| What is Windows Update? Tip: How does it work? What types of updates can I get? What’s the difference between Express and Custom? Do I need to install optional updates? Can I get updates automatically? Is Automatic Updates the same as Windows Update? What is Automatic Updates? How can I get more information about an update before I install it? Do I have to do anything to install an update? What happens if I select "Don't show me this update again"? If I hide an update, how do I get it back later? How often does Windows Update release new updates? Other types of updates are released whenever they are ready. It’s a good idea to turn on Automatic Updates so that your computer can receive high priority updates as they become available. How do I add Windows Update to my list of trusted Web sites? Supported versions and languages Which operating systems does Windows Update support? Which browser versions can I use to access Windows Update? How do I know which version of Internet Explorer I’m using? Can I view the Windows Update Web site using another language? How do I change my language settings? Why does Windows Update recommend a language for me to use? Can I get updates in multiple languages? What happens if I cancel the download process or disconnect from the Internet before an update is fully downloaded? I get an Internet Explorer error—how do I change my settings to work with Windows Update? To prevent problems, you can also add Windows Update to your list of trusted sites (instructions provided in the Using Windows Update section). I get ActiveX or scripting warnings when I use Windows Update—is there a problem? Get more information about digital certificates, trusting Web sites, and choosing security settings by searching Internet Explorer Help. (If you don't want to see warnings when you use Windows Update, you can change your security settings but it's not recommended. If you lower the level of your settings, your computer is more vulnerable to viruses and other security threats.) Why can’t I view update details, installation history details, or troubleshooting articles? To change Pop-up Blocker settings (available for Internet Explorer 6 on Windows XP SP2 or later): If you use other pop-up blocking software, find out whether you can change your settings just for links that you click within a Web site. If not, you might need to allow pop-ups while using Windows Update. Where do I go if I have problems installing an update? Why can’t I find an update after I’ve restored hidden updates? Why can’t I install some updates at the same time as other updates? Other types of updates require you to restart your computer before they can take effect. You must install these updates separately. You can then return to Windows Update to see if more updates apply. Networking and Advanced Information What if I need to update more than one computer? If you are a network administrator, go to Administrator options for information about additional update services, such as the Windows Update Catalog and Windows Server Update Services. What is Microsoft Baseline Security Analyzer (MBSA)? What is Windows Server Update Services? Which types of updates do Automatic Updates, Windows Update, and Windows Server Update Services deliver? How can I get more updates, or updates that Windows Update doesn’t offer? | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Monday, May 2, 2011
Using Windows Update Basics
common problems for Software Update Points
It is worth noting that Windows Software Update Server (WSUS) is a key dependency for the Software Update Point (SUP). When WSUS isn't happy, the SUP is also going to have a bad day... Along with this it’s crucial to allow WSUS to be configured by Configuration Manager - as independent configuration of the WSUS Server usually ends in tears, or at least an unruly conflict.
Online Content:
The online TechNet library for Configuration Manager has a plethora of topics covering Software Update Point (SUP) configurations so please explore the relevant links at need.
Before beginning, ensure your familiar with the core topics: About the Software Update Point http://technet.microsoft.com/en-us/library/bb632674.aspx
Some of the common problems found with Software Update Points:
WSUS Dependencies
Two dependencies in WSUS loom large for Configuration Manager and lead the way for call drivers in this area. Being aware of these two issues might save you time and suffering down the line. I will also note that while not yet released (and thus subject to change) WSUS 3.0 SP2 should provide relief from both of the following problems. Please keep in mind that until WSUS 3.0 SP2 is released, tested with, and supported for use by Configuration Manager, it may introduce problems which cannot be anticipated.
1. Issue per KB 954960. This first common problem is an issue which results in some clients failing to pull down updates from the WSUS Server (SUP). This problem is documented in KB 954960 and occurs due to a recent revision to a Microsoft Office 2003 Service Pack 1 (SP1) update that causes some WSUS 3.0 servers to incorrectly synchronize the revised update with the update’s approvals. When the affected client computers communicate with such a server, the Web service is unable to process the approvals. Therefore, the detection is unsuccessful.
Resolution: The WSUS KB 954960 article provides a download link for the update directly.
2. WSUS Server Uninstalls. Continuing to drive support calls is the problem where the WSUS Server underlying the SUP is found to have been deinstalled.. Forums posts correlate this problem with Server Reboots as well as being linked to SMS Site Backup operations. What is understood is this occurs when WSUS is installed on the Site Server, and an MSI repair call is made to WSUS which fails.
While there is no current fix for this problem it is expected to be resolved by WSUS 3.0 SP2 (This is indeed fixed with Service Pack 2) - which is still in beta at this time. Fortunately there are two widely discussed workarounds to be found on the forums which should help:
Workarounds:
· Move the WSUS server off of the Configuration Manager Site server. Note: To date this issue has only been confirmed when WSUS and Configuration Manager are installed on the same machine.
· A manual registry edit can be implemented to prevent the WSUS repair from launching. For more on this please reference various forums postings such as this one: http://social.technet.microsoft.com/Forums/en-US/configmgrsum/thread/ec73565a-93df-48d6-b411-35ffec7d25e4/
Synchronization with Microsoft Updates
When the SUP fails to sync with Microsoft Updates the support hotline rings. There is really only one flavor of problem seen with regularity, so please check this out and potentially save yourself some coin.
Note: This same problem impacts Upstream/Downstream and related Server Sync operations.
