At the Dynamics Convergence 2010 conference I mentioned to several people that it is possible to create a dynamic group based on whether a piece of software is installed or not but I never went into the details of how to do it. This posting describes how to create a group for a particular piece of installed software (Microsoft Office 2003 Web Component for the purpose of illustrating the process).

Creating a group based on if software is installed is helpful for approving new versions of software for installation (e.g. you want to upgrade from version 2 to version 3),

There is a three step process to create a dynamic group based on if a software application is installed:

1. Create an attribute to trigger membership of the group
2. Define a managed group based on the value of the attribute
3. Create a Computer group linked to the managed group

Create an Attribute

The first step is to create an attribute that we can use to evaluate whether a computer has a piece of software installed or not. This can be based on either a registry key or WMI query. If you have a choice between using a registry key or a WMI query, opt for a registry key – the lookup process is more efficient.

You can use any registry key or WMI query. For this blog, since I am looking for a 32bit application installed on a 64bit computer, I’m going to use a registry entry under

If I was searching for a 32bit application on 32bit computer (or a 64bit application on a 64bit computer) then I could look in:

I’m using the above registry key location since it tends to be a reliable way to determine which software is installed. In the above registry locations will be any currently installed software that has an uninstall program or feature.

To create an attribute:

1. Go to the Authoring workspace
2. Expand Management Pack Objects
3. Select Attributes
4. Click Create a New Attribute to open the Create Attribute Wizard
5. Provide a name and a description for the attribute
   • Name = Microsoft Office 2003 Web Component
   • Description = Check if the Office 2003 Web Components are installed on this computer
6. Click Next 
7. On the Choose a Discover method page, select the following values:
   1. Discovery Type = Registry
   2. Target = Windows Computer
8. For Management Pack, click New to create a new management pack (this will make managing the groups easier later).
9. On the Create Management Pack page, type the following values:
   • Name = My Software Groups
   • Description = Definitions for computer groups based on installed software
10. On the Knowledge page, click Create which will create the management pack and return you to the Create Attribute Wizard.
11. Make sure the Management Pack drop down has My Software Groups selected and click Next
12. On the Registry Probe Configuration screen:
    • Leave Key selected in the Key or Value radio button
    • In the Path field type the registry key you are looking for. In this example, the registry key has a GUID, but when I look at the DisplayName property in the registry I can see this GUID is for Microsoft Office 2003 Web Components
      Path = SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A4-0409-0000-0000000FF1CE}\
      If you use the Copy Key Name feature in regedit to copy in the path, remember to delete the HKEY_LOCAL_MACHINE\ part at the start since the wizard automatically provides this value.
    • Keep the Attribute Type as Check if exists
    • Increase the Frequency to 43,200 seconds (12 hours) since this attribute will only change infrequently
13. Click Finish to create the attribute

We have now created an attribute, whose value will be collected every 12 hours from each Windows Computer managed by Essentials.

Define a Managed Group

Now that we have an attribute, we can use the attribute to define a group whose membership will change based on whether the value of the attribute is true (i.e. Office 2003 Web Components are installed).

To create the Managed Group:

1. Stay in the Authoring workspace
2. Select the Groups node
3. Click Create a New Group to start the Create Group Wizard
4. Provide a Name and Description for the group:
   • Name = Microsoft Office 2003 Web Component
   • Description = Computers that have the Office 2003 Web Components installed
5. Select My Software Groups as the value for Select destination management pack
6. Click Next and then Click Next again to get to the Dynamic Members page
7. Click Create/Edit rules…  to open the Query Builder
8. Change the desired class to be Windows Computer_Extended and Click the Add button
   If you don’t see this as an option, go back to step 5 and make sure the Management Pack you created the attribute in is selected.
9. Use the following values to build the query:
10. In the Property column, select the attribute you created (Microsoft Office 2003 Web Component)
11. In the Operator column, select Equals
12. In the Value column, type True
13. Click OK
14. Click Next. Click Next. Click Create.

We have now created a group whose membership is controlled by the value of the attribute defined earlier. In our case, we now have a group for all computers with the Microsoft Office 2003 Web Component installed.

