlight of any SMS administrator's trip to MMS.

5.8 Million lines of code in SCCM 2007
3.2 Million lines of test automation
385 UI pieces in 1100 places
2,000,000 words of documentation

SCCM manages MS.com, XBox Live, Surface

Lots of recap

Prototype of DCM capture and import tools

Themes in V5

• Embracing he end user of the future - more tech-savvy users will be able ot manage their own technology
• More investment in administrator experience - making things more simple, focus on software distribution status
• Simplifying our cores -
• Continuing to do what we do today better -

MMS is about to begin! The Ventian seems larger than I remember it. I know they've added on some things, but I don't remember the convention center being as large as it is now.

I was just discussing the pre-show playlist with Curtis. Normally, Microsoft plays some electronic or something low-key. Today, AC/DC, Stone Temple Pilots and Stevie Ray Vaughn. Not bad at all.

Oh lord, it's Rodney Sherwood again. I'm not saying anything else, I promise.

Bob is explaining Dynamic IT again. We're five years into the ten year plan. If you haven't seen the Microsoft Dynamic IT strategy check it out here.

Changes in the datacenter

• The physical datacenter is changing. Blades and other form factors have made things more efficient. Cooling and energy efficiency is key.
• Virtualization is the wave of the future. Operating System virtualization is just the first step. Application virtualization is more important because state is separate from system.

Interesting demo of the task sequencer in SCCM. Some of the OEMs - Dell was included in the demo - have created configuration packs that allow configuration of their hardware. BIOS settings, like Hyper-V enabling, can be set in the task sequencer. Server roles can be configured in the task sequencer using Microsoft Deployment.

Multicast is going to be available in the R2 release of Configuration Manager. Much better.

MSDN and Technet are virtualized on Windows Server 2008 and Hyper-V. Benchmarks are "competitive" with VMWare ESX server.

System Center Virtual Machine Manager 2008 beta is available today. It can manage Microsoft Virtual Server, Hyper-V and VMWare ESX VMs. The system is PowerShell-based. At the end of the wizards, the script can be previewed. V-Motion can be driven from VMM. VMWare can not be provisioned from this console, but can be fully managed.

Microsoft will add live migration to Hyper-V It is working in the lab, but didn't make it into the first release.

The "Library" contains building blocks for VMs. It can contain ISOs, scripts, templates, etc. Make this VM highly available checkbox in template will make sure the created VM is always on a cluster and is available.

Cross-platform extensions for System Center Operations Manager. It will include Linux, HP-UX, and AIX. Discovery Wizard can discover UNIX boxes. Cross-Platform Extensions beta is available today at the conference.

Open standards support including OpenWS and OpenPegasus.

Good keynote today.

We've owned a couple of these. We liked the Monster adapter better than the Belkin. I haven't seen the FastMac cable that Dan recommends.

Last year, soon after the iPhone was released, we took a look at iPhone headphone adapters—short cables that let you use any headphones with the iPhone’s recessed headphone jack—from Belkin and RadTech. Since then, a number of vendors have released similar products. Because these cables are essentially minor variations on theme, we aren’t going to do extended reviews; instead, here’s a quick look at some of the other models we’ve seen. All work as advertised, so you’re really choosing based on appearance, construction, and price.

[From iPhone Central: Review: iPhone headphone adapter roundup]

I'll be helping Warren out for this, so stop by and say hi. I believe enough in this session to make my new guy go as well. It is well worth the time and is a nice warm-up for the 5:30 mad dash to the MyITForum.com booth for your party pass.

SU33 Conquering the Summit - A Freshman Orientation
Monday, April 28 4:30 PM - 5:45 PM, A-Bellini 2004-2106
Speaker(s): Warren Byle
Track(s): Community
Session Type(s): Breakout
Products(s): Community

[From First time at MMS? This is a MUST attend session... - Rod Trent at myITforum.com]

It looks like our licenses for ConfigMgr will materialize soon, so it's time to start planning. My biggest decision point is around when or if to use branch distribution points. I think it will solve many of the problems -political, not technical - I have in my current environment. Are there any other gotchas that you guys would like to share?

That's right. Rocket Launchers.

An IBM p575 supercomputer is being used to provide hourly weather forecasts for 17,000 square miles around the city.

If rain clouds are expected the Weather Modification Office can call on 1,500 staff with 30 aircraft to drop chemicals into the clouds to force them to drop their water early.

A further 37,000 part-time staff can fire additional materials into the clouds using 7,113 anti-aircraft guns and 4,991 rocket launchers.

[From China to use weather control at Olympics - Slice of SciFi]

In honor of MMS, some tips for packing all of those electronics that we will inevitably take with us.

Scott Hanselman shared all of his secrets for packing light and providing power to all of his gadgets. I personally like the Monster mini power strip. I'm contemplating the Kensington power system too, but I'm cheap and can't bring myself to it.

I'm starting to get excited about MMS! I was amazed to hear that it sold out for the first time, but that just means that everyone knows what the regular attendees have known from the beginning: MMS is the best SMS training on the planet. Where else can you get the best minds on the topic all sharing in one place?

I have a hard time posting when I'm traveling. I have access, but no one wants to hear about my user issues. :)