1. Port and Proxy Configurations and Authentication. Whether the proxy is hardware, software, on the SUP or on the network, the results are the same. Incorrect configurations equal a sync failure. This includes omitting a proxy, defining one when not needed, WPAD configurations, as well as incorrect authentication, filtering, or port details. It’s recommended you work with your Networking Team to identify any proxy configurations which might exist. I regret that tools and approaches to investigating this type of issue are beyond the scope of this blog. Find more here:
- How to Configure the Proxy Settings for the Software Update Point
- How to Configure a Firewall for Software Updates
- How to Configure Software Updates Synchronization
- How to Configure Proxy Settings Used When Downloading Software Update Files
Configuration Manager SUP Configurations
When external dependencies are in hand the next common call driver involves configuration choices for the Software Update Point. These are common enough to represent an ongoing class of issues and to be worth identifying here.
1. Active SUP - With all the configuration details necessary it's not uncommon to overlook defining an Active SUP. Fortunately it's quick and easy to do. Find more here:
- How to Create and Configure an Active Software Update Point
- How to Create and Configure an Active Internet-Based Software Update Point
- How to Create and Configure an Active Software Update Point on a Secondary Site
- How to Configure the Active Software Update Point Component to Use an NLB Cluster
2. Ports on the SUP - Bringing up the tail end of common issues is the configuration of the SUP Ports. This is a simple task yet is often overlooked and not validated. It's easy to correct when incorrect as well. If your SUP is involved in a problem, please make this simple check which may be part of the puzzle. Find more here:
General Information:
The following are resources you may find of use when approaching Software Update Pont issues and strategies:
SuperFlows for Software Updates: http://technet.microsoft.com/en-us/library/ff385001.aspx
Software Update related TechNet Forums: http://social.technet.microsoft.com/Forums/en-US/configmgrsum/threads/
WSUS Homepage on TechNet: http://technet.microsoft.com/en-us/wsus/default.aspx
WSUS Team Blog: http://blogs.technet.com/wsus/default.aspx
SCCM : Copy and Paste, context menu add-on
Source:--http://blogs.microsoft.co.il/blogs/doli/archive/2011/04/27/sccm-copy-and-paste-context-menu-add-on.aspx
SCCM : Copy and Paste, context menu add-on
I like SCCM (System Center Configuration Manager) and in my opinion it is a great management tool, but it's developers, apparently, forgot the small things that makes it better. One of the missing feathers is the copy & paste menu option ("Elementary my dear Watson"). When I first installed SCCM 2007, I was very excited to find the copy option, but till today I couldn't find his little sister, "paste", I suspect that they decided to release her in the next version.
Please help "Copy" find his little sister "Paste" in the following picture: 
There is a saying "If the mountain won't come to Muhammad, Muhammad must go to the mountain.", so I tried to write something of my own. Microsoft delivers a good SDK pack for SCCM, which helped me reach my goal.
My tool adds Copy and Paste options to the context menu of Collections (Queries), Packages, Programs and Advertisements.
Collections (Collection Queries)
Select the source collection (from the right or left pane) and choose "Copy Collection Query"
Select target collection (from the right or left pane) and choose "Paste Collection Query"
Choose a name for the new query
If you press cancel the specific query will not be copied (It will proceed to the next query)
The result:
At the end of the process you will be asked whether or not you want to delete the cashed settings
Packages
Select the source package and choose "Copy Package"
To paste the new package select any package on the right pane, and choose "Paste Package" from the Popup menu
Choose a name for the new package
Choose whether or not you want to delete the cached settings
Programs
Select the source package and choose "Copy Program"
To paste the new program to the same package, right click the source program (on the right pane), and choose "Paste Program" from the menu
To paste the new program to another package, right click the target "Programs" (on the left pane), and choose "Paste Program" from the menu
Choose a name for the new program
Choose whether or not you want to delete the cached settings
Advertisements
Select the source package and choose "Copy Advertisement"
To paste the new advertisement select any advertisement on the right pane, and choose "Paste Advertisement" from the menu
Choose a name for the new Advertisement
Choose whether or not you want to delete the cached settings
The purpose of this behavior is to avoid automatic deployment after pasting the new advertisement.
The target mandatory assignments will have two assignments:
SETUP
During the setup you can choose which extension to install:
You can download the setup from HERE
What’s in a Heartbeat
Questions often come on the forums about Heartbeat Discovery including how often should they be configured to run or indirectly, what updates certain resource information in ConfigMgr like the IP Address.
The answer to the first question depends on what you are going to use the data for that is contained in a Heartbeat Discovery? But if you don’t know what’s in a Heartbeat Discovery message, it’s very difficult to answer that question. So, here’s exactly what gets included in the Data Discovery Record (DDR) generated by the client and sent to the server during a Heartbeat Discovery:
-
Is the client installed?
-
Client type (Legacy, Advanced, or Device)
-
Client version
-
NetBIOS Name
-
Character encoding used by the client
-
Default system locale identifier (typically representative of the client’s language)
-
Date and time of the DDR
-
Date and time of last DDR
-
Short name of system
-
Currently logged in (interactive) user
-
FQDN of system
-
IP Network ID
-
Platform ID (this is an encoding of the OS version)
-
AD Site Name
-
IP Address(es)
-
MAC Address(es)
-
Domain name
-
Assigned (Primary) Site
-
Hardware ID
-
Identifying number (of the computer system)
-
Product name (of the computer system)
-
UUID (of the computer system)
-
Version (of the computer system)
The above list also addresses the second question -- at least as far as Heartbeat Discovery is concerned.
So the question for how often to run the Heartbeat Discovery is really how often do you need the above information updated?
Heartbeat Discovery messages are quite small and have negligible overhead on the client. Cumulatively, a large number could impact an under-powered management point, however, so setting them too frequently is not advisable. Out of the box, the default is 7 days. I typically set this down to every 1 day and know others do it even more often. I would never recommend setting this to less than 1 or 2 hours except in very small environments – there isn’t really any value in doing so anyway as nothing in the above list normally changes that frequently.
The Heartbeat Discovery also serves as a “keep alive” or “yes I am alive” message from the client to the site server. Based on this, the Clear Install Flag and Delete Aged Discovery Data maintenance tasks perform their jobs. Note that the Delete Inactive Client Discovery Data does not directly use the heartbeat time. Instead, Client Status Reporting (available in R2 and R3), uses the last heartbeat time along with last hardware inventory, last software inventory, and last policy polling time to determine if a client is inactive. Once a client is marked inactive by Client Status Reporting, it is then subject to the Delete Inactive Client Discovery Data task.
This “keep alive” purpose of the heartbeat discovery should also influence your choice of how often to set the interval; i.e., you shouldn’t set so infrequently that it might get accidentally marked inactive or not installed by one of the above mentioned maintenance tasks.
Note that you can manually initiate a Heartbeat Discovery anytime on a client from the Configuration Manager Control Panel applet by navigating to the actions tab, selecting Discovery Data Collection Cycle, and then pushing the Initiate Action button. Alternatively you can use Roger Zander’s Client Center, the right-click tools, or use the SDK to initiate this action remotely.
There are two additional important points to be made about Heartbeat Discovery (these are copied straight from http://blogs.technet.com/b/configurationmgr/archive/2010/03/30/the-top-ten-clarifications-for-discovery-in-configuration-manager-2007.aspx):
Heartbeat Discovery forces the rediscovery of active clients that have been deleted from the Configuration Manager database by the administrator, or by a database maintenance task.
-
If you accidentally delete a computer from the Configuration Manager console, it will automatically "come back" if it is still active on the network. You can either wait for the next Heartbeat Discovery cycle to run, or you can hurry things along by selecting the Discovery Data Collection Cycle on the client Configuration Manager Properties: Actions tab, and click OK.
Heartbeat Discovery is the discovery process that submits a client's installation status to its assigned site.
-
The client might be installed but the client state in the Configuration Manager console continues to display No for its Client state if the site hasn't received the client's discovery data record (DDR) from Heartbeat Discovery. This will be the case if the client cannot communicate with its management point.
Friday, April 29, 2011
MSG.Exe : To pass a input to the Batch file for a User inputs / Notification
msg.exe * /TIME:300 /v /w "Message From IT Administrator: Please Save and close your all office Applications and then click OK"
Time:300 seconds will wait for the user input if no input received it will execute it
Send a message to a user.
MSG {username | sessionname | sessionid | @filename | *}
[/SERVER:servername] [/TIME:seconds] [/V] [/W] [message]
username Identifies the specified username.
sessionname The name of the session.
sessionid The ID of the session.
@filename Identifies a file containing a list of usernames,
sessionnames, and sessionids to send the message to.
* Send message to all sessions on specified server.
/SERVER:servername server to contact (default is current).
/TIME:seconds Time delay to wait for receiver to acknowledge msg.
/V Display information about actions being performed.
/W Wait for response from user, useful with /V.
message Message to send. If none specified, prompts for it
or reads from stdin.
SCCM Documentation Updated
Configuration Manager 2007 documentation library (http://technet.microsoft.com/en-us/library/bb680651.aspx) has been updated on the Web with updates for April. Topics that were updated have Updated: April 1, 2011 at the top of the topic.
Configuration Manager 2007 Quizzes also updated
Configuration Manager 2012 documentation library Configuration Manager 2012 Documentation Library.
Tuesday, April 26, 2011
SQL query for Patches required systems as per collection with the SIZE of each update
Below is sql query for Patches required systems as per collection with the SIZE of each update
SELECT DISTINCT
TOP (100) PERCENT SYS.Name0 AS [Machine Name], UCS.Status AS [Patch Status Code], UI.BulletinID, UI.ArticleID, UI.Title,
dbo.v_FullCollectionMembership.ResourceID, dbo.v_Collection.CollectionID, UI.CI_ID, dbo.CI_Contents.SourceSize /(1024.0*1024) AS SizeinMB
FROM dbo.v_UpdateContents INNER JOIN
dbo.v_FullCollectionMembership INNER JOIN
dbo.v_Collection ON dbo.v_FullCollectionMembership.CollectionID = dbo.v_Collection.CollectionID INNER JOIN
dbo.v_R_System AS SYS LEFT OUTER JOIN
dbo.v_Update_ComplianceStatusAll AS UCS ON SYS.ResourceID = UCS.ResourceID INNER JOIN
dbo.v_UpdateInfo AS UI ON UCS.CI_ID = UI.CI_ID ON dbo.v_FullCollectionMembership.ResourceID = UCS.ResourceID ON
dbo.v_UpdateContents.CI_ID = UI.CI_ID INNER JOIN
dbo.CI_Contents ON dbo.v_UpdateContents.Content_ID = dbo.CI_Contents.Content_ID
WHERE (UCS.Status IN ('2')) AND (dbo.v_Collection.CollectionID = 'HCC000FB')
ORDER BY UI.ArticleID
Wednesday, April 20, 2011
Did you checked what is the log file of SCCM DB ? or did you checked what is the backup size and why it is increasing ?
Did you checked what is the log file of SCCM DB ? or did you checked what is the backup size and why it is increasing ?
Yes it is because of transaction log size increase … check below query to know the size of the log files….
