CCMEXEC.COM – System Center blog

CCMEXEC.COM – by Jörgen Nilsson

Lenovo joins Dell and HP  by having SCCM Driver Packs that you can download for at least from what I have seen so far newer models only.
This is a great initiative from Lenovo to join Dell and HP as the leaders in delivering Laptops and Desktops for the enterprise segment.

When you download drivers check under the category Enterprise Management..


This is great news!

Well spotted Oddvar! this is truly great news!

I wrote a post a long while ago which started as question in on Technet Forum on how to remove a computer from a collection using a status filter rule once the OS deployment Task sequence is successful, I posted the script here:
I still use it in almost all of my implementations of Configuration Manager. In one customer scenario I had to clear the PXE flag as well so I added that to the script so now you can select if you want the script to clear the PXE flag as well on the client when it is removed from the OS deployment collection.

The script works fine both in Configuration Manager 2007 and Configuration Manager 2012.

Why using a Status Filter Rule instead of a script in the TS run from the client side? Well you don’t have to open any firewall ports in the server for WMI e.t.c. You could also implement Webservices which do the same task for you, i like the simpleness in the status filter rule though.

The script can be downloaded here: Vbscript remove from Collection

To implement it:

1. Download the script and save it as “remove.vbs” in for instance E:\sccmtools or another folder on the Primary Site server.

2. Edit the following line with the collection/collections you want the computer removed from

sCollectionIDs = “00100053:0010004A:00100069″

You can now also configure if you want the script to clear the pxeflag by changing this value.

ClearLastPxe = “1″

You can also have the script to write to the eventlog on the Primary Site Server which Computername will be removed from which collections if you need to troubleshoot.

sEventlog = “1″

When that is done, save the file

3. Create a status filer rule, this screenshots are from Configuration Manager 2012 not that much differs.

4. Create a new status filter rule under Site Configuration\Sites choosing Status Filter rules.

5. Select Create


6. Configure it to use the following settings:

Name: Remove From Collection

Component : Task Sequence Manager

Message Id: 11171

Note: You have to type in “Task Sequence Manager” it is not available in the drop-down list as it is not a server component.


7.  Run a Program: C:\windows\System32\cscript.exe e:\sccmtools\remove.vbs %msgsys


8. The next screen confirms that you are finished.


Now you have successfully implemented the Status Filter rule and can start testing.

At the Microsoft World Partner conference today in Toronto, Microsoft Announced that Windows 8 will go RTM in August:

“confirmed that Windows 8 is on track to Release to Manufacturing (RTM) the first week of August. For enterprise customers with Software Assurance benefits, they will have full access to Windows 8 bits as early as August”

For the more details see the blog post here on Windows Blog:

Then we are all awaiting when SP1 for Configuration Manager 2012 will be realeased with full support for Windows 8, I can hardly wait!

As a follow up to the post I wrote on how to generate a randomized local admin password and save it in SQL , I will now describe a simple .HTA to retrieve the local admin password for a computer using a simple .hta. The .HTA has many graphical improvement potential but it works.
It will use the credentials that is is launched with to access the DB and retrieve the password for a specific computer.

localadmin_get1 Using a HTA like this makes it really simple for the Service desk to retrieve the password when needed.

The file can be downloaded here:LocalAdminPW

I hope this can inspire to some nice looking HTA’s out there ;-)

In many scenarios it could to be a great idea to be able to set a randomized password for the local administrator account or create a new user account with local administrative permissions and disable the built-in account. The script can easily be modified to generate a password for another user-name than the local administrator.

This way if you have to give the user or a technician the local admin password to be able to re-join the domain or troubleshoot network connectivity, you are only giving the password to that computer.
To accomplish this I created a vbscript which will generate a randomized password and write it to a table in the MDT database. This script can easily be modified to create a new user account as well and not only to set the password for the local administrator account. It can also be run in a custom task sequence to generate a new password for the local administrator account.

As I don’t want any passwords stored in the script I use a Task Sequence step before the script “Net user /add” to add the service account under which I run the script to the local administrator group and after the script has run I remove it again. So the steps in the TS would look like this.


The script can be downloaded here(rename it to localadminpwsql.vbs): Localadminpwsql


  • Service Account in AD for this purpose


  1. Create a new table in the MDT database called Ladmin with two columns:
    Computername = nchar(30)  not null
    Localadminpw = nchar(30 not null
    Select the Computername as the primary key. Like this:
  2. Grant the service account the datareader and datawriter role to the MDT database.
  3. Download the script and modify the following lines to adapt it to your setup.
    objConnection.Open “Provider=SQLOLEDB;Data Source=sccm01;” & “Trusted_Connection=Yes;Initial Catalog=MDT;”
  4. Create a package containing the setlocaladmin script, and add it to distribution points, don’t create a program.
  5. In your Deployment Task Sequence create three new run command line steps.
  6. Add a Command Line step to add the user to the local administrator group, command line:
    net localgroup administrators contoso\srvlocal /add
  7. Add a Command line step “setlocal admin password” using the following settings, it is here we configure that the command line should run as the service account with local admin permissions.
  8. Add a step to remove the service account from the local admin group, with the following command line:
    net localgroup administrators contoso\srvlocal /delete
  9. Test run and you are good to go.

I will post a simple .hta which the servicedesk can use to retrieve the local admin password if needed for troubleshooting purposes.

The Keynotes and all the sessions from TechEd Europe 2012 is starting to come online.

You can download or streams the session recordings and keynotes at Channel 9.

Enjoy! I will!

The SDK for System Center 2012 Configuration Manager 2o12 is now available for download:

This was posted by Dave Randall in the Technet Forums about the SDK release here:

  • Announcing the release of the System Center 2012 Configuration Manager SDK

    The Microsoft System Center team is announcing the release and general availability of the Software Development Kit (SDK) for System Center 2012 Configuration Manager. The System Center 2012 Configuration Manager SDK can be downloaded at no cost today at:

    Configuration Manager is a component of System Center 2012 that:

    • Empowers users to be productive from anywhere, on whatever device they choose.
    • Provides a unified infrastructure for client management and protection.
    • Makes it easier and faster to administer client systems and maintain system compliance.

    The SDK provides information about how developers and IT administrators can develop solutions that integrate with System Center 2012 Configuration Manager. Features of the SDK include the following:

    • Programming Fundamentals. Information about developing integrated applications for Configuration Manager. Provides best practice guidance on using new Configuration Manager features in your applications.
    • “How-To” Examples. Practical “how-to” examples using C# and Visual Basic Script that can automate day to day tasks or build a foundation for robust solutions. How-To’s are available for the Administrator Console, Role Based Administration, and many other topics.
    • Application Management. Information about the new application management capabilities and how to extend application management deployment types, or automate application creation. Information about legacy software distribution is also covered.
    • Samples and Reference Documentation. A detailed section covering over 30 topics that include the Configuration Manager WMI classes and APIs. Several ready-to-compile solution samples are included for the Administrator Console, Software Updates, Operating System Deployment, Application Management and more.
    • Ease of Installation. The SDK quickly installs in a standard way with no complex configuration required and a complete installer size of less than 100 MB. Developers can get up and running in just a few minutes. The System Center 2012 Configuration Manager SDK reference documentation is installed as a compiled help (CHM) file. The System Center 2012 Configuration Manager SDK and the Configuration Manager 2007 SDK can both be installed on the same computer.
    • Complimentary MSDN documentation. The Microsoft Developer Network (MSDN) site also hosts the System Center 2012 Configuration Manager SDK reference documentation. Microsoft intends to update the reference documentation as new information is available. You can monitor the topic at:

    Microsoft intends to provide further updates to the downloadable SDK and the online MSDN reference information at a later date; details will be released when they are available.


As Configuration Manager relies heavily on a working WMI on both clients and servers, a working WMI is really crucial for all activities performed.

The following post was just updated and I strongly recommend that you read it.

Here is the recommended updated for Windows 7 and Windows 2008 R2 from that post.

Hotfix list for Windows 7 and Windows Server 2008 R2

2705357 The WMI process stops sending events to WMI clients from a Windows 7-based or Windows Server 2008 R2-based server

2617858 Unexpectedly slow startup or logon process in Windows Server 2008 R2 or in Windows 7

2465990 “0×80041002 (WBEM_E_NOT_FOUND)” error occurs when you try to open a WMI namespace on a computer that is running Windows 7 or Windows Server 2008 R2

2492536 Msinfo32.exe takes a long time to display or export system information on a computer that has many MSI-X-supported devices and that is running Windows 7 or Windows Server 2008 R2

982293 The Svchost.exe process that has the WMI service crashes in Windows Server 2008 R2 or in Windows 7

974930 An application or service that queries information about a failover cluster by using the WMI provider may experience low performance or a time-out exception

Read the whole post here: