Saturday, December 31, 2011

MPcontrol.log error in native mode call to http SendRequestSync Failed for port 443 with status code 403, text : Forbidden

image

 

after all struggles  found this was due to communication issues with the PKI and SCCM Server and required a Reboot (PKI Server then SCCM Server both) was resolved the issue.

 

Also noticed if we show the client authentication – Computer certificate then it should work… how ever I recommend to go for reboot

at No comments:
Labels:

Tuesday, December 27, 2011

APP – V Installation Articles

http://www.virtualizationadmin.com/articles-tutorials/application-virtualization-articles/

at No comments:
Labels:

SQL Query to Show Any missing Boundaries in the SCCM Hierarchy

SELECT DISTINCT

v_R_System.Name0,

v_R_System.Client0,

v_RA_System_IPAddresses.IP_Addresses0,

v_RA_System_IPSubnets.IP_Subnets0,

v_RA_System_SMSAssignedSites.SMS_Assigned_Sites0

FROM v_R_System LEFT OUTER JOIN

v_RA_System_IPSubnets ON v_R_System.ResourceID = v_RA_System_IPSubnets.ResourceID LEFT OUTER JOIN

v_RA_System_IPAddresses ON v_R_System.ResourceID = v_RA_System_IPAddresses.ResourceID LEFT OUTER JOIN

v_RA_System_SMSAssignedSites ON v_R_System.ResourceID = v_RA_System_SMSAssignedSites.ResourceID

WHERE (v_RA_System_SMSAssignedSites.SMS_Assigned_Sites0 IS NULL)

AND (NOT (v_RA_System_IPAddresses.IP_Addresses0 IS NULL))

AND (v_R_System.Client0 IS NULL)

AND (NOT (v_RA_System_IPSubnets.IP_Subnets0 IS NULL))

order by v_RA_System_IPSubnets.IP_Subnets0

at No comments:
Labels: ,

Confuse - USMT & MDT & SIM

The confusing parts …


1) USMT: Will have below files

MigApp:- To migrate the Application settings like Outlook dictionary
Miguser:- To migrate the Local Users membership
MigDoc:- TO migrate the File types that you wanted to migrate
Custom.XML: the above three can be overwriten if you want any of above or apart from that to migrate.
Config.XML: You can migrate the configurations of Applications also with file

2) In MDT: - Will have this file
Customsettings .ini :- customize it to show or hide screens when running through the deployment wizard, this file is found in the Control folder

3) What is SIM? System Image Manager
SIM will be useful to create Unattended .XML file
at No comments:
Labels: , , ,

Wednesday, December 21, 2011

Risk and Health Assessment Program for Active Directory (ADRAP)

 

 You can download it from http://www.microsoft.com/download/en/details.aspx?id=19464ADRAP

at No comments:
Labels:

SCCM + MDT Driver Management - Good Info To Read


Below are the options that i could see to automate the Drivers for different models...


For DELL
http://en.community.dell.com/techcenter/systems-management/w/wiki/repository-manager.aspx


Dell Repository Manager is an application that allows IT Admins more easily manage system updates. Repository Manager provides an easy to use, searchable interface used to create custom collections known as bundles and repositories of Dell Update Packages (DUPs)
A Dell Update Package (DUP) is a self-contained executable in a standard package format that updates a software element on a Dell server such as the BIOS, a driver, firmware and other software updates. UsingRepository Manager in conjunction with other OpenManage tools helps to ensure that your PowerEdge server is kept up to date. 


For how to make the Task Sequence .. you can use this...http://www.windows-noob.com/forums/index.php?/topic/2961-dell-and-drivers/


http://en.community.dell.com/techcenter/enterprise-client/w/wiki/client-deployment.aspx
http://en.community.dell.com/techcenter/os-applications/w/wiki/dell-business-client-operating-system-deployment.aspx

FOR IBM Lenovo

http://scug.be/blogs/sccm/archive/2011/01/18/configmgr-2007-osd-using-lenovo-update-retriever-to-install-all-your-drivers-without-importing-them-in-the-configmgr-driver-catalog.aspx

http://forums.lenovo.com/t5/ThinkVantage-Technologies/Use-THIN-INSTALLER-silently-to-install-updates/td-p/218895
Official Lenovo Deployment Guide Download Page http://support.lenovo.com/en_US/downloads/detail.page?DocID=UM006719
http://blog.itminutes.net/?p=266


For Hp 

http://h20331.www2.hp.com/Hpsub/cache/509658-0-0-225-121.html


and other steps to manage the Drivers like we do it in MDT...

http://myitforum.com/cs2/blogs/cnackers/archive/2010/04/29/configmgr-driver-management-good-info-to-read.aspx

Take a read:
http://blogs.technet.com/mniehaus/archive/2010/04/29/configmgr-2007-driver-management-the-novel-part-1.aspx
http://blogs.technet.com/mniehaus/archive/2010/04/29/configmgr-2007-driver-management-the-novel-part-2.aspx
http://blogs.technet.com/mniehaus/archive/2010/04/29/configmgr-2007-driver-management-the-novel-part-3.aspx
http://www.deployvista.com/Home/tabid/36/EntryID/132/language/en-US/Default.aspx

-Enjoy
at No comments:
Labels: , , ,

Where to start the Forefront Endpoint Protection

Here is starting point to work with SCCM+Forefront

  • Download the Trial Software
    or use the Virtual Labs “
Forefront Endpoint Protection
Forefront Client Security

 

Forefront Identity Manager
Forefront Server Security
Threat Management Gateway
Unified Access Gateway
at No comments:
Labels: ,

One more Good blog on sccm

http://blog-en.netvnext.com/

at No comments:
Labels:

Wednesday, December 14, 2011

License 15A - General License Reconciliation Report by Machine

Most of the time people will get tried to import the third party license file however due to some Characters limitation or some other we will get errors while importing the .csv file.

The easy solution i can see it a free utility called CT-AILW.exe.
read here more ….http://blog.coretech.dk/kea/asset-intelligence-3rd-party-software-utility/

Configuring the utility

Once you have downloaded our utility you have to:
  1. Copy CT-AILW.exe to C:\Program Files\Coretech\AILW\ CT-AILW.exe (you need to create the folder manually).
  2. Copy e1db6caa-40cb-49f0-a744-21ca930b419f\e1db6caa-40cb-49f0-a744-21ca930b419f.xml to <D>:\Program Files\Microsoft Configuration Manager\Admin\e1db6caa-40cb-49f0-a744-21ca930b419f\e1db6caa-40cb-49f0-a744-21ca930b419f.xml to <D>:\Program Files\Microsoft Configuration Manager\ Admin Console\XmlStorage\Extensions\Actions\ e1db6caa-40cb-49f0-a744-21ca930b419f\e1db6caa-40cb-49f0-a744-21ca930b419f.xml (notice, you need to create the Actions folder manually).
  3. Restart the Configuration Manager Console.

Direct download http://blog.coretech.dk/download/CTAILW.zip
at No comments:
Labels: ,

How can I install BDP without any issues?

How can I install BDP without any issues?

Steps to enable Successful BDP:

1. Login to the Target system and uninstall the existing SCCM Client

2. Create a Test collection and add the Target system to the collection.

3. Use delete special to delete the Computer Record.

4. Login to the target BDP Computer

5. Copy all the SCCM Client Binaries from SCCM Server to local drive to a folder called Temp.

6. Open command prompt with administrator rights and change the working directory to above temp Directory
ccmsetup.exe /source:C:\temp /native:FALLBACK SMSSITECODE=XXX FSP=XX.Domain.com

7. Once the client installed refresh the all systems collection and see for the client to Yes.

Then follow below steps to enable BDP role from SCCM Console.

8. In the Configuration Manager console, navigate to System Center Configuration Manager / Site Database / Site Management / <site name> / Site Settings.

9. Right-click Site Systems, point to New, and then click Server.

10. Use the New Site System Server Wizard to deploy the branch distribution point on the specific client on which you want to install it.

