Hi All, Today I’m pleased to inform that the new beta version (v0.02) of the System Center 2012 R2 Configuration Manager Dashboard (CM12R2Dashboard) has been released. Overview The System Center 2012 R2 Configuration Manager Dashboard (CM12R2Dashboard) enables SCCM administrators and support team to monitor SCCM environment to take the right decision at the right time. It can provide status on client activity, client health, deployments, content status and much more and has been designed to provide clear information to support teams, SCCM administrators and managers. The CM12R2Dashboard is totally customizable allowing it to show the information that is required by the customer. It can determine, based on customized parameters, when the information is in a Warning or Critical states by changing the information background colour. It can run on Windows 7+ and Windows 2008+ with at least PowerShell 3.0 (recommended 4.0) and .Net Framework 4 and depends on the installation…

Read the complete blog: http://thedesktopteam.com/blog/raphael/system-center-2012-r2-configuration-manager-dashboard-updated/

Over the past few weeks I have been busy updating the System Center 2012 R2 Configuration Manager HealthCheck Toolkit (CM12R2HealthCheck) to the version 0.03 and today I’m pleased to say that is has been released. What is the System Center 2012 R2 Configuration Manager HealthCheck Toolkit? The System Center 2012 R2 Configuration Manager HealthCheck Toolkit (CM12R2HealthCheck) has been created to check for problem and/or misconfiguration in the SCCM environment and, when possible, will provide you with some solutions for problems. This version contains a series of bug fixes, performance improvements as well as new functionality. We also would like to add the following notes/requirements: We have tested this tool on a single primary site and single primary site with secondary sites. We do expect it to work on a CAS environment, however, we have not been able to test. We have run the tool remotely as well locally on the…

Read the complete blog: http://thedesktopteam.com/blog/raphael/confimgr-2012-r2-health-check-toolkit-beta-03/

reportin

SCCM 2012 Hardware Inventory Report

Unveil your Hardware Data

This SCCM 2012 hardware inventory report let you see all your hardware in a single view. No longer need to browse multiple built-in reports. Use it to quicky find a specific machine having particular specification (Disk, Cpu, Serial number…).

This report easily return valuable information to your management team :

How many computers our company owns ? How many DELL Optiplex 780 ?
Which computers are still running Windows XP or Windows 2003 ?
What’s the serial number of computer XYZ ?
We urgently need to update a specific hard drive firmware, which computer has the affected model ?

We split this SCCM 2012 hardware inventory report into 5 sections:

Details, System, Processor, Disk and Video Controller.

 

Continue to read the complete blog post here : http://www.systemcenterdudes.com/sccm-2012-hardware-inventory-report/

In part 1 of this SCCM 2012 R2 Installation Guide blog series, we planned our hierarchy, prepared our SCCM 2012 R2 Server and Active Directory.

In part 2, we installed and configured SQL in order to install SCCM 2012 R2.

In part 3, we installed a stand-alone SCCM 2012 R2 Primary site.

In the next 16 parts, we will describe how to install the numerous Site Systems roles available in SCCM 2012 R2. Role installation order is not important, you can install roles independently of others.

This part will describe how to install SCCM 2012 R2 State Migration Point (SMP).

Role Description

The State Migration Point stores user state data when a computer is migrated to a new operating system.

This is not a mandatory Site System but you need a State Migration Point if you plan to use the User State steps in your Task Sequence. These steps integrates with User State Migration Tools (USMT) to backup your user data before applying a new operating system to a computer.

 

Site System Role Placement in Hierarchy

The State Migration Point is a site-wide option. It’s supported to install this role on a child Primary Site, stand-alone Primary Site or Seconday Site. It’s not supported to install it on a Central Administration site.

Beginning with SCCM 2012 R2, the State Migration Point can be installed on the site server computer or on a remote computer. It can be co-located on a server that have the distribution point role.

SCCM 2012 State Migration Point Installation

  • Open the SCCM console
  • Navigate to Administration / Site Configuration / Servers and Site System Roles
  • Right click your Site System and click Add Site System Roles
  • On the General tab, click Next

Continue to read the complete blog post here : http://www.systemcenterdudes.com/how-to-install-sccm-2012-state-migration-point/

migration

Hi All, last week, i was helping a customer with their migration from SCCM 2012 R2 to SCCM 2012 R2 CU4. There were already many things that had happen, collection migration, etc.. but the consultant that was performing the migration, wasn’t able to finish the job, so, i was called in. During the migration, we migrated couple of clients to test the migration script/GPO and we noticed the application catalog (probably the most used feature for them) wasn’t returning any result, however, when my user was logged on, i was able to see the applications that were deployed to “All users” collection. Looking at the logs, i saw on the policy logs, that the user policy was always with “0” assignments and so, it was not bringing anything to the Application Catalog. I tried to reset the policy, reinstall the client but none of those things worked. Looking further, on…

Read the complete blog: http://thedesktopteam.com/blog/raphael/sccm-2012-application-catalog-and-migration/

A question came up on the myITforum mssms email list this morning about the average package and application size of everyone’s ConfigMgr environment.

I look at the package size data all the time in the console, so I knew it was buried in SQL somewhere, I just had to find it. Low and behold v_PackageStatusRootSummarizer had what I needed, SourceSize represented in KB.

I threw that together in a quick SQL query and created a quick way to gather the average size of all your package types!

select pkg.PackageType [Type Number],
   case pkg.PackageType
   when ’0′ then ‘Package’
   when ’3′ then ‘Driver Package’
   when ’4′ then ‘Task Sequene’
   when ’5′ then ‘Software Update Group’
   when ’257′ then ‘OS image’
   when ’258′ then ‘Boot image’
   when ’8′ then ‘Application’
   end [Type Name], AVG(psrs.SourceSize)/1024 [Avg size in MB],
   count(*) [Count]
from v_PackageStatusRootSummarizer PSRS join
v_package pkg ON psrs.PackageID = pkg.PackageID
group by pkg.PackageType
order by PackageType

and the results!

Type Number Type Name Avg size in MB Count
0 Package 105 803
3 Driver Package 315 25
4 Task Sequene 0 46
5 Software Update Group 639 12
8 Application 277 205
257 OS image 7546 5
258 Boot image 304 3

Originally posted at http://www.potentengineer.com/calculating-the-average-size-of-all-package-types-in-configmgr

 

 

Hi all Are you looking to be the SCCM automation hero? Look no further with my SCCM & PowerShell automation course I’ll be delivering a 3 days online course next July. The next course is scheduled to happen on 08, 09 and 10 July 2015 In this class, you’ll learn how to use Windows PowerShell to automate the deployment and management of a SCCM 2012 R2 environment What you’ll see/learn* – Overview of Automation, PowerShell and WMI – PowerShell, the basics – Tools & Resources – Deploying and Managing sites – Deploying and managing site system roles – Administrative Tasks – Assets and Compliance Tasks – Software Library Tasks – Console Extension – custom scripts and custom forms – Client Management (including Remote Management) *it may be subject to change During this course, you’ll have remote access to a lab environment where you will be able to learn while using….

Read the complete blog: http://thedesktopteam.com/blog/raphael/becoming-a-sccm-automation-hero-sccm-powershell-automation-course/

Hi All, when i was preparing the presentation for the thedesktopteam workshop day last year (http://thedesktopteam.com/blog/raphael/workshop-day-5th-april-2014-london/), i created few scripts to add requirements to a existing application/deployment type. by the time, i tought that this was too advanced for what i wanted to deliver on that workshop and because work related stuff, i never had a change to publish it. Few days back, i was speaking with Rick and he told me that it was impossible to achieve some of the requirements via script/powershell and i said it was possible and i had a script for it. what he was trying to do is to add a OS requiement for an application. to clarify my answer, the ConfigMgr console is also a “script” language. of course, it probably uses c# or c++, but it is a compiled script, so if they can, any other scripting language also can do, we…

Read the complete blog: http://thedesktopteam.com/blog/raphael/sccm-2012-add-cmdeploymenttypeglobalcondition/

Today as most have read or heard, the latest service pack for System Center 2012 Configuration Manger dropped. If you haven’t read about it, check out the official announcement: Announcing the availability of System Center 2012 R2 Configuration Manager SP1 and System Center 2012 Configuration Manager SP2. Also, here’s a great supplemental article on what’s in this release: The Strategy Behind Today’s Service Packs for System Center Configuration Manager.

Everyone cheered this until they saw two download files; that’s where the madness starts. Well, not really. It’s only madness if you let it be and don’t follow the directions posted.

The first thing to know is that from a binary perspective, ConfigMgr 2012 R2 SP1 and ConfigMgr 2012 SP2 (non-R2) are exactly the same. The only difference is a hidden, well protected switch that tells ConfigMgr if it is R2 or if it isn’t. If it is, the additional feature set in R2 is of course enabled. This results in a single code-base which in turn enables the product team to not have to manage multiple branches of code — it’s all the same now as far as 2012 goes.

Key Point
From a binary perspective, ConfigMgr 2012 R2 Service Pack 1 and ConfigMgr 2012 Service Pack 2 (non-R2) are exactly the same.

And that’s where the two files come in. The first, named SC2012_SP2_Configmgr_SCEP.exe, is the self-extracting executable that contains the full installation of ConfigMgr 2012 R2 SP1 and ConfigMgr 2012 SP2 — although remember these are actually the same so it’s really only one installation with two different names. Running setup from these files will result in one of three things:

  • Installation of a new 2012 SP2 site
  • Upgrade of an existing 2012 SP1 (or no SP) site to 2012 SP2
  • Upgrade of an existing 2012 R2 site to 2012 R2 SP1

If one of these is your end goal, that’s it, your done. Move along and start being productive again. If however, you are installing a new site and are entitled R2 or have recently purchased R2 (by adding software assurance), then the second set of files is also for you.

The second self-extracting executable, named SC2012_R2_SP1_Configmgr.exe, which most folks noticed is much smaller, contains files that do not install or upgrade anything. I’ll say that once again to drive it home: it doesn’t install or upgrade anything. Selecting Upgrade from the splash.hta in these files does one thing and one thing only:

  • Converts an existing ConfigMgr 2012 SP2 (non-R2) site into a ConfigMgr 2012 R2 SP1 site.

That’s it. If your site is already an R2 site, do *not* run Upgrade from these source files — it won’t let you anyway and you’ll just get confused.

Recall, as mentioned above a couple of times, that there is no difference between these two versions at a binary level (although I’m sure there are some minor other difference like splash screens and graphics). Thus, this so-called upgrade merely flips the switch telling the site that it is now 2012 R2 SP1 (and replaces those other minor things like graphics). Do note of course that only folks that own ConfigMgr 2012 R2 (presumably because that have software assurance on ConfigMgr) should ever run this to get to 2012 R2 SP1.

The end result here is that 2012 R2 is more or less like a feature pack just like 2007 R2 and 2007 R3 were and the above is nearly identical to that scenario.

Also, don’t get caught up in the splash screen for the first set of files above saying “Install” when you are expecting to upgrade to R2 SP1 or non-R2 SP2. It is an install. It’s a complete binary level replacement/installation of all files just like the 2012 R2 installer does to 2012 SP1. If you launch the 2012 R2 splash screen on an existing 2012 SP1 site, it will say Install also.

The below table summarizes these five simple scenarios. No madness here.

Have Want Use
Nothing ConfigMgr 2012 SP2 SC2012_SP2_Configmgr_SCEP.exe
Nothing ConfigMgr 2012 R2 SP1 SC2012_SP2_Configmgr_SCEP.exe+SC2012_R2_SP1_Configmgr.exe
ConfigMgr 2012 SP1
(or no SP)
ConfigMgr 2012 SP2 SC2012_SP2_Configmgr_SCEP.exe
ConfigMgr 2012 SP1
(or no SP)
ConfigMgr 2012 R2 SP1 SC2012_SP2_Configmgr_SCEP.exe+SC2012_R2_SP1_Configmgr.exe
ConfigMgr 2012 R2 ConfigMgr 2012 R2 SP1 SC2012_SP2_Configmgr_SCEP.exe

Here’s another article from Michael Griswold that will hopefully help clarify things if you are still confused (even though the title contains something called “SCCM” as I’m not sure what that is — a web search tells me it’s a computer club in Munich for senior citizens): SCCM 2012 SP2 and R2SP1 – From here to there and the official guidance is at About the versions of System Center 2012 Configuration Manager.

The post Service Pack Madness appeared first on ConfigMgrFTW!.

Hi All, Over the past few months I have been busy writing my new book about System Center 2012 R2 Configuration Manager and PowerShell called System Center 2012 R2 Configuration Manager: Automation from Zero to Hero. Today, I would like to let you know that it is now available as e-book via RFLSystems.co.uk website (http://bit.ly/1EsS4OG), as paperback via Amazon UK (http://amzn.to/1F6psrK), Amazon US (http://amzn.to/1AVV3bL) and Amazon DE (http://amzn.to/1cvNene) while other Amazon’s website should be available soon. For most Configuration Manager administrators, the Configuration Manager console is more than sufficient to perform the necessary operations. However you are limited to what the console is designed to handle. For more complex tasks, or those that might extend beyond the scope of the console, you need an alternative. This book is packet with real-world scripts that have proven to save time when automation day-to-day tasks in a Configuration Manager environment. What will you…

Read the complete blog: http://thedesktopteam.com/blog/raphael/system-center-2012-r2-configuration-manager-automation-from-zero-to-hero-book-is-out/

Security is necessary in today’s world, that’s undeniable, but that doesn’t make it fun.

At my current customer, most everything was going swimmingly well until I went to deploy the first test client. This was a manual install from the command-line — not that that should make any sort of difference though. So, while watching ccmsetup.log like any good ConfigMgr admin, I was greeted with the following major failure as ccmsetup tried to download files from the MP.

Checking the URL ‘https://man01.xyz.com:443/CCM_Client/ccmsetup.cab’
PROPFIND ‘https://man01.xyz.com.com:443/CCM_Client’
Got 401 challenge Retrying with Windows Auth…
PROPFIND ‘https://man01.xyz.com.com:443/CCM_Client’
Failed to correctly receive a WEBDAV HTTPS request.. (StatusCode at WinHttpQueryHeaders: 401)
Failed to check url https://man01.xyz.com.com:443/CCM_Client/ccmsetup.cab. Error 0×80004005
Accessing the URL ‘https://man01.xyz.com.com:443/CCM_Client/ccmsetup.cab’ failed with 80004005

The first question of course was why was it failing back to the MP to download the files? Checking the log file a bit further up revealed pretty much the same series of messages for the package on DP at https://man01.xyz.com/SMS_DP_SMSPKG$/XYZ00003. Per HTTP 401.x-Unauthorized on TechNet, an HTTP error code of 401 means Unauthorized. Correlating this to the IIS log file revealed a 401.3 code which translates to “Access is denied due to an ACL set on the requested resource” per the same article. I also cranked up procmon to watch the process in real time — this revealed much the same: an Access Denied when trying to hit the ccmsetup.cab file.

Given that this was a default install of ConfigMgr and IIS, I couldn’t imagine that the ACLs were actually messed up though and a cursory review up the ACLs validated this. The next and usual suspect was AV (not SCEP). After disabling it, there was no change — this made me sad because I love blaming third-party AV: most of the them suck and have caused ConfigMgr admins all kinds of problems in the past and thus deserve to be ridiculed.

The next likely culprit was Group Policy. As it turns out, this customer was using the high security templates available from Microsoft. These are well vetted templates and should work for most things Microsoft, but in this case, something was certainly getting in the way. Blocking the GPO applying these security settings from applying to the site system hosting the MP and DP was up next to rule these settings out or confirm them as being the source of the issue. After this (and a reboot for good measure) … ccmsetup ran through like a champ. So now on to comparing each setting one by one to see which could be the source. After an initial review I narrowed it down to either (or both) the “Access this computer from the network” setting or the “Bypass traverse checking” setting and after some trial and error, the latter turned out to be the culprit. Adding the built in Users group back to this security (along with a reboot) allowed the process to go through.

This makes sense and does line up with the Access Denied as reported by procmon and the 401.3 reported by IIS because the computer account of the system installing the client agent didn’t have explicit read permissions on the folders in the path to the ccmsetup.cab file but did have permissions on the file itself. Time to bribe the GPO admin …

Winter is coming …

The post CCMSETUP and Bypass Traverse Checking appeared first on ConfigMgrFTW!.

The ConfigMgr 2012 May 2015 Tech Preview released today! There are quite a few new features to check out, most around MDM and Windows 10, but there was one that apparently got left out of the announcement and documentation.

Full documentation: https://technet.microsoft.com/library/dn965439.aspx

If you have been a ConfigMgr admin for a while, you have probably heard of Bank of Australia (CommBank) and Emory University. They had some unfortunate mishaps with ConfigMgr deployments in the last couple years.

The ConfigMgr community spoke out and it looks like Microsoft answered, we now have some new options under Deployment Verification!

Administration > Site Configuration > Sites > Site Properties

DeploymentVerificationSettings

 

I set this up in my lab, so I didn’t have too many clients. I set my Default size to 1.

I threw together a quick task sequence called Required Task Sequence with a single step, Install Operating System and pointed it to my Server 2012 R2 media. Setup a required deployment and immediately I saw some new prompts!

Warning 1

DeploymentVerificationPrompt1

 

When I went to choose a collection to deploy to, I noticed a new checkbox Hide collections with a member count greater than site’s minimum size configuration (1) and my list of available collections was empty!

Notice how the size configuration is shown in parenthesis.

DeploymentVerificationPrompt2

 

Let’s uncheck that box!

Warning 2

DeploymentVerificationPrompt3When you uncheck that box, you get another warning. You have chosen to display additional collections that exceed the site’s default size for deployment verification. Available collections are still restricted by the site’s maximum size configuration. 

Interesting! So based on the settings above, you can set a default size to limit what is initially shown, but your deployment admins can still uncheck and view them. If you set a maximum size, they will have no options to see the collections!

I did a quick test to verify. If you set the maximum size, you get no deployment larger than that in your list of collections. I set mine to 1, and my only collection with 2 resources was no longer in the list. I basically could not move forward with the deployment.

After you set your deployment settings, and before the summary screen you get one last warning, this one is a pretty explicit one!

Final Warning

DeploymentVerificationPrompt4

 

This final warning has two useful items:

  • The number of resources targeted is listed
    • Contains more than 2 resources
  • The admin must check the box to continue, otherwise OK stays grayed out
    • I want to create this high risk deployment. (This will generate an audit status message)

Personally, this is a good step in the right direction of ensuring deployments that are high risk do not go out unintentionally. Hopefully these few prompts will prevent some accidents in the future. Nice work Microsoft!

There are alot of other new features in the Tech Preview, so I am excited to see what everyone else shares!

Happy deployments!

Originally Posted at http://www.potentengineer.com/configmgr-tech-preview-deployment-verification/