SCCM by Davis: “peterrock58 became a registered member” plus 19 more

---

• peterrock58 became a registered member
• Mike Terrill wrote a new post, How to delete multiple Packages using PowerShell with ConfigMgr 2012 SP1
• Mike Terrill wrote a new post, How to delete multiple Packages using PowerShell with ConfigMgr 2012 SP1
• Mike Terrill wrote a new post, How to delete multiple Packages using PowerShell with ConfigMgr 2012 SP1
• Windows Management Experts posted an update: Creating an Endpoint Protection Alert using System Center […]
• Softbank Will Have to Increase Its Bid for Sprint: Analysts
• Rod Trent wrote a new post, Coretech releases the Distribution Point Utilization Monitor
• Raphael Perez wrote a new post, SCCM 2007 HealthCheck Toolkit goes PowerShell and Free
• SCCM 2012 OSD Driver Management - Advanced Tips
• SCCM 2012 Dev Installation - Scripted
• Phong Le became a registered member
• Phil Schwan wrote a new post, Downloading MMS2013 Content with PowerShell
• Garry Fabb joined the group System Center Service Manager
• Adam T. Lewis became a registered member
• Enhansoft wrote a new post, Reminder: April’s Free SSRS Report is Count of Adobe License Types
• Andrey became a registered member
• Jennifer Shaffer joined the group Enhansoft
• Enhansoft and Jennifer Shaffer are now friends
• Verizon Wireless Made Discreet Bid for Clearwire Spectrum: Report
• Nash Pherson wrote a new post, More Java 'Patch All The Things!', this time needing end-user communication

peterrock58 became a registered member Posted: 17 Apr 2013 02:40 AM PDT Comments: 0

Mike Terrill wrote a new post, How to delete multiple Packages using PowerShell with ConfigMgr 2012 SP1 Posted: 16 Apr 2013 10:14 PM PDT How many times have you had the need to delete multiple packages in a ConfigMgr test site?  In order to do this, you right-click on the package and select Delete.  You get presented a welcome screen, then you are […] Comments: 0

Mike Terrill wrote a new post, How to delete multiple Packages using PowerShell with ConfigMgr 2012 SP1 Posted: 16 Apr 2013 09:02 PM PDT How many times have you had the need to delete multiple packages in a ConfigMgr test site?  In order to do this, you right-click on the package and select Delete.  You get presented a welcome screen, then you are […] Comments: 0

Mike Terrill wrote a new post, How to delete multiple Packages using PowerShell with ConfigMgr 2012 SP1 Posted: 16 Apr 2013 09:02 PM PDT How many times have you had the need to delete multiple packages in a ConfigMgr test site?  In order to do this, you right-click on the package and select Delete.  You get presented a welcome screen, then you are […] Comments: 0

