Hi all,
As introduced during my presentation at the belgian techdays I will be teaching a custom training class on how-to upgrade you sms 2003 admin skills to SCCM 2007. This class is mainly aimed at current sms 2003 administrators that have transitioned to configmgr 2007 or are in the planning / preparation phase of transitioning.
This class is not about the upgrade / migration itself but on upgrading the administrator's skillset. Quite a number of things have changed from Sms to Sccm and that's what this class will focus on. Based on what you already know from sms2003 this class is meant to bring you up-to-speed with sccm 2007.
The idea is to make this a course that has lots of well-thought out hands-on-labs with clear instructions and examples that are usable in your production environment, mixed with me telling you everything I know about configmgr 2007.
More details on this class can be found here:
http://www.jcacademy.com/courses/_nl/coursesheet.asp?language=NL&country=&course_id=738
Summary:
What: Customized SCCM 2007 training class
Where: Jca Facilities in Louvain, Belgium
When: 28th till the 30th of April
How Much: The attendance fee for this course is 1250€
Instructor: Me, an enthusiastic sms trainer with a lot of training and field experience, and 3 Mvp awards.
Don't wait too long, seats are going fast after the techdays announcement.
"Everyone is an expert at something"
Kim Oppalfens - Sms Expert for lack of any other expertise
Windows Server System MVP - SMS
http://www.scug.be/blogs/sccm
Hi all,
I delivered my session at the Belgian Techdays, and I promised on my blog and during the session that I would share the scripts with all of you. So here they come. Most of these scripts were used during a side-by-side upgrade transition. The side-by-side upgrade transition process looks like this:
- Install SMS 2003 SP2 on new server
- Attach new SMS 2003 SP2 site as a child site
- Let objects replicate
- Break Parent – Child relationship
- Upgrade new Site to Configmgr 2007
- Install KB945898
- Migrate clients to new site
- Remove boundaries from original site
- Add boundaries to new site
- Decommission original site
- Migrate non-replicating objects (queries/reports)
Benefits
This method provides a smooth transition without impacting your current sms 2003 infrastructure until your new Sccm 2007 environment is fully up and running and has been tested successfully. This makes it one of the lowest transitioning methods available.
Challenges / manual steps to perform in this method are
- Verify all objects have migrated
- Configure Site Settings
- Migrate Folders and folder membership
- Make Software distribution functional in new site without boundaries
- Optional: Modify package source path
- Migrate hardware inventory customizations (SMS_def.mof)
- Export / Import queries
- Export / Import reports
- Configure security rights
- Non-Replicating Software Metering Rules
In this section I will go over these challenges, and when available introduce a script to tackle these challenges. If a script is available I will first explain what the script does, give an example command line, and add some comments/remarks.
Challenge 1: See Script1 later in this post
Challenge 2: This is left as manual exercise for the reader
Challenge 3: See Script2 & Script3 later in this post
Challenge 4: See Script5 later in this post
Challenge 5: See Script4 later in this post
Challenge 6: See Challenge 2
Challenge 7: Use the export and import wizard, my experience has been that importing the mof file in one pass tends to be error-prone. I usually cut the mof file into 200KB chunks and import the chunks one by one, this has resulted in a much less error-prone import process. Run the script to move the queries into the correct folder, see script 3 later in this post.
Challenge 8: See Challenge 7
Challenge 9: See Challenge 2
Challenge 10: Software metering rules can be configured to apply to this site, or to this site and all child sites. If your software metering rules are configured to only apply to the current site than they will obviously not replicate. This setting is unfortunately not configurable after the rule has been created.
Scripts to Tackle the challenges:
Just for the record these Scripts do not come with any form of support or guarantee, the scripts have served me well but should be tested in your environment as your mileage may vary!!! Furthermore the script aren't always the cleanest code, they don't log a lot of data and do use some hardcoded parameters that would be more appropriate in an argument.
Script1: Countobjects.vbs
Description
This script counts the number of Queries, Reports, Packages, Advertisement, Software Metering Rules, Collections and folders.
Example
Usage: Cscript Countobjects.vbs
Remarks
You run this script on both the old and new sms 2003 servers and compare the numbers, once all numbers match up you can perform step 4 and break the parent - child relationship.
Script2: SmsContainers.vbs
Description
This script allows you to export and import the folder structure from one sms 2003 environment to another.
Example
Usage: Cscript SmsContainers.vbs export s01folders.txt or Cscript SmsContainers.vbs import s01folders.txt
Remarks
Because Sms 2003 does not replicate the folder structure to child sites we need a script that duplicates this folder structure. At import time this script creates a file called conversionarray.txt that allows us to translate old folder id's into new folder id's. We will need this file in later scripts to move the objects back into the correct folders.
Script3: xyzfoldermembership.vbs
Description
There are multiple scripts with this filename where xyz is either adv for adertisements, pkg for packages, rprt for reports, qry for queries and swmtr for software metering rules. These script move the respective objects into the correct folder.
Example
Usage: Cscript.exe xyzfoldermembership.vbs export S01xyzfolders.txt or Cscript.exe xyzfoldermembership.vbs import S01xyzfolders.txt
Remarks
These scripts need the conversionarray.txt to be available to find the correct folderid to place the objects in.
Script4: Modifypkgsource.vbs
Description
This script modifies the packagesource of all packages to a new server.
Example
Cscript Modifypkgsource.vbs
Remarks
If the sourcefiles for your packages are stored locally on the site server, you'll need to modify the package sourcepath of all packages to a new server. First copy the source package folder structure to the new server and then edit the script to replace the oldserver and newserver strings with the values needed for your environment.
Script5: ModifyAdverts.vbs
Description
This script configures all advertisements to run from a remote distribution point.
Example
Cscript ModifyAdverts.vbs
Remarks
Because you cannot have overlapping boundaries we can only move the boundaries after all of the clients in a boundary have migrated. Because of this, clients in the new sccm infrastructure will not be able to find a local distribution point. So if you want these clients to be able to run advertisements these advertisements have to be configured to allow run from remote distribution point. If you want to change the value back later just change the bit value. Secondly if you already have some advertisements that are configured to run from remote dp, or download from remote dp, this script does not build a text file to store what it has changed, so the script doesn't allow you to revert back to the original situation. If this is something you require you'll have to adapt the script to save the original configuration.
The scripts can be downloaded here:
http://scug.be/files/folders/sccm/default.aspx
--
Enjoy.
"Everyone is an expert at something"
Kim Oppalfens - Sms Expert for lack of any other expertise
Windows Server System MVP - SMS
http://www.scug.be/blogs/sccm
Hi All,
I will be speaking at the Belgian Techdays for the second year in a row. The session is aimed at current SMS 2003 administrators that are looking at transitioning to SCCM 2007.
The session is scheduled for Thursday the 13th of March running from 14:30 till 15:45. Because of time constraints the session will not include any demo's. It will discuss all popular ways to transition from SMS 2003 to Sccm 2007, and introduce you to some scripts that can help you move to Sccm 2007 more smoothly.
Session Abstract:
This session will introduce you to the different methods of transitioning from sms 2003 to sccm 2007. The session will discuss the pro’s and con’s of the Wipe and Load, In-place Upgrade, Side-by-Side Migration and the speakers personal favorite the Side-by-Side upgrade. The session will also show you how you can use scripts to assist you in automating certain tasks during the migration process.
Hope to see you all there.
--
Enjoy.
"Everyone is an expert at something"
Kim Oppalfens - Sms Expert for lack of any other expertise
Windows Server System MVP - SMS
http://www.blogcastrepository.com/blogs/kim_oppalfenss_systems_management_ideas/default.aspx
Configmgr 2007 comes with a totally new way of deploying software updates. The new method offers some great advantages over the old one(s) available in Sms 2003. It didn't take me too long to see the benefits the new architecture brings, but it did take me quite some effort in understanding how I could create a working operational process to maximize these benefits, it actually took a fellow mvp (Thanks Pannu) and Wally to set things straight in my head (Thanks Wally). This 2 -series post will try to give you some insight in how the Configmgr 2007 solution stacks up with the sms 2003 implementation. The second portion will explain the objects involved and will guide you through a potential implementation of Software updates in Sccm 2007.
Let's start by briefly explaining how the sms 2003 infrastructure operates, followed by the currently known issues. Later in this post we'll review what the Sccm 2007 architecture looks like, and how this new architecture deals with the known issues of the past.
In sms 2003 the backend infrastructure relied on software distribution packages and advertisements to initiate the sofware catalog download, the software update scan and patch installation processes. The scan process itself, using the final scan engine itmu, was based on the Windows automatic update agent. The scan engines prior to that were sms specific engines like the software update inventory scan tool, the office update inventory scan tool or the extended software update inventory tool. Clients have always reported their software update compliance state based on hardware inventory regardless of the scan engine used.
One of the downsides of the sms 2003 infrastructure was the fact that multiple scan engines were necessary, which complicated the software update management quite a bit. And no matter what engine you used, all engines first downloaded the catalog locally and cached it in a specific folder prior to starting the scan. This caching of the catalog files didn't always work flawlessly resulting in clients scanning with an old catalog which obviously didn't report the expected information. Another issue was the fact that the reporting process relied on hardware inventory to do its reporting, this resulted in a slower and not very flexible reporting process.
Now let's look at how this all works in sccm 2007. Sofware updates now integrates/relies on a Wsus 3.0 server. The Wsus server is used to download the catalog and to serve as the "scan point" for the Configmgr2007 clients. This eliminates the problem that the sms 2003 engines had with caching the catalog, because the clients now scan directly from a wsus server. Another benefit of this integration is the increased content that can be deployed. The sms 2003 engines only supported security updates whereas wsus 3.0 supports a wide variety of updates ranging from security updates over critical updates, feature pack, service packs, drivers and more. All these benefits come at a fairly low cost, yes you now need to install a wsus server but all management of this wsus server is done from the Sccm 2007 admin console. (This is why you need to install the wsus admin console on the site server if you want to use a remote wsus server).
Another major change afaic is that clients now report their software update compliance state based on state messages. This allows for faster more flexible and more detailed status reporting from the clients to flow up to the server.
That's it for the first post, stay tuned for a follow-up.
"Everyone is an expert at something"
Kim Oppalfens - Sms Expert for lack of any other expertise
Windows Server System MVP - SMS
http://www.blogcastrepository.com/blogs/kim_oppalfenss_systems_management_ideas/default.aspx
This post isn't really systemcenter related directly, but with some creative thinking it does belong on this blog. Although sms is a large portion of my professional life, I still have a somewhat personal life as well. And in that personal life, I occasionally take some pictures. And since photography has progressed into digital pictures, I obviously take digital pictures, mainly of my 3-year old son Lennart. So far so good. The problem is that these digital photos need to be copied to computers to clear the memory cards for taking additional pictures.
This is usually were nightmares start happening, it starts with copying them to your laptop, because that is the machine that was in closest proximity when the memory card needed to be emptied. The next time around you put them on your mediacenter directly and so on. The main problem I have is that I usually have to do this in a hurry, because new pictures are going to be taken that day. Which means the files DSC?????.jpg are copied to some folder (usually called ToBeOrganized) without any descriptive name added to it. After taking pictures for a couple of months, getting this ToBeOrganized folder organized seems like a hell of a job. So I decided to call in Windows Powershell to assist.
For those of you that have been living under a rock for the post couple of months, Windows powershell is Microsoft's new dos-box that has everyone running around overly excited. The neat thing about this dos-box is that it can access Dotnet classes, and that is exactly what I figured I would do to get my pictures organized.
I started of my endeavor by reading a blog post from James O'Neill's blog. In his blog post James talks about accessing Exif data from within powershell, and that is exactly what I did, armed with the knowledge of that blog post I created one of my first Powershell scripts. The code isn't really pretty, but it reads the Datapicturetaken property from the Exif data of all pictures in the folder where the script was launched from. Subsequently it copies all these files into a new folder called c:\organizedfotos. Underneath this folder you get a folder per year, followed by a folder per "picture date". So in the end your folders are organized like this.
