Shut all your workstations down remotely - for free


A policy which we have recently employed is to shut down staff and student PCs every night. The impact of this has been massive, and based on around 1,500 PCs we have estimated it to be saving us £10k per year in power consumption alone.... with rising energy prices and without taking into account wear & tear this is something which have never regretted.

Right... basically you need to dedicate one of your servers to manage the PC shutdown, obviously if you decide to shutdown all your workstations at 11pm, the server needs to be available at 11pm each night.

Once that's decided, you need to create a text file containing a list of every PC name in your Forrest or domain. This is very easy to obtain by using the MMC 'Active Directory - Users & Computers'snap-in. You should have a sections underneath ADU&C called 'saved queries'. Right click it, and create a "new query".

Your query will be dependant on which PCs you want to shutdown, but we included all PCs in the query, and all sub-containers....so our query looked like;

(&(objectCategory=computer)(name=*))

When you give the query a name and run the query you should end up with a list of all your workstations. Then just right click on the query and select "export list". This will generate you a list of all your workstations in a tab delimited text file.

All you now need to do is tweak the text file, and rename it to .bat so it looks something like this;

-------------------------------------------------------------------
start /realtime shutdown /s /f /m \\F110-01
start /realtime shutdown /s /f /m \\F110-02
start /realtime shutdown /s /f /m \\F128-01
start /realtime shutdown /s /f /m \\FH4-06
start /realtime shutdown /s /f /m \\FH9-01
start /realtime shutdown /s /f /m \\FH9-02
start /realtime shutdown /s /f /m \\FH9-03
start /realtime shutdown /s /f /m \\FH9-04
start /realtime shutdown /s /f /m \\G09-01
start /realtime shutdown /s /f /m \\H109B-01
start /realtime shutdown /s /f /m \\H111-11
start /realtime shutdown /s /f /m \\CE102-02
start /realtime shutdown /s /f /m \\LIB-05

REM ** These Pings Are To Allow a Delay And Let The Last Set Of Shutdown Windows ping thames
ping thames
ping thames
ping thames
start /realtime shutdown /s /f /m \\H404B-02
start /realtime shutdown /s /f /m \\H404B-01
start /realtime shutdown /s /f /m \\H301-01
start /realtime shutdown /s /f /m \\H301-02
start /realtime shutdown /s /f /m \\h403a-01
-------------------------------------------------------------------
the start /realtime option ensures that the batch file doesn't wait for the last command to complete before running the next one, as the shutdown command does take a good few seconds to respond. The ping is in there just to slow things down a little, and ensure you don't run out of memory space by running x thousand of shutdowns at the same time. I generally have 4 pings in there after every dozen shutdown commands or so.

For 1,000 workstations, using the above system takes around 15 minutes to run. Incidentally the shutdown command format used above is for server 2003, so will need tweaking if you are using a different server os. The switches I'm using force the PCs to shutdown, regardless of whats running. As for converting your basic txt file to the above batch file, it can be done easily using wordpad or notepad and a few FIND&REPLACE commands.

Windows Firewall - Admins Nightmare


My tip of the day for anyone wanting to do a large scall domain rollout of xp or vista.....turn off the firewall on your workstations before you start to deploy software.

I have run in to numerous problems when imaging workstations with system centre config manager, thanks to the xp firewall. It stop our AV definitions updating, it stopped remote control client from working, it sopped windows updates running internally etc etc

We have a firewall protecting our external traffic, so an internal firewall would literally become an adminitrative nightmare.

I've just spent 2 hours wondering why Symantec AV definitions were not updating on our newly imaged PCs. Thanks Microsoft.....

Commands From a Task Sequence

Running commands from a task sequence is easy enough, although for the last couple of days I've been wrestling with an issue of a task command which just doesnt want to run;

copy \\server\file.txt c:\folder\destination\

Strangly enough bringing the console up (F8) and running the command manually it works fine.

After much searching and some help from the MS Technet guys, there is a simple solution.

