Screen Shot 2017-07-14 at 5.25.20 AM

Sponsored

Cyber attacks are on the rise, with many security breaches hitting enterprises through vulnerabilities in unpatched applications. When it comes to patching Windows OS and Microsoft applications, a great System Center Configuration Manager (SCCM) infrastructure allows administrators to quickly secure their network against attacks. However, patching third-party applications in SCCM is a different story.

Patching third-party applications through the SCUP catalog or via packaging is tedious and time-consuming. This difficulty makes many admins lenient about patching third-party applications, causing a major loophole in SCCM. It’s important to note that patches for third-party applications can be just as crucial as those for Windows. Even though third-party patches aren’t prioritized, strong enterprise security comes down to patching all applications in your network.

Severe Threats Caused by Third-Party Vulnerabilities

Knowing that enterprises often give more importance to patching OS and Microsoft applications, hackers are targeting various third-party applications across vendor sites. These vulnerabilities affect computers via unpatched third-party applications and cause severe threats like system slowdowns, constant system crashes, downloads of unwanted executables, unusual network activity, malware installation, and more.

Mitigating These Vulnerabilities

The best way to mitigate the impact of these vulnerabilities is to patch every application in your network. As mentioned earlier, patching Windows and Microsoft applications is an easy task for SCCM administrators, but third-party patching has always been a headache. Third-party patching in SCCM involves various tasks even if the third-party applications’ package is readily available. Imagine how difficult it would be if you had to manually look for the application updates on vendor sites, create packages, import the package SCUP, publish the patches to your update server, then deploy them in SCCM. In the time it would take to manually patch these third-party updates, your systems would likely already have been affected by some kind of third-party vulnerability.

Patch Connect Plus Automates Third-Party Patching in SCCM

ManageEngine offers the solution you need to quickly patch all your third-party applications: Patch Connect Plus. Patch Connect Plus gives you granular control over which applications are patched, and when. If you’re ever struck with a wave of third-party vulnerabilities, you can rest assured that the danger is kept at bay with Patch Connect Plus. Download Patch Connect Plus to patch your third-party applications with ease.

Screen Shot 2017-07-14 at 5.19.08 AMDixitha Srinivasan is a content writer for Endpoint Management Solutions at ManageEngine. She has in-depth knowledge in managing endpoint devices.

Save

Save

Save

2017-06-12-bios-uefi-myitforum

If you have started a Windows 10 migration in your corporate environment, you’ve probably heard about MBR2GPT.exe, the tool that helps convert the disk layout on a PC from the legacy Master Boot Record (MBR) to GUID Partition Table (GPT). While the tool was introduced in the Insider Preview versions, it is officially supported in Windows 10 1703 (also known as the Creators Update). MBR2GPT.exe is the only Microsoft-supported way to convert a production disk (one with data already on it) from MBR to GPT without data loss. The tool can be run from an administrative command prompt after an in-place upgrade to Windows 10 1703, or in the Windows PE (WinPE) environment. Furthermore, older versions of Windows 10 (v1511 and v1607) can be converted using the tool if booted into WinPE.

If a drive is protected with BitLocker encryption, then you will need to suspend BitLocker before converting. After conversion, delete the existing protectors (PIN, Password, Certificate, etc.) and recreate them to resume encryption. If you are using third-party disk encryption, you need to work with your ISV. It’s the only sure way to determine the minimum requirements to successfully convert disk partitions without triggering a device lock or brick while keeping the drive encrypted.

How Does It Work?

Converting within Windows

To start the conversion within Windows, open an administrative command (or PowerShell) prompt. To see the full list of command line switches that can be passed to the tool, type mbr2gpt.exe /? Or mbr2gpt.exe /help.

mbr2gpt-01
(Tap or click for larger view)

The correct syntax to run the conversion tool within a Windows session is

mbr2gpt.exe /convert /allowFullOS

mbr2gpt-02
(Tap or click for larger view)

If you simply want to validate the disk (run a check without converting), then just replace the /convert switch with /validate.

mbr2gpt.exe /validate /allowFullOS

mbr2gpt-03
(Tap or click for larger view)

Converting within WinPE

To convert disk layout in WinPE, use a Run Command Line action with the following syntax:

cmd.exe /c mbr2gpt.exe /convert /disk:<disknumber>

mbr2gpt-04
(Tap or click for larger view)

What If I’m Refreshing or Replacing the PC?

If you’re re-installing Windows to the current disk, or if you’re replacing the drive or computer, you will not be using the MBR2GPT.exe tool. If the system is booted in UEFI mode before the Format and Partition Disk step happens in the Install Operating System group, the Task Sequence engine will happily format the disk for GPT. If you have created a sequence that restores user data, it will still be able to be restored.

What Are the Limitations?

