Disclaimer
The opinions expressed herein are my own personal opinions and do not represent anyone else's view in any way, including those of my employer.
© Copyright 2009
The opinions expressed herein are my own personal opinions and do not represent anyone else's view in any way, including those of my employer.
© Copyright 2009
ConfigMgr SP2 beta is now publicly available for download.
They have added support for the following operating systems:
Also part of SP2 is more support for x64 including
Other changes include
The download is available on Connect.
Regards,
Anthony
Anthony Clendenen | Solutions Engineer | 1E
Microsoft MVP System Center Configuration Manager
© Anthony Clendenen
MMS 2009 – Live Keynote Webcasts
This year the MMS 2009 Keynotes on Tuesday and Wednesday are being webcast live on the Internet. The keynotes may be viewed live at 8:30am PDT each day via this page: IT Infrastructure Software Spotlight.
|
The Dynamic Datacenter Managing Clients in a User-Centered World |
These presentations may also be viewed offline at a later time via the same page.
Regards,
Anthony
Anthony Clendenen | Solutions Engineer | 1E
Microsoft MVP System Center Configuration Manager
© Anthony Clendenen
backgammon free casino money free craps game play free black jack craps video poker strategy play black jack online how to win video poker casino game online uk best casino online casino secure online gambling jackpot casino online casino black jack learn to play craps how to win at video poker craps online blackjack casino game online casino betting free on line video poker casino games no download casino online gambling casino play free casino slots video poker machine bonus video poker free on line slots double bonus video poker free video poker games free casinos roulette online craps rules free on line casino rules of craps online casino free money blackjack 21 internet casino how to play craps free casino game download fortunelounge online casino free casino download free casino card game free roulette game free casino play no deposit free money casino internet casino online
1E released a new white paper written by Ian Godfrey last week entitled Remote Management of BIOS Configuration, which is centered around configuring Wake-on-LAN but the concepts and tools can be used to manipulate other BIOS settings as well.
This paper covers a number of different hardware vendors and how to remotely configure the BIOS, something that is not standard across the hardware vendors. It includes links to different tools, ConfigMgr integration, scripts, tips, troubleshooting, and a very in depth explanation of WOL. If you are having trouble getting some computers to wake up when they are sent a magic packet or you need to learn how to remote administer the BIOS without touching each computer this is a must read.
Regards,
Anthony
Anthony Clendenen | Solutions Engineer | 1E
Microsoft MVP System Center Configuration Manager
© Anthony Clendenen
1E released a new white paper written by Ian Godfrey last week entitled Remote Management of BIOS Configuration, which is centered around configuring Wake-on-LAN but the concepts and tools can be used to manipulate other BIOS settings as well.
This paper covers a number of different hardware vendors and how to remotely configure the BIOS, something that is not standard across the hardware vendors. It includes links to different tools, ConfigMgr integration, scripts, tips, troubleshooting, and a very in depth explanation of WOL. If you are having trouble getting some computers to wake up when they are sent a magic packet or you need to learn how to remote administer the BIOS without touching each computer this is a must read.
Regards,
Anthony
Anthony Clendenen | Solutions Engineer | 1E
Microsoft MVP System Center Configuration Manager
© Anthony Clendenen
In my post regarding what’s new in NightWatchman 5.5 I talked about the new NightWatchman Console. I want to cover the security aspect of the console in this post to show some of the flexibility of the console as well as explain how to set the proper security.
In the NightWatchman Console the last tab on the right is Security, this is to manage the security of the console specifically, not the NightWatchman clients, but which users and groups have what rights in the console.
If you click on the Security tab it shows you the Users and Groups section by default this includes the user or group you specified during the setup who was the Administrator. This user or group has full rights in the console which is the Systems Administrator role.
If you now click on the Roles tab next to the Users and Groups tab in this section you get a view of the roles and their rights. From this view you have the options to add a new role and set or modify the permissions of a role. As you can see the Systems Administrator role cannot be modified so that you don’t lock yourself out of the console completely.
