jump to navigation

Ever wanted to have a report to get a list of updates that are not approved – Missing Updates MP is now available to download May 25, 2009

Posted by Björn Axéll in How-To, SCE.
add a comment

If you have been working with System Center Essentials, you know that there is no report/view to see updates needed but not approved. As of today, the only way you have been able to get this list is to:

  1. Use the powershell script that the SCE team has build(more information about this script can be found here) to get a list of updates needed for partners updates (for example Dell, HP or Adobe)
  2. For Windows Updates, you have been able to use the WSUS console


Since all of the information we need do exist in the databases I thought a standard SQL report would be easier so I build one and I have added it as a Management pack that you can import (see link below)

  1. Import the MP from the Administration space 
  2. When the import is complete is can take a couple of minutes and before the report is visible in the console (you might need to do a refresh F5)
  3. The report is target to the Windows Computer Class so whenever you select a Windows computer (in the computer space or in the monitoring space) you will have the option to run the “Missing Updates” report from the Action menu on right side
  4. You can also run the report directly from the Reporting space
  5. When you have selected the report you have the option to select one or more computers and also select from what category you want to run against (Microsoft, Adobe, Dell, Hp etc)
  6. After you click run you will get a list of the updates the computer(s) need(s).

If you have any feedback on this MP, please send me a mail bjorn.axell@advisec.com or add it as a comment to the blog post

Download Missing Updates MP

I want to thank Ravi K. from the SCE team and to Mattias Lind – http://blog.mssqlserver.se/ for helping out with the SQL query

How to manage drivers for your HP machines February 17, 2009

Posted by Björn Axéll in Deployment, How-To, Tool.
1 comment so far

If you ever been working with OS deployment, you know that one of the biggest hassle is to download drivers and keep your driver “repository” up-to-date. Since some companies now need to download drivers for both Windows XP, Windows Vista and soon Windows 7 for both x86 and x64 architectures it gets even harder and more time consuming. The good new is that HP has a nice small tool that help you a lot. Below you can se some print screens of the tools.

  1. First you need to do some basic configuration. Here you can specify how/where you want the downloaded files. You also specify in what language and for what OS type/architecture.
  2. Then you select what type of machine and for what OS
  3. Click the “Find Available Softpaqs” icon on the left top of the application and it will now show you a list of all types of Softpaqs that are available
  4. Select the Softpaqs you want to download (there is quick selections if you click on the “Select Softpaq” drop-down-icon")
  5. Select “Download and unpack” (this is very useful if you need to import the drivers in some other tool that require the standard drivers instead of an exe file”), then click the “Download” icon to start the download
  6. The files will now be downloaded to your computer and also be unpacked. During the download you have Progress information in the lower left of the application. If you open the file explorer you will see the files and folders.


Download HP SoftPaq Download Manager from HP


If you have any other tool(s) that helps you manage drivers for other computer brands, send the info to me by adding a comment to this post

How do you uninstall exe based applications in SCE? September 10, 2008

Posted by Björn Axéll in How-To, SCE.
add a comment

As we all know, you can install both exe and msi based application with SCE. Unfortunately, there is two limitation when you need to add an exe file (if you ask me). If you add an exe based application:

  1. You can’t uninstall it in an easy way
  2. If you (or the user that use the computer) manually uninstall an exe based application that has been deployed with SCE from the local client, it will never be reinstalled by SCE. If you compare this with an msi based application, it would be reinstalled at the next detection interval

So – how can we get around these problems? In this post I will explain how you can use a “Setup wrapper” to fix both of these problems. Note! The tools I use in this example are free to use and can be downloaded from web.

Before you start to deploy a solution based on this post – be sure to test it. All applications are unique and needs to be tested. The post is just an example of how you can do it. 

Preparations steps

  1. Download and install Windows Installer Wrapper Wizard 0.2.0 (WIWW) from VinsVision
  2. Download and install Orca (a msi database edit from Microsoft. Note that this download is not from Microsoft since they only provide a bundled with Microsoft® Windows Server 2003 SP1 Platform SDK)
  3. Create a directory on your desktop called “My first wrapper”
  4. Download or copy your exe based application, save it to “My first wrapper” folder . In my example I use XnView ( a free software to view and convert graphic files) Note! The setup engine need to be able to support silent/unattended install/uninstall

“Investigating” the application (find shortcuts and registry keys)

  1. Manually install the application on a client
  2. Open Regedit and brows to [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]. Here you will find your application and the UninstallString value.
  3. Copy the text to a notepad document, we will need this information in a later step
  4. Open Program menu and have a look if the application have added a uninstall shortcut. In my example you will find one and it is located under “C:\Documents and Settings\All Users\Start Menu\Programs\XnView”. Copy the shortcut path to the notepad document, we will need this information in a later step.
  5. In the “My first wrapper” folder, create a bat file and add the following:

REM The below line will hide the uninstallation information for the original setup shown i Add/Remove Programs. Since we will build our own setup, we don’t want to have multiple registration in Add/Remove Programs)
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XnView_is1 /v SystemComponent /t REG_Dword /d 1
REM The below line will remove the shortcut the applicatiuon added. Since we don’t want our users to use this we have to remove it
del %allusersprofile%\Start Menu\Programs\XnView\XnView uninstall.lnk

Build the MSI wrapper

  1. Start the WIWW from the Program Manu
  2. On the Welcome screen, click Next to start
  3. On the Windows Installer file screen, click Brows and brows to your “My first wrapper” folder. Add a name to your file. In my example I use xnView.msi. Click Next to continue
  4. On the Install command screen, click Add
    Select to Use SourceDir
    Click Brows and select your exe setup file. In my example I use XnView-win.exe
    As parameters add /silent
  5. Click Ok to save
  6. Click Add a new command to run
    Select to Use SourceDir
    Click Brows and select your bat file you created earlier. In my example I use fix.bat
  7. Click Ok to save
  8. Click Next to continue
  9. On the Uninstall command screen, click Add
    Select a Windows Installer Installer Folder property = Select [ProgramFilesFolder]
    Brows or type the program to run = Brows to Program Files\XnView\unins000.exe
    (this information was found during the investigation steps above)
    Specify an program parameter = /Silent (this information was found during the investigation steps above)
  10. Click Ok to save
  11. Click Next to continue
  12. On the Product Appearance and Requirements screen, click Next to accept the default values
  13. On the Package Meta Data and Language change to:
    Product name = XnView
    Product version = 1.94.2
  14. Click Next to continue
  15. On the The wizard is ready to create your wrapper, click Next followed by Finish to create and save your package
  16. Right click the new xnView.msi and select “Edit with Orca” (Note that you must have installed Orca to have this option)
  17. On the left side, select the Property table. Change the below (Note! This is an important step since this information will be the information you will get in the inventory reports in SCE)
    ARPHELPLINK = http://www.xnview.com
    Manufacturer = XnView
    ARPCOMMENTS = This will install XnView
    ARPURLINFOABOUT = http://www.xnview.com
    ProductVersion = 1.94.2

Add Package in SCE and test

You are now ready to add this package to SCE. In the Add Software wizard you need to make sure to select “Include all files and sub folders in this location” since you need to add all 3 files to get this package to run. Be sure to only deploy it to a small test group before you deploy it to all your computers. After you successfully deployed the application, test:

  1. To manually uninstall the application from the client.
    1. Uninstall the application
    2. Run c:\Windows\System32\wuauclt.exe /detectnow
    3. The Yellow icon will now appear and the application will be reinstalled
  2. Uninstall the application from all computers
    1. In the SCE console, select to uninstall it to a group of computers that has it installed

This post have shown you an easy way to  handle uninstallation of exe based applications in SCE and still use the standard installation engine provided by the software vendor (instead of doing a msi repackaging of the hole application). On top of that, the application will reinstalled if someone manually uninstall it on the client computer which will help you to have all computers complaint with the right software. 


Hope this can be valuable for you. If you have any comments, feel free to post them

Would you like to be able to schedule reports in SCE? August 13, 2008

Posted by Björn Axéll in How-To, SCE.
1 comment so far

Have you ever wanted to get a report sent by mail or saved to a file share on a schedule basis? In System Center Operations Manager, you have this function directly in the System Center Operations Manager Console but for System Center Essentials, this feature was not included (because the limitation in SQL Express that is included in Essentials 2007).


So – how can we fix this? Since Essentials use SQL 2005 Reporting engine, we can configure this from the Report Manager (Note that this will not work if you use SQL 2005 Express or SQL 2005 Workgroup since they don’t have this feature). The example below we will configure so you get the Update Deployment report in your inbox every morning. Note that this is just an example, you can schedule every report available in Essentials.


  1. First we need to verify that the Reporting server is configured to send report via mail.
  2. Start the Reporting Services Configuration from the start menu
  3. At the Instance selection dialog box, click to connect to your local server
  4. Select the E-mail node and enter a e-mail address (this is the from address) and the name of your mail server, click apply and exit
  5. Open Internet Explorer and enter http://localhost/reports as address
  6. Reporting Manager will now start and you can see all available reports that are installed (number of reports will vary depending on what Management packs you have installed)
  7. Click Microsoft.SystemCenter.Essentials.Report.Library and select the Microsoft.SystemCenter.Essentials.Report.UpdateDeployment report (the one without the rpdl extension)
  8. When the report is shown, click on the subscription link and then New subscription
  9. In the Report Delivery option and Subscription Processing option add:
    Delivered by = E-mail (if e-mail is not available to select, you have missed the first 4 steps). Note! If you add a “external” e-mail address you need to make sure the reporting server are permitted to “relay” mail traffic.
    Render format = in this example we use Web Archive
    Select scheduling = Select the time and how often you want the report
    In the Report Parameter Values = Unselect default and select only the type of status you want to see (in my example I only select Not installed, Downloaded and failed).  You also need to specify a group of computers you want to run this report again’s (in my example I select All Servers)
  10. When you done your selections, click ok to save. You will receive the report in your inbox
  11. Below is an example of a report

Deploying scripts with SCE June 2, 2008

Posted by Björn Axéll in How-To, SCE.
comments closed

I have seen allot of questions in the forums and news groups if SCE can deploy scripts – and the answer is Yes. The last week, me and my Ty from the SCE products team has done some tests. Here is a sample where we have a vbs script that copy files.

  1. Create a vbs script (call it Copy.VBS for this example)
  2. Dim oFS
    Dim oShell
    Dim strDestDir
    Set oShell = CreateObject(”WScript.Shell”)
    Set oFS=CreateObject(”Scripting.FileSystemObject”)
    strDestDir=oShell.ExpandEnvironmentStrings _
    (”%ALLUSERSPROFILE%”) + “\”
    If oFS.FolderExists(”SourceFiles”) Then
    On Error Resume Next
    'Copy the files
    oFS.CopyFolder “SourceFiles”, strDestDir
    'If there was an error copying the files, quit with the specific error code
    If Err.Number <> 0 Then
    End If
    ‘Exit with file copied, if no error occurred
    End If
    ‘Exit without Success
    WScript.Quit (1)

  3. Create a working folder, and store within it the following files:


    b. Working Directory

    c. Copy.VBS (from above)

    d. Place any needed files within the SourceFiles directory


  4. Create a new software distribution package within System Center Essentials

    a.Package setup file: browse to the cscript.exe location from step #1

    b.Command line parameters: -nologo copy.vbs


  5. Deploy the package to the appropriate managed machines


  6. Review the desired result


When the package is deployed, the Windows Update Agent will call into Cscript.exe, and that program will reference the script which is located in the same working directory. Your end users will see a “flash” of a CMD window briefly while the script is executing.


Like with any other package, this one will execute in the context of the user unless it is launched from any of the following installation actions:

· Install-at-shutdown

· Scheduled installation

· Deadline installation

If your script requires to be in the user context, it is important to mark “requires input from the user during installation”. This flag will prevent execution in the above installation actions.

I want to thank Ty for helping me validating this scenario

How do you document your Active Directory and Exchange environment October 2, 2007

Posted by Björn Axéll in Active Directory, Exchange, How-To, Windows.
comments closed

Have you ever wanted to document your Active Directory and Exchange Environment? A couple of years ago, you could use Visio 2000 to do just this. The problem is that Microsoft removed that function from newer versions of Visio. Today I found a new cool application from Microsoft (and it’s free) that fixes this problem. You install the application and select what you want to document (see print screens below). When you have done your selections, just click “Draw” and it will create Visio document.



Download The Microsoft Active Directory Topology Diagrammer from Microsoft 


Brief Description

The Microsoft Active Directory Topology Diagrammer reads an Active Directory configuration using ActiveX Data Objects (ADO), and then automatically generates a Visio diagram of your Active Directory and /or your Exchange 200x Server topology. The diagrams include domains, sites, servers, administrative groups, routing groups and connectors and can be changed manually in Visio if needed.

How to remotely install updates and applications August 13, 2007

Posted by Björn Axéll in How-To, SCE.
add a comment

As you know, System Center Essentials (SCE) provide you with both Update Management and Software Deployment. Since SCE uses Windows Server Update Services (WSUS) as underlying technology for both of these functions, the configuration of the client detection time and interval is done through Group Policy (this is done when you run the Feature Configuration Wizard in SCE and select domain policy). The default values for this is:

  • Schedule install time = 03:00
  • Automatic Updates detection frequency = Every 22 hour

Note that both of these can be changed to fit you environment.

So, if all of your machines are online at this time they will get all of the updates and all of the applications you approved for them. The problem I have seen is when you see (through the console) that one or more clients "Needs" updates or applications and you just want to "Click Install Now". As default, this is not possible in SCE and the option you have it to use Remote Desktop or visit the computer. The two tasks you have by default in SCE is:

  • Detect Software and Updates Now – This tasks only download the updates to the client and inform the user that they are available but the user need to click "Install" or wait for the schedule time to apear
  • Collect Inventory – This task actually do exactly the same as above

The solution to this problem is to build your own task that run a script that both download and install updates and software and then report back what’s been installed.

  1. Start the SCE console, click Authoring and then expand Management Pack Objects node
  2. Right-click Tasks and select to create a new task
  3. In the Create task wizard – Task Type, select Agent Task and Run a script and then select your destination management pack and click Next
  4. In the Create task wizard – General Properties, input a task name and a description and choose target (I would recommend to use the Windows Computers as target). Click Next
  5. In the Create task wizard – Script, select as below and then click Create:
    1. File Name = WSUS.vbs
    2. Time Out = This depend on the time it will take to install the updates. In my tests I have selected 1 hour
    3. Script = Se below
      ‘ Written in 2007 by Harry Johnston, University of Waikato, New Zealand.
      ‘ This code has been placed in the public domain. It may be freely
      ‘ used, modified, and distributed. However it is provided with no
      ‘ warranty, either express or implied.

      ‘ Exit Codes:

      ‘ 0 = scripting failure

      ‘ 1 = error obtaining or installing updates

      ‘ 2 = installation successful, no further updates to install

      ‘ 3 = reboot needed; rerun script after reboot

      ‘ Note that exit code 0 has to indicate failure because that is what

      ‘ is returned if a scripting error is raised.

      Set updateSession = CreateObject("Microsoft.Update.Session")  

      Set updateSearcher = updateSession.CreateUpdateSearcher() 

      Set updateDownloader = updateSession.CreateUpdateDownloader() 

      Set updateInstaller = updateSession.CreateUpdateInstaller()  



      WScript.Echo "Searching for approved updates …"


      Set updateSearch = updateSearcher.Search("IsInstalled=0")  

      If updateSearch.ResultCode <> 2 Then

      WScript.Echo "Search failed with result code", updateSearch.ResultCode 

      WScript.Quit 1  

      End If

      If updateSearch.Updates.Count = 0 Then

      WScript.Echo "There are no updates to install."

      WScript.Quit 2  

      End If

      Set updateList = updateSearch.Updates  

      For I = 0 to updateSearch.Updates.Count – 1  

      Set update = updateList.Item(I)  

      WScript.Echo "Update found:", update.Title  



      updateDownloader.Updates = updateList 

      updateDownloader.Priority = 3  

      Set downloadResult = updateDownloader.Download()  

      If downloadResult.ResultCode <> 2 Then

      WScript.Echo "Download failed with result code", downloadResult.ResultCode 


      WScript.Quit 1  

      End If

      WScript.Echo "Download complete. Installing updates …"


      updateInstaller.Updates = updateList  

      Set installationResult = updateInstaller.Install()  

      If installationResult.ResultCode <> 2 Then

      WScript.Echo "Installation failed with result code", installationResult.ResultCode  

      For I = 0 to updateList.Count – 1  

      Set updateInstallationResult = installationResult.GetUpdateResult(I) 

      WScript.Echo "Result for " & updateList.Item(I).Title & " is " & installationResult.GetUpdateResult(I).ResultCode  


      WScript.Quit 1  

      End If

      If installationResult.RebootRequired Then

      WScript.Echo "The system must be rebooted to complete installation."

      WScript.Quit 3  

      End If

      WScript.Echo "Installation complete."


  6. Open the Computer or Monitoring View and select the client/server you want to update and then select the task that you created above.

Example of the result of the task on a computer that needs one update and the installation is successfull and the computer needs to be restarted

Example of the result of the task on a computer that doesn’t have any updates


Credit to Harry Johnston, University of Waikato, New Zealand that has written the script.

How to configure Agentless Exception Monitoring (AEM) April 3, 2007

Posted by Björn Axéll in How-To, SCOM.
comments closed

Operations Manager client monitoring mode enables the administratorsto monitor operating systems and applications for error. Client monitoring configures clients to send error reports to an Operations Manager Management Server insted of Microsoft. With the reporting function client monitoring mode can then generate reports based on these errors. Error reports can be send from the Ops Mgr server to Microsoft. Two good things about AEM are that clients dont need a agent and all client settings are controlled by a group policy.

Windows Error reporting is a feature of Windows XP and Windows 2003 server. If you are running Windows 2000, this is a function included in applications, for example Office.

A great benefit of this are that administrators can get a report about application problems within the organisation. This information can be foundation for software upgrade, software updates and purchase of new software. This information will help administrators to get a overview of software problems within the organisations, and that can help the organization to maintain the productivity instead of fighting with software filled with problems.

EAM Errors.

This is not post a complete step by step guide about configure AEM, if you are having problem with this, please contact me in a news group and I will help you. Here is a general overview how to setup AEM (step by step guide will be uploaded later…)

  1. Enable client monitoring mode on management server in the Administration part of the Console. This will start a wizard where you will input for example a directory to store the client monitoring mode data. You can also replace Microsoft and enter your own organization name, this will be in the dialog box when a application crash at a client. During this wizard a ADM file will be created, including all GPO settings that you need to control clients.
  2. In a GPO, import your ADM file created during step 1, then enable all policies from that ADM file. Some settings will be set to disable even if you set them to enable. You will have to “show GUI” within them to keep them enable, but you dont have to do that, it will work anyway.  

That should do it! Now your management server will recive errors and you can see reports about applications with errors. You can look at this in the console, under monitoring and Agentless Exception Monitoring. There are a number of defaul views

  • Application Error Events, all applications from all machines
  • Application View, state view that lists applications
  • Crash Listener View, management servers listening for failure/errors
  • Error Group View, applications errors by error group
  • System Crash View, computers that have an OS failure

Under Administration/Settings/Error Transmission you can setup everything about forwarding errors to Microsoft. Don´t forget to setup this.

If you want to test your AEM settings there are a couple of good ways, first a KB how to generate blue screens and then BANG.

This post was written in collaboration with Anders Bengtsson, owner of www.contoso.se , thanks for good discussions and tips.