Enhansoft

Enhansoft Support and Announcement Blog

Configuration Manager 2012 and Anti-Virus Software Exclusions for Site Servers

By Garth Jones

As I explained in my previous blog post, I was doing some work for a client and one of the items we discussed was anti-virus software exclusions.

These exclusions are not only important for workstations, but also for site servers. In fact, anti-virus software exclusions are even more important to the overall performance of a Configuration Manager site server. Again, this may seem counter-intuitive, but in order for Configuration Manager to run efficiently, without causing too much overhead to Disk IO and CPU, there are a number of recommended anti-virus software exclusions that should be implemented.

You would think that this information could be easily found within Configuration Manager 2012’s documentation, but it isn’t. To help you out, below is a list of anti-virus software exclusions that I recommend that you implement for site servers.

Please make sure to also read my blog post about McAfee and SCCM if you are using McAfee anti-virus software.

Directories:

Note:  Adjust paths to match where Configuration Manager 2012 is installed.

%allusersprofile%\NTUser.pol
%systemroot%\system32\GroupPolicy\registry.pol
%windir%\Security\database\*.chk
%windir%\Security\database\*.edb
%windir%\Security\database\*.jrs
%windir%\Security\database\*.log
%windir%\Security\database\*.sdb
%windir%\SoftwareDistribution\Datastore\Datastore.edb
%windir%\SoftwareDistribution\Datastore\Logs\edb.chk
%windir%\SoftwareDistribution\Datastore\Logs\edb*.log
%windir%\SoftwareDistribution\Datastore\Logs\Edbres00001.jrs
%windir%\SoftwareDistribution\Datastore\Logs\Edbres00002.jrs
%windir%\SoftwareDistribution\Datastore\Logs\Res1.log
%windir%\SoftwareDistribution\Datastore\Logs\Res2.log
%windir%\SoftwareDistribution\Datastore\Logs\tmp.edb
%programfiles%\Microsoft Configuration Manager\Inboxes\*.*
%programfiles(x86)%\Microsoft Configuration Manager\Inboxes\*.*
%systemroot%\system32\GroupPolicy\Machine\registry.pol
%systemroot%\system32\GroupPolicy\User\registry.pol
C:\Windows\TEMP\BootImages and subfolders.
D:\SCCMContentLib
D:\SMSPKG
D:\SMSPKGD$
D:\SMSPKGSIG
D:\SMSSIG$
D:\Program Files\SMS_CCM\ServiceData
D:\Program Files\SMS_CCM\Logs
D:\Program Files\Microsoft Configuration Manager\Logs
D:\Program Files\Microsoft Configuration Manager\Install.map
D:\Sources
D:\SCCMImages
D:\CMBak

Processes to exclude:

Smsexec.exe
Ccmexec.exe
CmRcService.exe
Sitecomp.exe
Smswriter.exe
Smssqlbbkup.exe

SQL Server Processes to exclude:

 

·         %ProgramFiles%\Microsoft SQL Server\MSSQL11. <InstanceName>\MSSQL\Binn\SQLServr.exe

·         %ProgramFiles%\Microsoft SQL Server\MSRS11. <InstanceName>\Reporting Services\ReportServer\Bin\ReportingServicesService.exe

 

SQL Server Files and Folders to exclude:

 

*.mdf
*.ldf
*.ndf
*.bak
*.trn

IIS Exclusions:

* .ida
%systemroot%\IIS Temporary Compressed Files
%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files


WSUS Exclusions:

 

*.cab
\WSUS\WSUSContent
\WSUS\UpdateServicesDBFiles
\SoftwareDistribution\Datastore
\SoftwareDistribution\Download

 

Configuration Manager 2012 and Anti-Virus Software Exclusions for Site Servers

Computer Operating System Details is November’s Free SSRS Report

Remember to email Info AT Enhansoft for your copy of November’s free report today! 

In the Computer Operating System Details report you will be able to see the PC name, registered user, last boot-up time and the operating system (OS) install date. This report is useful because at a quick glance you can see when a PC was last rebooted or when an OS was installed. Please Note: If any imaging, such as Windows Imaging format (WIM) or Ghost, was used then the install date might be listed as the date the image was created and not the actual install date of a particular PC.

Computer Operating System Details

November's free SSRS report has the Role-Based Administration (RBA) feature enabled, so if you are using System Center 2012 R2 Configuration Manager this report will work with all RBA clients! Don’t worry if you are not using SCCM 2012 R2 because you can still run this report as usual on SCCM 2012 and SCCM 2007.

