I have a bunch of Azure VMs that have the Microsoft Antimalware extension installed. I am considering using my SCCM setup in Azure to deploy Endpoint Protection. This article includes a PowerShell script to remove the Azure extension and more.
If you look in the comments section of the article there is also a command that stops the “Your system administrator has restricted Access to this app” message and allows access to the UI.
Adding or Removing Azure Antimalware Extension
I have a database that all users write to when they logon (date, time, computer name etc.). This relies on an ODBC connection to a SQL Server database. Here’s how I created the ODBC connection using AppSense Environment Manager (EM).
Note: Using EM 8.6.
- On the machine running the EM admin console, manually create a USER DSN with the required settings, using the ODBC Data Sources tool (normally found on the Administrative Tools menu).
- In the EM console open the appropriate EM policy (use Run as Administrator to launch the console).
- Create a new node called ODBC Settings under User # Pre-Desktop.
- Click the Actions button and select ODBC # Create ODBC Connection.
- Give the connection a name and select the Driver Type, e.g. SQL Server.
- The manually create connection should appear in the list box labelled Current Connections. Select the connection.
- Click on the ODBC Data Pairs tab to observe the settings that EM has picked up from the existing ODBC connection.
- Click OK and save the EM Policy configuration as usual.
Not a great fan of reporting in SCCM 2012 as it just seems so much more hassle than it was with the ASP reports in SCCM 2007. Below is my preferred method of creating or editing custom reports in SCCM 2012 R2.
- Ensure the Reporting Service Point (RSP) is installed and configured.
- Access the RSP server using the link, e.g. http://sccmserver/reports.
- Open the default folder – probably called ConfigMgr_ABC where ABC is the SCCM Site name.
- Create a new folder called ABC Custom Reports.
- In the SCCM console access the Reporting node in the Monitoring workspace.
- Right-click on any report and choose Edit. This will force the Report Builder tool to download to your user profile.
- Don’t do anything, just close Report Builder.
Create a Run As Administrator Shortcut to Report Builder
- Create a shortcut to the MSReportBuilder executable now buried in your profile here: C:\Users\username\AppData\Local\Apps\2.0\WMN9W578.6MY\4ZPA1R15.EH1\repo..tion_c3bce3770c238a49_000c.0000_f828cd3ef9610d16\MSReportBuilder.exe – not sure if the naming is consistent but it will be under the 2.0 folder somewhere.
- Access the properties of the shortcut, click the Advanced button and tick the Run As Administrator check-box.
Creating a New Report
- Create/obtain the SQL query to be used for the report.
- Open Report Builder using the shortcut.
- From the Getting Started screen select New Report on the left and Table or Matrix from the right.
- Ensure Create a dataset is selected at the bottom and click Next.
- The default data source should be highlighted, if not browse to it under the ConfigMgr_ABC folder (it’s listed after all the report folders). Click Next.
- In the Design window click Edit as text.
- Paste the SQL in the text box and test using the execute button (the red exclamation mark).
- Assuming the SQL syntax is OK click Next.
- Select all the fields listed in the Available fields box and drag to the Values box.
- Click Next, Next and Finish.
- Adjust the column widths etc. to suit.
- Click Save As from the ribbon button and save the report in the ABC Custom Reports folder.
The report should now be visible in the SCCM console.
Editing a Custom Report
- Don’t use the SCCM console to edit a report – too flaky.
- Open Report Builder using the shortcut.
- Click Open on the Getting Started screen and browse to the custom report to be edited.
Editing an Existing Report
- Do not edit the existing reports in place causing them to be overwritten – always do a Save As to the custom reports folder as soon as they are opened
Just getting started with AppSense which my organisation is intending to use to manage user profiles, application access and more. Below is very much a newbies guide to creating an AppSense Deployment Group (DG), deploying AppSense agents to devices that are members of the DG and assigning an AppSense Environment Manager (EM) Policy to the devices.
An EM Policy has already been created ready to assign to devices. For testing I use a simple policy initially to ensure new agents are working OK – maybe a policy that just contains a action to create a new folder.
Create the DG
- Open the AppSense Management Console.
- Right-click Deployment Groups and select New Deployment Group.
- Name the DG appropriately.
- Expand the DG and choose Settings.
- For testing purposes on the General tab, change the Polling and Data Upload times to 5 minutes.
- On the Installation tab change the settings to suit relating to installing Agents and rebooting target devices. For testing installing at the next poll is OK for me.
- Click Submit to effect changes.
Asisgne Packages and Policy
- Select Packages and under the Environment Manager heading right-click the appropriate Agent (32 or 64-bit), choose Change Agent Version and then select the appropriate Agent.
- Still under the Environment Manager heading, right-click Configuration and choose Change Configuration.
- Select the appropriate pre-created EM Policy and click Next.
- Select Always Use Latest (this ensures the latest changes to the policy are automatically applied to the DG members), click Finish.
- Click the Review and Submit button at the bottom of the screen, click Submit and confirm the message.
Discovery and DG Membership
- Navigate to the main DG node.
- Change the default credentials if required by clicking the Manage Credentials button.
- In the Membership Rules area click the Configure Membership Rules button.
- Select the appropriate DG and click the Edit Conditions link.
- Click the arrow adjacent to the Add button and select Active Directory Container.
- Click the ellipses, browse to the appropriate container, click OK and submit the change.
- Under the new DG, select Computers and click the Discover link on the right.
Deploying the AppSense Agents
- When the target computer(s) appear in the list, right click and select Install Deployment Agent.
- Below the list observer the installation by clicking the Packages tab. The install of the Management Agent, EM Agent and EM Policy should be in progress.
- Once the install is complete the computer may reboot immediately depending on the settings made above.