Thursday, May 5, 2011

1E Nomad Enterprise


Nomad Enterprise consists of two powerful components, Nomad Branch and PXE Lite.

Users with remote branches can benefit greatly from using Nomad for software distribution:

  1. 1E Nomad delivers the ability for network booting, eliminating the need for an expensive server in each branch
  2. 1E Nomad controls the amount of bandwidth it uses so even when bandwidth quite limited, remote users are still able to use the network during software distribution, and there is no need to considering adding expensive bandwidth resources.
  3. Nomad is very cost effective but it can considerably reduce the number of servers in the network,

Nomad is a network optimization solution that uses patented technology to provide amazing levels of network efficiency. It improves network performance and enables server consolidation, allowing customers to get the most out of their existing networks and avoid costly network upgrades and the requirement for additional hardware.

Nomad Branch

Distributes systems management data once over the WAN and then shares it locally with peer agents. Can be used with, or without multicast.

PXE Lite

Provides network booting capabilities without the need for separate server hardware. Enables real zero-touch bare-metal OS deployments.

Reduce the cost of software deployment

Nomad Enterprise enables OS releases, software applications and updates to be distributed quickly and efficiently to remote server-less branch offices and to bandwidth-challenged environments. Nomad Enterprise ensures that software packages are only copied once over the WAN (Wide Area Network) to make the most efficient use of available network bandwidth. This eliminates the need for time consuming site visits or the presence of local servers at branches, delivering major cost savings for branch-oriented businesses, such as retail and banking.

Benefits at a glance:

Lower Cost

  • Distribution success for less cost
  • Reduces maintenance overhead
  • Reduces bandwidth needed
  • Maximizes Network Efficiency

  • Downloads once over the WAN
  • Dynamic throttling bandwidth control
  • Multicast implementation
  • Improves Reliability

  • Restart-able download
  • Consistency checking
  • Download subsequent changes
  • Increases Simplicity

  • Fewer servers required
  • Reuse existing skills
  • Seamless integration with SMS and ConfigMgr
  • Save on Hardware, Software Electricity

  • Eliminate the cost of a server in MOST branches
  • Less servers means less electricity
  • Less servers means less expensive software
  • What’s new in Nomad Branch 3.0?

    Nomad Branch 3.0 now provides, central multicast, improved download reliability, has additional ConfigMgr integration and improved cache management features.

    • Central multicast- Nomad Branch can distribute packages using multicast directly from a ConfigMgr/SMS Distribution Point. This benefits both central and branch distributions, minimizing the load on Distribution Points and significantly reducing WAN traffic.
    • Additional Configuration Manager 2007 integration - Nomad Branch now supports OSD driver packages, alternate cache paths for Save and Restore Cache actions in Task Sequences and 64bit WinPE Save and Restore Cache actions.
    • Enhanced download integrity- Nomad Branch now provides a per file checksum that enhances Nomad Branch capabilities in terms of efficiently recovering from transfer errors on a per file basis. The list of download file checksums is computed and made available centrally from the ConfigMgr/SMS Distribution Point thereby increasing efficiency.
    • Download cache maintenance- Improvements to the Nomad Branch cache maintenance make it easier to manage Nomad Branch disk usage for its download cache.
    • Internet based download throttling - Internet ConfigMgr clients can now use Nomad Branch 3.2 to download from a Distribution Point using HTTP/HTTPS. The package source will be downloaded once over the WAN and then shared locally with peer agents using the existing Nomad Branch methodology.
    • Download monitoring interface - Nomad Branch provides a new download monitoring interface that also enables remote monitoring of machines.
    Automate OS Deployments

    1E’s experience leading hundreds of global Windows migrations has enabled us to create a comprehensive toolset that makes deploying new operating systems as simple as deploying software. Nomad Enterprise, complements the Microsoft Deployment Toolkit and provides effective software and OS transfer even in the largest, geographically dispersed organizations.

    Consolidate Management Servers

    Nomad Enterprise brings huge savings in terms of cost and effort by eliminating the need for secondary site servers. As only a few centrally located servers are needed, it is easier to implement the ConfigMgr/SMS hierarchy in these environments. Hardware costs are reduced significantly, as well as management costs as the environment is simpler to maintain.

    Wan Optimization Using Multicast

    For customers who wish to implement multicast for systems management data, Nomad Central Multicast provides the most bandwidth-efficient method of distributing large SMS/ConfigMgr files over a network. This patented technology reduces network traffic by simultaneously delivering a single stream of data to multiple PCs.

    Using Central Multicast data is transferred from a Distribution Point (DP) to multiple subnets only once over each connection. This greatly reduces load on the DP and increases the number of subnets that it can service. It also reduces network traffic going across any intervening WAN links.

    Central Multicast

    Local Multicast is ideally suited for environments with branch locations with over 100 PCs. It uses multicast to distribute locally, serving all PCs at once, and reduces LAN traffic and the load on branch PCs. As multicast is limited to the local subnet, no network infrastructure changes are required.

    Local Multicast

    Learn more about 1E Nomad

    OBT Info

    Some use full links for OBT

    Powershell :- System Management Container

    If you want to create Systems Management Server (SMS) 2003 or System Center Configuration Manager (ConfigMgr / SCCM) 2007, Container i.,e “System Management” with Power shell here it is the Cmdlts



    # Get the distinguished name of the Active Directory domain
    $DomainDn = ([adsi]"").distinguishedName
    # Build distinguished name path of the System container
    $SystemDn = "CN=System," + $DomainDn
    # Retrieve a reference to the System container using the path we just built
    $SysContainer = [adsi]"LDAP://$SystemDn"
    # Create a new object inside the System container called System Management, of type "container"
    $SysMgmtContainer = $SysContainer.Create("Container", "CN=System Management")
    # Commit the new object to the Active Directory database

    You’ll still have to set permissions appropriately, but if you’re looking to automate the entire process, here’s at least once piece!


    Wednesday, May 4, 2011

    SCCM / SMS Backup Report

    To know what sites haven't backed up within a given date range (a day and a half since last backup), and those that have never backed up (never reported a backup).

    Groovy stuff, not so easy to determine though, or so it would seem, unless you fall back entirely onto the Status Message sub-system.

    When a SMS2003 or ConfigMgr backup completes, a Status Message is produced by the SMS_SITE_BACKUP component and processed by the Site server. As you probably know, Status Messages replicate up the hierarchy, so the Central Site server will know all Status Messages being "sent up".

    I've had this code running for a few days, it seems to work a charm.

    There is one thing that can get in the way though, customised Status Filter Rules. If you have them, you understand them (unless you've inherited in which case GIYF), and know that they can block Status Messages from being processed or delivered to the Parent Site server (drop all informational for example, as the last rule in the rule set, yes some folks do this!).

    The T-SQL to bring back the Status Messages, and to render a list of machines that do not fit the logic (no backup reported, ever) is here:

    SELECT vsite.ServerName AS Servername, vsite.SiteCode, MAX(stat.Time) AS LastTime

    FROM vStatusMessages AS stat LEFT OUTER JOIN

    StatusMessageInsStrs AS ins ON ins.RecordID = stat.RecordID LEFT OUTER JOIN

    StatusMessageAttributes AS att1 ON att1.RecordID = stat.RecordID LEFT OUTER JOIN

    v_Site AS vsite ON vsite.ServerName = stat.MachineName

    WHERE (vsite.Type = 2) AND (stat.Component = 'SMS_SITE_BACKUP') AND (stat.MessageID = 5035)

    GROUP BY vsite.ServerName, vsite.SiteCode

    HAVING (MAX(stat.Time) < DATEADD(day, - 1.5 , GETDATE()))

    ORDER BY LastTime

    select 'Sites that have never reported a backup (Investigate any server that is listed)'

    select servername from v_site where type = 2 and servername not in

    (SELECT vsite.ServerName AS Servername

    FROM vStatusMessages AS stat LEFT OUTER JOIN

    StatusMessageInsStrs AS ins ON ins.RecordID = stat.RecordID LEFT OUTER JOIN

    StatusMessageAttributes AS att1 ON att1.RecordID = stat.RecordID LEFT OUTER JOIN

    v_Site AS vsite ON vsite.ServerName = stat.MachineName

    WHERE (vsite.Type = 2) AND (stat.Component = 'SMS_SITE_BACKUP') AND (stat.MessageID = 5035)

    GROUP BY vsite.ServerName, vsite.SiteCode

    HAVING (MAX(stat.Time) >= DATEADD(day, - 1.5 , GETDATE())))



    The Query itself is entirely harmless, in that it doesn't UPDATE or DELETE, but you should be aware it can put a load on your DB instance while running. Nothing to big to worry about, unless you are seriously underspec'd hardware-wise.