Create a Computer Group Linked to the Managed Group

Managed groups do not show in the Computers workspace by default. Our final step is to add the group we created in the previous step into the Computers workspace, where it will then be available for approving software and updates.

1. Go to the Computers workspace
2. Click Create a Computer Group
3. Change the Criteria drop down to be Use a managed computer group
4. Select the group created earlier (Microsoft Office 2003 Web Component) from the Managed computer groups drop down
5. Click Create

You now have a computer group whose membership will change depending on the software installed on the computers managed by Essentials.

A Final Word

By saving the attributes and group definitions in their own management pack you can export and share your software groups with other people. You can also export the management pack and manually edit it (its XML) if you want to create multiple groups without stepping through the wizards.

Before you create lots and lots of groups, it is important to know that we’ve tested Essentials 2010 to be able to handle up to 100 computer groups. While the process above will also work with Essentials 2007, we are aware of scale issues that can cause group synchronization to stop working in Essentials 2007 when there are around 30 groups (for some people the number is higher, for others it is lower).

A big thank you to everyone who stopped by and asked us questions at the Microsoft Management Summit and the Dynamics Convergence conferences during the last 2 weeks.

In this post I’m going to talk about one area that we received feedback on at the conferences.

Some people told us they wanted to see even more alerts than they were currently seeing – this post is not for you. Other people told us they were seeing too many alerts – this post is for you!

Before starting, check the Improving Default Monitoring blog posting, this will help you make changes and workaround common issues seen with the default monitoring in Essentials 2010.

There are three main things that affect the number of alerts you see:

1. The current health of your IT environment
2. The number of Management Packs installed
3. The quality of the Management Packs

Essentials is designed to help you proactively monitor your environment and keep it running smoothly. As part of this, we want to help you identify issues that are not causing an outage now, but may in the future. Sometimes, for some environments, the alerts generated can seem a little overwhelming.  

To reduce the risk of being overwhelmed by alerts, you can use the following approach:

1. Introduce Management Packs slowly
2. Use the Most Common Alerts Report
3. Create Overrides
4. Provide feedback

Introduce Management Packs Slowly

Essentials 2010 includes a feature to help identify some key management packs that should be installed in your environment. Start by installing these management packs and performing any tweaking to suit your needs before selecting additional management packs to install.

This will help you control the number of alerts and will also allow you to review the knowledge articles included with each alert for guidance on how resolving alerts. If after reviewing an alert you determine that it is not one you want to take action on in your environment, you can use an Override to disable the alert. See the section below for instructions on creating overrides. 

Use the Most Common Alerts Report

In the Reporting workspace, in the Microsoft ODR Report Library is the Most Common Alerts report. Reviewing this report will reveal the alerts you see most frequently. Using this information you can focus your efforts – either using the alert knowledge to troubleshoot the root cause, or if desired, identifying alert(s) to Override to disable monitoring. To run the Most Common Alerts report:

1. Go to the Reporting workspace
2. Select the Microsoft ODR Report Library
3. Run the Most Common Alerts report

Create Overrides

Overrides allow you to make changes to rules that can help reduce the number of alerts you receive. Through an override you can:

• Disable a rule/monitor
• Change the thresholds

The screenshot below shows a monitor that is being selected to have an override applied. Using the override it is possible to either disable the monitor, or change the configuration of the monitor.

Disable a Rule/Monitor

It is possible to disabling monitoring of particular rules, and this will reduce the number of alerts you see. In Essentials it is possible to disable a rule on all computers, or just groups of computers, and this provides additional flexibility for you, allowing you to receive an alert on one computer but not another. 

Follow these steps to disable a rule or monitor using an Override. Note, the steps are in the Operations Manager documentation, and step 1 does not apply in Essentials.

Change the Thresholds

By using an override to change the thresholds for a rule you can alter when an alerts are generated. This is helpful if you find that an alert is generated sooner they you’d like.

Follow these steps to change the thresholds for a rule or monitor using an Override. Note, the steps are in the Operations Manager documentation, and step 1 does not apply in Essentials.

Provide Feedback

Feedback on Management Packs helps us to make improvements to them and increase their relevance for your environment. There is a very simple way to provide us feedback on Management Packs – enable Operation Data Reporting (ODR). Our Privacy statement includes information on the data collected and includes a link to sample reports. To enable ODR:

1. Go to the Administration workspace
2. Select the Settings node
3. Double click the Privacy setting
4. Select the Operational Data Reports tab
5. Select “Yes, send operational data reports to Microsoft” and click OK

You can also provide feedback in the Management Packs forum.

Management Packs receive updates at various times, and when updating management packs we include feedback from you to improve the monitoring. In Essentials 2010, when there is an update available for a management pack that you have installed, you will receive a notification.

Additional Resources

Some of these are written for Operations Manager, however they typically also apply to Essentials since Essentials uses the same monitoring engine and Management Packs as Operations Manager.

Improving Default Monitoring – A guide to resolving common alerts seen during a default installation of Essentials 2010.

Management Packs forum – get help from Management Pack authors, MVPs and other knowledgeable folks in the community.

By Example guides for “tuning” specific Management Packs

4 Tips for Proactive Management Pack Tuning – advice on steps to reduce alerts before you see them

Troubleshooting Alert Storms – in addition to the topics above, also includes guidance on alert suppression

YES! It is finally here!

We are very excited to announce the RTM of SCE 2010.

You can read the official announcement at System Center Nexus, as well as the commentary from longtime SCE product manager, David Mills, at the Because Its’ Everybody’s Business site.

Our original SCE 2007 brought many enterprise management technologies to midsized organizations, almost three years ago. To that end, we provided a unified console that gave you the embedded knowledge of Management Packs (MP’s) and easy to deploy software and system updates.

We followed that up with SCE 2007 Service Pack 1, which continued the journey. And we heard very clearly that midsized companies were ready to start taking advantage of virtualization, as a way to reduce costs and scale up your capabilities without scaling out your infrastructure. So, System Center created a workgroup edition of Virtual Machine Manager and we sold it as a bundle, alongside SCE 2007 SP1.

Staying true to our vision of continuing to make IT Management easier for midsized organizations, we have continued to enhance our the reporting, monitoring, deployment and update capabilities and added virtualization management and deployment within SCE.

SCE 2010 truly delivers unified physical and virtual management within a single experience that has been optimized for your needs, as midsized organizations. Some of the big enhancements include:

Awareness and delivery of only the MP’s that you need, so you have exactly what you need to monitor and report on what is in your environment -- not too much (noise) and not too little (insight).

Intelligent filters and customizations for software deployment, so we only attempt to install packages on machines that are suitable to receive them.

Optimized software updates, again pulling only what is needed for your environment.

And lots of Virtualization management including:

  - Easy creation of new virtualization hosts

  - Simple deployment of new virtual machines

  - Wizard-driven migration of legacy physical servers to virtual machines, or from VMware to Hyper-V

We are really proud of SCE 2010 and believe that it meets all of the goals that you asked for in an IT Management solution in midsized organizations.

DOWNLOAD THE EVALUATION SOFWARE at

http://technet.microsoft.com/en-us/evalcenter/ee470677.aspx

Throughout this week, you will continue to see updates on our website, blogs, Facebook and tweets.

Website: www.microsoft.com/SCE

Blog: blogs.technet.com/SystemCenterEssentials

Facebook: http://www.facebook.com/pages/SC-Essentials/281028165672

Twitter: @SCEssentials

On twitter, you can also watch for #SCE2010 posts from @Jbuff or @DMills_MS

Our launch wave continues as we get ready for Microsoft Management Summit in Las Vegas (this week) and Microsoft Convergence in Atlanta (next week). Evaluation software will be available this week and full packaged product (and pricing) will be available by the end of May as it is released into the various Microsoft channels and published to the Microsoft price list on June 1.

Check out Willemjan van Laarhoven's blog article comparing System Center Essentials 2010 with other System Center products.

 http://www.toolzz.com/?p=301

Sorry about the long title, but I wanted to help you find this article if you’re searching for assistance with a common environment issue that affects your ability to manage computers with System Center Essentials Essentials.

