You are browsing the archive for SMS.

Customize the SCCM 2007 console – deep dive – 1

3:33 pm in AdminUi, ConfigMgr 2007, SCCM 2007, SMS by Kenny Buntinx [MVP]

Hi All,

 

I received a couple of remarks on my blog post about customizing the Configmgr 2007 admin console with additional actions.

Remarks ranged from,

Hey, this is fabulous, through tell us something we didn’t know already. The most interesting remark I got though was, that’s neat, but can we do something like this ourselves?

The answer to that is, sure you can, you could even argue that it is relatively simple to do. Let’s start out with analyzing what Rick did with his set of tools.

After you installed the right-click action tools your admin console contains a couple of additional files & folder in the adminui folder. The additional folders are created in the Program Files\Microsoft Configuration Manager\AdminUI\XmlStorage\Extensions\Actions folders. The additional folders you will see are:

  • 7ba8bf44-2344-4035-bdb4-16630291dcf6
  • 66c75b33-4ca4-4f00-ae7f-3bcf31ee5bdc
  • 392b72f3-1c83-42e1-90ed-611798bc0dd0
  • dbb315c3-1d8b-4e6a-a7b1-db8246890f59
  • fa922e1a-6add-477f-b70e-9a164f3b11a2

 

We’ll talk more about these folders and what they mean in a next post on customizing the SCCM 2007 console – deep dive – 2, for now, we’ll focus on how the actions are defined. The magic of adding an additional action to the console is as simple as copying an xml to the right folder, that’s it. The Configmgr 2007 sdk gives us some insight into the structures of these xml files under the topic Configuration manager console extension\ Configuration manager console actions\ How to create a configuration manager action. In that topic they suggest a console extension in it’s simplest form.

<ActionDescription Class=”Executable” DisplayName=”Make a Note” MnemonicDisplayName=”Note” Description = “Make a note about software updates”>
      <Executable>
           <FilePath>Notepad.exe</FilePath>
           <Parameters>C:\MyConfigurationManagerNote.txt</Parameters>
      </Executable>
</ActionDescription>

 

The first line starts with ActionDescription an than the class attribute, in this specific xml file the class is “Executable”, which isn’t all that difficult to interpret. The executable class runs an executable, or opens a program associated with the extension of the file in filepath. There are 4 other class values you can use:

  • Showdialog: Opens a property sheet or dialog box
  • ReportAction: Shows a report inside the console
  • AssemblyType Action: Allows you to call a method inside an assembly
  • Group Action: Creates a submenu
  • Executable Action: Runs an executable (added for completeness)

Even if you are not into programming, at least 3 of these (execuatable, group and reportaction) are still useful for any sms admin.

The displayname attribute specifies the displayed name in the SCCM console. The mnemonicdisplayname is the name displayed in the action pane and actions menu, and the description attribute is self-describing enough. 

The next line opens the Executable element which is later closed again, the Executable element hosts the Filepath element, where you can specify a file to execute, or any file, which can trigger an application because an executable is linked to that extension. and a Parameters element that allows you to pass parameters to the executable. That’s it really, you just copy this xml to the folder with the right guid, and depending on which guid you selected the option will appear on right-clicks and in the action pane.

 

In the following post, we’ll examine the group action and report actions.

 

Enjoy.

“Everyone is an expert at something”
Kim Oppalfens – Sms Expert for lack of any other expertise
Windows Server System MVP – SMS
http://www.scug.be/blogs/sccm/default.aspx

http://www.linkedin.com/in/kimoppalfens

Sccm, Scom, Remote SQL 2005 & the Windows server 2008 firewall

7:49 pm in ConfigMgr 2007, MOM, Operations Manager 2007, Opsmgr 2007, SCCM 2007, SCOM 2007, SMS, Sms 2003 by Kenny Buntinx [MVP]

Hi All,

Let’s start by saying that this blog post is probably more OpsMgr related, but all topics are valid for a remote SQL Install for Sms, SCCM or any of the other System center products, so I guess it’s still ok to post it here.

Look, I am not all that good with popular quotes, never seem to be able to remember them just right. But this is one of them that I have never had trouble remembering. “It is all fun and games until someone throws a firewall into the mix”.

 

Not sure who the quote is from, but I am pretty sure he was refering to my lab environment. Yesterday, I redeployed my Opsmgr 2007 environment, to test the installation on windows server 2008. I figured, install a new sql server on 2008 on one machine, then install opsmgr 2007 on another, shouldn’t take more than a single evening. I’ll start rolling out agents and importing management packs the day after. Seemed like a plan at the time.

 

So I installed Asp.net, powershell, IIS, the II6 compatability tools in short all the requirements to install SQL 2005 reporting services on a Windows Server 2008 as listed here:

http://support.microsoft.com/kb/934164

Then I installed SQL 2005, the database engine and a default install of SQL reporting services, followed by applying SP2.

Next, I installed the Scom database, no problem at all, I am on a role here.

 

Then I started the management server and console install on the remote box. Err.

The root management server complained that it couldn’t find the database. I splapped myself on the forehead, sure you silly you still need to enable The Tcp/ip protocol in the SQL Server configuration. I checked, and found that Tcp/ip was already enabled as a listening protocol.

Hum, strange, opened a dos box, and ran netstat -a -n -p tcp to see whether my sql box was listening on port 1433. Lo and behold, it wasn’t. You see, I know it was something like that. Still took me a while to figure out that my SQL Server, which was running in a specific named instance was listening on dynamic ports. (If anyone knows how that could have happened just let me know).

Now, I wasn’t going to let something silly as that stand between me and my plan, so I configured the SQL tcp/ip protocol for this instance to listen on port 1433, and restarted the SQL Server service as listed here:

http://msdn.microsoft.com/en-us/library/ms177440(SQL.100).aspx

I subsequently ran netstat -a -n -p tcp again and tada, the server was listening fine on port 1433.

 

Back to the original task at hand install the OpsMgr management server. Err.

Database still not found, ok, I am getting fed up with this, I download microsoft’s portqry tool, and verified whether I could access port 1433 from the remote machine. The portqry -n sqlserver01-e 1433 came back with a response of Filtered. Another slap on the forehead, you nitwit, you have the Windows Server 2008 firewall running. So I went to the Sql box, and decided NOT to disable the firewall but to configure it to open port 1433, as described here:

http://msdn.microsoft.com/en-us/library/ms175043(SQL.100).aspx

Once done, I ran my portqry again, and it showed up as listening, great, we’re back on track.

 

I launched the Opsmgr management server installation again, and the darn thing failed on me again.

Luckily for me the log file came around telling me that a custom action in the msi had close the handle to soon, and that it should be configured not to do that. _SetRootHealthService_Wizard unexpectedly closed the hInstall handle was the error message at hand. So after telling the setRootHealthService_Wizard that it wasn’t allowed to close the handle so soon, or that I would put it in the naughty corner, I retried the installation.

 

Apparently my authority, that still works on my 3-Year old soon, didn’t impress the setroothealthservice_wizard. In a illuminated attempt to still get this to work I went back to the Sql server box and configured the firewall to log dropped packets. Retried the installation again, which obviously failed, and went back to analyze the windows server 2008 firewall log on the sql box. This revealed dropped packets on udp port 1434. Oh, now that’s easy enough to fix, let’s just open that port and we’re set. Erm wait a minute, I thought all sql database engine communication went over tcp port 1433, what’s up with this 1434 udp port all of a sudden.

 

Great after having this miracle idea of deploying sql on a box with the firewall still running, I’ll have curiousity kick in, this is going to set back my planning on this a couple of hours, or at least that’s what I thought, but Live search and Sql Magazine to the rescue the udp port 1434 reportedly is needed to access a named instance:

http://www.sqlmag.com/Article/ArticleID/39447/sql_server_39447.html

 

Now, that I had settled my curiousity, I was free to open udp port 1434 in the SQL Server firewall, and retry the opsmgr root management server installation, and kadadzing the install completed with success.

 

Enjoy.

“Everyone is an expert at something”
Kim Oppalfens – Sms Expert for lack of any other expertise
Windows Server System MVP – SMS
http://www.scug.be/blogs/sccm/default.aspx

http://www.linkedin.com/in/kimoppalfens

Building a custom Configmgr 2007 admin console

9:15 pm in ConfigMgr 2007, SCCM 2007, SMS, Sms 2003 by Kenny Buntinx [MVP]

The work that needs to be done in the Configuration manager 2007 admin console is often spread out amongst different team members. Not all of these team members require access to the full admin console. Most environments do configure the permission set in a somewhat restrictive member so that team members only have the permission they need, but what is often forgotten is building a custom minimal admin console with just access to the features people need.

This shouldn’t be done from a security point of view, the additional security this brings is neglectable, but more from a usability point of view. It makes the admin console easier to use, and avoids access denied errors, or empty detail panes because someone clicks on a heading in the admin console for which he doesn’t have permission.

 

Now how do you build such a custom Configmgr 2007 admin console you might ask.

Step 1) You launch mmc.exe

Step 2) In the File menu, you select Add/remove snap-in

Step 3) Add the system center configuration manager snap-in, and select the “Select console tree items to be loaded (custom)” radio button.

 image

Step 4) Select the console tree items you want

image

Step 5) Click Next, Finish and Ok, below is a screenshot of the tree pane of the custom console I created

image

Step 6) Select “System Center Configuration manager” in the tree pane, right-click it and select “New Window from here”

Step 7) In the File menu select options

Step 8) Name your console “Custom Configmgr admin console”

Step 9) In the console mode select “User mode – Limited access, single window”

Step 10) Clear the checkbox for “Allow the user to customize view”

Step 11) Tick the checkbox for “Do not save changes to this console”

Step 12) In the file menu save your snap-in

Step 13) In the prompt about multiple windows being open click “Yes”

image

Step 14) Launch your customized mmc console and verify whether everything looks according to plans.

PS: a similar option was already available in sms.

 

 

Enjoy.

 

“Everyone is an expert at something”
Kim Oppalfens – Sms Expert for lack of any other expertise
Windows Server System MVP – SMS
http://www.scug.be/blogs/sccm

Installing OSD Deployment with MDT 2008 and get an error in SMS Provider log during MDT TS Import-Custom Boot Image

8:50 am in ConfigMgr 2007, SCCM 2007, SMS by Kenny Buntinx [MVP]

A test lab is one thing , production another….


I was implementing a multisite Configuration Manager/OSD enviroment and ran into multiple errors while doing OS deployments into my lab. As the customer did not have any expierence at all with os deployments and time was limited I used the solution accellerator MDT 2008 from Microsoft. In the lab everything seemed to work , but oh boy production was another part of the show .


Before even tinking obout OSD deployment make sure that you have a Windows 2003 SP2 server running then do the following steps :


1.Install WDS . But be aware of the fact that you must not configure WDS from this point onwards in the console – do not touch it, open it or configure it!


2.Add the PXE role to the SCCM site you want it to run from.

3.You must have a functioning DHCP server with an active scope. WDS will utilize PXE which requires a DHCP server.Whether you plan to co-host WDS and DHCP on the same server or use two different servers you must configure WDS to listen on a specific port. DHCP and WDS both require port number 67. If you have co-hosted WDS and DHCP you can move DHCP or the PXE site role to a separate server or use the procedure below to configure the WDS server to listen on a different port:

Modify the following registry key:


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\WDSPXE


Set the registry value to:


UseDHCPPorts = 0


For the new configuration to take effect, you will then to run the following command on the co-located DHCP and WDS server:


WDSUTIL /Set-Server /UseDHCPPorts:No /DHCPOption60:Yes


 4. If you have cisco switches , make sure PORTFAST is enabled !


 5. Enable you routers to do PXE forwarding on port 4011 !


Then for using MDT2008 :


 1. Install the MDT2008


 2. Install USMT3.01 as he will need the files


 3. Download the WAIK 1.1 and uninstall the WAIK 1.0 – reboot – Install WAIK1.1 .Otherwise MDT cannot edit the wim image – THIS IS NOT Documented by microsoft and i toke me a wile to find out what the hell was going on !!!


 4.When you do a import of a Microsoft Deployment Task Sequence and run through the wizard, you are given the option to select an existing boot image package or create a custom boot image package.  If I am given a chance to customize something, I will do.  So I selected the option to create a custom boot image.  The share that I specified for the new boot image package (along with the rest of the packages the wizard creates) was on my CM Primary site server (as well as where MDT is installed).  After completing the wizard, it started until it got to the part where it tries to copy the WIM image to the package source directory.  The following error is displayed: Error while importing Microsoft Deployment Toolkit Task Sequence.  Details: The ConfigMgr Provider reported an error.



I’ll open up the ConfigMgr Provider log file (smsprov.log). :


[3E4][Mon 10/04/2008 ]:Image language ID 1033 and en-US


[3E4][Mon 10/04/2008 ]:Failed to copy \\cm02\osd\BootImage\WinPE.wim to \\cm02\osd\BootImage\{FACDFFD1-F736-4AC0-A844-F9D952976966}.wim. Error code = 5


[3E4][Mon 10/04/2008 ]:


*


*


e:\nts_sms_fre\sms\siteserver\sdk_provider\smsprov\sspbootimagepackage.cpp(3012) : Failed to make a copy of the source WIM file due to error 5


*


*


[3E4][Mon 10/04/2008 ]:


*


*


Failed to make a copy of the source WIM file due to error 5


I know that error 5 means access denied (at a command prompt type net helpmsg 5).  I decided to review the permissions on my share and see that I have given the computer account full control of the share.  ConfigMgr is trying to connect to the share using NT AUTHORITY\SYSTEM and not the computer account.  The reason for this is that when the share is local, it will connect using NT AUTHORITY\SYSTEM and when the share is remote it will use the computer account.  So the simple fix was to go in and grant NT AUTHORITY\SYSTEM full control to the share. 


After that everything worked like a glance and I had my custom boot image package created when I ran the import again


Mike Terril helped me a lot on this issue by some of his posts on his blog . Thanks Mike!


 Regards


 Kenny buntinx

Back home from the MVP Summit

5:52 am in ConfigMgr 2007, personal, SCCM 2007, SMS, Sms 2003, Training by Kenny Buntinx [MVP]

Hi All,

Just got back home from the Mvp summit in Seattle last week, and it has been a thrilling and exciting event all over again. For those of you that don’t know how the summit works, I ‘ll try to describe what goes on during that week. The first real important part is the summit dinner, which this year was in one location with all mvp’s together instead of the old breakup into regions. This was a nice change as you could mingle with your peers more easily, and well the North american mvp’s are still the largest group of Configmgr mvp’s.

Day 2 and day 3 are exteremely exciting days, where we get to spend the full day with the Configmgr product team. On day 2 this was closed off with an informal dinner at a very good steak house. During these 2 days we got to talk to the product team about the near and not-so-near future of our beloved configmgr product. If you would ask me what the main benefit of being an mvp is, than this would definitely be it. They can take everything else away, but don’t mess with my summit :-). The event was finally closed of with one of Balmer’s enthusiastic speeches, but I was on my way back home and to work at that point.

Side note1: I bought me a bose QC2 noise canceling headset on the way back to make sure I could get some sleep at the airplane. These things are amazing by any standard and have had an incredible contribution to my beauty sleep at the airplane and making sure I could get a day worth of work in on Friday.

Side note2: The sms 2003 to configmgr 2007 course I will be teaching next week is approaching rapidly, and we only have 3 seats left, if you want to be part of this course that will heavily focus on real-life hands on labs you’ll have to be quick. More info on this course can be found here: Upgrading your sms 2003 admin skills to SCCM 2007

“Everyone is an expert at something”

Kim Oppalfens – Configmgr expert for lack of any other expertise.

Upgrading your sms 2003 admin skills to SCCM 2007

7:19 pm in ConfigMgr 2007, personal, SCCM 2007, SMS, Training by Kenny Buntinx [MVP]

Hi all,

As introduced during my presentation at the belgian techdays I will be teaching a custom training class on how-to upgrade you sms 2003 admin skills to SCCM 2007. This class is mainly aimed at current sms 2003 administrators that have transitioned to configmgr 2007 or are in the planning / preparation phase of transitioning.

This class is not about the upgrade / migration itself but on upgrading the administrator’s skillset. Quite a number of things have changed from Sms to Sccm and that’s what this class will focus on. Based on what you already know from sms2003 this class is meant to bring you up-to-speed with sccm 2007.

The idea is to make this a course that has lots of well-thought out hands-on-labs with clear instructions and examples that are usable in your production environment, mixed with me telling you everything I know about configmgr 2007.

More details on this class can be found here:

http://www.jcacademy.com/courses/_nl/coursesheet.asp?language=NL&country=&course_id=738

Summary:

What: Customized SCCM 2007 training class

Where: Jca Facilities in Louvain, Belgium

When: 28th till the 30th of April

How Much: The attendance fee for this course is 1250€

Instructor: Me, an enthusiastic sms trainer with a lot of training and field experience, and 3 Mvp awards.

Don’t wait too long, seats are going fast after the techdays announcement.

“Everyone is an expert at something”
Kim Oppalfens – Sms Expert for lack of any other expertise
Windows Server System MVP – SMS
http://www.scug.be/blogs/sccm

How to transition from sms 2003 to Sccm 2007 – Notes from the field Tips & Tricks

11:09 pm in ConfigMgr 2007, migration, SCCM 2007, script, SMS, Sms 2003 by Kenny Buntinx [MVP]

Hi all,


I delivered my session at the Belgian Techdays, and I promised on my blog and during the session that I would share the scripts with all of you. So here they come. Most of these scripts were used during a side-by-side upgrade transition. The side-by-side upgrade transition process looks like this:



  1. Install SMS 2003 SP2 on new server
  2. Attach new SMS 2003 SP2 site as a child site
  3. Let objects replicate
  4. Break Parent – Child relationship
  5. Upgrade new Site to Configmgr 2007
  6. Install KB945898
  7. Migrate clients to new site
  8. Remove boundaries from original site
  9. Add boundaries to new site
  10. Decommission original site
  11. Migrate non-replicating objects (queries/reports)

Benefits


This method provides a smooth transition without impacting your current sms 2003 infrastructure until your new Sccm 2007 environment is fully up and running and has been tested successfully. This makes it one of the lowest transitioning methods available.


Challenges / manual steps to perform in this method are



  1. Verify all objects have migrated
  2. Configure Site Settings
  3. Migrate Folders and folder membership
  4. Make Software distribution functional in new site without boundaries
  5. Optional: Modify package source path
  6. Migrate hardware inventory customizations (SMS_def.mof)
  7. Export / Import queries
  8. Export / Import reports
  9. Configure security rights
  10. Non-Replicating Software Metering Rules

In this section I will go over these challenges, and when available introduce a script to tackle these challenges. If a script is available I will first explain what the script does, give an example command line, and add some comments/remarks.


Challenge 1: See Script1 later in this post


Challenge 2: This is left as manual exercise for the reader


Challenge 3: See Script2 & Script3 later in this post


Challenge 4: See Script5 later in this post


Challenge 5: See Script4 later in this post


Challenge 6: See Challenge 2


Challenge 7: Use the export and import wizard, my experience has been that importing the mof file in one pass tends to be error-prone. I usually cut the mof file into 200KB chunks and import the chunks one by one, this has resulted in a much less error-prone import process. Run the script to move the queries into the correct folder, see script 3 later in this post.


Challenge 8: See Challenge 7


Challenge 9: See Challenge 2


Challenge 10: Software metering rules can be configured to apply to this site, or to this site and all child sites. If your software metering rules are configured to only apply to the current site than they will obviously not replicate. This setting is unfortunately not configurable after the rule has been created.


Scripts to Tackle the challenges:


Just for the record these Scripts do not come with any form of support or guarantee, the scripts have served me well but should be tested in your environment as your mileage may vary!!! Furthermore the script aren’t always the cleanest code, they don’t log a lot of data and do use some hardcoded parameters that would be more appropriate in an argument.


Script1: Countobjects.vbs


Description


This script counts the number of Queries, Reports, Packages, Advertisement, Software Metering Rules, Collections and folders.


Example


Usage: Cscript Countobjects.vbs


Remarks


You run this script on both the old and new sms 2003 servers and compare the numbers, once all numbers match up you can perform step 4 and break the parent – child relationship.


Script2: SmsContainers.vbs


Description


This script allows you to export and import the folder structure from one sms 2003 environment to another.


Example


Usage: Cscript SmsContainers.vbs export s01folders.txt or Cscript SmsContainers.vbs import s01folders.txt


Remarks


Because Sms 2003 does not replicate the folder structure to child sites we need a script that duplicates this folder structure. At import time this script creates a file called conversionarray.txt that allows us to translate old folder id’s into new folder id’s. We will need this file in later scripts to move the objects back into the correct folders.


 


Script3: xyzfoldermembership.vbs


Description


There are multiple scripts with this filename where xyz is either adv for adertisements, pkg for packages, rprt for reports, qry for queries and swmtr for software metering rules. These script move the respective objects into the correct folder.


Example


Usage: Cscript.exe xyzfoldermembership.vbs export S01xyzfolders.txt or Cscript.exe xyzfoldermembership.vbs import S01xyzfolders.txt


Remarks


These scripts need the conversionarray.txt to be available to find the correct folderid to place the objects in.


 


Script4: Modifypkgsource.vbs


Description


This script modifies the packagesource of all packages to a new server.


Example


Cscript Modifypkgsource.vbs


Remarks


If the sourcefiles for your packages are stored locally on the site server, you’ll need to modify the package sourcepath of all packages to a new server. First copy the source package folder structure to the new server and then edit the script to replace the oldserver and newserver strings with the values needed for your environment.


 


Script5: ModifyAdverts.vbs


Description


This script configures all advertisements to run from a remote distribution point.


Example


Cscript ModifyAdverts.vbs


Remarks


Because you cannot have overlapping boundaries we can only move the boundaries after all of the clients in a boundary have migrated. Because of this, clients in the new sccm infrastructure will not be able to find a local distribution point. So if you want these clients to be able to run advertisements these advertisements have to be configured to allow run from remote distribution point. If you want to change the value back later just change the bit value. Secondly if you already have some advertisements that are configured to run from remote dp, or download from remote dp, this script does not build a text file to store what it has changed, so the script doesn’t allow you to revert back to the original situation. If this is something you require you’ll have to adapt the script to save the original configuration.


The scripts can be downloaded here:


http://scug.be/files/folders/sccm/default.aspx



Enjoy.



“Everyone is an expert at something”
Kim Oppalfens – Sms Expert for lack of any other expertise
Windows Server System MVP – SMS
http://www.scug.be/blogs/sccm

How to transition from sms 2003 to Sccm 2007 – Notes from the field session at Belgian Techdays

7:54 pm in ConfigMgr 2007, SCCM 2007, SMS, Sms 2003, Training by The WMI guy

Hi All,

I will be speaking at the Belgian Techdays for the second year in a row. The session is aimed at current SMS 2003 administrators that are looking at transitioning to SCCM 2007.

The session is scheduled for Thursday the 13th of March running from 14:30 till 15:45. Because of time constraints the session will not include any demo’s. It will discuss all popular ways to transition from SMS 2003 to Sccm 2007, and introduce you to some scripts that can help you move to Sccm 2007 more smoothly.

Session Abstract:

This session will introduce you to the different methods of transitioning from sms 2003 to sccm 2007. The session will discuss the pro’s and con’s of the Wipe and Load, In-place Upgrade, Side-by-Side Migration and the speakers personal favorite the Side-by-Side upgrade. The session will also show you how you can use scripts to assist you in automating certain tasks during the migration process.

Hope to see you all there.

 

Enjoy.

“Everyone is an expert at something”
Kim Oppalfens – Sms Expert for lack of any other expertise
Windows Server System MVP – SMS
http://www.blogcastrepository.com/blogs/kim_oppalfenss_systems_management_ideas/default.aspx

Understanding Software Updates in SCCM 2007

7:15 pm in ConfigMgr 2007, SCCM 2007, SMS, Sms 2003 by The WMI guy

Configmgr 2007 comes with a totally new way of deploying software updates. The new method offers some great advantages over the old one(s) available in Sms 2003. It didn’t take me too long to see the benefits the new architecture brings, but it did take me quite some effort in understanding how I could create a working operational process to maximize these benefits, it actually took a fellow mvp (Thanks Pannu) and Wally to set things straight in my head (Thanks Wally). This 2 -series post will try to give you some insight in how the Configmgr 2007 solution stacks up with the sms 2003 implementation. The second portion will explain the objects involved and will guide you through a potential implementation of Software updates in Sccm 2007.

Let’s start by briefly explaining how the sms 2003 infrastructure operates, followed by the currently known issues. Later in this post we’ll review what the Sccm 2007 architecture looks like, and how this new architecture deals with the known issues of the past.

In sms 2003 the backend infrastructure relied on software distribution packages and advertisements to initiate the sofware catalog download, the software update scan and patch installation processes.  The scan process itself, using the final scan engine itmu, was based on the Windows automatic update agent. The scan engines prior to that were sms specific engines like the software update inventory scan tool, the office update inventory scan tool or the extended software update inventory tool. Clients have always reported their software update compliance state based on hardware inventory regardless of the scan engine used.

One of the downsides of the sms 2003 infrastructure was the fact that multiple scan engines were necessary, which complicated the software update management quite a bit. And no matter what engine you used, all engines first downloaded the catalog locally and cached it in a specific folder prior to starting the scan. This caching of the catalog files didn’t always work flawlessly resulting in clients scanning with an old catalog which obviously didn’t report the expected information. Another issue was the fact that the reporting process relied on hardware inventory to do its reporting, this resulted in a slower and not very flexible reporting process. 

Now let’s look at how this all works in sccm 2007. Sofware updates now integrates/relies on a Wsus 3.0 server. The Wsus server is used to download the catalog and to serve as the “scan point” for the Configmgr2007 clients. This eliminates the problem that the sms 2003 engines had with caching the catalog, because the clients now scan directly from a wsus server. Another benefit of this integration is the increased content that can be deployed. The sms 2003 engines only supported security updates whereas wsus 3.0 supports a wide variety of updates ranging from security updates over critical updates, feature pack, service packs, drivers and more. All these benefits come at a fairly low cost, yes you now need to install a wsus server but all management of this wsus server is done from the Sccm 2007 admin console. (This is why you need to install the wsus admin console on the site server if you want to use a remote wsus server).

Another major change afaic is that clients now report their software update compliance state based on state messages. This allows for faster more flexible and more detailed status reporting from the clients to flow up to the server.

That’s it for the first post, stay tuned for a follow-up.

Technorati Tags: , ,

“Everyone is an expert at something”
Kim Oppalfens – Sms Expert for lack of any other expertise
Windows Server System MVP – SMS
http://www.blogcastrepository.com/blogs/kim_oppalfenss_systems_management_ideas/default.aspx

New SCCM 2007 Resources

7:30 am in ConfigMgr 2007, SCCM 2007, SMS by The WMI guy

It’s been a while since I posted something, and I’ll try to be more productive again in the next couple of weeks/months. This post is a summary of the newly available resources that I deem as important. When I started this blog, I promised myself I would not be an announcement or a me too blog. By this I mean I didn’t want to post things you could find on several other blogs, I never meant to be the only SCCM 2007 blog you read. But since enough new resources have surfaced in the past couple of weeks I decided to publish them here, and add some of my comments. One of the reasons I decided to do this, was to heave all these resources readily available on one page for my own usage.

So here it comes.

