SCCM Tools : Site Context Menu Tools

In previous posts I discussed the first two sections of my SCCM right click tools: Collection Tools and Systems Tools. The following post is dedicated to right click site tools.

Site right click tools are divided into Two groups:

SCCM Site Logs– Open SCCM Server logs

Open SCCM Server Logs 
Open SCCM Software Update Logs

 

Open SCCM Logs

Use this tool to open SCCM Server logs.

• You can see the selected site server name at the title bar.
• Select a log from the log list (in the select log combo box)
• A short corresponding log description is shown in the description box.
• Click on the 'Open' button to open the log
• The tool uses trace32.exe to view the log content
• Before invoking trace32.exe the tool will check remote connectivity and log availability.

 

SCCM Site Tools – Open folders and configuration files relate to SCCM server management.

Open SCCM Installation Folder 
Open SCCM Inboxes Folder  
Open Inventory SMS DEF (MOF) File
Open Inventory Configuration (MOF) File 

 

Open SCCM Inbox

Use this tool to open SCCM server inbox folders .

• You can see the selected site server name at the title bar.
• Select an inbox from the inbox list (in the select inbox combo box)
• A short corresponding log description is shown in the description box.
• Click on the 'Open' button to open the folder
• Before browsing the selected folder the tool will check remote connectivity and folder existence.
• Check the "Sub Folder" option to include also sub folders in the inbox list

The tools are available from the Site Settings & the Site  System (Server Name), sub trees

INSTALLATION

Extract the downloaded zip file and run the following setup file : 'SCCMSitelToolsSetup.exe'

Click Next

Prerequisites  Page - Please follow the prerequisites and click Next

Select the desired tools groups and click Next

In this screen you can change the default menu titles

Download SCCM Site Tool setup file from HERE

It is highly recommended to test first in a test environment, before deploying in production

SCCM Tools : Client Context Menu Tools

My SCCM right click tool collection (those I collected and those I wrote) were based on VBS,Batch and HTA, so Shay Levy my friend and a PowerShell Guru suggested that I should write a new set of tools based on PowerShell and Windows Forms. I could not say no to such a challenge so I began working on a new project. My right click toolkit is divided to three sections : Site Tools, Collection Tools and Systems Tools. In this post I will discuss the client (system) tools.

Client Tools

Clients tools are divided into six groups:

Client Actions – Remotely initiate actions on SCCM components, currently installed on the remote system.

Hardware Inventory Cycle
Software Inventory Cycle
Discovery Data Collection Cycle
Machine Policy Retrieval & Evaluation Cycle
Windows Installer Source List Update Cycle
Software Updates Scan Cycle
Software Updates Deployment Evaluation Cycle
Branch Distribution Point Maintenance Task
Software Metering Usage Report Cycle
AMT Auto Provisioning Policy
Software File Collection Cycle
SIDMIF file Collection Cycle
User Policy Retrieval & Evaluation Cycle

Client Tools – Tools which help maintain your clients in a specific collection, for example: enables you to add a list of systems to the selected collection.

Open SCCM Client folder 
Open SCCM Client installation folder

Rerun Advertisement 
Restart SMS Agent Host Service
Generate New SCCM GUID
Uninstall SCCM Client

System Tools – Tools that relate to operating system and network maintenance , e.g the ping command - ping all the system in a given collection.

Manage Computer 
Start Event Viewer 
Open Services 
Running Processes 
Ping System 
Wake On LAN 
Computer System Information 
Logon User Info 
Connect to C$ 
Connect to Windows Folder 
Connect to System32 Folder 
RDP to console 

The Wake on LAN Tool is based on the PowerShell Guy script. Follow this check list to enable WOL.

Client Logs – Open SCCM Client logs.

Open SCCM Client log folder 
Open SCCM Client installation log 
Open SCCM Client log 
SCCM Client logs

Client Reports – Quick access to specific computer reports.

Computer Information report 
Client status details 
Software updates compliance
All Advertisement for this computer
Auto start programs on this computer

Advertisements Reports – Quick access to specific advertisement reports

Status of this (selected) advertisement 
Advertisement status chart hourly 
All Advertisements

Client GUI Tools

Some of the above tools have user interface, one click to rule them all

Rerun Advertisement – Rerun already deployed advertisements.

• You can see the selected computer name at the title bar ("MYCOMPUTER")
• Select an Advertisement from the Advertisements list (in the select Advertisement combo box)
• The advertisement name format is as follows : 'Program Name – ProgramID [AdvertisementID]'
• The combo list contains a list of the advertisements which includes assignments
• Click on the 'ReRun' button to rerun the Advertisement

SCCM Client logs – Use this tool to open client logs on a remote computer.

• You can see the selected computer name at the title bar ("MYCOMPUTER")
• Select a log from the log list (in the select log combo box)
• A short corresponding log description is shown in the description box.
• Click on the 'Open' button to open the log
• The tool uses trace32.exe to view the log content
• Before invoking trace32.exe the tool will check remote connectivity and log availability.

