CCMEXEC.COM – System Center blog

CCMEXEC.COM – by Jörgen Nilsson

I have written different scripts before to install all the prereqs needed for Configuration Manager in different versions. There are great hydration kits out there which can be used to install a Configuration Manager 2012 environment, but if you only want to install all pre-reqs needed by System Center 2012 Configuration Manager SP1  on Windows Server 2012 then you can use this Powershell script.

Note that you need to supply a path to the binaries for .NET Framework 3.5 which is located in the Server 2012 installation media under \sources\sxs\

Change the path in red below to reflect your path to the binaries for .NET Framework 3.5.

install-windowsfeature web-server
install-windowsfeature as-web-support
install-windowsfeature application-server
install-windowsfeature web-wmi
install-windowsfeature WDS
install-Windowsfeature RDC
install-Windowsfeature BITS
install-windowsfeature web-net-ext -source d:\sources\sxs\
install-windowsfeature NET-HTTP-Activation
install-windowsfeature NET-NON-HTTP-Activ
install-windowsfeature web-asp
Install-WindowsFeature -Name UpdateServices, UpdateServices-Ui
& 'C:\Program Files\Update Services\Tools\WsusUtil.exe' postinstall contentdir=C:\WSUS
New-NetFirewallRule -DisplayName "SQL Ports" -Description "SQL ports used by ConfigMgr" -LocalPort 1433,4022 -Protocol TCP -Profile any -Enabled True
New-NetFirewallRule -DisplayName "SQL Ports" -Description "SQL ports used by ConfigMgr" -LocalPort 4022 -Protocol TCP -Profile any -Direction Outbound -Enabled True

install-windowsfeature web-server

install-windowsfeature as-web-support

install-windowsfeature application-server

install-windowsfeature web-wmi

install-windowsfeature WDS

install-Windowsfeature RDC

install-Windowsfeature BITS

install-windowsfeature web-net-ext -source d:\sources\sxs\

install-windowsfeature NET-HTTP-Activation

install-windowsfeature NET-NON-HTTP-Activ

install-windowsfeature web-asp

Install-WindowsFeature -Name UpdateServices, UpdateServices-Ui

& 'C:\Program Files\Update Services\Tools\WsusUtil.exe' postinstall contentdir=C:\WSUS

New-NetFirewallRule -DisplayName "SQL Ports" -Description "SQL ports used by ConfigMgr" -LocalPort 1433,4022 -Protocol TCP -Profile any -Enabled True

New-NetFirewallRule -DisplayName "SQL Ports" -Description "SQL ports used by ConfigMgr" -LocalPort 4022 -Protocol TCP -Profile any -Direction Outbound -Enabled True

There are some interesting reading in the supported configurations for WSUS in Server 2012 which is useful to know when you design your Configuration Manager 2012 environment with a Software Update role. I normally use the same SQL for WSUS as I use for Configuration Manager 2012 in many designs at customers. However there are some interesting reading on Technet about supported databases.

Updated 2013-03-05!!

Right now Microsoft SQL Server 2012 is not supported so keep that in mind when upgrading your SQL or designing your Configuration Manager 2012 SP1 environment.

SQL Server 2012 is now supported by WSUS in Server 2012

  • Windows Internal Database (WID)
  • Microsoft SQL Server 2008 R2 SP1 Standard Edition
  • Microsoft SQL Server 2008 R2 SP1 Enterprise Edition
  • Microsoft SQL Server 2008 R2 SP1 Express Edition
  • Microsoft SQL Server 20012 Standard Edition
  • Microsoft SQL Server 20012 Enterprise Edition
  • Microsoft SQL Server 20012 Express Edition

More information can be found here: http://technet.microsoft.com/en-us/library/hh852344.aspx

Another tip: the same article contains the recommended ant-virus exclusions for WSUS, which is highly recommended from a performance perspective. Note that the content directory is not heavily used when using WSUS with Configuration Manager.

  • \WSUS\WSUSContent where \WSUS\ is the location of the WSUS content folder
  • %windir%\wid\data
  • \SoftwareDistribution\Datastore (for client only)
  • \SoftwareDistribution\Download

The binaries are updated for System Center 2012 Configuration Manager SP1, you should download them again before installing, then you will not have to install the hotfix which solves an issue with client installation.

More information:

http://blogs.technet.com/b/gladiatormsft/archive/2013/01/26/you-may-need-to-re-download-configuration-manager-2012-and-endpoint-protection-2012-sp1-binaries.aspx

Service Pack 1 has been out there for a while with a lot of great new features! There are some things to think about when upgrading and existing Configuration Manager 2012 environment.I have tried to collect useful information here to make it easier for you to upgrade to Service Pack 1.

1. Read the “Planning to Upgrade System Center 2012 Configuration Manager” on Technet

2. Download the hotfix for SP1 which solves an issue deploying the Configuration Manager 2012 SP1 which you will need, the ConfigMgr client installation logs

Couldn’t verify     ‘C:\WINDOWS\ccmsetup\MicrosoftPolicyPlatformSetup.msi’ authenticode signature. Return code 0×800b0101” in the ccmsetup.log file. http://support.microsoft.com/kb/2801987

UPDATE 26/1 2013

If you download the SP1 media after the 25/1 then you don’t have to download and use the update above.

3. This article describes the upgrade process http://support.microsoft.com/kb/2801416

4. There is a great list at myITForum with knwon issues as well, which is updated with new information all the time “System Center 2012 SP1 Woes, Gotchas, and Workarounds” I recommend reading this list before upgrading!

There was a question on Technet forum a while ago, requesting a script to configure the “Automatically install or uninstall required software and restart the computer only outside of the specified business hours”. http://social.technet.microsoft.com/Forums/en-US/configmanagerapps/thread/08d2f8e9-feaf-4143-af56-7e97ef20267c/

Torsten Meringer, ConfigMgr MVP wrote a blog post and a script a while back on how to modify the Business Hours using a vbscript, it can be found here http://www.mssccmfaq.de/2012/03/26/software-center-business-hours-auslesen-setzen/

I used Torsten’s excellent script and modified it to change the “Automatically install or uninstall….” setting instead. I will post it here if anyone else need to configure that setting.

Automatically_install

Here is a script to check what the setting is:

Set objUX = GetObject("winmgmts:\\.\root\ccm\ClientSDK:CCM_ClientUXSettings")
Set GBH = objUX.ExecMethod_("GetAutoInstallRequiredSoftwaretoNonBusinessHours")
WScript.echo "Automatically install or uninstall required software and restart the computer only outside of the specified business hours : " & GBH.AutomaticallyInstallSoftware

Set objUX = GetObject("winmgmts:\\.\root\ccm\ClientSDK:CCM_ClientUXSettings")

Set GBH = objUX.ExecMethod_("GetAutoInstallRequiredSoftwaretoNonBusinessHours")

WScript.echo "Automatically install or uninstall required software and restart the computer only outside of the specified business hours : " & GBH.AutomaticallyInstallSoftware

Here is a script to enable the “Automatically install or uninstall required software and restart the computer only outside of the specified business hours” setting.

Set objUX = GetObject("winmgmts:\\.\root\ccm\ClientSDK:CCM_ClientUXSettings")

Set inParam = objUX.Methods_.Item("SetAutoInstallRequiredSoftwaretoNonBusinessHours").inParameters.SpawnInstance_()

inParam.AutomaticallyInstallSoftware = "True"

Set result = objUX.ExecMethod_("SetAutoInstallRequiredSoftwaretoNonBusinessHours", inParam)



Thanks to Torsten who wrote the original script!!

Here is a Holiday reading tip!

This book is a great book if you want to get started with Configuration Manager 2012! It is well written by experienced professionals (Brian Mason and Greg Ramsey both MVP’s) with tons of experience, with a focus on getting you started and explaining why you do the things you do.

Configuration Manager 2012 is a very complex product so it can be a real challenge the first time you start using it. I really like that each feature covered in the book is divided in “Getting ready”, “How to do it”, “How it Works”, it makes it much easier to get an understanding how it actually works.

You can check it out here: Microsoft System Center 2012 Configuration Manager: Administration Cookbook.

4941EN_Microsoft System Center Configuration Manager 2012 Administration Cookbook_cov

In some scenarios in Configuration Manager 2012 you want your packages, OS images, boot image and driver packages, well everything you use in a task sequence to be available on the package share so that we can use the option to access the content directly during OS deployment.
This of course takes up more disk space but makes the OS deployment a little bit faster.

Here is the setting in question:

packageshare1

I got a question today if you could script that setting, so after a little bit of WMI browsing I found the value that needs to changed, as I couldn’t find it in the SDK for Configuration Manager 2012, maybe I wasn’t looking hard enough.

However here is a code snippet that you can use together together with the example on MSDN on how to call an example snippet: http://msdn.microsoft.com/en-us/library/hh949053.aspx.

Sub ModifyPackageFlags(connection, existingPackageID)

' Define a constant with the hex value for USE_PKGSHARE.

CONST USE_PKGSHARE = "&H00000080"

' Get the specific advertisement instance to modify.

Set packageToModify = connection.Get("SMS_Package.PackageID='" & existingPackageID & "'")

' List the existing property values.

Wscript.Echo " "

Wscript.Echo "Values before change: "

Wscript.Echo "--------------------- "

Wscript.Echo "Package Name: " & packageToModify.Name

Wscript.Echo "Package Flags: " & packageToModify.PkgFlags

' Set the new property value.

packageToModify.PkgFlags = packageToModify.PkgFlags OR USE_PKGSHARE

' Save the advertisement.

packageToModify.Put_

' Output the new property values.

Wscript.Echo " "

Wscript.Echo "Values after change: "

Wscript.Echo "--------------------- "

Wscript.Echo "Package Name: " & packageToModify.Name

Wscript.Echo "Package Flags: " & packageToModify.PkgFlags

End Sub

Sometimes an OS deployment fails for different reasons, one thing that can be a problem is that users in some cases don’t see the error message saying that the installation failed and starts using the computer. Even if we use “SMSTSErrorDialogTimeout” to change the default 15 minutes error dialog to 22 hours, the installation can be initiated over a weekend for instance.
If the installation fails near the end of the Task Seqeunce it could only be one application missing an nobody notice it.

I have written two small scripts for this, one that actually disables the computer account in AD if the TS fails and one that changes the logon background in Windows 7 to an awful looking background which cannot be missed by the user, of course this is just a sample.
If the Task Seqeunce fails it would look like this if the user tries to logon:

DisableComputer

Then no user cannot use the computer for sure.
I use it in an MDT task sequence so I put the two additional steps in the section “Gather Logs and StateStore on Failure” which is executed in case of a Task Sequence failure.

Here is how to implement it:

  1. Download the scripts needed here: TSerrorscript
  2. Place them in a folder that can be used as source folder as below.
    DisableComputer4
  3. In the backgrounds directory replace my ugly example logon background with your own.
  4. Create a package in Configuration Manager with the folder with the scripts as source folder and distribute it to your DP’s.
  5. In the Task Seqeunce add a step for disabling the computer account. I use the same account as I use to join the domain.
    DisableComputer5
  6. Set a condition to only run if not in WinPe as there is no account to disable if the computer is not in AD.
    DisableComputer6
  7. Then we add a step to change the background and use the same condition as above for this step.
    DisableComputer7That is it, now you are ready to test it out.