SCCM diet

Online notes for reference

Tag Archives: SCCM

Replicating SCCM DB and adding replicated DB to SCCM Reporting – Part 3

In Part 1 I backed up the SCCM database and copied the backed up data base files to a different SQL server. I also attached the data base files and created the database

In Part 2 I created a SQL job to run daily . This job will copy the backed up files from SCCM database server. Then this job will attach the copied database files .

Part 3

Part 1 & Part 2 were dedicated to standing up the alternate SCCM database.

In Part 3 I am going to detail the steps necessary to prepare machine from where reports will be authored.

In order to author SQL reports from a workstation , SQL database server ( SQL01 in this case) needs to trust the workstation.

This is done by exporting the server certificate from SQL database server where copied database is hosted from and importing it on workstation where reports will be authored.

Perform these steps on the SQL database server where replicated database is hosted (SQL01 in this case)

Open mmc – click on file and add remove snap-ins

Select Certificated and click on add

DBRepl23

Select computer account and click next

 

DBRepl24

Select local computer and click finish

 

DBRepl25

Click OK

 

DBRepl26

Now go to Certificates -> Personal->Certificates

 

DBRepl27

Select the Server authentication certificate and right click -> All tasks ->Export

 

DBRepl28

On the welcome certificate export wizard click next

 

 

DBRepl29

Leave default selected , No, Do not export the private key  and click next

 

 

DBRepl30

 

Leave default selected DER encoded binary X.509 and click next

DBRepl31

Browse and provide the path to the certificate and a name of the file and click next

DBRepl32

Click finish to complete the export

 

 

DBRepl33

Click OK and finish

 

DBRepl34

Copy the exported certificate to the workstation which will be used to author reports. This steps needs to be on all the machines which will be used to creating reports.

Right click the certificate and click on install certificate

 

 

DBRepl35

This will open the import certificate wizard , Click next

 

DBRepl37

 

Browse to certificate store and select Trusted Root Certification Authorities store and click next

DBRepl38

Click finish to finish the import

 

 

DBRepl39

Click OK

 

 

DBRepl40

To verify if the certificate is present in the certificate store , Open mmc , add certificate snap-in for local computer.

Go to Trust root certification authorities and on the right side as highlighted SQL01 certificate is present.

DBRepl41

 

 

This concludes Part 3

Advertisements

Deploying Office 2013 application with SCCM 2012

This post describes creating SCCM Office 2013 application and installing it from client computer using application catalog.

Office 2013 is available from Microsoft to download for evaluation for 60 days. There are two versions of Office 2013 install that are available.

Volume Licence

Retail

You can download retain version from evaluation site. However retail version does include the customization binaries. Customization binaries are needed to customize the Office 2013 install.

Download them from here

Extract the downloaded files and copy the admin folder to office2013 source files folder

Office2013-01

 

To start the customization , Open admin command prompt and go office2013 source folder and type in

setup.exe /admin .

Office2013-02

Setup.exe /admin open prompt to create a setup customization file . Select create new file and click ok

Here is the technet link to Microsoft Customization Tool.

 

Office2013-03

Welcome scree tell you that you are about to create a MSP file that will store all the customization

 

 

Office2013-04

Provide the install location and Origination Name

 

Office2013-05

Enter the product Key

Accept the licence agreement.

Set display level to none. For enterprise use display level none is recommended because the install then does not wait for any user input. However if display level none is selected it is also recommended that users be made aware to close all the open office files.

When display level none is selected completion notice and No cancel does not apply so does not matter if they are checked or note.

Suppress modal will not show any warnings if any files are open or if there are any errors it wont pop up on the screen.

 

 

Office2013-06

 

Next is Modify setup properties

Here is link to all the setup properties for office 2013.

Office2013-07

Add a setup property HIDEUPDATEUI and add value True . This will hide the update prompt at the start

 

 

Office2013-08

Click on add again and add another property SETUP_REBOOT and set the value to AutoIfNeeded.

