Jump to content


Garrett804

Established Members
  • Posts

    139
  • Joined

  • Last visited

  • Days Won

    6

Everything posted by Garrett804

  1. My advice would be that if you aren't that knowledgable into networking and in programming Cisco devices look into the Meraki Cloud managed devices. They E-mesh and will allow you direct tunneling between the sites. Once you get the connection established you can then look into doing DP's on site there. Your first thing to figure out before even SCCM is the network though so start there. Meraki is what I'd use in this situation.
  2. Sounds like you might of had a validation issue then perhaps.
  3. For the network balancing you don't need to really have it on a seperate connection itself. You can try just splitting the SCCM sites and having one site for the classrooms and another for your other devices. You cannot have 2 DP's on the same box so you'll have to find another server to host that roll and/or a windows desktop to host it. The way to control the DP's is by Boundry Groups. You simply just set them up using subnets and set the subnet for one vlan for one Boundry group and the subnet for the others in another boundry group. Then you assign the boundry groups to the DP's that you have.
  4. I prefer to do my uninstalls with a simple batch file and msiexec /x {program ID} /q. I create them as packages and simply just deploy it out running the batch file. When you do the uninstall using the application in SCCM it has to download the entire data package before running it. In the case of an office 2013 uninstall that would be over 700MB of data just to do something that a simple batch file can kick off without the traffic.
  5. I'm not sure if I posted it in the right place on there or not https://social.technet.microsoft.com/Forums/en-US/5958f5d9-bca8-49d2-8b5b-a588685ac486/builtin-sccm-report-issue-found?forum=configmanagergeneral I'm just glad I have a solution finally to something that's been bugging me for the past few days and can share it with the rest of you.
  6. Ok in doing some more research and getting one of our SQL people involved we were able to figure out that it is not showing all the machines due to the way the report is joined. Here is the MS Query for the Hardware Summary report. select distinct v_R_System_Valid_Alias.ResourceID, v_R_System_Valid_Alias.Netbios_Name0 AS [Computer Name], v_R_System_Valid_Alias.Resource_Domain_OR_Workgr0 AS [Domain/Workgroup], v_Site_Alias.SiteName as [sMS Site Name], [Top Console User] = CASE when (v_GS_SYSTEM_CONSOLE_USAGE_MAXGROUP_Alias.TopConsoleUser0 is NULL or v_GS_SYSTEM_CONSOLE_USAGE_MAXGROUP_Alias.TopConsoleUser0 = '-1') then @UnknownLoc Else v_GS_SYSTEM_CONSOLE_USAGE_MAXGROUP_Alias.TopConsoleUser0 End, v_GS_OPERATING_SYSTEM_Alias.Caption0 AS [Operating System], v_GS_OPERATING_SYSTEM_Alias.CSDVersion0 AS [service Pack Level], v_GS_SYSTEM_ENCLOSURE_UNIQUE_Alias.SerialNumber0 AS [serial Number], v_GS_SYSTEM_ENCLOSURE_UNIQUE_Alias.SMBIOSAssetTag0 AS [Asset Tag], v_GS_COMPUTER_SYSTEM_Alias.Manufacturer0 AS [Manufacturer], v_GS_COMPUTER_SYSTEM_Alias.Model0 AS [Model], v_GS_X86_PC_MEMORY_Alias.TotalPhysicalMemory0 AS [Memory (KBytes)], v_GS_PROCESSOR_Alias.NormSpeed0 AS [Processor (GHz)], (Select sum(Size0) from fn_rbac_GS_LOGICAL_DISK(@UserSIDs) v_GS_LOGICAL_DISK_Alias inner join fn_rbac_FullCollectionMembership(@UserSIDs) v_FullCollectionMembership_Alias on (v_FullCollectionMembership_Alias.ResourceID = v_GS_LOGICAL_DISK_Alias.ResourceID ) where v_GS_LOGICAL_DISK_Alias.ResourceID =v_R_System_Valid_Alias.ResourceID and v_FullCollectionMembership_Alias.CollectionID = @CollectionID) As [Disk Space (MB)], (Select sum(v_GS_LOGICAL_DISK_Alias.FreeSpace0) from fn_rbac_GS_LOGICAL_DISK(@UserSIDs) v_GS_LOGICAL_DISK_Alias inner join fn_rbac_FullCollectionMembership(@UserSIDs) v_FullCollectionMembership_Alias on (v_FullCollectionMembership_Alias.ResourceID = v_GS_LOGICAL_DISK_Alias.ResourceID ) where v_GS_LOGICAL_DISK_Alias.ResourceID =v_R_System_Valid_Alias.ResourceID and v_FullCollectionMembership_Alias.CollectionID = @CollectionID) As [Free Disk Space (MB)] from fn_rbac_R_System_Valid(@UserSIDs) v_R_System_Valid_Alias inner join fn_rbac_GS_OPERATING_SYSTEM(@UserSIDs) v_GS_OPERATING_SYSTEM_Alias on (v_GS_OPERATING_SYSTEM_Alias.ResourceID = v_R_System_Valid_Alias.ResourceID) left