    And finally, be aware that as long as Status Filter rules are not inhibiting the delivery of the Status Message from down-level sites up the hierarchy, and that Sites in your hierarchy are communicating with their Parent's correctly, then you should be OK to rely on this report. I would suggest having some more reports configured to check for any sites that haven't reported in within the last 24hrs (indicative of some kind of failure taking place) and also to look at using dedicated Monitoring tools such as OpMgr to monitor Site servers and Site systems health using the Management Pack.

    Tuesday, May 3, 2011

    Checking Patch Statuses through WMI

    Normally the optimal and quickest way to determine if a patch has definitely been installed on a system is to use WMI. That's where the SCCM client primarily gets its information from to report back to its parent. There are several ways you can go about but the ways i've found to be ideal for me are described below:

    Through the command prompt:

    1. On the system which you wish to query, open up command prompt

    2. Run "Wmic /namespace:\\root\ccm\softwareupdates\updatesstore path CCM_UpdateStatus get status, Article, Bulletin, UniqueId"

    3. This will show you ALL updates on the particular system. I've added additional information for reference but you can always play around with what you wish to see returned.

    4. This is best for an overview and you can quickly do a find or filter to determine a patch status if you pipe it to a txt file.

    Through the Wbemtest User Interface:

    1. Start "WBEMTEST" from a run prompt

    2. Connect to the namespace "\\<computername>\root\ccm\softwareupdates\updatesstore

    3. Select the Query button and using WQL, create a statement that suits your needs. Some examples are below:

        • Searching for a Missing Patch that is for Web Components would be:

          • select * from ccm_updatestatus where status = "missing" and title like "%web%"

        • Searching for all installed patches would be:

          • select * from ccm_updatestatus where status = 'installed'

    Depending on your requirements / needs, have fun! Wbemtest is very useful for quick references to WMI to determine patch statuses whenever you are suspecting the integrity of data received from SCCM due to possible sync issues.

    Monday, May 2, 2011

    Using Windows Update Basics

  • Using Windows Update

    What is Windows Update?
    A Microsoft Web site that provides updates for Windows operating system software and Windows-based hardware. Updates address known issues and help protect against known security threats.


    • If you turn on Automatic Updates, Windows Update can deliver high priority updates to your computer as they become available. You can decide when and how updates are installed.

    How does it work?
    When you visit the Web site, Windows Update scans your computer and tells you which updates apply to your software and hardware. You choose the updates that you want to install and how to install them.

    What types of updates can I get?
    Microsoft releases many types of updates that address a broad range of issues. To make it easier for you to get the most important updates—updates that help protect your computer and your information—Windows Update uses these categories:

    • High priority
      Critical updates, security updates, service packs, and update rollups that should be installed as soon as they become available and before you install any other updates.
    • Software (optional)
      Non-critical fixes for Windows programs, such as Windows Media® Player and Windows Journal Viewer 1.5.
    • Hardware (optional)
      Non-critical fixes for drivers and other hardware devices, such as video cards, sound cards, scanners, printers, and cameras.

    What’s the difference between Express and Custom?

    • Express (recommended) displays all high priority updates for your computer so that you can install them with one click. This is the quickest and easiest way to keep your computer up to date.
    • Custom displays high priority and optional updates for your computer. You review and select the updates that you want to install, one by one.

    Do I need to install optional updates?
    No. Optional updates address minor issues or add non-critical functionality to your computer. It is more important to install high priority updates so that your computer gets the latest critical and security-related software.

    Can I get updates automatically?
    Yes, if you turn on Automatic Updates. Windows will check for the latest high priority updates for your computer and install them according to your Automatic Updates setting.

    Is Automatic Updates the same as Windows Update?
    Yes, but Automatic Updates delivers only high priority updates. To get optional updates, you still need to visit the Windows Update Web site.

    What is Automatic Updates?
    It’s a feature that works with Windows Update to deliver critical and security-related updates as they become available. When you turn on Automatic Updates (recommended), Windows automatically looks for high priority updates for your computer. You decide how and when the updates are installed.

    How can I get more information about an update before I install it?
    Click the name of each update to view its description. To view system requirements and support information, click the Details link provided in each description.

    Do I have to do anything to install an update?
    Sometimes. Some updates require you to accept an End User License Agreement (EULA), answer a question about the installation process, or restart your computer before you can install them.

    What happens if I select "Don't show me this update again"?
    Windows Update will no longer ask you to review or install that update. However, if you hide a high priority update, you might be reminded that you’re missing an update that is critical to the security of your computer.

    If I hide an update, how do I get it back later?
    On the Windows Update Web site, click Restore hidden updates, and then review and install the updates that you want.

