client

SCCM – Updated E-book SCCM Administration v3

Hi All, my updated SCCM e-book has finally been released. It took some time to write up and test. With 130 pages divided in 37 chapters, you’ll find lots of good info about starting with SCCM. And it is free… In this version, I removed Linux related topics, Updated Windows 10 to 1709, added sections for Cloud Management Gateway (CMG), Windows 10 Express updates, SCCM Data warehouse, Office 365 Installer, Windows 10 Update Readiness, Pending Reboot, updated some other section for SCCM 1710 and updated/added some powershell scripts To download, click here. let me know if you have any feedback

SCCM-Migrating form HTTP to HTTPS

Hi All, have you ever needed to migrate a SCCM 2012 (or Current Branch) environment from HTTP to HTTPS? if you have, you know that it is quite easy, but there are some challenges, when things go wrong, off course :)… The steps I normally take (and I hope I haven’t forgotten any :)) are: 1- Create the certificate Template (ConfigMgr Clients (if the workstation is not already in place), ConfigMgr IIS Servers and ConfigMgr DP Servers) 2- Request the certificates 3- on the IIS servers, change the bind to allow HTTPS port (default 443) and select the certificate 4- Export the Root CA (and any other CA) certificate and import it into SCCM. Note, do not force the SCCM to use PKI, instead, allow it to use HTTP or HTTPS.. 5- for each client, confirm that the Client Certificate is set to PKI (you can easily check the HKLM\Software\Microsoft\CCM\HttpsState…

SCCM-Windows Update 6.2.x on Windows 10?

Hi All, I have been reviewing a report I did for a customer where all Windows 10 machines were reporting Windows Update Agent 6.2.x. what caused my customer to send few people on few windows 10 machines and try to troubleshoot windows update issues where it did not exist. of course, after couple of hours/day, they realise this was a data issue instead of their environment issue. When I started to review, I looked at my lab and I had the same. Executing a query on fn_rbac_UpdateScanStatus, I saw all my windows 10 machines also reporting Windows Update Agent 6.2.x So something was wrong. but why? 1st step was to check if the files on the client where the correct version. if you want to know where I discovered which file to look, click here. As you can see, the file was with the windows 10 version…so I checked Powershell…

SCCM 2012 R2 and SP1 February 2015 anti-malware platform update for Endpoint Protection Clients

Players, If you’re on SCCM 2012 R2 or SP1, you’ll have noticed (depending on your WSUS sync schedule) a new version of SCEP that became available this week. We’re now on version 4.7.205.0 The update contains the following improvements: The following configuration settings are updated in the ADMX templates: DisableAutoExclusions SubmitSamplesConsent UILockdown Improvements to registry and file system protection to counter tampering from malware. Sub-mount points can be automatically excluded, and volumes can be fully excluded in Real time protection (RTP). This update also includes the deprecation of the DisableGenericReports subkey in the following registry location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Reporting NOTE: You need to be on at least CU1 of SCCM 2012 R2 or CU 5 for SCCM 2012 SP1. Please refer to this link (where I got the info from for this post) http://support.microsoft.com/kb/3036437 Enjoy Heinrich Pelser

SCCM 2012 R2 – KB2938441 – Cumulative Update 1

Hi All, Microsoft has just published the Cumulative Update 1 for System Center 2012 R2 Configuration Manager Information about this update can be found here and here 2938441: Description of Cumulative Update 1 for System Center 2012 R2 Configuration Manager 2932274: Description of PowerShell changes available in Cumulative Update 1 for System Center 2012 R2 Configuration Manager Also note a recent blog update on our servicing strategy to address some common customer questions. http://blogs.technet.com/b/configmgrteam/archive/2014/03/24/configuration-manager-servicing-update.aspx But now, how to install it? 1- Execute the CM12-R2CU1-KB2938441-X64-ENU.exe file you donwloaded and go to the Mirosoft License Terms. Click Accept and click Next 2- On the pre-requisites, click Next. 3- Select Install the update for the configuration manager console if not selected and click next 4- Select yes, update the site database and click next 5- leave all Deployment Assistance Options select and click Next. This basically means what packages are going to be…