If we add a new role we can then modify the permissions that the users who are assigned that role get when then open the NightWatchman Console. What I am going to do is add a role for the IT group that manages the retails department. I want this group to only be able to view and modify the power scheme and shutdown schedules for their particular department, preventing them from making changes to the settings for all other groups.
I do this by first clicking the Add button while still in the Roles tab. This opens a dialog box asking me for the name and a description of the role.
Notice that in the fields that are required to be filled out there is a stop symbol because I have not filled out the name filed. This also occurs in other fields in the console, say for instance you try to put in an invalid time in the scheduled shutdown’s time field you will get the same results and won’t be able to save your changes until it is filled out correctly.
I have filled out the name field and description and then clicked OK to create a group called Retail Admins. And it now shows up in the list of Roles in the console.
When I highlight this role I can see that there are no rights assigned to this role, not even the ability to launch the console, this is of course by design. Keeping in mind what my goal is for this group, I am going to assign it the following rights:
| Launch Console | Yes | |
| Location Groups | View | |
| Organization groups | View | |
| Power Schemes | View | Add |
| Power Policies | View | Add |
It is important to understand the difference between View and View All when assigning roles rights. Since my plan is to only allow this role to view their group of clients I selected View and not View All as this would allow them to see all the groups in the console.
Notice if you do not click the Apply button and navigate away your changes will be discarded.
Here is what my Roles tab now looks like with the Retail Admins group selected.
Next I need to assign this role to a user or group of users. If I click on the Users and Groups tab at the top it switches me back to the users and groups view where I can add a new user or group. You can do this by clicking on the Add button and it will open the AD users and groups dialog where you can input the name of the user or group. I am going to use a single user in this example but I could have just as easily added a group. Now that I have a new user listed to the right I see a list of all possible roles that I can assign that user to. The roles the user has assigned to them is indicated by a stop symbol or a checkmark if they are assigned that role. By default a new user or group is not assigned any roles. I am going to assign the new user (Anthony) the role of Retail Admins and then the role has a checkmark next to it to indicate that it has been assigned that role.
If I click on the details link next to the role it tells me exactly what rights that role has so that I don’t have to switch back to the roles tab to determine if it has the correct rights before I assign it to a user or group.
Next I need to assign my user to my group of clients. To do this switch back to the NightWatchman Clients view by clicking on the tab in the top left corner of the console.
In this view you can see the NightWatchman clients in their groups, either by organizationally or by geographic locations since we are picking on the Accounting department we are interested in the organizational grouping. If you don’t have a group you can create one from this view as well by just right clicking on the parent group and selecting Add Group. Always keep in mind that the NightWatchman clients are assigned to the lowest tier in the grouping and there must be five levels starting from the highest level, in my example I am going to use the Auditors group and here is my hierarchy in the console.
If you right click on the Auditors group then select Properties from the context menu. When the properties window is displayed click on the Security tab and from the list of users and groups you will see that the users and groups that have the Systems Administrator role show up with the right already assigned to this group but any other group or user does not yet have rights. To assign a user or group the ability to view this group simply click on them and they will then have a checkmark next to their name.
In this example I have added a group and a new user to demonstrate this and to show you can use groups as well. Daniel has been assigned the Retail Admin rights but he doesn’t yet have those rights on this group. Once I click on him he will then have the assigned rights we gave the Retail Admins group to this group of clients. And that is all there is to it. Once you click the OK button the user will have the rights to view this group, but this group only. If you click on the Finance group or any group higher up in the hierarchy and the open the groups properties page on the security tab you will see that any user or group other than those assigned the Systems Administrator role do not have rights to view this group. You could assign a user or group rights at this level and the lower tier groups under it would also inherit those rights.
As always if you have any questions or comments feel free to contact me.
