1) DHCP Option 67: smsboot\x64\wdsmgfw.efi
2) DHCP Option 60: PXEClient
3) Task Sequence: Select x64 boot image
Nice blogpost
http://henkhoogendoorn.blogspot.com/2014/03/pxe-boot-files-in-remoteinstall-folder.html
Very nice guide to allow UEFI and BIOS machine servicing using PXE:
Using DHCP to Control WDS PXE
https://drive.google.com/open?id=0B-Myn42Tc3zSVDhkRURKZkhCZzQ
środa, 14 grudnia 2016
wtorek, 29 listopada 2016
SCCM tips and tools
SCCM drivers injector - nice tool to grap drivers from specific computer
Cireson Remote Manage App - free application used to get information about sccm client information, display useful output at the bottom of window with WMI commands
Configrutaion Manager Support center - allows You to gather all sccm client logs, zip it, then You are able to open all of them (bundle) using support center viewer
CCM clean - nice old tool (link here) to remove\repair sccm client
Cireson Remote Manage App - free application used to get information about sccm client information, display useful output at the bottom of window with WMI commands
Configrutaion Manager Support center - allows You to gather all sccm client logs, zip it, then You are able to open all of them (bundle) using support center viewer
CCM clean - nice old tool (link here) to remove\repair sccm client
czwartek, 3 listopada 2016
WMI query for computer model name and battery
wmic path win32_computersystemproduct get version
wmic path win32_battery get status
wmic path win32_battery get status
SCCM database views
BIOS\wmi problems with computer model name:
Version like ThinPad T540p or Lenovo product can be found:
v_GS_COMPUTER_SYSTEM_PRODUCT
Sample query to display also computer name from v_R_System view:
SELECT csp.ResourceID, csp.Version0, rs.Name0
FROM [CM_KR1].[dbo].[v_GS_COMPUTER_SYSTEM_PRODUCT] csp inner join [CM_KR1].[dbo].[v_R_System] rs on
csp.ResourceID = rs.ResourceID
or WQL query for SCCM console:
select csp.Version, csp.ResourceID, rs.Name
from SMS_R_System as rs inner join SMS_G_System_COMPUTER_SYSTEM_PRODUCT as csp
on csp.ResourceID = rs.ResourceId
where csp.Version = 'Lenovo Product'
hjhj
Version like ThinPad T540p or Lenovo product can be found:
v_GS_COMPUTER_SYSTEM_PRODUCT
Sample query to display also computer name from v_R_System view:
SELECT csp.ResourceID, csp.Version0, rs.Name0
FROM [CM_KR1].[dbo].[v_GS_COMPUTER_SYSTEM_PRODUCT] csp inner join [CM_KR1].[dbo].[v_R_System] rs on
csp.ResourceID = rs.ResourceID
or WQL query for SCCM console:
select csp.Version, csp.ResourceID, rs.Name
from SMS_R_System as rs inner join SMS_G_System_COMPUTER_SYSTEM_PRODUCT as csp
on csp.ResourceID = rs.ResourceId
where csp.Version = 'Lenovo Product'
hjhj
wtorek, 27 września 2016
Windows 10 new features
Security:
Device guard
Credential Guard protects corporate credentials with hardware-based credential isolation (prevents the current forms of the pass-the-hash (PtH) attack)
Windows hello with TPM 2.0
Secure Boot protect Disable Execute bit (NX option) or ensuring that the test signing policy (code integrity) cannot be enabled. Devices with UEFI firmware can be configured to load only trusted operating system bootloaders
Early Launch Antimalware (ELAM) tests all drivers before they load and prevents unapproved drivers from loading.
Health attestation. The device’s firmware logs the boot process, and Windows 10 can send it to a trusted server that can check and assess the device’s health.
Device guard
Credential Guard protects corporate credentials with hardware-based credential isolation (prevents the current forms of the pass-the-hash (PtH) attack)
Windows hello with TPM 2.0
Secure Boot protect Disable Execute bit (NX option) or ensuring that the test signing policy (code integrity) cannot be enabled. Devices with UEFI firmware can be configured to load only trusted operating system bootloaders
Early Launch Antimalware (ELAM) tests all drivers before they load and prevents unapproved drivers from loading.
Health attestation. The device’s firmware logs the boot process, and Windows 10 can send it to a trusted server that can check and assess the device’s health.
poniedziałek, 19 września 2016
SCCM backup
Disks
c - system
d - SQL bin\logs
e - sccm data (packages, apps, etc)
f - sql database
Administration \ Site configuration \ Sites \ Site Maintenance
Backup Site Server to disk E:
Next step is to use script (OS task scheduler) to copy this backup and logs to another server
https://drive.google.com/open?id=0B-Myn42Tc3zSRWQwcXdIOElpX0U
At the end of the script there is another script
https://drive.google.com/open?id=0B-Myn42Tc3zST2VJMF9DcEFBNnc
to delete old backups
Set system state backup using wizard or wbadmin
c - system
d - SQL bin\logs
e - sccm data (packages, apps, etc)
f - sql database
Administration \ Site configuration \ Sites \ Site Maintenance
Backup Site Server to disk E:
Next step is to use script (OS task scheduler) to copy this backup and logs to another server
https://drive.google.com/open?id=0B-Myn42Tc3zSRWQwcXdIOElpX0U
At the end of the script there is another script
https://drive.google.com/open?id=0B-Myn42Tc3zST2VJMF9DcEFBNnc
to delete old backups
Set system state backup using wizard or wbadmin
piątek, 2 września 2016
Manually invoke SCCM baseline evaluation
$ComputerName = "xxx"
$Baselines = Get-WmiObject -ComputerName $ComputerName -Namespace root\ccm\dcm -Class SMS_DesiredConfiguration
$name = Get-WmiObject -ComputerName $ComputerName -Namespace root\ccm\dcm -Class SMS_DesiredConfiguration | Where-Object {$_.DisplayName -match "BitLocker Protection"} | Select-Object -ExpandProperty Name
$version = Get-WmiObject -ComputerName $ComputerName -Namespace root\ccm\dcm -Class SMS_DesiredConfiguration | Where-Object {$_.DisplayName -match "BitLocker Protection"} | Select-Object -ExpandProperty Version
([wmiclass]"\\$ComputerName\root\ccm\dcm:SMS_DesiredConfiguration").TriggerEvaluation($Name, $Version)
$Baselines = Get-WmiObject -ComputerName $ComputerName -Namespace root\ccm\dcm -Class SMS_DesiredConfiguration
$name = Get-WmiObject -ComputerName $ComputerName -Namespace root\ccm\dcm -Class SMS_DesiredConfiguration | Where-Object {$_.DisplayName -match "BitLocker Protection"} | Select-Object -ExpandProperty Name
$version = Get-WmiObject -ComputerName $ComputerName -Namespace root\ccm\dcm -Class SMS_DesiredConfiguration | Where-Object {$_.DisplayName -match "BitLocker Protection"} | Select-Object -ExpandProperty Version
([wmiclass]"\\$ComputerName\root\ccm\dcm:SMS_DesiredConfiguration").TriggerEvaluation($Name, $Version)
piątek, 6 maja 2016
Get BitLocker recovery key from AD using powershell
$DNs = Get-ADComputer -filter
* -Properties
DistinguishedName | Select-Object @DistinguishedName
Foreach ($DN in $DNs)
{
Get-ADObject -Filter {objectclass -eq 'msFVE-RecoveryInformation'} -SearchBase $DN -Properties 'msFVE-RecoveryPassword'
| ft -Property DistinguishedName, name, msFVE-RecoveryPassword
-AutoSize |
Out-String -Width
1000 | Out-File -FilePath C:\work\PS_AK\BLpass2.txt -Append
}
poniedziałek, 25 kwietnia 2016
Automatically remove computer from SCCM collection based on task sequence success message
We have some collections called PXE into which we add computers for OSD process. When task sequence finish successfully such computer is removed from this collection automatically using status filter rules.
In SCCM console: Administration > Site configuration > Sites > click on site and from ribbon choose Status Filter Rules
and
Script can be found here https://drive.google.com/open?id=0B-Myn42Tc3zScDdJRGpOSEhSQlU
In SCCM console: Administration > Site configuration > Sites > click on site and from ribbon choose Status Filter Rules
and
Script can be found here https://drive.google.com/open?id=0B-Myn42Tc3zScDdJRGpOSEhSQlU
Subskrybuj:
Posty (Atom)