Installing Multiple Software Updates(.msu) with SCCM using AutoIT Script

Installing Multiple Software Updates(.msu) with SCCM using AutoIT Script

Used below sample AutoIT script for installing Microsoft updates @ SCCM. Created an application, deployment type as script.

//
Opt("TrayIconHide", 1)
ShellExecuteWait("wusa.exe", "/quiet /norestart Windows6.1-KB3083710-x86.msu", "", "", @SW_HIDE)
ShellExecuteWait("wusa.exe", "/quiet /norestart Windows6.1-KB3088195-x86.msu-MS15-111.msu", "", "", @SW_HIDE)
ShellExecuteWait("wusa.exe", "/quiet /norestart IE11-Windows6.1-KB3093983-x86-ms15-106.msu", "", "", @SW_HIDE)
RegWrite("HKEY_LOCAL_MACHINE\Software\abc", "abc", "REG_SZ", "1")---for detection Method
Exit

//

AutoIT Sample scripts- for SCCM Packaging

AutoIT Sample scripts 


//Hide tray Icon

Opt("TrayIconHide", 1)

// Add Registry Value

RegWrite("HKEY_CURRENT_USER\Software\Microsoft\ABC", "abc", "REG_DWORD", "0")

// For Sleep/Wait/Pause time

Sleep(60000)

// Running a program .msi or .exe with switches

RunWait("msiexec /i abc.msi ALLUSERS=1 /qn /norestart")

// For registry file or .exe/.msi

ShellExecuteWait("Regedit.exe", "/s abc.reg", "", "", @SW_HIDE)


Sample Script

Opt("TrayIconHide", 1)
RunWait("msiexec /i abc.msi ALLUSERS=1 /qn /norestart")
Sleep(60000)
ShellExecuteWait("Regedit.exe", "/s abc.reg", "", "", @SW_HIDE)
RunWait("abc.bat")
Exit

More Details about AutoIT - https://www.autoitscript.com/site/autoit/

Packaging Enterprise version(x86 & x64) Google Chrome with AutoIT

Packaging Enterprise version Google Chrome with AutoIT

Download Latest version on Chrome Emterprise version.

Create a directory and copy files and create an application in SCCM 2012

1. Chrome msi
2. Install.cmd
3.master_preferences

Please downloaded the file and instaruction from here

install.cmd

msiexec /qn /norestart /i "%~dp0chromeEnterprise44.0.2403.107_x64.msi"
if exist "c:\Program Files\Google\Chrome\Application\master_preferences" copy /y "%~dp0master_preferences" "C:\Program Files\Google\Chrome\Application\master_preferences"
if exist "c:\Program Files (x86)\Google\Chrome\Application\master_preferences" copy /y "%~dp0master_preferences" "C:\Program Files (x86)\Google\Chrome\Application\master_preferences"
reg add HKLM\Software\Policies\Google\Update /f /v AutoUpdateCheckPeriodMinutes /d 0
sc stop gupdate
sc config gupdate start= disabled
sc stop gupdatem
sc config gupdatem start= disabled
del "C:\Program Files\Google\Update\GoogleUpdate.exe"
rmdir /s /q "C:\Program Files\Google\Update"
REM Return exit code to SCCM
exit /B %EXIT_CODE%


Sample master_preferences
{ 
"homepage" : "http://msiworld.blogspot.com", 
"homepage_is_newtabpage" : false, 
"browser" : { 
"show_home_button" : true,
 "check_default_browser" : false,
 "window_placement": {
 "bottom": 1000,
 "left": 10,
 "maximized": false,
 "right": 904,
 "top": 10,
 "work_area_bottom": 1010,
 "work_area_left": 0,
 "work_area_right": 1680,
 "work_area_top": 0
 }
 },
 "bookmark_bar" : { 
"show_on_all_tabs" : true 
}, 
"distribution" : { 
"skip_first_run_ui" : true, 
"show_welcome_page" : false, 
"import_search_engine" : false, 
"import_history" : false, 
"create_all_shortcuts" : true, 
"do_not_launch_chrome" : true, 
"make_chrome_default" : false 
}
}

Edit the chrome msi file name as appropriate in .bat. This should also disable auto update but i had issues with disabling auto update using batch so i have created an AutoIT script to make it work every single time it runs- SCCM 2012 R2.

Details about AutoIT


Create a AutoIT Script and compile it. Create an Application in SCCM 2012 using Script and deploy it.

Opt("TrayIconHide", 1)
RunWait( "install.cmd")
RunWait(@ComSpec & " /c " & "taskkill /f /im GoogleUpdate.exe ", "", @SW_HIDE)
$svccfg = "sc config gupdate start= disabled"
RunWait(@ComSpec & " /C " & $svccfg, "", @SW_HIDE)
$svccfg = "sc config gupdatem start= disabled"
RunWait(@ComSpec & " /C " & $svccfg, "", @SW_HIDE)
FileDelete("C:\Program Files\Google\Update\GoogleUpdate.exe")
FileDelete("C:\Program Files\Google\Update\GoogleUpdate.exe")
Exit

Create a packages for x86 & x64 bit. Create an application in SCCM 2012 and choose deployment Type option. Create a Global condition based on Architecture type for X86 & x64 and select Global condition requirement.

