Don’t know why I didn’t think to post this earlier, but I am speaking at the Minnesota System Center User Group (MNSCUG.ORG) this week. I will be talking about Operating System Deployment with ConfigMgr, and addressing some of the particular gotchas to look out for with Windows 7 deployments.
If you are in the Twin Cities, come check out the user group. We’d love to have you.
The meeting is tomorrow (11/18) at the Microsoft office in Bloomington. Food and beverages arrive at 4:30, and the meeting starts at 5:00. We should end around 7:30 or so. There will be some nice door prizes including two copies of the MMS 2009 post conference DVDs…but to be eligible for the door prizes (and to help us plan for food) you must register at the link below. Hope to see you there!
While at TechEd North America earlier this year, I had the pleasure of interviewing Mikael Nystrom from TrueSec. I knew very little about Mikael before sitting down with him, and it ended up being a very fun interview. It also ended up being over an hour long! Below is the first half of the interview. Enjoy!
Just a note…the interviews from TechEd have been taking me a long time to post…mainly because of my frustration with some glitches with my blog host. I have had significant issues getting the audio to work. I have uploaded the audio in the format that is required by the audio player, but the player won’t play the audio. The previous interviews have each taken multiple hours to get the technical glitches worked out. This time I simply gave up on resolving the issues and produced a “video” from the audio and the one picture I have of me with Mikael at TechEd.
Over the last week I have had three people email me questions via the Contact Form on my blog with questions about past posts. This was instead of leaving a comment on the actual post on the blog. The last three posts that I have put up are answers to those three emails. I prefer to answer it here so that my responses can benefit more people than just the person asking the question.
If you have a question about something I have written, you can feel free to ask via either the contact form or by leaving a comment. I will try to respond in a timely manner.
Rick emailed me asking the following question about the PowerShell script I wrote last year for adding a domain user to the local admin group on a computer.
How would I loop thru the script for multiple machines ? i.e how to add an account to the local admin groups to a list of systems in a csv
Short answer is you need to look using two PowerShell cmdlets in conjunction. They are:
Import-CSV
ForEach-Object
You can read about them and a bit about how to use them here, and here. Additionally, I would refer anyone with scripting questions to check out the Scripting Guys blog…it is fantastic.
Erik sent the following question re: a special issue with installing Office 2007.
We are in the process of trying to push out office 2007 w/SP2 w/o Access and Publisher and for it to uninstall Outlook 2003, but leave everything else and for it to do it unattended and silent. Now I did create the .MSP file which does this and it works great, but before our company decided to do this in an organized way, they were giving Excel 2007 out for people to try or people don’t have SP2 for Office 2007. Now I have tried everything to create an SMS package (SMS 2003) that will work, but if I just send out the package with the .MSP file it prompts people to interact with it if they already have anything part of Office 2007 on their computer. Now we created a package in sms that will uninstall office 2007, and it’s linked to another package in sms to reinstall office 2007, but it wants a restart on the computer before it will reinstall office 2007. Now if you guys know a way that will work without uninstalling office 2007 first that great too. I’ll take an ideals at this moment.
You do have an interesting problem. Because your company chose to give out part of Office 2007 before the full deployment was packaged and prepared, you will likely have some careful steps to take for those computers.
One way to handle that would be to create a collection to locate the users that have Excel 2007 already installed. From your description, it sounds like those are the only ones that won’t install silently at this point. You may need to communicate with those users to prepare them that a reboot will be required as part of this install. If you send this as a non-mandatory advertisement, they can choose when to do the installation at a time when a reboot won’t affect them as much. I would tell them to just plan to run it when they leave for lunch.
Without building out a similar scenario in my demo environment to test it, I don’t know offhand of a way to do this without uninstalling Excel first. I’m actually a bit surprised that the installation that you made silent still asked for user input. Did you follow my instructions in this post?
