RE: [mssms] RE: Thoughts on Office 365 in the Enterprise?

[Brian Illner]

Anyone else see Office 2019 attempt to sync up to their WSUS/CM servers?


Failed to sync O365 update with title "(Preview) Office 2019 Perpetual 
Enterprise Client Update Version 1801 for x86 based Edition (Build 9001.2138)".


BRIAN ILLNER | Canal Insurance Company
864.250.9227
864.679.2537 Fax

[cid:image001.jpg@01D3A003.8F3975D0]

Visit canalinsurance.com<http://canalinsurance.com> for news and information.

[cid:image002.jpg@01D3A003.8F3975D0]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Eric Morrison
Sent: Tuesday, February 6, 2018 3:05 PM
To: mssms@lists.myitforum.com; mssms@lists.myitforum.com
Subject: Re: [mssms] RE: Thoughts on Office 365 in the Enterprise?

That's what we're doing once we replace all of the users running Office 2013 
VL. We had an SAP excel add in challenge that was preventing us from upgrading 
all users to O365 proplus. But now that we've cleared that up we're going to 
move forward.

Probably will have to wrap it all in a TS to cover All for he scenarios. Our 
installs are pretty fragmented. Some Office 2010, some 2013, and some Proplus.

Get Outlook for iOS<https://aka.ms/o0ukef>

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
<listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>> on 
behalf of Mike Murray <mmur...@csuchico.edu<mailto:mmur...@csuchico.edu>>
Sent: Tuesday, February 6, 2018 12:37:51 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: RE: [mssms] RE: Thoughts on Office 365 in the Enterprise?

What channel are you all using in your settings? I'm leaning towards "Monthly".

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Eric Morrison
Sent: Thursday, February 1, 2018 5:34 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>; 
mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: Re: [mssms] RE: Thoughts on Office 365 in the Enterprise?

Sorry, wasn't that clear.

We were renewing our EA and converted/upgraded the perpetual licensing to user 
based with O365 for visio and project.

I can find the exact terminology if you'd like. But we only had a handful using 
those products so it wasn't that big of a deal for us.

Get Outlook for 
iOS<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Faka.ms%2Fo0ukef=02%7C01%7C%7C2092ee1844c94100645f08d56d9aa31c%7C84df9e7fe9f640afb435%7C1%7C0%7C636535433283260313=Ta8%2F43GNJuK4izr%2Br3XcqmgpIRgJU602klE9%2BXMiUlI%3D=0>

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
<listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>> on 
behalf of DonPick <don.l.pick...@gmail.com<mailto:don.l.pick...@gmail.com>>
Sent: Wednesday, January 31, 2018 2:45:03 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: RE: [mssms] RE: Thoughts on Office 365 in the Enterprise?

@Eric, "convert" ??  Do you mean, you bought new licenses, or you stepped-up or 
upgraded or some discounted trade-in deal from perpetual/per-device licenses -> 
subscription/per-user license for Visio/Project ?

Or, just that you are using the C2R form of VL instead of the MSI form of VL ?

Best Regards DonPick

From: Eric Morrison<mailto:eric.morri...@outlook.com>
Sent: Wednesday, 31 January 2018 3:29 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>; 
mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: Re: [mssms] RE: Thoughts on Office 365 in the Enterprise?

We converted those licenses as well so we can run the click-to-run versions of 
those products.

Get Outlook for 
iOS<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Faka.ms%2Fo0ukef=02%7C01%7C%7C06a25e3bbba6446d098e08d568ec6d06%7C84df9e7fe9f640afb435%7C1%7C0%7C6365302870

[mssms] Task Sequence download errors on Windows 1709 clients?

[Brian Illner]

<pre>ConfigMgr 1710 w/ hotfix

Has anyone run into any issues deploying task sequences to systems running 
Windows 10 1709?

Creating a TS for updating our Dell BIOS (when they vendors work out the 
issues) on all our workstations. Having to use TS because we have BitLocker AND 
a BIOS Admin password in operation.

One of my test laptops is failing when it attempts to download the MDT toolkit 
package. It appears to fail on the same file each time.

** I have two other test systems ( 1 laptop and 1 desktop) that ARE able to run 
this exact same TS using the exact same network connection and do not encounter 
this error.

I have already attempted to verify, redistribute and update the DP for that 
package.

Bits from the smsts.log on the one that is failing.


