- Reboot with in WinPE
wpeutil reboot
- Mount Image for servicing
Dism /Mount-Wim /WimFile:”G:\DeploymentShare\Operating Systems\ED\ED.wim” /index:1 /MountDir:G:\wim-mount
- Inject drivers offline
DISM /image:G:\wim-mount /Add-Driver /driver:C:\79oi22ww /recurse
- Commit wim changes
Dism /Unmount-Wim /MountDir:G:\wim-mount /Commit
- Compress DSIM serviced image
imagex /export “G:\DeploymentShare\Operating Systems\ED\ED.wim” 1 c:\ED.wim /compress maximum
Andriodify
Meeee……
MDT custom variable for Lenovo Model – DriverGroup
The MDT Environment variable Model on lenovo machines returns something like 4158WNE instead human readable string, let says “ThinkStation D20”.
For Dell Machines Model=Dell DXP061 which facilitates using the Model variable directly for DriverGroup
Fortunately we can do the same for Lenovo Models by retrieving Version from Win32_ComputerSystemProduct WMI Class.
Lets modify the ZTIGather.wsf file which generates the MDT variables.
Result, Now we have an extra MDT variable with the right string we want. π
Create the required Driver Folder structure
Add the following lines to CustomSettings.ini
DriverSelectionProfile=Nothing
DriverGroup001=%Make%\%LenovoModel%
Modified ZTIGather.wsf can be downloaded here.
PowerShell Create folder tree in one line
New-Item -path “C:\winpe_x86\mount” -type directory
Creates both winpe_86 and the subfolder mount. similar to Mkdir -p in unix.
Change SCOM Client Agent Policy Pull Interval
By default agent check back every 1 hour to determine if there are any policy changes. This can be configured if needed by editing the following registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HealthService\Parameters\ConnectorManager
Create a DWORD value named βADPollIntervalMinutesβ and set it to the period you wish for the healthservice to check for new polices.
Manual SCOM Agent Installation and Registration
Ran the following command on my windows 7 domain joined machine
msiexec /i MOMAgent.msi /qn USE_MANUALLY_SPECIFIED_SETTINGS=0
In less than a minute the installation is finished
Event Viewer logs reveals the status of registration
- A new Management Group was added to the Microsoft Operations Manager Agent.
- HealthService (2072) Health Service Store: The database engine (6.01.7600.0000) started a new instance (0).
- The Health Service successfully retrieved policy from Active Directory
- The Management Group MgmtGrp has been discovered in Active Directory.
- Active Directory Integration has been enabled for management group MgmtGrp.
- No certificate was specified. This Health Service will not be able to communicate with other health services unless those health services are in a domain that has a trust relationship with this domain. If this health service needs to communicate with health services in untrusted domains, please configure a certificate.
- The OpsMgr Connector successfully retrieved policy from Active Directory for management group MgmtGrp.
- OpsMgr has no configuration for management group MgmtGrp and is requesting new configuration from the Configuration Service.
- Management Group “MgmtGrp” was started.
- The Health Service has published the public key [34 DC 07 4D E4 9D 29 80 4B C0 53 79 23 8E B8 2E ] used to send it secure messages to management group MgmtGrp. This message only indicates that the key is scheduled for delivery, not that delivery has been confirmed.
- The Health Service has validated all RunAs accounts for management group MgmtGrp.
- The OpsMgr Connector connected to SCOM01.MULPURU.LOCAL, but the connection was closed immediately after authentication occurred. The most likely cause of this error is that the agent is not authorized to communicate with the server, or the server has not received configuration. Check the event log on the server for the presence of 20000 events, indicating that agents which are not approved are attempting to connect.
- OpsMgr was unable to set up a communications channel to SCOM01.MULPURU.LOCAL and there are no fail over hosts. Communication will resume when SCOM01.MULPURU.LOCAL is available and communication from this computer is allowed.
The reason for RSM to reject the client connection is because I forgot to change the default behavior of management server which is to reject manual agent installs.