Regards,
Anthony
Anthony Clendenen | Solutions Engineer | 1E
Microsoft MVP System Center Configuration Manager
© Anthony Clendenen
Right before Christmas 1E released not only the free tool Service Window that I mentioned in my last post but also new versions of NightWatchman now version 5.5, 1E WakeUp version 5.5, Nomad Enterprise 3.2 and our first version of the NightWatchman console. Over the last 18 months I had been working with AT&T® to prove out the 1E Power and Patch Management Pack, which is a combination of 1E WakeUp and NightWatchman. July 31st the deal with AT&T closed and in late October we did a joint press release with AT&T about the savings. In the end they are going to save about $1 million a month or $60 million dollars over 5 years, and those are pretty modest figures, and I know they are because I actually wrote the report for them based on the pilot data from their AFR server. They are also going to save 135 million kWh’s of electricity each year while eliminating 124,000 tons of CO2 emissions. It was a great project and now one of our consultants Richard Fellows has been working with them on the implementation across their 310,000 PC’s. As is usually the case our customers dictate the new features included in our products and I all of the Solution Engineers at 1E are also now aligned with a single product so we are involved in the entire development cycle, at least as much as we can since we travel a fair amount of time. But NightWatchman 5.5 is the product I typically spend the most time with also the reporting server as well AFR.
Here is a short list of the new features in version 5.5 of NightWatchman and I will explain most them in more depth below as well as how to configure and use them.
I will start with the Keep Active feature, it is probably the easiest of the new features to explain. This is an option that allows the user to decide if they want to keep their PC from being put into a low power state. This includes a scheduled shutdown as well as the power scheme settings so the computer will not go into any low power states during the Keep Active period. This is not something you would like your employees to use every day because they could defeat the energy savings program for their computer. There is going to be some changes in the next version of NightWatchman about how much control you turn back over to the employee.
One example of how someone might use this feature is let’s say Paul Thomsen and I are working late in his office in Redmond and we want to run some automated tests on some of his lab computers but we also don’t want the machines to go into a low power state or shutdown at the scheduled time of 7 PM because we need these tests to complete while we are eating at Azteca we are not sure how long we are going to be over there so we set Keep Active on the lab computers to 2 hours. That gives us a little time to walk over there eat and get back without our tests being interrupted by the computers going into a low power state from the power scheme settings or the scheduled shutdown time.
They do this simply by right clicking on the NightWatchman icon in the system tray and selecting “Keep Active”.
Then after they click Keep Active from the context menu it will open a dialog box with a drop down box allowing them to select the amount of time they want to set their computer to keep active. During the Keep Active period the NightWatchman tray icon also changes so the user can turn it back off if they want to.
Maintenance windows and alarm clocks have some similarity to them. They are both a scheduled wakeup for the NightWatchman client but the alarm clock function is for end users and maintenance windows are for administrators. The end result is the same for both however, to schedule the computer to come out of a low power state at a certain time on a specific day.
For the Alarm Clock feature this can be used by the employee to schedule when their computer is going to be turned on in the morning so that all (startup) group policies have run or if there are things that happen to the computer that make the boot time in double digits. Since you can configure the time and for each day if the employee only works 4 – 10’s, then they could schedule their computer to only come on 10 minutes before their start time on those four days of the week so it doesn’t come on the other three days of the week.
The Maintenance Window feature is for the IT staff to be able to schedule a computer or group of computer, to come out a low power state at a scheduled time and then after a your maintenance is completed return the computer back to the low power state it was in for the remainder of the night or weekend. This is useful for things that you need to do outside of ConfigMgr, say anti-virus scans or updates.
The Alarm Clock settings are configured in the NightWatchman console (which I cover below), the Maintenance Window settings are also configured in the NightWatchman console.
