Tag Archives: System Center Configuration Manager

PowerShell – Cleaning folders containing temporary files

At the companies I’ve worked for , disk space on the system disk ran out on a regular basis for some systems and caused a lot of monitor calls. These kind of boring repetitive tasks are always the ones you want to automate.

So when I came across the great blog post “Weekend Scripter: Use PowerShell to Clean Out Temp Folders” on the “Hey, Scripting Guy! Blog”, I wanted to post it on my own blog as well. The blog post also describes the process of creating the script very well, which is very convenient for those who are relatively new to PowerShell to scripting and want to learn how to do it better.

If you want to take it even a step further, you could automate it even more. By example by automatically running the clean script when an event is generated that the disk is running out of space. You can configure this using by example:

Or you could use PowerShell remoting to do it on many systems at the same time. This could come in handy by example when after WSUS patching the content in “C:\Windows\SoftwareDistribution\Download” is not deleted automatically.


Tags: , , , , , , , , , , , , ,

Microsoft – Security Compliance Manager 3.0 (SCM) has been released

Microsoft has released the Security Compliance Manager 3.0 (SCM). This version includes support for Windows Server 2012, Windows 8, and Internet Explorer 10.

SCM enables you to quickly configure and manage computers and your private cloud using Group Policy and Microsoft System Center Configuration Manager. It provides ready-to-deploy policies and DCM configuration packs based on Microsoft Security Guide recommendations and industry best practices, allowing you to easily manage configuration drift, and address compliance requirements for Windows operating systems and Microsoft applications.

Basically in SCM 3.0 you can use predefined baselines, customize them or create completely new ones. Then you can export it from SCM 3.0 and apply it using an Active Directory GPO. To do this, create a new GPO in Group Policy Management, right click the GPO, import settings and complete the wizard.

You can also export existing GPO and then import it into SCM 3.0 and compare the differences.


Tags: , , , , , , , , , , , , , , , , , , , , ,

SCOM2012 – Extract English Only MSP Update Rollup 3 files from CAB using PowerShell (and my vision on updating using WSUS/Microsoft Update)

I created this script to automate extracting English only MSP files from CAB files in the SCOM 2012 Update Rollup 3 (UR3) files. By default it will delete extracted non-English versions. With some minor modifications it can be used for any CAB file though, not just SCOM 2012 Update Rollup 3. It includes a lot of comments, so it is manageable and can be used for getting to know PowerShell better.

SCOM 2012 Update Rollup 3 can be downloaded here :

The issue with SCOM 2012 Update Rollup 3 is that after downloading you’ll end up with a total of 41 CAB files. The large number of files is because they are for different components and in multiple languages. And what is even worse, is that the file names do not show which file is for which language.This script will extract all cab files to a subfolder and will then removes the non English ones. Below are some of the example files in Update Rollup 3 to give you an idea about the nondescriptive file names:


Deploying SCOM 2012 components and updates to them can be done in multiple ways:       

Most of the work while updating will probably be updating the agents. Basically for SCOM 2012 there are 2 major ways to install agents:

  1. Push installation (initiated from SCOM 2012). Updates can then also be deployed from within SCOM (Remotely Manageable = Yes). Push installation is often preferred, because it is easy and also allows you to push updates to clients from within SCOM 2012. The downside however is that it also requires a lot of open ports (including RPC) which might not always be acceptable:           Push install and update install can also consume a lot of bandwidth and depending on your architecture (b.e. WAN links), the push install might not be the best way.
  2. A manual installation (anything that is not a push installation). Updates cannot be deployed from within SCOM (Remotely Manageable = No). Manual installation includes running setup manually, using a GPO software install or using deployment tools like System Center Configuration Manager). Using the GUI, you cannot simply set an agent back to remotely manageable = Yes. You can change this in SQL though, but keep in mind that connectivity  requirements still need to be met.

With Update Rollup 3, it is now possible to leverage WSUS / Microsoft Update to deploy updates (not the inital agent) to all SCOM 2012 components. I predict this will probably become the preferred way of updating SCOM 2012 for most companies:
+ It does not require many ports on your firewall to be opened.
+ Better bandwidth management (local WSUS, BranchCache, BITS).
+ Auto detects components on systems (component updates are not forgotten).
+ Still in control of when which updates are deployed/approved.
+ Leverage existing patch/update management procedures and systems WSUS/SCCM (standardization).
– Initial agent installation cannot be performed using WSUS.

PS: Also check these great blog posts when deploying Update Rollup 3:


Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

%d bloggers like this: