Jump to content


Established Members
  • Content Count

  • Joined

  • Last visited

Everything posted by rdr222

  1. Is there an easier way to find the actual differences between 2 security roles? I have some custom security roles that are based off the built in security roles. When a new feature is introduced or new permissions are added to the built in role I want to reflect those new permissions in the custom role. RBAViewer can compare the roles and see how many differences there are between the custom one and the builtin one but won't actually tell me what those differences are. Is there a way I can see what permissions are different between roles with RBAViewer? Is there another way I can find the
  2. cleaning up old posts I did look into using WMI to directly query for new updates in the script however I ended up leaving an ADR in SCCM and have the script invoke it to run. I felt that it was easier to set the criteria (or update the criteria in the future) in the ADR itself than to have to retool the WMI query in the script every time it needs a change. The rest of the script then queries the SUG the ADR creates, takes the updates found in the SUG, creates a new SUG with a specific name, deploys the new SUG to appropriate collections with the agreed upon availability/deadline time
  3. Cleaning up old posts. I did contact support about this issue and after troubleshoot was told it is a bug. The workaround I'm using is to query the System Resource.Disinguished Name property instead of System Resource.System OU Name property with a value like CN=%,OU=OrganizationalUnit,DC=Domain,DC=com
  4. So I'm trying to better automate my update process in SCCM 2012 R2 SP1. Right now I have an ADR that runs in the evening on Patch Tuesday that finds the appropriate updates based on update classification, product, date, not expired or superseded. It downloads the updates it finds into the Deployment Package, creates a new SUG for the month and deploys it out to the first pilot group. Then the next morning I come in and change the name of the SUG and the deployment to meet the naming standard, deploy it out to the remaining pilot and prod groups and email the end users affected in each group
  5. I've done some more troubleshooting and have found that on the devices in question, if a Heartbeat Discovery runs (Discovery Data Collection Cycle run from the client) then the System OU Name will have the full path and the devices will fall into the correct collections. However, when the AD System Discovery next runs, the System OU Name will again be shortened to just the OU names, not the whole path, and the devices will again fall out of the collections. In the domain/forest that the primary site is a part of, this does not appear to happen. The System OU Name always contains the full pa
  6. On some of the SCCM device objects, the System OU Name property shows up as a full path, yet on other objects they show up as just the OU name. These objects are in the same OU and both getting discovered by the AD System Discovery, AD Group Discovery, MP Client Registration, and Heartbeat. It seems as if when you install the client, they will always show the full path, however when the AD System Discovery runs, it removes the full path for some. How can I make the full paths always show up (for collection query purposes)?
  7. we have our SCCM environment setup in a distributed model and scoped out for the various colleges/depts own IT teams to use so shipping them back wouldn't work since that campus is where that IT teams does it's work. I believe that having a DP at that location is the obvious way to go, i was just looking for some documentation to back up my claim as well.
  8. It is a fast link to the remote campus which is why the people in my dept that are against putting a DP there are against it. To them, since it's a fast link, their should be no reason to need a DP out there and there must be something wrong. We tried the reg tweaks and it didn't seem to improve performance much and i'm always hesitant to do those sort of thing because i figure if the tweak was better, it would be that way by default. I'm really trying to make the case that SCCM DP/MP should be a part of the core infrastructure that we place at remote sites like this and am looking for t
  9. we have a small VMware cluster that we use to distribute some of the core infrastructure (DNS, DC, DHCP, etc) at the remote campus however it wasn't built with the amount of storage that placing a DP there would require and the differing opinions are from the people that write the checks for that sort of stuff. If we have some documentation or I can show that best practice says SCCM should be a part of that core infrastructure we place at a remote campus it would be helpful.
  10. I have a 2012 R2 SP1 primary site that is servicing the main campus of the University I work at. All the site servers are located in the main campus data center. We also have a remote campus about 15 miles away from the main campus which utilizes the the servers in the main campus data center. For the most part this hasn't caused any issues, however when techs at the remote campus try to PXE boot and image a device, the TFTP portion of the boot process takes 10+ min to download the boot image as opposed to the 30 sec it takes on the main campus. Compounded when imaging multiple machines at
  11. I opened a case on this and had been working with a support engineer gathering process dumps but the problem mysteriously disappeared after a few weeks. We hadn't made any changes or updates so I'm not sure why it fixed itself
  12. The workaround posted by Bitmapped is what MS also gave me. The support engineer I was working with acknowledged that it is a bug and said a fix will be included in the next CU
  13. Since upgrading to 2012 R2 SP1 I've noticed that memory usage will steadily climb on my site server to the point that after a couple days, I am unable to connect with the console or log into the server and have to do a hard reboot. The process that is sucking up all the memory is SMSEXEC.EXE. Before the SP1 upgrade this didn't happen. Is anyone else seeing something similar?
  14. I'm still waiting for MS to get back to me about it. I showed one of the support engineers what the issue is and he said they would try to replicate it and check with the product team if that is an "intended feature". I couldn't imagine it is since having to give access to All Systems and All Users and User Groups collection kind of defeats the point of being able to delegate and limit access with security roles. I'll update the thread once I get more info.
  15. I updated from R2 to R2 SP1 last week and one of the new SP1 features is the deployment verification of High Risk Deployments like OSD task sequences. When users try to deploy a task sequence, they go to choose the collection and see the new High Risk Verification prompt. The user can hit OK and choose a collection as normal. The next screen on the deployment wizard asks if this is an available or required deployment. When choosing available everything works as normal but choosing required and hitting next should pop up another verification depending on the contents of the collection. The
  16. So it turned out to be something with my boot image. I created a brand new MDT boot image through the SCCM console and used it for the task sequence instead.
  17. looking in the OSDSetupWizard.log it looks like the WMI query to find the volumes on the disk isn't returning anything 20:59:31.876 10-29-2014 2 WizardDialogController Page 'Volume': About to show page. 20:59:31.876 10-29-2014 2 TSVariableRepository Loaded variable '_SMSTSBootUEFI'. Value = 'false' 20:59:31.891 10-29-2014 2 WmiRepository Connected to the WMI namespace root\cimv2 20:59:31.891 10-29-2014 1 WmiRepository Ran the WMI query: SELECT DeviceID,InterfaceType FROM Win32_DiskDrive where InterfaceType != "USB" and InterfaceType != "1394" 20:59:31.891 10-29-2014 1 WmiIterator About t
  18. I tried it on multiple devices with the same outcome. I can also image these with zero touch deployments without issue
  19. I setting up a UDI OS deployment but whenever I go through the wizard when I PXE boot the device, i get to the volumes page and get stuck. I can choose the image but not a volume to install the OS on. At the bottom of the wizard it says "No supported NTFS volumes found" and it won't let me continue. I can run a cmd prompt and go to diskpart, type list volumes and see that there are NTFS volumes on the disk. Even if I clean the disk with diskpart, reboot, and let the task sequence format it prior to the UDI wizard popping up, it still does not have any volumes to choose from. I
  • Create New...