11. On the System Role Selection page, select the Distribution Point role.

12. On the Distribution Point page, select the Enable as a branch distribution point option. If you want to limit the branch distribution point installation and package files to a specific partition on the client computer or if you want to reserve a specific amount of disk space for the operating system or workstation files, you can set those preferences on this page.

Note: if the Enable as branch Distribution point option Grayed out repeat the above steps 1 to 7 steps.

at No comments:
Labels:

What you will do in a SCCM POC?

What you want to cover in SCCM POC??????

read here http://blogs.technet.com/b/smsandmom/archive/2007/10/30/system-center-configuration-manager-sccm-2007-poc-installation-guidelines.aspx

at No comments:
Labels: ,

Project Management


PMรจ Project Management is the discipline of planning, organizing, motivating, and controlling resources to achieve specific goals. Initiate - Plan - Execute - Monitor - Close. These are the five main process groups of the project management life cycle.

Each portion of the life cycle has its own process and set of deliverables. For example, during the initiation phase, project managers, stakeholders, and team members will be working on the project proposal and scope statement. During the closing phase, project managers will work on the closing documents and the process of putting the project to bed

  1. Initiation

The initiating processes determine the nature and scope of the project. The initiating stage should include a plan that covers the following areas

a.     Analyzing the business needs / requirements in measurable goals

b.     Reviewing of the current operations

c.     Financial analysis of the costs and benefits including a budget

d.     Stakeholder analysis, including users, and support personnel for the project

e.     Project charter including costs, tasks, deliverables, and schedule

  1. Planning and design: The main purpose is to plan time, cost and resources adequately to estimate the work needed and to effectively manage risk during project execution.

Project planning generally consists of,


a.     Determining how to plan (e.g. By level of detail or rolling wave)

b.     Developing the scope statement

c.     Selecting the planning team

d.     Identifying deliverables and creating the work breakdown structure(Work packages to drill down to all levels)

e.     Identifying the activities needed to complete those deliverables and networking the activities in their logical sequence

f.      Estimating the resource requirements for the activities -HR

g.     Estimating time and cost for activities - Finance

h.     Developing the schedule

i.      Developing the budget - Finance

j.      Risk planning

k.     Gaining formal approval to begin work

  1. Execution and Construction: When you're executing the project, you're carrying out the pre-defined tasks for that project. The project execution process group is the phase during which all of the aspects that you have planned out carefully will be carried out. During this phase of the project, you will be making heavy use of the project plan and of any project tracking tools you have selected.

generally consists of,


a)    Direct and Manage Project execution

b)    Quality Assurance of deliverables

c)     Acquire, Develop and Manage Project team

d)    Distribute Information

e)    Manage stakeholder expectations

f)     Conduct Procurement

  1. Monitoring and controlling systems: We check to see whether the various milestones are being met, what the quality of work being performed is and the progress being made by the team as a whole.

generally consists of,


a.     Measuring the ongoing project activities ('where we are')

b.     Monitoring the project variables (cost, effort, scope, etc.) against the project management plan and the project performance baseline (where we should be)

c.     Identify corrective actions to address issues and risks properly (How can we get on track again)

d.     Influencing the factors that could circumvent integrated change control so only approved changes are implemented.

e.     Project maintenance is an ongoing process and it includes

                              i.        Continuing support of end-users

                             ii.        Correction of errors

                            iii.        Updates of the software over time

  1. Completion/Closing: During the closing phase, files are archived (making room for new projects), closing forms are filled out, and lessons are recorded in order to make the next project run more smoothly.

    1. Project close: Finalize all activities across all of the process groups to formally close the project or a project phase
    2. Contract closure: Complete and settle each contract (including the resolution of any open items) and close each contract applicable to the project or project phase
    3. A Sign-Off for Closing Your Project Out
at No comments:
Labels:

Monday, December 12, 2011

PMP Prep

PMP Prep
Module I Introduction: PMP Certification Examination
Module II Projects, Processes and Projects: How You Do the Job
Module III The Process Framework: It All Fits Together
Module IV Integration Management: Getting the Job Done
Module V Scope Management: Doing the Right Stuff
Module VI Time Management: Getting it Done on Time
Module VII Cost Management: Watching the Bottom Line
Module VIII Quality Management: Getting it Right
Module IX Human Resource Management: Getting the Team Together
Module X Communications Management: Getting the Word Out
Module XI Risk Management: Planning for the Unknown
Module XII Procurement Management: Getting Some Help
Module XIII Professional Responsibility: Making Good Choices

 

 

Who Should learn PMP ?

