Archive for March, 2012

Automating user creation with Ochestrator and Service Manager 2012 Part 1

March 30, 2012 2 comments

Hello again.

Creating new users is boring, what if the end-user could input all the info for you and all you need to do is to approve the request? This is all possible with Orchestrator and Service Manager and in the next couple of posts i will show you how i did it for our environment, This is just one way of doing it, Orchestrator provides an almost infinite way of creating automated tasks.

This is how the runbook looks

Start Runbook designer and create a new runbook. add a “Initialize Data” step under Runbook Control and name it User Info.
Add 8 strings and name them Firstname, Lastname, Title, Department, Manager, Phone, Company,  and Type.

Next drag and drop a “Run .Net Script” right-click it and change the name to something like “Generate Password”.
Click Details and change the type to Powershell and copy and paste this scripts. The script basically generates a password for the new user, this one creates a simple password from “!?”, capital letters, lowercase letters and number with a total of 9 characters

$firs = [Char[]] "!?"
$lows = [char[]] ("ABCDEFGHIJKLMNOPQRSTUVWXYZ".tolower())
$nums = [char[]] [string[]] (0..9)

$one = Get-Random -Minimum 1 -Maximum 2
$first = Get-Random -Minimum 1 -Maximum 5
$second = Get-Random -Minimum 1 -Maximum (6-$first)
$third = 6-$first-$second
$ofs = ""
$GPassword = [string](@($firs | Get-Random -Count $one) + @($caps | Get-Random -Count $first) + @($lows | Get-Random -Count $second) + @($nums | Get-Random -Count $third) | Get-Random -Count 9)

Now click “Published Data and add a variable from the script we just copied in. Notice that the variable is GPassword and not $GPassword.

Now click “Finish” and create a link between “User Info” and “Generate Password

Next drag and drop another “Run .Net Script” and name it CreateUser in the link below is the script i use to create the user.
First i need to explain how we name our OU:s we have about 10 different company’s within the company for example company1 has 2 OU:s on for PC users and one for TS users like company1_CTX and company1_CTX_PC (dont ask) so in the script if you input company = test1 and type = PC the OU will be test1_CTX_PC.
and if type = “anything else than PC” the OU will be test1_CTX as we only have 2 different types of user OU:s.

Writing code is not something i don´t do everyday, this script is taken from PowerGui:s examples and modified by me as best i could im sure there are better ways to do it


For the script to work you need to install the Exchange 2010 console and Quest Activerole AD Management snapin and if you have Lync installed LyncCore.msi all these needs to be installed on the runbook server!!

The first 2 lines of the script is to run Powershell with 64bit as the Run .Net Script  runs powershell with 32bit and as Exchange 2010 only comes with a 64bit Powershell add-on we need to start Powershell with the 64bit version or it wont work.

All the variables in the script needs to be mapped to the strings we input in the first step (User Info) so place the cursor between the quotes, right click and choose “Subscribe > Published Data and pick the correct string from the User Info step.
Scroll down a bit until you find $TempPassword and put the cursor between the quotes and this time choose the Password variable we created earlier, it will now set the password to the random generated password from the step before.

If you have lync and want to enable the user uncomment to 2 lines on row 132 and 133

The variable $Tempuser is a user that i use as a template for security and distribution groups if you just want to test create a user called “template test” and add it to some groups, you can disable this account as its only the to copy the groups.

The last step is to send the user information via email to someone in this case firstline support, this is just for testing and in a production environment you probably want to send the user information back to Service Manager or the person that created the request. this can be done by adding another string in the first step and naming it something like RunbookID then mapping that manually from the Service Manager Automated runbook with the ID of the runbook. you can then send the password back to Service Manager and update for example the description if the Service Request with all the info you need like firstname, lastname and password.

So go ahead and drag out a “Send Email” step and name it “Send UserInfo”. Under Details input the Subject and Recipient(s). In the message is where we input the user information type in the information you want and under it input
After each right click and subscribe to the data from the previous steps

Under Connect specify the Sender address and the SMTP servername.

Under “Run Behavior” check “Flatten” and pick “Seperate with line breaks”

Run it through the “Runbook Tester” to check if it works.

In the next part we will import the runbook to Service Manager and create a request offering that makes it possible for end-users to input all the information we need via the service manager portal, we than approve the request and Orchestrator does the rest for us.

Categories: SCORCH, SCSM Tags: ,

Set screen resolution in WinPE with qres

March 30, 2012 Leave a comment

Hi again.

Setting the right screen resolution in WinPE might seem like an easy task but as i found it its not… i tried all sort of ways, editing the unattend file, setting it with tasksequence variables and whatnot, all of them worked but it was a static value so it would set the same resolution for all models. This is an example of how you could do it, im sure that there are easier ways but i found this to be the best for me.

First download qres from some site, do a quick google search. copy it to you distribution share and create a vbs script with the following code.

