Jump to content


Eswar Koneti

Moderators
  • Posts

    708
  • Joined

  • Last visited

  • Days Won

    16

Everything posted by Eswar Koneti

  1. Thank you for your responces. On the specific questions: We usually create resource accounts under a "Resources" OU specifically targeting each specific service like say Symantec Backup Exec, SCCM, FEP, Sharepoint etc. What is your take/feeling on this?--->i didnt get what do you mean by this really ? If i understood correctly ,you have resource records(computer accounts) for SCCM,symantec ,FEP in a OU. Do you want know if you can place all these resource records in One OU or Not ? Yes you did understand the situation correctly but not the question. Yes we put resource domain user accounts into an OU called "Resources". The question however is if this is good practice in the sense of having domain accounts specifically created as resources for specific services, say SCCM (SMS), FEP etc? Especially SCCM (SMS) as I am in the process of testing etc.----OU are basically created to segregate the account when it is required in applying Group polocies together.If you do not have any type of group polocies affecting to these Resources,I dont think ,it will harm to have all resources in one OU. Furthermore, I am now totally lost on all the accounts that I may or may not need: From what I can gather in the guide it's recommended to have 3 accounts, 1 SMSadmin, 2 SMSread, 3 preferably another account than SMSadmin to deploy agents (say SMSagent)? Am I getting this part correct? ----Yes,you would basically requires 3 types of Accounts (SCCM installation,Netowrk Acces Accoutnt and client push installation and Domain join Account if you use OSD). Secondly, provided my understanding of the above mentioned accounts are correct, should I perhaps install SQL using Windows Authentication (as recommended by MS), but using the SMSadmin account specifically? or server a new one SMSsql or SMSdb? Would there be harm in using one account (say SMSadmin) for most things (including SQL) or do you suggest another account? I would prefer NOT to specify a local account ONLY on the site/sql server.----->Yes,I would prefer to go with Windows Authentication rather Other and use an account which has admin previliages locally usually it should be administator.If you want to do this with Smsadmin,you can make this as mem of Local admin but in production accounts will be created differently I suppose. The reason I am asking all these questions is that I do not want to end up with too many accounts doing to many different things. On the site server it automatically created a local group called "SMS Admins". It "appears" that I (my own domain account "domain\cvisser") was automatically added to this group? Is this due to the fact that I installed SCCM whilst being logged onto the site server's operating system using my credentials? --->Yes,You can correct,the account which is used to install SCCM on server,will be automatically added to SMS admin Group. Who else needs to be part of this "SMS Admins" group? As mentioned earlier, we have more than one network/domain administrator that administers everything, we actually have a security group under AD created as "domain\ITC Admin" having our administrators individually added as members to it. Does this mean I need to specify "domain\ITC Admin" as part of this local "SMS Admins" group on the site server?------>its up to the organisation who want to adminster the SCCM console,You can create a sec group and this to SMS admin group later,you can add the users to sec group if they want to have access to SCCM console more about SCCM sec rights http://technet.microsoft.com/en-us/library/bb680788.aspx Lastly on my point 2.2 i asked the following but did not get your response or input on it: "During SCCM prerequisites it is required to either install WebDAV on Server 2008 or add it as a role on Server 2008 R2. Once this is done the guide explains to enable WebDAV in IIS and also create a Authoring Rule to "allow access to" > "All Content" and "allow access to this content to" > "specified roles or groups" > as "ADMINISTRATOR". What "administrator" account and/or role is this referring to? It does not seem to recognize a location type of structure (i.e. %localhost% > users/groups/computers or %domain% > users/groups/computers)?!?!? To be quite honest I can type in any rubbish and it just accepts it - obviously it will cause WebDAV not to work correctly but this is a concerning point for possible error. Should I not specify another account or role? Maybe a domain account or role? Also I noted that later in the guide you added SMSadmin to WebDAV as well? Why not just add SMSadmin only in the first place instead of this "administrator" account?"---->i think you dont have to specify the administrator or someother user account name.You can select all users and read permission to all.It doesnt make any issues if you do it so.This how it works in my LAB *** Thank you again for all your help! You have no idea how much its helping me as my deadline for production is looming around the next couple of days If you still miss something else which i couldn't answer ,someone can asssit you on this,.
  2. Eswar Koneti

    SCCMAutoDoc

    Check This thread,you will get his Email Address http://social.technet.microsoft.com/Forums/en-US/configmgrgeneral/thread/413c3d20-58bd-4351-aedf-43468bfb4786
  3. comments are given below : I have used this guide to deploy SCCM 2007 R2 + SP2 (then upgraded to R3 afterwards) in Mixed Mode in a test lab environment on a Windows Server 2008 R1 + SP2 (32bit) using MS SQL 2008 R2 STD. We are planning on running it on a Windows Server 2008 R2 (64bit) virtual machine on Hyper-V once we decide to go production. I have also installed FEP 2010 extension to the SCCM site server. I have managed to deploy a basic SCCM agent & FEP 2010 agent. I do have quite a couple of questions that I need answered as accurately as possible: Lab Environment questions: 1.) MS SQL: In out organisation we tend to install SQL using Mixed Mode authentication and specifying an SA password in addition to a Windows Authentication Mode account. When I did the prerequisite checks for SCCM, it was not to happy about the mixed mode authentication for SQL and advised that I should switch to Windows authentication only - which I ended up doing. 1.1)Why is it a problem for SCCM if one specifies an additional SA authentication?-------->Microsoft recommends configuring the SQL Server for Windows Authentication as a best practice, but don't require it. SCCM 2007 will only use Windows Authentication. There's lots of articles and blogs on this topic (SQL auth vs. Windows auth). So yes, you can use SQL 2007 running in mixed mode. http://social.technet.microsoft.com/Forums/en/configmgrsetup/thread/d226de01-d540-4e90-b780-615b07966665 1.2) In your guide you specified the local administrator (%hostname%\administrator) account of the server as the account to use under Database Engine Configuration > Account Provisioning during SQL setup. We usually specify a domain account here - would this be an issue and where else would this change affect SCCM's setup and configuration?---->You can specify domain account as well which is should be member of Local admin group on the server.Thsi account is used to connect to Database Engine and a service also created for this (depens on the instances you select Either Default or Named). Also keep in mind that in Windows Server 2008 R2 the local administrator account is disabled by default. We also have more than one domain/network administrator(s) working on all systems so I do not want to bind it to one of those accounts. We usually create resource accounts under a "Resources" OU specifically targeting each specific service like say Symantec Backup Exec, SCCM, FEP, Sharepoint etc. What is your take/feeling on this?--->i didnt get what do you mean by this really ? If i understood correctly ,you have resource records(computer accounts) for SCCM,symantec ,FEP in a OU.Do you want know if you can place all these resource records in One OU or Not ? Can we use the %Domain%\SMSAdmin account that is created later in the guide or do you advise on creating another one altogether? If another account is to be created, what do you suggest we call it and what type on roles/rights (domain users, domain admin etc) do we give it under active directory? (keeping in mind the naming convention SMSAdmin, SMSRead etc) ---->It depends on the organisaiton how they create accounts .we do have se-sa-sms-xxxx but the account which is used here(lab guide) smsadmin has full previliges on SCCM site server (who is member of sms admin group and local admin group as well). No, you do not have to be a domain admin to use the console. The basic rights required are: **Account should Member of the SMS Admins group ,should have proper DCOM rights and Security rights to the objects trying to access. http://technet.micro...y/bb694158.aspx 1.3) Do I need to open the Firewall for SQL as explained at the bottom/last step in the guide to install SQL?----->Yes, you need to have these ports open .By default these are open until it is bloked by administrator. 1.4) Should I leave the instance name as default or is it preferred to change it to another named instance? -->If you dont have any other databases installed except SCCM let say for Ex: APP-V OR MEd-V or some other application database ,then you can with default .if the default instance is already used and if you want to have different Log in ,you can go with named and you should provide this(instance name\username) while logging into SQL server Database .More about Instances Named Instance:A named instance is determined by the user during Setup. It is identified by an instance name specified during installation of SQL Server. The client must provide both the computer name and the instance name to connect to SQL Server 2008. There can be multiple named instances running on a computer. The user can install SQL Server as a named instance without installing the default instance first. The default instance could be an installation of SQL Server 2000, SQL Server 2005, or SQL Server 2008. Only one installation of SQL Server, regardless of the version, can be the default instance at one time. Default Instance:A default instance does not require a client to specify the name of the instance to make a connection. A default instance is identified solely by the name of the computer on which the instance is running. It does not have a separate instance name. Clients specify only the computer name in their requests to connect to SQL Server. There can be only one default instance on any computer, and the default instance can be any version of SQL Server. 2.) SCCM 2007 prerequisites: 2.1) Extend AD schema: When using EXTADSCH.EXE to extend the schema, do I run this on the SCCM server or the domain controller itself? Yes, I am aware that the account used for it must be part of the Schema Admin group------>You can run from any DC. 2.2) During SCCM prerequisites it is required to either install WebDAV on Server 2008 or add it as a role on Server 2008 R2. Once this is done the guide explains to enable WebDAV in IIS and also create a Authoring Rule to "allow access to" > "All Content" and "allow access to this content to" > "specified roles or groups" > as "ADMINISTRATOR". What "administrator" account and/or role is this referring to? It does not seem to recognize a location type of structure (i.e. %localhost% > users/groups/computers or %domain% > users/groups/computers)?!?!? To be quite honest I can type in any rubbish and it just accepts it - obviously it will cause WebDAV not to work correctly but this is a concerning point for possible error. Should I not specify another account or role? Maybe a domain account or role? Also I noted that later in the guide you added SMSadmin to WebDAV as well? Why not just add SMSadmin only in the first place instead of this "administrator" account? 3.) Prerequisites passed - Now installation of SCCM 2007 R2 + SP2 3.1.) During installation of SCCM, one reaches a point "Updated Prerequisites Components". From what I can gather it either tries to download the prerequisites for clients and not SCCM server installation or requires that it be pointed to a directory that contains the latest prerequisites. Is this path extremely important as to what it should be or what structure it should follow? Does all other SCCM packages ect gets stored here? What is this directory used for exactly? I don't want to just thumb-suck a path and later find that I should have placed or structured it better.------> Yes.the path is required and when the actual SCCM server installation started,it uses these update files and place them under SCCM Drive:\client\i386 which is used for SCCM client instllation prerequisists. You can use the syntax to download the patches to a specific folder using G:\SMSSETUP\BIN\I386\SETUP.EXE /download D:\prereq 4.) Installation done - creating boundries It is noted in your give to guide: "You'll need to know your AD site name. The AD site name is by default called Default-First-Site-Name and you can change that in Active Directory sites and services just as long as the site name is the SAME in both AD and SCCM site boundries" Is this really necessary to rename the site in AD Sites & Services from "Default-First-Site-Name" to something else? If one does in fact change it, what impact does it have on any other services?------>If you have only one site(which is usually in LAB) not in produciton usually,then you can provide the default AD site name or IP range can be used as bounadaries. Basically AD site is One or more IP subnets. Generally this refers to a physical site such as a portion of the organization in particular city or part of a city which is linked by leased lines or other media to other parts of the organization If default site is changed whcih is already configured in SCCM(default site),systems will be be unmanageble there by,wont recieve any policies /information from Management point. Advantages of AD site Boundaries--- http://technet.micro...y/bb633084.aspx Production Environment: 1.) MS SQL: Since the production setup will have Windows Server 2008 R2 64bit as the OS instead of Windows Server 2008 R1 32bit, do I need to install SQL 2008 R2 in a 32bit mode, 32bit + 64bit mode or 64bit mode only? ---->I would go with SQL server 64 Bit only *** I would like to take this opportunity to thank anyone for their feedback. I know I am asking a lot questions but I need these answered to understand and action a production plan as soon as possible
  4. You can also do this Via AD SEC groups (removing applications atomatically) : http://www.windows-noob.com/forums/index.php?/topic/677-automatic-removal-of-applications/ How to deploy applications Automatically Via AD sec Groups : http://www.windows-noob.com/forums/index.php?/topic/892-deploy-software-through-ad-groups-linked-to-collections-in-sccm/
  5. Eswar Koneti

