This is a follow on to my “No-Windows 8 Does Not Suck” post that I finally got around to posting.
Last week I loaded the RTM of Windows 8.1 on my production laptop…and yes I did it legally. Kind of a long story behind why that is the case. The short story is that the company I work for is a Microsoft Partner…they are both a Large Account Reseller (LAR) and a System Integrator (SI). I think there are only eleven companies in the world that are both. Net result of that is that for last year or so, the LAR+SI companies have had to do licensing for Windows a bit differently…essentially we were told to use MSDN keys for our production systems that were moving to Windows 8. Odd…but okay…MS told us to.
Now…on to the impressions of Windows 8.1…
I did the upgrade on my laptop last week without any issues. I didn’t time it (kicked it off and went to put my son to bed), but I think it finished in less than an hour. I did notice a few small things after it was done. Below is my list of observations…would love to hear of any new/cool things that you discover as well.
- All of the websites that I had told IE to remember my passwords for…no longer have the passwords saved. But…since the update included IE11 that kinda makes sense.
- I had to reinstall the Cisco AnyConnect VPN. I chose the “Repair” option and it seemed to work.
- My laptop monitor was seen as a “Generic PnP Monitor”, so the screen didn’t look very good initially. Had to go into advanced settings and update driver for the Monitor. See screenshots…
- One observation that I still haven’t nailed down…everything on my laptop screen seems bigger now. I’ve checked the resolution and it is set correctly…but everything seems just slightly bigger. Outlook in particular seems like it is zoomed in. It actually makes it easier to read, but it is definitely different than before.
- Another odd one is on one specific web page…MSN.com. In the past there were navigation arrows that appeared on the picture on the page that rotated every five or so seconds. The nav arrows let you go forward or backwards. Now the arrows appear for a few seconds when the page first loads but then disappear and they don’t come back. It’s actually pretty annoying because if you see something that you are interested in you have to wait until it rotates back around in order to click on it. Update: This has since been fixed.
- Java had to be reinstalled.
- There are new start screen customization options that are pretty nice. Multiple size tiles (small, med, wide, large). More obvious way of naming application groups.
- There is a new “Help+Tips” app…very good for users who are new to Windows 8. Something that honestly should have been there from the beginning.
- A new “Reading List” app. Enables you to push a web page that you want to read later to a common area for delayed consumption. Haven’t used it yet, but it looks promising. Only works with the “modern” app version of IE though. Won’t use it on my non-touch laptop…but will on my Surface when the update becomes available.
- Photos app has new editing functions that look very promising.
- “Modern” apps have new size options. Can run up to four of them on one screen at a time. I haven’t used those apps much on my laptop…but could see doing that now that I can have multiple on a screen.
- Right clicking the new Start button gives the option to shut down or sign out.
- There is a start button (which takes you to the Start Screen), and the Start Screen can be customized by an enterprise to give a specific configuration for your users before you deploy it to them. I personally don’t care about the start button…but I see it being needed to block enterprise deployments because of training fears.
Overall…very nice and stable update to an already very good OS.
This is a post that has been in the back of my mind for a while that I’m finally getting around to writing. Portions of this come to mind when I hear people complain about certain aspects of Windows 8…or when I hear users of other platforms making fun of it (likely without actually using it themselves)…or when someone asks me for an honest opinion since they know that I use it…or when I find something in the OS that I think is excellent and wish others knew. So…in no particular order…here are some thoughts on Windows 8…
Yes it is different. So. What. Some people will tell you that MS doesn’t innovate. When they do, other people scream that it’s too much. Figure out what you want people. If it stayed the same we’d all be looking at an ugly Windows 3.1 box. Yuck.
It is easy to use. My four year old son has ZERO issues navigating my Surface. Neither do my daughters. Seriously…give it half a chance…it’s not hard people. Both my mother-in-law and sister-in-law breeze through it. For both of them I spent maybe fifteen minutes showing them the basics. With that said…Microsoft could have done more on initial release for introducing users to the basics. This has been resolved to a great degree with the new “Help+Tips” app in Windows 8.1.
There is no start button or start menu. So. What. In Windows 7 I look for a tiny thing in the bottom left corner to click that brings up a menu, then I look in that menu for another small section to click, then in that menu for another small thing to click, etc. And God forbid that I accidentally move my mouse outside of the menu when I’m looking for that tiny thing to click…then I have to start over again. Now in Windows 8…I look for the big freaking tile on my Start Screen and click it. Oh and I can customize the screen to have what I want on it. Oh and the tiles are more than just an icon…they update with live info. And seriously…how many of you have used the Desktop as a place to shove shortcuts to every app that you want to open so you can double click them? You’ve given yourself a “Start Screen” already…it’s just not very pretty and has very few customization options. Now you can have all of those shortcuts on your Start Screen…and you can actually see the pretty picture of your kids that you use as your desktop background…instead of little Suzie having an icon shoved up her nose!