* Project Managers
* Team leaders/Members
* Field Staff Members
* Project Engineers
* Design Engineers
* Project Leaders and Admonistrators
* Industrial Engineers
* Program Managers
* Manufacturing Engineers
* Project Coordinators

 

What are the Tools will help me ???

 

Project 2010
Microsoft Enterprise Project Management

 

~~~~this post is a Draft only~~~~~~~~~

at No comments:
Labels:

Friday, December 9, 2011

Free WOL Tool

Fusion WOL is the one have seen best utility for WOL :)

http://www.fusion-online.com.ar/es/products/wol/

at No comments:
Labels: ,

Tuesday, November 29, 2011

Where are my Site Boundaries are stored ??????

From where should i get my SCCM Site Boundaries ?

Where SCCM Will store the Site Boundaries?

Ok Let me ask in other way? Hamm!!!!!

What if a computer discover and how that system will assigned to a site? on what bases?

Where are my Site Boundaries are stored ??????

for all above one answer is a file with your 'Site code"QRY.NCF"' will answer

it contains the site boundaries and if any system discovers then automatically it will check for the boundaries from .ncf file............

 

in my case i found in C:\Program Files (x86)\Microsoft Configuration Manager\inboxes\ddm.box\data.col

path.

at No comments:
Labels:

Wednesday, November 23, 2011

Sample CCR File

[NT Client Configuration Request]
   Machine Name=System1
   Domain=Mydomain
   IP Address 1=10.250.1.221
   IP Address 2=10.251.0.177
   IP Address 3=10.251.1.213
   IP Address 4=10.251.1.56
   IP Address 5=10.251.1.97
   IP Address 6=10.252.75.12
   IP Address 7=10.252.75.82
   IP Address 8=10.252.84.81
   IP Address 9=10.252.87.85
   IP Address 10=10.8.108.1

[IP Address ]
   IP Address 1=10.250.1.221
   IP Address 2=10.251.0.177
   IP Address 3=10.251.1.213
   IP Address 4=10.251.1.56
   IP Address 5=10.251.1.97
   IP Address 6=10.252.75.12
   IP Address 7=10.252.75.82
   IP Address 8=10.252.84.81
   IP Address 9=10.252.87.85
   IP Address 10=10.8.108.1

[Resource Names ]
   Resource Names 1=System1.Mydomain.com

[Request Processing]
   Latest Processing Attempt=11/23/2011 08:52:38

[IDENT]
   TYPE=Client Config Request File

at No comments:
Labels: ,

Monday, November 21, 2011

Here is MSDN Forum Assistant, TechNet Forum Assistant

MSDN Forum Assistant, TechNet Forum Assistant –>

MSDN Forum Assistant and TechNet Forum Assistant offer a convenient way for the forum users to read the forum recent threads and your own threads, it also make it easy to create new threads and search in the forum.

Download it from here!!!!!!!!!

http://www.microsoft.com/download/en/details.aspx?id=27747

at No comments:
Labels:

Sunday, November 20, 2011

Good Web link for Learning English Spellings

Good Web link for Learning angrez

http://www.spelling.hemscott.net/

at No comments:
Labels: ,

Friday, November 18, 2011

ConfigMgr Client Startup Script

http://blogs.catapultsystems.com/jsandys/archive/2010/10/19/configmgr-client-startup-script.aspx

 

http://myitforum.com/cs2/blogs/jsandys/Script/ConfigMgrStartup.zip

at No comments:
Labels: , , ,

USMT :- Steps That will Migrate everything

image

-Enjoy

at No comments:
Labels:

Thursday, November 17, 2011

RSS - SCCM

http://social.technet.microsoft.com/Forums/en-US/user/forumsthreads?filter=unread&sort=lastpostdesc

at No comments:
Labels:

Tuesday, November 8, 2011

USMT

USMT

 

http://www.windows-noob.com/forums/index.php?/topic/1096-usmt-4/
http://myitforum.com/cs2/blogs/nbrady/archive/2010/01/26/migrating-windows-xp-to-windows-7-using-hardlinking-setting-up-a-demo.aspx
http://www.windows-noob.com/forums/index.php?/topic/1633-sample-xp-to-windows-7-task-sequences/

http://www.windows-noob.com/forums/index.php?/topic/1633-sample-xp-to-windows-7-task-sequences/
http://www.windows-noob.com/forums/index.php?/topic/1633-sample-xp-to-windows-7-task-sequences/

 

http://www.windows-noob.com/forums/index.php?/topic/1096-usmt-4/
http://myitforum.com/cs2/blogs/nbrady/archive/2010/01/26/migrating-windows-xp-to-windows-7-using-hardlinking-setting-up-a-demo.aspx
http://www.windows-noob.com/forums/index.php?/topic/1633-sample-xp-to-windows-7-task-sequences/

http://www.windows-noob.com/forums/index.php?/topic/1633-sample-xp-to-windows-7-task-sequences/
http://www.windows-noob.com/forums/index.php?/topic/1633-sample-xp-to-windows-7-task-sequences/

 

