MMS 2011–SCCM State of the Union

The Past Year

  • Config Mgr 2007 R3
    • Supports 300,000 machines
    • Delta discovery for AD
    • Power Management
  • Asset Intelligence
    • over 20k new titles each month
  • Forefront Endpoint Protection
  • Security Compliance Manager (SCM)
    • Version 2.0 = RTM May 2011
    • Golden master – snapshot and import GPO’s
    • monitor drift and compliance
    • Uses DCM as its core
  • Opalis is now System Center Orchestrator
    • Orchestration and automation tool
    • workflows
    • integration with all System Center products and 30 3rd party apps
      • Integration in Config Manager includes 12 built-in actions
  • Citrix XenApp integration with Config Manager
  • Adobe support

The Upcoming Year

  • Beta 2 for Config Manager 2012
    • SUM – Auto deployment of updates on schedule
    • Power Management – exclude virtual machines, all end-user to “opt out”
    • Collections – new include/exclude rules, organizational folders (HOLY COW!) incremental evaluation
  • Role Based Administration
  • You can now run two SCCM consoles at once with different credentials
  • Hey, guess what?  CTRL-ALT-DEL is back!
    • The remote keyboard and mouse can now be locked
  • Global Search – search throughout the entire SCCM console!
    • can get information and edit straight from Global Search
  • New feature in Beta 2 has a ‘supersede ’ option for applications
  • New monitoring tool allows for a Site Hierarchy map.  You can even have a map of the world and show where the servers are!
  • Video on how Microsoft rolled out Config Manager 2012 clients http://technet.microsfot.com/en-us/systemcenter/gg696074
  • Go to http://connect.microsoft.com for how-to-videos. 
    • They should be on TechNet as well.
  • New DCM packs
    • SQL Server 2008 R2
    • Exchange e2010
    • SharePoint 2007
    • Server 2008 R2 IIS, DHCP, TS
    • RTM – May 2011
  • Install shield and AdminStudio will have full integration 90 Post RTM Config Manager 2012
  • SCCM 2012 console uses the RIBBON.  WHO, WHO DOESN’T WANT TO WEAR THE RIBBON?
  • Package conversion manager
    • Converts packages to the SCCM 2012 model
    • CTP available to TAP customers
    • Beta in 2nd quarter CY 2011
  • ConfigMgr 2012 SDK Beta – Q2 2011
  • Powershell support coming…..keep waiting…wait for it….
  • SCUP 2011 – more better.
  • Config Manger 2012 will support and mange UNIX and Linux servers.
    • will not be available until “some month”  after SCCM 2012 RTM

Advertising a 64 bit Powershell script

Did you know that you can not use Advertisements to run a 64 bit Powershell script?

Example:

  • You create a package with no source files
  • You create a PowerShell script and place it in a location on the target computers.  Let’s say C:\PleaseRun\PowershellScript.ps1
  • You create a program that Starts In “C:\WINDOWS\system32\windowspowershell\v1.0” and the command line “powershell.exe -file C:\PleaseRun\PowershellScript.ps1”
  • You advertise the above and notice that when the advertisement runs you see Powershell32.exe in the task manager

At this point you are pulling your hair out and wondering if you are WINNING DUH, or losing.  Well, you are losing.  But don’t fear because there is a solution.

Create a TASK SEQUENCE!

  • Run a command line
  • Command line would read (if using the above example) C:\WINDOWS\system32\windowspowershell\v1.0″ and the command line “powershell.exe -file C:\PleaseRun\PowershellScript.ps1
  • Start in:  %windir%\System32\WindowsPowerShell\v1.0\
  • DISABLE 64-BIT FILE SYSTEM REDIRECTION

As my good friend Lu would say “viola”  (however, she really means is voila)

You are now WINNING DUH!  Good job.

SCCM Computer Startup Script–Part 3

This is part two in a three part post regarding SCCM Computer Startup Scripts and SCCM Health.

Part 1- The script itself

Part 2 – The .MOF file additions

Part 3 – The SQL query for reporting

SQL Query for reporting

Once the MOF files are edited to include the attributes from the registry that the SCCM startup script wrote, it is now time to create a SQL view that you can use for reporting. 

This post is going to be pretty straightforward and will not include information on creating custom SCCM reports. 

The attached SQL script should be run on your SCCM Database.  If you want to create a SCCM report based on the new SQL view, you will need to modify the view’s security.

SQL Script

SET ANSI_NULLS ON
GO

SET QUOTED_IDENTIFIER ON
GO

CREATE view [dbo].[v_SCCM_Health_Check] as

select distinct a.name0 as ‘MachineName’
, a.itemkey
, a.operating_system_name_and0 as ‘OperatingSystem’
, os.CSDVersion0 as ‘OS_ServicePack’
, a.client0 as ‘SCCM_Client’
, a.Client_Version0 as ‘SCCM_ClientVersion’
, case when a.User_Name0 like ‘%\%’ then substring(a.User_Name0,charindex(‘\’,a.User_Name0)+ 1,charindex(‘\’,a.User_Name0))
    else a.User_Name0 end AS ‘LastLoggedOnUser’
, case when scud.TopConsoleUser0 like ‘%\%’ then substring(scud.TopConsoleUser0,charindex(‘\’,scud.TopConsoleUser0)+ 1,charindex(‘\’,scud.TopConsoleUser0))
    else scud.TopConsoleUser0 end as ‘MainUser’
, nlp.FullName0 as ‘MainUserFullName’
, a.AD_Site_Name0 as ‘AD_Site’
, ou.OU
, a.Resource_Domain_OR_Workgr0 as ‘Domain’
, f.SCCM_AssignedSite00 as ‘SCCM_Health_Check_Assigned_Site’
, f.HS_SCCM_AssignedSite00 as ‘SCCM_Health_Check_Assigned_Site_History’
, e.SiteCode as ‘SCCM_Site_Code’
, f.SCCM_Install00 as ‘SCCM_install_count’
, f.CCM_Client_Check00 as ‘SCCM Client Check’
, b.LastHWScan as ‘SCCM_LastHWscan’
, c.LastUpdateDate as ‘SCCM_LastSWscan’
, Dateadd(hour,(datediff(hour,getutcdate(),getdate())),d.lastscantime) as ‘Last_WSUSscan’
, scan.StateName ‘WSUSscan_State’
, scan.ErrorStatusID
, scan.ErrorCode
, scan.HexErrorCode
, uagent.version00 ‘WSUS_AgentVersion’
, d.lastlocation as ‘WSUSserver’
, f.last_run00 as ‘SCCM_Health_Check_Last_Run’
, f.Scan_Run00 as ‘SCCM_Health_Check_run_count’
, f.Account_Check00 as ‘SCCM_in_Admin_group’
, f.HS_Account_Check00 as ‘SCCM_in_Admin_group_History’
, f.AdminShare_Check00 as ‘Admin_share_present’
, f.HS_AdminShare_Check00 as ‘Admin_share_present_History’
, f.SCCM_AutoAssignment00 as ‘SCCM_Client_assignment’
, f.HS_SCCM_AutoAssignment00 as ‘SCCM_Client_assignment_History’
, f.CCM_Service_Check00 as ‘SCCM_Service_Check’
, f.HS_CCM_Service_Check00 as ‘SCCM_Service_Check_History’
, CCMService.State0 as ‘SMS_Agent_Host_Service’
, f.WindowsUpdate_Service_Che0 as ‘SCCM_Windows_Update_Service_Check’
, f.HS_WindowsUpdate_Service_0 as ‘SCCM_Windows_Update_Service_Check_History’
, AutoUpdates.State0 as ‘Auto_Updates_Service’
from SMS_CEN.dbo.System_DISC a
left join SMS_CEN.dbo.WorkstationStatus_DATA b
on a.itemkey = b.machineid 
left join SMS_CEN.dbo.SoftwareInventoryStatus c
on a.itemkey = c.clientid 
left join SMS_CEN.dbo.Update_ScanStatus d
on a.itemkey = d.machineid
left join SMS_CEN.dbo.Windows_Update_Agent__DATA uagent
on a.itemkey = uagent.machineid
left join SMS_CEN.dbo.Sites_DATA e 
on a.itemkey = e.machineid 
left join dbo.SCCM_Health_Check_DATA f
on a.itemkey = f.machineid
left join dbo.Operating_System_DATA os
on a.itemkey = os.machineid 
left join
(
select uss.ResourceID, SN.StateName, uss.LastStatusMessageID&0x0000FFFF as ErrorStatusID,
    isnull(uss.LastErrorCode,0) as ErrorCode,
    dbo.fnConvertBinaryToHexString(convert(VARBINARY(8), isnull(uss.LastErrorCode,0))) as HexErrorCode
from v_UpdateScanStatus uss
    join v_R_System rsys on rsys.ResourceID = uss.ResourceID and isnull(rsys.Obsolete0,0)<>1
    join v_SoftwareUpdateSource sus on uss.UpdateSource_ID = sus.UpdateSource_ID
    join v_RA_System_SMSAssignedSites sass on uss.ResourceID = sass.ResourceID
    join v_StateNames sn on sn.TopicType = 501 and
        sn.StateID = (case when (isnull(uss.LastScanState, 0)=0 and Left(isnull(rsys.Client_Version0, ‘4.0’), 1)<‘4’) then 7 else isnull(uss.LastScanState, 0) end)
where 1= 1
    –and (sass.SMS_Assigned_Sites0= ‘P01’)
    –and (sn.StateName=’Scan failed’)
    and (sus.UpdateSource_UniqueID = ‘{BE893E98-BD57-4E80-93F6-5D38B61C6069}’)
) scan
on a.itemkey = scan.ResourceID 
left JOIN dbo.v_GS_SYSTEM_CONSOLE_USAGE_MAXGROUP SCUD
on a.itemkey = scud.resourceID
left join dbo.v_GS_NETWORK_LOGIN_PROFILE nlp
on nlp.name0 = scud.TopConsoleUser0 and nlp.resourceID = scud.resourceid
left join
    (
    select machineid, State0
    from     dbo.Services_DATA
    where name0 = ‘ccmexec’
    ) CCMService
on a.itemkey = CCMService.machineid
left join
    (
    select machineid, State0
    from     dbo.Services_DATA
    where name0 = ‘wuauserv’
    ) AutoUpdates
on a.itemkey = AutoUpdates.machineid
left join
    (
    select itemKey, max(system_ou_name0) as ‘OU’
    from dbo.System_System_OU_Name_ARR
    group by itemkey
    ) OU
on a.itemkey = ou.itemkey
where 1 = 1

