All about Systems Management / ConfigMgr : 2011-10-23

Saturday, October 29, 2011

DP Package Utility – For Remove all packages from a Specific DP

With the help of this utility we can add & remove Packages from a Specific DP

http://www.myitforum.com/inc/arts/12171Setup.zip

For this Utility required .NET Framework 2.0

"+" In AutoCAD files not able to Download at client side

This can be fixed with……….

investigated this and turns out this is an IIS request filtering issue with urls containing "+" character. Basically you get a 404.11 error since the url is double encoded. The following KB article presents a workaround to set "allowDoubleEscaping" to true. Note that by default this is disabled and you need to set this explicitly.

http://support.microsoft.com/default.aspx/kb/942076

After I enabled this I was able to download files from directories containing "+" character. Can you try this out and let me know if it resolves you issue.

To resolve this problem, follow these steps.
Note After you follow these steps, the security level of the server that is running IIS may be reduced. Therefore, before you set the allowDoubleEscaping property to True, consider the risk that is involved.

Click Start, type Notepad in the Start Search box, right-click Notepad in the Programs list, and then clickRun as administrator. If you are prompted for an administrator password or for a confirmation, type your password, or click Continue.
On the File menu, click Open, type %windir%\System32\inetsrv\config\applicationHost.config in the File name box, and then click Open.
In the ApplicationHost.config file, locate the requestFiltering XML element.
Change the value of the allowDoubleEscaping property to True. To do this, use code that resembles the following example code.
```
<requestFiltering allowDoubleEscaping="true">
```
On the File menu, click Save.
Exit Notepad.

Important When you enable double escaped sequences, the security level of the server that is running IIS may be decreased.
The previous steps will directly edit the applicationHost.config file and configure this setting at the server level. You can also use the Appcmd command to configure this setting. To do this, follow these steps:

Click Start, click Run, and then type cmd in the Open box.
Type the following command, and then press ENTER:
C: CD %windir%\system32\inetsrv
Run one of the following commands:
- ```
Appcmd set config "Default Web Site" /section:system.webServer/Security/requestFiltering -allowDoubleEscaping:True
```
  Note This will configure this setting only for the "Default Web Site" by creating or editing the Web.config file in the root folder of the "Default Web Site."
- ```
appcmd set config "Default Web Site" /section:system.webServer/Security/requestFiltering -allowDoubleEscaping:True /commit:appHost
```
  Note This will configure this setting only for the "Default Web Site" in the applicationHost.config file by using a location tag.

Wake On LAN Vs OBT (Out of band management)

http://technet.microsoft.com/en-us/library/cc161828.aspx

Feature	Advantage	Disadvantage
Wake On LAN	Does not require that the site is running Configuration Manager 2007 SP1. Supported by many network adapters. UDP wake-up packets are quick to send and process. Does not require a PKI infrastructure. Does not require any changes to Active Directory Domain Services. Supported on workgroup computers, computers from another Active Directory forest, and computers in the same Active Directory forest but using a noncontiguous namespace.	Less secure solution than out of band management because it does not use authentication or encryption. If subnet-directed broadcast transmissions are used for the wake-up packets, this has the security risk of smurf attacks. For more information about securing subnet-directed broadcast transmissions with Wake On LAN, see Secure Routers for Subnet-Directed Broadcasts for Wake On LAN. Might require manual configuration on each computer for BIOS settings and adapter configuration. No confirmation that computers are woken up. Wake-up transmissions as multiple UDP packets can unnecessarily saturate available network bandwidth. Cannot wake up computers interactively. Cannot return computers to sleep state. Management features are restricted to waking up computers only.
Out of band management	More secure solution than Wake On LAN because it provides authentication and encryption using standard industry security protocols. It can also integrate with an existing PKI deployment, and the security controls can be managed independently from the product. Supports automatic centralized setup and configuration (provisioning). Established transport session for a more reliable connection and auditable connection. Computers can be woken up interactively (and restarted). Computers can be powered down interactively. Additional management capabilities, which include the following: Restarting a non-functioning computer and booting from a locally connected device or known good boot image file. Re-imaging a computer by booting from a boot image file that is located on the network or by using a PXE server. Reconfiguring the BIOS settings on a selected computer (and bypassing the BIOS password if this is supported by the BIOS manufacturer). Booting to a command-based operating system to run commands, repair utilities, or diagnostic applications (for example, upgrading the firmware or running a disk repair utility).	Requires that the site is running Configuration Manager 2007 SP1 or later. Supported only on desktop computers that have the Intel vPro chip set and a supported version of Intel Active Management Technology (Intel AMT) firmware. For more information about which AMT versions are supported, see Overview of Out of Band Management. The transport session requires more time to establish, higher processing on the server, and an increase in data transferred. Requires a PKI deployment and specific certificates. Requires an Active Directory container that is created and configured for publishing AMT-based computers. Cannot support workgroup computers, computers from another Active Directory forest, or computers from the same Active Directory forest but using a noncontiguous namespace. Might require infrastructure changes to DNS and DHCP if provisioning out of band (the client for Configuration Manager 2007 SP1 or later is not installed).