http://blogs.technet.com/b/configurationmgr/archive/2010/06/30/how-to-use-usmt-4-hardlinking-in-a-configuration-manager-2007-task-sequence.aspx

at No comments:
Labels:

ALL DCM Packs List

Here is a all the pre-configured DCM of packs

http://blogs.technet.com/b/alipka/archive/2007/11/16/configuration-manager-2007-dcm-configuration-packs-list.aspx

at No comments:
Labels:

Monday, October 31, 2011

SCCM 2012 now available as RC download

System Center 2012 Configuration Manager and System Center 2012 Endpoint Protection Release Candidates

 

download link http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=27841

Please note: System Center 2012 Configuration Manager and System Center 2012 Endpoint Protection are now provided as a single installation package.
System Center 2012 Configuration Manager helps you to empower people to use the devices and applications they need to be productive, while maintaining corporate compliance and control. As more and more consumer devices enter the workplace, IT faces the challenge of delivering a rich experience to users across multiple devices – both personal and corporate-owned – without giving up the control needed to protect company assets. Configuration Manager provides a unified infrastructure for mobile, physical and virtual environments. Configuration Manager also helps you to be more efficient with simplified administrative tools and improved compliance enforcement.
New features in the release candidate include:

  • Improved endpoint protection functionality, with integrated setup, management and reporting of System Center 2012 Endpoint Protection. (see below)
  • Improved application catalog design that provides a better, more responsive experience when requesting and downloading applications.
  • New support for Windows Embedded devices, including Windows Embedded 7 SP1, POS-Ready 7, Windows 7 Think PC, and Windows Embedded Compact 7.
  • Improved compliance enforcement and tracking, with the ability to create dynamic collections of baseline compliance and generate hourly compliance summaries.
  • Platform support for deep mobile device management of Nokia Symbian Belle devices. Pending a platform update by Nokia later this calendar year for these devices, customers will be able to try out the management of Nokia devices with Configuration Manager.

System Center 2012 Endpoint Protection (previously known as Forefront Endpoint Protection 2012) protects client and server operating systems against the latest threats using industry-leading malware detection technologies. It is built on System Center 2012 Configuration Manager, giving customers a unified infrastructure for client security and compliance management. This shared infrastructure lowers ownership costs while providing improved visibility through user-centric malware reporting and control over endpoint management and security.
New features in the release candidate include:
  • Support for System Center 2012 Configuration Manager, including integrated setup, management, and reporting.
  • Role-based management across security and operations.
  • Improved alerting and reporting, with near real-time and user-centric data views.
  • More efficient delivery of signature updates using new automatic software deployment model.

Need more information? See the System Center 2012 Configuration Manager and System Center 2012 Endpoint Protection product details pages.

Top of pageTop of page

System requirements

Supported Operating Systems: Windows Server 2003 R2 x64 editions, Windows Server 2008, Windows Server 2008 R2

Site System Requirements

  • Site servers and site roles require 64-bit OS (distribution points are an exception)
Branch Distribution Points
  • Branch distribution points have been deprecated and replaced with standard distribution points that can be hosted on Configuration Manager 2012 client operating system platforms, with the exception of Windows XP Professional Service Pack 3 and Windows XP Tablet PC SP3
  • Standard DPs can run on Windows Server 32-bit but will not support advanced functionality
Server Operating System Requirements
  • Windows Server 2008 (64-bit) and Windows Server 2008 R2
  • Distribution points can run on Windows Server 2003
Client Operating System Requirements
  • Windows XP professional SP3 – x86 and Windows XP SP2 pro for 64 bit systems
  • Windows Vista SP2 (x86,x64)
  • Windows Server 2003 R2 SP2 (x86,x64)
