WScript.Echo "Computer connecting error: " & strComputer

WScript.Echo "Computer connecting error: " & strComputer

 

This is the code to get the output in vbscript with computername

Play with Script for Windows Firewall

Scripting for Windows Firewall

 

Add an Authorized Application

Adds Freecell.exe to the list of authorized applications in the current Windows Firewall profile.

Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy.CurrentProfile  Set objApplication = CreateObject("HNetCfg.FwAuthorizedApplication") objApplication.Name = "Free Cell" objApplication.IPVersion = 2 objApplication.ProcessImageFileName = "c:\windows\system32\freecell.exe" objApplication.RemoteAddresses = "*" objApplication.Scope = 0 objApplication.Enabled = True  Set colApplications = objPolicy.AuthorizedApplications colApplications.Add(objApplication) 	 

Add an Application to the Standard Profile

Adds Freecell.exe to the list of authorized applications in the Windows Firewall standard profile.

Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy Set objProfile = objPolicy.GetProfileByType(1)  Set objApplication = CreateObject("HNetCfg.FwAuthorizedApplication") objApplication.Name = "Free Cell" objApplication.IPVersion = 2 objApplication.ProcessImageFileName = "c:\windows\system32\freecell.exe" objApplication.RemoteAddresses = "*" objApplication.Scope = 0 objApplication.Enabled = True  Set colApplications = objProfile.AuthorizedApplications colApplications.Add(objApplication) 	 

Create a New Port

Opens port 9999 in the Windows Firewall current profile.

Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy.CurrentProfile  Set objPort = CreateObject("HNetCfg.FwOpenPort") objPort.Port = 9999 objPort.Name = "Test Port" objPort.Enabled = FALSE Set colPorts = objPolicy.GloballyOpenPorts  errReturn = colPorts.Add(objPort) 	 

Delete an Authorized Application

Deletes Freecell.exe from the list of authorized applications in the Windows Firewall current profile.

Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy.CurrentProfile  Set colApplications = objPolicy.AuthorizedApplications  errReturn = colApplications.Remove("c:\windows\system32\freecell.exe") 	 

Disable the Firewall

Disables the Windows Firewall for the current profile.

Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy.CurrentProfile  objPolicy.FirewallEnabled = FALSE 	 

Delete an Open Port

Closes port 9999 in the Windows Firewall current profile.

Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy.CurrentProfile  Set colPorts = objPolicy.GloballyOpenPorts errReturn = colPorts.Remove(9999,6) 	 

Disable Remote Administration

Disable Windows Firewall remote administration.

Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy.CurrentProfile  Set objAdminSettings = objPolicy.RemoteAdminSettings objAdminSettings.Enabled = FALSE 	 

Enable the Firewall

Enables Windows Firewall for the current profile.

Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy.CurrentProfile  objPolicy.FirewallEnabled = TRUE 	 

Enable File and Printer Sharing Through Windows Firewall

Enables File and Printer Sharing on a computer running Windows XP Service Pack 2.

Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy.CurrentProfile  Set colServices = objPolicy.Services Set objService = colServices.Item(0) objService.Enabled = TRUE 	 

Enable Remote Administration

Enables remote administration of Windows Firewall fro the current profile.

Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy.CurrentProfile  Set objAdminSettings = objPolicy.RemoteAdminSettings objAdminSettings.Enabled = TRUE 	 

List Authorized Applications

Lists all authorized applications for the Windows Firewall current profile.

Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy.CurrentProfile  Set colApplications = objPolicy.AuthorizedApplications  For Each objApplication in colApplications     Wscript.Echo "Authorized application: " & objApplication.Name     Wscript.Echo "Application enabled: " & objApplication.Enabled     Wscript.Echo "Application IP version: " & objApplication.IPVersion     Wscript.Echo "Application process image file name: " & _         objApplication.ProcessImageFileName     Wscript.Echo "Application remote addresses: " & _         objApplication.RemoteAddresses     Wscript.Echo "Application scope: " & objApplication.Scope     Wscript.Echo Next 	 

List Authorized Applications in the Standard Profile

Lists all authorized applications for the Windows Firewall standard profile.

Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy  Set objProfile = objPolicy.GetProfileByType(1) Set colApplications = objProfile.AuthorizedApplications  For Each objApplication in colApplications     Wscript.Echo "Authorized application: " & objApplication.Name     Wscript.Echo "Application enabled: " & objApplication.Enabled     Wscript.Echo "Application IP version: " & objApplication.IPVersion     Wscript.Echo "Application process image file name: " & _         objApplication.ProcessImageFileName     Wscript.Echo "Application remote addresses: " & _         objApplication.RemoteAddresses     Wscript.Echo "Application scope: " & objApplication.Scope     Wscript.Echo Next 	 

List All Globally-Open Ports

Lists all globally-open ports for the Windows Firewall current profile.

Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy.CurrentProfile  Set colPorts = objPolicy.GloballyOpenPorts  For Each objPort in colPorts     Wscript.Echo "Port name: " & objPort.Name     Wscript.Echo "Port number: " & objPort.Port     Wscript.Echo "Port IP version: " & objPort.IPVersion     Wscript.Echo "Port protocol: " & objPort.Protocol     Wscript.Echo "Port scope: " & objPort.Scope     Wscript.Echo "Port remote addresses: " & objPort.RemoteAddresses     Wscript.Echo "Port enabled: " & objPort.Enabled     Wscript.Echo "Port built-in: " & objPort.Builtin Next 	 

List Firewall Properties

Lists Windows Firewall properties for the current profile.

Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy.CurrentProfile Wscript.Echo "Current profile type: " & objFirewall.CurrentProfileType  Wscript.Echo "Firewall enabled: " & objPolicy.FirewallEnabled Wscript.Echo "Exceptions not allowed: " & objPolicy.ExceptionsNotAllowed Wscript.Echo "Notifications disabled: " & objPolicy.NotificationsDisabled Wscript.Echo "Unicast responses to multicast broadcast disabled: " & _     objPolicy.UnicastResponsestoMulticastBroadcastDisabled 	 

List Firewall Service Properties

Lists service properties for the Windows Firewall current profile.

Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy.CurrentProfile  Set colServices = objPolicy.Services  For Each objService in colServices     Wscript.Echo "Service name: " & objService.Name     Wscript.Echo "Service enabled: " & objService.Enabled     Wscript.Echo "Service type: " & objService.Type     Wscript.Echo "Service IP version: " & objService.IPVersion     Wscript.Echo "Service scope: " & objService.Scope     Wscript.Echo "Service remote addresses: " & objService.RemoteAddresses     Wscript.Echo "Service customized: " & objService.Customized     Set colPorts = objService.GloballyOpenPorts     For Each objPort in colPorts         Wscript.Echo "Port name: " & objPort.Name         Wscript.Echo "Port number: " & objPort.Port         Wscript.Echo "Port enabled: " & objPort.Enabled         Wscript.Echo "Port built-in: " & objPort.BuiltIn         Wscript.Echo "Port IP version: " & objPort.IPVersion         Wscript.Echo "Port protocol: " & objPort.Protocol         Wscript.Echo "Port remote addresses: " & objPort.RemoteAddresses         Wscript.Echo "Port scope: " & objPort.Scope     Next     Wscript.Echo Next 	 

List ICMP Settings

Lists ICMP settings for the Windows Firewall current profile.

Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy.CurrentProfile  Set objICMPSettings = objPolicy.ICMPSettings  Wscript.Echo "Allow inbound echo request: " & _     objICMPSettings.AllowInboundEchoRequest Wscript.Echo "Allow inbound mask request: " & _     objICMPSettings.AllowInboundMaskRequest Wscript.Echo "Allow inbound router request: " & _     objICMPSettings.AllowInboundRouterRequest Wscript.Echo "Allow inbound timestamp request: " & _     objICMPSettings.AllowInboundTimestampRequest Wscript.Echo "Allow outbound destination unreachable: " & _     objICMPSettings.AllowOutboundDestinationUnreachable Wscript.Echo "Allow outbound packet too big: " & _     objICMPSettings.AllowOutboundPacketTooBig Wscript.Echo "Allow outbound parameter problem: " & _     objICMPSettings.AllowOutboundParameterProblem Wscript.Echo "Allow outbound source quench: " & _     objICMPSettings.AllowOutboundSourceQuench Wscript.Echo "Allow outbound time exceeded: " & _     objICMPSettings.AllowOutboundTimeExceeded Wscript.Echo "Allow redirect: " & objICMPSettings.AllowRedirect 	 

List Remote Administration Settings

Lists remote administration settings for the Windows Firewall current profile.

Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy.CurrentProfile  Set objAdminSettings = objPolicy.RemoteAdminSettings Wscript.Echo "Remote administration settings enabled: " & _     objAdminSettings.Enabled Wscript.Echo "Remote administration addresses: " & _     objAdminSettings.RemoteAddresses Wscript.Echo "Remote administration scope: " & objAdminSettings.Scope Wscript.Echo "Remote administration IP version: " & objAdminSettings.IPVersion 	 

List Standard Profile Properties

Demonstration script that connects to and returns information about the Windows Firewall standard profile.

Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy Set objProfile = objPolicy.GetProfileByType(1)  Wscript.Echo "Firewall enabled: " & objProfile.FirewallEnabled Wscript.Echo "Exceptions not allowed: " & objProfile.ExceptionsNotAllowed Wscript.Echo "Notifications disabled: " & objProfile.NotificationsDisabled Wscript.Echo "Unicast responses to multicast broadcast disabled: " & -     objProfile.UnicastResponsestoMulticastBroadcastDisabled 	 

Modify an ICMP Setting

Demonstration script that modifies a Windows Firewall ICMP setting for the current profile.

Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy.CurrentProfile  Set objICMPSettings = objPolicy.ICMPSettings objICMPSettings.AllowRedirect = TRUE 	 

Modify a Firewall Property

Demonstration script that modifies Windows Firewall properties for the current profile.

Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy.CurrentProfile  objPolicy.ExceptionsNotAllowed = TRUE objPolicy.NotificationsDisabled = TRUE objPolicy.UnicastResponsestoMulticastBroadcastDisabled = TRUE 	 

Open a Closed Port

Opens closed port 9999 for the Windows Firewall current profile.

Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy.CurrentProfile Set colPorts = objPolicy.GloballyOpenPorts  Set objPort = colPorts.Item(9999,6) objPort.Enabled = TRUE 	 

Restore the Default Settings

Restore the Windows Firewall default settings.

Set objFirewall = CreateObject("HNetCfg.FwMgr") objFirewall.RestoreDefaults()

 

Enjoy

Paddy

DTS-------> SMS data transfer service

DTS-------> SMS Data Transfer Service

These are the reports available in SCCM for Patch Management

These are the reports available in SCCM for Patch Management

 

Software Updates - A. Compliance

Software Updates - B. Deployment Management

Software Updates - C. Deployment States

Software Updates - D. Scan

Software Updates - E. Troubleshooting

Software Updates - F. Distribution Status

 

Enjoy,
Paddy

SCCM 2007 Software Updates Reports

Software Updates Reports

Software Updates - A. Compliance

The reports in the Software Updates - A. Compliance category provide the scan results for software update compliance on client computers. More specifically, these reports provide information about what software updates are required, installed, or not required on clients. The following software updates reports are in this category:

• Compliance 1 - Overall Compliance
  This report returns the overall compliance for the set of software updates in a specific update list and collection. The Collection ID and Update List ID are required parameters. You can drill into report "Compliance 8 - Computers in a specific compliance state for an update list <secondary>" to view the computers in the compliance state.
  
• Compliance 2 - Specific software update
  This report returns the overall compliance data for a specified software update. The Collection ID and Update Title, Bulletin ID, or Article ID are required parameters. You can drill into report "Compliance 7 - Specific software update states <secondary>" to view the count and percentage of computers in each state for the update.
  
• Compliance 3 - Update list (per update)
  This report returns the overall compliance data for software updates defined in an Update List. The Update List ID and Collection ID parameters are required. You can drill into report "Compliance 7 - Specific software update states <secondary>" to view the count and percentage of computers in each state for the update.
  
• Compliance 4 - Deployment (per update)
  This report returns the overall compliance data for software updates defined in a deployment. The Deployment ID and Collection ID parameters are required. You can drill into report "Compliance 7 - Specific software update states <secondary>" to view the count and percentage of computers in each state for the update.
  
• Compliance 5 -Updates by vendor/month/year
  This report returns the compliance data for software updates released by a vendor during a specific month and year. The Collection ID, Vendor, and Year parameters are required. To limit the amount of information returned, you can filter on the Update Class, Product, or Month parameters. You can drill into report "Compliance 7 - Specific software update states <secondary>" to view the count and percentage of computers in each state for the update.
  
• Compliance 6 - Specific computer
  This report returns the software update compliance data for a specific computer. The Computer Name parameter is required. To limit the amount of information returned, you can filter on the Vendor and Update Class parameters.
  
• Compliance 7 - Specific software update states <secondary>
  This report returns the count and percentage of computers in each compliance state for the specified software update. For best results, start with a compliance 2 - 5 report, and then drill into this report to return the count of computers in each compliance state. You can drill into report "Compliance 9 - Computers in a specific compliance state for an update <secondary>" to view the computers in the specific state for the update.
  
• Compliance 8 - Computers in a specific compliance state for an update list <secondary>
  This report returns all computers that have a specific compliance state for the set of software updates in an update list. For best results, start with "Compliance 1 - Overall Compliance" to return the count of computers in each compliance state, and then drill into this report to return the computers in the selected compliance state. You can drill into report "Compliance 6 - Specific computer" to view the compliance data for the computer.
  
• Compliance 9 - Computers in a specific compliance state for an update
  This report returns all computers in a specific compliance state for a software update. For best results, start with a compliance 2 - 5 report, drill into "Compliance 7 - Specific software update states <secondary>" to return the count of computers in each compliance state, and then drill into this report to return the computers in the selected compliance state. You can drill into report "Compliance 6 - Specific computer" to view the compliance data for the computer.
  

Software Updates - B. Deployment Management

The reports in the Software Updates - B. Deployment Management category provide information about the software update deployments. The following software updates reports are in this category:

• Management 1 - Updates required but not deployed
  This report returns all vendor-specific software updates that have been detected as required on clients but that have not been deployed to a specific collection. The Collection ID and Vendor parameters are required. To limit the amount of information returned, you can specify the software update class.
  
