Author Archives: arien

Simple ConfigMgr Queries for Windows 10

23 Oct , 2017,
arien
,
No Comments

Windows 10 is out for a while now. Not all have used the modern OS in Configuration Manager yet. Newer and better versions of windows 10 are released every six months.
All versions available can be checked on this official page: https://technet.microsoft.com/en-us/windows/release-info.aspx

Windows 10 build editions query

So, to generate a simple overview of the managed systems I have created a query you can use. In the the ConfigMgr console go to Monitoring -> Queries.

Very usefull information can be displayed here [Click to view] like the build numbers, Netbios name, workgroup name, architecture and the servicing channel.

So the different versions have their own version numbers, like 1511,1703,1709 but I don’t believe they can be showed or queried here?..
Another usefull property is if the system is using BIOS or UEFI. This can be added since the release SCCM 1701/1702 using the SMS_Firmware Class.

W10 Collections

It’s not difficult to create Collections using these query rules. These can be used in different scenario’s. This Example can be extended..

All Windows 10 Clients

All Windows 10 v1709 Build 16299

How to check for MS17-010 and other Hotfixes

13 May , 2017,
arien
,
No Comments

There has been a lot of commotion in the tech-news about the #WannaCrypt / #WannaCry / #Wcry ransomware.
For example NYT made a nice map showing the outbreak around the globe. More detailed information can be found at Troy Hunt’s blog post.

The Critical Update Bulletin can be found at: https://technet.microsoft.com/library/security/MS17-010
MSRC even made Customer Guidance page.

Of course we need to keep our patches current. I just wanted to do a quick check on my systems where protected from the exploit yes or not? Just looking in the “View Installed updates” scanning for 4012212 can be an annoying Control panel task. The search on this page also isn’t much fun either because it will scan the entire system again and sometimes missing the result you’re looking for!

View Installed Updates

The problem for MS17-010: In the bulletin I could find KB-numbers for every OS needed. But what was missing are; the Rollups replacing the March Rollup(s) are not mentioned in the bulletin itself. If you have these, you’re good/patched either :-).


Microsoft does not show replacement information on the KB-page itself.

Using a SCCM Console we can find Supersedence information for example April rollup KB4015549 (first monthly successor).

The updates missing here might be caused by Supersedence Rules

And so the best place to look for this information would be the Microsoft Update Catalog

After searching, click on the update [title] to view details for KB4015549 and go to the ‘Package Details’ tab. Here we can find the needed replacement information (‘This update has been replaced by the following updates’). Click every replacing update until you end with ‘n/a‘.

To wrap up and quickly check on a few systems I’ve made a PoSh script checking it for the most common operating systems. Windows (server) 7/2008R2/2012/R2/2016.

It can also be changed and run remotely from a management system of course.

Read More…

Running a VBscript from batch (command line)

1 Nov , 2016,
arien
, ,
No Comments

Most of the time a specific scripting language is chosen to provide an automated solution for something.
In this case a customer was already using batch scripting. I was adding simple VBscripts to query the WMI Namespaces. Well, how to use these different scripts in hybrid and pass values back to the original batch startup script?

The VBS being used in this example is checking WMI for the Write Filter State (used in the Windows Embedded OS).
Microsoft is using the commands available to check and manage the filter and splitting the huge output to find the current state of the writefilter here. In my opinion it is better to use the information available in WMI:

The cscript //nologo is the most important part of the command you use to start the .VBS!
When we compare the output without the nologo switch we see these differences:
cscript-nologo

Now to call the and get it’s result and put it in a variable

BTW, Very usefull when creating WMI code is the WMI Code Generator created by Rob van der Woude.

Simple PowerShell script to ping multiple Devices

4 Mar , 2016,
arien

No Comments

It’s always useful to quickly check you most important devices in your network! Especially to troubleshoot something.
A Script can help you to get things done faster. When search for common scripts like this I always find complicated and long scripts with built in extra’s. I like to keep my scripts simple for these situations.

First create a .txt file with a list of addresses or hostnames:
Devices

To accomplish this all I created the simple powershell script:

The Test-Connection cmdlet is used.

Let’s run the magic script and show what it looks like when it works.
MagicPingScript
Is it fast enough for you?

Trigger available Application Catalog deployments to appear in Software Center

21 Oct , 2015,
arien
, ,
No Comments

In my previous post I explained how to Create shortcuts to deploy available applications in ConfigMgr 2012.
User-available deployed apps are not shown in the SCCM 2012 Software Center right away as designed. (Sidenote: I believe ‘The new SCCM’ vNext (a.k.a. Current Branch) has a different approach already!)
Software center user available apps

Using ApplicationViewService.asmx on the Application Catalog we can do some extra’s: automated application requests!
This way the user does not have to go to the App-Catalog and request the app. Besides that, only not-installed apps will appear in the ‘Available Software’ tab in Software Center. Which is nice right?
Before we can use this we have to make changes to the Application Catalog web.config file.

The file can be found on the server running the appcatalog at
<drive>\:Program Files\SMS_CCM\CMApplicationCatalog\Web.config
save a copy if you want to be able to revert to original without thinking.

Read More…

Create shortcuts to deploy available applications ConfigMgr 2012 (using PoSH)

22 Sep , 2015,
arien
, , ,
No Comments

For a customer implementing Configuration Manager 2012 the use of the Application Catalog and Software Center can be a big change for the end-users. This when they have not used SCCM software and/or user-portal centric delivery before.
I was looking for possibilities to create a situation to start an application deployment with a more common interface like the start menu or the desktop.
Since the startmenu is back in modern OS-versions to deliver the apps for the user I decided to try and use it for this.
start menu available app example install

To automate it I have created a simple script that will create shortcuts you can use to start the deployment. On the background it uses Configuration Manager Client SDK WMI Classes
It’s not being used in production, so it is not completely functional with user rights but it was much easier to create than I expected. So use this at you own risk and make it better yourself :).

The code should explain itself because it’s not that difficult. You can play with the Get-WmiObject and the Where-Object options to test your exact results.

This creates (for example) a shortcut to install Mozilla Firefox with the target:
start menu available app shortcut firefox
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -File C:\Deploy-CCM_App.ps1 -ApplicationName "Mozilla Firefox (nl)"

Read More…

SCCM Client Push Error codes

12 Mar , 2015,
arien

No Comments

When installing the sccm client through a push method instead of deploying it with your new systems installation a lot of error situations can occur.
push-installation-error-53-650x276

Read More…

Customize Adobe Reader XI installation for deployment

27 Feb , 2015,
arien

No Comments

Adobe Reader is a very common application and you can find very good documentation on it.
In this post I will do my way of scripting and customizing the Adobe Reader XI installation for deployment. It’s not that hard to do but documenting helps me to remember all the steps together for maybe the next version and next time.

You need a few directories to work with the steps:

Reader Folders

The Source folder will have the full version of the Adobe Reader XI installation to begin with. In this case the file is AdbeRdr11010_en_US.exe (latest english).

Read More…

How to escape SCCM Provisioning Mode (automated)

22 Nov , 2014,
arien
, ,
No Comments

Provisioning mode is the state your SCCM client is in when deploying an OS via the task sequence. The client is installed in “provisioning mode” to prevent it from processing new policy requests until the task sequence is completed.

You can find its state in the registry;

HKLM\SOFTWARE\Microsoft\CCM\CcmExec\ProvisioningMode = True
HKLM\SOFTWARE\Microsoft\CCM\CcmExec\SystemTaskExclude = SchedulerStartup;SchedulerShutdown;SchedulerLogon;SchedulerLogoff;ClientRegistrationStartup

On a healthy machine that has finished a task sequence the ccmeval task changes these values when run succesfully. these registry values should be:

HKLM\SOFTWARE\Microsoft\CCM\CcmExec\ProvisioningMode = False
HKLM\SOFTWARE\Microsoft\CCM\CcmExec\SystemTaskExclude = (no value, should be blank)

In one situation (a year ago) I found out provisioning mode was not working correctly. Possibly caused by a bug because of an issue with mobileclient.tcf. This should be fixed in SCCM 2012 SP1 but we haven’t removed te fix for new deployments from our task sequence, just to be sure.
ProvisioningModeFix-TS

Read More…

Lessons learned ConfigMgr 2012 SP1 + SQL Server 2012 + Windows Server 2012 Testlab

5 Apr , 2013,
arien
, , , ,
No Comments

The year 2012 is the number in this experimenting afternoon. The new products (for me at least) all have the 2012 in their name/version.

windows-server-2012-logo_thumbDuring starting with a Microsoft System Center Configuration Manager 2012 SP1 Test Lab, I also got acquainted with Windows Server 2012 and SQL Server 2012.

 

When you have used Windows 8 before it’s really not that different from Windows 7 as you might think. The biggest tip is to use the StartButton and start typing where you’re looking for just like you would when not browsing the Win7 startmenu folders.

To discover what programs are available after logging in to any Windows 8 of Server 2012 I’ve found an easy way for myself. This is really due to the missing start-menu you were used to. You can always go to %ProgramData%\Microsoft\Windows\Start Menu\Programs. This is actually the real location for the Windows start-menu since Windows Vista was released.
Especially Server Manager has become quite nice and I also life the way of thinking with the controlling other “core servers” (without GUI) for the future when more servers could be needed to separate roles.

Read More…