WinPE commands

  1. Reboot with in WinPE

    wpeutil reboot

  2. Mount Image for servicing

    Dism /Mount-Wim /WimFile:”G:\DeploymentShare\Operating Systems\ED\ED.wim” /index:1 /MountDir:G:\wim-mount

  3. Inject drivers offline

    DISM /image:G:\wim-mount /Add-Driver /driver:C:\79oi22ww /recurse

  4. Commit wim changes

    Dism /Unmount-Wim /MountDir:G:\wim-mount /Commit

  5. Compress DSIM serviced image

    imagex /export “G:\DeploymentShare\Operating Systems\ED\ED.wim” 1 c:\ED.wim /compress maximum

MDT custom variable for Lenovo Model – DriverGroup

The MDT Environment variable Model on lenovo machines returns something like 4158WNE instead human readable string, let says “ThinkStation D20”.
For Dell Machines Model=Dell DXP061 which facilitates using the Model variable directly for DriverGroup
Fortunately we can do the same for Lenovo Models by retrieving Version from Win32_ComputerSystemProduct WMI Class.
Lets modify the ZTIGather.wsf file which generates the MDT variables.

Result, Now we have an extra MDT variable with the right string we want. πŸ˜‰

Create the required Driver Folder structure

Add the following lines to CustomSettings.ini
DriverSelectionProfile=Nothing
DriverGroup001=%Make%\%LenovoModel%

Modified ZTIGather.wsf can be downloaded here.

Change SCOM Client Agent Policy Pull Interval

By default agent check back every 1 hour to determine if there are any policy changes. This can be configured if needed by editing the following registry key

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HealthService\Parameters\ConnectorManager

Create a DWORD value named β€œADPollIntervalMinutes” and set it to the period you wish for the healthservice to check for new polices.

Manual SCOM Agent Installation and Registration

Ran the following command on my windows 7 domain joined machine

msiexec /i MOMAgent.msi /qn USE_MANUALLY_SPECIFIED_SETTINGS=0


In less than a minute the installation is finished

Event Viewer logs reveals the status of registration

  • A new Management Group was added to the Microsoft Operations Manager Agent.
  • HealthService (2072) Health Service Store: The database engine (6.01.7600.0000) started a new instance (0).
  • The Health Service successfully retrieved policy from Active Directory
  • The Management Group MgmtGrp has been discovered in Active Directory.
  • Active Directory Integration has been enabled for management group MgmtGrp.
  • No certificate was specified. This Health Service will not be able to communicate with other health services unless those health services are in a domain that has a trust relationship with this domain. If this health service needs to communicate with health services in untrusted domains, please configure a certificate.
  • The OpsMgr Connector successfully retrieved policy from Active Directory for management group MgmtGrp.
  • OpsMgr has no configuration for management group MgmtGrp and is requesting new configuration from the Configuration Service.
  • Management Group “MgmtGrp” was started.
  • The Health Service has published the public key [34 DC 07 4D E4 9D 29 80 4B C0 53 79 23 8E B8 2E ] used to send it secure messages to management group MgmtGrp. This message only indicates that the key is scheduled for delivery, not that delivery has been confirmed.
  • The Health Service has validated all RunAs accounts for management group MgmtGrp.
  • The OpsMgr Connector connected to SCOM01.MULPURU.LOCAL, but the connection was closed immediately after authentication occurred. The most likely cause of this error is that the agent is not authorized to communicate with the server, or the server has not received configuration. Check the event log on the server for the presence of 20000 events, indicating that agents which are not approved are attempting to connect.
  • OpsMgr was unable to set up a communications channel to SCOM01.MULPURU.LOCAL and there are no fail over hosts. Communication will resume when SCOM01.MULPURU.LOCAL is available and communication from this computer is allowed.

The reason for RSM to reject the client connection is because I forgot to change the default behavior of management server which is to reject manual agent installs.


After making the above change, Win7 appears in the pending devices list




On the Windows 7 Client

Finally

Hope this is informative.
For more MOMAgent.msi switches refer – http://technet.microsoft.com/en-us/library/bb309553.aspx

SCOM AD Integration

For manual installation of agents SCOM has a way to utilize AD DS to assign agent-managed computers to Management Groups.
First Step in achieving this is by running Disk:\SupportTools\CPUArch\MomADAdmin.exe using domain admin account

For my setup I ran MomADAdmin with the following parameters

MomADAdmin.exe MgmtGrp Mulpuru\OpsMgrAdmin SCOM01 MULPURU

MgmtGrp is the ManagementGroup name choosen @ SCOM Installation
OpsMgrAdmin is MOMAdminSecurityGroup
SCOM01 is RootManagementServer(RMS)
MULPURU is the Domain Name


What did MomAdAdmin.exe do?
The following

  • Creates OperationsManager OU object under Domain Root, MgmtGrp OU, HealthServiceSCP OU and MgmtGrp_HSvcSCP_SG Global Group
  • The AD DS security group (OpsMgrAdmin) provided in the command line is granted read and delete child permissions to the container. this way, OpsMgr admins are given the permission necessary to add Management Servers to the container and assign computers to them, without needing to be domain administrators.


Second Step is to run Operations Manager 2007 Agent Assignment and Failover Wizard using the OpsMgrAdmin member to populate values in AD for clients to find the Root Management Server

The above steps will make the management server to publish it’s information to AD on next polling cycle; by default hourly. I forced RMS to publish sooner by restarting the server (can be done by restarting the Health Service as well).

PowerShell EncodedCommand

In some cases we want to hide the command to prevent users from seeing it as a clear text. PowerShell has a way of running Base64 encoded commands using -EncodedCommand Parameter

Powershell Help
Powershell Help

Base64 encoded string of a set of characters that contains only a-z, A-Z, 0-9, + and / and is often used in situations when sending non-text information via a text only transmission .



Script
##############################################################################
##
## PowerShell Encoded Command
## by Siva Mulpuru
##
##############################################################################

cls
$cmd = 'Write-Host "This is a Encrypted Text"'
#encodes the characters, and returns the resulting bytes.
$ubytes = [System.Text.Encoding]::Unicode.GetBytes($cmd)
#Converts to Base64String; Refer - http://www.hcidata.info/base64.htm for indepth Base 64 Encoding
$encodedcmd = [Convert]::ToBase64String($ubytes)
write-Host "Encoded String is `n$encodedcmd"
write-Host "Running Encoded Command -->  " -NoNewline
Powershell.exe -EncodedCommand $encodedcmd




Output

Powershell Functions with parameter binding

The Script πŸ˜‰

Code is simple and self-explanatory

function f1
{
param($argone, $argtwo)
begin{
        # Only gets process at the Beginning
        # Normally include Variable initialization
    if($argone -eq $null -or $argtwo -eq $null)
    {
        Write-Host "`nFunction called with 0 args"
        $argone = "Grape"
        $argtwo = "Mango"
    }
    else
    {
        Write-Host "`nFunction called with args"
    }
}
Process{
        # Gets process for each object in the pipe 
        "`t{0} is arg one and {1} is arg two" -f $argone,$argtwo
}
End{
        # Always get processed once at the end
        Write-Host "Exiting function"
}
}
cls
#Fucntion call with parameter binding
f1 -argone "Apple" -argtwo "Orange"
#Fucntion call with parameter binding in revese
f1 -argtwo "Apple" -argone "Orange"
#Fucntion call with out parameters 
f1
Output
Function called with args
	Apple is arg one and Orange is arg two
Exiting function
Function called with args
	Orange is arg one and Apple is arg two
Exiting function
Function called with 0 args
	Grape is arg one and Mango is arg two
Exiting function

SCOM Agent Install

System Center Operations Manager Agent can be installed and registered to SCOM in two methods

  1. Push Installation from SCOM
  2. Manual MSI Installation – InstallDisk\agent

In this post only the push install will be covered

Push Installation from SCOM console

SCOM Device Discovery
SCOM Device Discovery







Few seconds after clicking the finish button MOMAgentInstaller.exe is launched on DC01.Mulpuru.Local


Note: Client Installation logs are located on SCOM Management Server under
C:\Program Files\System Center Operations Manager 2007\AgentManagement\AgentLogs

WordPress Appliance - Powered by TurnKey Linux