Monthly Archives: December 2015

SCCM-Migrating form HTTP to HTTPS

Hi All, have you ever needed to migrate a SCCM 2012 (or Current Branch) environment from HTTP to HTTPS? if you have, you know that it is quite easy, but there are some challenges, when things go wrong, off course :)… The steps I normally take (and I hope I haven’t forgotten any :)) are: 1- Create the certificate Template (ConfigMgr Clients (if the workstation is not already in place), ConfigMgr IIS Servers and ConfigMgr DP Servers) 2- Request the certificates 3- on the IIS servers, change the bind to allow HTTPS port (default 443) and select the certificate 4- Export the Root CA (and any other CA) certificate and import it into SCCM. Note, do not force the SCCM to use PKI, instead, allow it to use HTTP or HTTPS.. 5- for each client, confirm that the Client Certificate is set to PKI (you can easily check the HKLM\Software\Microsoft\CCM\HttpsState…

SCCM-Deploying Office 365 via ConfigMgr

Hi All, while ago, Microsoft released the Office 365, and as you may know, office 365 is not just e-mail, it also has lots of features and services connected to it. Depending on the “flavour” (plan) that you are using (yes, there are lots of licensing stuff) you may get office and windows for “free”. Anyway, Microsoft had office 2013 that was available for companies and they had the files that we could install on our computer by just running the setup.exe. for an administrator, you also could use customizations (using the /adminfile) and customize the whole installation and user experience. But this had a problem, the user could only use office, after the setup had been done. Now, imagine a scenario where you have BYOD or mobile users, they connect to the network and open the Application Catalog (Software center, the new Software Center on CM build 1511 or…

SCCM-Upgrading 2012R2SP1CU2 to 1511

Hi All, today I upgraded my lab that was running SCCM 2012 R2 SP1 CU2 to 1511 build. these are my “notes from the field” 1- Download and Install KB3095113 (https://support.microsoft.com/en-us/kb/3095113) on all your WSUS/SUP Servers to add support for W10 via SUP 2- Download ADK for Windows 10 TH1 (http://download.microsoft.com/download/8/1/9/8197FEB9-FABE-48FD-A537-7D8709586715/adk/adksetup.exe). Make sure you download the TH1 version and not TH2 (for Windows 10 1511, and here is the why: http://blogs.technet.com/b/configmgrteam/archive/2015/11/20/issue-with-the-windows-adk-for-windows-10-version-1511.aspx) 3- Backup your USMT Windows 8.1 Folder 4- Backup your Boot Images 5- Uninstall ADK for Windows 8.1 6- Install ADK for Windows 10 (you only need to select Deployment Tools, Windows preinstallation Environment (Windows PE), Imagining And Configuration Designer (ICD), User State Migration Tool (USMT)) 7- Reboot server 8- If you have console installed on the site server, remove any 3rd party extensions (you should not have it anyway) 9- Download SCCM Build 1511 (it is available via…

SCCM-Installing Visual Studio Enterprise 2015

Hi All, last week I had a requirement from a customer to install Visual Studio 2015 with PowerShell option, automated for all their developers. So, I’ll share here the experience. 1- 1st, you need to create the adminfile.xml. This file will be used to customize the installation. To do this you need to run the installer (in my case vs_enterprise.exe) with /CreateAdminFile 2- once you have the xml file, open it on notepad and search for PowerShellToolsV1. where Selected=”no” change to Selected=”yes”. Note that i’m not talking about Yes, has to be yes. it is case sensitive. 3- the 3rd line, BundleCustomizations, change NoCacheOnlyMode, NoWeb, NoRefresh and SuppressRefreshPrompt to =”yes” (again, case sensitive) 4- open the xml via internet explorer, if IE cannot open or generates an error, there is a problem with the XML and the installation will fail 5- copy the xml file to a share folder (i’m…

SCCM-Running RBAC queries on SQL Mgmt

Hi All, SCCM 2012 R2 introduced the RBAC to reports, what I mean by that is that now, users will be only able to see what they have rights to see. This is done by the introduction of the @UserID parameter to the reports. This parameter is hidden, so you don’t even know that it is there. however, if you try to run a report query on a SQL Management Studio, it will not like. As workaround, you can change the @UserID for ‘disabled’ and it will not validate the security. More info at http://blogs.technet.com/b/configmgrdogs/archive/2014/07/14/creating-custom-rbac-enabled-reports-in-configmgr-2012-r2.aspx as you can imagine, it is really good, you can get any report query and change the @UserID for ‘disabled’ and test the query, or do the other way around, however, this is not good if you want really know what is returning is what it should return, is it? So, imagine an example: Query1:…