<![LOG[Cannot open source file 
c:\_smstasksequence\packages\cic001c0\servicing\x64\api-ms-win-core-apiquery-l1-1-0.dll,
 Win32 Error = 32]LOG]!><time="11:08:16.302+300" date="01-25-2018" 
component="InstallSoftware" context="" type="3" thread="10704" 
file="hashdir.cpp:247">
<![LOG[Failed to hash file, Win32 error = 32]LOG]!><time="11:08:16.302+300" 
date="01-25-2018" component="InstallSoftware" context="" type="3" 
thread="10704" file="hashdir.cpp:785">
<![LOG[Hash could not be matched for the downloded content. Original 
ContentHash = 44B67F9AD8C84AE6B7EDE87E171660FD453FDB3137E46D6C6BA1009F3439630F, 
Downloaded ContentHash = ]LOG]!><time="11:08:16.303+300" date="01-25-2018" 
component="InstallSoftware" context="" type="3" thread="10704" 
file="downloadcontent.cpp:2098">
<![LOG[0L == TS::Utility::VerifyPackageHash (pszContentID, sDestination), 
HRESULT=80091007 (..\resolvesource.cpp,3477)]LOG]!><time="11:08:16.303+300" 
date="01-25-2018" component="InstallSoftware" context="" type="0" 
thread="10704" file="resolvesource.cpp:3477">
<![LOG[DownloadContentAndVerifyHash() failed. 
80091007.]LOG]!><time="11:08:16.310+300" date="01-25-2018" 
component="InstallSoftware" context="" type="1" thread="10704" 
file="resolvesource.cpp:3493">
<![LOG[DownloadContentAndVerifyHash ( pszPackageID, L"SMSPackage", 
saHttpContentSources, saSMBContentSources, saMulticastContentSources, 
sDestination, dwFlags, L"", 0, dwPackageFlags, mapNetworkAccess ), 
HRESULT=80091007 (..\resolvesource.cpp,3582)]LOG]!><time="11:08:16.904+300" 
date="01-25-2018" component="InstallSoftware" context="" type="0" 
thread="10704" file="resolvesource.cpp:3582">
<![LOG[DownloadContentLocally (pszSource, sSourceDirectory, dwFlags, 
hUserToken, mapNetworkAccess), HRESULT=80091007 
(..\resolvesource.cpp,3803)]LOG]!><time="11:08:16.904+300" date="01-25-2018" 
component="InstallSoftware" context="" type="0" thread="10704" 
file="resolvesource.cpp:3803">
<![LOG[TS::Utility::ResolveSource (pszPkgID, sPath, 0, hUserToken, 
mapNetworkAccess), HRESULT=80091007 
(runcommandline.cpp,406)]LOG]!><time="11:08:16.904+300" date="01-25-2018" 
component="InstallSoftware" context="" type="0" thread="10704" 
file="runcommandline.cpp:406">
<![LOG[Failed to resolve the source for SMS PKGID=CIC001C0, 
hr=0x80091007]LOG]!><time="11:08:16.904+300" date="01-25-2018" 
component="InstallSoftware" context="" type="3" thread="10704" 
file="runcommandline.cpp:406">
<![LOG[cmd.Execute(pszPkgID, sProgramName, dwCmdLineExitCode), HRESULT=80091007 
(main.cpp,372)]LOG]!><time="11:08:16.904+300" date="01-25-2018" 
component="InstallSoftware" context="" type="0" thread="10704" 
file="main.cpp:372">
<![LOG[Install Software failed to run command line, 
hr=0x80091007]LOG]!><time="11:08:16.904+300" date="01-25-2018" 
component="InstallSoftware" context="" type="3" thread="10704" 
file="main.cpp:372">
<![LOG[Process completed with exit code 
2148077575]LOG]!><time="11:08:16.912+300" date="01-25-2018" 
component="TSManager" context="" type="1" thread="10020" 
file="CommandLine.cpp:1124">
<![LOG[!!]LOG]!><time="11:08:16.912+300"
 dat

[mssms] Randomly Dropped from List?

[Brian Illner]

Anyone else receive a "You cannot send to this list" error just out of the blue 
and have to subscribe all over again?

BRIAN ILLNER | Senior Systems Administrator
864.250.9227
864.679.2537 Fax

Canal Insurance Company
400 East Stone Avenue
Greenville, SC 29601
[cid:image001.jpg@01D38ACA.E4C551C0]

Visit canalinsurance.com<http://canalinsurance.com> for news and information.

[cid:image002.jpg@01D38ACA.E4C551C0]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.

RE: [mssms] What's the best way to deploy BIOS updates with SCCM these days?

[Brian Illner]

https://miketerrill.net/2017/09/10/configuration-manager-dynamic-drivers-bios-management-with-total-control-part-1/


BRIAN ILLNER | Canal Insurance Company
864.250.9227
864.679.2537 Fax

[cid:image001.jpg@01D389FA.0545DBD0]

Visit canalinsurance.com<http://canalinsurance.com> for news and information.

[cid:image002.jpg@01D389FA.0545DBD0]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Hyatt, Dewayne
Sent: Wednesday, January 10, 2018 9:42 AM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] What's the best way to deploy BIOS updates with SCCM these 
days?

I have had reasonable success using the SCUP catalog from our OEM (we are 
mostly Dell). Dell also has an application called Dell Command – Update that 
will handle BIOS updates gracefully on systems with Bitlocker. Maybe Lenovo has 
some similar offerings?

Good luck!

Dewayne

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Steve Whitcher
Sent: Wednesday, January 10, 2018 9:26 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] What's the best way to deploy BIOS updates with SCCM these 
days?

Searching online, I see various posts on deploying bios updates as an 
Application, a package w/ custom script, and as a task sequence.  What's the 
best method for this currently?

I'm working primarily with Lenovo sytems, if that makes a difference.

Steve

[mssms] RE: Confused - Spectre / Meltdown

[Brian Illner]

And this statement from Terry Myerson sounds to me like outside of the Hyper-V 
hosts, the Memory Management keys may only be needed in very specific cases:

https://cloudblogs.microsoft.com/microsoftsecure/2018/01/09/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems/


Windows Server customers, running either on-premises or in the cloud, also need 
to evaluate whether to apply additional security mitigations within each of 
their Windows Server VM guest or physical instances. These mitigations are 
needed when you are running untrusted code within your Windows Server instances 
(for example, you allow one of your customers to upload a binary or code 
snippet that you then run within your Windows Server instance) and you want to 
isolate the application binary or code to ensure it can't access memory within 
the Windows Server instance that it should not have access to. You do not need 
to apply these mitigations to isolate your Windows Server VMs from other VMs on 
a virtualized server, as they are instead only needed to isolate untrusted code 
running within a specific Windows Server instance.

BRIAN ILLNER | Canal Insurance Company
864.250.9227
864.679.2537 Fax

[cid:image001.jpg@01D38959.2D662580]

Visit canalinsurance.com<http://canalinsurance.com> for news and information.

[cid:image002.jpg@01D38959.2D662580]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Robert Spinelli
Sent: Tuesday, January 9, 2018 1:43 PM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Confused - Spectre / Meltdown

I agree, something isn't right.  I'm 99% sure those registry keys weren't in 
the article last week for workstation OS.

Rod, you got some pull with MS, ask them what the deal is.. hah.

Rob

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Brian Illner
Sent: Tuesday, January 9, 2018 11:48 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] RE: Confused - Spectre / Meltdown

My understanding was that those keys were just for the ServerOS?

I have a Dell laptop that I completed all the tasks for and it does not have 
the memory management keys and yet it shows as all green in SpeculationControl?

Come on MS, your information is changing hourly as each team contradicts the 
other

BRIAN ILLNER | Canal Insurance Company
864.250.9227
864.679.2537 Fax

[cid:image001.jpg@01D3894F.92DC01F0]

Visit canalinsurance.com<http://canalinsurance.com> for news and information.

[cid:image002.jpg@01D3894F.92DC01F0]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Kent, Mark
Sent: Tuesday, January 9, 2018 11:00 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] RE: Confused - Spectre / Meltdown

Yeah I see them at the bottom of 
https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in<https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in>

And they don't r

RE: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

[Brian Illner]

No errors in the offlineservicing log when I applied that update to a vanilla 
1607 wim from the MS source media.


[cid:image003.png@01D3894B.92D1C590]

BRIAN ILLNER | Canal Insurance Company
864.250.9227
864.679.2537 Fax

[cid:image001.jpg@01D3894B.92DA7820]

Visit canalinsurance.com<http://canalinsurance.com> for news and information.

[cid:image002.jpg@01D3894B.92DA7820]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Adam Juelich
Sent: Tuesday, January 9, 2018 10:42 AM
To: mssms@lists.myitforum.com
Subject: Re: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

This is a good question, Brian.

Let us know how it goes.

On Tue, Jan 9, 2018 at 8:11 AM, Brian Illner 
<brian.ill...@canal-ins.com<mailto:brian.ill...@canal-ins.com>> wrote:
Thanks Rod

This is outside of any AV considerations. We install our AV during an OSD task 
sequence instead of including it on the reference images.

I’m trying to find out if MS has (temporarily?) broken a basic feature of CM 
and MDT without manual administrator intervention because of this.

Going to fire up the test environment shortly to see what happens there.

BRIAN ILLNER | Canal Insurance Company
864.250.9227<tel:(864)%20250-9227>
864.679.2537<tel:(864)%20679-2537> Fax

[cid:image001.jpg@01D3894B.92DA7820]

Visit canalinsurance.com<http://canalinsurance.com> for news and information.

[cid:image002.jpg@01D3894B.92DA7820]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Rod Trent
Sent: Tuesday, January 9, 2018 8:23 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: RE: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

Setting that registry works in some situations – but not all.

There’s a master list of supported AV software:

http://myitforum.com/myitforumwp/2018/01/09/the-master-list-of-antivirus-compatibility-with-microsofts-meltdownspectre-patches/<http://myitforum.com/myitforumwp/2018/01/09/the-master-list-of-antivirus-compatibility-with-microsofts-meltdownspectre-patches/>

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Brian Illner
Sent: Tuesday, January 9, 2018 8:13 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: RE: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

Aaron – If setting that registry key is now mandatory for the time being for 
the security updates to install, how does that affect OS offline updates 
servicing in MDT and CM? Broken I assume without manually editing the WIM first 
for the key?

https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software<https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software>



BRIAN ILLNER | Canal Insurance Company
864.250.9227<tel:(864)%20250-9227>
864.679.2537<tel:(864)%20679-2537> Fax

[cid:image001.jpg@01D3894B.92DA7820]

Visit canalinsurance.com<http://canalinsurance.com> for 

RE: [mssms] RE: Confused - Spectre / Meltdown

[Brian Illner]

They updated their documentation. OverrideMask is supposed to be ‘3’ for BOTH 
enable and disable

BRIAN ILLNER | Canal Insurance Company
864.250.9227
864.679.2537 Fax

[cid:image001.jpg@01D3894B.4C9A9CF0]

Visit canalinsurance.com<http://canalinsurance.com> for news and information.

[cid:image002.jpg@01D3894B.4C9A9CF0]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Rajah, Zubair
Sent: Tuesday, January 9, 2018 1:03 PM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] RE: Confused - Spectre / Meltdown

In addition, anyone know if there is a typo on the second registry key 
(heighted belew) that needs to be set, seems like the value should be 0 …..

Switch | Registry Settings
To enable the fix
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session 
Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session 
Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v 
MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f
If this is a Hyper-V host: fully shutdown all Virtual Machines.
Restart the server for changes to take effect.

To disable this fix
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session 
Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 3 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session 
Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
Restart the server for the changes to take effect.
(There is no need to change MinVmVersionForCpuBasedMitigations.)



From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Adam Juelich
Sent: Tuesday, January 9, 2018 8:07 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: Re: [mssms] RE: Confused - Spectre / Meltdown


EXTERNAL: This is an external email received from the Internet. Report this 
message to s...@aramco.com<mailto:s...@aramco.com> if the email contains any 
suspicious content.




Workstation:

  1.  Registry Key set by A/V (or manually set based on A/V guidance)
  2.  Windows Update
  3.  BIOS/Firmware Update from vendor
Server:

  1.  Registry Key set by A/V (or manually set based on A/V guidance)
  2.  Window Update
  3.  Push Registry Keys (2 needed, the third is for Hypver-V Hosts - I believe)

 *   Test and monitor performance impact

  1.  BIOS/Firmware Update from vendor

That is my understanding thus far...

Good thing we have nothing else to do ;-)


On Tue, Jan 9, 2018 at 10:48 AM, Brian Illner 
<brian.ill...@canal-ins.com<mailto:brian.ill...@canal-ins.com>> wrote:
My understanding was that those keys were just for the ServerOS?

I have a Dell laptop that I completed all the tasks for and it does not have 
the memory management keys and yet it shows as all green in SpeculationControl?

Come on MS, your information is changing hourly as each team contradicts the 
other

BRIAN ILLNER | Canal Insurance Company
864.250.9227<tel:(864)%20250-9227>
864.679.2537<tel:(864)%20679-2537> Fax

[cid:image001.jpg@01D3894B.4C9A9CF0]

Visit canalinsurance.com<http://canalinsurance.com> for news and information.

[cid:image002.jpg@01D3894B.4C9A9CF0]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transm

[mssms] RE: Confused - Spectre / Meltdown

[Brian Illner]

My understanding was that those keys were just for the ServerOS?

I have a Dell laptop that I completed all the tasks for and it does not have 
the memory management keys and yet it shows as all green in SpeculationControl?

Come on MS, your information is changing hourly as each team contradicts the 
other

BRIAN ILLNER | Canal Insurance Company
864.250.9227
864.679.2537 Fax

[cid:image001.jpg@01D3893F.B60E45D0]

Visit canalinsurance.com<http://canalinsurance.com> for news and information.

[cid:image002.jpg@01D3893F.B60E45D0]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Kent, Mark
Sent: Tuesday, January 9, 2018 11:00 AM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Confused - Spectre / Meltdown

Yeah I see them at the bottom of 
https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in<https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in>

And they don't really say what they are for.

Keep refreshing the page, wait for an edit :)

Mark Kent
Manager, Client Systems Engineering
Technology Support Services
Resources for Information, Technology and Education (RITE)
http://rite.buffalostate.edu<http://rite.buffalostate.edu/>

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of SCCM FUN
Sent: Tuesday, January 9, 2018 10:02 AM
To: mssms@lists.myITforum.com<mailto:mssms@lists.myITforum.com>
Subject: [mssms] Confused - Spectre / Meltdown

Can anyone confirm the following?

Workstation/Servers - both need the AV key in order to do any patching going 
forward

Workstation
At one point in the MS article for workstation patching (4073119) I could of 
sworn there wasn't anything about having to making registry settings (except 
for AV) but now it looks like they added 2 registry keys.  Were these 2 reg 
keys always in the KB/needed?

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session 
Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session 
Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

Server
3 reg keys need to be added for the server patch to take effect.  Are you 
enabling this on all your servers or just the 3 use cases they list in their 
article (4072698).

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session 
Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session 
Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v 
MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f


Thanks

RE: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

[Brian Illner]

Thanks Rod

This is outside of any AV considerations. We install our AV during an OSD task 
sequence instead of including it on the reference images.

I’m trying to find out if MS has (temporarily?) broken a basic feature of CM 
and MDT without manual administrator intervention because of this.

Going to fire up the test environment shortly to see what happens there.

BRIAN ILLNER | Canal Insurance Company
864.250.9227
864.679.2537 Fax

[cid:image001.jpg@01D38929.C7F3E270]

Visit canalinsurance.com<http://canalinsurance.com> for news and information.

[cid:image002.jpg@01D38929.C7F3E270]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Rod Trent
Sent: Tuesday, January 9, 2018 8:23 AM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

Setting that registry works in some situations – but not all.

There’s a master list of supported AV software:

http://myitforum.com/myitforumwp/2018/01/09/the-master-list-of-antivirus-compatibility-with-microsofts-meltdownspectre-patches/<http://myitforum.com/myitforumwp/2018/01/09/the-master-list-of-antivirus-compatibility-with-microsofts-meltdownspectre-patches/>

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Brian Illner
Sent: Tuesday, January 9, 2018 8:13 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: RE: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

Aaron – If setting that registry key is now mandatory for the time being for 
the security updates to install, how does that affect OS offline updates 
servicing in MDT and CM? Broken I assume without manually editing the WIM first 
for the key?

https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software<https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software>



BRIAN ILLNER | Canal Insurance Company
864.250.9227
864.679.2537 Fax

[cid:image001.jpg@01D38929.C7F3E270]

Visit canalinsurance.com<http://canalinsurance.com> for news and information.

[cid:image002.jpg@01D38929.C7F3E270]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Aaron Czechowski
Sent: Monday, January 8, 2018 8:40 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: RE: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

We just published a blog post with a piece on SQL (in Config Manager 
infrastructure section): 
https://blogs.technet.microsoft.com/configurationmgr/2018/01/08/additional-guidance-to-mitigate-speculative-execution-side-channel-vulnerabilities/<https://blogs.technet.microsoft.com/configurationmgr/2018/01/08/additional-guidance-to-mitigate-speculative-execution-side-channel-vulnerabilities/>

Let me know if you have any further questions/comments.

Aaron


From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Sherry Kissinger
Sent: Monday, 8 January, 2018 11:52
To: mssms@lists

RE: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

[Brian Illner]

Aaron – If setting that registry key is now mandatory for the time being for 
the security updates to install, how does that affect OS offline updates 
servicing in MDT and CM? Broken I assume without manually editing the WIM first 
for the key?

https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software



BRIAN ILLNER | Canal Insurance Company
864.250.9227
864.679.2537 Fax

[cid:image001.jpg@01D38921.9BA4C7F0]

Visit canalinsurance.com<http://canalinsurance.com> for news and information.

[cid:image002.jpg@01D38921.9BA4C7F0]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Aaron Czechowski
Sent: Monday, January 8, 2018 8:40 PM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

We just published a blog post with a piece on SQL (in Config Manager 
infrastructure section): 
https://blogs.technet.microsoft.com/configurationmgr/2018/01/08/additional-guidance-to-mitigate-speculative-execution-side-channel-vulnerabilities/<https://blogs.technet.microsoft.com/configurationmgr/2018/01/08/additional-guidance-to-mitigate-speculative-execution-side-channel-vulnerabilities/>

Let me know if you have any further questions/comments.

Aaron


From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Sherry Kissinger
Sent: Monday, 8 January, 2018 11:52
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: Re: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

Have you read through this yet:  
https://support.microsoft.com/en-us/help/4073225/guidance-for-sql-server<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F4073225%2Fguidance-for-sql-server=02%7C01%7Caaron.czechowski%40microsoft.com%7C068f54ea2032472e831b08d556d2286e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636510383014781575=DTXKrzyNfoaNdIUhdBwRX5CYT%2BwDHVL5ME5639aRCU4%3D=0>
  ?
Keeping in mind that's the SQL recommendation, and there isn't (as far as I 
know), specific guidance from the ConfigMgr team regarding the SQL instances 
used for ConfigMgr.

My (probably incorrect) take on it...It doesn't matter WHAT version of SQL 16 
you have.  the first SQL 16 version which addresses the vulnerability is CU7 
for SP1.  So if you are at SQL 16 SP1 No CU, you would want to apply CU7--if 
your scenario fits one of the scenarios outlined in the guidance, AND you don't 
care about what the ConfigMgr team has-yet-to-publish for guidance so that you 
do not break your ConfigMgr SQL instance from working correctly.  If you are 
still using SQL 16 no SP, you'd update to SP1, and apply CU7.  That's my likely 
INCORRECT interpretation.  But that's why I'm just waiting for more info, and 
not trying to guess anything.

I personally plan on just "wait for more info" regarding ConfigMgr SQL 
information, from the ConfigMgr Team.

On Mon, Jan 8, 2018 at 12:39 PM, Brian Illner 
<brian.ill...@canal-ins.com<mailto:brian.ill...@canal-ins.com>> wrote:
Could someone explain the SQL updates please?

There’s SQL 2016 SP1 CU7 and SQL 2016 SP1 GDR

I get that we download the Security Update for CU7 if we have that particular 
cumulative update installed, but what if its CU4 or CU5?

Do we use the GDR update? Or is that only for SQL 2016 SP1 that have had NO CU 
applied at all?

BRIAN ILLNER | Canal Insurance Company
864.250.9227<tel:(864)%20250-9227>
864.679.2537<tel:(864)%20679-2537> Fax

Error! Filename not specified.

Visit 
canalinsurance.com<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcanalinsurance.com=02%7C01%7Caaron.czechowski%40microsoft.com%7C068f54ea2032472e831b08d556d2286e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636510383014781575=wI5JflSNZ%2BxEX9NqpO8L0oRgXWm6YWdsU2wehw2cMxA%3D=0>
 for news and information.

Error! Filename not 
specified.<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com

RE: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

[Brian Illner]

Could someone explain the SQL updates please?

There’s SQL 2016 SP1 CU7 and SQL 2016 SP1 GDR

I get that we download the Security Update for CU7 if we have that particular 
cumulative update installed, but what if its CU4 or CU5?

Do we use the GDR update? Or is that only for SQL 2016 SP1 that have had NO CU 
applied at all?

BRIAN ILLNER | Canal Insurance Company
864.250.9227
864.679.2537 Fax

[cid:image001.jpg@01D38886.289DECF0]

Visit canalinsurance.com<http://canalinsurance.com> for news and information.

[cid:image002.jpg@01D38886.289DECF0]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Sherry Kissinger
Sent: Monday, January 8, 2018 10:46 AM
To: mssms@lists.myitforum.com
Subject: Re: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

Based on how I 'interpreted' that tweet, it was specific regarding the SQL 
patch.  In my case, the one I would care about is SQL 16 SP1, the CU7 
(Cumulative Update 7).  ConfigMgr requires "CLR" to be enabled in order to 
function.  Additionally, the majority of environments except for a super small 
ones where they might only have ONE server with all roles--almost everyone has 
at least a MP, DP, or SUP role server elsewhere.  Depending on the 
configuration of those other servers, they likely leverage a SQL 'thing' called 
Linked Servers.  CU7 also modifies Linked server configuration.

So just wait on deploying CU7 until further information is available.  If you 
haven't yet gone to SQL 16 SP1 CU6, my understanding is that version is 
supported/acceptable to SCCM--but it obviously doesn't address the 
Spectre/Meltdown stuff.

On Mon, Jan 8, 2018 at 8:25 AM, John Aubrey 
<jaub...@norwoodmedical.com<mailto:jaub...@norwoodmedical.com>> wrote:
I THINK, there is a SQL patch as well as the Window patches.  I applied the 
Windows patch had SCCM is still working.  I think the SQL patch is the one that 
causes issues.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Mike Murray
Sent: Friday, January 5, 2018 7:16 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

Could someone expand on this?

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Richard Poole
Sent: Friday, January 5, 2018 12:59 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?


Thank you,
Richard Poole

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Mike Murray
Sent: Friday, January 5, 2018 11:55 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] Spectre/Meltdown patch breaks ConfigMgr/SQL?

Anyone have issues with this?

https://twitter.com/djammmer/status/949122372384141312<https://twitter.com/djammmer/status/949122372384141312>

Mike



NOTICE: This message contains confidential information and is intended only for 
the individual named. If you are not the named addressee, you should not 
disseminate, distribute or copy this email. Please notify the sender 
immediately by email if you have received this email by mistake and delete this 
email from your system. Email transmission cannot be guaranteed to be secure or 
error-free, as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses. The sender, therefore, does not 
accept liability for any errors or omissions in the contents of this message. 
This email neither constitutes an agreement to conduct transactions by 
electronic means nor creates any legally binding contract or enforceable 
obligation in the absence of a fully signed written contract.






--
Thank you,

Sherry Kissinger

My Parameters:  Standardize. Simplify. Automate
Blog: 
http://mnscug.org/blogs/sherry-kissinger<http://mnscug.org/blogs/sherry-kissinger>

[mssms] Offline WIM Updates with Spectre/Meltdown patch?

[Brian Illner]

So if starting with the 2018-01 Cumulative Update, the updates will now be 
dependent on the existence of that value under QualityCompat, what happens to 
Offline Servicing??

Now we have to manually edit the WIM to get that key created?

BRIAN ILLNER | Senior Systems Administrator
864.250.9227
864.679.2537 Fax

Canal Insurance Company
400 East Stone Avenue
Greenville, SC 29601
[cid:image001.jpg@01D38876.96459F60]

Visit canalinsurance.com<http://canalinsurance.com> for news and information.

[cid:image002.jpg@01D38876.96459F60]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.

[mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

[Brian Illner]

Correct-

In case you haven't already seen it yet, here's MS's KB on the SQL updates

https://support.microsoft.com/en-us/help/4073225/guidance-for-sql-server

Looks like they have the SQL 2016 and 2017 updates available, but are still 
working on all the rest. I have not seen any ETA for them.


BRIAN ILLNER | Canal Insurance Company
864.250.9227
864.679.2537 Fax

[cid:image001.jpg@01D3886C.C8232BB0]

Visit canalinsurance.com<http://canalinsurance.com> for news and information.

[cid:image002.jpg@01D3886C.C8232BB0]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of John Aubrey
Sent: Monday, January 8, 2018 9:26 AM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

I THINK, there is a SQL patch as well as the Window patches.  I applied the 
Windows patch had SCCM is still working.  I think the SQL patch is the one that 
causes issues.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Mike Murray
Sent: Friday, January 5, 2018 7:16 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

Could someone expand on this?

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Richard Poole
Sent: Friday, January 5, 2018 12:59 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] RE: Spectre/Meltdown patch breaks ConfigMgr/SQL?

[cid:image004.png@01D3886C.C81E70C0]

Thank you,
Richard Poole

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Mike Murray
Sent: Friday, January 5, 2018 11:55 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] Spectre/Meltdown patch breaks ConfigMgr/SQL?

Anyone have issues with this?

https://twitter.com/djammmer/status/949122372384141312<https://twitter.com/djammmer/status/949122372384141312>

Mike



NOTICE: This message contains confidential information and is intended only for 
the individual named. If you are not the named addressee, you should not 
disseminate, distribute or copy this email. Please notify the sender 
immediately by email if you have received this email by mistake and delete this 
email from your system. Email transmission cannot be guaranteed to be secure or 
error-free, as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses. The sender, therefore, does not 
accept liability for any errors or omissions in the contents of this message. 
This email neither constitutes an agreement to conduct transactions by 
electronic means nor creates any legally binding contract or enforceable 
obligation in the absence of a fully signed written contract.

RE: [mssms] MDT - Window 10 updates fail to download to 1709 Reference Image

[Brian Illner]

<pre>Sorry – I should have stated this is with the very latest MDT and ADK installed

BRIAN ILLNER | Canal Insurance Company
864.250.9227
864.679.2537 Fax

[cid:image001.jpg@01D3849A.FFCE0C40]

Visit canalinsurance.com<<a  rel="nofollow" href="http://canalinsurance.com">http://canalinsurance.com</a>> for news and information.

[cid:image002.jpg@01D3849A.FFCE0C40]<<a  rel="nofollow" href="https://www.linkedin.com/company/canal-insurance-company">https://www.linkedin.com/company/canal-insurance-company</a>>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com [<a  rel="nofollow" href="mailto:listsad...@lists.myitforum.com">mailto:listsad...@lists.myitforum.com</a>] On 
Behalf Of Paul Winstanley
Sent: Wednesday, January 3, 2018 9:03 AM
To: mssms@lists.myitforum.com
Subject: Re: [mssms] MDT - Window 10 updates fail to download to 1709 Reference 
Image

Might be worth trying with the latest MDT release 8450, which has full support 
for 1709.

<a  rel="nofollow" href="https://blogs.technet.microsoft.com/msdeployment/2017/12/21/mdt-8450-now-available/">https://blogs.technet.microsoft.com/msdeployment/2017/12/21/mdt-8450-now-available/</a><<a  rel="nofollow" href="https://blogs.technet.microsoft.com/msdeployment/2017/12/21/mdt-8450-now-available/">https://blogs.technet.microsoft.com/msdeployment/2017/12/21/mdt-8450-now-available/</a>>

On Tue, Jan 2, 2018 at 2:05 PM, Brian Illner 
<brian.ill...@canal-ins.com<<a  rel="nofollow" href="mailto:brian.ill...@canal-ins.com">mailto:brian.ill...@canal-ins.com</a>>> wrote:
Anyone using MDT to make 1709 reference images yet?

In our environment, when we reach the update step in the task sequence, the 
Windows 10 updates are failing to download.

*** BUT – the latest Adobe update downloads from WSUS just fine and installs 
successfully.


<![LOG[Microsoft Deployment Toolkit version: 
6.3.8450.1000]LOG]!><time="16:10:42.000+000" date="12-29-2017" 
component="ZTIWindowsUpdate" context="" type="1" thread="" 
file="ZTIWindowsUpdate">
<![LOG[The task sequencer log is located at 
C:\Users\ADMINI~1\AppData\Local\Temp\SMSTSLog\SMSTS.LOG.  For task sequence 
failures, please consult this log.]LOG]!><time="16:10:42.000+000" 
date="12-29-2017" component="ZTIWindowsUpdate" context="" type="1" thread="" 
file="ZTIWindowsUpdate">
<![LOG[Begin Windows Update. Reboot=[]  Retry=[]  Count = 
0]LOG]!><time="16:10:42.000+000" date="12-29-2017" component="ZTIWindowsUpdate" 
context="" type="1" thread="" file="ZTIWindowsUpdate">
<![LOG[Property MSIT_WU_Count is now = 1]LOG]!><time="16:10:42.000+000" 
date="12-29-2017" component="ZTIWindowsUpdate" context="" type="1" thread="" 
file="ZTIWindowsUpdate">
<![LOG[Configuring client to use WSUS server 
<a  rel="nofollow" href="http://x.xx.xxx:8530">http://x.xx.xxx:8530</a><<a  rel="nofollow" href="http://x.xx.xxx:8530">http://x.xx.xxx:8530</a>>]LOG]!><time="16:10:42.000+000"
 date="12-29-2017" component="ZTIWindowsUpdate" context="" type="1" thread="" 
file="ZTIWindowsUpdate">
<![LOG[Configuring Windows Update settings (manual update, use 
server)]LOG]!><time="16:10:42.000+000" date="12-29-2017" 
component="ZTIWindowsUpdate" context="" type="1" thread="" 
file="ZTIWindowsUpdate">
<![LOG[Archive NoAUtoUpdate State: Was 
[<empty>].]LOG]!><time="16:10:42.000+000" date="12-29-2017" 
component="ZTIWindowsUpdate" context=""

[mssms] MDT - Window 10 updates fail to download to 1709 Reference Image

[Brian Illner]

511 
MB]LOG]!><time="16:11:57.000+000" date="12-29-2017" 
component="ZTIWindowsUpdate" context="" type="1" thread="" 
file="ZTIWindowsUpdate">
<![LOG[Scan complete, ready to install updates. Count = 
3]LOG]!><time="16:11:57.000+000" date="12-29-2017" component="ZTIWindowsUpdate" 
context="" type="1" thread="" file="ZTIWindowsUpdate">
<![LOG[Begin Downloading...]LOG]!><time="16:11:57.000+000" date="12-29-2017" 
component="ZTIWindowsUpdate" context="" type="1" thread="" 
file="ZTIWindowsUpdate">
<![LOG[Failed to download: 363a8adb-335e-4bbc-9ea8-c05ba936c0b7  result(4) 
: 2017-11 Update for Windows 10 Version 1709 for x64-based Systems 
(KB4054022)]LOG]!><time="16:12:03.000+000" date="12-29-2017" 
component="ZTIWindowsUpdate" context="" type="1" thread="" 
file="ZTIWindowsUpdate">
<![LOG[Failed to download: f295940b-4de2-4386-9f7f-e80373d03324  result(4) 
: 2017-12 Cumulative Update for Windows 10 Version 1709 for x64-based Systems 
(KB4054517)]LOG]!><time="16:12:03.000+000" date="12-29-2017" 
component="ZTIWindowsUpdate" context="" type="1" thread="" 
file="ZTIWindowsUpdate">
<![LOG[Begin Installation...]LOG]!><time="16:12:03.000+000" date="12-29-2017" 
component="ZTIWindowsUpdate" context="" type="1" thread="" 
file="ZTIWindowsUpdate">
<![LOG[363a8adb-335e-4bbc-9ea8-c05ba936c0b7  result(4 / HR = 80246013 ) : 
2017-11 Update for Windows 10 Version 1709 for x64-based Systems 
(KB4054022)]LOG]!><time="16:12:12.000+000" date="12-29-2017" 
component="ZTIWindowsUpdate" context="" type="1" thread="" 
file="ZTIWindowsUpdate">
<![LOG[f295940b-4de2-4386-9f7f-e80373d03324  result(4 / HR = 80246013 ) : 
2017-12 Cumulative Update for Windows 10 Version 1709 for x64-based Systems 
(KB4054517)]LOG]!><time="16:12:12.000+000" date="12-29-2017" 
component="ZTIWindowsUpdate" context="" type="1" thread="" 
file="ZTIWindowsUpdate">
<![LOG[Failure, Please run again!]LOG]!><time="16:12:12.000+000" 
date="12-29-2017" component="ZTIWindowsUpdate" context="" type="1" thread="" 
file="ZTIWindowsUpdate">

