SCCM Books

Sunday, February 28, 2010

SCCM Vnext The Next version of SCCM 2007

The next release of Configuration Manager will focus on a few main areas:

  • Improving client management experiences through enhanced, integrated software distribution models.  The next release of Configuration Manager will provide a framework for the right application format to be delivered to the user based on who they are, the device they are using, and their connection.
  • Infrastructure improvements are also a main focus.  Optimizing site hierarchy, replication and content distribution on the backend.  For the managed client, improving client health and remediation capabilities will ensure that when a system is managed, it remains healthy and secure.  Part of this is also improving the Admin experience.  In the past we did this by reducing mouse clicks to get through an activity.  This is only part of the process.  Adding security models to enable role based administration, as well as improving the Admin console experience will ensure that Admins are more efficient everywhere.
  • In addition, other areas of focus include expanding device management scenarios, model based configuration management and improving patch management services; just a few of the places we are focused on development.


  • Now available in beta for test.. Yep i wanted to do test in my LAB from next day

ConfigMgr07 R3

ConfigMgr07 R3
 
There're 3 main areas of enhancement being made to the core capabilities of ConfigMgr: Delta Active directory Discovery has 2 main tasks.

Discovering changes to users or machines that may effect targeting. Also, periodic full scans capture users and machines last logged time, ensuring active users or systems aren't made obsolete.
Fast Collections – When a Collection Membership Rule is configured to dynamically add new resources, a few things happen. This applies to a few resources.

Those that're initially discovered, OSD provisioned systems, HW inventories scanned systems, or ConfgMgr Client version upgrades. Admin Console Improvements helps Administrator save time in their daily tasks. For example, new right click options off a resource to add to collection (existing) add to new collection, remove from collection and add resources, are all designed to save console steps.

Thursday, February 25, 2010

WDS Command prompt options to troubleshoot

WDS utilit to work from command prompt
 

C:\Windows\system32>wdsutil /allhelp
Windows Deployment Services Management Utility [Version 6.0.6001.18000]
Copyright (C) Microsoft Corporation. All rights reserved.
/Get-AllDevices                 Displays information on all pre-staged devices.
/Get-AllImageGroups             Displays information on all image groups.
/Get-AllImages                  Displays information on all images.
/Get-AllMulticastTransmissions  Displays attributes of all transmissions.
/Get-AllNamespaces              Displays attributes of all namespaces.
/Get-AllServers                 Displays information on all WDS servers.
/New-CaptureImage               Creates a WinPE image used for capturing
                                OS images.
/Disconnect-Client              Disconnects a client from a multicast
                                transmission or namespace.
/New-DiscoverImage              Creates a WinPE image used for WDS server
                                discovery.
/Add-Device                     Adds a pre-staged device.
/Get-Device                     Displays attributes of an existing device.
/Set-Device                     Changes attributes of an existing device.
/Add-Image                      Adds boot or install images.
/Copy-Image                     Copies an image within the image store.
/Export-Image                   Exports an image from the image store to a WIM
                                file.
/Get-Image                      Displays the attributes of an existing image.
/Remove-Image                   Removes a boot or install image.
/Replace-Image                  Replaces a boot or install image with a new
                                version.
/Set-Image                      Changes the attributes of an existing image.
/Get-ImageFile                  Displays information on images in a WIM file.
/Add-ImageGroup                 Adds an image group.
/Get-ImageGroup                 Displays information on an image group.
/Remove-ImageGroup              Removes an image group.
/Set-ImageGroup                 Changes the attributes of an existing image
                                group.
/Get-MulticastTransmission      Displays attributes of a a transmission.
/New-MulticastTransmission      Creates a new multicast transmission for WDS
/Remove-MulticastTransmission   Removes a multicast transmission for WDS Image.
/Start-MulticastTransmission    Starts a specified transmission.
/Get-Namespace                  Displays attributes of a namespace.
/New-Namespace                  Creates a new namespace.
/Remove-Namespace               Removes a namespace.
/Start-Namespace                Starts a specified namespace.
/Approve-AutoAddDevices         Approves pending auto-add devices of server.
/Reject-AutoAddDevices          Rejects pending auto-add devices of server.
/Get-AutoAddDevices             Displays auto-add devices on server.
/Delete-AutoAddDevices          Deletes devices in the auto-add device
                                database.
/Convert-RiPrepImage            Converts an existing RIS RIPrep image to a WIM
                                file.
/Disable-Server                 Disables all WDS services on a server.
/Enable-Server                  Enables all WDS services on a server.
/Get-Server                     Displays information on a WDS Server.
/Initialize-Server              Configures a WDS server for initial use.
/Set-Server                     Configures settings of a WDS server.
/Start-Server                   Starts all WDS services on a server.
/Stop-Server                    Stops all WDS services on a server.
/Uninitialize-Server            Reverts changes made during server
                                initialization.
/Update-ServerFiles             Updates server files on the REMINST share.
                                Image.
/Disable-TransportServer        Disables all WDS services on a Transport server.
/Enable-TransportServer         Enables all WDS services on a Transport server.
/Get-TransportServer            Displays information on a Transport Server.
                                Image.
/Set-TransportServer            Configures settings of a Transport server.
/Start-TransportServer          Starts all WDS services on a Transport server.
/Stop-TransportServer           Stops all WDS services on a Transport server.
To get help for specific command use:
     WdsUtil command /?
C:\Windows\system32>

-------------------
Thanks,

Wednesday, February 24, 2010

Tuesday, February 23, 2010

Configuration Manager 2007 SuperFlows

Configuration Manager 2007 SuperFlows

The SuperFlow interactive content model provides a structured and interactive interface for viewing documentation. Each SuperFlow includes comprehensive information about a specific Configuration Manager 2007 dataflow, workflow, or process. Depending on the focus of the SuperFlow, you will find overview information, steps that include detailed information, procedures, sample log entries, best practices, real-world scenarios, troubleshooting information, security information, animations, or other information. Each SuperFlow also includes links to relevant resources, such as Web sites or local files that are copied to your computer when you install the SuperFlow.

The following table lists the Configuration Manager 2007 SuperFlows that are available for download.

 

SuperFlow Name Description

SuperFlow for Creating SQL Server Reporting Services Report Models in Configuration Manager 2007 (http://go.microsoft.com/fwlink/?LinkId=182504)

Provides detailed steps that you can use to create a SQL Server Reporting Services report model in Configuration Manager 2007.

SuperFlow for Configuring Software Updates (http://go.microsoft.com/fwlink/?LinkId=182287)

Provides detailed steps that help you to plan for and configure software updates at a site. This SuperFlow also includes troubleshooting information and additional resources that you can use to learn more about configuring software updates in Configuration Manager 2007.

Software Update Deployment SuperFlow (http://go.microsoft.com/fwlink/?LinkId=182505)

Provides information that helps you to prepare for and deploy software updates after you configure the software updates infrastructure and synchronize software updates.

Software Updates Synchronization SuperFlow (http://go.microsoft.com/fwlink/?LinkId=182288)

Provides the detailed dataflow for the software updates synchronization process, additional resources related to software updates synchronization, and troubleshooting information



--
----------------
Thanks
----------------

Same computer with in given two collections to create new collection:--

Same computer with in given two collections to create new collection:--

SELECT     dbo._RES_COLL_A01000EE.Name, dbo._RES_COLL_A01000EF.Name AS Expr1
FROM         dbo._RES_COLL_A01000EE FULL OUTER JOIN
                      dbo._RES_COLL_A01000EF ON dbo._RES_COLL_A01000EE.MachineID = dbo._RES_COLL_A01000EF.MachineID
WHERE     (NOT (dbo._RES_COLL_A01000EF.Name IS NULL)) AND (NOT (dbo._RES_COLL_A01000EE.Name IS NULL))

--
----------------
Thanks
----------------

One other good Website for technical like my computerperfomance or petri site

One other good Website for technical like my computerperfomance or petri site
 
 
 

-------------------
Thanks,

Mike Ditka  - "If God had wanted man to play soccer, he wouldn't have given us arms."

SMS_DEF.MOF vs. Configuration.Mof

SMS_DEF.MOF vs. Configuration.Mof

SMS_Def.mof is used by Configuration Manager to create the Hardware Inventory Policy. It is where you as an administrator would change TRUE to FALSE or FALSE to TRUE to enable to disable existing classes and attributes, or if you are adding custom classes, where you would paste the customizations to the bottom of the file. Configuration.mof is where you would paste customizations to the bottom of the file. Changes made to configuration.mof are picked up by the clients and automatically compiled. It where a client finds out "how" to report on custom hardware inventory requests.

A detailed explanation may be found ––>Here<––



--
----------------
Thanks
----------------

Sunday, February 21, 2010

Google backup your emails and blogs

We are depended on many Google Services like Gmail for emails, Blogger for blogs and Google Reader for feeds for our day to day task. We can't even think about losing our Google or Gmail account. For this reason it is necessary to have offline backup of Gmail, Blogger or Google Reader account.

Unfortunately Google doesn't offer any such backup service. Here is Gookup excellent java based tool which lets you to take offline backup of Google Services. You can backup Gmail, Google Reader & Blogger blogs. Gookup is command line utility.

Google hacking at its finest..

Google hacking at its finest..

Using Google, and some finely crafted searches we can find a lot of interesting information.

For Example we can find:
Credit Card Numbers
Passwords
Software / MP3's
...... (and on and on and on) Presented below is just a sample of interesting searches that we can send to google to obtain info that some people might not want us having.. After you get a taste using some of these, try your own crafted searches to find info that you would be interested in.

Try a few of these searches:

intitle:"Index of" passwords modified
allinurl:auth_user_file.txt
"access denied for user" "using password"
"A syntax error has occurred" filetype:ihtml
allinurl: admin mdb
"ORA-00921: unexpected end of SQL command"
inurl:passlist.txt
"Index of /backup"
"Chatologica MetaSearch" "stack tracking:"

Amex Numbers: 300000000000000..399999999999999
MC Numbers: 5178000000000000..5178999999999999
visa 4356000000000000..4356999999999999

"parent directory " /appz/ -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory " DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory "Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory " Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory " MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory " Name of Singer or album -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

Notice that I am only changing the word after the parent directory, change it to what you want and you will get a lot of stuff.

METHOD 2

put this string in google search:

?intitle:index.of? mp3

You only need add the name of the song/artist/singer.

Example: ?intitle:index.of? mp3 jackson

METHOD 3

put this string in google search:

inurl:microsoft filetype:iso

You can change the string to watever you want, ex. microsoft to adobe, iso to zip etc…

"# -FrontPage-" inurl:service.pwd
Frontpage passwords.. very nice clean search results listing !!

"AutoCreate=TRUE password=*"
This searches the password for "Website Access Analyzer", a Japanese software that creates webstatistics. For those who can read Japanese, check out the author's site at: http://www.coara.or.jp/~passy/

"http://*:*@www" domainname
This is a query to get inline passwords from search engines (not just Google), you must type in the query followed with the the domain name without the .com or .net

"http://*:*@www" bangbus or "http://*:*@www"bangbus

Another way is by just typing
"http://bob:bob@www"

"sets mode: +k"
This search reveals channel keys (passwords) on IRC as revealed from IRC chat logs.

allinurl: admin mdb

Not all of these pages are administrator's access databases containing usernames, passwords and other sensitive information, but many are!

allinurl:auth_user_file.txt
DCForum's password file. This file gives a list of (crackable) passwords, usernames and email addresses for DCForum and for DCShop (a shopping cart program(!!!). Some lists are bigger than others, all are fun, and all belong to googledorks. =)


intitle:"Index of" config.php
This search brings up sites with "config.php" files. To skip the technical discussion, this configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base. This file gives you the keys to that forum, including FULL ADMIN access to the database.

eggdrop filetype:user user
These are eggdrop config files. Avoiding a full-blown descussion about eggdrops and IRC bots, suffice it to say that this file contains usernames and passwords for IRC users.

intitle:index.of.etc
This search gets you access to the etc directory, where many many many types of password files can be found. This link is not as reliable, but crawling etc directories can be really fun!

filetype:bak inurl:"htaccess|passwd|shadow|htusers"
This will search for backup files (*.bak) created by some editors or even by the administrator himself (before activating a new version).
Every attacker knows that changing the extenstion of a file on a webserver can have ugly consequences.

