Jump to content


Established Members
  • Content count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About Jimm

  • Rank
  • Birthday 10/22/1965

Profile Information

  • Gender
  1. Good day, I'm preparing a security audit against our numerous SCCM servers. I am currently using a export from within the console to obtain all of the class security rights for each server. I have the SCCM SDK but am not that strong into vbs to be able to determine how I can go about getting the class security from my servers. If someone could get me started, I can take it from there. Jimm
  2. Jimm

    SCCM 2007 SP2 R2

    After looking intot his more, it appears that I have a problem still. My CO1 device has PXE shown form both the central and site levels. I can add and remove it from either as well. The AA1 site is not showing PXE from the central level but will allow me to install it from the site level. If I do this, my distribution point is nto shows ion the central server but rather locally only. Any ideas on what would make these two sites fall out of sync with each other? Like I mentioned earlier, I have a series of sites that will all be built the asme way. if you can provide me with a process to this, I can save a little time and headaches while I get this going. Thanks much for your input, Jimm
  3. Jimm

    SCCM 2007 SP2 R2

    So far everything looks good. One issue I have is that I want to install PXE on the new parent servers in my remote locations. I can do this from the remote site if I RDP into the server and open the SCCM console. From the Central Server console, PXE is not available as an option. Why is this? I guess that because this binds with the local DHCP server the action has to occur from the device on the local subnet. It would be nice to have this specified so that I do nto make an error. Earlier I asked about the database settings. Should I leave them as local or use the replicated settings? What is the difference? Jimm
  4. Jimm

    SCCM 2007 SP2 R2

    I'm not certain I understand 100%.... This is the console of the RO1 device and site. I have a boundary set for Chicago and it specifies site CO1. I previously also had a boundary where the site for Chicago was set to RO1. Are you saying to remove this Chicago boundary even though it is listed as being on the other site? Jimm
  5. Jimm

    SCCM 2007 SP2 R2

    LATEST UPDATE: After adding the COSCCM1 to AD so it can create the System Management objects, everything is workign correctly with one exception. I'll get to that later. All the collections can across and show up as locked in CO1 as they should. I was able to make a new DP on CO1 for a package and it was created correctly. I waited for the system status to settle down and went back into the eents. I see the following as the nly item of concern. Severity Type Site code Date / Time System Component Message ID Description Error Milestone CO1 7/16/2010 12:39:46 PM COSCCM1 SMS_AMT_OPERATION_MANAGER 7204 WinRM out of band service is not enabled. Solutions: Install WinRM out of band service manager and start it in out of band service point site role machine. http://www.windows-noob.com/forums/index.php?/topic/474-how-to-update-sccm-2007-to-sccm-2007-sp1/ The upadte is now on CO1 and I'm waiting to see what happens. Jimm
  6. Jimm

    SCCM 2007 SP2 R2

    Additional Updates: What a great tool Google is! I was able to use preinst to manually send the keys and the CO1 site is now in the RO1 console. Things are looking up. Additional Questions: I have each subnet specified as an AD site. My sites are: RO1 - Royal Oak CO1 - Chicago AA1 - Ann Arbor PE1 - Peoria LV1 - Las Vegas KZ1 - Kalamazoo For each sites boundaries, is it correct that I will set CO1 to only discover within the Chicago AD Site? My thought is that this will then propogate up to RO1 as the central site. The other AD sites would be configured in the same manner. While looking in the RO1 boundaries, I see that CO1 is added twice. I added Chicago originally to the RO1 site because this was the only server available. Now that CO1 is online there is a boundary as well for Chicago on the CO1 site. If the plan is to have CO1 manage the Chacago AD site, can I remove the Chacago boundary listed for RO1? On the CO1 side of things, there are boundaries set for Chicago and also for RO. Does the CO1 site need a boundary for RO? I am not certain if this is necessary for communication purposes. Jimm
  7. Jimm

    SCCM 2007 SP2 R2

    Update: Whiile looking in the system status alerts, I see one from SMS_DESPOOLER. SMS Despooler received an instruction and package file from site CO1 that contains either software distribution data or inter-site replication data, however the despooler does not have the public key to verify the signature of the package. The instruction cannot be processed and will be retried. Solution: Extend the Active Directory schema to allow sites to publish their public keys into AD, or use the preinst.exe tool to manually replicate the public keys. When SCCM was originally installed on RO1, I did extend AD so this is not the issue. I Googled the topic and performed the manual steps to replicate the keys but this has also not produced a positive outcome. I'm going to try and research this further as I believe this is why the CO1 site is not showing in the RO1 console. Jimm
  8. Jimm

