SCCM 2012 Endpoint applies two policies "Default Policy & Custom policy" without using merge

Hi All,
Am facing an issue deploying endpoint policies @ the configuration manager, as for some device collection it applies the default policy without being deployed or merged with any other policy.
below is snapshot from policies on SCCM & policies applied on one of the clients.
Thanks

That's default behavior. The default policy will always be aplied without the need to be specifically deployed. If you look at the applied settings you should see that the settings are merged were applicable. See for a nice explanation:
http://blogs.technet.com/b/mspfe/archive/2013/11/13/system-center-configuration-manager-2012-scep-policy-behavior.aspx
My Blog: http://www.petervanderwoude.nl/
Follow me on twitter: pvanderwoude

Similar Messages

SCCM 2012 R2 Clients are not retrieving policy

Hi - I know this question has been asked many times before - but I have tried almost everything and a no closer to solving the problem.
Background: Recently a SCCM 2012 SP1 single stand-alone site was upgraded to SCCM 2012 R2. The site is a single stand-alone primary site with a single DP, single MP, using mixed mode
(HTTP). The R2 upgrade ran without any problem and all SCCM components are showing as healthy.
A few test SCCM 2012 SP1 clients were upgraded to the R2 client using client-push.
However the upgraded clients are not retrieving policy from the Management Point. In the Actions Tab of the SCCM client, only Machine Policy Retrieval and User Policy Retrieval are available. But kicking of those actions does not
result in any of the advertised applications, Task Sequences becoming available. Infact Custom Client Settings are not being set either (e.g. Organisation Name in software Center).
I have checked and rechecked the following:
The upgrade of the client completed successfully (checked ccmsetup.log) and the version number went from 5.00.7804.1000 (SP1) to 5.00.7958.1000 (R2).
The MP health in the SCCM console is showing healthy.
The MP access URL's load correctly when run from SCCm client computers
“http://<ServerName>/sms_mp/.sms_aut?mplist” is ok
“http://<ServerName>/sms_mp/.sms_aut?mpcert” is ok
The SCCM clients are assigned to the site correctly – verified via the SCCM client and
ClientLocation.Log
ClientIDManager.Log is not showing any errors
CCMExec.log and ExecMgr.log don't show any advertisements being executed (Execmgr.log is almost empty and only has "Software ditrbution site settings policy does not yet exist on the client). If the client is not yest
registered this is expected behaviour")
The SCCM clients are Approved and NOT Blocked in SCCM
I have attempted to upgrade the SCCM client and also completely removed and reinstalled - and both have the same result (no client policy dpwnloaded)
I have also deleted the above clients completely from SCCM, Run divoery again and pushed the client to the machines again ...with the same result (SCCM client installs, assigns to correct site and then no policy downloaded)
SCCM 2012 Boundaries are configured correctly and assigned to Boundary Groups correctly
The SCCM client’s do not have the firewall enabled
Changed boundary from AD Site to Subnet to IP Address Range: Same issue exists
Uninstalled MP role and reinstalled it: same Issue exists
Tried to connect to SCCm client using 3rd party SCCM Client center tool but cannot connect
??? Not sure what else to try ???

Hi all - sorry for the late response.
We managed to resolve the issue after logging a job with Microsoft Support.
The issue was that the SCCM 2012 R2 upgrade corrupted 2 tables in the SCCM Database - leading to corrupt SCCM client policies.
I am pasting the resolution email from Microsoft below:
(NOTE: This may not be the exact sypmtoms you are experiencing so do not implement this fix assuming it will fix your problem!)
ISSUE:
- All clients are unable to download policies from the server
CAUSE:
- Bad policies in the Database
RESOLUTION:
-Issue with PADbID - Run below query against SCCM DB to verify corrupt entries:
SELECT * FROM
ResPolicyMap WHERE machineid = 0 and PADBID IN (SELECT PADBID FROM PolicyAssignment WHERE BodyHash IS NULL)
Confirmed Bad policies entries in the SCCM database
Run below query to delete the bad policy after which we resolved the issue:
Delete FROM ResPolicyMap
WHERE machineid = 0 and PADBID IN (SELECT PADBID FROM PolicyAssignment WHERE BodyHash IS NULL)"

SCCM 2012 Endpoint Protection initial update not downloaded

Hi,
I'm new to SCCM 2012. I recently started deploying the Endpoint Protection to all of clients (Windos 7 and XP Pro).
I've noticed that some clients have not been updating their initial definitions after the Endpoint Protection Software is installed.
Since they are not updating their detonation the client remains unprotected with the status icon in red.
The odd thing is that some of our computers do the initial update just fine while others are effected.
Also if I click update manually then the update goes through no issue, but with 100+ clients not updated its not something I want to do manually.
The clients are set to receive auto updates via a auto deployment rule.
Also the antimalware policy is set to do updates as well in this order:
Config Mgr
WSUS
Microsoft Malware Protection Center
Microsoft Update
Has anyone seen this before?
If I need to upload any specific logs just let me know.
Many Thanks

Do you have Software update configured (and working) thru ConfigMgr or using a standalone WSUS?
Kent Agerlund | My blogs: blog.coretech.dk/kea and
SCUG.dk/ | Twitter:
@Agerlund | Linkedin: Kent Agerlund |
Mastering ConfigMgr 2012 The Fundamentals

SCCM 2012 R2 CU4, how can we make sure clients without any CU upgrade will continue to communicate?

