CCMEXEC.COM – System Center blog

There was a question on Technet forum a couple of weeks ago so I thought I would post it here as well. It can in some scenarios be useful to set the computers AD description during SCCM OS deployment. I use a script for this which can be used to set the AD description using  a variable like for instance a Computer or Collection variable that can be filled in during the deployment or a value from MDT variables if you like.

This is the script I use:


dim Computerdn, strComputerName

dim Args

Set WshShell = WScript.CreateObject("WScript.Shell")

'----Get Computer DN------

Set objADSysInfo = CreateObject("ADSystemInfo")

ComputerDN = objADSysInfo.ComputerName

strcomputerdn = "LDAP://" & computerDN

Set objADSysInfo = Nothing

'-----Read commandline---

Set args = WScript.Arguments

end function

Then I run it from a package in the task sequence. It must be run after the “Setup Windows & ConfigMgr” step, so that the computer is restarted after it is joined to the domain.
The account which executes the script must have permissions in the AD to set the AD Description. Just replace the %desc% with the variable you want to use or static value if you want to use that.

If you want to be prompted for an AD description when the Task Sequence starts create a Collection variable for the OSD Collection with an empty value like this:

When you have a task sequence in SCCM with many steps the monitor goes into power save mode before the installation is complete. In some cases the end-user can believe that the computer installation is finished and closes the lid on the laptop and goes home and the OS installation fails. It is also really annoying when waiting for an installation is complete.

I use the following to simple steps in my Windows 7 deployment task sequence to prevent the computer monitor for entering power save.

The first step simple configures the current power scheme to not turn off the monitor when power is connected, this command must run after the “Setup Windows and ConfigMgr” step so that the computer has restart with the locally installed OS:

When the installation of the OS is complete i simply restore the Power Scheme back to default by running the following command. When the OS deployment is complete I simply configure the power option either by using Group policy Preferences or Configuration Manager.

Last week on the 17-18 of January the SCCM Summit 2012 event arranged by Cornerstone took place in Stockholm Sweden. A great event focusing on System Center 2012: Configuration Manager for 1 1/2 days. The event hosted speakers like Johan Arwidmark, Anders Ahl, Niall Brady and Peter Frodin.
I had the great opportunity to deliver three sessions myself:

• System Center 2012: Endpoint Protection
• CM 2012 Application Management part 1
• CM 2012 Application Management part 2

It was great fun and a really great event! Thanks Cornerstone for a great event and thanks to everyone who attended, looking forward to next year!

I wrote a post a year ago or more about how to install the SCCM 2007 Admin Console including R2, this is something I use a lot in my projects as it is more and more to install when installing the Admin Console.
In the example below I install the Admin Console, the required hotfix(kb977384) and R3. If you are using Forefront Endpoint Protection you need to install the FEP Admin UI extensions as well on your client machines which should have the SCCM console locally installed, I will post an example of a script with the FEP integration later on.

When R3 came along the SCCM 2007 R3 requires a hotfix(KB977384) which restarts a lot of services on the computer during installation for instance ccmexec, WMI and so on, if a Task Sequence or application installation runs it will stop and return error.
so I wrote a little vbscript which uses a .MIF file to report the installation status back to the SCCM server. It will report any errors back to the SCCM server so that it is easy to troubleshoot.

The script can be downloaded here: Install

To implement the script do the following:

1. Copy the needed installation media to a folder with the following sub-folders.
   Note: to save space I deleted files in the WAIK directory from the Configuration Manager SP2 installation source as these files are not needed to install the admin console.
2. Save the downloaded vbscript to the folder you just created and rename it to install.vbs.
3. Create a Unattend.ini file in the ConfigMgr_sp2 folder with the following content, you need to change the server name to your SCCM Primary Site server.
   
[Identification]
Action=InstallAdminUI
[Options]
SMSInstallDir=c:\program files\Configuration Manager 2007
ParentSiteServer=SCCM1
SDKServer=SCCM1

4. In SCCM Create a Package with the source folder beeing the folder structure just created.
5. In the package properties configure the following under the reporting tab: (this is used to match the .mif file generated by the script with the package)
   
6. Create a program with the following settings:
   
7. If you want to display the installation progress in a cmd windows to the users, configure the program to “Allow users to interact with this program”
8. Add the package to your Distribution Points
9. Advertise the program to a test collection and start testing.

I hope this can be useful for more than me.

Hi,
Answered a question on Technet forum this morning and about a report to list all Windows 7 computers without Service Pack 1 installed.
I modified it slightly for this post to include the possibility to filter on a specific collectionID.