After making the above change, Win7 appears in the pending devices list
On the Windows 7 Client
Finally
Hope this is informative.
For more MOMAgent.msi switches refer – http://technet.microsoft.com/en-us/library/bb309553.aspx
SCOM AD Integration
For manual installation of agents SCOM has a way to utilize AD DS to assign agent-managed computers to Management Groups.
First Step in achieving this is by running Disk:\SupportTools\CPUArch\MomADAdmin.exe using domain admin account
For my setup I ran MomADAdmin with the following parameters
MomADAdmin.exe MgmtGrp Mulpuru\OpsMgrAdmin SCOM01 MULPURU
MgmtGrp is the ManagementGroup name choosen @ SCOM Installation
OpsMgrAdmin is MOMAdminSecurityGroup
SCOM01 is RootManagementServer(RMS)
MULPURU is the Domain Name
What did MomAdAdmin.exe do?
The following
- Creates OperationsManager OU object under Domain Root, MgmtGrp OU, HealthServiceSCP OU and MgmtGrp_HSvcSCP_SG Global Group
- The AD DS security group (OpsMgrAdmin) provided in the command line is granted read and delete child permissions to the container. this way, OpsMgr admins are given the permission necessary to add Management Servers to the container and assign computers to them, without needing to be domain administrators.
Second Step is to run Operations Manager 2007 Agent Assignment and Failover Wizard using the OpsMgrAdmin member to populate values in AD for clients to find the Root Management Server
The above steps will make the management server to publish itβs information to AD on next polling cycle; by default hourly. I forced RMS to publish sooner by restarting the server (can be done by restarting the Health Service as well).
PowerShell EncodedCommand
In some cases we want to hide the command to prevent users from seeing it as a clear text. PowerShell has a way of running Base64 encoded commands using -EncodedCommand Parameter
Base64 encoded string of a set of characters that contains only a-z, A-Z, 0-9, + and / and is often used in situations when sending non-text information via a text only transmission .
############################################################################## ## ## PowerShell Encoded Command ## by Siva Mulpuru ## ############################################################################## cls $cmd = 'Write-Host "This is a Encrypted Text"' #encodes the characters, and returns the resulting bytes. $ubytes = [System.Text.Encoding]::Unicode.GetBytes($cmd) #Converts to Base64String; Refer - http://www.hcidata.info/base64.htm for indepth Base 64 Encoding $encodedcmd = [Convert]::ToBase64String($ubytes) write-Host "Encoded String is `n$encodedcmd" write-Host "Running Encoded Command --> " -NoNewline Powershell.exe -EncodedCommand $encodedcmd
Powershell Functions with parameter binding
Code is simple and self-explanatory
function f1 { param($argone, $argtwo) begin{ # Only gets process at the Beginning # Normally include Variable initialization if($argone -eq $null -or $argtwo -eq $null) { Write-Host "`nFunction called with 0 args" $argone = "Grape" $argtwo = "Mango" } else { Write-Host "`nFunction called with args" } } Process{ # Gets process for each object in the pipe "`t{0} is arg one and {1} is arg two" -f $argone,$argtwo } End{ # Always get processed once at the end Write-Host "Exiting function" } } cls #Fucntion call with parameter binding f1 -argone "Apple" -argtwo "Orange" #Fucntion call with parameter binding in revese f1 -argtwo "Apple" -argone "Orange" #Fucntion call with out parameters f1
Function called with args Apple is arg one and Orange is arg two Exiting function Function called with args Orange is arg one and Apple is arg two Exiting function Function called with 0 args Grape is arg one and Mango is arg two Exiting function
SCOM Agent Install
System Center Operations Manager Agent can be installed and registered to SCOM in two methods
- Push Installation from SCOM
- Manual MSI Installation – InstallDisk\agent
In this post only the push install will be covered
Note: Client Installation logs are located on SCOM Management Server under
C:\Program Files\System Center Operations Manager 2007\AgentManagement\AgentLogs