SELECT name,size from sys.database_files
output:-
name size
SMS_SiteCode 662576
SMS_SiteCode_log 3541704
Monday, April 18, 2011
SQL Report with the systems Names and Architecture for specific collection
finding the systems Names and Architecture for specific collection
SELECT dbo.v_Collection.CollectionID, dbo.v_GS_COMPUTER_SYSTEM.Name0, dbo.v_GS_COMPUTER_SYSTEM.SystemType0,
dbo.v_GS_COMPUTER_SYSTEM.UserName0, dbo.v_R_System.Operating_System_Name_and0
FROM dbo.v_Collection INNER JOIN
dbo.v_FullCollectionMembership ON dbo.v_Collection.CollectionID = dbo.v_FullCollectionMembership.CollectionID INNER JOIN
dbo.v_GS_COMPUTER_SYSTEM ON dbo.v_FullCollectionMembership.ResourceID = dbo.v_GS_COMPUTER_SYSTEM.ResourceID INNER JOIN
dbo.v_R_System ON dbo.v_GS_COMPUTER_SYSTEM.ResourceID = dbo.v_R_System.ResourceID
WHERE (dbo.v_Collection.CollectionID = 'CollectionID')
Required Patches based on collection ID
SELECT DISTINCT
TOP (100) PERCENT SYS.Name0 AS [Machine Name], UCS.Status AS [Patch Status Code],
CASE WHEN UCS.Status = '2' THEN 'Applicable' WHEN UCS.Status = '3' THEN 'Installed' ELSE '' END AS 'Patch Status', UI.BulletinID, UI.ArticleID, UI.Title,
dbo.v_FullCollectionMembership.ResourceID, dbo.v_Collection.CollectionID
FROM dbo.v_FullCollectionMembership INNER JOIN
dbo.v_Collection ON dbo.v_FullCollectionMembership.CollectionID = dbo.v_Collection.CollectionID INNER JOIN
dbo.v_R_System AS SYS LEFT OUTER JOIN
dbo.v_Update_ComplianceStatusAll AS UCS ON SYS.ResourceID = UCS.ResourceID INNER JOIN
dbo.v_UpdateInfo AS UI ON UCS.CI_ID = UI.CI_ID ON dbo.v_FullCollectionMembership.ResourceID = UCS.ResourceID
WHERE (UCS.Status IN ('3', '2')) AND (dbo.v_Collection.CollectionID = 'CollectionID')
ORDER BY UI.ArticleID
HOW TO: Use Wildcard Search with Various Google Services Read more:
My favorite operator is wildcard because it is able to give you most unexpected and creative results.
Here’s how you can play with it in various Google services:
General Google Search + Wildcard
General Google search allows a lot of flexibility with its wildcard operator.
How it works: * is substituted by one or more words.
When it comes particularly in handy: In combination with “” (exact match) search to control the proximity within a set phrase. This trick can turn particularly useful for content inspiration as well as for keyword research (to expand your initial query):
You can also achieve unexpected results when using the wildcard operator in combination with other search commands. Try:
- intext:”diabetic * diets”
- intitle:”diabetic * diets”
- “diabetic * diets” -food
- etc
Other Google Search Services + Wildcard
While many people are aware of wildcard search for “Universal” / “blended” results, few users also use the wildcard operator for other types of search results. Wildcard operator is also supported by multiple search engines run by Google:
- Google images
- Google video and Youtube;
- Blog search;
- Google news;
- Google Shopping
- etc
How it works: * is substituted by one or more words.
When it comes particularly in handy:
Here are a few example of how the search operator can turn particularly useful:
- Find video content inspiration; example: ["blogging * wordpress"]
- Customize your Google News RSS feed (to use it to track your brand mentions or to monitor new opportunities); example: ["guest * post *"]
- Expand your search to include various possible variations; for example, to track new articles by “guest author” (and thus track new guest blogging opportunities), use this query in Google Blog Search: [inpostauthor:"guest * author" OR inpostauthor:"guest author"]
Google Reader + Wildcard
If you are an active Google Reader user and have plenty of relevant feeds in it, take the full advantage of its search functionality.
How it works: * is substituted by one word. To get two words within your phrase, use two asterisks.
When it comes particularly in handy: Google Reader is your personal collection of relevant feeds. Using it for keyword and content inspiration may turn much more effective than using generic search results.
Gmail Search + Wildcard
How it works: * is substituted by one or more words.
When it comes particularly in handy: Gmail is another useful collection of resources and links dirctly related to you, what you read and what you are subscribed to. I have once shared how Gmail search can turn a great help in your keyword and content research. With wildcard, this idea is even more effective.
A wildcard operator can also turn a great help for searching Gmail attachments: filename:google*.doc – This one filters emails to only those that have doc files attached and these files have [google] in the beginning of the name (whereas filename:*google*.doc searches for messages that have documents attached with “google” mentioned somewhere in the middle of the file name).
Here’s the example set of this search and the results it triggers:
Now, go play with search results to your heart’d content!
Thursday, April 14, 2011
Monday, April 11, 2011
Collections:
Computer that failed to run an advertisement:
select sys.ResourceID,sys.ResourceType,sys.Name,sys.SMSUniqueIdentifier,sys.ResourceDomainORWorkgroup,sys.Client from sms_r_system as sys inner join SMS_ClientAdvertisementStatus as offer on sys.ResourceID=offer.ResourceID WHERE AdvertisementID = ‘A0120005′ and LastStateName = ‘Failed’
Computer that ran an advertisement successfully:
select sys.ResourceID,sys.ResourceType,sys.Name,sys.SMSUniqueIdentifier,sys.ResourceDomainORWorkgroup,sys.Client from sms_r_system as sys inner join SMS_ClientAdvertisementStatus as offer on sys.ResourceID=offer.ResourceID WHERE AdvertisementID = ‘A0120005′ and LastStateName = ‘Succeeded’
Notice for both collections you need to find the unique advertisement ID
Workstation computers that have not restarted the last 7 days:
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System INNER JOIN SMS_G_System_OPERATING_SYSTEM ON SMS_G_System_OPERATING_SYSTEM.ResourceID = SMS_R_System.ResourceId WHERE (SMS_G_System_OPERATING_SYSTEM.Caption like "%xp%" or SMS_G_System_OPERATING_SYSTEM.Caption like "%vista%" or SMS_G_System_OPERATING_SYSTEM.Caption like "%windows 7%") and (DateDiff(day, SMS_G_System_OPERATING_SYSTEM.LastBootUpTime, GetDate()) >7)
All Obsolete Clients:
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.Obsolete = 1
All Inactive Clients:
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.Active = 0
All Clients without a Config Mgr. Agent installed:
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.Client is null
All Unapproved clients
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_CM_RES_COLL_SMS00001 on SMS_CM_RES_COLL_SMS00001.ResourceId = SMS_R_System.ResourceId where SMS_CM_RES_COLL_SMS00001.IsApproved<>1
Wednesday, April 6, 2011
sccm For Desktops only report
For Desktops only report
SELECT TOP (100) PERCENT dbo.v_R_System.Name0 AS [Computer Name], dbo.v_R_System.User_Name0 AS [User Name],
dbo.v_R_System.User_Domain0 AS [Domain Name], dbo.v_GS_SYSTEM_ENCLOSURE.Manufacturer0 AS Manufacturer,
dbo.v_GS_COMPUTER_SYSTEM.Model0 AS Model, dbo.v_GS_SYSTEM_ENCLOSURE.SerialNumber0 AS [Serial Number],
dbo.v_GS_SYSTEM.SystemRole0 AS [System OS Type], dbo.v_GS_SYSTEM.SystemType0 AS [System Type]
FROM dbo.v_GS_SYSTEM_ENCLOSURE INNER JOIN
dbo.v_R_System ON dbo.v_GS_SYSTEM_ENCLOSURE.ResourceID = dbo.v_R_System.ResourceID INNER JOIN
dbo.v_GS_SYSTEM ON dbo.v_R_System.ResourceID = dbo.v_GS_SYSTEM.ResourceID INNER JOIN
dbo.v_GS_COMPUTER_SYSTEM ON dbo.v_GS_SYSTEM.ResourceID = dbo.v_GS_COMPUTER_SYSTEM.ResourceID
WHERE (dbo.v_GS_SYSTEM_ENCLOSURE.ChassisTypes0 = '3') OR
(dbo.v_GS_SYSTEM_ENCLOSURE.ChassisTypes0 = '4') OR
(dbo.v_GS_SYSTEM_ENCLOSURE.ChassisTypes0 = '5') OR
(dbo.v_GS_SYSTEM_ENCLOSURE.ChassisTypes0 = '6') OR
(dbo.v_GS_SYSTEM_ENCLOSURE.ChassisTypes0 = '7') OR
(dbo.v_GS_SYSTEM_ENCLOSURE.ChassisTypes0 = '15') OR
(dbo.v_GS_SYSTEM_ENCLOSURE.ChassisTypes0 = '16')
ORDER BY [Computer Name]
SQL Report for only Laptop Computers
If your boss ask to get list of laptops which are managed by SMS or SCCM.what do you do and how do you get that. Right click on computer and go to resource explorer to identify the computer is Laptop or Desktop ?
You can identify if the computer is Laptop or Desktop based on its chassis Types.
Below are listed the Chassis types available to create SCCM collection or reports.
For Laptops Chassis Types : 8 , 9, 10, 11, 12, 14, 18, 21
For Desktop Chassis Type : 3, 4, 5, 6, 7, 15, 16
For server Chassis Type: 23
SELECT dbo.v_R_System.Name0 AS [Computer Name], dbo.v_R_System.User_Name0 AS [User Name], dbo.v_R_System.User_Domain0 AS [Domain Name],
dbo.v_GS_SYSTEM_ENCLOSURE.Manufacturer0 AS Manufacturer, dbo.v_GS_COMPUTER_SYSTEM.Model0 AS Model,
dbo.v_GS_SYSTEM_ENCLOSURE.SerialNumber0 AS [Serial Number], dbo.v_GS_SYSTEM.SystemRole0 AS [System OS Type],
dbo.v_GS_SYSTEM.SystemType0 AS [System Type]
FROM dbo.v_GS_SYSTEM_ENCLOSURE INNER JOIN
dbo.v_R_System ON dbo.v_GS_SYSTEM_ENCLOSURE.ResourceID = dbo.v_R_System.ResourceID INNER JOIN
dbo.v_GS_SYSTEM ON dbo.v_R_System.ResourceID = dbo.v_GS_SYSTEM.ResourceID INNER JOIN
dbo.v_GS_COMPUTER_SYSTEM ON dbo.v_GS_SYSTEM.ResourceID = dbo.v_GS_COMPUTER_SYSTEM.ResourceID
WHERE (dbo.v_GS_SYSTEM_ENCLOSURE.ChassisTypes0 = '8') OR
(dbo.v_GS_SYSTEM_ENCLOSURE.ChassisTypes0 = '9') OR
(dbo.v_GS_SYSTEM_ENCLOSURE.ChassisTypes0 = '10') OR
(dbo.v_GS_SYSTEM_ENCLOSURE.ChassisTypes0 = '11') OR
(dbo.v_GS_SYSTEM_ENCLOSURE.ChassisTypes0 = '12') OR
(dbo.v_GS_SYSTEM_ENCLOSURE.ChassisTypes0 = '14') OR
(dbo.v_GS_SYSTEM_ENCLOSURE.ChassisTypes0 = '18') OR
(dbo.v_GS_SYSTEM_ENCLOSURE.ChassisTypes0 = '21')
SCCM report for hardware specs of all desktops and laptops on the domain
---select * from v_GS_SYSTEM_ENCLOSURE
SELECT distinct
CS.name0 as 'Computer Name',
CS.domain0 as 'Domain',
CS.UserName0 as 'User',
BIOS.SerialNumber0 as 'Bios serial',
SE.SerialNumber0 as 'System Enclosure serial',
CS.Manufacturer0 as 'Manufacturer',
CS.Model0 as 'model',
OS.Caption0 as 'OS',