Windows Management Experts posted an update: Creating an Endpoint Protection Alert using System Center […] Posted: 16 Apr 2013 09:41 PM PDT Creating an Endpoint Protection Alert using System Center Orchestrator CM 2012 does not provide a built-in method for alerting administrators when a remediation action fails for Endpoint Protection. When remediation fails, the device is still considered infected. Even more of a concern is if the infection changes Endpoint Protection settings. This is the first of a two part series that will go over how to create an alert so that administrators can be notified when remediation fails. This part goes through the first half of creating the run-book, and next week will be the second half, and the other run-book that is required. Background In the Monitoring node on the CM 2012 console is a section for Endpoint Protection. If you expand this node, and select "System Center 2012 Endpoint Protection Status", you can see a chart like this: http://www.windowsmanagementexperts.com/wp-content/uploads/2013/04/11-300x106.jpg This chart shows you what is happening in almost real time. As you can see, I have four devices where remediation failed (ie the device is still infected) and one device where the malware modified the client settings. These are the machines we are focusing on. By default, this chart updates every 20 minutes when Endpoint Protection summarization runs. You can set that value lower or higher by using the CM 2012 PowerShell cmdlets. Simply connect to CM 2012 using PowerShell (in the file menu of the console) and type: Set-CMEndpointProtectionSummarizationSchedule -Interval -UnitType To complete this runbook, your Orchestrator service account will need at least "Read-Only Analyst" in the CM 2012 console. This allows the service to execute WMI queries again CM 2012. If you want to do the query database step to grab the path of the infection, the Orchestrator service account will need "db_datareader" access to your CM 2012 database. You will also need to open port 1433 (TCP and UDP) from your Orchestrator runbook server to the server running the CM 2012 database. If you do not use the default SQL port, replace 1433 with the port number you use. Preparing the System For my process, I create a marker file that is the name of the device. I create this file in a share on the runbook server. You need to create this share before building the runbook. Creating the share is outside the scope of this article, but I do recommend hiding it (simply put a dollar sign ($) after the share name). Your Orchestrator service account will need Full Control rights for the share, and Read / Write / Modify NTFS rights to the folder containing the files. When the runbook executes, it creates this file after sending the alert email. When the runbook executes again, it checks this directory for those files, and does not send another email if a file with the infected computer name exists. This is to prevent you from getting multiple emails for a single computer. I then have another runbook that runs that deletes these files once the computer is cleaned (more on that later). Creating the Alert Runbook Here is a picture of what your runbook will look like: http://www.windowsmanagementexperts.com/wp-content/uploads/2013/04/21-300x107.jpg It looks complicated, but it's actually quite simple. The items on the top line are the "essential" processes. These are what gathers the data and does the processing. The bottom line can be left out if you want. I will go through each one individually. Find Computers with Remediation Errors To get started, expand the "System" integration pack and drag a "Run .Net Script" activity into your workspace. Open it, click the "General" node, and give this step a name. I named mine "Find Computers with Remediation Errors". Next, go back to the "Details" node, and set the language type to PowerShell. In the box, paste this code: $a = @() $epfailed = Get-WmiObject -ComputerName - namespace "root\sms\site_" -class SMS_CombinedDeviceResources | where-object -FilterScript {$_.EPInfectionStatus -eq "4″} foreach ($fail in $epfailed) { $a += $fail.Name } This step creates an array of all devices where the EPInfectionStatus property is set to "4". When a device infection status is set to four, it means that remediation has failed or the client settings have been modified by the infection. Next, click on the "Published Data" node. Click the "Add" button, and fill the box in like this: http://www.windowsmanagementexperts.com/wp-content/uploads/2013/04/3.jpg This publishes the list of devices to the next step. The variable name field is the value you assigned to the variable, and the name field is a common name for the variable. Check to see if Computer has Alerted Already Drag another "Run .Net Script" activity into your workspace. Open it, give it a name, and return to the Details node. Change the language type to PowerShell, and paste the following code into the script box: $comps = "{Computer Name from "Find Computers with Remediation Errors"}" $alerted = "No" ForEach ($comp in $comps) { If ((test-path \\\\EP\$comp) -eq $true) { $alerted = "Yes" } } Delete the "{Computer Name from "Find Computers with Remediation Errors"}" part (leaving the outside quotes). In its place, right-click, go to "Subscribe", and select "Published Data". Select "Computer Name" from the box, and click ok. This inserts the variable. Remember this, as we will be doing this a lot through the rest of the article. http://www.windowsmanagementexperts.com/wp-content/uploads/2013/04/5.jpg Now we need to publish some more data. Open the "Published Data" node again, select "Add", and fill the box out like this: http://www.windowsmanagementexperts.com/wp-content/uploads/2013/04/6.jpg This publishes the "alerted" variable to the next step, which tells the system there has already been an alert generated for this device. Process Computer Data Next, create another "Run .Net Script" activity. Open it, give it a name, and go to the "Details" node. Change the type to PowerShell. This the main activity in the runbook. It is what gathers all of the data needed to generate the alert email. Paste this code into the script box: $comp = Get-WmiObject -ComputerName -namespace "root\sms\site_ " -class SMS_CombinedDeviceResources | Where-Object -FilterScript {$_.Name - eq "{Computer Name from "Find Computers with Remediation Errors"}"} ForEach ($infection in $comp) { $compname = $infection.Name $resourceid = $infection.ResourceID $infectionname = $infection.EPLastThreatName $sigversion = $infection.EPAntivirusSignatureLastVersion If (($infection.EPAntispywareSignatureLastUpdateDateTime) -gt "1″) {$virdefupdate = $infection.ConvertToDateTime($infection.EPAntispywareSignatureLastUpdateDateTime)} If (($infection.EPLastFullScanDateTimeEnd) -gt "1″) {$fullscan = $infection.ConvertToDateTime($infection.EPLastFullScanDateTimeEnd)} If (($infection.EPLastInfectionTime) -gt "1″) {$lastinf = $infection.ConvertToDateTime($infection.EPLastInfectionTime)} } $usra = (Get-WmiObject -ComputerName -namespace "root\sms\site_" -class SMS_UserMachineRelationship | Where-Object -FilterScript {$_.ResourceName - eq "{Computer Name from "Find Computers with Remediation Errors"}"}).UniqueUserName ForEach ($usr in $usra) { If ($usr -like "*") { $ = $usr $usrname = $.replace("\","") } } $ipa = (Get-WmiObject -ComputerName -namespace "root\sms\site_ " -class SMS_R_System | Where-Object -FilterScript {$_.Name -eq "{Computer Name from "Find Computers with Remediation Errors"}"}).IPAddresses ForEach ($ip in $ipa) { If ($ip -like ".*") { $ippub += $ip } } In this step, we are running three WMI queries against the CM 2012 server. The first pulls all relevant information from the SMS_CombinedDeviceResourses class. It is pulling the computer name, the resource ID of the infected client, the name of the infection, the anti-virus definition file version, the date and time of the last definition update, the date and time of the last full scan, and the date and time that the device was infected. All of this data, except for the resource ID, will be used in the email. We will need the resource ID for the query database step. All of the date and time variables are channeled through IF statements because the "ConvertToDateTime" action will error the PowerShell statement if the field is blank. I am not sure at this point why the field would be blank, but I have noticed it in some cases. The second WMI query is pulling the primary user of the machine. It is also tunneled through an IF statement, because that value can also be a local user. This step pulls local users out, and only sends through the domain user. This is important in the "Get User" step that is coming up. Replace with your domain name. Finally, the third WMI query is pulling the IP address(es). This is piped through an IF statement also to strip off non-company IP addresses that get stored in CM 2012. Replace with the first two sets of numbers from your organization's IP range. Make sure you keep the ".*" as is. It would appear that this section would form an array if a computer has a wired and wireless card. Because we do not have $ippub = @(), the array is never actually formed. If you actually type this into PowerShell and view the output, it will look similar to "192.168.2.3192.168.2.4". This is the purpose of the next item. We will split these into two sections. It is important that this step is not an array, because Orchestrator recognizes an array and splits it into separate jobs, which would create two emails for one computer. This process (not adding $ippub = @()), essentially "flattens" the array. Now we need to set up our published data. If you go to the "Published Data", set it up like this using the same method from above: http://www.windowsmanagementexperts.com/wp-content/uploads/2013/04/7.jpg To finish this action, we need to modify the connection between "Check to see if computer has already alerted" and "Process Computer Data". If you double-click on the arrow connecting the two, you get a box like this: http://www.windowsmanagementexperts.com/wp-content/uploads/2013/04/8.jpg If you click on "Check to see if computer has alerted already", you select "alerted". Once you do that, the statement changes so that it will only proceed if "alerted" equals some value. You specify this value by clicking on "value". Put a value of No in this box. Once complete, it should look like this: http://www.windowsmanagementexperts.com/wp-content/uploads/2013/04/9.jpg This concludes this part of the series. Next week we will talk about the second half of this runbook, and the runbook that removes the markers when created. Comments: 0