On Error Resume Next
Const wbemFlagReturnImmediately = &h10
Const wbemFlagForwardOnly = &h20

arrComputers = Array("localhost")
For Each strComputer In arrComputers
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_DisplayConfiguration", "WQL", _
wbemFlagReturnImmediately + wbemFlagForwardOnly)

If objItem.PelsWidth <= 800 then
set oShell = CreateObject("WScript.Shell")"qres.exe /x 1024 /y 768""qres.exe /x 1280 /y 1024""qres.exe /x 1280 /y 800""qres.exe /x 1366 /y 768""qres.exe /x 1400 /y 1050""qres.exe /x 1600 /y 900""qres.exe /x 1600 /y 1200""qres.exe /x 1680 /y 1050""qres.exe /x 1920 /y 1080""qres.exe /x 1920 /y 1200"
end if
If objItem.BitsPerPixel < 32 then
set oShell = CreateObject("WScript.Shell")"qres.exe /c:32"
end if

I added some standard resolutions for laptops and desktops but if you have more just add them to the script.
Now create a package with all the files and distribute it to you DP.

Open up a task sequence and add a “Run Command line step” and type in the name of the script you just created.
If you want add a Task Sequence Variable “IsVM equals false” this way it wont run if its a VM, i added it becouse it ran and changed the resolution to the highest resolution in the script and blew up the window so big that i couldn´t see the whole desktop.

Now save you Task Sequence and test it out. Make sure you have the correct display drivers in your boot image. in most cases it will work without them but in some cases specially with laptops it wont set the “optimized” resolution if the display driver is not present.

Categories: SCCM Tags:

Deploy .exe files as a MSI deployment type.

March 30, 2012 5 comments

Hello again.

I thought I would write about how to deploy an exe file as a “msi deployment type”. In many cases you don’t have access to a MSI file but still want to deploy it with all the cool features that an msi deployment type has.

First you need to .exe file of the application you want to deploy, put it under a folder in your deployment share.
for example I want to deploy Notepad++ for myself and a couple of colleagues, I could use a msi packager and create a msi package from scratch but that takes time and its such a small application that I just want to deploy to a handful of people in the IT department.

First go to Software Library > Application Management > Applications and if you want to create a new folder called IT.

Software Library

Right click the folder and choose “Create Application”

In the wizard click on “Manually specify the application information” and on the next screen input the application information

On the next screen select your language, Localized application name, User categories and browse to the .exe file to get the icon.

Catalog info

On the next screen press “Add..” this will open up a new window where we need to spevify all the information on the deployment type, so go ahead the choose “Manually specify the deployment type information”

Input a name for the application and choose language.

Now we need to input the installation information, first enter the location of the content. If you press “Browse” you will see that you can only pick MSI files so we need to manually input the installation command, in this case “notepad++.exe /S” if we want we can also specify the uninstall information, this is a little harder to find, in most cases there is a uninstall program in the installation folder, you could also check the registry for an uninstall command. In the screen below there is an error you need to type Uninstall.exe /S for it to uninstall silently.

Now press “Next”

The next step is to input information so that Configuration Manager knows if the application is already installed on the device we deploy to. So go ahead and press “Add Clause…”

In this case we specify a file present on the device if it’s already installed, if this was a MSI file it would import the product code. There is also an option to input registry information. Press OK > Next

Next step is to specify installation behavior. As everyone here want Notepad++ as you can’t live without it I choose “Install for system” and  “Whether or not a user is logged on” the most obvious difference between “Install for system” and “Install for user” is that if you install for system it will show up under Software Center and install for user will show up under the Application Catalog site.

On the next screen you can specify Requirements, I only want to deploy this if the user is a primary user for the device. So press “Add…” if you want to you can also add other requirements such as disk space, operating system, OU or even create your own custom requirement with a registry key, SQL query or LDAP query.

Now press OK > Next

Next screen is for dependencies, as this has no we skip this and press next. This can be very useful if you for example deploy Adobe flash player for Firefox you can here specify that for it to install Firefox has to be present on the device as without it it’s pretty useless.

Click “Next” on Summary, we are not back on the Create Application Wizard so just press “Next” and we are done.

Now all you need to do is distribute the content to your DP and deploy it to a Device, User or Group.

Categories: SCCM Tags:

System Center 2012!

March 29, 2012 Leave a comment


My name is Magnus Lundgren I live in Sweden and work for a medium size company. And I thought I would share my experience with the System Center suite.

We are currently running System Center Configuration Manager and Operation Manager 2007.
And I must say I love it, and that’s why I’m in my lab right now are running System Center Configuration Manager, Operation Manager, Service Manager and Orchestrator RC and are planning on rolling then as they go RTM.

I’m no expert in any of the System Center products all I write about will be stuff I teach myself or find on other sites about System Center.

During my lab as I have time I will update with posts on the experience. Next blog will be about creating applications in SCCM with .exe files if an msi package is not available.

Categories: Uncategorized Tags: