Friday, November 1, 2013

Windows Update via VBS

Put together something that will enable you to perform Windows Update by means of the vbs.
In this vbs, I have decided that I do not want to include any updates for Dot Net Framework and Windows Search.

'ServerSelection values
ssDefault = 0
ssManagedServer   = 1
ssWindowsUpdate   = 2
ssOthers          = 3

'InStr values
intSearchStartChar = 1

dim strTitle

Set updateSession = CreateObject("Microsoft.Update.Session")
Set updateSearcher = updateSession.CreateupdateSearcher()

updateSearcher.ServerSelection = ssWindowsUpdate
Set searchResult = updateSearcher.Search("IsInstalled=0 and Type='Software'")

WScript.Echo "List of applicable items on the machine:"

For I = 0 To searchResult.Updates.Count-1
    Set update = searchResult.Updates.Item(I)
    WScript.Echo I + 1 & "> " & update.Title
Next

If searchResult.Updates.Count = 0 Then
    WScript.Echo "There are no applicable updates."
    WScript.Quit
End If

WScript.Echo vbCRLF & "Creating collection of updates to download:"

Set updatesToDownload = CreateObject("Microsoft.Update.UpdateColl")

For I = 0 to searchResult.Updates.Count-1
    Set update = searchResult.Updates.Item(I)
    addThisUpdate = false
if instr(lcase(update.title),".net framework") = 0 then  
if instr(lcase(update.title),"search") = 0 then  
If update.InstallationBehavior.CanRequestUserInput = true Then
        WScript.Echo I + 1 & "> skipping: " & update.Title & _
        " because it requires user input"
    Else
        If update.EulaAccepted = false Then
            WScript.Echo I + 1 & "> note: " & update.Title & _
            " has a license agreement that must be accepted:"
            WScript.Echo update.EulaText
            WScript.Echo "Do you accept this license agreement? (Y/N)"
            ''strInput = WScript.StdIn.ReadLine
            strInput = "Y"
            WScript.Echo
            If (strInput = "Y" or strInput = "y") Then
                update.AcceptEula()
                addThisUpdate = true
            Else
                WScript.Echo I + 1 & "> skipping: " & update.Title & _
                " because the license agreement was declined"
            End If
        Else
            addThisUpdate = true
        End If
    End If
End if
End if
    If addThisUpdate = true Then
        WScript.Echo I + 1 & "> adding: " & update.Title
        updatesToDownload.Add(update)
    End If
Next

If updatesToDownload.Count = 0 Then
    WScript.Echo "All applicable updates were skipped."
    WScript.Quit
End If
   
WScript.Echo vbCRLF & "Downloading updates..."

Set downloader = updateSession.CreateUpdateDownloader()

downloader.Updates = updatesToDownload
 Set downloadResult = downloader.Download()
   WScript.Echo "Download Result: " & downloadResult.ResultCode
'downloader.Download()

Set updatesToInstall = CreateObject("Microsoft.Update.UpdateColl")

rebootMayBeRequired = false

WScript.Echo vbCRLF & "Successfully downloaded updates:"

For I = 0 To searchResult.Updates.Count-1
    set update = searchResult.Updates.Item(I)
    If update.IsDownloaded = true Then
        WScript.Echo I + 1 & "> " & update.Title
        updatesToInstall.Add(update)  
        If update.InstallationBehavior.RebootBehavior > 0 Then
            rebootMayBeRequired = true
        End If
    End If
Next

If updatesToInstall.Count = 0 Then
    WScript.Echo "No updates were successfully downloaded."
    WScript.Quit
End If

If rebootMayBeRequired = true Then
    WScript.Echo vbCRLF & "These updates may require a reboot."
End If

WScript.Echo  vbCRLF & "Would you like to install updates now? (Y/N)"
''strInput = WScript.StdIn.ReadLine
strInput = "Y"
WScript.Echo

If (strInput = "Y" or strInput = "y") Then
    WScript.Echo "Installing updates..."
    Set installer = updateSession.CreateUpdateInstaller()
    installer.Updates = updatesToInstall
    Set installationResult = installer.Install()
   
    'Output results of install
    WScript.Echo "Installation Result: " & _
    installationResult.ResultCode
    WScript.Echo "Reboot Required: " & _
    installationResult.RebootRequired & vbCRLF
    WScript.Echo "Listing of updates installed " & _
    "and individual installation results:"
   
    For I = 0 to updatesToInstall.Count - 1
        WScript.Echo I + 1 & "> " & _
        updatesToInstall.Item(i).Title & _
        ": " & installationResult.GetUpdateResult(i).ResultCode        
I = I + 1
    Next
End If

Thursday, September 26, 2013

Fix: WMI repository reset failed

Fixing WMI issues can be quite a pain as we all know :)
There is another WMI issue which I have encountered recently on Windows 7 and fixed which I thought
should be shared with all.

Usually for WMI issues in Windows 7, the last resort to resolve the issue would be to reset the
repository using winmgmt /resetrepository

But what if even this last resort fails you?
The error that I have gotten attempting to fix this client is as below

C:\Users\vincent.goh.adm>Winmgmt /resetrepository
WMI repository reset failed
Error code:     0x8007041B
Facility:       Win32
Description:    A stop control has been sent to a service that other running ser
vices are dependent on.

To resolve this, you can follow the below procedure

1)      Adding Network service to Local Administrator
2)    Navigate to the key below and confirm if the Value is "Both". If its is not, go ahead to change it to Both
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\ThreadingModel]

Key: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32
Value Name: ThreadingModel
Value Type: REG_SZ
Correct Value Data: Both
 3)      Then restart the WMI services in services.msc.

Tuesday, September 17, 2013

SCCM Patch Compliance Report for Machines by Wildcard

As an add on to a previous post I had for the patch compliance, the below query is to do the same thing but that it will allow you to list the all machines that you require information as well as using a wildcard (i.e for machine name starting with ABC change the wildcard underlined to 'ABC%')

select
   VRS.Name0,
   catinfo2.CategoryInstanceName as UpdateClassification,
            ui.BulletinID as BulletinID,
            ui.DatePosted,
   ui.DateRevised,        
            ui.ArticleID as ArticleID,
            ui.Title as Title,        
   ui.InfoURL as InformationURL
from v_UpdateComplianceStatus css
left join v_R_System VRS on VRS.ResourceID = css.ResourceID
join v_UpdateInfo ui on ui.CI_ID=css.CI_ID
join v_CICategories_All catall on catall.CI_ID=ui.CI_ID
join v_CategoryInfo catinfo on catall.CategoryInstance_UniqueID = catinfo.CategoryInstance_UniqueID and catinfo.CategoryTypeName='Company'
join v_CICategories_All catall2 on catall2.CI_ID=ui.CI_ID
join v_CategoryInfo catinfo2 on catall2.CategoryInstance_UniqueID = catinfo2.CategoryInstance_UniqueID and catinfo2.CategoryTypeName='UpdateClassification'
left join v_CITargetedMachines ctm on ctm.CI_ID=css.CI_ID and ctm.ResourceID = VRS.ResourceID
left join (
                        select atc.CI_ID, Deadline=min(a.EnforcementDeadline) from v_CIAssignment a
                        join v_CIAssignmentToCI atc on atc.AssignmentID=a.AssignmentID
                        group by atc.CI_ID) cdl   on cdl.CI_ID=css.CI_ID

where vrs.Active0 = 1and css.Status=2 and VRS.Name0 like '%'
order by VRS.name0 ,catinfo.CategoryInstanceName, catinfo2.CategoryInstanceName, ui.ArticleID

Friday, September 6, 2013

SCCM Patch Compliance - Listing required outstanding patches by server

The below query will enable you to get the patches that are required but has yet to be installed by server.
Replace the parameter @machinename with the server that you are referencing against.