Scott sent me this question via the contact form on my blog:
I saw a post you made about using PowerShell to add a domain user to a local administrator group during a task sequence (http://verbalprocessor.com/2008/04/08/add-domain-user-to-local-administrators-group/). I am trying to do the same thing, but don’t necessarily want to incorporate PowerShell at this time. I was hoping to use MDT and the Administrators1 task sequence variable, but this doesn’t seem to work. I have a vbscript that works when run manually, but it can’t connect to the domain to get the user account object when executed via the task sequence. I’ve tried a few different methods to run under a certain service account, but unless that account is an admin, it doesn’t seem to work. You had indicated that you have a VBscript that was doing this successfully. Can I by any chance get a copy of that script? If you have any other suggestions for me, I would welcome that as well. I look forward to hearing from you. Thank you!
I think Scott may have misunderstood what I did in that post. In the post that Scott references I wrote a PowerShell script for running manually after the task sequence is finished to add a domain user to the local admin group of a remote machine. In that post I actually mentioned that I had trouble getting it to work with VBS…even though I was using a Scripting Guys post to try to build the VBS version. I can’t locate the particular Scripting Guys article that I was looking at, but there are several posts related to this from community members at this link.
I did have a VBS that would do this as part of a task sequence that I used at a client earlier this year, however for some reason it stopped working in my demo environment…and I don’t know why. So unfortunately, I don’t have a working VBscript for this that I can share.
This morning I have been building out a new ConfigMgr demo environment on my laptop based on Server 2008 R2. I had already installed SQL 2008, but couldn’t remember if I had installed SP1 for SQL 2008 or not. I looked at the version number, but then had to go to Microsoft to find out what the version number equated to in terms of SP level. For future reference to myself and others, here is a concise list of SQL Server version numbers and the corresponding friendly name. This will be useful if you already know the version number. If you need to know how to get the version number from you SQL server, refer to this page (which is where this list of numbers came from). That page lists the SQL queries for each version to perform to obtain the version number.
Recently while helping out with a Windows 7 event at a training center here in the Twin Cities, I got into a discussion with one of the attendees who was planning the move from XP to Windows 7 for his company. In particular he was expressing concern about the loss of support for Windows XP, and one of his main concerns was related to his perception that the end of support for XP also meant that he would no longer be able to legally install Windows XP.
That prompted me to ask some questions and do some research into whether he was right or not. Does the end of support mean that he would not be able to install XP via his enterprise deployment system? In my research, it appears that he may have confused the lack of ability to purchase Windows XP with the unrelated issue of can he legally install it. He did not take into account OS Downgrade Rights.
In layman’s terms “downgrade rights” is the ability to purchase a newer operating system license, and then downgrade that license to allow you to install an earlier OS. For example, you can purchase Vista or Windows 7 and then use the downgrade rights to install Windows XP…even though the license you purchased is for the newer OS.
BTW…let me make one thing clear now before I am misunderstood in this post…I am not advocating staying on Windows XP. I made the move to Windows 7 at the Release Candidate stage. It was rock solid then, and the RTM is equally rock solid. For that matter…I ran Vista on my production laptop starting at Beta 2…and was very happy with it. This post is not telling anyone to stick with XP…it is simply intended to clarify the licensing issues of what you can do if you have a business need for some systems to stay on XP. (i.e. you have older machines that may not be capable of running Vista/Win7 that will stay in use for a while longer…and you still need the ability to image them as needed.) So…with all that said…
Downgrade rights can be broken out into two categories based on whether you have a Volume License agreement with Microsoft or not. If you have a VL agreement (Enterprise Agreement or a Select Agreement with Software Assurance on Windows), your downgrade rights are practically limitless. The quote from the Downgrade Rights Volume Licensing Brief (this refers to Vista, but my assumption is that Windows 7 Enterprise would also fall under this…although it should be noted that this is my assumption…not anything I have seen officially in writing from Microsoft):
If I have Windows Vista Enterprise, what can I downgrade to?
Downgrade rights in the Volume Licensing programs provide customers with the right to downgrade to any prior version of the same product. Windows Vista Enterprise is a new type of product and does not have a prior version. However, customers licensed for use of Windows Vista Enterprise are licensed for Windows Vista Business, and it can be downgraded to the Windows XP Professional, Windows 2000 Professional, Windows NT® 4.0, Windows NT 3.51, Windows 98, or Windows 95 operating system.
