Overlapping Boundaries and ConfigMgr 2012
In ConfigMgr 2007 everybody's first reaction about overlapping boundaries was “don’t do it!”, but is that the same in ConfigMgr 2012? Well, the answer on that differs per situation. In this post I will describe the three different situations/ scenario’s about overlapping boundaries and ConfigMgr 2012.
- Scenario 1 – Overlapping boundaries for automatic site assignment: NOT supported! The site to which the client will assign is still unpredictable when there are multiple boundary groups that includes the current network location of the client (and of course, the boundary groups are assigned to different sites).
- Scenario 2 – Overlapping boundaries for content locations: Supported! It will enable the client to get a list of all the content locations that are connected with a boundary group that includes the current network location of the client. So it creates a sort of fallback scenario.
- Scenario 3 – Overlapping boundaries across a ConfigMgr 2012 and a ConfigMgr 2007 hierarchy (specific for automatic site assignment):
- Supported for ConfigMgr 2012 –clients. ConfigMgr 2012 –clients are able to check the version of the CofigMgr –site and they can’t assign to a ConfigMgr 2007 –site.
- Not supported for ConfigMgr 2007 –clients. ConfigMgr 2007 –clients are not able to check the version of the CofigMgr –site and they can incorrectly assign to a ConfigMgr 2012 –site.
So how can we prevent to get into one of these situations? Well, that actually easier then we might think. For ConfigMgr 2012 –sites it is possible to add a boundary to multiple boundary groups. Also it’s possible to use a boundary group only for site assignment (red square in the picture), or only for content locations (green square in the picture). So this makes it possible to use a set of boundary groups for automatic site assignment and a different set of boundary groups for content locations. This can help to avoid the overlapping boundaries for automatic site assignment.
Besides that it’s almost not possible to avoid the overlapping boundaries between the different hierarchies… The only thing that can done to stop the problems, is to stop automatic site assignment for ConfigMgr 2007 –clients. This avoids the ConfigMgr 2007 –clients from automatic assigning to the wrong site and the ConfigMgr 2012 –clients will keep on assigning to their own site.
See for more information: http://technet.microsoft.com/en-us/library/gg712679.aspx
System Center 2012 Configuration Manager RC2 is available!
For those who didn’t read it on Twitter, Facebook or mail yet, ConfigMgr 2012 RC2 is available for download! Last night I received the following mail:
Dear :
Thank you for downloading one or more System Center 2012 pre-release components. System Center 2012 Release Candidate is now available as part of the Microsoft private cloud evaluation:» Download Microsoft private cloud evaluation software
Enjoy!
Your TechNet Team
By starting the download I was pleasantly surprised to see that a part of this download is ConfigMgr 2012 RC2 (see picture).
Remember this?: Software Distribution is currently paused on this computer with ConfigMgr 2007
This is more of a remember this for my self then probably in general, as this is a problem that we don’t run into that much. Only for me it was the second time already, but I couldn’t directly remember anymore what the problem was. So this post will be more of a reminder for the eventually next time…
Also this will be a short post as it will just describe the problem we ran into with my current customer and what the solution was. The problem we ran into was that after we deployed a new machine we could advertise software to it, but the installation would never start. Looking into the execmgr.log we could see the following message: “This program cannot run because a reboot is in progress or software distribution is paused.”.
Well, the solution for this was actually quit simple, just the searching for it took a while… Looking into the registry we could see that the Software Distribution-State-Paused-key was set to 1 and changing this back to 0 resolved the problem. This key can be found in the following location:
- x86 - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Mobile Client\Software Distribution\State\
- x64 - HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\SMS\Mobile Client\Software Distribution\State\ (see picture)
We’re still not quite sure what caused this problem, but it seems to be something with ending a Task Sequence with a restart. After resolving the issue we found some other people with the same issue here and they are also guessing and linking it to the last step of the Task Sequence.
Remember this?: Re-run Advertisement for one (or more) specific client(s) with ConfigMgr 2007
I’m not sure if this is going to be a ‘remember this’ –series, but at least in this case it fits really good. We all know it, but sometimes we need a refreshment.
We all know those scenario’s where we send an Advertisement to a Collection of clients and for some reason we may want to rerun the Advertisement for only one (or more) specific client(s). In this case we can use the general rerun options of an Advertisement (like always rerun), but they will affect all clients in the collection and won’t work for user-targeted Advertisements. So what’s left in this case? Well the option I like the most is that there is a registry change that we can make to trick the Advertisement to run again. When we look at a client’s registry, we will see the following the following registry key (depending on the architecture).
- x86 - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Mobile Client\Software Distribution\Execution History\System\
- x64 - HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\SMS\Mobile Client\Software Distribution\Execution History\System\ (see picture)
As this key is located in the HKEY_LOCAL_MACHINE, it can also be found by opening regedit and then make a connection with a remote client. Under System we will find the PackageID of each Package that has previously run. When we now delete the PackageID, for the Program that we want to rerun, it will trigger the Program to run again (during the next evaluation) even though it already completed successfully.
