Random Thoughts and Stuff

While packing for travel I was having a conversation around the “state of IT” with a friend. So I figured (A) it might be worth jotting down some of the key points, and (B) do it before I fly out, in case some underpaid mechanic forgets to tighten that one bolt that holds the engine onto the wing.  Actually, who am I kidding, that mechanic probably earns more than I do.  Anyhow…

this is rambling, so drink plenty of medication and smoke your wine before continuing.

(travel-packing sidenote: Oreo is 15 years old, and like most humans, used to hate my guts.  Eventually, as daughter number 3 moved out, and I became her sole source of attention and food, she has become my friend.  She follows me around all day.  Every time she sees my suitcase out the night before I travel, she does this.  I’ll need to go over that ball cap with a ball of tape in the morning.)

The Future of SCCM and MDT and EMS

This is admittedly a Microsoft-centric topic. The discussion mentioned above was about “how long” will SCCM and MDT be “of interest” to consumers?  Obviously, I do not own a real crystal ball.  I only have a Dollar Tree knock-off, and I don’t have access to real business data, therefore I rely upon what scientists often refer to as ‘shit talking‘.

I’ll admit, after day 1 at MS Ignite this year, I was feeling the angst.  For example, while riding the bus back from the conference center to the hotel, staring out the window, I kept thinking “why, why, why did I leave app-dev to move into this infrastructure rat race?!  wtf was I thinking?!” and “I hope my dog isn’t chewing up my last pair of flip flops right now.”  It really felt like the job market for anyone walking around a typical IT shop today, would be dried up to around 10% of that volume within 5 years.  And who really knows?  It could go in any direction.  I think everyone is in agreement that there is already a major tectonic shift in play, with traditional operations moving into software-defined operations.  The thought of learning things like JSON, Git, VSTS, on top of PowerShell and Azure, is adding wrinkles to quite a few faces I see.

The mere mention of “new certs” is probably having a measurable effect on the sales of alcohol, tobacco and firearms, which should keep these guys employed for a long time.  For many I’ve known over the years, the feeling is like being shoved onto a rollercoaster by your drunk buddies, against your will, and now you’re approaching the top of the first peak in the run.

After 3 more days, and soaking up session content, food, beer, and more importantly: engaging vendors in deep discussions out on the expo floor, my initial expectations of SCCM/MDT doom were relaxed quite a bit.  Mainly out of realizing the following points:

  • The majority of imaging work I see being done at most mid-sized and large customers is refresh of existing hardware.  The mix of new vs. reuse is cyclical at most larger shops, due to budget cycles and SLA’s about hardware refresh programs.  So at various times in a given year, there’s more new imaging, but for the remainder of the year it seems to be more refresh/reuse.
  • Most of the (above) people I’ve spoken with are very interested in AutoPilot, but quite a few hadn’t yet been allowed access to the preview at the time I spoke with them (I think most are now seeing it in their portals)
  • In-place upgrades are still a minority (far too low in my opinion)
  • The description of “automatic redeployment” got their attention, but most are still tied to the comfort of a “clean wipe and load” for various reasons.
  • Ultimately: Regardless of what anyone says, things which “work” have a very VERY tough time dying in the IT world.  Hence why so many machines still run XP.  I’d also wager my tombstone that Windows 7 will easy to find running on machines in 2027.  That’s because I’m planning to be cremated on a Walmart grill.  But that’s beside the point.

The weeks after Ignite I’ve made it a point to casually interview my customers to get a feel for where they see the biggest and most immediate changes coming.  It’s a delicate thing to ask, since it can easily smell like a sales pitch.  Sales pitches have a distinct odor that is often confused with bus station toilets or dead cows laying in the sun.  However, most of them are well aware of my dislike for sales people in general (some of my friends are in sales, so there are exceptions).