 

Running Processes – Helps manage remote computer processes

• You can see the selected computer name at the title bar ("DOLVW7")
• Select a process from the list and click on the 'Information' button to get related info on the web
• Click on the 'Kill' button to terminate the selected process.
• The 'Refresh' button gets the process list from the remote computer (its name is written in the Computer Name box)
•  The setup program creates a link in the programs menu

Computer System Information – Gets System information from remote machine

• You can see the selected computer name at the upper text box ("MYCOMPUTER")
• Click on the Logon User Info tab to get logon user information on the specified computer
• You can specify a different computer name (at the upper text box) and by clicking the 'GetInfo' button get the new computer details
• The setup program creates a link in the programs menu

Logon User Information – Gets logon user information from remote system

• You can see the selected computer name at the upper text box ("MYCOMPUTER")
• You can specify a different computer name (at the upper text box) and by clicking the 'GetInfo' button get the new computer logon user details
• The setup program creates a link in the programs menu

Installation

Extract the downloaded zip file and run the following setup file : 'SCCMClientlToolsSetup.exe'

Click Next

Prerequisites  Page - Please follow the prerequisites and click Next

Select the desired tools groups and click Next

In this screen you can change the default menu titles

Local Account Management PowerShell Module

Microsoft PowerShell version 2 is a powerful tool and has many useful cmdlets, nevertheless the absence of account management cmdlets is eminent. Microsoft has published an Active Directory Module with windows 2008 R2, but you must follow this condition :

 "If you want to use the Active Directory module in Windows 7 to remotely manage an Active Directory domain, an AD LDS instance or configuration set, or an Active Directory Database Mounting Tool instance, you must have at least one Windows Server 2008 R2 domain controller in your domain or at least one instance in an AD LDS configuration set that is running on a Windows Server 2008 R2 server".

Quest ActiveRoles Management Shell for Active Directory  is a very good alternative, easy to use, very powerful, well documented and supports Active directory 2003.

Occasionally I need to administer local accounts on my servers and workstations for instance, change local admin password, add new local admins, create local application users (even though I don't like it very much) , check local groups membership and so on. I thought if Microsoft cannot help I should do it myself and I wrote my own module .

Local Account Management Functions

The Local Account Management Module contains the following functions:

C:\PS> Get-Command –Module LocalAccountManagement

• Get-LocalAccountPolicy - Get Account Policy from a local or remote system.
  • This command uses Administrator account to collect the policy information, you can use an alternate user account by using the UserName switch.  

C:\PS> Get-LocalAccountPolicy –ComputerName MyComputer

• Get-LocalGroupMembers - Get local group members from a local or remote system.
  • Gets the following information: source ComputerName, source GroupName, GroupMember name, UserType (local or domain), ObjectType (User or Group)
  • You can use ActiveRoles Management Shell for Active Directory to get more information about nested groups

C:\PS>  Get-LocalGroupMembers Administrators |Where-Object {$_.ObjectType -eq "group"} | Foreach {Get-QADGroupMember -Identity $_.Identity}

• The command bellow gets MyGroup members, filters users only and format the result as table

C:\PS>  Get-LocalGroupMembers –GroupName MyGroup | Where-Object{$_.ObjectType –eq "User"} | Format-Table 

• Add-LocalGroupMember -  Add local users, domain users and domain groups to local group on local or remote system.
  • You can add the following account types : local user, domain  user and domain group
  • Add local user Admin1,Admin2 to the Administrators local group using the command bellow:

C:\PS> Add-LocalGroupMember –UserName Admin1,Admin2 –GroupName Administrators

• Remove-LocalGroupMember - Remove users and domain groups from local group on local or remote system.

C:\PS> Remove-LocalGroupMember –UserName Admin1,Admin2 –GroupName Administrators

• Get-LocalGroup - Get local group account information from a local or remote system.
  • You can use wildcards to get local groups information
  • Using the following command , You can get from several computers, a list of all their local groups:

  C:\PS>  "Computer1","Computer2",Computer3" | Get-LocalGroup

  OR you can use computer list text file -

  C:\PS>  Get-Content d:\ComputerList.txt | Get-LocalGroup

  • The command bellow gets all the groups which their names start with app, from the local computer and remote computer Dolav-LT

C:\PS>  Get-LocalGroup -GroupName App* -ComputerName Dolav-LT

• Disable-LocalUser - Disable local user account on a local or remote system.

C:\PS>  Disable-LocalUser -UserName Sauron -ComputerName Middle-earth

• Enable-LocalUser – Enable local user account on a local or remote system.
• Get-LocalUser - Get local user account information from a local or remote system.
  • You can use wildcards to get local users information
  • The command provides information such as : UserName, Description, PasswordAge (in Days), password policy, user profile, home directory and more
  • Assuming you want to disable all users named user1 through UserN, you can use the following command:

C:\PS>  Get-LocalUser User* | Disable-LocalUser

• New-LocalGroup -  Create local group account on local or remote system.
• New-LocalUser - Create local user account on local or remote system.
  • At the minimum you need to specify UserName and Password
  • The default value of the user FullName is the UserName
  • For the switches PasswordNeverExpires, CannotChangePassword and MustChangePassword you must set a value of true or false
  • "What you get you can create" : UserName, Description, PasswordAge (in Days), password policy, user profile, home directory and more

C:\PS>  New-LocalUser -UserName MyUser -Password Pass -HomeDirectory c:\MyFolder -MustChangePassword

 

• Remove-LocalGroup - Remove local group account from a local or remote system.
• Remove-LocalUser - Remove Local User account from a local or remote system.
  • To remove User6 and User3 type the following command

C:\PS>  Remove-LocalUser -UserName User4,User3

To avoid confirmation write the following command: Remove-LocalUser -UserName User4,User3 –Confirm:$False

• Rename-LocalGroup - Rename local group account on a local or remote system.
• Rename-LocalUser - Rename local user account from a local or remote system.

