So if you attended MMS 2010 this year or have been paying attention to what ConfigMgr v.Next will be doing then you know that User Affinity is a big topic addressed with v.Next. However you don't have to wait until v.Next to 'affinitive' your users to computers in ConfigMgr (or SMS 2003 for that matter). This series of blogs will show you step by step how to successfully deploy to computers by targetting users (or users' groups).
Part one will demonstrate how to setup a user affinity in ConfigMgr. First some history -
It has historically been a challenge to identify what computer(s) are primarily used by what user(s). At first SMS administrators relied on "last logon user" to identify who uses a computer, but this had significant problems as often users may logon to systems which they don't commonly use.
I was one of the first to address this problem by writing SLAT (Security Logon Audit Tool) which used security logon events to determine who is the primary user of a system. v1.0 of SLAT I released back in the SMS 2.0 days sometime before 2004. It is very hazy. At any rate, SLAT allowed you to identify who the 'Top' user of a system was.
Well I think someone over there in Redmond liked my idea because in SMS 2003 SP3 (and ConfigMgr) along came 'Top Console User' as part of Asset Intelligence.
So Top Console User works almost identically to SLAT by using the security event logon events to identify the top user(s) of a system. Its built in so why use SLAT anymore eh? I don't. Much. Really the only reason to use SLAT is so you can exclude specific users, and I know some organizations do this... but I found another way.
Included in this blog is a new script I wrote which gets the Top Console User and sets it to the 'Registered Owner' in the registry (which is then collected via hardware inventory). This new script can also exclude specific users so your VMWare account doesn't become the registered owner on every system... instead the TOP non-excluded account becomes the registered user. I know some will be very happy about this.
So why use Registered Owner for affinity instead of Top Console? Well, after the script sets registered owner, you can adjust it if it happens to be incorrect. You can also migrate it as part of your state migration... sooooo the registered owner MOVES with the user state data to the new system. Why is that good? Well lets say you have AD Application Groups and the user is in those.... well when the new system is set for that user and the affinity is there those supplemental applications are automatically delivered to the new computer (if you have your collections setup right - blog part 2).
So... what you have all been waiting for... here is the script that does all this.
'On Error Resume Next
wscript.echo "Script started"
const HKEY_LOCAL_MACHINE = &H80000002
const domainname = "AD"
const excludedusers = "AD\sluser;"
const organization = "fabrikam"
strComputer = "."
wscript.echo "Connecting to WMI"
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
DomainRegisteredUsers = 0
wscript.echo "Querying for Existing Registered User"
Set osItems = objWMIService.ExecQuery("Select * from win32_operatingsystem")
For each osItem in osItems
wscript.echo ositem.registereduser
if ucase(left(ositem.RegisteredUser,len(domainname) + 1)) = domainname & "\" then
DomainRegisteredUsers = DomainRegisteredUsers + 1
end if
csname = ositem.csname
if ucase(left(csname, 3)) = "TRN" then
regvalue = "AD\TrainingUser"
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")
strKeyPath = "SOFTWARE\Microsoft\Windows NT\CurrentVersion"
wscript.echo "Setting RegisteredUser to: " & regvalue
oReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,"RegisteredOwner", regvalue
oReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,"RegisteredOrganization", organization & " (primary)"
wscript.quit 100
end if
next
if DomainRegisteredUsers < objwmismsservice =" GetObject(" impersonationlevel="impersonate}!\\" colitems =" objWMISMSService.ExecQuery(" number =" 0" oreg="GetObject(" impersonationlevel="impersonate}!\\" strkeypath = "SOFTWARE\Microsoft\Windows NT\CurrentVersion" number =" number" regvalue =" ucase(left(objItem.TopConsoleUser," regvalue =" ucase(objItem.TopConsoleUser)" regvalue =" ucase(GetSecondTopConsoleUser)" number =" 0" objwmismsservice =" GetObject(" impersonationlevel="impersonate}!\\" useritems =" objWMISMSService.ExecQuery(" secondtopconsoleuser = "" logonminutes =" 0"> LogonMinutes then
LogonMinutes = useritem.TotaluserConsoleMinutes
SecondTopConsoleUser = useritem.SystemConsoleUser
end if
end if
next
GetSecondTopConsoleUSer = SecondTopConsoleUSer
End Function
wscript.quit 100
So setup that vbscript in a package and then create a task sequence to run it Why a task sequence? Well a program/advertisement would work, but all those wscript statements show right up in the task sequence status report! So if you have failures you can easily see what happened. Also... make sure to setup the setregistereduser.vbs as a run command line and remove the 0 and 3010 success codes from the options tab, replacing them with '100'. this way if the script fails for some reason you will be able to see it as a failure.
So for Part 2 - How to setup your collections to have computers based on the affinitized registered owner and why to do it that way.
Thursday, May 13, 2010
Thursday, August 6, 2009
A Pretty Good Forefront Definition Deployment Solution - Part 2
Hello again --
As mentioned in Part 1, this is a new solution for the deployment of ForeFront Definition Updates via ConfigMgr.
Some of the advantages of this new solution over WSUS or previous ConfigMgr/SMS 2003 are -
* Utilizes ConfigMgr Distribution Points and does not require additional WSUS and SUP Points.
* Does a delta copy from the distribution point to the ConfigMgr client. Usually this will be 2mb or less.
* Intelligently determines if the DP being run from is BITS enabled or SMB only. Uses BITS to transfer if available.
* Leverages the advanced reporting capabilities of ConfigMgr to report on deployment status. There are multiple success messages like ‘Initiated download via BITS’, ‘Copied via SMB and updated’, and ‘Already up to date’.
Part 1 focused on the background of the problem and an overview of the available solutions. Part 2 will be a step-by-step in depth walk through on how to set this up in your environment.
Please note that this solution requires Microsoft System Center Configuration Manager but is not supported by Microsoft what-so-ever.
I also want to note that this solution is based in concept and improves upon the SMS 2003 solution created by Yaniv and posted http://blogs.microsoft.co.il/blogs/yanivf/archive/2008/02/24/updating-forefront-client-security-definitions-using-sms2003.aspx.
The DefinitionUpdate.vbs in particular was modified, but is largely Yaniv’s work.
Setting up the Solution
1. Extract the FCSDEF zip to a packages folder on your site server. Your folder structure should look something like \FCSDEF\Definitions with two sub folders… x86 and x64. In the FCSDEF Folder is a definitionsdownload.vbs.
2. You may schedule the definitionsdownload.vbs with task scheduler and there is an example on Yaniv’s site on how to do this, or set it up to run as an advertisement via ConfigMgr. To set it up to run via ConfigMgr create a package called “ForeFront x86 Definitions” on your ConfigMgr Site Server. It should be modified from the defaults like so:
a. Set the datasource to be the FCSDEF\Definitions\x86 folder.
b. Make sure to enable ‘binary differential replication’.
c. Set the Distribution Points to Update on a schedule. The schedule should be every 12 hours starting at 11:00PM.
d. On the Reporting Tab – set the mif file name to: “FOREFRONTDEFS”. This will enable enhanced reporting capabilities that we’ll review later.
e. Leave the other settings as default and click ok.
3. Next we need to create 2 programs for our package – A Syncronization program and a Client Definition Update program.
a. Create a new program and title it “Syncronize Definition Updates with Microsoft”. Set the command line to be definitiondownload.vbs, and the ‘start in’ the path to your FCSDEF folder containing the .vbs. On the Environment Tab set it to run ‘Whether or not a user is logged on’. On the Advanced Tab suppress program notifications. Click Ok. This program will be used to schedule the definition update synchronization from Microsoft.
b. Create another program and title it ‘Update x86 Definitions’. Set the command line to fcs-def2.exe and the run to hidden. Set the maximum allowed run time to 15 minutes and the environment to ‘whether or not a user is logged on’. On the Advanced Tab suppress program notifications and Click Ok.
4. Now that you x86 Definition package is created you may follow the same steps for the x64 package with the following modifications.
a. You won’t need to repeat step 3-A.
b. You will need to copy the files in the x86 folder to the x64 folder.
5. Create an advertisement for the ‘Syncronize Definition Updates with Microsoft’ program.
a. Create a collection containing your site server.
b. Target the advertisement to this collection.
c. Schedule your advertisement to run re-occuring every 12 hours, and 15 minutes before the time set in step 2-C.
d. Set the program re-run behavior to always re-run.
e. Set the advertisement to always run from distribution point.
6. Create a collection for systems with Forefront installed. Here’s the WQL for the collection: select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceId = SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName like "Microsoft Forefront Client Security%"
7. Create sub-collections for x86 and x64 systems and limit them to the collection created in step 6.
X86 example: select SMS_R_System.ResourceId, SMS_R_System.ResourceType, SMS_R_System.Name, SMS_R_System.SMSUniqueIdentifier, SMS_R_System.ResourceDomainORWorkgroup, SMS_R_System.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.SystemType = "X86-based PC"
X64 example: select SMS_R_System.ResourceId, SMS_R_System.ResourceType, SMS_R_System.Name, SMS_R_System.SMSUniqueIdentifier, SMS_R_System.ResourceDomainORWorkgroup, SMS_R_System.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.SystemType = "x64-based PC"
9. When the advertisement runs on a system you will notice a FCSDEFCache folder created in Windows\Temp and a new log file in the FCSDEFCache folder indicating status.
You may now use web reporting to track the status of your definition updates. Here’s what one of my custom reports looks like:
Here’s the sample report SQL that will give you more information than the default ‘Status of a specific advertisement’ report:
declare @Total int
declare @Accepted int
select @Total=count(*), @Accepted=sum(case LastState when 0 then 0 else 1 end)
from v_ClientAdvertisementStatus
where AdvertisementID=@AdvertID
select LastAcceptanceStateName as C013, count(*) as C015,
ROUND(100.0*count(*)/@Total,1) as C016,
AdvertisementID
from v_ClientAdvertisementStatus
where AdvertisementID=@AdvertID
group by LastAcceptanceStateName, AdvertisementID
select LastStateName as C017, LastExecutionResult, count(*) as C015,
ROUND(100.0*count(*)/@Accepted,1) as C016,
AdvertisementID
from v_ClientAdvertisementStatus
where AdvertisementID=@AdvertID and LastState!=0
group by LastStateName, LastExecutionResult, AdvertisementID
And that's that - enjoy
Tuesday, July 28, 2009
A Pretty Good Solution for Deploying Forefront Definition Updates (with ConfigMgr)
Microsoft Forefront is an excellent solution for the antivirus needs of your enterprise. Not only is it a top ranked solution, but it is also quite affordable. Many customers have made a decision to abandon solutions like Symantec Antivirus or Mcafee in favor of Forefront as a superior and less expensive solution that they may already own as part of their Microsoft E-Cal.
Deployment of Microsoft Forefront is not overly complex and there are walk-throughs for the server setup available from Microsoft. However there is a challenge with the deployment of the Forefront definition updates which can be as large at 35mb. A pure Forefront deployment requires the use of WSUS to deploy the definition updates. WSUS manages the definition updates and will deploy delta updates for most of the updates. Still, about once a month the entire 35mb must be downloaded to each client. For customers with many locations over slow or moderate network links having a single WSUS server could create network flooding issues as the clients attempt to copy content from a single location to clients all over the network. There are a couple existing approaches to solve this problem, each with its own advantages and disadvantages. I will attempt to summarize the existing options.
The Multiple WSUS Server Solution
One solution is to deploy multiple WSUS servers as children to a centralized WSUS server. This enables you assign clients to WSUS servers with group policy and they would receive the updates from the server to which they are assigned. An advantage here is that you don't need another solution like ConfigMgr in order to efficiently deploy definitions. You may however require a lot of WSUS servers and that may lead to a complicated WSUS environment. WSUS would require IIS to be installed on remote servers and to have servers in field offices.
The ConfigMgr/SMS 2003 Software Distribution Solution
This is a popular solution originally created and published http://blogs.microsoft.co.il/blogs/yanivf/archive/2008/02/24/updating-forefront-client-security-definitions-using-sms2003.aspx. With this solution you configure a scheduled task on your ConfigMgr site server to download the Forefront definitions. You then create a configuration manager package containing the x86 and x64 definitions and deploy that out to your ConfigMgr Distribution Points. An advertisement then is created to run/install the definitions. This solution is good because it doesn't require an extensive WSUS or Software Update Point environment. It utilizes existing distribution points that are utilized for other software distributions in your environment. It also takes advantage of the excellent software distribution status reporting capabilities available in ConfigMgr. However there are some disadvantages with this approach. Namely, the entire 35mb definitions and possibly even the x64 definitions are downloaded to each client each time the definitions are updated. If you schedule this daily that can be 35mb or 70mb per day per client. If all your clients have local distribution points this may not be a problem, but if you have clients going over the WAN (slow boundary) this could cause network flooding.
Deploying FCS definition updates with a shared System Center Configuration Manager WSUS infrastructure
As the only solution that is supported by the ConfigMgr team, this solution is generally what I start with when I'm working with a customer to deploy ConfigMgr and Forefront simultaneously or one after the other. For customers with smaller networks this may be the only solution needed, and one of my fellow MVPs (John Marcum) implemented this with 3 WSUS/SUP servers and over 100 locations. He states he never received any compliants about network bandwidth using this solution. However, with this solution the majority of your definitions updates occur over the WAN from the WSUS server. You can of course have multiple WSUS servers and could install SUPs on all your secondary sites. This would reduce the number of updates going over the WAN, but increase the complexity of you ConfigMgr site architecture. More information about this solution here: http://technet.microsoft.com/en-us/library/dd185652.aspx.
So there is a summary of the existing solutions up until now. I have recently implemented a 4th solution at a customer which solves many challenges while eliminating the need to deploy many many WSUS/SUP servers. So finally, what you have been waiting for. The 4th solution -
A Pretty Good Solution for Deploying Forefront Definition Updates (with ConfigMgr)
This solution started out as the previously mentioned ConfigMgr Software Distribution solution for deploying Forefront Definitions. However as I worked with that solution and began deploying definitions to more and more to clients over the WAN it became apparent the solution needed to be enhanced or I'd have to abandon it for the officially supported MS solution. I didn't really want to deploy more than 100 WSUS/SUP servers so I opted to try to enhance it.
The first piece I adjusted was the deploydefinitions.vbs used to download the definition .exes to a local folder on the site server. After the definitions are downloaded, the vbscript was adjusted to extract (as opposed to simply copying) the definitions to an x86 and x64 folder. This enhancement enabled me to have two packages, one for x86 and one for x64. By splitting the definitions into different folders I reduced the size of my download and execute per client from 70mb to 35mb. The extracted definitions consisted of several files: MPASBASE.VDM, MPAVBASE.VDM, MPAVDLTA.VDM, MPASDLTA.VDM, mpengine.dll, am_full_engine.ini, and mpsigstub.exe. An analysis of these files comparing several days worth of definitions files indicated that the BASE.VDM’s changed monthly, and the DLTA.VDM’s (Delta) would change with each definition release. The Delta files were usually 2mb at most and the base files were as large as 20mb. I was really curious about the mpsigstub.exe and upon launching it I noticed it silently updated the definitions on my test system. It also produced a mpsigstub.log in the temp directory indicating its success/failure. Ok – now worst case I could use xcopy delta to only copy the changed files from the package source to a temporary folder on the forefront clients and then launch mpsigstub.exe.
Using a simple script to copy only the files that were different I was able to substantially reduce the size of the re-occurring daily definition updates. However I still had a large number of systems receiving content over the WAN without a local distribution point. These weren’t causing problems with the small delta xcopies, but I knew the BASE.VDM’s would eventually be updated and I didn’t want them to be copied down via SMB over the WAN. I really wanted to take advantage of BITS and my BITS enabled central distribution point. Unfortunately ConfigMgr Download and Execute does not provide any delta capabilities between the distribution point and the client otherwise this solution would be a lot simpler!
So I developed a script that I added to the package source. When run from the distribution point the script checks to see if the content can be accessed via http or not. If not it assumes the DP is local and copies the content down (delta) via SMB and then launched the mpsigstub.exe. If the content is available via http, the script will use BITSADMIN to copy the content and then execute mpsigstub.exe upon completion of the copy. The end result for this customer is that their ForeFront definitions are more up to date than ever before and we are looking at updating the defs more frequently than just once a day.
Look for another post coming soon with step-by-step instructions and script examples to implement this solution in your environment. It should also be handy if you don’t have Forefront, but want to utilize BITSADMIN and customize status MIFS for your non-forefront related packages.
Deployment of Microsoft Forefront is not overly complex and there are walk-throughs for the server setup available from Microsoft. However there is a challenge with the deployment of the Forefront definition updates which can be as large at 35mb. A pure Forefront deployment requires the use of WSUS to deploy the definition updates. WSUS manages the definition updates and will deploy delta updates for most of the updates. Still, about once a month the entire 35mb must be downloaded to each client. For customers with many locations over slow or moderate network links having a single WSUS server could create network flooding issues as the clients attempt to copy content from a single location to clients all over the network. There are a couple existing approaches to solve this problem, each with its own advantages and disadvantages. I will attempt to summarize the existing options.
The Multiple WSUS Server Solution
One solution is to deploy multiple WSUS servers as children to a centralized WSUS server. This enables you assign clients to WSUS servers with group policy and they would receive the updates from the server to which they are assigned. An advantage here is that you don't need another solution like ConfigMgr in order to efficiently deploy definitions. You may however require a lot of WSUS servers and that may lead to a complicated WSUS environment. WSUS would require IIS to be installed on remote servers and to have servers in field offices.
The ConfigMgr/SMS 2003 Software Distribution Solution
This is a popular solution originally created and published http://blogs.microsoft.co.il/blogs/yanivf/archive/2008/02/24/updating-forefront-client-security-definitions-using-sms2003.aspx. With this solution you configure a scheduled task on your ConfigMgr site server to download the Forefront definitions. You then create a configuration manager package containing the x86 and x64 definitions and deploy that out to your ConfigMgr Distribution Points. An advertisement then is created to run/install the definitions. This solution is good because it doesn't require an extensive WSUS or Software Update Point environment. It utilizes existing distribution points that are utilized for other software distributions in your environment. It also takes advantage of the excellent software distribution status reporting capabilities available in ConfigMgr. However there are some disadvantages with this approach. Namely, the entire 35mb definitions and possibly even the x64 definitions are downloaded to each client each time the definitions are updated. If you schedule this daily that can be 35mb or 70mb per day per client. If all your clients have local distribution points this may not be a problem, but if you have clients going over the WAN (slow boundary) this could cause network flooding.