Based on the office install if the a reboot is needed system will reboot after installation.

 

 

 

Office2013-09

Next to Modify user settings -> office 2013 ->Privacy->Trust Center and disable Opt-in Wizard on first run.

 

 

Office2013-10

 

Next is set feature installation states – and remove Microsoft access , Microsoft Publisher, Microsoft infopath, Microsoft Lync. (Later in the post I will verify if these components are actually not installed)

 

Office2013-11

Click on File and save as , Save this to updates folder in office 2013 source files folder

 

 

 

Office2013-12

I named the file Office2012setup.msp . This completes the msp creation process

 

Office2013-13

I am not ready to create the application . Go to SCCM console -> Software Library -> Overview -> Application Management right click create new application

 

 

 

Office2013-14

Provide the msi file path  (If it is Volume licence version folder name is proplus and if it is retail version folder name if proplusr )

\\cm01\Sources\applications\office2013\proplusr.ww\proplusrww.msi

 

 

Office2013-15

SCCM will automatically import all the information from the msi

 

 

Office2013-16

Provide the name of application , Fill in any other fields as necessary

 

 

 

 

Office2013-17

Review the summary and click Next

 

 

Office2013-18

This finishes adding application with basic settings to SCCM

 

 

 

 

Office2013-19

Now select the application from console and from the bottom screen select deployment types

right click and properties and click on content tab

Content location will be \\cm01\sources\application\office2013\proplusr.ww

Change it to \\cm01\sources\application\office2013

 

 

Office2013-20

 

Click on programs tab and change the installation program to setup.exe

Change the uninstall program to setup.exe /uninstall proplusr .

Click on apply OK to finish.

 

Office2013-21

At this point application is ready to distributed to distribution points . Once application is distributed to all distribution points .

Now create a collection of users to whom this application will be deployed.

Create a deployment to deploy this application to users.

Browse to provide the application

Browse again point to the collection you created previously and click next

 

 

Office2013-22

Content will show on which distribution points this application resides

 

 

Office2013-23

Click next

In deployment settings , Choose action install and purpose as available .

Click next

 

 

Office2013-24

I am want application to available immediately , Click next

 

 

Office2013-25

click next leaving defaults

 

 

Office2013-26

Review the summary if changes are needed at this point go back and fix them .

If every this is ok , click next

 

 

Office2013-27

Review the completion notice and click close

 

 

Office2013-28

After the deployment is complete , Go to users machine and login with the same user account which the member of the collection where the application is advertised ( errr… or deployed I meant)

Go to software center and click on application catalog website and you will see Office application if the policy is updated

 

 

Office2013-29

Select the application and click on Install

 

 

 

Office2013-30

click Yes

 

 

Office2013-31

 

 

 

Office2013-32

Application will prepare to download and then it will download the applicaiton

 

Office2013-33

At this point application install status can be checked from software center.

 

 

Office2013-34

Once install is finished , Software center displays message the application install was successful

 

 

 

Office2013-35

Now go to start and expand office 2013 and review

As seen  – Microsoft access , Microsoft Infopath , Microsoft Lync and Microsoft Publisher and not installed as configured in the msp

 

 

Office2013-36

In order to uninstall office , Close any open office files and go to software center .

Under installed software , Select office and click on uninstall

 

 

 

Office2013-37

Click Yes to uninstall

 

 

 

Office2013-38

Progress bar displays office is being uninstalled

 

 

 

Office2013-39

 

Finally confirmation that office is uninstalled from the computer.

 

 

 

Office2013-40

 

 

This concludes the post !

SCCM 2012 Configuration Items, Configuration Baselines , Compliance Settings – Part 6

In Part 1 I discussed the basic of Compliance settings .

In part 2 I discussed the Active Directory Query Compliance item

In part 3 I discussed the Assembly Compliance item

In part 4 I discussed the file system compliance item

In part 5 I discussed the IIS metabase compliance item

Part 6 – Registry Key Compliance Item

With registry key compliance we can check if a certain registry key exist on the devices or not. Based on what I specify in the compliance rule I can then determine if the device is compliant or not.