Now…although my opinion is that the Start button is not truly needed…I do understand the opposition that Enterprises have had up til now with the fear of training thousands of users. I think those issues have been addressed fairly well in 8.1…there is a start button (which takes you to the Start Screen), and the Start Screen can be customized by an enterprise to give a specific configuration for your users before you deploy it to them.
Hyper-V in Windows 8! Prior to Win8 I was dual booting Win7 and Server 2008 R2 in order to run VMs in Hyper-V for my lab environment. After loading Windows 8, I never booted the server partition on my laptop again…and the VMs I had in 2008 R2 pulled right over with no issues.
Speed in general is better. Boot time is awesome. Love UEFI.
Sync between devices rocks! My Windows 8 laptop (non-touchscreen btw) and my Surface RT are both tied to my Live ID. When I initially set up the Surface, it took me a few seconds to realize what happened. My wallpaper was the same automatically. My home network (with security) had synced up already. My home PRINTER was already set up!
Some of the “Modern” apps. I don’t use a ton of them on my non-touchscreen laptop. I use more on my Surface. The Kindle app is excellent…and it syncs the last read place in a book, so if I read on both my laptop and the Surface…it knows where I left off.
Overall…I have been very happy with Windows 8. I know of a few people that I generally have respect for their opinions on IT matters who were vocal about hating it and switched back. Wonder if they are the same ones who cursed Windows XP when it came out? I think a lot of folks have forgotten the complaints when XP was released. :)
Here’s another example of why I simply don’t trust Google. The issue is that it is trivial to view the passwords saved in Chrome or Firefox…just open up chrome://settings/passwords and click the “Show” button. ZDNet has a good writeup here. Chrome doesn’t even have an option for protecting those saved passwords behind a master password…Firefox does, but it isn’t enabled by default. (Personally I use Internet Explorer which does require you to enter the logged on user’s password to view the saved passwords.) While this issue has existed in Chrome (and Firefox) for a while, it has recently gotten some public exposure.
What is really comical and sad is the excuse given by the “Chrome browser security tech lead” who stated that the only security that matters is the OS password…that a master password protecting the saved password cache is a “false sense of security”. While I agree that the OS password is the most important security step…it should not be the ONLY step. It seems that the only security breach they are concerned about is the malicious attacker…and seem to care less about giving away the farm to opportunistic or mischievous family/friends/co-workers. Just because I either intentionally or accidentally left my computer logged in and not locked should not give someone unfettered access to all my saved passwords…someone who just happens to be in my house or near my computer. The rest of the comments on that thread are also pretty entertaining. Dude got ripped pretty hard for his original post…then responded with what came across as an arrogant “we know better than you” response that certainly didn’t gain him any friends or allay any of the concerns people addressed in the thread. He just doesn’t appear to “get it” that this is a real problem for regular users.
Okay…so I’m a month behind on looking through the new features that are coming in SCCM 2012 R2…it’s been a busy month. But in looking through the features…there are some really cool ones that I wanted to highlight. The full breakdown of what’s new in R2 is here.
- You can now select where to put the DB files when you install. No need to tweak stuff on the back end any more!
- Certificate Registration Point (along with Certificate Profiles)…you can now use SCCM to deploy certificates. This is one of those items that are typically done via Group Policy…but it’s surprising how many of my clients have to fight/negotiate with another department/silo in order to get a GPO created or modified. This will simplify that process…which is a very welcome addition!
- Ability to merge one SCCM 2012 R2 hierarchy with another.
- Mac computers can use an enrollment wizard instead of having to install from command line!
- Resultant Client Settings…kind of like RSOP for SCCM client settings.
- Numerous Mobile Device improvements.
- Enrollment of iOS and Android without requiring Windows Intune.
- Wipe/Retire functions can be configured to only wipe company data.
- Enrolled devices can be configured as either “company owned” or “personally owned”…with different configurations for each.
- VPN and Wi-Fi Profiles…again something that has historically fallen to GPO for configuration.
- Software Updates Preview…kinda like the Search Filter function of Software Updates in SCCM 2007. Nice to know what an ADR will do before it actually creates the deployment!
- New Application deployment type…”web application”. It just deploys a shortcut to a web-based app.
- A few OSD improvements:
- Support for Server 2012 R2 and Windows 8.1
- Check Readiness – VERY nice to see this “sanity check” step that has been available via the MDT integration become a native step! So many accidental OS deployments could have been prevented by this simple step.