Deploying FCS definition updates with a shared System Center Configuration Manager WSUS infrastructure
As the only solution that is supported by the ConfigMgr team, this solution is generally what I start with when I'm working with a customer to deploy ConfigMgr and Forefront simultaneously or one after the other. For customers with smaller networks this may be the only solution needed, and one of my fellow MVPs (John Marcum) implemented this with 3 WSUS/SUP servers and over 100 locations. He states he never received any compliants about network bandwidth using this solution. However, with this solution the majority of your definitions updates occur over the WAN from the WSUS server. You can of course have multiple WSUS servers and could install SUPs on all your secondary sites. This would reduce the number of updates going over the WAN, but increase the complexity of you ConfigMgr site architecture. More information about this solution here: http://technet.microsoft.com/en-us/library/dd185652.aspx.
So there is a summary of the existing solutions up until now. I have recently implemented a 4th solution at a customer which solves many challenges while eliminating the need to deploy many many WSUS/SUP servers. So finally, what you have been waiting for. The 4th solution -
A Pretty Good Solution for Deploying Forefront Definition Updates (with ConfigMgr)
This solution started out as the previously mentioned ConfigMgr Software Distribution solution for deploying Forefront Definitions. However as I worked with that solution and began deploying definitions to more and more to clients over the WAN it became apparent the solution needed to be enhanced or I'd have to abandon it for the officially supported MS solution. I didn't really want to deploy more than 100 WSUS/SUP servers so I opted to try to enhance it.
The first piece I adjusted was the deploydefinitions.vbs used to download the definition .exes to a local folder on the site server. After the definitions are downloaded, the vbscript was adjusted to extract (as opposed to simply copying) the definitions to an x86 and x64 folder. This enhancement enabled me to have two packages, one for x86 and one for x64. By splitting the definitions into different folders I reduced the size of my download and execute per client from 70mb to 35mb. The extracted definitions consisted of several files: MPASBASE.VDM, MPAVBASE.VDM, MPAVDLTA.VDM, MPASDLTA.VDM, mpengine.dll, am_full_engine.ini, and mpsigstub.exe. An analysis of these files comparing several days worth of definitions files indicated that the BASE.VDM’s changed monthly, and the DLTA.VDM’s (Delta) would change with each definition release. The Delta files were usually 2mb at most and the base files were as large as 20mb. I was really curious about the mpsigstub.exe and upon launching it I noticed it silently updated the definitions on my test system. It also produced a mpsigstub.log in the temp directory indicating its success/failure. Ok – now worst case I could use xcopy delta to only copy the changed files from the package source to a temporary folder on the forefront clients and then launch mpsigstub.exe.
Using a simple script to copy only the files that were different I was able to substantially reduce the size of the re-occurring daily definition updates. However I still had a large number of systems receiving content over the WAN without a local distribution point. These weren’t causing problems with the small delta xcopies, but I knew the BASE.VDM’s would eventually be updated and I didn’t want them to be copied down via SMB over the WAN. I really wanted to take advantage of BITS and my BITS enabled central distribution point. Unfortunately ConfigMgr Download and Execute does not provide any delta capabilities between the distribution point and the client otherwise this solution would be a lot simpler!
So I developed a script that I added to the package source. When run from the distribution point the script checks to see if the content can be accessed via http or not. If not it assumes the DP is local and copies the content down (delta) via SMB and then launched the mpsigstub.exe. If the content is available via http, the script will use BITSADMIN to copy the content and then execute mpsigstub.exe upon completion of the copy. The end result for this customer is that their ForeFront definitions are more up to date than ever before and we are looking at updating the defs more frequently than just once a day.
Look for another post coming soon with step-by-step instructions and script examples to implement this solution in your environment. It should also be handy if you don’t have Forefront, but want to utilize BITSADMIN and customize status MIFS for your non-forefront related packages.
Monday, July 6, 2009
Customizing the Default User Profile automatically with Configuration Manager
I posted this script some time ago on the myitforum list and I'm just now getting around to blogging about it. I use this script at multiple customers to modify the default user profile without having to copy the administrator profile over the top. This method enables you to add or make changes without having to re-create your image.