Hi,
We're about to upgrade the SCCM 2012 R2 server from CU1 to CU4. However no clients were ever upgraded (don't even have CU1). Is there any way(matrix or other) we can assure ourselves clients will keep on communicating (f.e. for SCCM R2 CU4, clients need at
least to be at CU1)?
Please advise.
J.
Jan Hoedt

Go through each one and see for yourself. Note that they are cumulative so you only need to deploy the latest. CU4 contains all the others. The issues that are fixed are listed.
CU4
https://support.microsoft.com/en-us/kb/3026739?wa=wsignin1.0
CU3
https://support.microsoft.com/en-us/kb/2994331
CU2
https://support.microsoft.com/en-us/kb/2970177
CU1
https://support.microsoft.com/en-us/kb/2938441
It's always better to use the latest version where possible.
Gerry Hampson | Blog:
www.gerryhampsoncm.blogspot.ie | LinkedIn:
Gerry Hampson | Twitter:
@gerryhampson

Can i use the retention policy without using the Flash Recovery area?

Yes ,lets see here
RMAN>list backup summary
C:\>dir *.bus
Volume in drive C is khurram
Volume Serial Number is F49D-FF2B
Directory of C:\
File Not Found
C:\>dir *.arc
Volume in drive C is khurram
Volume Serial Number is F49D-FF2B
Directory of C:\
File Not Found
RMAN> crosscheck backup
2> ;
using channel ORA_DISK_1
RMAN> list backup summary
2> ;
RMAN> show retention policy
2> ;
RMAN configuration parameters are:
CONFIGURE RETENTION POLICY TO REDUNDANCY 1; # default
RMAN> run {
2>   allocate channel ch0 type disk;
3>   backup as compressed backupset database format
4>   'c:\rman_%s_%d_%T.bus'
5>   plus archivelog format 'c:\arch_%s_%d_%T.arc';
6>   release channel ch0;
7>   allocate channel ch1 device type disk format 'c:\arch_%s_%d_%T.arc';
8>   release channel ch1;
9>   delete force noprompt obsolete;
10>   allocate channel ch2 device type disk format 'c:\rman_%s_%d_%T.bus';
11>   release channel ch2;
12>   delete force noprompt obsolete;
13> }
released channel: ORA_DISK_1
allocated channel: ch0
channel ch0: sid=146 devtype=DISK
Starting backup at 15-APR-08
current log archived
channel ch0: starting compressed archive log backupset
channel ch0: specifying archive log(s) in backup set
input archive log thread=1 sequence=24 recid=79 stamp=652108461
input archive log thread=1 sequence=25 recid=80 stamp=652112650
channel ch0: starting piece 1 at 15-APR-08
channel ch0: finished piece 1 at 15-APR-08
piece handle=C:\ARCH_130_ORCL1_20080415.ARC comment=NONE
channel ch0: backup set complete, elapsed time: 00:00:05
Finished backup at 15-APR-08
Starting backup at 15-APR-08
channel ch0: starting compressed full datafile backupset
channel ch0: specifying datafile(s) in backupset
input datafile fno=00001 name=C:\ORACLE\PRODUCT\10.1.0\ORADATA\ORCL1\SYSTEM01.DB
F
input datafile fno=00003 name=C:\ORACLE\PRODUCT\10.1.0\ORADATA\ORCL1\SYSAUX01.DB
F
input datafile fno=00004 name=C:\ORACLE\PRODUCT\10.1.0\ORADATA\ORCL1\USERS01.DBF
input datafile fno=00002 name=C:\ORACLE\PRODUCT\10.1.0\ORADATA\ORCL1\UNDOTBS01.D
BF
channel ch0: starting piece 1 at 15-APR-08
channel ch0: finished piece 1 at 15-APR-08
piece handle=C:\RMAN_131_ORCL1_20080415.BUS comment=NONE
channel ch0: backup set complete, elapsed time: 00:00:45
