Browse by Tags

Related Posts
  • Blog Post: TestDBUpgrade on a Named Instance

    In a scenario where a hardened SQL named instance (e.g., SQLI1) is used to perform the database (e.g., SMS_P01) upgrade test for a service pack the ConfigMgrSetup.log may contain the following errors: The command line options are /TESTDBUPGRADE SMS_P01 ... Testing database upgrade on SMS_P01 database...
  • Blog Post: Verifying Configuration Manager Backup Task with Windows PowerShell

    A seemingly simple requirement for a Desired Configuration Management configuration item is to verify that the Configuration Manager 2007 site backup maintenance task is enabled.  What became the difficult part of this was tracking down the specific location in WMI that this data exists.  I...
  • Blog Post: PowerShell to change ConfigMgr Client Cache size

    Don Hite has a VBS Script To Change A Remote SMS Clients Cache Size , but I wanted to do it with PowerShell: $Cache = Get-WmiObject -namespace root\ccm\SoftMgmtAgent -class CacheConfig $Cache.size = 10240 $Cache.InUse = "True" $Cache.Put() Restart-Service ccmexec I added line 3 after trying the size...
  • Blog Post: Secondary site server attempting NTLM anonymous logon

    I recently came across a problem that drove me crazy for several hours. I've installed secondary site servers many times and have the setup down pat to work with my usual secure configuration. The secondary site server installed ok, but then the mpcontrol.log showed entries similar to the following:...
  • Blog Post: DCM Error for Invalid or Inconsistent Data

    I created a relatively simple Configuration Manager 2007 Desired Configuration Management (DCM) configuration baseline with twenty configuration items (CIs) each with a handful of settings. In trying to move it from a development environment into production, the baseline would fail to import on the first...
  • Blog Post: Maximizing Security in Configuration Manager

    This post details my experience and lessons learned with hardening a System Center Configuration Manager system. I'll review the risks and then describe the various technical components of a ConfigMgr system: Windows Server host, Internet Information Service (IIS), SQL Server and ConfigMgr itself. Make...
  • Blog Post: Using Windows PowerShell to convert collection membership rules

    I developed some automation for a customer to help them manage the lifecycle of collections used for assignment of DCM baselines as they are revised.  Part of this required the ability to convert a collection from query-based membership to direct membership rules and vice versa.  I realize...
  • Blog Post: MMS 2011 Session

    A little self-promotion.... BF21 Accelerated Scripting with the MDT Framework Speaker(s): Aaron Czechowski Track(s): Server Management Technologies, Solution Accelerators, Systems Management Session Type: Breakout Session Product(s): Configuration Manager 2007 R2 & R3, Microsoft Deployment...
  • Blog Post: Customizing USMT Estimation with ConfigMgr Task Sequence

    One of the advantages of integrating MDT 2008 with ConfigMgr 2007 is a more dynamic state capture process. The MDT task "Determine Local or Remote" (ZTIUserState.wsf) gives you the ability to estimate the amount of space required for the state store, and then determine whether to store it on the local...
  • Blog Post: Short File Name Prerequisite for SCCM 2007

    A common security/performance setting is to disable short file names (aka 8.3 file names), and is recommended as part of the Microsoft Solutions for Security (MSS) (Disable Auto Generation of 8.3 File Names [NtfsDisable8dot3NameCreation]). However, as one of my customer's recently discovered, this is...
  • Blog Post: Failure on invalid user context with DCM permission evaluation

    I’m a huge fan of the Desired Configuration Management (DCM) feature of ConfigMgr. However, I found that it can be quite literal with the input data, and the result is not always very user friendly. For example, I created a new General Configuration Item (CI) with a single object rule to evaluate...
  • Blog Post: ConfigMgr Software Updates on an Isolated Network

    The Windows Server Update Services (WSUS) 3 Deployment Guide documents a process by which update metadata and update content can be transferred from one server to another isolated server. Since Configuration Manager 2007 relies upon WSUS for the software update plumbing, a similar process can be used...
  • Blog Post: Explicit rights for Preinst

    I recently had to manually remove a secondary site (S01) from a ConfigMgr 2007 SP1 hierarchy. It deleted ok from the parent site (P01), but since that doesn't replicate up the hierarchy, I had to go to the Hierarchy Maintenance Tool (Preinst.exe) on the central (C01) site to fully remove it. However...
  • Blog Post: Using SMBIOS GUID to import computer information for VMware guest

    To import computer information into Configuration Manager for OS deployment you have to enter the computer name and then one or both of the following unique identifiers: MAC address or SMBIOS GUID, aka UUID. Many customers use the MAC address because it is shorter and typically more accessible. However...
  • Blog Post: Identifying a system deployed via OSD

    I’m starting a DCM project for a customer and one of the requirements is to determine whether a system was deployed via a ConfigMgr task sequence.  This seemed like a simple request but initially stymied me as to how to best implement it with a significant level of authority that cannot be easily...
  • Blog Post: ConfigMgr 2007 and SCW

    The Security Configuration Wizard is new to Windows Server 2003 SP1 and provides very detailed ability to lockdown a server based on the roles, services and applications. With SMS 2003, the toolkit provided security templates that would allow SMS to function when used in the context of the Enterprise...
  • Blog Post: Running netsh in ConfigMgr task sequence on x64 client

    In deploying Windows 7 x64 via a ConfigMgr 2007 SP2 task sequence I have a custom script to change the TCP Global Receive Window Auto-Tuning Level. The command that is executed via the script is: cmd /c netsh interface tcp set global autotuning=highlyrestricted This unfortunately returned the following...
  • Blog Post: Debug programs right needed to uninstall ConfigMgr Console

    I recently discovered an interesting issue when trying to uninstall the ConfigMgr Console from a Windows Server 2003 system to which the SSLF member server baseline policy is applied. When running through setup to uninstall the console, all of the components all show the status "Not Started" and the...
  • Blog Post: DCM Multiline Operators

    I recently had the opportunity to use the One of operator on a CI validation of a registry integer value. While trying to input the multiple values (1, 3, 4 or 5) using a variety of delimiters (space, comma, semi-colon, etc.), I kept getting a UI error: "Invalid integer. Specify one value per line."...
  • Blog Post: IE7 search providers and ConfigMgr RP

    I was doing some research/testing on IE7 search providers today and thought up a neat trick for quicker access to some common ConfigMgr reports. See Microsoft Support Article ID 918238 for some of the technical details on IE7 search providers. We strongly recommend the use of GUIDs in the registry for...
  • Blog Post: ConfigMgr query for blocked or approved clients

    This is nothing new; I’m typically not one to repost information that can be found elsewhere online.  This is just so that I have an easy place to find it in the future! select SMS_R_SYSTEM.ResourceID, SMS_R_SYSTEM.ResourceType, SMS_R_SYSTEM.Name, SMS_R_SYSTEM.SMSUniqueIdentifier, SMS_R_SYSTEM.ResourceDomainORWorkgroup...
  • Blog Post: How to restore from the OS backup

    A customer requirement for a recent pilot project was to migrate user workstations to Vista for only a few weeks; we have to restore to the previous OS at the end of the pilot. There are other scenarios in which you'd need to restore a system using the fat WIM captured with the MDT Backup script in your...