power shell

powershell & Active Directory: Find all users who have “Password Never Expires” enabled using Powershell.


In domain controller environment we all have some password policies set. In some organizations the users password is expired in 60 days in some 90 or in 180 Days.

User’s password must expired in the defined period, changing password often is a good security policy.

But when we create a user account some time by mistakes we select  “Password Never Expires”.

if  the “Password never expires” checked users password never expired.

07-08-2012 13-28-44

which is not good for user’s account security.

My todays task is to find all users , who have “Password Never Expire” checked. To archive this task we are going to use “Active Directory” module and “Get-Aduser” cmdlet with Filters

Get-ADUser -Filter  'PasswordNeverExpires -eq $true'  -Server localDC | select name

 

07-08-2012 13-29-42

After Get-ADuser cmdlet we are using –Filter to show all those account whose “Password Never Expires value is equal to True” which means enabled,and in –server parameter i am defining my domain controller, and  we are piping the output to “Select-Object” cmdlet and selecting to show “Name” property of the output to show.

and the output is below

07-08-2012 13-29-20

What is NIC Teaming?


Windows Server 2012 NIC Teaming provides transparent network failover and bandwidth aggregation. Uniquely, the Windows solution is hardware-independent and can be deployed under all existing workloads and applications on both physical and virtualized servers.

What is NIC Teaming?

A solution commonly employed to solve the network availability and performance challenges is NIC Teaming. NIC Teaming (aka NIC bonding, network adapter teaming, Load balancing and failover, etc.) is the ability to operate multiple NICs as a single interface from the perspective of the system. In Windows Server 2012, NIC Teaming provides two key capabilities:
1.Protection against NIC failures by automatically moving the traffic to remaining operational members of the team, i.e., Failover, and
2.Increased throughput by combining the bandwidth of the team members as though they were a single larger bandwidth interface, i.e., bandwidth aggregation.

Many vendors have provided NIC teaming solutions for Windows Server, but these solutions shared many limitations. Those solutions are typically tied to a particular NIC manufacturer, so you cannot always team together NICs from multiple vendors. Many of the solutions do not integrate well with other networking features of Windows Server or with features such as Hyper-V. Finally, each of these NIC teaming solutions is managed differently, and most cannot be managed remotely. As a result, it is not easy for an administrator to move from machine to machine in a heterogeneous environment and know how to configure NIC teaming on each host.

NIC Teaming in Windows Server 2012

Windows Server 2012 includes an integrated NIC Teaming solution that is easy to setup and manage, is vendor independent, and that supports the performance optimizations provided by the underlying NICs.

NIC Teaming is easily managed through PowerShell or a powerful, intuitive UI (the UI is layered on top of PowerShell). Teams can be created, configured, monitored, and deleted at the click of a mouse. Multiple servers can be managed at the same time from the same UI. Through the power of PowerShell remote management the NIC Teaming UI can be run on Windows 8 clients to remotely manage servers even when those servers are running Windows 2012 Server Core!

A team can include NICs from any vendor – and it can even include NICs from multiple vendors. This vendor-agnostic approach brings a common management model to even the most heterogeneous datacenter. New NICs can be added to systems as needed and effortlessly integrated to the existing NIC Teaming configuration.

Finally, the team supports all the networking features that the underlying NICs support, so you don’t lose important performance functionality implemented by the NIC hardware. The “no compromise” approach means that NIC Teaming can be deployed with confidence on all servers.

NIC Teaming Configuration Options

NIC Teaming in Windows Server 2012 supports two configurations that meet the needs of most datacenter administrators.

Customers who value route diversity (in order to withstand switch failures) can connect their hosts to different switches. In this “Switch Independent Mode,” the switches are not aware that different interfaces on the server comprise a team. Instead, all the teaming logic is done exclusively on the server. Many customers choose to operate in an active/active mode, where traffic is spread across both NICs until a failure occurs. Historically some customers prefer to operate in an active/standby mode where all the traffic is on one team member until a failure occurs. When a failure is detected all the traffic moves to the standby team member. This mode of operation also can be created in Switch Independent mode teaming. The real tradeoff is what happens when there is a failure. If you’ve configured active/standby then you will have the same level of performance in a failure condition whereas you’ll have degraded performace if you go with the active/active mode. On the other hand, when you don’t have a failure, you’ll have much greater bandwidth using active/active.

