date:20160726

[mssms] RE: Scripting - Pwr Shell AD Attributes

2016-07-26 Thread Freddy Grande

Does that not require RSAT being installed on each client computer?
You might be better off replacing the first two lines with something like this:
# Get Active Directory information for current user
$UserName = $env:username
$Filter = "(&(objectCategory=User)(samAccountName=$UserName))"
$Searcher = New-Object System.DirectoryServices.DirectorySearcher
$Searcher.Filter = $Filter
$ADUserPath = $Searcher.FindOne()
$ADUser = $ADUserPath.GetDirectoryEntry()
$ADTelePhoneNumber = $ADUser.telephoneNumber

You can clean that up and change variables to fit with your script. Just 
grabbed this off my Outlook Signatures script that runs on each client computer 
as users to build their signatures from AD attributes.

Regards,
Freddy

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Murray, Mike
Sent: Wednesday, 27 July 2016 9:56 AM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Scripting - Pwr Shell AD Attributes

Here's some more. I'm just tinkering, I'm sure there's a PowerShell expert or 
50 on this list that could come up with something better. But this would let 
you build the config file on the fly.

Import-Module ActiveDirectory
$phone = Get-ADUser -Identity $env:USERNAME -Properties * | Select-Object 
-ExpandProperty TelephoneNumber

$text = "First Line: Settings Here"
$text = $text + "`r`n"
$text = $text + "Second Line: Settings Here"
$text = $text + "`r`n"
$text = $text + "Extenstion: "
$text = $text + $phone
$text | Out-File C:\Scripts\test.txt


The "`r`n" is a CR-LF.

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Tuesday, July 26, 2016 4:03 PM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Scripting - Pwr Shell AD Attributes

Here's some basic stuff to get you started. You could read the logged in user 
and search their AD user record:

Import-Module ActiveDirectory
Get-ADUser -Identity $env:USERNAME -Properties * | Select-Object 
-ExpandProperty TelephoneNumber | Out-File C:\Scripts\Config.txt

This writes the phone number to a text file. I'm sure you could manipulate this 
to create the config file you want.

Mike

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Enley, Carl
Sent: Tuesday, July 26, 2016 2:22 PM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Scripting - Pwr Shell AD Attributes

Perhaps I am not being clear - I have a package built already, I have the user 
settings and the system settings already worked out. When the application is 
launched the user is prompted to enter their phone extension. I know where this 
information is stored in the config file but I do not know how to query Active 
Directory attribute to retrieve phone extension and then insert this value into 
my config file.

Thanks
Carl

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Andrew Craig
Sent: Tuesday, July 26, 2016 3:28 PM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Scripting - Pwr Shell AD Attributes

Sorry, I didn't read your email properly.

You want to separate the system installation from the user settings,(config 
file).

Powershell app deployment toolkit might be your friend here...

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Enley, Carl
Sent: 26 July 2016 15:27
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Scripting - Pwr Shell AD Attributes

I am not sure? So I can query AD and get a phone extension and update a 
configuration file using GPP? I know I can use it to copy the files to the user 
directory but I already have that worked out, I need a way to export the AD 
information and write it to the configuration file. I think the delivery method 
of that file to the users machine can be either GPP or SCCM etc...

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Andrew Craig
Sent: Tuesday, July 26, 2016 9:01 AM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Scripting - Pwr Shell AD Attributes

Could you not use Group Policy Preferences for this?

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Enley, Carl
Sent: 26 July 2016 14:30
To: mssms@lists.myitforum.com
Subject: [mssms] Scripting - Pwr Shell AD Attributes

I am posting to see if any of you folks have done what I am trying to do and 
can offer any tips or advice. -

Deploying Avaya soft phone package to my end users - package, install 
etc...everything is fine and works great

[mssms] RE: Scripting - Pwr Shell AD Attributes

2016-07-26 Thread Murray, Mike

Here's some more. I'm just tinkering, I'm sure there's a PowerShell expert
or 50 on this list that could come up with something better. But this would
let you build the config file on the fly.

 

Import-Module ActiveDirectory 

$phone = Get-ADUser -Identity $env:USERNAME -Properties * | Select-Object
-ExpandProperty TelephoneNumber

 

$text = "First Line: Settings Here"

$text = $text + "`r`n" 

$text = $text + "Second Line: Settings Here"

$text = $text + "`r`n" 

$text = $text + "Extenstion: "

$text = $text + $phone 

$text | Out-File C:\Scripts\test.txt 

 

 

The "`r`n" is a CR-LF.

 

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Murray, Mike
Sent: Tuesday, July 26, 2016 4:03 PM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Scripting - Pwr Shell AD Attributes

 

Here's some basic stuff to get you started. You could read the logged in
user and search their AD user record:

 

Import-Module ActiveDirectory 

Get-ADUser -Identity $env:USERNAME -Properties * | Select-Object
-ExpandProperty TelephoneNumber | Out-File C:\Scripts\Config.txt 

 

This writes the phone number to a text file. I'm sure you could manipulate
this to create the config file you want.

 

Mike

 

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Enley, Carl
Sent: Tuesday, July 26, 2016 2:22 PM
To: mssms@lists.myitforum.com  
Subject: [mssms] RE: Scripting - Pwr Shell AD Attributes

 

Perhaps I am not being clear - I have a package built already, I have the
user settings and the system settings already worked out. When the
application is launched the user is prompted to enter their phone extension.
I know where this information is stored in the config file but I do not know
how to query Active Directory attribute to retrieve phone extension and then
insert this value into my config file.

 

Thanks

Carl

 

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Andrew Craig
Sent: Tuesday, July 26, 2016 3:28 PM
To: mssms@lists.myitforum.com  
Subject: [mssms] RE: Scripting - Pwr Shell AD Attributes

 

Sorry, I didn't read your email properly.

 

You want to separate the system installation from the user settings,(config
file). 

 

Powershell app deployment toolkit might be your friend here.

 

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Enley, Carl
Sent: 26 July 2016 15:27
To: mssms@lists.myitforum.com  
Subject: [mssms] RE: Scripting - Pwr Shell AD Attributes

 

I am not sure? So I can query AD and get a phone extension and update a
configuration file using GPP? I know I can use it to copy the files to the
user directory but I already have that worked out, I need a way to export
the AD information and write it to the configuration file. I think the
delivery method of that file to the users machine can be either GPP or SCCM
etc.

 

From:  
listsad...@lists.myitforum.com [ 
mailto:listsad...@lists.myitforum.com] On Behalf Of Andrew Craig
Sent: Tuesday, July 26, 2016 9:01 AM
To:   mssms@lists.myitforum.com
Subject: [mssms] RE: Scripting - Pwr Shell AD Attributes

 

Could you not use Group Policy Preferences for this?

 

From:  
listsad...@lists.myitforum.com [ 
mailto:listsad...@lists.myitforum.com] On Behalf Of Enley, Carl
Sent: 26 July 2016 14:30
To:   mssms@lists.myitforum.com
Subject: [mssms] Scripting - Pwr Shell AD Attributes

 

I am posting to see if any of you folks have done what I am trying to do and
can offer any tips or advice. - 

 

Deploying Avaya soft phone package to my end users - package, install
etc.everything is fine and works great no problem there. There is a config
file in %username%\appdata\Roaming\Avaya\etc. that stores the server name,
sip information and a few other static values. I have no problem updating
that file and copying it to that location during the package deployment but
there is one user configured setting that is not static and I cannot set it
during deployment and that is the users phone extension. Obviously every
user has a unique phone extension so the information is different for each
user that installs the package, it is easy enough to have them fill in the
information when the application is launched BUT I like to automate stuff if
at all possible. J

 

So here is my question.is it possible that during the install of the package
maybe as a dependency (this is how I am copying the config files to the user
directory - package installs as "system" file copy as "user") I could have a
PowerShell script that

[mssms] RE: Scripting - Pwr Shell AD Attributes

2016-07-26 Thread Murray, Mike

Here's some basic stuff to get you started. You could read the logged in
user and search their AD user record:

 

Import-Module ActiveDirectory 

Get-ADUser -Identity $env:USERNAME -Properties * | Select-Object
-ExpandProperty TelephoneNumber | Out-File C:\Scripts\Config.txt 

 

This writes the phone number to a text file. I'm sure you could manipulate
this to create the config file you want.

 

Mike

 

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Enley, Carl
Sent: Tuesday, July 26, 2016 2:22 PM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Scripting - Pwr Shell AD Attributes

 

Perhaps I am not being clear - I have a package built already, I have the
user settings and the system settings already worked out. When the
application is launched the user is prompted to enter their phone extension.
I know where this information is stored in the config file but I do not know
how to query Active Directory attribute to retrieve phone extension and then
insert this value into my config file.

 

Thanks

Carl

 

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Andrew Craig
Sent: Tuesday, July 26, 2016 3:28 PM
To: mssms@lists.myitforum.com  
Subject: [mssms] RE: Scripting - Pwr Shell AD Attributes

 

Sorry, I didn't read your email properly.

 

You want to separate the system installation from the user settings,(config
file). 

 

Powershell app deployment toolkit might be your friend here.

 

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Enley, Carl
Sent: 26 July 2016 15:27
To: mssms@lists.myitforum.com  
Subject: [mssms] RE: Scripting - Pwr Shell AD Attributes

 

I am not sure? So I can query AD and get a phone extension and update a
configuration file using GPP? I know I can use it to copy the files to the
user directory but I already have that worked out, I need a way to export
the AD information and write it to the configuration file. I think the
delivery method of that file to the users machine can be either GPP or SCCM
etc.

 

From:  
listsad...@lists.myitforum.com [ 
mailto:listsad...@lists.myitforum.com] On Behalf Of Andrew Craig
Sent: Tuesday, July 26, 2016 9:01 AM
To:   mssms@lists.myitforum.com
Subject: [mssms] RE: Scripting - Pwr Shell AD Attributes

 

Could you not use Group Policy Preferences for this?

 

From:  
listsad...@lists.myitforum.com [ 
mailto:listsad...@lists.myitforum.com] On Behalf Of Enley, Carl
Sent: 26 July 2016 14:30
To:   mssms@lists.myitforum.com
Subject: [mssms] Scripting - Pwr Shell AD Attributes

 

I am posting to see if any of you folks have done what I am trying to do and
can offer any tips or advice. - 

 

Deploying Avaya soft phone package to my end users - package, install
etc.everything is fine and works great no problem there. There is a config
file in %username%\appdata\Roaming\Avaya\etc. that stores the server name,
sip information and a few other static values. I have no problem updating
that file and copying it to that location during the package deployment but
there is one user configured setting that is not static and I cannot set it
during deployment and that is the users phone extension. Obviously every
user has a unique phone extension so the information is different for each
user that installs the package, it is easy enough to have them fill in the
information when the application is launched BUT I like to automate stuff if
at all possible. J

 

So here is my question.is it possible that during the install of the package
maybe as a dependency (this is how I am copying the config files to the user
directory - package installs as "system" file copy as "user") I could have a
PowerShell script that queries AD for the phone extension of the logged on
user and inserts it into the config file? Has anyone written a script to
query AD attributes and insert them into a text file replacing a current
value?

 

Thanks for any tips / advice.

 

 

 

 

 

 

 





smime.p7s
Description: S/MIME cryptographic signature

[mssms] RE: Scripting - Pwr Shell AD Attributes

2016-07-26 Thread Enley, Carl

Perhaps I am not being clear - I have a package built already, I have the user 
settings and the system settings already worked out. When the application is 
launched the user is prompted to enter their phone extension. I know where this 
information is stored in the config file but I do not know how to query Active 
Directory attribute to retrieve phone extension and then insert this value into 
my config file.

Thanks
Carl

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Andrew Craig
Sent: Tuesday, July 26, 2016 3:28 PM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Scripting - Pwr Shell AD Attributes

Sorry, I didn't read your email properly.

You want to separate the system installation from the user settings,(config 
file).

Powershell app deployment toolkit might be your friend here...

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Enley, Carl
Sent: 26 July 2016 15:27
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Scripting - Pwr Shell AD Attributes

I am not sure? So I can query AD and get a phone extension and update a 
configuration file using GPP? I know I can use it to copy the files to the user 
directory but I already have that worked out, I need a way to export the AD 
information and write it to the configuration file. I think the delivery method 
of that file to the users machine can be either GPP or SCCM etc...

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Andrew Craig
Sent: Tuesday, July 26, 2016 9:01 AM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Scripting - Pwr Shell AD Attributes

Could you not use Group Policy Preferences for this?

