The new Application Model in CM 2012 includes detection methods. These methods must be met for an application to be labeled as "Installed". This same process prevents an application from being installed if the method is already met.
The default detection methods work great for standard applications. Every once in a while though, you may need to use a custom method. Custom methods are scripts that can be ran to determine if an application is installed. I use the term "installed" loosely, simply meaning that the objective of the application has been reached. You may have applications that change a setting, and do not install anything. These custom methods may be the only way to determine if that setting has been changed.
There are three scripting types that you can choose from - PowerShell, VBScript, and JScript. I do everything possible in PowerShell, so that will be the focus of this blog. You can reference this TechNet article for detail on what I am going to show: http://technet.microsoft.com/en-us/library/gg682174.aspx. I cannot link straight to the section, so expand "Step 4: Configure Detection Methods to Indicate the Presence of the Application" and "To use a custom script to determine the presence of a deployment type". This shows the chart that I will reference.
So as you can see with this chart, there are several combinations of exit codes and strings that can be used to indicate whether an application is installed. I use an exit code of zero and a STDOUT string of "The application is installed" to indicate that the application is already installed. STDOUT can be set to anything, as long as it is not blank. I use an exit code of zero and a STDOUT of empty to indicate that the application is NOT installed.
To test if an application is present, I simply do an IF statement that sets the correct exit code and string. Here is an example. This example is testing if the SCCM client cache is greater than 25600MB. If it is, the application is considered installed. If it is not, the application is considered not installed.
If (((Get-WmiObject -namespace root\ccm\SoftMgmtAgent -class CacheConfig).Size) -ge "25600") {
Write-Host "The application is installed"
Exit 0 }
If (((Get-WmiObject -namespace root\ccm\SoftMgmtAgent -class CacheConfig).Size) -lt "25600") {
Exit 0 }
Disclaimer: I know that this can be done with an ELSE instead of two IF statements, but this method helps me to see what is going on clearer.
To write the STDOUT string, you simply need the Write-Host command, which the first part of the script is doing.
It is very important to set the exit code. As you can see in the chart, if the exit code is not set, the application detection state is set to "Unknown", meaning the CM doesn't know what to do with it. The application will neither install, or show up as installed.
Bottom line, you can use anything that can be scripted to detect if an application is present. At the end of the script, simply set the exit code to 0 and write the STDOUT string if the application is present, or leave it empty if the application is not present.
I hope this helps in your application deployments.
Monday, March 18, 2013
Wednesday, March 6, 2013
Applications have to download?
Background:
SCCM 2012 introduces a new method of doing software installs. There are now Packages, which is the legacy way of doing software, and Applications. Among other things, Applications give much better reporting and targeting features.
So I pose this as more of a question. It appears that Applications in SCCM 2012 have to download and install instead of there being an option to run them from the distribution points. Is anyone else ran across this yet? The only solid documentation on run types is one sentence in a reference book for SCCM 2012. It says that Run from DP is only available for Packages.
I am trying to turn our AutoCAD 2013 packages in applications. We provide 13 different programs from the AutoCAD suite, with each package being about 17GB. When setting up our client installation rules, we left the default client cache size at 5GB. If applications have to download before installation, then this cache size will have to be changed. I find it hard to believe that Microsoft would have removed the option to run from distribution points, but it appears that they have.
I have methods in place to change the cache size if needed, but I do not want to do this if I don't have too. I can use the right-click tools, or come up with a script to run prior to the application install, but I would much rather have the applications run from the DP's. AutoCAD isn't the only problem that I will have. We have several packages that are more than the 5GB default.
Will I see issues with this when trying to install these applications as part of a task sequence? All of our task sequences are set to run from distribution point.
Comments or suggestions? Leave a comment here or email me at sccmhied@gmail.com.
Sunday, February 17, 2013
Deep Freeze and SCCM 2012
One of our first concerns when we migrated to SCCM was Deep Freeze and how it would interact with the SCCM client. For those who don't know, Deep Freeze keeps a computer "clean" by removing any changes that have been made on every boot. Here is the Wikipedia article about it: http://en.wikipedia.org/wiki/Deep_Freeze_(software). Similar products include SmartShield and Clean State. Microsoft had Windows Steady State in the Windows XP days, but this product is no longer offered.
The problem with using any of these products in conjunction with SCCM is that it "cleans" the SCCM client as well, wiping any new logs and the SCCM cache. We use a lot of concurrently licensed software, which means we must keep track of how much software is being used at any given time. To do this, we make a lot of use out of Software Metering in SCCM. This is a problem if Deep Freeze wipes the software metering logs on every reboot.
I solved this problem in two steps. Step one is installing Deep Freeze. The installer is set to freeze the C: drive and keep the U: drive thawed. I do this with a script and run it as the very last item in my task sequence. You can install Deep Freeze and NOT have it immediately reboot the computer frozen by running this command:
"DFinstall.exe /install /noreboot"
The Deep Freeze install script then kicks off a PowerShell script that I copy to the local machine in a previous task sequence step. This line is set to run (and not a run-wait) so that SCCM finishes the task sequence. I copy this script locally and run it in this manner so that SCCM completes the task sequence. If I did not run it locally and outside of the scope of SCCM, every task sequence would come back as failed. My Deep Freeze install script looks like this:
RunWait ('"DFinstall.exe" /install /noreboot')
Run ('cmd.exe /c "powershell.exe -executionpolicy bypass -file C:\finalize-ts.ps1 -noprofile"')
This local PowerShell script then uninstalls the SCCM client (located in C:\Windows\ccmsetup) by running:
"ccmsetup.exe /uninstall"
After the uninstall, it reinstalls the SCCM client to the thaw drive using this command (also executed from C:\Windows\ccmsetup):
ccmsetup.exe /noservice /mp:<FQDN of your SCCM management point> SMSSITECODE=<SCCM 3-digit site code> FSP=<FQDN of your fallback status point> CCMINSTALLDIR="<path to install the SCCM client>" SMSCACHEDIR="<path to put the SCCM cache>"
I am setting many options in this command line. First of all, the /noservice switch prevents the SCCM installer from restarting as a service. This is an issue when you are using a scripting type that allows you to do a run-wait command. When the SCCM installer restarts as a service, the scripting program thinks it is done an moves on to the next line in the script.
Second, /mp: sets the location of your management point. This must be the fully qualified domain name of the management point. Third, we set the SMS site code. This the three-digit site code for your site. Fourth, we set the fully qualified domain name of your fallback status point.
Fifth, we set the directory where the SCCM client will be installed. This should be set to a folder on your thaw space. Last, we set the directory where the SCCM cache will be. I would also set this to be on your thaw space, though it is not as critical as the client itself.
Here is a full list of command-line parameters for the SCCM client install: http://technet.microsoft.com/en-us/library/gg699356.aspx.
I would also recommend hiding the client directory and the cache directory. While not making it totally secure, the user would have to be a more advanced user to get into these directories. I create the directories before installing the client. You can set them to hidden by running: "cmd.exe /c attrib +H <path of folder>" from your scripting application of choice.
Lastly, I force a discovery data and machine policy refresh. This jump-starts the process of re-registering the computer with SCCM. With PowerShell, run these commands:
$comp = hostname
$SMSCli = [wmiclass] "\\$comp\root\ccm:SMS_Client"
$SMSCli.TriggerSchedule("{00000000-0000-0000-0000-000000000003}")
$SMSCli.TriggerSchedule("{00000000-0000-0000-0000-000000000022}")
From there, I reboot the computer. It computer comes back up frozen and ready to go with the SCCM client installed to the thaw space. I reboot the computer by running this command from PowerShell: cmd.exe /c "shutdown -r -t 45". I know that PowerShell has its own restart command, but I liked this command more because I could tell it to wait 45 seconds in the same line. This wait was key to allowing the discovery data and machine polices to finish their refresh.
Drop me an email (sccmhied@gmail.com) if you have questions about this process. I wrote it for Deep Freeze, but I would imagine the process would be similar for Clean State and SmartShield.
The problem with using any of these products in conjunction with SCCM is that it "cleans" the SCCM client as well, wiping any new logs and the SCCM cache. We use a lot of concurrently licensed software, which means we must keep track of how much software is being used at any given time. To do this, we make a lot of use out of Software Metering in SCCM. This is a problem if Deep Freeze wipes the software metering logs on every reboot.
I solved this problem in two steps. Step one is installing Deep Freeze. The installer is set to freeze the C: drive and keep the U: drive thawed. I do this with a script and run it as the very last item in my task sequence. You can install Deep Freeze and NOT have it immediately reboot the computer frozen by running this command:
"DFinstall.exe /install /noreboot"
The Deep Freeze install script then kicks off a PowerShell script that I copy to the local machine in a previous task sequence step. This line is set to run (and not a run-wait) so that SCCM finishes the task sequence. I copy this script locally and run it in this manner so that SCCM completes the task sequence. If I did not run it locally and outside of the scope of SCCM, every task sequence would come back as failed. My Deep Freeze install script looks like this:
RunWait ('"DFinstall.exe" /install /noreboot')
Run ('cmd.exe /c "powershell.exe -executionpolicy bypass -file C:\finalize-ts.ps1 -noprofile"')
This local PowerShell script then uninstalls the SCCM client (located in C:\Windows\ccmsetup) by running:
"ccmsetup.exe /uninstall"
After the uninstall, it reinstalls the SCCM client to the thaw drive using this command (also executed from C:\Windows\ccmsetup):
ccmsetup.exe /noservice /mp:<FQDN of your SCCM management point> SMSSITECODE=<SCCM 3-digit site code> FSP=<FQDN of your fallback status point> CCMINSTALLDIR="<path to install the SCCM client>" SMSCACHEDIR="<path to put the SCCM cache>"
I am setting many options in this command line. First of all, the /noservice switch prevents the SCCM installer from restarting as a service. This is an issue when you are using a scripting type that allows you to do a run-wait command. When the SCCM installer restarts as a service, the scripting program thinks it is done an moves on to the next line in the script.
Second, /mp: sets the location of your management point. This must be the fully qualified domain name of the management point. Third, we set the SMS site code. This the three-digit site code for your site. Fourth, we set the fully qualified domain name of your fallback status point.
Fifth, we set the directory where the SCCM client will be installed. This should be set to a folder on your thaw space. Last, we set the directory where the SCCM cache will be. I would also set this to be on your thaw space, though it is not as critical as the client itself.
Here is a full list of command-line parameters for the SCCM client install: http://technet.microsoft.com/en-us/library/gg699356.aspx.
I would also recommend hiding the client directory and the cache directory. While not making it totally secure, the user would have to be a more advanced user to get into these directories. I create the directories before installing the client. You can set them to hidden by running: "cmd.exe /c attrib +H <path of folder>" from your scripting application of choice.
Lastly, I force a discovery data and machine policy refresh. This jump-starts the process of re-registering the computer with SCCM. With PowerShell, run these commands:
$comp = hostname
$SMSCli = [wmiclass] "\\$comp\root\ccm:SMS_Client"
$SMSCli.TriggerSchedule("{00000000-0000-0000-0000-000000000003}")
$SMSCli.TriggerSchedule("{00000000-0000-0000-0000-000000000022}")
From there, I reboot the computer. It computer comes back up frozen and ready to go with the SCCM client installed to the thaw space. I reboot the computer by running this command from PowerShell: cmd.exe /c "shutdown -r -t 45". I know that PowerShell has its own restart command, but I liked this command more because I could tell it to wait 45 seconds in the same line. This wait was key to allowing the discovery data and machine polices to finish their refresh.
Drop me an email (sccmhied@gmail.com) if you have questions about this process. I wrote it for Deep Freeze, but I would imagine the process would be similar for Clean State and SmartShield.
Sunday, February 10, 2013
Windows Hi-Ed
If you do not follow the Windows Hi-Ed list hosted at Stanford University, you should. Here is where you sign up: https://mailman.stanford.edu/mailman/listinfo/windows-hied. This list focuses on everything Microsoft and is for those in higher-education. They also host a conference in Redmond every year. Here is the list website for more information: http://windows-hied.org/.
Introduction
I am the SCCM administrator for a mid-sized public university (approximately 17,500 students) in the southeast United States. Higher Education institutions face unique challenges in information technology. We often deal with short-staffed and under-funded IT departments, but we make due with what we are given. We also deal with having to support a wide-range of devices, from standard business-class devices to the $400 special-of-the-week. We often do not have the luxury of saying "No", and must make these sub-pair devices work with our system. This presents challenges for system administrators that are not usually seen in the business world. This blog will focus on some of these challenges, and how my colleagues and I overcome them. I will hopefully present valuable information that can help others in their environment.
In my daily job, I am the primary application and image administrator. I package most of the software and images that go into our SCCM environment. In addition to SCCM, I also administrator System Center Orchestrator 2012, System Center Operations Manager 2012, HP Web JetAdmin, Pharos Uniprint, Deep Freeze, and TechExcel ServiceWise. A lot of my posts will focus on how SCCM can work with these other systems.
If you have any comments or suggestions for posts, please send them my way. I will try and post at least weekly.
In my daily job, I am the primary application and image administrator. I package most of the software and images that go into our SCCM environment. In addition to SCCM, I also administrator System Center Orchestrator 2012, System Center Operations Manager 2012, HP Web JetAdmin, Pharos Uniprint, Deep Freeze, and TechExcel ServiceWise. A lot of my posts will focus on how SCCM can work with these other systems.
If you have any comments or suggestions for posts, please send them my way. I will try and post at least weekly.
Subscribe to:
Posts (Atom)