To configure Registry Key compliance item , Go to Assets and compliance , compliance settings – Configuration item . Right click and new configuration item

P-Registry01

 

Provide the name of configuration item .  Click next

 

P-Registry02

Select all the operating system version to which this setting will apply .

P-Registry03

Now click on new to configure the configuration item

P-Registry04

 

Specify the name for setting CI-RegistryKey .

From setting type drop down select registry key

For hive name select HKEY_LOCAL_MACHINE from drop down and then click on browse to go the actual registry key

P-Registry05

 

If the registry key exists on the server where are you configuring the setting browse to the key and select . Else on the computer name field type in \\Computer_name and browse to registry key . Also ensure remote registry service is running

Now ensure the radio button – This key must exist on client devices is selected . Click OK

P-Registry06

Ensure that key name is selected and click ok

 

 

P-Registry07

Next step is to define the compliance rule, Compliance rule will determine how this setting is evaluated . Click on new

 

P-Registry08

Provide the name for Compliance rule and click on browse to select the compliance settings

 

 

P-Registry09

 

Select CI-RegistyKey and click on select

 

 

P-Registry10

 

Now select rule type as Existential from drop down

And ensure Registry key must exist on the client devices click ok

P-Registry11

Review the compliance settings and compliance rule, if everything looks ok click next

 

 

P-Registry12

SCCM is working its magic now

 

 

P-Registry13

This complete creation of Compliance setting

 

 

 

P-Registry14

 

Next step is to create Configuration baseline

Right click configuration baseline and select create configuration baseline

 

 

 

 

 

P-Registry15

 

Provide the name CB-RegistryKey . Click on add and select configuration item  . This will complete creation of configuration baseline.

 

 

P-Registry16

Select the configuration item  CI-RegistryPath  and click OK

 

 

P-Registry17

Next step is to deploy the configuration baseline to collection . Right click configuration baseline CB-RegistryKey and select deploy

 

 

 

P-Registry18

 

 

On the deployment configuration window , Ensure CB-RegistyKey is selected for baselines

select generate alert

Click on browse to point it to a device collection

on schedule , select every 3 hours for LAB , In production it should be every few days to distribute the load on client computers

 

 

P-Registry19

Now  , On the client computer , Go to control panel , configuration manager – click on configurations tab and select the configuration baseline  CB-RegistryKey

Click on evaluate  , This will check if the registry key exists on this computer or not

P-Registry20

 

After that click on View report to view local web style report

 

 

 

 

P-Registry21

 

This concludes part 6

SCCM 2012 Configuration Items, Configuration Baselines , Compliance Settings – Part 5

In Part 1 I discussed the basic of Compliance settings .

In part 2 I discussed the Active Directory Query Compliance items

In part 3 I discussed the Assembly Compliance items

In part 4 I discussed the file system compliance items

Part 5 – IIS Metabase Compliance item

IIS Metabase compliance item can look through IIS Server metabase and report compliance based on conditions defined in compliance rules.

There are changes made to IIS Metabase after IIS 6.0 and some of the functionality is moved to xml based configuration files.

If working with servers Windows 2008 and higher (which have versions of IIS greater than 6.0) there are certain prerequisites that need to completed.

On IIS servers running version greater than IIS 6.0 install IIS 6 metabase compatibility from server manager program and features

IISMetabase01

Download IIS 6.0 resource kit from here and install it on IIS servers to navigate and exlpore the IIS metabase.