When application will be deployed , it will check if the OS is 64 bit, then 64 bit Google chrome will be installed on the system and accordingly for x86.

SCCM 2012 Dynamic collection for Specific System Model - Lenovo Laptops

SCCM 2012 Dynamic collection for Specific System Model - Lenovo Laptops

If you need to create a collection for specic System model for Lenovo Laptops. Please use below query and change Model accordingly.

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM_PRODUCT on SMS_G_System_COMPUTER_SYSTEM_PRODUCT.ResourceId = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM_PRODUCT.Version = "ThinkPad x240"

SCCM 2012 Reports for installed Software(Inventory)

SCCM 2012 Reports for installed Software(Inventory)

This is sample report for MS Project

SELECT DISTINCT
                         sys.Netbios_Name0 AS [Computer Name], sys.User_Domain0 AS [Domain Name], sys.User_Name0 AS [User Name], sys.Operating_System_Name_and0 AS OS, arp.DisplayName0 AS [Software Name],
                         arp.Version0 AS [Version Number]
FROM            dbo.v_R_System AS sys INNER JOIN
                         dbo.v_Add_Remove_Programs AS arp ON sys.ResourceID = arp.ResourceID
WHERE        (arp.DisplayName0 LIKE N'%Project%') AND (NOT (arp.DisplayName0 LIKE N'%Security Update%')) AND (NOT (arp.DisplayName0 LIKE N'Hotfix%')) AND (NOT (arp.DisplayName0 LIKE N'Update for Microsoft%'))
                         AND (NOT (arp.DisplayName0 LIKE N'Microsoft Project MUI%')) AND (NOT (arp.DisplayName0 LIKE N'Microsoft Office Project MUI%')) AND (NOT (arp.DisplayName0 LIKE N'%Update For Windows%'))

SCCM 2012 R2 - Collection Query for IE 11 installed Computers

SCCM 2012 R2 - Collection Query for IE 11 installed Computers


select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_SoftwareFile on SMS_G_System_SoftwareFile.ResourceID = SMS_R_System.ResourceID inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceID = SMS_R_System.ResourceID where SMS_G_System_SoftwareFile.FilePath like "%\\Program Files\\Internet Explorer\\" and SMS_G_System_SoftwareFile.FileName like "iexplore.exe" and SMS_G_System_SoftwareFile.FileVersion like "11.%"

SCCM 2012 List of Websites required for Software Update(SUP) Sync

SCCM 2012 List of Websites required for Software Update(SUP) Sync: Below sites are required to be allowed from Firewall to Sync with Microsoft Update.

If your organization does not allow the ports and protocols to be open to all addresses on the firewall between the active software update point and the Internet, you can restrict access to the following domains, so that WSUS and Automatic Updates can communicate with Microsoft Update:

• http://windowsupdate.microsoft.com

• http://*.windowsupdate.microsoft.com

• https://*.windowsupdate.microsoft.com

• http://*.update.microsoft.com

• https://*.update.microsoft.com

• http://*.windowsupdate.com

• http://download.windowsupdate.com

• http://download.microsoft.com

• http://*.download.windowsupdate.com

• http://test.stats.update.microsoft.com

• http://ntservicepack.microsoft.com

SCCM 2012 Custom Query for Specific application installed on computers

SCCM 2012 Custom Query for Specific application installed on computers

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.Name in (select distinct SMS_R_System.Name from  SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceId = SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName = "Google Chrome")

SCCM 2012 R2 CU 4 Installation- Step-by-Step

To upgrade to SCCM 2012 R2 CU4, you must have at least 5.00.7958.1000 version.

Please download it from Microsoft https://support.microsoft.com/kb/3026739

It’s a hotfix so need to be requested. An email will be sent from microsoft with download link.

This link has details about bugs/fixes.

Run downloaded file  CM12-R2CU4-KB3026739-X64-ENU.exe on Standalone primary server.

Click Next

Accept the license term

Perquisites check should be all successful.

Check this and click next

Select Update DB and click Next

Check all and Click Next

Click Next

Click Next

Click Next

Click Install

Click Next

Click Finish

Please Check log here C:\Windows\Temp\CM12-R2CU4-KB3026739-X64-ENU.log

Client version should be 5.00.7958.1501 

Check the version to verify the install.

 Packages will be available here for deployment to Clients.

Verify registry on primary server: --- HKLM\Software\Microsoft\SMS\Setup\ key. 

SCCM 2012 Dynamic Collection Query for Computers by Model Number

Here is WQL for a hardware models...

select distinct SMS_G_System_COMPUTER_SYSTEM.Name, SMS_G_System_COMPUTER_SYSTEM.Model, SMS_R_System.LastLogonUserName from  SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.Model like "XXXXXXXX" or SMS_G_System_COMPUTER_SYSTEM.Model like "XXXXXXX" or SMS_G_System_COMPUTER_SYSTEM.Model like "XXXXXX" or SMS_G_System_COMPUTER_SYSTEM.Model like "XXXXXXXX" or SMS_G_System_COMPUTER_SYSTEM.Model like "XXXXXXXX" or SMS_G_System_COMPUTER_SYSTEM.Model like "XXXXXXX"

MP Control Manager detected management point is not responding to HTTP requests. The HTTP status code and text is 404, Not Found.

When you get this error on MP:

MP Control Manager detected management point is not responding to HTTP requests.  The HTTP status code and text is 404, Not Found.

Possible cause: Management point encountered an error when connecting to SQL Server.
Solution: Verify that the SQL Server is properly configured to allow Management Point access. Verify that management point computer account or the Management Point Database Connection Account is a member of Management Point Role (msdbrole_MP) in the SQL Server database.

Possible cause:  The SQL Server Service Principal Names (SPNs) are not registered correctly in Active Directory
Solution:  Ensure SQL Server SPNs are correctly registered.  Review Q829868.

Possible cause: Internet Information Services (IIS) isn't configured to listen on the ports over which the site is configured to communicate.
Solution: Verify that the designated Web Site is configured to use the same ports which the site is configured to use.

Possible cause: The designated Web Site is disabled in IIS.
Solution: Verify that the designated Web Site is enabled, and functioning properly.

Possible cause: The MP ISAPI Application Identity does not have the requisite logon privileges.
Solution: Verify that the account that the MP ISAPI is configured to run under has not been denied batch logon rights through group policy.

For more information, refer to Microsoft Knowledge Base article 838891.

Solution: 

Run -Inetmgr open the default website --> Edit bindings and add All Unassigned.

Error will be fixed when it runs the next time.

SCCM 2012 R2 Remote Distribution Point (DP) Installation - Step By Step

Launch SCCM Console

Click Administration à Site Configuration à Right Click Server and Site System Roles à Create Site System Server  

Please Update FQDN under the name of server where Remote DP will be installed.

Click Next

Select System Roles Distribution Point

Select Check box Install and Configure IIS if Required by Configuration Manager

Click Next

Click Next

Click Next

Click Next

Click Next

Click Add

Select appropriate Boundary groups. Click Next and Close

Monitor Installation :-Check the Distribution Point Configuration Status in Monitoring and select Details

Check below files on target DP Server...

DP Configuration Settings

Select DP- Properties  Go to Rate Limits Tab. Control bandwidth by configuring Rate Limit if required.

Prerequisites for Site System Roles - SCCM 2012

Prerequisites for Site System Roles

 Site systems role pre-req are….

·         Install and configure IIS

o    Verify the following IIS components are installed

·         On the site server Install Dot Net  3.5.1 and activate “WCF Activation”

o    In Server Manager select Features, Add Features, Select .NET Framework 3.5.1, also select WCF Activation

·         Install BITS and Remote Differential Compression

o    In Server Manager click on Add Features, select BITS and RDC

·         Install Dot Net 4.0

·         For server performing the role of Software update point needs to have Windows Server Update Services (WSUS) 3.0 SP2 installed.

·         For Reporting services point, SQL Server Reporting Services installed and configured to use at least one instance for the reporting services point. The instance you use for SQL Server Reporting Services can be the same instance you use for the site database.

·         To support PXE on a distribution point that is on a computer remote from the site server, install Microsoft Visual C++ 2008 Redistributable

·         To support PXE or multicast, install and configure Windows role Windows Deployment Services (WDS)

How To Deploy Silverlight 5.1 using SCCM 2012 R2

How To Deploy Silverlight 5.1 using SCCM 2012 R2

Download latest version of Silverlight from Microsoft http://www.microsoft.com/silverlight/.

I have used version Microsoft Silver light 5.1.30514.0 for this.
The downloaded version of silver light will be in .exe format. Use 7-Zip to extract or just run the exe and check C:\dynamic folder(long file name in form of hash) created...check date modified. Look for silveright.msi file. Edit this .msi using Orca and navigate to Property and Product ID. This is required for detection method while creating an application in SCCM 2012 R2.

Do not use just .MSI. Its not complete setup, if you do you will not have some core package functionality like ..Silverlight upgrade etc..

Create an Application for Silverlight... follow the steps and choose Deployment type as Script Installer and create this using manual option for .EXE.

Command for install : Silverlight_5.1.exe /q

If you need to disable auto update, use --reg add HKLM\Software\Microsoft\Silverlight /f /v UpdateConsentMode /d 2

I have created a .bat file for this and created a package using Script Installer. It is simple and works well.

Silverlight_5.1.exe /q

reg add HKLM\Software\Microsoft\Silverlight /f /v UpdateConsentMode /d 2