  • The biggest hurdles they have today are keeping up with device models and drivers, patching, moving to some new system for IT operations (ticketing, change mgt, etc.), and endless training of each new-hire who is replacing three who just left.  See what I did there?
  • The single biggest complaint about imaging in general revolves around drivers.
  • There’s still quite a bit of frustration and confusion I hear around Intune capabilities.  Some is related to Intune agent vs. agentless, management; Some is around app deployment capabilities; Some is inventory reporting.

Windows 10

I still spend way too much time explaining Windows 10 servicing models and the naming convention.  They were just starting to grasp CB, and CBB, but now “Semi-Annual” and “Semi-Annual Targeted” are leaving them in one of two modes: pissed off or chuckling.  The most common response I hear from the former is around the constant renaming of things in general.  “Active, Live, Visual, and now CBB, then Semi Annual Targeted, WUS, then WSUS”, and so on.  Their words, not mine.

I’m always surprised to find so many shops still heavily invested in MDT and doing very well with it.  The other interesting thing is that the majority of them assume they’re doing everything wrong and are panicked when I arrive that I’ll redline their papers.  In fact, most of them are doing very well.  They’ve read the blogs, the tweets, bought the books, watched the videos, done the TechNet labs, and so on.  A few have been lucky enough to attend training and/or conferences as well, but that’s a very small percentage.

The pace at which organizations are getting their Windows 10 rollouts moving is gaining speed and volume.  However, the Office aspect has thrown a wrench into quite a few (see below)

Office

This reminded me of a discussion I had at Ignite with the Office team on the expo floor.  It was around the issue of third-party extensions (add-ons) for Office, and how many are produced by small shops which do not stay current with Office versions.  The result I’ve continued to see is a fair amount of shops who can’t upgrade Office until the third-party vendor puts out an update or a new version.  Then there’s the cost factor (is it free or not?).  In many of those cases, the hold-up triggered the IT department to wait on other projects such as Windows 10.

The number of Access applications interfering with Office upgrades has dropped significantly for me in the past 3 years.  Not just the projects I’m working on, but also from reports I get from other engineers and customers.  That’s a good thing.

Controls vs. Controls

I’m still seeing a continued reliance on inefficient control mechanisms with regards to device and user configuration management.  Way too much effort put into the imaging side, and not enough on the environment side.  Way too much on the “nice to have” side, vs. the “gotta have” side.  Not enough attention is being paid to ‘baseline’ and ‘continuous’ control models, and when to use which one, and how best to apply tools for each.  For example, hours and hours spent on wallpaper, shortcuts, and folders in the imaging process, being manually adjusted with each update cycle, rather than letting Group Policy Preferences step in and mop that shit up with one hand.

I’ve had fairly good results convincing customers to drop the continuous meddling with reference images, instead, (at least trying to)…

  • Change the data storage process to keep users from storing anything valuable on their device
  • Remove as many non-critical configuration controls as possible
  • Move continuous controls to the environment (GPO)
  • Move baseline controls to the environment wherever possible (GPP)
  • Move remaining baseline controls to task sequence steps

There are obviously exceptions that require mucking with the install.wim to make a new .wim, but I’m finding that’s only REALLY necessary in a small percentage of the time.  The vast majority of controls I see are voluntary and serve little functional or operational benefit.  Things like hiding Edge, Forcing IE, hiding Cortana, forcing Start Menu and Taskbar items, etc.  Just educate users to avoid them.  Treat them like adults and who knows, maybe they’ll stop urinating on your office chair.  Try it and see.  The worst you’ll get is whining (you get that anyway), but the best (and most likely) outcome is less work for you and less risk of something breaking.

Role and Salary Compression

It not only continues to thrive, it seems to be accelerating its pace.  Almost every customer I meet tells me how they’re expected to do more with fewer people, less training, less budget, and shorter time constraints.  Most haven’t had a significant raise in a long time.  This seems more prevalent at companies which are publicly-traded than those which are not, but it affects both.  Personally, I see a correlation with public organizations and cost reduction priorities over innovation and revenue increase.  Then again, I have no formal training in such matters, so again, I’m probably talking shit.  Again.