If you don’t have a Volume License agreement and your desktop OS license is from the OEM, you fall under the Downgrade Rights for OEM customers. This is a different section of that document that provides a limited time frame for how long your the OEM Downgrade Rights last. Essentially, the OEM Downgrade rights are for 18 months after the General Availability of Windows 7 or the release of a Windows 7 Service Pack…whichever is earlier. GA was October 22, 2009, which would make the cutoff April 22, 2011 unless a SP is released earlier than that. From the brief linked above:
Can I downgrade my OEM version of Windows 7 Professional to Windows XP Professional?
For a limited time of 18 months after the general availability of Windows 7 or the release of a Windows 7 Service Pack, whichever is earlier, the OEM license of Windows 7 Professional and Windows 7 Ultimate will include downgrade rights to Windows XP Professional. After that period the OEM license will enable downgrade rights to Windows Vista Business.
Okay…so that covers downgrade from Windows 7 to XP. The other question for companies who have a desire to continue to roll out XP would be related to Windows Vista. Vista will continue to have downgrade rights to XP…so when will Microsoft stop selling Vista…because technically you could still purchase Vista and downgrade to XP after the 18 month cutoff mentioned above…if they are still selling Vista at that point.
So…hopefully that makes the downgrade rights issue a bit clearer than mud.
I got an email from a friend a while back tipping me off to some OSD tools in development by Microsoft that I hadn’t heard about. The codename of the project is Modena. It is currently in beta and can be found on the Connect site.
Modena is a “collection” of tools aimed at simplifying your deployment tasks when using Configuration Manager 2007 Service Pack 2. … Modena, with OSD Tools and Driver Sync, includes the blueprint we use at Microsoft to deploy Windows 7. We provide our end-user experience, exported task sequence, pre-flight scripts, and our driver sync tool to simplify management of drivers in your enterprise.
I have not been able to install them in my demo environment to test them out yet (hope to do so this week), but from what I could read about so far…I’m pretty excited about what I saw. It appears to be a pretty comprehensive “Front End” to the OSD process along with a tool to simplify the driver management component of your OS deployment. Being that those two components are where a lot of companies tend to have the most issues in the OSD process…this is a welcome addition to the OSD toolbox.
You can read more about what is included in Modena in a fairly expansive blog post on the “Cravings” blog.
Over the last couple of months I have been working on losing weight (again). This has mostly consisted of running a few times a week…typically pushing Sam in a jogging stroller. It’s been a pretty good workout lately. Anyway, a month or so ago I saw a poster for a 5K race scheduled for October 10th at a park near my house, so I signed up…a little extra motivation.
What I didn’t realize when I signed up on that lovely sunny day in September is that October 10th in the Northwest suburbs of the Twin Cities was going to be the coldest morning since last winter. When I woke up this morning for the 9am race, there was a half inch of snow on the ground. The temp outside when I woke up was 24 degrees. By race time it had warmed up to a balmy 28 degrees. For the first quarter mile of the race, my teeth hurt the air was so cold.
I achieved my goal of finishing the race…albeit slowly. I was nearly 10 minutes slower than my 5K times right after college. But…I’m quite a few years older and carrying quite a bit more weight!
Laurel has been doing a mile-at-a-time marathon at school, and she ran this morning also…she did the 1K kids race.
I got the following from Megan Trent (Rod Trent’s wife…the myITforum.com denmother). It is one of the better jokes that I have gotten over email in a while. Thanks Megan!
Tea Service
One day my mother was out and my dad was in charge of me and my brother who is four years older than I am. I was maybe 1 and a half years old and had a little ‘tea set’ that was one of my favorite toys. Daddy was in the living room engrossed in the evening news and my brother was playing nearby in the living room when I brought Daddy a little cup of ‘tea’, which was just water.
