I plan to move my articles over to my new blog on Brian Tucker's new website before too long. I will update all of the articles on myITforum.com so they have a link to the new article once I get everything moved over. I will probably still do some blogging in both places for a while but I want to make sure I only have one place where I have to maintain my technical articles. I am also starting work on revamping www.smsutils.com and I will probably move the articles there once I have the new site up and running. After seeing Brian's new site, I'm a bit inspired to get my site looking/working better. And running off of a server that isn't in someone's basement. :)  I'm not sure that CS will be a good platform for what I need so I am going to start out by upgrading from DNN 2.1.2 to DNN 4.0.2 and see how that goes.

I have a ton of SMS-related scripts that I haven't gotten around to posting anywhere yet. Once I get our website updated I plan to make them available to the world. I think people will find them very useful.

I really like it but I'm having problems doing anything but adding new posts on my blog now. As soon as I go to the admin page it just sends me straight to the “Posts" page. Maybe closing the browser and re-loading the page will help... We shall see.

I never thought I'd get away from FireFox for home use but, from what I've seen so far, IE7 is going to be awesome.

I haven't loaded the new toolbar up yet but I'll be sure to do so today. It doesn't look like there is a Firefox version out yet though...

The Google page itself has a list/description of the new features but this article has a good breakdown as well.

Apparently they also released a version of the toolbar targetted to the enterprise environment (manageable via GPOs, etc). I'm not exactly sure how this would be utilized....

 

When they can get it all worked out so I can take a nice nap while travelling cross-country, I'll have to get myself something like this.

Just saw Tim's post on the Jan 10th patch. My current client (like a lot of companies I am sure) had a conference call with our TAM today and found out about the Jan 10th timeframe earlier today. They also recommended against installing the 3rd-party patch because they don't know what it does. I'm not totally sure I agree with that. I trust the IST guys and they say it only does what it says it does. But the plan, for now, is to hold off on anything and see what happens. We've got a package ready in SMS that will unregister the DLL so we can send it out if things start going bad. The only thing that makes me feel the least bit comfortable is that our pattern files are pretty up-to-date. Every exploit I've read about so far just uses the WMF to install a known virus/trojan. And as long as the pattern files find those, it *should* be ok. (fingers-crossed).

I like what they are doing with ADM files (now ADMx files). Finally XML-based. And they are no longer storing separate copies of each ADM in each GPO. And I know Tim will be happy that they included the ability to restrict device installation via GPO. Figuring out how to properly lock down USB-drive access in XP was a real pain (and still not 100% successful).

I'm still curious if they have abandoned the old IEAK method of managing IE settings that Group Policy currently uses. Surely they finally got things figured out and are using true group policies for managing those IE settings instead of that funky, buggy, piece of garbage GPO DLL extension.

http://www.microsoft.com/downloads/details.aspx?FamilyID=311f4be8-9983-4ab0-9685-f1bfec1e7d62&DisplayLang=en

Also, I don't always like Paul Thurrott's take on things but he did a pretty good writeup on the latest build of Vista.

Guess I was thinking moving servers and changing domain names would be the end-all-be-all fix. :)  I forget what the deal was, can you use Firefox to post comments but not IE? Wasn't there a different issue with Firefox and the blogs though? Like you can't sign in to admin your blog...??

Anyway, I was just going to post a comment to Andrew's SMS DP issues so I guess I'll just post it in my blog.

No guarantees that this is what you are running into but you might look this over...

http://myitforum.com/blog/mbroadstock/articles/16231.aspx

I was really hoping that the new FRS replacement in R2 would work to keep clusters in sync with each other. Apparently not. It does look like a huge improvement over the current FRS but it would have helped me out with a current disaster recovery project if they would have made it smart enough to work with clusters.

http://technet2.microsoft.com/WindowsServer/en/Library/b21366bd-d2a1-4bfb-b6f9-55dd5106b31d1033.mspx

On server clusters, replicated folders must be located in the local storage of a node because the DFS Replication service is not designed to work in a coordinated way with cluster components, and the service will not fail over to another node.

There's a decent video on some of the features of the new DFS Replication that comes with R2. One of the cool things they touch on is that the differential copies (only copying differences in files) will work for “new” files in some cases. For instance, if someone does a SaveAs on an existing file, DFSR is smart enough to recognize that and use the original file as a base and only copy the differences between the new file and the one that is already on the other link target replicas. Although I suppose I shouldn't call it a link target anymore since they've changed all of the terminology on us.

I'm hoping they manage to get this new feature in place when they release Vista. It would be really nice to be able to install patches (or whatever other software) overnight and have the user come back to their desktop with all of their applications in the state that they were in when they left it--even if the system reboots.

http://www.eweek.com/article2/0,1895,1895276,00.asp

We're experimenting with using Community Server for internal knowledge sharing at my current client (for IT folks only). We have a Sharepoint site setup that we use for posting tips/tricks and all that good stuff. But a lot of the knowledge sharing that goes on is via e-mail. And, e-mail gets purged periodically and requires that everyone keeps a copy of it if they think it is something worth keeping. We're playing around with using forums to toss ideas back and forth and provide solutions for each other. I'm optimistic that it will be a big success--just need to get enough people to buy in to it so it is a useful tool. We've always wanted to put out a newsletter periodically from the corporate IT staff to the remote folks. I think we can utilize a blog for that. I just wish I was the one who thought of using CS like this!

I've been at companies where we tried to use Exchange public folders for similar things but it never went over very well. CS seems like it could be an extremely useful tool for this type of thing. So easy to use...

I hate it when I am troubleshooting software distribution issues and the package is configured to deploy to the distribution points in the SMSPKG folder with a subfolder named after the Package ID. It seems to be a lot easier to figure things out if the package is configured to create a named folder on the SMSDist share. I put together a quick script to identify those packages so they can be updated. Just update the SMS server and site name...

On Error Resume Next
Dim strComputer, objWMIService, propValue, SWBemlocator, UserName, Password, colItems

strComputer = "smsserver"
UserName = ""
Password = ""
Set SWBemlocator = CreateObject("WbemScripting.SWbemLocator")
Set objWMIService = SWBemlocator.ConnectServer(strComputer,"\root\sms\site_XXX",UserName,Password)
Set colItems = objWMIService.ExecQuery("Select * from SMS_Package where ShareType='1' and PkgSourceFlag<>'1'",,48)
'ShareType = 1 means it doesn't have a specific sharename (will use SMSPKG folder)
'PkgSourceFlag = 1 means it doesn't have source files-need to exclude these

For Each objItem in colItems
 WScript.Echo objItem.PackageID & vbTab & objItem.Name
Next

What do I have to do to get into the SMS Alliance?? :) Poor little SMSUtils getting left out??

Google is hiring programmers to work on improving OpenOffice. As if Microsoft doesn't already hate Google....going after one of their bread 'n butter products will certainly have Ballmer pissed off again...

http://business.timesonline.co.uk/article/0,,9075-1851613,00.html

I posted a while back about a little HTA that I was working on to help automate the creation of groups in AD and the creation of Collections that are tied to those groups. I've added a few options to make it a bit more flexible.

• Collection to Limit To
• Parent Collection
• OU to create the groups in
• Group Description
• Group Notes

Here's a screenshot.

I'm not ready to post all of the code quite yet but if anyone wants to try it out, shoot me an e-mail (matt.broadstock@gmail.com) and I'll give you the code and explain what changes you will need to make to get it to work in your environment. There are a few variables that have to be updated in the code and you'll need to create a small XML file that has information on your OU structure and SMS Collection structure.

