WHY Series #2
Late last week I got the following email via my contact form. It seemed like the ideal topic for the next post in the series. (Thanks Matt for the message!)
I have a question for your WHY series. I was debating with a co-worker yesterday why you would use the "Build and Capture" task sequence for OSD instead of capturing a system that you already have or have built with another method. I have a few ideas on advantages and disadvantages, but I would like to hear your opinion.
I am going to make a couple of assumptions based on what I read in the question. I interpret “a system that you already have” to mean an existing physical machine that would be captured to create an image. This might not be what the reader intended, but it should be addressed in this post regardless. Best practice is to create a hardware independent image on a virtual machine. (Need to address reasons why for that one in a future post.) I also see the phrase “built with another method”…which I interpret to be essentially a manually built image (as opposed to one using a B&C task sequence).
At the core, those are your options for image creation…automated with a Build & Capture task sequence or build it manually. A slight variation is to use the “Pause task sequence” step in an MDT task sequence to perform a step that can’t be automated…essentially automate all of it except for this one step.
Factors Impacting the Image Creation Process
When looking at the question of whether to manually build the image or use a Build and Capture task sequence, there are several key components that should be considered:
- Image updates. Don’t consider an image to be “golden”…think of it as “current”. This can be a key distinction. Gold implies that it will never change. Current deals with the reality that an image is going to need to be updated. (Let’s not even get into the Thick/Thin/Hybrid image scenario…that’s a discussion for another day…perhaps another “WHY” post.) With that said, unless you are the most hardcore of “thin image” proponents, your image will at least have the OS and updates. Which means that within a month of image creation (Patch Tuesday), the image will be missing necessary updates. How often do you update it? Remember, anything that isn’t in your image has to be installed after the image is laid down…which adds time. I know of a very major company (if you live in the US, you have their products in your home) that had not updated their XP image in several years. The post image update process took a couple of hours to deploy somewhere around 200 updates that were not included in the image. Application updates/upgrades are also part of this equation. Basic gist is that images MUST be updated…ideally on a regular basis.
- If applications are included in the image, are the applications packaged and able to be installed silently? If so, then that process can be automated. If not, then it has to be a manual step. Same goes for image tweaks.
- Ideally you would like to use the same processes for managing apps and updates that go in your image that you use for managing the existing systems in your environment. You already have a “Patch Tuesday” process. Use the same process when building the image. You already have a process for pushing out application upgrades/updates. Use the same process in your image build.
- In the end, you MUST have consistent repeatable results. You need a process that produces a reliable image every single time.
- Lastly, you are busy. I’ve never met an IT person who had too much time on their hands. You need this process to take as little time out of your day/week as possible.
With those factors in mind…lets run them through the grid of our methods for image creation and see how things shake out.
Build and Capture Image Creation Process:
If your core applications that will go in the image can be installed silently…and if you are using either WSUS or SCCM for deploying updates, then this is the ideal situation. Your B&C task sequence could be as simple as “Click Next” and come back later to see your shiny new WIM file. Once you’ve got it working (which I won’t deny could be challenging) it couldn’t be any easier. Once it is going, you will never look back. I know of at least one company that has a recurring Task Sequence deployment to a virtual machine…to create a new image the day after Patch Tuesday each month. Completely automated. Score!
Because the task sequence is automated, there is very little time involved. Just click next and check on it later. Because all of the tasks are automated, there isn’t any room for admin error. Because it is automated, you are more likely to update your image on a regular basis. The process IS standardized and repeatable. Oh…and if a step does have to be performed manually, use an MDT task sequence with the “Pause” step to automate as much as possible…and only do the non-automatable tasks manually.
Manual Image Creation:
Manual is…well…manual. You install the OS from DVD/ISO. You install each app. You apply all the updates. You run Sysprep. You capture the image. All manually. Hopefully you are following a checklist. Hopefully you don’t forget a step. Good luck with that.
The manual image creation process is characterized by the following:
- Slow. All those manual steps take time.
- Time consuming. Because it is slow, realistically, you will not update the image as often as you should.