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Enley, Carl
Sent: 26 July 2016 14:30
To: mssms@lists.myitforum.com
Subject: [mssms] Scripting - Pwr Shell AD Attributes

I am posting to see if any of you folks have done what I am trying to do and 
can offer any tips or advice. -

Deploying Avaya soft phone package to my end users - package, install 
etc...everything is fine and works great no problem there. There is a config 
file in %username%\appdata\Roaming\Avaya\etc... that stores the server name, 
sip information and a few other static values. I have no problem updating that 
file and copying it to that location during the package deployment but there is 
one user configured setting that is not static and I cannot set it during 
deployment and that is the users phone extension. Obviously every user has a 
unique phone extension so the information is different for each user that 
installs the package, it is easy enough to have them fill in the information 
when the application is launched BUT I like to automate stuff if at all 
possible. :)

So here is my question...is it possible that during the install of the package 
maybe as a dependency (this is how I am copying the config files to the user 
directory - package installs as "system" file copy as "user") I could have a 
PowerShell script that queries AD for the phone extension of the logged on user 
and inserts it into the config file? Has anyone written a script to query AD 
attributes and insert them into a text file replacing a current value?

Thanks for any tips / advice.

[mssms] RE: Scripting - Pwr Shell AD Attributes

2016-07-26 Thread Andrew Craig

Sorry, I didn't read your email properly.

You want to separate the system installation from the user settings,(config 
file).

Powershell app deployment toolkit might be your friend here...

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Enley, Carl
Sent: 26 July 2016 15:27
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Scripting - Pwr Shell AD Attributes

I am not sure? So I can query AD and get a phone extension and update a 
configuration file using GPP? I know I can use it to copy the files to the user 
directory but I already have that worked out, I need a way to export the AD 
information and write it to the configuration file. I think the delivery method 
of that file to the users machine can be either GPP or SCCM etc...

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Andrew Craig
Sent: Tuesday, July 26, 2016 9:01 AM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Scripting - Pwr Shell AD Attributes

Could you not use Group Policy Preferences for this?

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Enley, Carl
Sent: 26 July 2016 14:30
To: mssms@lists.myitforum.com
Subject: [mssms] Scripting - Pwr Shell AD Attributes

I am posting to see if any of you folks have done what I am trying to do and 
can offer any tips or advice. -

Deploying Avaya soft phone package to my end users - package, install 
etc...everything is fine and works great no problem there. There is a config 
file in %username%\appdata\Roaming\Avaya\etc... that stores the server name, 
sip information and a few other static values. I have no problem updating that 
file and copying it to that location during the package deployment but there is 
one user configured setting that is not static and I cannot set it during 
deployment and that is the users phone extension. Obviously every user has a 
unique phone extension so the information is different for each user that 
installs the package, it is easy enough to have them fill in the information 
when the application is launched BUT I like to automate stuff if at all 
possible. :)

So here is my question...is it possible that during the install of the package 
maybe as a dependency (this is how I am copying the config files to the user 
directory - package installs as "system" file copy as "user") I could have a 
PowerShell script that queries AD for the phone extension of the logged on user 
and inserts it into the config file? Has anyone written a script to query AD 
attributes and insert them into a text file replacing a current value?

Thanks for any tips / advice.

RE: [mssms] SCCM and TLS 1.2

2016-07-26 Thread Mote, Todd

Yea this all should be in one place…  I guess I’ll have to find somewhere to 
host it…

So it continues…  Reporting Services… “The underlying connection was closed: An 
unexpected error occurred on a send.”

Found
https://blogs.msdn.microsoft.com/dataaccesstechnologies/2016/07/12/enable-tls-1-2-protocol-for-reporting-services-with-custom-net-application/
which helped a ton.  I had been on
https://support.microsoft.com/en-us/kb/3135244
initially when we installed SQL 2014 for the WSUS server I started this journey 
out on, but didn’t revisit for the SCCM server until today.  I installed all 
the ADO.Net, SQL Native Client, and ODBC Driver updates it listed.  (I didn’t 
install the JDBC updates) in addition to the .NET 3.5 SP1 update.  Both that 
update page and the msdn blog had another registry key to add

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727] 
"SystemDefaultTlsVersions"=dword:0001

A reboot, and SSRS is now working.

My SCCM Server is 1606 with SQL 2012 SP3 GDR TLS 1.2 Update (11.0.6216.27)

I think that’s it…

I’ll see what else crops up.

Todd

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Andreas Hammarskjöld
Sent: Tuesday, July 26, 2016 1:03 PM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] SCCM and TLS 1.2

Awesome info! Now this is my this list is friggin’ great!

//A

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jason Sandys
Sent: den 26 juli 2016 18:17
To: mssms@lists.myitforum.com
Subject: RE: [mssms] SCCM and TLS 1.2

*cough* Blog Post *cough*

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Mote, Todd
Sent: Tuesday, July 26, 2016 10:33 AM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] SCCM and TLS 1.2

Just in case anybody else is wondering about TLS 1.2, SCCM and WSUS...  I moved 
my test SCCM 1606 to the OU with ONLY TLS 1.2 enabled and as I suspected, SCCM 
could not communicate with WSUS, so I unchecked the “Require SSL” box on the 
ApiRemoting30 website app in IIS.  It could communicate again.  Not feeling 
great about that, but what could I do?  Then on my way home, a colleague of 
mine sent me a link to a configuration page for Azure AD Connect and how to 
configure it to use TLS 1.2, and knowing my odyssey with TLS 1.2 thought I 
might like to see it.  And what do you know, it contained a registry setting 
for .NET Framework to make .NET use strong cryptography.  
https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-prerequisites/#enable-tls-12-for-azure-ad-connect

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 
"SchUseStrongCrypto"=dword:0001

It occurred to me that all of the calls in the errors in the WSUS console I saw 
were .NET assembly errors.  I wondered if it was .NET and not the WSUS console 
that was the issue, so I checked the box on the “APIRemoting30” website app 
back to “Require SSL”, added the above registry key, and restarted the server.  
When it came back up, the WSUS console was able to connect and it shows SSL 
over port 8531 in the WSUS console.  So it’s not the WSUS console that has the 
issue, it’s .NET Framework itself that by default doesn’t support strong 
cryptography.  By adding this key, first, one can follow the published MS 
documentation on securing WSUS with SSL and use ONLY TLS 1.2.  And consequently 
SCCM works as well with only TLS 1.2 enabled, including communicating with 
WSUS.  Seems like that little registry key might help out a lot of things, 
including PowerShell, since it’s .NET, to use TLS 1.2…

Todd

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Mote, Todd
Sent: Wednesday, July 20, 2016 11:12 PM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] SCCM and TLS 1.2

Thanks Sherry

Our security office is starting to get twitchy about everything but TLS 1.2 so 
I’ve worked out the Group Policy to turn it off and it seems to work well for 
most things.  Our WSUS adventure started with SQL 2014, we couldn’t get it all 
the way installed with only TLS 1.2 active, because TLS 1.2 wasn’t supported on 
SQL 2014 until CU 3 or 4 I think, so we had to reenable TLS 1.0, install SQL, 
install the CU then turn it back off again.  The WSUS console, and subsequently 
WSUS PowerShell, was solved by a call to MS and by unchecking the Require SSL 
box on the “APIRemoting30” Web app in IIS.  Clients connected fine and updated 
fine all along over TLS 1.2, it was only the console that couldn’t connect, so 
left WSUS working, but unmanageable.

I know we’re not supposed to monkey with the WSUS console connected to SCCM, 
but it would seem to me that one would have the same issue from

[mssms] RE: Missing Drivers Tab on Boot images After Upgrading to ADK 1511

2016-07-26 Thread jeff.carreon

Thanks Jason.  But I've done that.  We have a dedicated server for console use, 
and that's where we have another ADK instance installed, which matches the 
version of the boot image.  And matches the version that's installed on the 
CAS.   I've even tried creating new ones, but the drivers tab for these boot 
images on the CM console is still not showing up.



JEFF CARREON

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Jason Sandys
Sent: Tuesday, July 26, 2016 3:28 PM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Missing Drivers Tab on Boot images After Upgrading to ADK 
1511

You can only manage boot images in the console (including things like drivers) 
if the boot image version matches the version of the ADK installed. You can 
still use those boot images no problem, but to modify them, like adding or 
removing drivers, you will need to do this manually using an instance of the 
ADK installed on another system that matches the version of the boot image in 
question.

J

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of 
jeff.carr...@wellsfargo.com
Sent: Tuesday, July 26, 2016 2:09 PM
To: mssms@lists.myitforum.com
Subject: [mssms] Missing Drivers Tab on Boot images After Upgrading to ADK 1511

We just recently upgraded our ADK to ADK for win10 1511 on our site servers.   
(We have a CAS and a primary in our lab.  Currently CMCB 1606)  Then the 
drivers tab on the boot images just disappeared.   I've followed several blogs 
out there including the one below, to no avail.Any other suggestions?  
Thanks in advance!!!

http://blog.coretech.dk/hra/missing-tabs-on-boot-image-after-installing-adk-for-windows-10-in-configmgr/



JEFF CARREON

[mssms] RE: Missing Drivers Tab on Boot images After Upgrading to ADK 1511

2016-07-26 Thread Jason Sandys

You can only manage boot images in the console (including things like drivers) 
if the boot image version matches the version of the ADK installed. You can 
still use those boot images no problem, but to modify them, like adding or 
removing drivers, you will need to do this manually using an instance of the 
ADK installed on another system that matches the version of the boot image in 
question.

J

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of jeff.carr...@wellsfargo.com
Sent: Tuesday, July 26, 2016 2:09 PM
To: mssms@lists.myitforum.com
Subject: [mssms] Missing Drivers Tab on Boot images After Upgrading to ADK 1511

We just recently upgraded our ADK to ADK for win10 1511 on our site servers.   
(We have a CAS and a primary in our lab.  Currently CMCB 1606)  Then the 
drivers tab on the boot images just disappeared.   I've followed several blogs 
out there including the one below, to no avail.Any other suggestions?  
Thanks in advance!!!

http://blog.coretech.dk/hra/missing-tabs-on-boot-image-after-installing-adk-for-windows-10-in-configmgr/



JEFF CARREON

[mssms] Missing Drivers Tab on Boot images After Upgrading to ADK 1511

2016-07-26 Thread jeff.carreon

We just recently upgraded our ADK to ADK for win10 1511 on our site servers.   
(We have a CAS and a primary in our lab.  Currently CMCB 1606)  Then the 
drivers tab on the boot images just disappeared.   I've followed several blogs 
out there including the one below, to no avail.Any other suggestions?  
Thanks in advance!!!

http://blog.coretech.dk/hra/missing-tabs-on-boot-image-after-installing-adk-for-windows-10-in-configmgr/



JEFF CARREON

RE: [mssms] AMT/OOBM

2016-07-26 Thread Andreas Hammarskjöld

I would just implement a PS with the views for wakeup and connect to the 
switches and let them do the WOL.

Now that would be a product in its own but we are just too busy… so just enable 
the Cisco (or other vendor) WOL capabilities and let a PS script connect to 
each switch and wake em up.

//A

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Ed Aldrich
Sent: den 26 juli 2016 18:45
To: mssms@lists.myitforum.com
Subject: RE: [mssms] AMT/OOBM

FWIW, we at 1E fairly frequently encounter new NightWatchman Enterprise 
opportunities who have struggled with AMT/CfgMgr and been unsuccessful at 
getting it to live up to the promise. This is what brought them to us in the 
first place. There are a number of reasons why this AMT/CfgMgr solution is 
problematic but I won’t go into that here. Just wanted to share a personal 
observation.

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Adam Juelich
Sent: Tuesday, July 26, 2016 10:53 AM
To: mssms@lists.myitforum.com
Subject: [mssms] AMT/OOBM

Hello,

Just curious how people are handling this in Current Branch?  My understanding 
is that it will carry over some features when doing an upgrade but a fresh 
install will not allow you to set this up.  Is this in the pipeline or have 
others looked into other options like 1E NightWatchman?

Thanks!





Legal Notice: This email is intended only for the person(s) to whom it is 
addressed. If you are not an intended recipient and have received this message 
in error, please notify the sender immediately by replying to this email or 
calling +44(0) 2083269015 (UK) or +1 866 592 4214 (USA). This email and any 
attachments may be privileged and/or confidential. The unauthorized use, 
disclosure, copying or printing of any information it contains is strictly 
prohibited. The opinions expressed in this email are those of the author and do 
not necessarily represent the views of 1E Ltd. Nothing in this email will 
operate to bind 1E to any order or other contract.

RE: [mssms] SCCM and TLS 1.2

2016-07-26 Thread Andreas Hammarskjöld

Awesome info! Now this is my this list is friggin’ great!

//A

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Jason Sandys
Sent: den 26 juli 2016 18:17
To: mssms@lists.myitforum.com
Subject: RE: [mssms] SCCM and TLS 1.2

*cough* Blog Post *cough*

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Mote, Todd
Sent: Tuesday, July 26, 2016 10:33 AM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] SCCM and TLS 1.2

Just in case anybody else is wondering about TLS 1.2, SCCM and WSUS...  I moved 
my test SCCM 1606 to the OU with ONLY TLS 1.2 enabled and as I suspected, SCCM 
could not communicate with WSUS, so I unchecked the “Require SSL” box on the 
ApiRemoting30 website app in IIS.  It could communicate again.  Not feeling 
great about that, but what could I do?  Then on my way home, a colleague of 
mine sent me a link to a configuration page for Azure AD Connect and how to 
configure it to use TLS 1.2, and knowing my odyssey with TLS 1.2 thought I 
might like to see it.  And what do you know, it contained a registry setting 
for .NET Framework to make .NET use strong cryptography.  
https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-prerequisites/#enable-tls-12-for-azure-ad-connect

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 
"SchUseStrongCrypto"=dword:0001

It occurred to me that all of the calls in the errors in the WSUS console I saw 
were .NET assembly errors.  I wondered if it was .NET and not the WSUS console 
that was the issue, so I checked the box on the “APIRemoting30” website app 
back to “Require SSL”, added the above registry key, and restarted the server.  
When it came back up, the WSUS console was able to connect and it shows SSL 
over port 8531 in the WSUS console.  So it’s not the WSUS console that has the 
issue, it’s .NET Framework itself that by default doesn’t support strong 
cryptography.  By adding this key, first, one can follow the published MS 
documentation on securing WSUS with SSL and use ONLY TLS 1.2.  And consequently 
SCCM works as well with only TLS 1.2 enabled, including communicating with 
WSUS.  Seems like that little registry key might help out a lot of things, 
including PowerShell, since it’s .NET, to use TLS 1.2…

Todd

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Mote, Todd
Sent: Wednesday, July 20, 2016 11:12 PM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] SCCM and TLS 1.2

Thanks Sherry

Our security office is starting to get twitchy about everything but TLS 1.2 so 
I’ve worked out the Group Policy to turn it off and it seems to work well for 
most things.  Our WSUS adventure started with SQL 2014, we couldn’t get it all 
the way installed with only TLS 1.2 active, because TLS 1.2 wasn’t supported on 
SQL 2014 until CU 3 or 4 I think, so we had to reenable TLS 1.0, install SQL, 
install the CU then turn it back off again.  The WSUS console, and subsequently 
WSUS PowerShell, was solved by a call to MS and by unchecking the Require SSL 
box on the “APIRemoting30” Web app in IIS.  Clients connected fine and updated 
fine all along over TLS 1.2, it was only the console that couldn’t connect, so 
left WSUS working, but unmanageable.

I know we’re not supposed to monkey with the WSUS console connected to SCCM, 
but it would seem to me that one would have the same issue from the SCCM 
console since it uses the same APIs to manipulate WSUS.  Did you happen to try 
changing any of the Software Update stuff around in your testing?  I’ve 
upgraded our lab to 1602 and SQL 2012 SP3 +GDR to support TLS 1.2.  I may apply 
my GPO to it and see what happens.  Prod is slated to upgrade later this 
summer, so I wanted to work this out before then.

We don’t have anything, that I’m aware of, extra wanting at the SCCM DB.  I’ll 
have to wait and see if anybody complains when it gets turned off.  ☺

Thanks again for the reply.

Todd

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Sherry Kissinger
Sent: Wednesday, July 20, 2016 5:13 PM
To: mssms@lists.myitforum.com
Subject: Re: [mssms] SCCM and TLS 1.2

This is anecdotal; not any kind of documentation on it.  But we attempted to 
enable only TLS 1.1 and TLS 1.2 in the lab. (disable tls 1.0 and ssl3, ssl2 was 
already disabled for years) For Current Branch console connectivity (1602 at 
the time of testing, in case someone looks at this email in the future), it 
worked just fine for us.  Keep in mind we were Server12 r2 everywhere (fully 
patched), and we were at SQL 2014, latest SP, and latest cumulative update, and 
latest SNAC on any machines hosting the console and the site servers

[mssms] RE: [MDT-OSD] Enable command support using prestart command?

2016-07-26 Thread Andreas Hammarskjöld

Although I agree with Keith, if it's just a matter of "hiding" it then how 
about replacing cmd.exe with your own app prompting for a pwd?

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Keith Garner (Hotmail)
Sent: den 26 juli 2016 18:43
To: mdt...@lists.myitforum.com; mssms@lists.myitforum.com
Subject: RE: [MDT-OSD] Enable command support using prestart command?

If you are concerned about unauthorized access to the file system, then you 
should be using BitLocker.
Everything else is a hack.

-k

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Dave West
Sent: Tuesday, July 26, 2016 2:22 AM
To: mssms@lists.myitforum.com; 
mdt...@lists.myitforum.com
Subject: [MDT-OSD] Enable command support using prestart command?

I am wondering if anyone knows a way of enabling command support in WinPE on 
the fly using the prestart command?

The reason is that we have PXE enabled and as PXE does not require a password 
to boot (although we do require a BIOS password to boot from anything other 
than local disk) we don't want to enable command support in the PXE boot image 
as this could allow unauthorised access to the file system.

We are using the prestart command to run bginfo to display the system and 
network information and I notice that the prestart command is only initiated 
after the password is entered into the OSD wizard.

I was thinking we could use this 'authentication' to also enable the command 
support after the wizard password has been entered as it is very useful for our 
support engineers to have command line access.

P.S. I don't want to simply launch a command prompt as the support engineers 
will need to remember to close it otherwise WinPE will not reboot, we just want 
the 'F8' option enabled on the fly.

Any thoughts would be appreciated.

Dave West
Senior Operations Analyst

Technology and Information Services | 1 Kirkby Place | Plymouth University | 
Drake Circus | Plymouth | PL4 8AA | UK
Tel: 01752 587247 | Email: 
dave.w...@plymouth.ac.uk

[http://www.plymouth.ac.uk/images/email_footer.gif]

This email and any files with it are confidential and intended solely for the 
use of the recipient to whom it is addressed. If you are not the intended 
recipient then copying, distribution or other use of the information contained 
is strictly prohibited and you should not rely on it. If you have received this 
email in error please let the sender know immediately and delete it from your 
system(s). Internet emails are not necessarily secure. While we take every 
care, Plymouth University accepts no responsibility for viruses and it is your 
responsibility to scan emails and their attachments. Plymouth University does 
not accept responsibility for any changes made after it was sent. Nothing in 
this email or its attachments constitutes an order for goods or services unless 
accompanied by an official order form.

RE: [mssms] SCCM and TLS 1.2

2016-07-26 Thread Jason Sandys

*cough* Blog Post *cough*

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Mote, Todd
Sent: Tuesday, July 26, 2016 10:33 AM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] SCCM and TLS 1.2

Just in case anybody else is wondering about TLS 1.2, SCCM and WSUS...  I moved 
my test SCCM 1606 to the OU with ONLY TLS 1.2 enabled and as I suspected, SCCM 
could not communicate with WSUS, so I unchecked the “Require SSL” box on the 
ApiRemoting30 website app in IIS.  It could communicate again.  Not feeling 
great about that, but what could I do?  Then on my way home, a colleague of 
mine sent me a link to a configuration page for Azure AD Connect and how to 
configure it to use TLS 1.2, and knowing my odyssey with TLS 1.2 thought I 
might like to see it.  And what do you know, it contained a registry setting 
for .NET Framework to make .NET use strong cryptography.  
https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-prerequisites/#enable-tls-12-for-azure-ad-connect

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 
"SchUseStrongCrypto"=dword:0001

It occurred to me that all of the calls in the errors in the WSUS console I saw 
were .NET assembly errors.  I wondered if it was .NET and not the WSUS console 
that was the issue, so I checked the box on the “APIRemoting30” website app 
back to “Require SSL”, added the above registry key, and restarted the server.  
When it came back up, the WSUS console was able to connect and it shows SSL 
over port 8531 in the WSUS console.  So it’s not the WSUS console that has the 
issue, it’s .NET Framework itself that by default doesn’t support strong 
cryptography.  By adding this key, first, one can follow the published MS 
documentation on securing WSUS with SSL and use ONLY TLS 1.2.  And consequently 
SCCM works as well with only TLS 1.2 enabled, including communicating with 
WSUS.  Seems like that little registry key might help out a lot of things, 
including PowerShell, since it’s .NET, to use TLS 1.2…

Todd

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Mote, Todd
Sent: Wednesday, July 20, 2016 11:12 PM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] SCCM and TLS 1.2

Thanks Sherry

Our security office is starting to get twitchy about everything but TLS 1.2 so 
I’ve worked out the Group Policy to turn it off and it seems to work well for 
most things.  Our WSUS adventure started with SQL 2014, we couldn’t get it all 
the way installed with only TLS 1.2 active, because TLS 1.2 wasn’t supported on 
SQL 2014 until CU 3 or 4 I think, so we had to reenable TLS 1.0, install SQL, 
install the CU then turn it back off again.  The WSUS console, and subsequently 
WSUS PowerShell, was solved by a call to MS and by unchecking the Require SSL 
box on the “APIRemoting30” Web app in IIS.  Clients connected fine and updated 
fine all along over TLS 1.2, it was only the console that couldn’t connect, so 
left WSUS working, but unmanageable.

I know we’re not supposed to monkey with the WSUS console connected to SCCM, 
but it would seem to me that one would have the same issue from the SCCM 
console since it uses the same APIs to manipulate WSUS.  Did you happen to try 
changing any of the Software Update stuff around in your testing?  I’ve 
upgraded our lab to 1602 and SQL 2012 SP3 +GDR to support TLS 1.2.  I may apply 
my GPO to it and see what happens.  Prod is slated to upgrade later this 
summer, so I wanted to work this out before then.

We don’t have anything, that I’m aware of, extra wanting at the SCCM DB.  I’ll 
have to wait and see if anybody complains when it gets turned off.  ☺

Thanks again for the reply.

Todd

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Sherry Kissinger
Sent: Wednesday, July 20, 2016 5:13 PM
To: mssms@lists.myitforum.com
Subject: Re: [mssms] SCCM and TLS 1.2

This is anecdotal; not any kind of documentation on it.  But we attempted to 
enable only TLS 1.1 and TLS 1.2 in the lab. (disable tls 1.0 and ssl3, ssl2 was 
already disabled for years) For Current Branch console connectivity (1602 at 
the time of testing, in case someone looks at this email in the future), it 
worked just fine for us.  Keep in mind we were Server12 r2 everywhere (fully 
patched), and we were at SQL 2014, latest SP, and latest cumulative update, and 
latest SNAC on any machines hosting the console and the site servers themselves.

With that said... the CONSOLE worked fine.  But as you might imagine we have a 
lot of 3rd party "things" that want to get at our data in the database.  Even 
after walking everyone through getting to the bare minimum versions of odbc 
drivers (if that's what they were using) or SQL mgmt. studio (if that's what 
they were

RE: [mssms] AMT/OOBM

2016-07-26 Thread Ed Aldrich

FWIW, we at 1E fairly frequently encounter new NightWatchman Enterprise 
opportunities who have struggled with AMT/CfgMgr and been unsuccessful at 
getting it to live up to the promise. This is what brought them to us in the 
first place. There are a number of reasons why this AMT/CfgMgr solution is 
problematic but I won’t go into that here. Just wanted to share a personal 
observation.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Adam Juelich
Sent: Tuesday, July 26, 2016 10:53 AM
To: mssms@lists.myitforum.com
Subject: [mssms] AMT/OOBM

Hello,

Just curious how people are handling this in Current Branch?  My understanding 
is that it will carry over some features when doing an upgrade but a fresh 
install will not allow you to set this up.  Is this in the pipeline or have 
others looked into other options like 1E NightWatchman?

Thanks!





Legal Notice: This email is intended only for the person(s) to whom it is 
addressed. If you are not an intended recipient and have received this message 
in error, please notify the sender immediately by replying to this email or 
calling +44(0) 2083269015 (UK) or +1 866 592 4214 (USA). This email and any 
attachments may be privileged and/or confidential. The unauthorized use, 
disclosure, copying or printing of any information it contains is strictly 
prohibited. The opinions expressed in this email are those of the author and do 
not necessarily represent the views of 1E Ltd. Nothing in this email will 
operate to bind 1E to any order or other contract.

RE: [External] [mssms] ConfigMgr 1606 current branch available now

2016-07-26 Thread Jason Sandys

That’s correct. I expect, but don’t know for sure, that 1610 (1610 because the 
math 1606 – 1602 = 4, 1606 + 4 = 1610) will be a baseline build. Baseline 
builds are those released on media and intended for direct new site 
installation. This makes sense also because its release should thus coincide 
with the release of System Center 2016 (which I expect 1610 will be part of in 
some form or fashion at least in name, marketing terms, and/or licensing) at 
Ignite.

J

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Adam Juelich
Sent: Tuesday, July 26, 2016 10:56 AM
To: mssms@lists.myitforum.com
Subject: Re: [External] [mssms] ConfigMgr 1606 current branch available now

My understanding is that they will only provide an updated ISO once a year.  
Currently you have to move to 1511 and then upgrade.

On Tue, Jul 26, 2016 at 10:08 AM, Brian Illner 
> wrote:
We’re going to be upgrading our SCCM environment before too long.

Does anyone know if MS plans to make a new downloadable ISO for this build?

Or will we still have to upgrade to 1511 and then apply the updated builds?

BRIAN ILLNER | Canal Insurance Company
864.250.9227
864.679.2537 Fax
Visit canalinsurance.com for news and information.
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] 
On Behalf Of Linkey, Mike
Sent: Tuesday, July 26, 2016 8:18 AM
To: mssms@lists.myitforum.com
Subject: RE: [External] [mssms] ConfigMgr 1606 current branch available now

I let it sit for a few hours then tried it all again and then it worked.  Must 
have been having a moment…Thanks for the input.

Mike L.

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jason Sandys
Sent: Monday, July 25, 2016 1:52 PM
To: mssms@lists.myitforum.com
Subject: RE: [External] [mssms] ConfigMgr 1606 current branch available now

Are you sure it’s not installed already?

Re-running the script btw won’t change anything – all that the script does is 
flip a value in the site control file.

J

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Linkey, Mike
Sent: Monday, July 25, 2016 11:31 AM
To: mssms@lists.myitforum.com
Subject: RE: [External] [mssms] ConfigMgr 1606 current branch available now

Yep several times in fact.  It was there Friday, but gone today.  I see this in 
the hman.log file

Configuration Manager Update (PackageGuid=705820EF-6982-4417-8E54-307454C9A17A) 
is not applicable and should be filtered.

Don’t get why it says it is not applicable especially since I have ran that 
script at least 6 times again today.

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jason Sandys
Sent: Monday, July 25, 2016 9:48 AM
To: mssms@lists.myitforum.com
Subject: RE: [External] [mssms] ConfigMgr 1606 current branch available now

No. Did you run the PowerShell script to opt in to the fast ring?

J

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Linkey, Mike
Sent: Monday, July 25, 2016 8:04 AM
To: mssms@lists.myitforum.com
Subject: RE: [External] [mssms] ConfigMgr 1606 current branch available now

I saw this was available on Friday before I left.  Today, it is no longer an 
option for Updating.  Did it get pulled?

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Brian Illner
Sent: Friday, July 22, 2016 11:40 AM
To: mssms@lists.myitforum.com
Subject: [External] [mssms] ConfigMgr 1606 current branch available now

[mssms] RE: Query for all Windows Servers (Virtual)

2016-07-26 Thread Damien Solodow

Here ya go:
SELECT Manufacturer0,
  cs.Model0,
  Count(cs.Model0) AS 'Count'
FROM dbo.v_GS_COMPUTER_SYSTEM cs
join dbo.v_R_System s
on cs.ResourceID = s.ResourceID
where s.Is_Virtual_Machine0 = '1'
GROUP BY cs.Manufacturer0,cs.Model0
ORDER BY cs.Model0

DAMIEN SOLODOW
Senior Systems Engineer
317.447.6033 (office)
HARRISON COLLEGE

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Brian McDonald
Sent: Tuesday, July 26, 2016 11:06 AM
To: mssms@lists.myitforum.com
Subject: [mssms] Query for all Windows Servers (Virtual)


Hello,



I need to get a list of all virtual servers in my environment. I'm using the 
following query:


SELECT Manufacturer0, Model0, Count(Model0) AS 'Count'
FROM dbo.v_GS_COMPUTER_SYSTEM
GROUP BY Manufacturer0,Model0
ORDER BY Model0



I get a list of all Physical HW, but the virtual counts I'm concerned with as 
some VMs will have Windows Client OS installed. How can I modify the above 
query to only get Virtual Machines with Windows Server OS? I have some VMware, 
but predominantly Hyper-V in my environment.



Thanks,

Brian

RE: [mssms] applications / packages

2016-07-26 Thread Stuart Watret

Sherry,
No it was the following morning 9:15 !

Anyway / right click collection force app whatever / wait 20 mins, force 
summarization, it looked a little better.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Sherry Kissinger
Sent: 22 July 2016 17:23
To: mssms@lists.myitforum.com
Subject: Re: [mssms] applications / packages

When was the last summarization for that?  (upper right, not in your 
screenshot).  Was it perhaps, oh... around 13:25?

Console stuff for deployments rely on summarization tasks.

On Fri, Jul 22, 2016 at 8:02 AM, J v D 
> wrote:
Provide details on the deployment settings

> Op 22 jul. 2016 om 13:13 heeft Stuart Watret 
> > het volgende 
> geschreven:
>
> Maybe I’m expecting too much.
> We are transitioning from Packages to Applications, I’ve just pushed our 
> standard flash update out as an Application.
>
> Previously our Packages, didn’t use DP’s; it was quick and successful.
>
> I could normally crash through Flash/Air/Shockwave in an hour to between 4k 
> and 5k with very few errors.
>
> Yesterday I tried Flash as the Application - disappointing reporting.
>
> I attach the screen shot from this morning, I’m not buying that everyone left 
> early just after lunch.
>
> Is this the new norm? We don’t even have maintenance windows :)
>
> 
>

--
Thank you,

Sherry Kissinger

My Parameters:  Standardize. Simplify. Automate
Blogs: http://www.mofmaster.com, http://mnscug.org/blogs/sherry-kissinger, 
http://www.smguru.org

Re: [External] [mssms] ConfigMgr 1606 current branch available now

2016-07-26 Thread Adam Juelich

My understanding is that they will only provide an updated ISO once a
year.  Currently you have to move to 1511 and then upgrade.

On Tue, Jul 26, 2016 at 10:08 AM, Brian Illner 
wrote:

> We’re going to be upgrading our SCCM environment before too long.
>
>
>
> Does anyone know if MS plans to make a new downloadable ISO for this build?
>
>
>
> Or will we still have to upgrade to 1511 and then apply the updated builds?
>
>
>
> *BRIAN* *ILLNER |* Canal Insurance Company
> 864.250.9227
> 864.679.2537 Fax
>
> Visit canalinsurance.com for news and information.
>
> *WARNING*:  *As the information in this transmittal (including
> attachments, if any) may contain confidential, proprietary, or business
> trade secret information, it should only be reviewed by those who are the
> intended recipients.  Unless you are an intended recipient, any review,
> use, disclosure, distribution or copying of this transmittal (or any
> attachments) is strictly prohibited.   If you have received this
> transmittal in error, please notify me immediately by reply email and
> destroy all copies of the transmittal.  While Canal believes this
> transmittal to be free of virus or other defect, it is the responsibility
> of the recipient to ensure that it is virus free and no responsibility is
> accepted by Canal (or its subsidiaries and affiliates) for any loss or
> damage arising therefrom.*
>
> *From:* listsad...@lists.myitforum.com [mailto:
> listsad...@lists.myitforum.com] *On Behalf Of *Linkey, Mike
> *Sent:* Tuesday, July 26, 2016 8:18 AM
> *To:* mssms@lists.myitforum.com
> *Subject:* RE: [External] [mssms] ConfigMgr 1606 current branch available
> now
>
>
>
> I let it sit for a few hours then tried it all again and then it worked.
> Must have been having a moment…Thanks for the input.
>
>
>
> Mike L.
>
>
>
> *From:* listsad...@lists.myitforum.com [
> mailto:listsad...@lists.myitforum.com ] *On
> Behalf Of *Jason Sandys
> *Sent:* Monday, July 25, 2016 1:52 PM
> *To:* mssms@lists.myitforum.com
> *Subject:* RE: [External] [mssms] ConfigMgr 1606 current branch available
> now
>
>
>
> Are you sure it’s not installed already?
>
>
>
> Re-running the script btw won’t change anything – all that the script does
> is flip a value in the site control file.
>
>
>
> J
>
>
>
> *From:* listsad...@lists.myitforum.com [
> mailto:listsad...@lists.myitforum.com ] *On
> Behalf Of *Linkey, Mike
> *Sent:* Monday, July 25, 2016 11:31 AM
> *To:* mssms@lists.myitforum.com
> *Subject:* RE: [External] [mssms] ConfigMgr 1606 current branch available
> now
>
>
>
> Yep several times in fact.  It was there Friday, but gone today.  I see
> this in the hman.log file
>
>
>
> Configuration Manager Update
> (PackageGuid=705820EF-6982-4417-8E54-307454C9A17A) is not applicable and
> should be filtered.
>
>
>
> Don’t get why it says it is not applicable especially since I have ran
> that script at least 6 times again today.
>
>
>
> *From:* listsad...@lists.myitforum.com [
> mailto:listsad...@lists.myitforum.com ] *On
> Behalf Of *Jason Sandys
> *Sent:* Monday, July 25, 2016 9:48 AM
> *To:* mssms@lists.myitforum.com
> *Subject:* RE: [External] [mssms] ConfigMgr 1606 current branch available
> now
>
>
>
> No. Did you run the PowerShell script to opt in to the fast ring?
>
>
>
> J
>
>
>
> *From:* listsad...@lists.myitforum.com [
> mailto:listsad...@lists.myitforum.com ] *On
> Behalf Of *Linkey, Mike
> *Sent:* Monday, July 25, 2016 8:04 AM
> *To:* mssms@lists.myitforum.com
> *Subject:* RE: [External] [mssms] ConfigMgr 1606 current branch available
> now
>
>
>
> I saw this was available on Friday before I left.  Today, it is no longer
> an option for Updating.  Did it get pulled?
>
>
>
> *From:* listsad...@lists.myitforum.com [
> mailto:listsad...@lists.myitforum.com ] *On
> Behalf Of *Brian Illner
> *Sent:* Friday, July 22, 2016 11:40 AM
> *To:* mssms@lists.myitforum.com
> *Subject:* [External] [mssms] ConfigMgr 1606 current branch available now
>
>
>
>
>
> *david james (@djammmer )*
>
> 7/22/16, 12:01 PM
> 
>
> #ConfigMgr  1606
> current branch available now, for everyone. Opt into fast ring to get it
> immediately. blogs.technet.microsoft.com/enterprisemobi…
> 
>
>
>
>
>
> CONFIDENTIALITY NOTICE: The e-mail transmission (and/or the documents
> accompanying such) may contain confidential information. Such information
> is intended only for the use of the individual or entity named above. If
> you are not the named or intended recipient, you are hereby notified that
> any disclosure, copying, distribution, or the taking of any action in
> reliance on the contents of such information is strictly

RE: [mssms] SCCM and TLS 1.2

2016-07-26 Thread Mote, Todd

Just in case anybody else is wondering about TLS 1.2, SCCM and WSUS...  I moved 
my test SCCM 1606 to the OU with ONLY TLS 1.2 enabled and as I suspected, SCCM 
could not communicate with WSUS, so I unchecked the “Require SSL” box on the 
ApiRemoting30 website app in IIS.  It could communicate again.  Not feeling 
great about that, but what could I do?  Then on my way home, a colleague of 
mine sent me a link to a configuration page for Azure AD Connect and how to 
configure it to use TLS 1.2, and knowing my odyssey with TLS 1.2 thought I 
might like to see it.  And what do you know, it contained a registry setting 
for .NET Framework to make .NET use strong cryptography.  
https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-prerequisites/#enable-tls-12-for-azure-ad-connect

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 
"SchUseStrongCrypto"=dword:0001

It occurred to me that all of the calls in the errors in the WSUS console I saw 
were .NET assembly errors.  I wondered if it was .NET and not the WSUS console 
that was the issue, so I checked the box on the “APIRemoting30” website app 
back to “Require SSL”, added the above registry key, and restarted the server.  
When it came back up, the WSUS console was able to connect and it shows SSL 
over port 8531 in the WSUS console.  So it’s not the WSUS console that has the 
issue, it’s .NET Framework itself that by default doesn’t support strong 
cryptography.  By adding this key, first, one can follow the published MS 
documentation on securing WSUS with SSL and use ONLY TLS 1.2.  And consequently 
SCCM works as well with only TLS 1.2 enabled, including communicating with 
WSUS.  Seems like that little registry key might help out a lot of things, 
including PowerShell, since it’s .NET, to use TLS 1.2…

Todd

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Mote, Todd
Sent: Wednesday, July 20, 2016 11:12 PM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] SCCM and TLS 1.2

Thanks Sherry

Our security office is starting to get twitchy about everything but TLS 1.2 so 
I’ve worked out the Group Policy to turn it off and it seems to work well for 
most things.  Our WSUS adventure started with SQL 2014, we couldn’t get it all 
the way installed with only TLS 1.2 active, because TLS 1.2 wasn’t supported on 
SQL 2014 until CU 3 or 4 I think, so we had to reenable TLS 1.0, install SQL, 
install the CU then turn it back off again.  The WSUS console, and subsequently 
WSUS PowerShell, was solved by a call to MS and by unchecking the Require SSL 
box on the “APIRemoting30” Web app in IIS.  Clients connected fine and updated 
fine all along over TLS 1.2, it was only the console that couldn’t connect, so 
left WSUS working, but unmanageable.

I know we’re not supposed to monkey with the WSUS console connected to SCCM, 
but it would seem to me that one would have the same issue from the SCCM 
console since it uses the same APIs to manipulate WSUS.  Did you happen to try 
changing any of the Software Update stuff around in your testing?  I’ve 
upgraded our lab to 1602 and SQL 2012 SP3 +GDR to support TLS 1.2.  I may apply 
my GPO to it and see what happens.  Prod is slated to upgrade later this 
summer, so I wanted to work this out before then.

We don’t have anything, that I’m aware of, extra wanting at the SCCM DB.  I’ll 
have to wait and see if anybody complains when it gets turned off.  ☺

Thanks again for the reply.

Todd

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Sherry Kissinger
Sent: Wednesday, July 20, 2016 5:13 PM
To: mssms@lists.myitforum.com
Subject: Re: [mssms] SCCM and TLS 1.2

This is anecdotal; not any kind of documentation on it.  But we attempted to 
enable only TLS 1.1 and TLS 1.2 in the lab. (disable tls 1.0 and ssl3, ssl2 was 
already disabled for years) For Current Branch console connectivity (1602 at 
the time of testing, in case someone looks at this email in the future), it 
worked just fine for us.  Keep in mind we were Server12 r2 everywhere (fully 
patched), and we were at SQL 2014, latest SP, and latest cumulative update, and 
latest SNAC on any machines hosting the console and the site servers themselves.

With that said... the CONSOLE worked fine.  But as you might imagine we have a 
lot of 3rd party "things" that want to get at our data in the database.  Even 
after walking everyone through getting to the bare minimum versions of odbc 
drivers (if that's what they were using) or SQL mgmt. studio (if that's what 
they were using) and the latest SNAC; there were still let me see... 3 
different not-under-our-control-at-all external-to-us processes that "need to 
get our data" and THOSE products didn't yet support TLS 1.1 / TLS 1.2.  In 1 
case we could leave SSL 3.0 disabled, but had to enable TLS 1.0
For the other 2

Re: [mssms] Query for all Windows Servers (Virtual)

2016-07-26 Thread Sherry Kissinger

you said you wanted virtual only.

If you don't want virtuals only, then take out there where statement asking
for only %virtual%

On Tue, Jul 26, 2016 at 10:43 AM, Brian McDonald 
wrote:

> Thanks! For the physical servers, is this pulling on Windows Server too?
> --
> *From:* listsad...@lists.myitforum.com 
> on behalf of Sherry Kissinger 
> *Sent:* Tuesday, July 26, 2016 10:27:59 AM
> *To:* mssms@lists.myitforum.com
> *Subject:* Re: [mssms] Query for all Windows Servers (Virtual)
>
>
> select csys.manufacturer0, csys.model0, count(csys.model0) as 'Count'
> from v_gs_computer_system csys
> join v_gs_operating_system os on os.resourceid=csys.resourceid
> where model0 like '%virtual%'
> and os.caption0 like '%server%'
> group by csys.manufacturer0, csys.model0
> order by csys.model0
>
>
>
>
>
> On Tue, Jul 26, 2016 at 10:05 AM, Brian McDonald 
> wrote:
>
>> Hello,
>>
>>
>> I need to get a list of all virtual servers in my environment. I'm using
>> the following query:
>>
>>
>> SELECT Manufacturer0, Model0, Count(Model0) AS 'Count'
>> FROM dbo.v_GS_COMPUTER_SYSTEM
>> GROUP BY Manufacturer0,Model0
>> ORDER BY Model0
>>
>>
>> I get a list of all Physical HW, but the virtual counts I'm concerned
>> with as some VMs will have Windows Client OS installed. How can I modify
>> the above query to only get Virtual Machines with Windows Server OS? I have
>> some VMware, but predominantly Hyper-V in my environment.
>>
>>
>> Thanks,
>>
>> Brian
>>
>>
>
>
> --
> Thank you,
>
> Sherry Kissinger
>
> My Parameters:  Standardize. Simplify. Automate
> Blogs: http://www.mofmaster.com, http://mnscug.org/blogs/sherry-kissinger,
> http://www.smguru.org
>
>
>


-- 
Thank you,

Sherry Kissinger

My Parameters:  Standardize. Simplify. Automate
Blogs: http://www.mofmaster.com, http://mnscug.org/blogs/sherry-kissinger,
http://www.smguru.org

Re: [mssms] Query for all Windows Servers (Virtual)

2016-07-26 Thread Brian McDonald

Thanks! For the physical servers, is this pulling on Windows Server too?

From: listsad...@lists.myitforum.com  on behalf 
of Sherry Kissinger 
Sent: Tuesday, July 26, 2016 10:27:59 AM
To: mssms@lists.myitforum.com
Subject: Re: [mssms] Query for all Windows Servers (Virtual)

select csys.manufacturer0, csys.model0, count(csys.model0) as 'Count'
from v_gs_computer_system csys
join v_gs_operating_system os on os.resourceid=csys.resourceid
where model0 like '%virtual%'
and os.caption0 like '%server%'
group by csys.manufacturer0, csys.model0
order by csys.model0

On Tue, Jul 26, 2016 at 10:05 AM, Brian McDonald 
> wrote:

Hello,

I need to get a list of all virtual servers in my environment. I'm using the 
following query:

SELECT Manufacturer0, Model0, Count(Model0) AS 'Count'
FROM dbo.v_GS_COMPUTER_SYSTEM
GROUP BY Manufacturer0,Model0
ORDER BY Model0

I get a list of all Physical HW, but the virtual counts I'm concerned with as 
some VMs will have Windows Client OS installed. How can I modify the above 
query to only get Virtual Machines with Windows Server OS? I have some VMware, 
but predominantly Hyper-V in my environment.

Thanks,

Brian

--
Thank you,

Sherry Kissinger

My Parameters:  Standardize. Simplify. Automate
Blogs: http://www.mofmaster.com, http://mnscug.org/blogs/sherry-kissinger, 
http://www.smguru.org

Re: [External] [mssms] ConfigMgr 1606 current branch available now

2016-07-26 Thread Sherry Kissinger

I don't *know* anything.  But my understanding is you would upgrade to
1511, and then go to 1606.  When we went to 1602 (from 2012 r2); we did
1511 on a Friday, 1602 on Saturday.  We COULD have just kept going Friday
and been done by midnight.  It really was that easy (even considering how
big our databases are).  But well... it was Friday.  and we had planned for
it to take all weekend "just in case".  So we left it to sit and simmer
overnight mostly because it was wine o'clock, and we could.  Other than the
site servers (which went to 1511, then 1602 as a client); no other clients
went to 1511 first, then 1602.  Clients for version went from 2012 r2
client to 1602.

You may want to do that (I'm guessing) similarly; if only because the bits
need to download to go from 1511 to the next one.

On Tue, Jul 26, 2016 at 10:08 AM, Brian Illner 
wrote:

> We’re going to be upgrading our SCCM environment before too long.
>
>
>
> Does anyone know if MS plans to make a new downloadable ISO for this build?
>
>
>
> Or will we still have to upgrade to 1511 and then apply the updated builds?
>
>
>
> *BRIAN* *ILLNER |* Canal Insurance Company
> 864.250.9227
> 864.679.2537 Fax
>
> Visit canalinsurance.com for news and information.
>
> *WARNING*:  *As the information in this transmittal (including
> attachments, if any) may contain confidential, proprietary, or business
> trade secret information, it should only be reviewed by those who are the
> intended recipients.  Unless you are an intended recipient, any review,
> use, disclosure, distribution or copying of this transmittal (or any
> attachments) is strictly prohibited.   If you have received this
> transmittal in error, please notify me immediately by reply email and
> destroy all copies of the transmittal.  While Canal believes this
> transmittal to be free of virus or other defect, it is the responsibility
> of the recipient to ensure that it is virus free and no responsibility is
> accepted by Canal (or its subsidiaries and affiliates) for any loss or
> damage arising therefrom.*
>
> *From:* listsad...@lists.myitforum.com [mailto:
> listsad...@lists.myitforum.com] *On Behalf Of *Linkey, Mike
> *Sent:* Tuesday, July 26, 2016 8:18 AM
>
> *To:* mssms@lists.myitforum.com
> *Subject:* RE: [External] [mssms] ConfigMgr 1606 current branch available
> now
>
>
>
> I let it sit for a few hours then tried it all again and then it worked.
> Must have been having a moment…Thanks for the input.
>
>
>
> Mike L.
>
>
>
> *From:* listsad...@lists.myitforum.com [
> mailto:listsad...@lists.myitforum.com ] *On
> Behalf Of *Jason Sandys
> *Sent:* Monday, July 25, 2016 1:52 PM
> *To:* mssms@lists.myitforum.com
> *Subject:* RE: [External] [mssms] ConfigMgr 1606 current branch available
> now
>
>
>
> Are you sure it’s not installed already?
>
>
>
> Re-running the script btw won’t change anything – all that the script does
> is flip a value in the site control file.
>
>
>
> J
>
>
>
> *From:* listsad...@lists.myitforum.com [
> mailto:listsad...@lists.myitforum.com ] *On
> Behalf Of *Linkey, Mike
> *Sent:* Monday, July 25, 2016 11:31 AM
> *To:* mssms@lists.myitforum.com
> *Subject:* RE: [External] [mssms] ConfigMgr 1606 current branch available
> now
>
>
>
> Yep several times in fact.  It was there Friday, but gone today.  I see
> this in the hman.log file
>
>
>
> Configuration Manager Update
> (PackageGuid=705820EF-6982-4417-8E54-307454C9A17A) is not applicable and
> should be filtered.
>
>
>
> Don’t get why it says it is not applicable especially since I have ran
> that script at least 6 times again today.
>
>
>
> *From:* listsad...@lists.myitforum.com [
> mailto:listsad...@lists.myitforum.com ] *On
> Behalf Of *Jason Sandys
> *Sent:* Monday, July 25, 2016 9:48 AM
> *To:* mssms@lists.myitforum.com
> *Subject:* RE: [External] [mssms] ConfigMgr 1606 current branch available
> now
>
>
>
> No. Did you run the PowerShell script to opt in to the fast ring?
>
>
>
> J
>
>
>
> *From:* listsad...@lists.myitforum.com [
> mailto:listsad...@lists.myitforum.com ] *On
> Behalf Of *Linkey, Mike
> *Sent:* Monday, July 25, 2016 8:04 AM
> *To:* mssms@lists.myitforum.com
> *Subject:* RE: [External] [mssms] ConfigMgr 1606 current branch available
> now
>
>
>
> I saw this was available on Friday before I left.  Today, it is no longer
> an option for Updating.  Did it get pulled?
>
>
>
> *From:* listsad...@lists.myitforum.com [
> mailto:listsad...@lists.myitforum.com ] *On
> Behalf Of *Brian Illner
> *Sent:* Friday, July 22, 2016 11:40 AM
> *To:* mssms@lists.myitforum.com
> *Subject:* [External] [mssms] ConfigMgr 1606 current branch available now
>
>
>
>
>
> *david james (@djammmer )*
>
> 7/22/16, 12:01 PM
> 
>

Re: [mssms] Query for all Windows Servers (Virtual)

2016-07-26 Thread Sherry Kissinger

select csys.manufacturer0, csys.model0, count(csys.model0) as 'Count'
from v_gs_computer_system csys
join v_gs_operating_system os on os.resourceid=csys.resourceid
where model0 like '%virtual%'
and os.caption0 like '%server%'
group by csys.manufacturer0, csys.model0
order by csys.model0





On Tue, Jul 26, 2016 at 10:05 AM, Brian McDonald 
wrote:

> Hello,
>
>
> I need to get a list of all virtual servers in my environment. I'm using
> the following query:
>
>
> SELECT Manufacturer0, Model0, Count(Model0) AS 'Count'
> FROM dbo.v_GS_COMPUTER_SYSTEM
> GROUP BY Manufacturer0,Model0
> ORDER BY Model0
>
>
> I get a list of all Physical HW, but the virtual counts I'm concerned with
> as some VMs will have Windows Client OS installed. How can I modify the
> above query to only get Virtual Machines with Windows Server OS? I have
> some VMware, but predominantly Hyper-V in my environment.
>
>
> Thanks,
>
> Brian
>
>


-- 
Thank you,

Sherry Kissinger

My Parameters:  Standardize. Simplify. Automate
Blogs: http://www.mofmaster.com, http://mnscug.org/blogs/sherry-kissinger,
http://www.smguru.org

RE: [External] [mssms] ConfigMgr 1606 current branch available now

2016-07-26 Thread Brian Illner

We’re going to be upgrading our SCCM environment before too long.

Does anyone know if MS plans to make a new downloadable ISO for this build?

Or will we still have to upgrade to 1511 and then apply the updated builds?

BRIAN ILLNER | Canal Insurance Company
864.250.9227
864.679.2537 Fax
Visit canalinsurance.com for news and information.
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Linkey, Mike
Sent: Tuesday, July 26, 2016 8:18 AM
To: mssms@lists.myitforum.com
Subject: RE: [External] [mssms] ConfigMgr 1606 current branch available now

I let it sit for a few hours then tried it all again and then it worked.  Must 
have been having a moment…Thanks for the input.

Mike L.

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jason Sandys
Sent: Monday, July 25, 2016 1:52 PM
To: mssms@lists.myitforum.com
Subject: RE: [External] [mssms] ConfigMgr 1606 current branch available now

Are you sure it’s not installed already?

Re-running the script btw won’t change anything – all that the script does is 
flip a value in the site control file.

J

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Linkey, Mike
Sent: Monday, July 25, 2016 11:31 AM
To: mssms@lists.myitforum.com
Subject: RE: [External] [mssms] ConfigMgr 1606 current branch available now

Yep several times in fact.  It was there Friday, but gone today.  I see this in 
the hman.log file

Configuration Manager Update (PackageGuid=705820EF-6982-4417-8E54-307454C9A17A) 
is not applicable and should be filtered.

Don’t get why it says it is not applicable especially since I have ran that 
script at least 6 times again today.

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jason Sandys
Sent: Monday, July 25, 2016 9:48 AM
To: mssms@lists.myitforum.com
Subject: RE: [External] [mssms] ConfigMgr 1606 current branch available now

No. Did you run the PowerShell script to opt in to the fast ring?

J

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Linkey, Mike
Sent: Monday, July 25, 2016 8:04 AM
To: mssms@lists.myitforum.com
Subject: RE: [External] [mssms] ConfigMgr 1606 current branch available now

I saw this was available on Friday before I left.  Today, it is no longer an 
option for Updating.  Did it get pulled?

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Brian Illner
Sent: Friday, July 22, 2016 11:40 AM
To: mssms@lists.myitforum.com
Subject: [External] [mssms] ConfigMgr 1606 current branch available now


[https://abs.twimg.com/sticky/default_profile_images/default_profile_6_normal.png]

david james (@djammmer)

7/22/16, 12:01 
PM
#ConfigMgr 1606 current 
branch available now, for everyone. Opt into fast ring to get it immediately. 
blogs.technet.microsoft.com/enterprisemobi…



CONFIDENTIALITY NOTICE: The e-mail transmission (and/or the documents 
accompanying such) may contain confidential information. Such information is 
intended only for the use of the individual or entity named above. If you are 
not the named or intended recipient, you are hereby notified that any 
disclosure, copying, distribution, or the taking of any action in reliance on 
the contents of such information is strictly prohibited. If you have received 
this email in error, please notify the sender and then delete the email. Thank 
you for your cooperation.


CONFIDENTIALITY NOTICE: The e-mail transmission (and/or the documents 
accompanying such) may contain confidential

[mssms] Query for all Windows Servers (Virtual)

2016-07-26 Thread Brian McDonald

Hello,


I need to get a list of all virtual servers in my environment. I'm using the 
following query:


SELECT Manufacturer0, Model0, Count(Model0) AS 'Count'
FROM dbo.v_GS_COMPUTER_SYSTEM
GROUP BY Manufacturer0,Model0
ORDER BY Model0


I get a list of all Physical HW, but the virtual counts I'm concerned with as 
some VMs will have Windows Client OS installed. How can I modify the above 
query to only get Virtual Machines with Windows Server OS? I have some VMware, 
but predominantly Hyper-V in my environment.


Thanks,

Brian

[mssms] AMT/OOBM

2016-07-26 Thread Adam Juelich

Hello,

Just curious how people are handling this in Current Branch?  My
understanding is that it will carry over some features when doing an
upgrade but a fresh install will not allow you to set this up.  Is this in
the pipeline or have others looked into other options like 1E NightWatchman?

Thanks!

[mssms] RE: Piping from GWMI to SWMI

2016-07-26 Thread Andreas Hammarskjöld

Yes, I made a typo, gwmi is Get-WMIObject not Get-WMIInstance!

But yes, might try Set-CIMInstance...

//A

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Andrew Craig
Sent: den 26 juli 2016 10:15
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Piping from GWMI to SWMI

New-Alias gwmi Get-CIMInstance -Force
New-Alias swmi Set-CIMInstance -Force

:)

From: Andrew Craig
Sent: 26 July 2016 10:10
To: 'mssms@lists.myitforum.com' 
>
Subject: RE: Piping from GWMI to SWMI

gwmi is Get-WMIObject not Get-WMIInstance. And then gwmi was superseded in 3.0 
by Get-CIMInstance which I completely missed

swmi is also replaced anyway in 3.0 by CIMInstance cmdlets.

So, what about Get-CIMInstance | Set-CIMInstance?? That should work for you, 
these are definitely pipeline aware.

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Andreas Hammarskjöld
Sent: 26 July 2016 08:45
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Piping from GWMI to SWMI

People...

PS C:\> swmi

cmdlet Set-WmiInstance at command pipeline position 1
Supply values for the following parameters:
Class: PS C:\>

Ok, so gwmi is Guess what. Get-WMIInstance. Just us flatpack IKEA swedes 
using short commands...

The problem is not that I can't pipe to SWMI, that part works fine. But I don't 
seem to be able to access properties directly. I guess it's down to PS 
funniness.

So this doesn't work, get the object name instead:

PS C:\> $locs = gwmi -namespace root\StifleR -Query "Select * from Subnets" ; 
foreach ($loc in $locs) { $bepa = "Location with $loc.subnetID" ; swmi -path 
$loc.path -Arguments @{LocationName=$bepa}}

But this does:

PS C:\> $locs = gwmi -namespace root\StifleR -Query "Select * from Subnets" ; 
foreach ($loc in $locs) { $bepa = $loc.subnetID ; $bepa = "Location with ip 
$bepa" ; swmi -path $loc.path -Arguments @{LocationName=$bepa}}

But was really hoping for, but this just returnes null:

gwmi -namespace root\StifleR -Query "Select * from Subnets" | swmi -path 
$loc.path -Arguments @{LocationName="Location with ip $_.subnetID"}

//A

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Michael Niehaus
Sent: den 26 juli 2016 07:58
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Piping from GWMI to SWMI

Can you use Get-WMIInstance and Set-WMIInstance?  Set-WMIInstance indicates 
that it can take a management object from the pipeline.

Thanks,
-Michael

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Andrew Craig
Sent: Monday, July 25, 2016 12:50 PM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Piping from GWMI to SWMI

SWMI does not accept pipeline input

At least that is my understanding.

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Andreas Hammarskjöld
Sent: 25 July 2016 20:54
To: mssms@lists.myitforum.com
Subject: [mssms] Piping from GWMI to SWMI

So in PowerShell, when piping from GWMI to SWMI can I access properties from 
the GWMI object like with $_.?

Example of what I am trying to do:

GWMI -query "select * from stuff" | SWMI @{Value= $_.Value + 10}

Or is that not possible, obviously not working for me...

Regards,
Andreas Hammarskjöld

Co-Founder & Dev Guy
Skunkworks Division
2Pint Software

Mobile: +46 727 253995
andr...@2pintsoftware.com
https://twitter.com/AndHammarskjold

[mssms] RE: Scripting - Pwr Shell AD Attributes

2016-07-26 Thread Enley, Carl

I am not sure? So I can query AD and get a phone extension and update a 
configuration file using GPP? I know I can use it to copy the files to the user 
directory but I already have that worked out, I need a way to export the AD 
information and write it to the configuration file. I think the delivery method 
of that file to the users machine can be either GPP or SCCM etc...

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Andrew Craig
Sent: Tuesday, July 26, 2016 9:01 AM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Scripting - Pwr Shell AD Attributes

Could you not use Group Policy Preferences for this?

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Enley, Carl
Sent: 26 July 2016 14:30
To: mssms@lists.myitforum.com
Subject: [mssms] Scripting - Pwr Shell AD Attributes

I am posting to see if any of you folks have done what I am trying to do and 
can offer any tips or advice. -

Deploying Avaya soft phone package to my end users - package, install 
etc...everything is fine and works great no problem there. There is a config 
file in %username%\appdata\Roaming\Avaya\etc... that stores the server name, 
sip information and a few other static values. I have no problem updating that 
file and copying it to that location during the package deployment but there is 
one user configured setting that is not static and I cannot set it during 
deployment and that is the users phone extension. Obviously every user has a 
unique phone extension so the information is different for each user that 
installs the package, it is easy enough to have them fill in the information 
when the application is launched BUT I like to automate stuff if at all 
possible. :)

So here is my question...is it possible that during the install of the package 
maybe as a dependency (this is how I am copying the config files to the user 
directory - package installs as "system" file copy as "user") I could have a 
PowerShell script that queries AD for the phone extension of the logged on user 
and inserts it into the config file? Has anyone written a script to query AD 
attributes and insert them into a text file replacing a current value?

Thanks for any tips / advice.

[mssms] RE: Scripting - Pwr Shell AD Attributes

2016-07-26 Thread Andrew Craig

Could you not use Group Policy Preferences for this?

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Enley, Carl
Sent: 26 July 2016 14:30
To: mssms@lists.myitforum.com
Subject: [mssms] Scripting - Pwr Shell AD Attributes

I am posting to see if any of you folks have done what I am trying to do and 
can offer any tips or advice. -

Deploying Avaya soft phone package to my end users - package, install 
etc...everything is fine and works great no problem there. There is a config 
file in %username%\appdata\Roaming\Avaya\etc... that stores the server name, 
sip information and a few other static values. I have no problem updating that 
file and copying it to that location during the package deployment but there is 
one user configured setting that is not static and I cannot set it during 
deployment and that is the users phone extension. Obviously every user has a 
unique phone extension so the information is different for each user that 
installs the package, it is easy enough to have them fill in the information 
when the application is launched BUT I like to automate stuff if at all 
possible. :)

So here is my question...is it possible that during the install of the package 
maybe as a dependency (this is how I am copying the config files to the user 
directory - package installs as "system" file copy as "user") I could have a 
PowerShell script that queries AD for the phone extension of the logged on user 
and inserts it into the config file? Has anyone written a script to query AD 
attributes and insert them into a text file replacing a current value?

Thanks for any tips / advice.

[mssms] RE: Enable command support using prestart command?

2016-07-26 Thread Andrew Craig

Yep, what Rich said, also in the same folder as TSBootShell.exe i.e. 
\sms\bin\x64\ or x86 is a TSBootShell.ini which contains:
[Shell]
EnableDebugShell=True

But I think this setting is loaded before the prestart...

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Mawdsley R.
Sent: 26 July 2016 14:00
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Enable command support using prestart command?

This may or may not be useful information..

On MDT boot images, the option for F8 cmd support is set in this file in the 
wim:   *\Windows\System32\winpeshl.ini

Where the following is with F8 support

[LaunchApps]
%SYSTEMROOT%\System32\bddrun.exe,/bootstrap

And this without:

[LaunchApps]
%SYSTEMROOT%\System32\bddrun.exe,/BootstrapNoSF8

Now taking a quick look at my SCCM bootimage which has F8 enabled, the file 
exists, but it's content is different;

[LaunchApps]
%SYSTEMDRIVE%\sms\bin\x64\TsBootShell.exe

I don't have an SCCM bootimage to hand with it disabled..

But, maybe that line of text may have something different on it if it's 
disabled, and maybe changing it at the point you say will re-enable it... maybe 
not.

Might give you something to look at if nothing else :)

Rich Mawdsley


From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Andrew Craig
Sent: 26 July 2016 12:23
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Enable command support using prestart command?

Don't think so.

The boot image is already loaded when the prestart runs.

I would look at creating a second task sequence with a second boot image 
associated to it. The second image having cmd support.

You have an authentication in the wizard already, is this the UDI wizard?
If you can create a prestart with access to this token then you could specify 
the task sequence to be run using the SMSTSPreferredAdvertID variable.

If the TS has a different boot image associated it will redownload and reapply 
this other boot image.

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Dave West
Sent: 26 July 2016 11:22
To: mssms@lists.myitforum.com; 
mdt...@lists.myitforum.com
Subject: [mssms] Enable command support using prestart command?

I am wondering if anyone knows a way of enabling command support in WinPE on 
the fly using the prestart command?

The reason is that we have PXE enabled and as PXE does not require a password 
to boot (although we do require a BIOS password to boot from anything other 
than local disk) we don't want to enable command support in the PXE boot image 
as this could allow unauthorised access to the file system.

We are using the prestart command to run bginfo to display the system and 
network information and I notice that the prestart command is only initiated 
after the password is entered into the OSD wizard.

I was thinking we could use this 'authentication' to also enable the command 
support after the wizard password has been entered as it is very useful for our 
support engineers to have command line access.

P.S. I don't want to simply launch a command prompt as the support engineers 
will need to remember to close it otherwise WinPE will not reboot, we just want 
the 'F8' option enabled on the fly.

Any thoughts would be appreciated.

Dave West
Senior Operations Analyst

Technology and Information Services | 1 Kirkby Place | Plymouth University | 
Drake Circus | Plymouth | PL4 8AA | UK
Tel: 01752 587247 | Email: 
dave.w...@plymouth.ac.uk


[http://www.plymouth.ac.uk/images/email_footer.gif]

This email and any files with it are confidential and intended solely for the 
use of the recipient to whom it is addressed. If you are not the intended 
recipient then copying, distribution or other use of the information contained 
is strictly prohibited and you should not rely on it. If you have received this 
email in error please let the sender know immediately and delete it from your 
system(s). Internet emails are not necessarily secure. While we take every 
care, Plymouth University accepts no responsibility for viruses and it is your 
responsibility to scan emails and their attachments. Plymouth University does 
not accept responsibility for any changes made after it was sent. Nothing in 
this email or its attachments constitutes an order for goods or services unless 
accompanied by an official order form.

[mssms] Scripting - Pwr Shell AD Attributes

2016-07-26 Thread Enley, Carl

I am posting to see if any of you folks have done what I am trying to do and 
can offer any tips or advice. -

Deploying Avaya soft phone package to my end users - package, install 
etc...everything is fine and works great no problem there. There is a config 
file in %username%\appdata\Roaming\Avaya\etc... that stores the server name, 
sip information and a few other static values. I have no problem updating that 
file and copying it to that location during the package deployment but there is 
one user configured setting that is not static and I cannot set it during 
deployment and that is the users phone extension. Obviously every user has a 
unique phone extension so the information is different for each user that 
installs the package, it is easy enough to have them fill in the information 
when the application is launched BUT I like to automate stuff if at all 
possible. :)

So here is my question...is it possible that during the install of the package 
maybe as a dependency (this is how I am copying the config files to the user 
directory - package installs as "system" file copy as "user") I could have a 
PowerShell script that queries AD for the phone extension of the logged on user 
and inserts it into the config file? Has anyone written a script to query AD 
attributes and insert them into a text file replacing a current value?

Thanks for any tips / advice.

[mssms] RE: Piping from GWMI to SWMI

2016-07-26 Thread Andrew Craig

gwmi is Get-WMIObject not Get-WMIInstance. And then gwmi was superseded in 3.0 
by Get-CIMInstance which I completely missed

swmi is also replaced anyway in 3.0 by CIMInstance cmdlets.

So, what about Get-CIMInstance | Set-CIMInstance?? That should work for you, 
these are definitely pipeline aware.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Andreas Hammarskjöld
Sent: 26 July 2016 08:45
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Piping from GWMI to SWMI

People...

PS C:\> swmi

cmdlet Set-WmiInstance at command pipeline position 1
Supply values for the following parameters:
Class: PS C:\>

Ok, so gwmi is Guess what. Get-WMIInstance. Just us flatpack IKEA swedes 
using short commands...

The problem is not that I can't pipe to SWMI, that part works fine. But I don't 
seem to be able to access properties directly. I guess it's down to PS 
funniness.

So this doesn't work, get the object name instead:

PS C:\> $locs = gwmi -namespace root\StifleR -Query "Select * from Subnets" ; 
foreach ($loc in $locs) { $bepa = "Location with $loc.subnetID" ; swmi -path 
$loc.path -Arguments @{LocationName=$bepa}}

But this does:

PS C:\> $locs = gwmi -namespace root\StifleR -Query "Select * from Subnets" ; 
foreach ($loc in $locs) { $bepa = $loc.subnetID ; $bepa = "Location with ip 
$bepa" ; swmi -path $loc.path -Arguments @{LocationName=$bepa}}

But was really hoping for, but this just returnes null:

gwmi -namespace root\StifleR -Query "Select * from Subnets" | swmi -path 
$loc.path -Arguments @{LocationName="Location with ip $_.subnetID"}

//A

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Michael Niehaus
Sent: den 26 juli 2016 07:58
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Piping from GWMI to SWMI

Can you use Get-WMIInstance and Set-WMIInstance?  Set-WMIInstance indicates 
that it can take a management object from the pipeline.

Thanks,
-Michael

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Andrew Craig
Sent: Monday, July 25, 2016 12:50 PM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Piping from GWMI to SWMI

SWMI does not accept pipeline input

At least that is my understanding.

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Andreas Hammarskjöld
Sent: 25 July 2016 20:54
To: mssms@lists.myitforum.com
Subject: [mssms] Piping from GWMI to SWMI

So in PowerShell, when piping from GWMI to SWMI can I access properties from 
the GWMI object like with $_.?

Example of what I am trying to do:

GWMI -query "select * from stuff" | SWMI @{Value= $_.Value + 10}

Or is that not possible, obviously not working for me...

Regards,
Andreas Hammarskjöld

Co-Founder & Dev Guy
Skunkworks Division
2Pint Software

Mobile: +46 727 253995
andr...@2pintsoftware.com
https://twitter.com/AndHammarskjold

RE: [External] [mssms] ConfigMgr 1606 current branch available now

2016-07-26 Thread Linkey, Mike

I let it sit for a few hours then tried it all again and then it worked.  Must 
have been having a moment…Thanks for the input.

Mike L.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Jason Sandys
Sent: Monday, July 25, 2016 1:52 PM
To: mssms@lists.myitforum.com
Subject: RE: [External] [mssms] ConfigMgr 1606 current branch available now

Are you sure it’s not installed already?

Re-running the script btw won’t change anything – all that the script does is 
flip a value in the site control file.

J

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Linkey, Mike
Sent: Monday, July 25, 2016 11:31 AM
To: mssms@lists.myitforum.com
Subject: RE: [External] [mssms] ConfigMgr 1606 current branch available now

Yep several times in fact.  It was there Friday, but gone today.  I see this in 
the hman.log file

Configuration Manager Update (PackageGuid=705820EF-6982-4417-8E54-307454C9A17A) 
is not applicable and should be filtered.

Don’t get why it says it is not applicable especially since I have ran that 
script at least 6 times again today.

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jason Sandys
Sent: Monday, July 25, 2016 9:48 AM
To: mssms@lists.myitforum.com
Subject: RE: [External] [mssms] ConfigMgr 1606 current branch available now

No. Did you run the PowerShell script to opt in to the fast ring?

J

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Linkey, Mike
Sent: Monday, July 25, 2016 8:04 AM
To: mssms@lists.myitforum.com
Subject: RE: [External] [mssms] ConfigMgr 1606 current branch available now

I saw this was available on Friday before I left.  Today, it is no longer an 
option for Updating.  Did it get pulled?

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Brian Illner
Sent: Friday, July 22, 2016 11:40 AM
To: mssms@lists.myitforum.com
Subject: [External] [mssms] ConfigMgr 1606 current branch available now

[https://abs.twimg.com/sticky/default_profile_images/default_profile_6_normal.png]

david james (@djammmer)

7/22/16, 12:01 PM
#ConfigMgr 1606 current branch 
available now, for everyone. Opt into fast ring to get it immediately. 
blogs.technet.microsoft.com/enterprisemobi…

CONFIDENTIALITY NOTICE: The e-mail transmission (and/or the documents 
accompanying such) may contain confidential information. Such information is 
intended only for the use of the individual or entity named above. If you are 
not the named or intended recipient, you are hereby notified that any 
disclosure, copying, distribution, or the taking of any action in reliance on 
the contents of such information is strictly prohibited. If you have received 
this email in error, please notify the sender and then delete the email. Thank 
you for your cooperation.

CONFIDENTIALITY NOTICE: The e-mail transmission (and/or the documents 
accompanying such) may contain confidential information. Such information is 
intended only for the use of the individual or entity named above. If you are 
not the named or intended recipient, you are hereby notified that any 
disclosure, copying, distribution, or the taking of any action in reliance on 
the contents of such information is strictly prohibited. If you have received 
this email in error, please notify the sender and then delete the email. Thank 
you for your cooperation.

CONFIDENTIALITY NOTICE: The e-mail transmission (and/or the documents 
accompanying such) may contain confidential information. Such information is 
intended only for the use of the individual or entity named above. If you are 
not the named or intended recipient, you are hereby notified that any 
disclosure, copying, distribution, or the taking of any action in reliance on 
the contents of such information is strictly prohibited. If you have received 
this email in error, please notify the sender and then delete the email. Thank 
you for your cooperation.

[mssms] RE: Enable command support using prestart command?

2016-07-26 Thread Mawdsley R.

This may or may not be useful information..

On MDT boot images, the option for F8 cmd support is set in this file in the 
wim:   *\Windows\System32\winpeshl.ini

Where the following is with F8 support

[LaunchApps]
%SYSTEMROOT%\System32\bddrun.exe,/bootstrap

And this without:

[LaunchApps]
%SYSTEMROOT%\System32\bddrun.exe,/BootstrapNoSF8

Now taking a quick look at my SCCM bootimage which has F8 enabled, the file 
exists, but it's content is different;

[LaunchApps]
%SYSTEMDRIVE%\sms\bin\x64\TsBootShell.exe

I don't have an SCCM bootimage to hand with it disabled..

But, maybe that line of text may have something different on it if it's 
disabled, and maybe changing it at the point you say will re-enable it... maybe 
not.

Might give you something to look at if nothing else :)

Rich Mawdsley


From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Andrew Craig
Sent: 26 July 2016 12:23
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Enable command support using prestart command?

Don't think so.

The boot image is already loaded when the prestart runs.

I would look at creating a second task sequence with a second boot image 
associated to it. The second image having cmd support.

You have an authentication in the wizard already, is this the UDI wizard?
If you can create a prestart with access to this token then you could specify 
the task sequence to be run using the SMSTSPreferredAdvertID variable.

If the TS has a different boot image associated it will redownload and reapply 
this other boot image.

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Dave West
Sent: 26 July 2016 11:22
To: mssms@lists.myitforum.com; 
mdt...@lists.myitforum.com
Subject: [mssms] Enable command support using prestart command?

I am wondering if anyone knows a way of enabling command support in WinPE on 
the fly using the prestart command?

The reason is that we have PXE enabled and as PXE does not require a password 
to boot (although we do require a BIOS password to boot from anything other 
than local disk) we don't want to enable command support in the PXE boot image 
as this could allow unauthorised access to the file system.

We are using the prestart command to run bginfo to display the system and 
network information and I notice that the prestart command is only initiated 
after the password is entered into the OSD wizard.

I was thinking we could use this 'authentication' to also enable the command 
support after the wizard password has been entered as it is very useful for our 
support engineers to have command line access.

P.S. I don't want to simply launch a command prompt as the support engineers 
will need to remember to close it otherwise WinPE will not reboot, we just want 
the 'F8' option enabled on the fly.

Any thoughts would be appreciated.

Dave West
Senior Operations Analyst

Technology and Information Services | 1 Kirkby Place | Plymouth University | 
Drake Circus | Plymouth | PL4 8AA | UK
Tel: 01752 587247 | Email: 
dave.w...@plymouth.ac.uk


[http://www.plymouth.ac.uk/images/email_footer.gif]

This email and any files with it are confidential and intended solely for the 
use of the recipient to whom it is addressed. If you are not the intended 
recipient then copying, distribution or other use of the information contained 
is strictly prohibited and you should not rely on it. If you have received this 
email in error please let the sender know immediately and delete it from your 
system(s). Internet emails are not necessarily secure. While we take every 
care, Plymouth University accepts no responsibility for viruses and it is your 
responsibility to scan emails and their attachments. Plymouth University does 
not accept responsibility for any changes made after it was sent. Nothing in 
this email or its attachments constitutes an order for goods or services unless 
accompanied by an official order form.

[mssms] RE: Enable command support using prestart command?

2016-07-26 Thread Andrew Craig

Don't think so.

The boot image is already loaded when the prestart runs.

I would look at creating a second task sequence with a second boot image 
associated to it. The second image having cmd support.

You have an authentication in the wizard already, is this the UDI wizard?
If you can create a prestart with access to this token then you could specify 
the task sequence to be run using the SMSTSPreferredAdvertID variable.

If the TS has a different boot image associated it will redownload and reapply 
this other boot image.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Dave West
Sent: 26 July 2016 11:22
To: mssms@lists.myitforum.com; mdt...@lists.myitforum.com
Subject: [mssms] Enable command support using prestart command?

I am wondering if anyone knows a way of enabling command support in WinPE on 
the fly using the prestart command?

The reason is that we have PXE enabled and as PXE does not require a password 
to boot (although we do require a BIOS password to boot from anything other 
than local disk) we don't want to enable command support in the PXE boot image 
as this could allow unauthorised access to the file system.

We are using the prestart command to run bginfo to display the system and 
network information and I notice that the prestart command is only initiated 
after the password is entered into the OSD wizard.

I was thinking we could use this 'authentication' to also enable the command 
support after the wizard password has been entered as it is very useful for our 
support engineers to have command line access.

P.S. I don't want to simply launch a command prompt as the support engineers 
will need to remember to close it otherwise WinPE will not reboot, we just want 
the 'F8' option enabled on the fly.

Any thoughts would be appreciated.

Dave West
Senior Operations Analyst

Technology and Information Services | 1 Kirkby Place | Plymouth University | 
Drake Circus | Plymouth | PL4 8AA | UK
Tel: 01752 587247 | Email: 
dave.w...@plymouth.ac.uk


[http://www.plymouth.ac.uk/images/email_footer.gif]

This email and any files with it are confidential and intended solely for the 
use of the recipient to whom it is addressed. If you are not the intended 
recipient then copying, distribution or other use of the information contained 
is strictly prohibited and you should not rely on it. If you have received this 
email in error please let the sender know immediately and delete it from your 
system(s). Internet emails are not necessarily secure. While we take every 
care, Plymouth University accepts no responsibility for viruses and it is your 
responsibility to scan emails and their attachments. Plymouth University does 
not accept responsibility for any changes made after it was sent. Nothing in 
this email or its attachments constitutes an order for goods or services unless 
accompanied by an official order form.

[mssms] Enable command support using prestart command?

2016-07-26 Thread Dave West

I am wondering if anyone knows a way of enabling command support in WinPE on 
the fly using the prestart command?

The reason is that we have PXE enabled and as PXE does not require a password 
to boot (although we do require a BIOS password to boot from anything other 
than local disk) we don't want to enable command support in the PXE boot image 
as this could allow unauthorised access to the file system.

We are using the prestart command to run bginfo to display the system and 
network information and I notice that the prestart command is only initiated 
after the password is entered into the OSD wizard.

I was thinking we could use this 'authentication' to also enable the command 
support after the wizard password has been entered as it is very useful for our 
support engineers to have command line access.

P.S. I don't want to simply launch a command prompt as the support engineers 
will need to remember to close it otherwise WinPE will not reboot, we just want 
the 'F8' option enabled on the fly.

Any thoughts would be appreciated.

Dave West
Senior Operations Analyst

Technology and Information Services | 1 Kirkby Place | Plymouth University | 
Drake Circus | Plymouth | PL4 8AA | UK
Tel: 01752 587247 | Email: 
dave.w...@plymouth.ac.uk


[http://www.plymouth.ac.uk/images/email_footer.gif]

This email and any files with it are confidential and intended solely for the 
use of the recipient to whom it is addressed. If you are not the intended 
recipient then copying, distribution or other use of the information contained 
is strictly prohibited and you should not rely on it. If you have received this 
email in error please let the sender know immediately and delete it from your 
system(s). Internet emails are not necessarily secure. While we take every 
care, Plymouth University accepts no responsibility for viruses and it is your 
responsibility to scan emails and their attachments. Plymouth University does 
not accept responsibility for any changes made after it was sent. Nothing in 
this email or its attachments constitutes an order for goods or services unless 
accompanied by an official order form.

[mssms] RE: Piping from GWMI to SWMI

2016-07-26 Thread Andrew Craig

New-Alias gwmi Get-CIMInstance -Force
New-Alias swmi Set-CIMInstance -Force

:)

From: Andrew Craig
Sent: 26 July 2016 10:10
To: 'mssms@lists.myitforum.com' 
Subject: RE: Piping from GWMI to SWMI

gwmi is Get-WMIObject not Get-WMIInstance. And then gwmi was superseded in 3.0 
by Get-CIMInstance which I completely missed

swmi is also replaced anyway in 3.0 by CIMInstance cmdlets.

So, what about Get-CIMInstance | Set-CIMInstance?? That should work for you, 
these are definitely pipeline aware.

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Andreas Hammarskjöld
Sent: 26 July 2016 08:45
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Piping from GWMI to SWMI

People...

PS C:\> swmi

cmdlet Set-WmiInstance at command pipeline position 1
Supply values for the following parameters:
Class: PS C:\>

Ok, so gwmi is Guess what. Get-WMIInstance. Just us flatpack IKEA swedes 
using short commands...

The problem is not that I can't pipe to SWMI, that part works fine. But I don't 
seem to be able to access properties directly. I guess it's down to PS 
funniness.

So this doesn't work, get the object name instead:

PS C:\> $locs = gwmi -namespace root\StifleR -Query "Select * from Subnets" ; 
foreach ($loc in $locs) { $bepa = "Location with $loc.subnetID" ; swmi -path 
$loc.path -Arguments @{LocationName=$bepa}}

But this does:

PS C:\> $locs = gwmi -namespace root\StifleR -Query "Select * from Subnets" ; 
foreach ($loc in $locs) { $bepa = $loc.subnetID ; $bepa = "Location with ip 
$bepa" ; swmi -path $loc.path -Arguments @{LocationName=$bepa}}

But was really hoping for, but this just returnes null:

gwmi -namespace root\StifleR -Query "Select * from Subnets" | swmi -path 
$loc.path -Arguments @{LocationName="Location with ip $_.subnetID"}

//A

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Michael Niehaus
Sent: den 26 juli 2016 07:58
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Piping from GWMI to SWMI

Can you use Get-WMIInstance and Set-WMIInstance?  Set-WMIInstance indicates 
that it can take a management object from the pipeline.

Thanks,
-Michael

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Andrew Craig
Sent: Monday, July 25, 2016 12:50 PM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Piping from GWMI to SWMI

SWMI does not accept pipeline input

At least that is my understanding.

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Andreas Hammarskjöld
Sent: 25 July 2016 20:54
To: mssms@lists.myitforum.com
Subject: [mssms] Piping from GWMI to SWMI

So in PowerShell, when piping from GWMI to SWMI can I access properties from 
the GWMI object like with $_.?

Example of what I am trying to do:

GWMI -query "select * from stuff" | SWMI @{Value= $_.Value + 10}

Or is that not possible, obviously not working for me...

Regards,
Andreas Hammarskjöld

Co-Founder & Dev Guy
Skunkworks Division
2Pint Software

Mobile: +46 727 253995
andr...@2pintsoftware.com
https://twitter.com/AndHammarskjold

[mssms] RE: Piping from GWMI to SWMI

2016-07-26 Thread Andreas Hammarskjöld

People...

PS C:\> swmi

cmdlet Set-WmiInstance at command pipeline position 1
Supply values for the following parameters:
Class: PS C:\>

Ok, so gwmi is Guess what. Get-WMIInstance. Just us flatpack IKEA swedes 
using short commands...

The problem is not that I can't pipe to SWMI, that part works fine. But I don't 
seem to be able to access properties directly. I guess it's down to PS 
funniness.

So this doesn't work, get the object name instead:

PS C:\> $locs = gwmi -namespace root\StifleR -Query "Select * from Subnets" ; 
foreach ($loc in $locs) { $bepa = "Location with $loc.subnetID" ; swmi -path 
$loc.path -Arguments @{LocationName=$bepa}}

But this does:

PS C:\> $locs = gwmi -namespace root\StifleR -Query "Select * from Subnets" ; 
foreach ($loc in $locs) { $bepa = $loc.subnetID ; $bepa = "Location with ip 
$bepa" ; swmi -path $loc.path -Arguments @{LocationName=$bepa}}

But was really hoping for, but this just returnes null:

gwmi -namespace root\StifleR -Query "Select * from Subnets" | swmi -path 
$loc.path -Arguments @{LocationName="Location with ip $_.subnetID"}

//A

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael Niehaus
Sent: den 26 juli 2016 07:58
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Piping from GWMI to SWMI

Can you use Get-WMIInstance and Set-WMIInstance?  Set-WMIInstance indicates 
that it can take a management object from the pipeline.

Thanks,
-Michael

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Andrew Craig
Sent: Monday, July 25, 2016 12:50 PM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Piping from GWMI to SWMI

SWMI does not accept pipeline input

At least that is my understanding.

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Andreas Hammarskjöld
Sent: 25 July 2016 20:54
To: mssms@lists.myitforum.com
Subject: [mssms] Piping from GWMI to SWMI

So in PowerShell, when piping from GWMI to SWMI can I access properties from 
the GWMI object like with $_.?

Example of what I am trying to do:

GWMI -query "select * from stuff" | SWMI @{Value= $_.Value + 10}

Or is that not possible, obviously not working for me...

Regards,
Andreas Hammarskjöld

Co-Founder & Dev Guy
Skunkworks Division
2Pint Software

Mobile: +46 727 253995
andr...@2pintsoftware.com
https://twitter.com/AndHammarskjold

[mssms] RE: Piping from GWMI to SWMI

2016-07-26 Thread Michael Niehaus

Can you use Get-WMIInstance and Set-WMIInstance?  Set-WMIInstance indicates 
that it can take a management object from the pipeline.

Thanks,
-Michael

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Andrew Craig
Sent: Monday, July 25, 2016 12:50 PM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Piping from GWMI to SWMI

SWMI does not accept pipeline input

At least that is my understanding.

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Andreas Hammarskjöld
Sent: 25 July 2016 20:54
To: mssms@lists.myitforum.com
Subject: [mssms] Piping from GWMI to SWMI

So in PowerShell, when piping from GWMI to SWMI can I access properties from 
the GWMI object like with $_.?

Example of what I am trying to do:

GWMI -query "select * from stuff" | SWMI @{Value= $_.Value + 10}

Or is that not possible, obviously not working for me...

Regards,
Andreas Hammarskjöld

Co-Founder & Dev Guy
Skunkworks Division
2Pint Software

Mobile: +46 727 253995
andr...@2pintsoftware.com
https://twitter.com/AndHammarskjold

39 matches

Mail list logo