To configure manual agent installs settings

1.Log on to the computer with an account that is a member of the Operations Manager Administrators role for the Operations Manager 2007 Management Group.

2.In the Operations Console, click the Administration button.

Note 

When you run the Operations Console on a computer that is not a Management Server the Connect To Server dialog box will display. In the Server name text box, type the name of the Operations Manager 2007 Management Server that you want the Operations Console to connect to.

3.In the Administration pane, expand Administration, and then click Settings.

4.In the Settings pane, expand Type: Server, right-click Security, and then click Properties.

5.In the Global Management Server Settings - Security dialog box, on the General tab, do one of the following:

To maintain a higher level of security, select Reject new manual agent installations, and then click OK.

To configure for manual agent installation, click Review new manual agent installations in pending management view, and then click OK.

How to deploying SCOM Agents to the Workgroup clients
Steps that were followed:
=====================
1. Request a certificate for the OpsMgr server using its FQDN
A. Browse to http://<CA_Server>/CertSrv from the OpsMgr server
B. Click the Request a Certificate link

C. Click the Advanced Certificate Request link.
D. Click the Create and submit a request to this CA link.
E. In the Name field, enter the FQDN of the Operations Manager server.
F. In the Type of Certificate Needed drop down select Other…
     i. In the OID field, enter 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2
G. Check Mark keys as exportable.
H. Check Store certificate in the local computer certificate store.
I. In the Friendly Name field enter the FQDN of the OpsMgr server (must exactly match the Name field).
J. Click Submit.

K. Click the Yes button in the security pop-up.
2. Get the certificate request approved by the appropriate authority

3. Install the new certificate on the OpsMgr server
A. Revisit http://<CA_Server>/CertSrv from the OpsMgr server
B. Click the View the status of a pending certificate request link.

C. Click the link for newly issued certificate.
D. Click the Install this certificate link.
E. Select Yes to Security Warning dialog.
F. You should now see Your new certificate has been successfully installed.

4. Export the new certificate on the OpsMgr server and import it with MOMCertImport.exe
A. Open the Certificates snap-in for Local Computer
      i. Launch MMC.exe from the Run box
      ii. Select Add/Remove Snap-in from the File menu
      iii. Select the Certificates Snap-in and click Add
      iv. Select the Computer Account radio button and click Next
      v. Select the Local Computer radio button is selected and click Finish
      vi. Click Close and then click OK

B. Export the certificate to a PFX file
      i. In the MMC, expand the Certificates (Local computer) node
      ii. Expand the Personal node and select Certificates
      iii. Locate the certificate for the OpsMgr server FQDN
      iv. Right-click on the certificate and choose All Tasks -> Export…
      v. Click Next on the Welcome page

      vi. Select Yes, export the private key and click Next

      vii. Click Next on the Export File Format page

      viii. Enter a secure password and click Next

      ix. Enter a valid path and file name with a PFX extension and click Next

      x. Click Finish and verify that The export was successful is displayed

C. Run MOMCertImport.exe to import the certificate PFX file
      i. Open a CMD prompt and change directory to SupportTools\i386 on the SCOM 2007 CD
      ii. Execute: MOMCertImport.exe <path to PFX file> /password <password specified during export of PFX file>
      iii. Use the Services MMC to stop and restart the OpsMgr Health Service
5. Install the Certificate Authority Certificate Chain on each intended agent and the Management Server.
NOTE: Instead of executing step 5 on each agent, you can download and save the chain to a .p7b file .

Copy to each agent and install. Then proceed to step 6.

