Latest Event Updates

Scripting HKCU Changes

Posted on Updated on

In a corporate environment, distributing software can frequently be tricky.  One thing that can cause the most headaches is when there are registry changes that need to be made within the HKCU hive of any or even every user.  For example,  Apple designed QuickTime to allow every user to decide whether or not to enable automatic updates.  So this value is set in HKCU\Software\Apple Computer, Inc.\QuickTime\LocalUserPreferences\.  But in a controlled environment, you really don’t want the users doing their own thing.  So the package needs to be designed in such a way that edits the aforementioned registry key.

With SMS/SCCM, one could always build a script to make the change and configure the Program to run every time a user logs on.  I used to do it this way, but grew tired of constantly needing to monitor that the advertisement is successful and there are not alot of failures…so I became my own thinktank to figure out a new process.  What I realized is that I could use the existing WinXP registry tool (reg.exe) to make all the changes I need.

The process kind of looks like this: once there is no user logged into Windows, I run a script that

  1. Parses HKLM for every user profile
  2. Loads the discovered user’s registry hive
  3. Makes the HKCU change
  4. Unloads the user’s registry hive
  5. Moves onto the next profile

This even modifies the Default User’s profile so that anyone who logs onto the computer for the first time will already have this setting!  Rinse.  Repeat.  Done.

NOTE: If you’re looking for a sample script to delete a registry key or value, see https://t3chn1ck.wordpress.com/2012/11/12/vbscript-to-delete-hkcu-values-or-keys/

'==========================================================================
' Author: Nick Moseley, https://t3chn1ck.wordpress.com
' Comments: This script will parse all User profiles on the computer, load their  HKCU hive, 
'    then set the appropriate registry keys. 
' History: 
'    1.0 (04/07/2009) - Initial script 
'    1.1 (06/03/2009) - Added example for setting dword values based on MyITForum question
'    1.2 (06/05/2009) - Added additional comments to identify the section where to define the values to be set
'    1.3 (09/23/2010) - Corrected comment typos
'==========================================================================
Option Explicit
Const ForAppending = 8
Const HKLM = &H80000002
 
' ************************************************ 
' Configure the following values to define the HKCU keys to be set 
' ************************************************ 
Const sStringUserKey = "\Software\SampleKey"
Const sStringUserKeyValueName = "SampleValueName"
Const sStringUserKeyValue = "SampleValue" 
Const sDwordUserKey = "\Software\SampleKey"
Const sDwordUserKeyValueName = "SampleValueName"
Const sDwordUserKeyValue = "SampleValue"
' ************************************************
Dim oReg, oFSO, oFile, oUserSubkey, aUserProfiles, oShell
Dim sProfileLCase, sRegExe, sRegLoad, sRegUnload, sHiveName, sSubPath, sProfile, sValueName, sKeyPathUserProfiles, sValue, ReturnVal
Set oReg = GetObject("winmgmts:\\.\root\default:StdRegProv")
Set oShell = CreateObject ("WScript.Shell") 
Set oFSO = CreateObject ("Scripting.FileSystemObject")

' Begin configuration of existing user profiles
sValueName = "ProfileImagePath"
sKeyPathUserProfiles = "SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"
sRegExe = "C:\Windows\system32\reg.exe"
oReg.EnumKey HKLM, sKeyPathUserProfiles, aUserProfiles
For Each oUserSubkey In aUserProfiles
    sSubPath = sKeyPathUserProfiles & "\" & oUserSubkey
    oReg.GetExpandedStringValue HKLM,sSubPath,sValueName,sValue
 
    sProfile = Split(sValue, "\")
    sProfileLCase = LCase(sProfile(2))
 
    If sProfileLCase = "system32" Then
     ' Do nothing
    ElseIf sProfileLCase = "localservice" Then
     ' Do nothing
    ElseIf sProfileLCase = "networkservice" Then
     ' Do nothing
    ElseIf sProfileLCase = "serviceprofiles" Then
     ' Do nothing
    Else
     sHiveName = "TempHive_" & sProfileLCase
   
     ' Load user's profile hive into a temp location
     sRegLoad = " LOAD HKLM\" & sHiveName & " """ & sValue & "\ntuser.dat"""
     oShell.Run sRegExe & sRegLoad, 0, True
   
     ' Call subroutine to change registry key
     SetConfigUserHive (sHiveName)
   
     ' Unload user's profile hive
     sRegUnload = " UNLOAD HKLM\" & sHiveName
     oShell.Run sRegExe & sRegUnload, 0, True
    End If 
Next

' Default User Profile
sHiveName = "TempHive_DefaultUser"
sRegLoad = " LOAD HKLM\" & sHiveName & " ""C:\Documents and Settings\Default User\ntuser.dat"""
oShell.Run sRegExe & sRegLoad, 0, True
SetConfigUserHive (sHiveName)
sRegUnload = " UNLOAD HKLM\" & sHiveName
oShell.Run sRegExe & sRegUnload, 0, True
WScript.Quit ()
Sub SetConfigUserHive (sTempHive)
Dim sTempHiveStringKeyPath, sTempHiveDwordKeyPath

' Path of registry keys
sTempHiveStringKeyPath = sTempHive & sStringUserKey
sTempHiveDwordKeyPath = sTempHive & sDwordUserKey

' Create String registry key if the value doesn't already exist
If oReg.GetStringValue(HKLM, sTempHiveStringKeyPath & "\", sStringUserKeyValueName) <> 0 Then
    ReturnVal = oReg.CreateKey(HKLM, sTempHiveStringKeyPath)
End If
' Create Dword registry key if the value doesn't already exist
If oReg.GetDwordValue(HKLM, sTempHiveDwordKeyPath & "\", sDwordUserKeyValueName) <> 0 Then
    ReturnVal = oReg.CreateKey(HKLM, sTempHiveDwordKeyPath)
End If
  
' Create String value
ReturnVal = oReg.SetStringValue(HKLM, sTempHiveStringKeyPath & "\", sStringUserKeyValueName, sStringUserKeyValue)

' Create Dword value
ReturnVal = oReg.SetDwordValue(HKLM, sTempHiveDwordKeyPath & "\", sDwordUserKeyValueName, sDwordUserKeyValue)
End Sub

Duplicate SCCM Client GUIDs / Full Client Reinstall

Posted on Updated on

This was an issue that I came across from our recent upgrade from SMS 2003 to SCCM 2007.  While we were still using SMS, some systems had been cloned/p2v’d from a production system to a virtual then renamed.  It wasn’t caught at the time, but it appears SMS may have been unable to automatically give the cloned SMS clients a new GUID.  When we migrated to SCCM, these clients were fighting over which of them was the real and live system in SCCM, such that some client records would suddenly disapper from the console…then if they’re client was fixed, a different client record would disappear.

However, simply uninstalling/reinstalling the SCCM client was not resolving the issue.  After some digging around, I found a couple of utilities to help rip out the SCCM client and force a new GUID to be assigned.  I brought these utilities together and created a simple executable to coordinate the process.  This was created with the old, but very reliable, SMS Installer, the code below is for that, but can easily be rebuilt as a vbscript.

If you have any questions about this process, feel free to leave me a comment and I can respond!

  1. On your computer, download and install the SMS 2003 Toolkit v2
  2. In the directory containing your SCCM client install, create a subdirectory (such as “SOURCE”)
  3. From the Toolkit directory, copy ccmdelcert.exe and tranguid.exe to the newly created subdirectory in previous step
  4. In the SCCM client install directory, create an executable or script that does the following in order
    • Execute ccmdelcert.exe (wait for process termination)
    • Delete the file %WINDIR%\SMSCFG.ini
    • Execute ccmsetup.exe /uninstall (wait for process termination)
    • Delete directory %WINDIR%\system32\ccm\
    • Delete registry key HKLM\SOFTWARE\Microsoft\CCMSetup
    • Delete registry key HKLM\SOFTWARE\Microsoft\SMS
    • Execute ccmsetup.exe (wait for process termination)

Below is the ‘code’ for the SMS Installer executable that I built to facilitate this.

Document Type: IPF
item: Global
  Version=6.0
  Title English=Duplicate SCCM GUID Repair
  Flags=00000100
  Languages=0 0 65 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
  LanguagesList=English
  Default Language=2
  Copy Default=1
  Japanese Font Size=9
  Start Gradient=0 0 255
  End Gradient=0 0 0
  Windows Flags=00000100000000010010110000011000
  Message Font=MS Sans Serif
  Font Size=8
  Disk Filename=SETUP
  Patch Flags=0000000000000001
  Patch Threshold=85
  Patch Memory=4000
  FTP Cluster Size=20
end
item: Check Disk Space
end
item: Set Variable
  Variable=ROOT
  Value=C:
end
item: Get Environment Variable
  Variable=WINDIR
  Environment=WINDIR
end
item: Execute Program
  Pathname=%INST%\SOURCE\ccmdelcert.exe
  Flags=00000010
end
item: Delete File
  Pathname=%WINDIR%\SMSCFG.ini
end
item: Execute Program
  Pathname=%INST%\CCMSETUP.exe
  Command Line=/uninstall
  Flags=00000010
end
item: Insert Line into Text File
  Pathname=%WINDIR%\system32\ccm\temp.txt
  New Text=TEMP
  Line Number=0
  Flags=00010000
end
item: Delete File
  Pathname=%WINDIR%\system32\ccm\temp.txt
  Flags=00001100
end
item: Insert Line into Text File
  Pathname=%WINDIR%\system32\ccmsetup\temp.txt
  New Text=TEMP
  Line Number=0
  Flags=00010000
end
item: Delete File
  Pathname=%WINDIR%\system32\ccmsetup\temp.txt
  Flags=00001100
end
item: Edit Registry
  Total Keys=1
  Key=SOFTWARE\Microsoft\CCMSetup
  Root=130
end
item: Edit Registry
  Total Keys=1
  Key=SOFTWARE\Microsoft\SMS
  Root=130
end
item: Execute Program
  Pathname=%INST%\CCMSETUP.exe
  Flags=00000010
end

Troubleshooting with System Context

Posted on Updated on

When creating a Program for a Package, there are essentially two Environment options for how the Program run – with the user’s rights, or with administrative rights.  Using administrative rights will cause the program to run the command line under system context (svchost). 

I recently needed to test an install (when running under system context and when running from the SCCM server) as I was unable to visually see the behavior first hand (e.g. errors).  To do this type of testing, follow these simple instructions.

  1. Log in to Windows with an account that has admin privileges
  2. Launch cmd.exe
  3. Enter “time” and get the value. 
  4. Enter “at time+1min /i cmd” – this will open another command prompt at that time
    For example, if the time is 14:18, the value time+1min will be 14:19
  5. Once the next command prompt opens, you’ll notice that process listed in the title bar is “svchost.exe”
  6. Enter “net use z: \\servername\share”
  7. Enter credentials that have access to the share, such as your own
  8. Then change to new driver letter and then to the directory.  From there you can launch whatever .exe, .msi, script, etc, that you need visually see.

I used this process to confirm that executables and .msi files were being blocked with an Open File – Security Warning when running from a server share.

Scripting Unattended Disk Cleanup & Defrag

Posted on Updated on

I was recently tasked with automating a disk cleanup and defrag for the XP workstations in our environment. Simple enough of a task using the built-in disk cleanup and defrag. But I thought I’d share some details of how I automated them…

Disk Cleanup
Grasping how to peforming an unattended cleanup can be tricky. The first thing to understand is that selecting the various caches (Internet files, temporary files, trash, etc etc) is controlled through a “sageset”. You can think of a sageset as the configuration number which inidicates what diskclean should remove. So one could have a sageset which cleans up only trash, another sageset which cleans up trash and internet files, another sageset which cleans up all items except memory dump files, etc etc.

This sageset are DWORD values in HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\ in each subkey. For example, I want to cleanup only Internet Cache Files and assign sageset 99 to it. Within subkey “Internet Cache Files” I create the DWORD value name StateFlags0099 and give it the value 2. Then to cleanup this item, I simply run cleanmgr.exe /sagerun:99 – That’s it! To add more items to the sageset, all one needs do is add that StateFlags0000 (where the zeos are the sageset number created).

Make sense? For more information, see Q315246

Disk Defrag
Not too much doin’ here. I simply trigger defrag.exe c: -f

A neat thing about defrag is that you can first have it analyze the disk to see its fragmentation stats. Since I log SCCM installs/operations for workstations into a custom log file, I thought it would good to capture this analysis in the log file. Below is the vbscript code that I used to facilitate this…

Dim oFSO, oShell, oLogFile
Const cForAppending = 8

Set oFSO = CreateObject("Scripting.FileSystemObject")
Set oShell = CreateObject("WScript.Shell")
Set oLogFile = oFSO.OpenTextFile ("C:\CustomLog.txt", cForAppending, True)
Set oExecRun = oShell.Exec ("C:\Windows\system32\defrag.exe c: -a")

' Reads through the output of the analysis until it comes to Analysis Report...
' Then it writes the next line read into the log file
Do While Not oExecRun.StdOut.AtEndOfStream
    If oExecRun.StdOut.ReadLine = "Analysis Report                     " Then 'extra spaces after report are critical!
        oLogFile.WriteLine "  => Defrag Analysis Report:" & oExecRun.StdOut.ReadLine
    End If
Loop

oLogFile.Close

Custom Logging

Posted on Updated on

One thing that I do with my deployments is to log everything SCCM installs (on a workstation) into a custom log.  This makes it easy for others to know if something is being installed, did install, when it installed, in what order installed, and if it keeps reinstalling when it shouldn’t be.  So when someone asks “What is SMS doing to my computer?” (which is usually asked when SMS/SCCM is not actually doing anything at all), I can then point them to that custom log file to see the proof.

Virtualizing Your SCCM Test Environment

Posted on Updated on

Need a good way to virtualize your test machines for testing SCCM deployments?  Use the FREE VMWare Server!

Here is my quick guideline for getting started.

  1. Get yourself some beefy hardware.  I’m using an HP Workstation xw6600T (Intel Xeon 2.33 GHz, 12 GB memory, and 320 GB SCSI disk).
  2. Get an eSATA external hard drive configured for RAID 0 and that has eSATA and/or FireWire connections (such as http://www.wdc.com/en/products/products.asp?driveid=410).  Use this to run the bulk of your VMs on.
  3. Install your OS.  I’m using Windows Server 2008 Standard x64.
    Note: you’ll need to install an x64 OS if you have more than 3 GB of memory.

<< Update 4/15/11 – Do not use VMWare Server 2 – Win7 VMs will BSOD frequently.  Instead, consider using SCVMM  >>

  1. Download VMWare Server 2.
  2. Install VMWare Server.  During the install, it is very important to change the default ports to 80 (for HTTP) and 443 (for HTTPS).  This will save you from a headache in the long run.
  3. Download and install the VMWare vCenter Converter for converting your physical test machines to virtual machines.

Upon completion you will have a ready to use virtual environment; all you need do is convert your physical machines, launch the Server web interface, and add the new VM.  Additional information on VMWare Server, for both install and operation, can be found on the VMWare website in the VMWare Server User’s Guide.  The other cool thing is that you can remotely access the console for another computer on your network by going to http://systemname/ui

Happy virtualizing!

New Blog!

Posted on Updated on

I have long wanted to begin blogging my IT experiences with SMS 2003 and SCCM 2007.  With the frequent busyness of work, I kept putting it off….all the while I have had many things that I’ve wanted to share so that I can remember for the future.

Until now.