Jump to content


Search the Community

Showing results for tags 'Roles'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Cloud
    • Azure
    • Microsoft Intune
    • Office 365
    • Windows 365
  • General Stuff
    • General Chat
    • Events
    • Site News
    • Official Forum Supporters
    • Windows News
    • Suggestion box
    • Jobs
  • MDT, SMS, SCCM, Current Branch &Technical Preview
    • How do I ?
    • Microsoft Deployment Toolkit (MDT)
    • SMS 2003
    • Configuration Manager 2007
    • Configuration Manager 2012
    • System Center Configuration Manager (Current Branch)
    • Packaging
    • scripting
    • Endpoint Protection
  • Windows Client
    • how do I ?
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows Vista
    • Windows XP
    • windows screenshots
  • Windows Server
    • Windows Server General
    • Active Directory
    • Microsoft SQL Server
    • System Center Operations Manager
    • KMS
    • Windows Deployment Services
    • NAP
    • Failover Clustering
    • PKI
    • Hyper V
    • Exchange
    • IIS/apache/web server
    • System Center Data Protection Manager
    • System Center Service Manager
    • System Center App Controller
    • System Center Virtual Machine Manager
    • System Center Orchestrator
    • Lync
    • Application Virtualization
    • Sharepoint
    • WSUS

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Location


Interests

Found 5 results

  1. dear all, we wanted to test scep instead of mcafee on our clients. Everything looks good but in sc configuration manager the system status of the endpoint protection role status button is critical red. When we look into the log files it states ______________________________________________ Key "SOFTWARE\Microsoft\Microsoft Antimalware" not found, trying key "SOFTWARE\Microsoft\Windows Defender" $$<SMS_ENDPOINT_PROTECTION_CONTROL_MANAGER><06-28-2018 08:05:34.550-120><thread=11964 (0x2EBC)> RegOpenKeyEx failed with 0X80070002 $$<SMS_ENDPOINT_PROTECTION_CONTROL_MANAGER><06-28-2018 08:05:34.550-120><thread=11964 (0x2EBC)> GetAMInstallLocation failed with 0X80070002 $$<SMS_ENDPOINT_PROTECTION_CONTROL_MANAGER><06-28-2018 08:05:34.550-120><thread=11964 (0x2EBC)> Failed to load common client library (0x80070002) $$<SMS_ENDPOINT_PROTECTION_CONTROL_MANAGER><06-28-2018 08:05:34.550-120><thread=11964 (0x2EBC)> Failed to initialize AMMetadataUpdater (0x80070002) $$<SMS_ENDPOINT_PROTECTION_CONTROL_MANAGER><06-28-2018 08:05:34.550-120><thread=11964 (0x2EBC)> Checking threat definitions in 900 seconds... $$<SMS_ENDPOINT_PROTECTION_CONTROL_MANAGER><06-28-2018 08:05:34.597-120><thread=11964 (0x2EBC)> ____________________________________________ i think the system wants to install scep on the server also. The problem is that the sccm servers are managed by another team and they insist on keeping mcafee on the server. Is there any option to bypass this install so the status of the endpoint protection point in site status becomes green without having to install scep on the server thank you all
  2. I am an administrator of a large network that is slowly being merged into being managed by SCCM 2012. Currently Updates, SCEP, Application deployment, general troubleshooting, Compliance Rules, etc. are in use, and we're almost to the point of using OSD (several good tests with a few different images). Throughout the process, we've been assigning security to allow our Helpdesk to deploy images, and they already have the capability deploy software packages. They had been in charge of updates and SCEP patching, but they fell behind and now the Sys Admin team is handling all patching, to include SCEP. They currently do not have the ability to create/edit/deploy task sequences, OS images, drivers packs, compliance rules, they cannot edit or create collections, etc. All my previous experience has been that these items fell under an administrator role, not a helpdesk role. Management, and some political power grabbing has created a swing in SCCM security that may require that we provide the following to be administered by the helpdesk: Create/Edit/Delete/Deploy Collections (both user and Device) Create/Edit/Delete/Deploy Reports Create/Edit/Delete/Deploy Task Sequences Create/Edit/Delete/Deploy Compliance Rules Create/Edit/Delete/Deploy Software Applications Create/Edit/Delete/Deploy Software Updates Create/Edit/Delete/Deploy Desktop SCCM Policies Create/Edit/Delete/Deploy Antimalware Policies Create/Edit/Delete/Deploy Operating System Images and Bootable PXE Environments The only way I can think to do this with our current architecture, and stills plit off desktops and servers is to build a CAS server with two different Primary Site Servers (we are a One Primary Site server setup), and split the roles across servers using boundaries to ensure that servers are not being managed by the helpdesk group, and that desktops are not being managed by the server group. So my questions are these: Is this viable (is this nuts?) Is this secure Will this provide the level of accountability needed to allow two groups that are literally in different buildings to run their appropriate systems without crossover nuightmares Does this present a risk for system-wide disaster (Server wipe from errant Task Sequence/OSD) Are there other ways to do it if this is not suggested, and where can I find the docs (whitepapers, etc.) Does this follow Microsoft best practice for roles within SCCM Does anyone have any knowledge of articles where this was done and worked, or did not work. Any and all help is appreciated. Jay
  3. Hey, I am looking at expanding on Niall's CM2012 Front End HTA and wanted to know if I what I was planning to do was possible as I'm finding it hard to find a resource that give me definitive answer. Basically what I want to do is: Modify the HTA to have two drop down boxes, one for role and one for OU. Have the drop downs display a list of roles passed back from Maik Koster's webservices using GETOUs and GETROLES. Be able to select these roles and pass these variables into the task sequence. Is this do-able? Is this the best way of doing it? I've seen mention of how to do this by manually setting which OU's are available but this seems like an administrative overhead every time OU's are added/changed. Any tips? Thanks!
  4. Does anyone have a powershell script that removes an SCCM 2007 server role? We need to remove a role on 60 primary & secondary site servers and don't want to manually do it.
  5. As SCCM 2012 is set to come out soon, we're in research mode for SCCM 2012 hierarchy installation. Our environment is as follows: All Windows OS Shop Clients: Run Windows XP, and will be upgraded to Windows 7 x64 Enterprise within 3 months Servers: Active Directory Windows 2008 R2 mode User count: 260 desktops (~30 laptops) Server count: ~60 (almost all of them are virtual running on VMWare ESX 4) Servers are located at our datacenter (spoke) and about twelve remote offices, this includes corporate ~90 users, (hubs). Based on our device/user count we've come up with two installation designs, and I'd like to hear your comments on both. 1. Single server installation - opting to move some system roles base on performance (if needed). 6 vCPUs - 64 GB Ram - ~1 TB storage Note: In the event that we notice poor performance, we intend to move some roles off this server (we would probably move DP, SUP, EPP and the SQL installation). I'd like to hear some comments about this approach. 2. Three server installation - a database server, a DP role server (SUP and EPP) and a primary site. Primary site server: 4 vCPU - 16 GB Ram SQL Server: 6 vCPU - 32 GB Ram Distribution Point: 4 vCPU - 16 GB Ram - additional storage I'd like to hear some comments on both approach, thanks for your time.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.