Jump to content


Red3Recon

Established Members
  • Posts

    15
  • Joined

  • Last visited

Red3Recon's Achievements

Newbie

Newbie (1/14)

0

Reputation

  1. Thanks for that link, that is interesting. As the article points out, SCCM uses the system account and I have tried 3 different ways with SCCM to try to alter that service and while the fax (my control service) works all three ways, the service that I get "access denied" to locally also gets access denied from SCCM. The only way we have found is safe mode and then, all of the accounts work.
  2. After re-reading your reply about the "system" account....I am not sure how you would specifically us that account, I am still a SCCM n00b. The closest I have gotten to fixing this is creating a task sequence and booting into PE and using a REG LOAD command to open the system hive with a temp name, and then use REG ADD commands to modify the service to 2 (auto vice 4 disabled) I am also changing the fax service as a control. In the TS log it says those commands are successful yet the changes are not retained through reboot so I added a REG UNLOAD command at the end and it left my test systems unbootable, they blue screen-reboot......I suck.
  3. Yes, that is correct the account does not work when Windows is running in normal mode. The same account will work in safe mode to set the service to automatic without getting the access denied message.
  4. AVG Antivirus service, when you change from disabled to auto in services.msc it says access denied, presumably from a bad install of the application. Same result using domain admin account, local admin etc. Thanks!
  5. I have a bunch of systems that have a service set to disabled that needs to be set to automatic and have tested this problem 3 ways to Sunday. Tried GPO, powershell, manual remote regedit....none work, all get access denied. The only fix is to manually boot into safe mode, set the service to automatic and then boot back into windows, works like a champ. Problem is I can't go around to that many systems. If anyone can think of a way I could get the same result using SCCM I would appreciate it. I tried a task sequence and booted into WinPE and ran a "reg add" command to change the service start from 4 to 2 but did not know it was even possible to do that and although the TS log says it was successful it did not make the changes. Any advice is greatly appreciated!
  6. Peter, Some great stuff published at those links...it is just what I am looking for! Do you have those associated task sequences published anywhere? I am especially interested to see how you are setting the architecture. Any help is greatly appreciated!
  7. BUMP That attached TS works great for 32 bit to 32 bit.....but for 32 to 64 bit it fails. I bet there is only some small change that needs to be made but I cannot find it. Any assistance would be greatly appreciated!
  8. AnyWeb, Thanks for all of your great work here! I have been using this Printers.xml with great success in the offline migration scenario. I have one problem, when the migration is done, the network printers are imported and they can be printed to; you cannot select a default printer, however. This is fixed by adding the "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Device" in regedit, doesn't matter what I set it to, just adding and re-booting fixes it. What baffles me that info should be there! Given your key below: <pattern type="Registry">HKCU\software\microsoft\windows NT\currentVersion\Windows\* [*]</pattern> Any advice or recommendations would be great!
  9. This post/process rocks! I love the offline migration! I have several computers that the SCCM client was jacked up on, they would not take the advertisement so I PXE booted them and whalah! I added the printers.xml file to my package and it migrated mapped network drives, networked printers….man I am one happy camper!!!!! Once question, should the c:\USMToffline directory still exist after a successful migration? Or should it be deleted at the end? The reason I ask is mine is still present but I don’t know if I was doing something wrong? Thanks for this post, it was a lifesaver! Now if anyone can find an actual way for 802.1x to work with OSD/PXE I will be sending them my first born!
  10. You can try this fix, reduce the cache size. Open regedit and navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\SMS\PXE (or for 64-bit OS, head to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\SMS\PXE). Modify the CacheExpire DWORD and set it to a lower value, in my case I set it to decimal value of 1, meaning that cache will only last for 1 second. Restart the WDS service. Further info here – http://support.microsoft.com/kb/2019640
  11. Ok, so we built 3 new machine associations using MAC and computer name and then made direct membership to a collection. Tried to PXE them and they gave the error "SMS PXE Service Point Encountered an Unknown Device" I stopped and then started the WDS service on my PXE point and then immediately all three machines started working! Thanks for any guidance you can provide from here. -----UPDATE------- To fix this, reduce the WDS cache size. Open regedit on the WDS server and navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\SMS\PXE (or for 64-bit OS, head to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\SMS\PXE). Modify the CacheExpire DWORD and set it to a lower value, in my case I set it to decimal value of 1, meaning that cache will only last for 1 second. Restart the WDS service. Further info here – http://support.microsoft.com/kb/2019640 Kudos to Anyweb for the tip that led me in that direction!
  12. Anyweb, Thanks for all of the great advice you have given here, you have done a lot of work and I, as many others are very appreciative. I will let you know as soon as I test the “restart WDS” theory; I do not have a machine acting up right now. What would be the solution if that is it? I mean we will be imaging 20~50 computers a day at various buildings on our CAN once we are 100%, this is the last hurdle, so monitoring that and restarting that service would not be a palatable option. As for the unknown computer support, we are a large organization with dedicated IAO (Information Assurance Office) who decided that unknown computer support sounds scary and dangerous. (Even given the password that can be used) This is not that big of a deal because I build the association in SCCM, that way I don’t have to provide a computer name (It pulls the one I give it when I build the association) and then it uses that name when it joins the domain (Again here, I have to pre-populate AD with the computer object as no computers can join our domain unless the object already exists) Ahh, the many many hoops of IT. Thanks again!
  13. The above fix works for me most of the time; however, sometimes I build a manual machine association using the MAC address because it is a “New” machine. I add them to the “All Systems” collection first and then do a “Direct Membership” (as illustrated above) using MAC or the name I gave it when I created it. The machine shows up in the collection after refreshing/updating membership. Sometimes these pick right up and get the advertisement; other times it takes an hour for them to be recognized. When I look at the PXE service point log it says “The SMS PXS Service Point encountered and unknown device. Device MAC Address: xx:xx:xx:xx:xx:xx SMBIOS GUID: <long number/letter combo>.” Because I do not (cannot due to security) have unknown computer support turned on the machine skips over the PXE process and boots normally. Sometime later and with no other changes it picks up the advertisement and does OSD great. Any ideas?
×
×
  • Create New...