PowerShell – How to do WMIClass CreateInstance but WITH credentials

Today I was building a script to create system resources in SCCM 2012 and part of the task was to add these resources to a set of collections. The script will use from the SCCM server when finally implemented but for now I was using my laptop for editing and debugging. When I came to the point where I had to create the actual membership rules for the collections I ran into a hurdle that puzzled me. The WMI object I had to create was the SMS_CollectionRuleDirect, which often is done using this simple PowerShell snippet: $ruleClass = [WMICLASS]"\\$($server)\root\sms\site_$($sitecode):SMS_CollectionRuleDirect".CreateInstance() And [...]

PowerShell to the rescue – Clean up direct collection memberships

We where talking to a customer about how to avoid waiting for Active Directory group synchronization to occur and place a device in the correct collections faster than “until the next synchronization”. The main problem with this setup was caused by the fact that they used a group-in-group membership to identify collection memberships and apparently SCCM 2012 don’t include indirect changes to group membership as delta changes (I have not tested this in details yet). So we came up with the idea to just create a direct membership to place the device in the collections instantly to make sure that [...]

By |2013-03-12T12:31:15+01:00marts 12th, 2013|Configuration Manager (SCCM), Powershell|3 Comments

How can I determine what Antimalware Policy is applied to my SCEP 2012 SP1 client

Niall Brady posted a blog post a few days ago How can I determine what Antimalware Policy is applied to my SCEP 2012 SP1 client. Niall showed how to check Antimalware Policy via registry or via Configuration Manager Console. Actually there is one method more - Antimalware policy is also stored in WMI class . You can use query below to identify the Antimalware policy from WMI. $EmptyPolicy= @() $EPPolicy = Get-wmiObject -namespace "Root\ccm\Policy\Machine\ActualConfig" -query "Select Name from CCM_AntiMalwarePolicyClientConfig" | ForEach-Object {$EmptyPolicy+=$_.Name} $EmptyPolicy | Group-Object | Select-Object -Property Name -Unique   Script Output  

By |2013-02-22T18:53:09+01:00februar 22nd, 2013|Configuration Manager (SCCM), Powershell|1 Kommentar

State of the Empire: How to use E-mail Notifications in ConfigMgr 2012 SP1

In the old days you found out something was wrong when phones started to ring and senior management was at you "doorstep" with an angry look. In Configuration Manager 2012 SP1 we have many ways of being proactive with the state of our environment and the state of our precious clients. In this blog post ill cover: Client Status alerts (Check, Remediation & Activity) Endpoint Protection alerts (Malware detection & outbreak) Site Server status alerts (Site backup, Software Update sync, Database free space & replication) Reports Note: E-mail Notification component has to be configured in the Configuration Manager environment. Client [...]

Configure E-mail Notification component in ConfigMgr 2012 SP1

In order to send Alert notifications or Reports via E-mail we need to make some configurations in the Console and in SQL Reporting Services Configuration Manager. In the Administration section select the Site Configuration folder and click Sites. In the Ribbon click Configure Site Components and select E-mail Notification. Enter the details for the SMTP connection, and test that it works. Click Ok, and you are done in the Configuration Manager Console. Onwards to glory! Almost… Open SQL Reporting Services Configuration Manager. Click E-mail Settings and enter the SMTP details in here. Click Ok, and you are done in the [...]

Automatic Client Upgrade greyed out

In ConfigMgr 2012 SP1 you might run into the Automatic Client Upgrade feature being greyed even if you are a full administrator. In this example I have a group called ConfigMgr Administrators that has been assigned Full Administrator rights but are still not able to enable the Automatic Client Upgrade settings. To fix the issue log in with the account that installed the primary site server. In the Administration workspace, select Security, Administrative Users and open the properties for the ConfigMgr Administrators group. Click Add, Security Scope and select All Security Scopes. Click OK and all users in the ConfigMgr [...]

