Re: [mssms] RE: Cm12 and VMWare VDI - patch image
MDT litetouch + Powershell Sent from Windows Mail From: Daniel Ratliffmailto:dratl...@humana.com Sent: Monday, April 6, 2015 2:02 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Manual process for now. 1. Power on template 2. Configure CM client 3. Deploy patches 4. Clean CM client 5. Capture template Daniel Ratliff From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of DeGuire Greg (FCA) Sent: Monday, April 06, 2015 1:57 PM To: mssms@lists.myitforum.com Subject: [mssms] Cm12 and VMWare VDI - patch image Anyone using SCCM 2012 to patch/update the ‘gold’ image from which all virtual desktops are launched in a VMWare VDI infrastructure? From what I have read, there is a way to do this with Hyper-V/VMM but have not found a way to do this with a VMWare environment. Thanks for any info you folks can provide. The information transmitted is intended only for the person or entity to which it is addressed and may contain CONFIDENTIAL material. If you receive this material/information in error, please contact the sender and delete or destroy the material/information.
Re: [mssms] RE: Install Updates during Build Capture TS
I’m actually working on a session covering this for our usergroup meeting in april. I will have my slidedeck and notes / scripts posted and will reply to this thread once they are live. I use mdt since i sometimes need to image computers without the configmgr client on them. It also lets me use the same base image in both prod and dev. I have it setup so my image build is only able to install updates that were approved in configmgr, so no rogue patches can be installed. Sent from Windows Mail From: Justin Chalfantmailto:justin.chalf...@microsoft.com Sent: Monday, March 16, 2015 10:48 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Or just use MDT. It’s more streamlined and a lot less that could go wrong especially during the software updates. Check out: https://technet.microsoft.com/en-us/library/dn818437.aspx this goes over creating images in MDT and deploying in SCCM. Thanks, Justin Chalfant Premier Field Engineer – Configuration Manager Public Sector Microsoft Services Tel : (303) 846-2701 Email: justin.chalf...@microsoft.commailto:justin.chalf...@microsoft.com If you have any feedback about my work, please let either myself or my manager Rusty Gray know at rusty.g...@microsoft.commailto:rusty.g...@microsoft.com From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Jason Sandys Sent: Monday, March 16, 2015 2:12 PM To: mssms@lists.myitforum.com Subject: [mssms] Re: Install Updates during Build Capture TS Three main things: - Make sure you add the SMSMP property in the Setup Windows and ConfigMgr task - Make sure you have an IP Address Range boundary set up for the subnet where the BC is happening - For Windows 7, see http://blog.configmgrftw.com/configmgr-2012-application-installation-failures/ J From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com on behalf of Lindsay, Charles charles.lind...@dot.state.fl.usmailto:charles.lind...@dot.state.fl.us Sent: Monday, March 16, 2015 9:00 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] RE: Install Updates during Build Capture TS Doesn’t sound like you missed a step at this point. Here’s a couple of things to look for… - Does the distribution point that the computer is hitting for the updates have “authenticated users” in the local “Users” group and does the local “users” group have “read” access to the SMSPKGx$ share? - Does it also have “read” access for the folder containing the updates at the NTFS level? - Does the updates folder exist on the DP at the exact location that’s being recorded in the log files? The computer that you’re building the capture on should be invoking the “Network Access Account” that’s established in SCCM (Site Settings - Software Distribution Component properties) for accessing the distribution point since it’s not a member of the domain. The only time that I’ve seen that particular issue was when someone was trying to be “cute” with limiting access to a distribution point by removing “authenticated users” from the local “users” group, but then again… that broke access to all of the hosted packages and not just updates. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of King, Jason Sent: Monday, March 16, 2015 9:09 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] RE: Install Updates during Build Capture TS SCCM 2012 R2 CU2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jason King | Solutions Design Team Telephone: 248.853.4841 From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Schwan, Phil Sent: Monday, March 16, 2015 8:46 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] RE: Install Updates during Build Capture TS MDT or ConfigMgr? From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of King, Jason Sent: Monday, March 16, 2015 7:43 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] Install Updates during Build Capture TS I am currently having an issue and I am stumped. I am trying to install updates during the build capture. I am getting a 401 access denied error when it attempts to connect and install the updates. If I join the domain, everything works just fine. Has anyone had this issue? Am I missing an easy step? ….. Jason King | Solutions Design Team Please consider the environment before printing this email. CONFIDENTIALITY NOTICE: This email
Re: [mssms] Splitting Domain and SCCM
configmgr can manage a server in another domain/forest, as long as a trust exists. Sent from Windows Mail From: Marcum, Johnmailto:jmar...@babc.com Sent: Monday, March 16, 2015 3:38 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com The thing I do not know is whether or not it will work cross-forest. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Todd Hemsell Sent: Monday, March 16, 2015 12:51 PM To: mssms@lists.myitforum.com Subject: Re: [mssms] Splitting Domain and SCCM I did not know that :-) I think I will use the migration wizard. Thanks On Mon, Mar 16, 2015 at 12:29 PM, Marcum, John jmar...@babc.commailto:jmar...@babc.com wrote: Couldn't you just use the built in migration wizard? It does 2012 to 2012 now. After that just run a script to change the package source locations. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of Todd Hemsell Sent: Monday, March 16, 2015 10:42 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] Splitting Domain and SCCM Our company is splitting up so I need to create a new SCCM server and copy all of the applications over to it. Also need to migrate SCEP polices and such. I am planning on using PS to export and import the applications. Was wondering what the other opinions might be? /Todd Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e-mail and then delete it from your computer.
Re: [mssms] RE: Surface Pro 3 dock boot from flash fails
THIS!!! You need to have both injected. Once the machine has at least the November firmware, PXE is very reliable. Sent from Windows Mail From: Sean Pomeroymailto:sean.pome...@gmail.com Sent: Monday, March 9, 2015 1:53 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Did you add both Surface Ethernet Adapters to the boot image? On Mon, Mar 9, 2015 at 1:45 PM Timothy Ransom timothy.ran...@gdol.ga.govmailto:timothy.ran...@gdol.ga.gov wrote: I applied all firmware updates before attempting boot from SCCM flash drive and no changes made to power settings. Task sequencing Error – Failed to find valid network adapter. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of Mears, Mark Sent: Monday, March 09, 2015 9:06 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] RE: Surface Pro 3 dock boot from flash fails You may want to allow the Surface to connect to the WindowsUpdate to pull the latest firmware before attempting to image it. At my last customer we found a few units that needed this before we were able to get them to find certain device drivers. Once you get the new firmware you should be fine. Thanks, Mark A. Mears, Sr. MCSA, MCTS, MCITP, MCT Microsoft Architect | En Pointe Technologies | www.enpointe.comhttp://www.enpointe.com/ HQ: 18701 S. Figueroa Street, Gardena, CA 90248-4506 | 310-337-5200 Direct: (310) 337-4580 Office Ext: 4580 Mobile: (757) 945-2651 [cid:image002.gif@01CCDF44.8AFE3EF0]http://www.enpointe.com/ [MS]http://www.enpointe.com/microsoft Systems Integrator Licensing Solution Provider (SI-LSP) Software Asset Mgmt Gold Partner Volume Licensing Gold Partner Server Platform Gold Partner Communications Gold Partner Virtualization Gold Partner Collaboration Gold Partner From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Timothy Ransom Sent: Sunday, March 8, 2015 7:12 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] Surface Pro 3 dock boot from flash fails Hi, Surface Pro 3 dock boot from flash fails to find valid network adapter. I am using SCCM 2012 R2 and have followed steps in Surface-Pro-3-Deployment-Administration-Guide. Has anyone else resolved this issue? Not sure what I am missing, no problems importing (1) driver to boot image – but guide mentions (3) drivers. Thanks, Tim ** GDOL CONFIDENTIALITY NOTICE: This transmission may contain confidential information protected by state or federal law. The information is intended only for use consistent with the state business discussed in this transmission. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or the taking of any action based on the contents is strictly prohibited. If you have received this transmission in error, please delete this email and notify the sender immediately. Your cooperation is appreciated. ** ** GDOL CONFIDENTIALITY NOTICE: This transmission may contain confidential information protected by state or federal law. The information is intended only for use consistent with the state business discussed in this transmission. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or the taking of any action based on the contents is strictly prohibited. If you have received this transmission in error, please delete this email and notify the sender immediately. Your cooperation is appreciated. **
Re: [mssms] Surface 3, Docking Station, and Daisy-Chaining. Oh my!
We are using both the dual and triple port StarTech DisplayPort hubs with a variety of monitors and havent seen any flickering issues. I run my sp3 plus dual Dell Touchscreen displays without issues. Maybe once a month i have to press the “scan” button to get it to find one of the monitors, but other than that the device has been very stable. I undock/dock ~30 times per day. Sent from Windows Mail From: rodtr...@myitforum.commailto:rodtr...@myitforum.com Sent: Friday, March 6, 2015 5:31 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com I don't use the Display Port. Seems to be a common problem. Believe it or not, USB works best. My setup is listed here: http://winsupersite.com/hardware/hardware-i-use-rod-trent-january-18-2015 From: 'Chris Carbone'mailto:chris.carb...@fairmountsantrol.com Sent: Friday, March 6, 2015 4:51 PM To: SMSmailto:mssms@lists.myitforum.com Has anyone found a good work around for this problem that neither Dell or M$ want to address? So here’s the situation, if you have a SP3 in a docking station hooked to two Dell U2414H’s with display-port connections that are daisy-chained you will have problems, and often! There was a flickering problem also but it looks like M$ did fix this one. Some of the problems are, monitors will NOT wake back up if SP3 sleeps. Or if docking SP3, monitors do not wake up, or maybe only one of them wakes up. As an attempt to find a solution I bought one of these devices but it’s only a little less flakey. [cid:image001.png@01D0582D.D89DFEB0] http://www.amazon.com/gp/product/B00JLRBC7S/ref=oh_aui_detailpage_o00_s00?ie=UTF8psc=1 All of these problems DO NOT exist if you plug directly into the SP3 which kinda defeats the purpose of their docking station. Please tell me someone out there has found a solution? Sending back these monitors to Dell and ordering new ones is not a solution as we have several users with this set up. Thanks! This electronic mail transmission may contain confidential information intended only for the use of the individual(s) identified as addressee(s). If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or the taking of any action in reliance on the contents of this electronic mail transmission is strictly prohibited. If you have received this transmission in error, please notify me by telephone immediately.
RE: [mssms] RE: UEFI/GPT on Windows 7
In the next year or so, you will have to move to UEFI. If you plan on any Surface Pro style devices or tablets you will have to support UEFI to be able to deploy them. The boot times are much faster, which is nice on enterprise hardware (the same as consumer gear). Secure boot is nice from a security standpoint. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of ccollins9 Sent: Thursday, March 05, 2015 18:03 To: mssms Subject: Re: [mssms] RE: UEFI/GPT on Windows 7 Interesting topic. I can see the benefits in personal computing and customizing, but I'd be curious what the upside to UEFI is for y'all that are pushing forward on business computers. For us, we haven't looked at it much, we perfected our OSD process a few years ago and use the Dell CCTK command line tools to fully customize the bios during the task sequence so the techs have to do next to nothing manually when setting up a new PC. they just boot to SCCM/PXE and start the task sequence. If it's a re-image, they set the bios to defaults, clear TPM, then start task sequence. Does Dell yet have good command line control over UEFI? I'm not adversed to change, just haven't yet looked into the benefits of going to UEFI yet. On Mar 5, 2015 3:35 PM, Kent, Mark ken...@buffalostate.edumailto:ken...@buffalostate.edu wrote: Any model that will support it, essentially. Which isn't too many. We didn't go back out in the field and retrofit existing installs. Just machines going through image deployment from that point forward. Here is what I have Optiplex 990 1.General - Boot Sequence - check the UEFI box 2.Boot the PC with USB only (no PXE support) Optiplex 9010 1.General - Boot Sequence - check the UEFI box 2.General - Advanced Boot Options - uncheck the Legacy Option ROMS box 3.Boot the PC with PXE (no USB support noted at this time) 4.When the PC reboots the first time after applying the image, go back into the BIOS and check the box referenced in #2 above Optiplex 9020 Desktop models 1.General - Boot Sequence - check the UEFI box 2.General - Advanced Boot Options - check the Legacy Option ROMS box 3.System - Integrated NIC - check the Enable UEFI Network Stack box 4.Performance - Rapid Start Technology - uncheck the box 5.Boot the PC using either USB or PXE Optiplex 9020 All in One 1.General - Boot Sequence - check the UEFI box 2.General - Advanced Boot Options - check the Legacy Option ROMS box 3.System - Integrated NIC - check the Enable UEFI Network Stack box 4.Performance - Rapid Start Technology - uncheck the box 5.Power Management - Block Sleep - check the Block Sleep (S3 State) box 6.Boot the PC using either USB or PXE Latitude E6420 1.General - Boot Sequence - check the UEFI box 2.Boot the PC with USB only (no PXE support) Latitude E6430 1.General - Boot Sequence - check the UEFI box 2.General - Advanced Boot Options - check the Legacy Option ROMS box 3.System Configuration - Integrated NIC - check the Enable UEFI Network Stack box 4.Performance - Rapid Start Technology - uncheck the box Latitude E6440 1.General - Boot Sequence - check the UEFI box 2.General - Advanced Boot Options - check the Legacy Option ROMS box 3.System Configuration - Integrated NIC - check the Enable UEFI Network Stack box 4.Performance - Rapid Start Technology - uncheck the box Mark Kent (MCP) Sr. Desktop Systems Engineer Computing Technology Services - SUNY Buffalo State From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of Underwood, Bob Sent: Thursday, March 5, 2015 2:52 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] RE: UEFI/GPT on Windows 7 I would love that! Did you pull the band-aid off and move to it on all existing models in the environment, or just on those that were released in the last year? From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Kent, Mark Sent: Thursday, March 05, 2015 1:47 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] RE: UEFI/GPT on Windows 7 We have been using UEFI on our Dells for the past year. It is a little quirky, you have to figure out correct settings for each model. I made a list if anyone would like to see it. Mark Kent (MCP) Sr. Desktop Systems Engineer Computing Technology Services - SUNY Buffalo State From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Underwood, Bob Sent: Thursday, March 5, 2015 1:36 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] UEFI/GPT on Windows 7 Hey folks - Just an informal survey... what is your approach for systems running in UEFI mode in your environments? (Do you allow your process to deploy in whatever mode the machine is in? Do you
[mssms] RE: Sccm 2007 Sp2 R2 - Can i use MDT 2012?
https://technet.microsoft.com/en-us/library/ee376932.aspx MDT 2012 Update 1 supports Configuration Manager 2007 and Configuration Manager 2012 releases. Fully automated zero touch installation deployments by utilizing System Center Configuration Manager and Windows deployment tools. For those without a System Center Configuration Manager infrastructure, MDT uses Windows deployment tools for Lite Touch Installation deployments. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Burke, John Sent: Tuesday, March 03, 2015 14:43 To: mssms@lists.myitforum.com Subject: [mssms] RE: Sccm 2007 Sp2 R2 - Can i use MDT 2012? Hi folks. I’ve had some of my rules block email from myitforum before. This one seemed like something you folks would know pretty quick, so thought I’d confirm it got to the list and that I’m getting the responses. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Burke, John Sent: March-03-15 11:32 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] Sccm 2007 Sp2 R2 - Can i use MDT 2012? Hi, I’m trying to get our image working with Mcafee Encryption. The newer versions instructions are failing, I believe because it is built for SCCM 2012 MDT 2012 update 1 Windows assessment and Deployment Kit version 4.0. My question is – can I install MDT 2012 update 1 and Windows assessment and deployment kit and use those to manipulate the WIM outside of SCCM? I’m hoping that will let me follow their instructions and then I can just deploy that.
RE: [mssms] Get product name is blank
For grant money, it often times has stipulations on how the funds can be spent. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of ccollins9 Sent: Thursday, March 05, 2015 19:41 To: mssms Subject: RE: [mssms] Get product name is blank In higher ed/research and many government or npo they get grant money and they see it as their money they can do anything with. They earned it by jumping through the hoops to get it. It's hard to argue with them. So it's always hey I.t. Guys, we're buying this with or without you, so suck it. As always, it comes down to executive leadership/super which is often non existent On Mar 4, 2015 6:01 PM, Roland Janus roland.ja...@hispeed.chmailto:roland.ja...@hispeed.ch wrote: Obviously you must have tons of money to waste, that's what that usually is called... -Roland From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike Sent: Mittwoch, 4. März 2015 23:18 To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: RE: [mssms] Get product name is blank One of the great(?) things about working in Higher Ed. It's difficult to tell people what they *have* to use. At least we're managing them. That took forever to get approved by the million or so committees we have to go through. :) Mike From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Rickym61 Sent: Wednesday, March 4, 2015 1:56 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: Re: [mssms] Get product name is blank Exactly what I thought when I saw that list. On Wednesday, 4 March 2015, Roland Janus roland.ja...@hispeed.chmailto:roland.ja...@hispeed.ch wrote: Holy sh.. that's a lot of models to support and there are probably more I pity you :) From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike Sent: Mittwoch, 4. März 2015 19:10 To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] RE: Get product name is blank Yes, that's basically the same thing. Here's our method in the TS: [cid:image001.png@01D0579D.F7A14E10] From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Chris Carbone Sent: Wednesday, March 4, 2015 10:03 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] RE: Get product name is blank Thanks Mike, I will try that. I also found this source with another possible way to find this info out. https://social.technet.microsoft.com/Forums/systemcenter/en-US/6c0668db-b3e8-4515-a0a4-b2a73304babf/csproduct-get-name-not-returning-model?forum=configmgrosd 1. Run wbemtest 2. Connect to root\cimv2 3. Click Open Class and use Win32_ComputerSystem 4. Click Instances 5. Open the instance by doubble clicking 6. Search for Model From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike Sent: Wednesday, March 04, 2015 12:59 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] RE: Get product name is blank You could try wmic computersystem get model Mike From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Chris Carbone Sent: Wednesday, March 4, 2015 9:49 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] Get product name is blank When I use the command below, the result is blank. Command prompt will show Name and then nothing below it. wmic csproduct get name Has anyone seen this blank before? I use this for the driver package installation steps. Thanks This electronic mail transmission may contain confidential information intended only for the use of the individual(s) identified as addressee(s). If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or the taking of any action in reliance on the contents of this electronic mail transmission is strictly prohibited. If you have received this transmission in error, please notify me by telephone immediately. This electronic mail transmission may contain confidential information intended only for the use of the individual(s) identified as addressee(s). If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or the taking of any action in reliance on the contents of this electronic mail transmission is strictly prohibited. If you have received this transmission in error, please notify me by telephone immediately.
RE: [mssms] Wow ? Look how involved reading the Windows 10 Win dows Update log may become
Note These steps are relevant only for the January Tech Preview of Windows 10. The process will be significantly improved in the release version of Windows 10. Its due to debug code in the update process, they are testing the “build” tracks ;) From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Robert Hastings Sent: Wednesday, March 04, 2015 10:07 To: mssms@lists.myITforum.com Subject: [mssms] Wow � Look how involved reading the Windows 10 Win dows Update log may become I was forwarded this link which outlines the purposed process for reading the Windows Update log in Windows 10. I can’t figure out why they want to make this so difficult. This might be a good blog post on My IT Forum… I provide some feedback under the “Give Feedback” section. So much for reading logs with Notepad http://support.microsoft.com/kb/3036646
Re: [mssms] Software updates scanning question
Do you have the Enterprise Hotfix Rollup for Win7 on your machines? What version of windows mgmt. framework is installed? Sent from Windows Mail From: Kent, Markmailto:ken...@buffalostate.edu Sent: Friday, February 27, 2015 15:34 To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com We are running SCCM 2012 R2 CU1, SQL 2012, on Server 2012. 99% of our clients are Windows 7 SP1. We are seeing the issue documented here: https://social.technet.microsoft.com/Forums/en-US/4a782e40-bbd8-40b7-869d-68e3dfd1a5b4/windows-update-scan-high-memory-usage?forum=w7itproperf Essentially, when update scanning kicks off, the svchost.exe process skyrockets on memory use. On machines that have only 2GB of RAM, they soon exhaust physical memory and start to page out to disk. This seriously slows down the machine. We still have hundreds of machines with 2GB of RAM, so simply popping in additional memory is out of the question. The suggestion in the link is to change the scan cycle. Now, we have SCCM looking for OS/Office updates every 3 days yet the machines have issues daily. We also use SCEP and it checks for updates 3 times a day. Correct me if I am wrong, but SCEP also uses WSUS and therefore uses the Windows update scan engine to look for virus definitions. If this is true, then it would explain why the machines are slow on a daily basis. I guess I am just looking for confirmation on my hypothesis. There doesn’t seem to be any fix from MS on this that I can find. We have tried some of the suggestions in the forum post but still have the same problem like the original poster has. I can change the def update scan for 4AM when all the machines power on to check for any installs they need to perform. This should at least drastically reduce the frequency of slowdowns. Thanks. Mark Kent (MCP) Sr. Desktop Systems Engineer Computing Technology Services - SUNY Buffalo State
Re: [mssms] KB3001652 - Visual Studio 2010 Tools for Office Runtime
That update was applicable to 15,000 machines at my current client. They have the runtime installed for an outlook add-in they run. Was pulled before release, these guys have a great patch validation/testing procedure. Sent from Windows Mail From: Heaton, Joseph@Wildlifemailto:joseph.hea...@wildlife.ca.gov Sent: Tuesday, February 10, 2015 4:44 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Luckily, we’re not updating any Visual Studio stuff. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Daniel Ratliff Sent: Tuesday, February 10, 2015 12:52 PM To: mssms@lists.myitforum.com Subject: RE: [mssms] KB3001652 - Visual Studio 2010 Tools for Office Runtime We have not downloaded or deployed the prior patches and 3001652 has not been downloaded yet. [cid:image001.png@01D04537.2F58F020] Daniel Ratliff From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Harjit Dhaliwal Sent: Tuesday, February 10, 2015 3:48 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: Re: [mssms] KB3001652 - Visual Studio 2010 Tools for Office Runtime http://www.neowin.net/news/microsofts-patch-kb3001652-is-causing-pcs-to-lockup http://windowsitpro.com/security/first-responders-kb3001652-hangs-computers-never-finishes-installation -Harjit On 2/10/2015 3:38 PM, Harjit Dhaliwal wrote: I believe KB3001652 has now been pulled. -Harjit On 2/10/2015 3:30 PM, Rod Trent wrote: Lots of reports rolling in that this is causing some serious issues… From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Doug McInnis Sent: Tuesday, February 10, 2015 3:01 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] KB3001652 - Visual Studio 2010 Tools for Office Runtime Anyone have this update automatically start to deploy today? SCCM 2012 R2. We just started getting failure notification this afternoon. Very ODD and not a desired feature! [cid:image002.png@01D04537.2F58F020] Doug McInnis Sr. Systems Administrator L.L.Bean, Inc. dmcin...@llbean.commailto:dmcin...@llbean.com 207-552-2704 (w) 207-317-6933 (C) The information transmitted is intended only for the person or entity to which it is addressed and may contain CONFIDENTIAL material. If you receive this material/information in error, please contact the sender and delete or destroy the material/information.
