CCMEXEC.COM – System Center blog

CCMEXEC.COM – by Jörgen Nilsson

With the release of Configuration Manager 2012 R2 Toolkit three new tools are included in the Toolkit! The toolkit can be downloaded here: http://www.microsoft.com/en-us/download/details.aspx?id=36213

These are:

  • DP Job Manager
  • Collection Evaluation Viewer
  • Content Library Explorer

Collection Evaluation Viewer is a great addition, saving a lot of time when troubleshooting performance related issues and collection evaluation overall.
With Collection Evaluation Viewer you can see the different queues that are used for Collection Evaluation as displayed below including some valuable information like member changes, Last evaluation time and Run Time which can be used to troubleshoot performance related issues and bad queries.

Collection Evaluator Viewer_2You can also see each individual Queue as well which is great, Incremental updates is something that is asked for a lot, how many can we have without affecting collection evaluation.
This is a great tool for that as well here you can see how many collections which have incremental updates enabled in your environment. According to Technet the supported/recommended limit is 200 but normally you can have more than that, using this tool it is much easier to detect when you are getting close to that limit.

Collection Evaluator Viewer

    DP Job Manager
    Collection Evaluation Tool
    Content Library Explorer

    This is a tool that I will use a lot to troubleshoot and use to find performance bottlenecks! Much easier than reading the colleval.log file to achieve the same.

Registrations are now open for System Center User Group Sweden – Client Gathering 10/1 – 2014 at Microsoft in Akalla, Stockholm – Sweden. We are really proud to present Wally Mead as one of the speakers!!

There will be many great sessions and time to meet with a lot of people with the same interest!

Agenda

  • 0900-0915 – Welcome – Stefan
  • 0915-1030 – Wally Mead – Managing Modern Devices with System Center 2012 R2 Configuration Manager and Windows Intune
  • 1045-1200 – Jörgen Nilsson / Stefan Schörling – Community Treasures
  • 1245-1400 – Wally Mead – Upgrading to System Center Configuration Manager 2012 R2
  • 1415-1530 – Mikael Nyström –  Deploying Windows 8.1 in production
  • 1530-1600 – Q&A Wally Mead / Stefan Schörling / Jörgen Nilsson / Mikael Nyström

Don’t miss it! Registration can using the link below, and the great thing is, it is FREE!

http://www.eventbrite.com/e/scugse-client-gathering-tickets-8489952677

If you haven’t joined the facebook group I strongly suggest that you do that as well (all discussions are in Swedish)

740810_10151223710004296_1783026840_o

An update for Endpoint Protection Clients were released on November 28 2013, it updates the client to version: “4.4.304.0″.

The update applies to the following Endpoint Protection / Configuration Manager versions:

  • Microsoft System Center 2012 R2 Configuration Manager Endpoint Protection clients
  • Microsoft System Center 2012 Configuration Manager Endpoint Protection Service Pack 1 (SP1) clients
  • Microsoft Forefront Endpoint Protection 2010 clients.

Important to note is that the update for Configuration Manager 2012 SP1 requires that you are on SP1 Cumulative Update 3 to be able to install the update!

More information and to download the update: http://support.microsoft.com/kb/2907566

In some scenarios that I have written about before I end up building my master image using the ZTIWindowsUpdate.wsf script from MDT to install the updates needed during the build from Microsoft Update, http://ccmexec.com/2013/09/tips-when-building-images-with-configmgr-2012-part-2/

Now that IE11 is released in Microsoft Update in some scenarios you wan’t to exclude it as well, the KB article number is 2841134 so the exclusion should look something like this.

BuildImages IE 11

For Configuration Manager 2012 R2 there are now two hotfixes available, remember to only install them if you are experiencing the issues described in the KB article.

“An update is available for the “Operating System Deployment” feature of System Center 2012 R2 Configuration Manager” http://support.microsoft.com/kb/2905002/en-us

This update solves two issues:

1. After you enable the PXE Service Point role on an instance of a specific distribution point, or you select the Deploy this boot image from the PXE-enabled distribution point property of a boot image, the Windows Deployment Service (WDS) stops running.

2. It solves a performance related issue when the image is downloaded during OS Deployment, this is only applicable if the task sequence is deployed as “Download content locally when needed by running Task Sequence”

“Per-computer variables for imported computers are not read in System Center 2012 R2 Configuration Manager” http://support.microsoft.com/kb/2907591

It solves an issue where computer variables are not read by the task sequence during OS Deployment for imported computers.

Additionally here is a list of all KB articles related to Configuration Manager 2012 which can be really useful to have a look at when troubleshooting: http://social.technet.microsoft.com/wiki/contents/articles/9539.list-of-public-microsoft-support-knowledge-base-kb-articles-for-system-center-2012-configuration-manager-configmgr-2012.aspx

Updating device drivers in a task that will have to be done from time to time to solve problems with drivers or software related to the device used. There are two kinds of device drivers, the ones that you need to run setup.exe and run a complete installation as there are supporting software needed as well. For these drivers running the setup silently will work as an upgrade as well.

Then we have the kind that is only delivered as an .inf, .cat and .sys files like for instance network drivers. In this example I will demonstrate how to update a wireless nic driver using an application, it is a really simple task. I prefer to use PNPutil as it is already present on modern operating systems.

Here is a step-by-step guide on how to update a driver, I will update an Atheros driver.

  1. Start by downloading the updated driver and extract it to a folder that can be used as a content source for the application. This folder actually includes the 64 bit driver as well.
    Upgrade driver1
  2. In that same folder create an update.cmd file that contains the following syntax:
    pnputil.exe -i -a %~dp0netathr.inf
  3. Create a new application using the manual option as the screenshots below describes.
    Upgrade driver2
  4. The Driver version can be found in the .inf file.
    Upgrade driver3
  5. We will not use the application catalog for this application.
  6. Upgrade driver4Select the Script installer type
  7. Upgrade driver6We name the deployment type x86 as we perhaps want do deploy a x64 driver as well.Upgrade driver7
  8. Select the folder created earlier as the package source and enter Update.cmd as the installation command.
  9. Upgrade driver8 Under Detection method select Add ClauseUpgrade driver9
  10. Select File System and Type: File and browse to a computer with the driver already installed by selecting Browse
    Upgrade driver10
  11. Browse to C:\Windows\System32\Drivers and select the. sys file that will be upgraded

Upgrade driver11

12. Select that the file must match Version and then the version of the old driver is already filled in, just change it to the version of the new driver which you can find by selecting properties on the new .sys file.

Upgrade driver12

14. In our case we change it to version 10.0.0.255

Upgrade driver13

15. Then select Next
Upgrade driver14

16. Select that it should Install for System as displayed below. Upgrade driver15

17. As a requirement add the Operating System the driver is for, in this case All Windows 7 32-bit
Upgrade driver16

18. Then select Next until the wizard is finished

Then it is time to deploy the updated driver, note that a NIC driver update will disconnect the computer for a couple of seconds. I normally prefer to deploy driver update as hidden so the user doesn’t actually see anything but with a driver update that could be tricky. If we look at the client the driver version is as shown below.

upgrade client1

Then we let the installation run and the driver will be updated.

upgrade client2

And if we check the driver version after that it is updated.

upgrade client3It is a really simple way of updating a driver the detection method is really easy to configure as well and is correct the first time, so it takes 5 minutes perhaps to do. It probably take longer time to find the updated driver on the vendors website.

Happy Upgrading!



    All the System Center 2012R2 components are now available for download! The links and to the products that ship Evaluation VHDs can be found at the following below:

When doing implementations of Endpoint Protection both 2007 and 2012 one question that comes up many times is that the customer wants to run a weekly quick scan and a monthly full scan or a daily quick scan and a weekly full scan. In the Policy settings it is only possible to configure one schedule scan so you would have to choose which one you want to schedule.

SCEP_Policy

What really happens on the client is that a Scheduled Task is created on the client with the settings configured in the policy.

Endpoint protection has a command-line interface as well as the nice Graphical Interface called MPCmdrun.exe. MPCmdrun can be used to script actions on the clients like quick scan, full scan, remove a definition, scan a file and much more. MPCmdrun.exe is actually the command used by the scheduled task created by the Endpoint Protection client as well.


SCEP TASK

Creating an additional scan which in many cases is a wanted feature, can be done either with a Group Policy using Group Policy Preferences or using a Package/Program in Configuration Manager that executes the MPCMRun.exe command.

Creating a Schedule task using Group Policy Preference

Endpoint_Schedule

Endpoint_Schedule1


Creating a Package/program which triggers a Full Scan on the client once every month.

Start by creating a Package without any source files as we will use the locally installed MPCMDrun.exe file from C:\Program Files\Microsoft Security Client. Using the following command line: “c:\program files\Microsoft Security Client\MpCmdRun.exe” -scan -scantype 2

Then create a program with the settings shown below.

SCEP schedule

Deploy the program using a deployment that runs every firs thursday in a month for instance and be sure to set it to “always rerun”

SCEP schedule2