By |2013-02-19T18:00:33+01:00februar 19th, 2013|Configuration Manager (SCCM), Security|11 Comments

WSUS 6.x Admin Console Post-deployment Configuration fails on Windows Server 2012

When you want to just install an Admin Console instance of WSUS on the new Windows Server 2012, it has shown to be a little troublesome at times. In the old WSUS 3.0 days it was easier because it was an executable you installed, and in the installation you was asked to choose whether you wanted a Admin Console installation or a Full WSUS Server installation. Now on Windows Server 2012 its a role with some features you either check or uncheck. This WSUS role services setup will install just the Admin Console, if you want a Full WSUS server [...]

By |2013-02-11T13:19:03+01:00februar 11th, 2013|Configuration Manager (SCCM), Windows Server|5 Comments

Migrate reports from SCCM 2007 to SCCM 2012 SP1

The built-in migration wizard in ConfigMgr 2012 can migrate most objects but not reports. In ConfigMgr 2012 classical ASP reports (as we know them from earlier versions) are no longer supported. Migrate the classical reports to SQL Reporting Services in SCCM 2007 Below is a walk thru of how you migrate your existing classical reports to SQL reporting Services in SCCM 2007. Notice that you will still be able to run all classical reports after the migration. On you SCCM 2007 site server install either SCCM 2007 R2 or SCCM 2007 R3, both will add SQL Reporting Services support for [...]

By |2013-02-09T09:42:03+01:00februar 9th, 2013|Configuration Manager (SCCM), General info|13 Comments

Slides and notes from my Advanced Infrastructure session @NIC 2013

A huge thanks to all NIC 2013 attendes, once again you proved that Norway is a perfect place to host the Nordic Infrastructure Conference. Two great days where I also had the pleasure of attending sessions hosted by some A-Class speakers. As promised here is my slide deck from my Friday afternoon session on dvanced infrastucture. Key take-away from the session is “ways to max the performance in your ConfigMgr infrastructure and plan for redundancy”. Step-by-step guide on Creating Management Point database replicas Great blog post from Brian Mason on Management Points and database replicas Must see SCCM Guru video [...]

By |2013-02-04T14:23:18+01:00februar 4th, 2013|Configuration Manager (SCCM), General info|3 Comments

CSV REPORT: Get ConfigMgr Collection Excluded or Included Collection Rules

Currently there should be no builtin report that will show you Excluded or Included collections and because of that I did two simple PowerShell scripts that queries Included or Excluded collections. Both of these scripts creates a CSV file. You can run this script on your Primary, CAS or Central site like this: Get-CMCollectionExcludedCollectionRules.ps1 -SiteCode PS1 -SiteServer Localhost -OutPut c:\Temp\ExcludedCollectionReports.csv Get-CMCollectionIncludedCollectionRules -SiteCode PS1 -SiteServer Localhost -OutPut c:\Temp\IncludedCollectionReports.csv Get-CMCollectionIncludedCollectionRules.ps1 Get-CMCollectionExcludedCollectionRules.ps1 Example Output  

By |2013-01-31T14:47:18+01:00januar 31st, 2013|Configuration Manager (SCCM), Powershell|1 Kommentar

Quick and Dirty Management Point check

If you have a big Configuration Manager environment and you don´t have a monitoring solution like SCOM or NAGIOS, then PowerShell can help you too.  This script queries all Management Points from SMS_SystemResourceList WMI class and it will check MPCERT and MPLIST website status. If you want to use this script then run it on your Central, CAS or Primary Site Server like this: Get-CMSMPStatus.ps1 -SiteCode PS1 -SiteServer Localhost -OutPut c:\Temp\MPStatus.csv. This will create a CSV Report (example below) This script should work with PSH v2 and v3. You can download the code example from here

By |2013-01-29T14:20:44+01:00januar 29th, 2013|Configuration Manager (SCCM), Powershell|2 Comments

Slides and notes from my 3rd. party Patch Management session @NIC 2013

A huge thanks to all NIC 2013 attendees, once again you proved that Norway is a perfect place to host the Nordic Infrastructure Conference. Two great days with some A-Class speakers. As promised here is my slide deck from my 3rd. party software update session. During my session, I discussed how to prepare your environment for 3rd. party patch management and demonstrated two different solutions. Download Slide deck System Center Updates Publisher Download the complete SCUP 2021 guide here Checkout the SCUP videos  Checkout the PatchMyPc catalog here: Check out the “scupdates” catalog here: Secunia Download Secunia PSI, a freeware [...]

Slides and demo files from NIC 2013– Software Update Management

A huge thanks to all NIC 2013 attendes, once again you proved that Norway is a perfect place to host the Nordic Infrastructure Conference. Two great days with A Class speakers.  Slides from my first session SC 2012 Configuration Manager - Software Update Management 5 minutes is all it takes During the session I demonstrated how you could use PowerShell to create a Software Update Packages and modify the update package in an existing Automatic Deployment Rule. Both scripts can be downloaded here – all credit goes to my colleague and undefeated powerShell champ Kaido I also demonstrated a nice [...]

Working with database replicas on your Management Point

Wonder why you should consider database replicas on your Management Points? The answers are in this webcast from Brian Mason (fellow Configuration Manager MVP from Minnesota.) The keywords are fault tolerance and performance and who do not want that as part of their Configuration Manager infrastructure. Download the MP replica step-by-step guide Huge thanks to Brian Mason for helping out with the document and for convincing me to use this feature.

By |2013-01-20T21:01:58+01:00januar 20th, 2013|Configuration Manager (SCCM)|5 Comments

SCCM 2012 SP1 – Now cleaning up Update Packages & Folders

This just made my day – i simply could not wait to get this out in a blogpost! Those of you that spend time managing Sofware Updates via ConfigMgr will be happy to know that Microsoft went ahead and made a maintenence task/routine for cleaning up packages and folders with expired updates. Previously you would have to run some executable script that would go in and do the cleanup for you, and could at times give you some trouble – well its a custom made script made by someone, so who knows what might happen. Plus it would require you [...]

By |2013-01-15T11:28:22+01:00januar 15th, 2013|Configuration Manager (SCCM)|10 Comments

Post SCCM 2012 SP1 – failure to update boot images

*** UPDATE *** This also works if you are unable to rebuild your boot images after upgrading to Windows 10 ADK (the final version) I did a customer SP1 upgrade during the weekend, the process ran successfully according to the Setup UI, but when I later tried to update the boot images I received the following error: Failed to insert OSD binaries into the WIM file Another symptom of this problem is that when you open the properties for the boot images, the pane Optional components will show no items in either of the lists. And finally you may also [...]

Correct – SCCM 2012 does not support SQL Mirroring and can breake a SCCM SP1 upgrade

As stated here SQL mirroring is not supported for the ConfigMgr database. However a technet article do not stop all database administrors’s from enabling the setting anyway believing that it will not cause any issues – but boy it does. SQL mirroring will break the SCCM SP1 upgrade process and leave the primary site server in a non-functional mode where a site restore is the only way back. The issue can be found in the ConfigMgrSetup.log file. USE [cm_ps1]; ALTER DATABASE [cm_ps1] SET SINGLE_USER WITH ROLLBACK IMMEDIATE;  $$<Configuration Manager Setup><01-11-2013 10:38:29.887+00><thread=4136 (0x1028)> *** [42000][1468][Microsoft][SQL Server Native Client 11.0][SQL Server]The operation [...]

By |2013-01-13T10:29:19+01:00januar 13th, 2013|Configuration Manager (SCCM), General info|5 Comments

New Agents will not re-assign to ConfigMgr 2012 Site

Many are waiting for ConfigMgr 2012 SP1 before they actually go from ConfigMgr 2007 to ConfigMgr 2012. If you for some reason have a Group Policy that assigns clients to a specified Site code you will hit a barrier migrating your clients with the new Agent. The installation itself will go fine but it stops there. The Group Policy tattoo’s the Assigned Site Code locally on the machines that are hit by the policy. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Mobile Client] "GPRequestedSiteAssignmentCode"="PS1" What you can do from here is either change the Site Code in the same, or a new Group Policy hitting the migrated [...]

By |2012-12-11T14:23:06+01:00december 11th, 2012|Configuration Manager (SCCM)|5 Comments

Role Based Administration change in ConfigMgr SP1

RBA or Role Based Administration is one of the many new features in ConfigMgr 2012. It’s a very powerful feature and has already helped lots of customers minimizing the need for having multiple primary sites. One annoying fact in RTM is that all collections (users and devices) shows up when running a report. This has changed in Service Pack 1 which makes the RBA feature even more powerful. In this example I have a user (DskAdmin) who is member of the Desktop Admins group in Active Directory. Desktop admins must all be granted Application Administrator permissions and allowed to work [...]

By |2012-12-10T16:16:53+01:00december 10th, 2012|Configuration Manager (SCCM), General info, Security, SQL Server Reporting Services (SSRS)|Kommentarer lukket til Role Based Administration change in ConfigMgr SP1

First look at the Secunia CSI integration with Configuration Manager 2012

A few years ago I wrote a blog posts on Microsoft SCUP and Secunia CSI 5.0. Back then my conclusion was that Secunia had a superb security database but required a custom agent and didn’t have an easy Configuration Manager Console integration. With the latest release of Secunia CSI those “obstacles” are removed and the solution looks very promising. In this, my first test drive of the product, I will see how quickly I can install the solution and start patching my environment. The installation CSI requires that you first install the CSI administrator console and then the CSI SCCM [...]

By |2012-11-30T11:27:18+01:00november 30th, 2012|Configuration Manager (SCCM), General info, Security|2 Comments

ConfigMgr Cloud Distribution Points

One of the new features in ConfigMgr SP1 is Cloud based distribution points. ConfigMgr SP1 clients can use the CDP as a fallback solution when the requested content is not available at an on-premise distribution point (the new term for the “old fashion DP”). It is not a replacement for Internet Based Client Management. The benefit of having cloud distribution points are: You can easily create them You can easily add more resources if the scenarios where extra bandwidth is needed e.g. when upgrading to Office 2013 worldwide Nice fallback solution Clients will fallback to the Cloud DP if the [...]

By |2012-10-16T13:59:45+01:00oktober 16th, 2012|Configuration Manager (SCCM), General info|11 Comments

Child domain objects are not Discovered in SCCM

In most cases people have configured their User, System or Group discovery correctly by adding an LDAP path that SCCM will start discovering from. Could be an OU [LDAP://OU=Computers,DC=Domain,DC=Local] or even the domain root [LDAP://DC=Domain,DC=Local]. “But, but! We are missing several objects and they seem to be residing on one or more of the child domains!” Fear not! SCCM have logs, and logs will always help us when we are in dire need of guidance.. Browse through: adsgdis.log (Group Discovery) adsysdis.log (System Discovery) adusrdis.log (User Discovery) Somewhere in these logs you will find what might be the culprit causing problems. [...]

By |2012-10-12T15:27:22+01:00oktober 12th, 2012|Configuration Manager (SCCM)|2 Comments

SMSPXE.Log in SCCM 2012

A commonly asked question the forums these days is – “anybody seen the SMSPXE.log?” With ConfigMgr SP1 the log is placed on the distribution point in <X>\SMS_DP$\SMS\Logs where X is the location of the contentlibrary. The log files contains a bit more useful information compared to Cm07 and CM2012 RTM. Below is a snippet of the log file where an unknown computer performs a PXE boot and runs an “advertisement” (what ever that is”) Client lookup reply: <ClientIDReply><Identification Unknown="0" ItemKey="0" ServerName="" ServerRemoteName=""><Machine><ClientID/><NetbiosName/></Machine></Identification></ClientIDReply>     SMSPXE    10/11/2012 5:35:33 AM    5640 (0x1608) 00:15:5D:01:75:20, B9291B40-5182-4CAB-BFFF-ADF05C1C4663: device is not in the database.    SMSPXE    10/11/2012 5:35:33 [...]

By |2012-10-11T17:10:10+01:00oktober 11th, 2012|Configuration Manager (SCCM), General info|3 Comments

Mastering SCCM 2012 SP1 training

System Center 2012 SP1 just released, and it’s not a minor release. I have been working with SMS since 1996 and I haven’t seen anything like this in the past. If you need training on Configuration Manager 2012 I highly recommend that you attend the correct class and it must be a class where the material is based on the latest Service Pack. There a huge changes in Service Pack 1 and we will make sure that you learn about all of them. Our Mastering Configuration Manager 2012 class has been running with great success since May 2011 and is [...]

By |2012-10-04T12:50:04+01:00oktober 4th, 2012|Configuration Manager (SCCM), Training|2 Comments