The first and perhaps most important limitation is that MBR2GPT.exe is not the same thing as “BIOS to UEFI”. MBR2GPT.exe is a tool to convert partition layout while BIOS to UEFI is the process of converting a system’s firmware mode from BIOS to UEFI.

While MBR2GPT.exe can be run from the full OS, or in WinPE, it should be run before the conversion of BIOS to UEFI during an in-place upgrade and most preferably in WinPE. If the tool is run after the firmware mode is converted, and for some reason is unsuccessful with the conversion, the device will essentially be bricked until the PC is manually converted back to BIOS mode.

If you are performing a PC refresh or replace, the PC should be converted before the “Format and Partition Disk” step runs in the Install Operating System Group. It is possible to do this later in the sequence, but this route is more reliable. This is because this group has two Format and Partition actions with variables on them that read whether the PC is in BIOS mode or UEFI mode and formats and partitions the disk accordingly. As you can see below, the top image depicts what the Task Sequence engine will do to the disk if the PC is running in BIOS mode, and the bottom image shows what it will do to the disk if it is in UEFI mode. The most important takeaway is that BIOS mode means the disk will be formatted in MBR layout, and UEFI means it will be formatted in GPT layout.

mbr2gpt-05
(Tap or click for larger view)
mbr2gpt-06
(Tap or click for larger view)

Legacy versions of Windows aren’t officially supported. If you successfully convert the partition type into GPT layout, you’ve stepped out of the realm of support. Typically, “not officially supported” means it can likely be done, but it isn’t well tested internally, so you’re on your own if something goes wrong or if you have questions. It would be better to upgrade the system to a version of Windows that is supported.

Once the disk layout has been converted, you cannot undo it. Furthermore, if the layout was performed during an in-place upgrade, you will not be able to go back to a previous version of Windows. I was able to test and validate this limitation in all three major PC vendors (Dell, Lenovo, HP).

To use the tool, the disk to be converted needs to have less than four partitions (meaning three partitions is the maximum). In testing the conversion tool, it was noted that Dell models create an extra recovery partition during an in-place upgrade, which can cause the conversion tool to fail if you hit the limit of partitions before the upgrade runs. To get around this, I deleted all recovery partitions, leaving the PC with only two partitions. During the in-place upgrade, the Dell PC created a third partition (as expected) that didn’t cause the conversion tool to fail. The HP and Lenovo models I tested did not create extra partitions during the in-place upgrade.

If you are going to use one sequence to handle all hardware models, ensure that you are supplying the correct driver package for the model running the upgrade and that the engine can read and process the variable. If the variable you set on your driver package is incorrect, setup.exe will not use it. While the discussion about why you need to provide driver packages during an in-place upgrade is a bit off topic, it is important to note. It matters because some of the vendor models that I tested failed the MBR2GPT.exe conversion later in the in-place upgrade when I did not also provide driver packages to them. This may not be true for every vendor model, but it happened consistently enough in my testing to be deemed important to take note of.

How Do I Check What Partition Type My Disks Are Using?

Open an administrative command prompt and type the following:

diskpart

select disk <disk number>

list part

sel part <partition number>

detail part

If the disk is using MBR partition type, it will display 07 for the type in the detail part command as pictured below on this Windows 7 PC.

mbr2gpt-07
(Tap or click for larger view)

diskpart

list disk

Any disk with an asterisk under GPT in the table is in GPT layout as pictured on this Windows 10 PC.

mbr2gpt-08
(Tap or click for larger view)

Troubleshooting

When the MBR2GPT.exe tool is run, it creates four logs in the %windir% directory (C:\Windows). The four logs are setuperr.log, setupact.log, diagerr.xml, and diagwrn.xml with setuperr.log having the most detailed information. In the example below, I ran the tool and saw in setuperr.log that it failed because there are too many partitions.

mbr2gpt-09
(Tap or click for larger view)

A full list of error codes for the tool can be found on TechNet under the Return Codes section here docs.microsoft.com. Note that these error codes are specific to the tool itself and shouldn’t be confused with error codes that the Windows 10 setup or the Task Sequence engine may throw.

Real-World Applications

If you would like readymade sequences that handle both MBR2GPT.exe and BIOS to UEFI for both PC refresh/replace and in-place upgrade scenarios, I have created a document that walks through the setup of both scenarios on Adaptiva’s SCCM Academy. The community solution is free, and includes two Task Sequences that can be imported into your environment. It’s up to you to provide all the dependencies (1703 Boot Image, Vendor Tools for BIOS to UEFI, etc.). However, these are working sequences that I have run against all three vendors in my lab, and they could save you days of works.

You can download the Secure 10: BIOS to UEFI 2017 Update Document and Task Sequences from: http://www2.adaptiva.com/l/139131/2016-07-18/j7lfk.

