Author: Jeremy Young

SQL Server file system

Quick tip… any drive that you use for SQL Server data or log files should be formatted as NTFS 64K size. SQL will give you better performance at the file level… I’m thinking of writing a post of best practices for SQL Server as it relates to ConfigMgr, would this be useful?Filed under: ConfigMgr, SQL, […]

System Center 2012 R2 Configuration Analyzer

  Interesting new utility from Microsoft: System Center 2012 R2 Configuration Analyzer http://www.microsoft.com/en-us/download/confirmation.aspx?id=41555Filed under: ConfigMgr

PowerShell Pipeline Fun With Configuration Manager Objects

Most Configuration Manager objects share common attributes, however most of them differ in the property name.  For example, collections and folders both have IDs, but for collections the ID property is named CollectionID and the folders have the name ContainerNodeID.  In order to maximize pipelineability (apparently I made up a new word) in PowerShell I found it was easiest to encapsulate them int...

PowerShell Module for ConfigMgr On-Demand Patch Management

I developed a PowerShell module that will scan for update compliance or launch a task sequence to install required security updates (or any advertised task sequence) on either a single machine, or multiple machines using multithreading.  The OnDemand module is a supplemental tool for our automated patching service. Our automated patching solution of enrolling a server in a monthly maintenance wind...

Q&A from SCCM Guru event–Datacenter Configuration Management

Thanks to everyone who attended the SCCM GURU event I presented, if you missed it you can catch it on the replay – link Here are my answers to questions raised during the session. Q: ­Is the patch management service on ConfigMgr for only Windows/IE patches, for all Microsoft products (e.g. Office), or for all products Microsoft and non-Microsoft?­ A: The Software Update feature in ConfigMgr is cap...

Filtering ConfigMgr Software Updates in SQL

The Datacenter environment that I manage with ConfigMgr for security updates consists of only Windows server platforms, running English builds, and no Itanium architecture.  So when it came time to build automation for authorizing security updates I wanted to ensure that only updates applicable to my environment were approved for deployment. Creating this filtered list in SQL turned out to be much...

PowerShell script to check ConfigMgr agent software update assignment compliance

Here is a PowerShell script to check a ConfigMgr agent’s compliance for all required/assigned security updates.  It is another utility tool in the kit for on-demand patch management, like this script to run a ConfigMgr Task Sequence On-Demand, which I blogged about previously.  Before you launch an on-demand patching session against a machine you should make sure it actually needs some updates, li...

PowerShell Script to run ConfigMgr Task Sequence On-demand

I wrote a script to handle a cluster patching situation where I needed to give a server owner the ability to run the ConfigMgr monthly patch management task sequence on-demand (immediately) via PowerShell.  The server owner would use another script to make their machine, in this case a cluster joined virtual server host, ready for patching (resources drained, removed from the cluster, etc.) and th...

The ConfigMgr SMSPROV.LOG is a programmer’s best friend

When I am programming widgets against ConfigMgr I have found the smsprov.log to be an invaluable tool. Sure, the SDK is great for figuring out class definitions, methods/properties available, etc., but when I get stuck trying to figure out how these objects work together or what WMI class I need to query nothing gets me the answer faster than the smsprov.log… Here is the definition of the smsprov....

SCCM Patch Management Using The Task Sequence Engine

As I mentioned in a previous blog post, we recently switched our monthly patch management function via SCCM away from the built-in Software Update Management (SUM) feature to the Task Sequence Engine. One of the primary drivers behind making the technology shift was the increasing frequency at which we were deploying software (applications, non-security updates, etc.) inside the same maintenance w...

Using Powershell to Manage SCCM Collection Variables

  I didn’t have much experience using SCCM collection variables until we recently made the switch to using the task sequence engine to do our monthly patch management (future blog topic). After becoming aware of the power that collection variables hold, I quickly learned they do have some drawbacks too. One of the challenges I found with using collection variables was that the unencrypted val...

Updating the SCCM Install Source

Inside the Microsoft IT Datacenter environment SCCM is the main tool used for automated patch management. Some servers are still manually patched by their server owners using many different tools (scripts, WSUS, AutomaticUpdates, download/install the exe’s manually, etc.). Since our primary focus is on the security of the environment it doesn’t really matter how servers get secured each month for ...