Intune

Speaking of Intune.  I’ve been spending more time with it this past week, along with Azure AD, and AzureADPreview powershell module.  I’ve always like the concept of what Intune and EMS are aimed at. The mechanics are still frustrating to me however.  There are plenty of design quirks that drive me batshit crazy.  Like devices / all devices vs. Azure AD devices, and the differences in how provisioning an app for iOS or Android and Windows, from the Windows Store no less.  As Ricky Bobby would say, “it’s mind-bottling”.

Then again, I’m not at all a fan of the “blade” UI paradigm.  The Blade model is (in my humble, semi-professional, almost coherent opinion) marginally efficient for direct touchscreen use, but for mouse and keyboard it blows chunks of post-Chipotle residuals.  I’m sure that will infuriate some of you.  But that’s just how I feel.  Drop-down menus, panels, heck, even ribbons, are more efficient in terms of hand and finger interaction (mouse, touchpad) for operations involving closely related tasks (settings, options, etc.)  Ask yourself if moving ConfigMgr to a blade UI would make it better?  Or Office?  If you think so, try switching to another brand of model glue.

Back to Intune.  I would really look forward to seeing it mature.  Especially in areas like agent vs. agentless device management (it’s very confusing right now, and the differences are weird), AutoPilot, Redeployment/Reset, and expanding the features for deploying applications, remote management (TeamViewer, etc.), and GPO-to-MDM migration.  I’m thinking Windows desktops and laptops of course (if you hadn’t already figured that out).  Phones are great, but nobody, who isn’t masochistic, is going to write a major app using their phone most of the time.  Auto-correct and latent-rich touch screen typing, would cause most PowerShell, C# or Ruby code writers to massage their head with a running chainsaw.

I think I digressed a bit.  sorry about that.

Other Stuff

I’ve spent some after-hours time keeping my brain occupied with scripting and app-dev projects.  I’ve been doing Windows 10, Windows Server 2016, MDT and SCCM lab builds and demos for months, along with real implementation projects, and starting to burn out on it all.  I needed a break, so I’ve managed to get a few things done and few in the pipeline:

I ran across a couple of (seem to be) abandoned Git projects focused on DSC for building ConfigMgr sites, but none of them appear to be factored into a template construct.  Meaning?  That they’re still built on specific parameters, or require extensive customization for various roles, configurations, environments.  I’m still poking at them and forked one to see what I can make it do.  In the meantime, I’m moving ahead with CM_BUILD and CM_SITECONFIG being merged into a new CMBuild PowerShell module.  So far so good.  And when that’s done, I’ll go back to see what I can in that regard with DSC and applying that towards Azure VM extensions.

I’ve come to realize that there’s 4 basic types of southern dialect in America:  Fast, Slow, Twangy and Crooked Jaw.  Think about it, and you’ll see that’s true.

The shortest distance between two points is often the most expensive.

If you never fail, you’re not trying hard enough.

If you fail most of the time, you’re probably in the wrong career path.

I’m on travel next week.  Expect more of the same stupid tweets about mundane stuff.  If you tire of me, unfollow me.  I don’t mind.  It’s just Twitter after all.  I will do my best to keep my camera ready for anything interesting.  I need to watch some air crash documentaries now, to get my mind relaxed for tomorrow.

Advertisements

CMHealthCheck is now a PowerShell Module

What is it

CMHealthCheck is a PowerShell module filled with bubble wrap, Styrofoam peanuts, and 2 possibly useful functions, aimed at collecting a bunch of data from a System Center Configuration Manager site server, and making a pretty report using Microsoft Word.  But doing so without needing to manually download and store a bunch of script files and so on.

It’s still based on the foundations laid by Rafael Perez, with quite a bit of modification, prognostication, prestidigitation, and some coffee.  Special thanks to Kevin (@thenextdotnet) for helping point me in the right direction to move it all from scripts into a module.