  • Windows Server 2008 (x86,x64)
  • Windows Server 2008 R2 (x86,x64)
  • Windows 7 (x86,x64)
Database Requirements
  • SQL Server 2008 SP2 with CU 6
  • SQL Server Express 2008 r2 WITH SP1 and CU 3 is supported only on secondary sites
  • QL Reporting Services is ONLY reporting solution
For Supported Configurations information, visit http://technet.microsoft.com/en-us/library/gg682077.aspx.

Top of pageTop of page

Instructions

Click the Download button next to the file most appropriate for your needs.
For System Center 2012 Configuration Manager Release Candidate use the file - ConfigMgr_2012_RC1_ENU_7678.exe

  1. Do one of the following:
    • To download the media image, click Run
    • To save the download to your computer to install at a later time, click Save.
    • To cancel the installation, click Cancel.
  2. The media will be downloaded into a folder and then you can run splash.hta in the root of the folder to begin Setup.
at No comments:
Labels:

Some useful SCCM Patch Management - Custom Reports

http://pleasepressanykey.blogspot.com/2010/08/sccm-patchmgmt-custom-reports.html

at No comments:
Labels: ,

Saturday, October 29, 2011

DP Package Utility – For Remove all packages from a Specific DP

With the help of this utility we can add & remove Packages from a Specific DP

http://www.myitforum.com/inc/arts/12171Setup.zip

For this Utility required .NET Framework 2.0

at No comments:
Labels: , ,

"+" In AutoCAD files not able to Download at client side

This can be fixed with……….

 

investigated this and turns out this is an IIS request filtering issue with urls containing "+" character. Basically you get a 404.11 error since the url is double encoded. The following KB article presents a workaround to set "allowDoubleEscaping" to true. Note that by default this is disabled and you need to set this explicitly.

http://support.microsoft.com/default.aspx/kb/942076

After I enabled this I was able to download files from directories containing "+" character. Can you try this out and let me know if it resolves you issue.

 

To resolve this problem, follow these steps.
Note After you follow these steps, the security level of the server that is running IIS may be reduced. Therefore, before you set the allowDoubleEscaping property to True, consider the risk that is involved.

  1. Click Start, type Notepad in the Start Search box, right-click Notepad in the Programs list, and then clickRun as administrator. If you are prompted for an administrator password or for a confirmation, type your password, or click Continue.
  2. On the File menu, click Open, type %windir%\System32\inetsrv\config\applicationHost.config in the File name box, and then click Open.
  3. In the ApplicationHost.config file, locate the requestFiltering XML element.
  4. Change the value of the allowDoubleEscaping property to True. To do this, use code that resembles the following example code. 

    <requestFiltering allowDoubleEscaping="true">

  5. On the File menu, click Save.
  6. Exit Notepad.
Important When you enable double escaped sequences, the security level of the server that is running IIS may be decreased.
The previous steps will directly edit the applicationHost.config file and configure this setting at the server level. You can also use the Appcmd command to configure this setting. To do this, follow these steps:

  1. Click Start, click Run, and then type cmd in the Open box.
  2. Type the following command, and then press ENTER:

    C: CD %windir%\system32\inetsrv


  3. Run one of the following commands: 


    • Appcmd set config "Default Web Site" /section:system.webServer/Security/requestFiltering -allowDoubleEscaping:True

      Note This will configure this setting only for the "Default Web Site" by creating or editing the Web.config file in the root folder of the "Default Web Site." 



    • appcmd set config "Default Web Site" /section:system.webServer/Security/requestFiltering -allowDoubleEscaping:True /commit:appHost

      Note This will configure this setting only for the "Default Web Site" in the applicationHost.config file by using a location tag.

at No comments:
Labels: , , , , ,

Wake On LAN Vs OBT (Out of band management)

 

 

http://technet.microsoft.com/en-us/library/cc161828.aspx

 

Feature Advantage Disadvantage

Wake On LAN

Does not require that the site is running Configuration Manager 2007 SP1.

Supported by many network adapters.

UDP wake-up packets are quick to send and process.

Does not require a PKI infrastructure.

Does not require any changes to Active Directory Domain Services.

Supported on workgroup computers, computers from another Active Directory forest, and computers in the same Active Directory forest but using a noncontiguous namespace.

Less secure solution than out of band management because it does not use authentication or encryption. If subnet-directed broadcast transmissions are used for the wake-up packets, this has the security risk of smurf attacks. For more information about securing subnet-directed broadcast transmissions with Wake On LAN, see Secure Routers for Subnet-Directed Broadcasts for Wake On LAN.

Might require manual configuration on each computer for BIOS settings and adapter configuration.

No confirmation that computers are woken up.

Wake-up transmissions as multiple UDP packets can unnecessarily saturate available network bandwidth.

Cannot wake up computers interactively.

Cannot return computers to sleep state.

Management features are restricted to waking up computers only.

Out of band management

More secure solution than Wake On LAN because it provides authentication and encryption using standard industry security protocols. It can also integrate with an existing PKI deployment, and the security controls can be managed independently from the product.

Supports automatic centralized setup and configuration (provisioning).

Established transport session for a more reliable connection and auditable connection.

Computers can be woken up interactively (and restarted).

Computers can be powered down interactively.

Additional management capabilities, which include the following:

  • Restarting a non-functioning computer and booting from a locally connected device or known good boot image file.

  • Re-imaging a computer by booting from a boot image file that is located on the network or by using a PXE server.

  • Reconfiguring the BIOS settings on a selected computer (and bypassing the BIOS password if this is supported by the BIOS manufacturer).

  • Booting to a command-based operating system to run commands, repair utilities, or diagnostic applications (for example, upgrading the firmware or running a disk repair utility).

Requires that the site is running Configuration Manager 2007 SP1 or later.

Supported only on desktop computers that have the Intel vPro chip set and a supported version of Intel Active Management Technology (Intel AMT) firmware. For more information about which AMT versions are supported, see Overview of Out of Band Management.

The transport session requires more time to establish, higher processing on the server, and an increase in data transferred.

Requires a PKI deployment and specific certificates.

Requires an Active Directory container that is created and configured for publishing AMT-based computers.

Cannot support workgroup computers, computers from another Active Directory forest, or computers from the same Active Directory forest but using a noncontiguous namespace.

Might require infrastructure changes to DNS and DHCP if provisioning out of band (the client for Configuration Manager 2007 SP1 or later is not installed).

Both features support waking up computers for the following scheduled activities:

  • Software update deployments that are configured with a deadline. 

  • Mandatory advertisements for software distribution or a task sequence.

If you are using Wake On LAN and out of band management in the same site, you must choose how the site will wake up computers for scheduled activities that are configured for Wake On LAN. The following options are located on the Site Properties: Wake On LAN Tab:

  • Use power on commands if the computer supports this technology, otherwise use wake-up packets 

  • Use power on commands only 

  • Use wake-up packets only 

Make your choice based on which feature you are using and whether the computers assigned to the site support the feature. Also take into consideration the advantages and disadvantages of both features as listed above. For example, wake-up packets are less reliable and are not secured, but power on commands take longer to establish and require more processing on the site system server that is configured with the out of band service point.

at No comments:
Labels: , ,
Subscribe to: Posts (Atom)