Category: ConfigMgr

After deploying an ConfigMgr site successfully the first thing regarding managing client is to define your client agents.

Client Agents are features that are running in the ConfigMgr client. ConfigMgr has 10 client agents:

• Hardware Inventory client agent
• Software Inventory client agent
• Advertised Programs client agent
• Computer client agent
• Desired Configuration Manager Client agent
• Mobile Device client agent
• Remote Tools client agent
• Network Access Protection client agent
• Software Metering client agent
• Software Update client agent

For each client agent you can enable or disable them and define several feature configurations. For example on the Software Inventory client agent you can specify which types of files should be inventoried or on the Remote Tools client agent that permissions from the logged on user are required when taking over the screen.

Those settings are site-wide which means they will apply to every system that has a ConfigMgr client and is currently belonging to that site including desktops and servers.

Especially for servers you don’t want that permissions are required since no user is logged on to grant those.

The client agents settings are delivered to the client when they are receiving their policy from the Management Point. So without building a new site for the servers can you override these settings?

Yes we can!

You can create your own local policy which overrides the site settings. To create the override we need to define a new policy instance in a Managed Object Format (MOF) file.
MOF files can be created in a normal text editor like notepad.exe. The following steps will help you in creating a custom local policy.

First scenario is to override the ‘Ask for permission when an administrator tries to access the client’ setting part of the Remote Tools Client Agent.

The following code is what the ConfigMgr client receives from the Management Point (AAA is the sitecode in this example):

instance of CCM_RemoteToolsConfig
{
PolicyID = "{GUID value}";
PolicyVersion = "x";
PolicySource = "SMS:AAA";
PolicyRuleID = "{GUID Value}";
PolicyInstanceID = "{GUID value}";
Enabled = TRUE;
ComponentName = "SmsRemoteTools";
Type = 1;
RemoteToolsEnabled = TRUE;
AllowChat = TRUE;
AllowClientChange = FALSE;
AllowFileTransfer = TRUE;
AllowReboot = TRUE;
AllowRemoteExecute = TRUE;
AllowTakeover = TRUE;
AllowViewConfiguration = TRUE;
AlwaysVisible = FALSE;
AudibleSignal = TRUE;
CompressionType = 2;
ControlLevel = 2;
DefaultProtocol = "TCP/IP";
IndicatorType = 0;
PermissionRequired = 1;
UseIDIS = TRUE;
VisibleSignal = TRUE;
DisableToolsOnXP = TRUE;
ManageRA = TRUE;
EnableRA = TRUE;
AllowRAUnsolicitedView = TRUE;
AllowRAUnsolicitedControl = TRUE;
ManageTS = FALSE;
EnableTS = FALSE;
EnforceRAandTSSettings = TRUE;
PermittedViewers = NULL;
};

Note the PermissionRequired settings is set to 1 which states that permissions are required when running Remote Tools.

To override this setting open notepad.exe on the system you want the override for and add the following code to it:

#pragma namespace("\\\\.\\root\\ccm\\policy\\machine\\requestedconfig")
[CCM_Policy_PartialPolicy(true)]

instance of CCM_RemoteToolsConfig

{
// Header properties
PolicyID = "1";
PolicySource = "local";
PolicyVersion = "1";
PolicyRuleID = "1";
PolicyInstanceID = "1";

Type = 1;

// Data properties
[CCM_Policy_Override(TRUE)]

PermissionRequired = 0;
};

As you can see PermissionRequired is now set to 0 so disabled.

Save the file as custom_remotetools.mof (where .mof is the file extension) on the c:\ drive or other easy to find location. In this example I use the C:\ drive.

To combine this code with the settings in WMI the MOF file needs to be compiled. This can be done with the tool called mofcomp.exe which is located under %windir%\system32\wbem

To use the tool open a command prompt and type the following command followed with pressing enter:

%windir%\system32\wbem\mofcomp.exe custom_remotetools.mof

Now the MOF file is compiled and the site wide settings are overridden by the settings specified in the custom_remotetools.mof file. Repeat these steps on the systems the override is required.

Other scenario is to disable the entire Remote Tools Client agent. This is can be done with same steps only you should now use this code in the MOF file:

#pragma namespace("\\\\.\\root\\ccm\\policy\\machine\\requestedconfig")

instance of CCM_RemoteToolsConfig
{
// Header properties
PolicyID = "1";
PolicySource = "local";
PolicyVersion = "1";
PolicyRuleID = "1";
PolicyInstanceID = "1";
Type = 1;
PermissionRequired = 0;
};

Code source: http://msdn.microsoft.com/en-us/library/cc146756.aspx

Now SP1 is for a time on the market and the release of the R2 extension for ConfigMgr it could be confusing which version of ConfigMgr is running on your server.

To quickly verify the version you're running in the ConfigMgr console expand Site Database and Site Management. Right-click your site server and the version number will be listed on the Site properties dialog box.

To following list will help you to determine which version number belongs to which version:
ConfigMgr RTM
4.00.5931.0000

ConfigMgr SP1
4.00.6221.1000

ConfigMgr R2
4.00.6221.1000

ConfigMgr SP2
4.00.6487.2000

Since R2 requires SP1 and it is extension instead of a upgrade the version number is the same as ConfigMgr SP1. Difference with R2 is that The “R2 installed” field will state “Yes”.

Earlier I already announced the release of the Dell and HP Deployment Pack. Today IBM released there pack as well!

You can download the pack here.

The second Service Pack of ConfigMgr will be coming very soon. The open beta program at Microsoft Connect for SP2 will start at the end of May this year.

The main foces of the Service Pack will be support for the new client Operating System Windows 7 Out of Band Management and the deployment of Windows Server 2008 R2.

Other improvement are supportability and hotfixes released after Service Pack 1. At the MMS I expect more information regarding this release.

Please join the TAP or Beta program to help the product team to deliver the best.

Enjoy!

Vendors like HP and earlier Dell are providing very useful add-ons for ConfigMgr which I think is really great! Today HP released the Update Catalogus.

Hewlett-Packard Server Updates Catalog for System Center Configuration Manager 2007 enables IT administrators to use Microsoft Systems Center Configuration Manager RTM, SP1, or R2 to automatically manage and distribute HP ProLiant server system software, firmware, and complete support packs. With the HP Catalog, customers can manage HP server inventory and software updates with the same ease they use to manage operating system updates.

Customers using ConfigMgr will benefit from the integration of the HP server software catalog within the ConfigMgr management structure. The HP Catalog allows remote scanning of HP server software configurations and reporting of the results through the ConfigMgr console. The catalog also enables management and distribution of complete Support Packs or individual components (drivers, ROM, and software agents).

All the information and download can be found here.