• Management 2 - Updates in a deployment
  This report returns the software updates that are contained in a specific deployment. The Deployment ID parameter is required. For each software update, you can drill down to report "States 5 - States for an update in a deployment <secondary>" to view the states for the specific software update.
  
• Management 3 - Deployments that target a collection
  This report returns the deployments that have targeted a specific collection. The Collection ID parameter is required. You can drill down to report "Management 2 - Updates in a deployment" to view the software updates in the selected deployment.
  
• Management 4 - Deployments that target a computer
  This report returns the deployments that have targeted a specific computer. The Computer Name parameter is required. You can drill down to report "Management 2 - Updates in a deployment" to view the software updates in the selected deployment.
  
• Management 5 - Deployments that contain a specific update
  This report returns the deployments that contain a specific software update. The Update parameter is required. You can drill down to report "Management 2 - Updates in a deployment" to view the software updates in the selected deployment.
  
• Management 6 - Deployments that contain an update list
  This report returns the deployments that were created using a specific update list. The Update List ID parameter is required. You can drill down to report "Management 2 - Updates in a deployment" to view the software updates in the selected deployment.
  
• Management 7 - Updates in a deployment missing content
  This report returns the software updates in a specified deployment that do not have all the associated content retrieved, preventing clients from installing the update and achieving 100% compliance for the deployment. The Deployment ID parameter is required. You can drill down to report "Management 8 - Computers missing content <secondary>" to view the computers that require the software update files.
  
• Management 8 - Computers missing content <secondary>
  This report returns all computers that require a specific software update contained in a specific deployment that is not provisioned on a distribution point. For best results, start with "Management 7 - Updates in a deployment missing content" to return all software updates in the deployment that do not have all the associated content retrieved, and then drill into this report to return all computers that require the software update.
  

Software Updates - C. Deployment States

The reports in the Software Updates - C. Deployment States category provide information about the evaluation and enforcement states on client computers for software update deployments. The following software updates reports are in this category:

• States 1 - Enforcement states for a deployment
  This report returns the enforcement states for a specific software update deployment, which is typically the second phase of a deployment assessment. For the overall progress of the software update installation, use this report in conjunction with "States 2 - Evaluation states for a deployment." The Deployment ID parameter is required. You can drill down to report "States 4 - Computers in a specific state for a deployment <secondary>" to view all computers in the state.
  
• States 2 - Evaluation states for a deployment
  This report returns the evaluation state for a specific software update deployment, which is typically the first phase of a deployment assessment. For the overall progress of the software update installation, use this report in conjunction with "States 1 - Enforcement states for a deployment." The Deployment ID parameter is required. You can drill down to report "States 4 - Computers in a specific state for a deployment <secondary>" to view all computers in the state.
  
• States 3 - States for a deployment and computer
  This report returns the states for all software updates in the specified deployment for a specified computer. The Deployment ID and Computer Name parameters are required. You can drill into the Status Message Details page for any software update that contains an Error Record ID value.
  
• States 4 - Computers in a specific state for a deployment <secondary>
  This report returns all computers in a specific state for a software update deployment. For best results, start with "States 1 - Enforcement states for a deployment " or "States 2 - Evaluation states for a deployment" to identify the states for the deployment, and then drill into this report to return all computers in the specific state. You can drill down to report "States 7 - Error status messages for a computer <secondary>" to view the status messages for the computer.
  
• States 5 - States for an update in a deployment <secondary>
  This report returns a summary of states for a specific software update targeted by a specific deployment. For best results, start with "Management 2 - Updates in a deployment" to return the software updates contained in a specific deployment, and then drill into this report to return the state for the selected software update. You can drill down to report "States 6 - Computers in a specific enforcement state for an update <secondary>" to list the computers in the state.
  
• States 6 - Computers in a specific enforcement state for an update <secondary>
  This report returns all computers in a specific enforcement state for a specific software update. For best results, start with " Management 2 - Updates in a deployment" to return the software updates contained in a specific deployment, drill into "States 5 - States for an update in a deployment <secondary>" to return the states for the selected software update, and then drill into this report to return all computers in the selected state.
  
• States 7 - Error status messages for a computer <secondary>
  This report returns all status messages for a given Update or Deployment on a specific computer for a given status message. For best results, start with "States 1 - Enforcement states for a deployment" or "States 2 - Evaluation states for a deployment" to identify the states for the deployment, drill into "States 4 - Computers in a specific state for a deployment <secondary>" to return all computers in the specific state, and then drill into this report.
  

Software Updates - D. Scan

The reports in the Software Updates - D. Scan category provide information about computers in a specific scan state.

Note
Scan reports do not contain any information from clients that have not submitted any scan status. To see client computers that have not submitted scan status, see the report States 2 - Evaluation states for a deployment.

Note

If an SMS 2003 client sends scan results through hardware inventory, the client will appear as an SMS 2003 client in a separate section of these reports. To see the detail information about scan status for these SMS 2003 clients, go to the Software Distribution - Advertisement report category and check run a report that will show the status of the advertisement you use for your Inventory Tool for Microsoft Updates scanning.

The following software updates reports are in this category:

• Scan 1 - Last scan states by collection
  This report returns the count of computers in each of the compliance scan states returned by client computers in a specific collection during their last scan for software updates compliance. The Update Source ID and Collection ID parameters are required. You can drill down to report "Scan 3 - Clients of a collection reporting a specific state <secondary>" to view the computers in a specific state.
  
• Scan 2 - Last scan states by site
  This report returns the count of computers in each of the compliance scan states returned by client computers assigned to a specific site during their last scan for software updates compliance. The Update Source ID and Site Code parameters are required. You can drill down to report "Scan 4 - Clients of a site reporting a specific state <secondary>" to view the computers in a specific state.
  
• Scan 3 - Clients of a collection reporting a specific state <secondary>
  This report returns the computers in a specific collection that returned a specific state during their last scan for software updates compliance. For best results, start with "Scan 1 - Last scan states by collection" to return the count of computers in each scan state, and then drill into this report. You can drill down to report "States 7 - Error status messages for a computer <secondary>" to view the status messages for the computer.
  
• Scan 4 - Clients of a site reporting a specific state <secondary>
  This report returns the computers assigned to a specific site that returned a specific state during their last scan for software updates compliance. For best results, start with "Scan 2 - Last scan states by site" to return the count of computers in each scan state, and then drill into this report. You can drill down to report "States 7 - Error status messages for a computer <secondary>" to view the status messages for the computer.
  

Software Updates - E. Troubleshooting

The reports in the Software Updates - E. Troubleshooting category provide information about scan and deployment errors that occur on client computers. The following software updates reports are in this category:

• Troubleshooting 1 - Scan errors
  This report returns the count of computers for each error that occurred during the last scan for software update compliance on client computers. The Update Source ID and Collection ID parameters are required. You can drill down to report "Troubleshooting 3 - Computers failing with a specific scan error <secondary>" to view a list of computers that returned the specific scan error.
  