C:\PS>  Rename-LocalUser -UserName User2 -NewUserName User4

 

• Set-LocalGroup - Change the local group settings on local or remote system.
• Set-LocalUser - Change the local user account settings on local or remote system.
  • What you get you can set : UserName, Description, PasswordAge (in Days), password policy, user profile, home directory and more
  • For the switches PasswordNeverExpires, CannotChangePassword and MustChangePassword you must set a value of true or false
  • You can also use this command to unlock users

C:\PS>  Set-LocalUser -UserName MyUser –PasswordNeverExpires $true -CannotChangePassword $true

 

 Use "Run as Administrator" to run writeable command (Set,Rename,Remove,Add…) on the local computer

Creating or setting a user based on a CSV file

• Create a CSV file (Save the file as unicode)
• Use parameter names as columns (ComputerName,UserName,FullName, Password, LogoinScript…)

• You must specify ComputerName, UserName and password
• Import the file with Import-Csv and Pipe the output to the desired function

C:\PS>  Import-Csv D:\UserList.Csv | New-LocalUser

 

Function Help

Use get-help to get help on any of the module functions

C:\PS> Get-Help Rename-LocalGroup –Full

How to use

1. Download and run the setup file
2. Load the module – Import-Module LocalAccountManagement

Special Thanks

Special thanks to my reviewer and editor Omer Riff

Free-Tool : Ping-Them 1.5 (new Version)

Ping-them ,originally, was designed to validate computer accounts in Active Directory even though it can be used for testing any given IP Addresses. In this version I added IP Resolving, which enables you not just to ping the target IP , but also to resolve its system name (WINS/DNS). The resolved names will appear under "Ping Results".

A new IP list TAB was added, containing the IP list of all target computers.

Unreachable targets will be marked in red.

You can manipulate the table by :

• Pressing on one of the columns to sort it
• Drag the columns to change their order or size.
• Filter the results using the menu strip (or the context menu) 

• Use the File Menu to save the results to a CSV file

Previous Post - Ping-Them 1.0 

YOU CAN DOWNLOAD PING-THEM 1.5 FROM HERE

How To : Activate computers on a closed network

I believe that someone at Microsoft thought about us when they invented the new license mechanism. KMS, MAK are the new sheriffs in town, guarding the software piracy. 

Key Management Service (KMS) enables organizations to activate computers in a managed environment without connecting to Microsoft individually. Computers running Windows OS/OFFICE (Vista/Server2008/Office2010 and above) activate by connecting to a central Windows computer running the KMS service which connects to Microsoft on their behalf. KMS usage is targeted for managed environments where more than 25 workstations / 5 Server are consistently connected to the organization’s network.

Clients must renew their activation by connecting to the KMS Host at least once every 180 days. Clients not yet activated will attempt to connect with the KMS host every two hours (you can configure this value). Once activated, they will attempt to connect to the KMS host every seven days (configurable too). Clients have a 30-day grace period to complete activation. Clients not activated within this time period will go into Reduced Functionality Mode (RFM).

Download KMS 1.1 to host KMS on Windows Server 2003 (it is already included in windows 2008 and above) and enable activation of Windows Vista and Windows Server 2008. To extend support for KMS to provide activation for Windows 7 and Windows Server 2008 R2 download the following update KB968915

Multiple Activation Key (MAK) can activate a specific number of computers. They are not used to install Windows but rather to activate it after installation. Activation can be performed over the Internet or by telephone. You can check the number of remaining activations from the MVLS Web sites and request additional activations by contacting the Microsoft Activation Call Center.

Learn more on how to troubleshoot Volume Activation error codes on Windows 7, Windows Server 2008 and Windows Vista-based computers

Product key groups .Windows OS (Vista/Server2008 and above) come in a variety of editions. Microsoft wanted to simplify activation for volume Customers so they created product key groups for volume OS editions, but when they first issued this license groups someone forgot to tell us about it  

Closed network

A private/secured/Lab network which cannot access the Internet raises an interesting issue – how to activate computers within this network, when you don't have outbound connections?

The first option is to install the KMS Service and activate it by phone, but you'll need to reactivate every 180 days. In my opinion this method is most suitable for dynamic networks, meaning network with rotation of computers and servers or if you have more then few computers.  

The second method is to activate your MAK by phone, and believe me, you "don't want to try it at home". This is a tedious process especially if you need to activate more then one computer .

The alternative is to use the VAMT (Volume Activation Management Tool). Using VAMT is still a long process, but less painful:

VMAT Installation

• Download VAMT version 2
• Install the tool on a computer in the corporate network, which has an Internet access. (Target Computer).
• Install the tool on a computer inside the closed network (Source Computer).

On the target computer

Adding new MAK

• Open VAMT
• Select 'Product Keys' (on the left pan)
• Write your key and give it a name ('Remark')
• Click on the 'Add Product Key' button

 On a network which is open to the Internet, you can click 'Verify' to validate your key and to check it's 'key group'.

Add computer to the VMAT console

• Click on 'All Products' (on the left pan)
• Select the search method (ex: 'Manually enter name or IP address')
• You can filter the search by computer name
• Click on 'Add Computers' to start the search operation

Update Computer Status

• Select one computer or more
• Right click 'Update Status'
• The results will be shown in the table under 'Status of the last action' column

Install MAK Key

• Select one computer or more
• Right click 'Install Product Key…'
• The results will be shown in the table under 'Status of the last action' column
• The 'Product Key Type' will be change to MAK
• The 'License Status' will remain as 'Out of box grace'

Export Computer Information

• Click on 'All Products' (on the left pan)
• Right click on 'Save List As' CIL file
• Copy the file to your Source Computer

The 'CIL' file is actually an XML File

On the source computer

Import the CIL File

• Open the CIL file in the VAMT console
• You can see your imported computers in the console list

Get Confirmation ID

• Select one computer or more
• Right click 'Activate'
• Select 'Proxy Activate'

• A popup windows will be open , click on 'OK'
• The results will be shown in the table under 'Status of the last action' column – 'Successfully Acquired Confirmation ID…'
• Save the file
• Copy the saved file to the Target Computer'

On the target computer

Activate the target computers

• Open the saved file (from the source computer)
• You can see your computers in the console list
• Select one computer or more
• Right click 'Activate'

• Select 'Apply Confirmation ID…'
• A popup windows will be open , click on 'OK'
• The results will be shown in the table under 'Status of the last action' column – 'Successfully deposited Confirmation ID…'
• The 'License Status' will change to 'Licensed'

Congratulations your are activated !

SCCM Tools : Collection Context Menu Tools

SCCM/SMS has a very nice feature enabling you to extend its context menu. The first extension that I used was 'SMSSEND.VBS' for SMS 2003, it was a very useful toolkit which encouraged me to learn how to add some tools of my own. Since then many more tools were published on the net, a very good tools pack can be downloaded from Rick Houchins Blog.

My SCCM tool collection (those I collected and those I wrote) were based on VBS,Batch and HTA, so Shay Levy my friend and a PowerShell Guru suggested that I should write a new set of tools based on PowerShell and Windows Forms. I could not say no to such a challenge so I began working on my new project. My toolkit is divided to three section : Site Tools, Collection Tools and Systems Tools. In this post I will discuss about the collection tools.

Collection Tools

Collection tools are divided to three groups :

Client Actions – Remotely initiate actions on SCCM components which are currently installed on the remote system.

Hardware Inventory Cycle
Software Inventory Cycle
Discovery Data Collection Cycle
Machine Policy Retrieval & Evaluation Cycle
Windows Installer Source List Update Cycle
Software Updates Scan Cycle
Software Updates Deployment Evaluation Cycle
Branch Distribution Point Maintenance Task
Software Metering Usage Report Cycle
AMT Auto Provisioning Policy
Software File Collection Cycle
SIDMIF file Collection Cycle
User Policy Retrieval & Evaluation Cycle

Client Tools – Tools which help maintain your clients in a specific collection, for example : enables you to add a list of systems to the selected collection.

Rerun Advertisement
Add Systems To Collection
Restart SMS Agent Host Service
Generate New SCCM GUID
Uninstall SCCM Client

System Tools – Tools that relate to operating system and network maintenance , such as ping command - ping all the system in a given collection.

Ping Collection
Wake on LAN

  The Wake on LAN Tool is based on PowerShell GUY script. Follow this check list to enable WOL.

User Interface

All the tools run under the same user interface, which is invoked after right clicking a selected collection and selecting the desired tool :

Collection Name – The name of the selected collection. The tool will run on each computer in this collection

Collection Task – The name of the Task/Tool which will be run against the computer list.

Select Advertisement – Combo box for Advertisement selection. Only Available for "ReRun Advertisement" Task.

 Entry structure - AdvertisementName [AdvertisementID] , where xxx = SiteCode

Computer List – List all collection members (System Names). If "Add Systems To Collection" task is selected the computer list is editable, so you can add your own name list.

Succeed List – All the systems that passed the task with success.

Failed List - All the systems that failed to run the task. 

Action Button – After task completion ,or after pressing the stop button, the action button is enabled, and you can start/resume the task.

There is a delay of few seconds before execution, giving you enough time to cancel the operation

Action Log [Tab] – Display a detailed task operation log.

Status Bar – Displays a brief help for a selected item, and shows short messages during task operation.

Installation

Click Next

Prerequisites  Page - Please follow the prerequisites and click Next

Select the desired tools groups and click Next

In this screen you can change the default menu titles :

 The next version in the oven

Download SCCM Collection Tool setup file from HERE

It is highly recommended to test first in a test environment, before deploying in production

SCCM 2012 Beta 2 changes overview Part 6 – Applications

previous post - SCCM 2012 Beta 2 changes overview Part 5 – Inventory

Application Deployment

A new object was added to the SCCM console , named “Applications”, a very interesting replacement to the old deployment mechanism. The new system offers an alternative way to deploy various applications types (EXE,Script,MSI…). The new Software Catalog, the jewel in the crown, serves as deployment web site and can ease administrator workload – users can do the work themselves.  Nevertheless the old package deployment was not removed and was subject to minor changes in the user interface, I wonder if it will be included in the final release.