- Set Dynamic Variables – this brings some of the common steps that are possible via the customsettings.ini file to the masses…putting the cookies on the bottom shelf.
- New report – “Distribution point usage summary”. Shows how much a given DP is used…number of clients connected and data transfer info.
- Multiple Network Access Accounts
- Content distribution improvements
- SCCM “learns” which DPs are connected by faster connections…and uses that info to prioritize content deployment.
- Improved content validation…validates 50 files per WMI call instead of just one!
- Reports can now be controlled via role-based administration. I’ve had multiple clients ask about this.
Those aren’t all of the additions…but they are the ones that I can see my clients being the most excited about. Looking forward to R2!
When you install a Service Pack or Cumulative Update for SCCM, you also need to update the SCCM console wherever it is installed. And…when you install the console it must be updated to the same SP and CU level as the site server. Unfortunately, the install of the CU only offers the option of creating a Package/Program for updating the console…not an Application that can take care of all of it with one deployment. So…here is how to deploy the SCCM Console via the Application Model.
First, we will need to create an Application for installing the SCCM Console. Create the Application with the name/app catalog/ etc info you wish. I am assuming that we are starting with a SP1 system. When you get to the Deployment Type, here are the settings to use:
- Script installer (since it is an EXE)
- Content location: Best practice is to copy the <SCCMinstall>\tools\ConsoleSetup folder to another location that you use for the source for this package.
- Programs tab:
- Installation Program:
- ConsoleSetup.exe /q EnableSQL=0 TargetDir=”%ProgramFiles%\<FolderName>” DefaultSiteServerName=<FQDN2SiteServer>
- Uninstall Program:
- ConsoleSetup.exe /uninstall /q
- Make sure to select – Run installation and uninstall program as 32-bit process on 64-bit clients.
- Detection Method…Registry
- Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CE6E19024E9D710409D3F46536E239F3\InstallProperties
- Value: DisplayVersion
- Leave the 32bit / 64bit box UNchecked
- Data Type: String
- Operator = Equals
- Value = 5.00.7804.1000
- User Experience
- Install for system
- Whether or not a user is logged on
Second, we need an Application for the Cumulative Update (in this case, CU2). I used the Package Conversion Manager to migrate the existing Package/Program for the “SP1 Cumulative update 2 – console update” package into an application. Again…name/app catalog/etc are your choices…Deployment Type has the following settings:
- Script installer (this is a MSP patch)
- Content location: should already be set if you used PCM. If not, default is \\<SiteServerFQDN>\SMS_<SiteCode>\hotfix\KB2854009\AdminConsole\i386
- Programs Tab
- Installation Program:
- msiexec.exe /p configmgr2012adminui-sp1-kb2854009-i386.msp /L*v %TEMP%\configmgr2012adminui-sp1-kb2854009-i386.msp.LOG /q REINSTALL=ALL REINSTALLMODE=mous
- Make sure to select – Run installation and uninstall program as 32-bit process on 64-bit clients.
- Detection Method…Registry
- Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CE6E19024E9D710409D3F46536E239F3\Patches\AAD68D6F52CC8E349805BB5169C11B26
- Value: DisplayName
- Leave the 32bit / 64bit box UNchecked
- Data Type: String
- Operator = Equals
- Value = ConfigMgr2012AdminUI-SP1-KB2854009-I386
- User Experience
- Install for system
- Whether or not a user is logged on
- Add a new dependency on the SCCM Console application that you created above.
Now all you need to do is deploy the SCCM CU2 Application to an AD Security Group that contains the users who should have the SCCM console. The applications above will:
- Determine if the SCCM console is already installed
- Install it if necessary
- Confirm that the console installed successfully
- Then it will determine if CU2 is already installed
- Install the CU2 update if necessary
- Then confirm that the CU installed successfully.
Now…I did not put anything in this to confirm things like the .NET 4 Framework which is a pre-req…but I’m assuming most of you already have that on your systems. If not, I’m sure you can figure it out on your own!
If you are in the Minneapolis area, come out to the MN System Center User Group tomorrow night (Wednesday June 19). I will be doing my “WHY of Configuration Manager” session from MMS. Hope to see you there.
BTW…CDW is sponsoring the group tomorrow night.
I occasionally need to create a quick ISO to be able to mount to a VM…mainly to get data to a VM that has no connection to the host…or if I want to install an app on the VM when the VM has no access to the internet (all on my laptop). To do that, the easiest way is to burn whatever I am wanting to get to the VM to an ISO. Unfortunately while Windows 8 (which I love) has the ability to natively mount an existing ISO (simply double-click it), it does not natively have the ability to create a new ISO.