SCCM Computer Startup Script–Part 2

 

This is part two in a three part post regarding SCCM Computer Startup Scripts and SCCM Health.

Part 1- The script itself

Part 2 – The .MOF file additions

Part 3 – The SQL query for reporting

SCCM MOF additions

Editing the SMS_DEF.MOF file isn’t too terribly hard to do.  In fact, Sherry Kissinger has many posts regarding this topic on http://myitforum.com 

However, editing the SMS_DEF.MOF to include registry keys is a bit more difficult.  In fact, if you don’t edit the SMS_DEF.MOF file correctly, you will break the Hardware Inventory Agent.  (Meaning, that once the bad .MOF file is compiled by the machine, the Hardware Inventory Agent SCCM Client Action will not be available!)

Also, you need to consider 64 bit systems along with 32 bit systems. 

Have no fear though, Sherry Kissinger has pulled through once again!  There is a tool created by Mark Cochrane that automates the editing of the SMS_DEF.MOF and Configuration.MOF files.  http://myitforum.com/cs2/blogs/skissinger/archive/2009/04/13/mark-cochrane-s-regkeytomof.aspx

Download the tool here:  http://myitforum.com/cs2/files/folders/proddocs/entry152945.aspx

Finally, here are the updates to the two files that you will need if you want to report on the status of the SCCM Health Check Script.

SMS_DEF.MOF

// RegKeyToMOF by Mark Cochrane (thanks to Skissinger, Steverac & Jonas Hettich)
// this section tells the inventory agent what to report to the server
// 1/19/2011 13:32:08

#pragma namespace (“\\\\.\\root\\cimv2\\SMS”)
#pragma deleteclass(“SCCM_Health_Check”, NOFAIL)
[SMS_Report(TRUE),SMS_Group_Name(“SCCM_Health_Check”),SMS_Class_ID(“CUSTOM|SCCM_Health_Check|1.0”),
SMS_Context_1(“__ProviderArchitecture=32|uint32”),
SMS_Context_2(“__RequiredArchitecture=true|boolean”)]
Class SCCM_Health_Check: SMS_Class_Template
{
[SMS_Report(TRUE),key] string KeyName;
[SMS_Report(TRUE)] String Scan_Run;
[SMS_Report(TRUE)] String Last_Run;
[SMS_Report(TRUE)] String CCM_Service_Check;
[SMS_Report(TRUE)] String SCCM_AssignedSite;
[SMS_Report(TRUE)] String SCCM_AutoAssignment;
[SMS_Report(TRUE)] String AdminShare_Check;
[SMS_Report(TRUE)] String Account_Check;
[SMS_Report(TRUE)] String WindowsUpdate_Service_Check;
[SMS_Report(TRUE)] String HS_CCM_Service_Check;
[SMS_Report(TRUE)] String HS_AdminShare_Check;
[SMS_Report(TRUE)] String HS_Account_Check;
[SMS_Report(TRUE)] String HS_WindowsUpdate_Service_Check;
[SMS_Report(TRUE)] String HS_SCCM_AssignedSite;
[SMS_Report(TRUE)] String HS_SCCM_AutoAssignment;
[SMS_Report(TRUE)] String CCM_Client_Check;
[SMS_Report(TRUE)] String SCCM_Install;
};

#pragma namespace (“\\\\.\\root\\cimv2\\SMS”)
#pragma deleteclass(“SCCM_Health_Check_64”, NOFAIL)
[SMS_Report(TRUE),SMS_Group_Name(“SCCM_Health_Check”),SMS_Class_ID(“CUSTOM|SCCM_Health_Check|1.0”),
SMS_Context_1(“__ProviderArchitecture=64|uint32”),
SMS_Context_2(“__RequiredArchitecture=true|boolean”)]
Class SCCM_Health_Check_64 : SMS_Class_Template
{
[SMS_Report(TRUE),key] string KeyName;
[SMS_Report(TRUE)] String Scan_Run;
[SMS_Report(TRUE)] String Last_Run;
[SMS_Report(TRUE)] String CCM_Service_Check;
[SMS_Report(TRUE)] String SCCM_AssignedSite;
[SMS_Report(TRUE)] String SCCM_AutoAssignment;
[SMS_Report(TRUE)] String AdminShare_Check;
[SMS_Report(TRUE)] String Account_Check;
[SMS_Report(TRUE)] String WindowsUpdate_Service_Check;
[SMS_Report(TRUE)] String HS_CCM_Service_Check;
[SMS_Report(TRUE)] String HS_AdminShare_Check;
[SMS_Report(TRUE)] String HS_Account_Check;
[SMS_Report(TRUE)] String HS_WindowsUpdate_Service_Check;
[SMS_Report(TRUE)] String HS_SCCM_AssignedSite;
[SMS_Report(TRUE)] String HS_SCCM_AutoAssignment;
[SMS_Report(TRUE)] String CCM_Client_Check;
[SMS_Report(TRUE)] String SCCM_Install;
};

