System Center 2012 Configuration Manager RC2 is available!
For those who didn’t read it on Twitter, Facebook or mail yet, ConfigMgr 2012 RC2 is available for download! Last night I received the following mail:
Dear :
Thank you for downloading one or more System Center 2012 pre-release components. System Center 2012 Release Candidate is now available as part of the Microsoft private cloud evaluation:» Download Microsoft private cloud evaluation software
Enjoy!
Your TechNet Team
By starting the download I was pleasantly surprised to see that a part of this download is ConfigMgr 2012 RC2 (see picture).
Remember this?: Software Distribution is currently paused on this computer with ConfigMgr 2007
This is more of a remember this for my self then probably in general, as this is a problem that we don’t run into that much. Only for me it was the second time already, but I couldn’t directly remember anymore what the problem was. So this post will be more of a reminder for the eventually next time…
Also this will be a short post as it will just describe the problem we ran into with my current customer and what the solution was. The problem we ran into was that after we deployed a new machine we could advertise software to it, but the installation would never start. Looking into the execmgr.log we could see the following message: “This program cannot run because a reboot is in progress or software distribution is paused.”.
Well, the solution for this was actually quit simple, just the searching for it took a while… Looking into the registry we could see that the Software Distribution-State-Paused-key was set to 1 and changing this back to 0 resolved the problem. This key can be found in the following location:
- x86 - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Mobile Client\Software Distribution\State\
- x64 - HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\SMS\Mobile Client\Software Distribution\State\ (see picture)
We’re still not quite sure what caused this problem, but it seems to be something with ending a Task Sequence with a restart. After resolving the issue we found some other people with the same issue here and they are also guessing and linking it to the last step of the Task Sequence.
Remember this?: Re-run Advertisement for one (or more) specific client(s) with ConfigMgr 2007
I’m not sure if this is going to be a ‘remember this’ –series, but at least in this case it fits really good. We all know it, but sometimes we need a refreshment.
We all know those scenario’s where we send an Advertisement to a Collection of clients and for some reason we may want to rerun the Advertisement for only one (or more) specific client(s). In this case we can use the general rerun options of an Advertisement (like always rerun), but they will affect all clients in the collection and won’t work for user-targeted Advertisements. So what’s left in this case? Well the option I like the most is that there is a registry change that we can make to trick the Advertisement to run again. When we look at a client’s registry, we will see the following the following registry key (depending on the architecture).
- x86 - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Mobile Client\Software Distribution\Execution History\System\
- x64 - HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\SMS\Mobile Client\Software Distribution\Execution History\System\ (see picture)
As this key is located in the HKEY_LOCAL_MACHINE, it can also be found by opening regedit and then make a connection with a remote client. Under System we will find the PackageID of each Package that has previously run. When we now delete the PackageID, for the Program that we want to rerun, it will trigger the Program to run again (during the next evaluation) even though it already completed successfully.
To find the PackageID that we need we can open the Configuration Manager Console and select the Packages –node (under Site Database > Computer Management > Software Distribution). In the overview there will be a list of all the packages with the corresponding PackageID.
System Center 2012 Endpoint Protection point in System Center 2012 Configuration Manager (RC)
Last week there was finally another update on ConfigMgr 2012. Besides some small changes, they also slightly changed the name of the products in the System Center –family. It all (including Endpoint Protection) now starts with System Center 2012!
This post will be about the new Endpoint Protection point in System Center 2012 Configuration Manager. During the beta’s it was already clear that Microsoft was going to change something about the integration of ConfigMgr 2012 and FEP 2012, and they did! They removed the Endpoint Protection from the Forefront –family and fully integrated it with ConfigMgr 2012!
I also mentioned before that I’m not really the “step-by-step guide maker”, but in some cases there are exceptions and this is another one of these cases. In this post I will show how to install the Endpoint Protection point and at the end some of the nicest/ biggest changes, so enjoy!
|
Go to Administration > Site Configuration > Sites and select Add Site System Roles in the ribon. |
 |
|
On the General page Browse to the specific Site Server, select the Site Code and click Next. |
 |
|
On the System Role Selection page select Endpoint Protection point and click Next. |
 |
|
On the Endpoint Protection page select I accept the Endpoint Protection license terms and click Next. |
 |
|
On the Microsoft Active Protection Service page select whether or not you want to join the Microsoft Active Protection Service and click Next. |
 |
|
On the Summary page click Next. |
 |
|
On the Progress page just wait… |
 |
|
On the Completion page click Close. |
 |
Received the Microsoft Community Contributor 2011 award!
