October 2005 - Posts

• Google throwing down the gauntlet to Microsoft

  Google is hiring programmers to work on improving OpenOffice. As if Microsoft doesn't already hate Google....going after one of their bread 'n butter products will certainly have Ballmer pissed off again... http://business.timesonline.co.uk/article/0,,9075-1851613,00.html Posted Oct 31 2005, 12:24 PM by mbroadstock with no comments Filed under: Misc

• Improvements to SMS Group/Collection creation HTA

  I posted a while back about a little HTA that I was working on to help automate the creation of groups in AD and the creation of Collections that are tied to those groups. I've added a few options to make it a bit more flexible. Collection to Limit To Parent Collection OU to create the groups in Group Description Group Notes Here's a screenshot. I'm not ready to post all of the code quite yet but if anyone wants to try it out, shoot me an e-mail (matt.broadstock@gmail.com) and I'll give you the code and explain what changes you will need to make to get it to work in your environment. There are a few variables that have to be updated in the code and you'll need to create a small XML file that has information on your OU structure and SMS Collection structure. I'm not sure how many people are using AD groups to manage collection membership but it works great at my current client. Each department is able to manage their own groups in AD (therefore they can manage their collection members). But pretty much everything is SMS is managed centrally. Because we have separate collections (and groups) for each department, creating everything for each new package/advertisement is time consuming. At least it used to be. :) Posted Oct 27 2005, 02:09 PM by mbroadstock with no comments Filed under: Scripting - VBScript, SMS

• More DHCP corruption issues

  We've now had 6 issues with DHCP corruption in the past month or so. It has been on a different server each time and some of them are on SP1 and some of them are not. I'm not sure what the heck is going on but I'm certainly glad I wrote a good DHCP backup/recovery process. I just didn't think I'd have to use it so much. I'm curious if one of the patches that was recently installed is causing the problems. It's a bit strange to go so long without any issues and then have 6 distinct major issues in less than a month. We lose a bunch of reservations each time and some of the scope/server options get blown away randomly. I've reviewed the DHCP logs and don't see anything especially strange. It only happens when the server gets rebooted. I'm not sure if just stopping/re-starting the DHCP service will be enough to cause the issue or not. I'm planning to try that on one of the servers that hasn't been rebooted since these problems started popping up. I'm just hoping this is a one-time issue for each server. The fix only takes a couple of minutes (gotta love NETSH) but it is still a bit annoying.. Posted Oct 25 2005, 03:10 PM by mbroadstock with no comments Filed under: Active Directory

• Script to find SMS Packages with bad Source Paths

  Another article on a new script I wrote. This one is quick and simple. It will identify SMS Packages that have a source path set to a folder that doesn't exist. There's nothing really revolutionary here but I think it is something that SMS Admins should run periodically. Next, I think I am going to work on a script to find SMS Programs/Packages that aren't tied to any advertisements. I'm guessing I'll have to grab all of the relevant info and then dump it into a database so I can run some queries on what I find. If you haven't noticed, I'm doing a lot of work lately on trying to come up with some processes to follow or utilities to implement that will help to find any issues with SMS before you get a complaint call that something isn't working (or just some procedures to help keep everything in SMS as clean as possible). If you have some good tips I'd love to hear them so I can add them to my bag o' tricks! MOM is great for letting you know when something stops working but it seems like misconfigurations are a lot more common than true service outages. Posted Oct 24 2005, 04:57 PM by mbroadstock with no comments Filed under: Scripting - VBScript, SMS

• Fixing SMS Package deployment to Distribution Points

  I threw together an article on how to fix problems where a package doesn't deploy to a Distribution Point properly. We had over 80 such instances at my current client. We never found out about the issues until there was a problem so I did some digging on how to proactively find these issues and fix them. I find myself digging deeper and deeper into SMS all the time. I'm definitely not an SMS administrator but after the last few issues I have worked through I feel like I have a better understanding of *some* of the innards of SMS than a lot of SMS Admins probably do. Now I just need to get my lab setup at home so I can actually install it myself. :) Posted Oct 24 2005, 11:00 AM by mbroadstock with no comments Filed under: SMS

• Fixing MMC errors

  I just threw together an article on how to fix an annoying MMC error that I've run into a bunch of times. I ran into it again this morning so I figured I'd share the fix for the following error: MMC cannot open the file C:\WINDOWS\SYSTEM32\GPMC.MSC. This may be because the file does not exist, is not an MMC console, or was created by a later version of MMC. This may also be because you do not have sufficient access rights to the file. Posted Oct 19 2005, 08:48 AM by mbroadstock with no comments Filed under: Misc, Active Directory