Finished backup at 15-APR-08
Starting backup at 15-APR-08
current log archived
channel ch0: starting compressed archive log backupset
channel ch0: specifying archive log(s) in backup set
input archive log thread=1 sequence=26 recid=81 stamp=652112703
channel ch0: starting piece 1 at 15-APR-08
channel ch0: finished piece 1 at 15-APR-08
piece handle=C:\ARCH_132_ORCL1_20080415.ARC comment=NONE
channel ch0: backup set complete, elapsed time: 00:00:02
Finished backup at 15-APR-08
Starting Control File and SPFILE Autobackup at 15-APR-08
piece handle=C:\ORACLE\PRODUCT\10.1.0\FLASH_RECOVERY_AREA\ORCL1\AUTOBACKUP\2008_
04_15\O1_MF_S_652112718_408X3ZVJ_.BKP comment=NONE
Finished Control File and SPFILE Autobackup at 15-APR-08
released channel: ch0
allocated channel: ch1
channel ch1: sid=146 devtype=DISK
released channel: ch1
RMAN retention policy will be applied to the command
RMAN retention policy is set to redundancy 1
allocated channel: ORA_DISK_1
channel ORA_DISK_1: sid=146 devtype=DISK
Deleting the following obsolete backups and copies:
Type                 Key    Completion Time    Filename/Handle
Backup Set           128    15-APR-08
Backup Piece       128    15-APR-08          C:\ARCH_130_ORCL1_20080415.ARC
Archive Log          79     15-APR-08          C:\ORACLE\PRODUCT\10.1.0\FLASH_RE
COVERY_AREA\ORCL1\ARCHIVELOG\2008_04_15\O1_MF_1_24_408RYXDF_.ARC
Archive Log          80     15-APR-08          C:\ORACLE\PRODUCT\10.1.0\FLASH_RE
COVERY_AREA\ORCL1\ARCHIVELOG\2008_04_15\O1_MF_1_25_408X1SCR_.ARC
deleted backup piece
backup piece handle=C:\ARCH_130_ORCL1_20080415.ARC recid=128 stamp=652112652
deleted archive log
archive log filename=C:\ORACLE\PRODUCT\10.1.0\FLASH_RECOVERY_AREA\ORCL1\ARCHIVEL
OG\2008_04_15\O1_MF_1_24_408RYXDF_.ARC recid=79 stamp=652108461
deleted archive log
archive log filename=C:\ORACLE\PRODUCT\10.1.0\FLASH_RECOVERY_AREA\ORCL1\ARCHIVEL
OG\2008_04_15\O1_MF_1_25_408X1SCR_.ARC recid=80 stamp=652112650
Deleted 3 objects
released channel: ORA_DISK_1
allocated channel: ch2
channel ch2: sid=146 devtype=DISK
released channel: ch2
RMAN retention policy will be applied to the command
RMAN retention policy is set to redundancy 1
allocated channel: ORA_DISK_1
channel ORA_DISK_1: sid=146 devtype=DISK
no obsolete backups found
RMAN>
C:\>dir *.bus
Volume in drive C is khurram
Volume Serial Number is F49D-FF2B
Directory of C:\
04/15/2008 02:24 PM        96,813,056 RMAN_131_ORCL1_20080415.BUS
               1 File(s)     96,813,056 bytes
               0 Dir(s) 61,960,724,480 bytes free
C:\>dir *.arc
Volume in drive C is khurram
Volume Serial Number is F49D-FF2B
Directory of C:\
04/15/2008 02:25 PM            56,832 ARCH_132_ORCL1_20080415.ARC
               1 File(s)         56,832 bytes
               0 Dir(s) 61,960,724,480 bytes free
C:\>
RMAN> run {
2>   allocate channel ch0 type disk;
3>   backup as compressed backupset database format
4>   'c:\rman_%s_%d_%T.bus'
5>   plus archivelog format 'c:\arch_%s_%d_%T.arc';
6>   release channel ch0;
7> }
released channel: ORA_DISK_1
allocated channel: ch0
channel ch0: sid=146 devtype=DISK
Starting backup at 15-APR-08
current log archived