Re: [mssms] RE: Right-Click Client Install
Client push does not handle CU’s, sadly. Only service packs. Sent from Windows Mail From: Daniel Ratliffmailto:dratl...@humana.com Sent: Tuesday, January 27, 2015 10:53 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Are you sure this is possible? I think Client Push only installs the base revision (SP1, R2, etc), not any CUs. Long read ahead… https://social.technet.microsoft.com/Forums/en-US/9e2d45c4-dd36-47d9-853e-4f94fc12ccd0/best-practise-for-installing-patches-for-sccm-client-2012-both-x86-and-x64-osd-and-client-push Daniel Ratliff From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Mawdsley R. Sent: Tuesday, January 27, 2015 10:40 AM To: mssms@lists.myitforum.com Subject: [mssms] RE: Right-Click Client Install Assuming that when the update was installed, whoever done it told it do create the new packages, then: In Configuration Manager, navigate to Software LibraryPackagesConfiguration Manager Updates and find CU3 client package. Check its content status to ensure it has been distributed to the correct distribution points. If it is not there at all, then there lays the problem. Rich From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Bradley, Matt Sent: 27 January 2015 15:20 To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] RE: Right-Click Client Install We have a division of responsibilities here, so the upgrade was not done by myself. I do see a new package on the server now, located at: \\sccmserver\SMS_SITECODE\Clientfile://sccmserver/SMS_SITECODE/Client. From there when I look at the file properties on the ccmsetup.exe, it says it’s version 7958.1401, which I believe is CU3. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Mawdsley R. Sent: Tuesday, January 27, 2015 8:18 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] RE: Right-Click Client Install Have you distributed the new client packages? From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Bradley, Matt Sent: 27 January 2015 14:10 To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] Right-Click Client Install We’re on 2012R2 CU3, but it seems that when I right-click on a PC and push the client install, that it is installing the CU2 version. Is there something specific that has to be done after upgrading to CU3 to upgrade the right-click install? The information transmitted is intended only for the person or entity to which it is addressed and may contain CONFIDENTIAL material. If you receive this material/information in error, please contact the sender and delete or destroy the material/information.
[mssms] RE: Question about PowerShell App Deployment Toolkit
Yes they will run separately. The App Deploy Toolkit is a powershell wrapper around your installer. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike Sent: Wednesday, January 07, 2015 14:48 To: mssms@lists.myitforum.com Subject: [mssms] Question about PowerShell App Deployment Toolkit Probably a dumb question... Hypothetically, what would happen if I deployed more than one application to a computer using this tool - that is, each app would be by itself and deployed with the toolkit? Would they be seen as separate apps and run independently? Best Regards, Mike Murray Desktop Management Coordinator - IT Support Services California State University, Chico 530.898.4357 mmur...@csuchico.edumailto:mmur...@csuchico.edu
RE: [mssms] RE: [ConfigMgrMVPs] Blogpost: Is Intune going to re place Configuration Manager?
You can’t “in-place” an OS architecture switch. Since most Win7 installs are x86, that means many orgs will have to bare-metal just to switch to x64 Win10. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of rodtr...@myitforum.com Sent: Monday, December 29, 2014 15:56 To: SMS Subject: Re: [mssms] RE: [ConfigMgrMVPs] Blogpost: Is Intune going to re place Configuration Manager? People tend to forget that Windows 10 is actually still beta and not even close to being finished. From: Marable, Mikemailto:mmara...@med.umich.edu Sent: Monday, December 29, 2014 3:47 PM To: SMSmailto:mssms@lists.myitforum.com “Windows 10 will change OS and software deployment…” I’m sorry but I’d have to beg to differ. So far I have had little luck with using the in-place upgrade that Microsoft is pushing in the real world. To be honest I’m finding it just as problematic as it was in prior versions of Windows. We may be “old school” on this but when the time comes to migrate from Windows 7 to Windows 10, as it stands right now we’re going to do it the same way we went from XP to Windows 7; using wipe and load task sequences run from SCCM. I would love for all of this to just work and for us to be able to use it. But in healthcare change happens very slowly. Everything has to have a proven track record before we will let patient safety rely on it. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of rodtr...@myitforum.commailto:rodtr...@myitforum.com Sent: Monday, December 29, 2014 3:34 PM To: SMS Subject: Re: [mssms] RE: [ConfigMgrMVPs] Blogpost: Is Intune going to re place Configuration Manager? Or… just roll out the pieces Kim believes are missing. Intune is a full Azure service now which means any new feature can be rolled out anytime and can take advantage of Azure power. Windows 10 will change OS and software deployment, btw, so take those off the list. From: Ed Aldrichmailto:ed.aldr...@1e.com Sent: Monday, December 29, 2014 3:30 PM To: SMSmailto:mssms@lists.myitforum.com I’m betting that the Redmond crowd will be dissecting THAT post for some time trying to figure out how to respond to it in some fashion, somewhere!!! Wow! Ed Aldrich | Solutions Engineer 1E | Empowering Efficient IT Mobile: (401) 924-2293 ed.aldr...@1e.commailto:ed.aldr...@1e.com | www.1e.comhttp://www.1e.com/ [Description: Description: cid:image011.png@01CAD56A.EFDE3F90] Ent Cli Mgmt (2003-2014) Please consider the environment before printing this e-mail From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Kim Oppalfens Sent: Monday, December 29, 2014 2:40 PM To: 'mssms@lists.myitforum.com' Subject: [mssms] [ConfigMgrMVPs] Blogpost: Is Intune going to replace Configuration Manager? Hi All, I’ve expressed these views a couple of times already to colleague mvp’s and people interested in hearing my opinion. It tends to be fragmented in talks though, so I decided to put my thoughts into writing, and dedicate a blog post to it. So this is a shameless plug for that blogpost: http://bit.ly/1vn7hGu Now, discuss ☺ Met vriendelijke groet / Kind regards, Kim Oppalfens | Managing Consultant MVP| OSCC [OSCCD32aR00aP02ZL][cid:image002.png@01CDABBF.71D09250] • +32 16 60 91 43 È +32 475 86 98 35 • kim.oppalf...@oscc.bemailto:kim.oppalf...@oscc.be Legal Notice: This email is intended only for the person(s) to whom it is addressed. If you are not an intended recipient and have received this message in error, please notify the sender immediately by replying to this email or calling +44(0) 2083269015 (UK) or +1 866 592 4214 (USA). This email and any attachments may be privileged and/or confidential. The unauthorized use, disclosure, copying or printing of any information it contains is strictly prohibited. The opinions expressed in this email are those of the author and do not necessarily represent the views of 1E Ltd. Nothing in this email will operate to bind 1E to any order or other contract. ** Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues
RE: [mssms] RE: [ConfigMgrMVPs] Blogpost: Is Intune going to re place Configuration Manager?
I wish my clients had ☹ From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael Niehaus Sent: Tuesday, December 30, 2014 16:50 To: mssms@lists.myitforum.com Subject: RE: [mssms] RE: [ConfigMgrMVPs] Blogpost: Is Intune going to re place Configuration Manager? A majority did move to x64 with Windows 7. So they will have an in-place upgrade option. For those trying out the in-place upgrade with Windows 10 Preview builds, be sure you submit feedback on any issues you encounter so that we can continue to improve the process. If you just complain about it and don’t do anything, well, I’d call that whining ☺ Thanks, -Michael From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of christopher.catl...@us.sogeti.commailto:christopher.catl...@us.sogeti.com Sent: Tuesday, December 30, 2014 1:52 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: RE: [mssms] RE: [ConfigMgrMVPs] Blogpost: Is Intune going to re place Configuration Manager? You can’t “in-place” an OS architecture switch. Since most Win7 installs are x86, that means many orgs will have to bare-metal just to switch to x64 Win10. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of rodtr...@myitforum.commailto:rodtr...@myitforum.com Sent: Monday, December 29, 2014 15:56 To: SMS Subject: Re: [mssms] RE: [ConfigMgrMVPs] Blogpost: Is Intune going to re place Configuration Manager? People tend to forget that Windows 10 is actually still beta and not even close to being finished. From: Marable, Mikemailto:mmara...@med.umich.edu Sent: Monday, December 29, 2014 3:47 PM To: SMSmailto:mssms@lists.myitforum.com “Windows 10 will change OS and software deployment…” I’m sorry but I’d have to beg to differ. So far I have had little luck with using the in-place upgrade that Microsoft is pushing in the real world. To be honest I’m finding it just as problematic as it was in prior versions of Windows. We may be “old school” on this but when the time comes to migrate from Windows 7 to Windows 10, as it stands right now we’re going to do it the same way we went from XP to Windows 7; using wipe and load task sequences run from SCCM. I would love for all of this to just work and for us to be able to use it. But in healthcare change happens very slowly. Everything has to have a proven track record before we will let patient safety rely on it. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of rodtr...@myitforum.commailto:rodtr...@myitforum.com Sent: Monday, December 29, 2014 3:34 PM To: SMS Subject: Re: [mssms] RE: [ConfigMgrMVPs] Blogpost: Is Intune going to re place Configuration Manager? Or… just roll out the pieces Kim believes are missing. Intune is a full Azure service now which means any new feature can be rolled out anytime and can take advantage of Azure power. Windows 10 will change OS and software deployment, btw, so take those off the list. From: Ed Aldrichmailto:ed.aldr...@1e.com Sent: Monday, December 29, 2014 3:30 PM To: SMSmailto:mssms@lists.myitforum.com I’m betting that the Redmond crowd will be dissecting THAT post for some time trying to figure out how to respond to it in some fashion, somewhere!!! Wow! Ed Aldrich | Solutions Engineer 1E | Empowering Efficient IT Mobile: (401) 924-2293 ed.aldr...@1e.commailto:ed.aldr...@1e.com | www.1e.comhttp://www.1e.com/ [Description: Description: cid:image011.png@01CAD56A.EFDE3F90] Ent Cli Mgmt (2003-2014) Please consider the environment before printing this e-mail From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Kim Oppalfens Sent: Monday, December 29, 2014 2:40 PM To: 'mssms@lists.myitforum.com' Subject: [mssms] [ConfigMgrMVPs] Blogpost: Is Intune going to replace Configuration Manager? Hi All, I’ve expressed these views a couple of times already to colleague mvp’s and people interested in hearing my opinion. It tends to be fragmented in talks though, so I decided to put my thoughts into writing, and dedicate a blog post to it. So this is a shameless plug for that blogpost: http://bit.ly/1vn7hGu Now, discuss ☺ Met vriendelijke groet / Kind regards, Kim Oppalfens | Managing Consultant MVP| OSCC [OSCCD32aR00aP02ZL][cid:image002.png@01CDABBF.71D09250] • +32 16 60 91 43 È +32 475 86 98 35 • kim.oppalf...@oscc.bemailto:kim.oppalf...@oscc.be Legal Notice: This email is intended only for the person(s) to whom it is addressed. If you are not an intended recipient and have received this message in error, please notify the sender immediately by replying to this email or calling +44(0) 2083269015 (UK) or +1 866 592 4214 (USA). This
RE: [mssms] SCCM Console getteing Creashed while deleting the SCCM 2007 R3 collections
You might need to use wmi to remove that collection http://msdn.microsoft.com/en-us/library/cc143328.aspx From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Eswar Koneti Sent: Tuesday, December 30, 2014 22:07 To: mssms@lists.myitforum.com Subject: RE: [mssms] SCCM Console getteing Creashed while deleting the SCCM 2007 R3 collections deleting collection from DB is not supported way .is this happening all the time while deleting other collections or just to one ? Regards Eswar Koneti www.eskonr.comhttp://www.eskonr.com From: ranvirsingh...@gmail.commailto:ranvirsingh...@gmail.com Date: Tue, 30 Dec 2014 11:32:04 +0100 Subject: Re: [mssms] SCCM Console getteing Creashed while deleting the SCCM 2007 R3 collections To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Hi Eswar, Collection query (WQL) is the correct query.. I given a try with multiple collection sytax with WQL query, some are empty collections... not working... If i want to delete im deleting from the database On Mon, Dec 29, 2014 at 3:26 PM, Eswar Koneti eswarkon...@outlook.commailto:eswarkon...@outlook.com wrote: Why does your wql(collection query) has count? It willl not give you the count of pcs in collection instead reports. Correct the collection with right syntax? Did you verify the collection syntax? Regards, Eswar Koneti www.eskonr.comhttp://www.eskonr.com Sent from Mobile Device, excuse any typo's as a result. --- Original Message --- From: Ranvir singh ranvirsingh...@gmail.commailto:ranvirsingh...@gmail.com Sent: December 29, 2014 10:19 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] SCCM Console getteing Creashed while deleting the SCCM 2007 R3 collections Hi Team, Im getting the below error while deleting the collection from SCCM 2007 R3 An error occured in ConfigMgr. The ConfigMgr console will continue to function, however you should save your work and restart the console. After restarting the console, verify that your last configurations have been applied. System.ArgumentException: An error message must be supplied. Parameter name: message at Microsoft.ConfigurationManagement.AdminConsole.SmsErrorDialog..ctor(String details, String message, String caption, Icon icon) at Microsoft.ConfigurationManagement.AdminConsole.SmsErrorDialog..ctor(Exception ex, String message, String caption) at Microsoft.ConfigurationManagement.AdminConsole.DeleteCollectionWizard.DeleteCollectionWizardForm.PostApply(BackgroundWorker worker, DoWorkEventArgs e) at Microsoft.ConfigurationManagement.AdminConsole.SmsWizardForm.OnFinish() at System.Windows.Forms.Control.OnClick(EventArgs e) at System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent) at System.Windows.Forms.Control.WmMouseUp(Message m, MouseButtons button, Int32 clicks) at System.Windows.Forms.Control.WndProc(Message m) at System.Windows.Forms.ButtonBase.WndProc(Message m) at System.Windows.Forms.Button.WndProc(Message m) at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message m) at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam) Admin UI .log [3][12/29/2014 2:00:45 PM] :Help topic not found in 'HelpTopicLinks.xml' for topic ID: '7e96e251-ed74-4905-87c0-77d082a5fa4d' [3][12/29/2014 2:01:00 PM] :Help topic not found in 'HelpTopicLinks.xml' for topic ID: '7e96e251-ed74-4905-87c0-77d082a5fa4d' [17][12/29/2014 2:36:45 PM] :System.Management.ManagementException\r\nGeneric failure \r\n at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext() at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlQueryResultsObject.GetEnumeratord__0.MoveNext()\r\nManagementException details: instance of __ExtendedStatus { Description = [42000][156][Microsoft][ODBC SQL Server Driver][SQL Server]Incorrect syntax near the keyword 'AS'.; Operation = ExecQuery; ParameterInfo = SELECT COUNT(*) FROM SMS_CM_RES_COLL_XXXcollID; ProviderName = WinMgmt; StatusCode = 2147749889; }; \r\n Any idea please
RE: [mssms] Re: [ms sms] Move ConfigMgr 2012 physical to cloud
Possible yes, recommended no. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of rajkumar.bhoopa...@hotmail.com Sent: Friday, December 19, 2014 20:33 To: mssms@lists.myitforum.com Subject: [mssms] Re: [ms sms] Move ConfigMgr 2012 physical to cloud Thanks much Chris. Just a question here. Is it possible for P2V migration. Sent from BlackBerry® on Airtel From: christopher.catl...@us.sogeti.commailto:christopher.catl...@us.sogeti.com Sender: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com Date: Fri, 19 Dec 2014 20:35:41 + To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com ReplyTo: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: Re: [mssms] Move ConfigMgr 2012 physical to cloud Same scenario as if you were upgrading the OS on the same machine. The new “VM” must have the same hostname and disk layout. you need to do a site restore on the new machine, from a backup taken on the physical box. From TechNet: Install System Center 2012 Configuration Manager with the service pack level that you want and perform a site recovery. This scenario requires you to have a site backup that was created by using the Backup Site Server maintenance task on the original Configuration Manager site, and that you use the same installation settings for the new System Center 2012 Configuration Manager site. Sent from Windows Mail From: rajkumar.bhoopa...@hotmail.commailto:rajkumar.bhoopa...@hotmail.com Sent: Friday, December 19, 2014 5:16 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Community, We got a request from our client and they are in the process of moving the physical servers to cloud. We already have our Configmgr 2012 running as a standalone primary in a physical server. I'm sure our community has experience on this scenario. But I'm kind of new bee to this scenario. It would be of great help if anyone can instruct me with requirement that has to be taken into consideration for this scenario (Pros and Cons) and steps to perform, data gathering before proceed with this migration. This is our in house cloud platform not external providers. Thanks in advance Sent from BlackBerry® on Airtel
Re: [mssms] Move ConfigMgr 2012 physical to cloud
Same scenario as if you were upgrading the OS on the same machine. The new “VM” must have the same hostname and disk layout. you need to do a site restore on the new machine, from a backup taken on the physical box. From TechNet: Install System Center 2012 Configuration Manager with the service pack level that you want and perform a site recovery. This scenario requires you to have a site backup that was created by using the Backup Site Server maintenance task on the original Configuration Manager site, and that you use the same installation settings for the new System Center 2012 Configuration Manager site. Sent from Windows Mail From: rajkumar.bhoopa...@hotmail.commailto:rajkumar.bhoopa...@hotmail.com Sent: Friday, December 19, 2014 5:16 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Community, We got a request from our client and they are in the process of moving the physical servers to cloud. We already have our Configmgr 2012 running as a standalone primary in a physical server. I'm sure our community has experience on this scenario. But I'm kind of new bee to this scenario. It would be of great help if anyone can instruct me with requirement that has to be taken into consideration for this scenario (Pros and Cons) and steps to perform, data gathering before proceed with this migration. This is our in house cloud platform not external providers. Thanks in advance Sent from BlackBerry® on Airtel
Re: [mssms] HELP!
“psexec -s -i cmd” is for you as an admin to run, this gives you a elevated cmd prompt running as system (the same context as scripts run when executed through configmgr.) If your script doesnt work when running it manually in that fashion, it will never work when pushed through configmgr. Sent from Windows Mail From: Aday, Karalene B (RCIS)mailto:karalene.a...@rcis.com Sent: Friday, December 19, 2014 10:01 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com I did and it does not run. I get an access denied. I should explain our environment: Windows 7 x64 and our user’s do not have administrator rights on the workstations. I am at a loss and have tried everything that has been suggested. I am thinking it’s just not possible to do this. Does anyone have any new ideas or another tool or suggestion on how to do disk clean up for workstations that are running very low on the C drive? What I would like to do is have a query run that looks for workstations with X amount free on the C drive. Then create a collection that kicks off an advertisement that will run a program to do cleanup like Cleanmgr.exe does. Any thought or ideas on how to accomplish this would be very appreciated. And thank you for all the suggestions so far!!! From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Jeff Poling Sent: Friday, December 19, 2014 8:18 AM To: mssms@lists.myitforum.com Subject: RE: [mssms] HELP! Did you try using psexec -s -i? Using that will simulate running in the system context as it would using the configmgr client. Jeff Sent from my Windows Phone From: Aday, Karalene B (RCIS)mailto:karalene.a...@rcis.com Sent: 12/19/2014 8:04 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: RE: [mssms] HELP! I did prime the registry and have that part all taken care of. If I run the command and or program manually from the workstation works like a dream. The problem is it does not when deploying through SCCM. I know it has to do with the user context it is running it under. What I do not know is how to fix this. I have tried everything that I can find online and nothing works. Again the problem is when it is ran through SCCM. I have tried running it as the user and that does not work, as the administrator and that does not work. I am at a loss, maybe it’s not possible to run it from sccm? From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Dan Thomson Sent: Friday, December 19, 2014 7:31 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: RE: [mssms] HELP! Sherry is correct. You have to make sure the registry is primed with your settings before this will work. I wrote a brief article on this February 2005. There really isn’t much description there regarding how I did it, but attached to the article is a zip file that contains my SMS Installer script. You can open that, preferably with SMS Installer and see the registry entries I set prior to running cleanmgr. Also, if you use this Google query, you’l find a number of folks who have shared how to get this done. https://www.google.com/?gws_rd=ssl#q=cleanmgr+sccm here are two from the search results that should also help http://t3chn1ck.wordpress.com/2009/04/09/scripting-diskcleanupdefrag/ http://gregramsey.net/2014/05/14/automating-the-disk-cleanup-utility/ From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Sherry Kissinger Sent: Thursday, December 18, 2014 5:03 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: Re: [mssms] HELP! https://social.technet.microsoft.com/forums/systemcenter/en-US/a91f10bb-da8b-4b34-bb63-aad935d3e07e/hard-disk-space-issue , because way-back-when I recall having to do a sageset sagerun type of thing. I worked around the goofiness that was required with the sageset by figuring out the regkeys to set that corresponded to what I wanted, then the sagerun would know what to do. That was in the way way back machine... SMS 2003. so...first of all, I barely recalled I had used sagerun/sageset. So don't ask me for how I did it! That was a decade ago or something! On Thursday, December 18, 2014 3:54 PM, Aday, Karalene B (RCIS) karalene.a...@rcis.commailto:karalene.a...@rcis.com wrote: So is that telling me it won’t run under the system account? Then how do I make it run? Yikes this should be a simple thing and it is not. Do I dare so I really dislike Microsoft right now? :P From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Aday, Karalene B (RCIS) Sent: Thursday, December 18, 2014 3:42 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: RE:
Re: [mssms] SCCM Professional Services Vendors
Shameless plug, Sogeti does that type of service. Sent from Windows Mail From: Jarvis Davismailto:jarvis.da...@s3.cdw.com Sent: Friday, December 5, 2014 3:14 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com I haven’t been active on this list in a while, but had a coworker tell me about this thread this morning. Jeff Krueger – I’m really sorry that you had a bad experience with CDW. Reach out to me offline and I’ll do everything I can to make things right. Jimmy Martin – thank you for the kind words. Glad you were happy with our work. Jarvis Davis Technical Architect – Endpoint Optimization Mobility | CDW Jarvis.Davis @ CDW.com From: joseph.hea...@wildlife.ca.govmailto:joseph.hea...@wildlife.ca.gov To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: RE: [mssms] SCCM Professional Services Vendors Date: Fri, 5 Dec 2014 15:29:30 + Consultants are going to be dependent on your location. This list can provide some general advice, but I’d go with what someone else suggested, talk to your TAM, or find others in your area that have used consultant services for this purpose. On the other hand, it doesn’t seem like your setup is going to be that complex. Training may be a better spend for you, unless you just don’t have any bandwidth at all for the project. Learning new technologies is what we’re all about in our chosen field, right? From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Krueger, Jeff Sent: Friday, December 05, 2014 5:39 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: RE: [mssms] SCCM Professional Services Vendors We had brought CDW in to help with our migration, can’t say I would recommend them. It may be dependent on who the actual consultant you work with is. But the guy we got was not good, it’s clear he didn’t really understand much about the application model in 2012. When we were discussing our requirements for migrating our software packages into applications he basically said that no one was using applications, which was a major red flag. The same consultant has done some work with another organization we know people in and, they have had problems with OSD for example ,based on specific things he had them doing in their TSs. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Jimmy Martin Sent: Friday, December 5, 2014 7:02 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: RE: [mssms] SCCM Professional Services Vendors Cdw helped with ours and was great Sent from my Windows Phone Jimmy Martin (901) 227-8209 From: Newingham, Lance Sent: 12/4/2014 16:28 To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] SCCM Professional Services Vendors Hey All, Does anyone have experience/recommendations with any Professional Services Vendors for SCCM? My company is looking at building a 1cas, 3 primary, 50dp+ architecture and then migrate data from one SCCM instance to this new instance. Thanks Lance This message and any files transmitted with it may contain legally privileged, confidential, or proprietary information. If you are not the intended recipient of this message, you are not permitted to use, copy, or forward it, in whole or in part without the express consent of the sender. Please notify the sender of the error by reply email, disregard the foregoing messages, and delete it immediately. P Please consider the environment before printing this email... CONFIDENTIALITY NOTICE: This email contains information from the sender that may be CONFIDENTIAL, LEGALLY PRIVILEGED, PROPRIETARY or otherwise protected from disclosure. This email is intended for use only by the person or entity to whom it is addressed. If you are not the intended recipient, any use, disclosure, copying, distribution, printing, or any action taken in reliance on the contents of this email, is strictly prohibited. If you received this email in error, please contact the sending party by reply email, delete the email from your computer system and shred any paper copies. Note to Patients: There are a number of risks you should consider before using e-mail to communicate with us. See our Privacy Security page on www.henryford.comhttp://www.henryford.com for more detailed information as well as information concerning MyChart, our new patient portal. If you do not believe that our policy gives you the privacy and security protection you need, do not send e-mail or Internet communications to us.
Re: [mssms] Matching Processor Architecture Boot Image Not Found
If you do set your default boot image to x64, when a x86 TS runs it will stage the proper bitness of PE. One thing to keep in mind, if you are encrypting the drives. PE needs enough disk space free on a non-encrypted volume to stage itself. If your using BitLocker the default “BDEDrive” partition is more than large enough, but if you have modified that size you may not. Plan on having at least 350mb free in that partiton. (My current client is setting the drive to 1gb in size.) If you are using third-party encryption, odds are you will have issues. Sent from Windows Mail From: Niall Bradymailto:any...@gmail.com Sent: Wednesday, November 19, 2014 1:29 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com I wouldn't deploy OSD to All Systems instead, create one or more OSD collections that you can deploy task sequences too, those collections can be limited to whatever you want, even All Systems, however their membership should be finely tuned, for example you could create a 'standard' OSD collection, where you deploy your X86 specific stuff, and create another collection for X64 only, and deploy task sequences to both collections but using different boot wims attached to those task sequences, to do this for unknown computers you create another two collections with direct membership like those shown below On Wed, Nov 19, 2014 at 7:03 PM, Bradley, Matt mbrad...@quiktrip.commailto:mbrad...@quiktrip.com wrote: Even though I’ve checked the x86 and x64 PXE availability checkbox 10 times each, even with Microsoft watching, I’m looking again, and it’s not checked. So I check it, and it shows back up in SMSImages and now we’re back to PXE working again. BUT, it’s still sending the x86 version every time it PXE boots. It’s not even sending the newest 6.3 version of that, but instead the old 6.2. The Lenovo Thinkpad doesn’t like this of course, because it’s a UEFI device, and I get the winload.efi error again. Being that my All Unknown Systems collection is, for the time being, going to have a mixture of x86 and x64 devices, I’m not sure how I can correct this. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of Niall Brady Sent: Wednesday, November 19, 2014 10:45 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: Re: [mssms] Matching Processor Architecture Boot Image Not Found the error above is because you are tryiung to boot x64 uefi hardware but configuration manager is responding with an x86n boot wim, most likely because the last task sequence deployed to your OSD collection contains an x86 boot wim, think of LIFO, last in, first out, so if you last deployed a task sequence with an x86 boot wim, it'll be the first to reply, and it will produce that error to fix, either add your 64 uefi hardware to their own collection that HAS an x64 boot wim based task sequence deployed to it or deploy your x64 boot wim task sequence AFTER the x86 one, the end result of the latter is your other machines will pull the x64 boot wim down and then stage the x86, On Wed, Nov 19, 2014 at 5:33 PM, Bradley, Matt mbrad...@quiktrip.commailto:mbrad...@quiktrip.com wrote: Has anyone seen that show up in the SMSPXE log before? I’m in a situation where I can’t PXE boot. Even though both the x86 and the x64 boot images are checked off for PXE deployment, I still get a failure. Even more strange, I can create a bootable USB drive and it is boots the task sequence selection just fine. This actually all started because I was getting a winload.efi error, perfectly screenshot by Niall here: http://www.windows-noob.com/forums/index.php?/topic/11135-why-do-i-get-a-winloadefi-status-0xc359-error-when-using-uefi-network-boot-in-system-center-2012-r2-configuration-manager The only difference is I indeed had both x86 and x64 checked off. As a test, I unchecked the x86, tried to PXE, it failed due to the requirement both x86 and x64 be available, and then rechecked the x86 image availability again, and then now I’m getting this. I’m tired updating the distribution points on both images, but I’m still stuck with nothing to boot. Any ideas?
Re: [mssms] List of All SCEP Scans for a Given Machine
I’m pretty sure that info is in the status messages. I’ll see if i can find anything. Sent from Windows Mail From: Marcum, Johnmailto:jmar...@babc.com Sent: Monday, November 17, 2014 2:41 PM To: mssms@lists.myitforum.commailto:mssms@lists.myITforum.com Does anyone have a report (or know where in the database I can find) a list of all scans within the past xx days and the results of the scan for a given computer? John Marcum MCITP, MCTS, MCSA Desktop Architect Bradley Arant Boult Cummings LLP [H_Logo] Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e-mail and then delete it from your computer.
Re: [mssms] Bitlocker WInPE (Refresh Scenario)
if your bitlocker, you can use hardlinking and you never have to move the data. Sent from Windows Mail From: Niall Bradymailto:any...@gmail.com Sent: Friday, November 14, 2014 11:53 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com yup, right here, however in this task sequece i migrate the data (offline), everything below is for Configuration Manager 2007, if you want 2012 stuff let me know ntroducing the BitLocker FrontEnd HTA Multipurpose HTA with BitLocker Support for all three common scenarioshttp://www.windows-noob.com/forums/index.php?/topic/4811-introducing-the-bitlocker-frontend-hta, backup, reinstall, new computer and some related stuff below How can I determine if theres a TPM chip on my Dell system for BitLocker ? Using the following scripthttp://myitforum.com/cs2/blogs/nbrady/archive/2011/08/08/how-can-i-determine-if-there-s-a-tpm-chip-on-my-dell-system-needed-for-bitlocker.aspx [Aug 2011] Is the TPM Chip Enabled or Disabled in the Bios on my system ? Use this WMI queryhttp://myitforum.com/cs2/blogs/nbrady/archive/2011/08/08/is-the-tpm-chip-enabled-or-disabled-in-the-bios-on-my-dell-system.aspx to find out [Aug 2011] How can I determine if the drive is Encrypted (Protected) or not during a BitLocker task sequence in WinPE ? Using the GetProtectionStatus Methodhttp://www.windows-noob.com/forums/index.php?/topic/4095-how-can-i-determine-if-the-drive-is-encrypted-protected-or-not-during-a-bitlocker-task-sequence-in-winpe/ [Aug 2011]? How can I determine if there's a TPM chip on my Lenovo system for BitLocker ? Easy when you know howhttp://www.windows-noob.com/forums/index.php?/topic/4151-how-can-i-determine-if-theres-a-tpm-chip-on-my-lenovo-system-for-bitlocker/ [Sep 2011] How can I retrieve my BitLocker Recovery Key from MBAM in WinPE Connecting to MBAM from WinPEhttp://www.windows-noob.com/forums/index.php?/topic/4173-how-can-i-retrieve-my-bitlocker-recovery-key-from-mbam-in-windows-pe/ [Sep 2011] On Fri, Nov 14, 2014 at 4:51 PM, David van Beek da...@beekware.nlmailto:da...@beekware.nl wrote: Dear All, Currently we have laptop clients with bitlocker enabled on all partitions and deployment goes, still by SCCM 2007, with PXE-boot. Clients are added to a collection and by using F12 the will be deployed. Laptop clients currently have 3 partitions, 1xBDE, 1,OS (C: ) and 1x D: (data). We would like to have 2 scenarios, new systems refresh. A boot menu (HTA) we already have in place to set a variable refresh (True/False) which we would like to use in our Task Sequence. The refresh is only intend to refresh the OS (C: ) partition with Windows version. Bitlocker recovery keys are stored in Active Directory. User data capture/restore isn’t needed because its stored on the network or on the D: drive. With another customer which is used McAfee Encryption we simply used to media hook (within bootimag) to check if the drive was encrypted or not and deleted the OS partition, recreate it and apply OS by using the task sequence. After the deployment McAfee automatically decrypts D: and encrypted it again. Working nicely.. Keep partition D: and refresh everything else? Already found this blog http://windowsmasher.wordpress.com/2012/04/08/sccm-task-sequence-disable-bitlocker-in-winpe/ think it could be a option to try. Is there any way to achieve this with bitlocker as well? Thank you in advance! Within kind regards, David
Re: [mssms] RE: CM 2012 Roles for DMZ Client Management
Cough, DirectAccess Cough….. Way less infrastructure to setup, and then you have no client manageability differences. Sent from Windows Mail From: Edward Woomailto:e...@mdacorporation.com Sent: Friday, November 7, 2014 3:13 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Thanks for the pointers Jeff! Edward From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Krueger, Jeff Sent: Friday, November 07, 2014 11:53 AM To: mssms@lists.myitforum.com Subject: [mssms] RE: CM 2012 Roles for DMZ Client Management The server must be joined to a domain, though it doesn’t necessarily have to be the same domain as your primary. Of course it still has to be able to communicate with the primary and will need the relevant accounts setup and ports opened between the two. You can set up this site system server to accept only clients from the internet, or do both internet and intranet. Remember each MP can handle 25,000 clients, so I don’t see the 10 MP limit as a problem and would locate any additional MPs (besides the one dedicated to IBCM) in your data center with the Primary server. If you have slow WAN links for remote offices you can setup a Secondary Site for though that really depends on client count as they don’t send much data, otherwise just have a local DP for content. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Edward Woo Sent: Friday, November 7, 2014 2:15 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] RE: CM 2012 Roles for DMZ Client Management Hi Jeff, Given that a primary site is limited to 10 MPs, would it be sufficient to run one site system with MP, DP and SUP roles on it to handle remote sites? Is it possible to run the site system on a workgroup server or does that server have to be a member of the domain? (Trying to see if I can somehow the crossover from DMZ into our internal network.) Thanks, Edward From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Krueger, Jeff Sent: Friday, November 07, 2014 5:38 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] RE: CM 2012 Roles for DMZ Client Management Secondary sites do not support Internet Based Client Management. I would setup a site system located off your primary with the MP,DP and SUP roles on that. Configure that one for certificates and publish an Internet FQDN that is tied to a VIP pointing at that site system. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Edward Woo Sent: Thursday, November 6, 2014 5:57 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] CM 2012 Roles for DMZ Client Management Hi All, I tried going through my archive of e-mails regarding SCCM 2012 roles used to manage DMZ (Workgroup/external facing) systems, but I couldn’t find all the answers I wanted and was hoping people here could help clear things up for me the best ways to achieve my goals. The DMZ systems we want to manage with SCCM are workgroup systems that have some level of external facing access. We’re primarily interested in the HW/SW inventory scans and software updates and application deployment of these systems. We have DMZ systems located at some of our offices so they’re not located at one site and the number of systems can vary in number from 1 to 20 at the different locations. Initially my plan was to configure the internal domain based systems to use HTTP for communications and DMZ systems will require HTTPS communications and eventually migrate the internal systems to HTTPS as well. Deployment of an internal PKI is not going to be an issue for us. I do want to keep our internal clients communicating with a different MP than the DMZ based systems as a means of separation. It was also my understanding that client communications with MPs weren’t really location aware, except when deployed using primary/secondary sites, though one of the most recent SCCM updates supposedly addresses that issue with a registry fix. Would it make sense to deploy a single secondary site just to handle all DMZ communications from all sites or would one deploy a secondary site for DMZ clients at each of the location? Or would it be better to just deploy an MP, DP, and SUP just to manage the DMZ systems and apply the update that addresses location awareness? Is there any additional protections that I could put in place to further isolate our DMZ systems from reaching the internal network? 1. I believe you can restrict primary site communications so that it is only initiated by the primary site server down to the child sites, but does that include primary to secondary site communications? 2. Can either the
[mssms] Anyone updating firmware on Surface Pro 3's in the field (through ConfigMgr)
Referencing this article: http://blogs.technet.com/b/deploymentguys/archive/2013/05/16/deploying-drivers-and-firmware-to-surface-pro.aspx I have yet to get it to update the firmware on a device, though other drivers are updated without issue. Even running the script manually doesn't update the firmware. I see no errors when running the script. I will be dumping the driver store to a log file and parsing to see if the drivers are being injected at all. Anyone know what setting/bit gets flipped to trigger the UEFI process to apply the new firmware on next boot? Manually selecting the device nodes in device manager and updating the driver does stage the new firmware, and it successfully applies on next boot.
[mssms] Anyone updating firmware on Surface Pro 3's in the field (through ConfigMgr)
Referencing this article: http://blogs.technet.com/b/deploymentguys/archive/2013/05/16/deploying-drivers-and-firmware-to-surface-pro.aspx I have yet to get it to update the firmware on a device, though other drivers are updated without issue. Even running the script manually doesn't update the firmware. I see no errors when running the script. I will be dumping the driver store to a log file and parsing to see if the drivers are being injected at all. Anyone know what setting/bit gets flipped to trigger the UEFI process to apply the new firmware on next boot? Manually selecting the device nodes in device manager and updating the driver does stage the new firmware, and it successfully applies on next boot.
[mssms] RE: MBAM and computers without TMP's
Sorry for just responding to this, it got lost in my inbox. Yes you can use MBAM to encrypt without a TPM. So long as you are doing this to existing machines, its not hard to setup at all. Just get the gpo settings in place to tell it where the mbam server is, and what encryption settings you want. I advise setting the new grace period setting to 0 (new to MBAM 2.5) to force the users to encrypt. Then just deploy the mbam client to your machines. It will install and the next time it checks in, (you can force this by setting a registry key) http://technet.microsoft.com/en-us/library/jj571532.aspx It will prompt the user to encrypt, and ensure they have a removable drive inserted. The recovery keys will be backed up in the database. I am not sure the exact steps required to replace a lost usb drive, although I believe it's just copying the key package that MBAM generates when you access the recovery key over to a new usb drive. Be careful if you are using Bitlocker-to-Go, as if the usb drive with the startup key gets encrypted you won't be able to boot. I will ask, how old is the hardware that you are working with? Or are these consumer machines? Let me know if you have any further questions. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Johns, Damon (DoJ) Sent: Wednesday, October 08, 2014 16:41 To: mssms@lists.myitforum.com Subject: [mssms] RE: MBAM and computers without TMP's Hi Guys, hope you can answer this one quickly. Can you store Bitlocker keys in MBAM when using Bitlocker on computers without TPM's? You can still enable it (which I have done via GP on one of these PC's without any MBAM) and you are prompted to store the key on an external key drive. Everything works as expected in that you need to present that key upon start up for the computer to boot. Just looking to securely store these startup boot keys and the bitlocker recovery keys in MBAM and perhaps automate the Bitlocker encryption process using MBAM - possible? Has anyone done this particular type of implementation? Cheers Damon CONFIDENTIALITY NOTICE AND DISCLAIMER The information in this transmission may be confidential and/or protected by legal professional privilege, and is intended only for the person or persons to whom it is addressed. If you are not such a person, you are warned that any disclosure, copying or dissemination of the information is unauthorised. If you have received the transmission in error, please immediately contact this office by telephone, fax or email, to inform us of the error and to enable arrangements to be made for the destruction of the transmission, or its return at our cost. No liability is accepted for any unauthorised use of the information contained in this transmission.
[mssms] RE: USB3.0 Boot Media?
Do you only see this on machine that have USB 3.0 and you plugged it into a legacy port? From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Kent, Mark Sent: Friday, September 05, 2014 09:13 To: mssms@lists.myitforum.com Subject: [mssms] RE: USB3.0 Boot Media? Yes, we have. And our only solution is the one you already mentioned. Mark Kent (MCP) Sr. Desktop Systems Engineer Computing Technology Services - SUNY Buffalo State From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Dave West Sent: Friday, September 5, 2014 5:46 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com; mdt...@lists.myitforum.commailto:mdt...@lists.myitforum.com Subject: [mssms] USB3.0 Boot Media? Has anyone come across the issue when using a USB 3.0 device as boot media and the following error is displayed when connecting to a USB 2.0 port: Unable to read task sequence configuration disk. For more information, please contact your system administrator or helpdesk operator. If we connect to a USB 3.0 port the boot media works fine. We have had a similar issue in the past when connecting to a USB 3.0 port, and to resolve that issue we injected the USB 3.0 drivers into the WinPE boot image, and this is why it works using a USB 3.0 port, but not using a USB 2.0 port. Has anyone else had this issue and can you offer any advice, other than use USB 2.0 stick? Dave West Senior Operations Analyst Room 301 Babbage Building | Plymouth University | Drake Circus | Plymouth | PL4 8AA | UK Tel: 01752 587247tel://+44752587247/ | Email: dave.w...@plymouth.ac.ukmailto:dave.w...@plymouth.ac.uk [http://www.plymouth.ac.uk/images/email_footer.gif]http://www.plymouth.ac.uk/worldclass This email and any files with it are confidential and intended solely for the use of the recipient to whom it is addressed. If you are not the intended recipient then copying, distribution or other use of the information contained is strictly prohibited and you should not rely on it. If you have received this email in error please let the sender know immediately and delete it from your system(s). Internet emails are not necessarily secure. While we take every care, Plymouth University accepts no responsibility for viruses and it is your responsibility to scan emails and their attachments. Plymouth University does not accept responsibility for any changes made after it was sent. Nothing in this email or its attachments constitutes an order for goods or services unless accompanied by an official order form.
Re: [mssms] HP ProDesk 600 G1 Desktop Mini
What OS are you imaging? How large is the hard drive? ConfigMgr (what ver?) or MDT LiteTouch? Sent from Windows Mail From: James Averymailto:ja...@jamescavery.com Sent: Thursday, September 04, 2014 11:48 To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Has anyone imaged these before? And seen this error? I keep receiving an error after imaging, “GPT-formatted disk legacy boot not supported” on reboot. I found where HP has a doc stating the following: Issue The following error message is displayed when attempting to install Windows on a computer and the EFI Boot Sources setting is enabled in the BIOS: Windows cannot be installed to this disk. The Selected disk has an MBR Partition table. On EFI systems, Windows can only be installed to GPT. Solution The resolution to this issue depends on the the hard disk volume size: Follow these steps if the hard disk volume size is less than 2.19 TB: Temporarily disable the EFI Boot Sources setting in the BIOS: Restart the computer, and then press F10 to enter the BIOS. Navigate to Storage Boot Order, and then disable the EFI Boot Sources. Select File Save Changes Exit. Install the Windows operating system. Enable the EFI Boot Sources setting in the BIOS: Restart the computer, and then press F10 to enter the BIOS. Navigate to Storage Boot Order, and then enable the EFI Boot Sources. Select File Save Changes Exit. Follow these steps if the hard disk volume size is greater than 2.19 TB: Install the HP BIOS Update UEFI utility from the HP Web site: Click here to access the document HP BIOS Update UEFI . NOTE: The HP BIOS Update UEFI utility is installed by default on some HP computers. Follow the steps in the Microsoft document titled How to Configure UEFI/GPT-Based Hard Drive Partitions (in English) to create a GPT partition. Click here to access the document How to Configure UEFI/GPT-Based Hard Drive Partitions Non-HP site .
RE: [mssms] UEFI network boot extremely slow on Surface Pro 3 with Microsoft USB nic.
Also, we settled on the StarTech USB NIC’s at my current client. They seem to be universally compatible with everything we’ve tested. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Niall Brady Sent: Tuesday, September 2, 2014 9:59 AM To: mssms@lists.myitforum.com Subject: Re: [mssms] UEFI network boot extremely slow on Surface Pro 3 with Microsoft USB nic. Its server 2012r2 i believe, ill double check Sent from my phone, please excuse any typo's as a result. On 02 Sep 2014, at 15:33, christopher.catl...@us.sogeti.commailto:christopher.catl...@us.sogeti.com wrote: Also, your PXE server wouldn’t happen to be 2008r2, would it? UEFI booting is wonky with 2008r2, Stand up a 2012(r2) box as a PXE server and give that a go. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Niall Brady Sent: Tuesday, September 2, 2014 9:34 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: Re: [mssms] UEFI network boot extremely slow on Surface Pro 3 with Microsoft USB nic. Wont that impact all devices that uefi/pxe boot on that dp ? This is the only device that is slow, 3 hours to download boot.wim over uefi Sent from my phone, please excuse any typo's as a result. On 02 Sep 2014, at 15:11, Justin Chalfant justin.chalf...@microsoft.commailto:justin.chalf...@microsoft.com wrote: In my experience, Surface Pro’s take longer than PC’s with built in NIC’s. Try this Created registry key RamDiskTFTPBlockSize under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\DP with Hex value as 1456 should help a little. Thanks, Justin Chalfant Premier Field Engineer – Configuration Manager Public Sector Microsoft Services Tel : (303) 846-2701 Email: justin.chalf...@microsoft.commailto:justin.chalf...@microsoft.com If you have any feedback about my work, please let either myself or my manager Ron Hill know at ron.h...@microsoft.commailto:ron.h...@microsoft.com From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Niall Brady Sent: Tuesday, September 2, 2014 3:37 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] UEFI network boot extremely slow on Surface Pro 3 with Microsoft USB nic. hi, i'm testing a surface 3 with uefi network boot (cm12 r2 CU2) and the download of the boot wim is extremely slow, like painfully slow, the usb nic is a microsoft nic which i got with my original surface and i'm using that because it seems the usb3 lenovo nics wont work with the Surface3 for UEFI network boot. so, is this supported or a known issue ? also is it a requirement to use Microsoft branded usb nics with the surface brand for UEFI network boot ? anyone know ? cheers niall.
RE: [mssms] UEFI network boot extremely slow on Surface Pro 3 with Microsoft USB nic.
Yes, will get the model number. Just had to inject the drivers into WinPE and all was happy. It’s the same adapter that the new Dell XPS laptops support. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Niall Brady Sent: Tuesday, September 2, 2014 12:36 PM To: mssms@lists.myitforum.com Subject: Re: [mssms] UEFI network boot extremely slow on Surface Pro 3 with Microsoft USB nic. hi Christopher, have you used that nic with the surface 3 using UEFI network boot ? does it work. On Tue, Sep 2, 2014 at 3:56 PM, christopher.catl...@us.sogeti.commailto:christopher.catl...@us.sogeti.com wrote: Also, we settled on the StarTech USB NIC’s at my current client. They seem to be universally compatible with everything we’ve tested. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of Niall Brady Sent: Tuesday, September 2, 2014 9:59 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: Re: [mssms] UEFI network boot extremely slow on Surface Pro 3 with Microsoft USB nic. Its server 2012r2 i believe, ill double check Sent from my phone, please excuse any typo's as a result. On 02 Sep 2014, at 15:33, christopher.catl...@us.sogeti.commailto:christopher.catl...@us.sogeti.com wrote: Also, your PXE server wouldn’t happen to be 2008r2, would it? UEFI booting is wonky with 2008r2, Stand up a 2012(r2) box as a PXE server and give that a go. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Niall Brady Sent: Tuesday, September 2, 2014 9:34 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: Re: [mssms] UEFI network boot extremely slow on Surface Pro 3 with Microsoft USB nic. Wont that impact all devices that uefi/pxe boot on that dp ? This is the only device that is slow, 3 hours to download boot.wim over uefi Sent from my phone, please excuse any typo's as a result. On 02 Sep 2014, at 15:11, Justin Chalfant justin.chalf...@microsoft.commailto:justin.chalf...@microsoft.com wrote: In my experience, Surface Pro’s take longer than PC’s with built in NIC’s. Try this Created registry key RamDiskTFTPBlockSize under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\DP with Hex value as 1456 should help a little. Thanks, Justin Chalfant Premier Field Engineer – Configuration Manager Public Sector Microsoft Services Tel : (303) 846-2701 Email: justin.chalf...@microsoft.commailto:justin.chalf...@microsoft.com If you have any feedback about my work, please let either myself or my manager Ron Hill know at ron.h...@microsoft.commailto:ron.h...@microsoft.com From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Niall Brady Sent: Tuesday, September 2, 2014 3:37 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] UEFI network boot extremely slow on Surface Pro 3 with Microsoft USB nic. hi, i'm testing a surface 3 with uefi network boot (cm12 r2 CU2) and the download of the boot wim is extremely slow, like painfully slow, the usb nic is a microsoft nic which i got with my original surface and i'm using that because it seems the usb3 lenovo nics wont work with the Surface3 for UEFI network boot. so, is this supported or a known issue ? also is it a requirement to use Microsoft branded usb nics with the surface brand for UEFI network boot ? anyone know ? cheers niall.
RE: [mssms] UEFI network boot extremely slow on Surface Pro 3 with Microsoft USB nic.
Here are the two StarTech Adapter models we are using. http://www.startech.com/Networking-IO/Adapter-Cards/USB-2-to-Gigabit-Ethernet-NIC-Network-Adapter~USB21000S2 http://www.startech.com/Networking-IO/Adapter-Cards/USB-3-to-Gigabit-Ethernet-NIC-Network-Adapter~USB31000S USB 2.0 and 3.0 respectively. The Dell will only pxe from the 2.0 An HP ElitePad 1000 tablet is the only device I’ve seen that will not PXE from it. From: Catlett, Christopher Sent: Tuesday, September 02, 2014 12:39 To: mssms@lists.myitforum.com Subject: RE: [mssms] UEFI network boot extremely slow on Surface Pro 3 with Microsoft USB nic. Yes, will get the model number. Just had to inject the drivers into WinPE and all was happy. It’s the same adapter that the new Dell XPS laptops support. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Niall Brady Sent: Tuesday, September 2, 2014 12:36 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: Re: [mssms] UEFI network boot extremely slow on Surface Pro 3 with Microsoft USB nic. hi Christopher, have you used that nic with the surface 3 using UEFI network boot ? does it work. On Tue, Sep 2, 2014 at 3:56 PM, christopher.catl...@us.sogeti.commailto:christopher.catl...@us.sogeti.com wrote: Also, we settled on the StarTech USB NIC’s at my current client. They seem to be universally compatible with everything we’ve tested. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of Niall Brady Sent: Tuesday, September 2, 2014 9:59 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: Re: [mssms] UEFI network boot extremely slow on Surface Pro 3 with Microsoft USB nic. Its server 2012r2 i believe, ill double check Sent from my phone, please excuse any typo's as a result. On 02 Sep 2014, at 15:33, christopher.catl...@us.sogeti.commailto:christopher.catl...@us.sogeti.com wrote: Also, your PXE server wouldn’t happen to be 2008r2, would it? UEFI booting is wonky with 2008r2, Stand up a 2012(r2) box as a PXE server and give that a go. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Niall Brady Sent: Tuesday, September 2, 2014 9:34 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: Re: [mssms] UEFI network boot extremely slow on Surface Pro 3 with Microsoft USB nic. Wont that impact all devices that uefi/pxe boot on that dp ? This is the only device that is slow, 3 hours to download boot.wim over uefi Sent from my phone, please excuse any typo's as a result. On 02 Sep 2014, at 15:11, Justin Chalfant justin.chalf...@microsoft.commailto:justin.chalf...@microsoft.com wrote: In my experience, Surface Pro’s take longer than PC’s with built in NIC’s. Try this Created registry key RamDiskTFTPBlockSize under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\DP with Hex value as 1456 should help a little. Thanks, Justin Chalfant Premier Field Engineer – Configuration Manager Public Sector Microsoft Services Tel : (303) 846-2701 Email: justin.chalf...@microsoft.commailto:justin.chalf...@microsoft.com If you have any feedback about my work, please let either myself or my manager Ron Hill know at ron.h...@microsoft.commailto:ron.h...@microsoft.com From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Niall Brady Sent: Tuesday, September 2, 2014 3:37 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] UEFI network boot extremely slow on Surface Pro 3 with Microsoft USB nic. hi, i'm testing a surface 3 with uefi network boot (cm12 r2 CU2) and the download of the boot wim is extremely slow, like painfully slow, the usb nic is a microsoft nic which i got with my original surface and i'm using that because it seems the usb3 lenovo nics wont work with the Surface3 for UEFI network boot. so, is this supported or a known issue ? also is it a requirement to use Microsoft branded usb nics with the surface brand for UEFI network boot ? anyone know ? cheers niall.
RE: [mssms] GPO
Are you setting Provisioning Mode to 0 by chance? As that would allow policy to give you a bad day. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Paul Cussen Sent: Friday, August 15, 2014 11:10 To: mssms Subject: Re: [mssms] GPO Not sure why that would impact the OSD, since afaik, the system account is used to install applications. Can you post the logs? On Thu, Aug 14, 2014 at 4:42 PM, Wilson, Patrick (Pat) patrick.wil...@srpmic-nsn.govmailto:patrick.wil...@srpmic-nsn.gov wrote: I have a GPO that renames the Local Admin account to a custom name and then the sequence will blow up after a reboot. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of Paul Cussen Sent: Thursday, August 14, 2014 4:39 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: Re: [mssms] GPO I haven't seen that before, and according to one of the comments posted at http://scug.be/sccm/2013/02/13/configmgr-2012-rtmsp1-applications-failed-to-install-during-osd-with-error-code-16389-and-denied-logon-for-domain-users-policy/, Group Policy functionality is disabled during task sequence execution. Can you give more detail on what you mean by messing up the sequence? On Thu, Aug 14, 2014 at 4:26 PM, Wilson, Patrick (Pat) patrick.wil...@srpmic-nsn.govmailto:patrick.wil...@srpmic-nsn.gov wrote: I am creating a OSD Task sequence in 2012 R2 and for some reason it is processing GPO during the sequence, and thus messing up the sequence. Anyone have any ideas as to how to block this? Pat
RE: [mssms] Maintenance Tasks
Which maint tasks? The SQL ones? From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Todd Hemsell Sent: Friday, August 08, 2014 12:46 To: mssms@lists.myitforum.com Subject: [mssms] Maintenance Tasks So I alter the schedule of the main tasks, but in smdbmon I still see the times set for midnight. How can I verify if the tasks are running as they should?
[mssms] RE: MSA 2982792; Improperly Issued Digital Certificates Could Allow Spoofing
If you block clients from being able to connect to Windows Updates (as in you block the url at your proxy) you will need to follow the offline instructions. The update does not need the WUA to hit Windows Update to function, its a separate process. From: listsad...@lists.myitforum.com [listsad...@lists.myitforum.com] on behalf of Marcum, John [jmar...@babc.com] Sent: Monday, July 14, 2014 9:17 AM To: SMS List (mssms@lists.myITforum.com) Subject: [mssms] MSA 2982792; Improperly Issued Digital Certificates Could Allow Spoofing How does this update affect Windows 7 clients whose updates are being managed by ConfigMgr? According to the KB Windows 7 machine should have the automatic updater of revoked certificates installed to mitigate this vulnerability. The documentation for the updaterhttps://support.microsoft.com/kb/2677070 indicates that systems must be able to check Windows Updates and does not mention anything about WSUS or ConfigMgr. John Marcum MCITP, MCTS, MCSA Sr. Desktop Architect Bradley Arant Boult Cummings LLP [H_Logo] Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e-mail and then delete it from your computer.
[mssms] RE: KB 2938066?
Or you could just enable TLS on your wsus box? From: listsad...@lists.myitforum.com [listsad...@lists.myitforum.com] on behalf of Wood, Sandy [sandy.w...@da.ocgov.com] Sent: Wednesday, July 09, 2014 6:49 PM To: mssms@lists.myitforum.com Subject: [mssms] RE: KB 2938066? I stuck that post out there today and was hoping to get a better response than wait and see... Sandy Wood Network Engineer Orange County District Attorney (714) 347-8775 -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Russell Johnson Sent: Wednesday, July 9, 2014 3:45 PM To: mssms@lists.myITforum.com Subject: [mssms] KB 2938066? Has anyone updated their SCCM WSUS with KB 2938066? Thankfully MS has a client update for Win 8 and Server 2012, but it looks like Win 7 machines will need to AutoUpdate. So far, I've found this blog: http://social.technet.microsoft.com/Forums/en-US/4ed5056f-4c7b-44a3-9d77-8e16611e3335/wsus-update-kb2938066-and-sccm-2012-r2?forum=configmanagersecurity, which recommends using a vbscript from Jason of CONFIGMGRFTW: http://blog.configmgrftw.com/the-wua-dilemma-in-configmgr/. I haven't tried that, yet, but it's only a workaround because AU is turned off by policy. I'm worried that SCCM clients will still need to be updated every time the SMS agent is installed or repaired if the standalone windows update client got re-installed as part of that process, too. Any thoughts? Thanks, Russell CONFIDENTIALITY NOTICE: This communication with its contents may contain confidential and/or legally privileged information. It is solely for the use of the intended recipient(s). Unauthorized interception, review, use or disclosure is prohibited and may violate applicable laws including the Electronic Communications Privacy Act. If you are not the intended recipient, please contact the sender and destroy all copies of the communication.
[mssms] RE: SUG deployed during OSD
So, does your image that is being deployed have an old version of java you are trying to patch? SUG won't install java if its not present. From: listsad...@lists.myitforum.com [listsad...@lists.myitforum.com] on behalf of Kevin Johnston [kjohns...@halogensoftware.com] Sent: Thursday, June 26, 2014 12:29 AM To: 'mssms@lists.myitforum.com' Subject: [mssms] SUG deployed during OSD I am having trouble wrapping my head around why this is not working. I use Secunia to download my application packs(Adobe Reader, java, flash…) So I create a SUG with the file. It is on my DPs, etc… I have it pointing to my Unknown Computers Collection (as that is how where the computers starts off). In my TS the windows updates is set to Install Software Updates. After reading this: http://ccmexec.com/2014/04/software-updates-os-deployment-and-unknown-computers/ It got me thinking that it might be because the SUG was set to Available. So I changed it to Required and then added another Install updates Sequence and set it to Mandatory hoping that it will now install, but it does not. What I think may be the issue is that the machine is getting moved from Unknown collection to the All Systems collection once it is joined to the domain so maybe I am putting it in the wrong place as I do not want to deploy a java update to the All systems collection. As referred to in the link I deploy my windows updates to a workstation Collection but I do not want a java update to be deployed to everyone either… so I know I am missing one key piece, I just can’t figure it out. Maybe if there was a way to move this computer to a collection that I can then deploy these updates to (while the machine is not logged in) but still during the deployment. Thanks, Kevin
Re: [mssms] SCCM 2012 R2 client on ESXi 5.1
That reads as a monumentally bad idea in my book. Sent from Windows Mail From: Todd Hemsellmailto:hems...@gmail.com Sent: Wednesday, May 14, 2014 10:26 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Has anyone installed the SCCM client on an ESX host? /Todd
Re: [mssms] ztidrivers.wsf - similar
Do you want a script that will re-scan for unknown hardware, and attempt to install drivers? Look at this method, I think it does what you are looking for. http://serverfault.com/questions/547130/scan-for-hardware-changes-in-windows-using-command-line Sent from Windows Mail From: Jason Wallacemailto:jaso...@outlook.com Sent: Wednesday, May 14, 2014 12:41 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com When you say unknown do you mean not needed? As in you are deploying to a VM and know the drivers that should be going on? Would devcon do it for you? On 14 May 2014, at 16:37, Hun boy hun@outlook.com wrote: Am looking for a script or a command that will remove all the unknown drivers from system and try to get scanned I have presaged the drivers in a standard location So that once it scans it will install properly. As I don't have mdt control can't use it the ztidrivers.wsf at my client infra... Searching for this lot but no help on bing and google Sent from iPhonesorry for typos
Re: [mssms] OT: ADFS of a DC
in a LAB, yes you can run ADFS on your DC. it will install and it will function. But, PLEASE don’t do that in prod. Sent from Windows Mail From: jmar...@babc.commailto:jmar...@babc.com Sent: Thursday, May 1, 2014 9:39 AM To: mssms@lists.myitforum.commailto:mssms@lists.myITforum.com Before anyone tells me that I am not supposed to run anything else on a domain controller… This is a SMALL LAB ENVIRONMENT and my resources are limited…. Is it, from a technical perspective, possible to add the ADFS role onto a domain controller? When I try to set the SPN I get a message Duplicate SPN found, aborting operation! Just for grins I also tried to set the SPN for my CM server and I get the same message. John Marcum MCITP, MCTS, MCSA Sr. Desktop Architect Bradley Arant Boult Cummings LLP [H_Logo] Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e-mail and then delete it from your computer.
Re: [mssms] OT: ADFS of a DC
you need a specific ad permission to register an SPN (unless you are a domain admin) Sent from Windows Mail From: jmar...@babc.commailto:jmar...@babc.com Sent: Thursday, May 1, 2014 1:12 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com What should I do about the SPN? It won't let me register a SPN with the service account for some reason. Is that to be expected? Should I ever care? From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of christopher.catl...@us.sogeti.com Sent: Thursday, May 01, 2014 9:47 AM To: mssms@lists.myitforum.com Subject: Re: [mssms] OT: ADFS of a DC in a LAB, yes you can run ADFS on your DC. it will install and it will function. But, PLEASE don’t do that in prod. Sent from Windows Mail From: jmar...@babc.commailto:jmar...@babc.com Sent: Thursday, May 1, 2014 9:39 AM To: mssms@lists.myitforum.commailto:mssms@lists.myITforum.com Before anyone tells me that I am not supposed to run anything else on a domain controller… This is a SMALL LAB ENVIRONMENT and my resources are limited…. Is it, from a technical perspective, possible to add the ADFS role onto a domain controller? When I try to set the SPN I get a message Duplicate SPN found, aborting operation! Just for grins I also tried to set the SPN for my CM server and I get the same message. John Marcum MCITP, MCTS, MCSA Sr. Desktop Architect Bradley Arant Boult Cummings LLP [H_Logo] Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e-mail and then delete it from your computer. Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e-mail and then delete it from your computer. Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e-mail and then delete it from your computer.
Re: [mssms] How to get a list of browsers, versions, plug-ins, and browser history?
IE plugins you can get through wmi / registry (will have to extend your classes) chrome / firefox will be a big mess. (most likely going to have to look at file locations) Sent from Windows Mail From: James Averymailto:ja...@jamescavery.com Sent: Thursday, May 1, 2014 12:28 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Any idea about plug-ins? From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Jeff Poling Sent: Thursday, May 01, 2014 10:42 AM To: mssms@lists.myitforum.com Subject: Re: [mssms] How to get a list of browsers, versions, plug-ins, and browser history? I agree with Chris that browser history in a report is not a good idea. You can get the browsers installed by using the Asset Intelligence report Software 02D - Computers with a Specific Software Installed. If you want to do something custom, I am using the query below to create a report that prompts for application name. It's rough, but works for my purposes: Select sys.Netbios_Name0, sys.User_Domain0, sys.User_Name0, sys.Operating_System_Name_and0, arp.DisplayName0, ARP.Version0 FROM v_R_System sys JOIN v_Add_Remove_Programs arp ON sys.ResourceID = arp.ResourceID WHERE Displayname0 like '%' +@ApplicationName+ '%' On Thu, May 1, 2014 at 10:31 AM, christopher.catl...@us.sogeti.commailto:christopher.catl...@us.sogeti.com wrote: browser history in a report, thats gonna be a HUGE report. Bad idea. As for what versions of what browser, use the installed software reports. you could run a custom report, and just list the browsers that you care about. Sent from Windows Mail From: James Averymailto:ja...@jamescavery.com Sent: Thursday, May 1, 2014 11:18 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Guys I'm trying to figure out a SSRS report in SCCM 2012 R2 to allow me to gather a list of browsers, versions, plug-ins and browser history from each PC. Thoughts? James
Re: [mssms] OT: ADFS of a DC
http://www.phishthis.com/2009/12/30/how-to-give-a-user-account-rights-to-register-its-own-service-principal-name-spn/ Sent from Windows Mail From: Christopher Catlettmailto:christopher.catl...@us.sogeti.com Sent: Thursday, May 1, 2014 1:56 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com you need a specific ad permission to register an SPN (unless you are a domain admin) Sent from Windows Mail From: jmar...@babc.commailto:jmar...@babc.com Sent: Thursday, May 1, 2014 1:12 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com What should I do about the SPN? It won't let me register a SPN with the service account for some reason. Is that to be expected? Should I ever care? From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of christopher.catl...@us.sogeti.com Sent: Thursday, May 01, 2014 9:47 AM To: mssms@lists.myitforum.com Subject: Re: [mssms] OT: ADFS of a DC in a LAB, yes you can run ADFS on your DC. it will install and it will function. But, PLEASE don’t do that in prod. Sent from Windows Mail From: jmar...@babc.commailto:jmar...@babc.com Sent: Thursday, May 1, 2014 9:39 AM To: mssms@lists.myitforum.commailto:mssms@lists.myITforum.com Before anyone tells me that I am not supposed to run anything else on a domain controller… This is a SMALL LAB ENVIRONMENT and my resources are limited…. Is it, from a technical perspective, possible to add the ADFS role onto a domain controller? When I try to set the SPN I get a message Duplicate SPN found, aborting operation! Just for grins I also tried to set the SPN for my CM server and I get the same message. John Marcum MCITP, MCTS, MCSA Sr. Desktop Architect Bradley Arant Boult Cummings LLP [H_Logo] Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e-mail and then delete it from your computer. Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e-mail and then delete it from your computer. Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e-mail and then delete it from your computer.
Re: [mssms] OT: ADFS of a DC
are you using the command line to register the spn on behalf of the other user account? Sent from Windows Mail From: jmar...@babc.commailto:jmar...@babc.com Sent: Thursday, May 1, 2014 2:27 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com I am the domain admin and I am not registering my own SPN. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of christopher.catl...@us.sogeti.com Sent: Thursday, May 01, 2014 1:02 PM To: mssms@lists.myitforum.com Subject: Re: [mssms] OT: ADFS of a DC http://www.phishthis.com/2009/12/30/how-to-give-a-user-account-rights-to-register-its-own-service-principal-name-spn/ Sent from Windows Mail From: Christopher Catlettmailto:christopher.catl...@us.sogeti.com Sent: Thursday, May 1, 2014 1:56 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com you need a specific ad permission to register an SPN (unless you are a domain admin) Sent from Windows Mail From: jmar...@babc.commailto:jmar...@babc.com Sent: Thursday, May 1, 2014 1:12 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com What should I do about the SPN? It won't let me register a SPN with the service account for some reason. Is that to be expected? Should I ever care? From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of christopher.catl...@us.sogeti.commailto:christopher.catl...@us.sogeti.com Sent: Thursday, May 01, 2014 9:47 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: Re: [mssms] OT: ADFS of a DC in a LAB, yes you can run ADFS on your DC. it will install and it will function. But, PLEASE don’t do that in prod. Sent from Windows Mail From: jmar...@babc.commailto:jmar...@babc.com Sent: Thursday, May 1, 2014 9:39 AM To: mssms@lists.myitforum.commailto:mssms@lists.myITforum.com Before anyone tells me that I am not supposed to run anything else on a domain controller… This is a SMALL LAB ENVIRONMENT and my resources are limited…. Is it, from a technical perspective, possible to add the ADFS role onto a domain controller? When I try to set the SPN I get a message Duplicate SPN found, aborting operation! Just for grins I also tried to set the SPN for my CM server and I get the same message. John Marcum MCITP, MCTS, MCSA Sr. Desktop Architect Bradley Arant Boult Cummings LLP [H_Logo] Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e-mail and then delete it from your computer. Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e-mail and then delete it from your computer. Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e-mail and then delete it from your computer. Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e-mail and then delete it from your computer. Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e-mail and then delete it from your computer.
Re: [mssms] Wipe the PGP MBR in a task sequence
Can you initiate the userstate store while in windows? Then just usb boot the machine and nuke the disk (without loading the pgp drivers). You would have to add a variable or two to the TS, so it would run as a refresh, and would know where the userstate was stored to. 3rd party encryption tools make imaging “exciting”. Sent from Windows Mail From: Merenda, Kennethmailto:kenneth.mere...@fmcti.com Sent: Tuesday, April 22, 2014 11:37 AM To: mssms@lists.myitforum.commailto:mssms@lists.myITforum.com I have an in-place refresh task sequence with USMT for upgrading XP to win7. Our XP clients are all encrypted with Symantec Encryption Desktop (formerly PGP) v10.3. Symantec provides instruction for adding the PGP drivers to the WinPE image, and that works. My task sequence is initiated via USB boot media, and loads into that modified boot image. A prestart command on the boot image (pgpwde --auth --disk 0 --p “passphrase”) unlocks the encrypted drive. The task sequence begins by capturing the user state to a SMP, then runs the disk format and partition step. Everything that I just described works, except for the disk format and partition step. While that step does complete without error, it does not get rid of the PGP MBR. The next time the task sequence restarts the computer, it loads into the PGP bootguard rather than into the WinPE image. I’ve tried a command line step to manually run diskpart clean, and while that step also completes, it still doesn’t touch the PGP MBR. After days of troubleshooting, I’ve identified that once the pgpwde –auth command unlocks the drive, the PGP filter drivers block access to the MBR, but they do so in a way that still allows tools like diskpart to complete without any error. The only Symantec-supported method to get around this is to fully decrypt the drive –a process that can take hours or days. I think the only solution is a 3rd party substitute for diskpart, like pldd or FAU DD. I can’t seem to find one, however, that works in WinPE x64 and works against PGP. Pldd is not supported in 64-bit PE (which I must use), and FAU DD doesn’t seem to function properly in WinPE. The diskpart clean command actually works fine if I use it before issuing the PGP –auth command, but obviously I have to issue the PGP command first so I can capture the user data and have somewhere to store the SMSTS packages. I can’t reboot after capturing the user data because I can’t modify the MBR to get it to boot to the WinPE image instead of PGP. Any ideas on how to blow away the MBR? Any known 3rd party tools that work inside 64-bit WinPE? Thanks in advance, -Kenneth Merenda
Re: [mssms] RE: Get the SYSTEM_OU_NAME without the duplicate rows
select FieldName from daTable where length(FieldName) = ( select max(length(FieldName)) from daTable ) or ORDER BY LENGTH(FieldName) DESC and use LIMIT 1 Sent from Windows Mail From: Daniel Ratliffmailto:dratl...@humana.com Sent: Tuesday, April 22, 2014 11:56 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com I literally had the same issue last week, and just filtered in Excel for the sake of time. Would love to see some SQL magic to do the trick. Daniel Ratliff From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Krueger, Jeff Sent: Tuesday, April 22, 2014 11:25 AM To: mssms@lists.myitforum.com Subject: [mssms] Get the SYSTEM_OU_NAME without the duplicate rows Does anyone have any SQL Fu handy that will give you the longest value in the dbo.v_RA_System_SystemOUName? Trying to put together a report where I want to add the OU a system is in but that view has separate rows for each sub ou a given system is in. Jeff Krueger IT - Endpoint Design Services Henry Ford Health System jkrue...@hfhs.orgmailto:jkrue...@hfhs.org 248.853.4466 CONFIDENTIALITY NOTICE: This email contains information from the sender that may be CONFIDENTIAL, LEGALLY PRIVILEGED, PROPRIETARY or otherwise protected from disclosure. This email is intended for use only by the person or entity to whom it is addressed. If you are not the intended recipient, any use, disclosure, copying, distribution, printing, or any action taken in reliance on the contents of this email, is strictly prohibited. If you received this email in error, please contact the sending party by reply email, delete the email from your computer system and shred any paper copies. Note to Patients: There are a number of risks you should consider before using e-mail to communicate with us. See our Privacy Security page on www.henryford.comhttp://www.henryford.com for more detailed information as well as information concerning MyChart, our new patient portal. If you do not believe that our policy gives you the privacy and security protection you need, do not send e-mail or Internet communications to us. The information transmitted is intended only for the person or entity to which it is addressed and may contain CONFIDENTIAL material. If you receive this material/information in error, please contact the sender and delete or destroy the material/information.
Re: [mssms] How to handle drivers multiple reboots
Exe based drivers wont work for network or mass storage, those need to be “real” drivers. also you need to suppress the reboots that your driver installs are doing. You may have to extract the “bad” drivers. Sent from Windows Mail From: Niall Bradymailto:any...@gmail.com Sent: Tuesday, April 22, 2014 12:38 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com use apply dirver package instead of auto apply drivers, and use WMI to detect what the hardware is, like herehttp://www.windows-noob.com/forums/index.php?showtopic=563 (same process in cm12), as regards the reboots, what does your smsts.log file tell you about that ? a good idea (when troubleshooting failed deployments) is to use a pause in the task sequence before and after a step you are troubleshooting, detailed herehttp://www.windows-noob.com/forums/index.php?/topic/8846-how-can-i-pause-a-task-sequence-in-system-center-2012-configuration-manager/. That way you can monitor the step live and review the logs without having to worry about the machine rebooting when you dont want it to... On Tue, Apr 22, 2014 at 6:10 PM, Hun boy hun@outlook.commailto:hun@outlook.com wrote: Am into drivers integration task for my sccm 2007 and 2012... I have enabled default step auto apply drivers and do not have any PNP drivers in my TS.. All are the exe based drivers and tested manually with all my command lines and working fine. Now the issue is after apply WIM image it should go for auto apply drivers and then it's getting into first reboot with preparing your computer for the first time then it does 3-4 reboots and later not continuing my TS steps... It just sits into default is without any drivers. So this is because of multiple reboots are happening out side of sccm control ...how can we come out of this kind of situations... Any ideas ... Pls.. Sent from iPhonesorry for typos
Re: [mssms] Wipe the PGP MBR in a task sequence
Marcum is right, messing with 3rd party ecryption, is a royal PITA. Some things just arent possible…… you can fully decrypt the disk, or do it another way. Sent from Windows Mail From: jmar...@babc.commailto:jmar...@babc.com Sent: Tuesday, April 22, 2014 1:27 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com It's basically impossible to do a refresh of a machine with third party encryption in a single task. Managers want all sorts of things, some of them just can't be done. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Merenda, Kenneth Sent: Tuesday, April 22, 2014 10:51 AM To: mssms@lists.myitforum.com Subject: RE: [mssms] Wipe the PGP MBR in a task sequence My manager wants it all done in a single TS, where the technicians can kick it off and walk away. -Kenneth From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of christopher.catl...@us.sogeti.commailto:christopher.catl...@us.sogeti.com Sent: Tuesday, April 22, 2014 10:43 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: Re: [mssms] Wipe the PGP MBR in a task sequence Can you initiate the userstate store while in windows? Then just usb boot the machine and nuke the disk (without loading the pgp drivers). You would have to add a variable or two to the TS, so it would run as a refresh, and would know where the userstate was stored to. 3rd party encryption tools make imaging “exciting”. Sent from Windows Mail From: Merenda, Kennethmailto:kenneth.mere...@fmcti.com Sent: Tuesday, April 22, 2014 11:37 AM To: mssms@lists.myitforum.commailto:mssms@lists.myITforum.com I have an in-place refresh task sequence with USMT for upgrading XP to win7. Our XP clients are all encrypted with Symantec Encryption Desktop (formerly PGP) v10.3. Symantec provides instruction for adding the PGP drivers to the WinPE image, and that works. My task sequence is initiated via USB boot media, and loads into that modified boot image. A prestart command on the boot image (pgpwde --auth --disk 0 --p “passphrase”) unlocks the encrypted drive. The task sequence begins by capturing the user state to a SMP, then runs the disk format and partition step. Everything that I just described works, except for the disk format and partition step. While that step does complete without error, it does not get rid of the PGP MBR. The next time the task sequence restarts the computer, it loads into the PGP bootguard rather than into the WinPE image. I’ve tried a command line step to manually run diskpart clean, and while that step also completes, it still doesn’t touch the PGP MBR. After days of troubleshooting, I’ve identified that once the pgpwde –auth command unlocks the drive, the PGP filter drivers block access to the MBR, but they do so in a way that still allows tools like diskpart to complete without any error. The only Symantec-supported method to get around this is to fully decrypt the drive –a process that can take hours or days. I think the only solution is a 3rd party substitute for diskpart, like pldd or FAU DD. I can’t seem to find one, however, that works in WinPE x64 and works against PGP. Pldd is not supported in 64-bit PE (which I must use), and FAU DD doesn’t seem to function properly in WinPE. The diskpart clean command actually works fine if I use it before issuing the PGP –auth command, but obviously I have to issue the PGP command first so I can capture the user data and have somewhere to store the SMSTS packages. I can’t reboot after capturing the user data because I can’t modify the MBR to get it to boot to the WinPE image instead of PGP. Any ideas on how to blow away the MBR? Any known 3rd party tools that work inside 64-bit WinPE? Thanks in advance, -Kenneth Merenda Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e-mail and then delete it from your computer. Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e-mail and then delete it from your computer.
Re: [mssms] SCCM 2012 R2 Boot WIM DISM - Drivers Failing -hr:0xc0000135
why not use the built-in driver injection for the boot images? Sent from Windows Mail From: Hun boymailto:hun@outlook.com Sent: Thursday, April 10, 2014 2:53 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Hi All, I have upgraded my SCCM 2012 RTM to SP1(Not installed any Cumulative updates) then to SCCM 2012 R2 Successfully... I did not get any errors. Before Upgrade my SCCM 2012 RTM/SP1 Images are removed from DP Targets. Now my next high priority task is I wanted to integrate my Hardware models NIC Mass Storage Drivers to my Boot Images, So that my OSD will work without any issues. But am getting errors, when I try to add by DISM command to the Boot Images. I have taken Default boot.wim file from SCCM 2012 R2 and copy pasted to my work location and ran the DISM command... however I am not successful in this for integration. Has anyone have already have solution for this let me know. AV is in Disabled state during DISM.. Still no Luck Attached my DISM.Log file here... Failed to create Dism Image Session in host. - CDISMManager::LoadImageSession(hr:0xc135) DISM Manager: PID=3200 A problem ocurred loading the image session. Retrying... - CDISMManager::CreateImageSession(hr:0xc135) DISM.EXE: Unable to start the servicing process for the image at 'E:\Boot_WIM\SCCMR2_WIMS\X86\Temp'. HRESULT=C135 Thank you In Advance, Hunboy
Re: [mssms] Need to deploy BitLocker to machines in the field without the needed partitions
+1 on the defrag bdehdcfg is the utility you can leverage to repartition the drive. http://technet.microsoft.com/en-us/library/ff829850.aspx Sent from Windows Mail From: Trevor Sullivanmailto:tsul...@gmail.com Sent: Wednesday, April 2, 2014 5:56 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Stephen, The first thing I would do is deploy a task to defragment the free space on drives. I recently tried to shrink a BitLocker volume on a Windows 7 SP1 Enterprise system, and was not able to shrink much until doing a defrag.exe /x. Just a precautionary measure, since 300MB isn’t a lot, but you might have more success this way. I would follow that up with a call to diskpart.exe to shrink the disk, and then create the partition. I’m assuming these are Windows 7 and don’t have the appropriate PowerShell modules to handle creation of partitions and the like? The bdehdcfg.exe and manage-bde.exe utilities might offer you some help as well. Check these out for more options. Of course, test, test, test! :) Cheers, Trevor Sullivan From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Stephen Owen Sent: Wednesday, April 2, 2014 3:06 PM To: mssms@lists.myitforum.com Subject: [mssms] Need to deploy BitLocker to machines in the field without the needed partitions Hi Guys, We’ve got maybe 2~3k systems here at $Client.Name that were built without the partitions needed to support BitLocker, and now we need to encrypt them without refreshing them to correct the partitions. During my initial googles, I found this articlehttp://blogs.technet.com/b/configurationmgr/archive/2011/01/20/solution-the-enable-bitlocker-task-fails-to-run-during-a-configmgr-2007-task-sequence.aspx which makes mention of the ZTIBde resource in the MDT Toolkit, for precisely this sort of situation. It seems this tool will use diskpart to shrink the last 300 MB of the drive, and then handle storing the necessary files for BitLocker there. Has anyone used this in the wild? I’m always cautious when adjusting partitions on existing drives with user data. I've got an existing 'Encrypt' TS that works fine for systems with the needed partitions. I'd like to be able to use the ZTIBde.wsf script to fix the partitions on the machines, then encrypt them. Are there any pitfalls I should know about? Any tips? Thanks,
Re: [mssms] Need to deploy BitLocker to machines in the field without the needed partitions
I havent used it in that scenario. After you run the bdehdcfg command, you will need to reboot. If it fails to create the partition, the rest of the encryption steps will fail. Good point on the partition size. Haven't thought about the refresh scenario’s yet. The bitlocker project I am currently involved with, is replacing {insert terrible encryption product here} so we are wiping the drive first. Sent from Windows Mail From: Stephen Owenmailto:sre...@gmail.com Sent: Thursday, April 3, 2014 12:58 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Thanks for the responses guys. Have any of you used ZTI_Bde.wsf? Its included in the MDT Toolkit and seems to address this very situation. On Thu, Apr 3, 2014 at 10:45 AM, christopher.catl...@us.sogeti.commailto:christopher.catl...@us.sogeti.com wrote: unless you are deploying the recovery environment WinRE, you only need a 500mb BDE partition. you also should not assign a drive letter to it Sent from Windows Mail From: Mike Dzikowskimailto:sccmlist-mikedzikow...@outlook.com Sent: Thursday, April 3, 2014 10:39 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com http://support.microsoft.com/kb/933246 Example scenario 1 The target system has a single partition. To prepare the computer for BitLocker, you want to split the operating system partition. You want the following conditions to be true: * The size of the new partition is 1500 MB. * The new partition uses X for the drive letter. * During the operation, confirmation dialog boxes do not appear. * The system restarts when the operation is completed. To use these settings, run the following command at a command prompt: BdeHdCfg.exe -target c: shrink -newdriveletter x: -size 1500 -quiet -restart Sounds like your scenario. Date: Wed, 2 Apr 2014 16:05:36 -0400 Subject: [mssms] Need to deploy BitLocker to machines in the field without the needed partitions From: sre...@gmail.commailto:sre...@gmail.com To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Hi Guys, We’ve got maybe 2~3k systems here at $Client.Name that were built without the partitions needed to support BitLocker, and now we need to encrypt them without refreshing them to correct the partitions. During my initial googles, I found this articlehttp://blogs.technet.com/b/configurationmgr/archive/2011/01/20/solution-the-enable-bitlocker-task-fails-to-run-during-a-configmgr-2007-task-sequence.aspx which makes mention of the ZTIBde resource in the MDT Toolkit, for precisely this sort of situation. It seems this tool will use diskpart to shrink the last 300 MB of the drive, and then handle storing the necessary files for BitLocker there. Has anyone used this in the wild? I’m always cautious when adjusting partitions on existing drives with user data. I've got an existing 'Encrypt' TS that works fine for systems with the needed partitions. I'd like to be able to use the ZTIBde.wsf script to fix the partitions on the machines, then encrypt them. Are there any pitfalls I should know about? Any tips? Thanks,
Re: [mssms] Exclude a group of machines from having updates managed by SCCM
if you set the wsus gpo, it will override sccm. you will get errors in the update log in the client, but the machine will patch through wsus. Just use a wmi filter on the gpo. Sent from Windows Mail From: Miller, Toddmailto:todd-mil...@uiowa.edu Sent: Wednesday, April 2, 2014 12:39 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com I have an OU of machines that have the SCCM agent, however for these machines I want them to apply updates from Microsoft Windows Updates rather than having their updates managed by SCCM. Is there a way to have a small number of clients ignore any Windows Updates settings and just go out to Microsoft for their updates as if they had never heard of SCCM and WSUS? My scenario is this. We have allowed 10 or so Windows 7 x86 machines onto the domain for various reasons, while the other 20,000 systems are all Win7 64bit. Rather than check in 32 bit updates every month and all the overhead that entails for a fraction of a percent of machines, I would just like to force those 10 machines to go out to Microsoft for patches. I still want the SCCM agent to collect HW/SW inventory for those machines though. I have a GPO set to force the machines to apply updates once a week, but their definition of what updates to apply seems to be coming from the MP/WSUS server still. They don’t find any updates because I have never checked in/approved any 32 bit patches. Can I “opt-out” a set of machines from the SCCM patching system and allow them to go back out to MS Windows Update while keeping the SCCM agent installed? Can a GPO override the settings from SCCM? It seems like it’s an all or nothing thing. Currently on SCCM 2007, but am interested if 2012 changes the answer as that is only a month or two away. Notice: This UI Health Care e-mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and may be legally privileged. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. Please reply to the sender that you have received the message in error, then delete it. Thank you.
Re: [mssms] Windows XP patching in April 2014
As if folks with xp embedded machines actually patch them. Most dont have the disk space to apply the needed patches and have any space left for apps/data. Sent from Windows Mail From: Michael Niehausmailto:michael.nieh...@microsoft.com Sent: Tuesday, April 1, 2014 5:34 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com If they are running Windows XP Embedded, you have until 1/12/2016: http://support.microsoft.com/lifecycle/search/default.aspx?sort=PNalpha=Windows+XP+EmbeddedFilter=FilterNO If they are running standard XP, I guess the countdown that we’ve been watching and reminding people of for the last 1000 days didn’t register ☺ Thanks, -Michael From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Marcum, John Sent: Tuesday, April 1, 2014 12:56 PM To: mssms@lists.myitforum.com Subject: RE: [mssms] Windows XP patching in April 2014 What are you guys talking about? Did I miss some announcement about Windows XP? Should I be concerned that I have 40,000 ATM's running Windows XP? From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of christopher.catl...@us.sogeti.commailto:christopher.catl...@us.sogeti.com Sent: Tuesday, April 01, 2014 2:33 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: Re: [mssms] Windows XP patching in April 2014 You sir, have been living under a rock. Sent from Windows Mail From: Heavner, Charliemailto:charlie.heav...@lfg.com Sent: Tuesday, April 1, 2014 1:44 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com So lemme get this straight…on April 8th 2014, Microsoft could release a new XP security update. After the 8th, no more XP updates. Do I have that right? *BTW, I’ve reached out to our TAM but just haven’t heard back yet. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael Niehaus Sent: Tuesday, April 01, 2014 12:54 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: RE: [mssms] Windows XP patching in April 2014 Yes, existing Windows XP security updates, service packs, etc. will still be available for download after April 8th. You just won’t see any new updates on any subsequent patch Tuesday. Thanks, -Michael From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Jason Sandys Sent: Tuesday, April 1, 2014 8:38 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: RE: [mssms] Windows XP patching in April 2014 Right, just talking about continued availability of all previously released public updates. J From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Rod Trent Sent: Tuesday, April 1, 2014 10:18 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: RE: [mssms] Windows XP patching in April 2014 …unless, an extended support contract is signed. New updates will still be developed, but only available to those with extended support agreements. And, even then, those patches will not be available through WSUS. Companies under agreement will have to get updates directly from their Microsoft support representative when they are available. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Jason Sandys Sent: Tuesday, April 1, 2014 11:09 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: RE: [mssms] Windows XP patching in April 2014 I *think* the confusion is around whether they will continue to make all (new and old) XP updates available after April also or if they will be not making any XP updates (new or old) available anymore at all. To my knowledge, April simply marks the end of *new* updates being created and made publically available. All historical updates will still be available via the normal update methods for an underdetermined amount of time (many, many years I’m sure as you can still get Windows 2000 updates and it’s been EOL for a long time now). J From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Jason Wallace Sent: Tuesday, April 1, 2014 9:53 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: RE: [mssms] Windows XP patching in April 2014 I was going to wait 24 hours to see if they asked the question a second time From: rodtr...@myitforum.commailto:rodtr...@myitforum.com To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: RE: [mssms] Windows XP patching in April 2014 Date: Tue, 1 Apr 2014 10:47:10 -0400 That’s the fact. One last Patch Tuesday for Windows XP. From:
Re: [mssms] MDT 2013 Configuration and CM12 SP1
That’s the exact use for MDT, for most of those that run integrated. Sent from Windows Mail From: Trevor Sullivanmailto:tsul...@gmail.com Sent: Wednesday, March 26, 2014 2:56 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com I don’t see why not …? It’s just a WIM file. Cheers, Trevor Sullivan From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Brian McDonald Sent: Wednesday, March 26, 2014 1:52 PM To: mssms@lists.myitforum.com Subject: [mssms] MDT 2013 Configuration and CM12 SP1 Ha, I know some will get a kick out of this one here with the recent post on whether to use MDT for image engineering or ConfigMgr. :) Here's my question. If you are running CM12 SP1 with MDT 2012 U1 Integrated. Can you run an MDT 2013 Standalone member server to build your image? If I import a captured Win7 image from my MDT 2013 server in a CM12 SP1 environment will it cause issues with deployment? Can't find anything on technet about this. Thank you, Brian
[mssms] RE: Integrate Dell CCTK to WinPE SCCM 2012 R2
Are you setting parameters manually, or importing a .cctk file? I found the multiplatform exe that you can create with the tool does not work in x64 winPE 5.0 (running 2012R2) Did you make a separate package for x86 vs x64 boot wim's? (I'm having to handle UEFI here, so we had to go to x64 boot wims.) Christopher Catlett Consultant | Detroit [MCTS_2013_small] Sogeti USA Office 248-876-9738 |Fax 877.406.9647 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456 www.us.sogeti.comhttp://www.us.sogeti.com/ From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of King, Jason Sent: Tuesday, March 25, 2014 11:35 AM To: mssms@lists.myitforum.com Subject: [mssms] Integrate Dell CCTK to WinPE SCCM 2012 R2 Has anyone had any issues integrating Dell CCTK into the Boot Image? I have added the CCTK to the boot image and can enable the HAPI driver but when I run a command line to do any settings with the CCTK my TS blows up. Each command line exits with exit code 3221225781. Anyone seem or had this issue? Expand a string: smsswd.exe /run: x:\CCTK\x86\CCTK.exe --setuppwd=password TSManager 3/25/2014 11:30:09 AM 1428 (0x0594) Expand a string:TSManager 3/25/2014 11:30:09 AM 1428 (0x0594) Command line for extension .exe is %1 %* TSManager 3/25/2014 11:30:09 AM 1428 (0x0594) Set command line: smsswd.exe /run: x:\CCTK\x86\CCTK.exe --setuppwd=password TSManager 3/25/2014 11:30:09 AM 1428 (0x0594) Start executing the command line: smsswd.exe /run: x:\CCTK\x86\CCTK.exe --setuppwd=password TSManager3/25/2014 11:30:09 AM 1428 (0x0594) !! TSManager 3/25/2014 11:30:09 AM 1428 (0x0594) Expand a string: WinPEandFullOS TSManager 3/25/2014 11:30:09 AM 1428 (0x0594) Executing command line: smsswd.exe /run: x:\CCTK\x86\CCTK.exe --setuppwd=password TSManager3/25/2014 11:30:09 AM 1428 (0x0594) [ smsswd.exe ] InstallSoftware 3/25/2014 11:30:09 AM 1608 (0x0648) PackageID = ''InstallSoftware 3/25/2014 11:30:09 AM 1608 (0x0648) BaseVar = '', ContinueOnError='' InstallSoftware 3/25/2014 11:30:09 AM 1608 (0x0648) ProgramName = 'x:\CCTK\x86\CCTK.exe --setuppwd=password' InstallSoftware 3/25/2014 11:30:09 AM 1608 (0x0648) SwdAction = '0001' InstallSoftware 3/25/2014 11:30:09 AM 1608 (0x0648) Command line for extension .exe is %1 %* InstallSoftware 3/25/2014 11:30:09 AM 1608 (0x0648) Set command line: Run command lineInstallSoftware 3/25/2014 11:30:09 AM 1608 (0x0648) Working dir 'not set' InstallSoftware 3/25/2014 11:30:09 AM 1608 (0x0648) Executing command line: Run command line InstallSoftware 3/25/2014 11:30:09 AM 1608 (0x0648) Process completed with exit code 3221225781 InstallSoftware 3/25/2014 11:30:09 AM 1608 (0x0648) Command line returned 3221225781 InstallSoftware 3/25/2014 11:30:09 AM 1608 (0x0648) Process completed with exit code 3221225781 TSManager 3/25/2014 11:30:09 AM 1428 (0x0594) !! TSManager 3/25/2014 11:30:09 AM 1428 (0x0594) Could not find CCM install folder. Don't use ccmerrors.dll TSManager 3/25/2014 11:30:09 AM 1428 (0x0594) Failed to run the action: Set BIOS Password. Unknown error (Error: C135; Source: Unknown) TSManager 3/25/2014 11:30:09 AM 1428 (0x0594) . Jason King | Please consider the environment before printing this email. CONFIDENTIALITY NOTICE: This email contains information from the sender that may be CONFIDENTIAL, LEGALLY PRIVILEGED, PROPRIETARY or otherwise protected from disclosure. This email is intended for use only by the person or entity to whom it is addressed. If you are not the intended recipient, any use, disclosure, copying, distribution, printing, or any action taken in reliance on the contents of this email, is strictly prohibited. If you received this email in error, please contact the sending party by reply email, delete the email from your computer system and shred any paper copies. Note to Patients: There are a number of risks you should consider before using e-mail to communicate with us. See our Privacy Security page on www.henryford.comhttp://www.henryford.com for more detailed information as well as information concerning MyChart, our new patient portal. If you do not believe that our policy gives you the privacy and security protection you need, do not send e-mail or Internet communications to us. inline: image001.jpg
Re: [mssms] SCCM 2012 R2 DP in Win 2003 SP2
Do you have a specific parameter that you have a question on? Let me know what research you have done, and I’ll see what I can find. Sent from Windows Mail From: JRITmailto:juninho200...@gmail.com Sent: Monday, March 24, 2014 1:19 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Folks, How can I install a Pull Distribution Point (for SCCM 2012 R2) in a remote Windows Server 2003 SP2 using command line? Thank you,
Re: [mssms] Recommended switch configs for successful PXE boot?
My one piece of advise, if its a Cisco swith, ensure it is running the latest train of IOS code. Sent from Windows Mail From: Daniel Ratliffmailto:dratl...@humana.com Sent: Monday, March 24, 2014 3:45 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com I understand this is a very generic question, and is almost always environment specific but I have to ask it anyway. Anyone have any recommended switch configs or specific settings that they have had to set to help PXE boot be more successful? I have heard that turning on portfast helps? Any other suggestions? Daniel Ratliff The information transmitted is intended only for the person or entity to which it is addressed and may contain CONFIDENTIAL material. If you receive this material/information in error, please contact the sender and delete or destroy the material/information.
RE: [mssms] System infected with Bitcrypt virus
Odds are, your screwed. Hope you have a good backup of the data. Christopher Catlett Consultant | Detroit [MCTS_2013_small] Sogeti USA Office 248-876-9738 |Fax 877.406.9647 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456 www.us.sogeti.comhttp://www.us.sogeti.com/ From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Rajan Hotmail Sent: Friday, March 21, 2014 3:06 PM To: f...@lists.myitforum.com; mssms@lists.myitforum.com Subject: [mssms] System infected with Bitcrypt virus Dear, One of my PC is infected with Virus with Bitcrypt virus. Anyone have idea about this Virus and the how decrypt the all files? Regards Rajan inline: image001.jpg
Re: [mssms] universal print drivers
I’ve actually been looking at doing the same thing at a client. Its on the back-burner for now though. Sent from Windows Mail From: Timothy Ransommailto:timothy.ran...@gdol.ga.gov Sent: Thursday, March 13, 2014 12:34 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Hi, I am looking for any details on using universal print drivers with OSD. We have dozens of models of all major printer manufacturers. Previously, we used a print cluster and after imaging restored user’s network printers then drivers auto-installed from the print cluster on first client connection to printers. Now we are using IP printing instead and need to have drivers available locally. How are you deploying universal print drivers in task sequences? Can they be pre-loaded on images? Thanks, Tim ** GDOL CONFIDENTIALITY NOTICE: This transmission may contain confidential information protected by state or federal law. The information is intended only for use consistent with the state business discussed in this transmission. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or the taking of any action based on the contents is strictly prohibited. If you have received this transmission in error, please delete this email and notify the sender immediately. Your cooperation is appreciated. **
Re: [mssms] CM as a Backup system
If you own ConfigMgr, you own Data Protection Manager. Please use the right tool for the job. Sent from Windows Mail From: JRITmailto:juninho200...@gmail.com Sent: Thursday, March 13, 2014 1:47 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com What you guys think about that: http://blog.coretech.dk/mip/capture-none-syspreped-image-using-sccm-running-imagex-from-a-ts/ Any PRO or CONS?
Re: [mssms] Inventoring Processors and Core in CM12 R2
Make a collection based on sql server being installed. Then run the hardware report to get number of processors, from members of that collection. Sent from Windows Mail From: JRITmailto:juninho200...@gmail.com Sent: Wednesday, March 12, 2014 9:23 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Please, anyone? 2014-03-11 21:39 GMT-03:00 JRIT juninho200...@gmail.commailto:juninho200...@gmail.com: Is there a way to Inventory my server with SQL Server installed and show on report the number of processors and core in use? I want to validate my SQL licensing. Thanks a lot,
Re: [mssms] Moving SCCM 2012 DB
In case he doesnt know, you should have one tempdb per cpu core, that sql is allowed to use. Sent from Windows Mail From: Jeremy Sihassenmailto:jeremy.sihas...@gmail.com Sent: Wednesday, March 12, 2014 12:17 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Moving everything wouldn't be that hard. Just need to configure inside SQL management studio. He's a real DBA? Because installing SQL entirely on the same drive ils against everything he learned in the past. Le 12 mars 2014 17:06, Brian McDonald mcdonald...@hotmail.commailto:mcdonald...@hotmail.com a écrit : Thanks for everyone who responded. Here's my next question. In my environment, my SQL DBA installed SQL on my Primary Site Server. I know, I know:( I have 2 drives on my Primary Site. C:\ has SCCM Installed and E:\ has SQL installed. How difficult of a task would it be to move the DB directory, logs directory, tempDB directory, tempDB files, etc. etc. to separate drives? Would I be looking at a complete reinstall of SQL? How would this impact my current SCCM 2012 environment? Is it too risky to do at this point. Trying to determine my options and best recommendations on how to move forward. Thanks! Brian From: psch...@projectleadership.netmailto:psch...@projectleadership.net To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: RE: [mssms] Moving SCCM 2012 DB Date: Wed, 12 Mar 2014 14:47:24 + 1. It’s already installed in a Microsoft supported configuration 2. Moving it will mean generating a fair amount of network traffic between the two servers whereas it is presently all local 3. Generally speaking, your data is more secure staying put on one server than moving it from one server to another 4. IIRC, they cannot use that SQL license to collocate other application databases…it’s ONLY for ConfigMgr (need to verify that one though). So unless they have a separate SQL license for the other server, they’re either dedicating another whole server just for ConfigMgr or they’re wasting the license IMO, they’re the ones with the burden of proof in this situation. They would need to demonstrate how moving data across a network between servers is less secure than having it all local. -Phil _ Phil Schwan | Technical Architect, Enterprise Windows Services Project Leadership Associates | 2000 Town Center, Suite 1900, Southfield, MI 48075 Lync: 312.756.1626tel:312.756.1626 Mobile: 419.262.5133tel:419.262.5133 www.projectleadership.nethttp://www.projectleadership.net/ [Description: Description: Description: Arrow email]Lead with Strategy. Leverage Technology. Deliver Results. [linkedin_logo-19x20]http://www.linkedin.com/in/philschwan[Twitter-Logo1-20x20]https://twitter.com/philschwan [wordpress-logo3] http://myitforum.com/myitforumwp/author/philschwan From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of Brian McDonald Sent: Wednesday, March 12, 2014 10:34 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] Moving SCCM 2012 DB Hi everyone, My DBA has asked me to move my local SQL install remote. I have a single primary site with 64 GB of memory and service only 1200 clients total. I see no reason to move the SQL to a remote location. They basically told me there reasoning was from a security standpoint. First reason was because local install required a local SQL instance (licensing), which we explained to them we are using STD edition and licensing is included. I need a strong business case to keep my SQL install local. I see no reason to move it off-box. Any suggestions? Thanks, Brian PRIVILEGED AND CONFIDENTIAL. This email and any files transmitted with it are privileged and confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender. If you are not the named addressee you should not disseminate, distribute or copy this e-mail or any of its attachments. inline: image002.jpginline: image001.jpginline: image004.jpginline: image003.jpg
Re: [mssms] Wyse D90D7 Windows Embedded 7 - Bios Password
Unless Wyse has a new tool available, it is not possible to change the bios settings from within windows or winpe. I have not worked on new models in a year or two, so this hopefully has changed. Sent from Windows Mail From: naveen kannegantimailto:naveenk...@gmail.com Sent: Tuesday, March 11, 2014 2:29 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Hi, I have provided an WYSE USB capture tool which can capture bios and create bios.img file . is it possible to package and deploy the bios.img file via SCCM . Please provide me command line if it is possible. is there is any other way what we can able to change bios password on Wyse D90D7 terminal (windows 7 embedded standard ) via SCCM ? Thanks Naveen K
Re: [mssms] Auto-enrollment client certificate
which domain are the clients a member of? which domain is the CA a member of? Sent from Windows Mail From: Brian McDonaldmailto:mcdonald...@hotmail.com Sent: Tuesday, March 11, 2014 12:59 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Quick question on auto-enrollment GPO for client certs. I have two separate domains/forests and am working with my team on setting up a PKI environment. The client certificate has been created. When configuring the Auto-enrollment of the Client Certificate GPO, should the GPO be applied to both internal/external domains? Internal I'm running HTTP and external HTTPS. I'm assuming the GPO should be applied to both, correct? Thanks, Brian
Re: [mssms] RE: Task Sequence wizard asks to remove CD and reboot
Thanks Ignore the mail i sent friday afternoon, for some reason your response didnt show in the thread. Sent from Windows Mail From: Todd Hemsellmailto:hems...@gmail.com Sent: Friday, March 7, 2014 5:05 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com tsbootshell.ini On Fri, Mar 7, 2014 at 1:51 PM, Trevor Sullivan tsul...@gmail.commailto:tsul...@gmail.com wrote: In what ISO file? Does the INI file have to have a specific heading in it? What is the name of the INI file? What directory does it go in? Cheers, Trevor Sullivan From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of Todd Hemsell Sent: Friday, March 7, 2014 1:30 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: Re: [mssms] RE: Task Sequence wizard asks to remove CD and reboot in the iso. there is an ini file. On Fri, Mar 7, 2014 at 1:12 PM, Trevor Sullivan tsul...@gmail.commailto:tsul...@gmail.com wrote: In what INI file? Can you be more specific? Cheers, Trevor Sullivan From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of Todd Hemsell Sent: Friday, March 7, 2014 1:04 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: Re: [mssms] RE: Task Sequence wizard asks to remove CD and reboot it is a lot easier just to set automatic=1 in the ini file :-) On Fri, Mar 7, 2014 at 7:59 AM, Mike Dzikowski sccmlist-mikedzikow...@outlook.commailto:sccmlist-mikedzikow...@outlook.com wrote: +1 --- Original Message --- From: Trevor Sullivan tsul...@gmail.commailto:tsul...@gmail.com Sent: March 7, 2014 8:37 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: RE: [mssms] RE: Task Sequence wizard asks to remove CD and reboot Here’s an AutoIT script that I wrote, which clicks the Finish button for you automatically. The steps to use it are as follows: 1. Compile AutoIT script to executable 2. Embed AutoIT executable into boot image somewhere (eg. \Tools folder at the root) 3. Create a batch file or PowerShell script next to the AutoIT script that kicks off the executable asynchronously (it will hang / block in the background) 4. Enable the pre-execution hookhttp://blogs.technet.com/b/inside_osd/archive/2010/06/30/v-next-beta-1-feature-bootable-media-improvements-part-2.aspx on the Boot Image in the ConfigMgr console Cheers, Trevor Sullivan PowerShell Script Start-Process -FilePath $PSScriptRoot\AutoITScript.exe; Call the PowerShell script in the pre-execution hook using: powershell.exe -ExecutionPolicy Bypass -File x:\Tools\Launch-AutoITScript.ps1 AutoIT Script ; Author: Trevor Sullivan ;Date: 2011-10-28 ; Purpose: Automatically closes the Microsoft System Center Configuration Manager (ConfigMgr) ; OSD dialog that says Remove the CD and do not boot from CD. This dialog box ; appears when the currently running Windows PE boot image does not match the boot ; image, or match the latest version of the same boot image, assigned to the task ; sequence that you selected. ; ; This script should be launched asynchronously from the TsConfig.ini custom hook, ; such that it will run in the background until the dialog box appears, or the ; computer is otherwise rebooted. WinWait(Task Sequence Wizard, Remove the CD and do not boot from CD) WinActivate(Task Sequence Wizard) Send(!f) From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of Matt Wilkinson Sent: Friday, March 7, 2014 4:52 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: RE: [mssms] RE: Task Sequence wizard asks to remove CD and reboot Or the boot image on the DP has been updated and the hash doesn’t match. From: Niall Brady [mailto:any...@gmail.com] Sent: 07 March 2014 09:04 To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: Re: [mssms] RE: Task Sequence wizard asks to remove CD and reboot more thank likely someone has advertised/deployed a task sequence with a different architecture boot image to the same collection your computer is in, and that results in it first downloading the 'new' boot image, and then realising it needs the original boot image that is attached to the task sequence, once if realises the need to change it prompts you with the 'remove the CD message'. just click finish to continue or de-deploy the original TS with the correct boot image to the same collection. On Fri, Mar 7, 2014 at 8:46 AM, Andrew Craig andrew.cr...@syliance.commailto:andrew.cr...@syliance.com wrote: If the boot image you are booting from, i.e. in PXE/WDS or on Media, is
[mssms] Latitude E7240 Windows 8.1 restart issue.
Have you heard of any? The symptoms I can repro are as follows: Install Windows 8.1 (doesnt matter how I install, from vanilla cd or custom image.) Attempt to restart the machine. Windows finishes shutting down, however the hardware never completes the reboot. If i hold the power button until the machine turns off, then turn it back on, windows boots up like nothing happened. IE, it doesnt complain about being shutdown improperly. The customer I am working with has a case opened for this bug, and can get the case number if that would help. Sent from Windows Mail
Re: [mssms] UEFI boot 32 bit PXE
UEFI boot image must match the Processor Arch. so x64 cpu = x64 boot image x86 cpu = x86 boot image Sent from Windows Mail From: Matt Wilkinsonmailto:mwilkin...@lcb.ac.uk Sent: Monday, March 10, 2014 11:35 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com I’m trying to boot a 32bit uefi boot image. The pc has a 64bit processor. The problem is the pc’s were imaged using a 32 bit boot image to deploy a 64 bit OS. The pc’s in question were built with a standalone mdt 2012 u1 server. Which is fine when they were using the legacy part of the bios. But now when I UEFI pxe boo it boots to 32 bit image which fails. It gives an error Windows\System32\boot\winload.efi 0xc359 . Everything I read points to UEFi needing the same architecture as the os you want to deploy. We have task sequences available to pxe some with 32bit boot images and some with 64 bit images. The reason for this is that PC get re purposed onto different domains and sometime architectures. I can make all the boot images x64 or x86. I can’t pxe boot into x86 via uefi and then go into a 64 bit boot image. Using SCCM 2012 R2. I don’t want to use usb/cd boot images. _ This email has been scanned by the MessageLabs Email Security System on behalf of Leeds College of Building. For more information please visit http://www.symanteccloud.com _
Re: [mssms] Latitude E7240 Windows 8.1 restart issue.
Already running latest firmware. All current device drivers are installed. I have done a manual install of windows from source media, and installed all of the latest drivers from dell’s site. The issue still manifests . Issue only exists on Windows 8.1 (Windows 7 works fine), so its either a driver issue or firmware bug. Sent from Windows Mail From: Trevor Sullivanmailto:tsul...@gmail.com Sent: Monday, March 10, 2014 12:25 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Is there a firmware update available for this unit? That’s the first thing I’d check. Are all the appropriate device drivers installed on the device? Cheers, Trevor Sullivan From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of christopher.catl...@us.sogeti.com Sent: Monday, March 10, 2014 9:27 AM To: warren_b...@dell.com; mssms@lists.myitforum.com Subject: [mssms] Latitude E7240 Windows 8.1 restart issue. Have you heard of any? The symptoms I can repro are as follows: Install Windows 8.1 (doesnt matter how I install, from vanilla cd or custom image.) Attempt to restart the machine. Windows finishes shutting down, however the hardware never completes the reboot. If i hold the power button until the machine turns off, then turn it back on, windows boots up like nothing happened. IE, it doesnt complain about being shutdown improperly. The customer I am working with has a case opened for this bug, and can get the case number if that would help. Sent from Windows Mail
Re: [mssms] Latitude E7240 Windows 8.1 restart issue.
Legacy mode for both. Sent from Windows Mail From: Trevor Sullivanmailto:tsul...@gmail.com Sent: Monday, March 10, 2014 1:04 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Are you using BIOS compatibility mode or UEFI? If you change this setting, and install Windows accordingly, does the issue persist? Cheers, Trevor Sullivan From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of christopher.catl...@us.sogeti.com Sent: Monday, March 10, 2014 11:27 AM To: mssms@lists.myitforum.com Subject: Re: [mssms] Latitude E7240 Windows 8.1 restart issue. Already running latest firmware. All current device drivers are installed. I have done a manual install of windows from source media, and installed all of the latest drivers from dell’s site. The issue still manifests . Issue only exists on Windows 8.1 (Windows 7 works fine), so its either a driver issue or firmware bug. Sent from Windows Mail From: Trevor Sullivanmailto:tsul...@gmail.com Sent: Monday, March 10, 2014 12:25 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Is there a firmware update available for this unit? That’s the first thing I’d check. Are all the appropriate device drivers installed on the device? Cheers, Trevor Sullivan From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of christopher.catl...@us.sogeti.commailto:christopher.catl...@us.sogeti.com Sent: Monday, March 10, 2014 9:27 AM To: warren_b...@dell.commailto:warren_b...@dell.com; mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] Latitude E7240 Windows 8.1 restart issue. Have you heard of any? The symptoms I can repro are as follows: Install Windows 8.1 (doesnt matter how I install, from vanilla cd or custom image.) Attempt to restart the machine. Windows finishes shutting down, however the hardware never completes the reboot. If i hold the power button until the machine turns off, then turn it back on, windows boots up like nothing happened. IE, it doesnt complain about being shutdown improperly. The customer I am working with has a case opened for this bug, and can get the case number if that would help. Sent from Windows Mail
RE: [mssms] RE: Task Sequence wizard asks to remove CD and reboot
Todd, might you be kind enough to enlighten the group as to the name of the ini file. Christopher Catlett Consultant | Detroit [MCTS_2013_small] Sogeti USA Office 248-876-9738 |Fax 877.406.9647 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456 www.us.sogeti.comhttp://www.us.sogeti.com/ From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Todd Hemsell Sent: Friday, March 07, 2014 4:58 PM To: mssms@lists.myitforum.com Subject: Re: [mssms] RE: Task Sequence wizard asks to remove CD and reboot It is in there, just crack it open and look. If it is boot media it is in the iso root, if a wim then someplace else. On Fri, Mar 7, 2014 at 1:51 PM, Trevor Sullivan tsul...@gmail.commailto:tsul...@gmail.com wrote: In what ISO file? Does the INI file have to have a specific heading in it? What is the name of the INI file? What directory does it go in? Cheers, Trevor Sullivan From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of Todd Hemsell Sent: Friday, March 7, 2014 1:30 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: Re: [mssms] RE: Task Sequence wizard asks to remove CD and reboot in the iso. there is an ini file. On Fri, Mar 7, 2014 at 1:12 PM, Trevor Sullivan tsul...@gmail.commailto:tsul...@gmail.com wrote: In what INI file? Can you be more specific? Cheers, Trevor Sullivan From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of Todd Hemsell Sent: Friday, March 7, 2014 1:04 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: Re: [mssms] RE: Task Sequence wizard asks to remove CD and reboot it is a lot easier just to set automatic=1 in the ini file :-) On Fri, Mar 7, 2014 at 7:59 AM, Mike Dzikowski sccmlist-mikedzikow...@outlook.commailto:sccmlist-mikedzikow...@outlook.com wrote: +1 --- Original Message --- From: Trevor Sullivan tsul...@gmail.commailto:tsul...@gmail.com Sent: March 7, 2014 8:37 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: RE: [mssms] RE: Task Sequence wizard asks to remove CD and reboot Here's an AutoIT script that I wrote, which clicks the Finish button for you automatically. The steps to use it are as follows: 1. Compile AutoIT script to executable 2. Embed AutoIT executable into boot image somewhere (eg. \Tools folder at the root) 3. Create a batch file or PowerShell script next to the AutoIT script that kicks off the executable asynchronously (it will hang / block in the background) 4. Enable the pre-execution hookhttp://blogs.technet.com/b/inside_osd/archive/2010/06/30/v-next-beta-1-feature-bootable-media-improvements-part-2.aspx on the Boot Image in the ConfigMgr console Cheers, Trevor Sullivan PowerShell Script Start-Process -FilePath $PSScriptRoot\AutoITScript.exe; Call the PowerShell script in the pre-execution hook using: powershell.exe -ExecutionPolicy Bypass -File x:\Tools\Launch-AutoITScript.ps1 AutoIT Script ; Author: Trevor Sullivan ;Date: 2011-10-28 ; Purpose: Automatically closes the Microsoft System Center Configuration Manager (ConfigMgr) ; OSD dialog that says Remove the CD and do not boot from CD. This dialog box ; appears when the currently running Windows PE boot image does not match the boot ; image, or match the latest version of the same boot image, assigned to the task ; sequence that you selected. ; ; This script should be launched asynchronously from the TsConfig.ini custom hook, ; such that it will run in the background until the dialog box appears, or the ; computer is otherwise rebooted. WinWait(Task Sequence Wizard, Remove the CD and do not boot from CD) WinActivate(Task Sequence Wizard) Send(!f) From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of Matt Wilkinson Sent: Friday, March 7, 2014 4:52 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: RE: [mssms] RE: Task Sequence wizard asks to remove CD and reboot Or the boot image on the DP has been updated and the hash doesn't match. From: Niall Brady [mailto:any...@gmail.com] Sent: 07 March 2014 09:04 To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: Re: [mssms] RE: Task Sequence wizard asks to remove CD and reboot more thank likely someone has advertised/deployed a task sequence with a different architecture boot image to the same collection your computer is in, and that results in it first downloading the 'new' boot image, and then realising it needs the original boot image that is attached to the task sequence, once if realises the
Re: [mssms] Client Policy for BITS does not apply
Unset the local policy. Do a Machine Policy refresh. If the settings are set back, its configmgr if not, do a gpupdate, and see what the results of a gpresult after that. Sent from Windows Mail From: Lindenfeld, Ivanmailto:ivan.lindenf...@fnf.com Sent: Wednesday, March 5, 2014 3:27 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com The symptom I see is the Client policy for workstations is set to “No” for limiting BITS bandwidth. The applied policy as seen in GPResult has this set to “Yes” with the remainder of the BITS settings set to default settings from the Client settings. These settings may be the default for this policy, so they don’t necessarily come from SCCM Client settings. The PC is a new build. SCCM Client was installed once. All of the other client settings are correct comparing GPResult or the registry to Client Policy. In GPResult, the winning policy is Local Group Policy. I believe it would say this if SCCM Client applied the policy or if it didn’t and was the default. I do not want BITS limiting. How can I prove what’s stuck? Thank ye. Ivan Lindenfeld Manager, Enterprise Deployment/SCCM Fidelity National Financial | Jacksonville, Florida
Re: [mssms] User logs out during package based install
If “Installer.exe” launches while a user is logged in, are any child processes spawned as the user? Sent from Windows Mail From: Miller, Toddmailto:todd-mil...@uiowa.edu Sent: Monday, March 3, 2014 4:39 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com I have a package (old style) that I am using SCCM to deploy. The advertisement is set to run whether or not a user is logged in, is set to run with admin rights and is set to allow interaction with the user. The advertisement runs a program called Installer.exe which is a custom Autoit script. When installer.exe kicks off according to the advertisement, Installer.exe can be seen running as SYSTEM, as expected. This is verified by Taskmgr and PSList. If the user logs out while Installer.exe is running, then the process exits. This is unexpected. Do you happen to know, if a user logs out while an advertisement is running, should I expect SCCM to kill the process? What do you think might be killing the EXE? The user doesn’t have rights to the process, so I don’t think their logout should be effecting the process, but it seems like it does. Notice: This UI Health Care e-mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and may be legally privileged. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. Please reply to the sender that you have received the message in error, then delete it. Thank you.
Re: [mssms] How to Handle Flash Major Version Updates
scup here, so simple to do. Sent from Windows Mail From: jmar...@babc.commailto:jmar...@babc.com Sent: Tuesday, March 4, 2014 10:23 AM To: mssms@lists.myitforum.commailto:mssms@lists.myITforum.com How are others performing major version updates of Flash and Reader? Software updates via SCUP using a custom catalog or normal software distribution? Anyone have a good article on how to do this? John Marcum MCTP, MCTS, MCSA Sr. Desktop Architect Bradley Arant Boult Cummings LLP [H_Logo] Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e-mail and then delete it from your computer. inline: image001.png
RE: [mssms] Is it possible to stop a timed reboot?