• Troubleshooting 2 - Deployment errors
  This report returns the count of computers for each deployment error that occurred on client computers. The Deployment ID parameter is required. You can drill down to report "Troubleshooting 4 - Computers failing with a specific deployment error <secondary>" to view a list of computers that returned the specific deployment error.
  
• Troubleshooting 3 - Computers failing with a specific scan error <secondary>
  This report returns all computers that have returned a specific scan error. For best results, start with "Troubleshooting 1 - Scan errors" to return the count of computers for each error that occurred during the last scan for software update compliance, and then drill into this report and then drill into this report.
  
• Troubleshooting 4 - Computers failing with a specific deployment error <secondary>
  This report returns all computers that have returned a specific deployment error. For best results, start with "Troubleshooting 2 - Deployment errors" to return the count of computers for each deployment, and then drill into this report.
  

Software Updates - F. Distribution Status

The reports in the Software Updates - F. Distribution Status category provide distribution status data for SMS 2003 clients that are targeted in a software updates deployment. The following software updates reports are in this category:

• Distribution 1 - Advertisement Status for SMS 2003 clients
  This report lists all software distribution advertisements for the selected update. For each advertisement, it also shows the advertisement state and count of machines in that state. This report also covers additional advertisement states available for software update advertisements. The Type and Update Title, Bulletin ID, or Article ID parameters are required. You can drill down to report "Distribution 2 - SMS 2003 clients with a specific update advertisement state" to view the computers in the state.
  
• Distribution 2 - SMS 2003 clients with a specific update advertisement state
  This report shows a list of computers that are in a specific state of an advertisement. This report also covers additional advertisement states available for software update advertisements. The Advertisement ID and Distribution Status parameters are required. You can limit the results by specifying a value for the Update Distribution Status parameter. You can drill down to report "Advertisement status messages for a particular client and advertisement" to shows the status messages reported for the computer and advertisement.Enjoy,
  
  Enjoy,
  Paddy

 

Clients Connecting over VPN Cannot Install Software Updates or Run Advertisements

Clients Connecting over VPN Cannot Install Software Updates or Run Advertisements

 

Solution

There are two possible solutions to this scenario. Select the solution that best meets your business requirements:

• If the VPN connection is fast and reliable enough that you want these clients to be considered as if they are connected directly to the intranet at their assigned site, configure a fast boundary. This will help ensure that they can always install advertisements and software update deployments available at their assigned site when they are connected over the VPN. Consult the VPN administrator to obtain a list of possible addresses for clients when they connect over the VPN, and use this information to create a fast network boundary with these addresses. Make sure that you are informed of any VPN scope changes so that you can modify the associated boundary information.
  
• If the VPN connection is not fast or reliable but selected software update deployments and advertisements are critical for VPN clients, reconfigure the software update deployments and advertisements. Configure them with the option to download content and run locally instead of the default option to not install when clients are connected within a slow network boundary. However, this can result in other clients also installing this content when they are roaming to another site if they fall back to asking their default management point for content.
  

 

If the VPN connection is not fast or reliable but selected software update deployments and advertisements are critical for VPN clients, reconfigure the software update deployments and advertisements. Configure them with the option to download content and run locally instead of the default option to not install when clients are connected within a slow network boundary. However, this can result in other clients also installing this content when they are roaming to another site if they fall back to asking their default management point for content.

SCCM 2007 Client General Issues

 

Configuration Manager Client General Issues

 

Folowing are the General issues with SCCM Client issues from Microsoft Web site...This section provides general troubleshooting information to help you resolve issues when managing clients in Configuration Manager 2007, which are not specifically related to installation, assignment, or mixed or native mode.

For more information about client deployment in Configuration Manager 2007, see Planning and Deploying Clients for Configuration Manager 2007.

Clients Cannot Be Managed Because They Cannot Locate Their Default Management Point

If Configuration Manager 2007 clients are successfully installed and assigned to a site but fail to download policy, a likely reason is that either the site has no default management point or clients cannot locate it.

Solution

Make sure that a default management point is configured for the site. For more information, see How to Configure the Default Management Point for a Site.

Clients find their default management point using one of the following service location requests:

• Active Directory Domain Services (if the schema is extended for Configuration Manager 2007)
  
• DNS (if Configuration Manager 2007 is configured for DNS publishing)
  
• Server locator point
  
• WINS (mixed mode only)
  

Ensure that one of these mechanisms is available to clients. For more information, see Configuration Manager and Service Location (Site Information and Management Points).

Clients Lose Historical Data or Are Unmanaged and Missing from the All Systems Collection

Configuration Manager 2007 helps to ensure that each Configuration Manager 2007 client is uniquely identified. If a duplicate hardware ID is identified, by default Configuration Manager 2007 automatically creates a new client record for the duplicate record. This setting allows you to easily upgrade or deploy clients that might have duplicate hardware IDs, without requiring manual intervention. However, with this setting, a computer that has been re-imaged or restored from backup will have a new record created, which results in all previous information about that client being no longer available for reporting purposes.

An alternative configuration is to require the administrator to manually reconcile all conflicting records when they are detected. This setting results in affected clients being unmanaged and no longer displaying in collections, but displaying in the Conflicting Records node. These clients will remain unmanaged until the administrator resolves the conflict.

For more information, see the section "Managing Client Identity" in What's New in Client Deployment for Configuration Manager.

Solution

When a new record has been created, you cannot get back previous data for the client, but you can reconfigure Configuration Manager so that it does not automatically create new records in the future.

If clients are unmanaged and missing from collections, check the Conflicting Records node so that you can manually reconcile the records by merging them, creating a new record, or blocking the new record.

For more information about how to configure the site-wide setting and how to manually resolve conflicting records, see How to Manage Conflicting Records for Configuration Manager Clients.

Missing Data in Client Reports

If you view the following reports and they do not contain client data, ensure that clients are assigned to a fallback status point:

• Client Assignment Detailed Status Report
  
• Client Assignment Failure Details
  
• Client Assignment Status Details
  
• Client Assignment Success Details
  
• Client Deployment Failure Report
  
• Client Deployment Status Details
  
• Client Deployment Success Report
  
• Issues by incidence detail report for a specific collection
  
• Issues by incidence summary report for a specific collection
  
• Issues by incidence detail report for a specific site
  
• Issues by incidence summary report
  

Solution

Assign a fallback status point to Configuration Manager 2007 clients, and view the reports from the site in which the fallback status point is installed.

Note
SMS 2003 clients do not use these reports.

For more information, see the following:

• About Reports for Configuration Manager Clients
  
• How to Create a Fallback Status Point in Configuration Manager
  
• How to Assign the Fallback Status Point to Configuration Manager Client Computers
  

Additionally, if you are deploying a high number of clients at the same time, there might be a delay in processing all the state messages sent from the fallback status point to the site. In this scenario, wait for the data to appear and consider configuring the throttling settings on the fallback status point. For more information about the throttling settings, see Determine If You Need to Configure Throttle Settings for the Fallback Status Point in Configuration Manager.

 Error Codes in Reports with No Description

Error conditions reported by clients might be displayed using standard Microsoft Windows error codes, without a description of the error. Or they might use error codes that are specific to Configuration Manager 2007.

Solution

For information about how to map these error codes to an error description, see http://go.microsoft.com/fwlink/?LinkId=103419.

