- 1 SUSE Linux Enterprise Server for SAP Comes to IBM Power
- 2 VMware Hints at Potential Evolution for Container Strategy
- 3 Windows Server 2003 Meets the Zombie Apocalypse
- 4 Tips and Considerations When Creating Virtual Machines in Azure
- 5 Securing Containers without the Need for Virtualization Technology
SMS 2.0 Training for SMS Support Staff
by Dana Daugherty
Training and communication are important for your support staff
members. Here is a complete 4 module training guide to save you some
time you should find it to be a great base to get you started on
your own. Module1- Getting Started Module2- Clients Module3- Remote Control Module4- Inventory\Reporting
Training and communication are important for your support staff members. Here is a complete 4 module training guide to save you some time you should find it to be a great base to get you started on your own.Training and communication are important for your support staff members. Here is a complete 4 module training guide to save you some time you should find it to be a great base to get you started on your own.
Module1- Getting Started
Module3- Remote Control
Module1- Getting Started
SMS Overview- SMS has many components. For a
listing of all components including a brief description of each of
these components open SMS
Our Organization's current plan for SMS in North America calls (Put your plan here, this is an example.) for a Central Primary Site server (001SMS) at Cinciniti with Secondary Site Servers at our other 4 locations. Our European plan includes Secondary Site Servers in each 5 locations. Each region will have read access to all collections and the ability to use remote control, create and run queries, track the status of clients and configure server and client components at their own site. Software distribution will be performed at the Central site server to be sent to all regions.
SMS console- the console uses Microsoft Management Console technology. The MMC requires IE 4 or later and NT4.0 SP4 or later. This is where all the "action" happens. To install the console go to the SMSCD directory at your regional SMS Server and select Autorun.exe. After the splash-screen comes up select install SMS 2.0. Eventually you will see the screen where only the console option will be selected (no other option will be available.) continue. You will have the option to install Crystal Reports and Network Monitor. I advise against the Crystal Reports, we have no plans at this point for installing this as a reporting tool for SMS. Network monitor is a more robust version than the one that comes free with NT server. Go to the Systems Management Server applications group and select Administrator Console.
HELP!!!- after the install is complete you will see a Systems Management Server application group on your start menu. Within this group you will see Administrator Guide. This is pretty helpful. The Back Office Resource Kit 4.5 is a must have. The following news group has been most helpful as well http://support.microsoft.com/support/news/Ngresults.asp?D=sms.
Server Configuration- Servers should be 99% configured when you receive them. Server and client configuration settings are located under the Site Datebase\Site_DB_3lettercode\XXX (your region) tree.
Security- settings are located in the Security tree. I have designed our Organizational SMS security around our regional IT model. Our structure has 3 levels of security.
- Regional IT staff has the ability to read queries created for their own group. Create queries. Remote control workstations within their regional collection. Delete workstations within their own regional collections. View status messages. View site server and client settings. View all collections.
- Regional NT Admin accounts have the above rights plus: can view and remote control the All Systems Collection. Remote control the server collection and the all Win Systems collection within their region. Modify their regional server and All Win Systems query. Create collections and read all collections. Modify Site settings. View all advertisements and packages.
* Please consult the SMS Admin before editing any regional sit configurations.
- Corp IT SMS Group - for IT support staff not in Regional IT Groups. This group has remote control capabilities for all regions, the ability to read all queries and collections and can read all status messages.
- Implicit Individual Rights- for those involved directly in the implementation and administration of SMS.
*Note any user can create queries but the Administer right is reserved for the SMS Administrator or users that have the implicit Administer right. At this point there is no "safe" way to give this right in way that will let him/her administer a specific region. If you need rights for any query changed to give others read permissions to it let me know, I'll be glad to take a look at it.
Installation- for Win 9x clients we are using NT Logon Installation. When you are ready to begin installing clients go to User Manager for Domains, select the user, select their profile. In the login script box type smsls. The next time the user logs on the SMS client will install itself.
Manual installation can be performed by accessing smsman.exe .
- Note: You can configure login scripts to be automatically edited with in YourRegionServer\Site Settings Tree\ Client Agents. Please DON'T do this. It will add this login script to all usernames in the domain. Regions other than yours may not want this to happen.
IT staff should not have the login script added to their account. This will complicate setup procedures for setting up new PCs within your region.
NT workstations and servers will be automatically discovered via SMS remote installation.
All SMS client files are located in %Windir%\Ms\SMS. Changes to the control panel after installation include the addition of a few applets, Systems Management, Advertised Programs, Advertised Programs Monitor and Remote Control. End users have limited access to these components. You will find the Systems Management applet useful at times.
There are some critical client maintenance procedures to follow. When ghosting a machine that is an SMS client you must remove it from the Collection Tree from within the SMS Admin Console. When you change the system (computer) name of an SMS client, first remove it from the Collection Tree and then remove the client software. The best way to uninstall the software is to run 20CliClean.bat, located in the Back Office 4.5 Resource Kit.
If the above steps aren't completed the database will become corrupt because each system is assigned a unique id "Guid". When a system name is changed without removing its client software, duplicate records end up in the database. This causes problems when we try to send software out based on a query. The second problem is more obvious, if a system is entered into the database and the said system is taken from a user (ghosted or swapped out etc) the record remains in the database.
***I can't stress the importance of above maintenance tasks. Skipping this task doesn't just cause problems for the machines with duplicate records; it seems to mess up the whole distribution process.
Home Based Users- please do your best to get the
SMS client installed on these laptop systems when they send them in
for repair or visit their home offices. Currently we are using
inventory and remote control features on these machines. In the
future we plan to send some packages to them as well.
Module3- Remote Control
The remote control feature can be accessed through a collection or through a query. The remote control Security Right is applied to collections; in order to RC a system you must have the appropriate rights. To remote control a system open a collection or run a query. Right click on the system that you want to remote control. Select Remote tools. Explore the tools within this applet. To the far left is the remote control connection icon.
**We want end users to understand that Remote Tools are here to help them and are not cleverly designed approach for spying on them. In an effort to ease our user's possible "Big Brother" syndrome we have decided to select the following settings under region\SiteSettings\Client Agents\ Remote Tools Agent\ Display Visual Indicator; Display High-security visual indicator on desktop and play sound repeatedly during session. For obvious reasons, users won't be given the ability to change Remote Tools settings on the client.
Please use discretion with this tool! It's best to verbally contact the end user before you remote control their machine.
At this time inventory data in our organization can be accessed with the following tools: Resource Explorer, specialized Excel template and queries.
Resource Explorer can be accessed by right-clicking on a query or collection result then select Resource Explorer. This will query the database for detailed software and hardware inventory information specific to the machine that you right-clicked on.
There is a SMS specific Excel template in SMS cd\ResKit\REPORT\sms~1.xlt. Copy this template to a local machine and run it. It will connect to the SMS Site Server and ask you for your user name and password. Next it will list all the queries in the database and wait for you to select one. The template will then return the information based on the query you selected.
Queries specific to each region have been designed. Also, any console user can create queries for their own use. (Contact the SMS Admin if you would like to give other IT staff members access to it as well.)
How to build a query- while in the SMS Console open up the query tree, right click on Queries, select New Query. In the Name Text Box enter All Systems w/ MS Project. Select Edit Query Statement. On the General Tab select the star symbol, then hit the select button. Set the Attribute Class to Computer System and Attribute to Name. Select OK. On the general tab select ascending for the sort order then OK. You should now be looking at the Query Statement Properties sheet. From here select the Criteria Tab. Next select the star symbol to create a criteria. Hit the select button on the General tab, set the Attribute Class to Software Files and the Attribute to File Name, then hit OK. Set the Operator to "is equal to" and the value to Winproj.exe. To create a query based on another file select the values button for a list of all files to query on.
To restrict the above query to a specific site use one of the following 2 methods.
- Go to the properties of the query you want to restrict. Select Edit Query Statement, then the criteria tab, then select the star symbol to add another criteria. Hit the select button and use for System Resource for the Attribute Class and SMS Assigned site for the Attribute. Hit OK be sure the Operator is "is equal to" and make the value specific to the assigned site you need to get info about. Select OK. On the Criteria Tab be sure the operators reflect the query you want, e.g. "or" instead of "and". Just double click on the operator you want to change. Select OK until you get back to the Console screen.
- Another way to restrict to a specific site is to go to the query properties, select Limit to Collection and browse to a collection to use to limit your query results.