You are currently browsing the category archive for the 'How-To' category.
The upgrade path for my SCCM 2007 R2 to SP2 is as below. I thought it may be helpful to someone out there…
- Disable any advertised OSD task sequences
- Make a backup copy of the default boot.wim files
- Ensure a recent sucesseful site backup by reviewing smsbkup.log
- Update server with any critical Windows and SQL updates
- Uninstall WAIK 1.1
- Reset all counts for status messages on the sites to make for easier troubleshooting post upgrade
- Upgrade WSUS to 3.0 SP2
- Install SCCM 2007 SP2
- Upgrade secondary sites from the console
- Upgrade Nomad Branch to the latest version (if you use it in your environment)
- Update the distribution points for any packaged SCCM clients
- Re-establish classifications for Software Updates – this is to correct a known issue where the classifications are reset during the SP2 upgrade
- Re-establish products for Software Updates
- Re-establish customizations within the default boot images. For example, we have trace32 in our boot images, so I needed to put them back.
- Re-establish customizations to SMS_def.mof and Configuration.mof
- Re-enable the disabled OSD task sequences
See the following post on my post upgrade tasks, which will occur in the months following the upgrade
http://t3chn1ck.wordpress.com/2009/11/10/post-sccm-2007-sp2-upgrade-tasks/
Sometimes when troubleshooting SCCM client software inventory, it is useful to retain the XML file which contains details on what the scan discovered. To do this, simply create a file named “archive_reports.sms” within C:\WINDOWS\system32\CCM\Inventory\temp\. If the scan is just reporting a delta, the file will be small. But if it is a full SINV scan, then it could be large (the biggest I’ve seen is around 75 MB)
There are times when you may be unable to use “Right-click tools” to initiate a full software inventory scan on an SCCM client. To schedule this to occur automatically upon the next normally schedule SINV cycle, do the following:
- Click on Start\Run and type wbemtest
- Connect to root\ccm\invagt
- Click on Enum Classes with recursive selected Look for a class named InventoryActionStatus
- Double click InventoryActionStatus On the Object Explorer for InventoryActionStatus dialog box
- Click on Instances Select
- Delete the instance with value InventoryActionID = “{00000000-0000-0000-0000-000000000002}”
Ever needed to know how to silently install an HP SoftPaq? I recently needed to figure out the switches for approximately 75 individual SoftPaqs. Fortunately, HP has standardized the switch to extract the setup files from the InstallShield executable.
- From a command line, simply call the .exe with /s to perform a silent extraction.
Note: In some cases, no additional switches will be necessary and InstallShield will pass to the setup program the command to silently install. If this is the case, then mark this as the only install switch you need. - Change the working directory to where the files were just extracted.
- Do a directory list to find the name of the setup file, which will likely be Setup.exe
- Discover the switches that will work for that setup program. This could be anything of the following
- /s
- /silent
- -s
- /q
- /S /v/qn
- /k – This is switch is very common for ATI Graphics controllers!
- Once you have found the silent install switches for the setup program, then you’re final switches become /s /a /SetupSwitch(es)
When distributing software through SMS/SCCM, occasionally the advertisement will reach the time limit threshold of the package/program, which will generate an error for the advertisement. There are two things that likely have caused this: first and foremost, the program truly didn’t finish installing in time. Simply readjust the run time value in the program.
Secondly, the execuble could be getting “blocked” and requesting the end-user to accept the Open File Security Warning. If the program (for the package) is configured to be hidden and/or does not allow user interaction, then the user will never see such prompt (which is a good thing I might add). Heck, even in your troubleshooting, you will never see the prompt (side note: if you are troubleshooting, then be sure to configure the program to run normal and allow user’s to interact with the program). If you can see it, it would look like this below:
This is caused by the Windows Attachment Manager marking the file with a property that helps in the system security. The quirky thing is that, if the executable is indeed blocked, not ever system is affected. Though there are several variables that can contribute to the issue, the quick fix is to (in the original package source) right-click on the .exe, select Properties, click ”Unblock”, then click “OK”
Going back to how this impacts SCCM software distribution, unblocking the .exe does little to change the actual file itself. So if all you do is update your distribution points, then readvertise the distribution, the clients will not download the modified file…so the blocking will still occur. It is easiest to simply delete the package and recreate it. Keep in mind, if you did already modify the original package source files, then you can reuse the same source file location.
The Windows Live Essentials suite comes bundled with various applications, such as Messenger, Mail, Writer, Toolbar, etc etc. No suppose you need to script this install. Well, it’s easy! That is, it’s easy if you just want intall ALL of the applications. But what if you only need to install Messenger? Or Writer? Or both? Unfortunately, Microsoft hadn’t published anything publically yet on how to achieve this, so I had to contact PSS to get the information I needed. Below are instructions for solely installing Messenger, but I’ll list the switches for the other applications.
- Download the WLSetup
- WLSetup-web can be download from http://download.live.com -
It is important to note that this is a lightweight installer. Whatever is selected to install will download from the web. This may not be an ideal situation in a corporate environment using SCCM. - WLSetup-all can be download from http://download.live.com then instead of downloading the slim installer, click the “Try Again” button to get the full standalone installer –
It is important to note that this is the FULL installer, which contains all applications. Even if you only need Messenger. Despite the site (138 MB), this may be better in corporate environments so as to prevent hundreds or thousands of computers from downloading the install files from the Internet, especially if the install is scheduled to occur at the same time!
- WLSetup-web can be download from http://download.live.com -
- Install Messenger only by creating a scripted install that triggers WLSetup.exe /AppSelect:Messenger
Additional switches are as follows:
- AppSelect:[ProductID] or ![ProductID]
- log:log_location
- NOToolbarCEIP (to not opt into Toolbar CEIP)
- NOhomepage (to not set home page defaults)
- Nolaunch (blocks all applications from running automatically after your installation is complete)
- NOMU (to opt the computer into Microsoft Update)
- nosearch (to not set search defaults)
- q (for a silent/unattended install)
In a corporate environment, distributing software can frequently be tricky. One thing that can cause the most headaches is when there are registry changes that need to be made within the HKCU hive of any or even every user. For example, Apple designed QuickTime to allow every user to decide whether or not to enable automatic updates. So this value is set in HKCU\Software\Apple Computer, Inc.\QuickTime\LocalUserPreferences\. But in a controlled environment, you really don’t want the users doing their own thing. So the package needs to be designed in such a way that edits the aforementioned registry key.
With SMS/SCCM, one could always build a script to make the change and configure the Program to run every time a user logs on. I used to do it this way, but grew tired of constantly needing to monitor that the advertisement is successful and there are not alot of failures…so I became my own thinktank to figure out a new process. What I realized is that I could use the existing WinXP registry tool (reg.exe) to make all the changes I need.
The process kind of looks like this: once there is no user logged into Windows, I run a script that
- Parses HKLM for every user profile
- Loads the discovered user’s registry hive
- Makes the HKCU change
- Unloads the user’s registry hive
- Moves onto the next profile
This even modifies the Default User’s profile so that anyone who logs onto the computer for the first time will already have this setting! Rinse. Repeat. Done.
'==========================================================================
' AUTHOR: Nick Moseley
' DATE : 04/07/2009
' COMMENT: This script will parse all User profiles on the computer, load their
' HKCU hive, then set the appropriate registry keys.
'==========================================================================
Full ScriptHKCU.vbs Code Here
When creating a Program for a Package, there are essentially two Environment options for how the Program run – with the user’s rights, or with administrative rights. Using administrative rights will cause the program to run the command line under system context (svchost).
I recently needed to test an install (when running under system context and when running from the SCCM server) as I was unable to visually see the behavior first hand (e.g. errors). To do this type of testing, follow these simple instructions.
- Log in to Windows with an account that has admin privileges
- Launch cmd.exe
- Enter “time” and get the value.
- Enter “at time+1min /i cmd” – this will open another command prompt at that time
For example, if the time is 14:18, the value time+1min will be 14:19 - Once the next command prompt opens, you’ll notice that process listed in the title bar is ”svchost.exe”
- Enter “net use z: \\servername\share”
- Enter credentials that have access to the share, such as your own
- Then change to new driver letter and then to the directory. From there you can launch whatever .exe, .msi, script, etc, that you need visually see.
I used this process to confirm that executables and .msi files were being blocked with an Open File – Security Warning when running from a server share.
Need a good way to virtualize your test machines for testing SCCM deployments? Use the FREE VMWare Server!
Here is my quick guideline for getting started.
- Get yourself some beefy hardware. I’m using an HP Workstation xw6600T (Intel Xeon 2.33 GHz, 12 GB memory, and 320 GB SCSI disk).
- Get an eSATA external hard drive configured for RAID 0 and that has eSATA and/or FireWire connections (such as http://www.wdc.com/en/products/products.asp?driveid=410). Use this to run the bulk of your VMs on.
- Install your OS. I’m using Windows Server 2008 Standard x64.
Note: you’ll need to install an x64 OS if you have more than 3 GB of memory. - Download VMWare Server 2.
- Install VMWare Server. During the install, it is very important to change the default ports to 80 (for HTTP) and 443 (for HTTPS). This will save you from a headache in the long run.
- Download and install the VMWare vCenter Converter for converting your physical test machines to virtual machines.
Upon completion you will have a ready to use virtual environment; all you need do is convert your physical machines, launch the Server web interface, and add the new VM. Additional information on VMWare Server, for both install and operation, can be found on the VMWare website in the VMWare Server User’s Guide. The other cool thing is that you can remotely access the console for another computer on your network by going to http://systemname/ui
Happy virtualizing!
Recent Comments