Computers Fail to Obtain Software Updates After Software Update Point Based Client Installation Is Configured

If Configuration Manager 2007 clients fail to obtain software updates from Configuration Manager and they have an Active Directory Group Policy setting configured for software update point based client installation, a likely reason is that the Active Directory Group Policy object is incorrectly configured.

The software updates feature automatically configures a local Group Policy setting for the Configuration Manager 2007 client so that it is configured with the software update point source location and port number. Both the server name and port number are required for the software updates client to find the software update point.

If an Active Directory Group Policy setting is applied to computers for software update point client installation, this overrides the local Group Policy setting. Unless the value of the setting is exactly the same (server name and port), the Configuration Manager 2007 software updates feature will fail on the client.

The following entries appear in the software updates log file WUAHandler.log:

[Group policy settings were overwritten by a higher authority (Domain Controller) to: Server http://server and Policy ENABLED]LOG

Solution

The software update point for client installation and software updates must be the same server, and it must be specified in the Active Directory Group Policy setting with the correct name format and with the port information (for example, http://server1.contoso.com:80 if the site system server is not configured to use a fully qualified domain name and is using the default Web site).

For more information, see How to Install Configuration Manager Clients Using Software Update Point Based Installation.

Hardware Inventory Fails If Client Switches Site Mode While BITS Installation Is Pending Reboot

When you switch the Configuration Manager 2007 client to a different site mode while the installation of Background Intelligent Transfer Service (BITS) is pending a restart, the client computer might not be able to send hardware inventory files to the management point. Entries similar to the following will appear in DataTransferService.log on the client computer:

DTS::AddTransportSecurityOptionsToBITSJob - Failed to QueryInterface for IBackgroundCopyJobHttpOptions. BITS 2.5+ may not be installed properly.

Solution

Restart the computer, and then reinstall the Configuration Manager 2007 client software.

Configuration Manager Client Remains Published to WSUS After You Uninstall a Site

When you uninstall a Configuration Manager 2007 site without first deselecting the option Enable Software Update Point Client Installation on the Software Update Point Client Installation Properties dialog box, the client will remain published as a software update in Windows Server Update Services (WSUS). If you then reinstall a Configuration Manager 2007 site with a newer client version and publish the client to WSUS, both client versions will be published.

Solution

Clear the check box Enable Software Update Point Client Installation in the General tab of the Software Update Point Client Installation Properties dialog box before uninstalling a Configuration Manager 2007 site. You can also use the WSUS console to remove published software updates.

For more information, see How to Install Configuration Manager Clients Using Software Update Point Based Installation.

 High Load on Fallback Status Point Caused by Client Resynchronization

Client resynchronization is triggered when the state message system believes that data is missing from a client computer. When a high number of resynchronizations occur, this might cause a backlog of state messages that adversely affects the performance of the fallback status point server and of the Configuration Manager 2007 site server.

To identify whether clients are undergoing resynchronization, use the following SQL query to discover how many clients have resynchronized in the last seven days:

select count(*) from v_ClientMessageStatistics where LastResyncIssuedTime > DateAdd( day , -7 , GetUTCDate())

For information about creating queries, see How to Create a Query.

Solution

Wait for the backlog to clear. Alternatively, consider changing the default throttle interval on the fallback status point to limit the number of state messages sent to the site server. For more information, see Determine If You Need to Configure Throttle Settings for the Fallback Status Point in Configuration Manager.

Cannot Approve or Block (or Unblock) a Client Outside Its Assigned Site

Manually approving and blocking (or unblocking) a client is not supported from sites other than the client's assigned site. These options are not available when you right-click clients from sites higher in the hierarchy than their assigned site.

Solution

Perform these actions from the client's assigned site. For more information, see the following:

• How to Approve Configuration Manager Clients
  
• How to Block Configuration Manager Clients
  

Client Communication Fails Because SPN Is Not Configured When Using a CNAME (DNS Alias) for Site Systems - Such as Distribution Points and Management Points

When Configuration Manager 2007 site systems are configured with a fully qualified domain name (FQDN) that is a CNAME (DNS alias) rather than the computer name registered in Active Directory Domain Services, the CNAME must be configured with a Kerberos service principal name (SPN) whenever Windows authentication is used. For example, Windows authentication is required in the following scenarios:

• Users initiate content download from distribution points on site systems configured with CNAMEs, and the content is not configured for anonymous access.
  
• The site is in mixed mode and configured with the option Automatically approve computers in trusted domains (recommended), and the management point site system is configured with a CNAME.
  

When Windows authentication fails in the preceding scenarios, the client records an HTTP 401 error in the log files Datatransferservice.log (for content download failures) and ccmexec.log (for automatic approval failures).

Note
If you see these 401 errors, even if the CNAME SPN is registered, it might be configured incorrectly. Re-register it using the procedure in the following solution.

Solution

For all site systems configured to use a CNAME, register the SPN using the Windows Setspn tool with the following syntax:

Setspn –A HTTP/CNAME_FQDN computername

The Setspn tool is included in Windows Server 2003 Support Tools. You can install Windows Server 2003 Support Tools from the Support\Tools folder of the Windows Server 2003 startup disk. By default, the support tools install in the folder C:\Program Files\Support Tools.

For more information about using SPNs with IIS, see the following article that explains how to use SPNs when you configure Web applications that are hosted on IIS 6.0: http://go.microsoft.com/fwlink/?LinkId=94785.

Important
If you have configured a network load balancing (NLB) management point with a CNAME, do not use this procedure for the cluster name. Instead, follow the instructions in the following topic: How to Configure an SPN for NLB Management Point Site Systems.

 Clients Connecting over VPN Cannot Install Software Updates or Run Advertisements

If clients assigned to the site can install software updates and run advertisements when they are directly connected to the intranet but not when they are connected over a virtual private network (VPN) connection, this is likely to be a configuration issue related to boundaries and the software update deployment or advertisement configuration.

If you haven't defined the VPN scope used by these clients as a boundary for their assigned site, the VPN connection will be considered to be within a slow network boundary. You will also see this issue if you have defined the VPN scope as a boundary but it is configured as a slow network boundary rather than a fast network boundary. In either of these scenarios, if software update deployments or advertisements are configured to not install for clients connected to a slow network boundary (the default configuration), VPN clients will not be able to access this content until they are connected directly to the intranet (on a defined, fast network boundary).

Solution

There are two possible solutions to this scenario. Select the solution that best meets your business requirements:

• If the VPN connection is fast and reliable enough that you want these clients to be considered as if they are connected directly to the intranet at their assigned site, configure a fast boundary. This will help ensure that they can always install advertisements and software update deployments available at their assigned site when they are connected over the VPN. Consult the VPN administrator to obtain a list of possible addresses for clients when they connect over the VPN, and use this information to create a fast network boundary with these addresses. Make sure that you are informed of any VPN scope changes so that you can modify the associated boundary information.
  
• If the VPN connection is not fast or reliable but selected software update deployments and advertisements are critical for VPN clients, reconfigure the software update deployments and advertisements. Configure them with the option to download content and run locally instead of the default option to not install when clients are connected within a slow network boundary. However, this can result in other clients also installing this content when they are roaming to another site if they fall back to asking their default management point for content.
  

