You are browsing the archive for 2009 December.

SCCM : How to create a collection to list Windows Embedded Devices

8:57 pm in ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, configmgr2007, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 SP2, sccm2007, XPe by Kenny Buntinx [MVP]

Hi ,

For a customer , I had the requirement for creating a collection that was filled with Windows Embedded Devices using the WMI property as selection criterion.

This can be done by creating a new collection and create a dynamic membership rule that is a targeting the single criterion of the “OSProductSuite” property.

image

If the value detected is 64, these systems are running XPe, Windows Embedded Standard or Embedded NT.

Other possible values for OSProductSuite are shown in the table below:

1 – Small Business Server

2 – Enterprise Server

4 – Back Office Server

8 – Communication Server

16 – Terminal Server

32 – Small Business Server (restricted)

64 – Embedded NT

128 – Data Center

With the help of this collection an administrator is able to see all Windows Embedded devices or any other group of devices connected to his company’s network.

 

The information above is coming from Alexander Wechsler (www.wechsler-consulting.de) and his blog. I thought this could be interesting to other SCCM guys as well and therefore I would like to thank Alexander for this information.

Hope it Helps ,

Kenny Buntinx

How to find Windows Embedded devices in SCCM.

2:28 pm in ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, configmgr2007, SCCM 2007, SCCM 2007 R2, SCCM 2007 SP2, sccm2007 by Kenny Buntinx [MVP]

I am implementing at one of my customers a situation where 3000 Windows embedded devices will be installed. In this environments I want to be sure that any Windows Embedded devices connected to the network gets discovered as an embedded system. SCCM needs to be configured to include an additional WMI property’s to distinguish Windows XP systems from Windows Embedded operating systems.

To do this , you need to open up the “SMS_def.mof” file on the SCCM Primary site server. It is located in the \inboxes\clifiles.src\hinv folder.

In the SMS_Def.mof file search for the string ”OSProductSuite” and change the related SMS Report setting from “False” to “Thru” :

[SMS_Report (False) ]

uint32 OSProductSuite;

[SMS_Report (TRUE) ]

uint32 OSProductSuite;

Save your change and close the file. The SMS_EXECUTIVE service needs to be re-started to apply the change.After the service restart, the SCCM clients will report about the “OSProductSuite” WMI property . After this action you could build your own collections to list or collect all windows embedded devices .

Hope it Helps ,

Kenny Buntinx

SCCM : Upgrading secondary sites to SP2 via Software Distribution on Windows 2008 could generate some issues

2:39 pm in ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, configmgr2007, IIS, sccm, SCCM 2007, SCCM 2007 SP2 by Kenny Buntinx [MVP]

Scenario : Your Primary site server has been upgrade from SCCM 2007 SP1 R2 towards SCCM 2007 SP2.You want to upgrade all your secondary site server with are running on Windows Server 2008 to Service pack 2 on an automated way with Software distribution. The Secondary site server have the Proxy MP , State migration point and PXE service point role installed.

You will create a package with the source files and create a program that runs unattended with the following parameters: setup.exe /upgrade <path to SP2 prereqs>

Issue :

After the Client receives the advertisement , the secondary site will search for a distribution point . He will find it locally (same server) and will start the BITS transfer.

At that point in time , he will give a HTTP 404.8 error.He will also give you the same error when browsing manually in IE to the URL where the source files are stored.When looking this error 404.8 up , you will see that it will say :”hidden namespace of hidden segment error”.Into the request filtering module from IIS 7 , there are some directories excluded by default where no files could be transfered from. One of those excluded folders is the “bin” folder.

Within the source of SCCM Service Pack 2 , there are folders with the name “bin” , with will lead that the tranfer of the source files will be blocked.Only after removal of the exclude on the “bin”folder within IIS7 request filtering module, the files and folders with the name “bin” are available.

Solution :

Only after removal of the exclude on the “bin”folder within IIS7 request filtering module, the files and folders with the name “bin” are available for download.

The configuration file where the excludes are written down %windir%\system32\inetsrv\config\applicationhost.config (Also to be modified with appcmd).
The log files to be checked : DataTransferServices.log of the SCCM client, and the u_exdate.log in c:\inetpub\logs\logfiles\w3svc1 folder.
An example of the folder that was blocked : /smssetup/adminui/bin/">/smssetup/adminui/bin/">/smssetup/adminui/bin/">http://server/sms_dp_smspkgd$/<packageID>/smssetup/adminui/bin/

************* Update **************

Microsoft has foreseen a nice section to specifically address our concern, as they document how to configure Windows Server 2008 (and above) for site systems here:

http://technet.microsoft.com/en-us/library/cc431377.aspx

While they don’t explicitly call out this specific scenario (They can’t possibly anticipate everything), this general “problem” is covered by the following text…

To modify the requestFiltering section on BITS-enabled distribution point computers

If package source files distributed to BITS-enabled distribution points contain file extensions that are blocked by default in IIS 7.0, the requestFiltering section of the applicationHost.config file must be modified to allow required extensions.

~b727336Important

Enabling WebDAV and modifying the requestFiltering section of the applicationHost.config file for the Web site increases the attack surface of the computer. Enable WebDAV only when required for management points and BITS-enabled distribution points. If you enable WebDAV on the default Web site, it is enabled for all applications using the default Web site. If you modify the requestFiltering section, it is modified for all Web sites on that server. The security best practice is to run Configuration Manager 2007 on a dedicated Web server. If you must run other applications on the Web server, use a custom Web site for Configuration Manager 2007. For more information, see Best Practices for Securing Site Systems.

************* Update **************

 

Thanks to my colleague Merlijn for helping me figuring this out.

 

Hope it helps ,

 

Kenny Buntinx