Remember to install KB3159706 to enable Windows 10 updates for WSUS

Remeber to install KB3159706 on any WSUS server standalone or System Center Configuration Manager Software Update Point to enable Windows 10 upgrades (and feature updates) that are released after May 1, 2016.

https://support.microsoft.com/en-us/kb/3159706

Please not that this update is not available for Server 2008 R2 or older.

PowerShell – SCCM/SCORCH track software update installations

I recently created a simple PowerShell script to track the software update installation process initiated by SCCM. WMI queries below will check if all available updates is installed.

This kind of logic is useful, if you want to do advanced automation of server patching with Configuration Manager and Orchestrator. And for example replace the @Get Deployment Status activity.” in orchestrator.

#CCM_SoftwareUpdate http://msdn.microsoft.com/en-us/library/jj155451.aspx #Created by Haavard Molland
$Computer = "PPATCH01"
#Count available updates
$updates = @(get-wmiobject -query "SELECT * FROM CCM_SoftwareUpdate" -namespace "ROOT\ccm\ClientSDK" -computer $Computer) | measure
#check for updates beeing installed
$WaitWhileInstalling = @(get-wmiobject -query "SELECT * FROM CCM_SoftwareUpdate WHERE EvaluationState = 6 or EvaluationState = 7" -namespace "ROOT\ccm\ClientSDK" -computer $Computer)
write-host $WaitWhileInstalling

#Wait for SCCM client to complete installation 
If(!$WaitWhileInstalling)  
{   
  $InstalledUpdates = @(get-wmiobject -query "SELECT * FROM CCM_SoftwareUpdate WHERE EvaluationState = 8 or EvaluationState = 9 or EvaluationState = 12" -namespace "ROOT\ccm\ClientSDK" -computer $Computer) | measure
  #Make sure installed updates equals available updates.
  If($InstalledUpdates.Count -eq $updates.count) {$AllUpdatesInstalled = "Yes"}
  write-host $AllUpdatesInstalled 
}

Tools of the Trade – Windows USB Download Tool

If you need a simple way to create a bootable Windows XP/Vista/7/8 USB memory stick. Microsoft has created a simple tool. It was created for Windows 7, but still does the trick 🙂

USB Download Tool

The tool will format your USB pen, make it bootable, then copy files from a specified .iso to the drive.

Get it here: http://www.microsoftstore.com/store/msusa/html/pbPage.Help_Win7_usbdvd_dwnTool

 

System Center Configuration Manager 2012 R2 SP1 CU1

System Center Configuration Manager 2012 R2 SP1 CU1 has been out for a couple of weeks. This update contains bug-fixes and new powershell cmdlets.

read more and download here: http://support.microsoft.com/kb/2817245/en-us

  • Add-CMDistributionPoint
  • Import-CMAntiMalwarePolicy
  • Import-CMDriver
  • New-CMAppVVirtualEnvironment
  • New-CMMigrationJob
  • New-CMPackage
  • New-CMSoftwareUpdateAutoDeploymentRule
  • New-CMTaskSequence
  • New-CMTaskSequenceMedia
  • New-CMUserDataAndProfileConfigurationItem
  • Set-CMApplicationCatalogWebsitePoint
  • Set-CMAppVVirtualEnvironment
  • Set-CMClientPushInstallation
  • Set-CMClientSetting
  • Set-CMDistributionPoint
  • Set-CMDriver
  • Set-CMEndpointProtectionPoint
  • Set-CMEnrollmentPoint
  • Set-CMEnrollmentProxyPoint
  • Set-CMHierarchySetting
  • Set-CMManagementPointComponent
  • Set-CMOperatingSystemImageUpdateSchedule
  • Set-CMOutOfBandManagementComponent
  • Set-CMReportingServicePoint
  • Set-CMSite
  • Set-CMSoftwareUpdateAutoDeploymentRule
  • Set-CMSoftwareUpdatePointComponent
  • Set-CMStateMigrationPoint
  • Set-CMStatusSummarizer
  • Set-CMSystemHealthValidatorPointComponent
  • Set-CMTaskSequence
  • Set-CMUserDataAndProfileConfigurationItem
  • Start-CMDistributionPointUpgrade

 

SC 2012 R2 Configuration Manager (Hotfix): Windows 8.1 deployment to Windows XP based clients fail.

There is still a lot of XP Clients around. Many Companies are doing “last minute” migrations these days. In System Center 2012, R2 Configuration Manager there is a bug that prevents you from deploying Windows 8.1 to a Windows XP-based computer.

Symptom:

Deployment fails, SMSTS.LOG show: “TSManager datetime 3048 (0x0BE8)”.

Solution:

Microsoft has released a hotfix, get it here: http://support.microsoft.com/kb/2910552

 

SCCM: MP has rejected the request because CD(SMSID = xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx) certificate has expired

This time I was working with a customer on a System Center Configuration Manager Update. The error message was: “MP has rejected the request because CD(SMSID = blablabla) certificate has expired. For a few minutes I had an idea that this could be a broken client (long day), this lead me into the SCCM database for troubleshooting.

ClientAuth.log showed error:

Client ‘cbc4f875-1194-401f-b979-890454806b5a’ is unknown or has an invalid key registered in the database.

Status Message Warning (SMS_MP_Control_Manager):

IMG1

The ”ClientKeyData” Table in the SCCM database contains information, about internal SCCM certificates like PXE but also self-signed client certificates.

I ran this SQL Query: “select SMSID,ValidUntil,AgentType from dbo.ClientKeyData” this returned the SMSID alerted in the Status Message. I also noticed that AgentType was set to 1, this seems to be 1 if it’s related to SCCM servers or roles.

IMG2

This lead me into the SCCM certificates, I found that one of the PXE certificates on a DP had expired. Easy fix but a backwards way to find out. Therefore, if you ever see this warning I recommend you to check the certificates node in the monitoring tab in SCCM first.

IMG3

Upgrading System Center 2012 Configuration Manager to R2

If you’re looking for a guide for upgrading your SCCM 2012 SP1 environment to R2. I recommend you to use Johan Arwidmarks: “A Geeks Guide for upgrading to ConfigMgr 2012 R2 and MDT 2013”. Great guide with useful Insights from the deployment master himself.

If you have a CAS, remember this: Start the process on the CAS and work your way down the hierarchy.

NB! (Recent experience)

After you have updated your CAS it needs to re-establish its site links. Expect some heavy replication.

You will get an error related to “Parent site replication status” on all primary sites. Wait until the site links are back up and running before you upgrade your primary sites (prereq check will stop you). In my experience, this can take 1-2 hours. Pay attention to CPU/Disk activity before proceeding with the upgrade.

Objreplmgr.log and replmgr.log is good logs to check out.

High Level steps:

  • Test the site database for upgrade
  • Uninstall ADK 8.0
  • Install ADK 8.1 (make sure to download the re-release, available on October 17, 2013)
  • Install ConfigMgr 2012 R2
  • Install MDT 2013
  • Post configuration (fix a few things like creating new boot images, new sequences, and possible fix network access account and PXE)

Read Johan’s blogpost here

NB! Additional resources.

SCCM 2012: Downgrade or re-install SQL Server.

Recently I came across a scenario where I needed to downgrade a SCCM SQL Server from Enterprise to Standard edition, due to licensing. (Only Std. edition is included with SCCM). Usually I like to leave the SQL alone. This process involves a uninstall/reinstall and a site recovery.

If you ever need to do this, here is the high-level steps:

  • Run a full SCCM Backup, by starting the “SMS_SITE_BACKUP” service manually. 