If you want to run any windows inbuilt command line from a task sequence you must insert "cmd /c" at the start of the statement. So;

copy \\server\file.txt c:\folder\destination\

becomes;

cmd /c copy \\server\file.txt c:\folder\destination\

So this includes functions such as copy, move, rename....basically anything which doesnt have an exe file. As an alternative, you could download a free command line for the appropriate action.... for example there are lots of free command line copy utilities out there which could be used as an alternative to the cmd /c copy command, in the form of an exe.

Its worth pointing out that each time you run cmd /c its running in its own memory space....so dont expect to be able to register variables or anything fancy as you will run into problems!

Drivers & Distribution Points in Config Manager 2007

We've been having problems getting NIC drivers working for a Dell Optiplex 755. We have a driver package for Dell 755s, and the NIC driver is within the package. When we image a 755 it doesn't pick up the driver.

We tried adding the driver to the task sequence...still didn't work.

The distribution point said it was ok, but just as a test we tried updating the distribution point..... and it worked.

It seems that when it comes to drivers there are a large number of people on technet having a very similar problem, so the point seems to be that if you add drivers....manually update your distribution points.

Incidentally, if you have this problem the error your likely to see in the error log is "failed to resolve driver".

Setting up Server 2008 64Bit with System Centre Operations Manager, Virtual Machine Manager and Configuration Manager 2007.

Ok, since this is the most convoluted process ever, here is a step by step order in which you should do things;

1. Boot from Server 2008 DVD, and install.

2. Name server & join domain - reboot

3. Configure IP

4. Disable Firewall

5. Enable Remote Desktop (you'll need it)

6. Disable User Access Control (via control panel / users)

7. Add the following roles
Applications Server
WebServer
Add ALL features for IIs ASP

8. Add BITS feature

So now you should have a 2008 server up and running; Crucially you MUST install Operations Manager and SQL first;

1. Install SQL from the SQL Server 2005 x64 media (which is 2 discs, although you only use the first one). Ensure to install everything except the tools portion.

2. Enable scripts in IIs - go into your default site in IIS manager, double click 'Handler Mappings', edit Feature Permissions, tick Read, Scripts & Execute

3. Also within IIS Manager, you need to edit the 2 report server web sites which should have been created when you installed SQL. Make sure everything is ticked as with point 2 above.

Next test that reporting is working.... because if it isnt Operations Manager wont work. You can test by going to your 2 report sites in IIS manager and testing that they both will launch in a browser window.

The following may help for additional documentation;

http://technet.microsoft.com/en-us/library/bb839480.aspx

Next install SQL SP1... dont jump ahead and install any other SP....just SP1

Now from your Operations Manager DVD, run the pre-requisities checker. There is no doubt that it will fail on SQL and ask you to install some hotfixes. The hotfix is K918222 and there are 6 parts to it.

Once done, run the checker again...you should have no errors and be able to install Operations Manager 2007.

Now for Configuration Manager

1. Install WebDav (latest version downloadable from MS)

2. Double check that BITS is enabled

3. Install the remote-differential-compression feature

4. Run the pre-requisities checker.... hopefully everything is ok and you can run the install

5. Choose configure primary site from the installer

6. Custom Install

7. Enter a server name, and use the site server as service account

8. Setup webdav as per the article at technet

9. Give Site System service account (the servers) full rights to the system OU & all sub folders in AD. This should ensure that objects are created within System\System Management

10. Extend the scheme. You only do this if this is the first Config Manager 2007 server in your domain. You dont have to do it, but I'd suggest you do since you loose certain functionality without doing it....and you will manually have to point all your clients to a management point. However, I'm not going to give instructions on Extending your AD Schema, since I dont want blaming if you destroy your network. There are 2 ways of doing it...manually or automatically. The later worked fine for us, but do your homework before undertaking this step.
11. In configuration manager you should now remove and re-install the management point.

12. Ensure that in Site System Status there are no errors....if there are resolve them.


Thats it.....

Intel vPro With Configuration Manager 2007

Just spotted this video....fantastic that you can now remote control workstations down to a hardware level using the Intel vPro chipset. Here's hoping our next delivery of Dell workstations includes this magic component;

Dont Store Your PST File On Network Drives

We learnt an interesting fact today. MS official word on PST files is "Dont store them on network drives, as it isnt supported"....great. That means if your users want to have archives they should store them on a local drive..... 2 implications to that;

1. They wont be available if the user is roaming
2. They wont be backed up over night

Microsoft offer some work-arounds, for example copy the arhive pst from the local drive to their home drive when they log out, and visa versa when they log in. Great...as long as your users dont mind 20 minute login and logout times.

Another workaround is to backup the archive from the PC......also not such a great solution if your users shut their PCs down when your backup is scheduled, and if you dont have an infinite budget with which to buy backup agents for every PC in your infrastructure.

No-doubt we will be re-visiting this problem in the near future, as the official MS line is that Archives may become corrupt, and their may be overload on the server hosting the PST files.

Integrating Office 2007 SP1 into your Office installer

I'm currently looking at creating a Configuration Manager installation for Office 2007, ready to image our student PCs over summer. Since we created our Office 2007 installer Microsoft have released Office 2007 SP1, which obviously we want to install during the workstation imaging process.

MS haven't released a DVD/CD install disc yet which includes SP1, although I was pleased to learn a nifty little trick you can use to integrate the SP into your existing install files (slipstream).

Presuming you already have gone through the process of creating an Office 2007 auto installation set, you should have a folder structure something resembling drive:\Office2007\Updates The UPDATES folder is the crucial one.... any updates you stick in there will be applied at the time of install.

So...just download the stand-alone SP1 file office2007sp1-kb936982-fullfile-en-us.exe from MS...just google it. Then run it with the following switch;

office2007sp1-kb936982-fullfile-en-us.exe /extract:drive:\Office2007\Updates\

You should end up with around 8 new files in your updates folder, which represent the core of SP1. These will be applied during the Office 2007 installation. :)

configuration Manager 2007, Ops Manager 2007 & VMM 2007....on one server


Yes, we have undertaken the project of getting the complete suite of Systems Centre Tools all running from the same box. Whats more we have decided to do this using Server 2008. I have not been able to find a single documented case of anyone else unfortunate enough to venture into the scenario.....the install of all these systems alone (without any configuration) has taken around 4 weeks.


You would expect Microsoft would fully support all these "2007" labeled products on the flagship server product "Server 2008".....but no, we have continiously encountered the classic Microsoft banner "non supported scenario". Not one to let something as trivial as compatibility get in the way, and owing to the fact that we want to move forward with Server 2008, we decided to plod on with the project, using 2008 as the base.


I'm pleased to say that IT CAN BE DONE. However, as I mentioned it took several weeks to make it work, but I will be posting full documentation. The problems mainly arise because Ops Manager wont install on a fully updated and service packed version of SQL server, and Config Manager 2007 wont install on a non service packed version of SQL server. This coupled with the fact that there are compatibility issues between version of SQL Server on 64 bit Server 2008, means that the install needs to be done in an exact order, updating at the correct point in the sequence, and making sure that the new IIS7 is backward compatible....or thinks it is!!


Anyway, full instructions on installing these products on Serer 2008 will follow shortly...


Welcome to what could be the most boring blog ever!

I've decided to create this blog owing to countless hundreds of I.T projects which I now look back on thinking "where did I put the documentation for that"! Well I might as well document projects online for myself to reference in future, and also in the hope they might come in handy to others.

I'll try to back-track on some past projects when/if time allows..... but I'll basically update this blog when I get time with information on current projects, and future plans.

For some background, I work in a small systems team at Blackburn College in Lancashire UK. Our I.T network is Microsoft based (currently server 2003), with around 10,000 students users and 1,100 staff users.

Technologies we currently use include Virtual Machine Manager, Configuration Manager, Operations Manager, Server 2003, Server 2008, Exchange 2003, Symantec Anti-Virus......starting to wish I hadnt started this list as its never ending......