Monday, 5 February 2018

SCCM Install Prerequirements IIS


#Below is the script for Installing IIS

# save file to .PS1 and call from a batch file or in a PS script shell

<#
.SYNOPSIS

Script for installing IIS etc


.DESCRIPTION


#>
$PV = 0

# Install IIS
install-windowsfeature -name web-server -IncludeManagementTools -IncludeAllSubFeature -ErrorAction SilentlyContinue | out-null
if($? -eq $false) { $PV = 1 }

#Remove WebDAV Publishing
Remove-WindowsFeature Web-DAV-Publishing  -ErrorAction SilentlyContinue | out-null

# Enable Hidden Files
. "$($env:windir)\System32\inetsrv\AppCmd" set config "Default Web Site/" /section:system.webServer/webdav/authoring /fileSystem.allowHiddenFiles:true /commit:apphost

# Install BITS
install-windowsfeature -name BITS -IncludeManagementTools -IncludeAllSubFeature -ErrorAction SilentlyContinue | out-null
if($? -eq $false) { $PV = 1 }

exit $PV

Monday, 7 August 2017

Without SCCM or WSUS want to Patch my machines as Offline

Do you want to install Patches for a internet offline connected machines ?

Install patches where no internet on machines 

Below are the steps that can be performed.

Copy mbsacli.exe & wusscan.dll (Get these files from MBSA tool, install MBSA tool from https://www.microsoft.com/en-in/download/details.aspx?id=7558) on a test machine and get these two files from installed directory) ==> This is a one time task, You no need to repeated this step on every month However next steps are repeated every month.

Download wsusscn2.cab file from http://download.windowsupdate.com/microsoftupdate/v6/wsusscan/wsusscn2.cab ==> you need to download every month this file. This file has latest patches as Microsoft keeps updated when they release any pacthes to this file.

Copy above three files to a Single folder in my case "Offlinescan" (C:\Users\Theone\Downloads\offlinescan\)

Run this command on a machine that you wanted to patch without having internet access or SCCM or WSUS, this will create create a XML file with missing and installed patches list.

C:\Users\Theone\Downloads\offlinescan>MBSACLI /xmlout /catalog C:\Users\pbadugu\Downloads\wsusscn2.cab /unicode >updates.xml

The above command creates a file called updates.xml with what is missing and what is installed, by any chance you want to see try to open in Excel :) .. Tip :) 

Now we need to download all the missing files and get create a installation batch file. Below powershell script does this exactly for you in automated fashion.

If you want to download the required Patches, try to copy the above folder "Offlinescan"  in my case "C:\Users\Theone\Downloads\offlinescan" to a machine that has internet access and run below powershell script this will download the missing patches and creates a batch file for automated installation of missing Patches.


$UpdateXML = "C:\Users\Theone\Downloads\offlinescan\updates.xml"
$toFolder = "C:\Users\Theone\Downloads\offlinescan\"
$installFile = $toFolder +"\_Install.bat"

#Initialize webclient for downloading files
$webclient = New-Object Net.Webclient
$webClient.UseDefaultCredentials = $true

# Get the content of the XML file
$Updates = [xml](Get-Content $UpdateXML)

"@Echo Off" | Out-File $installFile
"REM This will install all patches" | Out-File $installFile -Append

foreach ($Check in $Updates.XMLOut.Check)
{
Write-Host "Checking for", $Check.Name
Write-Host $Check.Advice.ToString()

#Checking for files to download
foreach ($UpdateData in $Check.Detail.UpdateData)
{
if ($UpdateData.IsInstalled -eq $false)
{
Write-Host "Download the file for KB", $UpdateData.KBID
Write-Host "Starting download ", $UpdateData.Title, "."
$url = [URI]$UpdateData.References.DownloadURL
$fileName = $url.Segments[$url.Segments.Count – 1]
$toFile = $toFolder +"\"+ $fileName

#Below line can be commented IF you do not want to download and just create a batch file for Patch installaton, this can be used in non internet connected machines.

$webClient.DownloadFile($url, $toFile)


Write-Host "Done downloading"

"@ECHO Starting installing "+ $fileName | Out-File $installFile -Append
if ($fileName.EndsWith(".msu"))
{
"wusa.exe "+ $fileName + " /quiet /norestart /log:%SystemRoot%\Temp\KB"+$UpdateData.KBID+".log" | Out-File $installFile -Append
}
elseif ($fileName.EndsWith(".cab"))
{
"start /wait pkgmgr.exe /ip /m:"+ $fileName + " /quiet /nostart /l:%SystemRoot%\Temp\KB"+$UpdateData.KBID+".log" | Out-File $installFile -Append
}
else
{
$fileName + " /passive /norestart /log %SystemRoot%\Temp\KB"+$UpdateData.KBID+".log" | Out-File $installFile -Append
}
"@ECHO Installation returned %ERRORLEVEL%" | Out-File $installFile -Append
"@ECHO." | Out-File $installFile -Append
Write-Host
}
}

Write-Host
}

Wednesday, 28 June 2017

sccm import manual machines collection

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.AgentName = "Manual Machine Entry" and SMS_R_System.Decommissioned = "0" and SMS_R_System.Client = "0"



Compliance Manager Collection Creation

How to create Compliance Manager automated collection with compliance manager status



Tuesday, 27 June 2017

SCCM / WSUS clients not to check from Microsoft updates

Most of the time when you have sccm in placed you do not wanted your clients to go to internet and get patches
in this situations you can disable below setting so that clients do not go to internet, however if you have sccm or wsus configured it will go to their web server scan and install.

Click Computer Configuration, click Administrative Templates, click System, click Internet Communication Management, and then click Internet Communication settings. In the details pane, double-click Turn off access to all Windows Update features


 open and enable as shown below



Tuesday, 16 May 2017

AZURE Point to Site VPN Create -Certificates

AZURE Point to Site VPN Create


makecert -sky exchange -r -n "CN=MyNet" -pe -a sha1 -len 2048 -ss My

makecert -n "CN=MyNetClient" -pe -sky exchange -m 96 -ss My -in "MyNet" -is my -a sha1

In the screen that pops up, click 'Certificate' and then on 'add'.
Select 'My User Account' and click on 'Finish'.
Expand 'Current User' in the left panel, then 'Personal' and then 'Certificates'.
Right click on certificate and click 'All Tasks' and then 'Export'.
 one with private key and one with no key just the .cer file

Tuesday, 4 April 2017

Installing SCCM 1606 Secondary Site

First thing is First Why and When We needSCCM Secondary Site ?

When do we need SCCM (1606) Secondary Site ?

It required if we are talking about below...

The remote location is between 500 and 5000 clients
Needs to compress traffic going to the site
Needs to control the upward flowing traffic
Needs a local Management Point
Needs a local Software Update Point


Below are the PreRequirements for installing Secondary site.

 Secondary Site requires SQL Server for its site database.

From Server Features below
Net 3.5 Framework
.Net 4 Framework
Remote Differential Compression
BITS

AD publishing Rights required
for System Management Container

Ports to be open in Firewall
TCP 1433 (for SQL)
TCP 4022 (For SQL)
TCP 135 (RPC/WMI)
TCP 445 (SMB)

Once you installed everything above run the below and review C:\ConfigMgrPrereq.log
prereqchk.exe /SEC SCCMSecondaryServerName /INSTALLSQLEXPRESS /Ssbport 4022 /Sqlport 1433