Let's pretend you need a serial number for windows xp pro.

In the google search bar type in just like this - "Windows XP Professional" 94FBR

the key is the 94FBR code.. it was included with many MS Office registration codes so this will help you dramatically reduce the amount of 'fake' porn sites that trick you.

or if you want to find the serial for winzip 8.1 - "Winzip 8.1" 94FBR

Credits and More Info
http://johnny.ihackstuff.com
{mos_sb_discuss:18}


-------------------
Thanks,

Marie von Ebner-Eschenbach  - "Even a stopped clock is right twice a day."

Thursday, February 18, 2010

For inboxes information to export to excel for single system complete list

Script for complete Inboxes checks to export the results to Excel file

sStartPath = "\\your sccmservername\SMS_smssitecode\inboxes\"
Set oFSO = CreateObject("Scripting.FileSystemObject")

Set objExcel = CreateObject("Excel.Application")
objExcel.Visible = True
objExcel.Workbooks.Add
intRow = 2

objExcel.Cells(1, 1).Value = "Directory"
objExcel.Cells(1, 2).Value = "Count"

ListFolders(sStartPath)

Sub ListFolders(sPath)
Set oFolder = oFSO.GetFolder(sPath)
objExcel.Cells(intRow, 1).Value = oFolder.Path
objExcel.Cells(intRow, 2).Value = oFolder.Files.Count
intRow = intRow + 1

For Each oFldr In oFolder.SubFolders
ListFolders oFldr.Path
Next
End Sub

Set sStartPath = Nothing
Set objExcel = Nothing

objExcel.Range("A1:B1").Select
objExcel.Selection.Interior.ColorIndex = 19
objExcel.Selection.Font.ColorIndex = 11
objExcel.Selection.Font.Bold = True
objExcel.Cells.EntireColumn.AutoFit

Delete script for bad inboxes files for SMS / SCCM

Delete script for bad inboxes files for SMS / SCCM
 
 
 
 
 
save the above as .bat or .cmd file and run it. You need to replace the server name with sccm server name and site code
-------------------
Thanks,

Jonathan Swift  - "May you live every day of your life."

FOR INBOXES SCRIPT DEVELOPED BY me...

FOR INBOXES SCRIPT DEVELOPED BY me...
 
 
 
date /t >>"D:\SCCM Team\Daily_checks_archive_Reports\INBOXES\BACKLOGS.txt"
ECHO dc1 >>"D:\SCCM Team\Daily_checks_archive_Reports\INBOXES\BACKLOGS.txt"
diruse /* /m "\\MYSCCMSERVERNAME\d$\Program Files (x86)\Microsoft Configuration Manager\inboxes" >>"D:\SCCM Team\Daily_checks_archive_Reports\INBOXES\BACKLOGS.txt"

date /t >>"D:\SCCM Team\Daily_checks_archive_Reports\INBOXES\BACKLOGS.txt"
ECHO P01 >>"D:\SCCM Team\Daily_checks_archive_Reports\INBOXES\BACKLOGS.txt"
diruse /* /m "\\MYSCCMSERVERNAME2\d$\Program Files (x86)\Microsoft Configuration Manager\inboxes" >>"D:\SCCM Team\Daily_checks_archive_Reports\INBOXES\BACKLOGS.txt"
date /t >>"D:\SCCM Team\Daily_checks_archive_Reports\INBOXES\BACKLOGS.txt"
ECHO P02 >>"D:\SCCM Team\Daily_checks_archive_Reports\INBOXES\BACKLOGS.txt"
diruse /* /m "\\MYSCCMSERVERNAME3\d$\Program Files (x86)\Microsoft Configuration Manager\inboxes" >>"D:\SCCM Team\Daily_checks_archive_Reports\INBOXES\BACKLOGS.txt"
date /t >>"D:\SCCM Team\Daily_checks_archive_Reports\INBOXES\BACKLOGS.txt"
ECHO P03 >>"D:\SCCM Team\Daily_checks_archive_Reports\INBOXES\BACKLOGS.txt"
diruse /* /m "\\MYSCCMSERVERNAME4\d$\Program Files (x86)\Microsoft Configuration Manager\inboxes" >>"D:\SCCM Team\Daily_checks_archive_Reports\INBOXES\BACKLOGS.txt"

date /t >>"D:\SCCM Team\Daily_checks_archive_Reports\INBOXES\BACKLOGS.txt"
ECHO P04 >>"D:\SCCM Team\Daily_checks_archive_Reports\INBOXES\BACKLOGS.txt"
diruse /* /m "\\MYSCCMSERVERNAME5\d$\Program Files (x86)\Microsoft Configuration Manager\inboxes" >>"D:\SCCM Team\Daily_checks_archive_Reports\INBOXES\BACKLOGS.txt"
 
 
You need to download the DIRUSE.exe file or get it from 2k3 support tools
-------------------
Thanks,

Pablo Picasso  - "Computers are useless. They can only give you answers."

For Windows 2003 Server Event viewer archive script

For Windows 2003 Server Event viewer archive script, FYI! in 2k8 you can set archive option but not in 2k3 or below 2k8 servers
 
strArchiveFolder = "C:\BckEvt"
ServerName = "."
Set WS = CreateObject("Wscript.Shell")
Set FSO = CreateObject("Scripting.FileSystemObject")
DateString = CurrentDate()
Purge = True
on error resume next
StartTime = Now
Output "---------------------------------"
OutPut "Started at: " & CStr(Now)
Output ""
Set System = GetObject("winmgmts:{(Backup,Security)}\\" & ServerName & _
"\root\CIMV2")
If Err.Number = 0 Then
Set colLogs = System.ExecQuery("select * from Win32_NTEventLogFile",,48)
For Each refLog In colLogs
LogName = ServerName& "_" & LogFileName(refLog.LogFileName) & _
"_" & DateString
If FSO.FileExists(strArchiveFolder & "\" & LogName & ".evt") Then _
FSO.DeleteFile(strArchiveFolder & "\" & LogName & ".evt")
If Purge Then
RetVal = reflog.ClearEventlog(strArchiveFolder & "\" & LogName & ".evt")
Else
RetVal = reflog.BackupEventlog(strArchiveFolder & "\" & LogName & ".evt")
End If
If RetVal = 0 Then
Output vbTab & "Log was archived in .evt format: " & LogName & ".evt"
If Purge Then Output vbTab & "All events were cleared from the log"
Else
Output vbTab & "Error while archiving in .evt format."
End If
Next
Else
Output vbTab & "Failed connect to the server"
End If
Set colLogs = Nothing
Set refLogs = Nothing
Set System = Nothing
Output "----------------------------------------"
OutPut "Finished at: " & CStr(Now)
Output ""
Output ""
Set WS = Nothing
' FullLog.Close ???FullLog=unknown
Set FullLog = Nothing
Set FSO = Nothing
Function CurrentDate
Today = Date
If Month(Today) < 10 Then
CurrentDate = "0" & CStr(Month(Today))
Else
CurrentDate = CStr(Month(Today))
End If
If Day(Today) < 10 Then
CurrentDate = CurrentDate & "0" & CStr(Day(Today))
Else
CurrentDate = CurrentDate & CStr(Day(Today))
End If
CurrentDate = CurrentDate & CStr(Year(Today))
If Hour(Time) < 10 Then
CurrentDate = CurrentDate & "0" & CStr(Hour(Time))
Else
CurrentDate = CurrentDate & CStr(Hour(Time))
End If
End Function
Function LogFileName(LogName)
Select Case LogName
Case "Application"
LogFileName = "app"
Case "Directory Service"
LogFileName = "dir"
Case "DNS Server"
LogFileName = "dns"
Case "File Replication Service"
LogFileName = "rep"
Case "Security"
LogFileName = "sec"
Case "System"
LogFileName = "sys"
End Select
End Function
Sub Output(Text)
' wscript.echo text
' FullLog.writeline text ???FullLog=unknown
End Sub
 

-------------------
Thanks,

Mike Ditka  - "If God had wanted man to play soccer, he wouldn't have given us arms."

Tuesday, February 16, 2010

Tool to create MOF file

Tool to create MOF file
 
 

Mark Cochrane (System Center Configuration Manager MVP) released an excellent tool to assist with your custom MOF snippet creations, RegkeyToMof.  Grab it from here: http://www.myitforum.com/inc/upload/12336RegKeyToMOF.zip

To use it, Run regkeytomof on a box which has the regkeys you want to gather, and browse in the top window to the Regkey Location, until you see the keys & values you want on the right.  Then below in the middle-right, give it a ClassGroup (like CUSTOM) and a ClassName (this must be unique for each custom mof edit you do--but the ClassGroup of CUSTOM can always be CUSTOM) then just copy & paste the results for configuration mof & sms_def.mof
If there are values that you don't want to see in your database, before you save sms_def.mof, just change those from TRUE to FALSE.  (Leave them defined, but change to FALSE, it needs to be consistent)

For example, I've been meaning to make up a Microsoft Forefront client mof edit, similar to the ones available for McAfee and Symantec, for client AV signature info.  Mark's tool made it much easier.  If you look at the below screenshot, I just browsed until I found the regkeys I wanted (in Software\Microsoft\Microsoft Forefront\Client Security\1.0\AM\Signature Updates.  On the right, I could see there were entries for AVSignatureVersion and ASSignatureVersion.  Looks like just what I wanted!

In the middle, I changed the Classgroup to CUSTOM.  I always use CUSTOM for my custom edits.  That helps me to differentiate anything I've done from a 'real' mof snippet from Microsoft.  If you like, you could use any name; but I would keep it short and consistent, and no spaces.  i.e., if you work for ACME Corporation, use something like ACMECorp.  For ClassName, this must be unique for each custom edit you make.  For example, let's say that one day there will be a Microsoft Forefront version 2.0, and that clients' info goes into a completely different area of the registry.  But for a time, I might need to gather both 1.0 keys and 2.0 keys.  So I couldn't call both of the ClassNames "MSForefront".  That's why in my sample I called it MSForefront1, anticipating that one day there will be a MSForeFront2 I'll want to have.  Also, for the ClassName, no spaces.  And don't use _ i.e., don't use MS_ForeFront_1.0.  I think you *can* use them, but in some places within your database tables/views, you might end up with double _; that just feels messy to me.  So avoid the whole thing and don't use spaces or underscores.  AND keep it short. 

So, cool; I've got my edits.  I'm using Configuration Manager, so I need the results from the SCCM Configuration.mof and SCCM sms_def.mof.  Now, to check them.  Hm... do I really need AVSignatureApplied?  I could, I suppose.. but if I *do* want them, if I actually go look at the registry, those binary values are multi binary, not just 1 entry for binary of 0 vs 1.  It's hard to programmatically see that with regkeytomof, so it's not already set to be multi; but if I DID want to gather that info, I just need to add the [] to those entries.  But actually... those values don't really mean much to me.  They aren't in any kind of calendar date format that makes sense to me.  So I would likely just change those from TRUE to FALSE anyway.  So I'd end up with this.  And it only took me about 10 minutes to get that edit together, and make decisions about TRUE vs. FALSE.  Easy!

// configuration.mof for MS Forefront 1.0 Client Signatures
#pragma namespace ("\\\\.\\root\\cimv2")
#pragma deleteclass("MSForeFront1", NOFAIL)
[DYNPROPS]
Class MSForeFront1
{
[key] string KeyName;
String EngineVersion;
String AVSignatureVersion;
String ASSignatureVersion;
Boolean ASSignatureApplied[];
Boolean AVSignatureApplied[];
String SignatureLocation;
};
[DYNPROPS]
Instance of MSForeFront1
{
keyname="SystemCenter.fr";
[PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Microsoft Forefront\\Client Security\\1.0\\AM\\Signature Updates|EngineVersion"),Dynamic,Provider("RegPropProv")] EngineVersion;
[PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Microsoft Forefront\\Client Security\\1.0\\AM\\Signature Updates|AVSignatureVersion"),Dynamic,Provider("RegPropProv")] AVSignatureVersion;
[PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Microsoft Forefront\\Client Security\\1.0\\AM\\Signature Updates|ASSignatureVersion"),Dynamic,Provider("RegPropProv")] ASSignatureVersion;
[PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Microsoft Forefront\\Client Security\\1.0\\AM\\Signature Updates|ASSignatureApplied"),Dynamic,Provider("RegPropProv")] ASSignatureApplied;
[PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Microsoft Forefront\\Client Security\\1.0\\AM\\Signature Updates|AVSignatureApplied"),Dynamic,Provider("RegPropProv")] AVSignatureApplied;
[PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Microsoft Forefront\\Client Security\\1.0\\AM\\Signature Updates|SignatureLocation"),Dynamic,Provider("RegPropProv")] SignatureLocation;
};

//sms_def.mof for MS Forefront 1.0 Client Signatures
#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
#pragma deleteclass("MSForeFront1", NOFAIL)
[SMS_Report(TRUE),SMS_Group_Name("MSForeFront1"),SMS_Class_ID("CUSTOM|MSForeFront1|1.0")]
Class MSForeFront1: SMS_Class_Template
{
[SMS_Report(TRUE),key] string KeyName;
[SMS_Report(TRUE)] String EngineVersion;
[SMS_Report(TRUE)] String AVSignatureVersion;
[SMS_Report(TRUE)] String ASSignatureVersion;
[SMS_Report(FALSE)] Boolean ASSignatureApplied[];
[SMS_Report(FALSE)] Boolean AVSignatureApplied[];
[SMS_Report(FALSE)] String SignatureLocation;
};

 


--
----------------
Thanks
----------------

Tools and Utilities for ConfigMgr / SCCM 2007 Including beta's

 
 

  • SccmAutoDoc Kim Oppalfens, who is a SCCM MVP, has released a neat utility called SccmAutoDoc. SccmAutoDoc is a command line utility that automatically documents an SCCM site into a human-readable form with minimal user input. Only the useful information is included, as opposed to items that are largely used internally.

  • SMSNotify SMSNotify, by myITforum member Dan Thompson, presents the user with an informative screen that lets them know a package will install at a scheduled time and allows the user to postpone the installation for a future time. Many, many other features and options.


  • ENGL Zwlancfg - ENGL. ENGL Zwlancfg is a tool that simplifies the unattended deployment of Microsoft wireless network settings to Windows XP and Vista machines. Profiles can be created, deleted, exported and imported. Zwlancfg can be run from the command line or from the Microsoft System Center Configuration Manager (SCCM) Task Sequence Plugin.

  • ConfigMgr Branch DP Add - ddelgado1 on CodePlex. BDPAdd is a tool that will bulk add protected branch distribution points to a ConfigMgr 2007 (SCCM) hierarchy. There is currently not a way, in the ConfigMgr console, to add multiple protected Branch distribution points at once. This tools attempts to address that problem. (Note: The tool could be easily modified, if needed, to add unprotected branch DPs. I needed protected Branch DPs though, so that's what I wrote this for.

  • ConfigMgr Site Bound Tool - ddelgado1 on CodePlex. SiteBound is a tool that allows bulk addition of boundaries to ConfigMgr (SCCM ) sites. Adding boundaries through the ConfigMgr console can be tedious if adding more than a handful. Previously for SMS 2003 there was the Siteboun.exe tool which solved this problem, however, to my knowledge there is not a version of this tool available for ConfigMgr 2007. If there is, then oh well I still learned something.

  • Coretech SCCM Manager - Freeware- Coretech A/S
    Formerly known as "Coretech Application Creator for SCCM" This utility is developed based on many years of experience with Microsoft System Management Server now System Center Configuration Manager. Our mission is to streamline every aspect of the package creation process thus making the daily administration of the system smarter. In the latest version you'll also find functionality to prestage computers and configure variables used in the image deployment process.

  • ConfigMgr MP Policy Checker - Vincent Dipippo - I have written a tool that will allow you to select a policy and then check that policy via HTTP pulls to all of the MPs. The tool is multi-threaded for performance and works well in large environment.

  • 1E Migration Tool - This tool is designed to allow an SMS Administrator to Migrate all or selected packages and programs from his SMS environment into a System Center Configuration Management (ConfigMgr) environment. The tool has the following features: The Migration of Package and Program details along with source files; Renaming of Package and Program names during migration; Direct transfer of packages from your SMS site to ConfigMgr; Export to flat file structure from SMS site and Import into ConfigMgr from flat file; Exporting of SMSNomad command line settings to new ConfigMgr Nomad tab settings.

  • ConfigMgr Collection Query Rule Embedded Reference Checker - The tool enumerates all existing site codes, collections, and query rules on that server. It then uses regular expressions to detect probable collection references (i.e. any site code followed by 5 hex digits). There is also a special case for the built-in collections, which do not correspond to a site code (starting instead with SMS) and do not conform to the strict standard for user-created collections (e.g. SMSDM001, SMS000GS, etc.) Finally, it cross-references those collection IDs to the actual list of collections and includes them by ID and name for review. Any collection ID that is found in a rule but not in the collections enumerated from the server is reported as "**** Unknown ****". You can search the output for this to identify bad references.

  • ConfigMgr Package Distribution Health Browser - While the console is quite functional in checking the distribution status of packages in general, I wrote a tool that helps administrators zero in on package replication issues much more quickly. First, it accesses the associated views in the database directly, which makes it much faster to get at this information than the console, which is a front-end to the ConfigMgr WMI provider. Second, it offers some sorting and filtering options that highlight the replication issues much more efficiently than reviewing the total status for every package individually.



  • 1E's Service Window Provides a graphical interface that allows an administrative user to view, add, edit and delete maintenance windows (service windows) on a selected target computer. Maintenance windows define times during which Microsoft System Center Configuration Manager 2007(ConfigMgr) can apply advertisements and software update deployments to the specified computer. If no windows are specified then the computer can receive advertisements at any time. Administrators may assign advertisements outside any maintenance windows irrespective of what has been set.

  • Collection Commander 1.3.1 by Roger Zander

    Initiate SMS 2003 advanced client actions on a collection: Ping,WakeUp,HW/SW Inventory,ReRun Advertisements,Show logged on user,Download/Refresh Policy,Repair SMS Agents,Import Clients to the Collection.



  • SMS Server Tools 0 2 2 - By Bernard White

    Suite of 7 tools including: 1. Management Point Ping (mpping.exe), 2. Site Information (siteinfo.exe), 3. Package Information (pkginfo.exe), 4. Distribution Point Mod (dpmod.exe), 5. Site Control File Check (scfcheck.exe), 6. Site Services (sitesvc.exe), 7. Collection Membership (cmember.exe). For more info see: http://netplantation.com


  • SCCM 2007 GUID assistant by Greg Ramsey

    Use this utility on a TEST SCCM 2007 site to help you identify the desired GUID required to extend the SCCM 2007 console.


  • SMS Site Status SideBar Gadget by fmerizalde130

    This is the first of several Windows Vista SideBar Gadgets for providing SMS\SCCM information. This gadget, once configured will provide SMS Site Status.

  • Program files application Blocker by rtruss

    A small util to add blank files to the program files dir and remove permissions for local administrators, everyone and users groups and then add domain admins and whatever group you would like to add as well.



  • Dell Client Configuration Utility (DCCU)

    Dell Client Configuration Utility (DCCU) is an application that you can use to obtain or configure BIOS settings. You can also restart or shut down the system or flash the BIOS with DCCU.

  • SMSMap

    Create Visio drawings of any combination of ConfigMgr 2007 and SMS 2003 Site Servers. Source: Tondware



  • Enhanced System Discovery 2007 by System Center Tools

    Provides a number of capabilities to improve your level of integration and synchronization with Active Directory.

  • InventoryManager 2007 by Dudeworks

    Inventory Manager (INVMAN) allows administrators to easily extend, customize and edit asset inventory for System Center Configuration Manager 2007 and SMS 2003.

  • ConfigMgr Branch Distribution Point Bulk Add Tool CodePlex Project

    BDPAdd is a tool that will bulk add protected branch distribution points to a ConfigMgr 2007 (SCCM) hierarchy. There is currently not a way, in the ConfigMgr console, to add multiple protected Branch distribution points at once. This tools attempts to address that problem.



  • SMS/SCCM Peer2Peer AddOn by Roger Zander

    SMSTorrent is a Peer2Peer AddOn for SMS2003/SCCM2007 Clients. SMS/SCCM Clients are able to share the local Package cache with other Clients using the BitTorrent filesharing protocol.

  • MIFCheck - MIFChecker allows you to verify a .MIF file (SMS 2.0 inventory file) for errors.

  • Right-click Collection Listing by Matt Hudson

    Right click on a computer or user and see what collection that resource is in as well as what maintanence window is associated with it.


  • SCAP Conversion Tool for Desired Configuration Manager Microsoft

    The SCAP Conversion Tool for DCM converts Security Content Automation Protocol (SCAP) files into DCM Configuration Packs and indicates gaps in a log file that can result from the conversion process. Use the Configuration Packs in combination with the desired configuration management (DCM) feature in Microsoft System Center Configuration Manager 2007 to monitor compliance with the SCAP baseline.

  • WQL Analyzer - Browse classes, properties, qualifiers; run WQL queries (locally or remotely); save results as XML or HTML; connect to remote computer; export class description to XML or HTML; automatically generate the "SELECT" query (double click on class name).



Scripts







  • Verify AMT certificates - Steve Rachui's Manageability blog. The CertValidator.vbs utility is designed to run on Windows 2003 and Windows 2008 servers.

Queries




Reports




Configuration Packs





Misc.





  • SCCM 2007 Capacity Planner

    Here is an updated Capacity Planner to work with SCCM 2007. This is not fully completed as it is a work in progress. But it has updated terminology and hardware recommendations which may be helpful to some people. The bandwidth used calculations are not updated although you can manipulate the data to give an estimation.


Ron Crumbaker Web Remote Tools 3.21 Customizations or Additional buttons




































add your own right click option / extend the SCCM Tools Right click tools

This guide will show you how you can extend the SCCM Tools avavable from here: http://myitforum.com...figMgrTools.zip

If you don´t have this toolkit installed. Download it and install it before continuing.

This is how they look by default:
Attached Image

The actions with this package are not stored within the regestry anymore. Instead they are stored in xml files instead.
These are located on this path: <SCCM Console install directory>\AdminUI\XmlStorage\Extensions\Actions\7ba8bf44-2344-4035-bdb4-16630291dcf6\
Attached Image

Begin with backing up all of these xml files to a diffrent location. just in case you ever wan´t to go back to the originals.

Now lets say we wan´t to add a custom action below the client actions node:
Attached Image

Then open Client Actions.xml with notepad
Attached Image

Scroll to the bottom of the script an input a new "chunk" of code. You can just code one of the above chunks and then edit.
Resized to 99% (was 1371 x 712) - Click image to enlargeAttached Image

As you can see i have pasted in a new chunk of code (marked in blue) and edited the name.

This will give me another option for evaluating the user policy...
Attached Image


But i could also customize this to work with other scripts to make my custom action do something else..
To do this just edit the <FilePath> and <Parameters> values.

If you need to edit any of the other categories just open the xml file for this category (all stored within "<SCCM Console install directory>\AdminUI\XmlStorage\Extensions\Actions\7ba8bf44-2344-4035-bdb4-16630291dcf6")

Enjoy! B)

--
----------------
Thanks
----------------

Troubleshooting:Add Trace32.exe to BOOT File "boot.wim" to read the logs in trace32

This tip is great for incorporating Trace32.exe to your boot.wim for troubleshooting.


Create folders and populate with file(s)

Create a folder on your SCCM server called Extrafiles, put two blank folders in there called windows\system32

copy the trace32.exe file to the system32 folder you just created above (you can copy more than this if you wish, but for this tip this is sufficient)

Attached Image



Create a new boot image

In Operating System Deployment, right click on boot images, and choose create boot image using microsoft deployment.

Attached Image

Point the Package Source to blank shared folder on your network.

Attached Image

Fill in the General Settings

Attached Image


For Image Options, use the Extrafiles folder you created above as 'extra' directories to add

Attached Image

click next and the boot image will be created (takes some time).

Note: if you get this error "Error while importing Microsoft Deployment Toolkit task sequence. Details: the ConfigMgr reported an error" then grant SYSTEM account full permissions on your network share that you are creating the boot.wim file in.

Attached Image


Using the new boot image

Dont forget to add network drivers to your boot.wim and finally dont forget to create a new Distribution Point and update it.

When you are troubleshooting image deployment you can switch to this debug boot.wim by right clicking on a Task Sequence and choose properties, click on the Advanced tab and change the boot image to the one you've just created.

Resized to 98% (was 833 x 506) - Click image to enlargeAttached Image


Now when you press F8 to troubleshoot you can bring Trace32 up to read the logs right there in your deployment.

--
----------------
Thanks
----------------

Troubleshooting:Ride of PXE Boot aborted

Troubleshooting:Ride of Pxeabord message

The first approch would be ....Cleare the PXE advertisement from the collection or by selecting the computer " Clear Last PXE Advertisement"

If you still get the abort message like below then...


Downloaded WDSNBP

Architecture: x64

The details below show the information relating to the PXE boot request for this computer. Please provide these details to your Windows Deployment Services Administrator so that this request can be approved.

Pending Request ID: 45

Contacting Server: 192.168.3.1.

TFTP Download: smsboot\x64\abortpxe.com

PXE Boot aborted. Booting to next device...

Deleting the advertisement and re-advertising it
Restarting WDS and DHCP service
Restarting SCCM server
if not reimport the information to the colllection by direct membership method or computer association option

-Hope this help you




--
----------------
Thanks
----------------

yep now Microsoft(R) System Center Configuration Manager 2007 Dashboard

 
 
 

SMS reports
added Asset and other reports to the collections
SCCM reports added
SQL Server Reporting services added to enchance the reports and now what???
yep now Microsoft® System Center Configuration Manager 2007 Dashboard

About the Configuration Manager Dashboard

IT Challenges

IT administrators and IT support staff need easier access to key information about software and operating system deployments, client health, and compliance with regulations.  They must ensure that their systems and software meet the configuration requirements established for the organization.  And they need the ability to track this information without having access to a System Center Configuration Manager console.

Solution

The Microsoft System Center Configuration Manager 2007 Dashboard lets customers track application and operating system deployments, security updates, the health status of computers, and IT compliance with key regulations—with an easy to use, customizable Web interface.  Because the Dashboard is built on Windows® SharePoint® Services, IT staff can access information without using the Configuration Manager console. The Dashboard is a free Solution Accelerator, and fully supported by Microsoft.

Key features of the Dashboard include:

  • Easy access to key information without using the Configuration Manager console  
  • Centralized view of Configuration Manager data sets
  • Data can be viewed in graph, table, or Dundas gauge formats
  • You can create custom dashboards for different departments, based on site user's group membership.

Join the Beta Program for the Dashboard

The Configuration Manager Dashboard is now in Beta release (English only).  Click here to join the beta.

Link: https://connect.microsoft.com/InvitationUse.aspx?ProgramID=4505&InvitationID= SCD-BGMB-FK9M&SiteID=14

How the Dashboard Works

The Configuration Manager Dashboard is designed to work with an existing Configuration Manager 2007 infrastructure. The Dashboard queries the Configuration Manager site database and uses the resulting data set to present key infrastructure metrics in a graphical format.

The Configuration Manager Dashboard uses SharePoint Web parts to manage and display data sets:

  • Microsoft Dashboard Configuration Web Part. Use this Web part to create and modify the SQL queries that produce the data sets and the other properties that govern how the Dashboard displays the data sets.
  • Microsoft Dashboard Viewer Web Part. Use this Web part to display the data sets. A Dashboard Viewer Web Part displays one data set at a time. The Configuration Manager Dashboard can contain multiple copies of the Dashboard Viewer Web Part at once, each copy displaying a different data set.

The following figure shows how users can interact with the Web parts to retrieve and display data.

Ff369719.image1(en-us,TechNet.10).jpg

Figure 1. Configuration Manager Dashboard Process Flow

The Configuration Manager Dashboard process flow involves the following sequence of activities:

  1. An IT Service Manager requests a new data set.
  2. The IT Administrator uses the Dashboard Configuration Web Part to define the new data set.
  3. The IT Administrator stores the configuration information for the new data set (the information is saved in the Windows SharePoint Services Content database).
  4. The IT Administrator adds a new copy of the Dashboard Viewer Web Part to the default Configuration Manager Dashboard and then modifies the Web part to display the new data set.
  5. The IT Service Manager browses to the Configuration Manager Dashboard site.
  6. Windows SharePoint Services queries the Configuration Manager site database as specified by the data set configuration.
  7. Windows SharePoint Services renders the new data set using the Dashboard Viewer Web Part.