I'm not sure how many people are using AD groups to manage collection membership but it works great at my current client. Each department is able to manage their own groups in AD (therefore they can manage their collection members). But pretty much everything is SMS is managed centrally. Because we have separate collections (and groups) for each department, creating everything for each new package/advertisement is time consuming. At least it used to be. :)

We've now had 6 issues with DHCP corruption in the past month or so. It has been on a different server each time and some of them are on SP1 and some of them are not. I'm not sure what the heck is going on but I'm certainly glad I wrote a good DHCP backup/recovery process. I just didn't think I'd have to use it so much. I'm curious if one of the patches that was recently installed is causing the problems. It's a bit strange to go so long without any issues and then have 6 distinct major issues in less than a month. We lose a bunch of reservations each time and some of the scope/server options get blown away randomly. I've reviewed the DHCP logs and don't see anything especially strange. It only happens when the server gets rebooted. I'm not sure if just stopping/re-starting the DHCP service will be enough to cause the issue or not. I'm planning to try that on one of the servers that hasn't been rebooted since these problems started popping up.

I'm just hoping this is a one-time issue for each server. The fix only takes a couple of minutes (gotta love NETSH) but it is still a bit annoying..

Another article on a new script I wrote. This one is quick and simple. It will identify SMS Packages that have a source path set to a folder that doesn't exist. There's nothing really revolutionary here but I think it is something that SMS Admins should run periodically.

Next, I think I am going to work on a script to find SMS Programs/Packages that aren't tied to any advertisements. I'm guessing I'll have to grab all of the relevant info and then dump it into a database so I can run some queries on what I find.

If you haven't noticed, I'm doing a lot of work lately on trying to come up with some processes to follow or utilities to implement that will help to find any issues with SMS before you get a complaint call that something isn't working (or just some procedures to help keep everything in SMS as clean as possible). If you have some good tips I'd love to hear them so I can add them to my bag o' tricks! MOM is great for letting you know when something stops working but it seems like misconfigurations are a lot more common than true service outages.

I threw together an article on how to fix problems where a package doesn't deploy to a Distribution Point properly. We had over 80 such instances at my current client. We never found out about the issues until there was a problem so I did some digging on how to proactively find these issues and fix them.

I find myself digging deeper and deeper into SMS all the time. I'm definitely not an SMS administrator but after the last few issues I have worked through I feel like I have a better understanding of *some* of the innards of SMS than a lot of SMS Admins probably do. Now I just need to get my lab setup at home so I can actually install it myself. :)

I just threw together an article on how to fix an annoying MMC error that I've run into a bunch of times. I ran into it again this morning so I figured I'd share the fix for the following error:

MMC cannot open the file C:\WINDOWS\SYSTEM32\GPMC.MSC.

This may be because the file does not exist, is not an MMC console, or was created by a later version of MMC. This may also be because you do not have sufficient access rights to the file.

Brian posted about how the updates for the ITMU have changed the name they are categorized under. I love some of the stuff that Microsoft is able to provide for us but it sure seems like they change names willy-nilly on us all the time. For instance, apparently My Documents will just be Documents in Vista. I like the idea of having a folder without a space in it but I wish they would just stick with My Documents. There are countless scripts that have been written that expect the folder to be named My Documents. Microsoft has a history of doing this time and time again. I suppose it's job security for me because companies will need scripts/programs updated to allow for this change but I'd rather be working on something new and creative than just making changes to something that already works because someone decided to change something on a whim.

I'm curious how the renamed Application Data and My Documents folders in Vista will work with the existing group policies. The folder redirection policies are hard-coded to create/use folders named Application Data/My Documents. Does this mean we will need to have a separate policy for Vista clients? Or will we have to run a script that will rename these folders on all of our file servers? Either way it will be a royal pain. Maybe they have something already figured out that will work just fine but it is still annoying.

http://www.archive.org/web/web.php. Browse the internet like it's 1997 all over again!

Pump in http://web.archive.org/web/*/http://www.microsoft.com and look at some of their websites from '96. Funny stuff.

I read that Tim just outsourced his lawn duties (something I've been telling him to do for a while now! I made tons of $$ as a kid mowing lawns--give those kids some cash! How else are they going to afford that XBox 360?). Well, I decided that I'm just not very good at keeping my place clean so I had someone come clean my place last week. It is sooooo clean now. I suppose it really hit home when a friend of mine commented on what a dump my place had become. But it's looking great now. I just need to figure out how often I need to get it cleaned....

Some people may already know about this but I ran into it for the first time and thought it was interesting. We needed to create a collection in SMS that excluded all resources that were in a specific group in AD. Well, the obvious way to pull it off didn't work.

select SMS_R_System.ResourceID,SMS_R_System.ResourceType,SMS_R_System.Name,SMS_R_System.SMSUniqueIdentifier,SMS_R_System.ResourceDomainORWorkgroup,SMS_R_System.Client from SMS_R_System where Name Not In (select distinct Name from  SMS_R_System where SystemGroupName = "DS\\G113-KeepMSNetwareClient")

select SMS_R_System.ResourceID,SMS_R_System.ResourceType,SMS_R_System.Name,SMS_R_System.SMSUniqueIdentifier,SMS_R_System.ResourceDomainORWorkgroup,SMS_R_System.Client from SMS_R_System where SystemGroupName Is Not Like  "DS\\G113-KeepMSNetwareClient")

We've run into a few applications that wouldn't install properly via SMS if a non-admin was logged onto the system when the package got deployed. If an administrator was logged on or if no one was logged on at all everything worked great. This seemed a bit strange because everything should run as the local System account, right? Well, this isn't necessarily true in the case of a MSI created with InstallShield that utilizes ISScript.

When ISScript gets deployed, it sets its DCOM permissions to Interactive User. So when the MSI runs, it is possible that certain components of the install routine will try to run as the logged on user--not as System.

Anyway, you can fix the issue by deleting a few registry values. The problem is that if ISScript ever gets reinstalled it will set itself back to run as Interactive User. And each version of ISScript has a different DCOM app that needs to be checked for the problem. It looks like ISScript versions 7, 8, and 9 all have the problem and one of our packagers is thinking that version 10 does as well. Not sure about 10.5 or 11 yet.

Anyway, someone already posted a really good article on the problem if you care to read more on it and exactly how to fix the issue if you run into it.

Around 3 months ago I bought my first guitar. I was over at Brian Tucker's house for a BBQ and some beers and he broke out his guitar and showed Tim and I a few licks. I should've replaced the strings earlier but I just never got around to it. A couple of the strings were getting a bit loose but I finally broke a string so I was forced to go ahead and swap 'em out. The process itself wasn't too bad but I was having problems with a few of the strings 'twanging' really bad. So I took them off and restrung them again. Same problem. Well, apparently they just needed some time to settle in because I tried playing again a few hours later and everything seemed to be ok. Well, almost ok. My tuner battery was dead so I wasn't able to properly tune it. I tried to do it by ear and got fairly close but it is still a bit off. Oh well, I'll pick up a 9-volt today and I'll be ready to start rockin' again soon.

Quick clarification...my rant about blogging etiquette was set off by some stuff I ran into on other sites, not on myITforum. There were a few blogs that were easily 20 pages long that were just copy/pasted. Sorry if anyone took offense to it but it certainly wasn't directed to anyone here.

Well, I've managed to find some time this afternoon to get caught up on some of my RSS feeds. And I kept running into one of my pet peeves--people who just copy/paste an entire article or blog from somewhere else and post it on their own blog. Often without any commentary of their own. Grrrr! Come on, if you find something interesting, by all means post a link to it and maybe a nice summary (Rod's 2400th post is a good example of the way I like to see it done, although after 2400 posts he can be expected to have it down by now, right?). And, even better, give me some insightful information of your own (see Tim's post for a great example of this). But please don't post a 3000-line blog that I have to spend 3 minutes scroll-mousing through. I mean, can I sue these people for giving me carpal tunnel? If I want to see a list of every Microsoft webcast in October I can find it. If you want to post about a few of them that you find interesting, that's great. But no more gigantic lists!!!