join fn_rbac_GS_SYSTEM_ENCLOSURE_UNIQUE(@UserSIDs) v_GS_SYSTEM_ENCLOSURE_UNIQUE_Alias on (v_GS_SYSTEM_ENCLOSURE_UNIQUE_Alias.ResourceID = v_R_System_Valid_Alias.ResourceID) LEFT join fn_rbac_GS_COMPUTER_SYSTEM(@UserSIDs) v_GS_COMPUTER_SYSTEM_Alias on (v_GS_COMPUTER_SYSTEM_Alias.ResourceID = v_R_System_Valid_Alias.ResourceID) LEFT join fn_rbac_GS_X86_PC_MEMORY(@UserSIDs) v_GS_X86_PC_MEMORY_Alias on (v_GS_X86_PC_MEMORY_Alias.ResourceID = v_R_System_Valid_Alias.ResourceID) LEFT join fn_rbac_GS_PROCESSOR(@UserSIDs) v_GS_PROCESSOR_Alias on (v_GS_PROCESSOR_Alias.ResourceID = v_R_System_Valid_Alias.ResourceID) inner join fn_rbac_FullCollectionMembership(@UserSIDs) v_FullCollectionMembership_Alias on (v_FullCollectionMembership_Alias.ResourceID = v_R_System_Valid_Alias.ResourceID) left join fn_rbac_Site(@UserSIDs) v_Site_Alias on (v_FullCollectionMembership_Alias.SiteCode = v_Site_Alias.SiteCode) LEFT join fn_rbac_GS_LOGICAL_DISK(@UserSIDs) v_GS_LOGICAL_DISK_Alias on (v_GS_LOGICAL_DISK_Alias.ResourceID = v_R_System_Valid_Alias.ResourceID) and v_GS_LOGICAL_DISK_Alias.DeviceID0=SUBSTRING(v_GS_OPERATING_SYSTEM_Alias.WindowsDirectory0,1,2) left join fn_rbac_GS_SYSTEM_CONSOLE_USAGE_MAXGROUP(@UserSIDs) v_GS_SYSTEM_CONSOLE_USAGE_MAXGROUP_Alias on (v_GS_SYSTEM_CONSOLE_USAGE_MAXGROUP_Alias.ResourceID = v_R_System_Valid_Alias.ResourceID) Where v_FullCollectionMembership_Alias.CollectionID = @CollectionID Order by v_R_System_Valid_Alias.Netbios_Name0 Once I changed out the Inner Join with a Left join the report shows all the machines as it should. In looking into the functions we found that the fn_rbac_GS_OPERATING_SYSTEM did not have the machine BSL-XOM-BR-007 in it with any data thus not allowing it to join up to the report. I'm not sure if it was intended by MS to only give you a list of the machines that they have complete data on or not but for me I would prefer to have a report that shows me everything in a collection no matter how much of the data the system currently has.
  7. I've recently discovered something that has me wondering if the reports I've been pulling for years are even accurate. I run a simple Hardware 01A Asset Intelligence report and export it into excel to manipulate and do lookups against other data. Recently I discovered a machine that was not being pulled down in the report but is in my system and in good health with inventory data. Here you can see that the search in excel for the machine comes up blank and it can't find it. So I went into SQL and looked through the Tables to see if it was in fact in the table that Microsoft has the report running against. (dbo.V_R_System) Sure enough it is listed in the table but for some reason just doesn't come up on the SSRS report though. I've been trying to find any related issues online but have yet to come across anything to point me in any direction. Has anyone else ever noticed the built-in MS reports not actually pulling all of the data?
  8. So the reason your compliance numbers are so low is because your ADR's are adding the new updates they find to an existing group which is causing the group to constantly have to re-evaluate. Depending on the activity on your clients and how often they are on the network as well as how often you are running your compliance checks it takes some time to get the numbers back. One way to do the ADR's would be to run them once per month and have them create a new group everytime they are ran. This will leave the old group with its compliance numbers so that it won't re-evaluate on you. Once a quarter or 1/2 year or full year you can take the groups and combine them down to a single group covering a larger time period. For instance I take my update groups once they reach 85% compliance and merge them into a bigger group for the entire quarter and then finally the entire year. (with the amount of updates lately though this is more difficult to merge due to the cap of 1000). I haven't moved the November and December 2014 into the year group yet because of the updates limit per group. You can see my ADR group which is the Microsoft Forefront Endpoint one has low compliance because of the constant changes to the group and it having to re-evaluate constantly. Basically the same situation that you are having.
  9. Check the membership rules for your collections. You must have those listed for membership somewhere.