Why is it

I get asked (okay, told) to help customers find out why their site servers are running slow, showing red or yellow stuff, or just to get them ready to upgrade from whatever they’re on to whatever is the latest and greatest version of ConfigMgr.  They also like a pretty Word document with a spiffy cover page.

How to use it

  1. Install the module on the ConfigMgr CAS or Primary server you wish to audit –> Import-Module CMHealthCheck
  2. Run the Get-CMHealthCheck function (see documentation on Github – linked below)
  3. Install the module on a Windows computer which has Office 2013 or 2016 installed (hopefully NOT the same computer which was audited)
  4. Run the Export-CMHealthCheck function (see documentation on Github – linked below)
  5. Save the Word document and mark it up.

Where to Get it

How to Complain About it

Because I know some of you will, but that’s okay.  Without complaints, we have no way of identifying targets.  Just kidding.  I need feedback and suggestions (or winning lottery numbers and free food coupons).  Please use the “issues” link on the GitHub repository to submit your thoughts, gripes and so on.

Invoke CM_Build over the Web

Updated 10/15/2017 – Added -Override example

118057481

First off: WTF is CM_BUILD?

CM_BUILD is a PowerShell script that configures a “vanilla” Windows Server machine into having Configuration Manager Current Branch installed.  This includes ADK, MDT, Server Roles and Features (WSUS, BITS, etc.), SQL Server, ConfigMgr itself, and a few goodies like Right-Click Tools, ConfigMgr Toolkit.  The GitHub repo has a cute readme markdown page filled with overcaffeinated gibberish on how to use it.  CM_SiteConfig is the “part 2” to cm_build, which configures ConfigMgr into a semi-functional site.

Short answer: https://github.com/Skatterbrainz/CM_Build

Okay, why CM_BUILD?

I don’t know.  Why do we do anything?  For the thrills? I could have taken up robbing banks, raising a crocodile farm, or breaking world records of swilling down cans of Four Loco while working on electrical equipment.  But I chose the boring life.  And while I’m bored, I hate clicking buttons repeatedly, so …

I got inspired by Johan and Mikael’s ConfigMgr Hydration Kits and Deployment Fundamentals Vol. 6 book examples, and Niall’s noob scripts, (I know it’s not actually called that, but it sounds cool to say “Niall’s noob scripts“), and after 45 cups of terrible coffee I said “I can shove all that into an XML file and call my JSON friends up and laugh hysterically at them, saying things like ‘You and your snotty little JSON drivel!  Always mocking poor, starving little XML.  Well, I’ll have you know I can still write XML, and probably even a little COBOL! So what do you think of that?!  Hello?  Hello?  Did you just hang up on me?!! WTF!

Anyhow…. Hold on, I need to get my dog outside before she has an accident….

okay, I’m back.

Why Invoke it over the Web?

There are several potential reasons for wanting to do this:

  • I was really bored and it’s been raining all freakin day, and…
  • It’s 3am and I can’t sleep, and…
  • I saw this, and …
  • I wanted to pull this off within Azure, using a VM extension, without having to import any actual files, and it would be cool to tie all this together with a runbook so I can send a text message “new lab configmgr p01“, to fire off a lab build in Azure and have it text me back “your stupid lab is ready, now leave me alone!” then I can forget it’s still running and it runs all my MSDN credits down to $0 until the next monthly cycle, and…
  • I scrolled through Dan Bilzerian’s twitter feed just long enough to hate my boring life, and needed a distraction, and…
  • It seemed like something cool to try

Example

Time to put on a poker face and act serious now.  The example below calls the cm_build.ps1 script from the GitHub master branch URL, converts it into a -ScriptBlock object, and passes in the -XmlFile parameter value using the Github Gist raw URL (you can make your own by copying the cm_build.xml into your own “secret” Gist, so you don’t openly share sensitive information to the whole world)

$ps1file = 'https://raw.githubusercontent.com/Skatterbrainz/CM_Build/master/cm_build.ps1'
$xmlfile = '<your-gist-raw-url>'

$script = Invoke-WebRequest $ps1file
$scriptBlock = [ScriptBlock]::Create($script.Content)
Invoke-Command -ScriptBlock $scriptBlock -ArgumentList @($xmlfile, $True, $True, $True)

But you can also invoke the interactive gridview menu using the -Override parameter, by simply appending one more $True into the -ArgumentList array.