SCCM 2012 – Updating SCCM client during TS

Hi All, for ages, i’ve being using a script to automatically populate the PATCH option of the SCCM client installation in a TS environment. the reason i’ve been using this script (if not clear for you), is the number of hotfixes and the allowed size of the text box on a TS… fortunately with SCCM 2012, the SCCM product group changed the way they di hotfixes and started to use Updates Rollup, meaning that you would not find the issue we’ve been experiencing on SCCM 2007. Even it is true, Microsoft had to release few updates out of the Update Rollup and people don’t know how to manage them in a Task Sequence as this has changed a bit. Fortunately (again), the script has been updates to SCCM 2012 (http://blogs.technet.com/b/deploymentguys/archive/2013/06/04/automatically-populate-the-patch-property-for-the-configmgr-client-installation-script-update.aspx) however, what happen if you don’t have the ZTIUtility.vbs or don’t want do the MDT integration? Well…you need to do…

SCCM 2012 – Cutomizing Windows lock screen

Hi All, today i’ll talk about how to customize the Windows Lock Screen as well as the user/guest picture via OS Deployment (read as Task Sequence) it is really easy. the way i do is always copy the files i need to have on the client machine after the apply os and before the setup windows using robocopy. if you want to know how to do this, check my post about robocopy and task sequence here anyway, the problem is simple, which file and copy where… there are 4 files responsible for the user picture as well as picture. yes, that picture you see when you log on to a machine while typing your username/password. These files (user.bmp, user.png, guest.bmp and guest.png) should be put under c:\ProgramData\Microsoft\User Account Pictures See here for more information Now that you customized the icon, this is what you’ll see when trying to log on…

Install Client action is disabled for unsupported value

Hi All, recently i was at a customer and noticed one event viewer quite annoying Level: Error Source: Critial EventID: 3 Data: Install Client action is disabled for unsupported value of ResoruceType, ClientType or Unknown The interesting thing was on the smsadminui.log [25, PID:5284][11/15/2013 09:55:18] :Install Client action is disabled for unsupported value of ResoruceType, ClientType or Unknown but why this was happening was not clear for me, until my fellow friend MVP Jason Sandys guesses that this would be when you right clicking on a resource in the console so that it knows whether or not to enable the install client option on the context menu. Because of the ribbon bar, it may happen on normal left click selection also. I went and checked this and for some reason it did no happened again, however, as i was doing some OS Deployment tests, i had a “Unknown” record and…

SCCM 2012 – Application Catalog & IE Enable Protected Mode

Hi All, recently i was at a customer site trying to request/install an Application via Application Catalog website and it was failing. if I select my devices, I see “This setting cannot be configured because of a network communication of a configuration problem” and looking at the ConfigMgrSoftwareCatalog.log, I see MySystemsPageView.DetermineIsPrimary-Error:Could not communicate with the client control properly. Error 0x1709. Debugging resource strings are unavailable. See http://go.microsoft.com/fwlink/?linkid=106663&Version=5.1.2093.0&File=mscorrc.dll&key=0x1709 0x80041003 Looking at the URL provided, i did not see anything, the website was actually returning “The definition of the resource id could not be found” and if you check the error 0x80041003, you’ll notice that it is Access denied, but why?!?! i checked everything and i was sure everything was configured properly. I went back to a test machine and started checking all IE security settings and noticed that the IE Enable Protected Mode for the security zone (in my case intranet)…

SCCM 2012 – Firewall for Remote Access

Hi All, SCCM gives you the ability to remote access to client machines. This is not new as this feature has been there for quite a while. Interesting is that SCCM gives you 3 options for remote access: 1- Remote Tools (Remote Control). This is a “SCCM feature” 2- Remote Assistance: This is a “Windows Feature” and what SCCM does is to set local GPO to allow/block access 3- Remote Desktop: This is also a “Windows Feature” and again, SCCM only set local GPO to allow/block access. What is really interesting here is what happen “behind” the scenes regarding firewall. When you open the client settings for remote access, the 1st option is to enable/disable and also configure the firewall. There are many people that think that once you enable, SCCM will enable the firewall for all 3 options..but unfortunately this does not happen. The only rule SCCM does manage…