In addition to achieving reliability, customers can also choose to aggregate bandwidth to a single external switch using NIC Teaming. This is done by creating a team in a “Switch Dependent Mode” wherein all NICs that comprise the team are connected to the same switch. There are two common varieties of Switch Dependent teams: Those that use no configuration protocol, a method often called static or generic teaming, and a mode that uses the IEEE 802.1ax Link Aggregation Control Protocol (LACP) to coordinate between the host and the switch. Both of these models are fully supported in Windows Server 2012. For more details on the modes of operation and load distribution schemes, please refer to the NIC Teaming User’s Guide.

Switch Dependent Mode treats the members of the team as an aggregated big pipe with a minor restriction (explained below). Each side balances the load between the team members independent of what the other side is doing. And, subject to the minor restriction, the pipe is kept full in both directions.

What is that minor restriction? TCP/IP can recover from missing or out-of-order packets. However, out-of-order packets seriously impact the throughput of the connection. Therefore, teaming solutions make every effort to keep all the packets associated with a single TCP stream on a single NIC so as to minimize the possibility of out-of-order packet delivery. So, if your traffic load comprises of a single TCP stream (such as a Hyper-V live migration), then having four 1Gb/s NICs in an LACP team will still only deliver 1 Gb/s of bandwidth since all the traffic from that live migration will use one NIC in the team. However, if you do several simultaneous live migrations to multiple destinations, resulting in multiple TCP streams, then the streams will be distributed amongst the teamed NICs.

Configuring NIC Teaming in Windows Server 2012

As mentioned previously, NIC Teaming provides a rich PowerShell interface for configuring and managing teams either locally or remotely. Moreover, for those who prefer a UI based management model, the NIC Teaming UI is a complete management solution that runs PowerShell under the covers. Both PowerShell and UI administration are covered in depth in the NIC Teaming User’s Guide. Below are some highlights that show just how easy it is to setup NIC Teaming.

Suppose you have a server with four NICs: NIC1, NIC2, NIC3, and NIC4. In order to put NIC1 and NIC2 in a team, you can run this PowerShell command as an administrator:

New-NetLbfoTeam MyTeam NIC1,NIC2

When the command returns, you will have a team with the name “MyTeam” and team members NIC1 and NIC2, setup in Switch Independent mode. It is also simple to make more advanced changes. For example the PowerShell cmdlet below will create a team as an LACP team to be bound to the Hyper-V switch.

New-NetLbfoTeam MyTeam NIC1,NIC2 –TeamingMode Lacp
–LoadBalancingAlgorithm HyperVPorts

As noted earlier, you could use the UI instead to achieve the same results. The NIC Teaming UI can be invoked from Server Manager or by invoking lbfoadmin.exe at a command prompt. The UI is available on Windows Server 2012 configurations that have local UI and on Windows Server 2012 or Windows 8 systems that run the Remote Server Administration Tools (RSAT). The UI can manage multiple servers simultaneously. .

Now you can create a new team. Select the NICs you want to team (control-click each NIC) then right-click the group and click on Add to New Team:

This will bring up the New Team dialog. Enter the team name.

You can configure the team further to support the teaming mode and other properties.

Now the team is set up. It is easy to make changes to the team through the Team TASKS dropdown or by right-clicking on the team.

If you want to modify the team to be an active/standby team, simply right click on the team and select Properties.

This will bring up the Team Properties dialog. Click on the additional properties drop-down, then the Standby adapter drop-down, and select the standby NIC.

After you select OK to apply the change you will see that the NIC is now in Standby mode:

Summary

NIC Teaming in Windows Server 2012 enables continuous network availability and increased network performance for all workloads even when the team comprises of NICs from multiple vendors. NIC Teaming can be managed easily using PowerShell or the built-in NIC Teaming UI. NIC Teaming enables greater workload density while reducing operational costs for your private, public, and hybrid cloud deployments.

