Matt, I think that is actually how most of these “Ah Shucks” moments happen. Somebody shows the members of the All Systems collection, finds the computer they want and highlight it, but then they click “Add Selected Item” from the task bar… which by default is adding the Collection, not the Resource. Instead of just deploying to the one computer, now the whole collection is in there and bad things start to happen.
As the saying goes, the only thing that goes fast in ConfigMgr is “Oops”. I’ve added feedback to Microsoft Connect that deals with the Deployment creation processes, as well as the Collection management processes which tend to lead to Emory-type events. (They happen waaaay more often than everybody hears about, but it is usually things like ‘Oops, I deployed AutoCAD to every desktop and server, and now they are all rebooting in the middle of the day’ which is easier to recover from.) Vote these up on Microsoft Connect if you get a chance. If you’ve never used Microsoft Connect, read this article<http://myitforum.com/myitforumwp/2013/12/02/giving-feedback-on-microsoft-connect-for-configmgr-2012-help-yourself-help-the-community/> for why and how (Before you can vote, you have to log in and then join the ‘Configuration Manager’ product from the directory). Collection Confusion: MVP: DCR: Preventing Oopsies: Ribbon Icon and Wording for 'Add Selected Items' need to differentiate Collection and Resource<https://connect.microsoft.com/ConfigurationManagervnext/feedback/details/898899/mvp-dcr-preventing-oopsies-ribbon-icon-and-wording-for-add-selected-items-need-to-differentiate-collection-and-resource> MVP: DCR: Preventing Oopsies: Ribbon Defaults to Collection even when selecting Device<MVP:%20DCR:%20Preventing%20Oopsies:%20Ribbon%20Defaults%20to%20Collection%20even%20when%20selecting%20Device> Deployment Controls: MVP: DCR: Preventing Oopsies: Add Page to Deployment Wizard for Required Deployments<https://connect.microsoft.com/ConfigurationManagervnext/feedback/details/898905/mvp-dcr-preventing-oopsies-add-page-to-deployment-wizard-for-required-deployements> MVP: DCR: Preventing Oopsies: Allow more granular permissions on Collection objects<https://connect.microsoft.com/ConfigurationManagervnext/feedback/details/898980/mvp-dcr-preventing-oopsies-allow-more-granular-permissions-on-collection-objects> Nash From: [email protected] [mailto:[email protected]] On Behalf Of Atkinson, Matt Sent: Tuesday, July 29, 2014 11:32 AM To: [email protected] Subject: RE: [mssms] Deployment warning system? That’s a good point about someone accidentally adding computers to a collection with a required deployment on it. I’ll have to try and come up with something to detect those changes. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Ryan Sent: Tuesday, July 29, 2014 9:05 AM To: [email protected]<mailto:[email protected]> Subject: Re: [mssms] Deployment warning system? I think it's just as likely someone might add too many computers to a collection with a required deployment on it. This is why I'd want a little more logic. I'll need to do a little testing to see the most efficient way to get in real time the number of devices something is deployed to. I'm not sure the Deployment Summary class is in real time, but if it is that's the best. Here was the logic I sketched out: When launched, it detects if there is a scheduled task, or if the script is run as a scheduled task • If no scheduled task is detected on the computer o It displays a UI which allows users to enter in an e-mail user name and password, who to notify, deployments to exclude, and if they want to stop task sequences from being deployed o Then, they will be able to create the scheduled task o If a scheduled task is created on another computer, there will be a button which allows them to connect to a remote computer and switches to the UI if a scheduled task is detected • If a scheduled task is detected o It displays a UI which lists all the task sequences it stopped and allows the user to “approve” a task sequence and change some other generic settings like e-mail address, how often it will run, etc. • If it is run as a scheduled task o It checks to see if there are any deployments which are required and deployed to x% of the company o When it finds one: • It first checks the exclusion list. • If the deployment is on the exclusion list, it skips it • If the deployment is not on the exclusion list • It sends an e-mail to the list of people specified in the configuration with the deployment information • If it is a task sequence, it changes the start date to a year out • It adds the deployment to the exclusion list • If a deployment is on the exclusion list but not found in the query, it is removed from the exclusion list Exclusion lists and stopped task sequences would be stored in a file somewhere on the server running this scheduled task. If someone else wants to create something like this then by all means do it. I'm working on a new right click tool version so I won't be able to start on it for two or three weeks. On Tue, Jul 29, 2014 at 10:41 AM, Todd Hemsell <[email protected]<mailto:[email protected]>> wrote: no need, you use WMI Eventing on event deployment created check the deployment, do other stuff On Tue, Jul 29, 2014 at 9:55 AM, Ryan <[email protected]<mailto:[email protected]>> wrote: I was thinking of a scheduled task that runs a script every minute, this way I can add a tiny bit of logic into it. I'd think the over-head would be the same. Don't WMI triggers run the query you specify every x seconds and trigger the action if something is returned in the query? How would you exclude something if it is actually supposed to go out to x% of your computers? On Tue, Jul 29, 2014 at 8:38 AM, Michael Mott <[email protected]<mailto:[email protected]>> wrote: Hasn’t the Shy WMI guy already have these triggers in place or blogged out? From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Ryan Sent: Monday, July 28, 2014 11:58 PM To: [email protected]<mailto:[email protected]> Subject: Re: [mssms] Deployment warning system? If you think of something, let me know. Otherwise, I've been thinking of writing something to notify you if you add too many devices to a collection or if you make a new deployment and deploy it to more than x devices. I was also thinking of making it auto-delay (change start date) a required task sequence until you tell it to allow the task sequence. I just need to find the most elegant way of checking every minute if deployments fit that criteria. On Mon, Jul 28, 2014 at 4:31 PM, Atkinson, Matt <[email protected]<mailto:[email protected]>> wrote: Hi All, We’ve been kicking around the idea of some kind of warning system to notify our SCCM team via email when someone creates a deployment targeting more than $x number of computers. Has anyone out there seen or built something like that? I think I can put something together using WMI events and Powershell, but want to make sure it doesn’t already exist before heading down that path. Thanks! -Matt ________________________________ This message is intended for the sole use of the addressee, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the addressee you are hereby notified that you may not use, copy, disclose, or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete this message. ________________________________ Legal Notice: This email is intended only for the person(s) to whom it is addressed. If you are not an intended recipient and have received this message in error, please notify the sender immediately by replying to this email or calling +44(0) 2083269015<tel:%2B44%280%29%202083269015> (UK) or +1 866 592 4214<tel:%2B1%20866%20592%204214> (USA). This email and any attachments may be privileged and/or confidential. The unauthorized use, disclosure, copying or printing of any information it contains is strictly prohibited. The opinions expressed in this email are those of the author and do not necessarily represent the views of 1E Ltd. Nothing in this email will operate to bind 1E to any order or other contract. ________________________________ This message is intended for the sole use of the addressee, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the addressee you are hereby notified that you may not use, copy, disclose, or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete this message.
