Jump to content


Snakebyte

Established Members
  • Content Count

    4
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Snakebyte

  • Rank
    Newbie
  1. I am an administrator of a large network that is slowly being merged into being managed by SCCM 2012. Currently Updates, SCEP, Application deployment, general troubleshooting, Compliance Rules, etc. are in use, and we're almost to the point of using OSD (several good tests with a few different images). Throughout the process, we've been assigning security to allow our Helpdesk to deploy images, and they already have the capability deploy software packages. They had been in charge of updates and SCEP patching, but they fell behind and now the Sys Admin team is handling all patching, to include SCEP. They currently do not have the ability to create/edit/deploy task sequences, OS images, drivers packs, compliance rules, they cannot edit or create collections, etc. All my previous experience has been that these items fell under an administrator role, not a helpdesk role. Management, and some political power grabbing has created a swing in SCCM security that may require that we provide the following to be administered by the helpdesk: Create/Edit/Delete/Deploy Collections (both user and Device) Create/Edit/Delete/Deploy Reports Create/Edit/Delete/Deploy Task Sequences Create/Edit/Delete/Deploy Compliance Rules Create/Edit/Delete/Deploy Software Applications Create/Edit/Delete/Deploy Software Updates Create/Edit/Delete/Deploy Desktop SCCM Policies Create/Edit/Delete/Deploy Antimalware Policies Create/Edit/Delete/Deploy Operating System Images and Bootable PXE Environments The only way I can think to do this with our current architecture, and stills plit off desktops and servers is to build a CAS server with two different Primary Site Servers (we are a One Primary Site server setup), and split the roles across servers using boundaries to ensure that servers are not being managed by the helpdesk group, and that desktops are not being managed by the server group. So my questions are these: Is this viable (is this nuts?) Is this secure Will this provide the level of accountability needed to allow two groups that are literally in different buildings to run their appropriate systems without crossover nuightmares Does this present a risk for system-wide disaster (Server wipe from errant Task Sequence/OSD) Are there other ways to do it if this is not suggested, and where can I find the docs (whitepapers, etc.) Does this follow Microsoft best practice for roles within SCCM Does anyone have any knowledge of articles where this was done and worked, or did not work. Any and all help is appreciated. Jay
  2. Need some help here. I have a medium sized SCCM 2012 environment, single Primary Site server, 5 Secondary Site servers. For the most part, everything works very well, with the exception of task sequences. In most cases, on the initial push of a task sequence, around half will "stall" with a status of running and "Program Started", and go no further. This happens across the board, and to no particular site, subnet, boundary, device type, OS, etc. When I say there is no commonality, I mean there is none that I can find, except that the machine stalls at "Program Started". Couple other notes: Content in most all cases is downloaded without issue, and actually present in the appropriate CCMCACHE folder Nothing is listed in SMSTS.log. When I say nothing, the log will usually not even showing having been updated since the last task deployment The machine is pingable, online, with a current client, and recent Heartbeat DDR Other items (updates, etc) work on the system I have tried with, and without a maintenance window. Without a maintenance window, I ensure that "Software Installation" and "System restart" option outside maintenance window are both checked All Distribution Points have current package version The task shows up in CCMEXEC.log Notifying endpoint 'execmgr' of __InstanceModificationEvent settings change on object CCM_SoftwareDistribution.ADV_AdvertisementID="HLP20103",PKG_PackageID="HLP00094",PRG_ProgramID="*" for user 'S-1-5-18'. CCMEXEC 7/8/2014 7:40:43 PM 2128 (0x0850) The only real errors I ever find are in the TSAgent.log file an are as follows: There are no locations for this program TSAgent 7/8/2014 10:05:51 PM 3408 (0x0D50) Task Sequence Manager could not get active request info. code 80004005 TSAgent 7/8/2014 10:05:51 PM 3408 (0x0D50) Failed to get the details of the execution request. code 0x80004005 TSAgent 7/8/2014 10:05:51 PM 3408 (0x0D50) Task Sequence Agent could not get active request info. code 80004005 TSAgent 7/8/2014 10:05:51 PM 3408 (0x0D50) Error initializing TS environment. Code 0x80004005 TSAgent 7/8/2014 10:05:51 PM 3408 (0x0D50) Task sequence launcher advertisement failed!. Code 0x80004005 TSAgent 7/8/2014 10:05:51 PM 3408 (0x0D50) CTSAgent::Execute - Failed to launch Task Sequence manager. TSAgent 7/8/2014 10:05:51 PM 3408 (0x0D50) On subsequent deployment attempts (third party tools that "redeploy" a deployment) most will succeed, but again, several will hang at the same screen. After several "Re-Deploys" I can usually get to 100%. Initially, I thought the issue was with the destination OS (2009 POS...I know I know, not my choice), but I've seen the same issue on Win 7 machines with all the same symptoms. The system continues to work normally until such time as you "re-deploy" the app. Have tried reboots to fix to no avail. Open to thoughts and help here...Please!!!
  3. Oh, and targeting the entire site for client deployment is not an option. There are servers that SCCM legally cannot touch, and they are literally just one IP address away.
  4. Is it possible to set up auto deployment of the SCCM client to a single collection. Here is my scenario... I have SCCM 2012. We build enough servers on a pretty regular basis so that I've created an OU (and a collection that targets said OU) that they can drop the servers into, and they will get SCEP, Updates, standard software, etc. The only issue is, I have to do a SCCM client push before it will install any of that stuff. Is there a way I can target this Collection (OU) for automatic SCCM client installation without having to use GP (The folks in charge of group policy are different than my group, so I want to keep as much of the process internal as possible). Thanks in advance, Jay
×
×
  • Create New...