Wednesday, March 30, 2011

Generate Computer names in MDT 2010/SCCM - Update

I've created an advanced stored procedure. The new stored procedure build on the last one that has the OU assignment , but the new one gives you the possibility to have different prefix on you computers based on location. It is also possible to have custom sequence for each location, so all your computers on location A could be named PC-Location(A)-Type*-Sequence(00001), PC-Location(A)-Type*-Sequence(00002), and PC-Location(B)-Type*-Sequence(00001),PC-Location(B)-Type*-Sequence(00002).

If you want to have computer type (Desktop,laptop,VM) in your computer name. You can easily add the following in the stored procedure:

In the IF @isvm/isdesktop/islaptop sequences add the following:
Set @type=’L’ or ‘D’ or ‘V’
(If you want the computer names for laptops to contain an L to identify that its a laptop, D for desktop and V for Virtual.

You also have to add the following in the Set @newname
set @newname = @prefix '+' @type '+' etc.....

These changes have to be made on all three IF statements for each computer type, a total of 6 entries. 2 per IF statement.

The files can be downloaded here:
http://cid-214999a8ebe4fcb4.office.live.com/browse.aspx/.Public/SCCM?uc=0

Tuesday, March 29, 2011

Access is denied Windows 7 Offline files (CSC)

These last couple of days I’ve been troubleshooting offline files in Windows 7. At a customer we are building a new OU structure and new GPO policies for Windows 7 (the old ones are old Win2000/xp, and really need to be updated).

The new GPO for Windows 7 is defined to allow offline files, transparent caching, when to synchronize and encryption of offline files and are linked on the computers OU. The user GPO has the automatically offline redirected folders.

Today, the Windows 7 computers are configured with Offline files, and everything is working as normal. (Pretty much the same configuration as we have created, but they are created for WinXP)

When we move a computer and user to the new OU structure and the new GPOs are applied, we get an “access is denied” when we try to edit files in the CSC Cache. We are able to create files, but not able to edit them… When we move the computer back to the old OU and GPO everything works normal.

If we turn off encryption of offline files in the new OU structure everything works normal, and creating and editing is fine.

After digging around, I found that the DRA (Data Recovery Agent) certificate (Default created when installing a domain) had expired in 2003…. (time to renew...)

I utilized the existing PKI and created a new DRA and tried again. But I still got the “Access is denied” when the computer was placed in the new OU and got the new GPOs.

Since the default DRA had expired in 2003 and the computer associated with the private key has been recycled to car parts, I deleted it from the Domain Policy. So only the new DRA certificate was available.

When the client got the new GPO with only one valid DRA, everything worked like a charm.

During the troubleshooting I saw some status issues in the sync center. When I got the “access is denied” messages I saw that in Sync Center->Manage Offline Files->Encryption had a statuslike "not all of the offline files are encrypted."

After the DRA fix up was done, the status of Encryption was like "all offline files is encrypted"!

Why it worked with the old policies I haven’t quite understood.

Tuesday, March 15, 2011

Generate Computer names in MDT 2010/SCCM based on prefix and a sequence number including OU assignment

I must admit MDT and SCCM works nice together, but it lacks some features like auto generating names(sequentially) and dynamically assigns clients to OU based on multiple criteria’s (at least what I know…)
What I’ve been struggling with the last days are to auto generate names to unknown computers being installed with a new Win7 image. I came across http://www.deployvista.com/Home/tabid/36/EntryID/120/language/en-US/Default.aspx
Which solved my naming issue… Good work Johan Arwidmark:)

But I still had one issue left; the OU structure is more complex than just location or type. I need to put the computers in an OU structure based on location and type of client.
The OU structure is like this; OU=ComputerType,OU=Computers,OU=Location, DC=domain,DC=local.
To resolve this issue, I’ve expanded the stored procedure Johan created, and created an extra table to store the following info:
  • Location – The name of you Location example: New York
  • Gateway IP – The same as MDT. What Gateway identifies the New York location
  • Shortname – The shortname of location for use in computername example: NY
  • BaseOU – the OU string for this location: OU=Computers,OU=New York,OU=Locations,DC=domain,DC=local
To populate the information you want to use for generation, you have to use SQL Management Studio to add information to the table.

In addition you need to change the MachineObjectOU column in the MDT settings table to more than 50 characters. I used 255 since I know my OU paths aren’t longer than that. But in my case 50 characters are too short.

Based on the information above the stored procedure will create a computer name sequentially in the following format PCLOCATIONSEQUENCE, example PCNY00001. The computer account will also be created in the OU=Laptop,+BaseOU or OU=Desktop,+BaseOU or OU=VM,+BaseOU based on the %islaptop%, %isdesktop% or %isvm% parameters in MDT.

To change the naming convention for the computer name, edit the stored procedure to change the order or add hyphens (-) for segmentation.

In the MDT/SCCM task sequence you need to use the %OSDDomainOUName% and not the %machineobjectOU%

I’m not a SQL guy, so the code might be a mess, but it’s working. I’ll try to rewrite the procedure to optimize the code. But I don’t know when it will be finished.

Download files here:
http://cid-214999a8ebe4fcb4.office.live.com/browse.aspx/.Public/SCCM

Run the scripts on you MDT database and add the following configure to your current Customsettings.ini:

[Settings]
Priority=IdentifyComputer, CSettings

[CSettings]
SQLServer=SERVERNAME
Database=MDTDATABASENAME
Netlib=DBNMPNTW
SQLShare=DeploymentShareProd$
Table=ComputerSettings
Parameters=UUID, AssetTag, SerialNumber, MacAddress
ParameterCondition=OR

[IdentifyComputer]
SQLServer=SERVERNAME
Database=MDTDATABASENAME
Netlib=DBNMPNTW
SQLShare=DeploymentShareProd$
StoredProcedure=IdentifyComputer
Parameters=MacAddress, DefaultGateway,Islaptop,IsDesktop,IsVM
ParameterCondition=And