:::: MENU ::::
Browsing posts in: SCCM 2012

About SCEP

SCCM and SCEP Agent License are different .so we have to buy additionally if we like to implement SCEP.

Here we have 2 separate behavior based on OS

For Windows 7 Machines:— You will be able to see as SCEP (System Center Endpoint Protection) as separate agent along with SCCM Client. For installing the SCEP.. You don’t required to push any mechanism.. When you install the SCCM Client, SCEP agent will get auto installed ( Of course assuming you have enabled SCEP) ..For Frequent SCEP client upgrade you have to Deploy with normal patching mechanism or S/W

 

For Windows 10:—- You won’t be see separate SCEP agent. In windows 10 you can able to see windows Defender (which is comes default with OS). When you install the SCCM Client SCEP will take your Windows Defender with customized policy. For Frequent SCEP client upgrade you have to Deploy with normal patching mechanism or S/W.

 

As recommends Microsoft, Please create ADR for Definition updates for deploying with Custom policy.


In short below are the step to Upgrade SCCM CB/CBB(1511/1607)

In short below are the step to Upgrade  SCCM CB/CBB(1511/1607)
Upgrade ADK
Upgrade MDT
Backup ConfigMGR DB
Upgrade SCCM 2012(*  version )– >> Confimgr * Version(1511/1607/)
Update Boot Images
Upgrade SQL to 2016
Export SUSDB using WSUSUTIL.EXE
Uninstall WSUS
Uninstall SUP
Upgrade OS to 2016
Fix IIS Issues (if upgrading from 2008 R2 and App Pools are having issues_
Reinstall BITS
Restart Windows Process activation and WWW
Import SUSDB
Reinstall WSUS
Reinstall SUP
Validate Functionality and trobleshoot issues as they come up( Insepct monitoring node and Ensure compnents are Functional and not having issues

Wifi Profile Deploy using SCCM

netsh wlan export profile name=”starbucks” folder=”C:\path\” key=clear

Above command line you have run on a reference machine.You will get the profile XML.
EX:- under C:\Path\Starbucks.XML

Below 2 lines create as a batchfile called “Wifi.cmd”

xcopy starbucks.xml C:\TEMP\ /Q /Y
netsh wlan add profile filename=”C:\TEMP\starbucks.xml”

Create A Folder and paste the “Wifi.cmd” and “Startbucks.XML”

Now create a SCCM package just like normal with startdard program and call Wifi.cmd in command line and distribute to DP’s.Then create the Advertisement and Deploy to Collections.




Use of Detection Method In App Model

Detection methods allow the administrator to check software installs to ensure that the application is not already installed. It can also prevent an install of an application if it conflicts with another application that is already installed.

Usually in our batch file we put the query method to detect the new version or the old version. Here in the App Model we have Detection Method which we can use while creating the package in App-model.

 

Scenario

I want to install Microsoft .Net 4.5 on my machine and it should upgrade if the machine is having any old version of .Net

  • In General tab of the Deployment Type Page Select Script Installer.

Note: For Files like .exe,.vbs,.cmd we have to choose Script Installer.

 

Detection

 

  • In Program Page browse the file with the switches.

Detection.jpg

 

  • In Detection Page Click on Add Clause Button on the right side of the Panel.

Detection2

 

 

Registry

  • For detecting the new version of the application, here we can choose Registry in Setting Type.

DetectionRule

 

  • Expand the Registry and choose the Microsoft .Net 4.5 Product Code and Click on OK.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProductCode

 

detection_reg

reg

 

  • Select the Data Type as String and click OK

Detection Rule

  • Set the below User Experience field and click OK.Detection Rule 2
  • This way we can detect the new version of the application. It will skip to run the package if it is already present in the machine otherwise it will upgrade over the older one.

We have another two methods for detecting the installed application.

 

File System

  • The first method is file system. This method detects whether a file or folder is present on the system. If the file system object is not present, the application is marked as not installed.
  • You can use the “Browse” button to find the file on your computer. This will pull in all relevant information, such as the file version or modified date.

 

Detection Rule 3.jpg

  • One important thing to watch is the “This file or folder is associated with a 32-bit application on 64-bit systems” check box. By default, if you are on a 64-bit system, SCCM will only verify against “C:\Program Files” or “C:\Windows\system32” for files or folders and not “Program Files (x86)” or “SysWOW64”. If the application installs to “C:\ProgramFiles (x86)” or puts something in “C:\Windows\SysWOW64” and you queue off of that file, SCCM will not find it. When the user attempts to run the application, it will install again, possibly corrupting it or making it unusable.

Windows Installer

  • This method is automatically filled in when using an MSI install type. This method detects whether the MSI product code exists on the system. This method should only be used when dealing with an MSI. If you do not use the MSI install type, you can use the “Browse” button and find the MSI installer to automatically pull the product code.

Detection Rule 4

 

  • For products that update, but keep the same product code, you can use the “This MSI product code must exist on the target system and the following condition must be met to indicate the presence of this application” options to specify the version of the MSI.

SCCM 2012 – Glossary

Term Meaning
Collection A set of resources in the Configuration Manager. 
Deployment  An application state associated with the software deployment. 
Distribution point A site system role that contains source files for clients to download including application content, software packages, software updates, operating system images and so on.. 
Distribution point group  A set of distribution points that can be managed as a single unit. It provides a logical grouping of distribution points and collections for content distribution. 
Application  An object that contains the content files and instructions for distributing Deployment types, software updates, operating system images, and drivers to clients of the Configuration Manager. 
Global Condition Global condition is used to specify the conditions that must be met before a deployment type can be installed on a client device.
Deployment Type This program deploys software to a computer system. 
Detection method A detection method in Configuration Manager contains rules that are used to check whether an application is already installed on a device. This detection occurs before the application is installed, immediately after the application is installed, and at regular intervals afterwards. This can prevent Configuration Manager from needlessly reinstalling the application and can also detect if the application is already uninstalled by the user.

SCCM 2012 Client Self healing

https://gallery.technet.microsoft.com/systemcenter/SCCM-2012-Client-Self-50c0cb1a

 

Monitoring Home page in the console will help with 2 things ,Those are “monitor the health and activity of client computers”

However Overall status will be depends on below 2 things

Client Activity : configure thresholds to determine whether a client is active (like DDR,requested policy,Hinv,etc)
Client Check: Self Healing with Task Scheduler

sccm 2012 client self healing in workstation how it works:::

Self healing means auto remediation :

Once SCCM client is installed , It will create a scheduled Task in client side. To check open run and type “taskschd.msc”

Then go to Microsoft : check the Configuration Manager. That is the scheduled task

If you open the  Configuration Manager Task  in Action TAB of Task Scheduler , its calling the “C:\WINDOWS\CCM\ccmeval.exe

Once its executed it will send the report  to SCCM server(MP) “C:\Windows\CCM\start CcmEval.xml”.. To check the log open “C:\Windows\CCM\Logs\CcmEval.log”

If the workstation if it has any issues it will be auto healed . CcmEval.xml it will show up what is the issue and whether it got fixed or not. and CcmEval.log will show up what kind of regular checks it will do

 

EX:– If  CCMexec service is stopped or BITS is disabled ,etc,It will check at the Task Scheduler time and  will be auto re-mediated.You can do a test with stopping the WMI service and execute the C:\WINDOWS\CCM\ccmeval.exe. After some time it will be starts the WMI service

CCMevalreport CCMEval

If it is unable to resolve it will be showing in server side under Monitor-> Client Status :

 

CLient status of a specific machine

 

 

To Exclude/Disable automatic remediation

Open Regedit.

Go to “HKEY_LOCAL_MACHINE\Software\Microsoft\CCM\CcmEval\NotifyOnly”

Make it as “True” – computers will not automatically remediate
Make it as “False”– computers will automatically remediate problems


SCCM 2012 New Features

In two ways we can compare the new features

1. Site Level or Administration or Hierarchy level

2. New added features in support side.

 

Site Level  Changes :

  1. SCCM 2012 Introduced Top level hierarchy called CAS (Central Administration Site ). When we installing the SCCM 2012, We have a separate wizard called CAS exist. Which we don’t have  a wizard in SCCM 2007. We used to assume that First installation site will be Central Site. we cont assign clients to CAS, we cont enable all rolls in CAS
  2. SCCM 2012 supports only side by side Migration
  3. SCCM 2012 supports only horizontal hierarchy level. It wont support unlike SCCM 2007 supports primary can contains child primary sites.
  4. In SCCM 2012 to speed up the replication process in secondary site we need to install SQL server or else it automatically installs SQL Server Express
  5. Few rolls are introduces newly and some or merged with existing roles Like SLP role merged with MP and PXE role merged with DP.we will go in detail after few posts