    How often does Windows Update release new updates?
    Security-related updates are released once a month. However, if a security threat occurs, such as a widespread virus or worm that affects Windows-based computers, Microsoft will release a corresponding update as soon as possible.

    Other types of updates are released whenever they are ready. It’s a good idea to turn on Automatic Updates so that your computer can receive high priority updates as they become available.

    How do I add Windows Update to my list of trusted Web sites?

    • In Internet Explorer, on the Tools menu, click Internet Options.
    • On the Security tab, click Trusted Sites, and then click Sites.
    • Under Add this Web site to the zone, type (or copy and paste) this URL:
    • Click Add, and then click OK.

    Supported versions and languages

    Which operating systems does Windows Update support?
    The Windows Update website offers updates for Windows operating systems only.

    Operating System Version Windows Update Support
    Windows Server 2003
    • Windows Server 2003 with Service Pack 1
      • Ongoing
        • Windows Server 2003
          • No new updates offered after June 2007
            Windows XP
            • Windows XP with Service Pack 2
              • Ongoing
                • Windows XP with Service Pack 1
                  • No new updates offered after September 2006; previous updates available
                    • Windows XP
                      • No new updates offered after September 2004; previous updates available
                        Windows 2000
                        • Windows 2000 with Service Pack 4
                          • Ongoing
                            • Windows 2000 with Service Pack 3
                              • No new updates offered after June 2005; previous updates available
                                • Windows 2000 with Service Pack 2
                                  • No new updates offered after June 2004; previous updates available
                                    • Windows 2000 with Service Pack 1
                                      • No new updates offered after August 2004; previous updates available
                                        • Windows 2000
                                          • No longer supported
                                            Additional operating systems
                                            • Windows Millennium Edition
                                              • Critical and security updates only after December 2003; no updates will be offered after June 2006
                                              • Windows 98
                                                • Critical and security updates only after August 2002; no updates will be offered after June 2006
                                                  • Windows NT Server
                                                    • No longer supported after December 2004
                                                      • Windows NT Workstation
                                                        • No longer supported after June 2004

                                                        Tip: Not sure which version of Windows your computer is running? Visit the Microsoft Protect Your PC website and, under Getting Started, click Find out which version of Windows your computer is using.

                                                        How long will I receive updates and support for my product?
                                                        For information about how long Microsoft products are supported, see the current Microsoft Support Lifecycle Policy.

                                                        Which browser versions can I use to access Windows Update?
                                                        You can use Microsoft Internet Explorer 5 but we recommend using Internet Explorer 6 or later.

                                                        How do I know which version of Internet Explorer I’m using?
                                                        In Internet Explorer, on the Help menu, click About Internet Explorer.

                                                        Can I view the Windows Update Web site using another language?
                                                        Yes, but updates will no longer appear in the same language that you use to view links, options, and instructions on the Web site. Titles and details for an update are displayed using your computer’s default language.

                                                        How do I change my language settings?

                                                        • On the Windows Update Web site, click Change settings.
                                                        • Select the language that you want to use to view Windows Update, and then click Apply changes now.
                                                        • When you are asked to confirm the change, do one of the following:
                                                          • To change your language settings immediately, click OK.
                                                            (You will need to review and select updates again.)
                                                          • To use the new language after installing any updates that you’ve selected, click Cancel.
                                                            (The next time you visit Windows Update, your new language setting will be applied.)

                                                        Why does Windows Update recommend a language for me to use?
                                                        It matches the default language setting for your computer. If you use it, you can view the Web site using the same language as the titles and details of any updates that apply to your computer.

                                                        Can I get updates in multiple languages?
                                                        Yes. Windows Update automatically detects language settings for each program on your computer. If you use multiple languages, you will be offered updates for each program in the appropriate language.


                                                        What happens if I cancel the download process or disconnect from the Internet before an update is fully downloaded?
                                                        The next time you connect to the Internet, the update will continue to download from the point at which it was interrupted.

                                                        I get an Internet Explorer error—how do I change my settings to work with Windows Update?
                                                        Use the default security settings:

                                                        • In Internet Explorer, on the Tools menu, click Internet Options.
                                                        • On the Security tab, click Internet zone, and then click Default Level.

                                                        To prevent problems, you can also add Windows Update to your list of trusted sites (instructions provided in the Using Windows Update section).