item: Insert Line into Text File Pathname=%WIN%\Temp\customizedesktop.log New Text=Starting Log File Line Number=0enditem: Remarkenditem: Remark Text=Loading Default User Hiveenditem: Execute Program Pathname=reg.exe Command Line=load HKU\DefaultUser "c:\documents and settings\defaultuser\ntuser.dat" Flags=00000010enditem: Insert Line into Text File Pathname=%WIN%\Temp\customizedesktop.log New Text=Default User Hive Loaded Line Number=0enditem: Remarkenditem: Remark Text=Disable Windows XP tourenditem: Edit Registry Total Keys=1 Key=DefaultUser\Software\Microsoft\Windows\CurrentVersion\Applets\Tour New Value=0 Value Name=RunCount Root=3 Data Type=3enditem: Remarkenditem: Remark Text=Set Control Panel to Classic View enditem: Edit Registry Total Keys=1Key=DefaultUser\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer New Value=1 Value Name=ForceClassicControlPanel Root=3 Data Type=3enditem: Remarkenditem: Remark Text=Hide Welcome Screenenditem: Edit Registry Total Keys=1Key=DefaultUser\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer New Value=1 Value Name=NoWelcomeScreen Root=3 Data Type=3enditem: Remarkenditem: Remark Text=Disable Fast User Switching Vista end remarked item: EditRegistry Total Keys=1 Key=Software\Microsoft\Windows\CurrentVersion\Policies\System New Value=1 Value Name=HideFastUserSwitching Root=2 Data Type=3enditem: Remark Text=Disable Fast User Switching XPenditem: Edit Registry Total Keys=1 Key=SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon New Value=0 Value Name=AllowMultipleTSSessions Root=2 Data Type=3enditem: Remarkenditem: Remark Text=Show Quick Launch on Task Bar; Not working?enditem: Execute Program Pathname=regedit.exe Command Line=/s %INST%\TaskBarSettings.reg Flags=00001010enditem: Insert Line into Text File Pathname=%WIN%\Temp\customizedesktop.log New Text=Imported Regfile TaskBarSettings.reg Line Number=0enditem: Remarkenditem: Remark Text=Remove Language Barenditem: Edit Registry Total Keys=1 Key=DefaultUser\Software\Microsoft\CTF\LangBar New Value=0 Value Name=ShowStatus Root=3 Data Type=3enditem: Remarkenditem: Remark Text=Set Short Date to MM/DD/YYenditem: Edit Registry Total Keys=1 Key=DefaultUser\Control Panel\International New Value=MM/dd/yy Value Name=sShortDate Root=3enditem: Remarkenditem: Remark Text=Set IE Homepageenditem: Edit Registry Total Keys=1 Key=DefaultUser\Software\Microsoft\Internet Explorer\Main New Value=http://www.systemcentertools.com Value Name=Start Page Root=3enditem: Remarkenditem: Remark Text=Disable Desktop Cleanupenditem: Edit Registry Total Keys=1Key=DefaultUser\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\CleanupWiz New Value=1 Value Name=NoRun Root=3 Data Type=3enditem: Remarkenditem: Remark Text=Make My Computer Visible on Desktop 0=show 1=hide enditem: Edit Registry Total Keys=1Key=DefaultUser\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel New Value=0 Value Name={20D04FE0-3AEA-1069-A2D8-08002B30309D} Root=3 Data Type=3enditem: Remarkenditem: Remark Text=Make My Network Places Visible on Desktop enditem: Edit Registry Total Keys=1Key=DefaultUser\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel New Value=0 Value Name={208D2C60-3AEA-1069-A2D7-08002B30309D} Root=3 Data Type=3enditem: Remarkenditem: Remark Text=Make My Documents Visible on Desktop enditem: Edit Registry Total Keys=1Key=DefaultUser\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel New Value=0 Value Name={450D8FBA-AD25-11D0-98A8-0800361B1103} Root=3 Data Type=3enditem: Remarkenditem: Remark Text=Remove Windows Catalog, Set Program Access and Defaults, ActivateWindows from Start Menu enditem: Edit Registry Total Keys=1Key=DefaultUser\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced New Value=0 Value Name=Start_ShowSetProgramAccessAndDefaults Root=3 Data Type=3enditem: Get Environment Variable Variable=ALLUSERS Environment=ALLUSERSPROFILE Default=C:\documents and Settings\All Users enditem: Delete File Pathname=%ALLUSERS%\Start Menu\Set Program Access and Defaults.* enditem: Delete File Pathname=%ALLUSERS%\Start Menu\Activate Windows.* enditem: Delete File Pathname=%ALLUSERS%\Start Menu\Windows Catalog.* enditem: Insert Line into Text File Pathname=%WIN%\Temp\customizedesktop.log New Text=Deleted ALL User Profile files from start menu Line Number=0enditem: Remarkenditem: Remark Text=Show Hidden Filesenditem: Edit Registry Total Keys=1Key=DefaultUser\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced New Value=1 Value Name=Hidden Root=3 Data Type=3enditem: Remarkenditem: Remark Text=Show File Extensionsenditem: Edit Registry Total Keys=1Key=DefaultUser\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced New Value=0 Value Name=HideFileExt Root=3 Data Type=3enditem: Remarkenditem: Remark Text=Launch Explorer Windows in Separate Process enditem: Edit Registry Total Keys=1Key=DefaultUser\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced New Value=1 Value Name=SeparateProcess Root=3 Data Type=3enditem: Remarkenditem: Remark Text=Set Explorer to Details Viewenditem: Edit Registry Total Keys=1 Key=DefaultUser\Software\Microsoft\Windows\ShellNoRoam\BagMRU Root=131enditem: Edit Registry Total Keys=1 Key=DefaultUser\Software\Microsoft\Windows\ShellNoRoam\Bags Root=131enditem: Execute Program Pathname=regedit.exe Command Line=/s %INST%\ExplorerDetailView.reg Flags=00001010enditem: Insert Line into Text File Pathname=%WIN%\Temp\customizedesktop.log New Text=Imported Regfile ExplorerDetailView.reg Line Number=0enditem: Remarkenditem: Remark Text=Copy/Set Windows Wallpaperenditem: Copy Local File Source=%INST%\a-dec.bmp Destination=%win%\web\wallpaper\sct.bmp Flags=0000000001100010enditem: Edit Registry Total Keys=1Key=DefaultUser\Software\Microsoft\Windows\CurrentVersion\Policies\System New Value=%win%\web\wallpaper\sct.bmp Value Name=Wallpaper Root=3enditem: Edit Registry Total Keys=1 Key=DefaultUser\Control Panel\Desktop New Value=%win%\web\wallpaper\sct.bmp Value Name=Wallpaper Root=3enditem: Insert Line into Text File Pathname=%WIN%\Temp\customizedesktop.log New Text=Copy Wallpaper Line Number=0enditem: Remarkenditem: Execute Program Pathname=reg.exe Command Line=unload HKU\DefaultUser Flags=00000010enditem: Insert Line into Text File Pathname=%WIN%\Temp\customizedesktop.log New Text=Default User Hive Un- Loaded Line Number=0enditem: Remarkenditem: Remark Text=Enable Remote Desktopenditem: Edit Registry Total Keys=1 Key=system\currentcontrolset\control\terminal server New Value=0 Value Name=fDenyTSConnections Root=2 Data Type=3enditem: Remarkenditem: Remark Text=Install/Copy Customer Font.enditem: Copy Local File Source=%INST%\PC_FONTS\*.* Destination=%WIN%\FONTS\ Flags=0000000001100010enditem: Remarkenditem: Remark Text=Disable Firewall for Domain Profile enditem: Edit Registry Total Keys=1 Key=Software\Policies\Microsoft\WindowsFirewall\DomainProfile New Value=0 Value Name=EnableFirewall Root=2 Data Type=3enditem: Edit Registry Total Keys=1 Key=Software\Policies\Microsoft\WindowsFirewall\StandardProfile New Value=0 Value Name=EnableFirewall Root=2 Data Type=3enditem: Remarkenditem: Remark Text=Disable Automatic Updatesenditem: Edit Registry Total Keys=2 item: KeyKey=Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\AutoUpdate New Value=1 Value Name=AUOptions Root=2 Data Type=3 end item: KeyKey=Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\AutoUpdate New Value=1 Value Name=AUState Root=2 Data Type=3 endenditem: Remarkenditem: Remark Text=Disable Security Center Alert Notifications enditem: Edit Registry Total Keys=3 item: Key Key=Software\Microsoft\Security Center New Value=1 Value Name=AntiVirusDisableNotify Root=2 Data Type=3 end item: Key Key=Software\Microsoft\Security Center New Value=1 Value Name=FirewallDisableNotify Root=2 Data Type=3 end item: Key Key=Software\Microsoft\Security Center New Value=1 Value Name=UpdatesDisableNotify Root=2 Data Type=3 endenditem: Remarkenditem: Remark Text=Edit Page File Memory Sizeenditem: Edit Registry Total Keys=1 Key=SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management New Value=c:\pagefile.sys 4092 4092 New Value= Value Name=PagingFiles Root=2 Data Type=2enditem: Remarkenditem: Remark Text=Rename Administrator and Create Desktop User end remarked item:Execute Program Pathname=%win%\system32\cscript.exe Command Line=%inst%\renameadmin.vbs Flags=00001010enditem: Remarkenditem: Remark Text=Add Desktop User to Local administrators group enditem: Remarkenditem: Remark Text=Remove Games, OE, and MSN Explorer enditem: Execute Program Pathname=%win%\system32\sysocmgr.exe Command Line=/i:%win%\inf\sysoc.inf /u:%inst%\ocm.txt /q /r Flags=00001010enditem: Insert Line into Text File Pathname=%WIN%\Temp\customizedesktop.log New Text=Removed Games and others... Line Number=0enditem: Remarkenditem: Remarkenditem: Delete File Pathname=%ALLUSERS%\Start Menu\Programs\Games\* Flags=00000100enditem: Delete File Pathname=%ALLUSERS%\Start Menu\Programs\Games Flags=00000100enditem: Execute Program Pathname=cmd.exe Command Line=/c rmdir "%allusers%\start menu\programs\games" /s /q Flags=00001000enditem: Delete File Pathname=%ALLUSERS%\Desktop\InterVideo WinDVD.lnk enditem: Insert Line into Text File Pathname=%WIN%\Temp\customizedesktop.log New Text=Deleted Games Folder and Misc shortcuts Line Number=0end
item: Insert Line into Text File Pathname=%WIN%\Temp\customizedesktop.log New Text=Starting Log File Line Number=0enditem: Remarkenditem: Remark Text=Loading Default User Hiveenditem: Execute Program Pathname=reg.exe Command Line=load HKU\DefaultUser "c:\documents and settings\defaultuser\ntuser.dat" Flags=00000010enditem: Insert Line into Text File Pathname=%WIN%\Temp\customizedesktop.log New Text=Default User Hive Loaded Line Number=0enditem: Remarkenditem: Remark Text=Disable Windows XP tourenditem: Edit Registry Total Keys=1 Key=DefaultUser\Software\Microsoft\Windows\CurrentVersion\Applets\Tour New Value=0 Value Name=RunCount Root=3 Data Type=3enditem: Remarkenditem: Remark Text=Set Control Panel to Classic View enditem: Edit Registry Total Keys=1Key=DefaultUser\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer New Value=1 Value Name=ForceClassicControlPanel Root=3 Data Type=3enditem: Remarkenditem: Remark Text=Hide Welcome Screenenditem: Edit Registry Total Keys=1Key=DefaultUser\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer New Value=1 Value Name=NoWelcomeScreen Root=3 Data Type=3enditem: Remarkenditem: Remark Text=Disable Fast User Switching Vista end remarked item: EditRegistry Total Keys=1 Key=Software\Microsoft\Windows\CurrentVersion\Policies\System New Value=1 Value Name=HideFastUserSwitching Root=2 Data Type=3enditem: Remark Text=Disable Fast User Switching XPenditem: Edit Registry Total Keys=1 Key=SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon New Value=0 Value Name=AllowMultipleTSSessions Root=2 Data Type=3enditem: Remarkenditem: Remark Text=Show Quick Launch on Task Bar; Not working?enditem: Execute Program Pathname=regedit.exe Command Line=/s %INST%\TaskBarSettings.reg Flags=00001010enditem: Insert Line into Text File Pathname=%WIN%\Temp\customizedesktop.log New Text=Imported Regfile TaskBarSettings.reg Line Number=0enditem: Remarkenditem: Remark Text=Remove Language Barenditem: Edit Registry Total Keys=1 Key=DefaultUser\Software\Microsoft\CTF\LangBar New Value=0 Value Name=ShowStatus Root=3 Data Type=3enditem: Remarkenditem: Remark Text=Set Short Date to MM/DD/YYenditem: Edit Registry Total Keys=1 Key=DefaultUser\Control Panel\International New Value=MM/dd/yy Value Name=sShortDate Root=3enditem: Remarkenditem: Remark Text=Set IE Homepageenditem: Edit Registry Total Keys=1 Key=DefaultUser\Software\Microsoft\Internet Explorer\Main New Value=http://www.systemcentertools.com Value Name=Start Page Root=3enditem: Remarkenditem: Remark Text=Disable Desktop Cleanupenditem: Edit Registry Total Keys=1Key=DefaultUser\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\CleanupWiz New Value=1 Value Name=NoRun Root=3 Data Type=3enditem: Remarkenditem: Remark Text=Make My Computer Visible on Desktop 0=show 1=hide enditem: Edit Registry Total Keys=1Key=DefaultUser\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel New Value=0 Value Name={20D04FE0-3AEA-1069-A2D8-08002B30309D} Root=3 Data Type=3enditem: Remarkenditem: Remark Text=Make My Network Places Visible on Desktop enditem: Edit Registry Total Keys=1Key=DefaultUser\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel New Value=0 Value Name={208D2C60-3AEA-1069-A2D7-08002B30309D} Root=3 Data Type=3enditem: Remarkenditem: Remark Text=Make My Documents Visible on Desktop enditem: Edit Registry Total Keys=1Key=DefaultUser\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel New Value=0 Value Name={450D8FBA-AD25-11D0-98A8-0800361B1103} Root=3 Data Type=3enditem: Remarkenditem: Remark Text=Remove Windows Catalog, Set Program Access and Defaults, ActivateWindows from Start Menu enditem: Edit Registry Total Keys=1Key=DefaultUser\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced New Value=0 Value Name=Start_ShowSetProgramAccessAndDefaults Root=3 Data Type=3enditem: Get Environment Variable Variable=ALLUSERS Environment=ALLUSERSPROFILE Default=C:\documents and Settings\All Users enditem: Delete File Pathname=%ALLUSERS%\Start Menu\Set Program Access and Defaults.