Now, all I need to do is analyze each folder to see what event triggered the creation of these pictures, rename the folder. Archive each year to Dvd, and finally decide which one we are going to print. How did I do all this will with a simple script. The Script looks like this:
# ==============================================================================================
#
# Microsoft PowerShell Source File -- Created with SAPIEN Technologies PrimalScript 4.1
#
# NAME: OrgFotos.ps1
#
# AUTHOR: Kim Oppalfens,
# DATE : 12/2/2007
#
# COMMENT: Helps you organise your digital photos into subdirectory, based on the Exif data
# found inside the picture. Based on the date picture taken property the pictures will be organized into
# c:\organizedfotos\YYYY\DD-MM-YYYY
# ==============================================================================================
[reflection.assembly]::loadfile( "C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll")
$Files = Get-ChildItem -recurse -filter *.jpg
foreach ($file in $Files)
{
$foo=New-Object -TypeName system.drawing.bitmap -ArgumentList $file.fullname
#each character represents an ascii code number 0-10 is date
#10th character is space separator between date and time
#48 = 0 49 = 1 50 = 2 51 = 3 52 = 4 53 = 5 54 = 6 55 = 7 56 = 8 57 = 9 58 = :
#date is in YYYY/MM/DD format
$date = $foo.GetPropertyItem(36867).value[0..9]
$arYear = [Char]$date[0],[Char]$date[1],[Char]$date[2],[Char]$date[3]
$arMonth = [Char]$date[5],[Char]$date
$arDay = [Char]$date
,[Char]$date[9]
$strYear = [String]::Join("",$arYear)
$strMonth = [String]::Join("",$arMonth)
$strDay = [String]::Join("",$arDay)
$DateTaken = $strDay + "-" + $strMonth + "-" + $strYear
$TargetPath = "c:\organizedfotos\" + $strYear + "\" + $DateTaken
If (Test-Path $TargetPath)
{
xcopy /Y/Q $file.FullName $TargetPath
}
Else
{
New-Item $TargetPath -Type Directory
xcopy /Y/Q $file.FullName $TargetPath
}
}
The post isn't entirely out-of SystemCenter Scope though, this has freed up quite some time, so I should be able to do some more Sms related posts in the next couple of weeks.
PS: Thomas, for the record, powershell is still just a silly new dos-box. Admitted, a dos-box in which you can do remarkable things every once in a while, but it stays a dos box ;-)
--
Enjoy.
"Everyone is an expert at something"
Kim Oppalfens - Sms Expert for lack of any other expertise
Windows Server System MVP - SMS
http://www.blogcastrepository.com/blogs/kim_oppalfenss_systems_management_ideas/default.aspx
It's been a while since I posted something, and I'll try to be more productive again in the next couple of weeks/months. This post is a summary of the newly available resources that I deem as important. When I started this blog, I promised myself I would not be an announcement or a me too blog. By this I mean I didn't want to post things you could find on several other blogs, I never meant to be the only SCCM 2007 blog you read. But since enough new resources have surfaced in the past couple of weeks I decided to publish them here, and add some of my comments. One of the reasons I decided to do this, was to heave all these resources readily available on one page for my own usage.
So here it comes.
Sccm 2007 Toolkit
The new Configuration Manager 2007 toolkit is live. The toolkit comes with the following tools:
Client Spy - A tool to help troubleshoot issues related to software distribution, inventory, and software metering on Configuration Manager 2007 clients.
"This is the Advanced client spy you might now from the sms 2003 toolkit 2"
Policy Spy - A policy viewer to help review and troubleshoot the policy system on Configuration Manager 2007 clients.
"Policy spy is again a tool that was already available in the sms 2003 toolkit 2. It allows you to take a look at the content of the policies that a client has received. This is a GREAT troubleshooting resource, and a terrific tool if you want to do Sccm 2007 deep dives.
Trace32 - A log viewer that provides a way to easily view and monitor log files created and updated by Configuration Manager 2007 clients and servers. "The Sccm 2007 log viewer, and don't let anyone tell you otherwise! This beautiful gem make those Configuration manager logs really readable. Apart from making the logs more readable it also comes with an error lookup tool built-in that lets you convert error numbers to readable error messages. This error lookup tool accepts win32 errors in Decimal and hexadecimal (-2147024891 or 80070005) and Network error messages (53).
Security Configuration Wizard Template for Configuration Manager 2007 - An attack-surface reduction tool for the Microsoft Windows Server 2003 operating system with Service Pack 1 and Service Pack 2 (SP1 and SP2) that determines the minimum functionality required for a server's role or roles, and disables functionality that is not required.
"The template to lock your SCCM 2007 site systems air-tight"
DCM Model Verification - A tool used by desired configuration management content administrators for the validation and testing of configuration items and baselines authored externally from the Configuration Manager console. "DCM authoring assistant, I'll do a separate blog post on DCM in the near future, it wasn't my favorite feature in Sms 2003, were it was a feature-pack, and I wasn't too thrilled with it becoming an integral part of the product. After some recent new things I learnt about it though, I guess I will have to change my mind.
DCM Digest Conversion - A tool used by desired configuration management content administrators to convert existing SMS 2003 Desired Configuration Management Solution templates to Desired Configuration Management 2007 configuration items.
"For the few brave souls out their that decided to get their hands dirty using the Dcm feature pack for Sms 2003"
DCM Substitution Variables - A tool used by desired configuration management content administrators for authoring desired configuration management configuration items that use chained setting and object discovery.
"You know what, I don't know enough about DCM to understand what this does"
http://www.microsoft.com/downloads/details.aspx?FamilyID=948e477e-fd3b-4a09-9015-141683c7ad5f&DisplayLang=en
Configuration Packs
As mentioned in the description of the toolkit, I will do another post on DCM, but below you will find some configuration packs to use with DCM in Sccm 2007.
http://www.microsoft.com/technet/prodtechnol/scp/configmgr07.aspx
Microsoft Deployment
Microsoft Deployment has been released as well, this is the successor to the Business desktop deployment accelerator. A lot of the functionality that BDD had, was directly rolled into Sccm 2007. The main reason to use Microsoft Deployment in combination with Configuration manager 2007 according to me is the support for unknown "bare metal" computers, and potentially the dynamic selection of the userstate store depending on statesize, and available local storage. And a more flexible way to slip-stream package installs after the image has been deployed.
Download details- Microsoft Deployment
SCCM 2007 Documentation
The Configuration manager 2007 technical library has been updated with new content.
http://technet.microsoft.com/en-us/library/bb892811.aspx
SCCM 2007 Webcasts
There is a great bunch of Configuration Manager webcast available, and quite a few new ones are planned for the near future.
http://www.microsoft.com/events/series/technetmms.aspx?tab=webcasts&id=42364#42364
SCCM 2007 Virtual Lab(s)
We only have one Configuration Manager Virtual lab available for now, but I assume several new ones will be added over the next couple of months.
http://www.microsoft.com/events/series/technetmms.aspx?tab=virtuallabs
--
Enjoy
"Everyone is an expert at something"
Kim Oppalfens - Sms Expert for lack of any other expertise
Windows Server System MVP - SMS
http://www.blogcastrepository.com/blogs/kim_oppalfenss_systems_management_ideas/default.aspxS
In following the instructions on how to better search the Configmgr 2007 documentation library as described over at the Sms writers blog I created a search provider for my personal favorite search engine.
Add Live Search Sccm 2007 docs search provider
Oh, for those of you that haven't adapted to this new great search engine just yet, I created one for this other old, small scale search engine as well.
Add Google SCCM 2007 docs search provider
--
Enjoy.
"Everyone is an expert at something"
Kim Oppalfens - Sms Expert for lack of any other expertise
Windows Server System MVP - SMS
http://www.blogcastrepository.com/blogs/kim_oppalfenss_systems_management_ideas/default.aspx
Hi all,
Let's have a show of hands, how many of you like/love the new Configmgr 2007 aka SCCM 2007 admin console? You can lower your hands again now. But I can only assume that a lot of you waved enthusiastically, because the new console is a wonderful thing.
Let's have a quick overview of the new things I really like about the new console:
- Search folders; Search folders are a great way to organize different objects (Packages, Advertisements, Update repository, boot Images, Computer associations, Os images, Os install packages, Task sequences, drivers, driver packages, Software Metering, Reports, Configuration Baselines, Configuration Items, Queries, Mobile Device mgmt\Configuration packages). This is going to make life a lot easier for people that try and keep their admin console organized.
- Search bar; if your one of those people that does not really believe in keeping things organized but rather search through a pile of objects than you can do that to.
- Sort actually works reliably; You can now sort on any field in the console, and will really sort it :-)
- Drag & Drop; To help you in keeping things organized you can now drag & drop your items in the relevant folder, which beats the old Move folder items wizard, that I never found to be very intuitive.
- Folders replicate down; Folders are replicated down the hierarchy, so if you do organize your items, they will still be in the same folders.
- Homepages; Homepages give you a quick overview of the status of a certain feature if you select the root hive of that feature.
- The direct membership wizard in collections finally defaults to system resources.
Now, one thing I don't like about the new console is that most of the wizards now come with a welcome page, and there is no button to disable this. I am all in favor of some decent hospitality, but I don't need to be welcomed over and over again. One of the most important features of the Sccm 2007 admin console though is the fact that is fully customizable and extendable. The Configmgr 2007 SDK that is currently in beta, has some great info on howto extend the Admin console with new functionality.
The console is also customizable because it stores a lot of its configuration in xml files. What I did was I took advantage of this fact, and edited all xml files that had the word wizard in their filename, and subsequently searched through those to find the wizards that had a Welcome page. I then opened them up one by one and deleted the Welcome page from the wizards XML-File. The files that I adjusted are:
clientpushinstallationwizard.xml
copybootimagepackageswizard.xml
copydevicepackageswizard.xml
copydriverpackageswizard.xml
copyosimagepackageswizard.xml
copypackageswizard.xml
copysoftwareupdatespackageswizard.xml
databaseconnectionwizard.xml
deletecollectionwizard.xml
deleteprogramwizard.xml
delsecsitewizard.xml
devicedistributesoftwarewizard.xml
directrulewizard.xml
distributesoftwarewizard.xml
distributionpointswizard.xml
exportobjectswizard.xml
importobjectswizard.xml
osd_bootimagemanagedistributionpointswizard.xml
osd_managedistributionpointswizard.xml
osd_newdistributionpointswizard.xml
osd_osinstallpackagescopywizard.xml
repairsitewizard.xml
The files were then copied in the C:\Program Files\Microsoft Configuration Manager\AdminUI\XmlStorage\Forms folder. Make sure you close the SCCM 2007 console before you copy these files.
Warning - MAKE SURE YOU TAKE A BACKUP OF THE ORIGINAL XML FILES. The AUTHOR will not be held responsible for any issues that may occur as a result of using these steps to modify the Configmgr admin console!!!
--
Enjoy, and as usual you can find me in the Microsoft.public.sms.* newsgroups!
Everyone is an expert at something"
Kim Oppalfens - Sms Expert for lack of any other expertise
Windows Server System MVP - SMS
Hi All,
Just last month I posted about our Unique Opsmanager 2007 training event that starts on Monday, (and which is fully booked).
And in about 2 weeks Belgium is hosting another Special training event with Andy Malone about Windows Server 2008. Andy Malone is a Windows Server MVP and has 13 years of training experience. Other things worth mentioning about Andy is that he delivered a session at Windows IT pro connections in Amsterdam about Windows Server 2008 Terminial Services, and last but not least Andy won the Speaker's Idol at Teched It Forum in Barcelona, which means he is qualified to deliver a full Teched It forum this year where he will deliver a session about a security deep dive into Windows Server 2008.
So yet again, we have a Belgian event where you get to spend a full day, with one of those exceptional folks that deliver sessions for a couple of hundreds of people. So without further ado get over to the following pages to learn more about this event.
Overview Page: http://www.globalknowledge.be/whats_new/new_courses/windows_server_2008.aspx
Booking Page + Additional Details: http://www.globalknowledge.be/Default.aspx?page=461&coursecode=GKWS08
Summary: The event will take place in Mechelen on the 26th of September, and will cost 395€.
Please note that I only found out about this event recently, so this is pretty short notice. Number of seats is limited so act now.
PS: Our very own Bart de Smet won that some competition on the devside of things. Bart is on his way to start working for Microsoft in Redmond, so he'll have to fly back over to claim his speaker slot. Have a nice trip Bart.