- Open for admin error (i.e. forgetting a step or installing a component slightly differently upon image rebuild)
- Not standardized/repeatable
Overall…friends don’t let friends use a manual image creation process. You might wish it on your enemies though! ;-) However…see my conclusion below for one instance where you might use an existing image.
If you’ve followed my blog for long or have seen my presentations at MMS or TechEd, then you should have known I was going to land on the side of using the Build and Capture Task Sequence before you even started this article. In my opinion (that I think I’ve adequately backed up with solid logic), using a B&C task sequence to create your image is the only way to go. It just makes sense from a time/automation/repeatability/manageability standpoint.
The ONLY exception that I see to this is if you are migrating from an old technology (i.e. Ghost) to SCCM, AND you are migrating from XP to Windows 7 / Windows 8. In that instance…would I recommend going through the process of recreating all of your Windows XP images…that you are going to be getting rid of soon anyway? No. In that instance I would say go ahead and capture that existing image (or if it is already a WIM file…see if you can deploy it as-is). Don’t spend the time recreating the image that you are going to be dumping (since XP EOL is coming up very soon!).
Would love your comments and feedback. Keep the ideas for future posts coming!
Until next time…keep asking the right questions.
WHY Series #1
I figured I’d start the WHY Series with a question that will have an impact on your Configuration Manager design…do you need a Central Administration Site or not? To CAS or not to CAS…that is the question.
First let’s address a key difference between Configuration Manager 2012 and 2007. A Central Administration Site (SCCM 2012) is NOT the same as a Central Primary site (SCCM 2007). A CAS cannot have clients assigned to it. It cannot have all SCCM site roles. It is for administration and reporting ONLY. A CAS can only have primary sites as child sites…no secondaries attached to a CAS. It isn’t just a new name…it is fundamentally different. With that said…why would you or would you not need a CAS?
When you get right down to it, the question of whether or not you need a CAS boils down to a different question…”will I need more than one primary site?”. If the answer to that question is no…then you’ve also answered the CAS question…no you don’t need a CAS. You only need a CAS if you have more than one primary site. So…with that being the REAL question to ask…let’s look at reasons why you would need multiple primaries.
The primary reason why you would need multiple primaries is scalability. There are certain requirements from a technical limitation standpoint that force the need for a second primary. Per the documentation these include:
- More than 100,000 clients. If you are currently or expecting to grow beyond 100,000 clients, congratulations, you get a CAS because the published client count limitation for a single primary site is 100,000.
- More than 10,000 Windows Embedded clients with File Based Write Filters (with proper exclusions implemented). (3000 if the listed exclusions are not implemented)
- More than 50,000 MAC clients.
- More than 250 Secondary sites
- More than 250 Distribution Points (although note that each Secondary site can have 250 DPs as well. With that in mind the aggregate total of DPs…those directly attached to the primary and all of the DPs attached to all of the secondary sites is a maximum of 5000 DPs)
Just in Case
Let’s go ahead and deal with an argument that came up with the RTM of SCCM 2012…the “just in case” scenario. This came about because at RTM, you had to install a CAS first in the hierarchy…you couldn’t attach a primary to a CAS after the fact. So, some companies chose to install a CAS “just in case” they would ever need one. This often came up when talking about a merger…that you would want a CAS in order to pull the other company into the hierarchy. Well…what if the other company had better hardware? What if your company was going to be the “child” company after the merger? Well…now you get rid of your CAS anyway…and you had unnecessary complexity in your hierarchy for nothing. Really, the “just in case” argument was always a weak/bad argument.
With the release of SP1 for SCCM 2012, it is now possible to join an existing primary to a CAS…the CAS no longer has to be the first thing installed in the hierarchy. Since it now IS possible to join an existing primary site to a CAS…the “just in case” scenario is completely blown away.
Unless you meet (or are approaching) one of the scalability limitations, assume that you do NOT need a CAS. Keep your design simple. Always always always start with a simple design…then add complexity to meet either business or technical requirements. But ONLY add complexity to address one of those requirements. In general assume that you do NOT need a CAS unless specific requirements (business or technical) make it necessary.
Until next time…keep asking the right questions.
