Friday, 21 December 2012

Recommended WMI Hotfixes

Just a reminder post for myself more than anything...

TechNet Wiki page containing a list of Pre and Post SP1 Windows 7 and Windows 2008 R2 recommended WMI Hotfixes.

http://social.technet.microsoft.com/wiki/contents/articles/1398.list-of-wmi-related-hotfixes-for-windows-7-and-windows-server-2008-r2.aspx

Thursday, 20 December 2012

System Center 2012 Service Pack 1 RTM & Download

There's been bits of information floating around the internet over the last few days that System Center 2012 SP1 had gone RTM.

Like everything, people were sceptical as there was no official announcement, only a blog post on the DPM forums.

However, it had gone RTM internally and today saw it released to those with TechNet and MSDN subscriptions.

 

For those without TechNet or MSDN, chances are you will still have to wait another week or so until about the 3rd of January (rumoured)

Time to go update the lab!

Friday, 14 December 2012

Installing the SCVMM (Non SP1) console on Windows 8

If you find yourself running the new swanky Windows 8 OS on your desktop that you use for administration, you might run into a problem with trying to install the System Center 2012 Virtual Machine Manager console for remote admin purposes.

When Service Pack 1 is released (very soon) this isn't too much of an issue, except when you may want to administer a non-SP1 SCVMM setup.

So, there's a "hack" to install the SCVMM console, without SP1, on a Windows 8 machine.

** Firstly - disclaimer - This is in no way shape or form supported and you are to run this at your own risk, it's not my responsibility if it kills your infrastructure!!! **


Steps:
  1. Grab the SP1 Beta install folder for SCVMM and copy it locally to a folder called VMMSP1
  2. Copy the Non-SP1 install files locally to a folder too called VMMNONSP1
  3. Rename the setup folder in either i386 or amd64 depending on your OS in the SP1 media to setupOrig.  In the screen shot below I've done this for the i386 folder.


  4. Copy the setup folder for the relevant os (x86/x64) from the non-sp1 folder to the SP1 folder


  5. Edit the PrerequisiteInputFile1033.xml in the setup folder copied across to the SP1 folder and look for the Win7 section below:

    <LogicDelegate LogicType="or" DelegateId="OSVersion-win7-Fail"
     DelegateNameSpace="Microsoft.VirtualManager.SetupFramework.BuiltInDelegates,SetupFramework"
    DelegateName="RequiredOperatingSystem">
    6.1.7600.0,6.1.9999.9999,Win32NT,WinNT,2
    </LogicDelegate>
  6. Add this new section underneath the Win7 section:

    <LogicDelegate LogicType="or" DelegateId="OSVersion-win8-Fail"
     DelegateNameSpace="Microsoft.VirtualManager.SetupFramework.BuiltInDelegates,SetupFramework"
    DelegateName="RequiredOperatingSystem">
    6.2.9200.0,6.2.9999.9999,Win32NT,WinNT,2
    </LogicDelegate>


  7. Go back to the root level for the OS "bitness" you're doing this for and run SetupVMM.exe


  8. Don't worry when you see the splash screen as this will still say SP1, just click "Install"

  9. This will then launch the Non-SP1 install and allow you to step through the options as normal to install the admin console.


As I said before, use this at your own risk and test fully in a lab environment first.  I will not be held responsible for what may go wrong, there's probably a reason Microsoft blocks the install, but I've always hated to be told no so had to try this.

Thanks to Dirk Flakowski for getting me side-tracked on this one today!
http://social.technet.microsoft.com/Forums/en-US/virtualmachinemanager/thread/07576dd4-bce2-442a-8af8-40213228406c

System Center 2012 Endpoint Protection Cookbook Review

The publisher of the Service Manager Cookbook that I was a co-author on have a variety of different cookbooks also on the topic of System Center 2012. 
One of these is the cookbook for Endpoint Protection which is a component of the System Center 2012 suite and delivered and managed by System Center 2012 Configuration Manager.

I've never been the fastest of readers and I mentioned a while back I'd post a review on this.

If you’ve had experience in the past with either Forefront Endpoint Protection, Microsoft Security Essentials or the new built in Windows Defender in Windows 8 then you may recognise the interface for SCEP, but instead of it being a standalone product like previous versions, this release is heavily integrated into ConfigMgr.  This provides you a single pane of glass approach to both settings and compliance management and AV/Malware security.

 
 
 


The Book
Author: Andrew Plue
Reviewers: Nicolai Henriksen (SCCM MVP), Matthew Hudson (SCCM MVP) and Stephan Wibier



The book is broken down into the following chapters:
  • Chapter 1 - Getting Started with Client-Side Endpoint Protection Tasks
    Provides a number of recipes for performing tasks at the local client level, such as forcing a definition update or modifying the SCEP client policy.
  • Chapter 2 - Planning and Rolling Installation
    This will walk you through some of the considerations you will need to make before deploying SCEP, as well as showing you how to enable the SCEP role on your SCCM server.
  • Chapter 3 - SCEP Configuration
    This will show you recipes for performing essential tasks, such as configuring SCEP policies and alerts, as well as walking you through the process of setting up SCEP's reporting features.
  • Chapter 4 - Client Deployment Preparation and Deployment
    This includes a number of recipes to assist you with every step of client deployment from preparation to actually deploying the clients.
  • Chapter 5 - Common Tasks
    This covers a number of day-to-day tasks that every SCEP administrator will need to know how to do it correctly in order to keep SCEP healthy and your Endpoints protected from malware.
  • Chapter 6 - Management Tasks
    This covers important high level tasks, such as using policy templates, merging polices, and responding to SCEP alerts.
  • Chapter 7 - Reporting
    This takes a deep dive into the reporting capabilities offered with SCEP. You will be shown how to execute reports, as well as provide access to reports. You will also be shown how to create your own custom reports.
  • Chapter 8 - Troubleshooting
    This provides you with some tools to assist you with the time-consuming effort of troubleshooting an anti-malware product. The recipes in this chapter will help you deal with Definition Update issues, as well as how to approach false positives.
  • Chapter 9 - Building an SCCM 2012 Lab
    This is a great chapter for anyone who has not yet taken the plunge on SCCM 2012. There is just a single recipe in the chapter that will show you the quickest down-and-dirty method for standing up an SCCM 2012 server in a lab environment. This is vital to anyone considering deploying SCEP, because with the total integration of SCEP with SCCM 2012, you can't experience SCEP without an SCCM environment.
Also the Appendix includes some really good info around integrating SCEP with Operations Manager (SCOM) for monitoring, some information around the version of Endpoint Protection used with Intune (Microsoft’s cloud based device management solution) and some deployment checklists which are useful.

Overall
While I’ve been using Configuration Manager for years, SCEP has always been something that I’ve only lightly touched on as it’s been something that I would do the initial planning and setup for and then had over to the customers security teams to manage longer term.

Being able to have a complete reference guide to hand that not only validates and refreshes my installation approach but then expands on the longer term configuration and management is great.

For those attempting to put this in from scratch it’s ideal as it can accelerate your deployment and hopefully avoid you making some common mistakes that could be costly in the long run.

Little nuggets throughout such as the MpCmdRun.exe usage for remote/local admin tasks are so cool and open up avenues such as creating ConfigMgr packages to restore files from quarantine quickly in case of mistakenly captured files.


As always, you can order the book in 'dead tree' format from Amazon here or in Kindle format from here.

There’s also the option of purchasing from Packt directly and I’d recommend signing up for their library (free signup) where you can mange/download your purchases in various formats and while you’re there, why not purchase the Service Manager Cookbook too!
http://www.packtpub.com/microsoft-system-center-2012-endpoint-protection-cookbook/book

Monday, 10 December 2012

Print Server Management Pack - Finally Updated!

Microsoft released the other day an update for the Print Server management pack, finally!

I've moaned about Microsoft's attitude towards this management pack for some time.
http://systemscentre.blogspot.co.uk/2010/10/server-2008-r2-print-services.html

http://social.technet.microsoft.com/Forums/en/operationsmanagermgmtpacks/thread/634c02e8-30a8-4f6e-a26a-c2bfacd526cb

The quick fix MP for 2008 R2 that Myself and Rob Ryan (He did most of the work...) is no longer available as his blog is currently down.  However, Kevin Holman created a better one that was more preferable to use anyway. http://blogs.technet.com/b/kevinholman/archive/2010/11/10/how-to-monitor-print-services-on-server-2008-r2.aspx


But back to the here and now... MS have an updated MP available for Microsoft Print Servers.

From the MP Documentation it appears that not only is Server 2012 now supported, but finally 2008 R2 is as well.


Going through the Import MP Wizard and searching the catalogue will at present not get you access to the new Print MP as it doesn't yet seem to be updated.

 
That's not always a bad thing however as I would always recommend downloading the MP manually otherwise you may miss the associated MP Guide document.  As always with SCOM MP's, RTFM first before import!!
 
*Update 11/12/12 - Apparently the catalogue has now been updated, thanks for the heads up Daniel Savage*

*Update #2 11/12/12 - Confirmed, the catalogue has now been updated*



The MP can also be downloaded from here:
http://www.microsoft.com/en-us/download/details.aspx?id=3290

Surprisingly, this MP is only listed as an Operations Manager 2007 R2 MP.


This is slightly strange with them adding Print Server monitoring on Server 2012 since monitoring Server 2012 with SCOM 2007 R2 isn't supported natively, well not without running 2012 Agents reporting back to your 2007 R2 Management Servers.
http://thoughtsonopsmgr.blogspot.co.uk/2012/10/scom-r2-windows-server-2012-support.html


I've downloaded it anyway to test with SCOM 2012 and on first try of importing, I'm presented with an error that a dependant MP for the Print Server 2003 MP is missing.


This is fine though, it's only because I've not got any of the Windows 2003 MP's in my environment, after all who still uses Server 2003?  (I am joking before anyone comments!)


Import works fine on SCOM 2012.

 

After import there's plenty of Discoveries, Monitors and Rules...




Notice there's no reference to 2008 R2?

Well in the 2008 Print Server MP the discovery ran this WMI query:

SELECT Name FROM Win32_ServerFeature WHERE Name = "Print Services"

Kevin Holman's addendum MP changed this to this following query which then discovered 2008 R2 print services roles:

SELECT Name FROM Win32_ServerFeature WHERE Name = "Print Services" OR Name = "Print and Document Services"

Well the discovery for 2008 R2 is contained within the 2008 MP and now looks like this:

SELECT Name FROM Win32_ServerFeature WHERE ID = 7

Easy little change and simpler than listing specific names as it covers both 2008 & 2008 R2 regardless of the specific name.

This link shows all Win32_ServerFeature ID's: http://msdn.microsoft.com/en-gb/library/windows/desktop/cc280268(v=vs.85).aspx

The same WMI query is also used in the 2012 MP which should mean if any name changes are made in an R2 release of 2012 the MP should carry on working.

I was going to run a difference compare against the old and the new MP, but I seem to have misplaced my old copy of the MP.  As soon as I can get my hands on one I'll run one and update the post.

*Update 11/12/12*
I'll also retract my previous comment (below) as it was rather harsh and actually untrue.  Now that I've done more that skim the MP guide, it does contain numerous references to 2008 R2 /facepalm.
So much for taking my own RTFM advice...

As mentioned by Daniel Savage in the comments, the MP Guide includes all rules etc stored within the MP for reference.

In short, it appears at first glance to run ok on SCOM 2012, but requires more testing.  I think it's probably just laziness on Microsoft's part that they couldn't be bothered to re-write the MP guide completely and just chose to add references to Server 2012 only rather than go back and add 2008 R2, which to be honest wouldn't add much value as it's 99.9% the same monitoring as plain 2008.