It looks like there is already a lot of good information out there about System Center Essentials 2007. Here are a few of handy spots I have found already:

• System Center Essentials @ Microsoft: http://www.microsoft.com/systemcenter/sce/default.mspx
• Pricing Information: http://www.microsoft.com/systemcenter/sce/howtobuy/default.mspx
• SCE TechNet Forums: http://forums.microsoft.com/TechNet/ShowForum.aspx?ForumID=1558&SiteID=17
• Management Pack Authoring (AuthorMPs): http://www.authormps.com
• SCE Wiki: http://sce.editme.com/
• Blogs
  • Advisec Blog - http://advisec.wordpress.com/
  • SCE Tips & Trips - http://blogs.technet.com/caseymck/default.aspx
  • Remote Managed Services - http://blogs.technet.com/dustinj/default.aspx
  • Pete's Management Blog - http://www.it-jedi.net/

Know of any other great resources??

In my spare time over the last few days I've been getting ready to install the System Center Essentials RTM. After getting all the pre-reqs. installed I fired off the SCE 2007 installer only to find that after getting all the way through to installing and configuring reporting setup fails. Setup then promptly rolls back.

After digging a bit I found that this is actually a known issues with the RTM and Microsoft is working to fix the issue as soon as possible. The issue is to do with disjoint namespaces. Basically your NetBios Name doesn't match your FQDN for your domain. For instance, my netbios name for my domain is AD but my FQDN is ad.internal.

There is a thread on TechNet if you are interested in following the issue: http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=1556029&SiteID=17

I've been wondering how to do this in Vista. The registry key is:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Set DisableCAD to 0

Thanks to John at myITforum.com for this one.

I find that my free space is one of those things I don't check regularly enough. This morning I logged on only to find my system was really struggling. I didn't take long to realise I only had 600MB of disk space left. Dratt!!

I immediately wondered what was the quickest way to find out where all my space went, Powershell maybe? My first thought was something like this:

get-ChildItem -path C:\ -recurse | where-Object {$_.Length -gt 50000000} | sort-Object -property length -Descending |select-Object -first 10 | format-Table Name, Length -auto

This seemed to work ok but took ages:
Days              : 0
Hours             : 0
Minutes           : 1
Seconds           : 55
Milliseconds      : 828
Ticks             : 1158286885
TotalDays         : 0.00134060982060185
TotalHours        : 0.0321746356944444
TotalMinutes      : 1.93047814166667
TotalSeconds      : 115.8286885
TotalMilliseconds : 115828.6885

Anyone know a better way??

I've been involved in an Active Directory Migration lately and one of the things that was taking a lot of time was finding the groups for a group of users and then finding the nested groups. Why, you might ask? Well in this particular instance it was easier for us to migrate groups first than users but we had to make sure we got all the groups for the users we wanted to migrate moved over first.

The first part of the script involves search Active Directory for the user we wish to find group membership for. This is pretty easy:
#Setup Tasks
$query = new-object system.directoryservices.directorysearcher
$root = [adsi]""

#Setup for Query
$query.searchroot=[adsi]$("LDAP://"+$root.distinguishedName)
$query.Filter = "(&(objectCategory=user)(objectClass=person)(samAccountName=$accountName))"
$query.SearchScope="Subtree"

The next thing to do after we find the user is to get the memberOf Property:
$ADobject.psbase.Properties["memberOf"]

So I found it was easy enough to get a list of groups for a user but how could a get a list for several users without getting duplicates? The logical thing seemed like a hashtable:
$groups = @{}
foreach ( $user in $users ) {
   foreach ($group in Get-Groups $user) 
   {
      $groupName=$($group.split(",")[0]).split("=")[1]
      if(!$groups.Contains($groupname)){$groups.Add($groupname,$group)}
   }
}

The Properties["memberOf"] returns a collection of distinguished names, (CN=GroupName,OU=Groups,DC=domain,DC=local), so the above code splits up that string to extract the groupName to be the key for the hashtable and then the DN as the value. After this it is simply a case of connecting to each group and listing the memberOf property to see if there is any nested groups.

The code will only check 1 level deep so if you have a chain of nested groups you'll have to check it manually.

To Run the script just run .\GetGroups "username1","username2","username3". Please let me know what you think.

The final version of BDD 2007 has been released. Get it here.

Today I reach a greater level of frustration than I had in a long time. After installing Vista Ultimate, eagerly wanting to try out some new Media Center bits, I found I could not connect to a network share. Simple enough I thought, typing in \\WinXP\c$ yielded a password prompt but after the correct password still didn't let me in.

I jumped to the conclusion that some new fancy Vista security 'thing' was stopping my connecting to my XP machine. After wasting almost the entire afternoon and another fews hours in the evening I had nothing. Still Vista would just continue to prompt for a password. I tried separte accounts, enabling netbios, installing updates, anything I could think of even a re-install.

After installing the new Network Monitor 3 and doing a capture I found that it was failing NTLM negotiation, then it clicked. Check the time!!! As it turns out I had the right time, just I was 5 days out....grrr.

So the moral of the story, Keep it simple and look for the obvious problems.

Microsoft have just released BDD 2007 RC1. BDD 2007 give best practice guidance on how to deploy Windows Vista and Office 2007.

Information about the technologies used in BDD 2007 are at http://www.microsoft.com/technet/windowsvista/deploy/depenhnc.mspx.

Go to https://connect.microsoft.com to download.

Kelly keeton was nice enough to fix a bug in my css that cause the Project84Grass theme to look a little weird in IE7. Thanks mate!! I'll post the update theme as a zip file later today.

I've been doing some work with Zero Touch Installation lately and have certainly come across my fair share of problems. Fortunately you can get a lot of debugging information out of ZTI. THere is a great article OSD and ZTI Troubleshooting Tips that has some excellent tips on debugging.

One thing that I found that caused me grief for at least a few hours was the 80004005 error. According to the article mention above the causes are commonly:
-Wrong PackageID in customsettings.ini
-Failure to resolve MP or DP using FQDN
-Missing NIC drivers in Winpe

I found that I got this error because osd.debug existed on the machine I was testing on. If you're testing your deployment CD's make sure you do a diskpart first or at least remove osd.debug.