If while looking at computers in the Computers workspace in the Essentials console, if you notice a managed computer with any of these symptoms:

• Hardware and software inventory is displayed as ‘Unknown’
• Software and Update status is ‘Unknown’
• Last Contacted is ‘Not yet contacted’

the managed computer is not being fully managed by Essentials. Essentials uses the Operations Manager agent to provide monitoring and remote task execution on managed computers, and the Windows Update agent to provide software distribution, update management and inventory collection on managed computers.  In this case, the Windows Update agent on the managed computer is not properly reporting to the Essentials server, which is why the status for these areas is ‘Unknown’.

We’ve added monitoring in Essentials 2010 to alert you when managed computer are affected by this issue, but it also can be easily detected by looking at managed computers in the Computers workspace.  Here are screenshots of how this issue is displayed in both Essentials 2007 and Essentials 2010.

Essentials 2007

Essentials 2010

Note:  The description, asset tag and BIOS serial number properties are collected via the Ops Mgr attribute discovery process instead of via Windows Update agent inventory collection.

Troubleshooting Configuration: Group Policy

Essentials uses group policy to configure the Windows Update agent on the managed computer to report to the Essentials server.  The first area to investigate is whether the managed computer is receiving and applying this policy.

Troubleshooting Steps

1. On the managed computer that is not reporting to the Essentials server, open Registry Editor and navigate to:
   
   HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate
   
   and verify that the WUServer and WUStatusServer values are set to:
   
   https://<FQDN of your Essentials server>:8531
   
   If its set to the Essentials server, jump to Windows Update log section, else continue to step 2.
   
   
   
2. If you have configured the Essentials server to use domain group policy, verify that the managed computer is a member of the ‘SCE Managed Computer <management group name>’ Security Group located in the Users container in your Active Directory domain.  If the computer is not a member, add the computer object to the security group, and restart the managed computer. 
3. If you have configured the Essentials server to use domain group policy, run ‘gpresult.exe /v’ on the managed computer to determine if the computer is receiving the ‘SCE Managed Computer <management group name>’ group policy.  If the computer is not applying the policy, use the Troubleshooting Group Policy in Microsoft Windows Server guide to assist you: http://www.microsoft.com/downloads/details.aspx?familyid=b24bf2d5-0d7a-4fc5-a14d-e91d211c21b2&displaylang=en
4. If you have configured Essentials to use local policy, a scheduled task runs once per day that configures the local group policy object on the managed computer.  Use Resultant Set of Policy (rsop.msc) to investigate if there is an Active Directory group policy (which has a higher order of precedence) that is overriding the Windows Update agent configuration in the local group policy object.

Troubleshooting Connectivity: Windows Update log

Now that you’ve verified that the Windows Agent is configured to report to the Essentials server, the next step is to check out the Windows Update log on the managed computer to verify its attempting to contact the Essentials server and is successful.

1. Open the Windows Update log on the managed computer; the log can be found at %windir%\windowsupdate.log.
2. Scroll to the bottom of the log file and look for the last attempt to contact.  A successful communication will look like this:

2010-02-24    08:13:04:445    1076    2450    PT    +++++++++++  PT: Synchronizing server updates  +++++++++++
2010-02-24    08:13:04:547    1076    2450    PT      + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = https://sceserver.contoso.com:8531/ClientWebService/client.asmx
2010-02-24    08:13:35:580    1076    2450    PT    WARNING: Cached cookie has expired or new PID is available
2010-02-24    08:13:35:587    1076    2450    PT    Initializing simple targeting cookie, clientId = 897ad25c-b27c-4124-a938-c3d609793c6c, target group = , DNS name = myclient.contoso.com
2010-02-24    08:13:35:587    1076    2450    PT      Server URL = https://sceserver.contoso.com:8531/ClientWebService/client.asmx
2010-02-24    08:13:41:980    1076    2450    PT    +++++++++++  PT: Synchronizing extended update info  +++++++++++
2010-02-24    08:13:41:980    1076    2450    PT      + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = https://sceserver.contoso.com:8531/ClientWebService/client.asmx
2010-02-24    08:13:42:280    1076    2450    Agent      * Found 0 updates and 53 categories in search; evaluated appl. rules of 437 out of 560 deployed entities
2010-02-24    08:13:42:357    1076    2450    Agent    *********
2010-02-24    08:13:42:357    1076    2450    Agent    **  END  **  Agent: Finding updates [CallerId = AutomaticUpdates]
2010-02-24    08:13:42:357    1076    2450    Agent    *************