Double click on resource kit installer

IISMetabase02

Click Next

 

 

IISMetabase03

 

Accept license agreement

 

IISMetabase04

Provide user name and company name and click next

 

 

IISMetabase05

 

Select custom and click next

 

IISMetabase06

Select the location or choose default location of install

IISMetabase07

Select Metabase explorer 1.6

IISMetabase08

Click Next

IISMetabase09

Click on finish

 

 

IISMetabase10

 

Open IIS metabase explorer as highlighted in the picture below . I am going to check the compliance for PID 3001 and if the path of the website on a webserver is c:\inetpub\wwwroot . If the path is c:\inetpub\wwwroot then the webserver is compliant

 

IISMetabase11

 

 

OK , With all that out of the way , Lets start with SCCM now

Go to Assets and Compliance -> Compliance Settings ->Configuration Items-> Right click Create Configuration item

IISMetabase12

 

Provide a name CI – IIS Metabase ( in this case)

 

 

 

 

 

IISMetabase13

Select the operating systems where this compliance item will apply , For IIS Metabase settings you may only want to choose where IIS is installed in the environment. Click next

 

 

 

 

IISMetabase14

 

To create a configuration item for IIS , Click on new

IISMetabase15

 

Provide the name of setting, Select setting type as IIS Metabase , Data type string

For metabase path as explained in this post in the beginning  will be LM ( for local server) , Property ID 3001 for the path .

Click OK

 

 

IISMetabase16

 

Click on New to create a compliance rule on how this configuration setting will be evaluated by SCCM

 

 

IISMetabase17

Provide the name for Compliance rule and click on browse to select the compliance setting

IISMetabase18

Select IIS metabase compliance setting if not already selected  and click select .

 

 

IISMetabase19

Rule type select value

in rule specify c:\inetpub\wwwroot ( if pid 3001 value for W3SVC\1\ROOT  is c:\inetpub\wwwroot then a machine will be in compliant state)

 

 

 

IISMetabase20

 

Click ok and Review the settings in this step , If anything needs to changed , You can change it by going to previous steps

IISMetabase21

 

SCCM is working its magic 🙂

 

 

IISMetabase22

 

Next step is to create Compliance baseline . To create compliance baseline right click configuration baseline and select create configuration baseline

 

 

IISMetabase23

 

 

Provide a name for configuration baseline ( CB – IIS Metabse Settings)

IISMetabase24

Click on Add -> Configuration Items , Select CI -IIS Metabase created earlier and click OK

 

 

IISMetabase25

 

 

Once Configuration Baseline is created , I am ready to deploy it to Web servers collections . If you have not already created a collection until now , Create the collection first which has webs servers to evaluate IIS metabase compliance.

Right click the configuration baseline and select deploy

 

 

 

 

IISMetabase26

 

Make sure CB -IIS Metabase Settings is selected .

Select generate alert

Click on Browse and point it to web servers collections

Set evaluation schedule to run every three hours and click ok

IISMetabase27

 

 

Go to web server where the compliance is evaluated , Go to configuration manager client properties in control panel and select configurations tab . Click on evaluate to check if the machine in compliant or not

 

IISMetabase28

 

Click on view report to see detailed status.

 

 

 

 

IISMetabase29

 

This means that on server LABSERV1 default website has path c:\inetpub\wwwroot .

This concludes part 5

SCCM 2012 Configuration Items, Configuration Baselines , Compliance Settings – Part 4

In Part 1 I discussed the basic of Compliance settings .

In part 2 I discussed the Active Directory Query Compliance items

In part 3 I discussed the Assembly Compliance items

Part 4 – File system Compliance items 

File system compliance item can be used to search for a file or folder Including sub folders . Compliance can be reported for either a value of if the file or folder exists on the device or not.

I am going to check a existence of a file in the drive . ( C:\Scratch\file\Filecompliance.txt) if this text file exists , System is compliant else system will be non-compliant .

This machine below has the text file in location c:\scratch folder . Machine name is WIN8

P-File01

 

 

Machine below has c:\scratch folder but there is no file , So this machine will be non-compliant . Machine name is WIN7

P-file02

 

Well since that is out of the way . Let go to SCCM

Go to Compliance settings -> Configuration Items-> right click -> Create a new configuration item

P-File03

 

 

Provide Name – CI – FileSystem , Leave type as Windows and click next

 

P-File04

 

 

Select the operating system to which this configuration will apply . By default all operating systems are selected. Click Next

P-File05

 

This is where File System setting will be defined.  Click on New

P-File06

 

 

Specify the Name – It could be anything  . Here it is FileSystem .

