Jump to content


Established Members
  • Content Count

  • Joined

  • Last visited

Community Reputation

1 Neutral

About Maestro

  • Rank
  • Birthday 03/24/1973

Profile Information

  • Gender
  • Location
    Odessa, Ukraine
  1. Hello everyone! I have a few ready-to-deploy OS Task Sequences. They were tested and successfully deployed via SCCM (v.1606) already. And now I have the task to prepare these "OSD-TS"s for installation from USB drive. So the question is: do I have to create new TS, pointing the output to stand-alone media (the very beginning of "New TS Media" Wizard) or there is more quick way like just copy existing TS and "redirect" it's output to stand-alone media? Maybe some kind of PS script can help me? Thank you in advance.
  2. I've found this old post when I run in the same trouble. "Damn, why they don't work? What I did in wrong way?!" Found the answer here: https://technet.microsoft.com/en-us/library/hh219289.aspx : " If the configuration baseline is deployed to a computer, it is evaluated for compliance within two hours of the start time that you schedule. If it is deployed to a user, it is evaluated for compliance when the user logs on." Maybe this will help to somebody.
  3. Hello everyone! Some years ago I was looking for a script to create collections in SCCM based on AD OUs. I've found some of them, but they seemed a bit complex and incomprehensible to me. So I've wrote my own rather simple script, added a few options that I think would be in hand for SCCM admin and added a lot of comments to make the script easy to understand and modify. So I present it to your judge. Any comments and suggestions are appreciated. <# Crafted by Maestro, 17/03/2017 The purposes of this script: 1. Create device collections in SCCM based on AD. Assign Canonical name of OU to collection and OU GUID to collection description. I use OU GUID for my further needs, so you can omit this. In addition, I think that Canonical name is the best variant to use in SCCM but you can pick simple Name or Distinguished Name - it is up to you 2. Define the Refresh Schedule of collection. 3. Create Query Rule for collection membership 4. Move created collection to custom folder (very handy, never saw this option in other scripts). 5. Updates collection membership at once. #> # Importing necessary PS modules Import-Module ActiveDirectory Import-Module 'D:\Program Files\Microsoft Configuration Manager\AdminConsole\bin\ConfigurationManager.psd1' # Defining main variables # SCCM Site $Site = (Get-PSDRive -PSProvider CMSite).name <# Folder to move collections into. I've selected the ready one. You can create new folder right in script with simple "mkdir" in "${Site}:\DeviceCollection\" #> $TargetFolder = "${Site}:\DeviceCollection\FromAD_by_OU" # Relocating to SCCM PSDrive cd ${Site}: # Defining refresh interval for collection. I've selected 15 minutes period. $Refr = New-CMSchedule -RecurCount 15 -RecurInterval Minutes -Start "01/01/2017 0:00" <# Getting Canonical name and GUID from AD OUs. -SearchScope is Subtree by default, you can use it or use "Base" or "OneLevel". OUs are listed from the root of AD. To change this i.e. to OU SomeFolder use -SearchBase "OU=SomeFolder,DC=maestro,DC=local" #> $ADOUs = Get-ADOrganizationalUnit -Filter * -Properties Canonicalname |Select-Object CanonicalName, ObjectGUID # And at last, let's create some collections! foreach ($OU in $ADOUs) { $O_Name = $OU.CanonicalName $O_GUID = $OU.ObjectGUID # Adding collection New-CMDeviceCollection -LimitingCollectionName 'All Systems' -Name $O_Name -RefreshSchedule $Refr -Comment $O_GUID # Creating Query Membership rule for collection Add-CMDeviceCollectionQueryMembershipRule -CollectionName $O_Name -QueryExpression "select * from SMS_R_System where SMS_R_System.SystemOUName = '$O_Name'" -RuleName "OU Membership" # Getting collection ID $ColID = (Get-CMDeviceCollection -Name $O_Name).collectionid # Moving collection to folder Move-CMObject -FolderPath $TargetFolder -ObjectId "$ColID" # Updating collection membership at once Invoke-CMDeviceCollectionUpdate -Name $O_Name } Write-Host "----------------------------" Write-Host "All done, have some beer! ;)" Write-Host "----------------------------"
  4. Hello everyone. Got the same error after migrating to 1606 from 2012 SP2. Digging the logs, found that SCCM is getting problems with WDS. WDS needs to be restarted before activating, SCCM isn't ready for this and tries to do everything, not paying attention that service is missing. What did I do. 1. Unchecked PXE in SCCM console. 2. Uninstalled WDS. Rebooted. 3. Deleted (just in case) %windir%\Temp and RemoteInstall folders. 4. Manually installed WDS. Rebooted. 5. Checked PXE option, waited for procedure to complete (no errors in logs). 6. Redistributed boot images. 7. Redistributed OS images. 8. Deleted and re-created TS. Worked like a charm. Maybe this will help to somebody.
  5. Thank you. I was wondering if in some case policy refresh time interval is overridden (except manual refresh).