Sccm 2007 Toolkit

The new Configuration Manager 2007 toolkit is live. The toolkit comes with the following tools:

    Client Spy – A tool to help troubleshoot issues related to software distribution, inventory, and software metering on Configuration Manager 2007 clients.
    “This is the Advanced client spy you might now from the sms 2003 toolkit 2″
    Policy Spy – A policy viewer to help review and troubleshoot the policy system on Configuration Manager 2007 clients.
    “Policy spy is again a tool that was already available in the sms 2003 toolkit 2. It allows you to take a look at the content of the policies that a client has received. This is a GREAT troubleshooting resource, and a terrific tool if you want to do Sccm 2007 deep dives.
    Trace32 – A log viewer that provides a way to easily view and monitor log files created and updated by Configuration Manager 2007 clients and servers. “The Sccm 2007 log viewer, and don’t let anyone tell you otherwise! This beautiful gem make those Configuration manager logs really readable. Apart from making the logs more readable it also comes with an error lookup tool built-in that lets you convert error numbers to readable error messages. This error lookup tool accepts win32 errors in Decimal and hexadecimal (-2147024891 or 80070005) and Network error messages (53).
        Security Configuration Wizard Template for Configuration Manager 2007 – An attack-surface reduction tool for the Microsoft Windows Server 2003 operating system with Service Pack 1 and Service Pack 2 (SP1 and SP2) that determines the minimum functionality required for a server’s role or roles, and disables functionality that is not required.
        The template to lock your SCCM 2007 site systems air-tight”
        DCM Model Verification – A tool used by desired configuration management content administrators for the validation and testing of configuration items and baselines authored externally from the Configuration Manager console. “DCM authoring assistant, I’ll do a separate blog post on DCM in the near future, it wasn’t my favorite feature in Sms 2003, were it was a feature-pack, and I wasn’t too thrilled with it becoming an integral part of the product. After some recent new things I learnt about it though, I guess I will have to change my mind.
          DCM Digest Conversion – A tool used by desired configuration management content administrators to convert existing SMS 2003 Desired Configuration Management Solution templates to Desired Configuration Management 2007 configuration items.
          For the few brave souls out their that decided to get their hands dirty using the Dcm feature pack for Sms 2003″
            DCM Substitution Variables – A tool used by desired configuration management content administrators for authoring desired configuration management configuration items that use chained setting and object discovery.
            You know what, I don’t know enough about DCM to understand what this does”

          http://www.microsoft.com/downloads/details.aspx?FamilyID=948e477e-fd3b-4a09-9015-141683c7ad5f&DisplayLang=en

           

          Configuration Packs

          As mentioned in the description of the toolkit, I will do another post on DCM, but below you will find some configuration packs to use with DCM in Sccm 2007.

          http://www.microsoft.com/technet/prodtechnol/scp/configmgr07.aspx

           

          Microsoft Deployment

          Microsoft Deployment has been released as well, this is the successor to the Business desktop deployment accelerator. A lot of the functionality that BDD had, was directly rolled into Sccm 2007. The main reason to use Microsoft Deployment in combination with Configuration manager 2007 according to me is the support for unknown “bare metal” computers, and potentially the dynamic selection of the userstate store depending on statesize, and available local storage. And a more flexible way to slip-stream package installs after the image has been deployed.

          Download details- Microsoft Deployment

          SCCM 2007 Documentation

          The Configuration manager 2007 technical library has been updated with new content.

          http://technet.microsoft.com/en-us/library/bb892811.aspx 

          SCCM 2007 Webcasts

          There is a great bunch of Configuration Manager webcast available, and quite a few new ones are planned for the near future.

          http://www.microsoft.com/events/series/technetmms.aspx?tab=webcasts&id=42364#42364

          SCCM 2007 Virtual Lab(s)

          We only have one Configuration Manager Virtual lab available for now, but I assume several new ones will be added over the next couple of months.

          http://www.microsoft.com/events/series/technetmms.aspx?tab=virtuallabs

          Enjoy

           

          “Everyone is an expert at something”
          Kim Oppalfens – Sms Expert for lack of any other expertise
          Windows Server System MVP – SMS
          http://www.blogcastrepository.com/blogs/kim_oppalfenss_systems_management_ideas/default.aspxS