Good news is that most of the people reading this likely already have a tool on their system that has this ability…OSCDimg.exe. It is part of the Assessment and Deployment Toolkit…and I think it is also part of WAIK. It is also dang quick. The actual EXE can be found at the following location:
C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Deployment Tools\amd64\Oscdimg
Syntax is fairly easy. If you are wanting to put everything in the d:\blah folder into an ISO…so that the “blah” folder is the root of the ISO, then the syntax would be something like this:
oscdimg.exe -n d:\blah d:\temp\Blah.iso
WHY Series #2
Late last week I got the following email via my contact form. It seemed like the ideal topic for the next post in the series. (Thanks Matt for the message!)
I have a question for your WHY series. I was debating with a co-worker yesterday why you would use the "Build and Capture" task sequence for OSD instead of capturing a system that you already have or have built with another method. I have a few ideas on advantages and disadvantages, but I would like to hear your opinion.
I am going to make a couple of assumptions based on what I read in the question. I interpret “a system that you already have” to mean an existing physical machine that would be captured to create an image. This might not be what the reader intended, but it should be addressed in this post regardless. Best practice is to create a hardware independent image on a virtual machine. (Need to address reasons why for that one in a future post.) I also see the phrase “built with another method”…which I interpret to be essentially a manually built image (as opposed to one using a B&C task sequence).
At the core, those are your options for image creation…automated with a Build & Capture task sequence or build it manually. A slight variation is to use the “Pause task sequence” step in an MDT task sequence to perform a step that can’t be automated…essentially automate all of it except for this one step.
Factors Impacting the Image Creation Process
When looking at the question of whether to manually build the image or use a Build and Capture task sequence, there are several key components that should be considered:
- Image updates. Don’t consider an image to be “golden”…think of it as “current”. This can be a key distinction. Gold implies that it will never change. Current deals with the reality that an image is going to need to be updated. (Let’s not even get into the Thick/Thin/Hybrid image scenario…that’s a discussion for another day…perhaps another “WHY” post.) With that said, unless you are the most hardcore of “thin image” proponents, your image will at least have the OS and updates. Which means that within a month of image creation (Patch Tuesday), the image will be missing necessary updates. How often do you update it? Remember, anything that isn’t in your image has to be installed after the image is laid down…which adds time. I know of a very major company (if you live in the US, you have their products in your home) that had not updated their XP image in several years. The post image update process took a couple of hours to deploy somewhere around 200 updates that were not included in the image. Application updates/upgrades are also part of this equation. Basic gist is that images MUST be updated…ideally on a regular basis.
- If applications are included in the image, are the applications packaged and able to be installed silently? If so, then that process can be automated. If not, then it has to be a manual step. Same goes for image tweaks.
- Ideally you would like to use the same processes for managing apps and updates that go in your image that you use for managing the existing systems in your environment. You already have a “Patch Tuesday” process. Use the same process when building the image. You already have a process for pushing out application upgrades/updates. Use the same process in your image build.
- In the end, you MUST have consistent repeatable results. You need a process that produces a reliable image every single time.
- Lastly, you are busy. I’ve never met an IT person who had too much time on their hands. You need this process to take as little time out of your day/week as possible.
With those factors in mind…lets run them through the grid of our methods for image creation and see how things shake out.
Build and Capture Image Creation Process:
If your core applications that will go in the image can be installed silently…and if you are using either WSUS or SCCM for deploying updates, then this is the ideal situation. Your B&C task sequence could be as simple as “Click Next” and come back later to see your shiny new WIM file. Once you’ve got it working (which I won’t deny could be challenging) it couldn’t be any easier. Once it is going, you will never look back. I know of at least one company that has a recurring Task Sequence deployment to a virtual machine…to create a new image the day after Patch Tuesday each month. Completely automated. Score!
Because the task sequence is automated, there is very little time involved. Just click next and check on it later. Because all of the tasks are automated, there isn’t any room for admin error. Because it is automated, you are more likely to update your image on a regular basis. The process IS standardized and repeatable. Oh…and if a step does have to be performed manually, use an MDT task sequence with the “Pause” step to automate as much as possible…and only do the non-automatable tasks manually.
Manual Image Creation:
Manual is…well…manual. You install the OS from DVD/ISO. You install each app. You apply all the updates. You run Sysprep. You capture the image. All manually. Hopefully you are following a checklist. Hopefully you don’t forget a step. Good luck with that.
The manual image creation process is characterized by the following:
- Slow. All those manual steps take time.
- Time consuming. Because it is slow, realistically, you will not update the image as often as you should.
- Open for admin error (i.e. forgetting a step or installing a component slightly differently upon image rebuild)
- Not standardized/repeatable
Overall…friends don’t let friends use a manual image creation process. You might wish it on your enemies though! ;-) However…see my conclusion below for one instance where you might use an existing image.
