SCCM: Add a client to the sccm console - sccm

I have installed a SCCM system. My problem now is that I don't know how to integrate clients that are on the same network like the SCCM.
I have already created a location in the SCCM-Console and i have to integrate application software into the SCCM.
The Testclient already has a Windows 7 installed.
My question: How do I connect a client with the SCCM?

It kind of seems like you are potentially asking a few different things here so I will give an answer to what I think you are asking and hopefully that helps
1. To add computers to sccm so they show up in your management console, you can either do it manually or via discovery. You can configure discovery in the administration tab. Normally you will want to discover computers from your AD setup.
2. To install the sccm client on the computers, you can either do it manually by running the software on the PC. Alternatively you can push out the client to computer by right clicking them and pushing out the client there.
3.To add software to sccm you can go to the software library tab and create either packages or applications.
Hope this helps.

You need to setup boundaries and boundary groups within SCCM based on subnet or AD sites.
Take a look at this example: http://shabaztech.com/sccm-2012-r2-client-installation/
If you have discovery turned on, you should be able to right-click a computer object within the SCCM console and install the client, assuming you have the proper accounts and firewall rules setup.

Related

Visual Studio Team Services when someone leaves the company

We've transitioning from Rackspace dedicated boxes to a completely cloud Azure environment. Production servers and development and as an MS shop we're going to be using Visual Studio Team Services. As an MS ISV partner we have a bunch of MSDN seats so our developers are all going to have an MSDN w/ VS Premium account which we'll use with Team Services/TFS. We're replicating our production web server on a virtual machine but after some refactoring will eventually move to an Azure website.
My question is about when users leave the company. Right now we have everyone log into a development server using RDP. They develop on that server. When someone is gone we shut their access off to that server.
With Team Services when the user opens up a project do they automatically get the entire project downloaded to their local development environment/machine? If someone leaves the company is there a process using VSO that secures that code and removes it from them or makes it inaccessible? Any way to lock it down when we need to? I can't seem to find a procedure to do this.
To add or remove someone from the account, go to the Users hub on the home page for your account. If you remove a user from it, that user will no longer be able to access your account.
When users connect to your account, they'll need to take some action to get source code. That would be cloning in the case of using Git or creating a workspace and running get for TFVC.
If the user has source code, for example, on a machine, there is no way to remotely remove it. They won't be able to get updates, etc., but there's nothing running on the computer that would be able to erase the code the user has already obtained.
All source code sharing i know allow zipping up or browsing the local repository. Including VS Team Services.
Daniel Mann is correct . Developing on shared servers via RDP is terrible for productivity due to development being graphics and disk intensive, often requiring admin rights and reboots / crashes, debugging triggers system interrupts, out of memory loops are fun on a shared machine ie they stuff everybody else around. (Even with RDP you can copy and paste or map a network drive locally or upload to the net )
If your doing critical stuff the ONLY thing that really works is physically bring them in to non internet connected machine /network with USB disabled. However these mechanisms especially denying internet will half productivity.
This is why most organizations rely on legal contracts. On a 2M project is it worth making it a 4M project? There are cases where this is required normally around national security /CIA / Defence but not for IP, there are better / trickier ways.
Pretty much all binaries are reverse engineer-able with little effort if you really want to. obfuscation does very little.

What is the 2014 way to centrally deploy agents

I'm getting requests from 'the Field' to make my agent deployment 'easier' but I'm at a loss as to how.
Right now, I provide a user Interface to install and configure the agents.
To deploy the agents, I relied on older Windows technologies, here are the steps I use:
Start dependent services via remote SCM
Copy the agent.MSI via the File Administrative shares
Configure the agent's settings via remote registry calls
Use WMI to remotely silently run the agent.msi
Use the Administrative shares to move the agent.msi to the program folder (for uninstalling later)
To allow all these steps to happen, I need:
1. the firewall to configured correctly
2. the 'installing' user has to have admin access to the remote computer
3. Remote File Admin shares have to be turned on.
4. (I turn on WMI and Remote Registry remotely)
This deployment system was built back in the 2003 days.
Is there some better way now? Maybe a deployment library I can use?
thank you.
The best you can do here is to create a properly behaving .MSI that supports silent installation. It is then up to your user communities to plan their own deployments using the tools of their choice such as SCCM. Much more detail is required in order to give exact suggestions.

How to check the applicability of a Microsoft patch

Environment:
I work in a lab that tests software against multiple domain configurations. I currently have 8 domains with no cross-domain trust. They each have a WSUS server that talks to our primary NOC WSUS Server. Other than talking to the primary WSUS server, there is no communication from one domain to the other. I cannot change GPO settings or install any software that isn't already installed. The domains range from Windows XP with Server 2003 to Windows 7 with Server 2008. Each domain has anywhere between 8-20 servers and 3-5 workstations.
I have a machine that can talk to each of the servers in all of the domains, and can also talk to the primary WSUS server. I primary work with PowerShell, but I'm not opposed to another language if it makes what I'm trying to do easier. I have PowerShell 2.0 installed, but I can easily installed PowerShell 3.0 if needed.
Scenario:
I am charged with checking if patches have been installed on each of the servers. This testing cannot rely on WSUS's built in reporting tools, per requirements I cannot change. I would receive a list of patches, and I need to check each server to see if the patches are installed. Since the patches can be anything from Windows XP to Server 2008, I also need to check if the patch is applicable to the server itself. I have tried to use PoshWSUS to check for applicability, but I cannot get a connection to the Primary WSUS server because of either IIS rules or a Firewall rule. I have search online, and followed several guides, but this WSUS's setup is very customized, and I can only do so much to the server itself.
Example:
I have the following Patches:
KB2604092
KB2676562
KB2686509
I want to check the following server:
DC01: A Windows Server 2008 Domain Controller
I am currently using the following PowerShell command to test if they are installed:
Get-HotFix -ID "KB2604092","KB2676562","KB2686509" -ComputerName DC01
This command shows the following patches are installed:
KB2676562
KB2686509
Leaving the following uninstalled:
KB2604092
This correctly tells me that KB2676562 and KB2686509 are installed, but it doesn't tell me if KB2604092 missing, or not applicable.
What I am stuck on is how to verify that KB2604092 is not applicable to DC01. I can easily search Microsoft's site to verify it is only for Windows Server 2003 or Windows XP, but how can I check it's applicability via a script. I would love to find a way to scrap the Microsoft KB article for the data, but I don't know how to pull the required information from the web page. I assume there has to be a check within WSUS to check applicability, but I don't know where to look for something like that.
Edit:
I forgot to mention, I have no control over what patches are approved, that is done by an outside company.
Well for security patches, Microsoft publishes a a spreadsheet that lists the all security bulletins since 1998. You can download from this page. (Direct link to spreadsheet)
You could then parse that spreadsheet (if you convert it to a CSV file, that would be easy to parse in powershell). It gives you all the information you are asking about.
If you're only interested in whether the update is applicable to the corresponding operating system, IUpdate.ProductTitles should give you the information you need.
There are more complicated cases, such as where an update is applicable only if a certain system component is installed. I don't think there's any way to handle those cases automatically.

Why is there a Red Cross against my User Group in Team Explorer > Team Members?

Recently our Development user group (Windows) has started showing with a Red Cross in Team Explorer and we cannot expand it anymore.
I have tried removing and re-adding the group but to no avail.
Does anyone know why it would display like this?
We are using TFS 2010 with VS2010 SP1 and August's Power Toys.!
BTW, "Technical Testing Team" is another Windows Domain User Group, just like Development and that works OK.
In general, the red crosses on particular services are caused either by that service being unavailable or by permissions issues...
Are you still able to perform actions that require admin permissions? Does this apply to a single project or all?
How are you defining your developers? A windows domain group? If so, is the TFS server able to see the DC?
I'd suggest you try installing Team Explorer on the TFS server and running it when logged on as yourself - see if you have the same problem. If not, it may be network or firewall problems between your dev machine and the server. At least it would narrow the problem down.
Edit 1:
Do reports work properly? (Specifically, do the graphs show up in reports)?
What auth are you using? Kerberos?
What account is TFS running as? What permissions (if any) does that account have on the network?
Can you see the security information you'd expect in the TFS_Configuration database? (Try tbl_SecurityAccessControlEntry) [Usual "Change nothing, do it at your own risk" disclaimer]
Edit 2:
As per the install docs, the TFS service should be running under its own account (IIRC they suggest Domain\TFS.Service). Check the permissions on the windows services on the TFS Server and see who they're running as. Makes sure the permissions for that user are correct as per the installation instructions
NTLM can cause problems as it doesn't allow credentials to be delegated/relayed the way Kerberos does (and has some picky setup requirements) - but that's obviously not why it's broken all of a sudden (and that usually manifests as graphs not displaying in reports).
WRT: the SecurityAccessControlEntry table, I was more interested in making sure there were entries and that it could be read properly than the contents.
I assume you've tried deleting/recreating groups - If not, give it a shot (deleting the domain group may be an issue with other services but try using a different (new) group and removing the old one from TFS entirely)
I have to admit I'm running out of ideas after that. If it were me, I'd try a clean install on a new server/VM and either point the new install at the old data store [multiple server setup] or export/import projects [single server setup].
For Multiple server setups, this would determine if it's a TFS installation issue/data corruption. For single-server, there's a good chance this would just clean up the problem. You could, of course, also ex/import on multi-server too if it does turn out to be a data thing.
You may want to hang on to see if someone has a less drastic solution.
Looking in the General tab of the VS Output windows there is a message:
Skipping loading group Development into Team Members because it has 102 members.
Looks like VS has a limit on here.

Developing an automated software deployment program through Samba or Active Directory

I'm a web developer that needs to build a piece of software for my local office of about 20-30 Windows computers. It needs to automatically and silently run software updates and deployments on all computers.
The Windows computers run on a local network. I'm not sure where to start putting my hands on with something like this... I'm an experienced programmer, just need the right direction on what to read.
I know each Windows client has a Samba server, and also we're using Active Directory, but I'm not sure how that works.
How would I go about starting developing this? I'm sure there's Windows APIs for samba file transfers, but I also need to know about documentation on silently installing the .exe or whatever, and also I need APIs to know the applications running on the client to understand if they need to be updated.
Where's all these APIs?
Have a look at wpkg.org. It's license is GPL. It runs on Samba in an Active Directory. See also their feature overview.
I mentioned Samba only because you also did so. Though your exact words read: 'I know each Windows client has a Samba server [....] though I'm not sure how that works.'
In case you meant that each Windows client has access to a Samba server, my answer may be contributing to help you.
In case you thought your Windows clients are running Samba themselves, this is impossible (but my answer may help to clarify a few things nevertheless).
Here's why:
Samba is an implementation of the Microsoft SMB stack of networking protocols for Unix-oid operating systems.
SMB is what all Windows computers use natively.
why exactly you want do develop this application
there is a Microsoft product responsible for this thing . it is called SUS server

Resources