Month: April 2009
MMS 2009 – Day 3
Nothing quite as siginificant on Day 3 of MMS. Most of my sessions were to gain a better understanding of how SCCM, being extended with MDT 2010, helps “significantly” improve OS deployments. Unfortunately, I don’t see how the additions can help; part of it is probably that the environment of the systems [at our company] doesn’t have a need for some of the things. In a brief discussion with Mike Niehaus, he tried laying out some of those things for me in the form of “Have you ever wanted to try to do insert challenge here with SCCM but couldn’t? Check out MDT”. But everything he listed were things I could already do in SCCM or had not interest in doing. What I took away from the conversation was that if I ever think about how to do something out-of-the-box with SCCM, then I should check to see if MDT can already do it; which is a good take away for me.
MMS 2009 – Day 2
The first session of the day is always one of the better sessions of MMS – the SCCM State of the Union – an all emcompassing update on what has changed to SCCM in the last 6 months and what is coming up in the future. A couple of big takeaways are that SP2 will need to be installed in order to have support for Windows 7, there has been significant in the arena of Client Health, and SCCM v.Next eliminates its dependency upon the MMC consoles (which is a huge plus as the console frequently fails).
USMT 4.0 seemed to be the hottest topic on the day as it was talked about in nearly every session that I attended. The new version has significant enhancements and improvements that (from my opinion) should be implemented right away. During one of the BOF (open participatory) sessions, I learned about some of the challenges of the previous versions from real-world-admins in the room and then heard from Microsoft how the new version rectifies them.
MMS 2009 – Day 1
Just completed day 1 of the Microsoft Management Summit. My biggest takeaway from the day is the realization of how simple PowerShell can be to learn, and how useful it can be for automating tasks or getting dynamic system information that isn’t natively possible in SCCM (like getting active process usage throughout the day and exporting to a .csv file). PowerShell can easily be used to gather information for short term tasks rather than extending SCCM inventories (which would need to be a long-term investment). Additionally, PowerShell can still be used to create COM objects (like WScript.Shell in VBScripting) to accomplish tasks, which will help in the transition.
I also had a brief opportunity to talk with a couple of people with MyITForum (one being the great Rod Trent). Hope to be able to run into some more. Especially hoping to meet some of the MVPs in the SCCM realm!
Looking forward to day 2!
Handling Chassis Types In SCCM OSD
One of the challenges with condensing workstation task sequences into a single task sequence is being able to distinguish between desktops and laptops as each typically has their own set of functions to perform when being imaged. One of the best ways to determine this is by querying ChassisTypes in Win32_SystemEnclosure. Unfortunately, ChassisTypes is an array value; the WQL that is used in the task sequence is limited to single values.
To work with this, add the following vbscript to a Run Command Line task. It creates a custom Task Sequence variable that can then be used to dynamically limit certain tasks to “desktops” and others to “laptops”.
'==========================================================================
' NAME: SMSTSEnvChassisType.vbs
' AUTHOR: Nick Moseley, SCCM Administrator
' DATE : 4/24/2009
' COMMENT: Script creates custom TS variable that can be used to distinguish
' between a desktop and a laptop for dynamically selecting which tasks
' to run in the sequence. Note that the echo statements are logged in SMSTS.log
'==========================================================================
Dim oTaskSequence, oWMI, colChassis, sChassisType, oChassis
Set oTaskSequence = CreateObject ("Microsoft.SMS.TSEnvironment")
Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
Set colChassis = oWMI.ExecQuery("Select * from Win32_SystemEnclosure")
For Each oChassis in colChassis
For Each sChassisType in oChassis.ChassisTypes
Select Case sChassisType
Case 8
Wscript.Echo "Chassis Type: Portable"
oTaskSequence ("OSDImageType") = "laptop"
Case 9
Wscript.Echo "Chassis Type: Laptop"
oTaskSequence ("OSDImageType") = "laptop"
Case 10
Wscript.Echo "Chassis Type: Notebook"
oTaskSequence ("OSDImageType") = "laptop"
Case 12
Wscript.Echo "Chassis Type: Docking Station"
oTaskSequence ("OSDImageType") = "laptop"
Case Else
Wscript.Echo "Chassis Type: Unknown"
oTaskSequence ("OSDImageType") = "desktop"
End Select
Next
Next
Script to Prompt for System Name in SCCM OSD
When doing a baremetal image in SCCM OSD, the task sequences will generate a random name for the system. To define a specific name the system is to receive, use the following VBScript. It will prompt the end-operator to input a name and then it will set the TS variable “OSDComputerName”.