For more information about configuring boundaries, see Planning Configuration Manager Boundaries and New Boundary Dialog Box.

For more information about when roaming clients fall back to accessing content at their assigned site from remote sites, see About Client Roaming in Configuration Manager and Example Roaming Scenarios for Configuration Manager: Simple.

The Message 'Validation data missing or invalid' Frequently Appears in PolicyAgent.log

When a client computer requests a user policy and finds that no policy updates are available, the message Validation data missing or invalid is generated in the log file PolicyAgent.log.

Solution

None. This is a benign error message and will not interfere with the operation of a Configuration Manager 2007 site.

Available Cache Space on Configuration Manager Client Computer Displays Zero

If the Configuration Manager 2007 client is installed using the DISABLECACHEOPT=TRUE installation property, the user is unable to change the size of the temporary program download (cache) folder. However, the Amount of disk space to use (MB) item in the Advanced tab of the Configuration Manager Properties dialog box displays the value of 0, regardless of the size the folder has been set to.

Solution

There is currently no solution or workaround for this issue.

References to "Error registering hosted class" in Client Log File CCMExec.log

After client installation and at every restart of the client, the following is logged in the file CCMexec.log:

Error registering hosted class '{E67DBF56-96CA-4e11-83A5-5DEC8BD02EA8}'. Code 0x80040154

For more information about client log files, see Log Files for Managing Configuration Manager Clients.

Solution

This log entry does not identify a problem with the client and can be safely ignored.

Enjoy,

Paddy

 

Group policy settings were overwritten by a higher authority (Domain Controller) to: Server http://server and Policy ENABLED]LOG

 

Computers Fail to Obtain Software Updates After Software Update Point Based Client Installation Is Configured

If Configuration Manager 2007 clients fail to obtain software updates from Configuration Manager and they have an Active Directory Group Policy setting configured for software update point based client installation, a likely reason is that the Active Directory Group Policy object is incorrectly configured.

The software updates feature automatically configures a local Group Policy setting for the Configuration Manager 2007 client so that it is configured with the software update point source location and port number. Both the server name and port number are required for the software updates client to find the software update point.

If an Active Directory Group Policy setting is applied to computers for software update point client installation, this overrides the local Group Policy setting. Unless the value of the setting is exactly the same (server name and port), the Configuration Manager 2007 software updates feature will fail on the client.

The following entries appear in the software updates log file WUAHandler.log:

[Group policy settings were overwritten by a higher authority (Domain Controller) to: Server http://server and Policy ENABLED]LOG

Solution

The software update point for client installation and software updates must be the same server, and it must be specified in the Active Directory Group Policy setting with the correct name format and with the port information (for example, http://server1.contoso.com:80 if the site system server is not configured to use a fully qualified domain name and is using the default Web site).

For more information, see Microsoft web site help How to Install Configuration Manager Clients Using Software Update Point Based Installation.

 

 

Enjoy,

Paddy

Anna NTR NT Rama Rao...Reach NTR

http://ntr.telugudesam.org

This web site included most of the NTR life and his movies & songs everything...

Enjoy,

Paddy

Love is slow poison...Wife is quick poison!!!

Love is slow poison...Wife is quick poison!!!

Love is a Sweet Poison Lover is a Honey Poison Wife is Quick Poison But Friend Ship is a Good Medicine

Enjoy,

Paddy

Client Agents

Client Agents

 

 

1. Hardware Inventory Client Agent
2. Software Inventory Client Agent
3. Advertised Programs Client Agent
4. Computer Client Agent
5. Desired Configuration Management Client Agent
6. Mobile Device Agent
7. Remote Tools Client Agent 
8. Network Access Protection Client Agent
9. Software Metering Client Agent
10. Software Updates Client Agent

Enjoy,

Paddy

Site Server Roles:-

Site Server Roles:-

 

1.       Site Server

2.       Site Database Server

3.       Configuration Manager Console

4.       SMS Provider

5.       Component Server

6.       Distribution Point (DP)

7.       Fallback Status Point(FSP)

8.       Management Point (MP)

9.       Pre-boot Execution Environment (PXE) Service Point

10.   Reporting Point (RP)

11.   Server Locator Point (SLP)

12.   State Migration Point (SMP)

13.   Software Update Point (SUP)

14.   System Health Validator Point (SHVP)

 

Enjoy,

Paddy

Predefined Maintenance Task Schedules

Predefined Maintenance Task Schedules

The following table displays the predefined maintenance tasks and their default schedules.

Maintenance Task	Enabled by default	Default schedule
Backup ConfigMgr Site Server	No	None.
Clear Install Flag	No	Sunday between midnight and 5:00 A.M.
Delete Aged Client Access License Data	No	Saturday between midnight and 5:00 A.M.
Delete Aged Collected Files	Yes	Saturday between midnight and 5:00 A.M.
Delete Aged Computer Association Data	Yes	Saturday, between midnight and 5:00 A.M.
Delete Aged Configuration Management Data	Yes	Saturday, between midnight and 5:00 A.M.
Delete Aged Discovery Data	Yes	Saturday, between midnight and 5:00 A.M.
Delete Aged Inventory History	Yes	Saturday, between midnight and 5:00 A.M.
Delete Aged Software Metering Data	Yes	Daily, between midnight and 5:00 A.M.
Delete Aged Software Metering Summary Data	Yes	Sunday between midnight and 5:00 A.M.
Delete Aged Status Messages	Yes	Daily, between midnight and 5:00 A.M.
Delete Inactive Client Discovery	No	Saturday between midnight and 5:00 A.M.
Delete Obsolete Client Discovery Data	No	Saturday between midnight and 5:00 A.M.
Monitor Keys	Yes	Sunday, between midnight and 5:00 A.M.
Rebuild Indexes	Yes	Sunday, between midnight and 5:00 A.M.
Summarize Client Access License Weekly Usage Data	No	Saturday between midnight and 5:00 A.M.
Summarize Software Metering File Usage Data	Yes	Daily, between midnight and 5:00 A.M.
Summarize Software Metering Monthly Usage Data	Yes	Daily, between midnight and 5:00 A.M.

 

 

Enjoy,

Paddy

WQL Query list reboot date timestamp X Days

WQL Query to list all of the machines that have a reboot date timestamp of more than x Day's

Select

Sms_R_System.Name,

Sms_G_System_Operating_System.LastBootUpTime

From SMS_R_System

Inner Join Sms_G_System_Operating_System

On Sms_G_System_Operating_System.ResourceId = Sms_R_System.ResourceId

Where DatePart(DD,Sms_G_System_Operating_System.LastBootUpTime) >= X

Enjoy,

Paddy

SCCM 2007 Setup Prerequisite Checks for Fresh installation for only Primary Site & SP1 Up gradation

 

 

 

 

 

Setup Prerequisite Checks

The Configuration Manager 2007 setup prerequisite check helps you determine what you have to do in order to prepare your environment to install or upgrade a Configuration Manager 2007 primary site, secondary site, or Configuration Manager console. The prerequisite checker notifies you of any warnings or errors encountered that would cause setup or an upgrade to fail. Tests that result in a warning do not prevent you from successfully upgrading to Configuration Manager 2007. However, it is recommended that you resolve the condition that generated the warning before continuing the setup or upgrade process. Tests that result in an error do prevent you from continuing the setup or upgrade process. You must resolve the condition that generated the error before continuing Configuration Manager 2007 Setup.