                                                        I get ActiveX or scripting warnings when I use Windows Update—is there a problem?
                                                        No. Windows Update uses these technologies to determine which updates your computer needs. As a security measure, Windows Update ActiveX controls are digitally signed by Microsoft. But attackers sometimes use the same technologies to harm your computer. Internet Explorer warns you so that you can decide whether or not to trust Web sites that use these controls.

                                                        Get more information about digital certificates, trusting Web sites, and choosing security settings by searching Internet Explorer Help. (If you don't want to see warnings when you use Windows Update, you can change your security settings but it's not recommended. If you lower the level of your settings, your computer is more vulnerable to viruses and other security threats.)

                                                        Why can’t I view update details, installation history details, or troubleshooting articles?
                                                        Your pop-up blocking software or settings do not allow you to open new browser windows from links that you click within a Web site.

                                                        To change Pop-up Blocker settings (available for Internet Explorer 6 on Windows XP SP2 or later):

                                                        • In Internet Explorer, on the Tools menu, point to Pop-up Blocker, and then click Pop-up Blocker Settings.
                                                        • Do one of the following:
                                                          • To allow pop-up windows only when using Windows Update, under Address of Web site to allow, type (or copy and paste) this URL: and then click Add.

                                                          • To allow new browser windows to open when using any secured (https://) Web sites, in the Filter Level list, click Low: Allow pop-ups from secure sites.

                                                        If you use other pop-up blocking software, find out whether you can change your settings just for links that you click within a Web site. If not, you might need to allow pop-ups while using Windows Update.

                                                        Where do I go if I have problems installing an update?
                                                        See Windows Update Help and Support for information about these and other options:

                                                        Why can’t I find an update after I’ve restored hidden updates?
                                                        Another update that you’ve installed has already addressed the same issue. For example, if you install a service pack or update rollup, your computer might no longer need the update that you’d previously hidden.

                                                        Why can’t I install some updates at the same time as other updates?
                                                        Some updates, such as service packs and update rollups, include several updates or address the same issues.

                                                        Other types of updates require you to restart your computer before they can take effect. You must install these updates separately. You can then return to Windows Update to see if more updates apply.

                                                        Networking and Advanced Information

                                                        What if I need to update more than one computer?
                                                        If you have a home or small office network, you need to update each computer individually.

                                                        If you are a network administrator, go to Administrator options for information about additional update services, such as the Windows Update Catalog and Windows Server Update Services.

                                                        What is Microsoft Baseline Security Analyzer (MBSA)?
                                                        MBSA is a tool that scans networked, Windows-based computers for common security misconfigurations and missing security updates. It includes a graphical and command-line interface, and can perform local or remote scans. It can also generate a security report for each computer in a network that it scans. For more information, read the Microsoft Baseline Security Analyzer overview.

                                                        What is Windows Server Update Services?
                                                        Windows Server Update Services, previously known as Software Update Services (SUS), is the update management component for the Windows Server 2003 family. It scans and reports security settings for all computers within a network, and synchronizes updates. It also helps reduce risks and costs commonly associated with updating medium to large networks. For more information, visit the Windows Server System site for Windows Server Update Services.

                                                        Which types of updates do Automatic Updates, Windows Update, and Windows Server Update Services deliver?

                                                          Automatic Updates Windows Update Web Site
                                                        Express Custom
                                                        Windows Server Update Services*
                                                        High priority Updates
                                                        Critical Updates X X X X
                                                        Security Patches X X X X
                                                        Update Rollups X X X X
                                                        Service Packs X X X X
                                                        Optional Updates
                                                        Software     X X
                                                        Hardware     X  
                                                        Beta software     Opt-in setting  

                                                        *Network administrators can select any or all supported updates to distribute. Updates for Microsoft products such as Office, SQL Server and Exchange Server will be made available for use with Windows Server Update Services servers (but not for use with Software Update Services (SUS) 1.0 or SUS 1.0 with Service Pack 1 servers).

                                                        How can I get more updates, or updates that Windows Update doesn’t offer?
                                                        Visit the following Web sites:

                                                        • Microsoft Download Center
                                                          Get downloads for Microsoft products. Downloads are available in over 70 languages.
                                                        • Windows Update Catalog
                                                          Search for updates for servers and other computers using Windows operating systems.
                                                        • Microsoft Office Online
                                                          Find updates for the Microsoft Office System, versions 97, 98 and later. Downloads include templates, assistance content, and clip art.
                                                        • Microsoft Premier Support
                                                          Learn about Premier Support benefits, including additional updates, such as pre-release software.
                                                      • Configuration Manager 2007 SuperFlows

                                                        The SuperFlow interactive content model provides a structured and interactive interface for viewing documentation. Each SuperFlow includes comprehensive information about a specific Configuration Manager 2007 dataflow, workflow, or process. Depending on the focus of the SuperFlow, you will find overview information, steps that include detailed information, procedures, sample log entries, best practices, real-world scenarios, troubleshooting information, security information, animations, and more. Each SuperFlow also includes links to relevant resources, such as Web sites or local files that are copied to your computer when you install the SuperFlow.