Happy migrating!

https://drive.google.com/file/d/0B9QRmfO509o6WFF2WXdfd2xTOWs/view

resources-ami-castoAmi Casto is the technical evangelist for Adaptiva. If you have questions or problems using these task sequences, tweet her at @adaptivaami.

Screen Shot 2017-04-12 at 10.22.26 AM

If you are an IT professional responsible for maintaining thousands or millions of Windows endpoints, questions like this may be keeping you up at night:

  • Are you sure all your applications—security, in-house and third-party—are current, configured correctly and running successfully?
  • Do you know if all your Windows endpoints are operating within company policies for privacy, security and regulatory compliance?
  • If you discover a security breach or vulnerability, do you a have the ability to quickly find out which machines are affected, and automatically remediate them across a global enterprise?

When you combine SCCM with Adaptiva Client Health™, you can rest easy.  Adaptiva Client Health lets SCCM handle those things quickly, easily and automatically. Some of the largest companies in the world, including many in the Fortune 500 and Global 1,000, are using Client Health. One international bank runs 800,000 health checks on its endpoints daily to instantly detect and remediate possible issues.

Client Health At-a-Glance

When SCCM 2012 was released, Microsoft included a tool called CCMEval (a.k.a. SCCM Health Checks). It includes pre-defined health checks and remediations aimed at maintaining the health of SCCM client agent itself.

While Adaptiva Client Health comes with over twice as many pre-built health checks and remediations as SCCM, static checks are just a tiny fraction of what Adaptiva Client Health does. This table provides a quick look at what Adaptiva adds to SCCM.

Screen Shot 2017-04-12 at 10.38.04 AM

Custom Health Checks and Remediations

While SCCM Health Checks are limited to a pre-defined set of checks and remediations, Adaptiva Client Health provides a visual WorkFlow Designer and Engine. Workflows are easy to build and simple to deploy. Adaptiva Client Health can quickly detect, troubleshoot and remediate issues across hundreds of thousands of systems—all automatically. This table shows some basic capabilities, but the possibilities are limitless and can be infinitely more powerful.

Screen Shot 2017-05-01 at 3.06.31 PM

Summary

For smaller companies concerned only with the health of the SCCM client itself, and running Microsoft security technologies exclusively, the native SCCM Health Checks may meet your limited needs. For companies looking to maintain the health and security of all settings and applications, as well as Windows itself, Adaptiva Client Health gives SCCM true global health automation. Adaptiva also gives administrators the flexibility to easily create their own checks and remediations as new endpoint health, security and compliance issues arise. Also, if a company is using third-party security software, Adaptiva can ensure your endpoints are properly secured.

For more information about how Adaptiva Client Health can help you rest easy, request a free product demo.

Screen Shot 2017-04-12 at 10.22.47 AMBill Bernat is the director of product marketing at Adaptiva.

Screen Shot 2017-04-03 at 8.09.03 PM

Microsoft System Center Configuration Manager (SCCM) reliably helps companies keep their endpoints current, properly configured and secure. The Adaptiva OneSite content distribution engine is commonly known as the fastest way to distribute Windows 10 across the SCCM enterprise. However, OneSite also brings stunning enhancements in the areas of infrastructure reduction, speed and automation.

Adaptiva’s SCCM-transforming technology has been delivering significant ROI to the Fortune 500 for years. Its peer-to-peer content sharing technology speeds and simplifies software deployments and dramatically reduces the costs of SCCM ownership.

In this blog, we provide a side by side comparison to show you at a glance just how much power OneSite’s peer-to-peer technology adds to SCCM. It accelerates and simplifies software deployments and dramatically reduces the costs of SCCM ownership.

Infrastructure Reduction

Companies with multiple locations that use SCCM today often have to add costly infrastructure across their organization. OneSite uses clients, not servers, to eliminate that expensive architecture and the time required to deploy it. Remarkably, it also improves the level of service provided at each location.

Speed

Delivering Windows 10, software and updates over a company WAN to hundreds of locations can be impractically slow and, sometimes, impossible. OneSite substantially speeds delivery and reliability with several proprietary technologies not available in SCCM.

Automation

SCCM system administrators are highly skilled individuals who play a huge role in their organization’s success by keeping endpoints running perfectly. However, they are often stretched to keep up with the high demand for services. OneSite automates countless content distribution operations, eliminating many repetitive tasks and shrinking numerous others to a fraction of the time they used to take.

Learn More

SCCM dominates the enterprise market for endpoint management because it’s a powerful tool that gets the job done reliably on a large scale. OneSite has been widely adopted by the Fortune 500 partly because it significantly reduces the cost and time to deploy and operate SCCM. Mainly, though, companies run OneSite with SCCM because it simplifies infrastructure, increases the speed of operations and reduces administrator workload.