One thing I like about the way myITforum is setup is that you can create articles instead of blogs if you want. That way I can post hundreds of lines of code there and then just create a small blog with an overview of it and a link to the article.

Ok, rant over!

Well, as usually happens, I got pulled away from my desk in the middle of a blog post. But I learned my lesson from the last time I got burned because my secure session timed out and I lost my entire (extremely lengthy) post. I just did a blog on auditing systems with broken or missing SMS clients. I knew I'd been in and out of my office while putting it together so I remembered to Copy/Paste everything into Word before submitting it. Good thing I did too because it went straight to the logon screen.

I've been doing some thinking on how best to audit our systems to make sure that SMS is installed and working properly on all of our systems. Right now I am mulling over a few options that I think might need to be used in conjuction with each other.

1. Use a simple collection with a query rule that filters on “ResourceID.Client <> 1”. This will show you a lot of systems where the client isn't installed (we had 140+)

2. Another collection with a query rule that filters on “ResourceID.Client Is Null”. I found that this is necessary because the first query won't return resources where the Client attribute is set to Null. I found another 260+ systems that may not have the SMS client installed using this query. We were assuming that the first query would pickup everything. The bad thing about this is that it returns all network devices that network discovery picks up (routers, printers, etc). So I went ahead and created an additional query filter to only return systems on the domain. I need to work on this methodology to tweak it to return exactly what I am looking for.

3. Somehow I need to get information about the last time the system sent inventory to SMS and the last time the workstation was on AD. I'm thinking that using the “lastLogonTimeStamp” attribute in AD will be useful for this. We need to be using this information to clean old systems out of AD anyway. As part of this, I'd like to come up with a good method for finding SMS clients that haven't reported back in X number of days.

4. Maybe create a small Access database that I can link to SMS and dump the AD data to. Then I could create some reports??

As you can probably tell, I'm still in the speculative stage on this. If you've run into any good tools or processes for this, please let me know. Thanks!

 

I posted a while back on this but I have a production version done now. This utility is really handy for creating groups that you can tie to SMS Collections as query rules. The company that I am at now has all of their departments broken down into “Entities” and we create separate groups and collections for each package for each Entity. It can be very time consuming to create all of the groups and collections whenever we have a new package to send out.

So I wrote a HTA that automates the entire process.

First, you select the “Entities” that you want to setup and type in the base groupname name that you want to create. Then, you click “CreateGroups” and it will create all of the groups for you. In my current customer's case, each groupname is prepended with their Entity code. And the groups are created in each entity's specific OU. And it is really fast.

Next, enter the base collection name and click “CreateCollections”. It will create unique collections for each entity (also prepending the entity code before the base collection name). Every entity has their own collection structure and the utility will put the new collection in the collection heirarchy where it belongs. This seems to take a few seconds per collection but there is a lot of stuff that has to be done to create a collection, tie it to a parent collection, setup a refresh schedule, and create the query rule.

It might take a little bit of customization to get it to work for your SMS environment but it is mostly XML driven so you can just create an XML file with the information that is pertinent to your SMS setup.

Anyway, here's a screenshot. Sorry for the slow download speed on this webserver!

If you have any feedback, please shoot me an e-mail: matt.broadstock@gmail.com

I blogged a few weeks ago about how eDonkey was apparently the new king of P2P. Their stay at the top sure didn't last long. Looks like the MPAA and RIAA have lawyered them into folding. I never used eDonkey but it's amazing how fast these new technologies come and go. It's nice that services like iTunes are sort-of embracing the technology instead of fighting it but I still think the prices they are charging are crazy. I think they would actually make more money if they lowered their prices so that people wouldn't be so interested in getting everything for free.

And, for better or worse, it's here in America that we are driving all of the P2P services out of business. As mentioned in the article on Betanews, we might start seeing more technological innovation happening overseas because companies are afraid of what might happen to them in the US.