* enditem: Delete File Pathname=%ALLUSERS%\Start Menu\Activate Windows.* enditem: Delete File Pathname=%ALLUSERS%\Start Menu\Windows Catalog.* enditem: Insert Line into Text File Pathname=%WIN%\Temp\customizedesktop.log New Text=Deleted ALL User Profile files from start menu Line Number=0enditem: Remarkenditem: Remark Text=Show Hidden Filesenditem: Edit Registry Total Keys=1Key=DefaultUser\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced New Value=1 Value Name=Hidden Root=3 Data Type=3enditem: Remarkenditem: Remark Text=Show File Extensionsenditem: Edit Registry Total Keys=1Key=DefaultUser\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced New Value=0 Value Name=HideFileExt Root=3 Data Type=3enditem: Remarkenditem: Remark Text=Launch Explorer Windows in Separate Process enditem: Edit Registry Total Keys=1Key=DefaultUser\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced New Value=1 Value Name=SeparateProcess Root=3 Data Type=3enditem: Remarkenditem: Remark Text=Set Explorer to Details Viewenditem: Edit Registry Total Keys=1 Key=DefaultUser\Software\Microsoft\Windows\ShellNoRoam\BagMRU Root=131enditem: Edit Registry Total Keys=1 Key=DefaultUser\Software\Microsoft\Windows\ShellNoRoam\Bags Root=131enditem: Execute Program Pathname=regedit.exe Command Line=/s %INST%\ExplorerDetailView.reg Flags=00001010enditem: Insert Line into Text File Pathname=%WIN%\Temp\customizedesktop.log New Text=Imported Regfile ExplorerDetailView.reg Line Number=0enditem: Remarkenditem: Remark Text=Copy/Set Windows Wallpaperenditem: Copy Local File Source=%INST%\a-dec.bmp Destination=%win%\web\wallpaper\sct.bmp Flags=0000000001100010enditem: Edit Registry Total Keys=1Key=DefaultUser\Software\Microsoft\Windows\CurrentVersion\Policies\System New Value=%win%\web\wallpaper\sct.bmp Value Name=Wallpaper Root=3enditem: Edit Registry Total Keys=1 Key=DefaultUser\Control Panel\Desktop New Value=%win%\web\wallpaper\sct.bmp Value Name=Wallpaper Root=3enditem: Insert Line into Text File Pathname=%WIN%\Temp\customizedesktop.log New Text=Copy Wallpaper Line Number=0enditem: Remarkenditem: Execute Program Pathname=reg.exe Command Line=unload HKU\DefaultUser Flags=00000010enditem: Insert Line into Text File Pathname=%WIN%\Temp\customizedesktop.log New Text=Default User Hive Un- Loaded Line Number=0enditem: Remarkenditem: Remark Text=Enable Remote Desktopenditem: Edit Registry Total Keys=1 Key=system\currentcontrolset\control\terminal server New Value=0 Value Name=fDenyTSConnections Root=2 Data Type=3enditem: Remarkenditem: Remark Text=Install/Copy Customer Font.enditem: Copy Local File Source=%INST%\PC_FONTS\*.* Destination=%WIN%\FONTS\ Flags=0000000001100010enditem: Remarkenditem: Remark Text=Disable Firewall for Domain Profile enditem: Edit Registry Total Keys=1 Key=Software\Policies\Microsoft\WindowsFirewall\DomainProfile New Value=0 Value Name=EnableFirewall Root=2 Data Type=3enditem: Edit Registry Total Keys=1 Key=Software\Policies\Microsoft\WindowsFirewall\StandardProfile New Value=0 Value Name=EnableFirewall Root=2 Data Type=3enditem: Remarkenditem: Remark Text=Disable Automatic Updatesenditem: Edit Registry Total Keys=2 item: KeyKey=Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\AutoUpdate New Value=1 Value Name=AUOptions Root=2 Data Type=3 end item: KeyKey=Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\AutoUpdate New Value=1 Value Name=AUState Root=2 Data Type=3 endenditem: Remarkenditem: Remark Text=Disable Security Center Alert Notifications enditem: Edit Registry Total Keys=3 item: Key Key=Software\Microsoft\Security Center New Value=1 Value Name=AntiVirusDisableNotify Root=2 Data Type=3 end item: Key Key=Software\Microsoft\Security Center New Value=1 Value Name=FirewallDisableNotify Root=2 Data Type=3 end item: Key Key=Software\Microsoft\Security Center New Value=1 Value Name=UpdatesDisableNotify Root=2 Data Type=3 endenditem: Remarkenditem: Remark Text=Edit Page File Memory Sizeenditem: Edit Registry Total Keys=1 Key=SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management New Value=c:\pagefile.sys 4092 4092 New Value= Value Name=PagingFiles Root=2 Data Type=2enditem: Remarkenditem: Remark Text=Rename Administrator and Create Desktop User end remarked item:Execute Program Pathname=%win%\system32\cscript.exe Command Line=%inst%\renameadmin.vbs Flags=00001010enditem: Remarkenditem: Remark Text=Add Desktop User to Local administrators group enditem: Remarkenditem: Remark Text=Remove Games, OE, and MSN Explorer enditem: Execute Program Pathname=%win%\system32\sysocmgr.exe Command Line=/i:%win%\inf\sysoc.inf /u:%inst%\ocm.txt /q /r Flags=00001010enditem: Insert Line into Text File Pathname=%WIN%\Temp\customizedesktop.log New Text=Removed Games and others... Line Number=0enditem: Remarkenditem: Remarkenditem: Delete File Pathname=%ALLUSERS%\Start Menu\Programs\Games\* Flags=00000100enditem: Delete File Pathname=%ALLUSERS%\Start Menu\Programs\Games Flags=00000100enditem: Execute Program Pathname=cmd.exe Command Line=/c rmdir "%allusers%\start menu\programs\games" /s /q Flags=00001000enditem: Delete File Pathname=%ALLUSERS%\Desktop\InterVideo WinDVD.lnk enditem: Insert Line into Text File Pathname=%WIN%\Temp\customizedesktop.log New Text=Deleted Games Folder and Misc shortcuts Line Number=0end
Tuesday, March 10, 2009
SCCM Reporting timeout under Windows Server 2008
So most of your reports are running just fine out of the box, but you have these handful that timeout because there is soooo much data being returned. Under IIS 6 all you had to do was increase the script timeout. Now under IIS 7 - where the heck is the setting to increase the script timeout? Well there are several now.
