Posts tagged SCCM
How to fully automate installation of Microsoft Forefront Security for SCCM with WSUS update in powershell0
I made a script that would automate the installation of Microsoft Forefront Security and add the computer name to the AD Group for Forefront and then update the WSUS server with the computer name and assign it to the right groups. Now there are ways that you can automatically assign client to the right WSUS server through WSUS itself and then this installation script might come in handy.
Files placed on the installation package:
- Forefront Client Security installation package
Files placed on the WSUS server directory C:ScriptWsus:
For this to work we need to execute command on remote servers such as the DC and the WSUS server and therefore PSRemoting must be enabled on these servers.
PSRemoting does the following:
- Starts the WinRM service.
- Sets the startup type on the WinRM service to Automatic.
- Creates a listener to accept requests on any IP address.
- Enables a firewall exception for WS-Management communications.
Me and a colleague was working on SCCM implementation for a customer and deploying the client turned out to be a problem, after some investigation in the logs and on the client we found that File and Printer Sharing was disabled on the Network Interface Card (NIC) and therefor the installation got canceled as the computernameadmin$ could not be found.
So I started to google the issue and found no good way on how to enable File and Printer Sharing. Found some information about snetcfg_winxp.exe but I didnt want to uninstall and reinstall the service MS_Server I just wanted to enable the binding for File and Printer Sharing on the NIC.
What I did find was a former Microsoft employee that had made his own tool for modifying network bindings called nvspbind that utilizes the INetCfg APIs that can enable network bindings if it has one of the following information on the network card in hand, GUID or Display Name as it will not recognize the friendly name for example Local Area Connection.
The OS on the target computers were Windows XP and I found it easier to use the Display Name as the GUID on XP machines returned nothing but worked fine on Win7.
Here is a script that I made that we connected to the login script so that all computers will run it, if File and Printer Sharing is allready enabled on the NIC nvspbind will do nothing so its safe to run on enabled systems aswell.
Just point out where you placed the tool nvspbind.exe on the network and run the script and File and Printer sharing will be enabled and a new textfile will be generated with the name of the computer that ran the script.
# Script to fix File and Printer Sharing on NIC
# Lets get the Display Name on all connected NIC
$Nic= Get-WmiObject -Class win32_networkadapter -computerName LocalHost -filter "NetConnectionStatus = '2'"
foreach ( $ServiceName in $Nic )
$parameters = "-e " + '"' + $ServiceName.Description + '"' + " ms_server"
$installStatement = [System.Diagnostics.Process]::Start( "\DOMAINSHARENICFIXNVSPBIND.exe" , $parameters )
# Save all computers as a testfile that has run the program on the network
$computername = $env:COMPUTERNAME
New-Item \DOMAINSHARENICFIXDONE$computername.txt -type file
And now File and Printer Sharing is enabled on all active network cards