After several cups of tea and lots of praise for such yummy tea, my Mom came home. My Dad made her wait in the living room to watch me bring him a cup of tea, because it was ‘just the cutest thing!!’
My Mom waited, and sure enough, here I come down the hall with a cup of tea for Daddy and she watches him drink it up, then says, ‘Did it ever occur to you that the only place that baby can reach to get water is the toilet??’
Today I saw some confusion about when SP2 for ConfigMgr will be available. Everyone agrees that the release is 90 days after Windows 7, what they don’t agree on is whether the Windows 7 date is the RTM (Release to Manufacturing) date or the GA (General Availability). Since RTM was July 22, and GA is October 22, this is an important distinction. So which is it?
What was announced at the Microsoft Management Summit, and has been re-confirmed since is that SP2 will be released within 90 days of the Windows 7 RTM. So…that would mean that we will hopefully be able to get our hands on ConfigMgr SP2 within the next couple of weeks.
Just a note to those who are moving to ConfigMgr from SMS 2003 (or earlier). Take the time to properly architect the ConfigMgr implementation…don’t just upgrade the existing infrastructure without re-thinking the design to ensure it makes sense for your business. There have been enough changes in scalability (and much more) that your existing architecture may not make sense with ConfigMgr…you could be wasting money on servers/licenses/administration by just keeping the same structure.
Example: I’ve been working with a client over the last week on an SMS 2003 to ConfigMgr migration. When I looked at their existing SMS 2003 infrastructure, it included a Central Site, four Primaries, and 26 Secondaries. The Central and all four primaries are in the same physical location. There are about 8000 clients. If I moved that design to ConfigMgr, it would just be overkill…and a serious waste of money for the client.
Turns out that the client’s SMS 2003 infrastructure was a direct upgrade from SMS 2.0 a long time ago. Personally, I never worked with SMS 2.0, so I don’t know if that was well designed or over designed. What I do know is that the ConfigMgr environment that I designed for them is significantly simpler. They save a ton on licensing, and it will be significantly easier to manage…along with providing them the flexibility that they need for any future expansion.
Last week I needed to boot to ConfigMgr Task Sequence bootable media on a machine that I didn’t have a CD/DVD drive for. PXE isn’t enabled in this environment, and I was under a tight timeframe to get it done…I needed to create a bootable USB key fast. I remember trying to use the ConfigMgr wizard to create a bootable usb key last year, but for some reason I couldn’t get it to work. Because of that experience, I instead pursued taking my existing bootable ISO and creating a bootable USB key from that. I came across instructions that are posted several places on the internet…mostly in forums. Unfortunately no one has posted where the original instructions came from. I’d love to give credit to that person because they really helped me out last week. I’m posting them here as a help to others…and so that I will always have an easy way to find the instructions the next time I need them! I’ve also modified the original quoted instructions to be more specific to the bootable ISO scenario.
Insert your USB flash drive and enter the following commands at a command prompt:
(Note: The instructions below assume that your USB flash drive will be seen as disk 1. Confirm the disk number of the USB drive first by using the “list disk” command before the “select disk” command below. If you select the wrong disk you will wipe the wrong drive…possibly your hard disk drive.)
diskpart
select disk 1
clean
create partition primary
select partition 1
active
format fs=fat32
assign
exit
The final step is to copy the files from the bootable ISO to the USB key. Mount the ISO using a program such as Virtual CloneDrive. Use Xcopy to copy the files from the ISO to the USB key. The command line below assumes that D: is the drive letter where the bootable ISO is mounted and E: is the drive letter for the USB key.
Tonight was the monthly meeting for the Minnesota System Center User Group (miscusergroup.org – long story behind the URL). We had John Vintzel from the ConfigMgr product team talking about some of the features that will be in the R3 release…good stuff.
A few weeks ago my friend Tim approached me to ask me if I would consider running for President of the user group. I was honored to be asked and said yes. Tonight I was elected to be President of the user group! That’s really really cool, and I’m looking forward to trying to get some good programs on the agenda for the meetings over the next year.