  6. Hello everyone! I cannot find an answer to technical question. When I add or move device to some collection, does it makes the SCCM client to run Policy Retrieval and Evaluation Cycle? Or the time interval is strictly configured in Client settings? In other words, if I want to immediately apply collection's deployments to a new computer do I have to run for it "Download computer Policy" from SCCM console?
  7. Thank you. I've made MW 30 minutes and time of package execution for 15 minutes (it's simple "shutdown.exe" with few options). And it seems to work great. Thank to everyone for answers.
  8. Thank you very much! The key phrase is "the maintenance window will applied to any application or package that you deploy". Because in some manuals it was written that the maintenance windows support only "software updates, OS install, something else..." but not a word about package deployments. So I've wondered - could the shutdown will be done with package or should I create a Task Sequence for it. Thanks again!
  9. Hello everyone! I've wrote very simple script to shutdown Workstations. Then I've created the collection for certain OUs in domain and simply scheduled to deploy this script to collection as package at 22:00 . I've realized my mistake when some of these workstations rebooted at morning (they were powered down already). So, what is the best way to do it right with SCCM? Should I schedule, i.e. the distribution of this package daily at 21:50 with deadline at 21:55 and create maintenance window for collection from 22:00 to 22:05? Will this work or there is more easier way? I've found some articles about maintenance windows, but can not realize the clear algorithm for myself. Thank you for your attention.
  10. It's OK, all computers are x86 Windows. But is there any way to complete my task in query, or I have to create a new report?
  11. Hello everyone! I've got a task to create a query to show the computers which has more then one installation of Java on it (sometimes Java doesn't updates correctly). So I quickly created a query: select distinct SMS_R_System.Name, SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName, SMS_G_System_ADD_REMOVE_PROGRAMS.Version from SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName like "Java % Update %" order by SMS_R_System.Name And this query shows me all the computers where Java installed and I can see among them computers that I need. But how to select only computers where SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName like "Java % Update %" >1? I think COUNT will be the best for this task but I've didn't find how to correctly use it here. I've tried different constructions but always got an error sign. Can anyone help me? Thank you
  12. Hello, Garth! Thank you for fast and detailed answer. To say "No" to customer, I need to have some reasons that are hard as reinforced concrete. That's why I'm particularly interested in two of your statements. If you can, explain them in details, please. Is this a well-known bug described somewhere? If yes - only this fact is enough to stop the work. As the previous statement, this is also very serious fact to consider. Can you explain it or give me a link where it is described in details? Thank you very much in advance. Sincerely, Alexey
  13. Hello everyone! I've got a task to find all unauthorized executables on all workstations in domain. The good point is that workstations are identical to each other (both hard and soft), bad point is that I have to find the existence of these files on HDDs, not their launches. And I have to use SCCM 2012 SP1 for reporting as well. (That's why I cannot use the AppLocker). Well, what I've decided to do is to take one of workstations as the sample (SW - sample workstation). All updates, patches, etc. are provided at SW first, then are spread on whole domain. All .exe (and another file masks) on SW are presumed as "white", all others on workstations are presumed as "black" ones.What I need now is to compare white-list from SW with file list from every computer in collection. There already exists almost ready-to-use report that I need, but it has to be modified. Unfortunately, my knowledge of MS SQL is somewhere below zero (maybe below absolute zero, -274C ). That's why I'm asking for help. I've tried to find some articles about creating or modifying reports, but most of them are the same: "Open Report Builder, now copy and paste there the sample query from below. Wonder what a pretty report you've got!" The report is "Compare software inventory on two computers". What modifications do I need: - Compare not "Computer name - Computer name" but "Computer name - Select a collection" - Exclude files from white-list (from SW) from report. - Exclude size, version and time check - only existence and (maybe) the difference in path.. - Group by machine name. Maybe instead of ready query you can advice me some good article like "Composing reports in Report Builder for absolute newbies", I'll appreciate it very much as well. Thank you for your time. Sincerely, Alexey
  • Create New...