One of my sessions at MMS this year was titled “The WHY of Configuration Manager”. It focused on why would you choose to do things a particular way in SCCM. There are many tasks that can be performed multiple ways in SCCM…and plenty of resources to tell you how to do those things. But there aren’t many resources to answer the question of “Why”. Why would I choose to do a task (or configure a setting…or design a hierarchy…etc) one way instead of another. The session took on several of these questions and attempted to answer the question of “Why?”.
With that in mind, my plan is to start a series of blog posts that I’m calling “The WHY Series”. The plan is to think through the options of a task/setting/design/etc and lay out the reasons why you might choose to implement things one way or another. At this point I don’t foresee a specific outline for the topics to be covered. I also don’t know that it will be solely limited to SCCM questions…although that is where many of the initial posts in the series will come from.
Also…I would love some feedback. Is this something you are interested in? If so…what topics would you like to see covered? Either leave a comment on this post, send me a message via my contact form, or ping me on Twitter.
Check back soon…I hope to have the first post up this week.
I was working with a client this week where we had a need to create a special Group Policy Object for a pilot scenario. This GPO needed to be filtered to only apply if the computer was a member of an AD Security Group. We could add the machines into the group, but we needed to not be forced to reboot all of the machines in order for the group membership to be effective. After doing a bit of searching I found out how to do this…use the “klist” command. This is native to Windows 7 and Windows 8…and to Server 2008 and later. It is not included in Vista…and I’m not sure about Windows XP (but you should be looking at getting off of XP anyway!). The command to trigger this is:
klist –li 0x3e7 purge
Klist with the purge switch forces the computer to refresh the Kerberos tokens…which also effectively recognizes the group membership changes. The “0x3e7” is the part of the logon id that identifies the computer account (Local System).
I knew that the Microsoft Management Summit was going to be very busy this year…especially after getting three breakout sessions and one “birds of a feather” session on my speaking schedule. (I’m still honored to be asked to speak at all…much less to speak multiple times.) I dramatically underestimated the level of exhaustion that would result from that schedule! I was very surprised to see the results of the session evals after the conference ended. My unspoken goal was to have a session ranked in the top ten for the event…I hadn’t even mentioned that goal to my wife. Even with that goal in mind I was still very surprised to see the eval results at the end…to have the highest rated session of the event! I’m still in shock…and very excited! One of my other sessions is also tied for 12th for the event!
I know all of the speakers would join me in thanking the attendees for taking the time to rate the sessions. We appreciate the feedback…and that data is part of what Microsoft uses to determine who is invited to speak again. Below are the top 20 sessions for the event based on the average of the “overall satisfaction” question. One other interesting note when you look at the top 20…how many times you see Johan listed. Six out of his seven sessions were in the top 20…including half of the top 10! Wow!
All of the sessions from MMS are available on Channel 9, and I’ve included direct links to the top 20 below.
|1||UD-B201||Hierarchy Simplification with Configuration Manager 2012||Jarvis Davis|
|2||DC-B316||Real World Windows 8 Deployment with MDT 2012 Update 1||Johan Arwidmark|
|3||DC-B303||Advanced Microsoft Deployment Toolkit 2012 Update 1 Customizations||Mikael Nystrom, Johan Arwidmark|
|4||DC-B306||Building the Perfect Windows 8 Image||Johan Arwidmark, Mikael Nystrom|
|5||IM-B402||Debug Production Application Issues using System Center Operations Manager||Mickey Gousset, Brian Randell|
|6||SD-B312||Configuring Service Manager for Performance and Scale||Nathan Lasnoski|
|7||SD-B317||Best Practices For Runbook Authoring and Managing Orchestrator||Anders Bengtsson, Pete Zerger|
|8||SD-B302||Automating System Center Deployment with the Powershell Deployment Toolkit||Rob Willis|
|9||BOF02||Microsoft Desktop Deployment Toolkit Roundtable||Johan Arwidmark, Mikael Nystrom|
|10||DC-B301||A Geek’s Guide to USMT 5.0||Johan Arwidmark|
|11||UD-B341||Complex Maintenance Using System Center 2012 Configuration Manager and Orchestrator: Patching a Cluster||Neil Peterson|
|12||DC-B313||Maximizing Windows 8 Performance: Troubleshooting Tips||Johan Arwidmark|
|13||UD-B327||The WHY of Configuration Manager: Methods of Deployment||Jarvis Davis|
|14||SD-B318||Orchestrator Best Practices: Lessons Learned at Cargill||Vaughn Nerdahl|
|15||UD-B408||Configuration Manager … Actually||Jason Sandys, Kim Oppalfens|
|16||WS-B309||File Storage Strategies for Private Cloud||Jose Barreto|
|17||MMS102||Open Sourced: myITforum Unplugged||Rod Trent, Ron Crumbaker|
|18||SD-B307||Optimize Your Data Center with Datacenter Services from Microsoft Services||Adam Fazio, David Ziembicki|
|19||WS-B335||Windows Server 2012: Private Cloud and Security||Jeff Woolsey|
|20||DV-B306||Microsoft Application Virtualization 5.0: Migration and Coexistence||George Matthews|
Great first day of the MMS Bible study. Good discussion around the idea of fellowship from 1 John 1:1-4. Some of my discussion notes are below. We will pick up with verses 5-10 tomorrow.
Notes re: what fellowship looks like…
Safety…being able to talk about failings…not being perfect…being able to let your guard down
Marriage …that level of vulnerability
Similar to a small group…living life together
Thanks to everyone who emailed me that they are interested in our morning Bible study / devotional times at MMS again this year. Sorry that I responded to so few of you…really I don’t know that I responded to anyone…it’s been a very busy couple of months! Here are the final details for those who are interested.
We will meet from 7:15-7:45am Monday through Friday this week. Rod Trent was able to get us a room, and he posted details on the room location on his blog a while back. Follow that link to see where we are meeting.
Similar to the last few years, we aren’t doing a formal in depth Bible study this year. Consider it more of a devotional and prayer time to help us set the tone for the day. Looking forward to seeing those of you who have been a part of our group for a few years as well as the first timers. As always, this is by no means a closed group. Feel free to just show up.
See you in the morning bright and early. We will finish in plenty of time to hit the attendee breakfast before the keynote.
I just found out this morning that I will be presenting a third session at MMS. This one is an updated version of the session I did last year. Bummer is that it is the last session of the event…so attendance will probably be low…and people will probably be half asleep from the exhausting week. Might need to see what I can do to wake them up! So…my three sessions for the week are:
There are plenty of resources to tell you HOW to perform various tasks with Configuration Manager. For that matter, there are multiple ways of doing many tasks. This session will use lessons learned from numerous Configuration Manager deployments to teach you WHY you would choose one method over another. This will be a broad, fast-paced session that digs into the questions you should ask to ensure you implement Configuration Manager the right way for your company.
Deploy All of System Center: Two Real World Examples (co-present with Phil Pritchett)
Ever wondered what impact deploying all of System Center could have on your business? Join us for a look at real world examples of two companies who did just that. We will look at the impact and value of implementing all of System Center 2012 Configuration Manager SP1, Operations Manager, Service Manager and Orchestrator. We’ll discuss business needs, process management, standardization, pain points and the importance of deployment order.
The poster child for hierarchy simplification: 15000 systems, 70 locations, 23 Primary sites in Configuration Manager 2007…simplified down to a single primary in Configuration Manager 2012 while expanding ability to delegate management. This session include examples from new hierarchy design/simplification projects. Expect specific real world examples for how to keep your hierarchy as simple as possible.
Every year at MMS for the last five years a group of us have met each morning before breakfast for a short time of Bible discussion, prayer, etc. The last couple of years, Rod Trent has helped us get a meeting room at the event…am expecting he will be able to do so again this year. I will post more details about the location and specific times closer to the event. In the past we have met for about a half hour while allowing time to grab breakfast and get to the first meeting. Probably will end up being something like 7:15-7:45 or 7:30-8:00 Monday-Friday. Might need to adjust a bit this year since both of my speaking sessions are currently scheduled for 8:30am!
Look forward to seeing you there. If you are planning on coming, please leave a comment below or email me via my contact form.