Configuration.mof

// RegKeyToMOF by Mark Cochrane (thanks to Skissinger, Steverac & Jonas Hettich)
// this section tells the inventory agent what to collect
// 1/19/2011 13:32:08

#pragma namespace (“\\\\.\\root\\cimv2”)
#pragma deleteclass(“SCCM_Health_Check”, NOFAIL)
[DYNPROPS]
Class SCCM_Health_Check
{
[key] string KeyName;
String Scan_Run;
String Last_Run;
String CCM_Service_Check;
String SCCM_AssignedSite;
String SCCM_AutoAssignment;
String AdminShare_Check;
String Account_Check;
String WindowsUpdate_Service_Check;
String HS_CCM_Service_Check;
String HS_AdminShare_Check;
String HS_Account_Check;
String HS_WindowsUpdate_Service_Check;
String HS_SCCM_AssignedSite;
String HS_SCCM_AutoAssignment;
String CCM_Client_Check;
String SCCM_Install;
};

[DYNPROPS]
Instance of SCCM_Health_Check
{
KeyName=”RegKeyToMOF_32″;
[PropertyContext(“Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\SCCM\\SCCM_Health_Check|Scan_Run”),Dynamic,Provider(“RegPropProv”)] Scan_Run;
[PropertyContext(“Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\SCCM\\SCCM_Health_Check|Last_Run”),Dynamic,Provider(“RegPropProv”)] Last_Run;
[PropertyContext(“Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\SCCM\\SCCM_Health_Check|CCM_Service_Check”),Dynamic,Provider(“RegPropProv”)] CCM_Service_Check;
[PropertyContext(“Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\SCCM\\SCCM_Health_Check|SCCM_AssignedSite”),Dynamic,Provider(“RegPropProv”)] SCCM_AssignedSite;
[PropertyContext(“Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\SCCM\\SCCM_Health_Check|SCCM_AutoAssignment”),Dynamic,Provider(“RegPropProv”)] SCCM_AutoAssignment;
[PropertyContext(“Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\SCCM\\SCCM_Health_Check|AdminShare_Check”),Dynamic,Provider(“RegPropProv”)] AdminShare_Check;
[PropertyContext(“Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\SCCM\\SCCM_Health_Check|Account_Check”),Dynamic,Provider(“RegPropProv”)] Account_Check;
[PropertyContext(“Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\SCCM\\SCCM_Health_Check|WindowsUpdate_Service_Check”),Dynamic,Provider(“RegPropProv”)] WindowsUpdate_Service_Check;
[PropertyContext(“Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\SCCM\\SCCM_Health_Check|HS_CCM_Service_Check”),Dynamic,Provider(“RegPropProv”)] HS_CCM_Service_Check;
[PropertyContext(“Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\SCCM\\SCCM_Health_Check|HS_AdminShare_Check”),Dynamic,Provider(“RegPropProv”)] HS_AdminShare_Check;
[PropertyContext(“Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\SCCM\\SCCM_Health_Check|HS_Account_Check”),Dynamic,Provider(“RegPropProv”)] HS_Account_Check;
[PropertyContext(“Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\SCCM\\SCCM_Health_Check|HS_WindowsUpdate_Service_Check”),Dynamic,Provider(“RegPropProv”)] HS_WindowsUpdate_Service_Check;
[PropertyContext(“Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\SCCM\\SCCM_Health_Check|HS_SCCM_AssignedSite”),Dynamic,Provider(“RegPropProv”)] HS_SCCM_AssignedSite;
[PropertyContext(“Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\SCCM\\SCCM_Health_Check|HS_SCCM_AutoAssignment”),Dynamic,Provider(“RegPropProv”)] HS_SCCM_AutoAssignment;
[PropertyContext(“Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\SCCM\\SCCM_Health_Check|CCM_Client_Check”),Dynamic,Provider(“RegPropProv”)] CCM_Client_Check;
[PropertyContext(“Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\SCCM\\SCCM_Health_Check|SCCM_Install”),Dynamic,Provider(“RegPropProv”)] SCCM_Install;
};

#pragma namespace (“\\\\.\\root\\cimv2”)
#pragma deleteclass(“SCCM_Health_Check_64”, NOFAIL)
[DYNPROPS]
Class SCCM_Health_Check_64
{
[key] string KeyName;
String Scan_Run;
String Last_Run;
String CCM_Service_Check;
String SCCM_AssignedSite;
String SCCM_AutoAssignment;
String AdminShare_Check;
String Account_Check;
String WindowsUpdate_Service_Check;
String HS_CCM_Service_Check;
String HS_AdminShare_Check;
String HS_Account_Check;
String HS_WindowsUpdate_Service_Check;
String HS_SCCM_AssignedSite;
String HS_SCCM_AutoAssignment;
String CCM_Client_Check;
String SCCM_Install;
};

[DYNPROPS]
Instance of SCCM_Health_Check_64
{
KeyName=”RegKeyToMOF_64″;
[PropertyContext(“Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\SCCM\\SCCM_Health_Check|Scan_Run”),Dynamic,Provider(“RegPropProv”)] Scan_Run;
[PropertyContext(“Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\SCCM\\SCCM_Health_Check|Last_Run”),Dynamic,Provider(“RegPropProv”)] Last_Run;
[PropertyContext(“Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\SCCM\\SCCM_Health_Check|CCM_Service_Check”),Dynamic,Provider(“RegPropProv”)] CCM_Service_Check;
[PropertyContext(“Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\SCCM\\SCCM_Health_Check|SCCM_AssignedSite”),Dynamic,Provider(“RegPropProv”)] SCCM_AssignedSite;
[PropertyContext(“Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\SCCM\\SCCM_Health_Check|SCCM_AutoAssignment”),Dynamic,Provider(“RegPropProv”)] SCCM_AutoAssignment;
[PropertyContext(“Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\SCCM\\SCCM_Health_Check|AdminShare_Check”),Dynamic,Provider(“RegPropProv”)] AdminShare_Check;
[PropertyContext(“Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\SCCM\\SCCM_Health_Check|Account_Check”),Dynamic,Provider(“RegPropProv”)] Account_Check;
[PropertyContext(“Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\SCCM\\SCCM_Health_Check|WindowsUpdate_Service_Check”),Dynamic,Provider(“RegPropProv”)] WindowsUpdate_Service_Check;
[PropertyContext(“Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\SCCM\\SCCM_Health_Check|HS_CCM_Service_Check”),Dynamic,Provider(“RegPropProv”)] HS_CCM_Service_Check;
[PropertyContext(“Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\SCCM\\SCCM_Health_Check|HS_AdminShare_Check”),Dynamic,Provider(“RegPropProv”)] HS_AdminShare_Check;
[PropertyContext(“Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\SCCM\\SCCM_Health_Check|HS_Account_Check”),Dynamic,Provider(“RegPropProv”)] HS_Account_Check;
[PropertyContext(“Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\SCCM\\SCCM_Health_Check|HS_WindowsUpdate_Service_Check”),Dynamic,Provider(“RegPropProv”)] HS_WindowsUpdate_Service_Check;
[PropertyContext(“Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\SCCM\\SCCM_Health_Check|HS_SCCM_AssignedSite”),Dynamic,Provider(“RegPropProv”)] HS_SCCM_AssignedSite;
[PropertyContext(“Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\SCCM\\SCCM_Health_Check|HS_SCCM_AutoAssignment”),Dynamic,Provider(“RegPropProv”)] HS_SCCM_AutoAssignment;
[PropertyContext(“Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\SCCM\\SCCM_Health_Check|CCM_Client_Check”),Dynamic,Provider(“RegPropProv”)] CCM_Client_Check;
[PropertyContext(“Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\SCCM\\SCCM_Health_Check|SCCM_Install”),Dynamic,Provider(“RegPropProv”)] SCCM_Install;
};

SCCM Computer Startup Script–Part 1

This is part one in a three part post regarding SCCM Computer Startup Scripts and SCCM Health.