Invoke-Command -ScriptBlock $scriptBlock -ArgumentList @($xmlfile, $True, $True, $True)

Then you get this budget-sized, corner-cutting, hack of a menu to choose from…override-gui

You may see a red warning about “Split-Path : Cannot bind argument to parameter ‘Path’ because it is null.”  I’ll fix that soon.  It only impacts the log output, but nobody reads log files anyway, right?

Anyhow, it’s 3:33 am, and I’m still typing, which is probably bad for my health, but if two people read this and it actually provide useful information one of you, mission accomplished.  Actually, I know for a fact this is bad for my health.  Regardless, I ran the above snippet (with a real URL in the $xmlfile assignment) in my Hyper-V duct-tape and chewing gum lab at home, and it worked like a charm.  Now I can log into the server, open the ConfigMgr console and proceed with CM_SiteConfig, or apply real world tactics and break the ConfigMgr site entirely and start over.

zzzz

My Favorite Ignite 2017 Sessions

Just a heads-up: Not all of the sessions I attended or enjoyed most are posted yet.  And some sessions might not have been recorded (expo area mostly).  Also, some of the videos have flaky audio.  Enjoy!

[ PLACEHOLDER FOR ASK THE EXPERTS: WINDOWS 10 DEPLOYMENT AND SERVICING SESSION ]

[ PLACEHOLDER FOR BRANCH CACHE SESSION (when it becomes available) ]

[ PLACEHOLDER FOR EXPERT LEVEL WINDOWS DEPLOYMENT SESSION (when it becomes available) ]

Cm_SiteConfig 1.3 – Importing Queries and Collections

Updated:  Added missing graphic of menu

This may be the only blog post I do before I head down to Microsoft Ignite this coming weekend. I’m also trying desperately to keep up with younger colleagues on exam studying, damn it. Getting old sucks. Anyhow. I wanted to discuss some things about cm_siteconfig 1.3 that I may have glossed over (or snored through). I need a break from labs right now anyway.

What is Cm_SiteConfig?

I’ve been working on a pair of PowerShell scripts to automate the building of a System Center Configuration Manager site server.  This could be a CAS or a Primary, but basically, each of the two (2) scripts uses a dedicated XML configuration file to control what it does.  Cm_Build.ps1 installs all of the prerequisite items to make a vanilla Windows Server machine into a Configuration Manager site server.  It does not configure the Configuration Manager site itself however.  So, things like Discovery Methods, Boundary Groups, Client Settings, Site Settings, Collections, Queries, OSD items, Applications, etc. need to be created.  This is where Cm_SiteConfig comes in.

Cm_SiteConfig.ps1 uses Cm_SiteConfig.xml to configure an existing Configuration Manager site server with things like Discovery Methods, Active Directory Forest Connection and Publishing, Boundary Groups, Site System Roles (multiple), Client Settings, Client Push settings, Distribution Point Groups, Operating System Images, Operating System Upgrade Installers, Collections, Queries, Applications, Maintenance Tasks, System Accounts, Enpoint Protection Policies and even Console Folders in which to organize these things.

The Override Feature

Normally, when each script is run, it processes the XML configuration data in sequential order by reading the “use” property of each item (if use=”1″ it’s processed, otherwise it’s ignored).  When using the -Override parameter, you are presented with a graphical menu, from which you can choose individual tasks to execute, while skipping over the others entirely.