BTW…if you are interested, the next meeting will be October 15th at the Microsoft office in Bloomington. Check the user group website above for more information.
First of all, I’ll admit that this post is a bit of a stupid mistake. It stems from a miscommunication between a co-worker and I who were working on an internal (not client) server. I should have confirmed what he had done instead of assuming.
We have been building a new ConfigMgr server. My co-worker had some time while I was working on a client project, so he installed ConfigMgr.
This morning I started building out the rest of the server for OSD purposes. After configuring the MDT integration with ConfigMgr, I went into the ConfigMgr console to “Create Boot Image using Microsoft Deployment”. After entering in all the info it asked for, the wizard started but fairly quickly popped up an error stating, “Error while importing Microsoft Deployment Toolkit Task Sequence. Details: The ConfigMgr Provider reported an error.” When I checked the log file (located in C:\Users\<username>\AppData\Local\Temp\2\NewBootImage_x86.log), I found the following error:
PEIMG failed to use the servicing stack shim library (ssshim.dll) to locate a servicing stack that matches the target image (0×901f0005).
Hmmm…that sounds like a WAIK issue. After looking, I confirmed that my co-worker had installed the previous version of WAIK instead of the version for Windows 7/Server 2008 R2. So, I removed the old version and installed the new WAIK. Got a different error. Unfortunately I didn’t take note of what the error message was at the time, but I do remember that the SMS Provider log file (smsprov.log) had the following phrases in a couple of error entries (I know this because of my bing.com search history.)
failed to get the peimg tool installation location
failed to get peimage command line
That sent me hunting for more info and finally led me to ask the question…”What version of ConfigMgr did my co-worker install?” After checking the version, I discovered that we had somehow miscommunicated. I thought he had installed the Release Candidate of ConfigMgr SP2 (because I am doing Windows 7 deployments…SP2 is required for this). Turns out he had installed SP1.
So…after installing both R2 and SP2, I was finally able to create the boot image using the MDT integration.
Perhaps someone searching on the above search strings will see this and be able to get back up and going faster than I did!
Lately I have been working on a SCOM (System Center Operations Manager) engagement for a client. During that engagement, I ran into some issues with the SCOM Gateway server which led me to KB948098. The “result” and “cause” sections are actually very helpful. The “resolution” section should have never been posted in its current form.…and it was posted over a year and a half ago.
First a minor issue. Step 4 in the article has a typo. (the word should be “workaround” instead of “workgroup”). Also, the last line of Step 4 is: “Then go to Step 4.”
Step 5 is simply a disaster. There is a reference to “in step 4” that has nothing to do with Step 4. The command line for the Gateway Approval Tool has TWO mistakes. The command listed in the article is:
Microsoft.EnterpriseManagemt.GatewayApprovalTool /ManagementServer=<management Server FQDN_name> /PrincipalName=<gateway_server_FQDN_name> /Action=Create
The switches in that command line should be:
/ManagementServerName – NOT /ManagementServer
/GatewayName – NOT /PrincipalName
Also in Step 5, the SQL Query statement has a typo in the table name. The table name should be “mt_healthservice” instead of “mtv_healthservice”
FYI…I already used the feedback form at the bottom of that page to leave this feedback. Hopefully this will help others who come across that article until Microsoft fixes it.
At the end of this month I will be leading a free half day technical seminar on Operating System Deployment at New Horizons in Edina MN. I will be doing a version of the Operating System Deployment session that I delivered at MMS and TechEd this year along with talking about Windows 7 deployment. The Windows 7 component will be relaying the experience that I have gained in deploying Windows 7 internally at Virteva using ConfigMgr.
The seminar will be on September 30 from 9:00-11:30am Central Time. It will be offered for both in classroom as well as remote attendees, so you can attend even if you can’t make it to Edina that day. If you would like to attend, you can register at the New Horizons site. When you sign up, there will be a question asking “How did you hear about us?" at the bottom of the registration form. Please answer “Other” and put “verbalprocessor.com” in the “Other” field.
RSS - Posts