Today I was pleasantly surprised that I received the following mail from Microsoft.
Congratulations! We’re pleased to inform you that your contributions to Microsoft online technical communities have been recognized with the Microsoft Community Contributor Award.
The Microsoft Community Contributor Award is reserved for participants who have made notable contributions in Microsoft online community forums such as TechNet, MSDN and Answers. The value of these resources is greatly enhanced by participants like you, who voluntarily contribute your time and energy to improve the online community experience for others.
Thank you Microsoft!
System Center 2012 Configuration Manager RC1 is available!
For those who didn’t read it on Twitter (my Twitter almost exploded), Facebook or mail yet, ConfigMgr 2012 RC1 is available for download! For more information, read here the mail of Microsoft Connect:
We are extremely excited to announce the availability of the release candidates for System Center 2012 Configuration Manager and System Center 2012 Endpoint Protection (formerly known as Forefront Endpoint Protection 2012) today. Both releases are available through a single download package on the Microsoft Download Center. You can learn more about this release at our Server and Cloud Platform blog.
Thank you for your on-going program participation and product feedback as it was instrumental in achieving this important milestone!
Our next CEP session will focus on the System Center 2012 Configuration Manager Release Candidate. Adwait Joshi, Technical Product Manager for Configuration Manager, will discuss improvements and what’s new in RC. We hope you will join this session and hear first-hand about the features now available!
Configuration Manager CEP Online Meeting
System Center 2012 Configuration Manager RC
Wednesday, November 2, 2011
9:00 – 10:30 AM PST
Online Meeting Information
Thank you,
The Configuration Manager Community Evaluation Program Team
cmcep@microsoft.com | https://connect.microsoft.com/ConfigurationManagervnext
ConfigMgr 2007 and creating a non-recurring Maintenance Window by script
At my current customer they’re not using the Software Updates of ConfigMgr 2007 (yet), but there was a wish for a more controlled company-wide deployment without having to change all the current advertisements (and the whole deployment system). So the idea came to create (and delete) maintenance windows by script (when needed).
Luckily the ConfigMgr 2007 SDK has some pretty straight forward examples of creating and deleting maintenance windows (see also the links at the end of this post). Deleting a maintenance window was almost just copy-paste from the SDK, the tricky part was creating a maintenance window and then especially the non-recurring schedule. At the end, this is (the short version of) what we ended up with:
'====================================================
' MAIN - Set connection, schedule and call
'====================================================
Set Connection = ConnectToSMSProvider("SiteServerName")
Schedule = NonRecurringScheduleString(connection, 3, “StartTimeInWMIFormat”, FALSE)
CreateMaintenanceWindow(connection, "CollectionID", "Name of Maintenance Window", "", Schedule, TRUE, 1)'====================================================
' Sub to add a Maintenance Window to a Collection
'====================================================
Sub CreateMaintenanceWindow(connection, targetCollectionID, newMaintenanceWindowName, newMaintenanceWindowDescription, newMaintenanceWindowServiceWindowSchedules, _
newMaintenanceWindowIsEnabled, newMaintenanceWindowServiceWindowType)
Set allCollectionSettings = connection.ExecQuery("Select * From SMS_CollectionSettings Where CollectionID = '" & targetCollectionID & "'")
If allCollectionSettings.Count = 0 Then
Set collectionSettingsInstance = connection.Get("SMS_CollectionSettings").SpawnInstance_
collectionSettingsInstance.CollectionID = targetCollectionID
collectionSettingsInstance.Put_
End If
Set collectionSettingsInstance = connection.Get("SMS_CollectionSettings.CollectionID='" & targetCollectionID &"'" )
Set tempServiceWindowObject = connection.Get("SMS_ServiceWindow").SpawnInstance_
tempServiceWindowObject.Name = newMaintenanceWindowName
tempServiceWindowObject.Description = newMaintenanceWindowDescription
tempServiceWindowObject.ServiceWindowSchedules = newMaintenanceWindowServiceWindowSchedules
tempServiceWindowObject.IsEnabled = newMaintenanceWindowIsEnabled
tempServiceWindowObject.ServiceWindowType = newMaintenanceWindowServiceWindowType
tempServiceWindowArray = collectionSettingsInstance.ServiceWindows
ReDim Preserve tempServiceWindowArray (Ubound(tempServiceWindowArray) + 1)
Set tempServiceWindowArray(Ubound(tempServiceWindowArray)) = tempServiceWindowObject
collectionSettingsInstance.ServiceWindows = tempServiceWindowArray
collectionSettingsInstance.Put_
End Sub'====================================================
' Function to RETURN a Non Recurring Schedule
'====================================================
Function NonRecurringScheduleString(connection, hourDuration, startTime, isGmt)
Set recurInterval = connection.Get("SMS_ST_NonRecurring").SpawnInstance_()
recurInterval.StartTime = startTime
recurInterval.DayDuration = 0
recurInterval.HourDuration = hourDuration
recurInterval.MinuteDuration = 0
recurInterval.IsGMT = isGmt
Set clsScheduleMethod = connection.Get("SMS_ScheduleMethods")
clsScheduleMethod.WriteToString Array(recurInterval), scheduleString
NonRecurringScheduleString = scheduleString
End Function'====================================================
' Function to RETURN a Date/Time in WMI Format
'====================================================
Function ConvertToWMIDate(strDate)
strYear = year(strDate):strMonth = month(strDate)
strDay = day(strDate):strHour = hour(strDate)
strMinute = minute(strDate)
If len(strmonth) = 1 Then strMonth = "0" & strMonth
If len(strDay) = 1 Then strDay = "0" & strDay
If len(strHour) = 1 Then strHour = "0" & strHour
If len(strMinute) = 1 Then strMinute = "0" & strMinute
ConvertToWMIDate = strYear & strMonth & strDay & strHour & strMinute & "00.000000+***"
End Function'====================================================
' Function to RETURN a Connection to the SMS Provider
'====================================================
Function ConnectToSMSProvider(ServerName)
Set objSWbemLocator = CreateObject("WbemScripting.SWbemLocator")
Set objSWbemServices = objSWbemLocator.ConnectServer(ServerName, "root\sms")
Set ProviderLocation = objSWbemServices.InstancesOf("SMS_ProviderLocation")
For Each Location In ProviderLocation
If Location.ProviderForLocalSite = True Then
Set objSWbemServices = objSWbemLocator.ConnectServer(Location.Machine, "root\sms\site_" + Location.SiteCode)
Set ConnectToSMSProvider = objSWbemServices
End If
Next
End Function
More information about creating a maintenance window: http://msdn.microsoft.com/en-us/library/cc146686.aspx
More information about deleting a maintenance window: http://msdn.microsoft.com/en-us/library/cc143140.aspx
Application Relationships in ConfigMgr 2012 (B2)
As we all know now for a while already, ConfigMgr 2012 (B2) has a new Application Model. The old fashion Packages are still possible, but there is nothing changed and no features added. They are just there to make a migration easier… Instead we’ve got Applications now, which make it easier to detect installed products, to create dependencies, to supersede, etc.. This post I want shine a light on the different relationships of an Application. ConfigMgr 2012 (B2) knows three different types of relationships for an Application:
- Dependencies
- Supersedence
- Global Conditions
Dependencies
Let’s start with the first relationship, dependencies. Dependencies make it easy to specify the software prerequisites of an Application. The cool thing is that this can be multiple things and it can even contain AND and OR statements. For example it’s possible to say that Adobe Reader 9.0 OR Adobe Reader X needs to be present. Besides that it’s also possible to define what needs to be done when neither of them is present. It’s possible to specify which version needs to be auto-installed, or it’s possible to just let it do nothing.