• Microsoft changing things on us....yet again

  Brian posted about how the updates for the ITMU have changed the name they are categorized under. I love some of the stuff that Microsoft is able to provide for us but it sure seems like they change names willy-nilly on us all the time. For instance, apparently My Documents will just be Documents in Vista. I like the idea of having a folder without a space in it but I wish they would just stick with My Documents. There are countless scripts that have been written that expect the folder to be named My Documents. Microsoft has a history of doing this time and time again. I suppose it's job security for me because companies will need scripts/programs updated to allow for this change but I'd rather be working on something new and creative than just making changes to something that already works because someone decided to change something on a whim. I'm curious how the renamed Application Data and My Documents folders in Vista will work with the existing group policies. The folder redirection policies are hard-coded to create/use folders named Application Data/My Documents. Does this mean we will need to have a separate policy for Vista clients? Or will we have to run a script that will rename these folders on all of our file servers? Either way it will be a royal pain. Maybe they have something already figured out that will work just fine but it is still annoying. Posted Oct 18 2005, 10:58 AM by mbroadstock with no comments Filed under: Misc

• Internet Archive Wayback Machine

  http://www.archive.org/web/web.php. Browse the internet like it's 1997 all over again! Pump in http://web.archive.org/web/*/http://www.microsoft.com and look at some of their websites from '96. Funny stuff. Posted Oct 13 2005, 05:27 PM by mbroadstock with no comments Filed under: Misc

• Outsourced my cleaning duties

  I read that Tim just outsourced his lawn duties (something I've been telling him to do for a while now! I made tons of $$ as a kid mowing lawns--give those kids some cash! How else are they going to afford that XBox 360?). Well, I decided that I'm just not very good at keeping my place clean so I had someone come clean my place last week. It is sooooo clean now. I suppose it really hit home when a friend of mine commented on what a dump my place had become. But it's looking great now. I just need to figure out how often I need to get it cleaned.... Posted Oct 10 2005, 09:22 AM by mbroadstock with no comments Filed under: Misc

• Creating an Exclusion query/collection in SMS

  Some people may already know about this but I ran into it for the first time and thought it was interesting. We needed to create a collection in SMS that excluded all resources that were in a specific group in AD. Well, the obvious way to pull it off didn't work. Anyway, here's what I had to do: select SMS_R_System.ResourceID,SMS_R_System.ResourceType,SMS_R_System.Name,SMS_R_System.SMSUniqueIdentifier,SMS_R_System.ResourceDomainORWorkgroup,SMS_R_System.Client from SMS_R_System where Name Not In (select distinct Name from  SMS_R_System where SystemGroupName = "DS\\G113-KeepMSNetwareClient") Instead of: select SMS_R_System.ResourceID,SMS_R_System.ResourceType,SMS_R_System.Name,SMS_R_System.SMSUniqueIdentifier,SMS_R_System.ResourceDomainORWorkgroup,SMS_R_System.Client from SMS_R_System where SystemGroupName Is Not Like  "DS\\G113-KeepMSNetwareClient") Basically, you have to have a subquery that returns members of the group and then do a "Not In" on that instead of just trying a "Is Not Like groupname" or "Not = groupname" type exclusion. From what I was reading this isn't unique to groups. You have to do it for a lot of inventory info.   Also, I found that the nested query (the part in the parenthesis in the 1st example) had to only return “Name“. I tried nesting that query with all of the normal stuff that gets returned (ResourceType, SMSUniqueIdentifier, etc.) but it didn't work then either. Posted Oct 07 2005, 10:44 AM by mbroadstock with no comments Filed under: SMS

• Problems deploying packages that utilize InstallShield ISScript

  We've run into a few applications that wouldn't install properly via SMS if a non-admin was logged onto the system when the package got deployed. If an administrator was logged on or if no one was logged on at all everything worked great. This seemed a bit strange because everything should run as the local System account, right? Well, this isn't necessarily true in the case of a MSI created with InstallShield that utilizes ISScript. When ISScript gets deployed, it sets its DCOM permissions to Interactive User. So when the MSI runs, it is possible that certain components of the install routine will try to run as the logged on user--not as System. Anyway, you can fix the issue by deleting a few registry values. The problem is that if ISScript ever gets reinstalled it will set itself back to run as Interactive User. And each version of ISScript has a different DCOM app that needs to be checked for the problem. It looks like ISScript versions 7, 8, and 9 all have the problem and one of our packagers is thinking that version 10 does as well. Not sure about 10.5 or 11 yet. Anyway, someone already posted a really good article on the problem if you care to read more on it and exactly how to fix the issue if you run into it. Posted Oct 06 2005, 04:15 PM by mbroadstock with no comments Filed under: SMS

• First time restringing my guitar

  Around 3 months ago I bought my first guitar. I was over at Brian Tucker's house for a BBQ and some beers and he broke out his guitar and showed Tim and I a few licks. I should've replaced the strings earlier but I just never got around to it. A couple of the strings were getting a bit loose but I finally broke a string so I was forced to go ahead and swap 'em out. The process itself wasn't too bad but I was having problems with a few of the strings 'twanging' really bad. So I took them off and restrung them again. Same problem. Well, apparently they just needed some time to settle in because I tried playing again a few hours later and everything seemed to be ok. Well, almost ok. My tuner battery was dead so I wasn't able to properly tune it. I tried to do it by ear and got fairly close but it is still a bit off. Oh well, I'll pick up a 9-volt today and I'll be ready to start rockin' again soon. Posted Oct 06 2005, 10:44 AM by mbroadstock with no comments Filed under: Misc