Shutdown /a Christopher Catlett Consultant | Detroit [MCTS_2013_small] Sogeti USA Office 248-876-9738 |Fax 877.406.9647 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456 www.us.sogeti.comhttp://www.us.sogeti.com/ From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Daniel Ratliff Sent: Friday, February 28, 2014 12:46 PM To: mssms@lists.myitforum.com Subject: RE: [mssms] Is it possible to stop a timed reboot? If this is ConfigMgr prompting the reboot though, you may have to remove the deployment before it reboots. Make sure the machines update policy as well so they know not to run. Daniel Ratliff From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Trevor Sullivan Sent: Friday, February 28, 2014 12:41 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: RE: [mssms] Is it possible to stop a timed reboot? You should be able to abort timed shutdowns using shutdown.exe -a. Cheers, Trevor Sullivan From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Chris Carbone Sent: Friday, February 28, 2014 11:37 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] Is it possible to stop a timed reboot? I deployed IE9 to all of our production servers and set timers of when these deployments should go off. Two of them worked correctly while the other ten decided to deploy whenever they wanted. Now on these ten servers there's a message that the server will reboot in x amount of hours. Is there a way I can stop this reboot from happening? Thanks, Chris Carbone IT Department Fairmount Minerals Ltd. Office: 440-285-3132 x50263 Service desk: 440-279-0224 This electronic mail transmission may contain confidential information intended only for the use of the individual(s) identified as addressee(s). If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or the taking of any action in reliance on the contents of this electronic mail transmission is strictly prohibited. If you have received this transmission in error, please notify me by telephone immediately. The information transmitted is intended only for the person or entity to which it is addressed and may contain CONFIDENTIAL material. If you receive this material/information in error, please contact the sender and delete or destroy the material/information. inline: image001.jpg
[mssms] RE: Windows 8.1: Setting Desktop background via Preference.
The background color, that is shown if your wallpaper image is smaller than the screen resolution of your monitor. The default is black. Christopher Catlett Consultant | Detroit [MCTS_2013_small] Sogeti USA Office 248-876-9738 |Fax 877.406.9647 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456 www.us.sogeti.comhttp://www.us.sogeti.com/ From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of King, Jason Sent: Friday, February 21, 2014 10:10 AM To: mssms@lists.myitforum.com Subject: [mssms] RE: Windows 8.1: Setting Desktop background via Preference. The desktop background or the lock screen/Start Menu? I am working on both. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jason King | Solutions Design Team Telephone: 248.853.4841 From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of christopher.catl...@us.sogeti.commailto:christopher.catl...@us.sogeti.com Sent: Friday, February 21, 2014 10:03 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] Windows 8.1: Setting Desktop background via Preference. Anyone messed with this? I found a single link: http://www.winhelponline.com/blog/find-current-wallpaper-file-path-windows-8/https://urldefense.proofpoint.com/v1/url?u=http://www.winhelponline.com/blog/find-current-wallpaper-file-path-windows-8/k=DRaZFQufJSh%2Bz2CJu01vGA%3D%3D%0Ar=EP6UuLzy5Kkj6OM7S%2FXJ%2Fg%3D%3D%0Am=rHTJg0cV2fycscfkH6RSTIMBpG4%2FmEqs7RxOoZp%2BA1E%3D%0As=b9a217a4123652daa687df9dde86aa278759380606a040812491ce69174353d4 Looks like this will be a pain. Christopher Catlett Consultant | Detroit [MCTS_2013_small] Sogeti USA Office 248-876-9738 |Fax 877.406.9647 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456 www.us.sogeti.comhttps://urldefense.proofpoint.com/v1/url?u=http://www.us.sogeti.com/k=DRaZFQufJSh%2Bz2CJu01vGA%3D%3D%0Ar=EP6UuLzy5Kkj6OM7S%2FXJ%2Fg%3D%3D%0Am=rHTJg0cV2fycscfkH6RSTIMBpG4%2FmEqs7RxOoZp%2BA1E%3D%0As=988f3df0b56000ce02e0726d8517635e1c5865d63e8e534bbe04d46708e3a6e6 CONFIDENTIALITY NOTICE: This email contains information from the sender that may be CONFIDENTIAL, LEGALLY PRIVILEGED, PROPRIETARY or otherwise protected from disclosure. This email is intended for use only by the person or entity to whom it is addressed. If you are not the intended recipient, any use, disclosure, copying, distribution, printing, or any action taken in reliance on the contents of this email, is strictly prohibited. If you received this email in error, please contact the sending party by reply email, delete the email from your computer system and shred any paper copies. Note to Patients: There are a number of risks you should consider before using e-mail to communicate with us. See our Privacy Security page on www.henryford.comhttp://www.henryford.com for more detailed information as well as information concerning MyChart, our new patient portal. If you do not believe that our policy gives you the privacy and security protection you need, do not send e-mail or Internet communications to us. inline: image001.jpg
Re: [mssms] RE: Windows 8.1: Setting Desktop background via Preference.
To add a level of complication. Setting a wallpaper that is ~600x600 (client company logo) Need to set the background color to be the same as the edges of the image, and set the image to center vs stretch. Of course win8 isn't honoring any of the reg keys that work in prior versions. /sigh Sent from Windows Mail From: King, Jasonmailto:jkin...@hfhs.org Sent: Friday, February 21, 2014 1:32 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com I usually just stretch the image so that doesn’t show. SO you just want the Desktop background not the Start screen background correct? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jason King | Solutions Design Team Telephone: 248.853.4841 From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of christopher.catl...@us.sogeti.com Sent: Friday, February 21, 2014 10:55 AM To: mssms@lists.myitforum.com Subject: [mssms] RE: Windows 8.1: Setting Desktop background via Preference. The background color, that is shown if your wallpaper image is smaller than the screen resolution of your monitor. The default is black. Christopher Catlett Consultant | Detroit [MCTS_2013_small] Sogeti USA Office 248-876-9738 |Fax 877.406.9647 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456 www.us.sogeti.comhttps://urldefense.proofpoint.com/v1/url?u=http://www.us.sogeti.com/k=DRaZFQufJSh%2Bz2CJu01vGA%3D%3D%0ar=EP6UuLzy5Kkj6OM7S/XJ/g%3D%3D%0am=rlV2ORYjouqy4F%2Br383LjRz8Kf2pxJbdkPRv4yZnL1E%3D%0as=b469e881ebfac8fbe782cf700c2ce8f7e747ab621cbf04df894e2feb089eb256 From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of King, Jason Sent: Friday, February 21, 2014 10:10 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] RE: Windows 8.1: Setting Desktop background via Preference. The desktop background or the lock screen/Start Menu? I am working on both. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jason King | Solutions Design Team Telephone: 248.853.4841 From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of christopher.catl...@us.sogeti.commailto:christopher.catl...@us.sogeti.com Sent: Friday, February 21, 2014 10:03 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] Windows 8.1: Setting Desktop background via Preference. Anyone messed with this? I found a single link: http://www.winhelponline.com/blog/find-current-wallpaper-file-path-windows-8/https://urldefense.proofpoint.com/v1/url?u=http://www.winhelponline.com/blog/find-current-wallpaper-file-path-windows-8/k=DRaZFQufJSh%2Bz2CJu01vGA%3D%3D%0ar=EP6UuLzy5Kkj6OM7S/XJ/g%3D%3D%0am=rHTJg0cV2fycscfkH6RSTIMBpG4/mEqs7RxOoZp%2BA1E%3D%0as=b9a217a4123652daa687df9dde86aa278759380606a040812491ce69174353d4 Looks like this will be a pain. Christopher Catlett Consultant | Detroit [MCTS_2013_small] Sogeti USA Office 248-876-9738 |Fax 877.406.9647 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456 www.us.sogeti.comhttps://urldefense.proofpoint.com/v1/url?u=http://www.us.sogeti.com/k=DRaZFQufJSh%2Bz2CJu01vGA%3D%3D%0ar=EP6UuLzy5Kkj6OM7S/XJ/g%3D%3D%0am=rHTJg0cV2fycscfkH6RSTIMBpG4/mEqs7RxOoZp%2BA1E%3D%0as=988f3df0b56000ce02e0726d8517635e1c5865d63e8e534bbe04d46708e3a6e6 CONFIDENTIALITY NOTICE: This email contains information from the sender that may be CONFIDENTIAL, LEGALLY PRIVILEGED, PROPRIETARY or otherwise protected from disclosure. This email is intended for use only by the person or entity to whom it is addressed. If you are not the intended recipient, any use, disclosure, copying, distribution, printing, or any action taken in reliance on the contents of this email, is strictly prohibited. If you received this email in error, please contact the sending party by reply email, delete the email from your computer system and shred any paper copies. Note to Patients: There are a number of risks you should consider before using e-mail to communicate with us. See our Privacy Security page on www.henryford.comhttps://urldefense.proofpoint.com/v1/url?u=http://www.henryford.comk=DRaZFQufJSh%2Bz2CJu01vGA%3D%3D%0ar=EP6UuLzy5Kkj6OM7S/XJ/g%3D%3D%0am=rlV2ORYjouqy4F%2Br383LjRz8Kf2pxJbdkPRv4yZnL1E%3D%0as=3ad8314bd52808334d9426d1fcb7a5d2726498089e6f5eec98e2e0f5c99263cf for more detailed information as well as information concerning MyChart, our new patient portal. If you do not believe that our policy gives you the privacy and security protection you need, do not send e-mail or Internet communications to us. inline: image001.jpg
[mssms] RE: Instructions for a team member to properly figure out which drivers to add to boot wim when new model comes in
Yes the hardware it, should be in the inf from the driver. From: listsad...@lists.myitforum.com [listsad...@lists.myitforum.com] on behalf of Burke, John [john.bu...@bellaliant.ca] Sent: Tuesday, February 18, 2014 10:37 AM To: mssms@lists.myitforum.com Subject: [mssms] RE: Instructions for a team member to properly figure out which drivers to add to boot wim when new model comes in yeah i explained that to him, but he seems to get really lost. So basically i was correct in that he needs that hardware id. Then he should look for it in the inf files, If eh goes to the HP sight for example - and downloads the drivers, those hardware id's should be in those inf files correct? From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Schwan, Phil Sent: Tuesday, February 18, 2014 10:16 AM To: mssms@lists.myitforum.com Subject: [mssms] RE: Instructions for a team member to properly figure out which drivers to add to boot wim when new model comes in The vast majority of your machines are going to come preloaded with an OEM Windows OS that includes all of the drivers. I would typically boot that as soon as I received it, go into Device Manager, and record the Hardware ID for the mass storage controller and NIC at a minimum (usually audio, display and a few other usual suspects as well). Once you have the Hardware ID, you can do a text search of the .inf driver files you already have included and see if it is already included. If you have command prompts support in your boot image (which you should), you can also use the drvload utility (http://technet.microsoft.com/en-us/library/cc766390(v=ws.10).aspx) to test drivers and find the one that works best. Hope that helps! -Phil _ Phil Schwan | Technical Architect, Enterprise Windows Services Project Leadership Associates | 2000 Town Center, Suite 1900, Southfield, MI 48075 Lync: 312.756.1626 Mobile: 419.262.5133 www.projectleadership.nethttp://www.projectleadership.net/ [Description: Description: Description: Arrow email]Lead with Strategy. Leverage Technology. Deliver Results. [linkedin_logo-19x20]http://www.linkedin.com/in/philschwan[Twitter-Logo1-20x20]https://twitter.com/philschwan [wordpress-logo3] http://myitforum.com/myitforumwp/author/philschwan From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Burke, John Sent: Tuesday, February 18, 2014 9:03 AM To: mssms@lists.myitforum.com Subject: [mssms] Instructions for a team member to properly figure out which drivers to add to boot wim when new model comes in it's taking months to get a new model supported and I've been able to help when I have time, but I was hoping there was a sigh that had the step by steps for figuring out exactly which mass storage, and which network drivers to add into the boot wim and sccm catalog of sccm 2007. It would really really help. PRIVILEGED AND CONFIDENTIAL. This email and any files transmitted with it are privileged and confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender. If you are not the named addressee you should not disseminate, distribute or copy this e-mail or any of its attachments. inline: image001.jpginline: image002.jpginline: image003.jpginline: image004.jpg
[mssms] RE: MBAM 2.0 ConfigMgr Integrated, keep my data w/ SP1
Do you know if anything changed with 2.0 SP1 as far as data retention? Mainly if a dual install is still needed? Also, did you find anything official on that from MS?
[mssms] RE: Migrate MDT 2012 to 2013
You must be running 2012u1, according to the support documentation. Christopher Catlett Consultant | Detroit [MCTS_2013_small] Sogeti USA Office 248-876-9738 |Fax 877.406.9647 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456 www.us.sogeti.comhttp://www.us.sogeti.com/ From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael Gouldthorp Sent: Friday, February 14, 2014 2:00 PM To: mssms@lists.myitforum.com Subject: [mssms] RE: Migrate MDT 2012 to 2013 Can you upgrade MDT directly from 2012 to 2013? Or do you first need to update from MDT 2012 -- MDT 2012 U1 -- MDT 2013? Thanks, Mike From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of christopher.catl...@us.sogeti.commailto:christopher.catl...@us.sogeti.com Sent: Thursday, February 13, 2014 9:14 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] RE: Migrate MDT 2012 to 2013 Build your new server, with MDT 2013 Copy your existing deploymentshare folder to it. Open that share in MDT2013 and it will ask you to update it, do so. Your Deploymentshare has now been updated. Christopher Catlett Consultant | Detroit [MCTS_2013_small] Sogeti USA Office 248-876-9738 |Fax 877.406.9647 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456 www.us.sogeti.comhttp://www.us.sogeti.com/ From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Stuart Watret Sent: Thursday, February 13, 2014 6:52 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] Migrate MDT 2012 to 2013 I'd like to build a new server for MDT2013, but I'd like my investment of time and effort in 2012 to be realised. Obviously I can't link 2013 to 2012, so what are the strategies for driver/folder migration when a new box is required? I could upgrade the existing then link them, but I need to retain some legacy xp build capabilitires. Ta Stuart Watret Offshore - IT Ltd inline: image001.jpg
RE: [mssms] RE: Patch progress report?
I'd export the report daily out to another table, or spreadsheets, then just build your monthly report pulling in those data sources. Christopher Catlett Consultant | Detroit [MCTS_2013_small] Sogeti USA Office 248-876-9738 |Fax 877.406.9647 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456 www.us.sogeti.comhttp://www.us.sogeti.com/ From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Mote, Todd Sent: Friday, February 14, 2014 2:34 PM To: mssms@lists.myitforum.com Subject: RE: [mssms] RE: Patch progress report? I think that's going to be hard to do with what's in the box. The report would either have to run all the time because you're querying the same values from day to day, and they change from day to day, or you'd have to write them out somewhere then go get them again to build the report... kinda messy it seems. You could do it, but you'd probably have to have your own DB table or separate DB to do it. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike Sent: Friday, February 14, 2014 11:24 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: RE: [mssms] RE: Patch progress report? What I need is a report that shows day by day patch installation progress like my table below. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Eswar Koneti Sent: Thursday, February 13, 2014 11:16 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: RE: [mssms] RE: Patch progress report? How about this ? http://eskonr.com/2014/02/configmgr-ssrs-report-patch-compliance-statistics-last-30-days/ Eswar Koneti Configmgr Consultant www.eskonr.comhttp://www.eskonr.com --- From: mmur...@csuchico.edumailto:mmur...@csuchico.edu To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Date: Thu, 13 Feb 2014 10:09:54 -0800 Subject: [mssms] RE: Patch progress report? : bump : From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike Sent: Wednesday, February 12, 2014 8:56 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] Patch progress report? I asked this a long time ago, not sure if someone has managed to come up with a solution. I keep an Excel sheet to track the progress of patches each month (see below). Does anyone have a report where I could input a date range and have it report similar data (progress each day). I'd like it to display all patches for the month if possible as well. [cid:image003.png@01CF2992.597ECD00] Best Regards, Mike Murray Desktop Management Coordinator - IT Support Services California State University, Chico 530.898.4357 mmur...@csuchico.edumailto:mmur...@csuchico.edu inline: image002.jpginline: image003.png
[mssms] RE: Migrate MDT 2012 to 2013
Build your new server, with MDT 2013 Copy your existing deploymentshare folder to it. Open that share in MDT2013 and it will ask you to update it, do so. Your Deploymentshare has now been updated. Christopher Catlett Consultant | Detroit [MCTS_2013_small] Sogeti USA Office 248-876-9738 |Fax 877.406.9647 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456 www.us.sogeti.comhttp://www.us.sogeti.com/ From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Stuart Watret Sent: Thursday, February 13, 2014 6:52 AM To: mssms@lists.myitforum.com Subject: [mssms] Migrate MDT 2012 to 2013 I'd like to build a new server for MDT2013, but I'd like my investment of time and effort in 2012 to be realised. Obviously I can't link 2013 to 2012, so what are the strategies for driver/folder migration when a new box is required? I could upgrade the existing then link them, but I need to retain some legacy xp build capabilitires. Ta Stuart Watret Offshore - IT Ltd inline: image001.jpg
RE: [mssms] getting eula on x64 build
Yeah, I've had the xml get borked before. I never edit outside of the tool, so I haven't been able to figure out how it happens. Christopher Catlett Consultant | Detroit [MCTS_2013_small] Sogeti USA Office 248-876-9738 |Fax 877.406.9647 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456 www.us.sogeti.comhttp://www.us.sogeti.com/ From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Stuart Watret Sent: Friday, February 07, 2014 7:03 AM To: mssms@lists.myitforum.com Subject: Re: [mssms] getting eula on x64 build Re made the capture TS and that error is now gone. In its place I have working VM builds of the x64 image but failing physical builds complaining about something in the OOBE phase of the unattend file. Anyone seen that? Sent from a dog and bone. On 6 Feb 2014, at 15:09, christopher.catl...@us.sogeti.commailto:christopher.catl...@us.sogeti.com christopher.catl...@us.sogeti.commailto:christopher.catl...@us.sogeti.com wrote: Sounds like either you edited the wrong unattend.xml, or its using the wrong one. Christopher Catlett Consultant | Detroit image001.jpg Sogeti USA Office 248-876-9738 |Fax 877.406.9647 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456 www.us.sogeti.comhttp://www.us.sogeti.com/ From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of CESAR.ABREG0 Sent: Wednesday, February 05, 2014 9:46 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: Re: [mssms] getting eula on x64 build At what stage are you getting Eula? During, after build or at deployment time? It at deployment time, what are you using to deploy it, SCCM or MDT. I've never ran into this issue at build time that I can recall. Only time I experienced this when I was testing a custom XML for deployment. Cesar A. Meaning is NOT in words, but inside people! Dr. Myles Munroe My iPad takes half the blame for misspells. On Feb 5, 2014, at 6:36 AM, Stuart Watret stu...@offshore-it.co.ukmailto:stu...@offshore-it.co.uk wrote: Bump Sent from a dog and bone. On 4 Feb 2014, at 15:14, Stuart Watret stu...@offshore-it.co.ukmailto:stu...@offshore-it.co.uk wrote: Hi, Creating reference images in MDT for win 7 for ages, all good. Finally got round to create a x64 Win7Ent image; every time it builds I get the EULA, despite the hideeulapage being set to true. Any thoughts? Stuart Watret Offshore - IT Ltd inline: image001.jpg
RE: [mssms] getting eula on x64 build
Sounds like either you edited the wrong unattend.xml, or its using the wrong one. Christopher Catlett Consultant | Detroit [MCTS_2013_small] Sogeti USA Office 248-876-9738 |Fax 877.406.9647 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456 www.us.sogeti.comhttp://www.us.sogeti.com/ From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of CESAR.ABREG0 Sent: Wednesday, February 05, 2014 9:46 AM To: mssms@lists.myitforum.com Subject: Re: [mssms] getting eula on x64 build At what stage are you getting Eula? During, after build or at deployment time? It at deployment time, what are you using to deploy it, SCCM or MDT. I've never ran into this issue at build time that I can recall. Only time I experienced this when I was testing a custom XML for deployment. Cesar A. Meaning is NOT in words, but inside people! Dr. Myles Munroe My iPad takes half the blame for misspells. On Feb 5, 2014, at 6:36 AM, Stuart Watret stu...@offshore-it.co.ukmailto:stu...@offshore-it.co.uk wrote: Bump Sent from a dog and bone. On 4 Feb 2014, at 15:14, Stuart Watret stu...@offshore-it.co.ukmailto:stu...@offshore-it.co.uk wrote: Hi, Creating reference images in MDT for win 7 for ages, all good. Finally got round to create a x64 Win7Ent image; every time it builds I get the EULA, despite the hideeulapage being set to true. Any thoughts? Stuart Watret Offshore - IT Ltd inline: image001.jpg
RE: [mssms] Group Software Titles
Another way is to use a partner product. This has been a weak point in ConfigMgr for some time now. Christopher Catlett Consultant | Detroit [MCTS_2013_small] Sogeti USA Office 248-876-9738 |Fax 877.406.9647 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456 www.us.sogeti.comhttp://www.us.sogeti.com/ From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Jason Sandys Sent: Thursday, February 06, 2014 3:15 PM To: mssms@lists.myitforum.com Subject: RE: [mssms] Group Software Titles Sure, just use the custom labels in Asset Intelligence. This of course is a manually process, but is fairly quick and easy. J From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com on behalf of stefaniebur...@verizon.netmailto:stefaniebur...@verizon.net stefaniebur...@verizon.netmailto:stefaniebur...@verizon.net Sent: Thursday, February 6, 2014 2:06 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] Group Software Titles Hello I work in an organization that is using SCCM to track software inventory. The question has been asked is there a way to group like software titles for easier reporting. As it is now I get a new line for every product ID regardless if the the base product is the same. Adobe Acrobat 8.1 will display on several lines. Is there a way with query or script (or other methods) to group like software titles. Thanks Stefanie inline: image001.jpg
RE: [mssms] 2007 clients can discover the site code of 2012 site and then break
Are you publishing to AD? Christopher Catlett Consultant | Detroit [MCTS_2013_small] Sogeti USA Office 248-876-9738 |Fax 877.406.9647 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456 www.us.sogeti.comhttp://www.us.sogeti.com/ From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Stephen Owen Sent: Monday, February 03, 2014 4:27 PM To: mssms@lists.myitforum.com Subject: [mssms] 2007 clients can discover the site code of 2012 site and then break Hi guys, The problem is as described in the title, I'm building up a 2012 environment side-by-side a 2007 env. Recently, I was troubleshooting a 2007 client issue and noticed that when I clicked 'Discover' in Configuration Manager on the client that it was able to discover the site code of the 2012 site that serves that region. How can I keep this from happening? We're not going live for 2012 for quite some time, and this behavior is very undesirable. Thanks, inline: image001.jpg
RE: [mssms] 2007 clients can discover the site code of 2012 site and then break
If you publish it, they will find it. ;) Christopher Catlett Consultant | Detroit [MCTS_2013_small] Sogeti USA Office 248-876-9738 |Fax 877.406.9647 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456 www.us.sogeti.comhttp://www.us.sogeti.com/ From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Stephen Owen Sent: Monday, February 03, 2014 4:36 PM To: mssms@lists.myitforum.com Subject: Re: [mssms] 2007 clients can discover the site code of 2012 site and then break Yes. Should I not do this until I'm ready to go live with the new environment? On Mon, Feb 3, 2014 at 4:32 PM, christopher.catl...@us.sogeti.commailto:christopher.catl...@us.sogeti.com wrote: Are you publishing to AD? Christopher Catlett Consultant | Detroit [MCTS_2013_small] Sogeti USA Office 248-876-9738tel:248-876-9738 |Fax 877.406.9647tel:877.406.9647 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456 www.us.sogeti.comhttp://www.us.sogeti.com/ From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com] On Behalf Of Stephen Owen Sent: Monday, February 03, 2014 4:27 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] 2007 clients can discover the site code of 2012 site and then break Hi guys, The problem is as described in the title, I'm building up a 2012 environment side-by-side a 2007 env. Recently, I was troubleshooting a 2007 client issue and noticed that when I clicked 'Discover' in Configuration Manager on the client that it was able to discover the site code of the 2012 site that serves that region. How can I keep this from happening? We're not going live for 2012 for quite some time, and this behavior is very undesirable. Thanks, inline: image001.jpg
[mssms] RE: OT: VPro