You can see this tab is displaying the Maintenance Window, one option is to turn the monitor on when the computer is brought out a low power state for the Maintenance Window. Usually you would want the monitor to stay off assuming that you schedule your Maintenance Windows for off hours. As you can see you can schedule or not schedule the Maintenance Window start time for each day separately, how long the computer will remain on, essentially setting the duration of the Maintenance Window. And then at the end of the Maintenance Window what low power state do you want the computer to go into. In this first version the low power options are standby and hibernate, off will be coming soon.
Now you can see that I have scheduled a window for Monday, Wednesday and Friday, they are for different durations and Friday I want the system to go back to hibernate.
The NightWatchman console is a server side console to configure the NightWatchman clients. You can group clients based on business unit and based on physical locations. For example, what state they are in and what department they are in. This helps with the reporting portion. Also as I covered above the Alarm Clock and Maintenance Window settings are configured in the console. But also the scheduled shutdown times and power scheme policies for the clients, which goes back to the grouping again.
As you can see from these two images which are the power scheme settings (top) and power policies (bottom) there are a number of settings that you can configure along with each of these. Traditionally this would have been done with ConfigMgr or group policy but with the NightWatchman console we add another option for administrators to configure the client settings.
The NightWatchman console is targeted at customers who either do not have ConfigMgr or SMS but still need the Wake-on-LAN functionality of 1E WakeUp and for customers that have different groups that will manage NightWatchman and ConfigMgr.
Configuring the NightWatchman console is more about configuring the clients although there is a Security tab that will allow you to control which users and groups get to see or configure all the settings in the console.
Lets start with an overall of the console.
On the left of the console are the tabs NightWatchman Clients, Power Schemes, Power Policies, Power Consumption and Security.
The last two tabs are Power Consumption and Security. The Power Consumption tab is used to configure what power figures are used by the different clients in the various states to ensure accurate power, carbon and costs are used in the reports. This is a very important feature as the various hardware vendors and models use dramatically different amounts of power in all the different power states. Not having this feature would be like assuming an 8 year old 21” CRT used the same amount of power as my daughters LCD on her Dell Mini. And trying to figure power costs, consumption and CO2 emissions without these numbers is just a guess – at best. On the Security tab you configure the security settings for the console, allowing users and groups different levels of rights on all the tabs and their settings.
I will save the last two new features for a future post, this one turned out to be much longer that I anticipated.
As always if you have any questions or comments let me know!
Regards,
Anthony
Anthony Clendenen | Solutions Engineer | 1E
Microsoft MVP System Center Configuration Manager
© Anthony Clendenen
Right before Christmas 1E released its first free tool for ConfigMgr admins in a while called Service Window. This tool will allow you to edit, delete, add and view maintenance windows for ConfigMgr clients. You can run the app on the client machine or by specifying the remote computer you want to examine.
Here is the app running on my laptop where you can see there are currently no Maintenance Windows defined, so essentially my laptop will run an mandatory advertisement or task sequence at any time.
If I want to add a new maintenance window I click the button with the “+” key on it. 
This opens another window to configure and set the maintenance window.
As you can see I can define the start and stop time of the maintenance window, the date it begins, if it reoccurs, what type of reoccurrence, and on which day it reoccurs. There is also a checkbox at the bottom of the window that allows you specify that the maintenance window only applies to an OSD task sequence.
I am going to use the defaults just to create the window. If you are following along you should be back in the main window with the new maintenance window defined like this.
If I select the maintenance window I get the two other options to view the selected maintenance window and edit it, and also the delete button which will delete the maintenance window selected.
At the bottom of the main window is also a view button that will open a window that displays the maintenance windows in a graphical format such as below.
You can switch the view to show a week at a time or just today as well.
One of the best options is the ability to delete a maintenance window, if you are testing a client this tool makes testing maintenance windows easy and extremely quick, you do not have to wait for you clients to get the policy to define, modify, add or delete a maintenance window.
1E has plans to develop a number of free tools for ConfigMgr moving forward, if you have any ideas for tools or have any feedback on this one send me an email.
Regards,
Anthony
Anthony Clendenen | Solutions Engineer | 1E
Microsoft MVP System Center Configuration Manager
© Anthony Clendenen
I got a really good question today on maintenance windows and patching and how they can or cannot work together. Specifically if you had a maintenance window defined, but told the patches to install ignoring the maintenance window but suppress the reboots until the maintenance window will it install the updates and hold off on rebooting the clients until the maintenance window?
First let’s go over defining maintenance windows.
Assuming you already have a collection of computers built that you will apply the maintenance window to right click on that collection of computers (never users for maintenance windows).
Select Modify collection settings from the context menu.
On the Maintenance Windows tab click the starburst icon to create a new maintenance window.
Give it a name, and set the reoccurrence pattern, I set mine to daily and left the default time from 1 – 4 AM. Then click OK.
You should now see the maintenance window defined, click OK again and now we have set the maintenance window for these clients from 1 – 4 AM each day, or however you defined yours.
OK now for software updates.
The machine I am going to test on is an XP box that is one of my test machines in my home lab, it has been off for quite some time so it is not fully patched and makes an excellent client.
I have also created a search folder under software updates for critical XP patches in previous testing. This makes deployment much easier and if you don’t use search folders I highly recommended it.
Let’s look at the different settings for this package of XP Critical updates I have defined.
In the Deployment Management folder there is already the XP Critical Updates package, I am going to right click on the package itself and select properties and then look at the Schedule tab. I want to check the bottom box that tells it to ignore the maintenance windows and install as soon as the deadline comes.
And then on the Restart Settings tab, make sure that the checkbox telling ConfigMgr to restart outside of the maintenance window is not checked. I also have the box to suppress reboots on workstations unchecked.
Now I am going to add the new patches to this package by going to my search folder selecting my search for Critical XP Patches, selecting the new patches
and in the Actions pane clicking Download Software Update under the selected items section which start the Download Updates Wizard and I tell it to add these patches to my XP Critical Patches package.
I finish going through the wizard and wait for the patches to download and about a minute later I get a success telling me that the patches have been downloaded and added to my package.
Meanwhile, back at the ranch or on our client, once the client notices that there are patches to be installed and the deadline for install has passed the patches do get installed on the computer. You can completely hide this from the user now, or you can give them a balloon notification and allow them to watch the progress.
If the user does watch the progress, assuming you allowed this through your configuration, they also have the option to reboot now or close the window. If the users selects the close option we see in the %System32%\CCM\logs\RebootCoordinator.log file that our maintenance window is preventing the client from being rebooted until the maintenance window.
I have adjusted the maintenance window settings for this client to put us inside a maintenance window to see if it will actually reboot the computer. And after I force the client to do a policy refresh a couple seconds later up comes the dialog box telling the user they have five minutes before their computer is restarted.
To answer the original question, yes you can use maintenance windows to only delay the reboots and have the patches install ASAP.
Regards,
Anthony
Anthony Clendenen | Solutions Engineer | 1E
Microsoft MVP System Center Configuration Manager
© Anthony Clendenen
Update: Download link
Overview
Configuration Manager 2007 SP1 now offers full support for management with Windows Vista SP1 and Windows Server 2008, integrates customer feedback, feature Integration with Intel vPro Technology and enhances Asset Intelligent features.
- Full Windows Vista SP1 and Windows Server 2008 Support: Deploy and manage Windows Vista SP1 and Windows Server 2008—with full support for the latest Windows platforms, from planning through inventory, to deployment, and into operational scenarios such as software distribution, software update management, desired configuration management, and more.