To find the PackageID that we need we can open the Configuration Manager Console and select the Packages –node (under Site Database > Computer Management > Software Distribution). In the overview there will be a list of all the packages with the corresponding PackageID.
System Center 2012 Endpoint Protection point in System Center 2012 Configuration Manager (RC)
Last week there was finally another update on ConfigMgr 2012. Besides some small changes, they also slightly changed the name of the products in the System Center –family. It all (including Endpoint Protection) now starts with System Center 2012!
This post will be about the new Endpoint Protection point in System Center 2012 Configuration Manager. During the beta’s it was already clear that Microsoft was going to change something about the integration of ConfigMgr 2012 and FEP 2012, and they did! They removed the Endpoint Protection from the Forefront –family and fully integrated it with ConfigMgr 2012!
I also mentioned before that I’m not really the “step-by-step guide maker”, but in some cases there are exceptions and this is another one of these cases. In this post I will show how to install the Endpoint Protection point and at the end some of the nicest/ biggest changes, so enjoy!
|
Go to Administration > Site Configuration > Sites and select Add Site System Roles in the ribon. |
 |
|
On the General page Browse to the specific Site Server, select the Site Code and click Next. |
 |
|
On the System Role Selection page select Endpoint Protection point and click Next. |
 |
|
On the Endpoint Protection page select I accept the Endpoint Protection license terms and click Next. |
 |
|
On the Microsoft Active Protection Service page select whether or not you want to join the Microsoft Active Protection Service and click Next. |
 |
|
On the Summary page click Next. |
 |
|
On the Progress page just wait… |
 |
|
On the Completion page click Close. |
 |
System Center 2012 Configuration Manager RC1 is available!
For those who didn’t read it on Twitter (my Twitter almost exploded), Facebook or mail yet, ConfigMgr 2012 RC1 is available for download! For more information, read here the mail of Microsoft Connect:
We are extremely excited to announce the availability of the release candidates for System Center 2012 Configuration Manager and System Center 2012 Endpoint Protection (formerly known as Forefront Endpoint Protection 2012) today. Both releases are available through a single download package on the Microsoft Download Center. You can learn more about this release at our Server and Cloud Platform blog.
Thank you for your on-going program participation and product feedback as it was instrumental in achieving this important milestone!
Our next CEP session will focus on the System Center 2012 Configuration Manager Release Candidate. Adwait Joshi, Technical Product Manager for Configuration Manager, will discuss improvements and what’s new in RC. We hope you will join this session and hear first-hand about the features now available!
Configuration Manager CEP Online Meeting
System Center 2012 Configuration Manager RC
Wednesday, November 2, 2011
9:00 – 10:30 AM PST
Online Meeting Information
Thank you,
The Configuration Manager Community Evaluation Program Team
cmcep@microsoft.com | https://connect.microsoft.com/ConfigurationManagervnext
Using USMT 4.0 and ConfigMgr 2007 while migrating from local profiles to partially redirected profiles
This time I want to devote a post to a situation I haven’t been in that often. The customer was migrating from Windows XP to Windows 7, well.. nothing special here, but also migrating from local profiles to (partially) redirected profiles, well.. that’s a challenge. So to capture the userdata AND -settings we had to come up with something special. Of course we could do some things with scripting, but the biggest challenge was the fact that the new (partially redirected) profile location was only available after the first logon to Windows 7.
With this information I started thinking about USMT 4.0 again. Most often you use this to migrate on a computer basis, but we made an exception on this. We came up with the following five steps that should do the trick:
- (On Windows XP) A batch file that kicks of Scanstate. Nothing special here, just used /uel:1 or /uel:0 to get the user profile we need (0=Logged on user, 1=Modified accounts last 24 hours).
- (On Windows XP) A batch file that copies the captured data and settings to the users share on the network.
- (On Windows 7) A batch file that copies the captured data and settings back to a local drive.
- (On Windows 7) A batch file that kicks of Loadstate. Nothing special here, just used /ue to exclude some possible captured local/ admin account.
- (On Windows 7) A batch file that copies the last bits of data straight in to the redirected profile.
The important part is something a didn’t mention yet. In the migration XML files there is the possibility to copy data to an alternative location and that’s what we used for the parts of the profile that would get redirected. The reason for that is simple, because the SYSTEM account has no security rights to write something to there, as it is a network location. Here is a sample of the part we added to the migration XML files:
<locationModify script="MigXmlHelper.RelativeMove('%CSIDL_DESKTOP%\', 'C:\Temp\Desktop')">
<objectSet>
<pattern type="File">%CSIDL_DESKTOP%\* [*]</pattern>
</objectSet>
</locationModify>
This specific part would copy the desktop items to C:\Temp\Desktop instead of the desktop location in the (redirected) profile. Also important to note is that, in this case, all the copy actions have to run with user rights, as it’s all copied to the users directory.