Prerequisite Check Rule	Severity	Rule Description	Rule Details
Administrative rights (Management point)	Failure	Verifies that the logged on user and site server computer accounts possess administrative rights on the management point computer.	Configuration Manager Setup requires that the logged on user and site server computer account possess administrative rights on the management point computer.
Administrative rights (Site system)	Failure	Verifies that the logged on user possesses administrative rights on the site system computer.	Configuration Manager Setup requires that the logged on user possess administrative rights on the site server computer.
Administrative rights (SQL Server)	Failure	Verifies that the logged on user and site server computer account possess administrative rights to the SQL Server computer.	Configuration Manager Setup requires that the logged on user and site server computer possess administrative rights to the SQL Server computer. Note If installing the site database on a SQL Server cluster instance, the logged on user and site server machine account require administrative rights to all SQL Server cluster instance node computers
Administrative shares (Site system)	Failure	Verifies that the required administrative shares are present on the site system computer.	Configuration Manager Setup requires that the Admin$ administrative share is present on the site system.
Domain membership	Failure	Verifies that the computer specified for installation is a member of a Windows domain.	Configuration Manager site server components can only be installed on computers that are members of a Windows domain.
NTFS formatted disk drives on Site Server	Warning	Checks for the existence of a FAT drive on the Configuration Manager 2007 Site Server computer.	Installing Configuration Manager components on FAT formatted disk drives does not provide the recommended level of security for site server installations. It is recommended that you only install site server components on NTFS formatted disk drives.
IIS Configuration (BITS installed)	Failure	Verifies that Background Intelligent Transfer Service (BITS) is installed in Internet Information Services (IIS).	Background Intelligent Transfer Service (BITS) is required for the management point and BITS-enabled distribution point site system roles.
IIS Configuration (BITS enabled)	Failure	Verifies that Background Intelligent Transfer Service (BITS) is enabled in Internet Information Services (IIS).	Background Intelligent Transfer Service (BITS) is required for the management point and BITS-enabled distribution point site system roles.
IIS Configuration (IIS service running)	Failure	Verifies that Internet Information Services (IIS) is running.	Internet Information Services (IIS) is required for some site system roles. If you have selected to install a site system role requiring IIS, and the IIS service is not running, this rule will fail.
IIS Configuration (WebDAV installed)	Failure	Verifies that Web-based Distributed Authoring and Versioning (WebDAV) is installed.	Web-based Distributed Authoring and Versioning (WebDAV) is required for the management point and distribution point site system roles. If you have selected to install a site role requiring WebDAV, and it is not installed, this rule will fail.
IIS Configuration (WebDAV enabled)	Failure	Verifies that Web-based Distributed Authoring and Versioning (WebDAV) is enabled.	Web-based Distributed Authoring and Versioning (WebDAV) is required for the management point and distribution point site system roles. If you have selected to install a site role requiring WebDAV, and it is not enabled, this rule will fail.
IIS Configuration (WWW Service installed)	Failure	Verifies that the World Wide Web (WWW) Publishing Service is installed.	The WWW Service is a core component of IIS and is required to allow Configuration Manager clients to communicate with management points and BITS-enabled distribution points.
Microsoft Management Console (MMC) version	Failure	Verifies that Microsoft Management Console (MMC) version 3.0 or later is installed.	MMC 3.0 is required to run the Configuration Manager console and must be installed before primary site or Configuration Manager console installations or upgrades. MMC 3.0 is available for download at: http://go.microsoft.com/fwlink/?LinkID=55423.
Microsoft XML Core Services 6.0 (MSXML60)	Failure	Verifies that the Microsoft Core XML Services (MSXML) version 6.0 or later libraries are installed.	MSXML 6.0 or later libraries are required for Configuration Manager console and site server installations.
Minimum .NET Framework version	Failure	Verifies that the Microsoft .NET Framework version 2.0 or later is installed.	The Microsoft .NET 2.0 framework or later is required for Configuration Manager site server installations. The Microsoft.NET Framework 2.0 is available for download at: http://go.microsoft.com/fwlink/?LinkID=56407
Security rights (Class Security Rights)	Warning	Verifies that any of the user names specified for Class Security Rights are less than 350 bytes long.	Class Security Rights user names must be less than 350 bytes long for a primary site upgrade to succeed.
Security rights (Instance Security Rights)	Warning	Verifies that any of the user names specified for Instance Security Rights are less than 350 bytes long.	Instance Security Rights user names must be less than 350 bytes long for a primary site upgrade to succeed.
Short file name (8.3) support (Site system)	Failure	Verifies that short file name support (8.3) is enabled on the site system computer.	Configuration Manager Setup requires that short file name (8.3) support is enabled on site system computers. More information about enabling short file name (8.3) support is available at http://go.microsoft.com/fwlink/?LinkId=106183.
Site control file processing backlog	Warning	Verifies that site control file changes are being processed in a timely fashion.	To ensure that data is not lost during the upgrade process, site control file changes should be being processed in a timely fashion. If this test does not pass, it could indicate that a component has stopped, has stopped processing data, or is unable to keep up with incoming traffic.
Software updates (KB911897)	Warning	Verifies that the software update associated with KB911897 has been installed.	An SMB file copy issue may occur if you have installed Internet Protocol version 6 (IPv6) on a computer running Windows Server 2003 SP1. More information about this update is available at: http://go.microsoft.com/fwlink/?LinkId=88863 Note You do not have to restart the computer after you apply this update.
Software updates (KB913538)	Warning	Verifies that the software update associated with KB913538 has been installed.	Configuration Manager site systems and clients may encounter WMI enumeration errors without this update. This update applies to Windows Server 2003 and Windows XP computers. More information about this update is available at: http://go.microsoft.com/fwlink/?LinkId=88864 Note You must restart the computer after you apply this update.
Software updates (KB914389)	Warning	Verifies that the software update associated with KB914389 has been installed.	This software update addresses several Server Message Block (SMB) vulnerabilities and should be applied before beginning Configuration Manager Setup. More information about this update is available at: http://go.microsoft.com/fwlink/?LinkId=79239 Note You must restart the computer after you apply this update.
Software updates (KB925335)	Warning	Verifies that the software update associated with KB925335 has been installed.	This update should only be applied to SQL Server 2005 SP1 database servers experiencing a specific error and is available by contacting Microsoft Online Customer Services. More information about this update is available at: http://go.microsoft.com/fwlink/?LinkId=88865 Note You do not have to restart the computer after you apply this update.
Software updates (KB925903)	Warning	Verifies that the software update associated with KB925903 has been installed.	Replication of large files across slow network links may result if this update is not applied to computers running Windows Server 2003 SP1. More information about this update is available at: http://go.microsoft.com/fwlink/?LinkId=88866 Note You must restart the computer after you apply this update.
Software updates (KB932303)	Warning	Verifies that the software update associated with KB932303 has been installed.	The WMI service may stop responding on Configuration Manager site systems with the .NET 2.0 framework installed. This update should only be applied to computers experiencing a specific error and is available by contacting Microsoft Online Customer Services. More information about this update is available at: http://go.microsoft.com/fwlink/?LinkId=93927 Note You do not have to restart the computer after you apply this update.
Software updates (KB940848)	Warning	Verifies that the software update associated with KB940848 has been installed.	A hotfix rollup package is available for Microsoft Management Console (MMC) in Windows Server 2003 that resolves an issue that can cause the MMC snap-in to exit unexpectedly or repairs drag and drop functionality. More information about this update is available at: http://go.microsoft.com/fwlink/?LinkId=98349. Note You must restart the computer after you apply this update.
Software updates (KB941132)	Warning	Verifies that the software update associated with KB941132 has been installed.	This update resolves an exception error on Configuration Manager site systems with the .NET 2.0 framework installed using 64-bit processors. More information about this update is available at: http://go.microsoft.com/fwlink/?LinkId=98350 Note You do not have to restart the computer after you apply this update.
SQL Server (Database collation)	Failure	Verifies that the SQL Server database collation settings of the tempdb database and site database to be upgraded are the same.	Configuration Manager requires that the SQL Server database collation settings of the tempdb database and site database are the same for daily site database operations.
SQL Server (Replication objects)	Failure	Verifies that the site database is not configured for replication and checks for replicated objects in the database.	Site databases cannot be upgraded when they are configured for replication. Before beginning the upgrade process, you should disable SQL Server replication if it is enabled.
SQL Server (Security mode)	Warning	Verifies that SQL Server is configured for Windows authentication security.	It is recommended to configure the SQL Server that will host the Configuration Manager site database to operate using Windows authentication security.
SQL Server (SQL Server version)	Failure	Verifies that the version of Microsoft SQL Server installed on the computer selected to host the site database meets the minimum requirement of SQL Server 2005 SP2.	Configuration Manager sites require SQL Server 2005 SP2 for site database operations to succeed.
SQL Server (Sysadmin rights)	Failure	Verifies that the user account running Configuration Manager Setup has been granted sysadmin SQL Server role permissions on the SQL Server instance targeted for site database installation. SOL Server sysadmin role permissions are required in order to create the site database and configure necessary database role and login permissions for Configuration Manager sites.	A SQL Server best practice is to remove the Builtin\Administrators group from the sysadmin role on installed SQL Server instances. If the Builtin\Administrators group has been removed from the sysadmin role, the user account running Configuration Manager Setup must be granted sysadmin role permissions for setup to succeed.
WSUS client installation package version	Warning	Verifies that the client installation package version published to WSUS is correct. Note This prerequisite check rule is not run during Configuration Manager 2007 SP1 Setup.
WSUS SDK on site server	Warning	Determines if the Windows Server Update Services (WSUS) administrator console is installed on the site server.	Configuration Manager software update points require Windows Server Update Services (WSUS) version 3.0 or later.

