Your browser (Internet Explorer 6) is out of date. It has known security flaws and may not display all features of this and other websites. Learn how to update your browser.
X
Video

Role Based Administration Tips/Tricks Replay Is Up

In case you missed it, I did a webinar for Secunia on Oct 17th, 2013 where I provided an overview of RBA and some tips/tricks.  The information for the replay is listed below.

Replay Information

Role Based Administration: Tips and Tricks

During this Webinar, Chris Nackers will take you through the ins and outs of Role Based Administration in System Center Configuration Manager 2012.  For example, do server administrators want to set up their own ConfigMgr environment?  View this webinar to learn how to separate the server and desktops teams and keep the peace.  We also cover some tips and tricks you won’t want to miss!

https://www.brighttalk.com/webcast/8113/89045

Questions/Answers

We also had a few questions during the webcast which I promised to post a follow-up for everyone as well.

Q: How to set RBA for Software meetering to delete a rule?

A: You will need to create a custom Security Role and  allow Delete-access to Software Metering.

clip_image001

Q: Any idea when RBA will be turned on for reports?

A: This has been added in R2.

Q: Are any changes or enhacements to RBA coming w/ R2?  Might our existing custom security roles get messed up?

A: One major change is the ability to finally be able to control reporting through RBA. Existing custom security roles should be fine with the R2 upgrade.

clip_image002

Q: Can you grant read-only to a scope instead of a collection?

A: You can associate read-only access to a particular scope.

 

Security Role Templates

Last but not least, I promised I would provide some of the custom Security Roles I showed in the Demo.

You can download the files here.

Note: These roles are provided AS-IS.

The following roles are included in the download:

image

Aside

SCCM Guru Webcast Q&A Answers

 

Sorry for the delay on this everyone. Here is the Q&A from my recent webcast.

Answers are from the following people:

Chris Nackers = CN

Ron Crumbaker = RC

=================================================

Q: ­what’s the size of a standard boot image size? (145-180 MB)?­

RC: ­142MB out of the box­‑

CN: 32-bit – 120MB, ConfigMgr base 132MB

      64-bit 141MB, ConfigMgr base 153MB

Q: ­So, for boot images…why not just use one 64bit image instead of using a 32 bit?­

CN: 64-bit only supports the deployment of 64-bit OS’s, 32-bit will support the deployment of both 32-bit and 64-bit OS’s

Q: ­I have a Dell I deployed via OSD that has an ATI display adapter. It ended up with the Intel Integrated Graphics Adapter applications (igfxtray.exe, hkcmd.exe, igfxpers.exe) listed in startup in msconfig though it’s using the ATI driver- seen this happen?­

CN: Hard to answer without seeing how the TS is configured, off the top of my head, I could see a bad driver being injected via PNP, or if you had a driver package, it injected incorrect drivers as we will inject everything in the driver package. Or another possible issue is the result of a program/application being installed during the Task Sequence that caused the issue.

Q: ­Can the application mapping also automatically add the workstation to the SCCM Collection for the application?­

CN: None of the methods I covered (MDT/UDI) have a mechanism to do this.

Q: ­In the ideal scenario obviously the smaller boot image the better but what would he consider a reasonable boot image size for a 20 model environment?­

RC: ­You just don’t want it to be 500MB if you don’t need the drivers. Keep it as small as possible to get the right drivers­‑

RC: ­For 20 Greatly different models, then you might be around 150MB or so­‑

CN: I would expect somewhere in the neighborhood of 3-5 drivers added to the boot image to support 2-3 vendors and approximately 20 models.

Q: ­Mine is 137MB and I don’t know if its worth the trouble to change to save 2 seconds­

RC: ­That’s a good size­‑

CN: Yup, it’s a good size already, so unless you have needless added drivers I wouldn’t worry about it too much. Again part of the reason for testing drives is so that you don’t have drivers injected that you don’t need.

Q: ­Do you know of a good driver that works for broadcom 57xx netxtreme cards during OSD OS installer package?­

(I pinged Johan for this one because I knew he would know it off the top of his head)

Johan Arwidmark: For HP servers with the broadcom netextreme I use this driver for WinPE: cp013481, and this driver for Windows: cp014607

Q: ­Does application mapping support wild cards for the display name?­

CN: Yup, see this post: http://www.chrisnackers.com/2012/06/21/microsoft-deployment-toolkit-dynamic-applications-using-a-wildcard-for-mappings/

Q: ­What is the best way to handle the "odd ball" application that very few people use once in a blue moon. Right now we struggle determining whether to load it by hand or make a package and do all that jazz that goes with it.­

RC: ­I personally prefer all software to come from Configmgr, that way you don’t get stuck needing to quickly getting it deployed­.  ­Plus it is reproducible­.

CN: Agreed, if you have everything else already packaged, then I would spend the time getting the odd-balls packaged as well. If you still have a large list of applications that need to be packaged, then I would consider the odd-ball to be a lowering priority. Or you can take the approach of deal with it as it comes along, you have to start somewhere on getting things managed and imported into ConfigMgr.

Q: ­Does User Device Affinity and Applications deployed to users bring some different things to the table now?­

CN: That could be a long answer if we really got into it. The short answer is for the methods we talked about in the webcast, MDT application mapping and UDI application mapping, UDA doesn’t really play a part since those mappings are done on a machine basis. UDA is supported by a ConfigMgr 2012 Task Sequence though, but the mapping methods aren’t hooked into UDA at all.

Q: ­How do you keep your reference wim image current with security patches?­

RC: ­Offline servicing is AMAZING!­‑

CN: If you are using ConfigMgr 2012, then offline servicing is your best friend. If you are not on ConfigMgr 2012, then we would hope you have a build and capture task sequence, so it’s still and automated process and you just need to spin off another image while you go to lunch.

Q: ­Chris, to deploy (select) an app in UDI with CM did you say you must have a deployment for that application existing already?­

CN: In order to add an Application to the UDI wizard, it must be deployed to the collection you have configured in the UDI Wizard Designer.

Q: ­when we PXE boot we get TFTP access violation error. do we need to set up TFTP on same server? we have TFTP set up on another server.­

CN: Here is by far the best troubleshooting guide I’ve seen for ConfigMgr PXE issues: TechNet Blog – Troubleshooting PXE

Q: ­Thanks so much guys. I did get to clean up our boot image based on some of the things you pointed out. someone had even added a few wireless drivers at some point to our image. LOL. Now our small boot image is even smaller. Thanks again.­

CN: J Yeah I don’t think you’ll need wireless drivers, but you are not alone, I’ve seen that a few times before!

Video

SCCM Guru Webcast Replay Is Up

Thanks to everyone who attended my webcast today. I hope you found the content valuable.

The replay is available here.

The PowerPoint deck is available here.

Summary:

Episode 13: Chris Nackers
ConfigMgr OSD Tips/Tricks – What happens when I do this… uh-oh
Wednesday, May 30th, 2012 ~ 11:00 – 12:30 pm PST

What drivers do you really need in WinPE? Why shouldn’t you just add everything until it works? How does MDT Application Mapping work?

If you want to know these answers then join Chris Nackers, Microsoft MVP as he dives into the world of OSD and answers these questions and more!

Aside

SCCM Guru Webcast: NEW DATE – May 30th, 2012

Episode 13: Chris Nackers
ConfigMgr OSD Tips/Tricks – What happens when I do this… uh-oh
Wednesday, May 30th, 2012 ~ 11:00 – 12:30 pm PST

What drivers do you really need in WinPE? Why shouldn’t you just add everything until it works? How does MDT Application Mapping work?

If you want to know these answers then join Chris Nackers, Microsoft MVP as he dives into the world of OSD and answers these questions and more!

Register now and get your guru on!

Aside

SCCM Guru Webcast: ConfigMgr OSD Tips/Tricks – What happens when I do this… uh-oh

May 16th is coming up quick! I will be doing a Guru webcast for BDNA.  As you would expect I’ll cover something OSD related. 

Episode 13: Chris Nackers
ConfigMgr OSD Tips/Tricks – What happens when I do this… uh-oh
Wednesday, May 16, 2012 ~ 11:00 – 12:30 pm PST

What drivers do you really need in WinPE? Why shouldn’t you just add everything until it works? How does MDT Application Mapping work?

If you want to know these answers then join Chris Nackers, Microsoft MVP as he dives into the world of OSD and answers these questions and more!

Register now and get your guru on!