Skip to main content


Showing posts from May, 2007

sms: customizing advanced client local policies

nearly missed this gem. here's a great technet article that should get you started on customizing local client policies. there are myriad opportunities that stuff like this could be vitally important. think boiler plate. once you have something, you could modify your script to accept different command-line parameters and issue those over sms as a part of some overall customizer package.

mom: trimming noise...

here are three queries that i usually use to help isolate noise. generally, i run these about once a week to see what's going on. anyway, it's pretty cool to see what kind of events/performance data is coming in, what the highest offenders are, etc. two of these will look very familiar (since they come with your mom installation). alerts: SELECT TOP 10 [Name],count(TimeRaised) AS 'AlertCount' FROM SDKAlertView GROUP BY [Name] ORDER BY 'AlertCount' DESC SELECT TOP 10 [Name],sum(RepeatCount) AS 'AlertCount-Suppressed' FROM SDKAlertView GROUP BY [Name] ORDER BY 'AlertCount-Suppressed' DESC events: SELECT CONVERT(char(10), TimeGenerated, 101) AS 'Events Date (by Day)', COUNT(*) AS 'Number of Events', Message FROM SDKEventView GROUP BY CONVERT(char(10), TimeGenerated, 101), Message ORDER BY 'Events Date (by Day)' DESC SELECT NTEventID, COUNT(*) AS 'Number of Events', Message FROM SDKEventView GRO

sms: sms collection evaluator message id 620

if you find these populating your collection evaluator status messages, it's probably because of a mismatch in your query somewhere. here's a sample status message: Microsoft SQL Server reported SQL message 245, severity 16: [22018][245][Microsoft][ODBC SQL Server Driver][SQL Server]Conversion failed when converting the varchar value 'myMachineName' to data type int. doesn't really give you much to go on. to get more details, open up colleval.log . the easiest way to spot where to pinpoint the problem is to look by the date/time in the status message. look for that... or something close to that in your logs. in the log file, the error message shows up. it looks like this: *** [22018][245][Microsoft][ODBC SQL Server Driver][SQL Server]Conversion failed when converting the varchar value 'myMachineName' to data type int. following pretty closely, you'll see another line that might look something like this: Could not refresh collection XYZ00012. Will

misc: atlanta smug 6/13/07

southeast management user group (atlanta)! it's coming up again. mark your calendars and get registered. sign up link below... look forward to seeing you there. 8:30-9:00am Light Breakfast 9:00-10:00am Introduction to System Center Configuration Manager 2007 10:00-11:00am Using System Center Data Protection Manager 2007 to protect and recover Exchange Server, Microsoft SQL Server, SharePoint Portal Server, as well as Windows file services 11:15-11:30am Break 11:30-12:30pm (Working Lunch) - Using System Center Operations Manager 2007 to meet Regulatory Compliancy Needs 12:30-1:45pm Deploying Vista Today with SMS 2003 and Deploying Vista and Windows Server 2003 in the future with System Center Configuration Manager 2007 1:45-2:00pm Break 2:00-3:30pm How to monitor your Core Infrastructure and Distributed Applications with System Center Operations Man

sms: advanced client policies takes a long time to apply

after you tell an advanced client to retrieve policies, you may notice there's a little bit of a delay from retrieval to application. microsoft is instilling the value of patience by forcing a two-minute delay between these steps. here's jeff's response on the myitforum mailing list thread: Don't forget that there is a built in two minute delay between when a client downloads a new policy and evaluates/applies it . This delay is by design in case there are a lot of policies that need to be downloaded before the client starts compiling them. ~Jeff as an update, phil wilcock wrote up this blog entry noting how to remove the two minute delay. basically, you want to compile a mof which changes the wmi settings on the client. here's the contents:   #pragma namespace ( "\\\\.\\root\\ccm\\policy\\machine\\Requestedconfig" ) instance of CCM_PolicyAgent_Configuration { PolicySource = "Local" ; PolicyDownloadMethod = "BITS" ;

ds: account policy settings

i've been asked this question more times than i can recall by auditing agencies, security, compliance regulation, etc. at first, i'd goof around the domain policy settings looking for this stuff. someone happened to ask me how to change a local admin password on a server. i suggested net and stumbled on this: net accounts Force user logoff how long after time expires?: 7 Minimum password age (days): 7 Maximum password age (days): 7 Minimum password length: 7 Length of password history maintained: 7 Lockout threshold: 7 Lockout duration (minutes): 7 Lockout observation window (minutes): 7 Computer role: WORKSTATION if you want to see what it is for your domain, run net accounts /domain .