Make sure that you also vote in our poll to help decide next month’s free SSRS report! Will it be Collection Metric Dashboard OR List of PCs by Office Edition Type (Office 2003)?

Configuration Manager 2012 and Anti-Virus Software Exclusions for Workstations

By Garth Jones

While I was doing some work for a client we discussed what anti-virus software exclusions are needed for workstations.

This may seem counter-intuitive, but in order for Configuration Manager to run efficiently, without causing too much overhead to Disk IO and CPU, there are a number of recommended anti-virus software exclusions that should be implemented.

You would think that this information could be easily found within Configuration Manager 2012’s documentation, but it isn’t. To help you out, below is a list of anti-virus software exclusions that I recommend that you implement for workstations.

Please note that if you are using McAfee anti-virus software also read my blog post about McAfee and SCCM!

Directories:

%allusersprofile%\NTUser.pol
%systemroot%\system32\GroupPolicy\registry.pol
%windir%\Security\database\*.chk
%windir%\Security\database\*.edb
%windir%\Security\database\*.jrs
%windir%\Security\database\*.log
%windir%\Security\database\*.sdb
%windir%\SoftwareDistribution\Datastore\Datastore.edb
%windir%\SoftwareDistribution\Datastore\Logs\edb.chk
%windir%\SoftwareDistribution\Datastore\Logs\edb*.log
%windir%\SoftwareDistribution\Datastore\Logs\Edbres00001.jrs
%windir%\SoftwareDistribution\Datastore\Logs\Edbres00002.jrs
%windir%\SoftwareDistribution\Datastore\Logs\Res1.log
%windir%\SoftwareDistribution\Datastore\Logs\Res2.log
%windir%\SoftwareDistribution\Datastore\Logs\tmp.edb
%systemroot%\system32\GroupPolicy\Machine\registry.pol"
%systemroot%\system32\GroupPolicy\User\registry.pol"
%windir%\CCM\Logs
%windir%\ccmcache

Processes to exclude:

Ccmexec.exe

In Thursday’s blog post, I will give you a list of anti-virus software exclusions that I recommend for site servers.

Configuration Manager 2012 and Anti-Virus Software Exclusions for Workstations

McAfee Anti-Virus Software and SCCM

By Garth Jones

The following two issues involving McAfee software keep coming up on all of my clients that use McAfee and any version of Configuration Manager.

1) DISM.exe generates an Error: 5 or Access Denied when VSE 8.8 Access Protection is enabled

https://kc.mcafee.com/corporate/index?page=content&id=KB76867

2) Microsoft SMS Agent Host service (ccmexec.exe) triggers the Access Protection rule: Prevent termination of McAfee processes

https://kc.mcafee.com/corporate/index?page=content&id=KB71970

I’ve discovered that the only option to overcoming the first issue is to temporarily disable McAfee on the on-access scanner.

The second problem can easily be fixed by making the ccmexe.exe a trusted process.

Next week I’ll talk a bit more about anti-virus software exclusions for Configuration Manager.

McAfee Anti-Virus Software and SCCM

Reminder to Help Choose Enhansoft’s Next Free SQL Server Reporting Services (SSRS) Report for the Month of December

The report choices in November’s poll are: Collection Metric Dashboard OR List of PCs by Office Edition Type (Office 2003). At the moment Collection Metric Dashboard has 62% of the vote, so make sure to vote for your favorite SSRS report today.

VOTE HERE!

The following is a short summary about each of the reports in this month’s poll.

a) The Collection Metric Dashboard report will show you the action taken (Create, Edit, Delete) by the System Center Configuration Management (CM) team in managing the lifecycle of packages over a series of months. This report demonstrates the level of effort performed by the CM team in the full lifecycle management of applications deployed for an organization. Each of the actions is color-coded for easy reference. Create = GREEN; Edit = STEEL; Delete = MAROON.

Collection Metric Dashboard

In the full-feature set, this report will drill down to Collection Action Details.

b) List of PCs by Office Edition Type (Office 2003) returns a list of all PCs with a particular Office 2003 Edition Type installed.

List of PCs by Office Edition Type (Office 2003)

In the full-feature set, this report will drill down to Microsoft Office 2003 Details (for a PC).

All of our reports have the Role-Based Administration (RBA) feature enabled. This means that if you are using System Center 2012 R2 Configuration Manager, these reports will work with all RBA clients. Don’t worry if you are not using SCCM 2012 R2 because you can still run these reports as usual.

Don’t forget to contact Info AT Enhansoft to request November’s free SSRS report, Computer Operating System Details.

If you would like to suggest future SSRS report give-aways, please email ewrwish At Enhansoft with your ideas.