How to Use SCCM ConfigMgr 2012 Tool Policy Spy (PolicySpy.exe)


Policy Spy is System Center 2012 Configuration Manager Client Troubleshooting Tool. Policy Spy can be used for the troubleshooting of the policy system of SCCM / ConfigMgr Client.

Have you ever played with PolicySpy.exe? If not, start using it !!!!

In this post, I ‘m trying to explore Policy Spy tool in some more details. How it can be used more effectively. The documentation provided with this toolkit is excellent (ToolkitHelp), however, I’ve seen lot of us never look into those documentations.

This is continuation of the my post about Client Spy.

Policy Spy is part of ConfigMgr2012 Toolkit and can be downloaded from the This LINK

Before going into deep dive, I would like to remind you Policy Spy MUST be run as administrator.

image

Open Remote : If you want to run Policy Spy on a remote computer.

All the following features will be disabled when you’re viewing exported policy file.

Request Machine Assignments : If you want to trigger machine policy then select this option. Default machine policy polling interval is 60 minutes. This is useful when of troubleshooting and you want a machine to ask policy from management point immediately. Monitor PolicyAgent.log to get more details about the policy request and reply from Management Point.

Evaluate Machine Policy : If you want to trigger the MACHINE policy evaluation on a target computer the you can use this option. Once you have triggered the policy evaluation, you can go ahead look at the log file called PolicyEvaluator.log for further troubleshooting. It will help you to understand whether the policy is getting evaluated successfully or not.

Request User Assignments : If you want to trigger User policy for currently logged-on user then select this option. Default user policy polling interval is 60 minutes. This is useful at the time of troubleshooting. Monitor PolicyAgent.log to get more details about the policy request and reply from Management Point.

Evaluate User Policy : If you want to trigger the USER policy evaluation on a target computer the you can use this option. Once you have triggered the policy evaluation, you can go ahead look at the log file called PolicyEvaluator.log for further troubleshooting. It will help you to understand whether the policy is getting evaluated successfully or not.

Reset Policy : This option will remove all non-default policies and resets the policy cookies for the site. It then triggers a request for machine policy assignments.

Export Policy : If you want to export the policy details to do further troubleshooting or analysis then use this option. Exports the target computer system’s policy to an XML-format export file. This file can be viewed on any computer by selecting Open File on the Tools menu and opening the export file.

We are going to cover following topics in details.

Actual tab

Requested tab

Default tab

Events tab

Client Info Pane

Details Pane

 

Actual Tab

Have a look at the screenshots below? This tab will provide you the details of client agents policies details configured on the site level. Machine Policy Interval, Software Inventory, Hardware Inventory etc. Results are displayed in tree format with a root node for the Machine namespace and each user-specific namespace.

image

Expand the machine namespace will show you the classes (CCM_ClientActions) and you can expand the classes to see {00000000-0000-0000-0000-000000000001}- Class for hardware Inventory, {00000000-0000-0000-0000-000000000002} – Class for Software Inventory and
{00000000-0000-0000-0000-000000000003} – Class for Discovery Inventory.

image

Requested tab

This tab displays the policy assignments that were retrieved from the client’s assigned site. Results are displayed in tree format with a root node for the Machine namespace and each user-specific namespace. All following details in this section are taken from the ToolkitHelp document.

Results are displayed in tree format with a root node for the Machine namespace and each user-specific namespace. Expanding a namespace node displays the Configuration and Settings nodes.

image

a. Configuration node – displays a list of configuration classes derived from CCM_Policy_Config, which includes policy object, assignments, and others.

b. Settings node – Expanding the Settings node displays all active settings generated by policies. Settings are displayed under the Configuration node.

Note

Multiple instances can exist with the same names because these settings have not been merged into a final resultant set. Policy Spy displays instances under this node by using the RealKey properties instead of their true policy keys so they can be easily correlated to the resultant set displayed on the Actual tab.

Default tab

Default tab displays the same information that the Requested tab does as well as the contents of the DefaultMachine and DefaultUser namespaces.

image

Events Tabs

Events tab displays policy agent events as they happen. The view creates a WMI event subscription for all events derived from CCM_PolicyAgent_Event.