Softbank Will Have to Increase Its Bid for Sprint: Analysts Posted: 16 Apr 2013 08:15 PM PDT Softbank, in response to Dish's offer to Sprint, has said the pair's deal is nearly done, but analysts believe the terms may have to change.

Rod Trent wrote a new post, Coretech releases the Distribution Point Utilization Monitor Posted: 16 Apr 2013 08:45 PM PDT Kent Agerlund dropped me a note today with a heads-up about a new utility for ConfigMgr 2012 that Coretech has released.  From the utility page: Ever wanted to see how much content is being downloaded by each […] Comments: 0

Raphael Perez wrote a new post, SCCM 2007 HealthCheck Toolkit goes PowerShell and Free Posted: 16 Apr 2013 08:09 PM PDT The SCCM 2007 HealthCheck Toolkit was initially developed by dotNetwork. dotNetwork was the brand used by Raphael Perez, MVP in Enterprise Client Management, to perform consultancy and training. During 2012, […] Comments: 0

SCCM 2012 OSD Driver Management - Advanced Tips Posted: 03 Mar 2013 08:43 PM PST I've got a few tips for working with OSD drivers in SCCM. Here we go: Finding the Model Name in WinPE In task sequence actions, I use a WMI filter to target my 'Apply Driver Package' actions. Sometimes the target device is new and doesn't have an OS yet. Since WinPE doesn't run powershell, I can't use my regular command to find the model. Instead, try this. It'll return the model. wmic computersystem get model Testing the Driver Package for Completion Sure, you can wait until the OS is fully deployed, then run control panel -> system -> device manager, etc. You can also do this _during_ the task sequence . Anytime after the step named 'Setup Windows and ConfigMgr', press F8 to launch the command prompt, and then run the following command. mmc devmgmt.msc Driver Source Folder Organization When importing new drivers, there's a couple things to keep in mind. Keep your drivers organized. Create subfolders for the driver classes (model\net, model\sata, model\audio, model\graphics, etc.). Don't put .exe files or .zip files in the driver source folders. If you extract an .exe or .zip file into the driver source folder, and the extracted contents don't contain .inf files (autorun.inf doesn't count), then delete that driver and try to work without it. Only drivers with .inf files are imported. If your driver doesn't have any .inf files, you'll need to treat it like you would an application or package. SCCM Vendor Plugins Look into the Dell DCIP and Lenovo Thin Installer. They can automate a lot of the driver\bios work.

SCCM 2012 Dev Installation - Scripted Posted: 03 Mar 2013 07:45 PM PST I have SCCM 2012, but I wanted to be able to quickly spin up development versions of our environment to test new features. I've put together some files and scripts to be able to do this quickly, and would love to share 'em with you. There may be a few steps missing, because the post is based off of my internal documentation. However, the script will get you 90% of the way there. Overview Gather the Required Files Create a Slipstreamed SQL Install Install a Dev Domain Install the Offline Root CA Run the SCCM script for the CAS Run the SCCM script for the Site Server Download the Required Files Windows AIK WSUS 3.0 SP1 WSUS Hotfix .Net Full 4.0 MDT 2012 u1 Install the Dev Domain Follow the instructions on my previous blog post: Installing a Server 2008 Dev Domain – Scripted. Create SQL 2008 R2 SP2 Slipstreamed Media Follow the instructions on my previous blog post: Optimizing SQL 2008 R2 Install. Install ADCS on AD1 – Enterprise Root Many domains have a pre-existing single-tier PKI installed despite the fact that this is, in general, not the best practice. We will replicate this condition on our domain controller so that we have to work-around it. Open AD1, the ADDS\DNS\DHCP VM. Open Server Manager -> Roles -> "Add Roles". Under "Select Server Roles", check the box next to "Active Directory Certificate Services" and click "Next". Under "Select Role Services", check the box next to "Certificate Authority" and click "Next". For "Specify Setup type", choose "Enterprise" and hit next. For "Specify CA Type", choose "Root CA". For the "Set Up Private Key" step, choose "Create a new private Key", and click "Next". For "Configure Cryptography for CA", leave everything to default (RSA) and click next. For "CA name", leave defaults and click next. For "Set Validity Period", keep it at 5 years and click next. Keep the default database and log locations, and finish the wizard. Build the Offline Root VM Settings: Name: DEV-CA0 HD: 40 Thin Nics: 1 nic, vmxnet3, on the private VLAN. IP Address: 192.168.0.20 (Private VLAN) Install ADCS on CA0 – Standalone Root Make two folders on your C: drive named "certdb" and "certlog" Download the following scripts from the John Puskar Github Repo and place them in C:\Install_Files SetupCA-RootCA.ps1 Install-StandAlone.cmd Modify the last line of SetupCA-RootCA.ps1 and replace the CADNSuffix parameter. Modify the DN, CDP, and AIA lines of the install-standalone.cmd script to fit your dev environment. Open a command prompt as administrator and run the script named 'Install-standalone.cmd'. Build the CAS VM Settings: Name: DEV-SCCM-CAS HD's (all thin) C: – 40GB D: – 40GB E: – 22GB F: – 100GB Nics: 1 nic, vmxnet3, on the private VLAN. IP Address: 192.168.0.30 (Private VLAN) Prep and Install the CAS Login to the John Puskar Github Repo and download the following files. Place them in C:\workingtemp. AD-Functions.ps1 Install-Dev-CAS.PS1 Copy the downloaded prereq files from the first step to C:\Install_Files Modify the variables at the top of the Install-Dev-CAS.ps1 script as necessary for your site. Open a powershell window as administrator and run the install-dev-cas.ps1 script. Build the Primary Site Server VM Settings: Name: DEV-SCCM-TES HD's (all thin) C: – 40GB D: – 40GB E: – 22GB F: – 100GB Nics: 1 nic, vmxnet3, on the private VLAN. IP Address: 192.168.0.40 (Private VLAN) Prep and Install the Site Server Login to the John Puskar Github Repo and download the following files. Place them in C:\workingtemp. AD-Functions.ps1 Install-Dev-Site-Server.PS1 Copy the downloaded prereq files from the first step to C:\Install_Files Modify the variables at the top of the Install-Dev-Site-Server.ps1 script as necessary for your site. Open a powershell window as administrator and run the install-dev-cas.ps1 script. Alright! Your site should be up and running in HTTP mode at this point. You can streamline this process quite a bit after the first couple runs.