Also good to notice is that this can be done per Deployment Type. See as example the picture on the right. This picture shows the 7-Zip Application, which contains three Deployment Types. One x86 -version, one x64 -version and one App-V –version. This App-V version has as dependency that the App-V Desktop Client needs to be installed.
Supersedence
The second relationship is supersedence. Supersedence makes it easy for an administrator to create a relationship between two Applications and “declare” one Application newer than another previous Application. This is actually the same idea that is used with Software Updates already for years now. The supersedence –relationship needs to be specified on an Application –level, but the actions can be specified on a Deployment Type –level. This makes it possible to specify per Deployment Type what the new Deployment Type will be and whether the old version needs to be uninstalled, or that the new version will do an upgrade to the old version (default is upgrade). By specifying the uninstall option, the uninstall command of the superseded Application will be used.
See as example the picture above. This picture shows the new 7-Zip Application, which contains two Deployment Types. One x86 –version and one x64 –version. The x86 –version supersedes the x86 –version of the old Application and the x64 –version supersedes the x64 –version of the old Application.
Global Conditions
The third relationship is Global Conditions. Global Conditions are the most “variable” relationship, because these conditions can be almost everything. Actually Global Condition is, in my opinion, not even the correct term here, it should be Requirement Rules. The relation between these two is that a Global Condition has to be added to a Requirement Rule to be evaluated. Besides this a Global Condition can contain one or more System Attributes, which can be anything from WMI Queries until Registry Values. The extra cool thing is that Global Conditions can be assigned per Deployment Type. This makes it possible to deploy multiple Deployment Types to the same (User) Collection, but only the one which has all requirements met will be truly deployed.
See as example the picture on the right. This picture shows the x64 –version Deployment Type of the 7-Zip Application, which contains three Requirement Rules. One for the required Free Disk Space, one for Desktop Type and one for Primary Device. In this case this means that there has to 100 Mb free disk space AND it has to be a x64 –system AND it has to be the users primary device.
Think of all the possibilities this will generate, like deploying the App-V –version Deployment Type only to non primary devices. There is a whole new world going open!
Using USMT 4.0 and ConfigMgr 2007 while migrating from local profiles to partially redirected profiles
This time I want to devote a post to a situation I haven’t been in that often. The customer was migrating from Windows XP to Windows 7, well.. nothing special here, but also migrating from local profiles to (partially) redirected profiles, well.. that’s a challenge. So to capture the userdata AND -settings we had to come up with something special. Of course we could do some things with scripting, but the biggest challenge was the fact that the new (partially redirected) profile location was only available after the first logon to Windows 7.
With this information I started thinking about USMT 4.0 again. Most often you use this to migrate on a computer basis, but we made an exception on this. We came up with the following five steps that should do the trick:
- (On Windows XP) A batch file that kicks of Scanstate. Nothing special here, just used /uel:1 or /uel:0 to get the user profile we need (0=Logged on user, 1=Modified accounts last 24 hours).
- (On Windows XP) A batch file that copies the captured data and settings to the users share on the network.
- (On Windows 7) A batch file that copies the captured data and settings back to a local drive.
- (On Windows 7) A batch file that kicks of Loadstate. Nothing special here, just used /ue to exclude some possible captured local/ admin account.
- (On Windows 7) A batch file that copies the last bits of data straight in to the redirected profile.
The important part is something a didn’t mention yet. In the migration XML files there is the possibility to copy data to an alternative location and that’s what we used for the parts of the profile that would get redirected. The reason for that is simple, because the SYSTEM account has no security rights to write something to there, as it is a network location. Here is a sample of the part we added to the migration XML files:
<locationModify script="MigXmlHelper.RelativeMove('%CSIDL_DESKTOP%\', 'C:\Temp\Desktop')">
<objectSet>
<pattern type="File">%CSIDL_DESKTOP%\* [*]</pattern>
</objectSet>
</locationModify>
This specific part would copy the desktop items to C:\Temp\Desktop instead of the desktop location in the (redirected) profile. Also important to note is that, in this case, all the copy actions have to run with user rights, as it’s all copied to the users directory.