Auto Deployment of FEP Definition Updates with ConfigMgr 2007
This week Microsoft released Forefront Endpoint Protection (FEP) 2010 Update Rollup 1 (including some extra tools). The tools update included some extra policies and also a Definition Update Automation Tool. Together with this, there was also an article published about Definition Update Automation with Configuration Manager.
Personally I don’t like the idea of creating a new Task with the Windows Task Scheduler, while we’ve got Status Filter Rules within ConfigMgr. With these rules we can make a “connection” between the scheduled synchronization of the Software Update Point (SUP) and the start of the Definition Update Automation Tool. Otherwise the tool might run while there hasn’t been a new synchronization of the SUP. To prevent this, I will show in this post how to create the Status Filter Rule.
The prerequisites for this post are the same as mentioned in Definition Update Automation with Configuration Manager.
|
Open the fepsuasetup.cab file and copy SoftwareUpdateAutomation.exe to <Installationdirectory>\AdminUI\bin |
|
|
In the ConfigMgr Console browse to Site Database > Site Management > <Sitename> > Site Settings > Status Filter Rules and select New Status Filter Rule in the Actions pane. |
 |
|
On the General page, fill in a Name, select as Source ConfigMgr Server, select as Component SMS_WSUS_SYNC_MANAGER, fill in as Message ID 6702 and click Next. This makes sure that every time the SMS_WSUS_SYNC_MANAGER is DONE this action (which we configure in the next step) will start. |
 |
|
On the Actions page, select Run a Program, fill in as commandline “<Installationdirectory>\AdminUI\bin\SoftwareUpdateAutomation.exe” |
 |
|
On the Summary page and click Next. |
 |
|
On the Summary page and click Finish. |
 |
Download Microsoft Forefront Endpoint Protection (FEP) 2010 Update Rollup 1 Tools: http://www.microsoft.com/download/en/details.aspx?id=26613
Update 18-07: There are some issues discovered with the new tool, take a look here for more information and solutions: http://blogs.technet.com/b/clientsecurity/archive/2011/07/18/errors-when-using-the-fep-2010-definition-update-automation-tool.aspx
Update 01-11: A new version of the Definition Update Automation Tool has been released. This version refreshes the Distribution Point by default and has a new option to disable that behavior (/DisableRefreshDP): http://blogs.technet.com/b/configmgrteam/archive/2011/11/01/how-to-use-definition-update-automation-tool-for-forefront-endpoint-protection-2010-update-rollup-1.aspx
The best informational links about FEP 2010 (and its integration with ConfigMgr 2007)
This time I want to devote a post to some of the best informational links about Forefront Endpoint Protection (FEP) 2010 (and its integration with ConfigMgr 2007). These links can make it a lot easier to plan, scale, install, manage and troubleshoot your ConfigMgr 2007 with FEP 2010 integrated -environment.
- FEP 2010 General Information – This link provides some general information about FEP 2010.
Link: http://www.microsoft.com/fep/ - FEP 2010 Deployment Case Study @Microsoft – This link provides some information about the case study used by Microsoft IT for FEP 2010.
Link: http://technet.microsoft.com/en-us/library/gg543127.aspx - FEP 2010 TechNet Library – This link provides all the information available in the Microsoft TechNet Library about FEP 2010. It includes planning, scaling, installing and managing a FEP 2010 –environment, with or without ConfigMgr 2007.
Link: http://technet.microsoft.com/en-us/library/ff823816.aspx - FEP 2010 Tools – This link provides downloads to some available tools, for creating policies, for adding policies, for gathering support data and for scanning an existing environment.
Link:http://www.microsoft.com/downloads/en/details.aspx?FamilyID=04f7d456-24a2-4061-a2ed-82fe93a03fd5&displaylang=en - FEP 2010 Capacity Planning Worksheet – This link provides a download of a FEP Datawarehouse Space Capacity Planning worksheet. Use this worksheet to estimate the needed disk space.
Link: http://blogs.technet.com/b/clientsecurity/archive/2011/01/19/fep-capacity-planning-worksheet.aspx - System Center Best Practices – This link provides System Center best practices and real-world expierence, which now also includes FEP 2010.
Link: http://technet.microsoft.com/en-us/systemcenter/ee942121.aspx - How to deploy the FEP 2010 Client via OS Deployment – This link provides a step-by-step about deploying the FEP 2010 Client via OS Deployment.
