Saturday, December 12, 2009

Unable to create CCM namespace

So tonight I ran into an issue with a workstation. The SCCM Client simply refused to connect to the ConfigMgr server. I tried running a repair on the client installation, but it came up with an error stating it couldn't create the CCM namespace in WMI.... wtf? Out of all the issues I've ran into, this was a first. I Googled the issue, and after a bit of looking found the following solution... even though I'm not exactly sure what it's doing. It's to late to dig into it to much, I just wanted to post the issue and solution on here before I forgot.

To resolve this... for me anyways, do the following.

  1. Open command prompt and navigate to %windir%\system32\wbem\
  2. run "mofcomp cimwin32.mof" (If you get errors, ignore them.)
  3. run "mofcomp cimwin32.mfl" (Ignore the errors.)
  4. run "net stop winmgmt
  5. run "rmdir /s /q repository"
  6. run "rmdir /s /q logs"
  7. run "mkdir logs"
  8. run "net start winmgmt"
You should now be able to run a repair on the SCCM Client and it should begin functioning normally.

Enjoy
Posted by at No comments:
Labels: , , , ,

Thursday, December 10, 2009

Deploying Microsoft Report Viewer 2005

So unlike Report Viewer 2008, 2005 is a bit more difficult to install quietly. With the 2008 version you simply run "install.exe /q" and it works. With the 2005 version, you have to do the following...

ReportViewer2005.exe /q:a /c:"install.exe /q"

By doing all that, it's quietly running the install.exe file that exists inside of the ReportViewer2005.exe file. If you simply run "ReportViewer2005.exe /q" you'll just get a window that pops up with "Next" on it. Not what you want.

Enjoy
Posted by at No comments:
Labels: , , ,

Thursday, December 3, 2009

Preventing data loss due to USB flash drives

***Not Fully Tested***
So I've been thinking lately about data loss due to a recent branch of our company all quiting at the same time and deleting as much data as they could without it being notible. (Luckily we had backups to restore what was deleted.)

So what I've come up with won't prevent users from deleting data off their computers or the network, but it will prevent them from stealing information by copying it to flash drives and such.

Navigate to
HKLM\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies

then change the dword "WriteProtect" to "00000001". By making that change whenever a user tries to write data to a external drive they will get a write protect error.

Enjoy
Posted by at No comments:
Labels: , , , ,

Friday, November 20, 2009

ID10T error with a copier

You might want to post a message with these pictures above copiers for users to see....

I can only assume a user fed paper through one of our copiers with staples or paper clips still attached.


 
 

Posted by at No comments:
Labels: , ,

Enabling Remote Desktop remotely

So I ran into the need to enable remote desktop on a computer about 300 miles away this morning. Here is what I did.

First off I logged into my virtual XP machine with a domain admin account. I then launched the registry editor and connected to the registry of the remote machine. I then navigated to the following path on the remote registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server

Once in the terminal server key, change the DWORD value for fDenyTSConnections from 1 to 0. (1 = Disabled, 0 = Enabled)

The remote machine won't automatically start working, so you'll need to reboot it. You can do this by running the following from command prompt.

shutdown -m \\remotecontroller -r


Enjoy
Posted by at No comments:
Labels: , , ,

Monday, November 2, 2009

Deploying Adobe Reader with ConfigMgr

So in my opinion Adobe makes it way to difficult to deploy Adobe Reader. The last time that I had to mess with this was months ago so I nearly forgot everything I needed to do to make my new Adobe package.

I started out with the need to deploy Adobe Reader 9.2 to workstations that had versions 9, 9.1, and 9.1.2. I downloaded Adobe Reader 9.2 from Adobe.com and ended up with an executable. Normally you can use a program like WinRAR to extract that contents of the executable, but not with Adobe executable's. Instead you have to use a switch.

You'll have to go to start, run, put in the location of the items, then the executable and tag onto the end of it -nos_ne. ( C:\AdbeRdr92.exe -nos_ne) When the Adobe window pops up you click Next, then when it's done you'll find you source files in the temp directory. Just don't get fooled by the modify dates. The Setup folder will have the current date and time stamp on it, but all the source files inside will have old dates. At that point you can use the Adobe Customization Wizard on the msi and distribute Reader throughout our organization. 

Of course if you don't care to customize the installation you can just use the /sAll switch on the original executable. I choose to customize the installation so that the end user doesn't get prompted for updates or have to agree to the eula the first time it's launched.

Enjoy
Posted by at No comments:
Labels: , , , ,

Wednesday, October 28, 2009

Setup PXE boot in SCCM

The following will get your site setup for PXE boot. The virtual environment I'll be taking screenshots from consists of two servers. Both are Server 2003 SP2 boxes. One is hosting AD, DNS, and DHCP. The other is a primary SCCM server. I'll be logged into the primary sccm server using an account that I setup, smsadmin, which has Domain Admin rights on the domain.

The first thing you need to do is install Windows Deployment Services on your SCCM server. Go to Add/Remove Programs, then Add/Remove Components, scroll down to the bottom of the list and select Windows Deployment Services.Then click Next.



After it's done installing you'll be prompted to reboot. After the reboot, launch the ConfigMgr console and go to Site Database -> Your Site -> Site Settings -> Site Systems -> Your Primary Server. At this point click on New Roles.


When the New Site Role Wizard comes up, click Next, then select PXE service point, and next again.



When you click Next, you'll be prompted about ports being opened. Just click yes and continue.



After clicking yes, you'll be presented with some settings. Personally the way I advertise task sequences I don't need a password prompt, so I uncheck the require a password box, and then check on what network adapters respond to PXE requests. After that click Next.


When asked about the account to use to connect to the database, I always choose to use the computer account, as well as using a self signed certificate. You might want to increase the year on the expiration date as well. After that click Next. Then on the next screen click Next again. After the role has been added, click the Close button.




Now that your PXE role is installed, you need to add the boot images to the pxe distribution point. (Both the x64 and x86 boot images.)

Posted by at No comments:
Labels: , ,

Making your ConfigMgr site operational

In my last post I put up tons of information on installing ConfigMgr. In this post I'll be putting up information on how to get your new site operational with client agents and such prior to actually having any client systems using your site.

Throughout this blog, we're only going to be working in the Site Management node.


You'll first want to right click your site name, and go to properties.


Once there, you'll want to head to the Advanced tab. In the advanced tab you'll want to check the boxes for "Publish this site in Active Directory" and "Publish the default management point in DNS". Once they're selected, press Ok.



Next, move down to the Boundaries section. Boundaries are extremely important in ConfigMgr to help manage your clients. You can create boundaries based on an IP Subnet, IP range, or an Active Directory site. So start out by click "New Boundary", enter a description, then put in either an IP Subnet, IP Range, or a AD Site name followed up by select if the boundary is connected to the Primary Site server by a slow connection or a fast connection.


Once your boundary is configured, click the Client Agents section. In this you should see the follow agents if you followed my previous guide.


Start out by double clicking the Hardware agent to configure it's settings. (The settings I put in here might not be the recommended, but it's what I use in my 1,000 client production environment and it works fine.) Change the schedule to custom, then click Customize and change the recurrence to 10 minutes. Then click Ok, and Ok.




The next agent that needs modified is the Computer Client agent. Double click it to open it up, and then start out by configuring the Network Access Account by click Set.


In my case I'm using a service account that I setup for ConfigMgr called smsadmin. Enter the information for your service account then click Ok.



Next ( and once again I point out that my settings work great in my environment but might not in yours) check the Policy polling interval to 2 and the state message reporting cycle to 4.


Now switch over to the Customization tab and enter whatever you want into the customizable fields.


On the BITS tab, I've disabled BITS by selecting the Not configured option. Obviously in your environment you might want this, but in my virtual environment I don't need it.


Finally switch over to the Restart tab and mine and my companies preferance is to have the restart countdown at 30 minutes and the final notification at 3.After setting that, click Ok to close out of the Client agent.


The next agent to configure is the Remote Tools agent. For this you'll want to create a security group containing all the users that you want to allow to remotely control any clients in your site. In my case I've got three security groups for this purpose that also tie into other ConfigMgr security settings. They are Desktop Administrators, Server Administrators, and Help Desk. Below you'll see pictures for each tab of the Remote Tools client, and you'll see where I've put these groups in. You'll just need to do something similair.






That's all the agents that I'm going to cover, next go down to Client Installation Methods, and double click Client Push Installation to configure it. You'll want to enable it, then select what type of systems to push the client to. In my case, I only want it to push to workstations since if a server system doesn't have BITS installed the server will reboot automatically. (Not good for production).


Next under accounts, list the accounts that ConfigMgr should try to use to push the client onto a workstation. In my environment I'm going to have it first try the smsadmin account, followed up by the local administrator on the box. 


After configuring Client Push, you should head to Discovery Methods so that ConfigMgr can find workstations and server to have as clients. Of course you can manually add clients to your site, but it's easier to combine client push and discovery. As long as you've configured your boundaries you don't need to worry about ConfigMgr getting out of control with installing clients and such. In the Discovery Methods section, set everything according to your environment. In my lab I've geared Active Directory towards working easily with ConfigMgr so all my stuff is pretty simple. But say your company has all your users split up in AD based on Country, State, and then City. If that's the case then you can add multiple discovery points like in the picture below. When it comes to how often ConfigMgr looks to AD, I prefer at most every hour. In some cases I have it set to every 5-10 minutes.



At this point you should begin seeing clients in the All Systems collection. If you're not then you've prolly got some security settings messed up somewhere. A quick way of seeing if something is really wrong is by going to the System Status section in ConfigMgr. You might find a log were ConfigMgr is unable to find the System Management container. If that's the case then you need to give the computer name account that hosts your primary site full control over the System container in AD. You also need to make sure that your network access account has Administrative rights on any workstation in your domain. You can do this via GPO. From here you can start creating packages and advertisements, along with task sequences for OSD.
Posted by at No comments:
Labels: , ,

Installing ConfigMgr 2007 on Windows Server 2003 from scratch

For anyone out there that needs some help getting ConfigMgr07 installed, this is for you. Below you'll find complete step by step instructions on installing ConfigMg.

I'm creating these instructions from a virtual lab I have using Hyper-V. My virtual environment consists of two Windows Server 2003 SP2 32-bit servers that have every Windows update applied as of 10/23/09. Server1 which I'll refer to as CIGDC1 has the following roles installed...
  • Domain Controller
  • DNS Server
  • DHCP Server (scope = 192.168.1.X)
Server2 which I'll refer to as CIGAPCCM will be the ConfigMgr primary site server. The instructions below will assume that you have the above already in place, and that you're going to be hosting the SQL server on the same system as the primary site server.

     Part 1
Installing SQL Server
For this section I'm installing SQL Server 2005 SP1 which is what came with ConfigMgr07. First start out by installing IIS. Go to Add/Remove Program in the Control Panel, then go to Add/Remove Windows Components, check the box next to Application Server, then click Next to install.


Now launch setup.exe from disc 1. Accept the terms, click Next, then Install





Setup will then install .NET 2, SQL Native Client, and Support files


When it's completed, click Next, then Next again





At this point, it will do a check to verify everything it needs is there, if anything is missing simply install the component. If all good, click Next.


When prompted enter your Name, Company, and Key then click Next.




You'll now want to select SQL Server Database Services, then click Next.


 For prompted on the name of an instance to great, I would suggest SystemCenter. Click Next




For a service account, use the built-in System account, click Next, then use Windows Authentication Mode.



On collation settings, choose Dictionary order, case-insensitive, for use with 1252 character set. Then click Next, next again, and then Install.




When it's finished installing, click Next, then Finish.




Now to wrap up installing SQL, install SP2. Launch the SP2 executable, click Next, accept the agreement and press next, then click next again, then next again, then next again, then (yes, again) next again, and finally Install.








SP2 will then sit and take forever to install....


Then you will be prompted for a reboot



After rebooting, you should have your SQL server wrapped up.


     Part 2
Installing ConfigMgr 2007

You should start out by opening up Active Directory and creating an OU structure and service account for ConfigMgr. My OU structure looks like this.

For a service account, create a new user called smsadmin, and give the account Domain Admin privileges and remove the membership to Domain Users. 


Now before installing ConfigMgr, there's a number of additional updates and processes you'll need to do. So here's the list of things that you'll need to do first.
  • Extend the Active Directory Schema
  • Apply update KB932303
  • Install WSUS
  • Server 2003 schannel hotfix
  • WinRM v1.1
  • Update MMC to 3.0
  • Install BITS
  • Enable WebDAV
I'll go ahead and hit the schema, BITS, and WebDAV. The rest, just double click the item and you'll get a link to go and download the patch needed. Pretty straightforward.

To extend the AD schema, you first need to get the file extadsch.exe and execute it on your domain controller. You'll need to do this using an account that has permission to do so. After executing it look in the C:\ drive for ExtADSch.log and then check to make sure you see "Seccuessfully extended the Active Directory schema" in there.

For BITS, go to Add/Remove Programs, then Add/Remove Components. Dig into Application Server -> Internet Information Services and then check Background Intelligent Transfer Service.



For WebDAV you're going to go to the same place, except this time dig a little farther into World Wide Web Service and check WebDAV Publishing.


After applying all the updates you might have to reboot before the prerequisite checker shows them all installed.

Once you've got all your prerequisites done, launch the setup again, and this time select the install link.


You'll then click Next,  Next again, accept the terms, click Next, and finally next again.






 
You'll now need to select Primary Site, followed up by clicking Next, then next again.



At this point, enter your product key, then click Next.


You'll now be prompted to choose where to install ConfigMgr. Some people might install it to a separate partition, in my case I'm just installing it to C:\. Choose where you want it installed, then click Next.


Now you get to determine your site code and name. I'm choosing CIG as my code and System Center VLab as the name.



On the next page, we're going to choose Mixed Mode. If you want to setup ConfigMgr in Native Mode you'll need to find some documentation somewhere else on that or wait until I post something about it.


On the agent selection page, just stick with what's already selected.


You'll now need to enter the address to your SQL server. It should be (if you followed all this step by step..) the name of your server and then the sql instance name. Mine is below. After clicking Next, click Next again.



On the management point page, make sure you install a management point, then click next.

Use the default port settings.


When prompted about getting the prerequisite components, you'll prolly want to download them unless you have them somewhere already. If that's the case point the setup to the location.


After that you should see the following screen displaying all the settings. If all looks good click Next.


You should then see it begin installing ConfigMgr


After installation has completed, click Next



Then click Finish


Posted by at No comments:
Labels: ,
Subscribe to: Comments (Atom)