Deployment Types

The Deployment Types are the equivalent to "Programs" in the old mechanism. It Supports several types of installations :

Windows Installer  - MSI files

Script Installer – Script an EXE files

Microsoft Application Virtualization

Windows Mobile Cabinet

Nokia SIS/JAR

Deployment ("Advertisement") is applied to Application and not for Deployment Type ("Program")

When the application has more than one Deployment Type, the DT list is prioritized and you can change its order.

The first Deployment Type which satisfies its requirement rules would be deployed. In the example above each deployment type has different OS requirement ('Rules requirement' are discussed later in this post ), so in case the target computer is windows XP client, the second DT will be deployed, the first DT will be deployed to windows 2008 servers and so on.

I'm a bit disappointed  I expected Microsoft to take one more step - I would like to see pre and post actions on a given Deployment Type, such which would make the deployment process much more flexible

Automatic detection

The "Create Application" wizard helps you, methodically,  fill in all the necessary information, even though it is very tedious task, using the Automatic detection saves time and simplifies the process.

While SCCM Manager does the work for you, what really gives me headaches is finding the right installation switches for EXE files , unfortunately Automatic detection is not applicable for EXE and scripts files (something to improve in the next version ).

How to Create Applications in Configuration Manager (Technet Site)

Select the installation file :

and let your SCCM do the walking :

Full lifecycle

The new mechanism provides full lifecycle management for application installation, including application removal settings.

The automatic detection scans the MSI file, discovers the product code and fills in the form for you.

Detection Method

SCCM includes a mechanism to identify applications. Before the installation SCCM checks if the application is already installed on the destination computer. there are 4 types of checks: registry, file system (file path,folder path or object properties) ,MSI Product Code or custom script.

  I do not think this feature should be mandatory

User device affinity

User can be associated with certain equipment and installations:

SCCM will present the logon users list, select the primary user and click on "Add"

Deployments can be distributed to users and not necessarily to devices:

If the user has the right privileges, he can choose whether to install or remove the application.

Choose "Install for user" to make the installation interact with the user desktop

How to Manage User Device Affinity in Configuration Manager

Rules requirement

You can enable application compatibility testing before distributing the application, for example, you can define the following rule - the application will be deployed only if the target computers have internal physical memory of over 1GB.

Application error codes

Management application error codes allow you to determine when to boot, start a full boot or do some other actions.

Global Conditions

You can use the prebuild user and device conditions (at the example above I used "Total physical memory" global condition) or build your own condition.

To see the full Condition list click on "Global Conditions" sub tree

Right click on "Global Conditions" , select "Create Global Condition" and create your own condition. example of windows firewall custom condition :

Use the new global condition to create a requirement rule

Supersedence mechanism

If you want to install a patch or an update for an existing product, it is possible to define rules for upgrading and replacement.

Copy Functionality

Until this version we were unable to duplicate the information of a distribution package (could not copy and paste Packages, Programs, Advertisements ...), for this reason I wrote Free plugin for the SCCM Console. The stunning news is that applications, and deployment types can be duplicated, the menu title name is copy, but it actually duplicates the entry.

Deployment versions

SCCM automatically creates application deployment versions (for every change in deployment settings), which can be manage from the user interface.

Each new change creates a backup of the previous version. You can manage your backups, view previous settings , restore or delete them.

This feature could quickly become quite a nuisance, too.

To delete an application first select retire from the menu then from the version list delete all versions.

Deployments

Deployments are the equivalent of "Advertisement" in the former versions mechanism. They are used to distribute/Advertise applications. Select your Application and right click on deploy

You can choose the type of collection to deploy to (User or Device/Systems)

You can let the user the ability to choose to install/Uninstall (Action : Install/Uninstall) the application or you can decide to install/Uninstall without user intervention (Purpose : Available or Required)

To activate Application request , the option must be selected in the application deployment wizard.

Result summary

Results Summary is shown in the console. You do not need to run a report for this purpose.

Application Catalog

Presents a variety of predefined applications installations, which is available to the user and provides information about them. The user can install the applications which were assigned to him, by himself.

User who wants to install a particular application from the application catalog, but it's not available to him can send software request to the application manager. Once granted, the user can install the application. The catalog also "speaks" the local language; it is very nice, is it not? Admins can use a parallel English catalog.

How to install

• Add WCF feature

• Add the following SCCM Roles : "Application Catalog Web Service Point" and "Application Catalog Site Point" (Servers and Site System Roles –> Select your SCCM server –> Right click on "Add Site System Role")

• The link to the web catalog is : http:\\SCCMServerName/CMSoftwareCatalog
• Create an application and deploy it (right click on the application name and select deploy)

Only users (or users groups) deployments will be shown in the application catalog

Application request

To request an application click on 'request' button

To activate Application request , the option must be selected in the application deployment wizard.

Supply a reason for your application request and click on 'Submit'  button

 

Wait for a few seconds until the "view my requests" appears

 

The request will be shown under 'My Software Requests'

 

The Administrator can see the pending requests in his SCCM Console, then he can decide how to respond to the user request

 

Now the user can see the the administrators answer and click on the install button in the "Software Catalog" page.