Phong Le became a registered member Posted: 16 Apr 2013 12:46 PM PDT Comments: 0

Phil Schwan wrote a new post, Downloading MMS2013 Content with PowerShell Posted: 16 Apr 2013 12:32 PM PDT Raise your hand of you want to right-click > Save As... upwards of 200 MMS 2013 session and interview video files and then do the same for all the slide decks. Yeah...me neither. Last year the content was posted […] Comments: 0

Garry Fabb joined the group System Center Service Manager Posted: 16 Apr 2013 11:58 AM PDT Comments: 0

Adam T. Lewis became a registered member Posted: 16 Apr 2013 11:10 AM PDT Comments: 0

Enhansoft wrote a new post, Reminder: April’s Free SSRS Report is Count of Adobe License Types Posted: 16 Apr 2013 11:00 AM PDT This month's free report, Count of Adobe License Types, from our Adobe category of reports is worth about $200, but only in April it's free! So, don't forget to send an email to Info at Enhansoft to request […] Comments: 0

Andrey became a registered member Posted: 16 Apr 2013 10:42 AM PDT Comments: 0

Jennifer Shaffer joined the group Enhansoft Posted: 16 Apr 2013 10:06 AM PDT Comments: 0

Enhansoft and Jennifer Shaffer are now friends Posted: 16 Apr 2013 10:01 AM PDT Comments: 0

Verizon Wireless Made Discreet Bid for Clearwire Spectrum: Report Posted: 16 Apr 2013 08:30 AM PDT Clearwire told the SEC that a "strategic buyer," now said to be Verizon Wireless, offered it up to $1.5 billion for spectrum in "large markets."

Nash Pherson wrote a new post, More Java 'Patch All The Things!', this time needing end-user communication Posted: 16 Apr 2013 09:00 AM PDT By Nash Pherson  - *CAT-LIKE STRETCH* Now that we're all well rested after MMS 2013, it's time to get back to work.  Oracle was nice enough to release a Java critical security update that fixes a mere 39 […] Comments: 0

You are subscribed to email updates from SCCM by Davis To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google Inc., 20 West Kinzie, Chicago IL USA 60610