From the drop down select the setting type as file system

Specify the path (c:\scratch) in this case

and name of the file  (FileCompliance.txt) in this case and Click OK.

 

P-File07

 

Next step is to create compliance rule  . Compliance rule will determine what to do when compliance setting is evaluated

 

P-File08

 

Type the name of compliance rule . Click to browse to select the configuration settings that I just created above

P-File09

 

Select FileSystem compliance settings , If not already selected and click select

P-File10

 

Specify the rule type as Existential . I want to check if the file exist in location c:\scratch on the computers . Click OK.

P-File11

 

Click next

P-File12

This screen presents the summary , if changes are needed you can go back and change it from here

 

P-File13

 

 

SCCM is working its magic now 🙂

 

P-File14

 

Configuration item is created and summary is presented

P-File15

 

Next step is to create configuration baseline based upon configuration item that we just created

To create configuration baseline , Go to Configuration baseline under compliance settings and right new configuration baseline

 

P-File17

Provide the name of new configuration baseline

Click on add and select Configuration items

P-File18

Select the configuration item created earlier CI- FileSystem . Click on OK . This will create the configuration baseline.

P-File19

 

Next step is to deploy the configuration baseline to computers . Select the configuration item , right click  and select deploy.

P-File20

 

 

Make sure the configuration baseline is selected to the right CB-FileSystem

Select on generate an alert to generate a alert . I set to 90%

Point the deployment to compliance collections

Set the deployment schedule to run every 3 hours .

P-File21

 

Go the machine which has file present in c:\scratch folder. In my example this computer is WIN8

P-File22

 

Click on evaluate and then scroll to right to see the compliance status or click on view report

P-File23

 

Now go the system which does not have file in c:\scratch . In my case the computer name is WIN7

P-File24

Click on evaluate and scroll to right , As seen this machine is non-compliant . Click to view report to check detailed status

 

P-File25

 

This concludes part 4

 

 

SCCM 2012 Configuration Items, Configuration Baselines , Compliance Settings – Part 3

In Part 1 I discussed the basic of Compliance settings .

In part 2 I discussed the Active Directory Query Compliance items

Part 3 – Assembly Compliance settings

An assembly is code that applications can share. The global assembly is located under %systemroot%\Assembly .

P-Assembly01

In this post , I am going to verify if the Microsoft.VisualC assembly exists on computers on not. If it exists then a machine is compliant.

OK , Since that is out of the way , Lets get back to SCCM.

Under Assets and Compliance , Go to compliance settings -> Configuration items .

Right click configuration items and select new configuration item

 

P-Assembly02

 

Type in the name and description and click next

P-Assembly03

Select operating systems to which this setting will apply

P-Assembly04

 

On Specify settings for Operating System , Click on new

P-Assembly05

 

Type name Microsoft.VisualC , Setting type Assembly and then name of assembly for which compliance needs to be evaluated

P-Assembly06

 

Now specify the compliance rules , Compliance rules would determine how this compliance item is evaluated.

P-Assembly07

Specify the name and click on browse to select the compliance setting

 

P-Assembly08

Select Microsoft.VisualC from the list and click OK

P-Assembly09

 

Change the rule type to Existential . Select radio button setting must exist on client devices. Click OK

P-Assembly10

Review the summary , If changes need to made you can go back and change . If everything looks ok click next

P-Assembly11

SCCM is working its magic now 🙂

P-Assembly12

Compliance item created successfully .

P-Assembly13

Next step is to create Compliance baseline .

Go to Configuration Baseline , Right click Configuration baseline and select Create configuration baseline.

P-Assembly14

Provide name of the Configuration Baseline.

Click on add , select Configuration item from the list

P-Assembly15

 

Select the configuration item CI – Assembly – Microsoft.VisualC if not already added and click on add. Click OK

P-Assembly16

 

Next step is to deploy the base line to a device collection .

Right click CB – Assembly – Microsoft.visualC and select deploy .

 

 

 

 

P-Assembly17

Make sure CB – Assembly – Micrsoft.VisualC is selected.

Select on Generate alert .

Browse to device collection to evaluate the compliance for. Change the schedule to occur every 2 hours . For production large network you may want to set this to once a week or once every few days. Click OK .

 

P-Assembly18

 

Go to client computer to review compliance settings is applied to device . By going to control panel , click on configuration manager client and selecting configurations tab.

P-Assembly19

 

Click on view report to see expanded results .

 

P-Assembly20

 

This machine has Microsoft.visualC assembly and is therefore compliant .

This concludes Part 3

 

SCCM 2012 Configuration Items, Configuration Baselines , Compliance Settings – Part 2

In Part 1 I discussed the basic of Compliance settings .

Before proceeding to Part 2 create a device collection which will be used for deploying configuration baselines.

Part 2 – Active Directory query  Compliance settings.

I am going to create a Active directory configuration item , This configuration item will evaluate a Active directory property value to determine compliance.

Open ADSI edit tool and navigate to a object property . I am going to use attribute “isCriticalSystemObject” in Active directory compliance setting.

P-ADConfig01

OK , Since that is out of the way , Lets get back to SCCM.

Under Assets and Compliance , Go to compliance settings -> Configuration items .

Right click configuration items and select new configuration item

P-ADConfig02

 

Give name to Configuration item . Notice the type of configuration item is windows and click next

P-ADConfig03

Select the applicable operating system , Choosing all OS that you want to evaluate the compliance for

P-ADConfig04

 

This is where Configuration setting is defined . Click on new to start configuring the configuration item.

P-ADConfig05

Assign a name to configuration settings

Select Active Directory query from down for settings Name and data type string

LDAP prefix LDAP://

Distinguished Name   OU=MBAM Testing OU,OU=MBAM,DC=labserv,DC=net  ( I am only evaluating the compliance for OU name MBAM testing)

Search filter – (objectclass=*) means all types of object ( users, computers , printers etc )

Scope – select subtree if you need to evaluate the current OU as mentioned in Distinguished Name and all sub OU’s

Property – I am using property isCriticalSystemObject as explained above .

Once all this is done , Click apply OK.

P-ADConfig06

 

This is where Compliance rule is configured . Compliance rule determine how compliance item is reported after being evaluated.

Click on new

 

P-ADConfig07

Assign the name , click on browse to select the configuration item I just created.

 

P-ADConfig08

select the CI-Active Directory – IsCriticalSystemObject  configuration item and click select

P-ADConfig09

Select

Rule Type – value ( Because I am going to evaluate value for AD attribute isCriticalSystemObject

Select value equals FALSE

SO — Our compliance settings is if an AD object has a attribute isCritialSystemObject value FALSE , It will be a compliant object.

Click ok

P-ADConfig10

This is finalized screen with all the settings , If changes are needed there is still time and hope , You can go back 🙂

If everything looks good , click next

P-ADConfig11

SCCM is working its magic right now 🙂

P-ADConfig12

Final confirmation screen for Configuration item creation wizard.

P-ADConfig13

 

Once Configuration item is created , Next step is to create Configuration baseline.

Right click configuration baseline -> Create Configuration Baseline

P-ADConfig14

 

Provide a name for Configuration Baseline .

Under configuration data , Click on Add and select Configuration item

P-ADConfig15

Select the configuration item  CI – Active Directory – IsCriticalSystemObject and click on OK

P-ADConfig16

Now that the Configuration baseline is created , It is time to deploy it to collection

Right click the Configuration item and select deploy

P-ADConfig17

 

Select the configuration baseline CB – Active Directory – IsCriticalSystemObject

Also select Generate an alert when compliance is below 95% . Data and time when deployment should start.

Select the collection

For lab I updated the evaluation to every 2 hours . For production environments you want to keep it Once every few days.

 

 

P-ADConfig18

 

Go to a Client machine which has this compliance baseline applied . Go to control panel and open configuration management client

select configuration tab

 

Select the CB – Active Directory – IsCriticalSystemObject and click on evaluate. Then click on refresh

P-ADConfig191

Click on view report

It show this Compliance settings green and compliant

P-ADConfig20

 

 

This concludes Part 2

SCCM 2012 Configuration Items, Configuration Baselines , Compliance Settings – Part 1

Compliance Settings in SCCM 2012 can be used to evaluate a setting on devices and or users objects which are present in SCCM by targeting to devices or user collections.

To evaluate compliance , Configuration baselines are deployed to collections. Configuration baselines are made up of Configuration items and or software updates . Configuration items are further made up of configuration settings .

SCCM 2012 offers 3 different categories of settings  configuration items

1. Windows

2. Mobile Device

3. Mac OS X

P-Configuration01

In these posts I am going to cover Windows ( Operating system) Category since I don’t have Mobile OS and Mac OS in my lab.

Configuration settings structure 

Chart below explains how Configuration items and Configuration baselines works together to form Compliance settings

P-ConfigurationItems-1

Configuration Settings for Windows – Section 1 

There are total 10 configuration settings available to use in Windows Configurations items as outlined by red line in the picture above , But the scope of what can be achieved is great. Understanding these configuration settings is very important to effectively use compliance settings.

I am going to explain each of these settings with an example .

One or more of these configuration settings form a Configuration item.

Picture below show these windows settings available to use as seen in SCCM

P-Configuration02

Configuration Items – Section 2 

There are 3 types of Configuration items as show in section 2 + Software updates

In the post following this one I am going to cover Windows Configuration item from section 2 .

Note – Though software Update is a configuration settings it cannot be configured from level 1 and can only be added from level 2 up directly to configuration baseline.

Configuration Baseline – Section 3

Configuration baseline is group which could consist of

one configuration item

One or more configuration item

configuration items and software update

software update only

SCCM Collections – Section 4

Configuration baselines are applied to SCCM collections and that is where compliance is evaluated . One collection can have multiple configuration baselines applied at one point in time.

Compliance can be evaluated for device collections or user collections.

From next post I am going to start configuring these settings .

Enable Compliance from Device policies

P-Configuration03

Ensure Compliance evaluation on client is set to Yes . I changed the compliance evaluation schedule to every 3 hours . However based on an organization requirement it could either default once a week or higher.

Compliance evaluation has some implications for clients activity therefore very frequent compliance evaluations can slow down clients.

This concludes Part 1

 

Installing RightFax 10 client using SCCM

Part 1 – Getting right drivers on Windows 7 x64 machine.

Scenario

Windows 7 x64 , SCCM and Rightfax 10 and Printer drivers installed during OSD

To install Rightfax 10 on windows 7 x64 bit requires HP LaserJet 4 printer drivers. These drivers are no longer shipped with Windows 7 and therefore needs to be downloaded from Microsoft catalogue update website . Since HP website also redirects you to windows update website.

After downloading and unzipping the file there is folder starting with AMD64 . Microsoft update catalogue  website will have drivers for x86 , AMD64 and IA64 .

For windows 7 x64 only AMD64 drivers are needed.