If you’ve followed my blog for long or have seen my presentations at MMS or TechEd, then you should have known I was going to land on the side of using the Build and Capture Task Sequence before you even started this article. In my opinion (that I think I’ve adequately backed up with solid logic), using a B&C task sequence to create your image is the only way to go. It just makes sense from a time/automation/repeatability/manageability standpoint.
The ONLY exception that I see to this is if you are migrating from an old technology (i.e. Ghost) to SCCM, AND you are migrating from XP to Windows 7 / Windows 8. In that instance…would I recommend going through the process of recreating all of your Windows XP images…that you are going to be getting rid of soon anyway? No. In that instance I would say go ahead and capture that existing image (or if it is already a WIM file…see if you can deploy it as-is). Don’t spend the time recreating the image that you are going to be dumping (since XP EOL is coming up very soon!).
Would love your comments and feedback. Keep the ideas for future posts coming!
Until next time…keep asking the right questions.
WHY Series #1
I figured I’d start the WHY Series with a question that will have an impact on your Configuration Manager design…do you need a Central Administration Site or not? To CAS or not to CAS…that is the question.
First let’s address a key difference between Configuration Manager 2012 and 2007. A Central Administration Site (SCCM 2012) is NOT the same as a Central Primary site (SCCM 2007). A CAS cannot have clients assigned to it. It cannot have all SCCM site roles. It is for administration and reporting ONLY. A CAS can only have primary sites as child sites…no secondaries attached to a CAS. It isn’t just a new name…it is fundamentally different. With that said…why would you or would you not need a CAS?
When you get right down to it, the question of whether or not you need a CAS boils down to a different question…”will I need more than one primary site?”. If the answer to that question is no…then you’ve also answered the CAS question…no you don’t need a CAS. You only need a CAS if you have more than one primary site. So…with that being the REAL question to ask…let’s look at reasons why you would need multiple primaries.
The primary reason why you would need multiple primaries is scalability. There are certain requirements from a technical limitation standpoint that force the need for a second primary. Per the documentation these include:
- More than 100,000 clients. If you are currently or expecting to grow beyond 100,000 clients, congratulations, you get a CAS because the published client count limitation for a single primary site is 100,000.
- More than 10,000 Windows Embedded clients with File Based Write Filters (with proper exclusions implemented). (3000 if the listed exclusions are not implemented)
- More than 50,000 MAC clients.
- More than 250 Secondary sites
- More than 250 Distribution Points (although note that each Secondary site can have 250 DPs as well. With that in mind the aggregate total of DPs…those directly attached to the primary and all of the DPs attached to all of the secondary sites is a maximum of 5000 DPs)
Just in Case
Let’s go ahead and deal with an argument that came up with the RTM of SCCM 2012…the “just in case” scenario. This came about because at RTM, you had to install a CAS first in the hierarchy…you couldn’t attach a primary to a CAS after the fact. So, some companies chose to install a CAS “just in case” they would ever need one. This often came up when talking about a merger…that you would want a CAS in order to pull the other company into the hierarchy. Well…what if the other company had better hardware? What if your company was going to be the “child” company after the merger? Well…now you get rid of your CAS anyway…and you had unnecessary complexity in your hierarchy for nothing. Really, the “just in case” argument was always a weak/bad argument.
With the release of SP1 for SCCM 2012, it is now possible to join an existing primary to a CAS…the CAS no longer has to be the first thing installed in the hierarchy. Since it now IS possible to join an existing primary site to a CAS…the “just in case” scenario is completely blown away.
Unless you meet (or are approaching) one of the scalability limitations, assume that you do NOT need a CAS. Keep your design simple. Always always always start with a simple design…then add complexity to meet either business or technical requirements. But ONLY add complexity to address one of those requirements. In general assume that you do NOT need a CAS unless specific requirements (business or technical) make it necessary.
Until next time…keep asking the right questions.
One of my sessions at MMS this year was titled “The WHY of Configuration Manager”. It focused on why would you choose to do things a particular way in SCCM. There are many tasks that can be performed multiple ways in SCCM…and plenty of resources to tell you how to do those things. But there aren’t many resources to answer the question of “Why”. Why would I choose to do a task (or configure a setting…or design a hierarchy…etc) one way instead of another. The session took on several of these questions and attempted to answer the question of “Why?”.
With that in mind, my plan is to start a series of blog posts that I’m calling “The WHY Series”. The plan is to think through the options of a task/setting/design/etc and lay out the reasons why you might choose to implement things one way or another. At this point I don’t foresee a specific outline for the topics to be covered. I also don’t know that it will be solely limited to SCCM questions…although that is where many of the initial posts in the series will come from.
