gwblok – GARYTOWN ConfigMgr Blog

Scripts Node: Task Sequence Info & Remediation.

September 4, 2018September 5, 2018gwblok

So this script is just a part of one that I’ve developed for using at WF. The other one includes a lot more logic for remediation based on our WaaS Process Registry Keys that get created during the process. So I’ve cleaned it up, and stripped out a bunch to make it more generic to work in any environment.

The Script itself is like 75% functions, then 25% running actions.

Overview of what it does:

Reports the Parameters you’ve specified
- ForceTSReset = This will force resetting of the CCMExec & SMSTSMGR services & process, effectively killing off a running (hung) TS. This will not run even if set to true if already upgraded ($CurrentBuild = $BuildNumber) Default = False
- ScriptLogging = Do you want it to log localling and on the server? Default = True
- ForceTriggerTS = Will kick off the PreCache or IPU TS, if both are available, IPU wins and will kick off. This will not run even if set to true if already upgraded ($CurrentBuild = $BuildNumber) Default = False
- DeleteExecutionHistory = It will find any Execution History for the PackageIDs you’ve specified, then delete them. This is another potential fix to help you retry running a TS . Default = False
- TSPCPackageID = Package ID of the PreCache TS
- TSIPUPackageID = Package ID of your IPU TS
Report Make & Model
Report Current OS Build
Report CMCache Size & Fix if less than 25GB
Disk Size & Free Space & Run Cleanup if less than 20GB Free
Find Task Sequences Available to Machine
- Based on PackageID’s you’d put in parameters
List Execution History of those PackageID
Delete Execution History of those PacakageIDs
- Based on True or False Parameter
Report Status & Startup Type of CCMExec & SMSTSMGR
Report Provisioning Mode Status and Remediate
If Machine has not already upgrade to the build you specify in Parameter (ex 1803)
- Gets Status if TS is hung
- Gets Status if SetupHost is running
- Will attempt to close the TS nicely
- Get Status if TS still hung
- Resets the CM Client & TS Services to clear out any running TS
- Triggers the Upgrade TS
  - If you set the Parameter to Trigger TS
If the Services were Reset, it rechecks..
- Waits 10 minutes for Policy to update
- Checks if same Task Sequences are available
- Will try to Trigger again with updated policy
  - If you set the Parameter to Trigger TS

Run PowerShell ISE as System to Test scripts… From Software Center

September 4, 2018gwblok

Yet another post caused by my recent rebuilding of my lab from scratch after I totally hosed my last CM Server. This time I’m documenting (blogging) a few additional things.

So you write a lot of scripts for ConfigMgr? Notice that they sometimes don’t perform quite as expected because they run as system instead of a user? Quick and easy way to make the PowerShell ISE available for you to test running your scripts as System. Nope, it’s not PSExec… this is even easier.

Super Simple, almost feel it’s not even blog worthy, but here it is anyway.

Make a Package, no Content (PowerShell ISE x64)
Make a program (RunAsSystem)

Command: %SystemRoot%\sysnative\WindowsPowerShell\v1.0\powershell.exe –command "ise"

Then Deploy it to a user or user group, very limited test group, as this gives anyone with this deployment full system access to their machine.

When you click Install, you’ll see the black command window for a second, then the ISE start launching. Once Launched, you’ll see it is running as System.

Now you can test your script under the same context that CM would run this. I use this all the time to test things I plan to load into the scripts node.

Posted on GARYTOWN.COM

Scripts Node, Add Local & Network Logging to Script

September 2, 2018September 3, 2018gwblok

This is basically two posts in one, add logging to your scripts in the script node, and Get Service Windows Info, check if you have any deployments being squashed by too restrictive Services Windows, and remove the service windows if you want to. Why add logging… several reasons, to know what the script did, to have a “paper trail”, and helps with troubleshooting. I’ve added logging to my scripts for accountability as well. I have it log to a network share because I’m not local admin on the boxes I’m running the scripts on, so having a central share to collect the scripts is very important to me when I’m troubleshooting issues.

The reason I wrote this script was because we've run into machines that would never run the Upgrade because they would return with a status message "deployment will never run, too restrictive of service window". We do not check the box on our deployments to run outside of a Service Window, as we want to respect what the Business Unit have said are their approved times to service machines. However there are times when the windows are just too small for the time we've specified in our TS, or someone created a local service window manually, using a tool like Client Center, to accomplish a one-off task and never cleaned it up. So I created a script that would read the execmgr.log file, search for a restrictive window issue, then delete them (based on parameters). You can search for Local Service Windows or Server Side (Collection) Service Window and delete those, or choose Delete all service windows. Common Sense Warning: Use with Caution, and Test please. This script is deleting Service Windows which restrict installs / reboots from happening all willy nilly. If you start removing those restrictions… well.. you get it.

Setup Alias for your ConfigMgr Content Source

August 29, 2018gwblok

Super quick post, basically I had to do this today and I don’t want to forget when I replace my source file server next time.

What: Setting up Alias name for CM Source File Server, so when the server is replaced, you move the Alias name to the new server, so it never impacts your Package Content Source Path.

How: NetDom – TechNet Blog HERE

Right about now you might be saying “Ok Gary, this is great, but I didn’t plan ahead, should I wait to when I replace the server to set this up, or just do it now?” I say, “DO IT NOW!”.. All future content you can use the Alias name, and as you get time, you can prune old garbage and update rest of the package properties to the alias path.

To make that process a bit easier, @NickolajA created this nifty tool to migrate your paths via automation. TechNet Gallery

Posted on GARYTOWN.COM

IPU & Offline Dynamic Updates

August 16, 2018August 20, 2018gwblok

UPDATE: 8/20 - Adam Gross (@AdamGrossTX) added more info and explain even more! That guys is awesome, really nice walk through on how to do it with a script to automate! Check it out HERE

UPDATE: 8/17 - Heard back from MS. Rest of those Dynamic Updates need to be applied offline to your Build Media, they are NOT included in the monthly CU. (Read full article for context)

Dynamic updates, what are those things? Well, as Microsoft says “With Dynamic Update, if you start a computer from an existing operating system (for example, Windows 8), and then run Setup from that operating system [IN PLACE UPGRADE], Setup [Windows 10 Upgrade Setup] can check for new Setup files, including drivers and other files.” You can enable it in your TS on the Upgrade OS step: (yes, you want to do this if you have bandwidth, way more info HERE, Thanks Adam)