Stuart James at myITforum.com

Script to Delete Obsolete Records

Here’s another script to delete obsolete records from SCCM. I know there’s a task for this and various other ways but sometimes a script is handy.

Check the script first to make sure any wrapping caused by posting it here hasn’t messed things up.

'=====================================
'DeleteObsoleteRecords - Deletes all obsolete records
'Author: Stuart James
'
'Requirements: Run on the site server with account that has necessary rights
'
'Usage: CScript DeleteObsoleteRecords.vbs or double click
'=====================================

'Check we're using CScript and if not then relaunch
If "CSCRIPT.EXE" <> UCase(Right(WScript.Fullname, 11)) Then
  Set WshShell = WScript.CreateObject("WScript.Shell")
  WshShell.Run "CSCRIPT.EXE /nologo " & WScript.ScriptFullName
  Wscript.Quit
End If

' Setup a connection to the local provider.
Set swbemLocator = CreateObject("WbemScripting.SWbemLocator")
Set swbemServices= swbemLocator.ConnectServer(".", "root\sms")
Set providerLoc = swbemServices.InstancesOf("SMS_ProviderLocation")
For Each Location In providerLoc
    If location.ProviderForLocalSite = True Then
        Set swbemServices = swbemLocator.ConnectServer(Location.Machine, "root\sms\site_" + Location.SiteCode)
        Exit For
    End If
Next

'Main call
QueryObsoleteClients swbemServices

Sub QueryObsoleteClients(connection)
'Queries for obsolete clients and for any it finds calls DeleteResource
    On Error Resume next

    Dim resources
    Dim resource
    ' Run the query.
    Set resources = connection.ExecQuery("Select * From SMS_R_System where Obsolete = '1'")

    If Err.Number<>0 Then
        Wscript.Echo "Couldn't get resources"
        Wscript.Quit
    End If
    For Each resource In resources
        Wscript.echo "Found obsolete resource: " & resource.Name & ", " & resource.ResourceID
        DeleteResource connection,resource.ResourceID
    Next
    If resources.Count=0 Then
        Wscript.Echo "No resources found"
    End If

End Sub

Sub DeleteResource (connection, resourceID)
'Deletes a specific resource
    On Error Resume Next
    Dim resource
    Wscript.echo "Attempting to delete resource with ID " & ResourceID

    Set resource = connection.Get("SMS_R_System.ResourceID='" & resourceID & "'")
    If Err.Number<>0 Then
        Wscript.Echo "Couldn't get resource " + resourceID
        Exit Sub
    End If
    resource.Delete_
    WScript.Echo "Resource deleted"
    If Err.Number<>0 Then
        Wscript.Echo "Couldn't delete " + resourceID
        Exit Sub
    End If
End Sub

'Add pause to end in case script was double clicked so we can review what happened
WScript.Echo "=== F I N I S H E D ==="
strMessage = "Press the ENTER key to continue. "
Wscript.StdOut.Write strMessage

Do While Not WScript.StdIn.AtEndOfLine
   Input = WScript.StdIn.Read(1)
Loop

Modifying Program Flags using VBScript

The script below gives an example of how to modify the program flags in SCCM. In the sample it will change all of the programs to be able to run from a task sequence without being advertised.

If you want to modify some other value then search for “SMS_Program” in the SDK and have a look for the relevant “ProgramFlags” value. I’ve pasted the current list at time of writing below for reference:

0x00000001 (0)
AUTHORIZED_DYNAMIC_INSTALL. The program is authorized for dynamic install.

0x00000002 (1)
USECUSTOMPROGRESSMSG. The task sequence shows a custom progress user interface message.

0x00000010 (4)
DEFAULT_PROGRAM. This is a default program

0x00000020 (5)
DISABLEMOMALERTONRUNNING. Disables MOM alerts while the program runs.

0x00000040 (6)
MOMALERTONFAIL. Generates MOM alert if the program fails.

0x00000080 (7)
RUN_DEPENDANT_ALWAYS. If set, this program's immediate dependent should always be run.

0x00000100 (8)
WINDOWS_CE. Indicates a device program. If set, the program is not offered to desktop clients.

0x00000200 (9)
This value is not used.

0x00000400 (10)
COUNTDOWN. The countdown dialog is not displayed.

0x00000800 (11)
FORCERERUN. This value is not used.

0x00001000 (12)
DISABLED. The program is disabled.

0x00002000 (13)
UNATTENDED. The program requires no user interaction.

0x00004000 (14)
USERCONTEXT. The program can run only when a user is logged on.

0x00008000 (15)
ADMINRIGHTS. The program must be run as the local Administrator account.

0x00010000 (16)
EVERYUSER. The program must be run by every user for whom it is valid. Valid only for mandatory jobs.

0x00020000 (17)
NOUSERLOGGEDIN. The program is run only when no user is logged on.

0x00040000 (18)
OKTOQUIT. The program will restart the computer.

0x00080000 (19)
OKTOREBOOT. Configuration Manager restarts the computer when the program has finished running successfully.

0x00100000 (20)
USEUNCPATH. Use a UNC path (no drive letter) to access the distribution point.

0x00200000 (21)
PERSISTCONNECTION. Persists the connection to the drive specified in the DriveLetter property. The USEUNCPATH bit flag must not be set.

0x00400000 (22)
RUNMINIMIZED. Run the program as a minimized window.

0x00800000 (23)
RUNMAXIMIZED. Run the program as a maximized window.

0x01000000 (24)
HIDEWINDOW. Hide the program window.

0x02000000 (25)
OKTOLOGOFF. Logoff user when program completes successfully.

0x04000000 (26)
RUNACCOUNT. This value is not used.

0x08000000 (27)
ANY_PLATFORM. Override check for platform support.

0x10000000 (28)
STILL_RUNNING. This value is not used.

0x20000000 (29)
SUPPORT_UNINSTALL. Run uninstall from the registry key when the advertisement expires.

0x40000000 (30)
The platform is not supported.

0x80000000 (31)
SHOW_IN_ARP. This value is not used.

ProgramFlags are bitwise so you need to flip the bit if you want to change something. The code that does the real work is below:

If program.ProgramFlags AND 2^0 Then
   ' AUTHORIZED_DYNAMIC_INSTALL is set.
    wscript.echo "Value is already set, no need to modify"
Else
     ' AUTHORIZED_DYNAMIC_INSTALL is not set. Setting AUTHORIZED_DYNAMIC_INSTALL value.
    wscript.echo  "***********************************"
    wscript.echo "*** Value is not set, modifying ***"
    wscript.echo  "***********************************"
    program.ProgramFlags = program.ProgramFlags + 2^0
    wscript.echo "Program Updated"
End If

In the example above I am setting the dynamic installation option, which if you look in the list of options above is “0”.  If for example you wanted to change the setting for “Hide the program window” you would change it to 2^24. To deselect something you would subtract the value rather than add.

Anyway, full script sample below.  The script also shows something I use quite often which is to force use of CScript even when double clicked so that everything is output to a command window rather than lots of nasty popups.

Pasting the script in seems to wrap some of the lines so you may just need to check that all is OK before running it.

'=====================================
'SetRunFromTS - Sets all programs to be able to run from Task Sequence
'Author: Stuart James
'
'Requirements: Run on the site server with account that has necessary rights
'
'Usage: CScript SetRunFromTS.vbs or double click
'=====================================

'Check we're using CScript and if not then relaunch
If "CSCRIPT.EXE" <> UCase(Right(WScript.Fullname, 11)) Then
  Set WshShell = WScript.CreateObject("WScript.Shell")
  WshShell.Run "CSCRIPT.EXE /nologo " & WScript.ScriptFullName
  Wscript.Quit
End If

' Setup a connection to the local provider.
Set swbemLocator = CreateObject("WbemScripting.SWbemLocator")
Set swbemServices= swbemLocator.ConnectServer(".", "root\sms")
Set providerLoc = swbemServices.InstancesOf("SMS_ProviderLocation")

For Each Location In providerLoc
    If location.ProviderForLocalSite = True Then
        Set swbemServices = swbemLocator.ConnectServer(Location.Machine, "root\sms\site_" + Location.SiteCode)
        Exit For
    End If
Next

'Main call
QueryPrograms swbemServices

Sub QueryPrograms(connection)

    On Error Resume next

    Dim programs
    Dim program
    ' Run the query.
    Set programs = connection.ExecQuery("Select * From SMS_Program")