A little over a week ago I found out that I get to speak at MMS again this year…and this year I get to speak twice! My sessions will be:
There are plenty of resources to tell you HOW to perform various tasks with Configuration Manager. For that matter, there are multiple ways of doing many tasks. This session will use lessons learned from numerous Configuration Manager deployments to teach you WHY you would choose one method over another. This will be a broad fast paced session that digs into the questions you should ask to ensure you implement Configuration Manager the right way for your company.
Microsoft System Center: I’m "All In" (Co-present with Phil Pritchett)
Ever wondered what impact deploying all of System Center could have on your business? Join us for a look at a real world example of a company who did just that. We will look at the impact of deploying SCCM, SCOM, SCSM, and Orchestrator all in one environment.
So, if you are going to be in Vegas for the Management Summit, come on by…would love to meet you out there!
A couple of years ago I created a post with the major SQL version numbers. While working with a client this morning, I realized that I had not updated it to reflect several updates that have been released since the original post. Here is an updated table of major version numbers. To see all major and minor version numbers (i.e. versions for cumulative update versions), see this post. I’m also using this post to clean up some inconsistency in how the version numbers were listed in my previous post.
|SQL Version||Version Number|
|SQL Server 2012 RTM||11.0.2100.6|
|SQL Server 2012 SP1||11.0.3000.0|
|SQL Server 2008 R2 RTM||10.50.1600.1|
|SQL Server 2008 R2 SP1||10.50.2500.0|
|SQL Server 2008 R2 SP2||10.50.4000|
|SQL Server 2008 RTM||10.0.1600.0|
|SQL Server 2008 SP1||10.0.2531.0|
|SQL Server 2008 SP2||10.0.4000.0|
|SQL Server 2008 SP3||10.0.5500.0|
|SQL Server 2005 RTM||9.00.1399|
|SQL Server 2005 SP1||9.00.2047|
|SQL Server 2005 SP2||9.00.3042.01|
|SQL Server 2005 SP3||9.00.4035|
|SQL Server 2000 RTM||8.00.194.0|
|SQL Server 2000 SP1||8.00.384.0|
|SQL Server 2000 SP2||8.00.534.0|
|SQL Server 2000 SP3||8.00.760|
|SQL Server 2000 SP3a||8.00.760|
|SQL Server 2000 SP4||8.00.2039|
|SQL Server 7.0 RTM||7.00.623|
|SQL Server 7.0 SP1||7.00.699|
|SQL Server 7.0 SP2||7.00.842|
|SQL Server 7.0 SP3||7.00.961|
|SQL Server 7.0 SP4||7.00.1063|
|SQL Server 6.5 RTM||6.50.201|
|SQL Server 6.5 SP1||6.50.213|
|SQL Server 6.5 SP2||6.50.240|
|SQL Server 6.5 SP3||6.50.258|
|SQL Server 6.5 SP4||6.50.281|
|SQL Server 6.5 SP5||6.50.415|
|SQL Server 6.5 SP5a||6.50.416|
|SQL Server 6.5 SP5a Update||6.50.479|
Over time I have talked with numerous people about where the SQL database should be for the Configuration Manager database. Where this conversation typically comes up is when a company has a DBA team that is demanding that all SQL databases be hosted on dedicated (and super powerful) database servers. These servers predominantly will host numerous SQL databases for a variety of applications. The reasoning typically falls into the following arguments:
- Licensing – We don’t want to have to pay for another SQL license, so all DBs will be on our dedicated SQL servers.
- Performance – Our crazy powerful DB servers will give better performance than what you would install locally.
- Security – We need to maintain control over the content of the DB, and the DB integrity in general. Having them on a dedicated SQL server allows us to do that in the best way.
Sounds like some good arguments right? Well…not so much. Let’s take a look at each of the three.
- Licensing – Not an issue at all. Configuration Manager 2012 licensing includes the ability to install SQL Standard…at no additional charge.
- Performance – There have been arguments for years about whether Configuration Manager performed better with remote or on-box SQL. I’ve seen people give great arguments both ways…but haven’t really seen anything definitive either direction. With Configuration Manager 2012, the recommendation from Microsoft is that SQL be local unless you hit certain size limitations. Unless you are over 50,000 clients, then on-box SQL Standard will work just fine for you. If more than 50,000 clients, then a remote SQL Standard will take you to 100,000 clients. SQL Enterprise is only necessary on a Central Administration Site supporting more than 50,000 clients. (For more info.)
