CCMEXEC.COM – System Center blog

I got a request from a customer that they want to be able to subscribe to the built in report “Antimalware Activity Report” in Configuration Manager 2012. As this report requires a start date and end date to run the report will be be emailed for the dates that are entered when you create the subscription and not the current date.

Modifying the report to be for the last day or for the last 7 days and remove the Start Date and End Date prompt.

Here is how to do it:

1. Browse to the Configuration Manager 2012 reporting site

2. Under Endpoint Protection, select the “Antimalware Activity Report” and select “edit in report builder”

3.Under Parameters select @StartDate and Edit parameter

4. Change the visibility to “Hidden”
5. In the available values section change to “Get values from a query” with the below settings:

6. Then we do the same for the @EndDate parameter:

7. Then we save the report with a new name like “Anitmalware Activity Report – Last 7 days”

Now when we run the report we are no longer prompted for a Start Date and an End Date, only which device collection the report should be based on.

Then we are done!

If you want to change the interval from 7 days to only include todays activity we can change that as well really easy in the Report Builder.
Under “Datasets” select the “StartEndDates” dataset and edit the query. Change the “-7″ in the query to how many days back in time you want the report, for only todays activity set it to “0″.

Then the query looks like this:
select DATEADD(day,0,DATEDIFF(day, 0, GetUTCDate())) as StartDate, DATEADD(day,0,DATEDIFF(day, 0, GetUTCDate())) as EndDate

Then we save report again as for example “Antimalware activity report – todays activity”

I hope this can be useful for more than me

I have ran into this a couple of times now when moving site roles in Configuration Manager 2012. When uninstalling the WSUS server components from in this case the Primary Site server to move it to a dedicated server instead the Management Point on the Primary Site server started giving HTTP Error 500 Internal Server Error:

This was caused by the removal of the WSUS role on the server which removed almost all the files installed by the Windows Update Services but not the configuration written in the ApplicationHost.config file. The Applicationhost.config file tries to call the .dll installed by the WSUS Server but no longer exists on the system.

From the Applicationhost.config file:

<scheme name=”xpress” doStaticCompression=”false” doDynamicCompression=”true” dll=”C:\Program Files\Update Services\Webservices\suscomp.dll” staticCompressionLevel=”10″ dynamicCompressionLevel=”0″ />

Running the following command will remove all references to the module installed by WSUS.

%windir%\system32\inetsrv\appcmd.exe set config -section:system.webServer/httpCompression /-[name='xpress']


After that the Management Point is up and running again.

I have the great honor to be speaking at TechED 2014 in Houston together with Stefan Schörling.
The session is called “Microsoft System Center Configuration Manager Community Jewels”. We will present and demo many of the cool tools that are available created by the community and show how they can help you solve day to day headaches and makes your life a lot easier! Expect a lot of demos!

The session code is PCIT-B320

See you all in Houston!

Just realized I missed a release of a Configuration Manager book, “Configuration Manager book: High availability and performance tuning” by fellow MVP Marius Sandbu. A good introduction to High-availability.

You can find it here on PactPublishing

When building a new OS image it is a really good idea to include Visual C++ Redistributable packages in the image as well as .NET framework versions so that we don’t need to handle these software components as dependencies for all applications but have it included in the standard image instead. I also copy Cmtrace.exe to every location I can think of, like C:\windows on all clients when I create the image, extremely useful.

Here is a Knowledge-base article to bookmark “Latest Supported Visual C++ Downloads” http://support.microsoft.com/kb/2019667

It contains information and links to all the latest versions of the Visual C++ Redistributable packages which makes it really easy to find the latest versions.

The link to the Visual C++ 2013 redistributable pacakge is not in page below, here is the link instead. http://www.microsoft.com/en-us/download/details.aspx?id=40784

When enabling Bitlocker using Configuration Manager the step fails if there are a CD/DVD inserted. There are many great solutions to eject the CD/DVD before enabling Bitlocker out there.
As CD/DVD are not used at all that much anymore I was kind if annoyed that it ejected the CD/DVD every time and when enabling Bitlocker after OS deployment using a Task Seqeunce it could be interesting for the end-user when the CD/DVD is ejected.

So this script only ejects the CD/DVD when media is present in the drive. I have posted a powershell version on Microsoft Gallery: http://gallery.technet.microsoft.com/Eject-CDDVD-if-CD-present-5e464ad2

But after several requests I have created a vbscript version as well which also ejects the CD/DVD if media is present.

Download it here: ejectcd

Or copy paste the code below:

-------------------------------------------------------------------------------------------------------------------------------------

'Created by Jörgen Nilsson, http://ccmexec.com

'Version 1.0

WSCript.Quit


A really cool new announcement was just made: a new feature in Configuration Manager 2012 R2 / Windows Intune that makes it possible to provision ActiveSynce email profiles using ConfigMgr 2012 and Windows Intune. Thought that I would post this here as well as it is bigger news than just the fact that you can provision ActiveSync email profiles using Configuration Manager 2012 R2 and Windows Intune.

This new feature uses a new component in Configuration Manager 2012 R2 that makes it possible for Microsoft to publish new Windows Intune Mobile Device Management features to the Configuration Manager 2012 R2 console / site without having to do it in a Service Pack or in a new release.  This is a really cool feature as it makes it possible to ship new features more often than you could with the normal approach with Service Packs and R2 releases.

The Mobile Device Management segment is driving innovation really fast. I have several customers who now have more iOS devices in their environment than they have PC’s, so there is a big market out there.

The blog post about how to provision email profile can be found here:  http://blogs.technet.com/b/configmgrteam/archive/2014/01/29/provision-activesync-email-profiles-to-mobile-devices-using-configmgr-and-windows-intune.aspx

Now it is time to provision some email accounts

I have gotten a number of requests for some reports in ConfigMgr 2012 which I wrote for ConfigMgr 2007. Finally time to get around to do it. To start of I wrote this little guide for how to import a Configuration Manager 2012 Report using Report Builder. It is not really as simple as in Configuration Manager 2007 but much more powerful.

To import a report download an .RPL file like this one which I will write about in the next post (it requires ConfigMgr 2012 R2): Computers with a specific file per Collection

1. Browse to the Reporting Services webpage, by default http://server/reports as a user with permissions to edit reports.
2. Select Upload file

3. Browse to the file you want to upload and enter a friendly name to be shown in Reporting Services for the report.

4. Select “Edit in Report Builder” for the newly uploaded report.

5. Select “Add Data Source” as we need to change the data source to the on in the target environment.

6. The data source can be created from the configuration file in the root of the Configuration Manager reporting folder. Select “Browse”

7. Select the Data Source file available in the Configuration Manager reports root folder.

8. Delete the old data source that was in the report when it was imported.

9. To update the different Datasets used in the report with the new data source, select Dataset properties and then simply click OK.

10. Select OK and repeat it for all the Datasets.

Then the report is ready to be run and tested!

Optional steps: If the report is an exported Configuration Manager 202 report with the System Center logo banner complete the following steps as well.

1. In the Report Builder tool, right click on the header which has a red x because the file is not found.

2. Change the path to the path in your Configuration Manager Reporting Services folder under “Report Resources”

3. Repeat the steps for all three of the files in the header and you are done!

Now the System Center logo will be correct as well in the report.