May 20, 2015

SCCM 2012 R2 - IE11 Local Intranet Zone

Task: Get list of workstations with Internet Explorer 11 installed. Propagate Local Intranet web sites list to clients.

Configuration steps:
1. Enable Software Inventory. Go to "Administration - Client Settings", change policy by selecting "Software Inventory" check-box. Under Software Inventory tab specify "iexplore.exe" as a file type.

2. Create device collection. Specify query in membership rules tab with following criteria
Optionally you can edit query to select Operating System Version or specify "Limiting collection" on General tab of your collection. Also do not forget to enter product name because this query will  show all software with 11 version across production.

3. Create "Configuration Item". 
Setting type: Script
Data Type: String
Discovery script (PowerShell):

$Compliance = 'Non-Compliant'
$Check = Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\\*" | where {$_.http -eq "1" -and $_.https -eq "1"}
If ($Check) {$Compliance = 'Compliant'}

Remediation script (PowerShell):

REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\\*" /t REG_DWORD /v http /d 1
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\\*" /t REG_DWORD /v https /d 1

Select "Run scripts by using the logged on user credentials"

Under "Compliance Rules" tab select Rule Type Value. The value returned by the specified script - Equals - Compliant.

Do not forget to select "Run the specified remediation script when this setting is noncompliant".

4. Create Configuration Baseline, select Configuration Item that we created. Deploy baseline to collection.

May 8, 2015

SCDPM 2012 R2 - Deduplication

Prepare volume:
Format-Volume -Partition <volume> -FileSystem NTFS -AllocationUnitSize 64KB –UseLargeFRS -Force

Install File and Storage services with Data Deduplication feature:  
Install-WindowsFeature -Name FileAndStorage-Services,FS-Data-Deduplication

Enable deduplication on volume:
Enable-DedupVolume –Volume <volume> -UsageType HyperV
Set-DedupVolume -Volume <volume> -MinimumFileAgeDays 0 -OptimizePartialFiles:$false

Deduplication processing optimization:
Set-ItemProperty -Path HKLM:\Cluster\Dedup -Name DeepGCInterval -Value 0xFFFFFFFF

Deduplication performance optimization:
Set-ItemProperty -Path HKLM:\Cluster\Dedup -Name HashIndexFullKeyReservationPercent -Value 70
Set-ItemProperty -Path HKLM:\Cluster\Dedup -Name EnablePriorityOptimization -Value 1

Changing default schedule:  
Set-DedupSchedule * -Enabled:$false
$DDuration = 16
$DStart = "6:00am"
$ShortDuration = $DDuration - 1
$DShortStart = "7:00am"
if ((Get-DedupSchedule -name PriorityOptimization -ErrorAction SilentlyContinue) -ne $null) {Set-DedupSchedule -Name PriorityOptimization -Enabled:$true}
New-DedupSchedule -Name DailyOptimization -Type Optimization -DurationHours $DDuration -Memory 50 -Priority Normal -InputOutputThrottleLevel None -Start $DStart -Days Monday,Tuesday,Wednesday,Thursday,Friday
New-DedupSchedule -Name WeekendOptimization -Type Optimization -DurationHours $ShortDuration -Memory 50 -Priority Normal -InputOutputThrottleLevel None -Start $DShortStart -Days Saturday,Sunday
Set-DedupSchedule -Name WeeklyScrubbing -Enabled:$true -Memory 50 -DurationHours $DDuration -Priority Normal -InputOutputThrottleLevel None -Start $DStart -StopWhenSystemBusy:$false -Days Sunday
Set-DedupSchedule -Name WeeklyGarbageCollection -Enabled:$true -Memory 50 -DurationHours $DDuration -Priority Normal -InputOutputThrottleLevel None -Start $DStart -StopWhenSystemBusy:$false -Days Saturday
if ((Get-DedupSchedule -name BackgroundOptimization -ErrorAction SilentlyContinue) -ne $null) {Set-DedupSchedule -Name BackgroundOptimization -Enabled:$false}

Place vhdx files on volume.