One of the familiar and ancient practices for Configuration Manager administrators is to exclude particular drives from being installed with ConfigMgr components and content.  This helps to reign in ConfigMgr somewhat and prevent it from clobbering disks with limited space and/or high I/O overhead.

The process is rather simple, you create a “no_sms_on_drive.sms” file in the root of the drive you wish to exclude from ConfigMgr attention.  The file can be empty or you can enter something it if you wish. This is really most relevant when the server has more than one fixed (logical) disk, such as a E: or F: drive, and so on.  This is most often applied to servers, rather than end-user devices, but that’s not a requirement, since BranchCache opens up a broader platform pool.

For a handful of servers this is simple enough.  For thousands of servers it can be a bit tedious, even more so when the server pool is dynamic.

Group Policy Preferences and Item-Level Targeting can help.

Example Scenario:

Domain “contoso.com” has a DC named DC1 (clever, I know), a ConfigMgr site server P01, and file servers FS1, FS2, FS3, and FS4.  Each of the file servers FS1, FS2, and FS3 has a C: drive, for Windows, and an E: drive which hosts file shares.  FS4 only has a C: drive.  The ConfigMgr would like to prevent ConfigMgr from gang-raping the C: drive on the file servers which have an additional fixed drive other than C:.

Ingredients:

  1. A target OU to place the servers
  2. A GPO for configuring the settings
  3. A file “no_sms_on_drive.sms”
  4. A UNC share for hosting the above file

Assumptions:

  • Windows is installed on C: drive
  • Drives A: and B: are not reassigned

Notes:

  • Since this GPO is processed by the Computer, rather than the user, the source file needs to be placed into a globally-accessible share for all network computers to access.  This means you need to grant NTFS Read permissions to the domain group “Domain Computers” as well as Share-level access.
  • Create a separate GPO for this, to help isolate it for management and troubleshooting.
  • Create a separate “test” OU for this, until you’re ready to move it into production.

 

gpp2
Figure 1
gpp1
Figure 2

Edit the GPO to specify the Group Policy Preferences setting under: Computer Configuration / Preferences / Windows Settings / Files.  Right-click on the Files node, and choose New / File.

gpp3
Figure 3

Be sure to specify a UNC path, rather than a drive letter, for the Source files entry.  The Destination file entry should be an explicit value (relative local path), as shown above.

gpp4
Figure 4

Select “Item-level targeting”, and click the “Targeting” button.  Enter a Description if you wish.  You can adjust the “Apply once and do not reapply” setting (Figure 4) to suit your needs.  This is just an example.  To edit the targeting condition, click the “Targeting…” button.

gpp6.PNG
Figure 5

Click “New Item” from the drop-down list at top-left of the Targeting Editor form (Figure 5), then select “WMI Query” at the bottom of the list.

gpp5
Figure 6

Leave the Namespace as “Root\cimv2”.  Enter the WMI query in the Query box, and specify any valid property name in the Property box, such as “DeviceID”.  Leave Environment variable name blank.  Click OK.  For giggles, select the entry in the upper panel and scroll to the end to see how it modifies the WMI query to suit ILT use.

WMI Query:

SELECT * FROM Win32_LogicalDisk WHERE DeviceID<>'C:' AND DriveType=3

If the query (Figure 6) returns a result (a value from the property “DeviceID”), then it’s evaluated as “True” and validates the ILT condition.  This means that if a fixed logical disk is found, other than C:, it returns True and therefore applies the Group Policy Preference instruction (copies the file)

You can adapt this approach to many other uses besides Configuration Manager, or even copying files.

Enjoy!

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s