RAA.SMS_Assigned_Sites0 as 'Site',
RAM.TotalPhysicalMemory0 as 'Total Memory',
sum(isnull(LDisk.Size0,'0')) as 'Hardrive Size',
sum(isnull(LDisk.FreeSpace0,'0')) AS 'Free Space',
CPU.MaxClockSpeed0 as 'Max CPU Speed',
CPU.Name0 as 'CPU Model',
CPU.Is64Bit0 as '64 Bit Compatible'
from
v_GS_COMPUTER_SYSTEM CS right join v_GS_PC_BIOS BIOS on BIOS.ResourceID = CS.ResourceID
right join v_GS_SYSTEM SYS on SYS.ResourceID = CS.ResourceID
right join v_GS_OPERATING_SYSTEM OS on OS.ResourceID = CS.ResourceID
right join v_RA_System_SMSAssignedSites RAA on RAA.ResourceID = CS.ResourceID
right join V_GS_X86_PC_MEMORY RAM on RAM.ResourceID = CS.ResourceID
right join v_GS_Logical_Disk LDisk on LDisk.ResourceID = CS.ResourceID
right join v_GS_Processor CPU on CPU.ResourceID = CS.ResourceID
right join v_GS_SYSTEM_ENCLOSURE SE on SE.ResourceID = CS.ResourceID
where
LDisk.DriveType0 =3
group by
CS.Name0,
CS.domain0,
CS.Username0,
BIOS.SerialNumber0,
SE.SerialNumber0,
CS.Manufacturer0,
CS.Model0,
OS.Caption0,
RAA.SMS_Assigned_Sites0,
RAM.TotalPhysicalMemory0,
CPU.MaxClockSpeed0,
CPU.Name0,
CPU.Is64Bit0
ORDER BY CS.name0
SCCM collection to list all the Laptop computers only
SELECT Caption0 as 'Operating System',CSDVersion0 as 'Service Pack', COUNT(*) AS 'Count'
FROM v_GS_OPERATING_SYSTEM,v_R_System
WHERE v_GS_OPERATING_SYSTEM.Resourceid=v_R_System.Resourceid
GROUP BY Caption0,CSDVersion0
ORDER BY Caption0,CSDVersion0
Tuesday, April 5, 2011
What is Altiris and what are the modules it has inside??
Altiris service-oriented management solutions provide a modular and future-proof approach to managing highly diverse and widely distributed IT infrastructures. They are open solutions that enable lifecycle integration of client, handheld, server, network and other IT assets with audit-ready security and automated operation.
below are the modules it has inside.
- Asset Management Suite
- Backup Exec System Recovery Solution
- Client Management Suite
- Deployment Solution
- ServiceDesk
- Inventory Solution
- IT Management Suite
- Endpoint Virtualization Suite
- SecurityExpressions
- Server Management Suite
- Wise Package Studio
- Workflow
Thursday, March 24, 2011
Single system required Patch’s report from SQL
---Single system required Patch’s report from SQL
SELECT DISTINCT
SYS.Name0
AS [Machine Name], UCS.Status AS [Patch Status Code],
CASE WHEN UCS.Status = '2' THEN 'Applicable' WHEN UCS.Status = '3' THEN 'Installed' ELSE '' END AS 'Patch Status', UI.BulletinID, UI.ArticleID,
UI.Title
FROM
v_R_System AS SYS LEFT OUTER
JOIN
v_Update_ComplianceStatusAll
AS UCS ON SYS.ResourceID = UCS.ResourceID INNER
JOIN
v_UpdateInfo
AS UI ON UCS.CI_ID = UI.CI_ID
WHERE
(UCS.Status IN ('3', '2')) AND (SYS.Name0 = 'ServerName'
)
state messages for some reason is not being updated correctly Causes Updates Compliance Report Issue
run the below script to get the actual system state. this will help to report back actual compliance of patch level to SCCM Server
Option Explicit
On Error Resume Next
Call RefreshServerComplianceState
' WScript.Echo "Finished"
Sub RefreshServerComplianceState()
' Initialize the UpdatesStore variable.
dim newCCMUpdatesStore
' Create the COM object.
set newCCMUpdatesStore = CreateObject ("Microsoft.CCM.UpdatesStore")
' Refresh the server compliance state by running the RefreshServerComplianceState method.
newCCMUpdatesStore.RefreshServerComplianceState
' Output success message.
' wscript.echo "Ran RefreshServerComplianceState."
End Sub
SCCM: Content Download to Cache Issues – 2008 / 2008 r2 / IIS 7 and IIS 7.5 and Webdav Issues
Issue
The issue that was reported to me was that the content was not downloading. My datatransferservice.log, my CAS.log, and ContentTransferManager.log all looked good. The client found a local DP to download the content from. However when I looked at my cache folder, I saw that only a couple of MB of data was downloaded and it never increased in size.
BITS was the culprit here !!!
In order to see what jobs are currently downloading, type in:
bitsadmin /list /allusers
This will give you output similar to the following:
BITSADMIN version 3.0 [ 7.5.7600 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.{19A1D938-E1E9-437F-882E-1BFAABB707CB} ‘CCMDTS Job’ ERROR 146 / 3805 4752558 / UNKNOWN
Listed 1 job(s).
Notice how in this picture I have the following line:
{19A1D938-E1E9-437F-882E-1BFAABB707CB} ‘CCMDTS Job’ ERROR 146 / 3805 4752558 / UNKNOWN
This is no good. This basically means there’s an error somewhere in the transfer job.
Before we get into the next step of the solution, you must first understand what an SCCM distribution point is. An SCCM DP is simply a glorified web server. If you look at the Datatransferservice.log file on any of your SCCM clients, you’ll see a lot of URLs that look like the following:
http://DOMAIN:80/SMS_DP_SMSPKGF$/CEN00119/System32/Redist/MS/System/msvcrt.dll
What your client is basically doing is grabbing the files from these URLs and storing them into your local cache directory underneath the package ID.
So back to BITS. Since we saw an error in our bitsadmin /list /allusers, we need to find out exactly what that error is. The following command will show just that:
bitsadmin /info {19A1D938-E1E9-437F-882E-1BFAABB707CB} /verbose > c:bits2.txt
So what this command is doing is giving us the information about the failed BITS job that we saw before. The verbose command gives us the status of each file in the job. We then pipe this out to a file. Inside of that file, we see the following:
BITSADMIN version 3.0 [ 7.5.7600 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.GUID: {19A1D938-E1E9-437F-882E-1BFAABB707CB} DISPLAY: ‘CCMDTS Job’
TYPE: DOWNLOAD STATE: ERROR OWNER: NT AUTHORITYSYSTEM
PRIORITY: LOW FILES: 146 / 3805 BYTES: 4752558 / UNKNOWN
CREATION TIME: 5/12/2010 11:31:04 AM MODIFICATION TIME: 5/12/2010 11:33:18 AM
COMPLETION TIME: UNKNOWN ACL FLAGS:
NOTIFY INTERFACE: REGISTERED NOTIFICATION FLAGS: 11
RETRY DELAY: 60 NO PROGRESS TIMEOUT: 2419200 ERROR COUNT: 147
PROXY USAGE: NO_PROXY PROXY LIST: NULL PROXY BYPASS LIST: NULL
ERROR FILE: http://DOMAIN:80/SMS_DP_SMSPKGF$/CEN00119/Program Files/Hummingbird/Connectivity/9.00/HostExplorer/SDK/Samples/OHIO/Visual C++ Samples/HEOhioSample/MyTabCtrl.cpp -> C:Windowssystem32CCMCacheCEN00119.1.SystemProgram Files/Hummingbird/Connectivity/9.00/HostExplorer/SDK/Samples/OHIO/Visual C++ Samples/HEOhioSample/MyTabCtrl.cpp
ERROR CODE: 0×80190194 – HTTP status 404: The requested URL does not exist on the server.ERROR CONTEXT: 0×00000005 – The error occurred while the remote file was being processed.
DESCRIPTION:
JOB FILES:
also check for Client side BITS Policy settings
Wednesday, March 23, 2011
Difference between Update and Refresh for DPs
1) Update distribution points increments the package version, goes to the source location, constructs new package content but only sends the delta between what is already present on the DP and what is currently in the new package source. Also this action is package specific and once you trigger this action all the DPs to which the package has been distributed will get the new version.
this option best when all DP’s are in local
2) Refresh distribution points does not increment the package version but simply sends out the current version of the package content again to a specific DP. So this is action is specific to a package-DP association and should be used when the content on any particular DP appears corrupted.
Impact of enabling BDR:
1) For Update Distribution Points: Consider the scenario where one (or potentially several) files in the package source has been updated/modified. Enabling BDR would trigger distribution manager to do a diff between the current version of the file and the new version of the file and only send the delta changes within the file. On the receiving side we will then perform a BDR merge for that delta. So in the BDR case we may end up sending lesser data than in the scenario where BDR is not enabled on the package.
2) For Refresh Distribution Points: BDR setting has no affect - we simply send the entire current version of the package.
Tuesday, March 22, 2011
Configuring SCCM and Branch Cache
Configuring SCCM and Branch Cache
Branch cache is a feature introduced with Windows 2008 R2 that allows systems within the same subnet and separated from a content source (such as a WSUS server) to share downloaded content locally rather than each system having to traverse a latent network link back to the content source. Branch cache has two modes of operation – distributed cache mode and hosted cache mode. SCCM only supports distributed cache mode.
As mentioned, branch cache is a function of the OS and not of SCCM but, with the release of SCCM SP2, we now are able to leverage branch cache on enabled servers. When we find branch cache enabled we use it – there is no special SCCM configuration requirements for branch cache other than what is likely in se in most environments anyway. We will highlight those shortly but to start a diagram of a sample configuration might help explain how this is all setup.
In the diagram we have 4 systems. The SCCM SP2 site server, an SCCM distribution point being hosted on a Windows 2008 R2 server that has branch cache enabled and two client systems – one server and one workstation. We have mentioned already that to support branch cache we need to use a Windows 2008 R2 system – but what about clients? From the diagram note that branch cache is supported natively on Windows 2008 R2 and Windows 7 – and with the addition of BITS 4.0 clients can also take advantage of branch cache on Vista SP1 and Windows 2008 SP1/SP2.
The diagram shows how SCCM works with branch cache. The first time content is requested from the distribution point the client has no choice but to retrieve it across the latent network. Once retrieved the content is stored by branch cache. When the second client attempts to retrieve the content it detects a latent network and sends out a request for any peers with the content. The first client responds and serves up the content thus avoiding the need to pull it across from the distribution point.
OK, so we have the general concept of how it works – so how do we set it up? It’s fairly easy. First, what are the requirements in SCCM to make use of branch cache. We need our distribution point to be installed on Windows 2008 R2 and to be BITS enabled.
The only other requirement is that your advertisement be set to download and execute locally.
Both of these settings are common in most environments and are all that is required on the SCCM side. There is no selection in SCCM to ‘enable’ branch cache – with the settings above it just happens.
So how do we configure branch cache on the OS side? Just a few settings to configure. First we need to enable branch cache – let’s start with the distribution point. In Server Manager, select features and add the branch cache feature. There is no configuration here – the feature is either on or off. Once installed you will see it in the feature list.
Next, we have to configure branch cache on our clients. This can be done through local policy on each system or – much easier – through domain policy. On my domain controller I open the group policy management console. In my lab I created an OU for just the systems I want to enable for branch cache and I created a GPO to enable branch cache.
Editing the properties of the GPO we have two places to configure. First, is branch cache policy. Here we enable branch cache, set distributed cache mode, define the speed that we consider to be a latent network (default 80 ms) and configure the percentage of disk space to allocate to branch cache activity.
Note that the one option we did not configure was to enable hosted cache mode. Why? Remember, SCCM only supports distributed cache mode so, for SCCM, there is no need to enabled hosted cache mode.
A word about hosted cache mode. The OS documentation that discusses branch cache discusses both modes of operation and discuses steos to configure SMB file transfers through branch cache. To me, the documentation is a bit fuzz. From what I can tell, configuring branch cache to support SMB requires some additional configuration on the content server – such as enabling a role service called ‘branch cache for network files’ and configuring specific shares to support branch cache using the ‘share and storage management tool’. Since SCCM uses branch cache via BITS there is no need to do this additional configuration to support SMB.
In addition to the above we must configure the windows firewall to allow branch cache specific communication as follows:
Both the inbound and outbound firewall rules are accessible on the predefined list – so configuring them is as easy as selecting from the drop down menu when configuring a new rule.
OK, so all of this is configured – how do we know if it’s working? To test, I setup a package and advertisement. When testing it’s important to understand that once the package is downloaded and cached, you have to either modify the content or setup a new package because unless there is a change, clients will always pull the content from the cache after the first download due to the latent network conditions.
For the test, I start with a fresh package. The client that will download the content first will have to go to the distribution point – nothing will come from the cache since no content has yet been downloaded.
With all of this I’m ready to start the download but to simulate a latent network in my lab I must first start a tool that will ‘inject’ latency into the network connection between the distribution point and my first client. I’ll use a tool we have internally to introduce a 30 ms latency – I will maintain this latency throughout my testing. Note that my policy settings above consider any network more latent than 20 ms to be slow.
With all of this configured, I start my advertisement which initiates a download of content.
At the end of the download I run the advertisement and then move on to my second machine. This second machine is where we expect to see branch cache in action.
I prepare to run the same advertisement on the second machine – note you can tell that this advertisement has never been run before on my system – which is important when testing branch cache.
I’m about to hit run but how can I tell whether branch cache actually fires up? Performance monitor. With performance monitor you can determine whether content is being transferred from the local branch cache or from a branch cache partner vs. the network. The chart below shows a chart of perfmon counters that you get from the branch cache object. The two most interesting are the Bytes from cache and Bytes from server. If content is being retrieved from either a systems local branch cache or a peer systems branch cache, that counter will show activity. In our test case and on the second system, no content for this advertisement has ever been downloaded before so we expect content to be retrieved from our peer client that is branch cache enabled.
We initiate the advertisement as before and downloading begins.
We allow the download to finish, complete the advertisement and then look back at our performance counter numbers to see what happened.
By looking at our counters we can see that we did pull the content from our peer caching partner – so branch cache worked.
Another way we can tell that our package came over from branch cache is by looking in the event log on the system as show below. Look for event 60 and on the detail tab look for the peerProtocolFlags value. If it is set to 1 then branch cache was used to deliver the content. Thanks to my colleague Frank for the tip!
Branch cache is just one more option available to administrators to help deliver content to clients efficiently and reduce load on the network. It’s not difficult to setup and offers notable performance advantage – defiantly worth taking a look.
Advertisement status tracking
How to read the advertisement reports:-
Accepted – Software can be installed in few mins, as it will start downloading the software from remote /local system
No Status - Systems are not online or has issue with SMS Agent, or not received the policy, if the system is online then this status must change in one hour time (if the status not changed then you may
Suspect the issue with SMS / SCCM agent )
Accepted - No Further Status – Back end installation may be running and need to wait for some time to get the actual status
Failed – Software installation failed, you need to re push once again this advertisement.
Succeeded – Software installed successfully without any issues
SQL Add-on Tool like SCCM Right Click tool : SQL Right Click Tool “SSMS Tools” http://www.ssmstoolspack.com/
It contains a few upgrades to the SSMS IDE that I thought were missing.
To see what's new and what got fixed in a release check the News page.
The current features include:
- SQL Snippets
- Window Connection Coloring
- Window Content History, Query Execution History and Current Window History
- Format SQL
- Search Table, View or Database Data
- Run one script on multiple databases
- Copy execution plan bitmaps to clipboard or file
- Search Results in Grid Mode
- Generate Insert statements from resultsets, tables or database
- Regions and Debug sections
- Running custom scripts from Object Explorer
- CRUD stored procedure generation
- New query template
- General options
And it's better than some non-free ones too. :)
Monday, March 21, 2011
Package not downloading due to some IIS File filtering blocking issue
Check with these commands
BITSADMIN /LIST /ALLUSERS
C:\>BITSADMIN /geterror {7D46DE5B-3911-40B1-A72B-607737DB06F9}
BITSADMIN version 2.0 [ 6.6.3790.3959 ]
BITS administration utility.
(C) Copyright 2000-2004 Microsoft Corp.
ERROR FILE: http://sccmserver.mydomain:80/SMS_DP_SMSPKGD$/SMSPKG/HCC00
05F/AdminImage/x86/en-us/acad/Acad/Program Files/Root/HelpHtml/contexthelp/+CONSTRAINTSETTINGS.htm -> C:\WINDOWS\system32\CCM\Cache\HCC0005F.1.System\AdminImage/x86/en-us/acad/Acad/Program Files/Root/HelpHtml/contexthelp/+CONSTRAINTSETTINGS.htm
ERROR CODE: 0x80190194 - The requested URL is not found on this server.
ERROR CONTEXT: 0x00000005 - When processing the remote file error has occurred
/LISTFILES job Lists the files in the job
/SUSPEND job Suspends the job
/RESUME job Resumes the job
/CANCEL job Cancels the job
/COMPLETE job Completes the job
BITSADMIN /INFO job [/VERBOSE]
BITSADMIN /geterror {B2826EF6-C78B-4D1C-A386-94D0D36DC107}
BITSADMIN /LIST /ALLUSERS
Where job =
{B2826EF6-C78B-4D1C-A386-94D0D36DC107}