You are browsing the archive for ConfigMgr2007 R3.

Configmgr : Kerberos Ticket Size can stop you from connecting to vPro Systems and using IDER/SoL.

11:16 am in AMT, ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, ConfigMgr2007 R3, out of band management, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, Vpro by Kenny Buntinx [MVP]

vPro AMT can leverage Kerberos authentication to allow management from your management console to the AMT firmware. Depending on the management console of choice (e.g. SCCM, Altiris, SMS) you may be using Kerberos or digest authentication. If you are using a management console like SCCM that only uses Kerberos authentication, there are a few things you should be aware of in case you are having problems managing your vPro systems.

In AMT (version 2.x, 3.x, 4.x, and 5.x) there is a Kerberos ticket size limit that varies among versions of AMT (see graph 1 below on specifics for each firmware version). With respect to Kerberos authentication, AMT has different limits for HTTP connection and Serial-Over-LAN (SoL).

Read the complete post here : http://communities.intel.com/community/openportit/vproexpert/blog/2009/03/23/kerberos-ticket-size-can-stop-you-from-connecting-to-vpro-systems-and-using-idersol

 

Hope it Helps ,

 

Kenny Buntinx

SCCM 2007 : Intel AMT–VPRO KVM add-on for SCCM 2007

6:53 am in AMT, ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, configmgr2007, ConfigMgr2007 R3, OOB, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, sccm2007, Vpro by Kenny Buntinx [MVP]

Have you ever wanted to be able to launch a KVM Remote Control session from within SCCM from AMT version 6.0 or higher ? Have you ever wanted to make use of the Alarm Clock feature in AMT to wake up or turn on a computer at a specific time? Now you can with the Intel® Core™ vPro™ processor add-on for System Center Configuration Manager 2007 SP2  R2 –R3

This add-on for SCCM 2007 brings the same KVM Remote Control capability that was made available last year in our management pack for SCSM 2010.

In addition, we have also added in the ability to set the AMT Alarm Clock from within SCCM 2007.  This capability lets you set up a schedule in AMT to power on a system from a powered off or sleep state at a specified time; even if the system is not connected to the network.

Once installed, there will be a new sub-menu available when you right-click on systems in the SCCM console that will allow you to launch a KVM Remote Control session, or set the Alarm Clock for the selected system.

There are a few requirements for the KVM functionality however :

  1. You will need to have the intel onboard video adapter . It will not work if you use Matrox , ATI , Nvidea video boards
  2. Intel AMT 6.0 or Higher
  3. The machine must be in-band provisioned thru the SCCM client
  4. BUT – KVM remote control is NOT universal across all 2010 Intel vPro platforms. If shopping for a system, ensure it has Intel integrated graphics, vPro processor, and Intel AMT 6.0. Specifically – look for vPro systems that have the following processors
    • Desktop: i5-650, i5-660, i5-670

    • Laptop: i7-620M, i7-640LM, i7-620LM , i7-640UM, i7- 620UM, i5-540M, i5-520M, i5-520UM

 

Download the plugin here : http://software.intel.com/file/37855

 

Hope it Helps ,

 

Kenny Buntinx

Errors When Using the FEP 2010 Definition Update Automation Tool from Update Rollup 1

7:07 am in ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, ConfigMgr2007 R3, FEP, FEP2010, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2 by Kenny Buntinx [MVP]

We’ve become aware of two issues when using the Definition Update Automation Tool.

 

Definition Update Automation Tool fails to add new definition updates to the deployment package :

Symptoms

The FEP 2010 Definition Update Automation Tool may fail to add new definition updates to your deployment package. Reviewing the %ProgramData%\SoftwareUpdateAutomation.log file shows the following exception:

SmsAdminUISnapIn Error: 1 : Unexpected exception: System.ArgumentException: An item with the same key has already been added.
at System.ThrowHelper.ThrowArgumentException(ExceptionResource resource)
at System.Collections.Generic.Dictionary2.Insert(TKey key, TValue value, Boolean add)
at System.Collections.Generic.Dictionary
2.Add(TKey key, TValue value)
at Microsoft.Forefront.EndpointProtection.SoftwareUpdateAutomation.SccmUtilities.CalculateCleanupDelta(ConnectionManagerBase connection, ICollection`1 freshUpdateFilesObjectList, IResultObject destinationPackageObject)
at Microsoft.Forefront.EndpointProtection.SoftwareUpdateAutomation.SoftwareUpdater.Update(SoftwareUpdateAutomationArguments arguments)
at Microsoft.Forefront.EndpointProtection.SoftwareUpdateAutomation.SoftwareUpdater.Main(String[] args)

Cause

More than one FEP 2010 definition update is being detected as active by the tool.

