Monday, December 30, 2013

VM Host Task Sequence Handling

My Windows 7 TS supports about 35 hardware models today (The old XP one was over 60), so to save time in processing the TS, I have added a condition to the Apply Drivers Group or as shown below, a separate 'Apply Hardware Drivers' group. If I am deploying to a VM then it skips all those driver package steps. With more and more deployments being virtual it helps...


NOTE: Don't use that variable, its custom and not built in! I create an 'OSDComputerModel' variable via a tech interview HTA or VBS but you can use whatever method you use for Driver package conditions.

Additionally I  also capture the chassis type to a variable 'OSDChassis' and have the drivers grouped by Desktop or Laptops to save time as well. This also works for installing VPN clients or WiFi interface software on mobile platforms.

Another one I capture is the Asset Tag. This is used in DELL and other manufactures that allows a firm to put an internal Asset Tag in the BIOS. Dell does it via CFI for me.

While MDT has several built-in variables such as 'IsVM', 'IsLaptop', 'IsDesktop', I do not have MDT integrated with ConfigMgr so I've adapted other methods. I've noticed it is quicker to do a single WMI query for the model, normalize that, and save as a variable then to do a like WMI query for each driver package as well as grouping by chassis to skip dozens of unneeded steps.

Download

This script is provided as-is, no warranty is provided or implied.The author is NOT responsible for any damages or data loss that may occur through the use of this script.  Always test, test, test before rolling anything into a production environment.

This is the VBS version that collects the hardware data into variables.

Informational

I'm always having to look these up for varying reasons so I thought I would put them in one place. Know of any others I can add?

VMWare *ALL*

 VMWare Virtual Platform  

Microsoft Hyper-V

 Virtual Machine  

Xen *ALL*

 HVM domU  

Oracle VirtualBox

 VirtualBox  

Parallels Desktop

 Parallels Virtual Platform 



Tuesday, December 17, 2013

USMT Wrapper Script

Overview

During a hardware refresh there are times that data migration needs to be done manually such as with software encryption or other reasons. With the granularity that USMT supports, Scott and I wrote a wrapper script to do all the work for the techs as there is just too much flexibility!

For distribution, we have it as a package within ConfigMgr that can be downloaded by techs using the package down loader tool (see previous post). This way they always have the latest version of the script and XML files used by USMT. You call the script on the old computer with the new computer as a command line switch:

 USMT_Wrapper.bat NEWCOMPUTERNAME  
 USMT_Wrapper.bat 10.10.10.12  

First thing it does is copy it locally to %WINDIR%\TEMP as the USMT commands can be impacted by the DOS 256 character command line limit. Why a DOS Script? XP, don't have to worry about PowerShell being present as DOS has been around for a little longer...

If you do not pass it the new machine, then it will ask you for the new computer name. It uses SED for this which you put in the x86 and/or amd64 folders.


When ran from the old system, it will create C$\USMTStore on the new system and start migrating data with ScanState to a MIG file there.

Once complete you run the wrapper on the new machine and it will do a restore via LoadState.

Other things that the script does.
  • Detects XP and copies manifest files to %WINDIR%\system32\DLManifests
  • Runs correct architecture version of scanstate and loadstate for 32-Bit or 64-Bit
  • Copies the logs to the ConfigMgr logs folder (%WINDIR%\CCM\Logs) for cleanliness
  • Captures start and stop times

Considerations

The wrapper is set up for my environment so you will have to parse it and change things accordingly. Specifically you will have to do something about the IncludeExclude.XML as this is custom for our environment, or just rename one of yours to it. There are several REM statements and comments that do different things. If you do not use ConfigMgr then you will need to modify the log copy at the end.  Since its all done with variables several of them can be set before running the script such as destination as a side note.

If you make any changes please let me know as I may add it upstream!

Download

This script is provided as-is, no warranty is provided or implied.The author is NOT responsible for any damages or data loss that may occur through the use of this script.  Always test, test, test before rolling anything into a production environment.

I am providing both USMT4 and USMT5 versions here, however they can be interchanged with little modification. We'll make a USMT6 version soon.

