|
FISHMANPET posted:gently caress, this is killing me. Is there a way to stop advertising a task sequence to a collection? As in, "oops, I didn't mean to do that"? You can remove the read rights from the folder on the deployment point, but that is if you are advertising a package. Whatever you do, don't delete the advertisement. If you do, you lose all logs about who was affected. For drivers, I make one driver package for each model computer. In my task sequence, I use installation media instead of a wim. I use WMI conditions on each "apply driver package" to restrict it to the appropriate model. I prefer using installation media instead of a wim so that if anything changes (new model computer, new version of software) it is a matter of swapping out one step in the task sequence. We do not have control of DHCP either (woo academia), so we perform DVD media installs. When you create the DVD image, it asks you if you want to specify any task sequence variables. If you specify something like 'Hostname' to have no value, you can then put a step in your task sequence that sets OSDComputerName (or whatever the correct task sequence variable for hostname is) equal to 'Hostname'. When running the deployment DVD, it will prompt you for a value for 'Hostname'. You could also write an HT, or use scripts, but this is a simple way to do it. During our big Vista rollout a while back, we needed to specify hostname, container, and username (to add to the local admin group, because everyone is an admin on their computer, woo!), but everything else was automated.
|
#
¿
Jul 20, 2010 01:54
|
|
|
|
| # ¿ May 1, 2024 13:11 |
|
|
Right click disable? (although that disables each each advertisement of the task sequence) I'm not sure I quite understand your language.
|
|
#
¿
Jul 20, 2010 03:05
|
|
|
Haha, no worries. The SCCM console is laid out like Boston city streets.
|
|
#
¿
Jul 20, 2010 14:55
|
|
|
This is what I use for WMI conditions: SELECT * FROM Win32_ComputerSystem WHERE Model LIKE "%OptiPlex 380%"
|
|
#
¿
Jul 20, 2010 19:42
|
|
|
When you run the second executable, does anything pop up in a temp folder?
|
|
#
¿
Jul 22, 2010 00:09
|
|
|
quote:I'm going to have a task sequence for each hardware models Don't do this. Instead, overload a single task sequence. Make a driver package for each model, and in the task sequence add a "Apply Driver Package" step for each driver package you made. Use a WMI query as a condition on each "Apply Driver Package" step so that the right computer gets the right drivers. Here's a page that somewhat describes it: http://blogs.technet.com/b/deploymentguys/archive/2008/02/15/driver-management-part-1-configuration-manager.aspx This way you only have to modify a single task sequence.
|
|
#
¿
Jul 24, 2010 02:02
|
|
|
WinPE can query WMI when running a task sequence. That link I posted goes into pretty fine detail. So for our staff Vista task sequence, all I ever modify is updating applications, and adding a new driver package when a new model computer comes along. SCCM gets a lot easier once you have the "base" set up.
|
|
#
¿
Jul 24, 2010 02:33
|
|
|
Did you try updating the collection membership? I recently ran into the same thing - I got an error in the console when I tried to check the properties of a computer. A membership update solved that problem, and the problem of no advertisements being available.
|
|
#
¿
Jul 26, 2010 23:40
|
|
|
marketingman posted:Create collections that take their membership information from an AD security group. Yes, this. Even just from a user interface point of view, AD groups are so much better to manage than SCCM collection membership rules.
|
|
#
¿
Jul 27, 2010 14:56
|
|
|
I have a SCCM OSD Task Sequence in which I want to set DNS in the resulting OS, but otherwise use DHCP. During the OSD I am happy to use the DHCP settings. The 'Apply Network Settings' step does not seem to do anything if I stick an extra one at the end of my Task Sequence (ie: not within WinPE) and tell it to configure the adapter with static DNS settings, even though Technet implies this is possible. In the smsts.log everything looks great, but when I check the settings post OSD they are not changed. Thoughts? quackquackquack fucked around with this message at 18:12 on Aug 3, 2010 |
|
#
¿
Aug 3, 2010 18:07
|
|
|
netsh: 1, SCCM Technet documentation: 0
|
|
#
¿
Aug 3, 2010 20:46
|
|
|
The tools I have available for these questions are SCCM and a Server2008 domain. I want to discover the size of the local profiles on the desktops in my organization - I'm curious how much storage we would need if we used roaming profiles. I know that in the System control panel it tells me, but I'm not sure where that is stored. I suppose I could use a script + mof edit. Or File Collection. I also want to parse the contents of each computer's local administrators group. Preferably this would be stored with each computer in SCCM (in the same way it currently shows what AD groups each computer is in). This one might also turn out to be a script + mof edit.
|
|
#
¿
Aug 6, 2010 21:57
|
|
|
Use "Apply Driver Package" instead of "Auto Apply Drivers". Better to have control over what is happening. I think SCCM should just handle the driver package location in the same way it does for other packages. That did seem a bit strange. I have not seen your issue with drivers sticking around forever after they are deleted. It just disappears from the driver package for me, and when I tell the driver package to update, it's no longer there, either. I was unable to find a way to rename advertisements. I agree, it is annoying. I try and make a Task Sequence for just about everything I deploy. It gives the end user a pretty window to look at without having to allow interaction with the program installer. It allows me to name it whatever I wants.
|
|
#
¿
Aug 9, 2010 23:07
|
|
|
marketingman posted:On that note if you're a coder and you don't allow silent installs you can go get hosed you egocentric prick. Now, now. If we're going to start a packaging hate rant, you're going to have to listen to my stories about a 16 bit setup.exe that quits after spawning additional processes as the logged on user - regardless of the fact that it was launched as SYSTEM. And an AdminStudio before/after snapshot capture package? Doesn't give the same result as installing it from the exe. But yeah, every package in SCCM is a silent install. I guess I didn't think of doing it any other way.
|
|
#
¿
Aug 10, 2010 12:47
|
|
|
Nomex posted:Packaging software is the single most difficult part of creating zero touch images. Most common apps already have silent install options, but some stuff, including most internal apps I've come across are an absolute nightmare. Amen. The amount of testing alone... And even software that is "easy" to distribute, like Adobe products. Dreamweaver is just not going to install if you happen to have a windows explorer window open and are moving your mouse at the same time (error 7!). Or patches ignoring the REBOOT=REALLYFUCKINGSUPPRESSGODDAMNIT flag.
|
|
#
¿
Aug 24, 2010 01:52
|
|
|
Jadus posted:I'm hoping someone can clarify something for me regarding SCCM and licensing. If you want SCCM for a single reason, it's retarded. Think about what SCCM could do for you overall, and you might consider it worth it. (says someone who gets academic pricing)
|
|
#
¿
Aug 25, 2010 03:05
|
|
|
I used the ZTIWindowsUpdate script (part of MDT2008, have not used 2010), which was nice because it essentially hammered the WSUS until you were fully updated. Sure, the imaging took longer, but you skipping having people complain about all the updates that needed to be run once they got their new computer. Currently I use SCCM, and it annoys me that there is not a simple option to do this, they assume you will tie SCCM into WSUS. The annoyance level of updates post image is moving this issue up my list of things to take care of.
|
|
#
¿
Oct 10, 2010 04:09
|
|
|
Yeah, sorry, was drunk when I wrote that last post. We don't run out own WSUS, our central IT group does. To tie together WSUS and SCCM, you need to install a SCCM role on the WSUS. I keep saying we should just set up a downstream WSUS for this purpose, even if we don't point our clients at it. ZTIWindowsUpdate is different in that it doesn't require the SCCM+WSUS tie-in. The end result may be the same, but the process is not. Unfortunately this has nothing to do with me. I stupidly asked about doing this instead of just doing it.
|
|
#
¿
Oct 10, 2010 15:33
|
|
|
marketingman posted:Well you've still got it around arse backwards... If it makes it easier, let's agree that the Software Update Point (SUP) site role and WSUS have to be installed on the same machine. So either I get to install SUP on the existing WSUS (not going to happen), or I set up a downstream on my existing SCCM server. You seem to be missing the fact that my hesitance is not what is stopping this from happening. I stupidly asked my boss about installing WSUS, and got a no. I should have just done it and not told anyone.
|
|
#
¿
Oct 11, 2010 20:08
|
|
|
SCCM can take a log to get going, and has a relatively steep learning curve. But the options once you have it up and running are fantastic. For Office 2007, why not install it using a startup script?
|
|
#
¿
Feb 4, 2011 23:53
|
|
|
Yeah, good point about Office. I can think some convoluted as hell ways to do it, but I wouldn't want to implement them. I moved from MDT to SCCM and installed the MDT integration tools. However, I found I ended up making OSD Task Sequences from scratch instead of using the MDT ones. Let me know what you decide when you hit that decision. And a tip for Software Deployment through SCCM: you can make collections that query AD groups. It's a hell of a lot easier to (manually or scripted) change the membership of an AD group than it is to muck around with Collection membership queries.
|
|
#
¿
Feb 5, 2011 02:54
|
|
|
FISHMANPET posted:... I use driver packages as well, and I definitely believe it's the way to go. I overload my OSD Task Sequences with each driver package with a WMI condition. I feel like it gives me more control and consistency. I don't do unknown computer. New PCs use thick DVDs, or I pre-seed them in SCCM.
|
|
#
¿
Feb 6, 2011 21:46
|
|
|
I assume you're asking about renaming when using thick media deployment? For thick, I set a variable when it asks when creating the media, I think it's OSDComputerName.
|
|
#
¿
Feb 7, 2011 02:03
|
|
|
FISHMANPET posted:I've read that what some people do is import the network and SATA drivers into SCCM so that they can put them into boot images, but the rest they just copy into the sccm drivers folder on the file system, because all SCCM does is copy that folder onto the computer after it dumps the image and says "hey, do any of these infs work for you?" I can see how that would save some time during initial SCCM setup, but it seems awfully coarse. For example, we have two computer models with different revisions of the same audio chip. The same driver is supposed to work for both, and will install for both, but not work for the older revision. I had to grab an older version of the driver to make the older revision work.
|
|
#
¿
Feb 7, 2011 17:06
|
|
|
lol internet., I'm not quite sure what you mean. I always use "Apply Driver Package" and never "Auto Apply Drivers", but I still have to import the drivers and put them in the driver packages. Do you point the 'Data Source' tab directly at where you expanded your drivers? If so, wow, this removes an annoying step (import, add to package).
|
|
#
¿
Feb 7, 2011 17:45
|
|
|
I'm a huge USMT fan, but editing the XML files can be a pain. Although once you get it up and going, you rarely have to tweak them. We pulled out all of the application migration stuff except Office, and told it to migrate the entire AppData\Roaming folder. I forget how the AppData\Local\Microsoft\Outlook folder is specified, but that comes over too. We also told it not to migrate the shared videos/pictures/etc. It works like a charm, after ~200 migrations from XP to Vista and Vista to Vista, the only things we have had to go back fishing for are programs that keep settings in their Program Files folder. We also had to add a line to migrate our one big app that installs to c:\fuckyouapp\. Other than those snags, it very rarely fails. I recommend using the /ue and /ui flags intelligently. We /ue everything, and then /ui only that one user account. And turn up the logging verbosity.
|
|
#
¿
Feb 10, 2011 14:47
|
|
|
That's basically what USMT does, except you don't need the person to log onto the computer first, and you exclude a bunch of crap (temp folders, etc).
|
|
#
¿
Feb 10, 2011 15:22
|
|
|
At least Google put out an MSI and ADM for Chrome. Come the gently caress on Firefox, it's not that hard to hire 1/8th of a full time person to package for Windows. In one of our labs we're installing IE (obviously) and Chrome, but no Firefox. Now that there's another viable option for "alternative browser", we chose the one that is not a pain in the rear end to update. (and no, those community MSIs are not a viable option for us).
|
|
#
¿
Feb 10, 2011 16:39
|
|
|
Oh hey, thanks. I ended up going with an SCCM package consisting of du.exe and a batch file (below) to gather the info, then powershell to chop it up (you can't see the powershell, just like you can't see my funny wart).code:I used SCCM instead of using Powershell to gather the info, as we have not deployed powershell to our client PCs, and we don't do a fantastic job of making sure the right firewall holes are poked. We have all Vista staff PCs. As for the "multiple PCs" issue, the batch script named the files %username%.%computername%.txt, and the powershell script imported column A as %username% and B as %hostname%, so I could easily play with different combos (add, take the highest, etc). quackquackquack fucked around with this message at 22:03 on Feb 10, 2011 |
|
#
¿
Feb 10, 2011 22:01
|
|
|
Didn't they deprecate -ms? I also have SCCM and personally use /INI=blah.ini. However, because the installer extracts to a temp folder, you have to provide an absolute path to the .ini. Also, in my side job, they don't have SCCM, just AD. It's just a pain in the rear end, where it needn't be. I am excited about FF4 having auto-update. Spudman: I am that dedicated desktop administration guy in my place, although I dabble with other bits. SCCM is pretty awesomely fun, although the learning curve can suck. SCCM 2012 beta is out, which might be a good time to dive in. This is also my favourite thread here, I was disappointed when it got cobwebby. SCCM question: is there a page/doc with best practices for upgrading SCCM? Right now I'm on 2007 SP1 (not R2) on a 2008 OS with SQL 2005. I would like to bring up a new VM with 2008R2, SQL 2008 (although 2005 would be fine, it's not like I interact with it) and SCCM 2007 R3, then move the database over.
|
|
#
¿
Feb 11, 2011 00:21
|
|
|
I do the same as FISHMANPET. I have a similar structure, but I don't care if, for example, the Optiplex330 folder has the audio driver, but the Optiplex360 folder does not. The driver packages I make in SCCM are the definitive articles. I could delete my source folders if I wanted. When you tell SCCM to store a driver package somewhere, like \\server\DriverPackages\, it puts a folder named: %DriverPackageName%, which has a bunch of hex folders like: 40ADF883-0979-46DD-88B0-39592CBD646E\, one for each driver in that package.
|
|
#
¿
Feb 11, 2011 22:15
|
|
|
And to answer a question from above, trying to import a duplicate driver fails gracefully.
|
|
#
¿
Feb 12, 2011 06:25
|
|
|
lol internet. posted:- How do you deal with multiple advertisements that need to run in a specific order. (ie. Office 2007 x32 needs to be uninstalled prior to installing Office x64 2010) In order: - Use a Task Sequence to create a... sequence of tasks. It is in the OSD part of the console, but can be used outside of OSD. So you would advertise a TS that, if 2007 is installed, uninstalls it, then installs 2010. If 2007 is not installed, it skips the uninstall and goes right to installing 2010. - Again, use Task Sequences. The first step is a restart (make sure you play with the countdown timers...), then do what else you need. - SCCM, in my opinion, handles software updates poorly. To answer your question, the delivery method (SCCM or GP Software Installation) does not matter, it depends what the msi/exe you are running does. As for why I think SCCM is a poor choice for software updates in most environments (I assume we are talking desktops/laptops and not servers) is that it's an uncontrolled environment. GP Software Installation at least happens on startup, so it doesn't matter that Dreamweaver CS4 freaks out that firefox is open when it is installed. Our users are currently running updates themselves (local admins, yadda yadda), and when we investigated using SCCM to perform the updates we decided it just wasn't going to work, and we're going to use GP Software Installation instead.
|
|
#
¿
Feb 14, 2011 18:48
|
|
|
quote:A task sequence would work, but is kind of ugly, as it advertises to the user as a mandatory operating system deployment, which might freak them out. Why would it show a notification at all if I set it to Mandatory (As soon as possible) and uncheck "Allow users to run the program independently of assignments" quote:I have to disagree, in the last place I setup SCCM about a dozen departments climbed on the "This is just an excuse to take away our admin rights and it won't work right and the four horsemen..." train. I'm not quite sure how these things are related. SCCM itself seems to be scarier in terms of "oh no they're taking away my local admin". quote:I just set all updating and installations to occur at 3am, waking the PC itself and then shutting it down once it's complete. I personally find GP terrible for software deployment, but most instinctually than for any technical reason. I'm not a huge fan of GP software installation either, but for certain things like updates to flash, java, adobe reader, it makes sense to me, to avoid issues with running software when the update happens. We are not just a 9-5 environment, and many people remote desktop into their computers from home (I'm working on roaming profiles plus a terminal server, but that's not something to rush), or they are required to lock their laptops in a drawer at night. Every environment is different, of course, I'm not implying the way I do things is gospel. However, I will stand by Task Sequences being a better way to do things in a lot of cases. With a TS (as compared to a script) you get better error reporting, it's easy to chain things together, and if you use "Run Advertised Software", you can have the Task Sequence show a progress bar (albeit one that counts 'progress' as "number of steps completed"). So that would be my tip: Task Sequences make a lot of things easier. FISHMANPET stole my other biggest tip.
|
|
#
¿
Feb 15, 2011 16:25
|
|
|
Maybe you can answer a question I've had in the back of my head: if I set an advertisement to run when nobody is logged on, let's say it's a big one, like Photoshop, will it delay the shutdown process to finish installing after logoff? My flock does no log off. I don't think they know what that button is. Around here if I killed someone's firefox in the middle of the day, or locked them out of their computer... well, they would think the computer demons did it. But if they noticed that it happened to a few people around them at the same time, they would clue in. "But my firefox had the exact tabs open I needed, re-opening them perfectly will take hooouuurrsss." We have a 'do not disturb' policy combined with a 'can't make the end user do anything themselves', which is why slipping something like an Adobe Reader update in at startup is possible, but having people update Reader themselves is too much. Speaking of, I pulled the stats in SCCM to show me who had out of date software for the following: Reader, Flash plugin, Flash ActiveX, Java. Everyone is a local admin on their computer. 23% was the magic number. And I know that number was inflated by a large batch of new computers we had just given out, so they had the most recent versions.
|
|
#
¿
Feb 16, 2011 04:05
|
|
|
FISHMANPET posted:I haven't played around with this very much to be honest. All I've done with OSD is advertise it to a collection that allows the user to run it, then only put machines I want imaged right now in that collection. I've only done the mandatory thing once, and then the user was still allowed to run it on their own. You can control notifications on a per-advertisement basis. Also, in 'Run Advertised Programs' my task sequences that are for software distribution are listed as such, and not under the OSD category. I point it out not to call you on it, but because task sequences have made a whole hell of a lot of things easier for me, and I feel like their poor location in the console has left them overlooked and underused. quote:Not sure what you mean by delay shutdown but photoshop should run okay with a user logged in. I've pushed out CS5 and visual studio 2010 to users logged in before. Delay the shutdown until the program is finished installing. Installing Photoshop CS4 while someone is logged on is fine, unless they have any internet browser, any other Adobe product, or any of the Office components open. At least Photoshop just errors out in that case, Adobe Pro will reboot the computer in some cases. Surprise! Telling people to log off at certain times never seems to work around here. That was why I was hoping either "when nobody is logged on" (happening when someone shuts down their computer, in the period between logging off and actual shutdown), or "at logoff" would work (in the same fashion). Just some way to install software when the user is not logged on, but that doesn't require the user to explicitly log off. I realize a policy decision would be the better approach (have everyone log off at the end of the day or similar), but I've barked up that tree to no avail.
|
|
#
¿
Feb 16, 2011 23:04
|
|
|
lol internet. posted:I'd like to setup email notifications for when applications have been deployed successfully in SCCM. Anyone do this yet or able to point me in the right direction. What are your criteria for "successfully"? Take a look in the reports section, and find one that has to do with the status of an advertisement. Check the SQL it uses, then decide on an external tool that will query those tables and send the e-mail based on the criteria you choose.
|
|
#
¿
Feb 21, 2011 00:16
|
|
|
I also skip 4-6 (both in MDT and SCCM). Part of this is I lie to use a lot of logic in my Task Sequences (conditional statements on various steps). Sure, I could make a reference machine with all but the conditional steps, then have another TS that deploys the reference image plus the conditional steps, but at that point it seems to be getting too complicated. I'll probably do 4-5 this summer when we switch half of our PCs to 7 in a relatively short span.
|
|
#
¿
Feb 24, 2011 14:24
|
|
|
That's if you just fish the .wim off the Vista/7 DVD. You can install from source (it runs through Windows setup entirely), or you can install from a .wim you create. We used to install from source for Vista, but with the silly number of post-SP2 Vista patches now out, I installed a bare copy of SP2 into a VM, updated it, then captured an image with imagex and switched to using that image, not changing any of the other TS steps.
|
|
#
¿
Feb 24, 2011 14:51
|
|
|
|
| # ¿ May 1, 2024 13:11 |
|
|
lol internet. posted:... What are you planning to use to fix the duplicate problem? This article seemed useful: http://danielssccmworld.blogspot.com/2010/09/managing-conflicting-records-and.html
|
|
#
¿
Mar 1, 2011 04:18
|
|