For example, if you wanted to just import custom queries and collections, you can do the following:

  1. Edit the cm_siteconfig.xml file to suit your site configuration (within the [cmsite] tag: sitecode, forest, etc.)
  2. Edit the queries and collections entries (if needed)
  3. Open a PowerShell console on the Site Server using “Run as Administrator”
  4. Run the cm_siteconfig.ps1 script as follows (see example below also):
    cm_siteconfig.ps1 -XmlFile cm_siteconfig.xml -Detailed -Override
  5. Select the features you wish to process from the Gridview menu, and click OK (lower right of menu)
  6. Watch the output and refresh your console

You can do the same with other sections of the XML file.

Important Note!

Be sure to run the Folders section at least once, to insure the folders are created prior to other sections being processed which may rely on those folders to be present.

Where to Get it – Here

Feedback / Suggestions / Bug Reports – Here (please!!)

Back to studying.  I hope to run into some of you during Ignite!  I’m easy to spot:  I look like every other white guy roaming the expo floor with too much swag falling out of every pocket and trying to hold a drink and a cellphone at the same time.

Master Plan – Automating an SCCM Site Installation

I was thinking, “Man, (or woman), it would sure be coolio if I could push one button and *presto!* I have a fully-built SCCM site server, without having to install anything but Windows itself“.  There’s some really shiny stuff out there already, like hydration kits and prerequisite installers.  But then, I thought “That’s not enough!  I need it to be ‘real’.  I need more!!” I want to build the site itself, and configure EVERYTHING to be JUST LIKE A REAL site out in the real world.  So, here’s how I sketched it out…

  1. Install Windows Server
    1. Do NOT patch it
  2. Create all the folders in all the right places
  3. Install Windows Server roles and features
  4. Install ADK for Windows 10
  5. Install MDT
  6. Install SQL Server with file auto-growth settings, Domain Service accounts, and register the SPNs
  7. Configure SQL Server memory limits
  8. Install the WSUS role
  9. Run the WSUS post-install configuration step
  10. Create file NO_SMS_ON_DRIVE.SMS on C:\
  11. Install Configuration Manager 1511 (not the latest baseline) with a Site Code, Site Name, Roles
  12. Configure Discovery Methods, including Network Discovery, where each one runs every day
  13. Initiate Discovery Methods
  14. Create Site Boundaries and Boundary Groups
  15. Configure Client Settings
  16. Configure Client Push Installation
    1. Configure automatic client installation and client upgrades
  17. Create and Configure Query-based Collections
  18. Configure all Query Collections to update every hour
  19. Create and Configure a set of Applications
  20. Deploy Applications to Collections
  21. Add everyone in IT to the “Full Administrator” RBAC role in SCCM
  22. Add everyone in IT to the SQL Server server admins role
  23. Install Symantec Antivirus, McAfee Antivirus, Cylance Agent and anything else on the same host
  24. Turn on the Domain Firewall
  25. Create an OSD configuration
    1. Windows 10 Image captured from a 5-year old machine with EVERY conceivable application installed.  If it’s not at least 10 GB, we have to repeat until it does.
    2. Boot Images – add every component and every driver for every model we have
    3. Drivers – everything.  all of it.
    4. Applications – only those product names which begin with 0 – 9 or A – Z.
    5. Task Sequences – create a dozen with names that mean nothing to anyone unless they’re on drugs
    6. Deploy each TS  to “All Systems” via PXE without a password
  26. Set a scheduled task to reboot the site server every night at the same time the backups and SQL jobs are supposed to run
  27. Add “Domain Users” to the local Administrators group
  28. Turn off Site Maintenance tasks: backups, reindex.
  29. Do not install Ola’s tools – or Steve’s guidelines for SQL – they just make it run too well.
  30. Install Google Chrome, MS Office, Adobe Reader and any freeware applications I can find on the primary site server
  31. Change the NIC to use DHCP
  32. Install additional Web Site applications within IIS
  33. Verify no PKI exists and then configure all clients to use PKI only.
  34. Take a snapshot/checkpoint every day and once a month revert to a previous snapshot from a week earlier.
  35. Post job openings to all the job search sites insisting the candidate ONLY know Ghost or Acronis and has never touched or even heard of SCCM or MDT, ever.
  36. Configure Azure with O365 and and EMS tenant
  37. Integrate SCCM and EMS
  38. Enroll devices in EMS/Intune
  39. Deploy SCCM clients to the Intune devices
  40. Automatically open support tickets with Microsoft on why the clients stop working in EMS/Intune

That should just about cover it.

SCCM, SQL, DBATools, and Coffee

Warning:  This article is predicated on (A) basic reader familiarity with System Center Configuration Manager and the SQL Server aspects, and (B) nothing better to do with your time.

Caveat/Disclaimer:  As with most of my blog meanderings, I post from the hip.  I fully understand that it exposes my ignorance at times, and that can be painful at times, but adds another avenue for me to learn and grow.

marie-wilson-cooking

I don’t recall exactly when I was turned onto Ola Hallengren, or Steve Thompson, but it’s been a few years, at least.  The same could be said for Kent Agerlund, Johan Arwidmark, Mike Niehaus, and others.  None of whom I’ve yet to meet in person, but maybe some day.  However, that point in time is when my Stevie Wonder approach to SQL “optimization” went from poking at crocodiles with a pair of chopsticks, to saying “A-Ha!  THAT’s how it’s supposed to work!

As a small testament to this, while at Ignite 2016, I waited in line for the SQL Server guy at his booth, like an 8 year old girl at a Justin Bieber autograph signing, just to get a chance to ask a question about how to “automate SQL tasks like maintenance plans, and jobs, etc.”.  The guy looked downward in deep thought, then looked back at me and said “Have you heard of Ola Hallengren?”  I said “Yes!” and he replied, “he’s your best bet right now.

Quite a lot has changed.

For some background, I was working on a small project for a customer at that time focusing on automated build-out of an SCCM site using PowerShell and BoxStarter.  I had a cute little gist script that I could invoke from the PowerShell console on the intended target machine (virtual machine), and it would go to work:

  • Install Windows Server roles and features
  • Install ADK 10
  • Install MDT 2013
  • Install SQL Server 2014
  • Adjust SQL memory allocations (min/max)
  • Install WSUS server role and features
  • Install Configuration Manager
  • Install ConfigMgr Toolkit 2012 R2
  • and so on.

Since it was first posted, it went through about a dozen iterative “improvements” (translation: breaking it and fixing and improving and breaking and fixing, and repeat).

The very first iteration included the base build settings as well, such as naming the computer, assigning a static IPv4 address, DNS servers and gateway, join to an AD domain, etc.  But I decided to pull that part out into a separate gist script.

The main thing about this experiment that consumed the most time for me was:

  1. On-the-fly .INI construction for the SQL automated install
  2. On-the-fly .INI construction for the SCCM install
  3. On-the-fly SQL memory allocation configuration

Aside from the hard-coding of content sources (not included on this list), item 2 drove me nuts because I didn’t realize the “SA expiration” date property was required in the .INI file.  The amount of coffee I consumed in that 12 hour window would change my enamel coloring forever.  Chicks dig scars though, right?  Whatever.

Then came item 3.  I settled on the following chunk of code, which works…

$SQLMemMin = 8192
$SQLMemMax = 8192
...
write-output "info: configuring SQL server memory limits..."
write-output "info: minimum = $SQLMemMin"
write-output "info: maximum = $SQLMemMax"
try {
  [System.Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic') | Out-Null
  [System.Reflection.Assembly]::LoadWithPartialName('Microsoft.SqlServer.SMO') | out-null
  $SQLMemory = New-Object ('Microsoft.SqlServer.Management.Smo.Server') ("(local)")
  $SQLMemory.Configuration.MinServerMemory.ConfigValue = $SQLMemMin
  $SQLMemory.Configuration.MaxServerMemory.ConfigValue = $SQLMemMax
  $SQLMemory.Configuration.Alter()
  write-output "info: SQL memory limits have been configured."
}
catch {
  write-output "error: failed to modify SQL memory limits. Continuing..."
}

But there’s a few problems, or potential problems, with this approach…

  1. It’s ugly (to me anyway)
  2. The min and max values are static
  3. If you change this to use a calculated/derived value (reading WMI values) and use the 80% allocation rule, and the VM has dynamic memory, it goes sideways.

Example:

$mem = $(Get-WmiObject -Class Win32_ComputerSystem).TotalPhysicalMemory
$tmem = [math]::Round($mem/1024/1024,0)
...

I know that option 2 assumes a “bad practice” (dynamic memory), but it happens in the real world and I wanted to “cover all bases” with this lab experiment.  The problem that it causes is that the values returned from a WMI query can fluctuate along with the host memory allocation status, so the 80% value can be way off at times.

Regardless, forget all that blabber about static values and dynamic tragedy.  There’s a better way.  A MUCH better way.  Enter DBATools.  DBATools was the brainchild of Chrissy LeMaire, which is another name to add to any list that has Ola’s name on it. (side note: read Chrissy’s creds, pretty f-ing impressive). There are other routes to this as well, but I’ve found this one to be most user friendly for my needs. (Feel free to post better suggestions below, I welcome feedback!)

Install-Module dbatools
$sqlHost = "cm01.contoso.com"
$sqlmem = Test-DbaMaxMemory -SqlServer $sqlHost
if ($sqlmem.SqlMaxMB -gt $sqlmem.RecommendedMB) {
  Set-DbaMaxMemory -SqlServer $sqlHost -MaxMB $sqlmem.RecommendedMB
}

This is ONLY AN EXAMPLE, and contains an obvious flaw: I’m not injecting an explicit 80% derived value for the -MaxMB parameter.  However, this can be accomplished (assuming dynamic memory is not enabled) as follows…

Install-Module dbatools
$sqlHost = "cm01.contoso.com"
$sqlmem = Test-DbaMaxMemory -SqlServer $sqlHost
$totalMem = $sqlmem.TotalMB
$newMax = $totalMem * 0.8
if ($sqlmem.SqlMaxMB -ne $newMax) {
  Set-DbaMaxMemory -SqlServer $sqlHost -MaxMB $newMax
}

Here’s the code execution results from my lab…

sqlmemory2

You might have surmised that this was executed on a machine which has dynamic memory enabled, which is correct.  The Hyper-V guest VM configuration is questionable…

hyperv_setup1.png

This is one of the reasons I opted for static values in the original script.

Thoughts / Conclusions

Some possible workarounds for this mess would be trying to detect dynamic memory (from within the guest machine) which might be difficult, or insist on a declarative static memory assignment.

Another twist to all of this, and one reason I kind of shelved the whole experiment, was a conversation with other engineers regarding the use of other automation/sequencing tools like PowerShell DSC, Ansible, and Terraform.

The final takeaway of this is to try and revisit any projects/code which are still in use, to apply newer approaches when it makes sense.  If that means shorter code, improved security and performance, more capabilities, greater abstraction/generalization (for reuse), or whatever, it’s good to bring newer ideas to bear on older tools.  In this example, it was just replacing a big chunk of raw .NET reflection code with cleaner and more efficient PowerShell module code.  Backing out 10,000 feet, the entire gist could be replaced with something more efficient.

More Information

DBATools – twitterslackyoutubegithub

Ola Hallengren – web  (Ola doesn’t tweet much, yet)

My Twitter list of super awesometacular increditastical techno-uber genius folks – HERE

Back to my coffee.  I hope you enjoyed reading this!  Please post comments, thoughts, criticisms, stupid jokes, or winning lottery numbers below.  If nothing else, please rate this article using the stars above? – Thank you!