|
Hey everybody, new to the thread, but just thought I would say hi and offer my help when I can. Been working with SCCM since 2007 came out, right now I'm focusing on automating SCCM with Powershell. Also, I'll complain that my new job is doing SCCM in the most convoluted way ever. Every single thing is distributed through task sequences, with over 5000 machines literally nothing is standardized, there is no tracking of licensing, and because it's government we don't force any changes, which means we're still deploying IE6 to machines, and are planning on fully supporting both WinXP 32bit and Windows 7 64bit for the next 2 years at least. And despite a heavy focus on security, it takes us literally 2 months to update Flash.
|
# ¿ Dec 3, 2011 07:37 |
|
|
# ¿ Apr 23, 2024 18:40 |
|
quackquackquack posted:Everything else you listed is hosed up, but I personally think Task Sequences are the way to go most of the time. We're doing it because of the task sequence reporting, but DCM does that better anyway. Task Sequences work well for advanced installs but for simple installs its just extra work, not to mention not best practices.
|
# ¿ Dec 3, 2011 19:41 |
|
Is there a way to put a computer in a collection as part of a task sequence in SCCM?
|
# ¿ Dec 7, 2011 07:55 |
|
FISHMANPET posted:This might shed some light on it: The issue is that our AD queries are set to refresh every two hours at microsoft's suggestion, and with a reimage creating an obsolete record it takes up to 3 hours to get a computer completely rebuilt.
|
# ¿ Dec 8, 2011 23:13 |
|
Been watching SCCM 2012 videos all afternoon. I need it so bad.
|
# ¿ Jan 24, 2012 00:43 |
|
FISHMANPET posted:What should I be most excited about? Most importantly: it's not beefed up SMS 2003, it's a newly built system (Not just layered on top of Management Console.) Also, built in Endpoint Protection management, improved Software Update process, improved DCM. Client agent settings can now be set per collection. It's also able to do user based deployments, which I'm not that excited about, App-V works far better for that IMO. Lots more, but those are the main things I'm excited about. It's also a ton more user friendly, which is a completely foreign concept for SCCM.
|
# ¿ Jan 24, 2012 04:08 |
|
FISHMANPET posted:Ugh, the number of times I've deleted a folder in Software Packages instead of deleting a package... Oh geez, the terrible memories.
|
# ¿ Jan 24, 2012 04:31 |
|
Anyone want to explain to me how the SCCM database stores client information? If I delete a workstation from SCCM and then re-add it to reimage, it doesn't receive any of the old record's collection memberships, or advertisements (like is supposed to happen.) However, if I check an advertisement report, it has the history of any matching advertisements from the old record. Basically: Client machine receives Software A and B. Client machine record is removed, and then re-added as a new record. Machine is re-imaged. Advertisement report of new client doesn't show Software A or B. New client machine record is set to receive Software A only. Advertisement report of new client machine shows only Software A history. However, it shows the advertisement history of Software A from both the old and new record.<- (This is the weird part.) I am so confused. EDIT: I'm convinced it's a feature and not a bug. But my team isn't buying it because they have to scroll through more history. EDIT 2: Added reimaging step for clarity. Sudden Loud Noise fucked around with this message at 03:49 on Jan 26, 2012 |
# ¿ Jan 25, 2012 23:49 |
|
quackquackquack posted:Are you doing anything to the computer in between deleting and re-adding it? Re-imaging? Yeah I should have clarified. I delete the record, create the new record, add it to the imaging collection. I found that just adding the old record to our imaging collection created an obsolete record and added unnecessary time and issues to the rest of our software distribution (AD query collections mostly.) So, I tried deleting the old record then just creating a new one when a computer needs to be reimaged. And sure enough, it fixes all of our issues. However, someone pointed out that the bizareness of the reporting. Right now we're using computer name in our reporting, not the SMSGUID. I figured that it was actually using the SMSGUID like you mentioned, which is why the reporting situation I mentioned is so odd. My only theory: When I don't delete the record before a reimage, I get an obsolete client, which notifies reporting to ignore all of the history of the previous GUID. When I delete the record, create a new one, and then reimage I get no obsolete client. And any advertisements that are linked to the new GUID that match the old GUID are combined in the new report. But I haven't been able to find any documentation confirming or refuting this...
