How to Capture an OS Image using SCCM OSD and PXE

Before setting up OSD, I did some research and found different views/instructions on how to setup OSD with SCCM. Some people said to configure WDS while others said it wasn’t necessary.
Personally, I configured WDS and it works for me...

Install and configure the WDS role in Computer Management, THEN add the PXE service point role in SCCM:

http://blogcastrepository.com/blogs/brian_tucker/archive/2006/07/11/1680.aspx

Create _Capture and _Deploy Collections
Give Machine account Read rights to the network share where you save your drivers.
Import NIC Drivers
Distribute the Boot images to your PXE Distribution Point: SMSPXEIMAGES$
Give the Network Access Account Read rights to SMSPXEIMAGES$ (\RemoteInstall\SMSBoot)
Install the PXE Certificate (Site Settings --> Certificates --> PXE
Enable command line support on the boot images (See Troubleshooting section below)
Open the Configuration Manager Console -->
Expand Computer Management à Operating System Deployment --> Right-click on Computer Association and select Import Computer Information.

Right-click on the computer that was just added. Add the OSDTargetSystemRoot variable with the value of the directory where windows is installed (ex. C:\windows)

Create the Deployment Task Sequence

Right-click on Task Sequences --> New --> Task Sequence

Right-click on the new task sequence --> Edit --> Add
Add the tasks shown in the picture below:

Right-click on the newly created Task Sequence and then click Advertise.
Choose the collection with the computer account you want to capture and put a checkmark in ‘Make this task sequence available to boot media and PXE’

Create mandatory advertisement and set it to ‘As soon as possible’

Take the default options for the rest of the wizard.
When the computer performs a network boot, it should load WindowsPE and start the Task Sequence.

And that should do it!

Monitoring the Domain Admin Group with Operations Manager 2007

Operations Manager makes it easy to monitor Windows Events using a Simple Event Detection Unit Monitor. You can filter and alert on events based on ID, Source, Category, User and Computer or any combination of those fields.
But what if you want to parse the Description field? You may want debugging information or let’s say you only want to know if the Description field of Event 632 (User Added to Security Group) contained the words ‘Domain Admin’.
As in: “Someone added a user to the Domain Admin security group in Active Directory… better check that out.”
I researched this problem the best I could but I couldn’t find a good solution. So here’s the way I handled it:

First Create the Rule to Collect Event 632

Right-Click on Rules à Create New Rule

Select Collection Rule à Event Based à NT Event Log

Name the rule

Click the ellipse (…) next to the Log name field and choose ‘Security’ for the name:
In the expression with the Event ID, make ‘632’ the value. Right-click to the left of the other expression, delete it, then click Create:

Now Create the Monitor

Create a Windows Events \ Simple Event Detection \ Manual Reset Unit Monitor

Give it a name

Browse to any computer and select the Security Log

In the expression with the Event ID, make ‘632’ the value. Right-click to the left of the other expression and then delete it

Take the defaults on the Configure Health screen

Click on ‘Generate alerts for this monitor’ and then click ‘Create’

Adding the script

Go back into the properties of the monitor we just created and go to the ‘Diagnostic and Recovery’ tab:

Under ‘Configure diagnostic tasks’, click Add then Diagnostic for warning state:

Highlight ‘Run Script’ and click next. Give the diagnostic a name:

Name the script and paste the following code into the Script Field:
'*****************************************************************************
'Get_Event_Desc.vbs
'Created 8/13/2008
'by Mike Ory
'*****************************************************************************
Set objMessage = CreateObject("CDO.Message")
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colLoggedEvents = objWMIService.ExecQuery _
("Select * from Win32_NTLogEvent Where Logfile = 'Security' AND EventCode = 632")
For Each objEvent in colLoggedEvents
If Instr(objEvent.Message, "Domain Admin") Then
strMsg = vbcrlf & objEvent.Message
strTime = objEvent.TimeGenerated
SendMessage strMsg, strTime
exit for
End If
Next

Sub SendMessage(Message, Time)
objMessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2

'Name or IP of Remote SMTP Server
objMessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "YourMailServer"

'Server port (typically 25)
objMessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25

objMessage.Configuration.Fields.Update

objMessage.Subject = "User added to Security Group"
objMessage.From = " admins@foo.com "
objMessage.To = "admins@foo.com"
objMessage.TextBody = Time & vbcrlf & vbcrlf & Message
objMessage.Send
End Sub
‘End Script '*****************************************************************************


Click OK and you’re off.

Command-line Utility to turn all Subscriptions ON or OFF

Tim McFadden created a nice utility to Enable or Disable all of your subscriptions at one time:



http://www.scom2k7.com/subscription-tool/



I thought it would be nice to be able to create a scheduled task to perform these operations, so I used his source code to create my own command-line version of his program:



http://www.geocities.com/orymichael/SubcriptionsON_OFF.zip



The executable takes just two parameters: [RMS Server] [ON/OFF]



For example:



SubscriptionsON_OFF.exe server.domain.com OFF





Enjoy!