To learn more, request a demo today.

Bill Bernat is the director of product marketing at Adaptiva.

2017-01-18-MyITForum-2

Sponsored Blog

By Bill Bernat

It’s only January, and SCCM is moving like a bullet train. Adaptiva is investing more in Configuration Manager and other Microsoft technologies this year than ever before. To help you understand why, let’s start by taking a look back at 2016.

Throughout the history of SCCM, Microsoft has built significant new features and functions into every release, as seen in SMS 2003, SCCM 2007 and SCCM 2012. The next major version was given a super snappy name: “1511.” With this release, Microsoft did something totally revolutionary. Instead of just delivering new SCCM enhancements and capabilities, they re-engineered the way they build them.

While SCCM 1511, 1602, 1606 and 1610 deliver a cornucopia of great new features, the big story is the fact that there actually were four new versions within a year! And, of course, Windows 10, is the biggest story. Along with countless other new capabilities, SCCM delivers better support for organizations to deploy/upgrade/provision Windows 10, keep Windows 10 up-to-date, and manage Windows 10. Merely listing out all these features, however, would be missing the big picture.

SCCM professionals won’t look back at 2016 in five years and talk about this or that feature. In the history of SCCM, 2016 will be remembered as the year:

  • Microsoft began developing and releasing SCCM ridiculously fast. New SCCM technical previews came out monthly with new GA releases every four months (or so). This began on Dec. 8, 2015, with the release of 1511, but 2016 was the first year Microsoft actually delivered every single month—impressive!
  • Customer requests drove development decisions. Online, at conferences, in user groups–everywhere they go–Microsoft is aggressively asking, “What can we do that will make you like our software more?” At the risk of dating myself, it reminds me of their user-feedback-obsessed culture back when Word was the little guy fighting the Goliath Word Perfect. (For those of you who have never heard of Word Perfect, enough said.)
  • The term Current Branch (CB) became a quasi-version number. Microsoft referred to each version (1511, 1602, etc.) as the “current branch,” so now it’s used generally to refer to SCCM 1511 or later. One could argue that current branch only refers to the latest, or any version within the last 12 months, which is the timeframe any release is fully supported.
  • Everything revolved around Windows 10. Microsoft’s newest OS is a hit by every known metric, with consumer and business deployment racing far ahead of previous versions. A great deal of SCCM’s improvements were geared toward supporting the heck out of the new OS, its rapid release cycle, its (slightly confusing) service branches, and its growing monthly cumulative updates.

Prediction: In 2017, SCCM will thrive and grow while Intune also picks up market share.

That’s the big picture. The specific features that will materialize are yet to be revealed, but a few likely items include:

  • More Windows 10 support, including comprehensive delta support for Windows 10 Cumulative Updates
  • More user control, such as the ability to postpone deployments based on real-time factors (already out in TP)
  • More power in Task Sequences because, even though they were intended for OSD only, IT pros are using them for much more
  • More Intune integration with SCCM because, even though companies are not moving to Intune nearly as fast as initially expected, there is a growing need
  • Improvements to Client Peer Cache will help provide basic servicing while Microsoft continues to look to partners like Adaptiva to supercharge peer-to-peer for high-volume, zero-touch Windows 10 OSD, elimination of global server infrastructure and faster content delivery
  • Additional Secure Windows 10 tools and support, including BIOS-UEFI conversion and deeper support for Windows 10 features like Secure Boot, Device Guard and Credential Guard

Whatever turns SCCM’s evolution takes, it will continue to provide IT pros with the features they need to manage endpoints on their own hardware, software and network. At the same time, Microsoft continues to evolve Intune. While Intune is not going to unseat SCCM in the foreseeable future, we are seeing many enterprises begin to explore a move to the cloud for IT infrastructure and PC management. Adaptiva is excited to be a strategic part of the innovation happening around these endpoint management solutions for businesses worldwide.

Want a deeper look back at SCCM in 2016? Here’s a nice recap of some of the best websites and tools we found for SCCM and enterprise Windows 10 deployment information from many of the best SCCM experts in the world: Top 16 SCCM Tips from 2016.

Bill Bernat is Director of Product Marketing, Adaptiva.Bernat-TSN-Oct-2016-130x100

Hi,

It has been too long since I wrote anything but here comes a small update. Hopefully I get more time to blog all things I’ve been wanting to share soon.

I have just updated my MDT Monitor Tool to version 1.5 (Download), this version adds the “Start Time” column. So if you have many deployments ongoing or finnished you can now sort on start time.

 

MDT

New in v1.5:

  • Added Start Time as a value in the columns so you can sort on when a deployment was started
  • Removed the empty column to the left.

 

New in v1.4:

  • Fixed bug where Dart Remote Viewer didnt work
  • Option to show client local time instead of UTC, edit config.xml to enable/disable

 

New in v1.2:

  • Fixed Dart Remote Viewer not connection to full ip Issue: 1222

 

New in v1.1:

  • Added timers for autorefresh of webservice info
  • Added some better errorchecking and cleaned up the code a bit

 

For more info see my original post:
http://myitforum.com/myitforumwp/2014/01/29/mdt-monitor-tool/

 

154729LOGO

Adaptiva OneSite is a software solution that can improve SCCM delivery of software, updates, and Windows (OSD) between your SCCM site and other locations, even ones without distribution points.  Adaptiva OneSite doesn’t require a huge infrastructure. It can run a thousand locations with just a single SCCM server and no distribution points. PXE servers, or SMPs. The content delivery is fast and, more important, it does not impact other traffic on the WAN. The peer-to-peer storage of content doesn’t affect free space on clients because it operates in unused clusters so the users retain all their disk space. With these capabilities, Adaptiva OneSite can upgrade thousands of systems to Windows 10 in a fraction of the time.

Companies that wants to upgrade their unsupported Windows XP to Windows 7 or 8, or upgrade from any of those versions to Windows 10 soon, you can use Adaptiva OneSite to facilitate the process. In this post, we will explain 3 reasons of using Adaptiva OneSite Rapid OSD with SCCM for your next Windows 10 deployment.

Peer-to-Peer PXE

With SCCM, you may need to configure IP Helpers or DHCP Options in some VLAN to use OSD. Enabling peer-to-peer (P2P) PXE with Adaptiva takes only few minutes and all Windows server or clients can become a PXE point without infrastructure changes. You select a checkbox and every network segment has a PXE point! No need to coordinate with the networking team to set up IP helpers or DHCP scope options.

Adaptiva OneSite

Since you only need one PXE server per segment, one machine on each subnet is intelligently chosen and elected. However, it does not need to store the content. Instead, it serves content from different sources within the peer-to-peer network. For example, if ten systems are being migrated to Windows 10 at once, each one gets its OS image files from a different peer cache. This is for load-balancing, so one machine doesn’t slow down serving many others. You still have as much control as you want. You can include or exclude collections from eligibility both as PXE points and as data caches.

Content Storage and Delivery

One way that Adaptiva OneSite eliminates the need for storage is with zero footprint caching. This feature makes the Adaptiva Cache much more interesting than a normal SCCM cache. When global content is delivered to an operating location, it is stored in unallocated clusters on peer systems there. The data is copied without interfering with the users’ free disk space, and organized into a Virtual SAN. The result is virtually unlimited storage at each site, without servers, and without taking space from end users.

When an SCCM task sequence is ready to deploy, OneSite will read it, find all of the content it references, then automatically compress and distribute all pieces of content required to execute it. It will also make multiple copies for load-balancing and redundancy at a location, and the administrator can specify the minimum number of copies to keep.

When any of the content is updated, Adaptiva OneSite detects the change, and automatically creates and distributes a small binary differential file, efficiently updating the content every place it lives worldwide. It’s all as automatic as you want it to be. So you can be sure you are always deploying the most current content when migrating Windows.

Adaptiva OneSite

Adaptiva includes a proprietary UDP-based network protocol that makes it possible to deliver 20GB+ OS image files over the WAN without impacting other network traffic. It’s the only predictive bandwidth harvesting technology in the world. Others are based on TCP and are reactive, not predictive.

Virtual State Migration Points

A Windows user can easily store gigabytes of data and settings on their system. They expect it to be there on the new version of Windows after a migration. This means administrators must save and restore the data and settings, also known as state. SCCM administrators must either have a State Migration Point server at each facility, or save/restore the data over the WAN to a remote server. Doing state migration to a remote server is rarely practical, as it can overload the WAN with too much data, or simply take too long to be viable.

Adaptiva solves this dilemma by using the OneSite virtual SAN already located at a site to create a virtual state migration point (VSMP) there. The VSMP offers all the functionality of a dedicated server without taking storage from end users or impacting their performance. It also has built-in redundancy, maintaining multiple copies of the saved state data during each migration. The VSMP integrates directly into the SCCM task sequences as shown in the screenshot.

OneSite01 - Virtual SMP Task Sequence Integration raw

Adaptiva has built redundancy into the V-SMP solution by creating multiple copies of the state data for business continuity. If one peer goes offline for any reason, the migration will continue uninterrupted.

For More Information

Take a look at all others Adaptiva OneSite features. You can also check Adaptiva’s Vimeo Channel for more videos.

Overview video about Adaptiva OneSite

https://vimeo.com/129049313

Adaptiva OneSite

The post 3 Reasons to use Adaptiva OneSite for Windows 10 Deployment appeared first on System Center Dudes.

RAID controller is a device used to manage hard disk drives (HDDs) or solid-state drives (SSDs) in a computer or storage array. It has the ability to access multiple copies of data on multiple physical devices and improve performance with data protection in case of a system failure.

We suggest to keep your RAID controller drivers updated to have the latest fixes from the manufacturer. In this post, we will show you how to configure SCCM 2012 to inventory RAID controller drivers to prepare a deployment targeting the affected systems. We will show how to modify SCCM 2012 hardware inventory classes to get this information.

RAID Controller Drivers Information

You can find RAID controller drivers information in System Information.

  • Launch System Information from msinfo32.exe directly from Run in Start Menu
  • Expand Components / Storage / SCSI

Configure SCCM 2012 to Inventory RAID Controller Drivers

In the WMI, the information of RAID controller is in WIN32_SCSIController but it doesn’t include driver version. In this case, you can use registry to be able to gather drivers.

  • Open Registry Editor with regedit.exe from Run in Start Menu
  • Search for key name HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlClass{4d36e97b-e325-11ce-bfc1-08002be10318}

Configure SCCM 2012 to Inventory RAID Controller Drivers

Customize Hardware Inventory

Once you’ve target the RAID controller drivers in the registry, you will configure SCCM 2012 to gather the data on a larger scale. Because the information comes from the registry, we will use configuration.mof. This process give the possibility to customize a WMI class with information like registry. Each time devices request policy with his management point, the configuration.mof file is compiled by clients and automatically create or update custom class.

To update the configuration file, you need to edit manually the file.

  • Navigate to SCCM installation folder SCCMinboxesclifiles.srchinv on the top level of your hierarchy (CAS or Primary).
  • Create a backup of the file and Open mof file with your favorite text editor
  • Copy and Paste below code at the bottom of the file then Save
//------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
// RAID Controller Drivers
//------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
#pragma autorecover
#pragma namespace ("\\.\root\cimv2")
#pragma deleteclass("Win32_RAIDControllerDrivers", NOFAIL)
[dynamic,provider("RegProv"),ClassContext("local|HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}")]
class Win32_RAIDControllerDrivers
{
    [key]      
        string    ID;
    [PropertyContext("ProviderName")]     
        string    ProviderName;
    [PropertyContext("DriverDesc")]     
        string    DriverDesc;
    [PropertyContext("DriverVersion")]     
        string    DriverVersion;
    [PropertyContext("DriverDate")]     
        string    DriverDate;
};
  • On a test device, manually compile new modified mof by executing mofcomp.exe configuration.mof from command line and file source folder
  • Use your favorite WMI tools and Execute this command: SELECT * FROM Win32_RAIDControllerDrivers to confirm that the custom WMI class is properly created

Configure SCCM 2012 to Inventory RAID Controller Drivers

Now that you have confirmed that the new mof file works, it’s time to configure the hardware inventory in SCCM 2012 client settings.

  • From the SCCM console, navigate to Administration / Overview / Client Settings
  • Right click on Default Client Settings and select Properties
  • On the left ribbon, select Hardware Inventory and select Set Classes
  • Click on Add and Connect
  • Enter the Computer Name where you manually compile the new mof
  • Make sure Recursive is selected and click Connect

Configure SCCM 2012 to Inventory RAID Controller Drivers

  • Once you see the complete list of WMI Classes, search for Win32_RAIDControllerDrivers
  • Select and click Ok

Configure SCCM 2012 to Inventory RAID Controller Drivers

  • From the Hardware Inventory Classes properties, verify that the new class WIN32_RAIDControllerDrivers is selected and click Ok

Verification

Wait for next machine policy and next hardware inventory cycle on each computers. You will see custom WMI class been taken on the device by searching for this specific message in inventoryagent.log in CCMLogs.

Collection: Namespace = rootcimv2; Query = SELECT __CLASS, __PATH, __RELPATH, ID, DriverDate, DriverDesc, DriverVersion, ProviderName FROM Win32_RAIDControllerDrivers; Timeout = 600 secs.

Once devices start to send RAID controller drivers data to SQL database, verify data by executing below query using open SQL Management Studio.

SELECT
RI.ResourceID, RI.ID0 AS ID00, RI.ProviderName0 AS ProviderName, RI.DriverDesc0 AS DriverDescription, 
RI.DriverVersion0 AS DriverVersion, RI.DriverDate0 AS DriverDate
FROM  dbo.v_GS_RAIDControllerDrivers AS RI

You will see something like this.

Configure SCCM 2012 to Inventory RAID Controller Drivers

Be sure to check all steps if you have no data in the SQL database.

Reporting

Now is the time to have fun and shown to your management the data by creating custom reports. If you don’t have time to build something on your own, you can use the report Asset – Hardware from our products. Select RAID Controller in the menu as additional hardware information and you will see all RAID controller drivers in your environment.

Configure SCCM 2012 to Inventory RAID Controller Drivers

Configure SCCM 2012 to Inventory RAID Controller Drivers

Are you managing your RAID controller drivers with SCCM? Share your tips and tricks in the comment section.

The post Configure SCCM 2012 to Inventory RAID Controller Drivers appeared first on System Center Dudes.

Download and own part 1 to 18 of the SCCM 2012 R2 Installation Guide in a single PDF file. Use our products page or use the download button below. This blog post won’t be updated, only the document will be.

 

In part 1 of this SCCM 2012 R2 Installation Guide blog series, we planned our hierarchy, prepared our SCCM 2012 R2 Server and Active Directory.

In part 2, we installed and configured SQL in order to install SCCM 2012 R2.

In part 3, we installed a stand-alone SCCM 2012 R2 Primary site.

In the next 16 parts, we will describe how to install the numerous site systems roles available in SCCM 2012 R2. Role installation order is not important, you can install roles independently of others.

This part will describe how to install SCCM 2012 Enrollment Point and Enrollment Proxy Point site system roles.

Role Description

The Enrollment Point uses PKI certificates for Configuration Manager to enroll mobile devices, Mac computers and to provision Intel AMT-based computers.

The Enrollment Proxy Point manages Configuration Manager enrollment requests from mobile devices and Mac computers.

This is not a mandatory site system but you need both Enrollment Point and Enrollment Proxy Point if you want to enroll legacy mobile devices, Mac computers and to provision Intel AMT-based computers. Since modern mobile devices are mostly managed using Windows Intune, this post will focus mainly on Mac computers enrollment.

Site System Role Placement in Hierarchy

The SCCM 2012 Enrollment Point and Enrollment Proxy Point are site-wide options. It’s supported to install those roles on a stand-alone or child Primary site. It’s not supported to install it on a Central Administration site or Secondary site.

You must install an SCCM 2012 Enrollment Point in the user’s forest so that the user can be authenticated if a user enrolls mobile devices by using SCCM and their Active Directory account is in a forest that is untrusted by the site server’s forest.

When you support mobile devices on the Internet, as a security best practice, install the Enrollment Proxy Point in a perimeter network and the Enrollment Point on the intranet.

Prerequisites

Beginning with System Center 2012 Configuration Manager SP2, the computer that hosts the SCCM 2012 Enrollment Point or Enrollment Proxy Point site system role must have a minimum of 5% of the computers available memory free to enable the site system role to process requests. When those site system role are co-located with another site system role that has this same requirement, this memory requirement for the computer does not increase, but remains at a minimum of 5%.

Using Windows Server 2012, the following features must be installed before the role installation:

Enrollment Point

Features:

  • .NET Framework 3.5
  • .NET Framework 4.5
    • HTTP Activation (and automatically selected options)
    • ASP.NET 4.5
  • Common HTTP Features
    • Default Document
  • Application Development
    • ASP.NET 3.5 (and automatically selected options)
    • .NET Extensibility 3.5
    • ASP.NET 4.5 (and automatically selected options)
    • .NET Extensibility 4.5
  • IIS 6 Management Compatibility
    • IIS 6 Metabase Compatibility

Enrollment Proxy Point

Features:

  • .NET Framework 3.5
  • .NET Framework 4.5
    • HTTP Activation (and automatically selected options)
    • ASP.NET 4.5

IIS Configuration:

  • Common HTTP Features
    • Default Document
    • Static Content
  • Application Development
    • ASP.NET 3.5 (and automatically selected options)
    • ASP.NET 4.5 (and automatically selected options)
    • .NET Extensibility 3.5
    • .NET Extensibility 4.5
  • Security
    • Windows Authentication
  • IIS 6 Management Compatibility
    • IIS 6 Metabase Compatibility

SCCM 2012 Enrollment Point Installation

For this post we will be installing both roles on a stand-alone Primary site using HTTPS connections. If you split the roles between different machine, do the installation section twice, once for the first site system (selecting Enrollment Point during role selection) and a second time on the other site system (selecting Enrollment Proxy Point during role selection).

  • Open the SCCM console
  • Navigate to Administration / Site Configuration / Servers and Site System Roles
  • Right click your Site System and click Add Site System Roles
  • On the General tab, click Next

sccm 2012 install fallback status point

  • On the Proxy tab, click Next

sccm 2012 install fallback status point

  • On the Site System Role tab, select Enrollment Point and Enrollment Proxy Point, click Next

SCCM 2012 Enrollment Point

  • On the Enrollment Point tab
    • In the IIS Website and Virtual application name fields, leave both to the default values
      • This is the names that you’ll see in IIS after the installation
    • Enter the port number you want to use. The HTTPS setting is automatically selected and requires a PKI certificate on the server for server authentication to the Enrollment Proxy Point and for encryption of data over SSL. For more information about the certificate requirements, see PKI Certificate Requirements for Configuration Manager.

SCCM 2012 Enrollment Point

  • On the Enrollment Proxy Point tab,
    • The Enrollment point will be populated by default and can’t be changed
    • Keep the Website name to it’s default value
    • Enter the port and protocol that you want to use
    • The Virtual application name can’t be changed. This will be used for client installation (https://servername/EnrollmentServer)

SCCM 2012 Enrollment Point

  • On the Summary tab, review your settings, click Next and complete the wizard

SCCM 2012 Enrollment Point

Verification and Logs files

Logs

You can verify the role installation in the following logs:

  • ConfigMgrInstallationPathLogsenrollsrvMSI.log and enrollmentservice.log  – Records details of about the Enrollment Point installation
  • ConfigMgrInstallationPathLogsenrollwebMSI.log – Records details of about the Enrollment Proxy Point installation
  • ConfigMgrInstallationPathLogsenrollmentweb.log Records communication between mobile devices and the Enrollment Proxy Point

That’s it, you’ve installed your SCCM 2012 Enrollment Point, follow this Technet Guide if you want to proceed to next steps for Mac computers enrollment

 

The post How to install an SCCM 2012 Enrollment Point appeared first on System Center Dudes.

This morning I received an email from Microsoft that I am awarded System Center Cloud and Datacenter Management MVP for the 4th year. Here is the email I received:

image

The System Center Cloud and Datacenter Management MVP’s are a great lively bunch of folks. It is an honor to still be a part of this group. I have made many friends at Microsoft, with other MVP’s and in the community during my time as an MVP. I look forward to making many more!

I am also looking forward to another year of fun MVP activities. A huge thanks goes out to everyone in the community and Microsoft.

Congrats to all the other new and renewed MVP’s! I hope to keep adding value to the System Center community!

MVP Profile: http://mvp.microsoft.com/en-us/mvp/Steve%20Buchanan-4039736

In part 1 of this SCCM 2012 R2 Installation Guide blog series, we planned our hierarchy, prepared our SCCM 2012 R2 Server and Active Directory.

In part 2, we installed and configured SQL in order to install SCCM 2012 R2.

In part 3, we installed a stand-alone SCCM 2012 R2 Primary site.

In the next 16 parts, we will describe how to install the numerous site systems roles available in SCCM 2012 R2. Role installation order is not important, you can install roles independently of others.

This part will describe how to install SCCM 2012 Application Catalog web service point and the Application Catalog website point.

Role Description

The Application Catalog web service point provides software information to the Application Catalog website from the Software Library.

The Application Catalog website point provides users with a list of available software.

This is not a mandatory site system but you need both the Application Catalog website point and the Application Catalog web service point if you want to provide your user with a Self-Service application catalog (web portal).

sccm 2012 application catalog

Site System Role Placement in Hierarchy

The Application Catalog web service point and the Application Catalog website point are hierarchy-wide options. It’s supported to install those roles on a stand-alone Primary site or child Primary site. It’s not supported to install it on a Central Administration site or Seconday site.  The Application Catalog web service point must reside in the same forest as the site database.

If you’re having less than 10,000 users in your company, co-locating the Application Catalog web service and Application Catalog website roles on the same server should be ok. The web service role connects directly to the SCCM SQL database so ensure that the network connectivity between the SQL server and the Application Catalog web service servers is robust.

If you have more geographically distributed users, consider deploying additional application catalogs to keep responsiveness high and user satisfaction up. Use client settings to configure collections of computers to use different Application Catalog servers.

Continue to read the complete blog post here : http://www.systemcenterdudes.com/how-to-install-sccm-2012-application-catalog/

reportin

SCCM 2012 Hardware Inventory Report

Unveil your Hardware Data

This SCCM 2012 hardware inventory report let you see all your hardware in a single view. No longer need to browse multiple built-in reports. Use it to quicky find a specific machine having particular specification (Disk, Cpu, Serial number…).

This report easily return valuable information to your management team :

How many computers our company owns ? How many DELL Optiplex 780 ?
Which computers are still running Windows XP or Windows 2003 ?
What’s the serial number of computer XYZ ?
We urgently need to update a specific hard drive firmware, which computer has the affected model ?

We split this SCCM 2012 hardware inventory report into 5 sections:

Details, System, Processor, Disk and Video Controller.

 

Continue to read the complete blog post here : http://www.systemcenterdudes.com/sccm-2012-hardware-inventory-report/