Part 1- The script itself

Part 2 – The .MOF file additions

Part 3 – The SQL query for reporting

SCCM Startup Script

How to get clients installed.  How to keep them installed.  Those are the topics that a SCCM Computer Startup Script can take care of.

The script that I wrote looks for the existence of SCCM and ensures that the version is correct, the CCMExec.log has a current time stamp and ensures that the proper accounts are in the administrators group.

If the client doesn’t exists on the system the startup script will install it.

If WMI is broken, the script will fix it and install the client.

Finally, the script will also install the SCCM R3 patch.

To use this script you will need to supply your own variables such as Domain Name, SCCM Admin account name, etc.

You will need to create a new folder for this script.  In the folder you will need:

  • SMSClient folder from the Config Manager installation directory
  • CCMClean.exe
  • CCMDELCERT.exe
  • PSKILL.exe
  • SCCM_Health_Check.vbs

————–

‘ NAME: SCCM_Client_Health_Check
‘ AUTHOR: Matthew Teegarden
‘ DATE  : 1/18/2011
‘ Based on the script by Chris Stauffer http://myitforum.com/cs2/blogs/cstauffer/archive/2009/12/18/sccm-sp2-health-check-startup-script-1-7.aspx
‘ COMMENT: Version 1.1
‘     1.0 – initial script
‘     1.1 – complete re-write.  added WMI check / Fix

Option Explicit
On Error Resume Next

Dim WshShell ‘ Wscript.shell
Dim fso ‘ FileSystemObject
Dim StrScanRun ‘ used for incremental count of the amount of times this script has run
Dim StrSCCMPath ‘ used for the location of SCCM client
Dim CCMSetupFolder ‘ used for the location of the CCMSetup folder
Dim SMSClientVersion ‘ used for storing SCCM Client Version
Dim InstallArgs ‘ used for SCCM Client installation switches
Dim ComSpec ‘ WshShell.ExpandEnvironmentStrings(“%COMSPEC%”)
Dim smsinstall ‘ SCCM Installation command
Dim strAdmAcct ‘ used for storing the AD Group that needs to be in the local administrators group
Dim strDomain ‘ stores the domain of the AD Group that needs to be in the local administrators group
Dim strGroupName ‘ stores the AD Group name that needs to be in the local administrators group
Dim objLocalGroup ‘ stores the Administrators local group
Dim strComputerName ‘ used for storing the computer name
Dim gstrSiteCode ‘ used to determine the site code of the strComptuerName
Dim Results ‘ used to store service state
Dim sFolder ‘ used to store folder path
Dim oFolder ‘ used to store specific folders
Dim oFile ‘ used for specific files
Dim WBEMFolder ‘ used for the wbem repository
Dim startdate ‘ used for SMSProvide log file access time
Dim enddate ‘ used for comparing the current time with last access time of the SMSProvider log file
Dim diffdate ‘ used to store the difference between startdate and enddate
Dim colItems ‘ used in For Each loops
Dim objItem ‘ used in For Each loops
Dim bAlreadyExists ‘ stores TRUE or FALSE values for strAdmAcct in the local Administrators group
Dim CurrentDirectory ‘ stores the location that the script is running from
Dim ScriptFullName ‘ stores the scripts full name.  Used with CurrentDirectory
Dim objWMI ‘ Used for the WMI service
Dim returncode ‘ used to store return codes of functions
Dim servicename ‘ used to pass a service name into functions
Dim Started, Stopped ‘ used for starting and stopping services
Dim StrSCCMInstall ‘ counter for how many times SCCM Client has been installed
Dim AssignedSite ‘ used for SCCM site assignment
Dim AutoAssignedSite ‘ used for auto site assignment
Dim SmsClient ‘ used for the SCCM WMI namespace
Dim strValueName ‘ used for storing registry values during the History Shift function
Dim strLogging ‘ used for turning logging on or off
Dim logfile ‘ used to write to the log file
Dim strKeyPath ‘ used to find the value (if exists) in the registry if the DISABLECACHEOPT and DISABLESITEOPT option was used during install
Dim strEntryName ‘ used to find the value (if exists) in the registry if the DISABLECACHEOPT and DISABLESITEOPT option was used during install
Dim strValue  ‘ ‘ used to find the value (if exists) in the registry if the DISABLECACHEOPT and DISABLESITEOPT option was used during install
Dim WMIisCorrupt ‘ used to determine if WMI is functional

Set WshShell = CreateObject (“WScript.Shell”)
Set fso = CreateObject(“Scripting.FileSystemObject”)

‘===========File System Constants==================================
Const ForReading = 1, ForWriting = 2, ForAppending = 8
Const OverwriteExisting = True
Const HARD_DISK = 3
‘===========Registry Constants=====================================
Const HKEY_LOCAL_MACHINE = &H80000002

InstallArgs = ” SMSSITECODE=AUTO SMSCACHESIZE=4096″‘ only needed if you have not extended AD other wise enter SCCM Client Install aguments
strAdmAcct = “Domain\Username or GroupName”    ‘Specify Desktop SMS Admin account domain/account
strDomain = “DomainName”
strGroupName = “SMS Admin Group Name”
strComputerName = WshShell.ExpandEnvironmentStrings(“%computername%”)
ComSpec = WshShell.ExpandEnvironmentStrings(“%COMSPEC%”)
strLogging = “enabled”

‘ Log file
If strLogging = “enabled” Then
    Set logfile = fso.OpenTextFile(“c:\ConfigMgrClient.Log”,ForWriting,True)
    logfile.Writeline “”
    logfile.Writeline Now
    logfile.Writeline “”
End If   

‘WMI Test
Set objWMI = GetObject(“winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2”)
Set colItems = objWMI.ExecQuery (“Select * from Win32_Service Where Name = ‘WinMgmt'”)
For Each objItem In colItems
    Results = objItem.name
Next
If Results = “” Or IsNull(results) Then
    If strLogging = “enabled” Then
        logfile.Writeline “WMI Is Corrupt”
    End If
    WMIisCorrupt = “True”
    CheckSCCMInstall
    AdvCliInst(ComSpec)
    WScript.Quit
Else
    If strLogging = “enabled” Then
        logfile.Writeline “WMI is good”
    End If
Set Results = nothing
End If

‘ Get Local CCM Path
StrSCCMPath = WshShell.RegRead(“HKLM\SOFTWARE\Microsoft\SMS\Client\Configuration\Client Properties\Local SMS Path”)
If StrSCCMPath = “” Or IsNull (StrSCCMPath) Then
    StrSCCMPath = WshShell.RegRead(“HKLM\SOFTWARE\Wow6432Node\Microsoft\SMS\Client\Configuration\Client Properties\Local SMS Path”)
End If   
If strLogging = “enabled” Then
    logfile.Writeline “Get local CCM Path = ” & StrSCCMPath
End If
If StrSCCMPath = “” Or IsNull (StrSCCMPath) Then
    CheckSCCMInstall
    AdvCliInst(ComSpec)
    WScript.Quit
End If

‘ Check for SCCM Helath Check registry key and create it if it doesn’t exist
StrScanRun = WshShell.RegRead(“HKLM\SOFTWARE\SCCM\SCCM_Health_Check\Scan_Run”)
If StrScanRun = “” Or IsNull (StrScanRun) Then
    StrScanRun = WshShell.RegRead(“HKLM\SOFTWARE\Wow6432Node\SCCM\SCCM_Health_Check\Scan_Run”)
End If   
If StrScanRun = “” Or IsNull (StrScanRun) Then
    WshShell.RegWrite (“HKLM\SOFTWARE\SCCM\SCCM_Health_Check\Scan_Run”), “0”
End If   

‘ Write current time to the registry
WshShell.RegWrite (“HKLM\SOFTWARE\SCCM\SCCM_Health_Check\Last_Run”), Now()

‘ Check for CCMEXEC service
Results = ServiceState(“ccmexec”)’Check CCM Status
If strLogging = “enabled” Then
    logfile.Writeline “SMS Agent Host = ” & Results
End If
If LCase(Results) = LCase(“Running”)Then
    WshShell.RegWrite (“HKLM\SOFTWARE\SCCM\SCCM_Health_Check\CCM_Service_Check”), “Running”
    If strLogging = “enabled” Then
        logfile.Writeline “SMS Agent Host = ” & Results
    End If
‘ CCMExec serivice is running.  Do SCCM Health checks           
    Check_Client_info  ‘Check Client Variable                   
    CheckSitecode      ‘Check Client SiteCode
    ClientVersionCheck ‘Check Client Versiont
ElseIf LCase(Results) = LCase(“Stopped”)Then
    If strLogging = “enabled” Then
        logfile.Writeline “SMS Agent Host = ” & Results
  End If
    set Results = Nothing
    Call EnableService(“ccmexec”)
    KickService(“ccmexec”)
    WshShell.RegWrite (“HKLM\SOFTWARE\SCCM\SCCM_Health_Check\CCM_Service_Check”), “CCM Service was Stopped”
    ‘ CCMExec serivice is running.  Do SCCM Health checks                               
    Check_Client_info ‘Check Client Variable                   
    CheckSitecode      ‘Check Client SiteCode
    ClientVersionCheck ‘Check Client Version
ElseIf Results = “” Or IsNull (Results) Then
    If strLogging = “enabled” Then
        logfile.Writeline “SMS Agent Host not found”
  End If
    WMIisCorrupt = “True”
    CheckSCCMInstall
    AdvCliInst(ComSpec)
    WScript.Quit
End If

CheckSCCMInstall’Check to see if CCMSetup failed and fix error
Script_increment  ‘Increment Registery Key For script by 1 And move present value To history        
Check_AdminShare ‘ Check Admin$ Share
Check_SMSLOCALADMIN’Check Local Admin account
WSUSEnabled ‘ check to ensure windows update service is enabled

Function CheckSCCMInstall 
    On Error Resume Next
    CurrentDirectory = replace(WScript.ScriptFullName,WScript.ScriptName,””)
    If strLogging = “enabled” Then
        logfile.Writeline  “Starting CheckSCCMInstall”
    End If
    If fso.FolderExists(“C:\Windows\System32\CCMSetup\LastError”) Or fso.FolderExists(“C:\Windows\CCMSetup\LastError”) or WMIisCorrupt = “True” Then
        If strLogging = “enabled” Then
            logfile.Writeline  “LastError folder exists or Can not connect to WMI.  Deinstalling client and reinstalling”
        End If
‘     Set objWMI = GetObject(“winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2”)
‘     Set colItems = objWMI.ExecQuery (“Select * from Win32_Service Where Name = ‘CCMSETUP'”)
‘         For Each objItem In colItems
‘             objItem.StopService()
‘         Next
      WshShell.Run(“Net Stop CCMSetup /Y”), 0, True
        If strLogging = “enabled” Then
            logfile.Writeline  “Stopped CCMSEtup service if existed”
        End If
‘         Set colItems = objWMI.ExecQuery (“Select * from Win32_Process Where Name = ‘CCMSETUP.EXE'”)
‘         For Each objItem In colItems
‘             objItem.Terminate()
‘         Next
        oFile = CurrentDirectory & “PSKILL.EXE”
        fso.CopyFile oFile, “C:\”
        WshShell.Run “c:\pskill ccmsetup”,,True
        If strLogging = “enabled” Then
            logfile.Writeline  “Stopped CCMSEtup process if existed”
        End If
        oFile = CurrentDirectory & “ccmclean.exe”
        fso.CopyFile oFile, “C:\”
        WshShell.Run “c:\CCMClean /all /q”,,True
        If strLogging = “enabled” Then
            logfile.Writeline  “Ran CCMClean 1”
        End If
        WshShell.Run “c:\CCMClean /all /q”,,True
        If strLogging = “enabled” Then
            logfile.Writeline  “Ran CCMClean 2”
        End If
        oFile = CurrentDirectory & “ccmdelcert.exe”
        fso.CopyFile oFile, “C:\”
        WshShell.Run “c:\ccmdelcert.exe”,,True
        If strLogging = “enabled” Then
            logfile.Writeline  “Ran CCMDelCert”
        End If
        fso.DeleteFile “C:\windows\SMSCFG.INI”, True
        If strLogging = “enabled” Then
            logfile.Writeline  “Delete SMSCFG.INI”
        End If
        WshShell.Run(“Net Stop Winmgmt /Y”), 0, True
        If strLogging = “enabled” Then
            logfile.Writeline  “Stopped Winmgmt”
        End If
        fso.DeleteFolder (“C:\Windows\System32\WBEM\Repository”), True
        If strLogging = “enabled” Then
            logfile.Writeline  “Deleted Repository”
        End If
        WshShell.Run(“Net Start Winmgmt”), 0, True
        If strLogging = “enabled” Then
            logfile.Writeline  “Started Winmgmt”
        End If
        WshShell.Run(“C:\Windows\System32\rundll32.exe wbemupgd, UpgradeRepository”), 0, True
        If strLogging = “enabled” Then
            logfile.Writeline  “Ran C:\Windows\System32\rundll32.exe wbemupgd, UpgradeRepository”
        End If
        WshShell.Run(“Net Stop Winmgmt /Y”), 0, True
        If strLogging = “enabled” Then
            logfile.Writeline  “Stopped Winmgmt”
        End If       
        WshShell.Run(“Net Start Winmgmt”), 0, True
        If strLogging = “enabled” Then
            logfile.Writeline  “Started Winmgmt”
        End If
        WshShell.Run(“C:\Windows\System32\rundll32.exe wbemupgd, UpgradeRepository”), 0, True
        If strLogging = “enabled” Then
            logfile.Writeline  “Ran C:\Windows\System32\rundll32.exe wbemupgd, UpgradeRepository”
        End If       
        sFolder = WshShell.ExpandEnvironmentStrings(“%windir%\System32\WBEM”)
        Set oFolder = fso.GetFolder(sFolder)
        For Each oFile In oFolder.Files
            Select Case lCase(fso.GetExtensionName(oFile))
              Case “mof”, “mfl”
               WshShell.Run oFolder & “\mofcomp.exe “”” & oFile & “”””, 0, True
               If strLogging = “enabled” Then
                    logfile.Writeline  “Compiled ” & oFile
                End If
            End Select
        Next
        fso.DeleteFolder (“C:\Windows\System32\CCMSetup”), True
        fso.DeleteFolder (“C:\Windows\CCMSetup”), True
        fso.DeleteFile (“C:\ccmclean.exe”), True
        fso.DeleteFile (“C:\ccmdelcert.exe”), True
        fso.DeleteFile (“C:\PSKILL.exe”), True
    End If
    If strLogging = “enabled” Then
        logfile.Writeline  “Ending CheckSCCMInstall”
    End If
End Function   

Function Check_Client_info
    On Error Resume Next
    If strLogging = “enabled” Then
        logfile.Writeline  “Starting Check_Client_info”
    End If
    Set SmsClient = GetObject(“winmgmts:ROOT/CCM:SMS_Client=@”)
    SMSClientVersion = SmsClient.ClientVersion
    If SMSClientVersion = “” Or IsNull (SMSClientVersion) Then
        SMSClientVersion = WshShell.RegRead(“HKLM\SOFTWARE\Microsoft\SMS\Mobile Client\ProductVersion”)
    End If
    If strLogging = “enabled” Then
        logfile.Writeline  “Ending Check_Client_info”
    End If
End Function   

Function Script_increment
    On Error Resume Next
    If strLogging = “enabled” Then
        logfile.Writeline  “starting Script_increment”
    End If
    StrScanRun = WshShell.RegRead(“HKLM\SOFTWARE\SCCM\SCCM_Health_Check\Scan_Run”)
    If StrScanRun = “” Or IsNull (StrScanRun) Then
        WshShell.RegWrite (“HKLM\SOFTWARE\SCCM\SCCM_Health_Check\Scan_Run”), “0”
    Else
        StrScanRun = StrScanRun + 1
        WshShell.RegWrite (“HKLM\SOFTWARE\SCCM\SCCM_Health_Check\Scan_Run”), StrScanRun
    End If
    If StrScanRun >= 2 Then
        History_Shift
    End If
    If strLogging = “enabled” Then
        logfile.Writeline  “Ending Script_increment”
    End If
End Function   

Function Check_AdminShare
On Error Resume Next
    If strLogging = “enabled” Then
        logfile.Writeline  “starting Check_AdminShare “
    End If   
    Set objWMI = GetObject(“winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2”)
    Set colItems = objWMI.ExecQuery(“Select * from Win32_Share Where Name = ‘ADMIN$'”)
    If colItems.Count > 0 Then
        WshShell.RegWrite (“HKLM\SOFTWARE\SCCM\SCCM_Health_Check\AdminShare_Check”), “Admin$ is present”
        If strLogging = “enabled” Then
            logfile.Writeline “Admin$ is present”
        End If
    Else
        WshShell.RegWrite (“HKLM\SOFTWARE\SCCM\SCCM_Health_Check\AdminShare_Check”), “Admin$ Is missing”
        If strLogging = “enabled” Then
            logfile.Writeline “Admin$ is missing”
        End If
        Set colItems = objWMI.execquery(“select state from win32_service where name=’LanmanServer'”)
        For Each objItem In colItems
            objItem.StopService
        Next
        Do Until Stopped = True
            Set colItems = objWMI.execquery(“select state from win32_service where name=’LanmanServer'”)
            For Each objItem In colItems
                If lcase(objItem.State) = lcase(“Stopped”) Then
                    Stopped = True
                End If
            Next
        Loop
        Set colItems = objWMI.execquery(“select state from win32_service where name=’LanmanServer'”)
        For Each objItem In colItems
            objItem.StartService
        Next
    End If   
    If strLogging = “enabled” Then
        logfile.Writeline  “ending Check_AdminShare “
    End If   
End Function

Function Check_SMSLOCALADMIN
    On Error Resume Next
    If strLogging = “enabled” Then
        logfile.Writeline  “starting  Check_SMSLOCALADMIN”
    End If   
    Set objLocalGroup = GetObject(“WinNT://” & strComputerName & “/Administrators, group”)
    For Each objItem In objLocalGroup.Members
    If InStr(UCase(objItem.ADSPath),UCase(strDomain & “/” & strGroupName)) <> 0 Then
        WshShell.RegWrite (“HKLM\SOFTWARE\SCCM\SCCM_Health_Check\Account_Check”), strAdmAcct & ” is in the Admins group”
        If strLogging = “enabled” Then
            logfile.Writeline strAdmAcct & ” is in the Admins group”
        End If
        bAlreadyExists = True
    End If
    Next
    If bAlreadyExists <> True Then
        WshShell.RegWrite (“HKLM\SOFTWARE\SCCM\SCCM_Health_Check\Account_Check”), strAdmAcct & ” was not in Admins group – adding”
        If strLogging = “enabled” Then
            logfile.Writeline  strAdmAcct & ” was not in Admins group – adding”
        End If
        objLocalGroup.Add(“WinNT://” & strDomain & “/” & strGroupName)
    End If 
    If strLogging = “enabled” Then
        logfile.Writeline  “starting  Check_SMSLOCALADMIN”
    End If   
End Function

Function WSUSEnabled
    On Error Resume Next
    If strLogging = “enabled” Then
        logfile.Writeline  “starting WSUSEnabled”
    End If
    Results = ServiceState(“wuauserv”)’Check Windows Update Status
    If LCase(Results) = LCase(“Running”)Then
        WshShell.RegWrite (“HKLM\SOFTWARE\SCCM\SCCM_Health_Check\WindowsUpdate_Service_Check”), “Running”
        If strLogging = “enabled” Then
            logfile.Writeline “Auto Updates Serivice = ” & Results
        End If
    ElseIf LCase(Results) = LCase(“Stopped”)Then
        If strLogging = “enabled” Then
            logfile.Writeline “Auto Updates Serivice = ” & Results
        End If
        Call EnableService(“wuauserv”)
        KickService(“wuauserv”)
        WshShell.RegWrite (“HKLM\SOFTWARE\SCCM\SCCM_Health_Check\WindowsUpdate_Service_Check”), “Windows Update Service was Stopped”
    End If
    Set Results = Nothing
    If strLogging = “enabled” Then
        logfile.Writeline  “ending WSUSEnabled”
    End If
End Function    

Function ClientVersionCheck
    On Error Resume Next
    If strLogging = “enabled” Then
        logfile.Writeline  “starting ClientVersionCheck “
    End If
    If SMSClientVersion = “” Then
        WshShell.RegWrite (“HKLM\SOFTWARE\SCCM\SCCM_Health_Check\CCM_Client_Check”), “Client Not Installed”
        If strLogging = “enabled” Then
            logfile.Writeline “SMSClientVersion = NO CLIENT”
        End If
        Call AdvCliInst(ComSpec)
        WScript.Quit
    Else
        If strLogging = “enabled” Then
            logfile.Writeline “SMSClientVersion = ” & SMSClientVersion
        End If
        Select Case SMSClientVersion
                ‘ RTM 4.00.5931.0001
                ‘ SP1 4.00.6221.1000
                ‘ SP2 4.00.6487.2000
                ‘ R3  4.00.6487.2157
            Case “4.00.6487.2157” ‘ SCCM SP2 R3 client version
                PolicyEval
            Case “4.00.6487.2000” ‘ SCCM SP2 client version
                If strLogging = “enabled” Then
                    logfile.Writeline “Needs R3 hotfix”
                End If
                CurrentDirectory = replace(WScript.ScriptFullName,WScript.ScriptName,””)
                smsinstall =ComSpec & ” /c msiexec.exe /p “& CurrentDirectory & “SMSClient\i386\hotfix\KB977384\sccm2007ac-sp2-kb977384-x86-enu.msp /L*v %TEMP%\sccm2007ac-sp2-kb977384-x86-enu.msp.LOG /q REINSTALL=ALL REINSTALLMODE=mous”
              WshShell.Run smsinstall,0,False
              If strLogging = “enabled” Then
                    logfile.Writeline “Install R3 hotfix”
                End If
                PolicyEval
        Case Else
            If strLogging = “enabled” Then
                logfile.Writeline  “ClientVersionCheck could not determine client version – installing client”
            End If
      Call AdvCliInst(ComSpec)
      WScript.Quit
    End Select
    End If
    If strLogging = “enabled” Then
        logfile.Writeline  “ending ClientVersionCheck “
    End If
End Function      

Function PolicyEval    
    On Error Resume Next   
    If strLogging = “enabled” Then
        logfile.Writeline  “starting PolicyEval  “
    End If
    Set oFile = fso.GetFile (StrSCCMPath & “Logs\CCMExec.log”)
    startdate = oFile.DateLastAccessed
    enddate = date()
    If isDate(startdate) Then
        diffdate = DateDiff(“d”, startdate, enddate)
        If strLogging = “enabled” Then
            logfile.Writeline “CCMExec.log last accessed = ” & diffdate
        End If
    End If
    If diffdate > 21 Then
        If strLogging = “enabled” Then
            logfile.Writeline “CCMExec.log last accessed more than 21 days ago. Repair client”
        End If
        Call AdvCliInst(ComSpec)
        wscript.quit
    End If
    If strLogging = “enabled” Then
        logfile.Writeline  “ending PolicyEval  “
    End If
End Function       

Function CheckSitecode 
    On Error Resume Next   
    If strLogging = “enabled” Then
        logfile.Writeline  “starting CheckSitecode   “
    End If       
    ‘Ensure that the client is auto assigned to sites and that the client is assigned to the correct site
    ‘based on the naming convention of the machine
    Set SmsClient = CreateObject (“Microsoft.SMS.Client”)
    AssignedSite = SmsClient.GetAssignedSite
    If ((Len(strComputerName) = 13) And (Mid(strComputerName, 7, 1) = “X”)) Then
                gstrSiteCode = Mid(strComputerName, 3, 4)
    end If
    WshShell.RegWrite (“HKLM\SOFTWARE\SCCM\SCCM_Health_Check\SCCM_AssignedSite”), AssignedSite
    If strLogging = “enabled” Then
        logfile.Writeline “SCCM Assigned Site = ” & AssignedSite
    End If
    Set objWMI = GetObject(“winmgmts:ROOT/CCM:SMS_Client=@”)
    AutoAssignedSite = objWMI.EnableAutoAssignment
    If AutoAssignedSite = True Then
        WshShell.RegWrite (“HKLM\SOFTWARE\SCCM\SCCM_Health_Check\SCCM_AutoAssignment”), “TRUE”
        If strLogging = “enabled” Then
            logfile.Writeline “SCCM Auto Assignement = TRUE”
        End If
    Else
        WshShell.RegWrite (“HKLM\SOFTWARE\SCCM\SCCM_Health_Check\SCCM_AutoAssignment”), “FALSE”
        If strLogging = “enabled” Then
            logfile.Writeline “SCCM Auto Assignement = FALSE”
        End If
        SmsClient.EnableAutoAssignment 1
    End If
    If gstrSiteCode = “MN00” Then
        If AssignedSite <> “P01” Then
            SmsClient.SetAssignedSite(“P01”)
        End If   
    Else
        If AssignedSite <> “CEN” Then
            SmsClient.SetAssignedSite(“CEN”)
        End If   
    End If
    If strLogging = “enabled” Then
        logfile.Writeline  “ending CheckSitecode   “
    End If   
End Function

Function KickService(servicename)
    On Error Resume Next
    If strLogging = “enabled” Then
        logfile.Writeline  “starting KickService ” & servicename
    End If   
    Results = ServiceState(servicename)
    Set objWMI = getobject(“winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2”)
    If Not LCase(Results) = LCase(“Running”)Then
        Set colItems = objWMI.execquery(“select state from win32_service where name='” & servicename & “‘”)
        For Each objItem In colItems
            ‘ Start Service
            objItem.StartService
        Next
        Do Until Started = True
            Set colItems = objWMI.execquery(“select state from win32_service where name='” & servicename & “‘”)
            For Each objItem In colItems
                If lcase(objItem.State) = lcase(“Running”) Then
                    Started = True
                end If
            Next
        Loop
    End If
    set Results = Nothing
    If strLogging = “enabled” Then
        logfile.Writeline  “ending KickService ” & servicename
    End If   
End Function 

Function EnableService(servicename)
    On Error Resume Next
    If strLogging = “enabled” Then
        logfile.Writeline  “starting EnableService ” & servicename
    End If
    Set objWMI = GetObject(“winmgmts:root\cimv2:Win32_Service.Name='” & servicename & “‘”)
        Results = objWMI.ChangeStartMode(“automatic”)
    If strLogging = “enabled” Then
        logfile.Writeline  “ending EnableService ” & servicename
    End If
End Function

Function ServiceState(servicename)
     On Error Resume Next
     If strLogging = “enabled” Then
        logfile.Writeline  “starting ServiceState ” & servicename
    End If   
     Set objWMI = GetObject(“winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2”)
   Set colItems = objWMI.execquery(“select state from win32_service where name='” & servicename & “‘”)
   For Each objItem In colItems
       Results = objItem.State
   Next
   If strLogging = “enabled” Then
        logfile.Writeline  servicename & ” is ” & Results
     End If   
     ServiceState = Results
    set Results = Nothing
     If strLogging = “enabled” Then
        logfile.Writeline  “ending ServiceState ” & servicename
    End If   
End Function

Sub AdvCliInst(ComSpec)
    On Error Resume Next
    If strLogging = “enabled” Then
        logfile.Writeline  “starting AdvCliInst”
    End If   
    If ComSpec = “” Then
        WScript.Quit
    Else
        CurrentDirectory = replace(WScript.ScriptFullName,WScript.ScriptName,””)
        smsinstall =ComSpec & ” /c “& CurrentDirectory & “SMSClient\CCMSetup.exe” & InstallArgs
        SCCM_Install
      WshShell.Run smsinstall,0,True
      If strLogging = “enabled” Then
            logfile.Writeline  “Starting CCMSetup”
        End If   
        Do While GetObject(“WinMgmts:/root/cimV2”).ExecQuery(“SELECT * FROM Win32_Process WHERE Name=’CCMSetup.exe'”).Count
            WScript.Sleep 1000
        Loop
        If strLogging = “enabled” Then
            logfile.Writeline  “Ending CCMSetup”
        End If   
        If strLogging = “enabled” Then
            logfile.Writeline  “Starting R3 patch”
        End If   
        smsinstall =ComSpec & ” /c msiexec.exe /p “& CurrentDirectory & “SMSClient\i386\hotfix\KB977384\sccm2007ac-sp2-kb977384-x86-enu.msp /L*v %TEMP%\sccm2007ac-sp2-kb977384-x86-enu.msp.LOG /q REINSTALL=ALL REINSTALLMODE=mous”
      WshShell.Run smsinstall,0,True
      If strLogging = “enabled” Then
            logfile.Writeline  “Ending R3 patch”
        End If   
    End If
    If strLogging = “enabled” Then
        logfile.Writeline  “ending AdvCliInst”
    End If   
End Sub

Function SCCM_Install
    On Error Resume Next
    If strLogging = “enabled” Then
        logfile.Writeline  “starting SCCM_Install”
    End If
    StrSCCMInstall = WshShell.RegRead(“HKLM\SOFTWARE\SCCM\SCCM_Health_Check\SCCM_Install”)   
    If StrSCCMInstall = “” Or IsNull (StrSCCMInstall) Then
        WshShell.RegWrite (“HKLM\SOFTWARE\SCCM\SCCM_Health_Check\SCCM_Install”), “1”
    Else
        StrSCCMInstall = WshShell.RegRead(“HKLM\SOFTWARE\SCCM\SCCM_Health_Check\SCCM_Install”)
        StrSCCMInstall = StrSCCMInstall + 1
        WshShell.RegWrite (“HKLM\SOFTWARE\SCCM\SCCM_Health_Check\SCCM_Install”), StrSCCMInstall
    End If
    If strLogging = “enabled” Then
        logfile.Writeline  “Ending SCCM_Install”
    End If
End Function

Function History_Shift
    On Error Resume Next
    If strLogging = “enabled” Then
        logfile.Writeline  “starting History_Shift”
    End If
    ‘ CCM service History move
    strValueName = WshShell.RegRead(“HKLM\SOFTWARE\SCCM\SCCM_Health_Check\CCM_Service_Check”)
    If strValueName = “” Or IsNull (strValueName) Then
        strValueName = “CCM Service was Stopped”
        WshShell.RegWrite (“HKLM\SOFTWARE\SCCM\SCCM_Health_Check\CCM_Service_Check”), strValueName
    Else
        WshShell.RegWrite (“HKLM\SOFTWARE\SCCM\SCCM_Health_Check\HS_CCM_Service_Check”), strValueName
    End If   
    Set strValueName = Nothing   
    ‘ Admin$ Check History move   
    strValueName = WshShell.RegRead(“HKLM\SOFTWARE\SCCM\SCCM_Health_Check\AdminShare_Check”)
    If strValueName = “” Or IsNull (strValueName) Then
        strValueName = “Admin$ Is missing”
        WshShell.RegWrite (“HKLM\SOFTWARE\SCCM\SCCM_Health_Check\AdminShare_Check”), strValueName
    Else
        WshShell.RegWrite (“HKLM\SOFTWARE\SCCM\SCCM_Health_Check\HS_AdminShare_Check”), strValueName
    End If   
    Set strValueName = Nothing
    ‘Account Check History move       
    strValueName = WshShell.RegRead(“HKLM\SOFTWARE\SCCM\SCCM_Health_Check\Account_Check”)
    If strValueName = “” Or IsNull (strValueName) Then
        strValueName = strAdmAcct & ” was not in Admins group”
        WshShell.RegWrite (“HKLM\SOFTWARE\SCCM\SCCM_Health_Check\Account_Check”), strValueName
    Else
        WshShell.RegWrite (“HKLM\SOFTWARE\SCCM\SCCM_Health_Check\HS_Account_Check”), strValueName
    End If   
    Set strValueName = Nothing
    ‘Windows Update Service History move       
    strValueName = WshShell.RegRead(“HKLM\SOFTWARE\SCCM\SCCM_Health_Check\WindowsUpdate_Service_Check”)
    If strValueName = “” Or IsNull (strValueName) Then
        strValueName = “Windows Update service was not running”
        WshShell.RegWrite (“HKLM\SOFTWARE\SCCM\SCCM_Health_Check\WindowsUpdate_Service_Check”), strValueName
    Else
        WshShell.RegWrite (“HKLM\SOFTWARE\SCCM\SCCM_Health_Check\HS_WindowsUpdate_Service_Check”), strValueName
    End If   
    Set strValueName = Nothing
    ‘SCCM_AssignedSite History move       
    strValueName = WshShell.RegRead(“HKLM\SOFTWARE\SCCM\SCCM_Health_Check\SCCM_AssignedSite”)
    If strValueName = “” Or IsNull (strValueName) Then
        strValueName = “No Assigned Site”
        WshShell.RegWrite (“HKLM\SOFTWARE\SCCM\SCCM_Health_Check\SCCM_AssignedSite”), strValueName
    Else
        WshShell.RegWrite (“HKLM\SOFTWARE\SCCM\SCCM_Health_Check\HS_SCCM_AssignedSite”), strValueName
    End If   
    Set strValueName = Nothing
    ‘SCCM_AutoAssignment History move       
    strValueName = WshShell.RegRead(“HKLM\SOFTWARE\SCCM\SCCM_Health_Check\SCCM_AutoAssignment”)
    If strValueName = “” Or IsNull (strValueName) Then
        strValueName = “SCCM Autoassignment failure”
        WshShell.RegWrite (“HKLM\SOFTWARE\SCCM\SCCM_Health_Check\SCCM_AutoAssignment”), strValueName
    Else
        WshShell.RegWrite (“HKLM\SOFTWARE\SCCM\SCCM_Health_Check\HS_SCCM_AutoAssignment”), strValueName
    End If   
    Set strValueName = Nothing
    If strLogging = “enabled” Then
        logfile.Writeline  “ending History_Shift”
    End If
End Function

Branch Distribution Point Setup

 

Computer Client Agent Configuration

  • By default the BITS portion of the Computer Client agent is set to “Apply to branch distribution points only”.
    • You can select “Not Configured” if all of your BDP’s have fast connections to the site server.
    • If your BDP’s are on slow links a good example setting would be:
      • Throttling window start time – 06:00
      • Throttling window end time – 02:00
      • Maximum Transfer rate during throttling window – 40Kbps
      • Allow BITS transfer outside of throttling window
      • Maximum transfer rate outside of throttling window – 100Kbps

 

Create New Branch Distribution Point (BDP)

  • Ensure that the SCCM Site System account is a member of the local administrators group on the new BDP’s.
  • Open the SCCM Console and navigate to Site Database > Site Management > [Site that you want to add the BDP to] > Site Settings > Site Systems
  • Right click on Site Systems and select New Server
  • Type in the name and FQDN of the new BDP
    • Select Next
  • On the System Role Selection page select Distribution Point
    • Select Next
  • On the Distribution Point page select Enable as a branch distribution point
    • Select use a specific partition > D:
    • Select next
  • Select Next and Finish
  • Create a file in the root of the C: drive called No_SMS_on_drive.sms
    • This will prevent the BDP from using the C: drive if the D: drive ever gets filled up.

Populate New Branch Distribution Point (BDP)

  • The initial population of the new BDP should involve distributing a very small package. Doing that will create the SMSPKG[drive letter]$ folder on the BDP.
  • Select a small package that you have created and add the new BDP’s as new distribution points.
  • Wait until the SMSPKG[drive letter]$ directory is created.

Distribute Packages To The New Branch Distribution Point (BDP)

  • If your BDP’s are on fast networks and you didn’t configure BITS throttling windows then you can just distribute packages like you would to any Standard Distribution Point
  • If your BDP’s are using BITS throttling windows then chances are you will want to copy large packages manually for the initial setup and then utilize them like Standard Distribution Points when updating the packages
    • Right click the package that you want to manually copy and select the Deployment tab
    • Select “Administrator manfully copies this package to branch distribution points
      • You now have two options
        • Put the source on a DVD and send it to the branch office.
          • Have someone copy the source to the SMSPKG[drive letter] share
        • Copy the contents over the network without using BITS
    • Once the source files are on the BDP you can open the PerrDPAgent.log file and run a Branch Distribution Point Maintenance task from the SCCM Client.
    • Once all of the packages that you manually copied over are successful, you can go back into the properties of the package and select “Automatically download content when packages are assigned to branch distribution points”

Software Updates – configuration and results

Perhaps you have two different types of end user machines.  One type, the machines can be rebooted whenever software updates get applied according to the Change Schedule.  The other type, the machines can NOT be rebooted.  However, software updates still need to be installed on them and the business owner would be responsible for the reboot.  The goal is to get the updates to install on both types of machines, but prevent a reboot for the business critical machines. Attached are screen shots and test results of the various methods used when configuring and installing software updates. 

https://emptygarden.info/wp-content/uploads/2010/08/software-updates-test-results1.docx