Saturday, May 2, 2009

MMS 2009: Take Away

I'm going to give a brief synopsis and what I took away from each of the MMS sessions I attended. This is not intended to be a comprehensive look at each session, just some highlights, overall impressions and ideas of how these concepts could be used in the real world.

SQL Performance Tips for Config Manager Reporting
It seems that our Primary Site server is dramatically underpowered. Brian Mason (Wells Fargo) and Steve Thompson (BT Consulting) suggest the following configuration assuming that the SQL database resides on the Primary.

- 64 bit, 64 bit, 64 bit
- 32 GB RAM
- Dual Quad Core processors (Quad Dual Core processors will do in a pinch, but they produce more heat)
- Partition the main hard disk with the OS, SQL, and Config Manager on different partitions.
- Use separate drives for the Config Manager Inboxes and SQL Transaction Logs.
- No pagefile. No need.


They recommended some other tweaks that should improve performance such as indexing SQL tables that are commonly used for reporting, and modifying the hardware and software inventories to remove unnecessary items and reduce the size of the database. For example, if you don't care what processor your machines have, pull it from the inventory. You can always put it back if necessary.

Solution Accelerator for Windows Optimized Desktop
Microsoft provides "Solution Accelerators" a series of white papers, best practices, and analysis tools to help you implement some of their visions for the workplace, and this was about "Optimizing the Desktop." The concept of the optimized desktop, different solutions for different worker roles, was a major push this year along with the idea that the application should follow the user.

This was more of a high-concept session than technical and would have been perfect for the manager types. The only real thing of note was the mention of "Windows Fundamentals for Legacy PC's" which is a stripped down version of Windows XP for underpowered machines.

I'll have to look into that.

SQL Server Reporting Services Deep Dive for Config Manager R2 Admins
SQL Server Reporting Services (SSRS) will be the only reporting mechanism supported on the next version of Config Manager and will probably be a good thing to get comfortable with prior to its requirement. There is a migration wizard to assist in migrating your Config Manager 2007 reports. SSRS also includes some interesting features such as the SQL Report Designer, a GUI report builder that has a similar look and feel to Office. It allows you to easily create pretty reports for upper management (you know with graphs and that kind of thing that they always go wild for). SSRS supports linking of reports, historical trending, and email integration to schedule and send reports automatically.

Total Workstation Lockdown
This was a rather rudimentary session that I ended up leaving early. I suppose if you've never used Group Policies to lockdown a computer it may have been beneficial, but for those of us in the "you can't do that here" world of task-oriented computer configuration it was a waste of time.

Using Local Policies to Solve Your Most Complex Config Manager Client Challenges
I thought this was going to be about Local Group Policies, but I was surprised when I was introduced to the concept of Local Config Manager Policies. Config Manager policies are typically downloaded from the server
(such as when you initiate a Machine Policy retrieval), but there are also local policies that are not as well documented. Here's a basic rundown of how it works.

1. Config Manager policies are stored in WMI whether local or server delivered.
2. Local policies are higher precedence than server policies, but they require manual (or scripted) injection and cleanup.
3. There are two types of local policies, Partial and Full.
a. Partial local policies modify existing policies and their use is considered best practice.
b. Full local policies are new policies in which all components to make it work must be included.

A couple of possible uses are to allow a user to postpone a mandatory advertisement while still maintaining the benefit of full advertisement status reporting, or allowing a user to define their own maintenance windows within a certain set of acceptable values. This one could be a huge boon for those people that often come in early or do overnight shift work.

Customizing Config Manager Hardware Inventory
Other than a couple of free tool recommendations and one streamlining tip, this session was a bit weak for anybody that has remotely looked at Hardware Inventory.

Streamlining Tip:
Pick a few sample machines and check the inventoryagent.log file for instances of "does not exist out." Note the class listed above, then query the SQL database for instances. If there's nothing there, you can probably set that class to false in the sms_def.mof.

Tools:
Site Sweeper by SCCM Expert: Remove obsolete or unneeded classes from the Config Manager database.
Regkey to MOF by Mark Cochrane: Easily create MOF entries for Registry information.

What's New in PowerShell 2.0
Pretty much just a bunch of new cmdlets, extended support for working with remote machines and creating production-ready scripts that control what the person running the script can do within PowerShell.

Troubleshooting GPO Issues
Another fairly straightforward session that didn't have a lot of unusual stuff in it. I did come out with a new tool in the arsenal, though.

GPOTool


A Geek's Guide to USMT 4.0
This was a Johan Arwidmark session, so you know it was packed full of good stuff. Let's go through some.

First, let's get the bad news over with. The User State Migration Tool (USMT) 4.0 will not migrate Windows XP to Windows XP. Another Microsoft technique to encourage an OS upgrade. Give you the user profile tools you want, just don't make them work unless you're migrating to Vista or Windows 7.

Ok, now that we're past that, let's look at a couple of exciting features. To do an in-place
migration (same physical computer) either to a new version of Windows, or to repair the existing version, USMT used to require copying user files and settings to a network share (or another drive), reimaging the system, then pulling the data back down to the machine. That's fine if you're not migrating gigabytes of data and required if you're replacing the physical PC but the process could take several hours. USMT 4 can use hard links stored in the protected MININT folder to keep the data safe on the drive during reimage, then reinstate those links once the new operating system has been laid down. With hard links, it can take what's potentially an eight hour process and turn it into one hour.

Next, we have configurable file errors. This is perhaps best explained by example. Normally the process would fail if it couldn't copy a specific file up to the network during the back-up phase
(scanstate). What if that file's an MP3? If it's not business-related, maybe I don't care. You can now modify the config.xml file's errorcontrol section allowing you to set some errors as non-fatal for specific files, directories, or file types. If it fails to copy MP3's it just keeps on chugging. Maybe we want to do the same thing for the user's entire "My Pictures" folder.

USMT 4 also allows you to perform the scanstate from a WinPE environment. Can't boot the machine to run USMT? It doesn't matter. Just manually enter the PXE-booted WinPE environment and run scanstate to back up the user's settings and data. The only trick is that you have to change the TMP variable (not TEMP) to the C: drive since by default it's set to the WinPE scratch space which is limited to 32 MB.

Application Virtualization 4.5 with Config Manager 2007 R2
In order to use Application Virtualization (App-V) with Config Manager 2007, you only need the App-V 4.5 client installed on the client machines, the App-V sequencer (more on that in a second), and Config Manager 2007 R2. No App-V management servers are required since App-V 4.5 fully integrates with the Config Manager distribution points, so anybody with an existing Config Manager 2007 R2 environment is ready to deploy virtualized applications with no additional infrastructure requirements. There are two delivery options available.

Streaming, as the name suggests, streams the application from the distribution point and stores applicable things in the App-V cache. This is good for highly-available networks, or non-critical applications. If you need to make sure the application will still launch if the distribution point is not available, you should use the Download and Execute setting.

Download and Execute fully downloads the package to the local machine and runs it from there. It is still a virtualized application since it doesn't actually install on the machine. One thing to note is that the Download and Execute uses the Config Manager cache, not the App-V cache so it's important to make sure that you set the Config Manager client's cache size to an appropriately large value.

OK, I promised I would mention the App-V sequencer. It's actually not necessary if you can afford Admin Studio Enterprise. The new version which was intentionally released during MMS will create a sequenced App-V 4.5 application package from the applications MSI. Need to sequence Adobe Reader? Point Admin Studio at the MSI and go get a cup of coffee. Decided to take the plunge and you want to migrate 300 applications? That's OK, too. Admin Studio supports bulk processing. In their session (which I missed but my Manager attended) they gave a real world example of a company that had about 600 apps and were averaging 2 apps manually sequenced per day. Yes, that's right. Almost a year later, they would be done. Admin Studio did the remaining 500 or so apps in three hours. No, I'm not on Acresso's payroll although if they would like to compensate me I wouldn't argue.

Native Mode Config Manager 2007
Unfortunately, I had to leave this session about 10 minutes into it to help troubleshoot an issue at work. All I got out of it is that branch distribution points won't use SSL since they don't rely on BITS for content delivery.

Automating Your Infrastructure with PowerShell 2.0
This was a highly technical scripting session that had a lot of good information, but isn't really conducive to a synopsis here. There are a couple of notes to make, though. PowerShell 2.0 is shipping with Windows 7 and Windows Server 2008 R2 by default. In fact, all of Windows 7 diagnostics tools are written in Powershell. If you want more information on Powershell, I suggest you visit the
Microsoft Powershell Team's blog.

There was one other thing I got out of this session:

A farmer is trying to figure out how to get his cows to produce more milk so he calls an engineer, a biologist, and a theoretical physicist.

The engineer says, "I can get you a 10% increase in milk production. All you have to do is tighten these two screws and that will increase the suction on the pumps."

The biologist says, "I can get you a 20% increase. The problem is the low-quality feed you've been using. Better feed means more milk."

The theoretical physicist says, "I can get you a 500% increase in milk production."

The farmer can't believe the good news. "What do I need to do?"

The physicist says, "First, you need to envision a perfectly spherical cow..."

Troubleshooting OS Deployments
Another Johan session provided a ton of great stuff, but like the PowerShell session above was mostly demonstration-based and is far more technical than I really want to get here. I'll just give you a couple of the simpler tidbits.

1. Always use the Vista drivers for the boot image no matter what version of Windows you're actually deploying. WinPE prefers them to XP or 2000 drivers.
2. Setupapi.log holds driver ranking information. If you have multiple drivers in the boot image for different hardware types and, for example, the network card isn't working in the WinPE environment, check this log. It will show you by ranking, which driver ended up getting installed. Maybe WinPE picked the wrong driver.

For more OSD-related stuff, go to
http://www.microsoft.com/deployment or Johan's blog.

MDT 2008: Tips and Tricks from the Deployment Masters
This was another Johan session, which delved into a lot of tips and tricks for OS deployments but one really caught my attention.

If you reimage a machine then immediately reimage it again (because you picked the wrong image, or whatever), you're likely to get a "PXE Boot Aborted" error message. Restarting the WDS service on the PXE server resolves the error and allows you to PXE boot again. This is because the PXE server is basically thinking, "You just booted. Now go away, you're bothering me." This much we knew.

The HKLM\Software\Microsoft\SMS\PXE\CacheExpire registry value controls how long the PXE server hangs on to this information. Change it to 300 (it measures in seconds) and you'll only have to wait five minutes before imaging again. No WDS service restart necessary.

Inside the Application Compatibility Toolkit 5.5
The Application Compatibility Toolkit (ACT) is a set of utilities that allows you to analyze your applications to verify that they are compatible with Windows Vista and Windows 7. Additionally, it offers pre-built remediation for the most common problems, and inventory collection so you can determine exactly what is out there and keep track of what you've already tested.

The inventory piece automatically ties into their application compatibility database and allows you to quickly narrow down which applications need to be tested and mitigated.

Additionally, there is an Internet Explorer Compatibility Test Tool that allows you to browse a web site and it will log any issues that would be encountered with Internet Explorer 8. Since the web site is actively being used with whatever version you currently have during testing, you can have your users just do their work going through this tool and automatically do a lot of the testing for you in real-world use scenarios.

1 comment:

  1. Great summary. One clarification - the new AdminStudio support for App-V is available with all of the new releases(Standard, Professional and Enterprise), so it is easier to afford. They also support ThinApp and XenApp. They were talking about this in their MMS booth.

    ReplyDelete