ConfigMgr 07

Tricks to Preventing the ConfigMgr Client Installs

Posted on Updated on

There are several tricks to block/prevent the ConfigMgr client from installing on specific systems.  The recommended method is through an exclusion list on the ConfigMgr server, but that can often be tedious or forgotten.  So the list below outlines other options that are available to accomplish the same goal.  A big thanks to my colleagues at Catapult Systems whom contributed to this list!

  • Create an empty text file named “ccmsetup” with no file extension in the C:\Windows\ directory
  • Create an empty text file named “ccmsetup.exe” in the C:\Windows\ccmsetup\ directory

Optional methods are listed below, though they would not prevent a manual client installation

  • Block read rights on the AD object to keep it from being discovered and delete it from the console
  • Remove administrative privileges on the computer in question for the account used to perform client push installation
Advertisements

Script to delete any Drive:\smspkg\*.pck files of the specified file age

Posted on Updated on

There are many scripts and examples out there for cleaning up PCK files.  The below script is my rendition to cleanup PCK files that are older than the specified number of days.  This script can be executed via a package in ConfigMgr on systems that are a DP.  Oh and I added some basic logging to the script as well :-)


' Script to delete any Drive:\smspkg\*.pck files of the specified file age
sLogFile = "c:\windows\temp\dp_pck_cleanup.log"
iFileAge = 365

Set oFSO = CreateObject ("Scripting.FileSystemObject") 
Set oOutputFile = oFSO.OpenTextFile (sLogFile, 8, True) 
Set oWMI = GetObject("winmgmts:\\.") 
Set colItems = oWMI.ExecQuery("SELECT * FROM Win32_LogicalDisk") 

oOutputFile.WriteLine "******** PCK cleanup began ********  " & Date

For Each oDrive in colItems 
	sDrive=left(oDrive.caption,1) 
	'wscript.echo "sDrive: " & sDrive
	If (oFSO.FolderExists(sDrive & ":\smspkg\")) Then    
		oOutputFile.WriteLine "Smspkg exists on drive " & sDrive
		Set receive = oFSO.GetFolder(sDrive & ":\smspkg\") 
		Set colFiles = receive.Files 
		
		For Each oFile in colFiles 
			sFileName=(lcase(oFile))
			'wscript.echo sFileName
			If (right(sFileName, 4) = ".pck") then 
				'wscript.echo "This is a PCK file"
				If DateDiff("d", oFile.DateLastModified, Date) > iFileAge Then 
					oOutputFile.WriteLine oFile & " exists with modified date: " & oFile.DateLastModified & ", Size (MB):" & vbtab & int(oFile.Size/1048576) 
					oFSO.DeleteFile oFile,TRUE 
					oOutputFile.WriteLine "      Deleted successfully "
				End If 
			End If 
		Next 
	Else
		oOutputFile.WriteLine "No smspkg folder on " & sDrive
	End If 
Next 

ConfigMgr migration script – Driver source path conversion

Posted on Updated on

Use the following PowerShell script to convert driver files’ source path from an old server location to the new location.

Updated 5/5/14: fixed creation of $ChangePath variable to account for mixed-case of the $OldPath and $NewPath.

# By https://t3chn1ck.wordpress.com
# Version 1.1

# Site Code + :
Set-Location "GAL:"

# Note: max query limit is 1000 items, need to increase value as appropriate
Set-CMQueryResultMaximum 2000

$DriverArray = Get-CMDriver
$OldPath = "\\2007SERVER\source$"
$NewPath = "\\2012SERVER\cmsource$"

ForEach ($Driver in $DriverArray){
   $OldPkgPath = $Driver.ContentSourcePath.ToLower()

   If ($OldPkgPath.StartsWith($OldPath)){
      $ChangePath = $OldPkgPath.Replace($OldPath.ToLower(), $NewPath.ToUpper())

      Set-CMDriver -Id $Driver.CI_ID -DriverSource $ChangePath
      Write-Host "Changed: " $Driver.CI_ID " to " $ChangePath -f Green
   } Else {
      Write-Host "Not changed: " $Driver.CI_ID " of " $OldPkgPath -f DarkYellow
   }
}

ConfigMgr migration script – Disable non-limited OS of Package/Programs

Posted on Updated on

Let’s say you’ve just migrated hundreds of ConfigMgr packages where the Program(s) of those packages were not previously limited. Meaning that they were set to be able to run on any and every system … including servers. That could potentially cause a HUGE outage with significant consequences in the case of an administrative goof.  Ideally in this situation, you would want/need to limit those package to the proper OS (such as All Win7 x64).

Unfortunately there are no PowerShell cmdlets that can set the OS limiting of a Program/Package.  So as a safety precaution the below PowerShell script can be used to disable any Program of migrated Packages if the Program was not limited.  In this way it can give an admin the opportunity to manually remediate the Program configuration before an accident occurs!

# By https://t3chn1ck.wordpress.com

# Site Code + :
$SiteCode = "GAL"
Set-Location $SiteCode":"

clear
$ProgramArray = Get-CMProgram

ForEach ($Program in $ProgramArray){
    $OSCount = $Program.SupportedOperatingSystems.Count

    If ($OSCount.Equals(0)){
        $Program.ProgramFlags.ToString()

        if ($Program.PackageID.StartsWith($SiteCode)){
            # Do nothing
            Write-Host "Skipping non-migrated package " $Program.PackageName -ForegroundColor DarkYellow

        } ElseIf (($Program.ProgramFlags -band 0x00001000)) {
            # Program already disabled
            # Bitwise ProgramFlags operator found at http://msdn.microsoft.com/en-us/library/hh949572.aspx
            Write-Host "Skipping disabled program " $Program.PackageName -ForegroundColor DarkYellow

        } Else {
            Write-Host "No OS limits on active package " $Program.PackageName  -ForegroundColor Red
            #Disable-CMProgram -PackageId $Program.PackageID -ProgramName $Program.ProgramName
            Write-Host "Disabled Program: " $Program.ProgramName
        }

    } Else {
        Write-Host $OSCount " OS limits set for " $Program.PackageName " : " $Program.ProgramName -ForegroundColor DarkGreen
    }

    Write-Host "============="
}

ConfigMgr migration script – Change limiting collections

Posted on Updated on

When doing a migration of ConfigMgr, it could be handy to bulk convert collections that were migrated and need a new limiting collection. The below code example checks the last modified date of the collection … and if it was changed “today” (date when the script executes), then it will set the collection to have a new limiting collection. In this example, it was setting the limiting collection to one that I had created for All Windows Workstation Clients.

# https://t3chn1ck.wordpress.com

# Site code of primary (e.g. GAL:)
Set-Location "GAL:"

# Increase the max number of collection as follows
Set-CMQueryResultMaximum 300

# Collection ID of the new limiting collection
$LimitingCollection = "GAL00003"

# Build array of all collections
$CollArray = Get-CMDeviceCollection

# Get today's date to convert collections created TODAY
# If needing to do date other than TODAY, then set static string value as MM/DD/YYYY
$Today = get-date -format d
Write-Host "Today's date: " $Today

ForEach ($Collection in $CollArray){
# Get collection ID and creation date
$CollID = $collection.CollectionID
$CollDate = $Collection.LastChangeTime.Date.ToShortDateString()

If ($CollID.StartsWith("SMS")) {
# No need to convert "out of box" collections
Write-Host "Skipped SMS Pkg ID: " $CollID -f DarkYellow
} Else {
If ($CollDate.Equals($Today)) {
If ($Collection.LimitToCollectionID.Equals($LimitingCollection)) {
# Already converted if limiting collection already matches
Write-Host "Limiting collection already set for: " $Collection.Name

} Else {
# Date match of collection with today to be converted
Set-CMDeviceCollection -CollectionId $Collection.CollectionID -LimitingCollectionId $LimitingCollection
Write-Host "Set new limiting collection for: " $Collection.Name -ForegroundColor Green
}
} Else {
# Dates that do not match today should not be converted
Write-Host "Mismatch date: " $CollDate " for " $Collection.Name -f DarkRed
}
}
}

Common IA64 .inf file names

Posted on Updated on

Since Itanium (IA64) drivers cannot be migrated from ConfigMgr 2007 into 2012, I was looking for a way to easily exclude the drivers. I considered various options and ideally I wanted a simple column that would display the Applicability > Supported Platforms.  Alas, it was not that easy.  So the best easiest route that I could come up with on short notice was to add the Drivers column for INF, and then filter based upon common IA64 .inf file names.  Below is my short list which I hope to maintain as I discover new names!

Common IA64 (ending) INF file names

  1. 645.inf
  2. 6451.inf
  3. 6064.inf
  4. 5164.inf
  5. w64.inf

For example:

INF_Example

 

Automating Jive Connects for Office

Posted on Updated on

It’s not well documented on how to deploy Jive Connects for Office (plugin software).  Digging into the MSI with Orca, I found the properties necessary for a basic unattended install/configuration.

One of the tricks is that this software is licensed per user, so it really needs to install in the user’s context and only for the user’s profile and not all profiles on the system.  The MSI property for this is


MSIINSTALLPERUSER=1

Next, the Office plugin should target the Jive website/service for your organization (see image below).  To do this, use MSI property In all, your command line should be as follows


DEFAULTSERVERURL="https://URL.jiveon.com"

So in the end, your command should be:


JiveOfficeInstaller.msi MSIINSTALLPERUSER=1 DEFAULTSERVERURL="https://URL.jiveon.com" /qn

I hope this helps :-)

jiveurl