Microsoft How to

Operations and Maintenance for Application Management in Configuration Manager

PowerShell : AT Commands Module

AT Command is an old DOS external command (not included in command.com) which enables users to schedule tasks on local/remote computer. You can use the AT command to schedule a command, a script, or a program to run at a specified date and time. You can also use this command to view existing scheduled tasks (Only AT Tasks).

Differences between OS versions

• Task scheduler in Vista and above needs to be refreshed in order to display new tasks, whereas in windows XP the refresh is automatically
• In Vista and above tasks are not deleted after expiration
• Dated tasks, in Vista and above Runs Repeatedly. Task in Windows XP can set to run once in a specific date.
• In Vista and above Tasks cannot run Interactively,I suppose Microsoft excluded this option for security reasons.

Prerequisites

To use AT Command, the Task Scheduler service must be running. and you must be logged on as a member of the local Administrators group (on local and remote machine)

PowerShell Module PowerShell version 2 doesn't include scheduled task cmdlets, so I wrote my own module which includes three advanced functions: New-AtTask, Get-AtTask and Remove-AtTask.

PowerShell version 3 includes many new and improved cmdlets, among them 'Scheduled Job' and 'Scheduled task' modules (Supported Operating Systems: Windows 7 Service Pack 1, Windows Server 2008 R2 SP1). You can download PowerShell version 3 CTP1 from HERE .

New-AtTask

Enables an administrator to create scheduled AT tasks on a local or remote system.

Tasks can be configured to run at a specific date or time, and can be specified to run repeatedly. You can schedule a task to run at selected days of the week or month.

If the InteractWithDesktop switch is specified, the job would be interactive (only on XP and lower versions).

C:\PS> Get-help New-ATTask –Full 

Gets cmdlet full help

 

C:\PS> New-ATTask -Command "ipconfig /flushdns" -Time 11:40
    
Create a new AT Task on Remote computer, to flush dns cache at 11:40, Run only once

C:\PS> New-ATTask –Command "Cmd /c GPUpdate.exe" -Time 11:50 -ComputerName server1,server2,server3 -DayOfWeek Sunday,Thursday –RunRepeatedly

- OR-

C:\PS> "server1","server2","server3" | New-ATTask –Command "Cmd /c GPUpdate.exe" -Time 11:50 -DayOfWeek Sunday,Thursday –RunRepeatedly

Create new AT Task on server1,server2 and server3, to run GPUpdate at 11:50 next Sunday & next Thursday, every week

C:\PS> Get-Content d:\Computers.txt | Get-ATTask

Read computer list from Computers.txt file and Get AT Task list from each of them

 

Get-AtTask

Enables an administrator to get scheduled AT tasks from a local or remote systems.

C:\PS> Get-help Get-ATTask –Full 

Gets CmdLet full help

C:\PS> Get-ATTask

Get AT Task list from local computer (only AT tasks).

 

C:\PS> "Server1","Server2" | Get-ATTask | Format-Table

-OR-

C:\PS> Get-ATTask –ComputerName Server1,Server2 | Format-Table

 

Remove-AtTask

 Enables an administrator to remove scheduled AT tasks from a local or remote system.

C:\PS> Get-help Remove-ATTask –Full 

Gets CmdLet full help

C:\PS> Remove-ATTask -JobID 2 -ComputerName Server1

Remove AT job number 2  from remote computer Server1, only if you are sure

To avoid confirmation write the following command:

C:\PS> Remove-ATTask -JobID 2 -Confirm:$false

C:\PS> Get-ATTask -ComputerName Server1,Server2 | Where-Object {$_.Command -eq 'ipconfig /renew'} | Remove-ATTask -WhatIf

The above example shows what would have happen if the actual command would have run. It gets the AT Task list from Server1 and Server2 and filters jobs which have the 'ipconfig /renew' command.

Remove the WhatIf switch to actually run the command.

How to use

1. Download and run the setup file
2. Load the module – Import-Module ATCommands

SCCM : Copy and Paste, context menu add-on V1.5

Since I first published the post about the Copy & Paste tool, I received many nice comments, thank you all for your kind words. Nevertheless, your feedbacks made me realize that my tool requires some changes.

The new version includes the following :

• Set-ExecutionPolicy – You do not need to change your PowerShell 'Execution Policy', in order to run the tool

• Hidden Console – The "CMD" console is hidden from the user. During the copy operation the cursor  will change to ,so you'll know when to start the paste operation

• Changeable Menu – During setup you can change the menu title, so it won't interfere  with existing tools (which has the same menu name)

• Fix some Spelling errors

• Copy was removed from Packages folder, at this location you can use only paste (you can not copy all the programs at once)

You can copy program by choosing a program from the program list, later you can paste it at the same location or from the package folder as shown above.

You can download the add-on from HERE

For more information visit the Previous Version Page

Free-Tool : Ping-them

Occasionally I need to ping a group of computers to make sure they are alive, in fact pinging is the first operation for many remote tasks : cleaning Active Directory, running scripts, discovery operations, WMI queries, installing applications and more.

I wrote a small tool based on PowerShell and windows forms, which can ping a list of computers and display the results in different columns.

