Let’s add some SCCM right click actions for 1E’s NightWatchman too!

There are 1E wake up action already for turning machines on, however there maybe also sometimes the need to turn machines off on demand (or restart, or sleep).
Thanks to the easy expandability of SCCM it’s not all that hard to do so.

First we need an XML file that defines the action we want to take. I have named this XML 1ENightWatchman.xml
Next we need to have some kind of provider. I did this as a script as I feel it allows people to take my work and expand on it as needed – even if I may have lost interest.
The provider is called 1ENighWatchmanProvider.vbs – Yes, I am THAT creative :)

Now we need to find these files the appropriate home.
The XML file MUST reside in these folders for the SCCM console to parse:
First browse to this folder <Your SCCM Folder>\AdminUI\XmlStorage\Extensions\Actions
Here you will find folders that seem to be named at random – but not so. These are the GUID of the exposed SCCM objects. We are interested in the following:

Single Machine Actions: 7ba8bf44-2344-4035-bdb4-16630291dcf6
First-level collections: fa922e1a-6add-477f-b70e-9a164f3b11a2
Sub Collections: dbb315c3-1d8b-4e6a-a7b1-db8246890f59
Collection instance. Details pane: f91c082d-bb83-44db-8ab9-907607b1dc44

Simply copy the 1ENightWatchman.xml into all 4 of these folders, provided you want to have single machine and collection based actions.
(I am most definitely not taking responsibility if you send out a FORCE shutdown to “All Systems” collection by accident!)

Also copy 1ENighWatchmanProvider.vbs into <Your SCCM Folder>\AdminUI\XmlStorage\Tools (This folder may need to be created)

How it works:
The provider will make WMI connections and starts the Nightwatchman.exe ( CMD interface of NightWatchman Client) on the remote machine and sets the defined action.
This means the account running the SCCM Console would need to be a local admin on the target machines. The Nightwatchman.exe can actually also make remote connections natively,
however I found the WMI approach gives better flexibility.

Code flow:
1.)First it makes sure the target machine is actually on (ping able). For speed purpose this is done asynchronous in WMI, otherwise each machine that is Off or behind a firewall would cause a 2-3 seconds delay!
2.)Next it will connect to the machine via WMI and read the Nightwatchman folder from the registry in case it’s not in C:\Program Files. We also determine at this point if we are dealing with a 5.6 or a 6.0 or even a x64 flavor of these.
3.)Because we are using the OnceOff command, the script now determines the local time on the target machine so we can execute the OnceOff on the next full minute mark.
4.)Now it will execute the selected command. Since we are using OnceOff for this purpose, the command will not be executed right away but with a slight delay (2-62 Seconds).
5.) Now we create a reporting popup that shows which machine failed at which point for which reason. You can copy paste this into an excel if you are so inclined.

Let’s Add additional Commands!
Great – every environment’s needs is a bit different, so I’ve made it easy so that it can be done by editing the XML file only.
Simply copy any of the existing ActionDescription whole XML tags and add/change the command and description. Note any change in the XML file require a restart of the SCCM console to take effect.

Ok, Let’s add for example a passive Shutdown – great way to ensure you’re not shutting down the bosses computer while he’s still logged in :) Adding bold for emphasis.

<ActionDescription DisplayName="Shutdown System Passively" MnemonicDisplayName="Shutdown System Passively " Description="Shutdown System only if no one is logged in">
<Parameters>..\XmlStorage\Tools\NWMOnceOffProvider.vbs /OnceOff:YES /ShutdownAction:POWEROFF /LogOffAction:PASSIVE /countdownsecs:5 /TargetName:##SUB:Name## /TargetColl:##SUB:CollectionID## /Namespace:\\##SUB:__Server##\##SUB:__Namespace##</Parameters>

Known issues
Machines with 1E NightWatchman installed but unlicensed will still return a success message.

Planned improvements:
Add support to display a custom message to the end user. i.e “Admin Ben is restarting this machine in order to Apply Windows 7 SP1.”

First, while I work for 1E this is not a “1E Expansion” and has been created in my spare time, so don’t start sending support tickets if this tool does not work. I’ll support it on this blog or the myitforum only and you use this at your own risk.
Thanks to chiners_68 and msilva597 for the testing and having the patience to actually see it through, and now SHUT IT DOWN! <<< Download link.


Your windows 2003/2008 dhcp server will only listen on one ip per nic

Yes, there are known issues with Firewalls, DHCP Server not authorized  or Scope not activated or simply the broadcast not reaching the server.

A lesser known issue is that per NIC you can effectively only have one Scope and it must be a scope that contains the first IP address of the NIC.
Easy to verify the first IP address, it’s the one listed on top of the IP addresses in the IP Settings Tab.

Another good check is via the DHCP servers bindings:

If your scope does not contain any of these IP addresses and you are not using DHCP Relay Agents, it will never give out an offer for it.
I did not find an easier way to change the order of IP addresses then  re-add all of them.

You can do a quick test with portqry.exe (Windows Support Tools):
portqry -n -e 67 -p UDP

From the IP address example above:
First IP:

Attempting to resolve IP address to a name…
IP address resolved to REG-DC2.reg.intra
UDP port 67 (bootps service): LISTENING or FILTERED

Now the Additional IP:

Attempting to resolve IP address to a name…
IP address resolved to REG-DC2.reg.intra
UDP port 67 (bootps service): NOT LISTENING

You can see the DHCP server is not listing on this port and IP.
If I was to create only the scope it would appear to me like my DHCP server was not working at all, I would be able to capture the traffic using
Wireshark/Netmon and see the DHCP Discover broadcast, but no offer from my Server.
If I now create the additional scope, all my clients would receive a lease from that scope and would remain dead.

Tested on both Windows 2003 and 2008 but all the screenshot are from 2003.

The first few steps – What will this be about

This is a Tech blog! I don’t want to make it too broad, but it will mostly be about these topics:
WMI, Scripting, T-SQL, SSRS, SCCM. I will probably also cover topics related to my employer 1E at some point – but the focus is on building things, or troubleshoot existing things if I encounter particular interesting ones :)

The blogs name comes from Fully Parameterized, which to me means a tool/framework that can be easily adapted to do different tasks without having to rewrite everything.

I am Reto Egeter, and this will now be the start, and let’s see where it will take me.