Resolution

This blog article presents workarounds for the issues. You can find the blog on http://blogs.technet.com/b/clientsecurity/archive/2011/07/18/errors-when-using-the-fep-2010-definition-update-automation-tool.aspx

 

Hope it Helps ,

Kenny Buntinx

Opalis 6.3 : Building a VMware/SCCM Opalis provisioning workflow

7:54 pm in ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, configmgr2007, ConfigMgr2007 R3, Deployment, Installation, Opalis, Opalis 6.3, Operating System Deployment, powershell, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, sccm2007, Virtual machine, Vmware by Kenny Buntinx [MVP]

Recently we did a customer private cloud project where we used all the system center tooling ( http://www.microsoft.com/systemcenter/en/us/default.aspx) , except for the hypervisor layer , which was VMware .

One of the scenarios that the customer had in mind , was to provision all there virtual servers with SCCM and we had to use Opalis to become the glue between VMware – BMC Remedy and System Center. In the first step of the project we didn’t use the Change request mechanism from BMC Remedy yet. Special thanks to my colleague Gunther Dewit for helping me out on this one .

**** Disclaimer **** – This is a very basic workflow – we will post improvements as we go along – it is for helping people moving forward **** Disclaimer ****

The workflow itself

image

Delivering input

image

The first step in creating a workflow is doing a custom start where we could input some necessary variables . The Custom Start Activity is used to create a generic starting point for Workflows. By adding parameters to the Custom Start Activity it can consume external data which can be passed to downstream Workflow Activities.

image

These are the parameters the workflow needs in further steps.  All the rest of the information that is residing in the data bus of Opalis  .

This input is required, without it, the workflow won’t start. A popup will be presented when starting the workflow.

Now that we have all the necessary input required, we can continue with the creation of the virtual machine. In order to create a virtual machine, we need to provide some parameters, some of them will come from the Custom start step, others will have to be adapted per workflow.

 

Creating the virtual machine

image

image

These are the required parameters.

  • Name: This is the name that will be given to the virtual machine, we will get it from the Custom Start  where we filled in a name.
  • Datastore: This is the datastore that will host the virtual machine disk, we will get it from the Custom Start  where we filled in the datastore.
  • DiskMB: Since it was decided to have a fixed disk with a size of 100GB, we filled it in directly instead of asking it in the first step.
  • DiskStorageFormat: This is the thick or thin format, thin was decided as the default format.
  • MemoryMB: This is the amount of memory that will be given to the virtual machine, we will get it from the Custom Start where we filled in an amount of memory.
  • NumCPU: This is the number of CPU’s that will be given to the virtual machine, we will get it from the Custom Start where we filled in the number of CPU’s we need.
  • CD: It was decided that all VM’s will have a cd drive so we set this to true.
  • VMSwapFilePolicy: This will set the swapfile policy the states where the swapfile will be saved, it was decided to do this in the VM itself.
  • VMHost: This is the physical host where the VM will be hosted, this integration pack cannot provision on cluster yet so you need to choose a physical host.
  • GuestID: This is the OS version that will be installed on the VM.
  • Folder: This is the foldername where the VM will be installed as shown in the ESX console.

You can add more details trough the “optional properties” button. If all goes well, the workflow has created the virtual machine now.

Now we need to change some things on the virtual machine.

 

Getting the network adapter settings from the created virtual machine

image

First we need to change the network settings. The VM name, we get from the Custom Start , since this is a read action, no further settings are needed.

Alternatively, you can specify some filters to narrow the data that you receive back.

Alternatively, you can specify some filters to narrow the data that you receive back.

image

Now we will delete all the network connection that VMware made by default because they are useless to us.

 

Removing the network adapters from the virtual machine

image

image

The Network Adapter name is data that we got back from the read action above and the VM name is still the name entered at the Custom Start .

This will remove all network adapters from the VM, alternatively, you can specify filters if you only want to delete a specific adapter.

 

Adding the production network adapter to the virtual machine

image

Now we need to add a network adapter to the VM. The VM name is still the name we entered at the Custom Start .

image

The NetworkName is the name of the network that you want your network adapter connecting to.

The StartConnected specifies if it will be connected to the network or only added without being connected.

The Type is e1000 as this is the only VMware adapter SCCM can work with.

Now we do another step to get the properties from the newly created adapter so we can use the information to input the computer into SCCM.

 

Getting the production network adapter settings from the virtual machine

image

image

Now that we collected the necessary information for SCCM, we can import the computer into SCCM.

This is done by a powershell script that needs to input parameters, the name and the MAC address.

 

Adding the computer to SCCM

image

Now that the computer is known is SCCM, we need to add it to the collection that has the OSD advertised to it.

image

The is done by the following step.

 

Adding the computer to an SCCM collection

image

In the collection field, you can enter 2 things, either the name of the collection or the ID of the collection. What you enter must match the collection value type. If you enter an ID as shown here, the value type must be ID as well. The same is true for the computer where we use the name from the Custom Start step so the value type is name in this case.

image

Now that the VM is created and provisioned in SCCM, we are ready to deploy the operating system on it.

So let’s power on the VM.

 

Powering on the virtual machine

image

The only thing you need to power on a VM is the name and we still get the from the first step.

image

Now that the VM is booting up, SCCM can start the task sequence to deploy an operating system on the VM.

Meanwhile, we will check the progress in Opalis.

 

Getting the virtual machine deployment status

image

The advertisement ID is the ID as it is known in SCCM and the computer name is still the name as we specified in the first step.

image

Looping the task

Now since the OSD deployment takes some time to complete, we will let the step loop until it gets a result back from SCCM.

image

image

It will recheck every 300 second and will do this 8 times or when it gets back from SCCM that the deployment was successful in order not keep the loop while the deployment was finished faster then in 8 loops.

 

Getting the deployment result

image

Now we need to output the result to any medium you want (logfile, mail, …), I do an output to a text file as an example.

Conditional progress

Now how does Opalis know when to write to which log file?

This can be regulated by double clicking on the arrows. This is the arrow toward the success file.

image

As you can see, it will only follow this arrow when SCCM outputs a succeeded message for the advertisement. If not, it will take the other path towards the failed log file.

 

So , It is not so easy to get it all together , but if I may give a great tip: ” Write down all steps of your manual flow  and then try to translate them into an opalis workflow “

 

Hope it Helps ,

Kenny Buntinx

Forefront Endpoint Protection 2010 : Update Rollup 1 available for download

7:29 pm in ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr 2012, ConfigMgr SP2, configmgr2007, ConfigMgr2007 R3, embedded, FEP, FEP2010, Installation, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, SCCM 2012, WES2009 by Kenny Buntinx [MVP]

Update Rollup 1 for Microsoft Forefront Endpoint Protection 2010 introduces new features and updates. These new features and updates are summarized below.

The following list is a summary of the updates in FEP Update Rollup 1 for server functionality.

Finally the Forefront team came up with a solution that since the release of the product they really missed .The following Microsoft website explains how to auto deploy forefront client security definition in a step-by-step guide. aka http://technet.microsoft.com/en-us/library/dd185652.aspx

In this step-by-step guide, they essentially go into the WSUS Console to create an Auto-Acceptance rule. First of all this should make any ConfigMgr admin shiver, as it should have been drilled into your head that you are supposed to do software updates management from the ConfigMgr administrator console. Now, I and many other SCCM admins have never understood why they didn’t solve that in a more elegant manner. The solution works, however has a couple of major drawbacks.

Additionally in a multi distribution point environment, the actual definition updates will always come from the Software update point, whereas normal software updates come from the distribution points. In other words, this impacts scale quite a bit, and forefront definitions come out at a very frequent pace meaning they are hitting you software update point harder than anything else.

The main problem, is that in SCCM 2007 we have no "easy" way to create an Auto-Approval rule. This will be solved in CM12 , until then , for the CM07 they will fix that mistake by update rollup 1. Soon I will launch a blog post to see if this is a real workable solution. So now you will have with Update Rollup 1 a tool that facilitates the use of the Configuration Manager software updates functionality to download FEP definition updates and make them available to client computers running the FEP client software.

In order to use the software updates feature for definition updates, you must perform the following high-level steps:

    • Download and install the Update Rollup 1 package.
    • Configure software updates to download definitions for FEP.
    • Configure the package by which the definition updates will be distributed, and configure the distribution settings for it.
    • Install and configure the FEP Software Update Automation tool.

 

  1. Addition of support for the FEP client software for Windows Embedded 7 and Windows Server 2008 Server Core. For more information on the added client support, see Prerequisites for Deploying Forefront Endpoint Protection on a Client
  2. The following list is a summary of the updates to FEP policies included with Update Rollup 1.
  • Update Rollup 1 for FEP 2010 adds a new FEP policy option to configure definition updates for FEP client computers. After installing Update Rollup 1 for FEP, you can configure FEP policies to update definitions from a Configuration Manager software update point.

    To configure FEP policies to update definitions from a Configuration Manager software update point

    • When you create a new FEP policy or edit an existing FEP policy, the new definition update options appears as follows:

      • When creating a new FEP policy, in the New Policy Wizard, on the Updates page, select the check box for Enable updates from Configuration Manager.
      • When editing an existing FEP policy in a Configuration Manager console that on which you installed the Update Rollup 1 for FEP, in the properties for a FEP policy, on the Updates tab, select the check box for Use Configuration Manager as primary source for definition updates.
  • Addition of two new preconfigured policy templates for the following server workloads:

    • Microsoft Forefront Threat Management Gateway
    • Microsoft Lync 2010

 

You will find the Forefront Endpoint Protection 2010  Update Rollup 1to download at the following location : http://www.microsoft.com/download/en/details.aspx?id=26583

 

Hope it Helps ,

 

Kenny Buntinx

Got SCCM 2007? Take a look at this XenApp Connector Tech Preview!

2:35 pm in citrix, ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, ConfigMgr2007 R3, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, Xenapp by Kenny Buntinx [MVP]

You’ve probably seen XenApp Connector for SCCM in XenApp 6. Now we’re taking it one step further – Along with the Citrix XenApp Tech Preview release, we’re pleased to announce the availability of the next version of the XenApp Connector for Microsoft SCCM 2007, as a Tech Preview release. This XenApp Connector Tech Preview represents another milestone in the ongoing partnership with Microsoft to bring you a powerful joint solution that lets you manage your entire XenApp environment using the SCCM management console. XenApp Connector extends the reach of ConfigMgr 2007 to virtual environments like Citrix without any downtime for users.

For those not familiar with XenApp Connector for SCCM, you can read more about it here and watch the video here.

This release of the XenApp Connector contains the following features:

1. Support for SCCM 2007 R2 and R3.
2. Support for WSUS – Windows Server Update Services. So now you can deliver not just applications, but also keep your entire XenApp infrasructure up-to-date with the latest Windows Updates without any user downtime.
3. Quality improvements including several bug fixes (such as seamless FTA for App-V packages)
4. Scalability improvements
5. Setup & Configuration Simplification – wizard detects connectivity and setup problems early on and automatically suggests solutions.
6. Firewall friendly changes – Communication between the Connector and the hosts (XenApp, PCM and SCCM) now make use of PowerShell V2 remoting over HTTP/HTTPS.
7. Improved Security – The option to enable SSL encryption in the Configuration Wizard and Digital signing of the Connector PowerShell script files.
8. Full Section 508 compliance
9. Logging and diagnostic improvements (rolling log file support, SMS Trace format compatibility)

 

This release can be found on the ISO image of the XenApp Tech Preview release under the ‘Connector for ConfigMgr’ folder.

 

Hope it Helps

Kenny Buntinx

ConfigMgr: Application Virtualization 4.6 SP1 is now supported on Configuration Manager 2007 R2/R3 with Configuration Manager 2007 SP2

5:51 am in App-V, AppV, ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, configmgr2007, ConfigMgr2007 R3, R3, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, sccm2007, Windows 7, Windows 7 SP1, Windows7 by Kenny Buntinx [MVP]

System Center Configuration Manager 2007 R2 with System Center Configuration Manager SP2 now supports Microsoft Application Virtualization (App-V) 4.6 SP1 Desktop Client and Client for Remote Desktop Services.

This client release enables support for Windows 7 SP1 and Windows Server 2008 R2 SP1.

The following are the limitations and workaround to import App-V packages using Configuration Manager :

Configuration Manager fails to import App-V packages when there is more than one XML in the package folder. App-V Sequencer 4.6 SP1 creates the file Report.xml when creating an App-V package. Configuration Manager expects to find only one xml file in the package folder and will fail when it identifies more than one XML file in the folder. To work around this problem delete the file report.xml manually from the package folder before you import the App-V package.

No software updates are required.