- Security – THIS IS THE BIG ONE! It generally takes about a three minute conversation with a DBA before they run away from this argument. Consider the following facts and implications in a remote SQL scenario:
- The Configuration Manager site server must be a member of the local administrators group on the remote SQL server. (See the Configuration Manager documentation.)
- Several people who are not SQL admins will be administrators on the Configuration Manager site server.
- It is trivial for an admin on the Configuration manager site server to run any application (such as a CMD prompt or SQL Server Management Studio) as Local System. (See this post.)
- Since the Configuration Manager server (Local System) has admin rights on the remote SQL server…the non SQL Admin can VERY easily obtain admin rights on the SQL server.
- The DBA has now started sweating, twitching and begging you to keep your weird database away from his/her server. :-)
So, really the only reason to consider doing remote SQL at all is a performance issue…but you have to be a pretty big organization for that one to come into play. And even if you do need to do remote SQL…it should be a SQL server that is dedicated to Configuration Manager.
Note (12/4/2012): I was talking with a friend late in the day yesterday about this blog post. He reminded me that I had already posted about this issue last April. Thanks Phil…I’m a little scatterbrained sometimes! I’m leaving this post up anyway because it is better than the original in my opinion.
A few months ago I wrote about the great peanut butter disaster in our house…Sam’s mad dash through the house flinging peanut butter. Today was what I will now refer to as “Sam Disaster #2”.
While working from home in my office I hear my wife shriek. I quickly run upstairs where I find her in the bathroom with water running everywhere. She had sent Sam to go wash his hands while she fixed his lunch…ironically, a peanut butter sandwich. :-) Sam had washed his hands, plugged the sink, left the water running wide open, closed the bathroom door, and climbed up to the table for lunch. I honestly don’t think he was trying to be bad…he was just completely oblivious to what he had just done.
While not quite as bad as the “Wet Bandit” scene from Home Alone, it was in the same ballpark. Water all over the counter and floor. Heck…one of the drawers in the vanity had even filled up…had to siphon the water out of it to keep from making an even bigger mess. That drawer was the one that used to hold my electric razor…it was submerged. I hadn’t been planning to replace that anytime soon.
Stay tuned for Sam Disaster #3…I’m sure it will come soon enough.
A bit more than a year ago I posted about my wife and I both reaching our weight loss goals. I also stated that the goal was to be within five pounds of our target weight a year later. I never got around to posting the update when a year rolled around, so this is the year + three months update. Julie and I are both hovering right at our target weight…within a pound or two on a given day. Weight lost and maintained for more than a year! I recently had to renew my driver’s license…very cool to see the difference there…the pic below shows a twenty pound difference…but doesn’t show the extra fifteen that I had gained between those two pictures!
Got more really good news this morning. My employer had a health screening at the office. Last year I got a good cholesterol report…down from the 220 range to 179. This morning I was at 132 for my total…with my good cholesterol at 65…VERY good news!
I am off the charts proud of my 13 year old daughter Laurel! The two of us have been running together for the last six months or so. One of our goals was to run the Autumn Woods Classic 5K this October. The AWC route is a pretty tough course with a lot of hills…not a fast/flat course. Not a course that you would ordinarily choose if you are gunning for a personal record (PR). The race was this morning.
Laurel’s goal was to run in the 28 minute range. Her previous official PR was around 29:30, but she had run this route on a training run with me in about 28:30, so she knew it was possible. She crushed her previous PR. Her time was 26:10…which was fourth place in her age category (93rd finisher out of 547 total)! As her Dad and her “coach” I simply could not be more proud of her. I can’t stop smiling. I was expecting in the 28 minute range…and was completely shocked when she came across so much faster. I watched her “kick” at the end of the race…she dug deep to sprint out the end…it was very impressive.
My goal heading into the race was to finish in under an 8:00/mile pace (24:49). I met my goal by finishing in 24:25 (55th overall). As far as I can remember, that is a PR for me as well. VERY cool that we both hit personal records on the same day! This time next year, I’ll probably be fighting to keep up with her!
BTW…a big thanks to Tim Benjamin for coming out this morning and taking pictures of us before, during and after the race! Tim actually ran out on the course to take shots of us with about 3/4 mile left in the race. Then he kept running ahead of Laurel and taking shots of her over the last leg of the race. We got some awesome shots out of that.
The company I work for is in the TAP program for Lync 2013. As a result, a bunch of us have Lync 2013 and Office 2013 installed on our production computers. There are a lot of features I like…here is a very cool one. I opened up a doc that I was working on yesterday…it opens to the first page of the doc like you would expect, then a pop out balloon opens from the bottom right side of the program asking if I’d like to go back to the last page I was working on when I closed the doc. Very nice!
For a while now I have been being annoyed by Java pestering me to update. Each time I went to the app in the system tray and unchecked the “Check for Updates Automatically” box. However, if you immediately went back into the app, the checkbox was still checked. Highly annoying.
I came across a forum post that answers the issue. Basically it is poor programing from Sun. In order for the setting to actually be set, the Java Control Panel has to run with Admin rights. Instead of the app prompting to elevate, it just fails to set the setting. Come on Sun…figure out how to work with a modern operating system. This has been part of the security model since Vista…and you still don’t have it figured out with Windows 8 being deployed? Get with the program!
To fix this, you will need to open the Java Control Panel with admin rights. First, locate javacpl.exe at one of the following locations:
- c:\Program Files\Java\jre<versionnumber>\bin\javacpl.exe
- c:\Program Files (x86)\Java\jre<versionnumber>\bin\javacpl.exe
Right click javacpl.exe and choose “Run as administrator”:
Go to the “Update” tab, and clear the “Check for Updates Automatically” checkbox.
The setting will actually take effect this time!
This one has annoyed me for years…need to get on my soapbox for a minute.
Let’s talk about the difference between Hardware and Software Inventory in Configuration Manager. Hardware inventory collects data from WMI and the registry. Software inventory looks at file properties. Hardware inventory runs relatively quickly and isn’t very resource intensive. Software inventory can be very resource intensive if not configured correctly. At a high level, here is what is covered by the two:
- Obviously info on system information – Proc, RAM, actual hardware
- Add/Remove Programs information
- File information
- Can be configured to actually collect a copy of a file. (be VERY careful!)
I have talked to numerous clients who are looking at Software Inventory to try to gather data about what software is installed…which it does not gather at all. My pet peeve is not with the way that the system is designed…I think it is a very good design. My issue is with the name. Software inventory is NOT an inventory of software. It is an inventory of FILES. A much better name would be to call it what it actually is…File Inventory.
I have seen very few companies with a real need for information on specific files. Most are simply wanting to know what software is installed on which machines…which Hardware Inventory provides. Some valid uses that I have seen include:
- Locating PST files in an effort to get rid of them.
- Locating password dump files. (Company had experienced internal espionage issues.)
The key to the valid uses of Software inventory is that they had absolutely nothing to do with installed software. They were looking for files.
I have run across this issue when installing both the Cisco AnyConnect VPN client and the “regular” Cisco VPN client. Once the client is installed and you attempt to establish the VPN connection you might get one of the following messages: “Unable to establish VPN” or “The VPN client driver encountered an error.”
The fix is really simple…you simply need to change the Display Name in the registry. Open the following registry key and take out the INF garbage at the front of the Display Name. Note that only one of these may exist depending on which VPN client you have installed…for that matter…I can’t remember the exact key for the regular VPN client…but I’m 99% that it is one of the second two…if the DisplayName has INF garbage in the value…that is the one.
Had a situation this week where I needed to configure IP address, IP Gateway, DNS, Subnet Mask, and DNS Suffix from the command line. Not hard once you have the commands. Putting it here as a reference for myself and others. Here are the three commands for doing this…be careful of line wrapping.
netsh interface ipv4 set address name="local area connection" source=static address=10.10.0.100 mask=255.255.0.0 gateway=10.10.0.254
netsh interface ipv4 add dnsserver name="local area connection" address=10.10.1.1 index=1
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v "SearchList" /d "domain.com" /f