Here's a link of some of the available settings: http://www.iis.net/ConfigReference/system.webServer/asp/limits
This is what I used to figure it out and with some experimentation determined the magic configuration was the bufferinglimit attribute. I increased it to the maximum.
Here's a link of some of the available settings: http://www.iis.net/ConfigReference/system.webServer/asp/limits
This is what I used to figure it out and with some experimentation determined the magic configuration was the bufferinglimit attribute. I increased it to the maximum.
Tuesday, December 16, 2008
Creating ConfigMgr Collections containing systems with Computer Associations
Wow, that title is a mouthful eh?
Essentially this blog post is for those of you who want to automatically advertise task sequences based on SCCM computer associations. Here's two examples:
For a collection of systems based on the source resource in the computer association use the following:
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_StateMigration on SMS_StateMigration.SourceClientResourceID = SMS_R_System.ResourceID
For a collection of systems based on the target resource in the computer assocation you can use this (note that the state store path cannot be null with this query):
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_StateMigration on SMS_StateMigration.RestoreClientResourceID = SMS_R_System.ResourceID where SMS_StateMigration.StorePath not null
So there you go!
Essentially this blog post is for those of you who want to automatically advertise task sequences based on SCCM computer associations. Here's two examples:
For a collection of systems based on the source resource in the computer association use the following:
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_StateMigration on SMS_StateMigration.SourceClientResourceID = SMS_R_System.ResourceID
For a collection of systems based on the target resource in the computer assocation you can use this (note that the state store path cannot be null with this query):
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_StateMigration on SMS_StateMigration.RestoreClientResourceID = SMS_R_System.ResourceID where SMS_StateMigration.StorePath not null
So there you go!
Thursday, November 13, 2008
Configuration Manager OSD and the Dell E6400 / E4200
I've been working with a customer to create a standard XP SP2 image for multiple hardware models. One model that gave a few challenges is the Dell E6400.
The First Problem - Windows PE fails to identify the Intel 82567 when using the Dell provided driver.
The Windows PE boot image did not detect the network card and therefore did not receive an IP Address. I've experienced this sort of problem in the past when loading the DELL OEM device drivers. Sometimes they don't support Windows PE all that well. So, after going to Intel's site (http://downloadcenter.intel.com/download.aspx?url=/12197/eng/PROVISTA32_v13_3.exe&DwnldId=12197&ProductID=3003&lang=engeng) to get a driver that works properly for the Intel 82567 nic in these notebooks I was able to get an IP address in PE.
The Second Problem - Mass Storage drivers and Blue Screen of Death
As many of you probably know, XP will bluescreen at minisetup if it cannot access the hard drives and lacks drivers to do so. The root cause of this problem is that the mass storage drivers are not on the image you are applying. Fortunately Configuration Manager makes this easy to fix for us lucky chaps that have it. Unfortunately you still have a 19 in 20 chance of picking the wrong driver. Thank your lucky stars for this blog, as I will tell you which driver you need to use exactly and the steps involved.
The Fourth Problem - Errors with the IDT audio codec driver
The First Problem - Windows PE fails to identify the Intel 82567 when using the Dell provided driver.
The Windows PE boot image did not detect the network card and therefore did not receive an IP Address. I've experienced this sort of problem in the past when loading the DELL OEM device drivers. Sometimes they don't support Windows PE all that well. So, after going to Intel's site (http://downloadcenter.intel.com/download.aspx?url=/12197/eng/PROVISTA32_v13_3.exe&DwnldId=12197&ProductID=3003&lang=engeng) to get a driver that works properly for the Intel 82567 nic in these notebooks I was able to get an IP address in PE.
The Second Problem - Mass Storage drivers and Blue Screen of Death
As many of you probably know, XP will bluescreen at minisetup if it cannot access the hard drives and lacks drivers to do so. The root cause of this problem is that the mass storage drivers are not on the image you are applying. Fortunately Configuration Manager makes this easy to fix for us lucky chaps that have it. Unfortunately you still have a 19 in 20 chance of picking the wrong driver. Thank your lucky stars for this blog, as I will tell you which driver you need to use exactly and the steps involved.
- Create a new driver package that only contains Mass Storage Drivers and nothing else. If you really wanted to you could create driver packages for each unique hardware model where you need specific Mass Storage Drivers applied, or you can do what I usually do and just put all mass storage drivers in one. I named mine 'XP Mass Storage Drivers'.
- Download the storage drivers from Dell's site and load them up into the Mass Storage Drivers package.
- Add a new step to your task sequence to Apply Driver Package. I named mine Apply Mass Storage Drivers for Dell E6400, but this will probably apply to other models as well as its Intel based. Under Driver Select the Intel ESB2 SATA RAID Controller. Then for Model select the Intel ICH8M-E/ICH9M-E SATA RAID Controller. Click Ok to save your task sequence.
- Now re-run the task sequence on your E6400 and your bluescreen problem should be resolved.
Don't you just love Configuration Manager!
The Third Problem - Ricoh Drivers
You may notice a base system device that is missing a driver. This is the Ricoh device for your SD/MMC included device. Dell has a driver, but SCCM won't automatically apply it. I ended up using a Lenovo driver to get this to work. I'm pretty sure this is the link I used... but there are several (http://www.downloadpipe.com/drivers/review-Ricoh-MMC-Host-Controller-1110691.html).
The Fourth Problem - Errors with the IDT audio codec driver
You may not run into this one. It really depends on how you build your reference image. I recommend putting your network drivers, and mass storage drivers into their own categories. This way you can build your reference image without loading audio/video drivers at all. If you do load up audio drivers and try to apply the reference image to other systems you may get errors that you cannot resolve. You will also need to apply MS KB835221. This KB is needed on XP whether you are deploying with SP2 or SP3.
So that is a how-to on the Dell E6400 and Dell E4200 for XP. Vista should be easier and I haven't attempted it yet.
Cheers!
Subscribe to:
Posts (Atom)