Creating a computer list

• You can add computer names manually, by writing a computer name and pressing the + button.
  • You can use all the known keys (ENTER, DEL, CTRL+A, SHIFT+Arrows, …)
  •  Clears the list

• Creating a list with notepad :
  • Click "Open List" (at the bottom of the computer list window)
  • Type/paste your computer names

• Save the document
• Click "Computer list" (right under "Load…") and your list will appear on screen

• Import Computer List from Active Directory
  • Press on Active Directory TAB

• Optional : select OU from the list to limit your AD Search (The default is /, the root of your domain).
  • Optional : Click the "Load OU List" to get the OUs list from your Active Directory
  • The default list contains Root Domain and Computers container
• You can use the OS filter to limit the Search to a specific OS (*vista* = all vista computers)
  • use the plus/minus buttons to Add/Remove new OS filters (the filter will be saved for later use)
• Use the 'limit Rows' to limit the number of searched records (Computers)
• Press the ADD button to add the AD computers to your list.

Start Pinging

Just Press the button. Use the "CANCEL" button to stop the ping process.

PING Results

After pressing the "Ping Them" button you should be presented with the "Ping Result" TAB

The ping result is divided into 4 categories

• isAlive – Displays a list of live computers (Computers that reply to the ping request)
• NoPing – Displays a list of non reachable computers (Computers that did not reply to the ping request)
• NoDns – Displays a list of computers which do not have DNS record (Host Names that did not replay to ping request)
• Other – Displays a list of computers that did not reply to the ping request for any other reason.

You can double click on any category to see the list content in notepad

LOGGING

Select the "Action Log" TAB for more detailed log.

The log is saved on the local disk and you can reload it by pressing the "Logs" button (under "Load…")

Help

Move your mouse over any of the objects on screen the status bar will display a brief explanation .

Prerequisites

1. PowerShell Version 2
2. Free PowerShell Commands for Active Directory

YOU CAN DOWNLOAD PING-THEM FROM HERE

New Version

Free-Tool : Ping-Them 1.5

SCCM 2012 Beta 2 changes overview Part 5 – Inventory

In the past I extended my SCCM 2007 hardware inventory, following Microsoft's procedure, which was not very intuitive and required manual edit of the 'SMS_def.mof' text file. Adding new hardware classes to my inventory was more complex because I needed to find the right WMI class, edit another text file (Configuration.mof) and check my file structure with 'mofcomp.exe' command.

SCCM 2012 offers a much easier way to do this via the user interface:

Enabling Device Properties

• Select your current client settings (or create a new one) and click on properties

• Click on 'Set Classes' under the hardware inventory section

• Check the properties that you like (i.e: collect information about your Time Zone Settings)

• The results are shown in the resource explorer and in SCCM reports

You need to click the close button several times in order to close the properties window, its a new feature.

Adding new device/class to hardware inventory

• In the hardware inventory class window click the add button
• Next click the 'Connect' button
• In the Connection page
  • Check the 'Recursive' option to get all the available WMI classes
  • Fill in the server name and the credentials, if needed 
  • Press on the 'Connect' button to get the classes list

• Select the desired class and click 'Edit'

• Give your new device/class a friendly name (instead of the default class name)
  • You can also set the unit size

• Now you can select the properties you want to add (as you did in the previous section).

• You can see the result in the resource explorer:

• To verify the presented data you can run the following PowerShell command:

Get-WmiObject -Class Win32_PhysicalMemory –ComputerName ServerName | Format-Table BankLabel,DeviceLocator,Speed,@{Name="Capacity(MB)";Expression={$_.Capacity/1mb}} –AutoSize

Next post - SCCM 2012 Beta 2 changes overview Part 6 – Applications

Free-Tool : Database Browser

While surfing the internet I found a very interesting tool I would like to share with you.

Database Browser is an easy to use, free portable tool, which can connect to a variety of database types and browse or modify data, run SQL scripts, export and print data.

• This tool is free and portable
• The browser supports variety of direct databases connections :
  • Oracle
  • Microsoft Sql Server
  • ODBC
  • MySql
  • OleDB
  • PostgreSQL
  • SQLite
  • Microsoft Sql Server Compact
  • Interbase
  • Firebird

• Supported OS :
  • Windows 2000
  • Windows XP
  • Windows Vista
  • Windows 7

• Easy Table browsing – just click on the table name and the content will be shown on the right pane

• Supports Unlimited number of connections
• Switch between connections by clicking the desired connection

• Easy-to-use search mechanism

you do not need to use SQL query

• You can edit your table as if it was an excel sheet
  • change column order
  • sort column
  • use filters
  • …

• You can preview and print your tables

• Import/Export data from/to Excel

• SQL Builder supporting a wide range of databases types

• Alternatively, You can write your own SQL statement

• Execution Log

• The browser has a very important button - read only mode button

Database Browser Download page

SCCM 2012 Beta 2 changes overview Part 4 – Remote Tools

previous post - SCCM 2012 Beta 2 changes overview Part 3 – discovery

SCCM is a system management enterprise application and among other features should, in my opinion, provide a strong and powerful remote tools solution. Unfortunately, SCCM 2012 is quite disappointing in that respect (In comparison to other tools), BUT , nevertheless, some features are worth noting…

Client definitions

The most significant change is the ability to create several different agent settings. You can create a new Remote tools definitions object , as an addition to the main settings, which can be applied to a specific Collections.