                                                        The following table lists the Configuration Manager 2007 SuperFlows that are available for download.


                                                        SuperFlow Name Description

                                                        Client Installation and Assignment SuperFlow (

                                                        Provides detailed steps that you can use to prepare for and install the Configuration Manager 2007 client. This SuperFlow also provides you with the dataflow for background processes, additional resources related to client installation, and troubleshooting information for common issues.

                                                        Backup and Recovery SuperFlow for Configuration Manager 2007 (

                                                        Provides detailed steps that help you to backup and recover a Configuration Manager 2007 site.

                                                        SuperFlow for Creating SQL Server Reporting Services Report Models in Configuration Manager 2007 (

                                                        Provides detailed steps that you can use to create a SQL Server Reporting Services report model in Configuration Manager 2007.

                                                        SuperFlow for Configuring Software Updates (

                                                        Provides detailed steps that help you to plan for and configure software updates at a site. This SuperFlow also includes troubleshooting information and additional resources that you can use to learn more about configuring software updates in Configuration Manager 2007.

                                                        Software Update Deployment SuperFlow (

                                                        Provides information that helps you to prepare for and deploy software updates after you configure the software updates infrastructure and synchronize software updates.

                                                        Software Updates Synchronization SuperFlow (

                                                        Provides the detailed dataflow for the software updates synchronization process, additional resources related to software updates synchronization, and troubleshooting information.

                                                        SuperFlow for Operating System Deployment via PXE (

                                                        Provides information about operating system deployment by using preboot execution environment (PXE) service points.

                                                        common problems for Software Update Points

                                                        It is worth noting that Windows Software Update Server (WSUS) is a key dependency for the Software Update Point (SUP). When WSUS isn't happy, the SUP is also going to have a bad day... Along with this it’s crucial to allow WSUS to be configured by Configuration Manager - as independent configuration of the WSUS Server usually ends in tears, or at least an unruly conflict.



                                                        Online Content:

                                                        The online TechNet library for Configuration Manager has a plethora of topics covering Software Update Point (SUP) configurations so please explore the relevant links at need.

                                                        Before beginning, ensure your familiar with the core topics: About the Software Update Point

                                                        Some of the common problems found with Software Update Points:

                                                        WSUS Dependencies

                                                        Two dependencies in WSUS loom large for Configuration Manager and lead the way for call drivers in this area. Being aware of these two issues might save you time and suffering down the line. I will also note that while not yet released (and thus subject to change) WSUS 3.0 SP2 should provide relief from both of the following problems. Please keep in mind that until WSUS 3.0 SP2 is released, tested with, and supported for use by Configuration Manager, it may introduce problems which cannot be anticipated.

                                                        1. Issue per KB 954960. This first common problem is an issue which results in some clients failing to pull down updates from the WSUS Server (SUP). This problem is documented in KB 954960 and occurs due to a recent revision to a Microsoft Office 2003 Service Pack 1 (SP1) update that causes some WSUS 3.0 servers to incorrectly synchronize the revised update with the update’s approvals. When the affected client computers communicate with such a server, the Web service is unable to process the approvals. Therefore, the detection is unsuccessful.

                                                        Resolution: The WSUS KB 954960 article provides a download link for the update directly.

                                                        2. WSUS Server Uninstalls. Continuing to drive support calls is the problem where the WSUS Server underlying the SUP is found to have been deinstalled.. Forums posts correlate this problem with Server Reboots as well as being linked to SMS Site Backup operations. What is understood is this occurs when WSUS is installed on the Site Server, and an MSI repair call is made to WSUS which fails.

                                                        While there is no current fix for this problem it is expected to be resolved by WSUS 3.0 SP2 (This is indeed fixed with Service Pack 2) - which is still in beta at this time. Fortunately there are two widely discussed workarounds to be found on the forums which should help:


                                                        · Move the WSUS server off of the Configuration Manager Site server. Note: To date this issue has only been confirmed when WSUS and Configuration Manager are installed on the same machine.

