Tuesday 19 April 2011

Transparent Install Of Office 2010 x86 Or x64

Hi All,

If you’re like me, you want to make the task as easy and transparent as possible to install Office 2010 into your network, for your users and support staff. You also want to install the x64 version on 64 bit platforms and x86 on 32 bit platforms.

Following from my previous post create two task sequences for you packages if not already created
  • Microsoft Office Professional 2010 x64
  • Microsoft Office Professional 2010 x86
Only allow the x64 bit to run on 64 bit O/S’s and x86 on 32 Bit O/S’s.

Advertise both task sequences to the same collection. The computers within that collection will only get their version of  Office 2010

Monday 11 April 2011

How To Deploy Office 2010 from System Center Configuration Manager

Hi Everyone,

I'm confident you will be considering the roll out of Office 2010 soon. If your like me, I need to roll out Office 2010 to over a 1000 workstations. I thought I would give you my real world experience on a simply approach:

The are five steps in this process the include:
  • Customising Office 2010
  • Creating the Package and Program
  • Copying the Package to your Distribution Points
  • Creating an Active Directory Security Group and Collection
  • Creating an Advertisement and Assigning it to the Collection 

In your testing environment you may want to speed the process up. I'll show you how to force a client to get the package straight away and get a report on the outcome of the advertisement.

How To Customise Office 2010

  1. Download your Office 2010 install files and place it in your package source directory.

  2. Run setup.exe /admin from the command prompt. This will allow us to create a MSP file which we will save into the updates folder.

    It is important to note you can only run setup.exe /admin for Office 2010 64 Bit version from a 64 bit platform. 

  3. Select your product. In this case it is Microsoft Office Professional Plus 2010 (64bit)

  4. Complete your desired customisation. In this example, I will be completing the following: Setting the organisation name, setting licensing and user interaction (suppress all notifications to allow for a silent install) and removing previous installations.

    License information
    Removing previous installations

  5. Go to File => Save As and save it in the Updates folder as Setup.MSP.
    Office looks at this location for updates and customisation files automatically. You can put Service Packs in this location too and they will be automatically installed during the Office install process.
Your customised Office 2010 package is now ready for SCCM.

Creating Package & Program
  1. Create a New Package

  2. Fill out the General Details

  3. Set the Data Source Details and Options

  4. All other options leave as default

  5. Create a New Program

  6. File out the details as below.

  7. You can set program dependencies. In this example I will only install Office 2010 on Windows 7 x64 machines and the install process will timeout after 120 minutes.

  8. You can set the environment. Since it is a silent install I will install it whether or not a user is logged on, run with administrative rights and allow users to interact with the program.

  9. You can set some advanced features like running a program first. In this example I have left it as default.

  10. Leave the other options as default. Once completed you should see the new program

This completes creating the package and program

Copying the Package to your Distribution Points
  1. Add a New Distribution Point

  2. Click next at the Welcome Screen

  3. Select your Distribution Points and click Next

  4. Under Package Status => <SiteCode> you can see the state of your package on each Distribution Point. It will state Installed once the package has completed copying.

    Package Snap in

    List of DP's for this Package

This completes coping your package to your Distribution Point

Creating an Active Directory Security Group and Collection
  1. Within Active Directory create a security group. Call it SCCM - Deploy Microsoft Office 2010 Professional Plus x64.

  2. Add the computers you wish to deploy Office 2010 too. In this example I will deploy it to MULLER-TEST

  3. Within SCCM create a new collection, call it Deploy Microsoft Office 2010 Professional Plus x64

  4. Fill out the General Details and click the Next button

  5. Create a new membership rule by clicking on the SQL button.

  6. Limit the Collection by your Active Systems Collection Group, give the query rule a name and click on Edit Query Statement.

  7. Click on Show Query Language

  8. Add the following SQL statement. Change the domain to your domain
  9. SELECT 
  10. SMS_R_SYSTEM.ResourceID
  11. ,SMS_R_SYSTEM.ResourceType
  12. ,SMS_R_SYSTEM.Name
  13. ,SMS_R_SYSTEM.SMSUniqueIdentifier
  14. ,SMS_R_SYSTEM.ResourceDomainORWorkgroup
  15. ,SMS_R_SYSTEM.Client 
  16. FROM 
  17. SMS_R_System 
  18. WHERE SMS_R_System.SystemGroupName = "CHANGE ME\\SCCM  - Deploy Microsoft Office 2010 Professional Plus x64"

  19. Click on OK twice and next three times and your collection is created.

  20. Depending on your discovery methods will depend on how long it will take to display in the new collection. You can force it by doing an Active Director Security and System Group Discovery. Once SCCM has discovered update the collection and you will see the computer in that collection

This completes creating an Active Directory Security Group and Collection

Creating an Advertisement and Assigning it to a Collection 
  1. Add a New Advertisement

  2. File out the General tab details. Select the Package you created, the Program will fill itself and select the collection you created

  3. Select the schedule options. In this example I have set a deadline, enabled wake on LAN (Requires Out of Band Management), Ignore maintenance windows, and not to rerun if the program fails

  4. Set the Distribution Point settings. In this example the client downloads the package to their cache.

  5. Set user Interaction. In this example, I allow users to interact with the application to run it when they want to. If they don't run it, the application will install at the deadline.

  6. Click Next twice and you advertisement is created.

  7. You will now see the new advertisement

This completes Creating an Advertisement and Assigning it to a Collection

Your computer will get the new advertisement when it reports pack to your SCCM Server. To force the process follow the below instructions.

Force A Client To Retrieve An Advertisement

  1. Open the Configuration Manager console located in the control panel on the client

  2. Click on the Actions tab, select Machine Policy Retrieval & Evaluation Cycle and select Initiate Action

  3. The SCCM agent will appear in the bottom right hand corner. Depending on how you advertised the application will depend on the icon. Below are the three possibilities that will appear. I set a deadline so the middle will appear, it will state an application will be installed in x amount of time.

  4. To see the progress on the advertisement run the report All Advertisements for a specific collection. It will list the current state of the advertisement. 

Moving From Office 32 Bit To Office 64 Bit

If you’re planning to move from 32 bit to 64 bit then you need to remove all versions of 32 bit first. In my case I needed to remove Microsoft Office 2007 Professional and a few other applications.

Follow these steps to complete this task:
  1. Create a file in Pro.WW called SilentUninstallConfig.xml.

  2. Add the following details to the file and update your Distribution Points

    <Configuration Product="Pro">

    <Display Level="none" CompletionNotice="no" SuppressModal="yes" AcceptEula="yes" />

    <Setting Id="SETUP_REBOOT" Value="Never" />

  3. Create a new program in your Office 2007 package with the following settings

    The command line is setup.exe /uninstall Pro /config  Pro.WW\SilentUninstallConfig.xml

  4. Change any requirements settings. In this example, it will only run on Windows 7 x64

  5. Change any environment settings. In this example, it will run whether or not a user is logged on and runs with administrative rights

  6. Change any advance settings. In this example, it will suppress program notifications.

  7. Hit next three times

  8. Create a Task Sequence that removes your applications and then installs Office 2010 Professional Plus x64.

  9. In Options for the task, check to see if the following register exists. This way it will only try an remove it if it is installed.

  10. Advertise this instead to your collection and your set to go. Set the Advertisement to only download content if required. This way it will not download Office 2007 if it is not installed.
There is more then one way to skin a cat. In this example, I have set a deadline and advertised it to a collection that is a Security Group. This is the best fit for our current requirements because:

  • The Service Desk have an easy solution to install Office2010, just by adding the computer into a Security Group.
  • They do not need to know anything about the SCCM console.
  • They can tell the user they will get the application within two hours.
  • We don't need to install it on the 1000 workstations yet.

When management decide to deliver Office 2010 to all systems we could remove the deadline and advertise it to all active systems. If we remove new notifications it would be a self service. The user would see the application under programs and features and install it when they want.

Self Service

We could also set a deadline from one month of advertisement date and remind them every second day. This way they have a month to install before it installs itself.

I hope you have found this blog helpful, please leave a comment or question if you have. 

Thursday 7 April 2011

My Testimonial to System Center Configuration Manager

I first experienced System Center Configuration Manager or SMS working for an organisation six years ago.  In my second technology position, I was amazed by its power and ability to improve how IT professionals deliver services to an organisation.  

In a support role, I loved the idea that I could roll out an application, just by adding a computer into a security group, or roll out an operating system remotely with no interaction. I was inspired and needed to know more about SCCM. 

Two years later I started working for a small ICT consultant firm, I did my best to show our clients the benefits; majority had less than 200 seats and could not see advantages over the costs.  Vista had been released and there were no plans to move from XP.

A year later I was approached by a local community health, that had over 500 seats and nine sites, SCCM was the perfect solution, they were backwards in technology and still running Windows 2000 at various locations.

The IT Managers strategic direction included the rollout of Office 2007 to existing network clients within three months, the roll out of Windows 7 to all able workstations within six months; he also needed to demonstrate to the executive team why SCCM was the product of choice. 

We decided to setup and demonstrate SCCM to the executive team. In a presentation we included the following features and how they would be utilised:

·         Operating System Deployment:  

o   Deploy an OS to any PC for troubleshooting purposes or new PC’s
o   Migrate from Windows 7 to XP within 30 minutes.

·         Application Deployment 

o   Deploy any application remotely
o   Allow users to interact with the install or install it silently
o   Set deadlines to ensure applications are installed.

·         Software Updates

o   Increase stability and security of network
o   Release updates monthly in a pre-production isolated environment to ensure compatibility within network.
o   Provide monthly reports on computer compliance

·         Out Of Band Management:  

o   Power on and off workstations remotely
o   Install updates or applications in the middle of the night reducing downtime for users.
o   Control and re-configure Bios settings.

·         Remote Tools 

o   Integrated with the helpdesk software. Service desk software can be a one-stop shop.
o   Control user sessions, remote desktop or remote assistance
o   Handles Dual Screens efficiently
o   Can assist roaming clients on the Internet.

·         Asset Intelligence

o   Audit clients to ensure they meet standards. For Example, 1 GB of RAM.

·         Software Metering

o    Determine how often software was in use and if they were really required, thus reducing software costs.
·         Reporting

o   Troubleshoot installation of operating systems or applications.
o   Compliance reporting, for example, ensuring all workstations have Office 2007
o   Software licensing reports.

Within the presentation we provided two scenarios with tangle benefits, assuming an IT support person cost $60ph.

Scenario 1: Management required Office 2007 installed onto 500 workstations

Option 1:  ICT staff member manually installs Office 2007 onto 500 workstations taking 30 min’s per workstation. Cost: $15,000

Option 2: Use SCCM to automate the deployment process, monitor, report, and troubleshoot delivery. Automatically power up workstations at midnight using vpro technology, install the application and power down. Cost: $1,000 of man hours.

Scenario 2: Management required Windows 7 deployed to 500 workstations

Option 1: ICT staff member manually installs SOE on 500 workstations taking 3 hours per workstation Cost: $90,000

Option 2: Use SCCM to automate the deployment process, monitor, report, and troubleshoot delivery, install operating systems with zero touch and multiple workstations simultaneously Cost: $30,000.

As you can see it is very easy to justify and show anyone the benefits of SCCM, the key is to ensure they can see the savings in dollar values. Needless to say the executive directors fell in love with SCCM; once they knew the cost savings. The IT team fell in love with SCCM once they knew they didn’t have to work as hard to get consistent and efficient results, allowing them to invest more time in other aspects of their IT field. 

I recently had the pleasure to give a presentation to other Community Health IT managers; I can confidently say they absolutely loved the product.  I have assisted multiple public health organisations implement SCCM; it’s defiantly a product that can reduce your overheads with time and money.
I also had the pleasure of blogging for Intel focusing on AMT technology integration with SCCM. Here is the link 

If you wanted to get a hold of one of the presentations drop me an email and I will send it on or if you have any questions feel free to drop me a comment.

Wednesday 6 April 2011

A sub report that shows you which updates are missing

Hi All,

As promised I have extended the report to show you which updates are missing.

You can link it to the above report by computer name. So when you click on the computer name it displays this report.

        ,dbo.v_StateNames.StateName AS State
        ,dbo.v_UpdateDeploymentSummary.AssignmentName AS [Update List]
            INNER JOIN
              dbo.v_UpdateComplianceStatus ON dbo.v_R_System.ResourceID = dbo.v_UpdateComplianceStatus.ResourceID
            INNER JOIN
              dbo.v_UpdateInfo ON dbo.v_UpdateComplianceStatus.CI_ID = dbo.v_UpdateInfo.CI_ID
            INNER JOIN
              dbo.v_StateNames ON dbo.v_UpdateComplianceStatus.LastEnforcementMessageID = dbo.v_StateNames.StateID
            INNER JOIN
              dbo.v_UpdateDeploymentSummary ON dbo.v_UpdateInfo.CI_ID = dbo.v_UpdateDeploymentSummary.CI_ID
        (dbo.v_UpdateComplianceStatus.Status = 2) AND (dbo.v_StateNames.TopicType = 402) AND (dbo.v_R_System.Netbios_Name0 = @ComputerName)
        dbo.v_R_System.Netbios_Name0, dbo.v_UpdateComplianceStatus.Status

Please feel free to drop me a comment if you have any questions or comments.



** UPDATE ** 16/08/2011 **

Hi Everyone,

I have changed the above query to remove the Successfully Installed Update state. Use the below query:

SELECT     TOP (100) PERCENT dbo.v_UpdateInfo.BulletinID, dbo.v_UpdateInfo.ArticleID, dbo.v_UpdateInfo.Title, dbo.v_StateNames.StateName AS State, 
                      dbo.v_UpdateDeploymentSummary.AssignmentName AS [Update List]
FROM         dbo.v_R_System INNER JOIN
                      dbo.v_UpdateComplianceStatus ON dbo.v_R_System.ResourceID = dbo.v_UpdateComplianceStatus.ResourceID INNER JOIN
                      dbo.v_UpdateInfo ON dbo.v_UpdateComplianceStatus.CI_ID = dbo.v_UpdateInfo.CI_ID INNER JOIN
                      dbo.v_StateNames ON dbo.v_UpdateComplianceStatus.LastEnforcementMessageID = dbo.v_StateNames.StateID INNER JOIN
                      dbo.v_UpdateDeploymentSummary ON dbo.v_UpdateInfo.CI_ID = dbo.v_UpdateDeploymentSummary.CI_ID
WHERE     (dbo.v_UpdateComplianceStatus.Status = 2) AND (dbo.v_StateNames.TopicType = 402) AND (dbo.v_R_System.Netbios_Name0 = @ComputerName) AND 
                      (NOT (dbo.v_StateNames.StateName LIKE 'Successfully Installed update'))
ORDER BY dbo.v_R_System.Netbios_Name0, dbo.v_UpdateComplianceStatus.Status

A SCCM report which shows you how many updates that are assigned to a client which have not been installed

Hi All,

I needed a quick and easy way to know if updates that I have deployed from SCCM have been installed. I needed a report to show the clients that were having trouble with the updates. I couldn’t find anything online and the inbuilt reports did not meant my needs.

I would then provide this report to the Service Desk team to troubleshoot.

I have modified a query from TechNet to give the required results. 

If you don’t see any clients in the report, you can safely ensure all updates have been deployed.

Now you can confidently tell IT management the progress of your updates.

Stayed tuned for a linked report to find out what updates are missing with there state and a report for management showing all updates have been applied.

SELECT        dbo.v_R_System.Netbios_Name0 AS [Computer Name]
            ,COUNT(dbo.v_UpdateComplianceStatus.Status) AS [Updates Missing]
            INNER JOIN
                dbo.v_UpdateComplianceStatus ON dbo.v_R_System.ResourceID = dbo.v_UpdateComplianceStatus.ResourceID
            INNER JOIN
                dbo.v_UpdateInfo ON dbo.v_UpdateComplianceStatus.CI_ID = dbo.v_UpdateInfo.CI_ID
            INNER JOIN
                dbo.v_StateNames ON dbo.v_UpdateComplianceStatus.LastEnforcementMessageID = dbo.v_StateNames.StateID
            LEFT OUTER JOIN
                dbo.v_GS_WORKSTATION_STATUS ON dbo.v_UpdateComplianceStatus.ResourceID = dbo.v_GS_WORKSTATION_STATUS.ResourceID
            (dbo.v_UpdateComplianceStatus.Status = 2) AND (dbo.v_StateNames.TopicType = 402)
            [Updates Missing]
            ,[Computer Name]


*** UPDATE ** 16/08/2011 **

Hi Everyone,

After running the report for our service desk. I noticed the information didn’t look correct.

The report would show systems missing updates. When I checked the sub report it was empty or the message was Successfully Installed update.

Use this query instead of the above:

SELECT     TOP (100) PERCENT dbo.v_R_System.Netbios_Name0 AS [Computer Name], COUNT(dbo.v_R_System.Netbios_Name0) AS [Updates Missing], 
                      dbo.v_UpdateScanStatus.ScanTime, MAX(dbo.v_StateNames.StateName) AS [Last Message]
FROM         dbo.v_R_System INNER JOIN
                      dbo.v_UpdateComplianceStatus ON dbo.v_R_System.ResourceID = dbo.v_UpdateComplianceStatus.ResourceID INNER JOIN
                      dbo.v_UpdateInfo ON dbo.v_UpdateComplianceStatus.CI_ID = dbo.v_UpdateInfo.CI_ID INNER JOIN
                      dbo.v_StateNames ON dbo.v_UpdateComplianceStatus.LastEnforcementMessageID = dbo.v_StateNames.StateID INNER JOIN
                      dbo.v_UpdateDeploymentSummary ON dbo.v_UpdateInfo.CI_ID = dbo.v_UpdateDeploymentSummary.CI_ID INNER JOIN
                      dbo.v_UpdateScanStatus ON dbo.v_R_System.ResourceID = dbo.v_UpdateScanStatus.ResourceID
WHERE     (dbo.v_StateNames.TopicType = 402) AND (NOT (dbo.v_StateNames.StateName LIKE 'Successfully Installed update'))
GROUP BY dbo.v_R_System.Netbios_Name0, dbo.v_UpdateScanStatus.ScanTime, dbo.v_UpdateComplianceStatus.Status
HAVING      (dbo.v_UpdateComplianceStatus.Status = 2)
ORDER BY [Updates Missing] DESC, dbo.v_UpdateComplianceStatus.Status, dbo.v_R_System.Netbios_Name0

Thee report looks like this. It gives a little more information then the first query.

Our Service Desk team can now order by the last message and only deal with ones that are required.