The default client agent settings require user permission

Create a new policy for your servers to avoid prompting users for remote control permission

• Create custom client settings

• Then assign the new settings to your servers` collection

• The result is shown at the bottom of the screen

 To achieve the same goal in SCCM 2007 you need to create a  configuration text file and then use the SCCM distribution mechanism to distribute it to the target collection.

Lock mouse and keyboard

You can lock the remote computer keyboard and mouse, to avoid user interference.

The return of the Ctrl+Alt+Del Key

SMS2003 Remote Tools included the Ctrl+Alt+Del Key sequence, and you could press it without being disconnected, but this feature was removed from SCCM 2007. the sequence is back, but differently :

SMS 2003 enables you to control a remote machine even if it is in a lock or logoff state.

User permission might be required according to policy

On SCCM 2012 the message box will appear only if the user is logged on, if the remote computer is in a logoff/lock state, remote controlling the machine does not present a message box, thus potentially leaving the user unaware to this act, and raising a couple of security and privacy issues. .

You can still configure your client as in SCCM 2007 meaning, Someone must be logged on the remote computer in order to take control.

New security feature

A colleague, from Linkedin, brought to my attention,  that Microsoft added a new security feature – If the remote computer experience a network disconnection the workstation will automatically lock down.

• Improved copy and paste support between the host computer and the remote computer.
• Remote control supports connecting to computers with multiple monitors.
• The Remote Tools notification bar is visible on client computers, so the user knows that the session is active.

Keyboard Shortcuts for the Remote Tools

 Use the "+" and "-" keys on the numeric keypad

Missed Features

• A simple way to control remote stations not part of an Active Directory Domain
• Chat (not as a part of the net meeting)
• Function key definition
• Customable Message box (supporting different languages)
• Customable event logging (let the customer decide which events to capture)
• Automatic reconnect (option) after reboot/network error
• Disconnect options button (disconnect and logoff/lock/reboot…)
• Session recording
• Toolbar (Remote tools 2003 had such toolbar)
• configuration option for file transfer mechanism
• and more …

Next post - SCCM 2012 Beta 2 changes overview Part 5 – Inventory

SCCM 2012 Beta 2 changes overview Part 3 – Discovery

previous post - SCCM 2012 Beta 2 changes overview Part 2 – Setup

The discovery mechanism in SCCM 2012 has some minor changes, but they are very helpful.

Forest discovery

The new AD forest discovery, allows automatic detection of AD Subnets & AD Sites.

Boundaries

The AD forest sites are automatically added to the boundaries definitions.

 You must add your sites (boundaries) to a boundary group before assigning systems to your SCCM site, or distribution point.

The discovery data record (DDR) is created only once and only in one site, and is not forwarded to a parent site. The database replication is responsible for sharing the discovery information with each site in the hierarchy.

Boundaries are defined once at the hierarchy, and available to all sites part of that hierarchy.

Extending AD discoveries

SCCM offers an easier way for extending AD discoveries (Users and Computers). You don't need to use tools like ADSIEdit any more, now the object's properties appears in the SCCM user interface, and can be added easily.

Delta discovery

Delta discovery is a new (since Configuration Manager 2007 R3), very useful feature that was add to the discovery mechanism. Delta discovery adds only new or changed resources in Active Directory instead of performing a full discovery cycle. It is a very important change that serves well the OS deployment process, the SCCM will discover your new system very quickly, so you can use it for deploying more applications (at the end of the OS deployment process).

Manual discovery

Running a manual discovery in SCCM 2007 is annoying, but in SCCM 2012 it is much easier,a single right click will do the work.

Next post - SCCM 2012 Beta 2 changes overview Part 4 – Remote Tools

Free-Tool : How to shrink pictures' file size

On some occasions we want to send pictures/snapshots via email or upload several pictures to a web site, but the files size exceeds the allowed limit.

IrfanView is a small FREEWARE (for non-commercial use) graphic viewer which has vast capabilities, one of this useful features let us reduce the file size by resizing the pictures size. This process can also be run as a batch job to include a list of files (pictures) :

• Download IrfanView from here and install it on your computer. The installation is very simple and includes Google Chrome as an optional installation.

• Double click the application icon

• The tool main window appears

• From the file menu select - "Batch Conversion/Rename…"

• Choose a desired file format for the output files (The default is JPG).

• Select a destination directory for the new files

• Check the bulk resize option and click on advanced

The advanced page

• Check the RESIZE and the "Set new size as percentage…" options. Write the new size in percentage

• Browse to the pictures source folder and select the files.

• Use the button below to add/remove the files to/from the list

• Finally click on the "Start Batch" button

Now the files size is much smaller, but of course there is a reduction in picture quality.  I believe it's a small price to pay if you don't intend to print the pictures.

Source Files                                                        New files

=================================================================================   

Adding IrfanView commands to explorer's context menu

IRfanView has a lot of useful command options. You can use FileMenu tool to add these commands to explorer's context menu.

Here are some examples:

Menu Text: Shrink Image

Arguments: %FILEPATH1% /advancedbatch /resize=(50p,50p) /convert=d:\test\$N_Coverted.jpg

Menu Text: Shrink All Images

Arguments: %FILEPATH1%\*  /advancedbatch /resize=(50p,50p) /convert=d:\test\$N_Coverted.jpg

Menu Text: Images Slideshow

Arguments: /slideshow=%FILEPATH1%