Trevor Sullivan's Tech Room

Minding the gap between administration and development

PowerShell: Override GPO and Detect Windows Updates

Posted by Trevor Sullivan on 2011/12/14


Introduction

If you’re using a workstation in an enterprise environment, there may be Active Directory Group Policy Object (GPO) settings forcing a certain behavior of the Microsoft Windows Update Agent (aka. Automatic Update Agent). You might be a power user who wants to actually ensure that their workstation is fully patched before the IT department releases patches according to their standard cycle. One option would be to ask your IT department to include you in the pilot group for software updates, but failing that option, you can temporarily override the GPO settings and force an updates detection.

Read the rest of this entry »

Advertisements

Posted in powershell, scripting, tools | Tagged: , , , , | Leave a Comment »

PowerShell: Get a List of Installed Software from ConfigMgr

Posted by Trevor Sullivan on 2011/12/07


Let’s say you’ve got Microsoft’s System Center Configuration Manager (SCCM / ConfigMgr) in your IT environment (and if you don’t, why on earth not!). If you’re on the desktop management team, you might occasionally get requests from someone on a network or security team, inquiring as to the installed software on a particular client, or group of clients.

Rather than diving straight into the ConfigMgr reports, as most people do, sometimes it’s just faster to load a data set into PowerShell and massage the data from there. Why PowerShell? Well, it provides very easy, real-time filtering and sorting capabilities, and if you need to make a modification to a temporary “report,” you don’t have to worry about modifying the Report object in the ConfigMgr provider, which is typically done through the ConfigMgr console.

Read the rest of this entry »

Posted in configmgr, powershell, scripting | Tagged: , , , , , , , , , , , , , , | 1 Comment »

ConfigMgr 2007: PXE Service Point Installation Error

Posted by Trevor Sullivan on 2011/12/02


Just recently, I was getting an error in the pxemsi.log (pxemsi.log.lasterror) while trying to install a ConfigMgr 2007 PXE Service Point (PSP):

DEBUG: Error 2203:  Database: C:\Windows\Installer\1e0d86.ipi. Cannot open database file. System error –2147287037
MSI (s) (20:FC) [09:46:12:689]: Product: SMS PXE Service Point — Internal Error 2203. C:\Windows\Installer\1e0d86.ipi, –2147287037
Internal Error 2203. C:\Windows\Installer\1e0d86.ipi, –2147287037

 

Read the rest of this entry »

Posted in configmgr, fixes, OSD | Tagged: , , , , , , , , , , , | Leave a Comment »

ConfigMgr: Cleanup Software Updates Objects

Posted by Trevor Sullivan on 2011/11/29


Introduction

A common complaint I hear about Microsoft System Center Configuration Manager (SCCM / ConfigMgr) 2007 is the ability to clean up expired and superseded software updates from the objects related to software updates. As software updates are marked as expired or are superseded by newer software updates, Microsoft marks the old updates accordingly. Once an update has been retired, it is desirable for ConfigMgr administrators to remove the updates from deployments and reporting objects. This cleanup effort saves disk space for deployment packages, and can reduce unnecessary information from showing up in reports.

Read the rest of this entry »

Posted in configmgr, powershell, scripting, tools, wmi | Tagged: , , , , , , , , , , , , | Leave a Comment »

Microsoft Assessment and Planning Toolkit 6.0: Task Processor Busy

Posted by Trevor Sullivan on 2011/11/23


If you install the Microsoft Assessment and Planning (MAP) Toolkit 6.0, and you run a large inventory job, you may find that it takes a long time to complete. If you have hidden the inventory status window, the MAP console will provide limited functionality until the inventory process is completed. Attempting to perform certain console functions may yield the following error message:

The task processor is currently busy. You cannot perform this operation while the task processor is running. Please wait for the task processor to complete or cancel the task processor before retrying this operation.

image

There isn’t any menu option to simply stop the task processor, so you’ll need to choose File –> Exit, which will prompt you to stop it.

image

Posted in fixes, tools | Tagged: , , , , , , | Leave a Comment »

PowerShell: Disable ConfigMgr Task Sequence Countdown Notification

Posted by Trevor Sullivan on 2011/11/22


Introduction

If you are using Microsoft System Center Configuration Manager (SCCM / ConfigMgr) to deploy task sequences to ConfigMgr client systems, you may notice that by default, a countdown notification is shown as a balloon notification in the client’s system tray. In some cases, this functionality may be undesirable, and you may therefore wish to disable the balloon notification. Unfortunately, the task sequence properties GUI in the ConfigMgr console does not allow you to disable the notification, but you can do so via script.

The SMS_TaskSequencePackage class in the root\sms\site_lab (where “lab” is your three-digit ConfigMgr site code) WMI namespace represents each task sequence that has been created in a Configuration Manager hierarchy. The ProgramFlags property on this class contains a series of bitwise values (not sure if that’s the right term) which represent various options. In this case, we care about option 0x400 (1024 in base 10), which if enabled, disables the countdown timer.

image

PowerShell Code

The PowerShell code included below will allow you to specify a task sequence package ID that you would like to disable balloon notifications on. I suggest running the code inside of the PowerShell Integrated Scripting Editor (ISE).

Make sure you update your ConfigMgr server name (where the provider sits) and ConfigMgr site code before running it!

function Disable-ConfigMgrTaskSequenceNotification {
    param (
        [Parameter(Mandatory = $true)] $SccmServer
        , [Parameter(Mandatory = $true)] $SiteCode
        , [Parameter(Mandatory = $true)] $TaskSequenceID
    )
    
    try {
        # Retrieve the WMI instance that represents the intended task sequence package
        $TaskSequencePackage = [wmi]"\\$SccmServer\root\sms\site_$SiteCode`:SMS_TaskSequencePackage.PackageID='$TaskSequenceID'";
    }
    # If the WMI object does not exist, catch the error and deal with it ... somehow.
    catch [System.Management.Automation.RuntimeException] {
        Write-Host -Object ("A Windows Management Instrumentation error occurred.`n" + `
            "`n* Is the computer powered on?" + `
            "`n* Is a firewall blocking access to WMI?" + `
            "`n* Is the WMI service started on the remote system?");
    }
    
    # If the object handle was acquired from WMI, then go ahead and process it
    if ($TaskSequencePackage) {

        # Echo out the current ProgramFlags value
        Write-Verbose -Message ("Current program flags for {0} are {1}" `
                    -f $TaskSequencePackage.Name, $TaskSequencePackage.ProgramFlags);

        # If the notification disablement is not enabled (confusing, I know), then enable it.
        if (($TaskSequencePackage.ProgramFlags -band 0x400) -eq 0) {
            Write-Verbose -Message ("Disabling countdown for task sequence: {0}" -f $TaskSequencePackage.Name);
            
            # This is where the meat is: perform the binary XOR operation (same as adding 1024 in base 10) and set
            # the resulting value back to the ProgramFlags property. Remember that -bxor oscillates between on & off, so
            # that's why we have to perform the check in the if { ... } statement, prior to blindly switching it.
            $TaskSequencePackage.ProgramFlags = $TaskSequencePackage.ProgramFlags -bxor 0x400;
            
            # Commit the in-memory WMI instance back to the ConfigMgr provider
            $TaskSequencePackage.Put();
        }
    }
    # If a task sequence cannot be found with the appropriate ID, then notify the user.
    else {
        Write-Host `
            -Object ("Could not find task sequence with ID {0} in the {1} WMI namespace on {2}" `
            -f $TaskSequenceID, "root\sms\site_$SiteCode", $SccmServer)
    }
}

Clear-Host;
$SccmServer = 'sccm01.mydomain.com';
$SiteCode = 'LAB';
$TaskSequenceID = Read-Host -Prompt 'Please enter a task sequence ID to modify';

Disable-ConfigMgrTaskSequenceNotification `
    -SccmServer $SccmServer `
    -SiteCode $SiteCode `
    -TaskSequenceID $TaskSequenceID `
    -Verbose;

When you execute this script, you’ll be prompted for a task sequence ID, so make sure to have that handy.

image

Hope this helps!

Posted in configmgr, powershell, scripting, wmi | Tagged: , , , , , , , , , , , , , , | 1 Comment »

ConfigMgr 2012 RC Issues with CAS + Primary Hierarchy

Posted by Trevor Sullivan on 2011/11/18


I just got done setting up a ConfigMgr 2012 Release Candidate primary site beneath a Central Administration Site (CAS), and when firing up the console on the primary site, I’m getting the following message: “Your Configuration Manager console is in read-only mode while this site completes tasks related to maintenance mode. After these tasks are complete you must reconnect you Configuration Manager console before you can edit or create new objects.”

Here are a few facts about the hierarchy:

  • The CAS runs on Windows Server 2008 R2 SP1
  • The CAS points to a remote SQL 2008 SP1 Server on Windows Server 2008 R2 SP1
  • The Primary Site runs on Windows Server 2008 R2 SP1
  • The Primary Site points to a local SQL 2008 R2 SP1 instance (with KB2603910 installed)

image

After passing this message box, the following error would appear in the SmsAdminUI.log file:

[5, PID:3140][11/16/2011 20:28:22] :System.Management.ManagementException\r\nGeneric failure \r\n   at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
   at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
   at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlQueryResultsObject.<GetEnumerator>d__0.MoveNext()\r\nManagementException details:
instance of SMS_ExtendedStatus
{
    Description = " Could not find property systemIsolationState";
    ErrorCode = 1078464256;
    File = "e:\\nts_sccm_release\\sms\\siteserver\\sdk_provider\\smsprov\\sspobjectquery.cpp";
    Line = 3900;
    Operation = "ExecQuery";
    ParameterInfo = "Select COUNT(*) FROM SMS_G_System_NAPCLIENT where systemIsolationState=0";
    ProviderName = "WinMgmt";
    StatusCode = 2147749889;
};

 

Obviously something was going on, because this same error was not happening on the CAS when I’d launch the console. We can see in this message that the property named systemIsolationState apparently does not exist in the SMS_G_System_NAPCLIENT WMI class in the root\sms\site_### namespace. Now that we know exactly what’s missing, it’s time to fire up the WMI Explorer and see if that property does or doesn’t exist.

image

As you can see, the property surely does not exist on the “001” site, which is the primary site beneath the CAS. Next, let’s check the CAS for this property.

Note: I’m not sure that this property is necessarily supposed to exist on the CAS, but it’s worth checking out anyway. It’s highly probable that it should exist on the CAS, because it’s a common inventory class for system resources.

Here’s a similar screenshot from the CAS.

image

Aha! It looks like the property does exist on the CAS. At this point, I’m suspecting that something failed during the installation of the primary site, so let’s head back over to the primary site and check out its ConfigMgr setup log (c:\ConfigMgrSetup.log). I saw this message repeating towards the end of the setup:

INFO: Still monitoring Replication initialization.    Configuration Manager Setup    11/16/2011 3:35:38 PM    1168 (0x0490)
INFO: Still monitoring Replication initialization.    Configuration Manager Setup    11/16/2011 3:44:38 PM    1168 (0x0490)
INFO: Still monitoring Replication initialization.    Configuration Manager Setup    11/16/2011 3:53:38 PM    1168 (0x0490)
INFO: Still monitoring Replication initialization.    Configuration Manager Setup    11/16/2011 4:02:38 PM    1168 (0x0490)

And finally, after a while, it finished:

INFO: Stopping component monitoring as stop signal received.    Configuration Manager Setup    11/16/2011 6:52:25 PM    3752 (0x0EA8)
INFO: Stopping server role monitoring as stop signal received.    Configuration Manager Setup    11/16/2011 6:52:26 PM    3836 (0x0EFC)
INFO: Stopping replication monitoring as stop signal received.    Configuration Manager Setup    11/16/2011 6:52:26 PM    1168 (0x0490)
<11-16-2011 18:52:27> *****************************************************         1/1/1601 12:00:00 AM    1992907627 (0x76C95B6B)
<11-16-2011 18:52:27> ***** Exiting ConfigMgr 2012 Setup Bootstrapper *****         1/1/1601 12:00:00 AM    1992907627 (0x76C95B6B)
<11-16-2011 18:52:27> *****************************************************         1/1/1601 12:00:00 AM    1992907627 (0x76C95B6B)

I’m a little confused at how it finished successfully, because there were some other errors in the log as well:

omGetServerRoleAvailabilityState could not read from the registry on sccm03.mybiz.loc; error = 5:
omGetServerRoleAvailabilityState could not read from the registry on sccm03.mybiz.loc; error = 5:

Also this showed up:

INFO: SDK Provider is on sccm03.mybiz.loc.    Configuration Manager Setup    11/16/2011 8:56:25 PM    1748 (0x06D4)
INFO: Retrieving current site control image…    Configuration Manager Setup    11/16/2011 8:56:25 PM    1748 (0x06D4)
INFO:  SQL Connection succeeded. Connection: SMS ACCESS, Type: Secure    Configuration Manager Setup    11/16/2011 8:56:25 PM    1748 (0x06D4)
INFO: Stored SQL Server computer certificate for Server [sccm01.mybiz.loc] successfully on [sccm03.mybiz.loc].    Configuration Manager Setup    11/16/2011 8:56:25 PM    1748 (0x06D4)
CSql Error: Cannot find type data, cannot get a connection.    Configuration Manager Setup    11/16/2011 8:56:25 PM    1748 (0x06D4)
ERROR:  SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Unsecure    Configuration Manager Setup    11/16/2011 8:56:25 PM    1748 (0x06D4)
CSql Error: Cannot find type data, cannot get a connection.    Configuration Manager Setup    11/16/2011 8:56:28 PM    1748 (0x06D4)
ERROR:  SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Unsecure    Configuration Manager Setup    11/16/2011 8:56:28 PM    1748 (0x06D4)
CSql Error: Cannot find type data, cannot get a connection.    Configuration Manager Setup    11/16/2011 8:56:31 PM    1748 (0x06D4)
ERROR:  SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Unsecure    Configuration Manager Setup    11/16/2011 8:56:31 PM    1748 (0x06D4)
CSql Error: Cannot find type data, cannot get a connection.    Configuration Manager Setup    11/16/2011 8:56:34 PM    1748 (0x06D4)
ERROR:  SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Unsecure    Configuration Manager Setup    11/16/2011 8:56:34 PM    1748 (0x06D4)
CSql Error: Cannot find type data, cannot get a connection.    Configuration Manager Setup    11/16/2011 8:56:37 PM    1748 (0x06D4)
ERROR:  SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Unsecure    Configuration Manager Setup    11/16/2011 8:56:37 PM    1748 (0x06D4)
CSql Error: Cannot find type data, cannot get a connection.    Configuration Manager Setup    11/16/2011 8:56:40 PM    1748 (0x06D4)
ERROR:  SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Unsecure    Configuration Manager Setup    11/16/2011 8:56:40 PM    1748 (0x06D4)
CSql Error: Cannot find type data, cannot get a connection.    Configuration Manager Setup    11/16/2011 8:56:43 PM    1748 (0x06D4)
ERROR:  SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Unsecure    Configuration Manager Setup    11/16/2011 8:56:43 PM    1748 (0x06D4)
CSql Error: Cannot find type data, cannot get a connection.    Configuration Manager Setup    11/16/2011 8:56:46 PM    1748 (0x06D4)
ERROR:  SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Unsecure    Configuration Manager Setup    11/16/2011 8:56:46 PM    1748 (0x06D4)
CSql Error: Cannot find type data, cannot get a connection.    Configuration Manager Setup    11/16/2011 8:56:49 PM    1748 (0x06D4)
ERROR:  SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Unsecure    Configuration Manager Setup    11/16/2011 8:56:49 PM    1748 (0x06D4)
CSql Error: Cannot find type data, cannot get a connection.    Configuration Manager Setup    11/16/2011 8:56:52 PM    1748 (0x06D4)
ERROR:  SQL Connection failed. Connection: CCAR_DB_ACCESS, Type: Unsecure    Configuration Manager Setup    11/16/2011 8:56:52 PM    1748 (0x06D4)
INFO: Registered type CCAR_DB_ACCESS for sccm01.mybiz.loc CM_CEN    Configuration Manager Setup    11/16/2011 8:56:55 PM    1748 (0x06D4)
INFO:  SQL Connection succeeded. Connection: CCAR_DB_ACCESS, Type: Unsecure    Configuration Manager Setup    11/16/2011 8:56:55 PM    1748 (0x06D4)
INFO: Read CAS SQL Server information, stored CAS SQL Server certificate and registered connection to its database.    Configuration Manager Setup    11/16/2011 8:56:55 PM    1748 (0x06D4)

Someone else posted this same message when trying to do a CAS + Primary Site configuration. Next step: reinstall the primary site.

After re-installing the primary site, the same issues returned. Finally I decided to just install a stand-alone primary site without a CAS.

Posted in configmgr, ConfigMgr vNext, fixes | Tagged: , , , , , , , , | 8 Comments »

ConfigMgr Software Updates: Enforcement State Unknown

Posted by Trevor Sullivan on 2011/11/10


There was an interesting thread going on over at the MyITforum MSSMS mailing list. Apparently if certain settings are not properly configured, System Center Configuration Manager (SCCM / ConfigMgr) clients will show a status of “Enforcement state unknown” for certain software updates. One proposed solution was the following:

I had a similar issue some time ago and worked with MS with the following solution (might be worth checking into):

Basically we had “Suppress display notifications on clients” radio button checked on the Display/Time Settings tab of the specific Deployment Management Properties box and in order to do that we also had to set a deadline (on the Schedule tab of the same Properties box).  Without the deadline, I was getting the “Enforcement State Unknown” status.

We set if for some time in the future, but did not check the “Ignore maintenance windows and install immediately at deadline” checkbox, so the workstations will not install until you maintenance window, assuming that’s what you want.

Someone else suggested the following VBscript to force SCCM clients to update their software updates status:

‘ Initialize the UpdatesStore variable.
dim newCCMUpdatesStore
‘ Create the COM object.
set newCCMUpdatesStore = CreateObject ("Microsoft.CCM.UpdatesStore")
‘ Refresh the server compliance state by running the RefreshServerComplianceState method.
newCCMUpdatesStore.RefreshServerComplianceState

Hope this helps, if you’re having the issue.

Posted in configmgr, fixes | Tagged: , , , , , , , , , , | Leave a Comment »

PowerShell / ConfigMgr: Count of Client Manufacturer / Models

Posted by Trevor Sullivan on 2011/11/09


Introduction

If you’re an administrator of Microsoft System Center Configuration Manager (SCCM / ConfigMgr) 2007, you might be interested in finding out what make / model of client & server systems you have, and how many of each unique value you have. Most people would probably simply pull up a ConfigMgr report, but did you know that there’s an automated way to get this information as well?

Using PowerShell

You’ll need the following to execute this simple script:

  • A user account with access to the ConfigMgr provider
  • The hostname of the ConfigMgr central site server
  • The site code of the ConfigMgr central site

Once you’ve launched PowerShell under the appropriate account’s credentials, simply run this command:

Clear-Host

$ComputerSystems = Get-WmiObject `
    -Namespace root\sms\site_000 `
    -ComputerName sccm01.mydomain.com `
    -Class SMS_G_System_Computer_System

$ComputerSystems `
    | Group-Object -Property Manufacturer,Model `
    | Where-Object { $_.Count -gt 5 } `
    | Sort-Object -Property Count -Descending

If you get an error saying "An empty pipe element is not allowed" then make sure that there is not a space after one of the backticks. The backtick is the continuation character, and tells PowerShell to keep processing the command on the next line, and if there is a space after it, the interpreter will get confused.

If everything works as expected, you should see output similar to the following:

Count Name                    
—– —-                    
  222 Dell Inc., OptiPlex 780 
  136 Dell Inc., OptiPlex GX620

  135 Dell Inc., OptiPlex 755 
  134 Dell Inc., OptiPlex 745 
  101 Dell Inc., OptiPlex GX280

There will also be a “group” property, which contains the actual .NET objects that were grouped into each line item.

Hope this helps!

Posted in configmgr, powershell, scripting, tools, wmi | Tagged: , , , , , , , , , , , , | Leave a Comment »

PowerShell / ConfigMgr: Retrieve List of Client Names by Collection ID

Posted by Trevor Sullivan on 2011/11/01


Here’s a simple PowerShell script that you can use to retrieve a list of system names based off of a collection ID in Microsoft System Center Configuration Manager (SCCM / ConfigMgr) 2007. This has not been tested against collections that contain anything except system resources (computers objects in SCCM). Use at your own risk.

# Variables
$SiteCode = '123';
$SccmServer = 'sccmserver.mydomain.com';
$CollectionID = '12345678';

# Commands to retrieve client name list
$ClientList = Get-WmiObject -ComputerName $SccmServer `
    -Namespace "root\sms\site_$SiteCode" `
    -Class SMS_FullCollectionMembership `
    -Filter "CollectionID = '$CollectionID'" `
    -Property @('Name');
$ClientNames = $ClientList | Select-Object Name
$ClientNames

Posted in Uncategorized | Leave a Comment »