Add the script to the TS by adding a Run Command Line task after Partition Disk and before Apply Operating System.
'==========================================================================
' NAME: PromptForSystemName.vbs
'
' AUTHOR: Nick Moseley
' DATE : 6/1/2009
'
' COMMENT: This script will detect if the current assigned value for the computer name
' begins with MININT, indicating that this image is bare metal image. It then prompts
' the end-user to enter a new computer name.
'
' VERSION : 1.1
' 1.0 (12/08/2008)- Intial script to check if the computer name begins with
' "minint", which indicates the system was booted with CD or PXE.
' 1.1 (06/01/2009)- Added check if the computer name equals "minwinpc",
' which indicates the system was booted with USB key
'==========================================================================
Dim sNewComputerName, oTaskSequence, sTSMachineName, bPromptName
Set oTaskSequence = CreateObject ("Microsoft.SMS.TSEnvironment")
' Get the name the computer is set to receive and truncate to first 6 letters
sTSMachineName = lcase(oTaskSequence("_SMSTSMachineName"))
If left(sTSMachineName,6) = "minint" Then
bPromptName = True
ElseIf sTSMachineName = "minwinpc" Then
bPromptName = True
Else
bPromptName = False
End If
' Note: The wscript.echo commands are logged in SMSTS.log for troubleshooting. They are not displayed to the end user.
If bPromptName = True Then
wscript.echo "Detected that the computer name is scheduled to receive a random value. Prompting user to input a standard name."
sNewComputerName = InputBox ("Please enter a standard computer name to continue.", "Computer Name", , 30,30)
oTaskSequence("OSDComputerName") = UCase(sNewComputerName)
wscript.echo "Set Task Sequence variable OSDComputerName to: " & sNewComputerName
Else
wscript.echo "Computer set to receive a standard name, continuing as is."
End If
Blocked Executables
When distributing software through SMS/SCCM, occasionally the advertisement will reach the time limit threshold of the package/program, which will generate an error for the advertisement. There are two things that likely have caused this: first and foremost, the program truly didn’t finish installing in time. Simply readjust the run time value in the program.
Secondly, the execuble could be getting “blocked” and requesting the end-user to accept the Open File Security Warning. If the program (for the package) is configured to be hidden and/or does not allow user interaction, then the user will never see such prompt (which is a good thing I might add). Heck, even in your troubleshooting, you will never see the prompt (side note: if you are troubleshooting, then be sure to configure the program to run normal and allow user’s to interact with the program). If you can see it, it would look like this below:
This is caused by the Windows Attachment Manager marking the file with a property that helps in the system security. The quirky thing is that, if the executable is indeed blocked, not ever system is affected. Though there are several variables that can contribute to the issue, the quick fix is to (in the original package source) right-click on the .exe, select Properties, click “Unblock”, then click “OK”
Going back to how this impacts SCCM software distribution, unblocking the .exe does little to change the actual file itself. So if all you do is update your distribution points, then readvertise the distribution, the clients will not download the modified file…so the blocking will still occur. It is easiest to simply delete the package and recreate it. Keep in mind, if you did already modify the original package source files, then you can reuse the same source file location.
Scripting Windows Live 2009/2011
The Windows Live Essentials suite comes bundled with various applications, such as Messenger, Mail, Writer, Toolbar, etc etc. No suppose you need to script this install. Well, it’s easy! That is, it’s easy if you just want intall ALL of the applications. But what if you only need to install Messenger? Or Writer? Or both? Unfortunately, Microsoft hadn’t published anything publically yet on how to achieve this, so I had to contact PSS to get the information I needed. Below are instructions for solely installing Messenger, but I’ll list the switches for the other applications.
