|
Haha, no worries. The SCCM console is laid out like Boston city streets.
|
# ? Jul 20, 2010 14:55 |
|
|
# ? Oct 7, 2024 12:25 |
|
FISHMANPET posted:gently caress we are such idiots how did we never see this. I thought I'd looked in that section already, but I forgot to actually use my eyes. Don't worry about that. I've been using SCCM for several years now and I still go "where is that..." and then spend 20 minutes clicking through folders and subfolders only to remember that it's actually in a context menu. I use PXE so I have an extra step for drivers. For boot required drivers, I have a package called "Boot Drivers"--primarily NIC and HDD controller drivers in both an X64 and i386 version. That makes it really easy to add/remove drivers from the boot image. Then I have a package for each model of hardware in both 64 and 386 flavors. Like NOEL, I have WMI conditions (SELECT * from Win32_Computer System WHERE chasis LIKE %XW4400%)* that let the task sequence select what driver package to use. As for advertising task sequences, what I do is create a container for my test machines like "Testing Win 7" and just advertise my test task sequences to those. Then I don't care about losing the advertisements/log history/etc. As a tip that took me over a year to figure out : You can create folders under Advertisements. It's a lot easier to keep your permanent advertisements separate from your short term ones/testing ones. *If someone could give me a cleaner way to write that, I'd love you forever) Ninja edit: Damnit, didn't realize there was a second page.
|
# ? Jul 20, 2010 15:40 |
|
I've been messing around with SCE 2010 and it's pretty cool from what I've seen so far, but I'm having the hardest time getting it to recognize anything to do with our Exchange environment.
|
# ? Jul 20, 2010 18:18 |
|
This is what I use for WMI conditions: SELECT * FROM Win32_ComputerSystem WHERE Model LIKE "%OptiPlex 380%"
|
# ? Jul 20, 2010 19:42 |
|
devmd01, what version of Altiris you running? 6.9? As a NS7 user (NS7.x with DS7.1) I would love to go back to DS6.9. I guess I could, but at this point i may as well keep trucking through 7.x hoping that we re-license it and get to push it out corp. wide. (~10,000 nodes if we pushed it to the US). Reporting and compliance are awesome, but the console is slow as hell. Once the console can be run on a 64bit 2k8 server, it should be speedy as hell (with a 64bit SQL 2008 instance running that is). We will see though.... long term crap there.
|
# ? Jul 20, 2010 22:57 |
|
Noel posted:This is what I use for WMI conditions: HPs seem to like to keep their model information in Chasis (or at least the XW 4400s I have) If you query Model you usually get "Hewlett-Packard Desktop" or "Compaq Laptop" Not exactly sure why, but it was one of the most frustrating things trying to figure out. On the plus side, I got a pretty good grasp on WMI thanks to it.
|
# ? Jul 20, 2010 23:29 |
|
zero0ne posted:devmd01, 6.8 Build 378 SP2. We only use the Deployment Console as we have just purchased DS licenses since the initial setup, not NS/DS licenses. Our NS is a total clusterfuck anyway, there's no way to get any useful information out of it short of purging the entire database, uninstalling company wide, and only installing it on machines we need software inventory on. Like I said, our CIO is a cheapass and refuses to pay for maintenance support, so we don't have access to upgrades.
|
# ? Jul 21, 2010 14:03 |
|
I finally managed to get a task sequence all by myself to actually install the loving operating system!
|
# ? Jul 21, 2010 19:17 |
|
So is SCCM going to give me anything that I'm not getting in WSUS 3.2 as far as MS updates are concerned?
|
# ? Jul 21, 2010 20:07 |
|
BooDaa posted:So is SCCM going to give me anything that I'm not getting in WSUS 3.2 as far as MS updates are concerned?
|
# ? Jul 21, 2010 20:18 |
|
Wow, thanks Ricoh, your drivers suck. The Dell provided driver extracts to... another executable, and that doesn't extract to anything. So I guess no INF for SCCM to push out.