 

Hope it Helps ,

Kenny Buntinx

ConfigMgr : Windows 7 SP1 and Windows Server 2008 R2 SP1 now Supported

5:47 am in ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, ConfigMgr2007 R3, R3, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, Windows 7, Windows 7 SP1, Windows7 by Kenny Buntinx [MVP]

Configuration Manager 2007 SP2, R2 and R3 supports Windows 7 SP1 and Windows Server 2008 R2 SP1:

System Center Configuration Manager 2007 SP2, R2 and R3 now supports the Windows 7 SP1 and Windows Server 2008 R2 SP1 operating systems for client installation. The Configuration Manager console and branch distribution point are supported on these platforms. Windows Server 2008 R2 SP1 is supported for all core and feature-specific site system roles.

The following software update is required to add Windows 7 SP1 and Windows Server 2008 R2 SP1 to the Supported Platforms list:

  • KB 2489044 – Update rollup for System Center Configuration Manager 2007 SP2 to add support for Windows Server 2008 R2 SP1 and Windows 7 SP1 clients
  • KB 977203 – User state migration is unsuccessful on a SCCM 2007 SP1 client or on a SCCM 2007 SP2 client

 

Hope it Helps ,

Kenny Buntinx

Configmgr 2007 and how to automate Windows 7 Backup Activation thru a task sequence

11:43 am in ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, ConfigMgr2007 R3, Deployment, Installation, Operating System Deployment, OSD, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, sccm2007, Task Sequence, Windows 7, Windows 7 SP1 by Kenny Buntinx [MVP]

One of my customers is using a GHOST principle on their laptops, to restore an original image from a restore partition. This partition is right now visible for the end user. Now that we are migrating towards SCCM we want to do the same thing thru Configmgr.

To accomplish this, we only focus on the integrated windows 7 backup tools as they have a native build in wizard to restore as well .

Scenario to accomplish :

  1. We want to do a full backup at the end of the deployment task sequence , including the standard applications and save it locally. This one allows you to restore the machine as it was at the end of the task sequence.
  2. We want to let any user restore that image on an easy way with helpdesk support . Mainly this scenario is for end users that are sitting somewhere in the “bush bush” and no direct connection to a nearby office .
  3. We want to schedule for those kind of users a backup when he is working on his machine , based on VSS technology . ( impossible with ghost ).

Steps to accomplish the scenario :

First of all I want to thank Kim Oppalfens and George Simons ( both MVP ConfigMgr ) for helping me accomplish this scenario. We had some offline discussions to accomplish this scenario and it is not yet perfect .

The initial process we have in mind during the Operating system deployment phase when we stage an image to a machine for a user:

1. Creating the necessary partitions :

  • System partition (+/- 500 mb) that will hold the bootloader (think of Bitlocker ) and the WINRE environment. ( hidden )
  • C:\ OS partition
  • D:\ Data partition
  • E:\ IMAGE system image backup partition (drive letter will be removed in the process)

2. Create local admin user f.e. RECOVERY and added the local admins group. We have tested this with a power user or backup operator , however you need local admin rights to restore the image. For security purposes we investigate later to have a daily/weekly/monthly password changer based upon an algorithm.

3. Run the windows 7 built-in WBADMIN tool, with the following parameters : “wbadmin START BACKUP –BackupTarget:E: -include:c: -AllCritical –Quiet”

4. Remove drive letter of the “Image”Partition , in this case E:\ 

 

We don’t care about hiding the volume. Standard users have no permissions to reassign a drive letter, and hence won’t be able to see or use the partition. That is more than enough for us. Hiding the partition just complicates matters for us from an admin perspective.

The additional process we could have in mind is to send down a task sequence to back up his system when a user requests it. This could be performed with or without  any user interaction.

Task Sequence example :