- Download the WLSetup
- Windows Live 2009 can be downloaded from http://g.live.com/1rewlive3/en/wlsetup-all.exe
- Windows Live Essentials 2011 (which is only available for Windows 7 and/or Vista!) can be downloaded from http://g.live.com/1rewlive4-all/en/wlsetup-all.exe
- Install Messenger only by creating a scripted install that triggers WLSetup.exe /AppSelect:Messenger
Additional switches are as follows:
- AppSelect:[ProductID] or ![ProductID]
- log:log_location
- NOToolbarCEIP (to not opt into Toolbar CEIP)
- NOhomepage (to not set home page defaults)
- Nolaunch (blocks all applications from running automatically after your installation is complete)
- NOMU (to opt the computer into Microsoft Update)
- nosearch (to not set search defaults)
- q (for a silent/unattended install)
SCCM Task Sequence Error Codes & Fixes
When performing a bare-metal image install in SCCM, occasionally an error will occur that will halt the initiation of a task sequence. Below are a few errors I have experienced, which I have compiled with my own [brief] explanation and what to do to fix it. This post will be updated as I come across new errors, explanations, alternate fixes, etc.
Error: 0x800701E7
Cause: Unknown.
Fix: Restart with boot CD or PXE.
Error: 0x80070032
Cause: No file system
Fix: Using command support, format (quick) the disk or recreate the disk using diskpart.exe
Error: 0x80070490
Cause: Failed to find driver for PCI\VEN device
Fix: Review SMSTS.log for driver info. Likely need to add the PCI\VEN into an .inf or txtsetup.oem file
Error: 0x80070241
Cause: Error during TS user interface caused in memory
Fix: Restart with boot CD or PXE.
Error: 0x80072EE7
Cause: IP address is not on a subnet that connect to the SCCM server
Fix: Change the port the Ethernet cable is connected on. Restart with boot CD or PXE.
Fix for SCCM Remote Tools
After a recent upgrade of SMS 2003 clients to SCCM, we had some diffucult with remote tools not being able to connect. All components were installed correctly, drivers installed/registered, and files existed. While I’m still unsure of the cause, I managed to find a fix. So if you’re having diffuculties with using remote tools, give this a try. Even if you didn’t recently upgrade from SMS.
- Delete directory %windir%\system32\ccm\clicomp\Remtrl\
- Run %windir%\system32\ccm\ccmrepair.exe
Scripting HKCU Changes
In a corporate environment, distributing software can frequently be tricky. One thing that can cause the most headaches is when there are registry changes that need to be made within the HKCU hive of any or even every user. For example, Apple designed QuickTime to allow every user to decide whether or not to enable automatic updates. So this value is set in HKCU\Software\Apple Computer, Inc.\QuickTime\LocalUserPreferences\. But in a controlled environment, you really don’t want the users doing their own thing. So the package needs to be designed in such a way that edits the aforementioned registry key.
With SMS/SCCM, one could always build a script to make the change and configure the Program to run every time a user logs on. I used to do it this way, but grew tired of constantly needing to monitor that the advertisement is successful and there are not alot of failures…so I became my own thinktank to figure out a new process. What I realized is that I could use the existing WinXP registry tool (reg.exe) to make all the changes I need.
The process kind of looks like this: once there is no user logged into Windows, I run a script that
- Parses HKLM for every user profile
- Loads the discovered user’s registry hive
- Makes the HKCU change
- Unloads the user’s registry hive
- Moves onto the next profile
This even modifies the Default User’s profile so that anyone who logs onto the computer for the first time will already have this setting! Rinse. Repeat. Done.
NOTE: If you’re looking for a sample script to delete a registry key or value, see https://t3chn1ck.wordpress.com/2012/11/12/vbscript-to-delete-hkcu-values-or-keys/
'==========================================================================
' Author: Nick Moseley, https://t3chn1ck.wordpress.com
' Comments: This script will parse all User profiles on the computer, load their HKCU hive,
' then set the appropriate registry keys.
' History:
' 1.0 (04/07/2009) - Initial script
' 1.1 (06/03/2009) - Added example for setting dword values based on MyITForum question
' 1.2 (06/05/2009) - Added additional comments to identify the section where to define the values to be set
' 1.3 (09/23/2010) - Corrected comment typos
'==========================================================================
Option Explicit
Const ForAppending = 8
Const HKLM = &H80000002
' ************************************************
' Configure the following values to define the HKCU keys to be set
' ************************************************
Const sStringUserKey = "\Software\SampleKey"
Const sStringUserKeyValueName = "SampleValueName"
Const sStringUserKeyValue = "SampleValue"
Const sDwordUserKey = "\Software\SampleKey"
Const sDwordUserKeyValueName = "SampleValueName"
Const sDwordUserKeyValue = "SampleValue"
' ************************************************
Dim oReg, oFSO, oFile, oUserSubkey, aUserProfiles, oShell
Dim sProfileLCase, sRegExe, sRegLoad, sRegUnload, sHiveName, sSubPath, sProfile, sValueName, sKeyPathUserProfiles, sValue, ReturnVal
Set oReg = GetObject("winmgmts:\\.\root\default:StdRegProv")
Set oShell = CreateObject ("WScript.Shell")
Set oFSO = CreateObject ("Scripting.FileSystemObject")
' Begin configuration of existing user profiles
sValueName = "ProfileImagePath"
sKeyPathUserProfiles = "SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"
sRegExe = "C:\Windows\system32\reg.exe"
oReg.EnumKey HKLM, sKeyPathUserProfiles, aUserProfiles
For Each oUserSubkey In aUserProfiles
sSubPath = sKeyPathUserProfiles & "\" & oUserSubkey
oReg.GetExpandedStringValue HKLM,sSubPath,sValueName,sValue
sProfile = Split(sValue, "\")
sProfileLCase = LCase(sProfile(2))
If sProfileLCase = "system32" Then
' Do nothing
ElseIf sProfileLCase = "localservice" Then
' Do nothing
ElseIf sProfileLCase = "networkservice" Then
' Do nothing
ElseIf sProfileLCase = "serviceprofiles" Then
' Do nothing
Else
sHiveName = "TempHive_" & sProfileLCase
' Load user's profile hive into a temp location
sRegLoad = " LOAD HKLM\" & sHiveName & " """ & sValue & "\ntuser.dat"""
oShell.Run sRegExe & sRegLoad, 0, True
' Call subroutine to change registry key
SetConfigUserHive (sHiveName)
' Unload user's profile hive
sRegUnload = " UNLOAD HKLM\" & sHiveName
oShell.Run sRegExe & sRegUnload, 0, True
End If
Next
' Default User Profile
sHiveName = "TempHive_DefaultUser"
sRegLoad = " LOAD HKLM\" & sHiveName & " ""C:\Documents and Settings\Default User\ntuser.dat"""
oShell.Run sRegExe & sRegLoad, 0, True
SetConfigUserHive (sHiveName)
sRegUnload = " UNLOAD HKLM\" & sHiveName
oShell.Run sRegExe & sRegUnload, 0, True
WScript.Quit ()
Sub SetConfigUserHive (sTempHive)
Dim sTempHiveStringKeyPath, sTempHiveDwordKeyPath
' Path of registry keys
sTempHiveStringKeyPath = sTempHive & sStringUserKey
sTempHiveDwordKeyPath = sTempHive & sDwordUserKey
' Create String registry key if the value doesn't already exist
If oReg.GetStringValue(HKLM, sTempHiveStringKeyPath & "\", sStringUserKeyValueName) <> 0 Then
ReturnVal = oReg.CreateKey(HKLM, sTempHiveStringKeyPath)
End If
' Create Dword registry key if the value doesn't already exist
If oReg.GetDwordValue(HKLM, sTempHiveDwordKeyPath & "\", sDwordUserKeyValueName) <> 0 Then
ReturnVal = oReg.CreateKey(HKLM, sTempHiveDwordKeyPath)
End If
' Create String value
ReturnVal = oReg.SetStringValue(HKLM, sTempHiveStringKeyPath & "\", sStringUserKeyValueName, sStringUserKeyValue)
' Create Dword value
ReturnVal = oReg.SetDwordValue(HKLM, sTempHiveDwordKeyPath & "\", sDwordUserKeyValueName, sDwordUserKeyValue)
End Sub
t3chn1ck 