29 July 2014

POSH script to return compliancy based on collection in SCCM 2012 R2

For our Operations department, I have created a script that returns LastReboot, RebootPending and Compliancy for servers in a collection.





You execute the script with collection id as input. Output can be formatted by powershell:


PS> .\SUcompl.ps1 | Format-Table -AutoSize


ie:
d:\SCCM_scripts\SUcompl.ps1 MDT000B1 | FT -AutoSize d:\SCCM_scripts\SUcompl.ps1 MDT000B1 | sort-object -property RebootPending | FT -AutoSize d:\SCCM_scripts\SUcompl.ps1 MDT000B1 | Export-Csv report.csv -NoTypeInformation

here is the script:

<#
.SYNOPSIS
Gets the pending reboot status on computers in a sccm 2012 collection.

.DESCRIPTION
Based on a sccm 2012 collection id, pending reboot status is returned for each member in the collection.

.PARAMETER sccm collection id
The sccm 2012 Collection ID.

.EXAMPLE
PS \SUcompl.ps1 | Format-Table -AutoSize

d:\SCCM_scripts\SUcompl.ps1 MDT000B1 | FT -AutoSize
d:\SCCM_scripts\SUcompl.ps1 MDT000B1 | sort-object -property RebootPending | FT -AutoSize
d:\SCCM_scripts\SUcompl.ps1 MDT000B1 | Export-Csv report.csv -NoTypeInformation

.NOTES
Author: Bill Bjerrum
Email: billbjerrum@gmail.com
Date: 28-07-2014
Ver.: 1.00
#>
#Set required Input Parameters
Param(
[string]$CollID
)
If($CollID){}
else{
Write-Host"Required Input is missing! Collection ID."
exit
}

#Import ConfigMgr PS Module
Import-Module $env:SMS_ADMIN_UI_PATH.Replace("\bin\i386","\bin\configurationmanager.psd1"

#Get the CMSITE SiteCode
$SiteCode = Get-PSDrive -PSProvider CMSITE
Push-Location $SiteCode":"

$ComputerList = Get-CMDevice -CollectionId $CollID | Select -Property Name,ClientType

ForEach ($Computer In $ComputerList){
if ($Computer.ClientType -eq 1) {
$CBSRebootPend = $null
$PendFileRename,$Pending,$SCCM = $false,$false,$false
$WMI_OS = Get-WmiObject Win32_OperatingSystem -ComputerName $Computer.Name
$LastReboot=$WMI_OS.ConvertToDateTime($WMI_OS.lastbootuptime)

# Making registry connection to the local/remote computer
$RegCon = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey([Microsoft.Win32.RegistryHive]"LocalMachine",$Computer.Name)
# If Vista/2008 & Above query the CBS Reg Key
If ($WMI_OS.BuildNumber -ge 6001) {
$RegSubKeysCBS = $RegCon.OpenSubKey("SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\").GetSubKeyNames()
$CBSRebootPend = $RegSubKeysCBS -contains "RebootPending"
}

# Query WUAU from the registry
$RegWUAU = $RegCon.OpenSubKey("SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\")
$RegWUAURebootReq = $RegWUAU.GetSubKeyNames()
$WUAURebootReq = $RegWUAURebootReq -contains "RebootRequired"

# Query PendingFileRenameOperations from the registry
$RegSubKeySM = $RegCon.OpenSubKey("SYSTEM\CurrentControlSet\Control\Session Manager\")
$RegValuePFRO = $RegSubKeySM.GetValue("PendingFileRenameOperations",$null)

# Closing registry connection
$RegCon.Close()

#If PendingFileRenameOperations has a value set $RegValuePFRO variable to $true
If ($RegValuePFRO) {
$PendFileRename = $true
}

$CCMClientSDK = $null
$CCMSplat = @{
NameSpace='ROOT\ccm\ClientSDK'
Class='CCM_ClientUtilities'
Name='DetermineIfRebootPending'
ComputerName=$Computer.Name
ErrorAction='SilentlyContinue' }
$CCMClientSDK = Invoke-WmiMethod @CCMSplat
If ($CCMClientSDK) {
If ($CCMClientSDK.ReturnValue -ne 0) {
Write-Warning "Error: DetermineIfRebootPending returned error code $($CCMClientSDK.ReturnValue)"
}

If ($CCMClientSDK.IsHardRebootPending -or $CCMClientSDK.RebootPending) {
$SCCM = $true
}
}
Else {
$SCCM = $null
}

# If any of the variables are true, set $Pending variable to $true
If ($CBSRebootPend -or $WUAURebootReq -or $SCCM -or $PendFileRename) {
$Pending = $true
}

$UpdateAssigment = Get-WmiObject -Query "Select * from CCM_AssignmentCompliance" -Namespace root\ccm\SoftwareUpdates\DeploymentAgent -ComputerName $Computer.Name
If($UpdateAssigment) {
$IsCompliant = $true
$MDTCompliant = $true
$UpdateAssigment | ForEach-Object{
if($_.IsCompliant -eq $false){$MDTCompliant = $false}
}
}

# Creating Custom PSObject and Select-Object Splat
$SelectSplat = @{
Property=('Computer','OperatingSystem','LastReboot','RebootPending','Compliant')
}
New-Object -TypeName PSObject -Property @{
Computer=$WMI_OS.CSName
OperatingSystem=$WMI_OS.Caption
LastReboot=$LastReboot
RebootPending=$Pending
Compliant=$MDTCompliant
} | Select-Object @SelectSplat

#Write-Host $Computer.Name, $WMI_OS.Caption, $LastReboot, $Pending
}

}
Pop-Location


Posted by at No comments:
Labels: , , , , , ,

17 January 2014

The Browser war


Posted by at No comments:

16 April 2013

SCCM 2012 SP1, adding additional SUP

From SCCM 2012 SP1 it is possible to add additional SUPs, ie. as failover.

I have a Standalone Primary Site server with co-existing sql server - all 2012 versions.
On the PS server I have installed almost all SCCM roles.
I now want to have failover SUP, installed on one of my DPs.

This is how I did it:

First, make sure that the SUP on the PS is working.
On the DP, add the "Windows Server Update Services" role.
As options, select "WID Database" and "WSUS Services".

When installation has finished, go to the SCCM console, and select "Add Site System Roles" for the DP.
Select "Software update point".
Configure WSUS for ports 8530 and 8531

Then just wait....
and suudenly, in Monitoring > Software Update Synchronization Status,
you will find your additional SUP listed, with the PS as Synchronization Source and Synchronization Status = Completed with Last Synchronization Error Code = 0X00000000
Posted by at No comments:
Labels: , , , , ,

25 March 2013

Part IV: Installing WSUS

Installing the WSUS is very simpel.
Go to Server Manger,
Select Manage, Add Roles and Features
In Roles, select Windows Server Update Services
and configure this to use the local SQL Server (not Windows Internal Database)
and store update locally.


Posted by at No comments:
Labels: , ,

Part III: Installing the Site Database

We have decided to install the Site Database on the Site Server.
This will reduce the number of devices that can be managed by the system, but in my estimate, this should be sufficient.

The installation of the SQL server is fairly simpel.
I install the program to c:\program files and changes the database files and log files to dedicated drives.
For SCCM it is only needed to install:
- Database Engine Service
- SQL Server Reporting Services
- Management Tools
A very important thing to remember: Install with the correct collation -  SQL_Latin1_General_CP1_CI_AS

I will use a domain account to run the services..
- then we shall remember SetSPN
- - setspn –A MSSQLSvc/SQL Sever netBIOS name:1433 domain\account
- - setspn -A MSSQLSvc/SQL Sever FQDN:1433 domain\account
-- you can verify by: setspn -L domain\account

SQL Server memory will have to be configured.
-- min 8GB for the SQL server
-- max (leave at least 4 GB for OS and applications)

Remember to configure the Firewall to allow traffic on TCP 1433 and TCP 4022 (this is for SQL replication)

Additional task:
Since the box has 16 cores, after installation of SCCM I will configure 16 database files for th CM database.

But now I will be ready to install WSUS.
Posted by at No comments:
Labels: , ,

Part II: Preparing the OS on the Stand-alone Primary Site Server

Well... this Server 2012... wonder if I'll ever get used to it !?

First, the usually server installation and configuration (IP, Timezone, locales, domain ao).
We use a proxy (I'll bet this will bring a lot of joy....) so I have to configure this as well.
As we don't have Proxycfg anymore, we will have to use NetSH
(Netsh -u proxy-server:port)

To add the required roles and features, I uses PowerShell.
Open a PowerShell prompt (as Administrator) and type:
Add-WindowsFeature Web-Windows-Auth,Web-ISAPI-Ext,Web-Metabase,Web-WMI,BITS,RDC,NET-Framework-Features,Web-Asp-Net,Web-Asp-Net45,NET-HTTP-Activation,NET-Non-HTTP-Activ,Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web-Http-Redirect,Web-App-Dev,Web-Net-Ext,Web-Net-Ext45,Web-ISAPI-Filter,Web-Health,Web-Http-Logging,Web-Log-Libraries,Web-Request-Monitor,Web-HTTP-Tracing,Web-Security,Web-Filtering,Web-Performance,Web-Stat-Compression,Web-Mgmt-Console,Web-Scripting-Tools,Web-Mgmt-Compat -Restart

 (if you get amn error, this could be because there are no internet connection when installing .NET3.5.
Then install .NET3.5 through the Server Manager, but point to your installation media)

After installing these roles/features, you must register ASP.NET with IIS.  The simplest way is to open an elevated command prompt: C:\Windows\Microsoft.NET\Framework64\v4.0.30319>aspnet_regiis.exe –r

Next, you will install "Windows Assessment and Deployment Kit (ADK) for Windows 8"


Select the following Features:
  • Deployment Tools
  • Windows PE
  • USMT



Then we are ready for installing the SQL server.
(some would install wsus now, using the WID (Windows Internal Database), but I prefer to use the SQL server for WSUS as well)
Posted by at No comments:
Labels: , ,

Part I: Our SCCM 2012 environment

We have decided that we will build our SCCM 2012 on newest environment / versions, so
the (stand-alone) primary site server will be configured with:

Operating System:   Windows Server 2012, Std edt
SQL server: Microsoft SQL Server 2012 Std edt, SP1
and SCCM 2012, SP1 (and with the newly released CU1)

The two distribution points in the datacenter will also be installed on Server 2012.
Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)