    SCCM 2007 SP2 R2

    Let me begin by saying thanks for the assistance. I am looking at the HQ device. In this case I'm calling it the central only to ensure I am describing this correctly. I don't want to mix up the terminology. On the RO site, I had created a standard sender with CO1 as the site and the server name entered. This shows an unknown in the console. Also note that nothing for CO1 is visible in the RO1 console. I seem to be missing something that ties the two together. One thing to mention is that I also had previously set the site database to be replicated. I assumed this was how things would be replicated to the child sites. I'm changing this back to the local site database since it isn't working this way. I verified that I have the SMS_SiteToSiteConnection_CO1 set with the computer object ROSCM1 (Central server device name) and COSCCM1 (Child server name). The same are set on the SMS_SiteToSiteConnection_RO1 side.
  9. Good day, I have SCCM 2007 SP2 R2 running within a VM at our HQ location. The system is on Server 2003 and works fairly well for what I am doing so far. Currently, I deploy applications based off of AD Groups and some are assigned to specific users. I have plans to tie WSUS in there and also have working OSD’s for bare metal builds and also deployment of WIMs. I plan to upgrade to Server 2008 soon to make use of multi-casting technology as 2003 does not support this feature. Our company has 5 external sites that are all connected via lease lines (all have at least 3mb WAN) and are laid out in a typical hub and spoke design. I do not want to deploy OSDs and large applications over the WAN even though BITS does a pretty good job for us. For my “site servers” I want to be able to do everything locally that I can do from the HQ location. I believe I need parent servers and need to attach them to the “central” server as children. I build a device with server 2003, SQL 2005 MSDE and have WAIK, MDT and all the rest installed. I believe everything is working correctly. I went into the server properties and specified that the site server was child to my central. In this case, I’ll call the HQ location RO and the external site CO. CO is a child to RO. After doing this, nothing seems to be happening that tells me it was successful. I’m sure that theres more work needed but I am not having much luck finding tutorials on how to do this. In my plans, I would like to be able to add DP, MP, PXE, OSD, WSUS and so on from one console. How do I attach one site server to another and how do I integrate them into one console? As an experiment, I was in the RO SCCM interface and had it add a secondary site. Eventually, this was installed on the CO device. I wasn’t able to do much with it as I had no idea what was really supposed to be doable. The ultimate goal is that I should be able to see collections from the entire domain and specify that a package be sent to each DP for local delivery to the local clients. I should mention that currently all clients report to the RO server. I am preparing for a hardware refresh and can handle if the clients need to be repaired or redeployed. My timeline is getting tight. I believe we will start deploying new devices within the next two weeks. Any help you can offer is greatly appreciated. Jimm
  10. Jimm

    how to copy default profile during sccm sysprep

    I had previously read the first article http://blogs.technet...er-2008-r2.aspx and didn't see the answer in there. The second article explains exactly why this happens and the correct solution. Thanks for the assistance. Jimm
  11. Jimm

    how to copy default profile during sccm sysprep

    I'm in the same boat. I can mofidy the defautl user profile and capture it with capture media. When i deploy the WIM back to the hardware, the custom profile is replaced with the windows default. I used copyprofile=true n unattend.xml during the capture by placing the file in the sysprep folder. Does anyone now how to do this?
  12. Moving on... so I am now trying to B&C a Windows 7 device. The same troube exists with IASTOR.SYS except this time I am puzzled as to what exactly is happening and why. I am using a Dell Vostro 3400 and 3500 as my build devices. The MS Windows 7 Pro media has a good IASTOR.SYS file in it. I assume so at least because I can load the OS and everything is working without having to install additional drivers from Intel or Dell. I send the OS to the laptop and used my driver packages which include the new version of IASTOR. The TS can create and format the drive partitions and install the factory OS. When the devices tries to restart and configure windows before the capture, I get the error that IASTOR is missing or corrupt. I verified the right file is loaded and it is the same version that I got from Dell. I tried working around this and took my MS media and manually installed 7. I updated all the drivers and placed my basic apps in there as well. I wanted to capture a basic OS / primary app load and then deploy it as a way of getting around the B&C TS. I was able to capture the WIM and deploy it. When the device starts, I still get the IASTOR error. I tried updating BIOS to V2 and also tried turning the SATA to IDE mode and also the off mode in hopes to resolve this. Everything has failed. Does anyone have insight as to how this happens and what can be done to correct this? My thought is that if the 7 DVD has the drivers to build a bare metal laptop and works, why is the SCCM TS not working when using the same drivers or updated drivers that also work when installed manually? Very frustrating... Jimm
  13. As luck would have it, I have an application that was being installed via a startup script in GPO. This script reset the registry to allow a logon of the local admin and then used a nested runas to a different account to perform an install. This second account was basically an AD based admin account. So.... I have the basics of the script figured out and can install this application with a published app in SCCM. This only works when someone is logged on as the SCCM account is being used in place of the two admin accounts mentioned previously. I need to add this to a TS so that new builds will have this app also. How can I install this during a build capture? In essence, I need to logon to the device during the build and then install, logoff then capture. Jimm
  14. Good day, I've tried deploying Office 07 Enterprise a few times now and I keep getting the same result. The program begins to install but the initial dialog appears asking which product I wish to install. I used OCT to create my MSP package and it is placed in the Updates folder. I still see this dialog. I tried using the config.xml file as well to cache the install then a TS to execute the install from the local media. This also produced the same dialog. Any ideas as to what I am doign wrong? If I simply select Enterprise from this first dialog, the install continues and works fine. Jimm
  15. Jimm

    Deploy Windows 7

    Good day, The guide really simplified everything required to get SCCM up and running and able to capture & deploy Win 7. I had a few issues with SATA controller drivers but got that all ironed out. One issue that I have no clue what to do with is this. In my TS, I have the line where I specify the license key info. I have a volume key from MS. If I enter this into the TS, it fails every time. Also, I noticed that the only way for me to get past this is to leave the key blank and specify do not activate. I have an ISA device and PIX in place here. I am assuming that since this device is not on the domain, it cannot get logged into the ISA device and thus cannot get to the activation services on the net. I have a build / capture image saved from when I left the license key out of the TS. Can I somehow inject the key back into the image in a new TS? Also, I now have this device on the domain and it is activated. Can I instead capture this image as is and use this as my base for new metal builds? I'm certain all are possible, I guess I am erally asking which way is the best practice? Jimm