How do I get more than 2000 results in a query ?

How do I get more than 2000 results in my WQL queries ?

To set the amount of results returned in Configuration Manager you can right click and choose properties on the Query Object. This is a new method instead of doing it via changes in the Registry like in the previous versions.

1. Right click and choose properties.

2. Type in your preferred value and press OK.

Why doesn’t my AI Sync Point download content from system Center Online ?

If you wonder why your Sync point doesn’t download any contents from the System Center Online it is because the SP1 has the same version as the current version published so until then no new downloads. More on the issue will be found here.

SQL Report on all BackupExec agents with version

select SYS.Netbios_Name0, SF.FileName, SF.FileDescription, SF.FileVersion, SF.FileSize, SF.FileModifiedDate, SF.FilePath

From v_GS_SoftwareFile SF

join v_R_System SYS on SYS.ResourceID = SF.ResourceID

Where SF.FileName LIKE ‘beremote.exe’

ORDER BY SYS.Netbios_Name0

Find computers without a certain file with a subselect query.

In this case I want to query all system that doesn’t have the vpc32.exe file to identify computer that doesn’t have a Symantec Antivirus installed. The following query is a subselect query. You can easily replace the “exe” file name with the one you need.

select distinct SMS_R_System.Name, SMS_R_System.ADSiteName, SMS_R_System.IPAddresses from  SMS_R_System where SMS_R_System.Name not in (select distinct SMS_R_System.Name from  SMS_R_System inner join SMS_G_System_SoftwareFile on SMS_G_System_SoftwareFile.ResourceID = SMS_R_System.ResourceId where SMS_G_System_SoftwareFile.FileName = “vpc32.exe”)

v_HS vs v_GS

What is v_HS and v_GS when looking in the SMS/Configuration Manager database ?

First of all they are predefined views and v_HS contains Historical Data from inventory while v_GS contains the actual data from inventory.

So when you would like to compare data for an example if something has changed with the RAM of a computer you use these two.

An example could be Garths sql query on RAM changes.

SELECT Distinct

v_GS_COMPUTER_SYSTEM.Name0 AS ‘PC Name’,

v_GS_X86_PC_MEMORY.TotalPhysicalMemory0 as ‘Current RAM’,

v_HS_X86_PC_MEMORY.TotalPhysicalMemory0 as ‘Past RAM’

FROM

v_GS_COMPUTER_SYSTEM v_GS_COMPUTER_SYSTEM,

v_GS_X86_PC_MEMORY v_GS_X86_PC_MEMORY,

v_HS_X86_PC_MEMORY v_HS_X86_PC_MEMORY

WHERE

v_HS_X86_PC_MEMORY.ResourceID = v_GS_X86_PC_MEMORY.ResourceID

AND v_GS_COMPUTER_SYSTEM.ResourceID = v_GS_X86_PC_MEMORY.ResourceID

AND v_GS_COMPUTER_SYSTEM.ResourceID = v_HS_X86_PC_MEMORY.ResourceID

AND v_HS_X86_PC_MEMORY.TotalPhysicalMemory0 <> v_GS_X86_PC_MEMORY.TotalPhysicalMemory0

Identifying “spyware” with SMS or Configuration Manager

Some of you might think dont you use an antivirus to do this ? Well yes you might but SMS or Configuration Manager might help with this as well.

This query first came to me through the myITforum mailing list and after that I have added my own modifications to it. There are also some games etc in this list that may be legitimated in your environment. There are may also be some false positives as we are looking for expressions like sniff and loader etc.

NOTE: This is not something to replace spyware protection its just a method to help you identify spyware, as most of us know spyware generates exe files randomly which will give us a hard time but at least this will give you an idea of what you can do to identify spyware or other unwanted software in your environment.

select
all RSYS.Name0 AS ‘Computer’,
RSYS.User_Name0 As ‘Last User ID’,
SF.FileName As ‘File Name’,
SF.FileDescription As ‘File Description’,
SF.FilePath As ‘File Path’,
SF.FileSize As ‘File Size’,
SF.FileVersion As ‘File Version’
from
V_R_SYSTEM RSYS
LEFT OUTER JOIN V_GS_SoftwareFile SF ON RSYS.ResourceID = SF.ResourceID
where
(
SF.FileName IN
(
‘nc.exe’, — Netcat
‘hamachi.exe’, — Hamachi
‘wow.exe’, — Warcraft
‘_DLL.exe’, — Troj_Bagle.AC Trojan
‘ARR.exe’,  — Dial-up Hijacker – high cost toll number
‘asart.exe’, — ?
‘av.exe’,   — W32.Alphx.Word.A Virus
‘BackWeb.exe’,  — Spyware – BackWeb Technologies
‘Bargains.exe’,  — BargainBuddy – Adware/Spyware
‘BELT.exe’,   — Spyware – SearchV.com
‘Bling.exe’,  –  W32.SDBot-OH.Worm
‘BLSS.exe’,  — Spyware – CBlaster Trojan
‘Bootconf.exe’,  — Sypware – Homepage Hijacker
‘BonziBdy.exe’,  — Spyware
‘botzor.exe’,  — W32.ZOTOB.Worm
‘BPC.exe’,  — Spyware – Grokster
‘Bundle.exe’,  — Adware.SAHAgent
‘businessbg0002.exe’,  — Spyware – ?
‘cmesys.exe’,  — Adware.W32.Claria
‘crafty.exe’,   — ?
‘CFD.exe’,  — Spyware – Motive Cleint Foudation
‘csm.exe’,  — W32.ZOTOB.B Worm
‘Datemanager.exe’,  — Pop-Ups via Gator
‘DIVX.exe’,  — MASTAK Virus or NALDEM Trojan
‘DPPS2.exe’,  — Don’t Panic! Pop-up blocker – Spyware
‘DSSagent.exe’,  — Adware – Broderbund – Spyware?
‘eanthology.exe’,   — eAcceleration Software Station – Spyware?
‘EditSRV.exe’,  — Spyware – Email_Update.exe
‘email_Update.exe’,  — StopSign Email Scanner – eAcceleration Software – Spyware?
‘EMSW.exe’,  — Spyware – Alset Inc.
‘Gator.exe’,  — Adware.W32.Claria
‘gmt.exe’,  — Adware.W32.Claria
‘haha.exe’,  — Myet Trojan
‘Hbinst.exe’,  — Spyware – HotBar
‘HBSRV.exe’,  — Spyware – HotBar
‘Hotbar.exe’,  — Spyware – HotBar
‘HXDL.exe’,  — HXDL Spyware – Gator
‘HXIUL.exe’,  — Adware – HelpExpress – Alset Inc.
‘IDHost.exe’,  — Topicks Spyware
‘IEDll.exe’,  — Homepage Hijacker
‘IEDriver.exe’, — Peer-To-Peer File Sharing
‘INFUS.exe’,  — Dial-up Hijacker – high cost toll number
‘InfWin.exe’,  — MSView Parasite
‘INTDEL.exe’,  — Adware – Pop-ups
‘ISTSVC.exe’,  — Spyware – Integrated Search Technologies
‘KeenValue.exe’,  — Spyware – Gator
‘loader.exe’,   — Backdoor.Prorat Virus
‘lol.exe’,  — W32.HLLW.Rackus Virus
‘Lspmonitor.exe’, — Spyware – StopSign
‘mapisvc32.exe’,   — KX Virus
‘MD.exe’,  — System MD Virus
‘MDie.exe’,  — Backdoor.Win32.Rbot.Gen Virus
‘MemoryMeter.exe’,   — Grokster Peer-To-Peer File Sharing Suite
‘MFIN32.exe’,  — Adware – MyFreeInternet Update
‘MMod.exe’,  — Adware.W32.EarnBundleWare
‘MOStat.exe’,  — Spyware – Wurld Media
‘mousebm.exe’,  — W32.ESBot Virus
‘mousemm.exe’,  — W32.ESBot.A Virus
‘MSBB.exe’,   — Adware.W32.BargainBuddy – 180Solutions
‘MSCache.exe’,  — Spyware – Integrated Search Technologies
‘MSCMan.exe’,  — Spyware – Odysseus Marketing
‘msdefr.exe’,  — Spybot Worm
‘MSMACROPROTXZ.exe’,  — Spybot Worm
‘MSMGT.exe’,   — Spyware – Total Velocity
‘MSSVR.exe’,  — Spyware – 2020DownLoader – 2020 Internet Search Toolbar
‘MSUpdater.exe’,   — TrojanDownLoader.Win32.WinShow Trojan
‘MWSOEMON.exe’,  — MyWebSearch Toolbar
‘mwsvm.exe’,   — Adware – Adw.ScanPortAL.A
‘Nail.exe’,  — Trojan.Win32.Stervis.B Trojan
‘nb32ext2.exe’,  — MyDoom.BV worm
‘nbmanager.exe’,   — Spyware – eAnthology
‘netbutler.exe’,   — ?
‘onsrvr.exe’,  — Spyware – OnWebMedia
‘PC32.exe’,  –  Mastak Virus
‘per.exe’,  — Worm.ZOTOB.C Virus
‘PGMonitr.exe’,  — Adware.W32.DelFin
‘PowerScan.exe’,  — Adware.W32.PowerScan
‘PRMVR.exe’,  — Spyware – Adtomi.com
‘pnpsrv.exe’,   — W32.SDBOT.Worm Virus
‘Precisiontime.exe’,  — Adware.W32.ClariaPrecision
‘PrizeSurfer.exe’,– Spyware – PrizeSurfer
‘Prmt.exe’,  — Spyware – OpiStat
‘RAY.exe’,  — Homepage Hijacker
‘RB32.exe’,  –  Adware.W32.RapicBlaster
‘RCSync.exe’,  –  Spyware – PrizeSurfer
‘Run32DLL.exe’,  — Key Recorder – Screen Capture – PAL PC Spy
‘SAHAgent.exe’,  — Adware.W32.CyDoor – CyDoor Desktop Media
‘savenow.exe’,  — Coupons – WhenU.com
‘SBHC.exe’,   — IE Plugin – GIGATech Software
‘ShowBehind.exe’,  — Adware – MicroSmarts Enterprise
‘SLMSS.exe’,   — Spyware – 2nd Thourgh by CPM Media
‘SRNG.exe’,  — Spyware – Search Hijacker
‘STCLoader.exe’,   –  Spyware – 2nd Thourgh by CPM Media
‘SUSP.exe’,  — Spyware – ABetterInternet
‘SVCINIT.exe’,   — Backdoor.Sinit Trojan
‘svnlitup32.exe’,  — Worm.RBOT.CBJ
‘syscpy.exe’,   — Backdoor.Hogle Trojan
‘Systesm32.exe’,  — Spyware – Bling.exe
‘thefourthcoming.exe’,  — ?
‘Trickler.exe’,  — Spyware – Gator GAIN (Gator Advertising and Info Network)
‘TSADBot.exe’,  — Adware
‘TVMD.exe’,   — Spyware
‘TVTMD.exe’,  — Spyware
‘UCMWESKU.exe’, — ?
‘Updates32.exe’,  — Spyware – Bling.exe
‘uptodate.exe’,  — Adware – BrowserPal
‘veloz.exe’,   — StopSign Email Scanner – eAcceleration Software
‘velozsys.exe’,   — StopSign Email Scanner – eAcceleration Software
‘Weather.exe’,  — Adware
‘webcel.exe’,   — eAcceleration Software – Spyware – ?
‘WebDev.exe’,  — ?
‘Win32US.exe’,  — Dial-up Hijacker – high cost toll number
‘WinActive.exe’,  — Homepage Hijacker
‘windrg32.exe’,  — W32.ZOTOB.D Worm
‘WinMain.exe’,  — Trojan.KonDeli
‘WinNet.exe’,  –  Adware/Spyware – CommonName I.E. Search
‘winpnp.exe’,  — W32.SDBOT.Worm
‘WinServN.exe’,  — Adware.W32.PurityScan – ClickSpring LLC
‘WinStart.exe’,  — Homepage Hijacker – iGetNet
‘WinStart001.exe’,  — Adware
‘wintbp.exe’,  — W32.ZOTOB.E Worm
‘wintbpx.exe’,  –  W32.BOZORI.Worm.B
‘WNAD.exe’,  — Spyware – TwistedHumor.com
‘wpa.exe’,  — ESBOT Worm
‘ygpmrgsb.exe’,  — ?
‘zeus.exe’,   — Zeus:Master of Olympus game
‘zmanager.exe’  — Spyware – eAcceleration
)
)
OR
SF.FileDescription like ‘%doom%’ OR — DOOM Game
SF.FileDescription like ‘%GNUTE%’ OR  –  MP3 Resources
SF.FileDescription like ‘%l0pht%’OR   — Password cracker
SF.FileDescription like ‘Lime%’ OR   — Peer-to-Peer file sharing
SF.FileDescription like ‘%nuke%’ OR  — DOOM Game
SF.FileDescription like ‘%orafice%’ OR — Keystroke mapper
SF.FileDescription like ‘%sniff%’ OR — Network sniffer
SF.FileDescription like ‘%unreal%’ OR — Games
SF.FileDescription like ‘%warcraft%’ OR — Games
SF.FileName like ‘%as-101%’ OR
SF.FileName like ‘%babylon%’ OR
SF.FileName like ‘%bearshare%’ OR
SF.FileName like ‘%bindery%’ OR
SF.FileName like ‘%bindin%’ OR
SF.FileName like ‘%bo2k%’ OR
SF.FileName like ‘%chknull%’ OR
SF.FileName like ‘%Cracker%’ OR — Password cracker
SF.FileName like ‘%Craserv%’ OR
SF.FileName like ‘%doom%’ OR — DOOM game
SF.FileName like ‘%EbatesMoeMoney%’ OR — Spyware
SF.FileName like ‘%expolit%’ OR
SF.FileName like ‘gator%’ OR   — Gator Spyware/Adware
SF.FileName like ‘%getadmin%’ OR
SF.FileName like ‘%gnucleus%’ OR
SF.FileName like ‘%GNUTE%’ OR –  MP3 Resources
SF.FileName like ‘%GROK%’ OR
SF.FileName like ‘%hack%’ OR — Password cracker
SF.FileName like ‘%hotbar%’ OR — IE Toolbar – Spyware/Adware
SF.FileName like ‘%kazaa%’ OR   –  Peer-to-Peer file sharing
SF.FileName like ‘keygen%’OR  — Password cracker
SF.FileName like ‘%l0phtcrack%’ OR — Password cracker
SF.FileName like ‘%lc252install%’ OR   — Password cracker
SF.FileName like ‘%LIME%’ OR   — Peer-to-Peer file sharing
SF.FileName like ‘%morpheus%’ OR
SF.FileName like ‘%Napster%’ OR   — Peer-to-Peer file sharing – MP3 Resources
SF.FileName like ‘%nbsvr%’ OR
SF.FileName like ‘%nbtscan%’ OR
SF.FileName like ‘%ndssnoop%’ OR
SF.FileName like ‘%netbusr%’ OR
SF.FileName like ‘%nmapNT%’ OR
SF.FileName like ‘%nuke%’ OR   — DOOM Game
SF.FileName like ‘%nwpcrack%’ OR
SF.FileName like ‘%orafice%’ OR — Keaystroke mapper
SF.FileName like ‘%otglove%’ OR
SF.FileName like ‘%precisiontime%’ OR
SF.FileName like ‘%pwdump%’ OR  — Password cracker
SF.FileName like ‘%quake%’ OR –  DOOM game
SF.FileName like ‘%Retina%’ OR
SF.FileName like ‘%RFPoison%’ OR
SF.FileName like ‘%smbdie%’ OR
SF.FileName like ‘%smurf%’ OR
SF.FileName like ‘%unreal%’ OR
SF.FileName like ‘%XUPITER%’ OR
SF.FileName like ‘POPSRV%’

order by
RSYS.Name0

ENERGY STAR Power Management for System Center ConfigMgr 2007

As we are headed for more efficient energy usage and trying to save mother earth with more Green IT I would like to post this Desired Configuration Management Pack for Configuration Manager 2007. what it does is that it gives us an assessment if our computers are configured according to the ENERGY STAR defined standards.

Feature Summary
This Configuration Pack uses these ENERGY STAR defined efficiency levels and recommendations as follows:

• Have computers enter system standby or hibernate after 30 to 60 minutes of inactivity.
• Have monitors enter sleep mode after 5 to 20 minutes of inactivity.
• Create a warning notification if screen savers are not disabled. If one is enabled, the wait timeout period should be less than the monitor sleep setting.

This Configuration Pack applies only to desktop and notebook computers that are running Windows XP or Windows Vista operating systems.

More reading: http://www.microsoft.com/environment/campaign_energy_star.aspx

Download here: http://www.microsoft.com/downloads/details.aspx?FamilyId=C8324323-2159-4E49-988C-3505653EAA26&displaylang=en

Read forums offline ?

I guess its been a challenge for allot of us newsgroup addicts. As Microsoft started to use the new "Forums" for new releases. The Forums brings some benefits for people who wants to ask questions and get some help. But for people that respond to questions its not that beneficial. I dont want to be notified of every post someone responds to etc. What I rather want is offline capabilities. And last month a CTP of a offline forum reader was made available and if you would like to try it out please do so.

It has some prerequisites

• Windows Live Client SDK
• .NET Framework 3.5
• SQL 3.5 CE

The CTP of the client itself can be downloaded here.

Although I haven’t got this client to display the Configuration Manager Forums yet, but I wont give up so easy.