Also…I would love some feedback. Is this something you are interested in? If so…what topics would you like to see covered? Either leave a comment on this post, send me a message via my contact form, or ping me on Twitter.
Check back soon…I hope to have the first post up this week.
I was working with a client this week where we had a need to create a special Group Policy Object for a pilot scenario. This GPO needed to be filtered to only apply if the computer was a member of an AD Security Group. We could add the machines into the group, but we needed to not be forced to reboot all of the machines in order for the group membership to be effective. After doing a bit of searching I found out how to do this…use the “klist” command. This is native to Windows 7 and Windows 8…and to Server 2008 and later. It is not included in Vista…and I’m not sure about Windows XP (but you should be looking at getting off of XP anyway!). The command to trigger this is:
klist –li 0x3e7 purge
Klist with the purge switch forces the computer to refresh the Kerberos tokens…which also effectively recognizes the group membership changes. The “0x3e7” is the part of the logon id that identifies the computer account (Local System).
I knew that the Microsoft Management Summit was going to be very busy this year…especially after getting three breakout sessions and one “birds of a feather” session on my speaking schedule. (I’m still honored to be asked to speak at all…much less to speak multiple times.) I dramatically underestimated the level of exhaustion that would result from that schedule! I was very surprised to see the results of the session evals after the conference ended. My unspoken goal was to have a session ranked in the top ten for the event…I hadn’t even mentioned that goal to my wife. Even with that goal in mind I was still very surprised to see the eval results at the end…to have the highest rated session of the event! I’m still in shock…and very excited! One of my other sessions is also tied for 12th for the event!
I know all of the speakers would join me in thanking the attendees for taking the time to rate the sessions. We appreciate the feedback…and that data is part of what Microsoft uses to determine who is invited to speak again. Below are the top 20 sessions for the event based on the average of the “overall satisfaction” question. One other interesting note when you look at the top 20…how many times you see Johan listed. Six out of his seven sessions were in the top 20…including half of the top 10! Wow!
All of the sessions from MMS are available on Channel 9, and I’ve included direct links to the top 20 below.
|1||UD-B201||Hierarchy Simplification with Configuration Manager 2012||Jarvis Davis|
|2||DC-B316||Real World Windows 8 Deployment with MDT 2012 Update 1||Johan Arwidmark|
|3||DC-B303||Advanced Microsoft Deployment Toolkit 2012 Update 1 Customizations||Mikael Nystrom, Johan Arwidmark|
|4||DC-B306||Building the Perfect Windows 8 Image||Johan Arwidmark, Mikael Nystrom|
|5||IM-B402||Debug Production Application Issues using System Center Operations Manager||Mickey Gousset, Brian Randell|
|6||SD-B312||Configuring Service Manager for Performance and Scale||Nathan Lasnoski|
|7||SD-B317||Best Practices For Runbook Authoring and Managing Orchestrator||Anders Bengtsson, Pete Zerger|
|8||SD-B302||Automating System Center Deployment with the Powershell Deployment Toolkit||Rob Willis|
|9||BOF02||Microsoft Desktop Deployment Toolkit Roundtable||Johan Arwidmark, Mikael Nystrom|
|10||DC-B301||A Geek’s Guide to USMT 5.0||Johan Arwidmark|
|11||UD-B341||Complex Maintenance Using System Center 2012 Configuration Manager and Orchestrator: Patching a Cluster||Neil Peterson|
|12||DC-B313||Maximizing Windows 8 Performance: Troubleshooting Tips||Johan Arwidmark|
|13||UD-B327||The WHY of Configuration Manager: Methods of Deployment||Jarvis Davis|
|14||SD-B318||Orchestrator Best Practices: Lessons Learned at Cargill||Vaughn Nerdahl|
|15||UD-B408||Configuration Manager … Actually||Jason Sandys, Kim Oppalfens|
|16||WS-B309||File Storage Strategies for Private Cloud||Jose Barreto|
|17||MMS102||Open Sourced: myITforum Unplugged||Rod Trent, Ron Crumbaker|
|18||SD-B307||Optimize Your Data Center with Datacenter Services from Microsoft Services||Adam Fazio, David Ziembicki|
|19||WS-B335||Windows Server 2012: Private Cloud and Security||Jeff Woolsey|
|20||DV-B306||Microsoft Application Virtualization 5.0: Migration and Coexistence||George Matthews|
Great first day of the MMS Bible study. Good discussion around the idea of fellowship from 1 John 1:1-4. Some of my discussion notes are below. We will pick up with verses 5-10 tomorrow.
