SCCM to Tanium

SCCM transition Options: of course intune otherwise 

Deployment, Patching - Tanium

Image - Tazier

Inventory - Tanium

Remote Control - Zoom 

Reporting - Custom SSRS or Kafka , Grafana, Telegraf , Sensu, Datadog

Use this script to refresh a list content to a specific dp

 

# Use this script to refresh a list content to a specific dp, or a list of dps to a specific piece of content.

# Paste output list from SQL of packageids

$PKGIDS = @"

"@

# Paste output list from SQL of the full servernalpaths

$serverNalPath = @"

"@

<# Begin #>

<# do not modify below #>

# Splitting up the Here strings for Packageids and Servernalpaths to turn it into an array of objects

$PKGIDS = $PKGIDS.Split("`r`n") | Where-Object {$_ -ne ""}

$ServerNalPath  = $ServerNalPath.Split("`r`n") | Where-Object {$_ -ne ""}

$ServerShortName = $ServerNalPath  |  % {$_.Split("\\")[5]}

# Testing the counts of the arrays to make sure we don't loop improperly

$ErrorActionPreference = "Stop"

$shouldrun = $false

if ($PKGIDS.count -eq 1 -and $ServerShortName.count -ge 1) {$shouldrun = $true}

elseif ($PKGIDS.count -ge 1 -and $ServerShortName.count -eq 1) {$shouldrun = $true}

    else {$shouldrun = $false}

if ($shouldrun) {

    $ServerShortName | % { 

        $ServerNalPath = $_

        $PKGIDS | % {

            TRY {

                $PKGID = $_

                $DP = gwmi -ComputerName xxxxxx -Class sms_distributionpoint -filter "ServerNALPath like '%$ServerNalPath%' and packageid = `'$PKGID`'" -Namespace root\sms\site_XXX

                $dp.RefreshNow = $true

                $dp.put() | Out-Null

                Write-Output "Success - Refreshing $PKGID on $ServerNalPath"

                }

            CATCH { 

                Write-Output "Error - Refreshing $PKGID on $ServerNalPath"

                }

        }

    }

}

else {

    Write-Output "Error - Script only supports running against a single packageid or a single servernal path at a time, validate input"

    }

<# END #>

SQL Queries to get :

-- 1, get list of all pending packageids, change nalpath to broken DP

select * from v_PackageStatusDistPointsSumm

where servernalpath like '%xxxx%'  and state != 0

order by packageid

 

-- 2, get dpip to send to distribuitonjobs, note the dpid for the dp

select * from v_distributionpoints where servername like '%xxxx%'

GCP Overview

Overview Google Kubernetes Engine (GKE) provides a managed environment for deploying, managing, and scaling your containerized applications using Google infrastructure. The GKE environment consists of multiple machines (specifically Compute Engine instances) grouped to form a container cluster. In this lab, you get hands-on practice with container creation and application deployment with GKE. Objectives In this lab you will learn how to: w Create a GKE cluster w Deploy an application to the cluster w Delete the cluster Cluster orchestration with Google Kubernetes Engine Google Kubernetes Engine (GKE) clusters are powered by the Kubernetes open source cluster management system. Kubernetes provides the mechanisms through which you interact with your container cluster. You use Kubernetes commands and resources to deploy and manage your applications, perform administrative tasks, set policies, and monitor the health of your deployed workloads. Kubernetes draws on the same design principles that run popular Google services and provides the same benefits: automatic management, monitoring and liveness probes for application containers, automatic scaling, rolling updates, and more. When you run your applications on a container cluster, you're using technology based on Google's 10+ years of experience with running production workloads in containers. Kubernetes on Google Cloud When you run a GKE cluster, you also gain the benefit of advanced cluster management features that Google Cloud provides. These include: w Load balancing for Compute Engine instances w Node pools to designate subsets of nodes within a cluster for additional flexibility w Automatic scaling of your cluster's node instance count w Automatic upgrades for your cluster's node software w Node auto-repair to maintain node health and availability w Logging and Monitoring with Cloud Monitoring for visibility into your cluster

Salesforce Admin Topics

• SF Editions • Different type of SF Clouds ○ Sales Cloud ○ Service ○ Experience • Salesforce Org Creation • Types of Salesforce Orgs ○ Sandbox (Dev, Full Copy, Partial Copy) ○ Production • Login. Salesforce , Test.Salesforce login • Salesforce Lightning Experience • Salesforce Objects ○ Standard Objects ○ Custom Objects • Applications ○ App Manager ○ APP Menu • Tabs • Field and Relationships ○ Lookup Relationships ○ Master details Relationships (MD) ○ Other data types (Text, Number, Date, Picklist etc) ○ Global Picklist • Record Types , Flows • Page layouts • Lightening record pages • Validation Rules

To force re-scan by Tanium agent on windows Server?