When Rightfax installs it will install HP LaserJet 4250 PCL6 for RightFax Fax printer

Create a package in SCCM without program

Unzip the driver file and create a package in SCCM without any install program and distribute it to distribution points

Adding Drivers to OSD task sequence in SCCM

Once driver package is distributed edit the SCCM OSD task sequence to  install printer drivers by using run command line ,

Check disable 64 bit redirection , Since pnputil is 32 bit

Xxxxxx is the package ID of drivers

cmd.exe /c pnputil.exe -i -a %_SMSTSxxxxxx%\*.inf

Part 2 – Installing rightfax Client software using SCCM

Rightfax software DVD has a client install folder which contains all the files needed to install the client. There is a prereqs folder in client install folder which contains all the prereqs software needed for client install

Following are prereqs for Rightfax 10 client install

.Net 4.0

Visual Studio 2008 C++ Redistribution

Visual Studio 2010 C++ Redistribution

Visual Studio 2010 Tools for Office Runtime x64

Copy the Client folder to SCCM and create a package .  Add the following to a batch file and save in it the same source folder

dotNetFx40_Full_x86_x64.exe /q /norestart

VS2008_vcredist_x86.exe /qn

VS2010_vcredist_x86.exe /q /repair /norestart

vstor40_x64.exe /q

Rightfax print processor   (This step creates printer driver but the folder rightfax is not created)

msiexec.exe /i “rightfax print processor x64.msi” /qn RUNFROMSETUP=1 INSTALLDIR=”C:\Program Files (x86)\RightFax\”

Rightfax client install

msiexec.exe /i “rightfax product suite – client.msi” /qn REBOOT=ReallySuppress RUNBYRIGHTFAXSETUP=2 CONFIGUREFAXCTRL=1 CONFIGUREFAXUTIL=1 ADDLOCAL=”FaxUtil,FaxCtrl” NETID=2 INSTALLDIR=”C:\Program Files (x86)\RightFax” RFSERVERNAME=Yourfaxserver_name

Create a program with following settings

Image

Create an advertisement to install the software

copype and makewinpemedia commands

To have windows PE boot images in SCCM 2012 , ADK install is required.

After ADK is installed boot images are placed in

Program Files (86)\Windows kits\8.1\Assessment and deployment kit\Windows Preinstallation envirnoment \x86 and or amd64\en-us\winpe.wim

Copype command will copy copy winpe.wim and related files to the destination folder and also rename winpe.wim to boot.wim

Copype x86 c:\winpe_x86

This command will copy x86 winpe environment to c:\winpe_x86 folder

Copype amd64 c:\winpe_amd64

This command will copy amd64 environment to c:\winpe_amd64 folder

Makewinpemedia will create a bootable winpe iso file.

This will create a bootable iso from winpe media.

Makewinpemedia /iso c:\winpe_amd64 c:\winpe_x64\winpe_amd64.iso

SMSTS logs during OSD

Depending on what stage OSD is location of Task Sequence logs could be different –

Before your hard drive is formatted and partitioned
X:\windows\temp\smstslog\

After your hard drive is partitioned formatted
X:\smstslog\ and then is in C:\_SMSTaskSequence\logs\smstslog\

Within Windows
Within Windows before the SCCM agent is installed:
C:\_SMSTaskSequence\logs\smstslog\

Within Windows after the SCCM agent installed:
C:\windows\system32\ccm\logs\smstslog\

When the Task Sequence completes on a x86
C:\windows\system32\ccm\logs\

For x64 Systems
C:\windows\SysWOW64\ccm\logs\

Adding Printer Driver to OSD TS

To add printer driver during OSD , Do the following

Extract the printer driver , Create a package without a program and distribute it.

In the OSD task sequence add run command line as shown ( Where xxxxx is the package ID )

P-PrinterDriver

Connecting to Windows Internal DB

Connecting to Windows Internal DB

To connect to windows internal DB –
Open SQL management studio with elevated privileges.
Select server type – Database engine
Server Name – \\.\pipe\MICROSOFT##WID\tsql\query ( for windows server 2012 )
Server Name – \\.\pipe\MSSQL$MICROSOFT##SSEE\sql\query (for windows server 2008)
Authentication – Windows Authentication
This was needed to change the single user SUSDB to multiuser SUSDB
Following error on SUSDB was corrected using above method and then making DB a multi user DB
system.data.sqlclient.sqlexception (0X80131904) the database is in single-user mode