|
# ¿ Jan 26, 2012 03:45 |
|
quackquackquack posted:You're spot on about what is happening, but you're fighting "the way it should be". You can add a criteria to your collections that excludes obsolete computers if you really want them to stop showing up. But they're helpful to keep around for historical reasons. The issue was originally that our System Group Discovery was setup to occur once every 2 hours. All of our AD queries are setup to check OU's, which can't be populated through delta discovery, so in order to gather OU information we had to set Full System Group Discovery cycles to run at a shorter interval. Continuing the issues with using OUs, this also means that we can't use Delta Discovery in those collections, so we're doing full refreshes every 15 minutes. (This is kinda crucial in the case of our collections setup to set power settings. We were running into issues when a machine would go to sleep before it could receive the power settings, and never finish all of it's software distributions.) I mention these two things because I have a feeling they may be causing database issues that may be creating the new issue. When we re-image a machine without deleting the record beforehand now we're running into issues were neither machine record is getting marked as obsolete, and the new record isn't getting populated correctly into collections. Also, when we use the "make an obsolete" route, we can't track the process of the imaging process in our reports. When we delete the record first we can track the imaging process in our reports, as it goes. Sorry if I haven't answered very clearly. Couple of questions, you said "But they're helpful to keep around for historical reasons." What do you mean by historical reasons? How are you viewing the history of the obsolete records? I only ask because it seems like deleting the record first is actually more efficient at viewing client history even after reimaging. Sudden Loud Noise fucked around with this message at 05:47 on Jan 26, 2012 |
# ¿ Jan 26, 2012 05:40 |
|
quackquackquack posted:The "historical reasons" depends on what you need from reports. If software A failed to install to a computer, but once it was re-imaged, installed fine, I would like to keep the statistics. Although I admit, I don't understand this line: Honestly, I didn't know that you could view the client history of the obsolete client (if they're the same computer name.) Where is it? quote:As a side note, why SCCM for power management over GP? Although I love SCCM, there were a lot of times where GP was the better tool. I never got into using SCCM for power management, so I don't know if that's the case, but I'm curious. Apologies, I'm sure this is confusing. It's late.
|
# ¿ Jan 26, 2012 08:30 |
|
LoKout posted:I admit, this practice caused me some major headaches. Once I found out this wonder I had to touch all my existing collections. It also slows down collection refresh since you basically have to limit all collections to your healthy one. Pros and cons I guess. I only manage servers in my SCCM world, so the churn isn't very fast. Also it's a pretty small environment. Yeah, the tough situation we're in at the moment is that we're still in the process of fully implementing of SCCM, and if we cause issues or delays to the wrong people then a ton of our plans get thrown out by higher ups. So imaging quickly is absolutely key at the moment. Honestly the whole situation is an astounding mess, we have no control over the database (SCCM is being run on a cluster), or AD, we have no pre-production environment, we're not allowed to enforce Group Policies, or enforce any software licensing. If someone requests a Developer task sequence that literally requires $20k worth of licensing, and we have proof they don't have that licensing, we are still required to install it. My past job was so much smoother than this one, we actually had control of our environments. Which situation is more common? On topic question instead of ranting: Where is everyone looking to get information from obsolete clients?
|
# ¿ Jan 27, 2012 06:18 |
|
Anyone else's offices not using "Run Advertised Programs" and instead opt for Third-Party (I believe Dell) Right click tools to re-run advertisements from SCCM? Am I alone in thinking that it's absolutely stupid to completely ignore the "Run Advertised Programs" applet that SCCM is basically based around? The explanation is "Well we don't want users to be able to rerun advertisements." Then why not just hide the option from them in the control panel?
|
# ¿ Feb 15, 2012 07:49 |
|
My team lead yesterday: "Hey I need to uninstall the sccm administrator console from my machine. It didn't install correctly." Okay, just uninstall then reinstall it. I come in the next morning to find that the SCCM site has been removed from the server. "His machine" turned out to be our main test server. Installing the console on secondary site servers isn't supported. And trying to uninstall the console uninstalled all of sccm. It's definitely partially my fault but come on!