Way to much work to implement... Unless you already have a full PKI in-place. Christopher Catlett Consultant | Detroit [MCTS_2013_small] Sogeti USA Office 248-876-9738 |Fax 877.406.9647 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456 www.us.sogeti.comhttp://www.us.sogeti.com/ From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Kent, Mark Sent: Monday, February 03, 2014 4:41 PM To: mssms@lists.myitforum.com Subject: [mssms] OT: VPro Just curious as to who is using this and whether they love it or hate it. Doesn't seem to be discussed much. Thanks! Mark Kent (MCP) Sr. Desktop Systems Engineer Computing Technology Services - SUNY Buffalo State inline: image001.jpg
RE: [mssms] DFL/FFl for CM 12 migration
Yes, but you will have to do the schema extensions. Christopher Catlett Consultant | Detroit [MCTS_2013_small] Sogeti USA Office 248-876-9738 |Fax 877.406.9647 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456 www.us.sogeti.comhttp://www.us.sogeti.com/ From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Brian McDonald Sent: Friday, January 31, 2014 11:20 AM To: mssms@lists.myitforum.com Subject: RE: [mssms] DFL/FFl for CM 12 migration But, I could still build a Windows Server 2012 R2 SCCM 2012 R2 Primary site, right? Brian From: tsul...@gmail.commailto:tsul...@gmail.com To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: RE: [mssms] DFL/FFl for CM 12 migration Date: Thu, 30 Jan 2014 16:47:26 -0600 Windows 2000 Support for Active Directory Domains All System Center 2012 Configuration Manager site systems must be members of a Windows Active Directory domain. The following table identifies the Windows Active directory domain functional level that is supported with each version of System Center 2012 Configuration Manager: Active Directory domain functional level Configuration Manager version Windows 2000 *System Center 2012 Configuration Manager with no service pack *System Center 2012 Configuration Manager with SP1 *System Center 2012 R2 Configuration Manager Windows Server 2003 *System Center 2012 Configuration Manager with no service pack *System Center 2012 Configuration Manager with SP1 *System Center 2012 R2 Configuration Manager Windows Server 2008 *System Center 2012 Configuration Manager with no service pack *System Center 2012 Configuration Manager with SP1 *System Center 2012 R2 Configuration Manager Windows Server 2008 R2 *System Center 2012 Configuration Manager with no service pack *System Center 2012 Configuration Manager with SP1 *System Center 2012 R2 Configuration Manager Windows Server 2012 *System Center 2012 Configuration Manager with SP1 *System Center 2012 R2 Configuration Manager Windows Server 2012 R2 *System Center 2012 R2 Configuration Manager -Original Message- From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Brian McDonald Sent: Thursday, January 30, 2014 4:31 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] DFL/FFl for CM 12 migration What is the lowest supported domain and forest functional level supported for an SCCm 2012 migration? Brian Sent from my iPhone inline: image001.jpg
RE: [mssms] Deploy Office 2013
Windows update catalog. https://blogs.technet.com/b/office_resource_kit/archive/2011/05/05/using-the-updates-folder-to-deploy-software-updates-with-an-office-2010-installation.aspx (Same steps for 2013) Christopher Catlett Consultant | Detroit [MCTS_2013_small] Sogeti USA Office 248-876-9738 |Fax 877.406.9647 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456 www.us.sogeti.comhttp://www.us.sogeti.com/ From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Gerlak, Matthew Sent: Thursday, January 30, 2014 10:31 AM To: mssms@lists.myitforum.com Subject: RE: [mssms] Deploy Office 2013 Guys, I have another question. For you all as well I am building an office 2013 deployment package and I want to include all the patches for office. From what I read you can copy the msp patch files to the updates folder and they will automatically be installed. Just wondering how you get all the MSP files. Anyone have any suggestions? Thanks Matt inline: image001.jpg
RE: [mssms] Deploy Office 2013
Some of the msp's will have the same names, just append a number to the end. (in date order, so older are lower number.) Christopher Catlett Consultant | Detroit [MCTS_2013_small] Sogeti USA Office 248-876-9738 |Fax 877.406.9647 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456 www.us.sogeti.comhttp://www.us.sogeti.com/ From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Gerlak, Matthew Sent: Thursday, January 30, 2014 10:51 AM To: mssms@lists.myitforum.com Subject: RE: [mssms] Deploy Office 2013 Thank you very much!! From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of christopher.catl...@us.sogeti.commailto:christopher.catl...@us.sogeti.com Sent: Thursday, January 30, 2014 10:46 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: RE: [mssms] Deploy Office 2013 Windows update catalog. https://blogs.technet.com/b/office_resource_kit/archive/2011/05/05/using-the-updates-folder-to-deploy-software-updates-with-an-office-2010-installation.aspx (Same steps for 2013) Christopher Catlett Consultant | Detroit [MCTS_2013_small] Sogeti USA Office 248-876-9738 |Fax 877.406.9647 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456 www.us.sogeti.comhttp://www.us.sogeti.com/ From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Gerlak, Matthew Sent: Thursday, January 30, 2014 10:31 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: RE: [mssms] Deploy Office 2013 Guys, I have another question. For you all as well I am building an office 2013 deployment package and I want to include all the patches for office. From what I read you can copy the msp patch files to the updates folder and they will automatically be installed. Just wondering how you get all the MSP files. Anyone have any suggestions? Thanks Matt inline: image001.jpg
RE: [mssms] Deploy Office 2013
Some of them aren't available through wsus, depending on what updates you need to apply. Christopher Catlett Consultant | Detroit [MCTS_2013_small] Sogeti USA Office 248-876-9738 |Fax 877.406.9647 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456 www.us.sogeti.comhttp://www.us.sogeti.com/ From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Roland Janus Sent: Thursday, January 30, 2014 11:03 AM To: mssms@lists.myitforum.com Subject: RE: [mssms] Deploy Office 2013 Or you just use the TS for the image creation where office gets installed (hint :)) and have software updates install them all. Would take care of new builds at least. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Harjit Dhaliwal Sent: Donnerstag, 30. Januar 2014 16:53 To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: Re: [mssms] Deploy Office 2013 Yes, that is correct. You add the .msp files into the Updates folder. MS Office Cummulative Updates are released every quarter. The process is tedious and requires some patience. http://blogs.technet.com/b/messaging_with_communications/archive/2014/01/02/q1-2014-current-cumulative-updates-for-office.aspx You'll need to download each individual CU, extract the zip which will expose the .glb file. Then, you'll need to extract the .msp from the .glb using the extract command. http://technet.microsoft.com/en-us/library/cc178995.aspx outlook2013-kb2737132-fullfile-x86-glb.exe /extract:c:\ExtractFiles Hope this helps. Details are found in the links I provided. -Harjit On 1/30/2014 10:31 AM, Gerlak, Matthew wrote: Guys, I have another question. For you all as well I am building an office 2013 deployment package and I want to include all the patches for office. From what I read you can copy the msp patch files to the updates folder and they will automatically be installed. Just wondering how you get all the MSP files. Anyone have any suggestions? Thanks Matt inline: image001.jpg
RE: [mssms] Deploy Office 2013
Yeah, mostly hotfixes. Christopher Catlett Consultant | Detroit [MCTS_2013_small] Sogeti USA Office 248-876-9738 |Fax 877.406.9647 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456 www.us.sogeti.comhttp://www.us.sogeti.com/ From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Roland Janus Sent: Thursday, January 30, 2014 11:22 AM To: mssms@lists.myitforum.com Subject: RE: [mssms] Deploy Office 2013 Which ones are you referring to? Hotfixes? What else? From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of christopher.catl...@us.sogeti.commailto:christopher.catl...@us.sogeti.com Sent: Donnerstag, 30. Januar 2014 17:16 To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: RE: [mssms] Deploy Office 2013 Some of them aren't available through wsus, depending on what updates you need to apply. Christopher Catlett Consultant | Detroit [MCTS_2013_small] Sogeti USA Office 248-876-9738 |Fax 877.406.9647 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456 www.us.sogeti.comhttp://www.us.sogeti.com/ From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Roland Janus Sent: Thursday, January 30, 2014 11:03 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: RE: [mssms] Deploy Office 2013 Or you just use the TS for the image creation where office gets installed (hint :)) and have software updates install them all. Would take care of new builds at least. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Harjit Dhaliwal Sent: Donnerstag, 30. Januar 2014 16:53 To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: Re: [mssms] Deploy Office 2013 Yes, that is correct. You add the .msp files into the Updates folder. MS Office Cummulative Updates are released every quarter. The process is tedious and requires some patience. http://blogs.technet.com/b/messaging_with_communications/archive/2014/01/02/q1-2014-current-cumulative-updates-for-office.aspx You'll need to download each individual CU, extract the zip which will expose the .glb file. Then, you'll need to extract the .msp from the .glb using the extract command. http://technet.microsoft.com/en-us/library/cc178995.aspx outlook2013-kb2737132-fullfile-x86-glb.exe /extract:c:\ExtractFiles Hope this helps. Details are found in the links I provided. -Harjit On 1/30/2014 10:31 AM, Gerlak, Matthew wrote: Guys, I have another question. For you all as well I am building an office 2013 deployment package and I want to include all the patches for office. From what I read you can copy the msp patch files to the updates folder and they will automatically be installed. Just wondering how you get all the MSP files. Anyone have any suggestions? Thanks Matt inline: image001.jpg
RE: [mssms] Deploy Office 2013
Depends on your environment. I had to widely deploy on hotfix at my last employer, so we baked it into the install. Instead of having to add a separate step to install the hotfix. Its also useful if you don't want to nuke your wsus server when doing mass installs. Christopher Catlett Consultant | Detroit [MCTS_2013_small] Sogeti USA Office 248-876-9738 |Fax 877.406.9647 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456 www.us.sogeti.comhttp://www.us.sogeti.com/ From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Roland Janus Sent: Thursday, January 30, 2014 11:37 AM To: mssms@lists.myitforum.com Subject: RE: [mssms] Deploy Office 2013 Figured, mostly not that important to go through that trouble, wouldn't you agree? From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of christopher.catl...@us.sogeti.commailto:christopher.catl...@us.sogeti.com Sent: Donnerstag, 30. Januar 2014 17:30 To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: RE: [mssms] Deploy Office 2013 Yeah, mostly hotfixes. Christopher Catlett Consultant | Detroit [MCTS_2013_small] Sogeti USA Office 248-876-9738 |Fax 877.406.9647 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456 www.us.sogeti.comhttp://www.us.sogeti.com/ From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Roland Janus Sent: Thursday, January 30, 2014 11:22 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: RE: [mssms] Deploy Office 2013 Which ones are you referring to? Hotfixes? What else? From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of christopher.catl...@us.sogeti.commailto:christopher.catl...@us.sogeti.com Sent: Donnerstag, 30. Januar 2014 17:16 To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: RE: [mssms] Deploy Office 2013 Some of them aren't available through wsus, depending on what updates you need to apply. Christopher Catlett Consultant | Detroit [MCTS_2013_small] Sogeti USA Office 248-876-9738 |Fax 877.406.9647 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456 www.us.sogeti.comhttp://www.us.sogeti.com/ From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Roland Janus Sent: Thursday, January 30, 2014 11:03 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: RE: [mssms] Deploy Office 2013 Or you just use the TS for the image creation where office gets installed (hint :)) and have software updates install them all. Would take care of new builds at least. From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Harjit Dhaliwal Sent: Donnerstag, 30. Januar 2014 16:53 To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: Re: [mssms] Deploy Office 2013 Yes, that is correct. You add the .msp files into the Updates folder. MS Office Cummulative Updates are released every quarter. The process is tedious and requires some patience. http://blogs.technet.com/b/messaging_with_communications/archive/2014/01/02/q1-2014-current-cumulative-updates-for-office.aspx You'll need to download each individual CU, extract the zip which will expose the .glb file. Then, you'll need to extract the .msp from the .glb using the extract command. http://technet.microsoft.com/en-us/library/cc178995.aspx outlook2013-kb2737132-fullfile-x86-glb.exe /extract:c:\ExtractFiles Hope this helps. Details are found in the links I provided. -Harjit On 1/30/2014 10:31 AM, Gerlak, Matthew wrote: Guys, I have another question. For you all as well I am building an office 2013 deployment package and I want to include all the patches for office. From what I read you can copy the msp patch files to the updates folder and they will automatically be installed. Just wondering how you get all the MSP files. Anyone have any suggestions? Thanks Matt inline: image001.jpg
RE: [mssms] Deploy Office 2013
Yeah, lync clients are under the office category. Christopher Catlett Consultant | Detroit [MCTS_2013_small] Sogeti USA Office 248-876-9738 |Fax 877.406.9647 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456 www.us.sogeti.comhttp://www.us.sogeti.com/ From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Tuomo Leppänen Sent: Thursday, January 30, 2014 11:57 AM To: mssms@lists.myitforum.com Subject: Re: [mssms] Deploy Office 2013 Are Lync Client updates here also? On 30.1.2014 17:53, Harjit Dhaliwal wrote: Yes, that is correct. You add the .msp files into the Updates folder. MS Office Cummulative Updates are released every quarter. The process is tedious and requires some patience. http://blogs.technet.com/b/messaging_with_communications/archive/2014/01/02/q1-2014-current-cumulative-updates-for-office.aspx You'll need to download each individual CU, extract the zip which will expose the .glb file. Then, you'll need to extract the .msp from the .glb using the extract command. http://technet.microsoft.com/en-us/library/cc178995.aspx outlook2013-kb2737132-fullfile-x86-glb.exe /extract:c:\ExtractFiles Hope this helps. Details are found in the links I provided. -Harjit On 1/30/2014 10:31 AM, Gerlak, Matthew wrote: Guys, I have another question. For you all as well I am building an office 2013 deployment package and I want to include all the patches for office. From what I read you can copy the msp patch files to the updates folder and they will automatically be installed. Just wondering how you get all the MSP files. Anyone have any suggestions? Thanks Matt inline: image001.jpg
RE: [mssms] Implement SCCM 2012 encryption with 3rd party CA?
A few companies to managed PKI for client certs. http://www.symantec.com/verisign/managed-pki-service http://www.digicert.com/managed-pki-ssl.htm?gclid=CN_ChtuoobwCFeg-MgodJC8A9A https://www.globalsign.com/enterprise-pki/ Christopher Catlett Consultant | Detroit Sogeti USA Office 248-876-9738 |Fax 877.406.9647 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456 www.us.sogeti.com -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Dzikowski, Michael Sent: Tuesday, January 28, 2014 11:26 AM To: mssms@lists.myitforum.com Subject: RE: [mssms] Implement SCCM 2012 encryption with 3rd party CA? 3rd party could be expensive for client certs... -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of John Sent: Tuesday, January 28, 2014 11:03 AM To: mssms@lists.myitforum.com Subject: [mssms] Implement SCCM 2012 encryption with 3rd party CA? Hi All, We are looking to set up a PKI to enable encryption in the SCCM 2012 environment, but unfortunately, we do not have a local CA. We use a 3rd party (GlobalSign) for our certificates, however, I'm not convinced they can provide the client certificates. Has anyone else managed to get this working with an external CA? I really need to know if this won't work and we're just chasing our tails. Essentially, my concern is this: When we set up a local CA to issue certificates, we do it by creating a template and allowing the clients to auto-enroll for the certificate, if we have a 3rd party CA, how does that mechanism work, if at all? Thanks in advance John
RE: [mssms] Client update from SP1 to R2
Is the folder empty? Christopher Catlett Consultant | Detroit [MCTS_2013_small] Sogeti USA Office 248-876-9738 |Fax 877.406.9647 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456 www.us.sogeti.comhttp://www.us.sogeti.com/ From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of David O'Brien Sent: Tuesday, January 28, 2014 2:16 PM To: mssms@lists.myitforum.com Subject: [mssms] Client update from SP1 to R2 Hi all, anyone came across the problem that the client update process from SP1 to R2 is not able to delete the start menu folder which points to the Software Center? This is happening to a lot of users in a current project of mine and people start to get confused. The ccmsetup.log actually says it's unable to delete the folder, but doesn't say why. --- David http://www.david-obrien.net inline: image001.jpg
[mssms] RE: WQL not showing same results?
I think Jeff Krueger @ HFHS ran into this same issue. Christopher Catlett Consultant | Detroit [MCTS_2013_small] Sogeti USA Office 248-876-9738 |Fax 877.406.9647 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456 www.us.sogeti.comhttp://www.us.sogeti.com/ From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Dzikowski, Michael Sent: Tuesday, January 28, 2014 3:00 PM To: mssms@lists.myitforum.com Subject: [mssms] WQL not showing same results? So, I have a collection that is query based. I get my results back and they don't seem to be what I expect. My query is a simple query for machines in an OU in AD. The collection is limited to All Systems. So, I took my WQL query and copied it and used the Queries node in the console to test it and I didn't limit the scope at all. The results were what I expected. What could cause the same WQL query to show different results (collection vs. query node in console)? inline: image001.jpg
RE: [mssms] Implement SCCM 2012 encryption with 3rd party CA?
With the PKI gateway from some of the vendors, you can enable auto-enrollment. Christopher Catlett Consultant | Detroit [MCTS_2013_small] Sogeti USA Office 248-876-9738 |Fax 877.406.9647 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456 www.us.sogeti.comhttp://www.us.sogeti.com/ From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Jason Sandys Sent: Tuesday, January 28, 2014 2:46 PM To: mssms@lists.myitforum.com Subject: RE: [mssms] Implement SCCM 2012 encryption with 3rd party CA? Not with certs purchased from a third-party (which is the main reason for this thread although I didn't state that in my answer). For certs issued using a Microsoft Enterprise PKI and a GPO with auto-enrollment and auto-renew enabled, yes. J From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of John M Sent: Tuesday, January 28, 2014 1:34 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: RE: [mssms] Implement SCCM 2012 encryption with 3rd party CA? Correct me if I'm wrong but wouldn't the client enrollment through the GPO cause the clients to automatically renew the cert when it expires? From: ja...@sandys.usmailto:ja...@sandys.us To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: RE: [mssms] Implement SCCM 2012 encryption with 3rd party CA? Date: Tue, 28 Jan 2014 19:08:10 + Also remember that the unique client cert per computer is not perpetual, you would have to repurchase all of those certs every year so it's even more expensive than you think. And how are you going to get the renewed certs out to clients? As for 8.1 managed via the Intune connector, be careful, it's not full management. You cannot do things like manage SCEP or push updates. J From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Lindenfeld, Ivan Sent: Tuesday, January 28, 2014 11:13 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: RE: [mssms] Implement SCCM 2012 encryption with 3rd party CA? The expense of the client certs made us pause. The project is not dead, but since you need a unique client cert per computer on the internet, it's expensive. My understanding is that the clients will NOT auto-enroll you will need to deploy an SCCM client and unique cert by hand to each internet computer. Too bad SCCM/Intune only lets you manage Windows 8.1 desktops on the internet. Ivan Lindenfeld Fidelity National Financial Jacksonville, Florida From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of John M Sent: Tuesday, January 28, 2014 11:58 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: RE: [mssms] Implement SCCM 2012 encryption with 3rd party CA? We use Globalsign, so far they are being helpful, but it's almost like I'm the first one to have ever asked for this. From: christopher.catl...@us.sogeti.commailto:christopher.catl...@us.sogeti.com To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: RE: [mssms] Implement SCCM 2012 encryption with 3rd party CA? Date: Tue, 28 Jan 2014 16:45:50 + A few companies to managed PKI for client certs. http://www.symantec.com/verisign/managed-pki-service http://www.digicert.com/managed-pki-ssl.htm?gclid=CN_ChtuoobwCFeg-MgodJC8A9A https://www.globalsign.com/enterprise-pki/ Christopher Catlett Consultant | Detroit Sogeti USA Office 248-876-9738 |Fax 877.406.9647 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456 www.us.sogeti.comhttp://www.us.sogeti.com -Original Message- From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Dzikowski, Michael Sent: Tuesday, January 28, 2014 11:26 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: RE: [mssms] Implement SCCM 2012 encryption with 3rd party CA? 3rd party could be expensive for client certs... -Original Message- From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of John Sent: Tuesday, January 28, 2014 11:03 AM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] Implement SCCM 2012 encryption with 3rd party CA? Hi All, We are looking to set up a PKI to enable encryption in the SCCM 2012 environment, but unfortunately, we do not have a local CA. We use a 3rd party (GlobalSign) for our certificates, however, I'm not convinced they can provide the client certificates. Has anyone else managed to get this working with an external CA? I really need to know if this won't work and we're just chasing our tails. Essentially, my concern is this: When we set up a local CA to
[mssms] RE: Adobe Updates Failures
Reader? Or Std/pro? Christopher Catlett Consultant | Detroit [MCTS_2013_small] Sogeti USA Office 248-876-9738 |Fax 877.406.9647 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456 www.us.sogeti.comhttp://www.us.sogeti.com/ From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Marcum, John Sent: Friday, January 24, 2014 10:11 AM To: SMS List (mssms@lists.myITforum.com) Subject: [mssms] Adobe Updates Failures Do others see high failure rates when deploying Adobe updates via SCUP/ConfigMgr? I average ~50% failures. John Marcum Sr. Desktop Architect Bradley Arant Boult Cummings LLP Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e-mail and then delete it from your computer. inline: image001.jpg
RE: [mssms] Re: [MDT-OSD] SCCM Imaging opening at General Mills.
Most HR policies regarding salary ranges. Christopher Catlett Consultant | Detroit [MCTS_2013_small] Sogeti USA Office 248-876-9738 |Fax 877.406.9647 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456 www.us.sogeti.comhttp://www.us.sogeti.com/ From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Dzikowski, Michael Sent: Friday, January 24, 2014 10:07 AM To: mssms@lists.myitforum.com Subject: RE: [mssms] Re: [MDT-OSD] SCCM Imaging opening at General Mills. I don't think the position itself requires a degree or should require a degree. However, some companies have HR requirements that say certain types of positions within a company, require degrees. Michael Dzikowski Senior Systems Engineer | Ally Technical Infrastructure - Windows Hosting [cid:image002.gif@01CDF887.776259A0] From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Jimmy Martin Sent: Thursday, January 23, 2014 4:19 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: RE: [mssms] Re: [MDT-OSD] SCCM Imaging opening at General Mills. I grew into my position too... degree in respiratory therapy :) but always a geek at heart From: listsad...@lists.myitforum.commailto:listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Rickym61 Sent: Thursday, January 23, 2014 3:13 PM To: mssms@lists.myitforum.commailto:mssms@lists.myitforum.com Subject: [mssms] Re: [MDT-OSD] SCCM Imaging opening at General Mills. Just curious why do most SCCM jobs require some form of degree? Surely there are quite a few SCCM/CM admins (senior/junior) ones out there without a degree, doesn't experience in the role count more than a degree? On Thursday, 23 January 2014, Richard Zuraff richard.zur...@genmills.commailto:richard.zur...@genmills.com wrote: We have an opening for a SCCM Imaging expert in Minneapolis, MN here at General Mills, Inc. If you know anyone that is qualified and looking, please pass along. http://jobs.generalmills.com/minneapolis/experienced/jobid4771117-image-management-technician-sccm-jobs Thanks This message and any files transmitted with it may contain legally privileged, confidential, or proprietary information. If you are not the intended recipient of this message, you are not permitted to use, copy, or forward it, in whole or in part without the express consent of the sender. Please notify the sender of the error by reply email, disregard the foregoing messages, and delete it immediately. P Please consider the environment before printing this email... inline: image002.jpginline: image003.png