Future

GUI for it? This was for USMT4 and Scott is talking of making a new one for USMT5 (or 6). It lets you choose profiles and files/folders to customize.


Tuesday, December 10, 2013

Cheaply Distribute Large Standalone Media

How big is your image? My Windows 7 is over 50GB between the drivers, applications and the multiple architecture WIMs as I support ALOT of hardware. Both my Workstation and Server TS use an HTA to prompt the tech for various tidbits, however as most of those items are in the TS so they are therefore created for StandAlone Media making it large, very large.



I'll blog about that HTA at a future date once I get an older version to be agnostic. It wasn't built with public consumption in mind as its very custom to my environment.

A problem we have is offline use. Since we deploy several hundred systems globally a WEEK we need a way for our techs to continue functioning during a ConfigMgr outage. I'm always amused when someone contacts my team and says "HELP! OSD is down!". Its like saying "the Internet is down!" Um, no its not (well ok when we upgrade...), but your part of it is. We all can agree that SCCM is temperamental at times locally. A package is missing, out of date, whatever, 2012 is so much better at this. Additionally techs travel to small sites we don't have a local DP at so having offline is

By moving away from the "Total Control" method of driver management towards "Total Chaos" I can bring it down to about 16GB. With hundreds of techs its not feasible to send out USB thumb drives every quarter but DVD-9 is, least until BD-R becomes a standard.

We stumbled on this trick which our techs like, especially as MS doesn't create the media sequentially so you have to "Insert Disk 1", "Insert Disk 2", "Insert Disk 1" several dozen times.

You create CD/DVD StandAlone Media via the Wizard to 8.5GB media (DVD-9) which holds 7.95GiB worth of data that spans two ISOs in my case.  Once complete, create the same Stand Alone Media again with Unlimited as the CD/DVD media size (new in ConfigMgr 2012) or USB, and grab a few files from this second media set to replace matching files in the split StandAlone.

When we mail out the DVDs we also post a 7ZIP with the Unlimited media files for the techs to our Imaging SharePoint site. The techs then have a choice to use the two DVDs, or merge them onto a USB drive for faster no media swap deployment.

The 7ZIP has the following files from the single ISO with paths. In testing we found that only Policy.xml and Variables.dat need to be updated but we do all four to be complete.

 \VolumeID.xml  
 \SMS\data\Policy.xml  
 \SMS\data\TsmBootstrap.ini  
 \SMS\data\Variables.dat  

The techs then do the following to create single media on USB:
  1. Copy Disc 2 to root of USB (Or sub-folder if they use Grub for multi-boot scenarios)
  2. Copy Disc 1 to the USB, replacing any duplicates
  3. Copy compressed folder contents to the USB, replacing any duplicates


Tuesday, December 3, 2013

SCCM 2012 Package Downloader v1 available

With the upgrade from Config Mgr 2007 to 2012 you no longer have the ability to obtain software by visiting

\\LOCALDP\SMSPKGDRIVELETTER$\PACKAGEID 

to get something. This is awesome and painful depending on your view. With several hundred techs at my company, they have become spoiled by having a local cache of software or drivers so many techs will go to the share to get something vs following a process to obtain software that has license tracking involved as an example.

While I get the need for local cache, they don't always follow process for whatever reason such as diagnose the agent. Then there are the "Self Declared Power Users" that stumbled on the share and find 'Adobe Creative Suite 6 Design and Web Premium' and decide they need that and try to install it. Luckily we have other checks and balances in play but it causes problems for one reason or another. I'm definitely of the camp to liking the addition of a Content Library in 2012. We have taken our DP storage from several hundred GB to less then 100GB especially around drivers as those amounted to over half the data.

Since our techs were spoiled and its always hard to take something away, I asked our SCCM Admin Cory Becht to see what he can do. Cory to the rescue! He developed a package downloader HTA for 2012 that we want to share with you. Technically Cory released it on myITforum back in February 2013 but I'd like to talk about it.

What the tool does is downloads a package and runs a program associated with it. More specifically, this script will query and display available packages and applications when needing to bypass the Configuration Manager 2012 agent. It will access the Content Library of the distribution point and download all the required files and then execute the specified command line. In some cases we have a program called 'CopyFolders.EXE' that just prompts for a folder to copy the package contents to. This is good for the OSD PE media and our Admin PE (Think DaRT) tool among other things that we use ConfigMgr to distribute content.

Configuration

I wont rehash the howto instructions but do want to point out the following basic configurations for it:
  • Script users will need specific RBAC security settings
  • Configure Script variables for your environment
  • A new SQL view needs to be created on the SCCM Database and script users given SELECT rights

One of my concerns was the abuse of this script to get around processes, so I requested that the HTA send an email notification to our groups mailbox when someone uses it. We use this to follow up as well as as a check/balance on the health of SCCM and the agents. If we see one tech using it a large amount, it prompts a conversation with them or their supervisor into why that's happening. Sometimes it is a valid problem needing resolution and sometimes its not. Depending on your size this can clutter a mailbox so definitively use some filters. We see about 70 a day on average with the majority from techs getting our OSD PE or Admin PE tools.

Packages and even programs are made available in the tool on a case by case basis, so for each one you want to make available you will need to add the following in the description of a Program you want available in the tool:

 LISTMANUAL=’SomeCommand.exe’  

Or as shown in the Console


Something I would strongly urge is to put the script in SharePoint or somewhere central so they are calling the most current version. We had initial problems due to older versions being ran vs the newer bug fixed version. When it is ran, it will determine all the packages that are available to the user or machine and then show what is available within the tool.



Notes

  • I don’t have a CAS, therefore running it against the CAS database is unknown.
  • Works with IPv4 only.
  • Utilizes BITS and bitsadmin.exe program to do the download of the files as I don’t have PowerShell everywhere.  XP doesn’t include it by default and is in the XP Support Tools 
  • Uses HTTP and not HTTPS to access content from the DP.
  • Lesson Learned: Make sure IIS doesn't have a Hidden Segment or File Extension filter entry that prevents a package download.  The request filters will prevent downloading of certain paths or extensions.  I have a script running on my distribution points to configure the request filtering automatically.

Future

This tool does not do drivers and Cory is still working on that part, its the biggest request we receive from the techs and rightly so. Many machine problems are resolved by updating drivers. We are using v2 internally and will make it available once we move to v3 or possibly move to an Alternate Content Provider such as 1E NOMAD or Adaptiva OneSite. Cory moved away from BITS to web services as BITS caused much of our reported problems with the tool and web services is a ton faster, especially on slow connections.

Download

This script is provided as-is, no warranty is provided or implied.The author is NOT responsible for any damages or data loss that may occur through the use of this script.  Always test, test, test before rolling anything into a production environment.

Here is the direct download over at MyITForums. If you make any modifications I'd like to hear about them as we could incorporate them upstream.

Monday, November 25, 2013

Monthly MS Patches Available Offline

Stumbled on KB article 913086 from MS. It is a DVD ISO of patches released. Really good thing to know about if you have to patch a system offline. This KB will be kept up to date with current month as well as point you to previous months. I've used WSUSOffline in the past for this function but this is good to know about as well!


DOS Script to Reset Windows Update Agent

There comes a time when a workstation or server is not getting updates. Doesn't matter if its via Microsoft Update, WSUS, or even SUP. This is one of those things, that its better to use the broadsword approach, then spend a lot of time to diagnose and fix a minor issue. You can also run into issues if you are using an Advanced Format drive supporting 4096 (4K) sectors or the hybrid 512e sector formats as the local Update database is Window Jet Database engine based. You'll need to address that first via Service Packs or hotfixes in supported Operating Systems.

I wrote this script a while back that will do several things to faciliate a reset. It was put together from allot of reading and experience in my large environment and smaller ones I help out on. I have had no need to re-register the Update DLLs so its not in here. It performs the following high level items.
  • Stops relevant services
  • Backs up settings
  • Resets WUA
  • Starts relevent services
Some things of note, if you use ConfigMgr for updates via SUP, then you can uncomment out two sections to stop and start that service. Also if you do NOT set WSUS via GPO, you can comment the GPO update section.

This script is provided as-is, no warranty is provided or implied.The author is NOT responsible for any damages or data loss that may occur through the use of this script.  Always test, test, test before rolling anything into a production environment.

Download Script

Thursday, November 14, 2013

OSD Unfriendly Patches

Last year I was having a devil of a time doing a Build and Capture Task Sequence (TS) as it kept rebooting outside the task sequence and causing it to fail. It was related to the SUP steps, however I could not figure it out as we immediately transitioned from ConfigMgr 2007 to 2012 (yay!). Recently however, after adding the October 2013 Microsoft Patches, we started experiencing this same issue on the production Windows 7 TS. It was immediately after this change, so we removed the SUP advertisement and all was well. In working on a solution, our ConfigMgr Admin Cory Becht (of right click tools fame) found KB2894518 covering the problem. Turns out there are a few Microsoft patches that reboot a system multiple times. This causes havok for a Task Sequence as it must be what restarts the PC during the deployment, not something outside of it like a patch. How nice of MS to release patches that have several restarts, they can mitigate this problem.

     NOTE: This KB will be kept up to date with patches known to require multiple restarts.

To address it we made several changes to our process.
  1. Each month we visit that KB to see if new ones show up.
  2. These OSD unfriendly patches were moved to a focused Software Update Group called 'OSD Excluded Updates'
  3. 'OSD Excluded Updates' are advertised to all systems and not the 'Unknown Computers' Collection used by Deployments.
  4. Inject these troublesome updates via DISM to quarterly WIM.
For #4 I found a nice Powershell script (written by BenP) at the Microsoft Script Center that simplifies it. You just pass it the path to the WIM, mount folder, patches, and it does the rest. So after creating a WIM via a Build and Capture TS, I inject the patches that apply and then import the WIM into SCCM for use. Currently this is just KB2862330 and KB2545698 for Windows 7.

For obtaining the patches, the Microsoft Update Catalog is the best place as you just enter the KB and download .MSU files for the relevant Operating System, nothing to extract. It will download each update to a sub folder so if you use the above script you'll need to put all the relevant updates in the same folder, 'Windows 7 X86' for example.

While at the Update Catalog site, if you click on the update and select the 'Package Details' tab and it will tell you what that patch replaces or is replaced by it. Or check via ConfigMgr.. Basically, each of these troublesome patches will be replaced eventually by another one and you may not have to use DISM to inject it and instead let the SUP step(s) install it. I like to have the deployment to include everything vs letting production advertisements apply it after handing the asset to a user so we chose to inject it to our quarterly WIM.


Tuesday, November 12, 2013

8dot3name Short File Name settings not enabled via ADK Partition Disk step in SCCM OSD 2012 SP1



We updated our SCCM 2012 environment to SP1 back in late January of 2013. About 6-8 weeks later I was escalated a problem that some Design software was not installing nor working correctly and they were blaming the image. Primarily, it was several Bentley apps such as ProjectWise. In digging into it we found that 8dot3name (SFN) were no longer enabled for the file system and these applications were installing or calling the executable via SFN.

As part of the SP1 upgrade, it changes from using AIK (windows 7 base) to ADK (windows 8 base) for OSD deployments and Windows 8 does not enable 8dot3name by default. So when you deploy a system, the Partition Disk step creates the volume with no SFN support. Microsoft added native LFN support in the Windows 95/NT4 days via VFAT so in their defense it’s been many many years, so is a good time to remove it as they gave well over a decade for vendors to catch up. My issue is they did not tell anyone of this change, none that I can certainly find. So how did we fix it? I made a few TS changes.

I normally create an updated WIM quarterly so after we upgraded to SP1 I created a new WIM via a Build and Capture TS along with PE media. This WIM contains the OS, .NET Frameworks, Visual Studio Tools, and all applicable patches. Then the deployment TS deals with drivers, apps A-Z and what not. I was in the middle of this cycle when this problem arose and since it takes a while to send out an updated WIM to several hundred DPs so I had to do a break/fix in the mean time to get our users productive again. Since I sent out a new WIM built with ADK it did not have SFN in it so I had to enable SFN on the affected folders.

Production TS
After much trial and error down other roads, I kept coming back to FSUTIL.EXE. I did a lot of comparison using this tool to pre SP1 deployments trying to figure it out before discovering that the Partition Disk step ran via ADK does not enable SFN from this post over at scug.be.

After the Apply Operating System steps (my production TS has both 32-Bit and 64-Bit in it), we had to use FSUTIL to enable SFN and create the SFN for the affected folders. In the Deployment TS, I created a group with the following items as Run Command Line steps.

As everyone knows, MS had to strip stuff out so that PE can be small and agile. They took out obvious stuff like ACPI, games, etc.,  however they also took out FSUTIL. This EXE allows you to mess with the file system, really it should be in PE. Since ADK is Windows 8 based, I went to my W8 media and pulled out FSUTIL and tried to run it. It failed with some weird errors. Turns out I needed the MUI as well to get correct error messages. That failed and got different errors. Turns out while experimenting more that FSUTIL must be ran from %WINDIR%\System32. So the first two entries are to get FSUTIL over to the PE ramdrive from a package.

 CMD /C COPY fsutil.exe.mui %WINDIR%\System32\en-US  

 CMD /C COPY fsutil.exe %WINDIR%\System32  

To turn it on was a simple endeavor via FSUTIL and anything created this point forward will get SFN created. NOTE that during my Partition Disk step I save that partition letter as the variable OSDISK.

 %WINDIR%\System32\FSUTIL.EXE 8dot3name set %OSDISK% 0  

Since the source WIM did not have SFN enabled, I created SFN for the affected folders. Since the TS has both X86 and X64 arches (chosen via HTA),  it will handle both deployment scenarios.
32-Bit Only.

 %WINDIR%\System32\FSUTIL.EXE file setshortname "%OSDISK%\Program Files" progra~1  


 %WINDIR%\System32\FSUTIL.EXE file setshortname "%OSDISK%\Program Files\Common Files" common~1  

Additionally if the OS being deployed is 64-Bit it will enable SFN for the Program Files (X86) folders as well.

 %WINDIR%\System32\FSUTIL.EXE file setshortname "%OSDISK%\Program Files (x86)" progra~2  

 %WINDIR%\System32\FSUTIL.EXE file setshortname "%OSDISK%\Program Files (x86)\Common Files" common~1  

While I had to push out a small package for FSUTIL it definitely shows how quickly a change can be made if you do your entire deployment via Task Sequence and keep your WIM thin.

Build and Capture TS

To fix it in the B&C is a lot simpler as you just do the first three steps between the Partition Disk step and Apply OS step. When the OS is installed, it will create the SFN and you have a WIM captured with SFN enabled and all created. Once I deployed the updated WIM the above was removed from the Production TS.
Also as a change in SP1 is the move from Installation source to using the install.wim for the Apply OS step, so I no longer have to maintain a separate 64-BIT PE instance to do the B&C. All deployments are done via 32-Bit PE.

I wonder what changes 2012 R2 and ADK 8.1 hold for OSD.

Update

While not as fun as mine, a quick and dirty way is to do another format with a switch. Do this right after built in Partition Disk step. The /s switch is what your after.

 cmd /c format %OSDISK% /fs:ntfs /q /v:SYSTEM /s:enable /y  

Saturday, November 9, 2013

MDT Centralized Log Cleanup

I helped a friend a while back setup an MDT 2012 instance for a client of his. They are a small shop with a single IT person. Shortly after MDT became stable, their IT person left, leaving the office manager to set up machines. Lets just say MDT made her a happy camper until they got another IT person. In helping my friend diagnose the occasional problem I would ask him for logs and in some cases, it was hard for him to obtain them as the systems ran off to the field and whatnot. Luckily MDT has a feature to handle this by putting one of these two lines in your customsettings.ini etc. The first will copy the logs to a network location when the system is deployed and the second will do it live during the image process.

 SLShare=\\servername\share\  
 SLShareDynamicLogging=\\servername\share  

I put them under MDT$/Logs (I use this share name vs the default DeploymentShare$ share) but they can go to any UNC path on the network that the MDT account can access. It will create a subfolder and put BDD.Log etc in it. Andrew Barnes has a great article on it.

As we quickly found, the folder started filling up so I gave him this simple shell script to keep it clean. Its ran as a scheduled task at 5AM each day to delete any logs older than 60 days. Change /P to the local path of the logs and /D to the days to delete, note the negative number. Then remove the 'echo' so it has teeth. Otherwise, it just outputs what it wants to do.

 ::Written by Kevin Fason  
 :: This simple script will clean the MDT Logs folder of logs older then 60 days.  
 :: V1.0  
 ::  04.09.2013  
 @ECHO OFF  
 ForFiles /P "D:\MDT\DeploymentShare\Logs" /D -60 /C "CMD /C if @ISDIR==TRUE echo RD /Q @FILE &RD /Q /S @FILE"  

It can be run directly within the scheduled task but I did it in a shell script so its easier to update. To use for other stuff such as deleting just files you can change the cmd/c to soemthing like '"CMD /C DEL @FILE"'.

WSUS Maintenance Automation

Update: 06.26.2017 - Created one for Server 2012 R2 here.

While I use SUP via SCCM 2012 to manage my work fleet, I still play with and help others with their WSUS installs. WSUS is great for small and even large organizations to update their fleet systems. I directly support a WSUS instance (as well as MDT) at my dads, my playground really. He has everything from 98 SE to 8.1 running around on site and is the "computer guy" for his neighborhood and family/friends so he fixes many different Windows OS'. WSUS saves him a great deal of time and effort when he fixes a system or refreshes it with MDT.

With that said, no matter the environment, WSUS needs regular care and feeding and I handle this need automatically with scripts others have wrote and shared. Over the years I've found many ways to do it and have settled on the following process monthly which keeps WSUS happy with little break/fix issue and even keeps the WSUS MMC snappy.
  • Decline Itanium Updates
  • Cleanup Wizard
  • Re-Index Database
The first two are handled by Powershell scripts written by Mark and the third is by the Scripting Guys.  All three can be found over on the Microsoft Gallery Script Center. Very handy site.

Since WSUS does not distinguish between Wintel or Itanium you can get unneeded Itanium patches taking up space and being processed, especially true with any auto-approve rules. Both of these scripts are ran against the parent server only. I run the Itanium at 7PM and the Cleanup at 10PM on the first of each month. You can find the Decline Itanium Updates here and the Cleanup Wizard Script here. Be sure to modify them for your environment (as shown in the links) and the email function is pretty handy as shown below so enable it if you want it.


For the scheduled task it took a little bit to get working the way I like due to PS security. I run them as a Domain user that is in the local admin group. So whatever works in your environment.


 powershell.exe -ExecutionPolicy Unrestricted -nologo -NoProfile -File "PATHTOSCRIPT\WSUS_Decline_Itanium_Updates.ps1"  

 powershell.exe -ExecutionPolicy Unrestricted -nologo -NoProfile -File "PATHTOSCRIPT\WSUS_Cleanup_All_Servers.ps1"  

You can find the WsusDBMaintenance script here, however doing a Re-Index is a bit more complex and needs to be ran on each WSUS server from the parent on down. If you use Windows Internal Database (default for WSUS) then this applies. If you use another flavor of MS SQL, then I vote to let the DBA deal with it... :)

Firstly, you have to install some prereqs as the sqlcmd called in the re-index script needs to be present. Microsoft provides it separately so you do not have to install a full edition of MS SQL to get it. Install MS SQL Server Native Client and then install the sqlcmd tool to your server. Below are links for 32-Bit and 64-Bit and there are Itanium ones out there as well. Install with defaults.

32-Bit MS SQL Server Native Client
32-Bit MS 2005 SQLCMD

64-Bit MS SQL Server Native Client
64-Bit MS 2005 SQLCMD

I wanted it to also email results to me so I grabbed blat. Great tool. Put blat and the WsusDBMaintenance script in the same folder along with the batch file below. Blat will attach the sqlcmd output as a file. Modify the setup shop variables to your environment. The scheduled task calls the batch file and runs as local administrator. Be sure to check the 'run with highest privileges' on the general tab of the scheduled task otherwise you will experience an access denied error. This is not needed on the above two powershells. I run it at 7 PM on the 2nd day of each month.

 @ECHO OFF
 :: This script will run the WSUSDBMaintenance and email its output
 :: Written by Kevin Fason
 :: 09.12.2012
 :: v1.0
 
 
 :: Setup Shop
 SET LOGFILE=%TEMP%\WSUS_DB_reindex.txt
 SET EXEPATH=C:\Program Files\Microsoft SQL Server\90\Tools\binn\sqlcmd.exe
 SET SCRIPTPATH=PATHTOYOURSCRIPT
 SET WSUSSERVER=WSUSSERVERNAME
 SET [email protected]
 SET [email protected]
 SET SMTPSMARTHOST=SMTPHOST.DOMAIN.COM
 
 :: Delete previous log
 ECHO.
 ECHO Deleting previous log if it exists
 IF EXIST %LOGFILE% DEL %LOGFILE%
 
 :: Run WSUSDBMaintenence SQL Script
 ECHO.
 ECHO Starting WSUS DB Maintenence Script
 "%EXEPATH%" -I -i "%SCRIPTPATH%\wsusdbmaintenance.sql" -S \\.\pipe\MSSQL$MICROSOFT##SSEE\sql\query > %LOGFILE%
 
 
 :: Email the SQL Script output
 ECHO.
 ECHO Emailing results
 "%SCRIPTPATH%\blat.exe" -body "WSUS Database Maintenance Results attached. Please review. see you next time!" -to %SMTPTO% -f %SMTPFROM% -s "WSUS: DB Maintenence Results for %WSUSServer%" -server %SMTPSMARTHOST% -attach %LOGFILE%

I suppose you could have a script call all three parts sequentially but I do it separately to work around backup windows, and really as long as you do it regularly its very beneficial. I've also thought of doing it closer to Patch Tuesday or maybe first Monday and Tuesday of the month for example. So do you do something more?

Updated (02.25.2016)


Marks scripts do not work on more recent releases of WSUS within 2012 and 2012 R2. I found a couple great ones to use however.

First is SMSAgent wrote a PS1 that performs the same Cleanup Wizard as above and emails it to you.

Second is Jason's configmgrftw has Decline-OtherUpdates and expands ALOT on the process as a whole. His focuses on declining Itanium and other miscellaneous updates.

Additionally Microsoft has a TechNet article on it.

-Kevin Fason

Wednesday, November 6, 2013

And so it begins...

I've had several peers tell me that I should start blogging as I have a wealth of cool neat solutions to wacky problems. So here I am. If there's something you want me to start on please let me know! I have a few ideas lined up from presentations at MEMUG already.

Why Kevinisms? This was branded by an old Manager of mine, Will, in reference to the strange things I ramble about. A small sampling:

"I just twitch from time to time"
"Propecia, That'd be a good name for a drug"
"They don't know I'm interesting"
"I will be world dictator before I die"
"I don't like lumps in my pocket"
     + 7/21/03 4:43 pm
     + Referring to Kyocera 7135 Phone
"I guess gear & geargear was taken"
     + window sticker on a car at Microcenter for geargeargear.com
     + 1/8/04 9:19 am

So who am I? I'm Kevin Fason and I've been in technology all my life. Grew up with my dad working for the likes of StorageTek and bringing stuff home for me and my brother to mess with. I always wonder what trouble I'd be in if I grew up today. Was big in the Atari and Amiga world growing up in the demo scene, running BBS' etc. Hanging out at the CO's, all the fun stuff. We used to help him repair Atari computers and Game systems for the local shops.

So in short, this apple didn't fall far from the tree, even my brother is in technology. I consider myself a dying breed, technology is more then a job to me. I do what work wants from 8-5 and will come home and do what I want from 5-8.

Currently I am the End User Computing Architect for a large Engineering firm in Denver. Had various roles over the years here, from Communications (PBX, Voicemail) , Administration, even IT Global Manager. I'll create a more formal bio about me shortly. Deployment is a big part of my mindset (OSD, MDT, going back to dd) so I have come across lots of scenarios and issues working for a firm that's on all the continents and zillions of countries (I have to exaggerate counts..)