-
Posts
122 -
Joined
-
Last visited
-
Days Won
2
Everything posted by lord_hydrax
-
Well deserved, congratulations!
-
Device collection of a user collections primary devices
lord_hydrax replied to Morpheus's topic in Configuration Manager 2012
Yep use this query: select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_UserMachineRelationship on SMS_UserMachineRelationship.ResourceID = SMS_R_System.ResourceID where SMS_UserMachineRelationship.UniqueUserName like "domain\\username" Make sure you use a double backslash \\ otherwise it won't work. Alternatively, you can search any user under Users in Assets and Compliance and down in the bottom pane under Related Objects there is a option 'Primary Device' you can click to see the primary devices. -
Well third attempt making the USB media it works now.... What the hell. I guess it was just faulty USB media.
-
Hello, We have been using USB Media for Windows 7 OS Deployment for some time but now we are having an odd issue with it. I recently updated our Windows 7 image with about a years worth of microsoft updates and injected a few drivers plus KB2749655 for the SCCM Client. I created a new USB with the SCCM Console, that has our normal TS but with the new Windows 7 image. I plug it into the computer and try a usb boot, and nothing happens it just goes straight into the currently installed OS. (No errors) I thought it might be because it is a USB 3.0 stick, but I put our old USB image onto it and that works fine. Not sure how I have stopped the computer from detecting the USB stick since updating the windows 7 image. Any ideas? Regards, Andrew.
-
Hello, We have two main task sequences we use in production, one for fresh PC builds and one that upgrades an XP machine to Windows 7. The fresh build TS shows the task sequence UI the whole way through, which is great to know where it is up to in deployments. With the upgrade from XP to Windows 7, once it has captured files and deployed the image, it sits at tghe Windows 7 logon screen and you cannot see the progress. If you logon to the computer, you can see the tsmanager.exe process running and after a bit you often then see the progress ui again. Sometimes though logging in also terminates the build early. I have no idea why it sits at the Windows 7 logon screen, it is still running in the background but we don't get to see what is happening. We usually just have to wait a while or remotely check the processes running to see if tsmanager.exe has stopped. Any idea what could be wrong or where I can start to look? I don't know if this is an issue or just something to do with the way the TS is setup?? Thanks, Andrew
-
Remote SUP for Internet Clients on SCCM 2012
lord_hydrax replied to lord_hydrax's question in Software Update Point
Righteo, that's annoying. Hadn't heard anything about SP2 coming out, thats nice to know I wonder what new features it will bring. When you say AD discovery, do you mean use AD sites as a boundary type? Two reasons I don't use that in our environment: Nightmares from SCCM 2007 where it would randomly not work at all for many clients to set the location or they get silly DPs set - Never got to the bottom of this issue We have clients that roam between different subnets around the world and using IP subnets against different DPs seems to be the most effective way for us. It is a pain managing boundaries by using subnets, but we have limited bandwidth at many of our remote sites and we need to keep a tight grip on where clients pull data from. -
Windows 7 Migration with USMT
lord_hydrax replied to Tony Maneggio's topic in Configuration Manager 2012
I have almost completely given up on this idea, because there wasn't a particularly simple method to handle it. The main way to do it is the way described in this post: http://www.windows-noob.com/forums/index.php?/topic/6933-usmt-in-sccm-2012/ That means creating two task sequences, one capture and one restore. Personally I want to give this method a go: http://blogs.technet.com/b/deploymentguys/archive/2011/09/01/replace-scenario-alternative-for-usmt-migration.aspx At least that appears to remove some steps such as creating computer associations and the reliance of a SMP Role, which in turn would also be faster because files are copied directly to the computer. If I had the time I'd work on a script that can probe the source computer from the destination computer to copy files and settings, thus only requiring one TS. Alternatively find a way to get USMT to do it. Haven't found anything yet! -
Remote SUP for Internet Clients on SCCM 2012
lord_hydrax replied to lord_hydrax's question in Software Update Point
What a pain, sounds like boundaries, I keep finding new issues with mine. Just the other day I found one boundary using an IP Subnet wasn't working properly because the Class C subnet was split in 4 parts and 75% of the clients didn't have a matching Network ID. Changing to an IP Address Range fixed that one up. Haven't had a chance to apply CU1 yet, want to do it soon. -
Is it possible to create a single Task Sequence that runs on the Destination Computer and reaches out to the Source Computer to copy the user data to the SMP and restore it from there to the Destination Computer? I guess I could put together a script to copy files, but USMT does stuff much better with configuring the profiles properly.