How to Create a Visio Diagram of Your System Center Configuration Manager Environment

By Garth Jones

I’m regularly asked to create either a local or physical diagram of a client’s System Center Configuration Manager (CM) environment. Since these diagrams are very useful, I’m going to tell you what my secret is… SMSMap!

What is SMSMap? It is a tool created by Jeff Tondt that connects with your SMS / CM site server and creates a logical map of your environment. You can download this tool from Jeff’s site: http://www.tondtware.com/downloads.html.

This is how it works, first launch SMSMap.

SMSMap-Connection Information

Fill in the Site Server, User and Password information and then click on the Points and Components tab.

SMSMap-Points and Components

Select all of the Points and Components. Next, click on the Options tab.

SMSMap-Options

Ensure that the Visio Visible, Client Count and Vision Stay Open options are selected, and then click on the Connection tab.

SMSMap-Draw

Click the Draw button.

SMSMap-Process Completed

When SMSMap is done click the OK button.

SMSMap-Visio Diagram

You should have a Visio diagram that looks similar to the one above.

It is really that simple. I recommend that if you ever have the opportunity to meet Jeff Tondt that you say thank you and maybe buy him a drink!

Microsoft Intune Forum

By Garth Jones

As many of you know, I spend time on weekends moderating and answering questions on a number of forums on the TechNet site. This is why I wanted to bring to your attention that recently the Intune forum moved and was renamed. To help you find the new location, use the following link to access the forum https://social.technet.microsoft.com/Forums/en-US/home?category=systemcenteronlineservices%2Cmicrosoftintune.

Don’t forget to update your book marks too!

Intune

MMS 2014 – CM12 Data Mining

By Garth Jones

If you were interested in taking the CM12 Data Mining session at the Midwest Management Summit (MMS) and couldn’t register for it because it was already full, I have some good news for you. We will be holding another session, so see below for more details.

Wednesday, Nov 12 @ 1p.m. CM12 Data Mining-repeat – Presenters: Garth Jones & Sherry Kissinger

Hope to see you next week at MMS!

mms2014

Help Choose Enhansoft’s Next Free SQL Server Reporting Services (SSRS) Report for the Month of December

The report choices in November’s poll are: Collection Metric Dashboard OR List of PCs by Office Edition Type (Office 2003).

VOTE HERE!

a) The Collection Metric Dashboard report will show you the action taken (Create, Edit, Delete) by the System Center Configuration Management (CM) team in managing the lifecycle of packages over a series of months. This report demonstrates the level of effort performed by the CM team in the full lifecycle management of applications deployed for an organization. Each of the actions is color-coded for easy reference. Create = GREEN; Edit = STEEL; Delete = MAROON.

Collection Metric Dashboard

In the full-feature set, this report will drill down to Collection Action Details.

b) List of PCs by Office Edition Type (Office 2003) returns a list of all PCs with a particular Office 2003 Edition Type installed.

List of PCs by Office Edition Type (Office 2003)

In the full-feature set, this report will drill down to Microsoft Office 2003 Details (for a PC).

All of our reports have the Role-Based Administration (RBA) feature enabled. This means that if you are using System Center 2012 R2 Configuration Manager, these reports will work with all RBA clients. Don’t worry if you are not using SCCM 2012 R2 because you can still run these reports as usual.

Don’t forget to contact Info AT Enhansoft to request November’s free SSRS report, Computer Operating System Details.

If you would like to suggest future SSRS report give-aways, please email ewrwish At Enhansoft with your ideas.

MMS 2014 – SQL and SSRS Track Dates and Times

By Garth Jones

The dates and times of all of the Midwest Management Summit (MMS) 2014 sessions are finalized. The SQL/SSRS track will be held in the Lakes Ballroom C.

MMS 2014 Map

Monday, Nov 10 @ 11am SQL Refresher - Presenters: Steve Thompson & Matthew Teegarden

Monday, Nov 10 @ 2pm SQL Operators - Presenters: Garth Jones & John Nelson

Tuesday, Nov 11 @ 8am CM12 Data Mining - Presenters: Garth Jones & Sherry Kissinger

Tuesday, Nov 11 @ 10am SQL Report Writing - Presenters: Matthew Teegarden & Garth Jones

Tuesday, Nov 11 @ 1pm What are Your SQL / Reporting Questions? - Presenters: Sherry Kissinger, Garth Jones, John Nelson & Steve Thompson

Tuesday, Nov 11 @ 3pm SQL Report Writing Next Level - Presenters: John Nelson and Garth Jones

For more details about MMS 2014, please visit: http://mms.mnscug.org/