|
# ? Jul 22, 2010 00:02 |
|
When you run the second executable, does anything pop up in a temp folder?
|
# ? Jul 22, 2010 00:09 |
|
FISHMANPET posted:Also, feel free to hijack this thread for other Enterprisy Windows talk, since there don't seem to be any threads for such things. Will do! But seriously, thread title should indicate we have a new Megathread to attract other admins. Anyway, to my problem: I'm tasked with fixing our backups. I'm supposed to use less space and media while backing up the same amount of data and our slowly growing file server. As one bullet point I suggested using DFS Replication and VSS to (1) eliminate storing multiple daily backups of our 1.5TB and growing file server and (2) provide some redundancy that isn't a USB attached hard drive that sometimes isn't mirrored. The IT Director apparently had some of this in place previously but ran into issues related to running 32-bit Server 2003. As for DFS-R, he mentioned that "1.5TB is a lot to push through Active Directory". Now it's been a while, and I somewhat recalled that DFS-R utilized AD in some way, so I left to do some research and find out what he's talking about, but haven't been able to find anything yet. I've got a better idea of how DFS works, but found nothing that would tell me that a AD on a DC is solely tasked with reading and replicating all the files. Does anyone know what he may be talking about, or can point me to the technical document that will explain it?
|
# ? Jul 23, 2010 16:17 |
|
Drighton posted:Will do! But seriously, thread title should indicate we have a new Megathread to attract other admins. Supporting this. Anyway, I'm experimenting with using SCCM to push out Windows Updates. We have a WSUS server we used for this before getting into SCCM and I've added that server as a Software Update Point in SCCM and configured everything else in SCCM. I'm abit confused when it comes to client configuration though. As far as I've gathered from various google searches, you're supposed to have "Configure Automatic Updates" set to "Disable" in your GPOs and to remove the intranet server (can't remember the policy name right now) and it will be added back as a local policy by SCCM. I've done this, and communication with the server seems ok. However, I never get the Software Update Agent UI showing up. I've checked the WindowsUpdates.log file in %WinDir% on clients, and it correctly checks for updates from the correct intranet server, except it never starts actually deploying the updates. If I remove the "Disable" policy and set it to automatically install updates, it still goes to the intranet server and downloads updates - then installs them, but via the Windows Update UI and that's not what I want. Any tips?
|
# ? Jul 23, 2010 21:05 |
|
Any suggestions for a thread title? My unimaginitve idea is "Tell me about your Enterprise Windows management, Megathread edition!" Onto other things, I've figured out how I want to deploy the OS to my clients. Since we have so many hardware types I'm not going to bother to capture an image, just build it on each machine. I'm trying to figure out how to install software. I don't want to put an explicit "install this package" for each of our 10 basic packages into each task sequence (I'm going to have a task sequence for each hardware models) because that makes it a huge pain in the rear end when a new version of Firefox comes out. Right now I'm just advertising everything to the client as regular software and hoping it gets picked up. What I'd really like to do is have a task sequence to install core apps (We already have this actually) and have my deployment task sequence run that task sequence for me, so I would only ever have to update the core apps task sequence and keep all my builds up to date.
|
# ? Jul 23, 2010 22:10 |
|
FISHMANPET posted:I don't want to put an explicit "install this package" for each of our 10 basic packages into each task sequence (I'm going to have a task sequence for each hardware models) because that makes it a huge pain in the rear end when a new version of Firefox comes out. Wouldn't you just update your "Firefox" package and not have to do anything with task sequences since they would just include the updated package?
|
# ? Jul 23, 2010 22:37 |
|
FISHMANPET posted:Any suggestions for a thread title? My unimaginitve idea is "Tell me about your Enterprise Windows management, Megathread edition!" Windows Server Megathread? I don't think it'd have to be too specific and list all the versions we're allowed to talk about or anything like that. Maybe just a little something to set it apart from the Home Server thread. Anyway, that would at least be a start. Then someone would have to create a better OP for the megathread, perhaps with links to the other specialized megathreads.