-
Hello, I'd like to add more Powershell modules into my SCCM boot images so I can perform various scripting tasks I require. (Sick of vbs and batch files haha ) Adding Powershell into my boot images is easy enough, I just add it through the Option Components tab of my boot image properties. I imagine to add modules I would be looking at mounting the image with dsim, then where should I copy the module and is there a profile script I can modify to automatically import them when the WinPE environment loads if I wanted? Thanks, Andrew
-
Even with the -u switch? That's very odd...
-
FYI I am still experiencing this issue in my company. I haven't had the time to work on it in a while, but Microsoft advised manually importing the certificate and referncing it during the installation. It would go something like this: 1. Import a Client Auth Certificate and give it a Subject Name that is exactly the same as the MAC Machine Name. (So choose the option to prompt for subject name) 2. Install the client using the following command sudo ./ccmsetup -MP <management point Internet FQDN> -SubjectName <certificate subject value> And you have to make sure "Allow all applications to access this item" is selection for the certificate imported in the MACs Keychain. Hopefully I can try this soon and I'll post back in here with how it goes.
-
Seems like there are a few errors due to the Root CA being turned off, intermediate seems OK though. I've never used this tool before so its going to take a while to work out if there are any actual problems.
-
We have a Root CA which is turned off all the time, then there is an intermediate which issues certificates. So including the Client's authentication cert there would be three certificates total in the chain. I've installed the root and intermediate on the Mac manually which I believe was required. I tried manually importing a client cert (Which I am sure I shouldn't need to do) but that made no difference. Let me know if you need anymore info.
-
Oh I could've been clearer there, I mean step five of the section Mac Client Installation and Enrollment. 5. Next, navigate to the Tools folder in Terminal where the CMEnroll utility is, and enter the following: “sudo ./CMEnroll -s fqdn.siteserver -ignorecertchainvalidation -u ‘DOMAIN\Username’” where DOMAIN\Username is an account which is authorised to enrol the Mac certificate; So I run that and get the errors I posted to begin with. In answer to your other question, yes I include an account in the command, which is apart of a security group which has enrol permissions on the certificate template.
-
Found a page on turning CRL checking on for the Mac: http://securityskeptic.typepad.com/the-security-skeptic/2011/04/mac-users-listen-up-enable-certificate-checking.html Didn't help but seemed like something I needed to do.
-
Yes the guides I followed are here: http://technet.microsoft.com/en-us/library/gg682023.aspx#BKMK_client2008_cm2012 http://www.jamesbannanit.com/2012/10/enrol-mac-os-x-clients-in-configuration-manager-2012-sp1/ I completed this and am stuck at step five of James Bannan's guide.
-
Remote SUP for Internet Clients on SCCM 2012
lord_hydrax replied to lord_hydrax's question in Software Update Point
I am assuming you have updated to SCCM 2012 SP1 then? Be interesting to hear how the shared DB goes! -
I run a vbscript in my environment to close IE before installing java Dim oShell Set oShell = WScript.CreateObject("WScript.Shell") Set colProcessList = GetObject("Winmgmts:").ExecQuery ("Select * from Win32_Process") For Each objProcess in colProcessList ' Loop checks all running processes and sets vFound to True if it finds iexplore.EXE running. If objProcess.name = "iexplore.exe" then vFound = True End if Next If vFound = True then oShell.Popup "Closing IE" & vbCrLf & vbCrLf & "Click OK if you are ready to continue now.",30,"Software Update" oShell.Run "taskkill /F /IM iexplore.exe", 1, True End If And you can just change the '30' in the oshell.Popup line to however many seconds you want to give users before force-ably closing IE. To make it run before the Java update, I created a task sequence with the vbscript first then the java update second.... Works pretty good.
-
Remote SUP for Internet Clients on SCCM 2012
lord_hydrax replied to lord_hydrax's question in Software Update Point
We do use a custom website with ports 8530/8531 as per the best practices. I believe in a situation where you use multiple SUPs and separate databases, any clients roaming externally and internally will take a long time to switch between SUPs, which could add some problems to update deployments. This is because by default a client will try a certain SUP several times with a long interval in between (around 30 minutes) before trying a different one. Multiple SUPs sharing a single DB is meant to significantly reduce that time, which is noted in one of the articles you linked, however I am not sure exactly how that works. A simple way though to look after internal and external clients is just to setup the Primary Site server as a SUP and have a reverse proxy in the DMZ forward internet clients to that server. This is similar to the setup we use, except we have a separate server setup with the SUP role and have that receive the requests from clients internally and externally. Clients seem to flick over between internal and external very quickly using this method.