Feature

Advantage

Disadvantage

Wake On LAN

Does not require that the site is running Configuration Manager 2007 SP1.

Supported by many network adapters.

UDP wake-up packets are quick to send and process.

Does not require a PKI infrastructure.

Does not require any changes to Active Directory Domain Services.

Supported on workgroup computers, computers from another Active Directory forest, and computers in the same Active Directory forest but using a noncontiguous namespace.

Less secure solution than out of band management because it does not use authentication or encryption. If subnet-directed broadcast transmissions are used for the wake-up packets, this has the security risk of smurf attacks. For more information about securing subnet-directed broadcast transmissions with Wake On LAN, see Secure Routers for Subnet-Directed Broadcasts for Wake On LAN.

Might require manual configuration on each computer for BIOS settings and adapter configuration.

No confirmation that computers are woken up.

Wake-up transmissions as multiple UDP packets can unnecessarily saturate available network bandwidth.

Cannot wake up computers interactively.

Cannot return computers to sleep state.

Management features are restricted to waking up computers only.

Out of band management

More secure solution than Wake On LAN because it provides authentication and encryption using standard industry security protocols. It can also integrate with an existing PKI deployment, and the security controls can be managed independently from the product.

Supports automatic centralized setup and configuration (provisioning).

Established transport session for a more reliable connection and auditable connection.

Computers can be woken up interactively (and restarted).

Computers can be powered down interactively.

Additional management capabilities, which include the following:

Restarting a non-functioning computer and booting from a locally connected device or known good boot image file.
Re-imaging a computer by booting from a boot image file that is located on the network or by using a PXE server.
Reconfiguring the BIOS settings on a selected computer (and bypassing the BIOS password if this is supported by the BIOS manufacturer).
Booting to a command-based operating system to run commands, repair utilities, or diagnostic applications (for example, upgrading the firmware or running a disk repair utility).

Requires that the site is running Configuration Manager 2007 SP1 or later.

Supported only on desktop computers that have the Intel vPro chip set and a supported version of Intel Active Management Technology (Intel AMT) firmware. For more information about which AMT versions are supported, see Overview of Out of Band Management.

The transport session requires more time to establish, higher processing on the server, and an increase in data transferred.

Requires a PKI deployment and specific certificates.

Requires an Active Directory container that is created and configured for publishing AMT-based computers.

Cannot support workgroup computers, computers from another Active Directory forest, or computers from the same Active Directory forest but using a noncontiguous namespace.

Might require infrastructure changes to DNS and DHCP if provisioning out of band (the client for Configuration Manager 2007 SP1 or later is not installed).

Both features support waking up computers for the following scheduled activities:

Software update deployments that are configured with a deadline.
Mandatory advertisements for software distribution or a task sequence.

If you are using Wake On LAN and out of band management in the same site, you must choose how the site will wake up computers for scheduled activities that are configured for Wake On LAN. The following options are located on the Site Properties: Wake On LAN Tab:

Use power on commands if the computer supports this technology, otherwise use wake-up packets
Use power on commands only
Use wake-up packets only

Make your choice based on which feature you are using and whether the computers assigned to the site support the feature. Also take into consideration the advantages and disadvantages of both features as listed above. For example, wake-up packets are less reliable and are not secured, but power on commands take longer to establish and require more processing on the site system server that is configured with the out of band service point.

Friday, October 28, 2011

Pop-up to Postpone the advertisement or allow user to interact with advertisement

there was good Script from Jörgen Nilsson for Pop-up to Postpone the advertisement or allow user to interact with advertisement

http://ccmexec.com/2011/09/allow-the-user-to-postpone-installation-in-sccm/

Screenshots of how it will look at the client:

If the user press Cancel:

If the Process specified is running:

Usage:

Download the script: http://ccmexec.com/wp-content/uploads/2011/09/Prerun1.txt
Create a Package in SCCM containing the prerun1.vbs file
Create a Program with a command line for executing the script, for example:
“wscript.exe prerun1.vbs Excel Excel.exe”

Pages