June 2011 Archives

Configuration Manager 2012 Documentation Library

| No Comments


It's been a great time here at the U and I'll cherish all the wonderful people I've had the pleasure of meeting during my tenure.  I'm amazed at what we've been able to accomplish in a little under four years!  We started fresh with a ConfigMgr 2007 SP1 install in the summer of 2008 and have grown from the first client to just under 13,000 computers under management now, quite amazing for an opt-in service!  Let's enjoy that today, and then tomorrow start encouraging those who don't have their computers in ConfigMgr to add them (yes, this will be my last push to get computers in ConfigMgr)! 

We started a University packaging community in that same summer in 2008 with some interested partners throughout the U that focused on packaging applications.  We have since grown into a large, flourishing computer management community that has task forces and subcommittees focusing on, but not limited to: OSD, DCM, Group Policy, WoL, user rights elevation (completed), and 64bit software.

I encourage you all continue to strive for computer management standardization and aggressively pursue new technologies to enable our users to effectively and efficiently do their jobs.  I read a quote the other day that IT is one of the few departments that touch all other departments, I never really thought about it before but is shows that we can do a lot to affect how everyone works for the better!

My last day will be on the 7th of July, I hope to see a lot of you before I leave.  But if I don't, farewell and keep in touch.  I'll keep my University account so feel free to reach me by email, or twitter (@joeartz).

There is a quote that has been hanging in the entryway of my grandparents' house now for over 60 years as the last thing visitors saw when they left the their house.  And that is what I would like to leave with you as I depart the University community.

May the road rise up to meet you, may the wind be ever at your back. May the sun shine warm upon your face and the rain fall softly on your fields. And until we meet again, May God hold you in the hollow of his hand. --Irish Blessing

App-V 4.6 SP1 Hotfix 2 has been released

| No Comments
The latest hotfix for App-V 4.6 SP1 has been released.  It is available for you under the Packages node > _CM > AppV > _Client

You'll see both the App-V 4.6 SP1 client package as well as the App-V 4.6 SP1 hotfix 2 package.  There is no need for hotfix 1 package, as the hotfixes for the App-V are cumulative.

To determine if you have the latest App-V client (with hotfix 2) the version number should be "".

If you have any clients with a version less than "" you will need to run the App-V 4.6 SP1 client install program first, reboot the computer, and then install hotfix 2.

NOTE:  Test in your environment.  Both installs suppress reboots.  When you push either update the computer will be need to be rebooted before the App-V client is functional again.
Looks like a good offering.  Blogging so I can find this again. :)

The Problem
I've had several questions the last couple weeks on discrepancies between Active Directory and ConfigMgr.  This is mostly due to old computer objects in AD.

The Solution
Thanks to joeware there is a utility called oldcomp.  We can use this tool to report on, disable, and delete old computer objects.

To run oldcomp.exe do the following:

  1. Download oldcomp.exe from the link above.
  2. Launch a command prompt with your OUadmin credentials.
  3. Navigate to the oldcomp.exe file in your command prompt.
  4. run a command like:  oldmp -report -b ou=mycmps,ou=units,dc=mydomain,dc=edu  see below for an example command, you can get more commands by typing "oldcomp /?"
    1. OldCompCommandEx.PNG
  5. This will create the htm report in the same directory to ran OldComp.
  6. Review the beginning of the report to verify that all the information is correct.
    1. Be aware the the Search Base is correct so you are only pulling computers that you were attempting to pull (the default is 90 days old to display computers), see below
    2. OldCompReportBegin.PNG
  7. Review the list of old computers (in our case greater than 90 days)
    1. OldCompReportOfComps.PNG
  8. If you are sure you want to disable and delete all the old computers continue to the next steps
      1. Now edit your command to look like the following:  "oldcmp -disable -unsafe -forreal -b ou=mycmps,ou=units,dc=mydomain,dc=edu"  see the example below
      2. OldCompCommandExDisable.PNG
  9. The output to screen gives us an overview of how the command performed, but it also creates a report for review and to keep for your records, see the example below
    1. OldCompReportOfCompsDisabled.PNG
  10. Now that the accounts have been disabled we can delete them.
    1. Edit your command to look like:  "oldcmp -delete -age 0  -onlydisabled -unsafe -forreal -b ou=mycmps,ou=units,dc=mydomain,dc=edu", see the example below
    2. OldCompCommandExDelete2.PNG
  11. Below is an example of the report that'll it will create for your records
    1. OldCompReportofCompsDeleted.PNG

One last thing to note is that if your run disable and delete commands but remove the "-forreal" it will just create a report of the computers that it would perform those actions on.

Hope this post has been helpful.  If you have an questions or comments about it post them below and I'll respond or tweak the post as needed.
Wow, I did not know this!  It's definitely a new way for me to think about GPP.  We may not be able to do this with users given how we handle users, but it's something to do for computers.

FWIW, users have to be a member of a ton of groups for to get truncated.  But it's good to be aware.