|
# ¿ Feb 16, 2012 19:04 |
|
Is there a good walk-through online for creating and capturing an image that includes software in the capture? (Updates, Adobe Reader, and Office are my first thoughts.) It's something that my boss wants but everyone on the team insists "It's too haaaaard. Let's just ignore what the boss is asking for and do it the way we're comfortable with. " I understand there is some difficulty in getting a perfect capture, but I refuse to believe that it should be completely written off.
|
# ¿ Feb 17, 2012 03:56 |
|
quackquackquack posted:That's what I call "thick imaging", and I recommend avoiding it. Assuming I understand what you're asking. It's actually the easiest of the types of imaging to do: create your 'master' machine, make it absolutely perfect, sysprep it and create an image. Thanks for the tips. It basically comes down to this: Management has given us an expectation that a computer can be reimaged from nothing (or broken) to ready to go with all the software that is needed in an hour and a half. Right now we've got it setup that we can do it. But it requires us to delete and recreate the computer record in SCCM before reimaging. We can go into the specifics of it (I think I addressed it a little bit in previous posts?) but basically it's the fastest way for us to get the process done smoothly. The new issue arrives that management has also requested that onsite technicians be able to reimage machines without any help from the deployment team. The same onsite technicians who are famous for accidentally deleting nearly 3500 computers from the SCCM database, and accidentally reimaging managers machines in the middle of presentations. So we give them rights to delete and create machines in SCCM in order to meet the 1.5 hour reimaging deadline. Seriously, it's time to start looking for another job. 5 years of SCCM done correctly, and 6 months of SCCM done incorrectly has made me hate this more than I can describe.
|
# ¿ Feb 17, 2012 05:04 |
|
quackquackquack posted:Oh, that was you. Yeah, I'm going to start looking into it once things slow down a little bit. Right now I'm stuck going through all of our task sequences to test Win7 compatibility, creating new powershell scripts for those 300 task sequences, and creating collections and advertisements for each of those task sequences. Gotta figure out a way to automate some of this.
|
# ¿ Feb 17, 2012 06:50 |
|
Per user stuff is the reason why AppV in conjunction with SCCM is an absolute dream. Speaking of dreams, wouldn't it be cool to have environments setup to be proactive instead of reactive? quackquackquack posted:Although I hear this has changed some in SCCM 2012, I early on stopped trying to have SCCM be an immediate tool. I wish I could somehow get management to understand this.
|
# ¿ Feb 18, 2012 09:04 |
|
lol internet. posted:Question: Do you really need to be a programmer to take advantage\learn powershell? I am terrible at scripting and learning computer languages. I've never taken a programming class or been trained in powershell. I've taught myself over the last 6 months and can do everything I need to and more. It's a really well built platform that makes a lot of really simple sense. And the built in help is pretty close to perfect.
|
# ¿ Feb 23, 2012 06:28 |
|
Does Microsoft have a definitive answer to the question: Should collections be software based or machine based? Should a collection have an advanced query to add all machines that should get a specific piece of software. Or should each group of computers have a collection with multiple advertisements. From what I can tell it's advanced queries vs. literally thousands of advertisements.
|
# ¿ Feb 25, 2012 01:39 |
|
lol internet. posted:Question about MDT\SCCM Task Sequences\Images. It's faster if the software is in the actual capture, since you're (essentially) just copying over files instead of running through setup programs. However there are challenges in creating that perfect capture. The talented people I worked with did software in the image. The people now... not so much. I'd like to figure out the ins and outs of getting a perfect capture myself.
|
# ¿ Feb 29, 2012 04:52 |
|
Swink posted:Any recommendations for full disk encryption for about 50 Win7 laptops? Other than Bitlocker I mean. Symantec Endpoint Encryption? But don't use it. Oh the horror. We've delayed deploying Windows 7 for two months because Symantec is apparently completely unable to give us a build that can be deployed successfully through SCCM. (Encryption is required by law for our laptops, and with over 2,000 laptops we can't do it by hand.)
|
# ¿ Mar 1, 2012 08:21 |
|
FISHMANPET posted:I had a problem with Symantec Endpoint Protection where it would install sucesfully but the package returns an exit code of 1, so SCCM thinks it failed. Could that be the case here? Nah, they have weird code in the msi that requires a user be logged in for the program to install. It's a known issue that they keep fixing then breaking.
|
# ¿ Mar 1, 2012 15:40 |
|
What's been changed in zenworks over the past five years? I switched over to sccm and AppV and have never looked back at the unholy abomination that was zenworks back then.
|
# ¿ Mar 1, 2012 18:42 |
|
We have some machines that haven't been reimaged for four years because we don't make it mandatory. It's absolutely maddening.
|
# ¿ Mar 1, 2012 23:10 |
|
Showed off Run Advertised Programs to my Supervisor and Manager today. They're amazed and confused as to why they didn't use it before. And I honestly have no answer for them. In the six months I've been here I've taken the imaging process from taking two days to complete, to 80 minutes. It would be awesome to get it done to under an hour. Feeling surprisingly good at my job today. Now I get to bear the hatred of the rest of the team because I'm showing off how an SCCM environment should work. But I do have a question: Does anyone work with encrypted systems? Right now we're using Symantec Endpoint Encryption on our laptops, the issue arises that if we start the imaging process from within Windows the WIM file is encrypted, so when the computer restarts and tries to use the encrypted data, the imaging process fails.
|
# ¿ Mar 16, 2012 03:29 |
|
FISHMANPET posted:I haven't used it myself, but apparently Bitlocker works pretty well with everything. I wish we could use Bitlocker. But we're stuck with terrible Symantec EndPoint Encryption for the foreseeable future.
|
# ¿ Mar 16, 2012 03:42 |
|
After running an OSD from "Run Advertised Programs" the advertisement status of other software advertisements isn't getting cleared out. So when we check the reports we see that program x was installed successfully, when it hasn't actually been ran at all since the reimage, is there anyway to clear the reports after a reimage? If we PXE booted it would create a duplicate record which solves the problem but no duplicate is created when we start the reimage from within windows.
|
# ¿ Mar 21, 2012 00:41 |
|
Swink posted:I maintain my reference images in esx. Being able to use snapshots makes it invaluable. Using workstation would be no different. You'll never go back to using a physical machine. Seriously. In my new/current job we don't use VMs at all. And we're testing software deployments. We have a lab of 60 computers to do the work of 5 VMs. It's a complete joke.
|
# ¿ Apr 1, 2012 20:09 |
|
My new Enterprise Windows Management is going to be Microsoft's Enterprise Windows Management. 500,000+ machines. I'm terrified.
|
# ¿ Apr 14, 2012 22:34 |
|
I think I found my new workstation: Specs: HP ProLiant BL465 G7 (4) (16 processors, 192 cores and 2048 GB memory) Total (396) 146GB 15K SFF disks, 57 TB raw capacity In reality, just plug-in power and 4 10g ethernet connections and you've got your cloud in a box! MMS is such a fun time.
|
# ¿ Apr 18, 2012 04:00 |
|
They're running the MMS lab VMs on it. 12,000 VMs that are all reprovisioned every hour, in less than ten minutes.
|
# ¿ Apr 18, 2012 18:39 |
|
FISHMANPET posted:We use it for student labs, so once they use up their quota they're SOL, but Papercut doesn't get in the way when they try and print something big. The students start out with a mindset of "this is my money to spend" which sounds like not the viewpoint you're coming from. "Oops I accidentally printed this textbook out in color and used up my entire quota. Can you refund my pages and let me keep the book I printed?"
|
# ¿ Apr 30, 2012 07:43 |
|
Serfer posted:Ok, I've been beating myself up a little, and I'm trying to use SCCM to deploy a large piece of software, but we don't have distribution points in every office (lack of disk space at remote locations is what it boils down to). We do however have software shares in every office that contain some of the software I would like to deploy. It's become painstakingly obvious that I can't tell an SCCM program entry to run something from a UNC or drive letter because the system account can't access the share, and I can't really have it run under the user account due to UAC issues. Is there some trick to being able to run software from a share that I'm missing, or is it basically impossible, and I should break down and setup DP's in every office? Do you have BITS enabled?
|
# ¿ May 23, 2012 04:41 |
|
jlboan posted:Yesterday I deployed some software with SCCM 2012. I used the “Applications” section instead of packages, and deployed a custom built msi file. The software installed fine on the clients and is up and running, but in SCCM it still shows all of the machines in the “In Progress” stage with “No additional information” listed in the asset details on each machine. I’ve run the summarization a few times, rebooted the clients, and used SCCM client center to force software inventories, but its still just stuck In Progress. Is this just my crappy MSI not reporting that it’s done, or is there something else to it? Always include logging in your msi command lines, it will save you dozens of hours of heartache. I've never seen stuff get stuck in progress, so I'm inclined to say it's the msi. Also, if I'm not mistaken, forcing a software inventory won't do much, most information is sent during hardware inventory. Related: The technical documentation for 2012 is available for download. 2000+ pages of light reading. Also breaks down the new log files if you've been trying to find that information. http://www.microsoft.com/en-us/download/details.aspx?id=29901 Sudden Loud Noise fucked around with this message at 16:15 on Jun 3, 2012 |
# ¿ Jun 3, 2012 16:02 |
|
devmd01 posted:jesus christ i'm loving done with SMP, gently caress Symantec.. In my previous job we had to delay our Windows 7 deployment for months because Symantec literally could not figure out how to make a 64bit msi. They are the worst tech company that I have ever dealt with.
|
# ¿ Jun 5, 2012 06:29 |
|
FISHMANPET posted:So a problem I'm having with SCCM deployment. I've been forced to switch to imaging computers rather than build from scratch, because of pesky Broadcom drivers. So I've got a task sequence to make the image which works just fine, except when I deploy the image it doesn't ever checkin properly with the SCCM server. SCCM detects it through AD discovery, but on the client I have to manually run one of the actions (and the only that show up are "Machine Policy Retrieval & Evaluation Cycle" and "User Policy Retrieval & Evaluation Cycle." This creates a new entry for that machine, which I then have to approve in the ConfigMgr console. Is the SCCM client built into the image, or is it part of the task sequence?
|
# ¿ Jun 15, 2012 05:22 |
|
FISHMANPET posted:So how should I be deploying the client? Right now I've got a build & capture task sequence that installs the client with some properties that allow the machine to install updates without being on the domain. So I'm pretty sure that's required. Then in the deploy image sequence I install it again, should I take it out of that step? Yeah, I've seen it done both ways, but never both ways together. Have it in the captured image (minus certificates) or have it install after your image gets applied to the client machine. Honestly the number of ways to do imaging with SCCM just seems to keep expanding, I can't keep up with which way is best. Although I do know there isn't a single right answer for every environment. I hate imaging.
|
# ¿ Jun 21, 2012 08:00 |
|
skipdogg posted:Thanks for the info, 2012 seems like a completely different product from 2007 I'm using both 2007 and 2012 at the moment. If it's any consolation, once it's up and running 2012 is vastly easier to manage everything. Oh and do yourself a favor and learn Orchestrator so you never have to work again.
|
# ¿ Jul 26, 2012 02:29 |
|
|
# ¿ Apr 23, 2024 18:40 |
|
The switch from packages to applications in 2012 can either be absolutely amazing, or some of the most frustrating work ever. The self service portal can cause support nightmares if you haven't setup your applications perfectly. Make sure you have your detection and app requirements set correctly. App logic should not be difficult at all, but it seems like there is a bit of a learning curve. Most of my day is troubleshooting app models, and it really comes down to you can't cut any corners in your logic.
Also, whoever encounters "CI Version Info Timed Out" issues in deployment reports, we can be best buds and share horror stories.
|
# ¿ Aug 10, 2012 04:19 |