{"id":120,"date":"2013-08-08T16:00:00","date_gmt":"2013-08-08T16:00:00","guid":{"rendered":"https:\/\/teacheritblog.wordpress.com\/?p=120"},"modified":"2013-08-08T16:00:00","modified_gmt":"2013-08-08T16:00:00","slug":"configmgr-speed-up-ad-group-discovered-client-push-installation-sccm","status":"publish","type":"post","link":"https:\/\/christianlehrer.com\/?p=120","title":{"rendered":"#ConfigMgr Speed up AD-Group discovered Client Push Installation #SCCM"},"content":{"rendered":"
<\/div>

Imagine the following situation:<\/p>\n

You have to deploy SCCM a well controlled and step by step. You want to use (automatic) push installation.<\/p>\n

This can be done by putting the PCs you want into AD-groups and throw some GPOs at them, to add an ConfigMgrPush Account to local admins for example. <\/p>\n

Then Active Directory Group Discovery has to be set up to discover items in the selected AD-Group.<\/p>\n

Now, when you put in a PC to this AD-Group, it will be discovered in a short time (5 Minutes in standard delta discovery settings).<\/p>\n

After discovery, SCCM will try to push the client to the new PCs but it fails, because the ConfigMgr push account is not a local admin. This happens, because a reboot is needed for the PC to be aware of new group memberships and applying the GPO.<\/p>\n

You now can wait until every PC is rebooted, or do the following:<\/p>\n

 <\/p>\n

Create a collection for PCs without an installed client:<\/p>\n

\"image\"<\/a><\/p>\n

Add a new query rule<\/p>\n

\"image\"<\/a><\/p>\n

Click \u201cShow query language\u201d and paste the query (delete linebreaks after inserting)<\/p>\n

\n

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,
SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,
SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.ResourceId not in (select SMS_R_System.ResourceId from  SMS_R_System where SMS_R_System.Client = 1) and (SMS_R_System.OperatingSystemNameandVersion = "Microsoft Windows NT Workstation 6.1")      <\/p>\n

 <\/p>\n<\/blockquote>\n

\"image\"<\/a><\/p>\n

 <\/p>\n

\"image\"<\/a><\/p>\n

Now that you have created the collection, it\u00b4s time for some Powershell and psexec<\/a>.<\/p>\n

Download psexec and place it somewhere on your SCCM Server, e.g. c:psexec<\/p>\n

Create a powershell script that gets all members of the \u201cno client\u201d Collection, refreshes PC AD-Group Membership<\/a> and forces a gpupdate:<\/p>\n

\n

$SiteServer = ‘localhost’<\/p>\n

# Replace  YSC with your SiteCode<\/p>\n

$SiteCode = ‘YSC’
 
$CollectionName = ‘All Windows 7 PCs without installed Clients’
 
#Retrieve SCCM collection by name
 
$Collection = get-wmiobject -NameSpace "ROOTSMSsite_$SiteCode" -Class SMS_Collection | where {$_.Name -eq "$CollectionName"}
 
#Retrieve members of collection
 
$SMSClients = Get-WmiObject -ComputerName $SiteServer -Namespace "ROOTSMSsite_$SiteCode" -Query "SELECT * FROM SMS_FullCollectionMembership WHERE CollectionID=’$($Collection.CollectionID)’ order by name" | select Name
 
#Try to Refresh AD-Goup Membership and force gpupdate for every collectionmember
 
ForEach ($SMSClient in $SMSClients){
 
write-host "Next Client:" $SMSClient.Name
$hostname = $smsclient.name<\/p>\n

c:psexecpsexec.exe \\$hostname -s cmd \/c "klist -li 0x3e7 purge"
c:psexecpsexec.exe \\$hostname -s cmd \/c "gpupdate \/force"
 
}<\/p>\n<\/blockquote>\n

If the script runs successfully, you will get an output like<\/p>\n

\"image\"<\/a><\/p>\n

To get this working, the account running the script needs to have the right to access the client PC!<\/p>\n

Now that the group policy is applied, the ConfigMgr Push Account can install the client.<\/p>\n

To go even further you could schedule this task, or even better, let Orchestrator do the job. <\/p>\n

 <\/p>\n

sources: <\/p>\n

http:\/\/www.jgsys.co.uk\/blog\/sccm-2012-pcs-without-client\/<\/a><\/p>\n

http:\/\/www.systemcentercentral.com\/ping-sccm-collection-members-with-powershell-sample-script-for-configmgr-2007-and-2012\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Imagine the following situation: You have to deploy SCCM a well controlled and step by step. You want to use (automatic) push installation. This can be done by putting the PCs you want into AD-groups and throw some GPOs at them, to add an ConfigMgrPush Account to local admins for example. Then Active Directory Group…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[11,21,26],"tags":[44,63,83,87,91],"_links":{"self":[{"href":"https:\/\/christianlehrer.com\/index.php?rest_route=\/wp\/v2\/posts\/120"}],"collection":[{"href":"https:\/\/christianlehrer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/christianlehrer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/christianlehrer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/christianlehrer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=120"}],"version-history":[{"count":0,"href":"https:\/\/christianlehrer.com\/index.php?rest_route=\/wp\/v2\/posts\/120\/revisions"}],"wp:attachment":[{"href":"https:\/\/christianlehrer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=120"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/christianlehrer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=120"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/christianlehrer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=120"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}