declare @RscID int;
select @RscID=ResourceID from v_R_System where ((Name0 = @machinename) and (Active0 = 1));

select
catinfo2.CategoryInstanceName as UpdateClassification,
            ui.BulletinID as BulletinID,
            ui.DatePosted,
ui.DateRevised,        
            ui.ArticleID as ArticleID,
            ui.Title as Title,          
ui.InfoURL as InformationURL
from v_UpdateComplianceStatus css
join v_UpdateInfo ui on ui.CI_ID=css.CI_ID
join v_CICategories_All catall on catall.CI_ID=ui.CI_ID
join v_CategoryInfo catinfo on catall.CategoryInstance_UniqueID = catinfo.CategoryInstance_UniqueID and catinfo.CategoryTypeName='Company'
join v_CICategories_All catall2 on catall2.CI_ID=ui.CI_ID
join v_CategoryInfo catinfo2 on catall2.CategoryInstance_UniqueID = catinfo2.CategoryInstance_UniqueID and catinfo2.CategoryTypeName='UpdateClassification'
left join v_CITargetedMachines ctm on ctm.CI_ID=css.CI_ID and ctm.ResourceID = @RscID
left join (
                        select atc.CI_ID, Deadline=min(a.EnforcementDeadline) from v_CIAssignment a
                        join v_CIAssignmentToCI atc on atc.AssignmentID=a.AssignmentID
                        group by atc.CI_ID) cdl   on cdl.CI_ID=css.CI_ID
where  css.ResourceID = @RscID
and ((css.Status=2) )
order by catinfo.CategoryInstanceName, catinfo2.CategoryInstanceName, ui.ArticleID

Output of the report will be in the format as below when performed via SSRS


Wednesday, August 28, 2013

SCCM Query to get Logon Information

There was an entry in the MSFT System Center forum was request for some form of assistance to retrieve information for the last console logon for machines which I posted .
Heaving posted that I decided to add in something extra to include the number of console logons to the machine as well as the Total Duration. Hopefully this helps anyone who needs this.

select VRS.Name0 as 'Computer Name'
, Resource_Domain_OR_Workgr0
, User_Name0 'Last Logon Name'
, VOS.Caption0
,VOS.CSDVersion0
,VSC.LastConsoleUse0
,VSC.NumberOfConsoleLogons0 'Total Console Logons Counts'
,VSC.TotalUserConsoleMinutes0 'Total Console Logon Minutes'

from v_R_System VRS 
left join dbo.v_GS_OPERATING_SYSTEM VOS on VRS.ResourceID = VOS.ResourceID
left join dbo.v_GS_SYSTEM_CONSOLE_USER VSC on VSC.ResourceID = VRS.ResourceID

Thursday, June 27, 2013

Object Replication Manager (objreplmgr) on child site failed to insert .CID and .SDM files


I was presented with an issue whereby software updates (configuration items) were not replicating from the central parent site down to a particular child primary site. The symptoms of this being that if a certain update list, update package, or update deployment contained one of the missing updates (CI_items) then the effected object(s) would not appear in the console, and therefore I cannot deploy the effected update(s) at the child site

In this scenario I found a backlog of .CID files in the inbox folder below, each .CID file representing an update which couldn't be processed.

\inboxes\objmgr.box\INCOMING\retry

The retry is attempted 100 times and then the .CID is place in the ‘bad’ folder
\inboxes\objmgr.box\INCOMING\retry\BAD

When SMS_OBJECT_REPLICATION_MANAGER attempts to process the effected CI’s the following is logged to the objreplmgr.log which indicates the failure:

Processing replication file d:\Microsoft Configuration Manager\inboxes\objmgr.box\INCOMING\RetryGL_42586.CID in retry.


Failed to insert Object 6298a02f-0a6a-4f34-b832-08059b682b63 from replication file d:\Microsoft Configuration Manager\inboxes\objmgr.box\INCOMING\RetryGL_48796.CID.

On to the resolution, I found that running the following 6 SQL queries on the effected child sites resolved the issue:

**Note that the ID’s may be different for each site. Run the query Select * from CI_Types to get the proper list. We need to delete the following types: SoftwareUpdate, SoftwareUpdateBundle and AuthorizationList.
Please do this before you run the first query in italic

Delete from CI_ConfigurationItems Where CIType_ID in (1, 6, 8);
Update CI_SDMPackages set IsDeleted = 1 where SourceSite = 'ZZZ';
Delete from CI_ComplianceHistory where isdetected = 1
Delete from CI_Compliancehistory where isdetected = 0
Delete from CI_SDMPackages where isdeleted =1 and sourcesite = 'ZZZ'
Exec sp_DeleteOldSDMPackageData 0;


* note: replace ZZZ with the site code of your central site (or the active SUP which is the furthest upstream’)
Running the above queries will purge Software Updates data from the effected child site.
You should then wait about 30 minutes and then restart the following services on the effected child site:

SMS_EXECUTIVE
SMS_COMPONENT_MANAGER

The final step is to initiate a full site replication, this can be done using the heirarchy maintenance tool (syncchild option) or by place a file called .SHA * in the objmgr.box on the parent site.

* .SHA – replace with the 3 digit site code of the desired child site you wish to replicate.

Allow up to 24 hours for the site replication to complete, when it finishes you should have a fully matching compliment of updates on the central site and child primary site.

You can monitor the objreplmgr.log for successful insertion of .CID and .SDM items, and you should also find that the folder \inboxes\objmgr.box\INCOMING\retry does not contain any items for retry.

Friday, June 14, 2013

Domain Admins Unable to run GPresult


I was faced with a situation that I was unable to run GPresult even with domain admins credentials.
Worked through the procedure below to resolve the issue.

1) Register the userenv.dll file
regsvr32 /n /I c:\windows\system32\userenv.dll

2)  Change Directory to the wbem folder
cd c:\windows\system32\wbem
- Recompile the scersop.mof
 mofcomp scersop.mof
- Optional Repositories you can recompile
mofcomp rsop.mof
mofcomp rsop.mfl  

3) Force Group Policy Update
gpupdate /force

Friday, April 19, 2013

SCCM Client Verbose Logging



Though SCCM logs are pretty comprehensive but it's some how short of the additional informaiton that Techies need to get more insight into a error.

The procedure below will enable you to just do that.

Apply the changes to the machine which you need the verbose logging.

Enabling Debug and Verbose Logging

To enable debug logging after installation, create the following registry key:

HKLM\SOFTWARE\Microsoft\CCM\Logging\debuglogging


To enable verbose logging after installation, change the following value to 0. You will need to right click on the @Global key and change permissions to allow the current user to change the data in the key.

HKLM\Software\Microsoft\CCM\Logging\@Global\Loglevel


X64

HKLM\Software\Wow6432Node\Microsoft\CCM .


X86
HKLM\Software\Microsoft\CCM

Thursday, April 4, 2013

Symantec Endpoint Management Server Reporting

I was looking for a query that will enable us to query the Symantec Endpoint Management Server's Database for the SEP client's information for Virus Definitions, Last Scan Time, Last Virus Detected time, Current infection state of the SEP Client but was unable to find any.
Hence I have put together a little SQL query that is to be reference against the SEM5 database which will do the job.


select
L1.Computer_name
, dateadd(second, max(L1.CReation_time)/1000 + 8*60*60, '19700101') ' MAchine Creation Time'
--,max(L1.CReation_time) 'Machine Creation Time'
,dateadd(second, max(L1.LAST_UPDATE_TIME)/1000 + 8*60*60, '19700101') 'Last Machine Status Update Time'
 , Case when  L1.[INFECTED] = 1 then 'Yes'
when L1.[INFECTED] = 0 then 'No'
End as 'System Infected'
 ,dateadd(second, max(L1.[LAST_SCAN_TIME])/1000 + 8*60*60, '19700101') 'Last Scan Time'
      ,dateadd(second, max(L1.[LAST_VIRUS_TIME])/1000 + 8*60*60, '19700101') 'Last Virus Detected'
      ,max(L1.version) 'Current Definition Version'
      ,max(L1.patterndate) 'Current Pattern Date'
from
(

SELECT distinct CID.Computer_NAME
,CID.operation_SYSTEM
--,CID.current_login_user
      ,[CREATION_TIME]
      ,[LAST_UPDATE_TIME]
      ,[INFECTED]
      ,[LAST_SCAN_TIME]
      ,[LAST_VIRUS_TIME]
      ,PAT.version
      ,PAT.patterndate
, avengine_onoff
      
  FROM [sem5_DB].[dbo].[SEM_Agent]
  left join dbo.SEM_COMPUTER CID on SEM_AGENT.computer_ID = CID.Computer_ID
left join dbo.PATTERN PAT on SEM_Agent.pattern_IDX = PAT.pattern_IDX
where CID.deleted = 0
)L1
group by L1.Computer_name,L1.infected,L1.LAST_UPDATE_TIME