Notes re: what fellowship looks like…
Safety…being able to talk about failings…not being perfect…being able to let your guard down
Marriage …that level of vulnerability
Similar to a small group…living life together
Thanks to everyone who emailed me that they are interested in our morning Bible study / devotional times at MMS again this year. Sorry that I responded to so few of you…really I don’t know that I responded to anyone…it’s been a very busy couple of months! Here are the final details for those who are interested.
We will meet from 7:15-7:45am Monday through Friday this week. Rod Trent was able to get us a room, and he posted details on the room location on his blog a while back. Follow that link to see where we are meeting.
Similar to the last few years, we aren’t doing a formal in depth Bible study this year. Consider it more of a devotional and prayer time to help us set the tone for the day. Looking forward to seeing those of you who have been a part of our group for a few years as well as the first timers. As always, this is by no means a closed group. Feel free to just show up.
See you in the morning bright and early. We will finish in plenty of time to hit the attendee breakfast before the keynote.
I just found out this morning that I will be presenting a third session at MMS. This one is an updated version of the session I did last year. Bummer is that it is the last session of the event…so attendance will probably be low…and people will probably be half asleep from the exhausting week. Might need to see what I can do to wake them up! So…my three sessions for the week are:
There are plenty of resources to tell you HOW to perform various tasks with Configuration Manager. For that matter, there are multiple ways of doing many tasks. This session will use lessons learned from numerous Configuration Manager deployments to teach you WHY you would choose one method over another. This will be a broad, fast-paced session that digs into the questions you should ask to ensure you implement Configuration Manager the right way for your company.
Deploy All of System Center: Two Real World Examples (co-present with Phil Pritchett)
Ever wondered what impact deploying all of System Center could have on your business? Join us for a look at real world examples of two companies who did just that. We will look at the impact and value of implementing all of System Center 2012 Configuration Manager SP1, Operations Manager, Service Manager and Orchestrator. We’ll discuss business needs, process management, standardization, pain points and the importance of deployment order.
The poster child for hierarchy simplification: 15000 systems, 70 locations, 23 Primary sites in Configuration Manager 2007…simplified down to a single primary in Configuration Manager 2012 while expanding ability to delegate management. This session include examples from new hierarchy design/simplification projects. Expect specific real world examples for how to keep your hierarchy as simple as possible.
Every year at MMS for the last five years a group of us have met each morning before breakfast for a short time of Bible discussion, prayer, etc. The last couple of years, Rod Trent has helped us get a meeting room at the event…am expecting he will be able to do so again this year. I will post more details about the location and specific times closer to the event. In the past we have met for about a half hour while allowing time to grab breakfast and get to the first meeting. Probably will end up being something like 7:15-7:45 or 7:30-8:00 Monday-Friday. Might need to adjust a bit this year since both of my speaking sessions are currently scheduled for 8:30am!
Look forward to seeing you there. If you are planning on coming, please leave a comment below or email me via my contact form.
A little over a week ago I found out that I get to speak at MMS again this year…and this year I get to speak twice! My sessions will be:
There are plenty of resources to tell you HOW to perform various tasks with Configuration Manager. For that matter, there are multiple ways of doing many tasks. This session will use lessons learned from numerous Configuration Manager deployments to teach you WHY you would choose one method over another. This will be a broad fast paced session that digs into the questions you should ask to ensure you implement Configuration Manager the right way for your company.
Microsoft System Center: I’m "All In" (Co-present with Phil Pritchett)
Ever wondered what impact deploying all of System Center could have on your business? Join us for a look at a real world example of a company who did just that. We will look at the impact of deploying SCCM, SCOM, SCSM, and Orchestrator all in one environment.
So, if you are going to be in Vegas for the Management Summit, come on by…would love to meet you out there!
A couple of years ago I created a post with the major SQL version numbers. While working with a client this morning, I realized that I had not updated it to reflect several updates that have been released since the original post. Here is an updated table of major version numbers. To see all major and minor version numbers (i.e. versions for cumulative update versions), see this post. I’m also using this post to clean up some inconsistency in how the version numbers were listed in my previous post.
|SQL Version||Version Number|
|SQL Server 2012 RTM||11.0.2100.6|
|SQL Server 2012 SP1||11.0.3000.0|
|SQL Server 2008 R2 RTM||10.50.1600.1|
|SQL Server 2008 R2 SP1||10.50.2500.0|
|SQL Server 2008 R2 SP2||10.50.4000|
|SQL Server 2008 RTM||10.0.1600.0|
|SQL Server 2008 SP1||10.0.2531.0|
|SQL Server 2008 SP2||10.0.4000.0|
|SQL Server 2008 SP3||10.0.5500.0|
|SQL Server 2005 RTM||9.00.1399|
|SQL Server 2005 SP1||9.00.2047|
|SQL Server 2005 SP2||9.00.3042.01|
|SQL Server 2005 SP3||9.00.4035|
|SQL Server 2000 RTM||8.00.194.0|
|SQL Server 2000 SP1||8.00.384.0|
|SQL Server 2000 SP2||8.00.534.0|
|SQL Server 2000 SP3||8.00.760|
|SQL Server 2000 SP3a||8.00.760|
|SQL Server 2000 SP4||8.00.2039|
|SQL Server 7.0 RTM||7.00.623|
|SQL Server 7.0 SP1||7.00.699|
|SQL Server 7.0 SP2||7.00.842|
|SQL Server 7.0 SP3||7.00.961|
|SQL Server 7.0 SP4||7.00.1063|
|SQL Server 6.5 RTM||6.50.201|
|SQL Server 6.5 SP1||6.50.213|
|SQL Server 6.5 SP2||6.50.240|
|SQL Server 6.5 SP3||6.50.258|
|SQL Server 6.5 SP4||6.50.281|
|SQL Server 6.5 SP5||6.50.415|
|SQL Server 6.5 SP5a||6.50.416|
|SQL Server 6.5 SP5a Update||6.50.479|
Over time I have talked with numerous people about where the SQL database should be for the Configuration Manager database. Where this conversation typically comes up is when a company has a DBA team that is demanding that all SQL databases be hosted on dedicated (and super powerful) database servers. These servers predominantly will host numerous SQL databases for a variety of applications. The reasoning typically falls into the following arguments:
- Licensing – We don’t want to have to pay for another SQL license, so all DBs will be on our dedicated SQL servers.
- Performance – Our crazy powerful DB servers will give better performance than what you would install locally.
- Security – We need to maintain control over the content of the DB, and the DB integrity in general. Having them on a dedicated SQL server allows us to do that in the best way.
Sounds like some good arguments right? Well…not so much. Let’s take a look at each of the three.
- Licensing – Not an issue at all. Configuration Manager 2012 licensing includes the ability to install SQL Standard…at no additional charge.
- Performance – There have been arguments for years about whether Configuration Manager performed better with remote or on-box SQL. I’ve seen people give great arguments both ways…but haven’t really seen anything definitive either direction. With Configuration Manager 2012, the recommendation from Microsoft is that SQL be local unless you hit certain size limitations. Unless you are over 50,000 clients, then on-box SQL Standard will work just fine for you. If more than 50,000 clients, then a remote SQL Standard will take you to 100,000 clients. SQL Enterprise is only necessary on a Central Administration Site supporting more than 50,000 clients. (For more info.)
- Security – THIS IS THE BIG ONE! It generally takes about a three minute conversation with a DBA before they run away from this argument. Consider the following facts and implications in a remote SQL scenario:
- The Configuration Manager site server must be a member of the local administrators group on the remote SQL server. (See the Configuration Manager documentation.)
- Several people who are not SQL admins will be administrators on the Configuration Manager site server.
- It is trivial for an admin on the Configuration manager site server to run any application (such as a CMD prompt or SQL Server Management Studio) as Local System. (See this post.)
- Since the Configuration Manager server (Local System) has admin rights on the remote SQL server…the non SQL Admin can VERY easily obtain admin rights on the SQL server.
- The DBA has now started sweating, twitching and begging you to keep your weird database away from his/her server. :-)
So, really the only reason to consider doing remote SQL at all is a performance issue…but you have to be a pretty big organization for that one to come into play. And even if you do need to do remote SQL…it should be a SQL server that is dedicated to Configuration Manager.
Note (12/4/2012): I was talking with a friend late in the day yesterday about this blog post. He reminded me that I had already posted about this issue last April. Thanks Phil…I’m a little scatterbrained sometimes! I’m leaving this post up anyway because it is better than the original in my opinion.
A few months ago I wrote about the great peanut butter disaster in our house…Sam’s mad dash through the house flinging peanut butter. Today was what I will now refer to as “Sam Disaster #2”.
While working from home in my office I hear my wife shriek. I quickly run upstairs where I find her in the bathroom with water running everywhere. She had sent Sam to go wash his hands while she fixed his lunch…ironically, a peanut butter sandwich. :-) Sam had washed his hands, plugged the sink, left the water running wide open, closed the bathroom door, and climbed up to the table for lunch. I honestly don’t think he was trying to be bad…he was just completely oblivious to what he had just done.
While not quite as bad as the “Wet Bandit” scene from Home Alone, it was in the same ballpark. Water all over the counter and floor. Heck…one of the drawers in the vanity had even filled up…had to siphon the water out of it to keep from making an even bigger mess. That drawer was the one that used to hold my electric razor…it was submerged. I hadn’t been planning to replace that anytime soon.
Stay tuned for Sam Disaster #3…I’m sure it will come soon enough.