    If Err.Number<>0 Then
        Wscript.Echo "Couldn't get programs"
        Wscript.Quit
    End If
    For Each program In programs
        ModifyProgram connection,program.PackageID, program.ProgramName
    Next
    If programs.Count=0 Then
        Wscript.Echo "No packages found"
    End If

End Sub

Sub ModifyProgram (connection, existingPackageID, existingProgramName)

    ' Build a query to get the specified package.
    packageQuery = "SMS_Package.PackageID='" & existingPackageID & "'"

    ' Run the query to get the package.
    Set package = connection.Get(packageQuery)
    ' Output package name and ID.
    wscript.echo "============================================"
    wscript.echo "Package ID:     "  & package.PackageID
    wscript.echo "Package Name:   "  & package.Name
    ' Build a query to get the programs for the package.
    programQuery = "SELECT * FROM SMS_Program WHERE PackageID='" & existingPackageID & "'"
    ' Run the query to get the programs.
    Set allProgramsForPackage = connection.ExecQuery(programQuery, , wbemFlagForwardOnly Or wbemFlagReturnImmediately)
    'The query returns a collection of program objects that needs to be enumerated.
    For Each program In allProgramsForPackage               
        If program.ProgramName = existingProgramName Then
            ' Output the program name
            wscript.echo "Program Name:   "  & program.ProgramName
            'Get all program object properties (in this case we specifically need some lazy properties).
             programPath = program.Put_
             Set program = connection.Get(programPath)
            If program.ProgramFlags AND 2^0 Then
               ' AUTHORIZED_DYNAMIC_INSTALL is set.
                wscript.echo "Value is already set, no need to modify"
            Else
                 ' AUTHORIZED_DYNAMIC_INSTALL is not set. Setting AUTHORIZED_DYNAMIC_INSTALL value.
                wscript.echo  "***********************************"
                wscript.echo "*** Value is not set, modifying ***"
                wscript.echo  "***********************************"
                program.ProgramFlags = program.ProgramFlags + 2^0
                wscript.echo "Program Updated"
            End If
            ' Save the program.
            program.Put_
        End If       
    Next
End Sub

'Add pause to end in case script was double clicked so we can review what happened
WScript.Echo "=== F I N I S H E D ==="
strMessage = "Press the ENTER key to continue. "
Wscript.StdOut.Write strMessage

Do While Not WScript.StdIn.AtEndOfLine
   Input = WScript.StdIn.Read(1)
Loop

What’s Coming in System Center Configuration Manager SP2

Some new features coming along in SP2.  Usual things such as support for new operating systems but some of the main highlights:

  • Branch Cache will be supported.  This is a feature in Server 2008 R2 and Windows 7 for peer to peer content distribution. Very interesting…
  • Intel AMT Integration V2.  Improvements on features in  SP1 to add full feature support for computers that have the Intel vPro chip set and iAMT firmware versions 4 and 5.
  • Did I mention Branch Cache?
Deployment of ConfigMgr Admin Console with MDT and R2 Chained

Below are steps to create a package for the SCCM admin console and also chain the install of MDT and R2.

One of the primary goals is to reduce the size of the package by removing any content from the SCCM DVD that is not required to install the admin console. This will save space on your DPs and also save lots of network and client disk space if you are using download and execute. Most admins will then also need to install MDT and R2 to get full console usage so this will chain them to the end.

  1. Create a source directory e.g. “Microsoft ConfigMgr 2007 Console” 
  2. Copy the following content from the SMSSETUP folder on the DVD to your newly created folder:
    • ADMINUI
      • If you like you can remove any platform specific folders from ADMINUI\BIN if you are not going to need them.
    • BIN
      • If you like you can remove any platform specific folders from under here if you are not going to need them.
    • HELP
    • OSD
    • SCRIPTS
    • INSTALL.MAP
  3. Create a folder in the “Microsoft ConfigMgr 2007 Console” folder called “R2”
    • Copy the R2 source into here.
  4. Create a folder in the “Microsoft ConfigMgr 2007 Console” folder called “MDT”
    • Copy the MDT MSI into here
  5. Create the following files in the “Microsoft ConfigMgr 2007 Console” folder (I’ll give you the contents later):
    • InstallAdminConsole.bat
    • AdminConsole.ini

Paste the following content into your AdminConsole.ini file.  You need to edit with appropriate site code,server name:

[Identification]
Action=InstallAdminUI
[Options]
SMSInstallDir=C:\Program Files\Microsoft Configuration Manager Console
ParentSiteServer=XYZ
SDKServer=MYSITESERVER

Paste the following into InstallAdminConsole.bat:

@ECHO OFF

REM ===========================
REM Install Admin Console
REM ===========================

%~dp0\bin\i386\setup.exe /script %~dp0\AdminConsole.ini /nouserinput

REM ===========================
REM Install MDT
REM ===========================

MSIEXEC /i %~dp0\MDT\MicrosoftDeploymentToolkit_x86.msi /l*v %TEMP%\MDTInstall.log /q

REM ===========================
REM Install R2
REM ===========================

REM =========
REM Need to kill any MMC processes first CAUTION - Could result in loss of work
REM =========

TASKKILL /F /IM MMC.EXE
MSIEXEC /i %~dp0\R2\ConfigMgr2007R2.msi /l*v %TEMP%\ConfigMgrR2Install.log /q

There are a number of things you may need to edit above.  It’s just meant as a guide really so play around with it as much as you want.  Things to look out for:

  • It calls the x86 version of MDT so you may want to change this or put some logic in to handle x86 and x64.
  • R2 fails to install if there are any instances of MMC open, so I have used TASKKILL to kill them.  You may want to do this another way or at least publish this as an optional advert and let your admins know to close any MMC instances before they run it.

Now you just need to create your package with “Microsoft ConfigMgr 2007 Console” as your source and set the package to run InstallAdminConsole.bat.

Don’t forget you’ll also need to run the MDT console integration component once installed. If running on Vista then this needs to be ran as an admin.

DISCLAIMER: As with anything, please test first… The ConfigMgr console installation logs to the standard ConfigMgr setup log and the others will log to the system TEMP directory, normally C:\Windows\Temp If you have any problems with it then please let me know.

Installing ConfigMgr R2 on Secondary Sites

I've seen this come up a few times now. After upgrading your primary sites to R2 you also need to upgrade your secondary sites.

This cannot be done by using the "upgrade secondary site" option. Also, if you push a new secondary site out from an R2 primary, the R2 bits do not get installed.

The secondary site always gets installed as an SP1 site and you then need to install R2 onto it before you'll see things like the Virtual Applications node in the DP properties.

You can either install it manually on the secondary site server, or you may prefer to push it out via software distribution if you have lots of secondary sites (it is just an MSI after all).

Server Virtualization Validation Program (SVVP)

Have you heard of the Server Virtualization Validation Program (SVVP)? 

It's a program whereby certain 3rd party virtualisation partners can validate certain configurations with Microsoft.  This means the customer can get Microsoft based technical support for systems running in 3rd party virtual environment. Current list is as follows:

Cisco Systems, Inc.
Citrix Systems, Inc.
Novell, Inc.
Oracle, USA Inc.
Sun Microsystems
Unisys Corp.
Virtual Iron Software
VMware, Inc.

You can find some info from VMWare here:
http://www.vmware.com/company/news/releases/svvp.html

Installing Windows Live Products on Server 2008

Having just installed Server 2008 64-bit on my laptop (mainly for Hyper-V) I'm now trying to make it as much like a desktop as possible.  One thing that doesn't work straight away is Windows Live products, as the standard wrapper like installer prevents installation.

My workaround has been to bypass the wrapper installation you are generally forced to use by building a 64-bit Vista VM in Hyper-V and then copying the MSI installers from C:\Program Files (x86)\Common Files\WindowsLiveInstaller\MSI Sources. You need to show hidden files to see them.

Once you have them just run the MSIs on Server 2008 and all installs fine.  It's not so easy to make out which product is which from the files names so below is the product and the first 4 characters of the GUID in the MSI file name:

Mail: 184E
Photo Gallery: 257E
Messenger: 508C
Writer: 9176
Sign-In Assistant: AFA4

Have so far tested Mail, Messenger and Live Writer and all worked OK. Of the installations give you notifications but some just run through with nothing to tell you it's done, so just check your start menu...

eSATA versus USB2

I make a lot of use of Virtual Server and Virtual PC (and soon Hyper-V) with my laptop and find the thing that seems to slow me down most is disk performance.  I don't have the storage on my main disk so run my virtual machines on USB 2.0 disks.  As my VMs get larger and busier the performance seems to get worse.

I therefore decided to take the plunge and get myself set up with eSATA.  I purchased the following:

eSATA ExpressCard: http://www.scan.co.uk/Product.aspx?WebProductId=676511

2.5" External eSATA/USB case: http://www.scan.co.uk/Product.aspx?WebProductId=603610 (note that this comes with all cables you need, including eSATA to eSATA)

2.5" Hard Disk: http://www.scan.co.uk/Product.aspx?WebProductId=773812 

Tests are performed using HD Tune 2.55 using a quick test.  It's the same disk just plugged in to a different socket so all other things (such as cache, RPM etc) are equal.

USB 2

image

eSATA

image

Quite a huge difference then on paper and I'm hoping it will make a big difference to the performance of my VMs.  I'll report back with some more subjective data on VM performance over the next few weeks.

Do your bit for the environment - free power management tool!

"Edison was developed by Verdiem, a company that has helped enterprises the world over reduce energy waste from IT devices. Now Verdiem is bringing Edison into your home—at no cost whatsoever. Download Edison and start saving energy today!"

http://www.verdiem.com/edison/

This is a free tool from Verdiem, whilst they also provide enterprise level power management solutions..

Preload Package Tool is Back!!

The popular tool from the SMS 2003 Toolkit but missing from the ConfigMgr 2007 Toolkit has now been updated and released as a stand-alone download:

http://www.microsoft.com/downloads/details.aspx?FamilyID=c36fcda8-9336-4d44-9568-5530ff7635dd&DisplayLang=en

A great social experiment for the "anti-Vista" crowd

What do people think of Windows Vista when they don't know it's Windows Vista?

Have you heard of the Mojave Experiment?

The basic gist is that Microsoft take a bunch of Vista haters and show them their "new" OS that is "in development" to see what they think.  Really they are playing with Vista. Some very interesting results:

http://www.mojaveexperiment.com/

Using no_sms_on_drive.sms when installing on SQL cluster

SCCM setup has a habit of placing components on the drive it finds that has the most space.  if you're using a clustered SQL instance then this can often mean that components intended for non-shared disks end up on shared disks.

To prevent this from happening, place an empty file named NO_SMS_ON_DRIVE.SMS at the root of each drive where you DO NOT want it to install the components and it will avoid using those drives i.e. place it on all drives except where you want it to install the SCCM components.

Note we're talking about the SCCM components here, not the actual database itself. SCCM installs some components on each physical node to assist with things like backup.

Something to be aware of for SCCM SP1 Upgrades...

Thanks to Jeff Gilbert for the original post.

“Before beginning the upgrade process to Configuration Manager 2007 SP1, the Windows AIK 1.0 should be uninstalled from the SMS Provider computer for the site to allow SP1 Setup to install Windows AIK 1.1 to support SP1 OSD WIM images.

If the Windows AIK 1.0 is not uninstalled prior to beginning SP1 Setup, and a PXE service point is installed in the site running the Windows Deployment Services (WDS) Server service, the upgrade might fail and result in an unexpected restart and post-upgrade SMS Executive service crashes.”

http://myitforum.com/cs2/blogs/jgilbert/archive/2008/07/22/upgrading-the-windows-aik-for-configuration-manager-2007-sp1.aspx

How to Configure ISA SSL Bridging for System Center Configuration Manager Internet-Based Client Management

Some new documentation is now available on Technet: How to Configure ISA SSL Bridging for System Center Configuration Manager Internet-Based Client Management (http://go.microsoft.com/fwlink/?LinkId=122350). This has been a joint collaboration between the ISA Server product group and the Configuration Manager product group to provide guidance on how to configure the two products to work together to support Internet facing clients. 

This provides a higher level of security for Internet traffic than the alternative method of tunnelling, or tunneling if you're in the US :). With ISA bridging traffic from Internet clients is authenticated and terminated at the ISA Server, inspected, and then new SSL connections are made to the Internet-based site system servers.  This is as opposed to tunnelling, where the traffic from the Internet clients is forwarded to the site system servers without termination, so it cannot be inspected for nasty content.

ConfigMgr SP1 Released

http://technet.microsoft.com/en-au/configmgr/cc562979.aspx

More Posts Next page »