|
# ? Jul 24, 2010 00:55 |
|
quote:I'm going to have a task sequence for each hardware models Don't do this. Instead, overload a single task sequence. Make a driver package for each model, and in the task sequence add a "Apply Driver Package" step for each driver package you made. Use a WMI query as a condition on each "Apply Driver Package" step so that the right computer gets the right drivers. Here's a page that somewhat describes it: http://blogs.technet.com/b/deploymentguys/archive/2008/02/15/driver-management-part-1-configuration-manager.aspx This way you only have to modify a single task sequence.
|
# ? Jul 24, 2010 02:02 |
|
zapateria posted:Wouldn't you just update your "Firefox" package and not have to do anything with task sequences since they would just include the updated package? Noel posted:Don't do this. I never would have thought about that. I'm assuming that WMI data gets pulled from the hardware itself, so I don't have to do anything myself?
|
# ? Jul 24, 2010 02:27 |
|
WinPE can query WMI when running a task sequence. That link I posted goes into pretty fine detail. So for our staff Vista task sequence, all I ever modify is updating applications, and adding a new driver package when a new model computer comes along. SCCM gets a lot easier once you have the "base" set up.
|
# ? Jul 24, 2010 02:33 |
|
Noel posted:WinPE can query WMI when running a task sequence. That link I posted goes into pretty fine detail. Well in that case it wouldn't at all be a big deal to make a new package for software update, because I only update it once. E: If I have a group for machine specific application installs, and give it a WMI query, it will only run it's sub tasks if the WMI query is true, correct? E2: A closer reading reveals my assumption to be correct. FISHMANPET fucked around with this message at 03:01 on Jul 24, 2010 |
# ? Jul 24, 2010 02:50 |
|
Does anyone have any good recommendations or suggestions for mass administration over a hundred seperate domains on completely seperate networks? SCCM is awesome and I actually used to deal with SMS when I worked for EDS, unfortunately it's not a valid possibility or at a cost that is suitable for our clients (say 100 small businesses). Plus the administration on each domain would take forever. WSUS we currently keep the configuration on one central machine and push it to all domain servers so patch management isn't too much of an issue. Keeping things like Firefox/Adobe Reader/Flash Player up to date though is an absolute nightmare so any suggestions would be more than welcome. Any suggestions to better admin so many domains would be welcome also.
|
# ? Jul 26, 2010 00:20 |
|
There's a huge number of multi-tenant management products out there for managed service providers. Kaseya, N-Able, Level Platforms and ManageEngine are the most popular that I'm aware of, though I haven't used any personally, being a Linux admin that does not work for an MSP.
|
# ? Jul 26, 2010 15:36 |
|
Trinitrotoluene posted:Keeping things like Firefox/Adobe Reader/Flash Player up to date though is an absolute nightmare so any suggestions would be more than welcome. I would love a better way to go about this too. I have just been doing GPO push installs for Reader, Flash and Java.
|
# ? Jul 26, 2010 15:52 |
|
FISHMANPET posted:Wow, thanks Ricoh, your drivers suck. The Dell provided driver extracts to... another executable, and that doesn't extract to anything. So I guess no INF for SCCM to push out. Are you sure? One of the best tools I ever had for setting up SCCM "anything" was UniExtract. Universal Extractor. Just right click any installation .exe (or virtually any archive at all) and choose "Extract here". Viola, you have all the files you need without the stupid Temp folder hunting bullshit.