- AMT Integration: Configuration Manager 2007 SP1 integration with Intel Active Management Technology (AMT) enables hardware-based power control (on/off/restart) and delivers many new remote diagnostic and troubleshooting capabilities. Configuration Manager can now perform scheduled or on-demand power control operations on Intel vPro enabled systems in the enterprise, enabling higher levels of software update compliance as well as increasing application installation and operating system deployment success rates. The new out of band management console provides direct hardware interaction using Windows Remote Management (the Microsoft implementation of WS-MAN). This enables remote boot control, allows forced PXE boot for operating system deployments, remote network boot for customized remote tasks and diagnostics, and direct inspection of hardware inventory and power state—even if the system is powered off.
- Asset Intelligence: Building on the original release within Configuration Manager, this enhancement to the inventory capabilities of Configuration Manager 2007 provides improvements for stronger inventory of hardware, software, and software licenses in use throughout the enterprise. The enhancements made enable administrators to more easily, and more accurately, inventory and manage hardware and software assets as well as view and manage purchased software license information. By providing this essential information, Asset Intelligence makes it easier for administrators and asset managers to more effectively plan for upgrades, migrations, and software license compliance reporting.
Asset Intelligence in Configuration Manager 2007 SP1 adds the following additional functionality over that provided by the Asset Intelligence feature in Configuration Manager 2007:
- The Asset Intelligence feature node has been added to the Configuration Manager console to allow easier Asset Intelligence–related administration tasks and rich reporting capabilities.
- The Asset Intelligence Configuration Manager Console home page has been added to provide at-a-glance feature state status and information.
- The Asset Intelligence catalog has been expanded to contain categorization and identification information of a large catalog of software titles—both Microsoft and 3rd party—as well as the hardware requirement information for many software titles found in today’s IT environments.
- The ability to customize the Asset Intelligence catalog with additional software categorization information and hardware requirements information has been added.
- New reports have been added that enable administrators to generate a total of 70 reports, based on inventoried information, that present data about hardware, software, and license usage.
- General reports are linked to more specific reports and allow IT administrators to query general information or drill down to more detailed levels if required.
- Hardware inventory enhancements have been added to gather information such as processor age, speed, and USB devices in use or when hardware has changed since the last inventory or during a specified period of time.
- Installed software inventory enhancements have been added that gather information about installed software in use in the enterprise.
- These enhancements allow IT organizations to identify and better categorize their software assets.
- Robust reports provide information about types of software in use to help identify redundant software and optimize software support and purchasing.
- Software license management capabilities have been added that allow purchased software license data (both Microsoft and non-Microsoft) to be imported into the Asset Intelligence catalog to enable better license management and reporting.
- Improvements have been made to provide data about utilized Client Access Licenses (Windows Server, and Exchange Server) and computers acting as Key Management Servers for Windows Vista activation.
- The report output format is congruent with Microsoft License Statements facilitating system-wide license tracking and compliance.
Just made public today, it will take a day or so to get the bits available for download.
Regards,
Anthony
Anthony Clendenen | Solutions Engineer | 1E
Microsoft MVP System Center Configuration Manager
© Anthony Clendenen
Now you have the same ability to auto generate scripts for PowerShell that you did with VBS when it comes to WMI.
Overview
A new utility that writes Windows PowerShell scripts that harness the power of WMI (Windows Instrumentation Management) for use in system management and administration. This tool was created by Microsoft consultant and author Ed Wilson.
Windows PowerShell Scriptomatic
Brief Description
Utility that writes WMI scripts for system administration.
Download details: Scriptomatic 2.0
And coming soon is PowerShell v2 with the following new features (so far).
You can get a pre-release copy of v2 here. And Kevin Remde has even more details and links on his blog post regarding the next version of PS
Regards,
Anthony
Anthony Clendenen | Solutions Engineer | 1E
Microsoft MVP System Center Configuration Manager
© Anthony Clendenen
More Options ...
Categories
Tag Cloud
Blog RSS
Comments RSS
Void 
Life « Default
Earth 
Wind 
Water 
Fire Light 
Previous Entries
Last 50 Posts 
Back