1.To force re-scan by Tanium agent on windows Server? remove both the latest-errors and patch-scan-results files \Patch\scans\patch-scan-results \Patch\scans\scan-statuses \Patch\latest-errors Note: Make sure you check the latest cab file available under \Patch\scans\

Tanium Questions help for Windows Servers Patching

Get Computer Name and Patch - Patch List Applicability[0,1] from all machines with Computer Name contains XXXXXXX Get Endpoint Configuration - Tools Status Details from all machines with Computer Name contains XXXX Get Patch - Is Process Running with computer name contains XXXX Get Computer Name and Patch - Maintenance Windows Applied?maxAge=60 from all machines with Computer Name contains XXXXX Get Computer Name and Patch - Applicable Patch Count[0] and Patch - Maintenance Windows Applied from all machines with Computer Name contains XXXXXX Get Computer Name and Operating System and Patch - Scan Errors from all machines with ( all Patch - Scan Errors not contains No Scan Errors and Computer Name contains XXX ) Get Computer Name and Operating System and Patch - Scan Errors from all machines with ( all Patch - Scan Errors not contains No Scan Errors and Operating System contains Windows server ) Get Computer Name from all machines with ( Patch - Manifest Sync State[3] contains XML and Custom Tags matches patch and Computer Name contains XXX ) Get Computer Name and Tanium Action Log[911118,100] from all machines with Computer Name equals XXX Get Computer Name and Patch - Blacklists Applied from all machines with Operating System contains windows server Get Computer Name and Operating System and Patch - Patch List Applicability[0,1] matches "^[^|]*\b6\b[^|]*\|[^|]*\|[^|]*\|Not Installed\|.*$" from all machines with ( Is Windows equals True and Patch - Patch List Applicability[0,1] matches "^[^|]*\b6\b[^|]*\|[^|]*\|[^|]*\|Not Installed\|.*$" ) Get Computer Name and Operating System and Patch - Applicable Patch Count[0] and Patch - Patch List Applicability[0,1] matches "^[^|]*\b6\b[^|]*\|[^|]*\|[^|]*\|Not Installed\|.*$" from all machines with Custom Tags matches patch Get Computer Name and Patch - Applicable Patch Count[0] and Patch - Patch List Applicability[0,1] matches "^[^|]*\b6\b[^|]*\|[^|]*\|[^|]*\|.*$" from all machines with ( Computer Name contains XXXX and Operating System contains windows server ) Note: here XXXX is a computername here b6 is patch list ID

To check patch deployment status in TANIUM

Get Computer Name and Operating System and Patch - Deployment Statuses matches "^1234\|.*$" from all machines with Patch - Deployment Statuses matches "^1234\|.*$" Note: here 1234 is deployment ID , so you need to switch it based on your ID

To download CAB file

http://download.windowsupdate.com/microsoftupdate/v6/wsusscan/wsusscn2.cab https://content.tanium.com/files/hosted_dats/MS-CVEs.dat https://content.tanium.com/files/windows-patch/wsusscn2.json

How to handle when AD Schema not extended for SCCM

To download microsoft cab file

http://download.windowsupdate.com/microsoftupdate/v6/wsusscan/wsusscn2.cab

https://go.microsoft.com/fwlink/?LinkID=74689

if you are using Tanium

https://content.tanium.com/files/hosted_dats/MS-CVEs.dat

https://content.tanium.com/files/windows-patch/wsusscn2.json 

How do you transition All SCCM capabilities to some other tool?

 How do you transition All SCCM capabilities to some other tool?

Will provide my answers soon HI

To get physical hostname

SELECT  dbo.v_GS_OPERATING_SYSTEM.Caption0, dbo.v_GS_VIRTUAL_MACHINE_64.PhysicalHostName0, dbo.v_R_System.Name0
FROM    dbo.v_R_System INNER JOIN
           dbo.v_GS_OPERATING_SYSTEM ON dbo.v_R_System.ResourceID = dbo.v_GS_OPERATING_SYSTEM.ResourceID INNER JOIN
           dbo.v_GS_VIRTUAL_MACHINE_64 ON dbo.v_GS_OPERATING_SYSTEM.ResourceID = dbo.v_GS_VIRTUAL_MACHINE_64.ResourceID

  where v_r_system.name0 in (

DP Content checking

--DP content status:
use sms
SELECT     v_PackageStatusDistPointsSumm.PackageID,
                      v_Package.Name, v_PackageStatusDistPointsSumm.InstallStatus, v_PackageStatusDistPointsSumm.SiteCode, v_PackageStatusDistPointsSumm.ServerNALPath,
                      v_PackageStatusDistPointsSumm.SourceVersion, v_PackageStatusDistPointsSumm.State, v_PackageStatusDistPointsSumm.LastCopied,
                      v_PackageStatusDistPointsSumm.SourceNALPath, v_PackageStatusDistPointsSumm.SummaryDate
FROM         v_PackageStatusDistPointsSumm INNER JOIN
                      v_Package ON v_PackageStatusDistPointsSumm.PackageID = v_Package.PackageID
WHERE     (v_PackageStatusDistPointsSumm.ServerNALPath LIKE '%XXX%')---and InstallStatus <> 'Package Installation complete'
--WHERE     (v_PackageStatusDistPointsSumm.ServerNALPath LIKE '%.stores.target.com%')and InstallStatus <> 'Package Installation complete'
--and Name like '%neil%'1
--order by  name, v_PackageStatusDistPointsSumm.InstallStatus
and InstallStatus != 'Package Installation complete'



Note: in XXX put your DP name

PowerShell script to check WDS Service status against of List of servers.

Below is a PowerShell script, this will list WDS Service status against of List of servers.

$InPutComputersList = get-content "c:\MyScripts\list.txt"
$OutPutFile = "c:\MyScripts\WDS_ServiceStatus.csv"
$NotReachble = "c:\MyScripts\NonPingSystems.csv"
$listResult = @()
foreach($ForEverComputerIntheTextFilelinebyLine in $InPutComputersList) {
if (test-path \$ForEverComputerIntheTextFilelinebyLine\c$\windows\write.exe)
{
$objService = Get-Service WDSServer -ComputerName $ForEverComputerIntheTextFilelinebyLine | select machinename, status, name, displayname

$objResult = New-Object PSObject -Property @{
ComputerName = $ForEverComputerIntheTextFilelinebyLine
ServiceStatus = $objService.Status
ServiceDisplayName = $objService.DisplayName
ServiceName = $objService.Name

}
$listResult += $objResult
}
Else
{
Write-Output "$ForEverComputerIntheTextFilelinebyLine,NotReachable" | out-file $NotReachble -append
}
}
$listResult| Export-Csv -Path $OutPutFile

for a single computer add or remove programs info

Select v_Add_Remove_Programs.DisplayName0, v_Add_Remove_Programs.Publisher0, v_Add_Remove_Programs.Version0

FROM v_Add_Remove_Programs

JOIN  v_R_System ON v_Add_Remove_Programs.ResourceID = v_R_System.ResourceID

WHERE v_R_System.Netbios_Name0 = @computername

Hardware Inventory last scanned

SELECT SYS.Netbios_Name0 as 'Computer Name',
SIS.SMS_Installed_Sites0 as 'SMS Site', WS.LastHWScan,
DATEDIFF(day,WS.LastHWScan,GETDATE()) as 'Days Since HWScan'
FROM v_GS_WORKSTATION_STATUS WS INNER JOIN v_R_System SYS
ON WS.ResourceID = SYS.ResourceID INNER JOIN v_RA_System_SMSInstalledSites SIS
ON WS.ResourceID = SIS.ResourceID
WHERE SYS.Client_Type0 = 1 AND SYS.Active0 = 1 AND
WS.LastHWScan < DATEADD([day],+1,GETDATE())

scvmm pre-requsites

Pre-reqs:

Service account

Service account should have local admin privileges

Service account should have access in VMMKKM Container

Service account and  VMMKKM Container should be on same domain

SQL native Client

Cluster name should have access on SCVMM name

(CNO should be properties of VCO security and full control)

SCVMM service name and should have static IP

Service account should have SQL direct access , kind of  DB owner access

Always on should be off incase SQL DB already pre-staged

(always on is a HA solution for the sql DB)

Use sql port 1433

Use all default ports

Logon service group - secpol.msc - should have access to service account 

Pull Dp concept

When a package is distributed to a PullDP, DistMgr creates a PkgXferMgr job and added to the queue.- PkgXferMgr processes the job and creates a PullDP notification in the PullDPs WMI.- PullDP reads the notification and starts the download from a assigned Standard DP based on priority.- Once the notification is written, PkgXferMgr monitors the job for next 10 hours (max value hardcoded). Every 60 mins.- If the status is not received from the PullDP, it will mark the distribution as Failed and it creates a Status Message and DistMgr processes the message.- if a package is successfully downloaded in the PullDP, even after it exceeds the 10 hours, it will send the status to MP and it will drop a file in Distmgr.box.- DistMgr will check the existing status in the PkgStatus table.- Since the PkgXferMgr already dropped a failed status, it will ignore the status which has been sent by PullDP.- So the status will stay as failed. But content is distributed. However clients won’t work due to status marked as failed in Database.-  It is by design in CM12 R2.- Above hardcoded values can be changed in ConfigMgr 2012 R2 SP1 using AdminUI.

SCCM 2012 Application Concepts

SCCM 2012 Application Concepts 

Application
An application is intelligent software that knows if a user is authorized to use it on a particular device, if that device can run it and how it should be made available to the user on that device.  An application in SCCM 2012 is what a package and program(s) is in SCCM 2007.  You can still use the old package-program in SCCM 2012 to deploy software but you won't take advantage of the intelligence in Applications.

Deployment
A deployment in SCCM 2012 is what an advertisement is in SCCM 2007.  A deployment is used to deploy an application.  You can indicate the purpose of a deployment as Required and Available.  Think of Required as the purpose of a mandatory assignment in an SCCM 2007 advertisement.  Think of Available as the purpose of an optional advertisement in SCCM 2007.  You can configure two actions for a deployment: Install and Uninstall.

Deployment Type
A Deployment Type is part of an Application and provides information needed to install the software.  It contains rules to determine if and how software should be installed on a particular device or delivered to a user.  SCCM 2012 has the following deployment types: Windows Installer, Script Installer, Microsoft Application Virtualization, Windows Mobile Cabinet and Nokia SIS file.

Application Catalog
This is a user-friendly web portal for applications that are not forced on devices by making the purpose of a deployment Available and configuring the deployment to target users.  Users can browse to the portal and install or use applications that are available to them (with the option to require approval for specific applications).

Software Center
This is an SCCM client application that replaces the "Run Advertised Programs" control panel applet present in the SCCM 2007 client.  If a deployment targets a device instead of a user, the user can install the application by launching Software Center.

User-Centric Application Management
This is a framework of SCCM features and other technologies that allow the intelligent delivery of applications to users anywhere on any device and at any time.  One example of this is making Microsoft Word available to a user.  Per the administrator's intent, Word will be installed only on the user's primary device, and it will be streamed to the user via App-V on any other device.

User Device Affinity
This is one of the key features in SCCM 2012 that makes User-Centric Application Management possible.  It allows a device to be configured as the primary device for a user.  You can actually have multiple primary users for a device, and multiple primary devices for a user.  For more information on this see

SCVMM Capacity planning

Config that’s required for VMM to manage 300 hosts.

System Center 2012 R2 servers	Processor (min)	Processor (rec)	RAM (min)	RAM (rec)	Hard drive space (min)	Hard drive space (rec)
VMM Management Server (More than 150 hosts)	Pentium 4, 2 GHz (x64)	16-Core 2.66 GHz CPU	4 GB	16 GB	4 GB	10 GB
VMM Console (More than 150 hosts)	Pentium 4, dual processor 2 GHz	2-Core 2 GHz CPU	4 GB	4 GB	4 GB	10 GB
VMM Library Server	Pentium 4 2.8 GHz	4-Core 2.66 GHz CPU	2 GB	4 GB	Varies based on the number and size of the stored files.	Varies based on the number and size of the stored files.