Jump to content


TechGuy83

Established Members
  • Posts

    27
  • Joined

  • Last visited

Everything posted by TechGuy83

  1. Thanks for your reply, but still no joy :-/
  2. Thanks for you advice, thats where I thought it would be Here is what I see: Any advice?
  3. Had a good look and can't find the option. Would be nice to do this as I really want to change it.
  4. Sorry for my late reply, we went with the basics as outlook will open only the default folders. Recursive permission audit was to unstable. Really appreciate your help. This sent out an email to the users which worked well on the whole, however it did identify accounts that simply couldn't be seen by any other method over than scripting. However if anyone does have a great permission auditing script they use please share, I was less than satisfied with the results from the script I used, nothing terrible but just a few people with accounts that wernt. Listed inoutlook or exchange console.
  5. I created a USB bootable task sequence media. To do this you need windows vista/2008 or higher. Run the configuration manager console on that machine and on your task sequence that you have created right click on it. Now click on create bootable media (can't remember exactly), follow the wizard and it will create your task sequence offline and on bootable media. One tip, if it is truly offline then of course you wont be able to join domain or check for updates etc so you may want to create a new task sequence and leave these out. Sorry if its a bit wrong but from memory that's how I did it. I moved jobs and no longer use sccm 2007, in my new job I am migrating from SMS 2003 to 2012! So no longer have a console for reference, however if you do get stuck let me know and I will build up a test rig and give better instruction, always fun.
  6. Just had a thought perhaps I am over complicating things, if they do not have permission on the root its not possible then to access the inbox? Am I right in thinking that? Of course calendar can be directly accessed so not sure if it applies to other folders. If its the case then it maybe worth just running audit on the mailbox root and calendar, this runs with no errors.
  7. Thanks for taking a look, currently running version I have is 1.0.0 running on XP. 1.2.1 needs windows 7 I think which is a shame.
  8. Ok here you go: [void][Reflection.Assembly]::LoadFile("c:\temp\EWSUtil.dll") ####################################################################################### ## FUNCTION enumMailBoxPerms ####################################################################################### function enumMailboxperms() { param ($user) $root = [ADSI]'LDAP://RootDSE' $dfDefaultRootPath = "LDAP://OU=Users," + $root.DefaultNamingContext.tostring() write-host Searching write-host $dfDefaultRootPath write-host for mailboxes $dfRoot = [ADSI]$dfDefaultRootPath If (!$user) { $gfGALQueryFilter = "(&(mailnickname=*)(objectCategory=person)(objectClass=user))" } Else { $gfGALQueryFilter = "(&(mailnickname=$user)(objectCategory=person)(objectClass=user))" } $dfsearcher = new-object System.DirectoryServices.DirectorySearcher($dfRoot) $dfsearcher.PageSize = 10000 $dfsearcher.Filter = $gfGALQueryFilter $dfsearcher.PropertiesToLoad.Add("msExchMailboxSecurityDescriptor") $dfsearcher.PropertiesToLoad.Add("public-delegates") $dfsearcher.PropertiesToLoad.Add("public-delegates-bl") $srSearchResult = $dfsearcher.FindAll() $i = 0 $ec=0 foreach ($emResult in $srSearchResult) { if($i -lt 10000) { $rsTable.clear() $dsEmail="" $uoUserobject = New-Object System.DirectoryServices.directoryentry $uoUserobject = $emResult.GetDirectoryEntry() $emProps = $emResult.Properties [byte[]]$DaclByte = $emProps["msexchmailboxsecuritydescriptor"][0] $adDACL = new-object System.DirectoryServices.ActiveDirectorySecurity $adDACL.SetSecurityDescriptorBinaryForm($DaclByte) $mbRightsacls =$adDACL.GetAccessRules($true, $false, [system.Security.Principal.SecurityIdentifier]) write-host write-host Processing - $uoUserobject.samaccountname.ToString() ($uoUserobject.DisplayName) foreach ($ace in $mbRightsacls){ if($ace.IdentityReference.Value -ne "S-1-5-10" -band $ace.IdentityReference.Value -ne "S-1-5-18" -band $ace.IsInherited -ne $true){ $sidbind = "LDAP://<SID=" + $ace.IdentityReference.Value + ">" $AceName = $ace.IdentityReference.Value $aceuser = [ADSI]$sidbind if ($aceuser.name -ne $null){ $AceName = $aceuser.samaccountname.ToString() $AceDisplayName = $aceuser.DisplayName.ToString() #added extra coloumn email address to show mailbox email and username $mbMailboxEmail = $uoUserobject.mail.ToString() } if ($AceName -ne $uoUserobject.samaccountname.ToString()) { If ($ace.ActiveDirectoryRights -band [system.DirectoryServices.ActiveDirectoryRights]::CreateChild){ [VOID]$rsTable.rows.add($uoUserobject.samaccountname.ToString(),$mbMailboxEmail,"Mailbox Root",$aceName,"Full Mailbox Access",$ace.AccessControlType,$AceDisplayName) [VOID]$rsTableCSV.rows.add($uoUserobject.samaccountname.ToString(),$mbMailboxEmail,"Mailbox Root",$aceName,"Full Mailbox Access",$ace.AccessControlType,$AceDisplayName) } If ($ace.ActiveDirectoryRights -band [system.DirectoryServices.ActiveDirectoryRights]::WriteOwner -ne 0){ [VOID]$rsTable.rows.add($uoUserobject.samaccountname.ToString(),$mbMailboxEmail,"Mailbox Root",$aceName,"Take Ownership",$ace.AccessControlType,$AceDisplayName) [VOID]$rsTableCSV.rows.add($uoUserobject.samaccountname.ToString(),$mbMailboxEmail,"Mailbox Root",$aceName,"Take Ownership",$ace.AccessControlType,$AceDisplayName) } If ($ace.ActiveDirectoryRights -band [system.DirectoryServices.ActiveDirectoryRights]::WriteDacl){ [VOID]$rsTable.rows.add($uoUserobject.samaccountname.ToString(),$mbMailboxEmail,"Mailbox Root",$aceName,"Modify User Attributes",$ace.AccessControlType,$AceDisplayName) [VOID]$rsTableCSV.rows.add($uoUserobject.samaccountname.ToString(),$mbMailboxEmail,"Mailbox Root",$aceName,"Modify User Attributes",$ace.AccessControlType,$AceDisplayName) } If ($ace.ActiveDirectoryRights -band [system.DirectoryServices.ActiveDirectoryRights]::ListChildren){ [VOID]$rsTable.rows.add($uoUserobject.samaccountname.ToString(),$mbMailboxEmail,"Mailbox Root",$aceName,"Is mailbox primary owner of this object",$aceuser.AccessControlType,$AceDisplayName) [VOID]$rsTableCSV.rows.add($uoUserobject.samaccountname.ToString(),$mbMailboxEmail,"Mailbox Root",$aceName,"Is mailbox primary owner of this object",$aceuser.AccessControlType,$AceDisplayName) } If ($ace.ActiveDirectoryRights -band [system.DirectoryServices.ActiveDirectoryRights]::Delete){ [VOID]$rsTable.rows.add($uoUserobject.samaccountname.ToString(),$mbMailboxEmail,"Mailbox Root",$aceName,"Delete mailbox storage",$ace.AccessControlType,$AceDisplayName) [VOID]$rsTableCSV.rows.add($uoUserobject.samaccountname.ToString(),$mbMailboxEmail,"Mailbox Root",$aceName,"Delete mailbox storage",$ace.AccessControlType,$AceDisplayName) } If ($ace.ActiveDirectoryRights -band [system.DirectoryServices.ActiveDirectoryRights]::ReadControl){ [VOID]$rsTable.rows.add($uoUserobject.samaccountname.ToString(),$mbMailboxEmail,"Mailbox Root",$aceName,"Read permissions",$ace.AccessControlType,$AceDisplayName) [VOID]$rsTableCSV.rows.add($uoUserobject.samaccountname.ToString(),$mbMailboxEmail,"Mailbox Root",$aceName,"Read permissions",$ace.AccessControlType,$AceDisplayName) } } } } $Sendasacls = $uoUserobject.psbase.get_objectSecurity().getAccessRules($true, $false, [system.Security.Principal.SecurityIdentifier])|? {$_.ObjectType -eq 'ab721a54-1e2f-11d0-9819-00aa0040529b'} $Recieveasacls = $uoUserobject.psbase.get_objectSecurity().getAccessRules($true, $false, [system.Security.Principal.SecurityIdentifier])|? {$_.ObjectType -eq 'ab721a56-1e2f-11d0-9819-00aa0040529b'} if ($Sendasacls -ne $null){ foreach ($ace in $Sendasacls) { if($ace.IdentityReference.Value -ne "S-1-5-10" -band $ace.IdentityReference.Value -ne "S-1-5-18" -band $ace.IsInherited -ne $true){ $sidbind = "LDAP://<SID=" + $ace.IdentityReference.Value + ">" $AceName = $ace.IdentityReference.Value $aceuser = [ADSI]$sidbind if ($aceuser.name -ne $null){ $AceName = $aceuser.samaccountname.ToString() $AceDisplayName = $aceuser.DisplayName.ToString() } if ($AceName -ne $uoUserobject.samaccountname.ToString()) { [VOID]$rsTable.rows.add($uoUserobject.samaccountname.ToString(),$mbMailboxEmail,"Mailbox Root",$AceName,"Send As",$ace.AccessControlType,$AceDisplayName) [VOID]$rsTableCSV.rows.add($uoUserobject.samaccountname.ToString(),$mbMailboxEmail,"Mailbox Root",$AceName,"Send As",$ace.AccessControlType,$AceDisplayName) if ($rvSendRecieve.Containskey($AceName)){ $rvSendRecieve[$AceName] = [int]$rvSendRecieve[$AceName] +1 } else { $rvSendRecieve.add($AceName,1) } } } } } if ($Recieveasacls -ne $null){ foreach ($ace in $Recieveasacls) { if($ace.IdentityReference.Value -ne "S-1-5-10" -band $ace.IdentityReference.Value -ne "S-1-5-18" -band $ace.IsInherited -ne $true){ $sidbind = "LDAP://<SID=" + $ace.IdentityReference.Value + ">" $AceName = $ace.IdentityReference.Value $aceuser = [ADSI]$sidbind if ($aceuser.name -ne $null){ $AceName = $aceuser.samaccountname.ToString() $AceDisplayName = $aceuser.DisplayName.ToString() } if ($AceName -ne $uoUserobject.samaccountname.ToString()) { [VOID]$rsTable.rows.add($uoUserobject.samaccountname.ToString(),$mbMailboxEmail,"Mailbox Root",$AceName,"Recieve As",$ace.AccessControlType,$AceDisplayName) [VOID]$rsTableCSV.rows.add($uoUserobject.samaccountname.ToString(),$mbMailboxEmail,"Mailbox Root",$AceName,"Recieve As",$ace.AccessControlType,$AceDisplayName) if ($rvSendRecieve.Containskey($AceName)){ $rvSendRecieve[$AceName] = [int]$rvSendRecieve[$AceName] +1 } else { $rvSendRecieve.add($AceName,1) } } } } } $mbMailboxEmail = $uoUserobject.mail.ToString() #write-host "Doing Mailbox Permissions with EWS" $useImp = $false $ewc = new-object EWSUtil.EWSConnection($mbMailboxEmail,$useImp, "", "", "",$casUrl) # $fldarry = new-object EWSUtil.EWS.BaseFolderIdType[] 6 # for ($fcint=0;$fcint -lt 6;$fcint++){ # $dTypeFld = new-object EWSUtil.EWS.DistinguishedFolderIdType # switch ($fcint){ # 0 {$dTypeFld.Id = [EWSUtil.EWS.DistinguishedFolderIdNameType]::inbox} # 1 {$dTypeFld.Id = [EWSUtil.EWS.DistinguishedFolderIdNameType]::calendar} # 2 {$dTypeFld.Id = [EWSUtil.EWS.DistinguishedFolderIdNameType]::contacts} # 3 {$dTypeFld.Id = [EWSUtil.EWS.DistinguishedFolderIdNameType]::tasks} # 4 {$dTypeFld.Id = [EWSUtil.EWS.DistinguishedFolderIdNameType]::journal} # 5 {$dTypeFld.Id = [EWSUtil.EWS.DistinguishedFolderIdNameType]::msgfolderroot} # } # $mbMailbox = new-object EWSUtil.EWS.EmailAddressType # $mbMailbox.EmailAddress = $mbMailboxEmail # $dTypeFld.Mailbox = $mbMailbox # $fldarry[$fcint] = $dTypeFld # } $fldarry = new-object EWSUtil.EWS.BaseFolderIdType[] 1 $dTypeFld = new-object EWSUtil.EWS.DistinguishedFolderIdType $dTypeFld.Id = [EWSUtil.EWS.DistinguishedFolderIdNameType]::msgfolderroot $mbMailbox = new-object EWSUtil.EWS.EmailAddressType $mbMailbox.EmailAddress = $mbMailboxEmail $dTypeFld.Mailbox = $mbMailbox $fldarry[0] = $dTypeFld $FolderList = $ewc.GetAllMailboxFolders($fldarry) $fldarry1 = new-object EWSUtil.EWS.BaseFolderIdType[] $FolderList.Count for ($fcint=0;$fcint -lt $FolderList.Count;$fcint++){ $fldarry1[$fcint] = $FolderList[$fcint].FolderId } $Folders = $ewc.GetFolder($fldarry1) If ($Folders.Count -ne 0) { ForEach ($Folder in $Folders) { if ($Folder.GetType() -eq [EWSUtil.EWS.CalendarFolderType]){ #write-host "Checking calendar permissions" ForEach ($Permissions in $Folder.PermissionSet.CalendarPermissions){ if ($Permissions.UserId.DistinguishedUserSpecified -eq $false){ $sidbind = "LDAP://<SID=" + $Permissions.UserId.SID.ToString() + ">" $AceName = $ace.IdentityReference.Value $aceuser = [ADSI]$sidbind if (!((($Folder.DisplayName -eq 'Calendar') -and ($aceuser.samaccountname -eq 'distu All')) -or ($aceuser.samaccountname -eq 'Default') -or ($aceuser.samaccountname -eq $uoUserobject.samaccountname.ToString()))) { [VOID]$rsTable.rows.add($uoUserobject.samaccountname.ToString(),$mbMailboxEmail,$Folder.DisplayName,$aceuser.samaccountname.ToString(),$ewc.enumOutlookRole($Permissions),"Allow",$aceuser.displayname.ToString()) [VOID]$rsTableCSV.rows.add($uoUserobject.samaccountname.ToString(),$mbMailboxEmail,$Folder.DisplayName,$aceuser.samaccountname.ToString(),$ewc.enumOutlookRole($Permissions),"Allow",$aceuser.displayname.ToString()) if ($rvFolderPerms.Containskey($aceuser.samaccountname.ToString())){ $rvFolderPerms[$aceuser.samaccountname.ToString()] = [int]$rvFolderPerms[$aceuser.samaccountname.ToString()] +1 } else { $rvFolderPerms.add($aceuser.samaccountname.ToString(),1) } } } #else{ #if ($Permissions.UserId.DistinguishedUser -eq [EWSUtil.EWS.DistinguishedUserType]::Default){ #if ($Permissions.CalendarPermissionLevel -ne [EWSUtil.EWS.CalendarPermissionLevelType]::None){ # Adding some logic here to try to filter out unwanted data #if (!($ewc.enumOutlookRole($Permissions) -eq 'Default')) { #[VOID]$rsTable3.rows.add($Folder.DisplayName,"Default",$ewc.enumOutlookRole($Permissions),"Allow") #} #} #} #} } } else { ForEach ($Permissions in $Folder.PermissionSet.Permissions){ #write-host "Checking folder permissions" #List any folders here you do not want to be listed on the CSV or Email #if ($Folder.DisplayName -ne "Top of Information Store"){ if ($Permissions.UserId.DistinguishedUserSpecified -eq $false){ $sidbind = "LDAP://<SID=" + $Permissions.UserId.SID.ToString() + ">" $AceName = $ace.IdentityReference.Value $aceuser = [ADSI]$sidbind $test = $aceuser.samaccountname.ToString() if (!(($aceuser.samaccountname -eq 'nothim') -or ($aceuser.samaccountname -eq 'nother') -or ($aceuser.samaccountname -eq $uoUserobject.samaccountname.ToString()) -or ($Permissions.PermissionLevel -eq 'None'))) { [VOID]$rsTable.rows.add($uoUserobject.samaccountname.ToString(),$mbMailboxEmail,$Folder.DisplayName,$aceuser.samaccountname.ToString(),$Permissions.PermissionLevel.ToString(),"Allow",$aceuser.displayname.ToString()) [VOID]$rsTableCSV.rows.add($uoUserobject.samaccountname.ToString(),$mbMailboxEmail,$Folder.DisplayName,$aceuser.samaccountname.ToString(),$Permissions.PermissionLevel.ToString(),"Allow",$aceuser.displayname.ToString()) if ($rvFolderPerms.Containskey($aceuser.samaccountname.ToString())){ $rvFolderPerms[$aceuser.samaccountname.ToString()] = [int]$rvFolderPerms[$aceuser.samaccountname.ToString()] +1 } else { $rvFolderPerms.add($aceuser.samaccountname.ToString(),1) } } } #} #else{ #if ($Permissions.UserId.DistinguishedUser -eq [EWSUtil.EWS.DistinguishedUserType]::Default){ #if ($Permissions.PermissionLevel -ne [EWSUtil.EWS.PermissionLevelType]::None){ #[VOID]$rsTable3.rows.add($Folder.DisplayName,"Default",$Permissions.PermissionLevel.ToString(),"Allow") #} #} #} } } } } } $i++ #write-host $i #emailResults $ec++ } } ####################################################################################### ## END FUNCTION enumMailBoxPerms ####################################################################################### $Dataset = New-Object System.Data.DataSet $rsTable = New-Object System.Data.DataTable [void]$rsTable.TableName = "Mailbox Rights" [void]$rsTable.Columns.Add("MailboxUsername") [void]$rsTable.Columns.Add("MailboxEmail") [void]$rsTable.Columns.Add("FolderName") [void]$rsTable.Columns.Add("UserName") [void]$rsTable.Columns.Add("Rights") [void]$rsTable.Columns.Add("Status") [void]$rsTable.Columns.Add("DisplayName") [void]$Dataset.tables.add($rsTable) $rsTableCSV = New-Object System.Data.DataTable [void]$rsTableCSV.TableName = "Mailbox Rights" [void]$rsTableCSV.Columns.Add("MailboxUsername") [void]$rsTableCSV.Columns.Add("MailboxEmail") [void]$rsTableCSV.Columns.Add("FolderName") [void]$rsTableCSV.Columns.Add("UserName") [void]$rsTableCSV.Columns.Add("Rights") [void]$rsTableCSV.Columns.Add("Status") [void]$rsTableCSV.Columns.Add("DisplayName") [void]$Dataset.tables.add($rsTableCSV) $process = read-host "Enter a users username [Enter] to report on all" $nmMailboxPerms = @{ } $nmSendRecieve = @{ } $fpFolderPerms = @{ } $duFolderPerms = @{ } $rvMailboxPerms = @{ } $rvSendRecieve = @{ } $rvFolderPerms = @{ } $nmDelegatePerms = @{ } $rvDelegatePerms = @{ } $nmDefualtPerms = @{ } enumMailboxperms $process if($rsTableCSV.Rows.Count -gt 0) { $rsTableCSV | export-csv c:\rsTableCSV.csv -notypeinformation }
  9. I have the code for the permission audit nearly working. I am using powershell with ewsutil.dll. The code drags user objects from AD and then looks at their mailbox, recursive search through all folders and outputs to a csv file anything non default, for example inbox read rights etc. However the code is failing on one chunk of code for some mailboxes and not others. $fldarry = new-object EWSUtil.EWS.BaseFolderIdType[] 1 $dTypeFld = new-object EWSUtil.EWS.DistinguishedFolderIdType $dTypeFld.Id = [EWSUtil.EWS.DistinguishedFolderIdNameType]::msgfolderroot $mbMailbox = new-object EWSUtil.EWS.EmailAddressType $mbMailbox.EmailAddress = $mbMailboxEmail $dTypeFld.Mailbox = $mbMailbox $fldarry[0] = $dTypeFld $FolderList = $ewc.GetAllMailboxFolders($fldarry) $fldarry1 = new-object EWSUtil.EWS.BaseFolderIdType[] $FolderList.Count for ($fcint=0;$fcint -lt $FolderList.Count;$fcint++){ $fldarry1[$fcint] = $FolderList[$fcint].FolderId } $Folders = $ewc.GetFolder($fldarry1) If ($Folders.Count -ne 0) { ForEach ($Folder in $Folders) { Above is the section of code that fails, on the line where $fldarry1 is created below the for, I get on some mailboxes the following error. Exception calling "GetFolder" with "1" argument(s): "The request failed schema validation: The element 'FolderIds' in namespace 'http://schemas.microsoft.com/ exchange/services/2006/messages' has incomplete content. List of possible eleme nts expected: 'FolderId, DistinguishedFolderId' in namespace 'http://schemas.mi crosoft.com/exchange/services/2006/types'." At #############:175 char:26 + $Folders = $ewc.GetFolder <<<< ($fldarry1) + CategoryInfo : NotSpecified: ( [], MethodInvocationException + FullyQualifiedErrorId : DotNetMethodException Any help would be appreciated. Thanks.