Group Policy Hotfix Round Up

| No Comments

The one for logon scripts may apply to a few people, if you haven't started using group policy preferences yet. :)


For you DB admins out there, and myself in case we lose admin access to a DB.

PXE OSD and the last advertised task sequence

| No Comments

We just ran into and issue, more of nuisance really, with our PXE point downloading the x64 boot wim.  This is a nuisance because we associate the x86 boot image with all of our task sequences and and if PXE downloads the x64 boot image, it then has to download the x86 image after the task sequence is selected and the deployment engineer will have to click finish for the computer to reboot and continue executing the task sequence.

As it turns out, what we were seeing was expected behavior.  The way ConfigMgr PXE works is that (as long as it passes the architecture test) it downloads the boot wim that is associated with the last task sequence that has been advertised to that collection.  In this case it was an x64 boot wim associated to a task sequence, that had evaded us in our QA check.

How the solution was found was by checking the status messages for the SMS_PXE_SERVICE_POINT that was having issues.  While reviewing those messages on of our engineers (Mark) noticed that following message:

"The SMS PXE Service Point instructed the device to boot to the bootimage <x64BootImage> based on advertisement <AdvertisementID>."

He searched for that advertisement and the Task Sequence that was assigned to it and that task sequence was associated with the x64 bootimage.  Once that task sequence was associated with the x86 image that PXE service point now selected the x86 as the default bootimage to load for client requests.

We push both x64 and x86 images with the same task sequence, the choice is made which bit level OS to push in the task sequence (soon to be pre-executin hta).  So we always want the x86 bootimage to download for all task sequences since it will download on all computers.

Powershell and ConfigMgr

| No Comments
I just stumbled upon an old post for powershell wmi explorer and have been working with it a bit and it quite nice for exploring WMI and it also gives example scripts for executing methods in the WMI.  Not sure how this escaped me for so long, but here's the series of posts by MoW!


There is also a post by a different blogger that leverages MoW's Powershell WMI explorer to do some actions in ConfigMgr.

There is also a project on CodePlex for PowerShell community extensions for ConfigMgr. It hasn't be updated in awhile, but can be used a base.

Also, this may not be of interest to a lot of you, but snowland has quite a few commands compiled, I'd be interested how well this works with limited rights.

I'll update this post as I find more interesting information.

Looks to be useful for those of you that are looking at roaming profiles and redirected folders, but aren't sure how much space that'll require.


Windows Thin PC RTMs!

| No Comments
Extending the life of your hardware!


BitLocker Info - a list of resources

| No Comments
Great list of resources for working with BitLocker from Niall Brady.

I'll add more to the post as we find it and as we start working with MBAM

Adobe Flash updates for cross site scripting.


Get GPO Backup | The Lonely Administrator

| No Comments
Retrieve your backed up GPOs, if you aren't backing up your GPOs.... Why not?


No kidding!?!  Can't say I'd think of looking for that one, but quite useful.


VBScript-to-Windows PowerShell Conversion Guide

| No Comments
Exhaustive list to help you convert all your VBScript to PowerShell!


Creating ACL Reports | The Lonely Administrator

| No Comments
Nice post on getting a report of ACLs for folders with PowerShell.


A lot of nice updates in this version


Changes (since Version 2.0.3):

  • User based Advertisements (by Mark Whittle) 
  • SCCM2007 R3 Power management features (by Matthias Benninge)
  • List free Disk-Space and Username on Cached Packages
  • More detailed Information on running executions (by Mark Whittle)
  • Show Task-Sequence Advertisements with different Icon and Color (light green)
  • Show Service Window from enforce GMT Time zone on a different color (orange)
  • Enforce Update Scan if action is triggered more than once.
  • Evaluate single DCM Baselines 
  • AutoSiteAssignment and Policy reset will remove all pending site assignments
  • Fixed Issue on Policy import for Programs with dependencies
  • Ability to filter (hide) advertisements (by Matthias Benninge)
  • Dell Warranty Plugin (by Matthias Benninge)
  • Minor fixes and updates...

Oracle Java Critical Patch Update - June 2011

| No Comments
FYI, 17 security vulnerabilities fixed in this update.

Jaysen pointed me to this article on consumerization of IT.  A very good one, I know I thought the same thing with the old email system.

Security Update 2011-003 (Snow Leopard)

| No Comments
US-CERT Current Activity

Apple Releases Malware Detection Tool

Original release date: June 1, 2011 at 8:34 am
Last revised: June 1, 2011 at 8:34 am

Apple has released Security Update 2011-003 for Mac OS X in response
to the recent Mac fake anti-virus software.  This update:
 * adds a malware definition to the File Quarantine application
 * causes the File Quarantine application to automatically update its
   malware definition list daily
 * removes MacDefender fake anti-virus software if detected

US-CERT encourages users and administrators to review Apple article
HT4657 and apply Security Update 2011-003 to mitigate the risks.


About this Archive

This page is an archive of entries from June 2011 listed from newest to oldest.

May 2011 is the previous archive.

July 2011 is the next archive.

Find recent content on the main index or look in the archives to find all content.