Auto Deployment of FEP Definition Updates with ConfigMgr 2007
This week Microsoft released Forefront Endpoint Protection (FEP) 2010 Update Rollup 1 (including some extra tools). The tools update included some extra policies and also a Definition Update Automation Tool. Together with this, there was also an article published about Definition Update Automation with Configuration Manager.
Personally I don’t like the idea of creating a new Task with the Windows Task Scheduler, while we’ve got Status Filter Rules within ConfigMgr. With these rules we can make a “connection” between the scheduled synchronization of the Software Update Point (SUP) and the start of the Definition Update Automation Tool. Otherwise the tool might run while there hasn’t been a new synchronization of the SUP. To prevent this, I will show in this post how to create the Status Filter Rule.
The prerequisites for this post are the same as mentioned in Definition Update Automation with Configuration Manager.
|
Open the fepsuasetup.cab file and copy SoftwareUpdateAutomation.exe to <Installationdirectory>\AdminUI\bin |
|
|
In the ConfigMgr Console browse to Site Database > Site Management > <Sitename> > Site Settings > Status Filter Rules and select New Status Filter Rule in the Actions pane. |
 |
|
On the General page, fill in a Name, select as Source ConfigMgr Server, select as Component SMS_WSUS_SYNC_MANAGER, fill in as Message ID 6702 and click Next. This makes sure that every time the SMS_WSUS_SYNC_MANAGER is DONE this action (which we configure in the next step) will start. |
 |
|
On the Actions page, select Run a Program, fill in as commandline “<Installationdirectory>\AdminUI\bin\SoftwareUpdateAutomation.exe” |
 |
|
On the Summary page and click Next. |
 |
|
On the Summary page and click Finish. |
 |
Download Microsoft Forefront Endpoint Protection (FEP) 2010 Update Rollup 1 Tools: http://www.microsoft.com/download/en/details.aspx?id=26613
Update 18-07: There are some issues discovered with the new tool, take a look here for more information and solutions: http://blogs.technet.com/b/clientsecurity/archive/2011/07/18/errors-when-using-the-fep-2010-definition-update-automation-tool.aspx
Update 01-11: A new version of the Definition Update Automation Tool has been released. This version refreshes the Distribution Point by default and has a new option to disable that behavior (/DisableRefreshDP): http://blogs.technet.com/b/configmgrteam/archive/2011/11/01/how-to-use-definition-update-automation-tool-for-forefront-endpoint-protection-2010-update-rollup-1.aspx
About Me
I'm Peter van der Woude, I'm 27 years old and I'm living together with my wife and son in the Netherlands.
Currently I work for Login Consultants. At this moment my main focus is System Center Configuration Manager 2007 (ConfigMgr 2007) and I love it!.
Awards
- No Tweets Available
Recent Posts
- System Center 2012 Configuration Manager RC2 is available!
- Remember this?: Software Distribution is currently paused on this computer with ConfigMgr 2007
- Remember this?: Re-run Advertisement for one (or more) specific client(s) with ConfigMgr 2007
- System Center 2012 Endpoint Protection point in System Center 2012 Configuration Manager (RC)
- Received the Microsoft Community Contributor 2011 award!
Calendar
Categories
- App-V 4.5
- App-V 4.5 CU1
- App-V 4.6
- Applications
- Asset Intelligence
- Award
- Certificates
- Collections
- ConfigMgr 2007
- ConfigMgr 2012
- ConfigMgr vNext
- Distribution Point
- Distribution Point
- Endpoint Protection Point
- FEP 2010
- FEP 2012
- Maintenance Windows
- MDT 2010
- MDT 2012
- Microsoft Community Contributor
- Modena
- Native Mode
- PXE Service Point
- Reporting Services
- Scripting
- Site Backup
- Site Boundaries
- Software Distribution
- Software Updates
- Task Sequence
- Task Sequence
- Uncategorized
- USMT 4.0
- Windows 7
- WSUS 3.0 SP1
Blogroll
- ConfigMgr Technet forum
- Omar's Blog on Systems Management (http://oehoeven.spaces.live.com/)
- Showing you how to do IT (http://www.windows-noob.com/)
- System Management Repository (http://sysmgmt.wordpress.com/)
Visitor Locations