channel ch0: starting compressed archive log backupset
channel ch0: specifying archive log(s) in backup set
input archive log thread=1 sequence=26 recid=81 stamp=652112703
input archive log thread=1 sequence=27 recid=82 stamp=652112873
channel ch0: starting piece 1 at 15-APR-08
channel ch0: finished piece 1 at 15-APR-08
piece handle=C:\ARCH_134_ORCL1_20080415.ARC comment=NONE
channel ch0: backup set complete, elapsed time: 00:00:02
Finished backup at 15-APR-08
Starting backup at 15-APR-08
channel ch0: starting compressed full datafile backupset
channel ch0: specifying datafile(s) in backupset
input datafile fno=00001 name=C:\ORACLE\PRODUCT\10.1.0\ORADATA\ORCL1\SYSTEM01.DB
F
input datafile fno=00003 name=C:\ORACLE\PRODUCT\10.1.0\ORADATA\ORCL1\SYSAUX01.DB
F
input datafile fno=00004 name=C:\ORACLE\PRODUCT\10.1.0\ORADATA\ORCL1\USERS01.DBF
input datafile fno=00002 name=C:\ORACLE\PRODUCT\10.1.0\ORADATA\ORCL1\UNDOTBS01.D
BF
channel ch0: starting piece 1 at 15-APR-08
channel ch0: finished piece 1 at 15-APR-08
piece handle=C:\RMAN_135_ORCL1_20080415.BUS comment=NONE
channel ch0: backup set complete, elapsed time: 00:00:45
Finished backup at 15-APR-08
Starting backup at 15-APR-08
current log archived
channel ch0: starting compressed archive log backupset
channel ch0: specifying archive log(s) in backup set
input archive log thread=1 sequence=28 recid=83 stamp=652112925
channel ch0: starting piece 1 at 15-APR-08
channel ch0: finished piece 1 at 15-APR-08
piece handle=C:\ARCH_136_ORCL1_20080415.ARC comment=NONE
channel ch0: backup set complete, elapsed time: 00:00:02
Finished backup at 15-APR-08
Starting Control File and SPFILE Autobackup at 15-APR-08
piece handle=C:\ORACLE\PRODUCT\10.1.0\FLASH_RECOVERY_AREA\ORCL1\AUTOBACKUP\2008_
04_15\O1_MF_S_652112928_408XBKCZ_.BKP comment=NONE
Finished Control File and SPFILE Autobackup at 15-APR-08
released channel: ch0
RMAN> report obsolete
2> ;
RMAN retention policy will be applied to the command
RMAN retention policy is set to redundancy 1
Report of obsolete backups and copies
Type                 Key    Completion Time    Filename/Handle
Backup Set           129    15-APR-08
Backup Piece       129    15-APR-08          C:\RMAN_131_ORCL1_20080415.BUS
Backup Set           130    15-APR-08
Backup Piece       130    15-APR-08          C:\ARCH_132_ORCL1_20080415.ARC
Backup Set           131    15-APR-08
Backup Piece       131    15-APR-08          C:\ORACLE\PRODUCT\10.1.0\FLASH_RE
COVERY_AREA\ORCL1\AUTOBACKUP\2008_04_15\O1_MF_S_652112718_408X3ZVJ_.BKP
Backup Set           132    15-APR-08
Backup Piece       132    15-APR-08          C:\ARCH_134_ORCL1_20080415.ARC
Archive Log          81     15-APR-08          C:\ORACLE\PRODUCT\10.1.0\FLASH_RE
COVERY_AREA\ORCL1\ARCHIVELOG\2008_04_15\O1_MF_1_26_408X3HRP_.ARC
Archive Log          82     15-APR-08          C:\ORACLE\PRODUCT\10.1.0\FLASH_RE
COVERY_AREA\ORCL1\ARCHIVELOG\2008_04_15\O1_MF_1_27_408X8RXN_.ARC
RMAN>Note: i have archivelog which is at FRA ,it also apply there and as well yours own defined backupsets path.
Yours comments are wellcome.
http://oraware.blogspot.com/2008/04/can-i-use-retention-policy-without.htmlKhurram

Hmmm, I can't see where the confusion originates. The table near the bottom of www.apple.com/timecapsule/specs.html has one row labelled "For backup using Time Machine" and another row labelled "For AirPort Disk with a USB hard drive".
The requirement for backup via Time Machine is OS 10.5.1 or better. Time Machine is not supported in pre-Leopard (OS 10.5) nor in Windows.
The requirement for using Time Capsule as a remote disk is identified as "Mac with Mac OS X v10.4.8 or later" or "PC with Windows XP (SP2) or Windows Vista; Bonjour for Windows (included on Time Capsule CD)".
Doesn't that pretty much spell out that Time Capsule works as a network drive without the need for Time Machine?
Also Joe (the OP) never indicated any desire to use it with Windows so I'm not sure why all the discussion about Windows compatibility. ??
Also the quote posted by Henry seems pretty clear:
"Time Capsule with Time Machine in Leopard is the ideal backup solution. But that doesn’t mean Tiger, Windows XP, and Windows Vista users can’t enjoy the benefits of Time Capsule, too. Because it mounts as a wireless hard drive, Tiger and Windows users simply access Time Capsule directly from the wireless network for exchanging and storing files quickly and easily."

Two ALV's in single report without Using Containers

Hi All,
I have a requirement to show two ALV reports in a single report and the thing is I am not supposed to use Containers(Screen Painter). and OOPS concepts.
Is there a way we can achieve this?
Any valuable suggestion is highly appreciated.
Thanks-

Hi rahul,
1. This simple program will give u an idea
of block alv.
-> Two or more alvs on same screen, without
using container or oops.
2. It will print two alv
a) itab = table from t001
b) ptab = table from t000
3. Just copy paste in new program.
REPORT zam_temp54 .
type-pools : slis.
data : alvfc type slis_t_fieldcat_alv.
data : alvly type slis_layout_alv.
data : alvev type slis_t_event .
DATA : BEGIN OF itab OCCURS 0.
include structure t001.
DATA: END OF itab.
DATA : BEGIN OF ptab OCCURS 0.
INCLUDE STRUCTURE t000.
DATA: END OF ptab..
PARAMETERS : a TYPE c.
start-of-selection.
*--------------- SELECT DATA
SELECT * FROM t001 into table itab.
select * from t000 into table ptab.
*--------------- INIT BLOCK ALV
CALL FUNCTION 'REUSE_ALV_BLOCK_LIST_INIT'
EXPORTING
i_callback_program = sy-repid.
*--------------- ADD INTERNAL TABLE ITAB
CALL FUNCTION 'REUSE_ALV_FIELDCATALOG_MERGE'
EXPORTING
I_PROGRAM_NAME = SY-REPID
I_INTERNAL_TABNAME = 'ITAB'
I_INCLNAME = SY-REPID
CHANGING
CT_FIELDCAT = ALVFC.
CALL FUNCTION 'REUSE_ALV_BLOCK_LIST_APPEND'
EXPORTING
is_layout = alvly
it_fieldcat = alvfc
i_tabname = 'ITAB'
it_events = alvev
TABLES
t_outtab = ITAB
EXCEPTIONS
program_error = 1
maximum_of_appends_reached = 2
OTHERS = 3.
*------------------- ADD INTERNAL TABLE PTAB
REFRESH ALVFC[].
CALL FUNCTION 'REUSE_ALV_FIELDCATALOG_MERGE'
EXPORTING
I_PROGRAM_NAME = SY-REPID
I_INTERNAL_TABNAME = 'PTAB'
I_INCLNAME = SY-REPID
CHANGING
CT_FIELDCAT = ALVFC.
CALL FUNCTION 'REUSE_ALV_BLOCK_LIST_APPEND'
EXPORTING
is_layout = alvly
it_fieldcat = alvfc
i_tabname = 'PTAB'
it_events = alvev
TABLES
t_outtab = PTAB
EXCEPTIONS
program_error = 1
maximum_of_appends_reached = 2
OTHERS = 3.
*--------------- DISPLAY
CALL FUNCTION 'REUSE_ALV_BLOCK_LIST_DISPLAY'
EXCEPTIONS
program_error = 1
OTHERS = 2.
regards,
amit m.

SCCM 2012 EndPoint Protection migration

I have the old ConfigMgr 2012 name " BACKOFFICE" it is currently managing all the EndPoint Protection for all workstations/servers.
I now have new ConfigMgr 2012 called "SCCM" I just installed ForeFront EndPoint Protection and configured the Custom Client Deviec EndPoint Protection to roll out to workstations. What is the best practice to remove old ForeFront EndPoint
Protection client from old site name and install new one?
1. Do I have to manually uninstall EndPoint Client in control panel for each computer? or is there a way to just uninstall for all computers using the old COnfigMgr 2012 "BACKOFFICE"
Thanks for your help!

Hi !
You have to reassign the desired clients.
It can be scripted:
http://msdn.microsoft.com/en-us/library/cc146558.aspx
Otherwise, you could install again the client on your targets, with the following options: force install and site assignement.
You can refer to this link:
http://technet.microsoft.com/en-us/library/gg712298.aspx
Hope this helps.
Note: This posting is provided 'AS IS' with no warranties or guarantees, and confers no rights. Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable. This helps the community, keeps the forums tidy, and
recognises useful contributions.

SCCM 2012 - Endpoint Protection Reporting only using static end date

I have created a subscription to the Endpoint Protection/Antimalware Activity Report built into SCCM2012/Endpoint Protection.
My problem is that I am having trouble getting the dates to work correctly. I want to have the report automaticlly emailed out every monday morning with the status from the last 7 days (i.e. since the last monday report).
However the subscription seems to want a static end date. That is, every monday when the report runs it gives me a status report from the exact same 7 days. Not the most recent 7 days.
How do I go about changing this so it is useful and that every monday it runs, the report it creates/sends is from the the last 7 days?

I hope this helps (I am still testing it) but I did this by:-
"Editing" the default report such as "Antimalware activity report".
To avoid corrupting this default report before you change anything select SaveAs and call it something like "Antimalware activity report
for the last 7 days".
Open Datasets, StartEndDates and replace the query with this for the last 7 days
"select DATEADD(day,datediff(day,0,GetDate())- 7,0) as StartDate, DATEADD(day,datediff(day,0,GetDate()),0) as EndDate"
Then open Parameters, StartDate and under General change it to "Hidden".
Then open Parameters, EndDate and under General change it to "Hidden".
Save and test
I had to set the "default value" on each parameter, per Lillonel:
StartDate : =DateAdd("d",-7,Globals!ExecutionTime)
EndDate : =Globals!ExecutionTime
It looks like it is using a 7 day window now.

SCCM 2012 Endpoint Protection Definition Update

Hi Guys, can you please help me out with this, some of the clients are not pulling or seeing the latest definition updates from the server.
What do I check?

Again - Start with the EndpointProtectionAgent.log file on the clients
http://technet.microsoft.com/en-us/library/c6675aac-4bb8-4b4b-9075-06b4ecec2a18#BKMK_ClientOpLogs
Nick Moseley | http://t3chn1ck.wordpress.com
What do I look for in the CIDownloader.log?

SCCM 2012 Packages - Software and apply license

HI All,
I think I already know the answer, but I just want to check that the package options are selected correctly as I'm a newbie when it comes to packaging;
We are trying to install Trapeze viewer (from Onstream, part of our Idox solution). The software calls for the License to be applied manually after the install (just double click the file and it applies itself, the users are able to do this). We are migrating
our estate onto Win 7 x64 and this will have to be done on 400+ machines.
I've created a SCCM 2012 Package with two Programs; 1 to install the software from MSI file and the 2 to run the license file in hoping that when a new user of a machine logs in the Trapeze license is applied for the first time;
1- Software -
General
Name: Install Trapeze
Command line: "TrapezeDesktop_9_05.msi"
Run: Hidden
After Running: No Action Required
Environment
Program can Run: Whether or not user is logged on
Run Mode: Run with Admin rights
Allow user interaction: Unchecked
Advanced
When program is assed to Computer: Run once for computer
Supress Program notification: Checked
2-License -
General
Name: Trapeze License
Command line: license.tpz
Run: Hidden
After Running: No Action Required
Environment
Program can Run: Only when a user is logged on
Run Mode: Run withUser rights
Allow user interaction: Unchecked
Advanced
Run another Program First: Checked
Package: Onstream Trapeze
Program: Install Trapeze
Always run this program first: Checked
When program is assed to Computer: Run once for every user who logs on
Supress Program notification: Checked
Many Thanks
Becki

Hi Torsten,
license.tpz applies a license to the trapeze software, manually it is just double clicked, and then the trapeze software opens stating that the license will take affect next time the software is ran.
Is it worth me pointing it to the trapeze.exe file in the command line, such as:
"C:\Program Files (x86)\Onstream Trapeze\trapeze.exe" REGLICENSE=\\server\share\Onstream Trapeze\license.tpz
on my initial testing it did work to one of my test machines, but didn't re-run the license when another user logged in and came up with a license not found message.

SCCM 2012 SSRS modify default reporting Link

Hi,
We have a requirement in SCCM 2012 reporting to change the default reporting link (http://netbiosname/reports ) to (http://fqdn/reports ) , the reason is users from
a different domain are not able to access the link with NetBIOS name when the link is sent to them from a report subscription.
How do we modify the default reporting link to show with FQDN instead of NetBIOS name ?
Tried :
We have tried to add the FQDN on the SQL SSRS - restarted SQL reporting services - restarted IIS - restarted SMS service , but still the FQDN report link wont show up on the SCCM console.
Also tried to make changes in SSRS config file but now luck.

Hi,
>>We have tried to add the FQDN on the SQL SSRS - restarted SQL reporting services - restarted IIS - restarted SMS service , but still the FQDN report link wont show up on the SCCM console.
Please add the FQDN as the screenshot below and remove the existing one. Reinstall the Reporting Services Point after add the FQDN.
Best Regards,
Joyce
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

SCCM 2012 SP1 - Vendors or Publishers with multiple spellings or formatting

Hey all,
When trying to do reports by Vendor for example, how can we deal with the fact, for example, that the employees at Adobe are not applying the company name incorrectly.
When I go to the All Software Companies report I find that there is
Adobe Systems Incorporated
Adobe
Adobe System Incorporated
Adobe Systems
Adobe Systems Inc
Adobe Systems Inc.
Adobe Systems Incorporaetd [Realy, it is spelled incorrectly]
Adobe Systems Incorporated
Adobe Systems Incorporated.
Adobe Systems, Inc
Adobe Systems, Inc.
Adobe Systems, Incorporated
Adobe Sytems Inc. [Another mispelling]
Adobe Sytems Incorporated [Another misspelling]
Heck, even Microsoft has this issue.
And ever duplicates that may or may not be there.
How has anybody been dealing with this? It's annoying to have to deal with this when trying to do any sort of drilling down through various canned reports.
I was thinking about creating a little process that goes through the registry in attempts to find the typographically incorrect names and if found replace with with something more commonplace.
Thanks for the discussion on this issue.

Hey Jason,
Got to say, I looked over the link and it took me a while to finally grasp the scope of where that "Set Names" was it. I tend to leave anything that says "Default" in some areas of System Center alone; mostly because there may not be
an option available to reset back to default. I would have hoped that when I made a client policy, as suggested in the documentation that all settings would be carried over to it, much like creating a group policy. Is it normal to edit the Client Default Settings?
As the documentation says "You can also configure custom client settings, which override the default client settings when you assign these to collections. For information about how to configure client settings, see
How to Configure Client Settings in Configuration Manager." I guess somebody in the user interface department missed that bit about overriding default client settings with custom
settings because custom settings do not have all the settings; such as Set Names. And hey, I found a post
http://social.technet.microsoft.com/Forums/en-US/41285bd4-e5b2-4a75-94ce-02669e5df592/sccm-2012-how-i-can-reset-default-client-settings-policy-?forum=configmanagerdeployment" So it would appear that there is no way to reset to default settings should
something get way out of hand.
Why inventory EXEs? I thought about that and wanted to know what EXEs are on a computer, from what I understand about software inventory, and perhaps this is from my scripting days. I saw lots of people, in the past, ask how they can use VBS or WMI
for example to do software inventory, the usual stock answer is something like "wmic product"; which only returns products installed by an MSI source, while non-MSIs usually end up in the registry in either Install or Uninstall area, or both
as well as MSIs ending up there. Perhaps I don't need to inventory EXEs, but it's there, and I would like to know what computers potentially have an EXE on them that I might want to look for. For example there are plenty of applications that install
without an install method; they just simply get themselves copied by the user or some hack of an installer. I don't go trolling through the reports, but there is an occasion where I may want to see if a computer has an EXE, and if I'm lucky the path
to the EXE is also captured so that's a bonus, right? I could potentially use that information to find an EXE that is in a user's AppData folder, for example. Right? A virus, or a bit of spyware that the AV product may not know about.
For example; here's a script that claims to inventory software -
http://gallery.technet.microsoft.com/scriptcenter/Software-Inventory-of-f66b5bdc
- The Win32_Product
WMI class represents products as they are installed by Windows Installer. A product generally correlates to one installation package. (from
http://msdn.microsoft.com/en-us/library/aa394378(v=vs.85).aspx).
What about products not installed via the Windows Installer? Pointless. Is that what SCCM does as well? Or does it look in the registry combining both Win32_Product and what is in the Uninstall/Install registry hive? Working with a school district I've installed
a lot of software that doesn't use the Windows Installer.
I did find these posts interesting -
http://social.technet.microsoft.com/Forums/en-US/23c875b4-0e1e-406d-b28f-ee082a20bbf2/default-software-inventory-not-collecting-any-data-from-client?forum=configmanagergeneral
It was interesting in that I was having a similar issue where nothing was showing up until I added scan the exes, but maybe that's a coincidence.
And finally -
http://technet.microsoft.com/en-us/library/gg682067.aspx#BKMK_SoftInventoryDeviceSettings
Taking note of the option to inventory file types within Microsoft's own documentation. A useless feature? Hmm. And why not? Take a look at this -
https://www.grc.com/oo/program.htm. You will notice that it says there is nothing to install, just run it. Okay, so what there applications follow the just download and run, no need to install it. Sure GRC is
a security site, but if some user thought it might be good to have it, and they ran it, and started having issues with something that doesn't do traditional installing then we as IT don't have a real clue as to what is really on a user's system.
You'll have to forgive me, but if Microsoft created a feature, why not use it? It's like the age old debate as to - Should I keep my computer on, or should I turn it off. Should I deploy images via SCCM using multicast or not.

Inventory of ALL exe files in SCCM 2012

Hi
We are at the beginning of our SCCM 2012 migration and were asked to start inventorying all EXE files on PCs. We were doing this in SCCM 2007 for all systems and the same data is needed again. Is this recommended? Also what impact can I expect
by enabling this in Software Inventory? I know it can take several hours but didn't know what kind of bandwidth we should expect since new inventory data is sent back up to the database after a 2007 client has been migrated to SCCM 2012.
I tried to deploy a custom Client Setting to a collection with my Test machines to test the Software inventory of all EXE files and the test clients are only running what's in the default Client Settings and not the custom one. I
would like to ultimately only run this on PCs and don't want to enable this in the default settings.
Is Client Settings supposed to behave this way when it comes to software inventory? How do I go about doing this?
Thanks

No you should not inventor all exe, and no it is never recommend to do this, even in CM07! This process will take a very long time to complete, it will in fact block other process from working will it scanning too. In fact in CM12 the process can take
days! Yes I said days! It takes 4 hours to complete on my SSD HD and I'm only scan 6 files in two directories.
http://www.enhansoft.com/blog/slow-software-inventory-cycle-in-sccm-2012
Garth Jones | My blogs: Enhansoft and
Old Blog site | Twitter:
@GarthMJ

SCCM 2012: Active Directory Group Discovery, Delta Discovery?

Hi,
Our scenario:
*Software is requested via a seperate system which puts AD computer objects in groups
*Software within SCCM 2012 is deployed to computer collections
*Computer collections query AD groups, in those AD groups the pc's reside
*Collections memberships run via AD query (every 20 minutes)
*We deploy an OS (Windows 7) via SCCM
*Machine policy is updates every 20 minutes
What is important: AD Group discovery is set to full discovery every 7 days, delta discovery set to 15 minutes
So what happens:
*Pc is staged correctly with Windows 7 but software isn't coming through in time (sometimes it's there within the hour, sometimes it takes 6 hours)
*If we run a full AD Group discovery mostly software is installing immediately
*Sometimes a SCCM 2012 client machine reset policy or reinstall client solves the problem
My questions:
*Would it be better to run full discoveries every x minutes since this always solves our problem
*Would it be better to disable the delta discovery if we do the change above to minimize AD queries
=> tried that now (full discovery every 30 minutes and disabled delta discovery) but I don't want to put to much pressure on our domain controller
*Our software collections are limited to all systems, we could limit them to a Windows 7 collection. Probably we should do that but any suggestion how to do this safely in Powershell?
Please advise.
J.
Jan Hoedt
Note: what I don't get is why a full ad discovery system discovery sovles the problem since SCCM 2012 collections do a AD query, what 's the link there?

So, let me see if I get this correct for our situation:
Our own developed system puts pc’s in AD groups
SCCM 2012 polls these groups, by default 1/week full discovery then every 30 minutes a delta discovery
We deploy software to computer collections, these collections check the SCCM 2012 database every 30 minutes (collection update) Note: the query our collection do, is based upon requirement of Windows 6.1 + membership of an AD group.
The SCCM 2012 client/computer does a computer policy update every 30 minutes to see what collections it is member of and see then the software to be deployed
2 questions:
*Our my assumptions correct? Specifically point 3.: is the query fully coming from an ad sync (or also from sccm client, f.e. Windows 6.1%)?
*Don’t we have a step to much then, wouldn’t it be better to add a direct membership of the AD group within SCCM? This direct membership would mean no query and so save us about 20 minutes (run of query)?
Jan Hoedt

Legacy WSUS GPOs & SCCM 2012

Good Afternoon All -
We are in the process of introducing SCCM 2012 onto our production network. Currently, we don't use WSUS to it's full potential, yet still have a few GP's that configure some of each workstation's update settings such as update location, frequency,
reboots, etc. Eventually, all of this will be taken over by SCCM, though.
Questions
1. Will SCCM's Client / SUP settings override and Group Policy for WSUS, does a GP win out, or is it a toss up?
2. When (assuming it's needed) do these WSUS policies need to be changed and/or disabled? Previously, I believe that I've just disabled any existing WSUS policy and let the SCCM client configure each machine.
3. So that there's no window where clients may NOT be configured how we want, would the best thing be to be configure SCCMSUP policy, deploy the clients, then change / disable WSUS GPOs?
4. If SCCM is configured the way we want, is there any need for any SUP related GPO's to exist for managed clients? (Besides the SCUP WSUS one which enables "Allow signed content from
intranet Microsoft update service location”)
Thanks for your help!
Ben K.

I've found that even though a GPO should overwrite the Local Policy set by SCCM this isnt actually the case.
If you look at the WUAHandler.log file you see entries for the following
Enabling WUA Managed server policy to use server: http://MYSCCMWSUSSERVER.MYDOMAIN.COM
Waiting for 2 mins for Group Policy to notify of WUA policy change...
Group policy settings were overwritten by a higher authority (Domain Controller) to: Server http://GPOsetwsusserver
Failed to Add Update Source for WUAgent of type (2) and id ({9F08A663-567F-4A1A-8F1A-F56DF97D3E66}). Error = 0x87d00692.
theres an MS blog on the issue here
https://blogs.technet.com/b/sus/archive/2008/12/02/wuahandler-log-failed-to-add-update-source-for-wuagent-error-0x80040692.aspx
The options are
1. Remove the group policy at the domain level
or
2. Use the same WSUS server as the Software Update Point for the SCCM as well
Thats not very helpful in my scenerio as I'd like to keep the SCCM client installed for software metering & reporting, but i'd like the WSUS server to be set by GPO for these specific computers as their updates are managed by a vendor because
of the be-spoke software running on them
MCP, MCSE, MCSA, MCITP, MCTS, MCDST

SCCM 2012 Endpoint applies two policies "Default Policy & Custom policy" without using merge

Similar Messages

Maybe you are looking for