Configuration Manager 2007 SP1 Prerequisite Check Rule Descriptions

The prerequisite check rule name, severity, description, and details for additional setup prerequisite checks included in Configuration Manager 2007 SP1 Setup are listed in the following table.

 

Prerequisite Check Rule	Severity	Rule Description	Rule Details
SMS Provider communication	Failure	Verifies that the SMS Provider computer can communicate successfully with the site database computer.	Successful communication between the SMS Provider computer and the site database computer is required for site operations. A failure in this required communication can occur when the site database server is offline or if a valid SPN has not been registered in Active Directory Domain Services for the SQL Server instance hosting the site database. For more information about specifying an SPN for the SQL Server instance hosting the site database, see How to Configure an SPN for SQL Server Site Database Servers.
Installed version of WAIK	Failure	Verifies that the correct version of the Windows Automated Installation Kit (WAIK) is installed on the SMS Provider computer for the site.	Configuration Manager 2007 SP1 sites require that WAIK version 1.1 or higher is installed on the SMS Provider computer for the site. To resolve this error, uninstall WAIK from the SMS Provider computer, restart the SMS Provider computer, and run Setup again to have it automatically install WAIK 1.1. WAIK 1.1 can also be manually installed on the SMS Provider computer for the site and is available at http://go.microsoft.com/fwlink/?LinkId=115680.
WSUS 3.0 SP1 SDK installed on site server	Failure	Verifies that the Windows Server Update Services (WSUS) administrator console installed on the site server is at the WSUS 3.0 SP1 level.	If the WSUS administration console is installed on the primary site server computer, this check verifies that the WSUS configuration manager console installed is at the WSUS 3.0 SP1 level. Configuration Manager 2007 SP1 software update points require Windows Server Update Services (WSUS) version 3.0 SP1 or later. WSUS 3.0 SP1 is available for download at http://go.microsoft.com/fwlink/?LinkId=115678.
FQDN specified for site systems	Warning	Verifies that an FQDN is specified for site systems during site upgrade to Configuration Manager 2007 SP1.	During site upgrades to Configuration Manager 2007 SP1, installed site systems are checked to ensure that an FQDN has been specified. Not specifying an FQDN for site systems in mixed mode sites might prevent cross-domain client auto approval processes. When mixed mode sites are migrated to native mode, not specifying FQDN for site systems might cause client to management point communication errors.
Windows Server 2003–based schannel hotfix	Warning	Determines if the Windows Server 2003–based schannel hotfix is installed on the site server.	Without this update, a Windows Server 2003–based computer cannot make a Secure Sockets Layer (SSL) connection or a Transport Layer Security (TLS) connection to the out-of-band interface on an Intel Active Management Technology (AMT)–enabled computer. More information about this update is available at: http://go.microsoft.com/fwlink/?LinkId=116110. Note You must restart the computer after you apply this update.
Windows Remote Management (WinRM) v1.1	Warning	Verifies that Windows Remote Management (WinRM) version 1.1 or later is installed.	This update adds a new feature to Windows Remote Management (WinRM) for Windows Server 2003 and Windows XP Professional. This update also updates the version of WinRM that is included with Windows Server 2003 R2. WinRM improves hardware management in a network environment in which various devices run various operating systems. More information about this update is available at: http://go.microsoft.com/fwlink/?LinkId=116108. Note You do not need to restart the computer after you apply this update unless it is applied to a Windows Server 2003 R2 computer.
Microsoft Remote Differential Compression (RDC) library registered	Error	Verifies that the Microsoft Remote Differential Compression (RDC) library is registered on the computer specified for Configuration Manager site server installation.	Site servers and branch distribution points require Remote Differential Compression (RDC) to generate package signatures and perform signature comparison. RDC is not installed by default on computers running Windows Server 2008 and is not installed automatically during Configuration Manager Setup. For information about installing RDC on Windows Server 2008 computers, see How to Configure Windows Server 2008 for Site System Roles.
Share Name in Package	Warning	Verifies that the # character has not been used in software distribution package share names.	The # character is not a valid character for software distribution package share names and is not supported as a virtual directory share name character by IIS 7.0 included with Windows Server 2008.
Share Name in Distribution Point	Warning	Verifies that the # character has not been used in software distribution point share names.	The # character is not a valid character for software distribution point share names and is not supported as a virtual directory share name character by IIS 7.0 included with Windows Server 2008.