Garrett804

Just wanted to let you know I haven't found a table yet that gives all the information, MS has existing reports for the packages and applications that are deployed but it doesn't include windows updates in those reports. I've been pulled aside though due to something coming up so this may take a little bit longer to get back to you on.

That's an interesting request actually. Off the top of my head the only way I could think of doing this would be through SSRS as the data is in SQL already. In browsing through the pre-built reports I don't see one that includes every deployment to a device so it might have to be something custom. I'll keep researching and see what I can find out.

I'd agree, Update your image more often and include the updates pre-installed in the package. I wouldn't exactly do 6 months but more like 3 months or each quarter to be specific. Microsoft puts out a lot more updates now and days then they ever did in the past so each patch tuesday you may find 20+ updates sometimes.

Another query you can run it against is the Product ID as it will be different for the 32-bit than it is for the 64-bit version.

To expand on anyweb's advice. You need to check your maintenance windows as well, If you don't want them installing and/or restarting during certain hours then you need to put a maintenance window in effect.

Ok first things first. The Deadline settings that you have checked won't take effect until the deadline is reached actually. This is why you aren't getting any installations currently going on. The reason your machines are randomly rebooting is because you the check box for reboots specifically states "Reboot outside of a maintenance window". The software Installation box is also for doing it "Outside a maintenance window". In order to get them to install the application in a Maintenance Window time period there are a few conditions that have to be met. 1. The Maintenance Window must be set. 2. The Maintenance Window time period must be long enough for the Deployments run time in order to get them to initiate an installation. If the installation time is longer than the window time it simply won't bother trying to install. 3. The application must be deployed as a "Required" application 4. Don't check the 2 boxes under the User Experience tab for "Software Installation" and "System Restart" to occur Outside the maintenance window. Having those unchecked the application is only going to try to install in a maintenance window. Give that a try in your lab and see how your results turn out.

If you aren't removing the machine from the domain then AD will still have it and thus SCCM will have it in its DB. With it being in the DB it won't dis-join itself from collections and once the machine is back on the network and given its name again it will pull policy and should recognize all the existing memberships to collections. I could be wrong but that is my understanding of what would happen in this scenario. Now if you are re-naming the machine then that of course would change the scenario I'm describing.

Yeah Garth hit the nail on the head. You do not need a CAS you just need 1 Primary Site Server for SCCM. You only need a CAS if you are going over 100,000 devices and based on the information you gave you are far, far from that. Your AD design for a single domain with sub-OU's for each location is also the way I would go about doing it as well. As far as SCCM is concerned though once you have your primary site up you can then put Distribution Points at each of your 17 locations to take over the deployment of applications for your machines. If you find you have to much traffic from policy checks etc.. then add on a secondary site for the sites that are experiencing the issue.

For the application you have named WINCAPS. Does it work normally outside of a task sequence for OSD? You should be able to install it as a normal application first before you try to put it into a OSD Task Sequence. If it is not installing as a normal application then see if there are some advanced options for the quiet switch or test it without the switch and see if you are getting an error due to some other requirement that it is needed. For instance MalwareBytes Enterprise Edition requires .Net 3.5 to be installed and won't install without it. Running the application with a quiet switch you don't get the error prompting you about how you need .Net 3.5.

Ok if its sending other emails from the SCCM system fine then it could be the SCEP alert settings that you have currently. For instance this is for any Malware Detection with "Critical" Severity and a low detection threshold for machines in the "All Computers" Collection. Then you need to create a subscription for the alert and set the settings for that subscription on what alerts it will send.

This is for Adobe Reader but is basically the same query for Java you just are changing the application name and version numbering. select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceId = SMS_R_System.ResourceId where SMS_R_System.OperatingSystemNameandVersion like "%workstation%" and SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName like "%Adobe Reader%" and SMS_G_System_ADD_REMOVE_PROGRAMS.Version < "11.0.0"

Is this a X64 bit machine that you are trying to PXE? I notice your settings are for a 64-bit image.

Check the logs and also make sure you aren't having the DP servers restarting for updates or other maintenance while you are trying to send things over to them.

You can help with some performance on the VM by offloading roles like separate the MP, SUP, and DP roles from the main System with the SQL. This will cut down on the requests. Also if you lengthen out some of the scheduled processes like inventories, software update scan cycles etc... your SQL install won't be hit so much either so that will help with some performance. The time you choose either leaving them all at default times or extending them out is of course something you'll have to decide on. Depending on the SAN solution you all are utilizing that will be your #1 issue because its not dedicated hardware. Modern San's that use SSD technology really are a great benefit for large VM environments and have much better redundancies built into them as well. A good example of one would be Nimble. Good luck and please come back and feel free to ask questions here as we all like helping each other out.

I pull the report manually via add/remove programs registered applications.

Yes you can use anything to distribute it but to create the application you'll want the .MSI file unless you like typing everything out etc...

I think your design is good for that amount of devices. You only need a single primary server until you get up to around 100,000 devices. You can always put in secondary's if you need to control the traffic a bit more for machines checking in. You can help control your bandwidth usage by having your packages on the DP's at each site so they don't pull from your main location. You can also help with the SUP and WSUS updates by having the packages for those also on the DP's so that your wan bandwidth stays minimal with having machines go out to Microsoft to get all the updates. 1,000 machines going out to download updates can put a nice hit on a 100Mb connection pretty quick. For the size of your environment I'd say to just "Keep it Simple" and go with a single site, single server installation. You can add on the DP roles to your local file/print/dhcp servers on each school location so your equipment costs will be down. You need to just ensure that you have enough volume to accomidate the storage you'll need for all your packages. Your most important design piece will be the hardware layout that you choose for the primary server. Remember that by having both the site and SQL on the same system your IO can be higher so you'll want seperate physical discs for the SQL pieces as well as the OS and SCCM piece. I run basically the same type of setup. - Single Primary server with local SQL installed - 26 DP's spread out across the US - Single Site I do the following config for discs on my primary server: - Raid 1 (2 discs, 146Gb discs should be fine) System OS - Raid 1 (2 discs, 146Gb discs should be fine) SCCM App - Raid 10 (4 discs, 146Gb discs should be fine) SQL Data - Raid 1 (2 discs, 146Gb discs should be fine) SQL Logs - Raid 1 (2 discs, 146Gb discs should be fine) SQL Temp - Raid 10 (8 discs, 300Gb discs) Source Content In terms of the SQL performance which dictates your entire systems response time going through the console make sure you read up on performance tweaks like breaking the tempdb files up etc..

You must not have automatic approval enabled for your site settings or you are trying to get a non-domain computer to connect in and did not manually approve it for connecting to your system.

only 60Gb... Mine is 111Gb.. lol I pull a lot of products though so its expected.

Did you run it leaving all the boxes checked?

So you are pushing an application package that runs a vmscript. This package keeps re-running daily on your devices. ___________________________________ Check to make sure that you don't have it set to re-run always or it will end up re-running everytime the machine does an application deployment evaulation scan. The better way to do what you want would be to actually put a scheduled task on each machine that runs on the schedule you are wanting as you can set the scheduling to weekly, daily, monthly etc...

looks like from reading that log that your copsmgmtcomponent isn't initialized. When you did the install did you ensure that SQL has the account you are using with permissions. Did you also ensure that your server instance is correct?

Everything you have posted makes absolutely no sense. Please describe your problem fully.

What I do is create a collection for machines with Java installed. Then deploy the required update to the latest version to that collection. Because the collection is automatically populated by a Query any new machines will be added in automatically and taken out if they don't have java anymore. You can still leave the java as available for the majority as well if you wish by deploying it to the same collection you already do.

Run the cleanup utility on WSUS to clean-up the WSUS database.