More info on backup: http://technet.microsoft.com/en-us/library/gg712697.aspx

  • Document SQL Server Service Pack, CU Level and Collation.
  • Follow this article to backup SQL users and permissions. (Step 1-4)http://support.microsoft.com/kb/918992
  • STOP the Configuration Manager Site with PREINST.exe /STOPSITE

  • Uninstall the SQL Server and Reporting Services (Enterprise edition.).
  • Reboot
  • Install SQL Server (Standard edition) and Reporting Services, then service packs and cumulative updates.
  • Attach the Configuration Manager and MDT Database to the new instance in SQL Server Management Studio.
  • Follow this article to restore SQL users and permissions. (Step 5)http://support.microsoft.com/kb/918992
  • Run SCCM SETUP from the original media.

Page 1: Recover a site

Page 2: Use a site database that has been manually recovered.

Page 3: Next.

Page 4: Recover primary site.

Page 5: Install the licensed edition of this product.

Page 6: Accept license terms.

Page 7: Accept license terms (SQL and Silverlight)

Page 8: Download files..

Page 9: Verify detected site server settings (site server, sitecode etc.)

Page 10: Verify database server info.

Page 11: Customer experience program (do what you want)

Page 12: Verify all settings in the summary.

Page 13: Wait while setup completes.

Page 14: Install CU or Hotfix if required, else close the window and reboot the server.

  • Celebrate. You are done.

Update Rollup 3 for System Center 2012 Configuration Manager Service Pack 1 is Available!

Update for Configuration Manager 2012 Sp1 is available.

This update adds support for Windows 8.1-based client computers in Microsoft System Center 2012 Configuration Manager Service Pack 1. Windows 8.1 is added to the supported platform list.

Download: http://support.microsoft.com/kb/2882125/en-us

If you are looking for Update Rollup 3 for System Center 2012 Service Pack 1 see the link below. A lot if issues is fixed in this update.

System Center 2012 R2, Upgrade Path

Soon, Microsoft will release System Center 2012 R2. I get a lot of questions regarding upgrade paths.

The upgrade path to any System Center 2012 R2 component (SCCM,SCOM,SCSM,SCORCH, SCVMM etc.) is:

System Center 2012 RTM > System Center 2012 SP1 > System Center 2012 R2.

Vote for an affordable alternative to MSDN subscriptions comparable to TechNet!

As you may know Microsoft is retiring the Technet Subscription. IT pro’s need access to Microsoft products other than trials, to be able to maintain the neccesary knowledge and provide the best service possible to Microsoft’s customers. The only comparable subscription (MSDN) costs $6120

Technet_MSDN

Sign the petition here

 

Tools of the trade: How to encode VBScripts

Once in a while you may need to create a vbscript. If you for some reason need to hide the code from a end-user there is an easy way to do this. Actually vbscript has it’s own encoder object built-in. The only thing you need to know is how to use it. This is not a bullet-proof solution because the script could be decoded.

Shawn Stugart has submitted  a sample script that does the encoding by drag and drop. Please visit the Technet Script Center and get it here: http://gallery.technet.microsoft.com/scriptcenter/16439c02-3296-4ec8-9134-6eb6fb599880

VBEncode

 

Tools of the trade: How to create Self-Extracting Archives with Windows

It’s a well hidden deployment secret that you can create self-extracting archives with Windows. Although 3’rd party software may give you some benefits, the IExpress tool in Windows usually has what you need. You can extract files and run commands, you can do post install commands, user prompts, license agreements, select run behavior, completion message and handle or require reboots.

You can launch IExpress from the command line or “run” (win+r) I have noticed that the tool works best when you run it as administrator.

1. Let’s say I want to create a new archive “MyApp”, this app has a install.vbs script that needs to be executed as part of the installation. I start the IExpress Wizard.

IEx1

2. I select the package purpose, I want to extract files and run an installation command.

IEx2

3. I name my package “My Demo App”

IEx3

4. In this case I do not want to prompt the user in any way.

 

IEx4

5. Neither to I have a license agreement.

IEx5

6. I then add the files I want included in my package. In this case I only add Install.vbs but usually you would want to add multiple files and folders.

IEx6

7. I specify the command line to launch after the package is extracted. Wscript.exe install.vbs

 

IEx7

8. I select “default” behaviour on the show window tab.

IEx8

 

 

9. I do not want any “completion message”.

IEx9

10. I select where to create the self-extracting archive and name of the .exe file.

IEx10

11. The package should only require a restart if it’s needed by my install.vbs script.

IEx11

 

12. If I wanted to I could save the steps (“Package definition”) in a file, this is a good idea If you need to update the package later on.

IEx12

13. I click next to create the package.

IEx13

 

 

14. “Your Package has been created, click Finish when you are ready to quit”

IEx14

Follow TechEd Europe Madrid Live!

If you are not one of the lucky ones attending TechEd…. Don’t worry, you can still follow the sessions online! Navigate to: http://channel9.msdn.com/Events/TechEd/Europe/2013#fbid=wipqIKVlFpz

SCCM 2012: Packages fail when using Stand-Alone media error: hr=0x87d01004

Recently I worked with a customer that has a SCCM 2012 setup configured with a Central Administration Site (CAS) and several primary sites connected.

When creating a “Stand-Alone” media on the CAS server, deployment of Packages failed with error: hr=0x87d01004. According to Microsoft this error occurs because the Software Distribution Agent is not enabled since the client has not yet received policy.

Read the official KB from Microsoft here: http://support.microsoft.com/kb/2716946

Greg Ramsey has written a blog post about this issue, explaining in details and presenting three solutions:

  • Create the stand-alone media at a Primary site instead of the Central Administration Site (CAS), or
  • Replace all “Install Software” TS Steps with “Run Command Line,”
  • Add a Run Command Line step to the task sequence after the Setup Windows       and Configuration with this WMI query:
WMIC /namespace:\\root\ccm\policy\machine\requestedconfig path ccm_SoftwareDistributionClientConfig CREATE ComponentName="Enable SWDist", Enabled="true", LockSettings="TRUE", PolicySource="local", PolicyVersion="1.0", SiteSettingsKey="1" /NOINTERACTIVE

Read Greg’s blog post here: http://gregramsey.net/tag/stand-alone-media-build/

Afraid of ADFS? here is a Quick Start Guide for Integrating a Single Forest AD with Azure AD

David Tesar has created a quick starte guide for integrating a single forest on-premises AD with Windows Azure AD. After completing this guide you will have federated your on-premises AD with Windows Azure AD. You will get single sign-on capatibillities to users of Windows Azure AD such as Office 365 and Windows Intune.

Get it here:  http://social.technet.microsoft.com/wiki/contents/articles/16226.quick-start-guide-for-integrating-a-single-forest-on-premises-active-directory-with-windows-azure-ad.aspx

SCCM 2012: Intune Connector and Windows RT, Lessons learned!

To get it working you can follow the official documentation: http://technet.microsoft.com/en-us/library/2c6bd0e5-d436-41c8-bf38-30152d76be10#BKMK_RTcert

For more information on how to enroll and sideload keys for APP Deployment, Simons May has created a great video: http://www.youtube.com/watch?feature=player_embedded&v=KFpaUSWAv9U#!

Before I got things working I learned a couple of lessons:

  1. Do not install DirSync on the SCCM server. (It broke my management point)
  2. Make sure the username of your Intune enabled users is synchronized by DirSync and is the same as discovered in SCCM. If it’s not you will not be allowed to enroll your device.
  3. For Windows Phone you need a Symantec Code Signing certificate. But for Windows RT it’s not an absolute requirement. If you have an internal PKI solution you can create your own.

SCCM: How to exclude collections in CM07 queries.

In System Center 2012 Configuration Manager you can create “Exclude Collection” rules. This can be useful if you have a query based collection but want to exclude members of another collection.

Example: You have a collection (A) containing all computers with an application installed, then you need to create a new collection (B) containing all computers where the application is missing. To achieve this you can create a dynamic rule listing all computers in your environment and a second “Exclude Collection” rule excluding all members of the collection (A). As a result collection (B) will only contain clients where the application is missing.

If you for some reason still are using System Center Configuration Manager 2007 (and for some reason cannot migrate to CM2012), you can achieve the same by modifying your query.

Add the following to your Query (marked in red), J0100249 is the “Collection id”: Select SMS_R_System.Name from  SMS_R_System where SMS_R_System.ResourceId not in (select ResourceID from SMS_CM_RES_COLL_J0100249)

Exclude1 Exclude2

System Center 2012: The order in witch you upgrade System Center 2012 components is very important.

“In an environment that includes two or more components of Microsoft System Center 2012, the order in which you upgrade those components to System Center 2012 Service Pack 1 (SP1) is very important.”

Personally I recommend using this order also for cumulative updates and update rollups.

Upgrade Path

Read more here: http://technet.microsoft.com/en-us/library/jj628203.aspx

System Center Online Community Resources

Looking for Microsoft Team Blogs, System Center MVPs, Twitter handles, System Center User Groups or Online communities? Chances are you will find it here:

http://social.technet.microsoft.com/wiki/contents/articles/11504.how-to-participate-in-the-system-center-community.aspx

 

SCCM 2012: Why don’t you just reboot?

Over the years the Windows operating system have become more stable. Together with hibernation features our users really don’t have to reboot as often as we want. A common practice to “not disturb” our users is to suppress reboot’s at any cost. It feels good in the beginning but pretty soon it becomes a problem. The result is computers stuck with “pending reboots” preventing us from installing new software, and the even bigger issue, as many software updates installs on reboot, we suddenly struggle getting our clients compliant.

Kent Agerlund@Coretech have blogged a about this, and published a great tool that will help you control reboot’s on client. Only reminding users on computers that have not rebooted within a specified timeframe:

Quote from Kent:

“If you do not force a computer restart you might face problems like:

  • Non-compliant computers
  • Computers being in reboot pending mode which might prevent them from installing new software and software updates

If you do force a restart you might face problems like:

  • Very unhappy users
  • Scenarios where you restart while the end-user is using the computer for a demo or presentation
  • End-users calling Servicedesk and complaining about a virus that’s shutting down their computer
  • Restarting computers that are already compliant”

Read the post and download the tool: http://blog.coretech.dk/kea/configuration-manager-shutdown-utility/

MMS 2013: View sessions online

If you are not one of the lucky ones attending MMS 2013 …. Don’t worry, you can still follow the sessions online!

“The Microsoft Management Summit (MMS) brings together the brightest IT professionals from around the world to increase their technical expertise through an intensive week of training led by experts in desktop, device management, datacenter, and cloud technologies.”

http://channel9.msdn.com/Events/MMS/2013

HP Client Integration Kit (CIK) for MS System Center Configuration Manager 2012 SP1

HP is introducing the HP Client Integration Kit (CIK) for MS System Center
Configuration Manager 2012 SP1 to enhance and simply aspects of the OS
deployment process for HP Client PCs (desktops, notebooks, and workstations).
The CIK will be available for download in June, 2013, free of charge.

http://h30507.www3.hp.com/t5/Converged-Infrastructure/How-HP-Client-Integration-Kit-simplifies-client-management-for/ba-p/135167

 

SCCM 2012: EndPoint Protection fails to install on Windows 8

If you find SC 2012 EndPoint Protection fail to install on Windows 8, it may be because of a registry key missing. Troubleshooting a Windows 8 Client I read trough C:\windows\ccm\logs\EndpointProtectionAgent.log I found this error

“Failed to get EP event message under registry key SOFTWARE\Microsoft\CCM\EPAgent”

EndPointError1

As a temporary solution I created an empty package with a program running command line: reg add “HKLM\SOFTWARE\Microsoft\Microsoft Security Client” and deployed this program to my Windows 8 Clients.

EndPointError2

Deployment: Office 2013 Silent installation.

You can configure a silent installation (unattended installation) of the MSI-based version of Office 2013 by using the Config.xml file or the Office Customization Tool (OCT). The Config.xml file is used to configure installation tasks and is used only when you run Setup. It is not installed or cached on users’ computers. You can edit the Config.xml file to customize an installation.

Read more: http://technet.microsoft.com/en-us/library/dd630736.aspx

System Center 2012 SP1 Cumulative Update 1 relased

Contains a lot of bug-fixes for System Center 2012 SP1…

Read more: http://support.microsoft.com/kb/2785682

For Configuration Manager SP1: http://support.microsoft.com/kb/2817245/en (includes updated powershell features).

 

SCCM 2012: Step-by-Step Example Deployment of the PKI Certificates for Configuration Manager

This step-by-step example deployment, which uses a Windows Server 2008 certification authority (CA), contains procedures to guide you through the process of creating and deploying the public key infrastructure (PKI) certificates that Microsoft System Center 2012 Configuration Manager uses.

Guide: http://technet.microsoft.com/en-us/library/gg682023.aspx

OR, Gabriel Beaver have created his own step-by-step guide with screenshots. http://gabrielbeaver.me/2012/08/sccm-2012-part-ii-certificate-configuration/

 

SCCM 2012: Two ways to deploy Linux with SCCM :-)

SCCM have recently launched service pack 1 with Linux agent for management of Enterprise Linux distributions. People ask me about OS deployment as it’s not supported, but still you can kind of do it.

Think of this, you have Windows PE and the ability to run commands in a task sequence. So if you have the tools you can do anything you want. SCCM does it in the same way With .wim files, it’s all about the Tools like dism or imagex. Regarding Linux i’ve  tested two scenarios.

  1. Distribute a Linux Live ISO: Most Linux distributions allows you to run a Live OS from a DVD, for troubleshooting or trial of the operating system. With the BootLoader Grub4Dos you can boot from ISO files. So the only thing you have to do is install this bootloader while in windows pe, copy the Live ISO to your local drive and configure boot loader to boot from it. Reboot to local disk and your Linux Live OS will be loaded.
  2. Actually deploy a image: In Linux you can use DD to create a image of your harddrive. There also is a DD version for DOS. So you can actually create a valid image of your Linux installation and deploy it with SCCM. Please read more on dd here: http://www.linuxweblog.com/dd-image

Be aware, this is kind of stoneage technology, and you need to put some effort into creating your Linux distribution. You will not be able to run task sequence engine within the operating system. But if you are skilled with Linux you may be able to script the agent installation on first boot, then you will have control again 🙂

Example:

1. Create a package in Your environment this package should contain Your Linux Image and DD for dos. (download it here). Do not create a program for the package as it’s not needed. But I recommend you to enable “Copy the content in this package to a package share on distribution Points” this will allow you to run the task sequence directly from DP later. Please read previous blog post regarding this: http://systemcenter.no/?p=331

2. Create a command line task sequence step, this will run diskpart /s diskpartscript.txt.

The diskpart script looks like this:

Select disk 0
clean
 

The task sequence step looks like this (notice i’ve added the Linux deployment package as Reference for the command line step):

3. Use DD (for dos) to extract the image to disk.

4. Deploy the task sequence to unknown or known computers, run ts directly from DP and enjoy.

 

SCCM 2012: Download Linux and Solaris Agent

System Center 2012 Configuration Manager With Service Pack 1 now supports Linux and Solaris Distributions, for server management. You can download the agent here:

http://www.microsoft.com/en-us/download/details.aspx?id=36212

UNIX/Linux Client:The following UNIX and Linux versions are supported in this release.

  • RHEL Version 6 (x86 & x64)
  • RHEL Version 5 (x86 & x64)
  • RHEL Version 4 (x86 & x64)
  • Solaris Version 10 (x86 & SPARC)
  • Solaris Version 9 (SPARC)
  • SLES Version 11 (x86 & x64)
  • SLES Version 10 SP1 (x86 & x64)
  • SLES Version 9 (x86)

BYOD = MYOD?

It’s hard to ignore all the «fuzz» about the «bring your own device» concept. It seems like a user’s dream, and the IT departments worst nightmare. It’s the eternal conflict, users want more freedom and it pro’s want more control. Therefore, to maintain Control, the solution from most IT departments is VDI. In that way users can access a company desktop regardless of what device they are using. And the IT department can maintain full controll.

So I have devices and can bring them, I will have access to company resources and produce my daily work within a VDI company desktop. So far so good, but still my computer will have software that needs to be updated, operating system will need patches and configuration, I will need to maintain a antivirus solution for security compliance, and if my computer crashes I will have to provide a quick way to get up and running for work next day.

As a user I don’t really like the concept of living wihtin company boundaries, and with that the restrictions and policy defined by my IT department. But still I understand it feels somewhat safe. You have a local support system to rely on, adjusted to your needs. It’s something to think about, would you really replace your local IT department with your local hardware vendor?

So is «Bring Your Own Device» also «Manage your own device» ? If you truly should be able to bring what ever device you want, then it’s impossible for the IT department to support you, your device, operating system and your locally installed applications. Then you are stuck with your local vendor and you will have to mange your own device, in one way or the other.

Maybe it’s time to get a new perspective on «self-management» ? 🙂

SCCM 2012: Simple HTA Boot Menu Solution to set Task Sequence Variables.

If you for some reason are not able to use MDT and the UDI wizard, you may want to create a HTA Application to handle roles or special choises during deployment.

I have created a simple HTA that reads a config file and generates a dropdown list and defines task sequence variables, feel free to use this as an example.

PS! Excuse my vbscript code, i’m not really a Developer…

To run HTA applications in Windows PE you will need to add HTA support to your boot images. Please see my previous post on how to add winpe components in SP1.

http://systemcenter.no/?p=401

The HTA solution consits of two files.

  1. app: tshta.hta, this is the application if you want to download the source code you can get the solution here.

2. file: Config, this is the configuration file that let’s you define dropdown menu entries and task sequence variables related to each entry. This has the following syntax:

<President>
Country=USA
Name=Obama
</President>
 
<IT Consultant>
Name=Howard
</IT Consultant>
 

3. You need to add the HTA to your task sequence. Notice that I have created a package that contains the HTA Application, added a command line step and selected “start in package”.

4. Use the variables in a TS step. In this example I’ve just added a group, this can for example contain spesific applications.

SCCM 2012 SP1: Create Install, Uninstall Collections and AD Groups with powershell.

One of the big new features in SCCM 2012 SP1 is is the PowerShell module. Powershell is really great for automation.

If you are using AD group membership together with dynamic collection rules to target and deploy applications, you probably have spent hours creating collections, ad groups and queries.

I have created a simple PowerShell script to automate this task, feel free to modify the script to fit your needs.

For the script to be able to create AD Group, install the active Directory PowerShell module on the server or client that you run your ConfigMgr Console from. You will also need to enable AD Group discovery in SCCM.

Code: Download here

  • Two collections is created for the application.

  • Install collection Properties

  • Uninstall collection properties

SCCM 2012 SP1: HotFix for Installation error 0x800b0101

Installation error 0x800b0101: System Center 2012 Configuration Manager Service Pack 1 Client.

This issue occurs because the MicrosoftPolicyPlatformSetup.msi file is signed with a digital certificate that does not have the proper timestamp attributes. Microsoft Security Advisory 2749665 has more information on this certificate issue.

Apply this hotfix before upgrading Clients,

Download HotFix here: http://support.microsoft.com/kb/2801987/en-us

 

SCCM 2012: Remove computer from a collection after deployment

If you are using collections with Direct Membership and want to clean up the membership rule after deployment. One common example is to have a Deploy Collection With a required deployment targeted. Jörgen Nilsson has created a great solution using vbscript and status Filter rules on the server side. Another option would be to use a web service or a script on the client side.

http://ccmexec.com/2012/07/remove-from-collection-and-clear-pxe-flag-vbscript-using-status-filter-rule/

SCCM 2012: Linux Support with SP1

SCCM 2012 SP1 Introduce Linux/Unix support.

If you are curious on this subject, I recommend you to spend 30min and  watch this episode of TechNet Radio (published in the link below)

This will give you:

  • Valubale Information on support and limitations
  • Walktrough on installing the Linux Agent.

Supported Distributions:

  • HP-UX 11i v2 (IA64)
  • HP-UX 11i V3 (IA64)
  • HP-UX 11i v2 (PA-RISC)
  • HP-UX11i V3 (PA-RISC)
  • AIX 5.3 (Power)
  • AIX 6.1 (Power)
  • AIX 7.1 (Power)
  • SLES 9(x86)
  • SLES 10 (X86 and X64)
  • SLES 11 (X86 and X64)
  • Solaris 10 (SPARC)
  • Solaris 11 (SPARC)
  • Solaris 9 (SPARC)
  • Solaris 10 (x86)
  • Solaris 11 (x86)
  • RHEL 6 (x64)
  • RHEL 6 (x86)
  • RHEL 5 (x64)
  • RHEL 5 (x86)
  • RHEL 4 (x64)
  • RHEL 4 (x86)

Max OS X Lion and Snow Leopard  are also supported trough internet management and will require a site system With a management configured for HTTPS.

Link to video: http://blogs.technet.com/b/keithmayer/archive/2012/10/30/supporting-linux-unix-and-mac-clients-with-system-center-2012-configuration-manager-sp1.aspx#.UO3hIWbKzq5

Recently I have deployed Linux OS With SCCM. This is currently unsupported, and i’m only able to dump a image to harddrive. Still It may be useful in some cases. I will create a howto on this soon.

SCCM 2012: Add Windows PE Components from GUI

System Center 2012 Configuration Manager SP1 Introduces a new graphical user interface. You can «almost» forget everything you knew about dism.exe. New in SCCM 2012 SP1 and Windows PE 6.2 is the ability to add Powershell and .Net 4 support (no more vbscripts). In my example below I add theese components.

  • Navigate to: Software library > Boot Images > Boot Image (x64) or (x86), right click and select properties.
  • Navigate to: «Optional Components»
  • Click on the button with yellow icon (star) to select optional components.

  • Select components of your choise. In this example Powershell and .Net support is added.

  • Click OK

  • Click ok and run trough the «update distribution points wizard» to update your boot image.

 

 

SCCM 2012: VBScript to list out Task Sequence variables.

If you need to verify that a task sequence variable has been set or if it’s value is correct, you can use this script to read out all SCCM TS variables.  Store the script in a .vbs file and execute with cscript.exe readTSvar.vbs on a Client during deployment.

Set TSEnv = CreateObject(“Microsoft.SMS.TSEnvironment”)
For Each Var In  TSEnv.GetVariables  
WScript.Echo Var & “=” & TSEnv(Var)
Next

System Center Marketplace: Great starting point to extentions, apps and resources.

The Microsoft System Center Marketplace is specifically designed to help business customers find trusted Microsoft System Center experts, and applications and services that enhance and easily integrate with Microsoft System Center products.

http://systemcenter.pinpoint.microsoft.com/en-US/home

Microsoft, Infrastructure planning and design guides

Yes! They exist, If you are planning an implementation of a Microsoft System Center 2012 or other Microsoft Products or just seeking information on what is new, recommended planning steps or an overview of the product architecture. The Infrastructure Planning and Design (IPD) Guide Series provides you with quick an concrete information specified to each Product.

Great Tools whether you are a product specialist, receiving customer, a technical sales resource or project manager. Read up!

http://technet.microsoft.com/en-us/solutionaccelerators/ee395430