A. Browse to http://<CA_Server>/CertSrv from the intended agent
B. Click the Download a CA certificate, certificate chain, or CRL link
C. Click the Install this CA certificate chain link.
D. Select Yes to the security dialog popup.

     i. Select Yes if presented with a second security dialog popup
E. You should now see The CA certificate chain has been successfully installed

F. Open the Certificates snap-in for Local Computer
      i. Launch MMC.exe from the Run box
      ii. Select Add/Remove Snap-in from the File menu
      iii. Select the Certificates Snap-in and click Add
      iv. Leave My user account selected and click Finish
      v. Select the Certificates Snap-in and click Add again
      vi. Select the Computer Account radio button and click Next
      vii. Select the Local Computer radio button is selected and click Finish
      viii. Click Close and then click OK     
G. Copy the Trusted Root Certificate from Current User to Local Computer
      i. Expand the Certificates - Current User node
      ii. Expand the Trusted Root Certification Authorities node
      iii. Select Certificates and locate the new trusted Root CA
      iv. Right-click the certificate and choose Copy

      v. Expand the Certificates (Local Computer) node
      vi. Expand the Trusted Root Certification Authorities node
      vii. Right-click on Certificates and select Paste

6. Obtain and import a certificate for the intended agent using its NetBIOS name
A. Browse to http://<CA_Server>/CertSrv from the intended agent
B. Click the Request a Certificate link
C. Click the Advanced Certificate Request link.
D. Click the Create and submit a request to this CA link.
E. In the Name field, enter the NetBIOS name of the intended agent
F. In the Type of Certificate Needed drop down select Other…
      i. In the OID field, enter 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2
G. Check Mark keys as exportable.
H. Check Store certificate in the local computer certificate store.
I. In the Friendly Name field enter the NetBIOS name of the intended agent (must exactly match the Name field).
J. Click Submit.
K. Click the Yes button in the security pop-up.
7. Get the certificate request approved by the appropriate authority
8. Install the new certificate on the intended agent
A. Revisit http://<CA_Server>/CertSrv from the OpsMgr server
B. Click the View the status of a pending certificate request link.

C. Click the link for newly issued certificate.
D. Click the Install this certificate link.

E. Select Yes to Security Warning dialog.
F. You should now see Your new certificate has been successfully installed.
9. Export the new certificate on the intended agent and import it with MOMCertImport.exe
A. Open the Certificates snap-in for Local Computer
      i. Launch MMC.exe from the Run box
      ii. Select Add/Remove Snap-in from the File menu
      iii. Select the Certificates Snap-in and click Add
      iv. Select the Computer Account radio button and click Next
      v. Select the Local Computer radio button is selected and click Finish
      vi. Click Close and then click OK
B. Export the certificate to a PFX file
      i. In the MMC, expand the Certificates (Local computer) node
      ii. Expand the Personal node and select Certificates
      iii. Locate the certificate for the intended agent NetBIOS name
      iv. Right-click on the certificate and choose All Tasks -> Export…

      v. Click Next on the Welcome page
      vi. Select Yes, export the private key and click Next

      vii. Click Next on the Export File Format page

      viii. Enter a secure password and click Next

      ix. Enter a valid path and file name with a PFX extension and click Next

      x. Click Finish and verify that The export was successful is displayed

C. Manually install the SCOM 2007 agent on the intended agent machine

i. Install MSXML 6.0

     ii. Install MOMAgent.msi

D. Run MOMCertImport.exe to import the certificate PFX file
      i. Open a CMD prompt and change directory to SupportTools\i386 on the SCOM 2007 CD
      ii. Execute: MOMCertImport.exe <path to PFX file> /password <password specified during export of PFX file>
      iii. Use the Services MMC to stop and restart the OpsMgr Health Service

E. Check Pending Management 

F. Check Agent Managed

Consider the following scenario:

You have onboard UMA 384 MB + 1GB from the video adapter and you expect the total video memory to be about = 384MB + 1024 MB => 1408 MB

However, in the Control Panel -> Appearance and Personalization ->Display ->Screen Resolution Panel, click [Advanced Settings]. Under the "Adapter" tab, you will see the Dedicated Video memory value displayed as 1536MB.

Why?

Basically, the UI is coded to display the Dedicated Video Memory in the form of power of 2. So, it uses this function “NextPowerof2(uNumMegs/8)” to calculate the allowed adjustment. And here are the allowed adjustments for different ranges of memory:

//  129M-256M rounds in multiples of 32M

//  257M-512M rounds in multiples of 64M

//  513M-1G rounds in multiples of 128M

//  1G+-2G rounds in multiples of 256M

//  2G+-4G rounds in multiples of 512M

And we can see that for the case of UMA_384+DSC(1024MB), the adjustment is in multiples of 256MB. It is not possible to display 1408MB. And since 1408MB is greater than 1280MB(256*5), that is why you are seeing 1536MB(256*6) by design.

This power of 2 algorithm was implemented per KB938838.

Windows Vista displays the incorrect dedicated video memory size for certain display adapters

http://support.microsoft.com/default.aspx?scid=kb;EN-US;938838

To display a more accurate video memory figures, use the videomemory.exe tool from the DirectX SDK tools. Link:
http://msdn.microsoft.com/en-us/directx/aa937788

You might notice that some computers are appearing multiple times in WSUSAdmin - Computers and some of them disappear very often. This is due to duplicate SUS client IDs. Take a look at this script which deletes duplicate SUS client IDs found on a computer. These IDs are often found on computers where the operating system was installed using an image-based setup.

Script Code

============================================

@echo off
Echo Save the batch file "AU_Clean_SID.cmd". This batch file will do the following:
Echo 1.    Stops the wuauserv service
Echo 2.    Deletes the AccountDomainSid registry key (if it exists)
Echo 3.    Deletes the PingID registry key (if it exists)
Echo 4.    Deletes the SusClientId registry key (if it exists)
Echo 5.    Restarts the wuauserv service
Echo 6.    Resets the Authorization Cookie
Echo 7.    More information on http://msmvps.com/Athif
Pause
@echo on
net stop wuauserv
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
net start wuauserv
wuauclt /resetauthorization /detectnow
Pause

============================================

SUS client ID will be generated at next detection.

問題徵狀：執行Windows Update自動更新時，KB2518864、KB2572073、KB2633880重覆要求更新

KB2518864、KB2572073、KB2633880 Microsoft.NET Framework的更新元件，問題發生的原因是因為電腦上的 Microsoft.NET Framework 已損毀或遺失，導致檢查更新時無法正確判斷，以致重複檢查以及安裝。

解決方法：

(http://blogs.msdn.com/cfs-file.ashx/__key/CommunityServer-Components-PostAttachments/00-08-90-44-93/dotnetfx_5F00_cleanup_5F00_tool.zip) 下載 .NET Framework 自動清除工具，

http://blogs.msdn.com/cfs-file.ashx/__key/CommunityServer-Components-PostAttachments/00-08-90-44-93/dotnetfx_5F00_cleanup_5F00_tool.zip

選擇【.NET Framework - All Versions】，然後按一下【Cleanup Now】。

重新更新，已不會出現重複的更新。若您的軟體需要用的對應版本的.NET Framework，當您下次更新時，系統會自動幫您偵測並下載對應的版本。

問題徵狀：當您在WindowsXP中，透過某些區段的內碼造字，在記事本以外的應用程式均不能正常顯示。

問題發生的原因是因為有部分私用字元區域，是保留給私用定義使用者或軟體廠商所編碼的Unicode 字元集中的字碼指標範圍。

下列區段為Windows XP系統會占用到的位置：

Unicode位置：F001~F031

在Big-5內的位置為8350~83A1

解決方法：

請您安裝下列文章編號KB 831176的Hotfix，

831176 富士通專用字體不會正確顯示在 Windows Server 2003 或 Windows XP 中的 Unicode 私人使用區域

http://support.microsoft.com/kb/831176/zh-tw

安裝完成後並重新開機，所有字元即可正常顯示。