|
# ? Jul 26, 2010 17:11 |
|
Dyscrasia posted:I would love a better way to go about this too. I have just been doing GPO push installs for Reader, Flash and Java. I'm not sure I understand why SCCM would not be appropriate. You would set up primary site in each customers domain and go from there. SCCM itself isn't that expensive and the client licenses can be had real cheap if you buy a shitload at once from MS... I'd be doing a real CAPEX if I were in your shoes instead of asking on the net but I know accounting isn't particularly exciting... I find a lot of techs say things like this with confidence but haven't done anything but have some vague thoughts about the matter - doing some sums on paper can actually surprise you sometimes!
|
# ? Jul 26, 2010 17:16 |
|
I dont know what the budgets are for everyone out there (mine is smalllllll) but we are using a KASE setup right now (Dell let me borrow it for free for 30 days to dick with it). Pretty nice setup. Essy web interface. A fuckton easier than SCCM and SCOM. Lets you set up imaging, network image deployment, upgrading and software pushes. Also has a great option i am quickly falling in love with "Auto-uninstall." So you start listing poo poo like browser tool bars and iTunes. It checks every computer every 15 minutes. IF it sees anything on the no-no list it just uninstalls it. People keep calling me saying their "MyWebSearch" tool bar keeps disappearing, no matter how many times i have sent out memos saying "DON'T loving INSTALL THAT poo poo." Anyway price wise its 11K per box to buy and then 250 nodes for 500 bucks a year per box. so 1000 a year for 250 nodes and 22k startup for both boxes. Not too bad compared to SCCM and SCOM.
|
# ? Jul 26, 2010 19:59 |
|
marketingman, that tool worked for the Ricoh drivers, but not for 2 other drivers. Oh well, every little bit helps. Anyway, does anybody have a problem with SCCM where it stops advertising to a client? I was all excited to day to troubleshoot this laptop, and after one sucesful reimage, it doesn't get any advertisements anymore. I've had to delete the machine and re-add a computer association, now it sees everything again. What gives?
|
# ? Jul 26, 2010 22:28 |
|
Did you try updating the collection membership? I recently ran into the same thing - I got an error in the console when I tried to check the properties of a computer. A membership update solved that problem, and the problem of no advertisements being available.
|
# ? Jul 26, 2010 23:40 |
|
Yeah SCCM will do that but it all comes down to the settings you have set. Once it thinks the advertisement ran and was successful, it will stop attempting to do it. You need to click the "Force" tickbox in the advertisement to have it rerun. Also if you haven't already done it or realised, using the inbuild collections for advertisements is foolish at best, and can cause huge headaches at worst. Create collections that take their membership information from an AD security group. Now, remove anyone but senior admin access to SCCM, and for anyone that wants Firefox deployed to a particular machine tell them to make that computer a member of the Firefox security group. User left and PC needs zeroing? Remove computer object's membership to everything, easy. Take this idea to it's conclusion, this is just the start. In your dev env you can have SCCM doing an AD discovery every 5 minutes. In Prod it depends on your prod environment but I would still have it fairly often (once every hour or two?). Muslim Wookie fucked around with this message at 06:26 on Jul 27, 2010 |
# ? Jul 27, 2010 06:23 |
|
marketingman posted:Create collections that take their membership information from an AD security group. Yes, this. Even just from a user interface point of view, AD groups are so much better to manage than SCCM collection membership rules.
|
# ? Jul 27, 2010 14:56 |
|
Noel posted:Yes, this. Even just from a user interface point of view, AD groups are so much better to manage than SCCM collection membership rules. Nthing this, but you don't need to create sec groups if you're anal about your AD structure. I will agree with marketingman that under no circumstances do you want to use the default collections. I've actually deleted most of them from mine. The collections in my SCCM pretty much mirror the OUs in my AD structure. code:
Each collection/sub-collection has a membership rule that uses System Container Name, so it creates the collection based on what machines are in what OU. I've got different GPOs that have to go out to different departments, so it was already set. I've got an overloaded single image which plops the computer in the OU for the department it's being imaged for. To go along with KenMorningStar comments on uninstalling software, you can do that with the software baseline configuration. If I move it to a different OU (sales person moves to customer service), it'll apply the baseline for CS which will remove the Sales software and add the CS software--all based on OU. It is a bit more complicated than Kase, but there's not a single toolbar on my network.
|
# ? Jul 27, 2010 19:15 |
|
I use security groups with SCCM because we tend to attach licenses to usernames. This also means one user can jump onto another computer and install all their "usual" suite of software. I usually put in some mechanism to prevent users using software that's installed that they aren't cleared for. If everyone in a department used the exact same set up then I might go for the collections only method.
|
# ? Jul 28, 2010 11:19 |
|
Alright, who has messed with WDS and DISM? I am trying to get nic drivers integrated into capture/deploy PE images. Using Windows 7 32Bit boot.wim. Followed the updated tutorials in the documentation and others I found online. I have the correct drivers, as manually loading them once pxe booted works just fine. Once I go through the integration steps to update the image, nothing. Any ideas?
|
# ? Aug 2, 2010 16:51 |
|
I have a SCCM OSD Task Sequence in which I want to set DNS in the resulting OS, but otherwise use DHCP. During the OSD I am happy to use the DHCP settings. The 'Apply Network Settings' step does not seem to do anything if I stick an extra one at the end of my Task Sequence (ie: not within WinPE) and tell it to configure the adapter with static DNS settings, even though Technet implies this is possible. In the smsts.log everything looks great, but when I check the settings post OSD they are not changed. Thoughts? quackquackquack fucked around with this message at 18:12 on Aug 3, 2010 |
# ? Aug 3, 2010 18:07 |
|
netsh: 1, SCCM Technet documentation: 0
|
# ? Aug 3, 2010 20:46 |
|
The tools I have available for these questions are SCCM and a Server2008 domain. I want to discover the size of the local profiles on the desktops in my organization - I'm curious how much storage we would need if we used roaming profiles. I know that in the System control panel it tells me, but I'm not sure where that is stored. I suppose I could use a script + mof edit. Or File Collection. I also want to parse the contents of each computer's local administrators group. Preferably this would be stored with each computer in SCCM (in the same way it currently shows what AD groups each computer is in). This one might also turn out to be a script + mof edit.
|
# ? Aug 6, 2010 21:57 |
|
For option number 2 download Hyena and use that - it will make life a lot easier. For option number 1, you can use Hyena or you can use the inbuilt SCCM reports, either option will need some customisation ie scripting.
|
# ? Aug 7, 2010 04:59 |
|
Here's a fun fact that stumped me: Each Driver package needs a unique data source. The guy who set it up assumed that SCCM would be smart enough to segregate the driver files, and only download the right stuff to the client. Wrong. It just blindly downloads whatever is in that directory to the client and tries to apply it all. Also, it looks like if you delete a driver from the database without first deleting it from the package, it stays in the package forever. So make sure each of your driver packages has a unique data source folder. Now a question: Is there a way to rename the advertised name of packages? I love that you can be super specific with the name, but nobody really cares that they're installing "Skype Technologies S.A. SkypeTM 4.2 4.2.169 Enlish (United States) - Per-system unattended." They just want Skype.
|
# ? Aug 9, 2010 22:49 |
|
|
# ? Oct 7, 2024 12:25 |
|
Use "Apply Driver Package" instead of "Auto Apply Drivers". Better to have control over what is happening. I think SCCM should just handle the driver package location in the same way it does for other packages. That did seem a bit strange. I have not seen your issue with drivers sticking around forever after they are deleted. It just disappears from the driver package for me, and when I tell the driver package to update, it's no longer there, either. I was unable to find a way to rename advertisements. I agree, it is annoying. I try and make a Task Sequence for just about everything I deploy. It gives the end user a pretty window to look at without having to allow interaction with the program installer. It allows me to name it whatever I wants.
|
# ? Aug 9, 2010 23:07 |