IT Consultant Everyday Notes

Just some problems/solutions storage

Category Archives: TechEd

Notes from TechEd 2014

I am back from TechEd 2014, it was in Houston this year. It was more people comparing to MMS, less sessions directly related to System Center, but still enough interesting content.

Here are my notes from the sessions:

Pre-Conference Session with Johan and Kent:

SCCM management – built-in management does not always work; it is recommended to use SQL backup and index rebuild procedures – more here: http://ola.hallengren.com/sql-server-index-and-statistics-maintenance.html 

It is recommended to create a separate DB for maintenance first instead of using MASTER (default)

Microsoft RTM’ed SCCM Client Support Center http://blogs.technet.com/b/configmgrteam/archive/2014/05/06/system-center-2012-configuration-manager-support-center-tool-has-been-released.aspx – the tool can be used for Client-side troubleshooting and collecting data for analyzing either with a special viewer or to send to MS

New SCCM Toolkit for 2012 R2 includes (with other tools)

– Library Explorer to browse Single Store Content Library to understand where the files are located

– Distribution Point Queue Manager to troubleshoot content distribution

Other tools

CoreTech Package Source Changer – http://blog.coretech.dk/jgs/coretech-package-source-changer/      Can be used during migration if sources are located on local drives and need to be changed to UNC

SCCM Client Network Traffic Estimator: http://blogs.technet.com/b/manageabilityguys/archive/2013/04/22/system-center-2012-configuration-manager-client-network-traffic-estimates-series-part-1-of-3.aspx

Kent’s SCCM SQL recommendation: http://blog.coretech.dk/kea/system-center-2012-configuration-manager-sql-recommendations/

 

Advices from MVPs:

1. Give generic names to folders (they are visible to everybody), limit visibility using security scopes

2. Use MDT to create a reference image. Benefits;

– quicker

– more universal (no SCCM Client installed), can be used for SCVMM, VDI etc..

– MDT installs apps as Administrator, so the Administrator profile will be created and CopyProfile feature can be used to copy preset configuration to Default profile (SCCM acts as SYSTEM and Administrator Profile won’t be created).

3. Do not install too many updates using SCCM, may fail. Do not use offline image update feature with SCCM – for the same reason. Recommended way to get your system fully partched:

– Create a reference image in MDT using a dedicated WSUS for updates. WSUS works fine with any number of updates

– Deploy the reference image to a target machine and add SCCM “Install Software Updates” step in Task Sequence. In this case SCCM will install only updates missed in the ref immage

4. If MDT is installed on a Server or Windows 8 you cna use Hyper-V  for fully automated gold image creation (Create a reference VM, bound a media created with MDT on it, start VM an execute the TS, capture the image and destroy VM). More information in Johan’s blog: http://www.deploymentresearch.com/Research/tabid/62/EntryId/172/Deploying-a-reference-image-VM-fully-unattended.aspx

5. Use UDI with MDT TS if dialog is necessary for OSD

6. Use email notification for approval process – Kent’s blog: http://blog.coretech.dk/kea/enabling-email-approvals-for-your-requested-applications-in-configuration-manager-2012/

7. To wrap applications (allow pre-installation dialog with a user): PowerShell Application Toolkit: https://psappdeploytoolkit.codeplex.com/

8. Software Updates

– Collection structure creation – Script from Kent:

– Create Automatic Update Rule to create an update Group Monthly and download Updates

– Create Templates for deployments for Workstation, Servers Automatic (with Maintenance Windows) and Server Available

– Use Coretech Software Update Management tool: http://blog.coretech.dk/kea/the-coretech-software-update-management-tool/

– Uninstalll updates Automatically using a script: http://blog.coretech.dk/jgs/vbscript-uninstall-updates-on-winxpwin2003-win7-and-win-2008-r2-automatically/

Third-party updates:

        Catalogs: Shavlik, PatchMyPC

        Cloud-based: Secunia,

-Montly Report: http://gallery.technet.microsoft.com/Configmgr-2012-SSRS-Report-34fd6d87

-Cleanup: Script to remove expired updates from source folders: http://blogs.technet.com/b/configmgrteam/archive/2012/04/12/software-update-content-cleanup-in-system-center-2012-configuration-manager.aspx

 

 

9. OSD

Custom RBAC role to import computers: http://blogs.technet.com/b/inside_osd/archive/2012/04/30/custom-role-based-administration-for-importing-computers.aspx

 

 

10. Shutdown tool (in case you need to stop some services before application installation): http://blog.coretech.dk/kea/new-version-of-the-coretech-shutdown-tool/

11. Registry key to MOF:  http://myitforum.com/cs2/files/folders/proddocs/entry152945.aspx5. Populate SCCM database with fake clients: http://thedesktopteam.com/blog/raphael/sccm-2012-cm12r2registrationrequest/ (for testing purposes Smile )

12. SCCM2012R2 HealthCheck tool: https://www.rflsystems.co.uk/sccm-2012-r2-healthcheck-toolkit/

13. Windows To Go: MDT can be used to prepare WTG stick. This stick can be tested being connected to an empty VM as a pass-through disk.

14. Microsoft published a hotfix allowing to clean old updates from WINSXS folder to make image smaller. Of course the update cannot be uninstalled after that!  : http://blogs.technet.com/b/askpfeplat/archive/2014/05/13/how-to-clean-up-the-winsxs-directory-and-free-up-disk-space-on-windows-server-2008-r2-with-new-update.aspx

15. Neil Peterson article about cross-forest (and DMZ) management http://blogs.technet.com/b/neilp/archive/2012/08/20/cross-forest-support-in-system-center-2012-configuration-manager-part-1.aspx

16. Stop Catastrophic deployment. It was a discussion about big RED BUTTON you can press to stop an accidental deployment. Advices here:

1. Create a file check in TS. If file is not present in a certain folder – abort the TS. In this case you just need to remove the file to prevent TS (which not started yet) from start

2. Remove access permissions on DP

3. Collection variable etc…

17. Bitlocker

– TPM need to be enabled in BIOS – tool from Manufacturer

– Ask Manufacturer for a tool allowing disable protectors.

If non it is not possible – use REPLACE scenario instead of REFRESH

5. Other tools Johan and Kent mentioned: http://www.deploymentresearch.com/Research/tabid/62/EntryId/173/Links-from-ConfigMgr-2012-R2-preconference-at-TechEd-2014-NA.aspx

http://blog.coretech.dk/kea/community-tools-from-system-center-universe-2014/