The view shows a maximum of 200 events and removes the oldest events from the top of the list, as required. If the last item in the list is selected, the list automatically scrolls down as new events are added. Otherwise, the view maintains its current position and you must scroll down or press the End key to view new events. This view is always empty when viewing an exported policy.

image

Client Info Pane

Client Info pane provides us the details about the client name, GUID, Client Version, Assigned Site Code and assigned MP also Resident MP. Form this pane, we can understand that the client is communicating with proper MP or it’s under global roaming etc.

image

Details Pane

The details pane displays the policy body of the current selection the MOF that displays.

If the body has not been downloaded by the client, Policy Spy displays a hyperlink so you can download the policy body directly from the client’s management point. Clicking the link causes Policy Spy to send an HTTP query to the management point.

If the policy body download succeeds, the hyperlink is replaced with the contents of the reply. Otherwise, the display is updated indicating that the request failed.

SCCM ConfigMgr 2012 Primary Site Server and Database Recovery


Warning: array_key_exists() [function.array-key-exists]: The first argument should be either a string or an integer in /home/content/71/10137771/html/wp-content/plugins/jetpack/modules/photon.php on line 183

System Center 2012 Configuration Manager Recovery options are changed.

 

Remember, we have to run the Site Repair Wizard (after completing the installation wizard) in ConfigMgr 2007, but this is changed for good in ConfigMgr 2012. More details about ConfigMgr 2007 Site Repair Wizard – Site Repair Wizard Step by Step Guide.

Now, In ConfigMgr 2012, the Recovery a Site option is part of Installation Wizard.

image

“Site Server recovery” and “Site Database recovery” are the TWO key parts of recovery process in CM2012. More details about recovery – through TechNet documentation.

Site Database recovery behaviour varies with SQL Server Change Tracking Retention Period and Site Database recovery scenarios.More details about SQL Server Change Tracking Retention Period and Site Database Recovery Scenarios.

In this post, we are going to recover a primary site with GOOD backup (More details about – Backup Site Server maintenance task). Note: We can make sure that from Smsbkup.log. Look for message ID “5035” which indicates that the site backup was completed without any errors. I’m able to successfully recover primary site which is having a secondary server with the following process.

If you DON’T have a GOOD backup of the primary site and your primary server is NOT a stand alone one then refer the following post to do the recovery- Part 1 .

 

I’ve already completed the rebuild of the server with same name, path, Drive letters and Patch level. Also, installed and configured IIS, DotNet 4, SQL and WSUS prior to the start of the recovery process.

1. Start : the ConfigMgr/SCCM 2012 Setup from the System Center 2012 Configuration Manager installation media, we’ve to run this setup from the server which you want to recover.

image

2. Select the option called “Recover a Site” to recover the primary site which you lost.

Note from TechNet : When Setup detects an existing Configuration Manager site on the server, you can start a site recovery, but the recovery options for the site server are limited. For example, if you run Setup on an existing site server, when you choose recovery, you can recover the site database server, but the option to recover the site server is disabled.

image

3. Site Server and Database Recovery: options are available in the following wizard.

As mentioned above there are TWO parts in the recovery scenario, Site Server recovery and Site Database recovery.

Site Server : Select “Recover this Site Server using an existing backup ” and browse to the backup file location.

Site DataBase : Select “Recover the Site Database using the backup set at the following location” and browse to the backup file location.

image

4. Site Recovery Information:This page in the wizard is already detected our Primary site and CAS details from the backup files. Note that CAS server details are already filled in the wizard.

Note : When recovering a primary site, you’ve the option to specify the CAS to which the primary was previously connected. Leave this setting blank when the primary site was not previously connected to a central administration site. The option is DISABLED when Setup has detected that you are recovering a CAS.

image

5. Prerequisites Download : Over here, we need to provide the prerequisites file details so that the SETUP can verify the files and proceed with the recovery.