This week someone in the newsgroups asked a question about how to create a collection excluding members from another collection. The answer to that question is based on the knowledge that every collection you make in Sms or Configmgr 2007 aka Sccm creates its own wmi class. The class will be named sms_cm_ress_coll_collectionid.
So the answer to the question becomes something like
1) Create your collection
2) Add a query based membership rule to your collection
3) Edit the query statement of the collection
4) On the criteria tab add a criteria
5) For the attribute class select System Resource, and use Resource Id for the attribute
6) For the criteria type use subselect
7) For the operator select "Not In"
8) In the query box type select resourceid from sms_cm_res_coll_collectionid.
EDIT: Janne Mansnerus kindly pointed out that this didn't work, the original post specified the query as sms_cm_ress_coll_collectionid. In reality the class is called sms_cd_res_coll_collectionid. So res with single s instead or ress.
This all works fine, with one difficulty to overcome, you need to figure out the collection id, and that is not as easy as it could be, especially if you need the collectionid of a linked collection. That's why I have created a prompted query to easily find the collectionid based on the collection name. Here is how you create the query.
1) Go to queries
2) Right-click and select new query
3) Make sure you specify <unspecified> in the Object type dialog.
4) Press the Edit Query button
5) Paste the following query in the Query statement box that opens up:
select collectionid, name from sms_collection where name like ##PRM:SMS_collection.Name##
Note: You can use the _ and % wildcard signs when you input the collection name.
Note2: This query is no longer necessary once you migrate to SCCM 2007, the new admin UI in Configmgr 2007 has the collectionid written down on the properties page of every collection. The flexible approach by using the sms_cm_ress_coll_collectionid for building collections is still very valid though. This approach is usually used whenever someone is looking for the reverse option of "collection limiting" collections.
--
Enjoy, and as usual you can find me in the Microsoft.public.sms.* newsgroups!
Everyone is an expert at something"
Kim Oppalfens - Sms Expert for lack of any other expertise
Windows Server System MVP - SMS
Hi all,
UPDATED: Removed DP Decommision, this was apparently fixed from what I can see in my lab, great job.
As you probably have read on several blogs Configmgr 2007 has Rtm'ed in line with the always publicly announced Summer 2007 release date. So in contrast with most products now-a-days that have slipping release dates our Configmgr 2007 delivered right on time. Hey they are even about a month early, well done.
Bill, I assume this means the team can go on vacation till the 20th of september, right?
You can read the official announcement here:
http://myitforum.com/cs2/blogs/anderson/archive/2007/08/24/news-flash-system-center-configuration-manager-2007-has-left-the-building.aspx
I'll leave it up to someone else to post about the importance of Microsoft using a blog to get the word of this release out.
You can download the evaluation version here:
http://technet.microsoft.com/en-us/configmgr/bb736730.aspx, and in contrast with previous versions the evaluation version will be fully upgradeable to the full version. General availability is expected early november.
Now that we have this Configmgr 2007 thingy out of the way, it is time to compile our Configmgr 2009 aka SMSV5 wishlists compiled. Since the product team is on vacation till the 20th of september we have about a month to get early feed back in. So I'll get the bal rolling by publishing mine.
Site Infrastructure:
Multi-tenancy is on the top of my list here. The ability to host multiple customers on one single site. This requires a great deal of work, but would open up Configmgr 2007 to be used in a real hosting scenario. Stuff that probably needs to be taken care of, are "Site Wide Settings". Easier way of limiting reports to certain collections. Easier way of handling security on sms objects, possibly by using folder security and inheritance.
A way to replicate between Configmgr Sites that does NOT require file sharing. Opening up the Firewall for filesharing usually creates big discussions with the security admins. Please give us an alternate way of connecting sites.
Admin UI:
Object backup & restore to aid in migrating.
Right-click option, to trigger client actions, central way to configure client settings (Client cache size is just one example).
Inventory:
Inventory network devices would be a welcome addition here.
An easier way to add additional information to the inventory of an existing device. EG: be able to add the warranty period by just adding it to resource explorer from with the Admin console.
Software distribution:
Staggering advertisements/ Trickle feed collections, whatever else you want to call this. It is a way to load balance software distributions in a less administration-intensive way.
Postpone software distribution end-user option. This should look closely like the options we have in ITMUv3 where users can postpone the installation of Updates.
Integrate with Vista's Presentation settings to avoid pop-ups and reboots when users are giving presentations.
Disovery:
Some sort of discovery that can browse entire subnets to find devices without the device needing to have snmp enabled.
An easier way to add devices manually into the Configmgr database.
OSD:
Allow Task sequences to run as local logged in user. Task sequences are invaluable for a lot of things, one of them being the ability to control which applications get installed in which order, they only have one limitation, they can only run as localsystem, this limitation has to go.
DMFP:
Windows Mobile 6.0 support needs to be added.
DCM:
Either we change the acronym to be Desired Configuration Monitoring, or we start making work of this actually being Desired Configuration Management. Additional template manifests, to monitor SOx and other regulatory compliancy would be HUGE.
Agree with other Microsoft teams on which SDM/SML version should be used to make sure that these "Manifests" can be used in Configmgr/Opsmgr/Service Manager without any modifications.
Reporting:
Reporting needs to go the SQL Reporting Services route, for consistency with other Microsoft Products and for the added flexibility that SQL Reporting Services brings.
Software Metering:
Complete license management, which means at least the possibility to add the number of licenses you bought to the Config Mgr 2007 database. A way to store the License Keys in a secure fashion would be nice as well.
That's it for now :-)
--
Enjoy
Everyone is an expert at something"
Kim Oppalfens - Sms Expert for lack of any other expertise
Windows Server System MVP - SMS
Hi all,
Everyone that has ever done an sms roll-out should know that planning is critical to the success of the project. Now one planning part that might easily get overlooked is planning some portions of the PKI infrastructure. And an important part of planning your pki for Configmgr 2007 is planning the location of your Certificate Revocation List Distribution point.
Let me start by Sketching the problem. Configmgr 2007 Native mode relies on certificates to do the client authentication. Certificate authentication is a very strong authentication method, but it comes with some things you should know about it, to properly use it. One of the things that work different with certificate based authentication is how you disable a certain account from being able to authenticate in the future. This might be necessary because you don't want the certificate of an end-of-life machine to be mis-used for communication purposes, or because the certificate was compromised. When you use user accounts you can just disable the account and your done. With certificates you need to revoke the certificate AND publish the certificate on the Certificate Revocation List.
If you use a default Windows 2003 PKI then the Certificate Revocation list is by default published in Active Directory and on The Certificate authority website, which is accessible to all authenticated users (Which includes computer accounts). Now, these defaults are fine for Internal clients, but are not accessible in some instances. Internet based clients for instance will not be able to access either of these Crl distribution points (CDP). And they are not the only ones, clients in untrusted forests, workgroups, or even clients that boot from a Configmgr 2007 Boot Image will not be able to access these CDP's.
The reason why your CDP's need to be carefully planned is because the list of CDP's is actually part of the certificate. So once the certificate is rolled out, there is NO WAY to add another CDP on their in an easily automated way without redistributing all your certificates!!!
Clients that are not able to contact the CDP, will fail to communicate if CRL checking is enabled, and will throw an error in the logs called
WINHTTP_CALLBACK_STATUS_FLAG_CERT_REV_FAILED.
Now, there are 2 fixes for this:
1) Disable Certificate Revocation List checking. You can do this from within the Configmgr 2007 Console, on the Site Properties Site Mode tab, by clearing the Check Certificate Revocation list checkbox. (The checkbox is only visible if your site is in Native mode). This obviously is the easiest fix, but lowers your pki, client-certificate based security to an unacceptable level in my humble opinion, and by consequence is only fit for Labo and demonstration purposes.
2) Publish your CDP and make sure it is accessible to Workgroup, internet-based, and untrusted forest clients. This obviously is the proper way of handling this issue. Great, now how de we do that? Well, that could be food for another post. But since the folks over at isaserver.org already created an article about that, which continues into publishing the CDP with Isa Server 2004, I am not going to bother writing it up myself. I will just point you guys to this article http://www.isaserver.org/tutorials/Publishing-Public-Key-Infrastructure-ISA-Server-2004-Part2.html.
--
Enjoy
"
Everyone is an expert at something"
Kim Oppalfens - Sms Expert for lack of any other expertise
Windows Server System MVP - SMS