It's the sccm service mode functionality<http://blogs.technet.com/b/configmgrteam/archive/2012/11/26/managing-embedded-devices-with-write-filters-in-configuration-manager-service-pack-1.aspx>... I can see where they were going in that you want to minimize the stuff that can and would get done if you just turned the write filter off and then rebooted back to the OS and to a user's desktop in the event you are using an autologon account. *BUT* if you are gonna pop up that service mode, you better darn well do your business, turn the write filter back on, committing change and get the device back up to a usable state. Otherwise you are leaving unusable devices everywhere. You might want to even incorporate some sort of status information to that lock screen so the user knows it is doing update 1 or 1 and will be back to a usable state in 5 minutes... The documentation says to use maintenance windows to administer them but in a 24x7 operation, it's super difficult. You get into the questions about how many do I schedule at a time? Do I set all devices with ip ending in 1 to have a window this day at this hour? And rotate through??? Can't just say say 12a-2a is the maint time across the board... that's peak time for some parts of the hospital... HEAVY administrative burden to break it all out [cid:[email protected]]
Jimmy Martin (901) 227-8209 From: [email protected] [mailto:[email protected]] On Behalf Of Krueger, Jeff Sent: Friday, September 25, 2015 12:00 PM To: [email protected] Subject: [mssms] RE: windows embedded Hmm... interesting, I wonder if there's just something missing in the OEM's embedded image build? You might want to try building a ThinPC image and running that through your same testing and see how it responds. You can deploy the ThinPC image on regular hardware. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Marable, Mike Sent: Friday, September 25, 2015 10:38 AM To: [email protected]<mailto:[email protected]> Subject: [mssms] RE: windows embedded I have a screen shot of the screen that somewhere if interested. I don't know if this is the way it works or just one of those things we somehow "broke", but when the device has the write filter turned off and users are locked out, domain users with administrative rights could not log into the machine. It seems that only a local administrator account would work. Again, learning as we go along. I also heard back from our HP tech. He did not know what the patches from Microsoft were (KB article numbers, that sort of thing) and that we would have to contact Microsoft about them. Mike From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Krueger, Jeff Sent: Friday, September 25, 2015 9:23 AM To: [email protected]<mailto:[email protected]> Subject: [mssms] RE: windows embedded I've built out a Window ThinPC image which is the same as windows embedded, in my testing things work well with handling the write filter when deploying software. What are your specific concerns about the admin mode? When the write filter is turned off, it restarts the machine then puts up a screen notifying users that the device is under maintenance (don't remember the exact verbiage) and only an administrator can then log on to the device until it's completed. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Marable, Mike Sent: Friday, September 25, 2015 9:11 AM To: [email protected]<mailto:[email protected]> Subject: [mssms] RE: windows embedded Yes, we're getting started with it (W7E) here. We've been told by the hardware vendor that there are "many" issues with SCCM and the Enhanced Write Filter out of the box and that Microsoft has a number of SCCM patches for both the server and client sides that will be needed. The vendor said to open a support case with MS to get those patches because they are not publicly available. This is all from the vendor's mouth. They couldn't say what the patches were exactly just that we need to call Microsoft and request them. Nice, right? I don't believe our SCCM team has gone to Microsoft yet about these mysterious patches but I can check. We are just getting started though, so we're learning as we go along. Mike From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Jimmy Martin Sent: Friday, September 25, 2015 8:08 AM To: [email protected]<mailto:[email protected]> Subject: [mssms] windows embedded anyone out there use windows embedded clients (utilizing write filter) with sccm client in a healthcare setting or other HA type setting? Just looking to learn through your experience with sccm client and write filter manipulation and maintenance windows, etc. gotchas... the part I want to minimize is how when the write filter is disabled and how the cm client sets the logon screen to being locked in admin only mode... Jimmy Martin | Engineer | Information Technology | BMHCC - CORPORATE Phone: (901) 227-8209 | [email protected]<mailto:[email protected]> Opinions expressed above are not necessarily those of Baptist. This message and any files transmitted with it may contain legally privileged, confidential, or proprietary information. If you are not the intended recipient of this message, you are not permitted to use, copy, or forward it, in whole or in part without the express consent of the sender. Please notify the sender of the error by reply email, disregard the foregoing messages, and delete it immediately. P Please consider the environment before printing this email... ********************************************************** Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues ________________________________ CONFIDENTIALITY NOTICE: This email contains information from the sender that may be CONFIDENTIAL, LEGALLY PRIVILEGED, PROPRIETARY or otherwise protected from disclosure. This email is intended for use only by the person or entity to whom it is addressed. If you are not the intended recipient, any use, disclosure, copying, distribution, printing, or any action taken in reliance on the contents of this email, is strictly prohibited. If you received this email in error, please contact the sending party by reply email, delete the email from your computer system and shred any paper copies. Note to Patients: There are a number of risks you should consider before using e-mail to communicate with us. See our Privacy & Security page on www.henryford.com<http://www.henryford.com> for more detailed information as well as information concerning MyChart, our new patient portal. If you do not believe that our policy gives you the privacy and security protection you need, do not send e-mail or Internet communications to us. ********************************************************** Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues This message and any files transmitted with it may contain legally privileged, confidential, or proprietary information. If you are not the intended recipient of this message, you are not permitted to use, copy, or forward it, in whole or in part without the express consent of the sender. Please notify the sender of the error by reply email, disregard the foregoing messages, and delete it immediately. P Please consider the environment before printing this email...