</group>
      <group name="Backup" description="">
        <step type="SMS_TaskSequence_RunCommandLineAction" name="Create Admin Recovery User" description="" timeout="900" runIn="WinPEandFullOS" successCodeList="0 3010">
          <action>smsswd.exe /run: net user recovery Helpdesk123 /add</action>
          <defaultVarList>
            <variable name="CommandLine" property="CommandLine" hidden="true">net user recovery Helpdesk123 /add</variable>
            <variable name="SMSTSDisableWow64Redirection" property="DisableWow64Redirection">false</variable>
            <variable name="_SMSTSRunCommandLineAsUser" property="RunAsUser">false</variable>
            <variable name="SuccessCodes" property="SuccessCodes" hidden="true">0 3010</variable>
          </defaultVarList>
        </step>
        <step type="SMS_TaskSequence_RunCommandLineAction" name="Add Recovery User to Local Admin" description="" timeout="900" runIn="WinPEandFullOS" successCodeList="0 3010">
          <action>smsswd.exe /run: net localgroup "Administrators" recovery /add</action>
          <defaultVarList>
            <variable name="CommandLine" property="CommandLine" hidden="true">net localgroup "Administrators" recovery /add</variable>
            <variable name="SMSTSDisableWow64Redirection" property="DisableWow64Redirection">false</variable>
            <variable name="_SMSTSRunCommandLineAsUser" property="RunAsUser">false</variable>
            <variable name="SuccessCodes" property="SuccessCodes" hidden="true">0 3010</variable>
          </defaultVarList>
        </step>
        <step type="SMS_TaskSequence_RunCommandLineAction" name="Create Backup" description="" timeout="1200" runIn="WinPEandFullOS" successCodeList="0 3010">
          <action>smsswd.exe /run: wbadmin START BACKUP -BackupTarget:e: -include:c: -AllCritical -Quiet</action>
          <defaultVarList>
            <variable name="CommandLine" property="CommandLine" hidden="true">wbadmin START BACKUP -BackupTarget:e: -include:c: -AllCritical -Quiet</variable>
            <variable name="SMSTSDisableWow64Redirection" property="DisableWow64Redirection">false</variable>
            <variable name="_SMSTSRunCommandLineAsUser" property="RunAsUser">false</variable>
            <variable name="SuccessCodes" property="SuccessCodes" hidden="true">0 3010</variable>
          </defaultVarList>
        </step>
        <step type="SMS_TaskSequence_RunCommandLineAction" name="Hide Drive Letter" description="" timeout="900" runIn="WinPEandFullOS" successCodeList="0 3010">
          <action>smsswd.exe /run: Mountvol e: /D</action>
          <defaultVarList>
            <variable name="CommandLine" property="CommandLine" hidden="true">Mountvol e: /D</variable>
            <variable name="SMSTSDisableWow64Redirection" property="DisableWow64Redirection">false</variable>
            <variable name="_SMSTSRunCommandLineAsUser" property="RunAsUser">false</variable>
            <variable name="SuccessCodes" property="SuccessCodes" hidden="true">0 3010</variable>
          </defaultVarList>
        </step>
      </group>

End user experience :

1.When your Windows 7 machine gets broken it will automatically jump to the window shown below , otherwise Press F8 during boot :

image

2. When you start “Repair your computer” , WinRe will start up .

image

3. Once “WinRe”is loaded it will ask for your keyboard layout :

image

4. Fill in your credentials

image

5. Select “System Image Recovery”

image

6. Select the image that you want to restore and wait until the process has been completed .

image

 

Remarks / Improvements to make :

  1. The complete process works only once with a hidden drive letter…….until you do the restore. After the restore the drive letter is back and then a user could mess around and delete stuff. I have tried to remove the driveletter before running wbadmin , but I have no success to use the GUID as my drive is MBR and not GPT. Anyway the basic principle works .
  2. User security : We need a algorithm to change the custom local admin restore user  on a daily/weekly/monthly basis as a default password just isn’t secure enough .
  3. Now I am testing to get a function key on a Lenovo to do his magic ( Press F5 and it launches auto magically the recovery environment ) . More on that in a later blog post .

 

Hope it Helps ,

Kenny Buntinx

Configmgr 2007 : Windows 7 and Windows 2008 R2 Service Pack 1 (SP1) supportability

9:22 pm in ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, ConfigMgr2007 R3, FEP2010, Operating System Deployment, OSD, R3, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, sccm2007, Windows 7 SP1 by Kenny Buntinx [MVP]

Hi Guys ,

 

News is traveling fast about the availability of Service Pack 1 (SP1) for Windows 7 and Windows 2008 R2, as it is already available on TechNet ,  MSDN and MVLS site .

 

However it is NOT certified and therefore NOT SUPPORTED for Configuration Manager 2007 SP2 R2 or R3 yet by the Product Group. If you already use it in production , don’t expect Premier Support to help you .

Certification and support statements will take official 90 days after Release To Web ! However , if it is sooner , I will let you know .

 

Now my personal experiences :

 

In our Lab environment everything works OK along with FEP 2010 client, even in our Acceptance Production environment where 500 clients are sitting , but we aren’t moving unless we have an official support statement !

 

Hope it Helps

 

Kenny Buntinx