Requirements for the Configuration Manager Dashboard

The Configuration Manager Dashboard integrates with an already functioning deployment of System Center Configuration Manager 2007 and has no additional infrastructure requirements. It is assumed that Configuration Manager 2007 and the Configuration Manager site database are configured in accordance with Microsoft installation guidance.

The following table lists software requirements for the Configuration Manager Dashboard.

Table 1. Configuration Manager Dashboard Software Requirements

Infrastructure

Resource

Operating System

  • See requirements for Configuration Manager 2007

Software

  • Configuration Manager 2007 R2 or SP2
  • Windows SharePoint Services 3.0 SP2

    Note   Microsoft Office SharePoint Server 2007 SP2 is supported as an alternative to Windows SharePoint Services 3.0.

  • Microsoft SQL Server® 2008
  • Microsoft .NET Framework 3.5

Browser

  • Microsoft Internet Explorer® 7.0 or Internet Explorer 8.0.

Note   For more information about the software requirements for the Configuration Manager Dashboard, see the appropriate sections in the System Center Configuration Manager 2007 Dashboard: User Guide or the System Center Configuration Manager 2007 Dashboard release notes.



--
-------------------
Thanks,

Monday, February 8, 2010

Powershell Command R

In Ps you used some commands and you want to recall your last used command, then simply type "r" without codes, that's all it will repeat the last command

-------------------
Thanks,

Pablo Picasso  - "Computers are useless. They can only give you answers."

opps!! I forgot my basics...Keyboard Symbols

The following chart displays the character symbols, name and Latin-1 number on a standard keyboard in their approximate position on the keyboard. Most characters from any Roman based language can be created on any computer using the American Standard Code for Information Interchange or ASCII using a single byte. Most computers and software also recognized American National Standards Institute's (ANSI) formatting standards as well
 
~ tilde (rhymes with Hilda)
! exclamation mark
@ I just know it as the 'at' symbol
# hash
$ dollar (don't tell me you didn't know that one. ;-D )
% per cent
^ caret (I think that's the correct spelling and I think it's pronounced cah (as in cat) and then ray so cah-ray)
& ampersand
* asterisk
( left bracket
) right bracket
_ underscore
- hyphen
= equals
+ plus (bet you had to go to school to learn the last two - lol)
{ left parenthesis
} right parenthesis (these are also called "curly brackets")
[ forgotten
] also forgotten but it's the right one! I think they are just known as square brackets but do have a proper name.
| pipe - the picture on the key looks like two lines, one above the other.
\ backslash
: colon
; semi-colon
" inverted comma
' apostrophe
< left angled bracket or left chevron
> right angled bracket or right chevron
, comma
. fullstop
? question mark
/ slash

-------------------
Thanks,

Mike Ditka  - "If God had wanted man to play soccer, he wouldn't have given us arms."

Sunday, February 7, 2010

PowerShell: File cannot be loaded because the execution of scripts is disabled on this system error in PowerShell

File cannot be loaded because the execution of scripts is disabled on this system error in PowerShell


SOLUTION:

The reason for this error is the security setting on your pc that does not allow you to execute a script.  This is the so-called Execution Policy. By default, the Execution Policy is set to Restricted. This setting means that you may not run any PS1 script at all.

An overview of the policy levels:

Restricted: Individual cmdlets can run, but not saved Powershell scripts. This is the default setting.
AllSigned: Scripts can run, but must have a digital signature even if written on the local computer. Prompts you before running scripts from trusted publishers.
RemoteSigned: Scripts written on the local computer do not need a digital signature, but any script downloaded from outside (email, IM, Internet) must have a signature to execute. 
Unrestricted: Any script can run, but scripts downloaded from outside will run with a warning.

If you're working on a desktop and just experimenting with PowerShell, the best is to set the policy-level to Unrestricted. This allows you do everything with annoying security boundaries. Just be careful not to run every script you download from the internet :)
If you're working in a production environment and only want to run self-written scripts, the RemoteSigned level should be loosy enough.

To change the Execution Policy to Unrestricted, type the following command in Powershell

Set-ExecutionPolicy Unrestricted

To change the Execution Policy to RemoteSigned (to run your own scripts), type the following command in Powershell

Set-ExecutionPolicy RemoteSigned

If you have any question left, feel free to leave a comment. By choosing to be informed when someone posts a reply, you will immediately receive an email after someone replies


-------------------
Thanks,

ADST and AD Daily health Checks

 Active Directory Snapshot Tool (ADST)

ADST tools is the one like MBSA it checks everything about AD healthchecks.

Below are the complete tools for AD health checks

Test

Frequency

AD Convergence

Daily

DCDiag – General

Daily

FRS Convergence

Daily

Performance Info

Daily

Replication Status

Daily

Account Policies

Weekly

Backup Status

Weekly

Database Info

Weekly

DCDiag – DNS

Weekly

DNSLint

Weekly

DNS Information

Weekly

Event Logs

Weekly

Exchange DSAccess

Weekly

GPOTool

Weekly

IP Information

Weekly

Large Groups

Weekly

OS Information

Weekly

Replication Configuration

Weekly

Site Configuration

Weekly

Subnet Information

Weekly

SYSVOL Information

Weekly

Time Configuration

Weekly

WINS 1B and 1C

Weekly

AD Object Count

Monthly

Forest / Domain Information

Monthly

Machine Account Info

Monthly

Orphaned GPTs

Monthly

Partition ACLs

Monthly

Security Updates

Monthly

Unlinked GPOs

Monthly

User Account Info

Monthly

Account Lockouts

As needed

ADST Dependencies

As needed


-------------------
Thanks,

Pablo Picasso  - "Computers are useless. They can only give you answers."