An unsuccessful attempt will look like this:

2010-03-29    09:23:57:662    1132    1f80    Agent    *************
2010-03-29    09:23:57:662    1132    1f80    Agent    ** START **  Agent: Finding updates [CallerId = Windows System Health Agent Search]
2010-03-29    09:23:57:662    1132    1f80    Agent    *********
2010-03-29    09:23:57:662    1132    1f80    Agent      * Include potentially superseded updates
2010-03-29    09:23:57:662    1132    1f80    Agent      * Online = Yes; Ignore download priority = No
2010-03-29    09:23:57:662    1132    1f80    Agent      * Criteria = "IsInstalled=0 and CategoryIDs contains '0fa1201d-4330-4fa8-8ae9-b877473b6441'"
2010-03-29    09:23:57:662    1132    1f80    Agent      * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
2010-03-29    09:23:57:662    1132    1f80    Agent      * Search Scope = {Machine}
2010-03-29    09:23:57:834    1132    1f80    PT    +++++++++++  PT: Starting category scan  +++++++++++
2010-03-29    09:23:57:834    1132    1f80    PT      + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = https://sceserver.contoso.com:8531/ClientWebService/client.asmx
2010-03-29    09:24:18:958    1132    1f80    Misc    WARNING: Send failed with hr = 80072ee2.
2010-03-29    09:24:18:958    1132    1f80    Misc    WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2010-03-29    09:24:18:958    1132    1f80    PT      + Last proxy send request failed with hr = 0x80072EE2, HTTP status code = 0
2010-03-29    09:24:18:958    1132    1f80    PT      + Caller provided credentials = No
2010-03-29    09:24:18:958    1132    1f80    PT      + Impersonate flags = 0
2010-03-29    09:24:18:958    1132    1f80    PT      + Possible authorization schemes used =
2010-03-29    09:24:18:958    1132    1f80    PT    WARNING: StartCategoryScan failure, error = 0x80072EE2, soap client error = 5, soap error code = 0,

Notice the WARNING and error codes I’ve bolded in the log excerpt.  These are issues that are preventing the Windows Update agent from communicating with the Essential server.  Check out these article for specific guidance on how to troubleshoot these errors and warnings:

How to read the Windowsupdate.log file
http://support.microsoft.com/kb/902093

Windows Update Agent Result Codes
http://technet.microsoft.com/en-us/library/cc720442(WS.10).aspx

How the Windows Update client determines which proxy server to use to connect to the Windows Update Web site
http://support.microsoft.com/kb/900935

If you use image-based OS deployment: Troubleshooting duplicate SUSClient ID

If you have many managed computers that are not reporting to the Essentials server, and you use an image to install the operating system on computers, the most likely cause of this issue is that the managed computers are sharing the same SUSClientID.  The WSUS technology in Essentials uses the SUSClientID to uniquely identify each managed computer that contacts the Essentials server.  If more than one computer is using the same duplicate SUSClientID, only the first computer that reports to the Essentials server will be fully managed.

If this is the case in your environment, check out these articles for cleaning up this issue, and also fix your image so that you do not have to deal with this issue in the future.

A Windows 2000-based, Windows Server 2003-based, or Windows XP-based computer that was set up by using a Windows 2000, Windows Server 2003, or Windows XP image does not appear in the WSUS console
http://support.microsoft.com/kb/903262

Resolving the duplicate SUSClientID issue, or “Why don’t all my clients show up in the WSUS console?”
http://blogs.technet.com/sus/archive/2009/05/05/resolving-the-duplicate-susclientid-issue-or-why-don-t-all-my-clients-show-up-in-the-wsus-console.aspx

We’d appreciate your feedback on this article or your experiences troubleshooting this issue:

http://social.technet.microsoft.com/Forums/en-US/systemcenteressentials/thread/75ee711f-3de1-4719-aa11-082b7db142e3