Jump to content


Established Members
  • Content Count

  • Joined

  • Last visited

Community Reputation

1 Neutral

About Nunzi0

  • Rank
    Advanced Member
  1. I just tried this and it seems to work OK, but if anyone has a better idea please let me know: Create collection based on operating system -like "%Windows Server%" Exclude Collections: Server Updates 2nd Tuesday, Server Updates 2nd Wednesday, etc.
  2. Hi All, I am trying to build a catch-all collection where any new server that someone might forget to add to an AD patching group shows up in. We currently have collections built to look for specific AD security groups that patch servers on specific days. However i am trying to find a way to build a collection that looks for any servers NOT in one of these groups. Ex: ADGroup: 'Server Updates 2nd Tuesday', 'Server Updates 2nd Wednesday', etc. I built a collection that somewhat performs this by using 'System Resource.System Group Name is NULL'. However this will on
  3. So i cannot have an FSP designated for one site, and another FSP designated for a different site? Yes i will be using HTTPS wherever possible. As for the reporting on primary servers, this is for a site by site basis. I only want some select users to have access to reporting for all locations, and other users to have reporting capabilities for single locations. I suppose i could accomplish this with RBAC and site permissions on the CAS as well. For SQL, with our current licensing model we would need to run SQL servers that are solely for the purposes of System Center and nothing els
  4. I was not aware of the CAS being down causing issues with SU. Thank you for that. If i install software update points at other primary sites, would i still be able to deploy them? To give you a better picture here's what i was thinking as far as layout: Datacenter A (Headquarters). with CAS and primary site. Roles on primary: System health validator, MP, DP, Reporting, State migration, Software Update, FSP, Asset Intelligence, Software catalog/web Datacenter B. (HQ DR) with Primary Site. Roles: System health validator, MP, DP, Reporting, State migration, Software Update, FSP, A
  5. In our current DR strategy, we will typically shut down entire datacenters at a time for maintenance, patching, upgrades, etc. This is why i would need more than one primary site to be active in order to keep things up and running. If you still think that i could get by without a CAS for a scenario like this, i would definitely look into it.
  6. It's not about the sheer number of machines we have, as we probably only have around 20k. It's more for a central reporting/asset source of truth for all locations. We're going to have 3 primary sites, and several child sites, and would like to have one point where several groups can administer the entire environment as a whole for consistency at every location.
  7. I'm in the process of designing an entirely new System Center environment for my company and just have a couple of questions regarding the SQL setup for it. I know that i need a CAS hierarchy in this new setup, as it will be global. Unfortunately i have not built a CAS environment before and I'm a bit unfamiliar with the database that it runs on. My plan is to install the database instances on a clustered SQL environment, however i am just unsure if the CAS database needs to run locally on the CAS itself or not. Also, what type of data is on the CAS database itself? Is it the client data for t
  8. I've been tasked with building out a new instance of Configuration Manager in a brand new forest that things will eventually collapse into. I currently have one location available that i can start building in, however this is not the end goal for the primary site location. Can i build a primary site now, and then demote this to a child primary site once the final location is ready to be configured? For example, i'll be building a primary site in BOS now, and this will eventually become a child primary site for the final primary site location in TX, with additional child primary sites in LA
  9. I've recently created a report to find Anti-Virus software that is missing from computers on the network. The workflow is as follows: Main Report: (Attached Image 1) Lists 3 collections and their member count - All Devices, Devices WITH anti-virus installed, Devices missing anti-virus Sub-Reports: All Devices with anti-virus installed - which includes net bios name, installed product name, and product version Devices missing anti-virus - Shows the host name of the devices in the collection (Attached Image 2) I was able to link the Collection Name results from the ma
  10. My problem ended up being that i was using a .wim file that i got from the build and capture process. I started using the install.wim from the Windows 7 CD and it worked fine afterwards. I suspect something went awry during the capture
  11. I've been building the OSD procedures for our company here and have had decent success getting it to work. I've gotten the ConfigMgr Client to install on several device models, but I've run into a problem with a particular one. I'm not sure why the same client install package, and the same installation account used on multiple machines would not work on this device. Has anyone seen this before? I couldn't find much on the net. Here is the ccmsetup.log errors i am seeing. MSI: Action 11:10:38: CreateFolders. Creating folders ccmsetup 3/25/2016 11:10:38 AM 2332 (0x091C) MSI: Action 11:10:3
  12. My company is going through an exercise to retire all of the SHA-1 certificates in the environment due to its upcoming EOL date by MSFT. One of the larger pools of devices using a SHA-1 cert are the end user devices, which use a self-signed SHA-1 certificate when using RDP. Most of the info i've found online so far only discuss how to force this cert to use SHA-1 with registry edits, but nothing about SHA-2. Has anyone gone through this exercise yet? If not you may need to soon. Looking for some technical pointers on how to accomplish this. Also, we currently use the self-signed cert
  13. I currently have all classifications selected to sync. What confuses me about the updates being possibly superceeded is that the new updates that replaced them should fix the issue/patch the vulnerability. However, i cannot find any of the updates that replaced the original either. Very strange
  14. I am trying to figure out why my ConfigMgr is not syncing certain microsoft updates when in reality, they should be. My setup is a standalone primary site with all roles installed on a single server. I've checked WSUS on the server and verified that at least one of the updates i am looking for is in fact downloaded. However, when i check in the SCCM console, it never shows up. I've tried the manual import process using the Microsoft Update Catalog, but am never able to publish to the console. I checked to see if the update required manual input. From what i read on another post regarding a
  15. This Service Pack tool is exactly what the doctor ordered. Worked perfectly to do what i needed. Thanks!
  • Create New...