  10. I'd agree with Garth on this one. I had the same request made from my company for a report that shows the company machines and the last date they had windows updates installed. The issue though is as Garth says, The data coming back is false since even 1 good update can set the status to successful even though other updates were not successful. The way that I found to give the company the data they wanted was to do a report based on a software Update Group that I made of all the current updates. That report won't return a false result if a machine is not 100% compliant it stays in the non-compliant state. The report is the Compliance 1 report and it will give you the overall numbers for whatever collection of machines you are looking for the state of compliance in.
  11. Sounds like you are having the same issue I am with the clients trying to repair themselves even though they shouldn't need to. check your CCMRepair log file and you should see that it is erroring out over and over again. What I have to do for this is end the process for CCMRepair and CCMSetup as well as any MSIEXEC ones. Kick off a C:\Windows\CCMSETUP\ccmsetup.exe /uninstall to uninstall the client. Once the CCMSetup process ends I then delete the CCM and CCMSETUP folders that are left on C:\windows. Then I do another client push to the machine to re-install the client onto it. The machines seem to be able to pull policies afterward but some of them then come back a few weeks later with the same issue again. I'm not sure if this is because of me being CU5 of SP1 or not but its been frustraiting for me to constantly be uninstall/re-installing clients.
  12. It is quiet annoying to deal with this issue. One thing I do is just bring it to excel and remove the duplicates on the workstation column. Whatever is left is the total number that has the software (doesn't matter what version it has listed)
  13. The problem also is that everytime you change the deployment group it has to then re-evaluate everything again to determine the compliance of the group at its current state. What this means is that when you are daily checking and making changes to the group it is starting all over again on evaluating the machines in the environment. I do my updates twice a month with a 2 week gap between my IT staff and Everyone else. I do a Patch Tuesday Package which I don't deploy for 2 weeks after its release to my IT staff first. I put a 7 day Deadline on all of my packages. I then have an entire month package for say January 2015 which would go to all my production workstations. To break it down basically. 1. Pre-Production (IT Staff) gets an update package for 2 weeks of testing. If no issues come up or are reported then 2 weeks later that same package then goes to Production (everyone). 2. Packages are created for Patch-Tuesday and End of Month. I don't have any auto-deployment rules setup for general updates. I only use it for Endpoint currently and it runs every 8 hours. Microsoft releases endpoint updates 3x a day every 8 hours starting at 3:00am. My schedule starts at 3:30am and goes every hours after that. Here are my endpoint settings. As you can see I also change the source list to go to MS directly first rather than my system to lessen the traffic coming in to my server.
  14. I use a program named Orca to edit the MSI and re-package it. This is a program from Microsoft that you can get. For windows 8 though its called Super Orca (don't know why its super but it works great). Here is the MSI opened in Super Orca. I have highlighted the area's I change so that the program doesn't try and auto-update on the users machines or reboot them. Then I just go to File > SaveAs and save the file back down. I move it to my lab and do a few test runs on some boxes for scenerio testing. Once tested and verified the command line I want to use I then load it all up into SCCM and create the application. Scenerios - No Browsers open - Browsers open - Make sure /q switch works Once that is done I use this command line to install msiexec /i "Java.msi" /q I've had about 50 machines show a failure but the rest install just fine. I'll have to work out the failure's and come up with a solution to those but this helps get the majority of my environment up and working.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.