    SCCMAutoDoc

    There is one which was developed by Kim but not free tool to download now .You may conact him over www.blogcastrepository.com/blogs/kim_oppalfenss_systems_management_ideas/default.aspx
  6. Here is your issue in Red color Check your MP is working or not .Do you see any errors in mpcontrol.log from your site server logs ? Also Check ,WEBDAV is configured correctly or not. Please check http://technet.microsoft.com/en-us/library/cc431377.aspx and http://technet.microsoft.com/en-us/library/bb932118.aspx Try these URLS on client machine to see if client is able to talk to MP or not ? http://<ServerName>/sms_mp/.sms_aut?mpcert and http://<ServerName>:<port>/sms_mp/.sms_aut?mplist
  7. what type of Non-AD assets do you want track of ? You can go for enhasoft products.
  8. Look at this thread how to change the site code http://social.techne...f6-6cb7ded17722 might help you How Automatic Site Code Discovery happens: http://technet.microsoft.com/en-us/library/cc180094.aspx
  9. Unable to see the attached images here. There should be unique column which pulls all the computers to display in report.
  10. are there any duplicates or is that report showing all the computers with SEP installed successfully ? can you post the screen shot of the webreport ?
  11. Force a Full software inventory and see if that gets updated info.check inventoryagent.log
  12. driver packges will not show in auto apply ,Auto Apply Drivers task sequence step allows you to match and install drivers as part of an operating system deployment(Autoapply drivers takes longer time) and you can only select the drivers from the avilable categories. If you want to apply,try creating categories and limit the catagories for unatteded installation of drivers where it is allowed. http://www.deployvis...SE/Default.aspx
  13. yo can monitor inventoryagent.log file on client ccm\logs folder.
  14. can you run the full hardware inventory and see if that gets the updated inventory information from client since the informaiton which you are looking(office) is not present in WMI. To run the Full Hardware inventory,you can use SMS/SCCM clien center tool(Roger Zander's SMS Client Center).
  15. Exit code 87 ---->the parameter is incorrect
  16. have you refereed this ?http://blog.coretech.dk/confmgr07/software-distribution/installing-multiple-applications-using-variables/
  17. Okay.May there could be other reasons for this error but i just guess,that could be one of the reason for this error.Not 100% sure about other causes that happened to work in a one night
  18. what is the error mesage do you see for client not install ? any logfile(ccmsetup.log) ? also look at eventvwr for other info.
  19. Nope,basically,the error 0x8004100e says ,"Not enough storage is available to complete this operation".This will logged in eventviwer as well i guess if you check it up.
  20. open notepad ,paste the script into it and save it as application.vbs Run the script(it requires admin rights on the remote computer to get result) /double click it. It will prompt for computer name and display the result with application name that starts with office or what ever you provide in script.
  21. See if WDS service is started or not ? this could be one of the reason for this issue.
  22. What does the script says ? did it find something from your WMI about the application that you are looking for ? If the application is completly removed,you can check this from registry if the components are there or removed.
  23. In addition to above ,you will have Learning App-V Intermediate Skills and Learning to Configure App-V for Standalone Client Mode as well.
  24. can you check from the resource explorer,if the software is listed in add and remove programs ? There could be the reasons,the program may not removed properly. You can use below VB Script to see,if the program is still there in WMI. strComputer =inputbox("Enter the computer name") Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2") Set colItems = objWMIService.ExecQuery( _ "SELECT * FROM Win32_Product WHERE Name like '%office%'",,48) For Each objItem in colItems Wscript.Echo "Name: " & objItem.Name Next Change the application name office to your requirement.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.