Note : We’ve skipped two pages called “Product Key”, Microsoft Software License Terms” and “Prerequisite Licenses”.

image

6. Site and Installation Settings : Note that the site code, Site name details are already filled & greyed out (this information is already taken from the backup files). We can select the installation folder, remember it’s always better to install the configmgr in the same location.

image

7. DataBase Information : Most of the details are already filled and greyed out this page. Server Name, Database Name. Only option that we can change is SSB Port 4022.

image

8. Prerequisites Check : This will run the check and we can ignore the two warnings shown in the below pic (as this is a LAB environment, it’s always better to SET maximum memory allocation to SQL server). Click on “Begin Install” to start the recovery.

Note – We have skipped two pages “Customer Experience Improvement Program Configuration” and “Setting Summary”. Those are just default settings.

image

9. Install : This page shows us about the progress of the installation and recovery process.

In the following pic, the process which is going on is “Data Recovery in Progress”.

image

10. Verify ConfigMgrSetup.log: We can find detailed information about the actions performed by the recovery in ConfigMgrSetup.log and also details about the resync (BCP) happening from CAS Database (the changes happened in the hierarchy after the last good backup).

RCM received a message from “CAS Server”, BCP initialization started

RCM received a message from “CAS Server”, BCP is in Progress

image

11. Verify RCMctrl.log to check whether the resync has been completed at the recovered primary site “PRI”. More details about Site to Site Database Replication.

RECOVERY DONE: All the replicated data has been recovered at site PRI

image

12. Post Recovery Tasks : To complete the recovery of this site, you must manually complete the following actions which are NOT performed by setup.

a) In the ConfigMgr console, re-enter the passwords for the following accounts. In our scenario, we need to re-enter the password of the account mentioned in the following pic.

b) Reinstall the following hotfixes – If there is any hotfix need to be installed or not. In our case there is no hotfix requirement.

c) More details about post recovery activities has been saved to a file called for later reference C:\ConfigMgrPostRecoveryActions.html.

More details about Post Recovery process (IIS configuration, Recover Content Files) :: http://technet.microsoft.com/library/gg712697.aspx#BKMK_PostRecovery

image

In this post, we are going to see the recovery procedure of a primary site (without using any site backup). In other words, recover Primary site server from CAS .

We can retrieve global and global proxy data from the CAS database. The site data is regenerated by clients that send information to the primary site. The CAS reinitializes the site data from the primary site.

If you’ve a good backup and you want to recover a primary site then refer the following post – Post 1 .

Note – We won’t be able to recover a stand alone primary server using the following method!!

If you’ve a good backup in place, go through Primary Site Server & Database Recovery:Part 1. If you’re looking for a SCCM 2007 site recovery guide, go through Site Repair Wizard Step by Step Guide.

Now, In ConfigMgr 2012, the Recovery a Site option is part of Installation Wizard.

image

There are TWO parts in the recovery procedure, Site Server recovery and Site Database recovery. More details about recovery – through TechNet documentation.

Site Database recovery behavior varies with SQL Server Change Tracking Retention Period and Site Database recovery scenarios.More details about SQL Server Change Tracking Retention Period and Site Database Recovery Scenarios.

The site server recovery options :: (a) We can recover a site server from an existing ConfigMgr backup set. (b) Reinstall the site server. (c) If setup has detected an existing site installation on this computer, site server recovery settings are disabled.

The Site Database recovery options :: (a) We can recover the site database from an existing ConfigMgr backup set. (b) Create a new database for this site. (c) You can specify that the site database was manually recovered by using a different method. (d) You can skip database recovery when the site database recovery when site database was unaffected by the disaster.

I’ve completed the rebuild of the server with same name, path, Drive letters and Patch level. Also, installed and configured IIS, DotNet 4, SQL and WSUS prior to the start of the recovery process.

1. Start : the ConfigMgr/SCCM 2012 Setup from the System Center 2012 Configuration Manager installation media, we’ve to run this setup from the server which you want to recover.

image

2. Select the option “Recover a Site” to recover the primary site which you lost.

Note from TechNet : When Setup detects an existing Configuration Manager site on the server, you can start a site recovery, but the recovery options for the site server are limited. For example, if you run Setup on an existing site server, when you choose recovery, you can recover the site database server, but the option to recover the site server is disabled.

image

3. Site Server and Database Recovery: options are available in the following wizard.

As we don’t have backup, we have to select the options “Reinstall this site server” and

“Create a new database for this site”.image

4. Site Recovery Information :: We have to provide the CAS server details to recover the global and global proxy data from the CAS database. The site data is regenerated by clients that send information to the primary site.