• RE: Blogging etiquette

  Quick clarification...my rant about blogging etiquette was set off by some stuff I ran into on other sites, not on myITforum. There were a few blogs that were easily 20 pages long that were just copy/pasted. Sorry if anyone took offense to it but it certainly wasn't directed to anyone here. Posted Oct 06 2005, 08:25 AM by mbroadstock with no comments Filed under: Misc

• Blogging etiquette

  Well, I've managed to find some time this afternoon to get caught up on some of my RSS feeds. And I kept running into one of my pet peeves--people who just copy/paste an entire article or blog from somewhere else and post it on their own blog. Often without any commentary of their own. Grrrr! Come on, if you find something interesting, by all means post a link to it and maybe a nice summary (Rod's 2400th post is a good example of the way I like to see it done, although after 2400 posts he can be expected to have it down by now, right?). And, even better, give me some insightful information of your own (see Tim's post for a great example of this). But please don't post a 3000-line blog that I have to spend 3 minutes scroll-mousing through. I mean, can I sue these people for giving me carpal tunnel? If I want to see a list of every Microsoft webcast in October I can find it. If you want to post about a few of them that you find interesting, that's great. But no more gigantic lists!!! One thing I like about the way myITforum is setup is that you can create articles instead of blogs if you want. That way I can post hundreds of lines of code there and then just create a small blog with an overview of it and a link to the article. Ok, rant over! Posted Oct 05 2005, 05:51 PM by mbroadstock with 1 comment(s) Filed under: Misc

• Copy/Paste before posting saved me this time!

  Well, as usually happens, I got pulled away from my desk in the middle of a blog post. But I learned my lesson from the last time I got burned because my secure session timed out and I lost my entire (extremely lengthy) post. I just did a blog on auditing systems with broken or missing SMS clients. I knew I'd been in and out of my office while putting it together so I remembered to Copy/Paste everything into Word before submitting it. Good thing I did too because it went straight to the logon screen. Posted Oct 05 2005, 05:34 PM by mbroadstock with no comments Filed under: Misc

• Auditing systems that are missing a SMS client (or have a broken client)

  I've been doing some thinking on how best to audit our systems to make sure that SMS is installed and working properly on all of our systems. Right now I am mulling over a few options that I think might need to be used in conjuction with each other. 1. Use a simple collection with a query rule that filters on “ResourceID.Client <> 1”. This will show you a lot of systems where the client isn't installed (we had 140+) 2. Another collection with a query rule that filters on “ResourceID.Client Is Null”. I found that this is necessary because the first query won't return resources where the Client attribute is set to Null. I found another 260+ systems that may not have the SMS client installed using this query. We were assuming that the first query would pickup everything. The bad thing about this is that it returns all network devices that network discovery picks up (routers, printers, etc). So I went ahead and created an additional query filter to only return systems on the domain. I need to work on this methodology to tweak it to return exactly what I am looking for. 3. Somehow I need to get information about the last time the system sent inventory to SMS and the last time the workstation was on AD. I'm thinking that using the “lastLogonTimeStamp” attribute in AD will be useful for this. We need to be using this information to clean old systems out of AD anyway. As part of this, I'd like to come up with a good method for finding SMS clients that haven't reported back in X number of days. 4. Maybe create a small Access database that I can link to SMS and dump the AD data to. Then I could create some reports?? As you can probably tell, I'm still in the speculative stage on this. If you've run into any good tools or processes for this, please let me know. Thanks!   Posted Oct 05 2005, 05:07 PM by mbroadstock with no comments Filed under: SMS, Active Directory

• Utility to build Groups and Collections for SMS

  I posted a while back on this but I have a production version done now. This utility is really handy for creating groups that you can tie to SMS Collections as query rules. The company that I am at now has all of their departments broken down into “Entities” and we create separate groups and collections for each package for each Entity. It can be very time consuming to create all of the groups and collections whenever we have a new package to send out. So I wrote a HTA that automates the entire process. First, you select the “Entities” that you want to setup and type in the base groupname name that you want to create. Then, you click “CreateGroups” and it will create all of the groups for you. In my current customer's case, each groupname is prepended with their Entity code. And the groups are created in each entity's specific OU. And it is really fast. Next, enter the base collection name and click “CreateCollections”. It will create unique collections for each entity (also prepending the entity code before the base collection name). Every entity has their own collection structure and the utility will put the new collection in the collection heirarchy where it belongs. This seems to take a few seconds per collection but there is a lot of stuff that has to be done to create a collection, tie it to a parent collection, setup a refresh schedule, and create the query rule. It might take a little bit of customization to get it to work for your SMS environment but it is mostly XML driven so you can just create an XML file with the information that is pertinent to your SMS setup. Anyway, here's a screenshot. Sorry for the slow download speed on this webserver! If you have any feedback, please shoot me an e-mail: matt.broadstock@gmail.com Posted Oct 05 2005, 03:57 PM by mbroadstock with no comments Filed under: Scripting - VBScript, SMS, Active Directory