When creating the report create a prompt in the report called varcollection

Report Query:

order by SYS.Netbios_Name0


SQL query for the varcollection prompt:


begin
if (@__filterwildcard = '')
select distinct CollectionID, Name from v_Collection order by Name
else
select distinct CollectionID, Name from v_Collection
WHERE CollectionID like @__filterwildcard
order by Name
end


In some scenarios you need to install the SCCM client using another Software Distribution tool than Configuration Manager, yes I know it sounds strange

If you have tried this you know that the Ccmsetup.exe installs a service and the exits in the user context so that control is returned to the vbscript, cmd file or whatever method you use to run Ccmsetup.

There are two ways of solving this:

1. Run Ccmsetup.exe with the /noservice switch then ccmsetup runs the setup in the user with which you triggered the installation and not using  a service in System context.

2.Use vbscript that checks for an active process called “ccmsetup.exe” and wait for it to exit.

I thought of writing a script for this and then I found this excellent discussion on a forum: http://www.tek-tips.com/viewthread.cfm?qid=911251

That script will work for Ccmsetup as well. Below is the modified script for ccmsetup.exe


Set WshShell = Nothing
Set WshShell = WScript.CreateObject("WScript.Shell")
WshShell.Run "ccmsetup.exe SMSSITECODE=020 FSP=SCCM01", 0, True
Wscript.Sleep 5000
set svc=getobject("winmgmts:root\cimv2")
sQuery="select * from win32_process where name='ccmsetup.exe'"
set cproc=svc.execquery(sQuery)
iniproc=cproc.count
Do While iniproc = 1
wscript.sleep 5000
set svc=getobject("winmgmts:root\cimv2")
sQuery="select * from win32_process where name='ccmsetup.exe'"
set cproc=svc.execquery(sQuery)
iniproc=cproc.count
Loop
set cproc=nothing
set svc=nothing
Set WshShell = Nothing


In Forefront Endpoint protection 2010 there is no possibility to password protect the uninstallation of the FEP client. This makes it possible for instance for local admins to remove the FEP Client.
I started testing to advertise the FEP client to the “Locally Removed” collection where the client will end up if the FEP client is uninstalled. At least that was what I thought…

The above statement is true if you install the FEP client using the Package/program and advertisement in SCCM if you deploy the FEP client using for instance an OSD task sequence, or manually the client is added to the “Not Targeted” collection instead.

Note: And if you wonder the installation and the uninstall of the FEP client triggers a SCCM hardware inventory on the client immediately, to speed up the process of reporting an updated inventory to the SCCM server.

So, I solved it using the following setup in SCCM, including a standard exclusion collection as the customer asked for the possibility to exclude certain computers from FEP.

I have created two sub-collections for my Microsoft FEP collection:

-FEP – Install

-FEP – Exclusion

The following query is used for the FEP – Install Collection:

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.ResourceId not in (select distinct SMS_R_System.ResourceId from  SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName = "Microsoft Forefront Endpoint Protection") and SMS_R_System.ResourceId not in (select distinct SMS_R_System.ResourceId from  SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS_64 on SMS_G_System_ADD_REMOVE_PROGRAMS_64.ResourceID = SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS_64.DisplayName = "Microsoft Forefront Endpoint Protection") and SMS_R_System.Active = 1 and SMS_R_System.ResourceId not in (select ResourceID from SMS_CM_RES_COLL_02000087)

When you import the query change the SMS_CM_RES_COLL_02000087 in the query to reflect the CollectionID of the FEP-Exclusion collection in your environment.

The query includes:

• Only active clients
• Coputers where Microsoft Forefront Endpoint Protection client is not installed, both x86 and x64
• Computers that are not members of the FEP-Exclusion collection.

You can limit the FEP-Install collection to for instance “All Windows Workstation and Professional Systems” if you don’t want to include servers.

Then I advertise the Microsoft FEP client package using the package/program included in the installation of FEP and advertise it with the following settings:

Then the installation will rerun even if the FEP client is removed and added back more than once.

I hope this is useful to more than me.

I have great honor to be doing two sessions at the SCCM Summit 2012 in Stockholm, Sweden 17-18/1 – 2012. http://www.cornerstone.se/sv/Event/sccm2012/

SCCM Summit 2012 will be 1 1/2 day focusing on all the great new features in System Center 2012 Configuration Manager(in Swedish).

The sessions I will deliver is:

• Application Management in two parts(double session), where we will cover the whole life-cycle of application management in CM 2012.
• System Center 2012 Endpoint Protection, how to protect your clients using endpoint protection in Cm 2012.

There are are some great speakers which will be part of the event:

Anders Ahl – Microsoft

Johan Arwidmark – Knowledge Factory

Niall Brady- Enfo Zipper

Peter Frodin – Atea

I hope to see you there!