If this is a stand alone primary server then we won’t be able to recover the site.

Note : When recovering a primary site, you’ve the option to specify the CAS to which the primary was previously connected. Leave this setting blank when the primary site was not previously connected to a central administration site. The option is DISABLED when Setup has detected that you are recovering a CAS.

image

5. Prerequisites Download : Over here, we need to provide the prerequisites file location details so that the SETUP can verify those files and proceed with the recovery.

Note :: We’ve skipped the following pages in this recovery wizard. Product key (need to enter the product key or select evaluation version if you’re using eval version), Microsoft Software License Terms and Prerequisite Licenses.

image

6. Site and Installation Settings : Enter the same site code, Site name and installation folder location.

image

7. Database Information : Enter the SQL Database Server Name, Database Name and SSB Port 4022. Leave instance name blank to use default instance.

Note : Configmgr primary sites require a Microsoft SQL Server database to store site settings and data.

Specify the database server’s Fully Qualified domain name, the instance name and data base name. Make sure the instance you specify is configured to use a static TCP port. Dynamic ports are not supported.

ConfigMgr uses SQL server Service Broker (SSB) to replica data between parent and child site database servers in the hierarchy. You must specify a TCP port number for SQL server Service Broker to use. This port is different from the SQL Server Service port, which is detected automatically.

image

8. Prerequisites Check : This will run the check and we can ignore the two warnings shown in the below pic (as this is a LAB environment, it’s always better to SET maximum memory allocation to SQL server). Click on “Begin Install” to start the recovery.

Note – We have skipped two pages “Customer Experience Improvement Program Configuration” and “Setting Summary”. Those are just default settings.

image

9. Install : This page shows us about the progress of the installation and recovery process.

image

10. Verify ConfigMgrSetup.log: We can find detailed information about the actions performed by the recovery in ConfigMgrSetup.log and also details about the resync (BCP) happening from CAS Database.

RCM received a message from “CAS Server”, BCP initialization started

RCM received a message from “CAS Server”, BCP is in Progress

RCM reports application of BCP has been completed

image

11. Verify RCMctrl.log to check whether the resync has been completed at the recovered primary site “PRI”. More details about Site to Site Database Replication.

Processing application pattern global

Processing application pattern global proxy

Processing application pattern site

RECOVERY DONE: All the replicated data has been recovered at site PRIimage

12. Post Recovery Tasks : To complete the recovery of this site, you must manually complete the following actions which are NOT performed by setup.

a) In the ConfigMgr console, re-enter the passwords for the following accounts. In our scenario, we need to re-enter the password of the account mentioned in the following pic.

b) Reinstall the following hotfixes – If there is any hotfix need to be installed or not. In our case there is no hotfix requirement.

c) More details about post recovery activities has been saved to a file called for later reference C:\ConfigMgrPostRecoveryActions.html.

More details about Post Recovery process (IIS configuration, Recover Content Files) :: http://technet.microsoft.com/library/gg712697.aspx#BKMK_PostRecovery

image

Audit User Logon and Logoff


A quick and easy way to audit your users login times (and some other details) is by using this simple login script method.
Firstly, you need to build two .BAT file scripts and save them to some sort of Audit share on a server. (I suggest hiding the share with the $ so users can’t easily access the share).
You need to give all users write permissions to the directory as they will be running a script and updating a file.

logoffAuditScript.BAT

echo —- Logoff —- %username%, %computername%, %date%, %time% >>\\SERVERNAME\audit$\logoffAudit.txt

logonAuditScript.BAT

echo —- Logon —- %username%, %computername%, %date%, %time% >>\\SERVERNAME\audit$\logonAudit.txt

You need to add the logonAuditScript.BAT to the login scripts settings in Group Policy and obviously the logoffAuditScript.BAT to the logout scripts setting.

Basically all these batch files do is write a single line with the username, computer name, date and time to the .txt files specified in the script.
You can then open the text files with Excel and find out when your staff are logging in and out.

There are a lot more extensive audit login scripts available out there – however I found this a quick and easy option that satisfies my simple audit needs. The major draw back of this audit method is that it only runs when users login and logout… if users stay logged in for long periods of time nothing is logged. You can use Logon Hours within AD to force users to logout if necessary.

ConfigMgr 2012 Content Library Overview


Content Management in ConfigMgr 2012 has completely changed to what we did in SCCM
2007.

When you distribute content to a Distribution Point in ConfigMgr 2012, a check is done against the Content Library to confirm that any of the source files being referenced in your application/package do not already exist in the Content Library. Ie. There is only one copy of every file stored on a DP regardless of how many packages reference that one file.

The SCCMContentLib Directory

The ConfigMgr 2012 Content Library (SCCMContentLib) consists of 3 subfolders:

1. PkgLib
2. DataLib
3. FileLib

1. PkgLib

In the Package Library folder you will find a PackageID.ini file for every package. The PackageID.ini file for each package will give you the details for the Data library content and what file you will need to look for.

2. DataLib

In the Data Library folder you will find a PackageID.ver.ini file for each package and a PackageID.ver folder. The folder is a “copy” of the exact package folder structure but without any of the real files. For each file in the original package you will find a corresponding .INI file with information about the original file. To find the HASH value for the file you are interested in, open the relevant .INI file and make a note of the first 4 digits of the HASH value, this will be needed to find the data in the FileLib directory

3. FileLib

The File Library folder is where you will find the actual files that are used in the different packages. All files are grouped together in a folder. The folder for each file uses a 4 digit pre-fix of the HASH value of that file found in the DataLib. The FileLib is where the nuts and bolts of the application are stored. You will see three files under each folder:

1. A file with no extension (FILE), the actual file named is the HASH value. This file
contains all of the source files for that part of the application. If the
application only had a single .EXE or .MSI file to execute than you could copy
the file to a location such as the Desktop, rename it to the original file name,
ie .EXE, .MSI and start the installation

2. Hash.ini file contains a link between the file and the packages that uses the file. If you have multiple
packages referring the same file, you will just see an entry for each package
ID.

3. Hash.sig. It contains the original package signature

ConfigMgr 2012 Content Library in Action…

For this example I will use my Microsoft Office 2010 package which has Package ID IBC0000B.

1. Navigate to the SCCMContentLib directory on your DP.

2. open the PkgLib directory
Content Library 1
Content Library 2

3. Open the configuration file referencing your Package ID, ie IBC0000B, and make a note of the ContentID it is referencing, ie Content_30b777f9-be…………..
Content Library 3

4. Navigate to SCCMContentLib\DataLib and open the directory that was referenced in your package configuration file, ie Content_30b777f9_30b777f9-be51-484b-8327-77bf2ef75169.1
Content Library 4

Notice that folder Content_30b777f9_30b777f9-be51-484b-8327-77bf2ef75169.1 holds reference to all files in your source location, ie you will see all the Office 2010 files being referenced. NOTE: These files do not contain any of the actual source data, only references to the HASH values for each

Content Library 5

5. Open any of the configuration files referencing a file in your package to gain the HASH value to the actual content. For this example I will use the setup.exe file as the example.
Content Library 6

6. Take note of the first 4 digits in the hash, so for the setup.exe file it will be “97E6”

7. Navigate to SCCMContentLib\FileLib\<4 digit hash> –  eg SCCMContentLibrary\FileLib\97E6
Content Library 7

8. The file with extension ‘FILE’ is the actual content for the setup.exe file in our source content. To confirm this we can see the size of this file is 1075KB, the same as our setup.exe file from our source location.OriginalSource Files
Content Library 8

9. As this Office is an application made up of many components, ie Word, Excel etc, they all share common files; to see what packages require the setup.exe file you could open the “Configurations Settings” file to see the package IDs of all packages that require the setup.exe file.
For applications that are compiled to one executable, eg Adobe Reader, you could follow this process and simply copy the FILE file to a desktop, set the file extensions accordingly, ie .EXE and you could simply run this file and it would execute and install as it would contain all source files…

THAT’S IT…  GOOD LUCK…

%d bloggers like this: