How can SCCM be automatically adding computers to an existing collection RRS feed

  • Question

  • I have a Vista Deployment collection set up in SCCM 2007 R2.  I only have one computer in the collection and in the Membership rules, it's the only things listed and is marked as type "direct".  I have no other rules set up for this collection.

    This collection advertises a vista image.  For some odd reason, every few mornings we're coming in and 1 or 2 more computers are in the collection and we're having vista deployed to our production computers without anyone admitting to directly adding the computer to the collection.  Is there any way that these computers can be somehow automatically being pushed to this collection without membership rules that pull the computers in?
    Thursday, May 7, 2009 4:53 PM


All replies

  • I have found the following message while looking at our audit logs:

    User "NT AUTHORITY\SYSTEM" modified the Collection Properties for a collection named "Vista Deployment Collection" (CYP00011).

    What triggered this to happen?  Any ideas? 
    Thursday, May 7, 2009 5:04 PM
  • There's no built-in mechanism that would do that.
    What happens exactly? Are there 1 - 2 direct membership rules added? Is there a script or webservice running that would add computers?
    Friday, May 8, 2009 7:32 AM
  • There is one direct membership rule added.  It is a simple direct membership System Rule where the Computer Name is 'DEVBUILD'.

    We have no script or web services running that would add any computers.  Is there any specific location I could check to verify this?  As I had stated in my last post, there is a log entry that states:

    User "NT AUTHORITY\SYSTEM" modified the Collection Properties for a collection named "Vista Deployment Collection" (CYP00011).

    This indicates to me that it wasn't done manually by anyone, but that the system generated this new rule somewhere.  I just cannot figure out where it is.  It's a clean system, just installed last week and so far I'm the only person that has made any modifications to it.  I am not an expert with SCCM so I don't even know how to create any scripts or web services that run against SCCM to do anything like this.

    In the meantime, I've removed the advertisements to this collection so even if this happens again, it won't have any affect on live computers.  This is not the first time it happened though.  On Tuesday morning of this week, we had a computer within the IT department (called CYDEV008) added to the collection by the same "NT AUTHORITY/SYSTEM" account.  Yesterday morning there were two more added (CYPROD345 and CYPROD567A) - all with the same log entry as above.  These computer names are not even similar to the computer name specified in the Direct Membership rule.
    Friday, May 8, 2009 5:07 PM
  • "NT AUTHORITY\SYSTEM" could be something that is running as a scheduled task for example. Is MDT (Microsoft Deployment Toolkit) also installed somewhere?
    Saturday, May 9, 2009 11:56 AM
  • MDT AND WSUS are installed on the same server that SCCM is running on.  I've checked everything in the MDT Deployment Workbench and nothing is configured to do anything.  The OS, Applicaitons, OS Packages, Drivers, and Task Sequences nodes are all empty.  The Deploy node doesn't have a DB set up at all.

    I spent another hour looking into this on Friday evening and can still come up with nothing that would point me in the right direction on this.
    Monday, May 11, 2009 1:51 PM
  • Another computer was added to the collection automatically on Saturday morning - just indicates that the problem still does exist.
    Monday, May 11, 2009 1:53 PM
  • Monday, May 11, 2009 2:36 PM
  • It looks like this may be the case.  I have the PXEFilter.vbs set up as per instructions.  The Vista Deployment Collection referred to earlier in this thread is the collection the my PXEFilter.vbs is pointed to.  So, my question is, does the PXEFilter.vbs even need to be set up?  If a computer outside the Vista Deployment Collection is PXE booted, I want nothing to happen - I don't want the computer to be added to the Vista deployment collection nor do I want any advertisements to be pushed to this computer.  I simply want the PXE boot to abort and continue loading like normal. 

    If the PXEFilter.vbs is needed, how do I configure it to perform how I want?  Can I simply remove (or REM out) the section that adds the computer to the specified collection or would this cause problems?  Basically, I think what I'd want is something like:
    '// If necessary, add the computer to the specified collection
    If Not bFound then
         Exit Function
    End If
    Monday, May 11, 2009 3:11 PM