Skip to main content

Software Update Management- SCCM 2012

The below post explains the end to end process of software updates management in SCCM 2012 Pre-requisites: 1.  WSUS Server (WSUS 3.0 SP2 ) should be installed on the SCCM site server or if you want to install WSUS on another server, it is important that you install WSUS administration console as the SCCM Server uses API. This  link explains the step by step procedure to install WSUS 3.0 SP2 2. Install SUP-Software Update Point on the SCCM Server . 3. Reporting Services Point: Install reporting services point role as described in this link . 4. Client agent: The software update client agent should be enabled(will be enabled by default) and the settings have to specified as per the requirement. On SCCM console, go to Administration>Site Configuration>Client settings>Right click on Default client settings> Click on Properties. If required, we can create custom client settings and then enable client settings for that settings. Unde
4 comments

Building Customized SCCM 2007 Console

Most of the times, we have scenarios where helpdesk or package admins or security team need access to SCCM Admin Console to do some tasks related specific to their jobs. We can provided minimal access using Security Rights node but using the below steps we can provide user-friendly console to them and at the same time maintain the security permissions. 

This article addresses the step by step by procedure on how to build the customized configuration manager 2007 console:
The system where the SCCM Console is going to be installed should meet the supported configurations for the SCCM 2007.
http://technet.microsoft.com/en-us/library/dd547071.aspx

* MMC 3.0
   Download link: http://go.microsoft.com/fwlink/?LinkID=55423
* NET Framework 2.0
   Download link: http://go.microsoft.com/fwlink/?LinkID=56407 

Follow the below steps on the Site Server with an administrator account:

1. Click Start; click Run, type MMC, and then click OK.
2. On the Console menu, click Add/Remove Snap-in.
3. In the Add/Remove Snap-in dialog box, click Add.
4. In the Add Standalone Snap-in dialog box, select System Center Configuration Manager 2007, and then click Add.



5. When you click add, Database Connection Wizard will start, click next.


6. Select the database that you want to connect to, and then select custom console tree items to be loaded as shown.

Here I have connected to the primary server in my lab i.e. SCCM1



7. On the next screen, you can select the object for which access that has to be given.

Here, I have selected only “collections”.



Click next and click Finish.

8. When you have finished the Database Connection Wizard, click Close. The snap-in appears in the Add/Remove Snap-in dialog box. When you see the snap-in, click OK.


9. Select "System Centre Configuration manager" in the tree pane, right-click it and select "New Window from here"



10. In the File menu select options
  • Name the console here; I have named it as "SCCM Collection Console"
  • Change the Console Mode to "User mode - Limited access, single window"
  • Clear the checkbox for "Allow the user to customize view"
  • Tick the checkbox for "Do not save changes to this console" 
  • Save your snap-in from File menu and in the prompt about multiple windows being open click "Yes"

The customized mmc console for SCCM is built now; we can provide permissions on the SCCM server under Security rights node to classes or instances for the required users or user groups.

Here, I have created a user with the user name “User1” and provided access only to one collection under the collections node as shown.
  • Go to Security rights
  • Click on Rights
  • Click on New Instance right
  • Select the user name ( here it is contoso\user1 in the lab)
  • Select “Class” (here it is “collection”)
  • Select “Instance”(here it is WinXPmachines collection)
  • Select Rights( Here I have given just “read” access)


Click Next and Finish.
Share the mmc file with the helpdesk, package admins or the intended team and provide the necessary permissions on the console as shown above.

Labels:

Comments

Post a Comment

Popular posts from this blog

Registering SPN for SQL Server for SCCM

If using a domain account to install SQL server 2008 R2 for SCCM, you have to register a SPN (Service Principal Name) in Active Directory for that domain account. Two SPNs for the account should be registered,     1. For NETBIOS name of the SQL Server     2. For the FQDN of SQL server. The procedure to do that is as follows 1. Log on to a domain controller; open a command prompt with administrative privileges. 2. Type the below commands replacing SQL server name. setspn –A MSSQLSvc/< SQL Server NETBIOS name >:1433<Domain\Account> setspn –A MSSQLSvc/< SQL Server FQDN >:1433 <Domain\Account> 3. As shown in the below screenshot, the server name here is  CM2012 for NETBIOS name and CM2012.CONTOSO.COM 4.  Verify the registration of SPN by typing the below command Setspn –L  <domain\account>
1 comment
Read more

Consistency validation for SQL Server registry keys failed error -SQL for SCCM

During installation of SQL server, "Consistency validation for SQL Server registry keys failed” error pops up in the below scenarios. 1.   Previous installation of SQL exists. 2.   Inappropriate permissions on the registry keys of Microsoft SQL server. Solution that worked me is explained below. A. Identify the issue: 1. Go to %Program Files%\Microsoft SQL Server\100\SetupBootstrap\Log\”date  and time of installation” 2. Search (in Detail_GlobalRules.txt) for lines containing the following string "Could not fix registry key" 3. Run “regedit”, s et full control permissions for the appropriate registry keys mentioned in "Detail_GlobalRules.txt" file. Re-run the installation. B. Modifying the registry: 1. Locate HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server in registry. (To open registry, run “regedit”) 2. Right click and go to Permission 3. Click on Advance tab and c heck the below options.     i. Include i
6 comments
Read more

Collection query to find Machines--based on GUID Criteria

You can use the below SQL query to create a new collection based on GUID. select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.SMBIOSGUID = " 18764D56-C91F-83A5-51FB-4AD4B6699D04 " Replace the GUID with the one that you intend to delete. This is particularly useful when performing OSD related tasks. To know how to create a collection , go through this link .
3 comments
Read more