Link: http://social.technet.microsoft.com/wiki/contents/articles/how-to-deploy-the-fep-2010-client-via-osd-and-test-deployment.aspx - Automatically deploy the FEP 2010 Updates via ConfigMgr 2007 – This link provides a step-by-step about deploying the FEP 2010 Updates via ConfigMgr 2007.
Link: http://social.technet.microsoft.com/wiki/contents/articles/automatically-deploy-forefront-endpoint-protection-updates-via-system-center-configuration-manager.aspx - Deploying the FEP 2010 Client via Disk Images – Even though this link is a part of the FEP 2010 TechNet Library, it is good to specifically name it. This link provides some registry keys which should be deleted when adding the FEP 2010 Client to an image.
Link: http://technet.microsoft.com/en-us/library/gg193355.aspx
Microsoft Deployment Toolkit 2012 Beta is available!
For those who didn’t read it on Twitter, Facebook or mail yet, MDT 2012 B1 is available for download! Some of the best things that are mentioned in the release notes, are that it supports ConfigMgr 2012 B2 and also still supports ConfigMgr 2007 SP2! Besides that it also supports the deployment of ALL operating systems from Windows XP and Windows Server 2003 until now. So it only delivers extra’s! For more information, read here the mail of Microsoft Connect:
Thanks for your ongoing interest and participation in the MDT beta review program. We hope you’ll take the time to preview and provide feedback on MDT 2012 Beta 1.
Download the beta materials on Connect: https://connect.microsoft.com/site14/Downloads/DownloadDetails.aspx?DownloadID=8689
Microsoft Deployment Toolkit (MDT) 2012 Beta 1 rides the next wave of System Center releases with support for System Center Configuration Manager 2012. For Lite Touch installations, MDT 2012 improves the overall client-side user experience, while also providing behind-the-scenes enhancements for partitioning, UEFI, and user state migration. These features, combined with many small enhancements, bug fixes, and a smooth and simple upgrade process, make MDT 2012 Beta 1 more reliable and flexible than ever.
Key Benefits:
- Fully leverages the capabilities provided by System Center Configuration Manager 2012 for OS deployment.
- Improved Lite Touch user experience and functionality.
- A smooth and simple upgrade process for all existing MDT users.
Tell us what you think!
We value your input. Download the beta on Connect and tell us what you think!Please submit your feedback through Connect and direct any support questions you may have to satfdbk@microsoft.com.Availability
This program is now open. The beta review period will run through August 2011.Tell your friends
To join the beta review program for Microsoft Deployment Toolkit (MDT) 2012, visit Microsoft Connect:
https://connect.microsoft.com/site14Learn more
Visit the MDT home page: http://www.microsoft.com/MDTGet the latest news straight from the MDT team: http://blogs.technet.com/mniehaus/
MDT works with the Microsoft Assessment and Planning Toolkit and Security Compliance Manager to help you plan, securely deploy, and manage new Microsoft technologies—easier, faster, and at less cost. Learn more at http://www.microsoft.com/solutionaccelerators.
Thank you for your interest in the development of MDT. We look forward to receiving your feedback!
Sincerely,
Solution Accelerators MDT Team
Microsoft Corporation
About Me
I'm Peter van der Woude, I'm 27 years old and I'm living together with my wife and son in the Netherlands.
Currently I work for Login Consultants. At this moment my main focus is System Center Configuration Manager 2007 (ConfigMgr 2007) and I love it!.
Awards
- No Tweets Available
Recent Posts
- Overlapping Boundaries and ConfigMgr 2012
- System Center 2012 Configuration Manager RC2 is available!
- Remember this?: Software Distribution is currently paused on this computer with ConfigMgr 2007
- Remember this?: Re-run Advertisement for one (or more) specific client(s) with ConfigMgr 2007
- System Center 2012 Endpoint Protection point in System Center 2012 Configuration Manager (RC)
Calendar
Categories
- App-V 4.5
- App-V 4.5 CU1
- App-V 4.6
- Applications
- Asset Intelligence
- Award
- Boundaries
- Boundary Groups
- Certificates
- Collections
- ConfigMgr 2007
- ConfigMgr 2012
- ConfigMgr vNext
- Distribution Point
- Distribution Point
- Endpoint Protection Point
- FEP 2010
- FEP 2012
- Maintenance Windows
- MDT 2010
- MDT 2012
- Microsoft Community Contributor
- Modena
- Native Mode
- PXE Service Point
- Reporting Services
- Scripting
- Site Backup
- Site Boundaries
- Software Distribution
- Software Updates
- Task Sequence
- Task Sequence
- Uncategorized
- USMT 4.0
- Windows 7
- WSUS 3.0 SP1
Blogroll
- ConfigMgr Technet forum
- Omar's Blog on Systems Management (http://oehoeven.spaces.live.com/)
- Showing you how to do IT (http://www.windows-noob.com/)
- System Management Repository (http://sysmgmt.wordpress.com/)
Visitor Locations