  10. Sorry, I didn't make it clear. I use wsname to the computer name and then reboot. I don't reboot into winpe at all. Add any config extras after the join domain step. Hope that helps.
  11. The way I do ours is as follows: -wsname (using csv file to check serial and assign machine name) -reboot (allow name change to take place) -Join Domain or Workgroup -any other software/steps here etc Is this what you are after?
  12. We had the same issue, after ringing Panasonic they said that they are working on a BIOS update. That was nearly year ago... We gave up and went to USB boot each deployment engineer had a USB thumb drive, worked out that it added about 5 mins or so to the process not to bad. Just got to weigh up the time spent looking into a solution vs the time spent getting them out there... In the end we voted for getting them out and being used.
  13. Ok not sure if someone will beat me to it, hardlink is always a good option as its quick as no data is copied however if you have full device encryption like us you will have to first remove the encryption. And in our case then chain it to a desk in a locked room... You need setup 3 TS variables with the following values, as follows: OSDStateStorePath - %_SMSTSUserStatePath% OSDMigrateAdditionalCaptureOptions - /hardlink /nocompress OSDMigrateAdditionalRestoreOptions - /Hardlink /nocompress After those 3 variables place a Capture User State step and select your USMT package (if you don't have use MDT to create one) and then select the 'radio button customize how user profiles are captured' and add the following files: migapp.xml migdocs.xml miguser.xml Now for capturing your MIF file, I have not tested this but it should work in theory as always test before going live. Add additional step of run command line and enter copy "c:\windows\system32\ccm\inventory\a.mif" "%OSDStateStorePath%\a.mif" /v /y this should then copy the file to the same as the hardlinked files. Now restart in PE, do the normal for applying the windows 7 image but don't use the format and partition disk as the disk has a partition everything will be wiped apart from the hardlinked folder. At the end a step Restore User State again add the USMT package, restore all captured user profiles with standard options. And of course copy back your a.mif file to the directory of choice. That is how to do it with hardlinking. This information has been taken from the example file attached at the beginning of the post. We have 1 additional step, I have created a VB script that resets the machine account on AD before restarting in PE so that the same machine account can be used to save having to re-add the machine to all the groups it once belonged to again. I hope that helps you.
  14. I have been trying to find documentation on setting up a mobile device management client on the smartphone. We run the site in mixed mode and the smart phones will connect to the companies wireless points so not worried about native mode and setting up certificates. The test phone I have is a Toshiba TG01 and it is running 6.5 professional (CE OS 5.2.21876). I have read many tech net articles but can't seem to find instructions on how to configure the ini file for mixed mode and how to run the installer on the device. Anyone know of sites or can give advice I would very much appreciate it. Thanks.
  15. I am migrating some machines to Windows 7 and I am currently using a task sequence variable with a query, the query checks the MSI (in this case office 2007) and the sets a variable to Yes if it finds office installed. After the OS has been applied I then perform a query on the software to see if the task sequence variable is set to Yes, if it is not set to Yes skip installing the software. My question is, is this the best way of building a list of installed software to re-install after the upgrade or is there a smarter way of doing this that I am missing?
  16. Thanks for the hint. I am a little confused by it could you give me an example if possible please?
  17. My queries had an inner join which screwed up the results. Just removed the inner join and now they work. I also added exclusions for certain machines with names that began like, the reason why I was re-writing the built-in queries.
  18. This has me so confused I have 3 collections, they are going to be used to deploy software so I need to be confident they are correct. My 3 collections are as follows: All Workstations select SMS_R_SYSTEM.Name from SMS_R_System where SMS_R_System.OperatingSystemNameandVersion like "%Workstation% All Windows 7 Workstations select SMS_R_System.Name from SMS_R_System inner join SMS_G_System_SYSTEM on SMS_G_System_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_R_System.OperatingSystemNameandVersion like "%Workstation%6.1%" All Windows XP Workstations select SMS_R_System.Name from SMS_R_System inner join SMS_G_System_SYSTEM on SMS_G_System_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_R_System.OperatingSystemNameandVersion like "%Workstation%5.1%" Adding Windows 7 and Windows XP collections together didn't give the number of workstations in the all workstations group, so I created this query to see what machines were missing: select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.Name in (select SMS_R_SYSTEM.Name from SMS_R_System where SMS_R_System.OperatingSystemNameandVersion like "%Workstation%") and SMS_R_System.Name not in (select SMS_R_System.Name from SMS_R_System inner join SMS_G_System_SYSTEM on SMS_G_System_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_R_System.OperatingSystemNameandVersion like "%Workstation%5.1%") and SMS_R_System.Name not in (select SMS_R_SYSTEM.Name from SMS_R_System inner join SMS_G_System_SYSTEM on SMS_G_System_SYSTEM.ResourceId = SMS_R_System.ResourceId where SMS_R_System.OperatingSystemNameandVersion like "%Workstation%6.1%") It shows I have 125 not in the collection of XP or 7 looking at the properties on the 125 most of them are tablet edition of XP but however the statement I am using is like and has a percent after the 5.1 so should capture it?? In fact it does but only when using %Workstation%. How weird anyone seen anything like this before? Am I missing something obvious? Clients are installed and working ok.
  19. RC1 solved all the issues I was having install SCCM. Thank you
  20. Ok thanks I have set the clear install flag task. I have set it to 40. My worry is that if a user does not come back to network over 40 days (very possible in our enviroment) and the install flag sets to no, what will happen to the healthly client installed on their device? Will push simply set it back to yes or is it the heartbeat that will set it back to yes?
  21. I am getting the same issues, however I am doing an all-in-one install I have my DC,SQL and SCCM on the 1 server could that cause an issue. I have followed your guide to the letter (just gave the accounts a more friendly name, the logon names are the same) and I have tried reboots to see if the permissions have applied, restarted SQL service still no luck. Any ideas? Quick note forgot to say also disabled firewall, in a LAB enviroment so don't really care about security just want to have a play with it.
  22. Thanks for your reply and the link to your blog both most helpful. The client push is working with no issues, however I may not have explained what I was asking properly. The machine in question used to have the client installed and for some reason a tech reimaged the machine by hand (using windows disk), the client push then didn't reinstall. I was unaware that this had happened until I went to deploy software to the machine and remote control it. All new machines that are joined outside of a OSD get the push install fine. Is there any way to be confident that when in a collection it says the client is installed, is 100% correct or do we take with a pinch of salt. In this case it was reporting it was installed when it wasn't. We have many remote working staff and the clear install flag task worries me as sometimes they may not come back to network for couple of months. If the install flag task sets it to no, when they come back on the network will the push set it back to yes?
  23. There is 1 machine that stated it had the client installed I went to the machine and it had no client, I went back to the SCCM console did an update collection and refresh it still insisted that the client was installed however when trying to remote control this proved that it wasn't. Looks like the machine had a custom rebuild without going through OSD on the server and for some reason the client push didn't install the client. How sure can you be when it says client installed that it is telling the truth is there a way of checking client health. I did notice the clear install flag task but reluctant to set that up as I am not sure of the knock on effects are, and also the machine was still on and working so not sure this would work anyway. I am not sure if I trust collections that say the client is installed anymore. Any advice on double checking client is installed and healthly on your workstations/servers? Server details: SCCM 2007 R2 SP2 2003 Standard SP2 R2
  24. Thanks for the example. I used the hardlinking example as some profiles have large PST files stored within them. I ran in to 1 minor issue, if you don't reset the computer account on AD then of course the machine will not join again. Some of our deployment guys were deleteing machines (which was most helpful) and then of course losing the group memberships. I added a TS step using Netdom, part of the remote tools set available here http://www.microsoft...lang=en&id=7887 as SCCM SP2 uses winpe3 (win 7). Just copy the exe to a package and then run the command netdom reset machinename /domain:domainname Hope that helps anyone running into issues re-joining the machine back to domain. Thanks again
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.