                                                        · A manual registry edit can be implemented to prevent the WSUS repair from launching. For more on this please reference various forums postings such as this one:

                                                        Synchronization with Microsoft Updates

                                                        When the SUP fails to sync with Microsoft Updates the support hotline rings. There is really only one flavor of problem seen with regularity, so please check this out and potentially save yourself some coin.

                                                        Note: This same problem impacts Upstream/Downstream and related Server Sync operations.

                                                        1. Port and Proxy Configurations and Authentication. Whether the proxy is hardware, software, on the SUP or on the network, the results are the same. Incorrect configurations equal a sync failure. This includes omitting a proxy, defining one when not needed, WPAD configurations, as well as incorrect authentication, filtering, or port details. It’s recommended you work with your Networking Team to identify any proxy configurations which might exist. I regret that tools and approaches to investigating this type of issue are beyond the scope of this blog. Find more here:

                                                        Configuration Manager SUP Configurations

                                                        When external dependencies are in hand the next common call driver involves configuration choices for the Software Update Point. These are common enough to represent an ongoing class of issues and to be worth identifying here.

                                                        1. Active SUP - With all the configuration details necessary it's not uncommon to overlook defining an Active SUP. Fortunately it's quick and easy to do. Find more here:

                                                        2. Ports on the SUP - Bringing up the tail end of common issues is the configuration of the SUP Ports. This is a simple task yet is often overlooked and not validated. It's easy to correct when incorrect as well. If your SUP is involved in a problem, please make this simple check which may be part of the puzzle. Find more here:

                                                        General Information:

                                                        The following are resources you may find of use when approaching Software Update Pont issues and strategies:

                                                        SuperFlows for Software Updates:

                                                        Software Update related TechNet Forums:

                                                        WSUS Homepage on TechNet:

                                                        WSUS Team Blog:

                                                        SCCM : Copy and Paste, context menu add-on


                                                        SCCM : Copy and Paste, context menu add-on

                                                        I like SCCM (System Center Configuration Manager) and in my opinion it is a great management tool, but it's developers, apparently, forgot the small things that makes it better. One of the missing feathers is the copy & paste menu option ("Elementary my dear Watson"). When I first installed SCCM 2007, I was very excited to find the copy option, but till today I couldn't find his little sister, "paste", I suspect that they decided to release her in the next version.

                                                        Please help "Copy" find his little sister "Paste" in the following picture: סמיילי


                                                        There is a saying "If the mountain won't come to Muhammad, Muhammad must go to the mountain.", so I tried to write something of my own. Microsoft delivers a good SDK pack for SCCM, which helped me reach my goal.

                                                        My tool adds Copy and Paste options to the context menu of Collections (Queries), Packages, Programs and Advertisements.

                                                        Collections (Collection Queries)

                                                        Select the source collection (from the right or left pane) and choose "Copy Collection Query"


                                                        Select target collection (from the right or left pane) and choose "Paste Collection Query"


                                                        Choose a name for the new query


                                                        If you press cancel the specific query will not be copied (It will proceed to the next query)

                                                        The result:

                                                        נורת חשמל You first need to refresh the collection branch


                                                        At the end of the process you will be asked whether or not you want to delete the cashed settings



                                                        Select the source package and choose "Copy Package"

                                                        נורת חשמל Works only from the right pane


                                                        To paste the new package select any package on the right pane, and choose "Paste Package" from the Popup menu

                                                        Choose a name for the new package

                                                        Choose whether or not you want to delete the cached settings

                                                        נורת חשמל Don't forget to refresh the collection branch:


                                                        נורת חשמל Distribution Points,Access Accounts,Programs won't be copied


                                                        Select the source package and choose "Copy Program"

                                                        נורת חשמל Works only from the right pane


                                                        To paste the new program to the same package, right click the source program (on the right pane), and choose "Paste Program" from the menu

                                                        To paste the new program to another package, right click the target "Programs" (on the left pane), and choose "Paste Program" from the menu

                                                        Choose a name for the new program

                                                        Choose whether or not you want to delete the cached settings

                                                        נורת חשמל Don't forget to refresh the Programs' branch:



                                                        Select the source package and choose "Copy Advertisement"

                                                        נורת חשמל Works only from the right pane


                                                        To paste the new advertisement select any advertisement on the right pane, and choose "Paste Advertisement" from the menu

                                                        Choose a name for the new Advertisement

                                                        Choose whether or not you want to delete the cached settings

                                                        נורת חשמל If the source advertisement contains custom scheduler it won't be copied, instead the new advertisement will contain the following fixed date as shown below (Of course, after pasting, you can change it to any desired date):


                                                        The purpose of this behavior is to avoid automatic deployment after pasting the new advertisement.

                                                        נורת חשמל For this reason try to avoid copying advertisements which contains "AS Soon AS Possible"

                                                        The target mandatory assignments will have two assignments:




                                                        During the setup you can choose which extension to install:


                                                        You can download the setup from HERE

                                                        What’s in a Heartbeat

                                                        Questions often come on the forums about Heartbeat Discovery including how often should they be configured to run or indirectly, what updates certain resource information in ConfigMgr like the IP Address.

                                                        The answer to the first question depends on what you are going to use the data for that is contained in a Heartbeat Discovery? But if you don’t know what’s in a Heartbeat Discovery message, it’s very difficult to answer that question. So, here’s exactly what gets included in the Data Discovery Record (DDR) generated by the client and sent to the server during a Heartbeat Discovery:

                                                        • Is the client installed?

                                                        • Client type (Legacy, Advanced, or Device)

                                                        • Client version

                                                        • NetBIOS Name

                                                        • Character encoding used by the client

                                                        • Default system locale identifier (typically representative of the client’s language)

                                                        • Date and time of the DDR

                                                        • Date and time of last DDR

                                                        • Short name of system

                                                        • Currently logged in (interactive) user

                                                        • FQDN of system

                                                        • IP Network ID

                                                        • Platform ID (this is an encoding of the OS version)

                                                        • AD Site Name

                                                        • IP Address(es)

                                                        • MAC Address(es)

                                                        • Domain name

                                                        • Assigned (Primary) Site

                                                        • Hardware ID

                                                        • Identifying number (of the computer system)

                                                        • Product name (of the computer system)

                                                        • UUID (of the computer system)

                                                        • Version (of the computer system)

                                                        The above list also addresses the second question --  at least as far as Heartbeat Discovery is concerned.

                                                        So the question for how often to run the Heartbeat Discovery is really how often do you need the above information updated?

                                                        Heartbeat Discovery messages are quite small and have negligible overhead on the client. Cumulatively, a large number could impact an under-powered management point, however, so setting them too frequently is not advisable. Out of the box, the default is 7 days. I typically set this down to every 1 day and know others do it even more often. I would never recommend setting this to less than 1 or 2 hours except in very small environments – there isn’t really any value in doing so anyway as nothing in the above list normally changes that frequently.

                                                        The Heartbeat Discovery also serves as a “keep alive” or “yes I am alive” message from the client to the site server. Based on this, the Clear Install Flag and Delete Aged Discovery Data maintenance tasks perform their jobs. Note that the Delete Inactive Client Discovery Data  does not directly use the heartbeat time. Instead, Client Status Reporting (available in R2 and R3), uses the last heartbeat time along with last hardware inventory, last software inventory, and last policy polling time to determine if a client is inactive. Once a client is marked inactive by Client Status Reporting, it is then subject to the Delete Inactive Client Discovery Data task.

                                                        This “keep alive” purpose of the heartbeat discovery should also influence your choice of how often to set the interval; i.e., you shouldn’t set so infrequently that it might get accidentally marked inactive or not installed by one of the above mentioned maintenance tasks.

                                                        Note that you can manually initiate a Heartbeat Discovery anytime on a client from the Configuration Manager Control Panel applet by navigating to the actions tab, selecting Discovery Data Collection Cycle, and then pushing the Initiate Action button. Alternatively you can use Roger Zander’s Client Center, the right-click tools, or use the SDK to initiate this action remotely.

                                                        There are two additional important points to be made about Heartbeat Discovery (these are copied straight from

                                                        Heartbeat Discovery forces the rediscovery of active clients that have been deleted from the Configuration Manager database by the administrator, or by a database maintenance task.

                                                        • If you accidentally delete a computer from the Configuration Manager console, it will automatically "come back" if it is still active on the network. You can either wait for the next Heartbeat Discovery cycle to run, or you can hurry things along by selecting the Discovery Data Collection Cycle on the client Configuration Manager Properties: Actions tab, and click OK.

                                                        Heartbeat Discovery is the discovery process that submits a client's installation status to its assigned site.

                                                        • The client might be installed but the client state in the Configuration Manager console continues to display No for its Client state if the site hasn't received the client's discovery data record (DDR) from Heartbeat Discovery. This will be the case if the client cannot communicate with its management point.