BRIAN ILLNER | Senior Systems Administrator
864.250.9227
864.679.2537 Fax

Canal Insurance Company
400 East Stone Avenue
Greenville, SC 29601
[cid:image001.jpg@01D383A8.DD1FCEB0]

Visit canalinsurance.com<<a  rel="nofollow" href="http://canalinsurance.com">http://canalinsurance.com</a>> for news and information.

[cid:image002.jpg@01D383A8.DD1FCEB0]<<a  rel="nofollow" href="https://www.linkedin.com/company/canal-insurance-company">https://www.linkedin.com/company/canal-insurance-company</a>>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.



</pre>

[mssms] 2017-11 Windows 10 CU - Express Installation Files

[Brian Illner]

Anyone using express with their CM?

I have a 1709 client that is having trouble downloading the latest CU from CM. 
When I check the DeltaDownload.log file, I see many errors like this:


HttpSendResponseEntityBody failed with error 1229





BRIAN ILLNER | Senior Systems Administrator
864.250.9227
864.679.2537 Fax

Canal Insurance Company
400 East Stone Avenue
Greenville, SC 29601


Visit canalinsurance.com<http://canalinsurance.com> for news and information.


WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.

RE: [mssms] Compliance Baseline for Enabling Specific Windows Logs?

[Brian Illner]

Was able to figure this out. Used a simple one line PS script to check to see 
if that log was enabled

Get-WinEvent -ListLog 'Microsoft-IIS-Configuration/Operational' | Select-Object 
-ExpandProperty "IsEnabled"

If it returns false, then remediation runs that script from the other site to 
enable the log and set the max file size.

The baseline is deployed to a collection that’s populated by a query that 
checks to see if the W3SVC service is running.

BRIAN ILLNER | Canal Insurance Company
864.250.9227
864.679.2537 Fax

[cid:image001.jpg@01D36930.74A5DC90]

Visit canalinsurance.com<http://canalinsurance.com> for news and information.

[cid:image002.jpg@01D36930.74A5DC90]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of DonPick
Sent: Wednesday, November 29, 2017 3:12 PM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] Compliance Baseline for Enabling Specific Windows Logs?

Does this help?

PS C:\Windows\system32> .\wevtutil gl Microsoft-IIS-Configuration/Operational
Failed to read configuration for log Microsoft-IIS-Configuration/Operational. 
The specified channel could not be found.
Check channel configuration.
PS C:\Windows\system32>
PS C:\Windows\system32> $lastexitcode
15007
PS C:\Windows\system32>

Best Regards DonPick

From: Brian Illner<mailto:brian.ill...@canal-ins.com>
Sent: Thursday, 30 November 2017 6:38 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] Compliance Baseline for Enabling Specific Windows Logs?

We need to enable the IIS Configuration Operational logs on all our webservers 
and are looking for a way to automate this.

Has anyone done anything similar using ConfigMgr’s compliance baselines?

I have a script from here to actually enable the log, but I still need a method 
to detect if it is already enabled or not.

https://blogs.technet.microsoft.com/sateesh-arveti/2011/03/10/powershell-script-to-enable-iis-configuration-auditing/<https://blogs.technet.microsoft.com/sateesh-arveti/2011/03/10/powershell-script-to-enable-iis-configuration-auditing/>


BRIAN ILLNER | Senior Systems Administrator
864.250.9227
864.679.2537 Fax

Canal Insurance Company
400 East Stone Avenue
Greenville, SC 29601


Visit canalinsurance.com<http://canalinsurance.com> for news and information.
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.

[mssms] Compliance Baseline for Enabling Specific Windows Logs?

[Brian Illner]

*sorry if this is sent twice*

We need to enable the IIS Configuration Operational logs on all our webservers 
and are looking for a way to automate this.

Has anyone done anything similar using ConfigMgr's compliance baselines?

I have a script from here to actually enable the log, but I still need a method 
to detect if it is already enabled or not.

https://blogs.technet.microsoft.com/sateesh-arveti/2011/03/10/powershell-script-to-enable-iis-configuration-auditing/


BRIAN ILLNER | Senior Systems Administrator
864.250.9227
864.679.2537 Fax

Canal Insurance Company
400 East Stone Avenue
Greenville, SC 29601


Visit canalinsurance.com<http://canalinsurance.com> for news and information.
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.

[mssms] Compliance Baseline for Enabling Specific Windows Logs?

[Brian Illner]

We need to enable the IIS Configuration Operational logs on all our webservers 
and are looking for a way to automate this.

Has anyone done anything similar using ConfigMgr's compliance baselines?

I have a script from here to actually enable the log, but I still need a method 
to detect if it is already enabled or not.

https://blogs.technet.microsoft.com/sateesh-arveti/2011/03/10/powershell-script-to-enable-iis-configuration-auditing/


BRIAN ILLNER | Senior Systems Administrator
864.250.9227
864.679.2537 Fax

Canal Insurance Company
400 East Stone Avenue
Greenville, SC 29601


Visit canalinsurance.com<http://canalinsurance.com> for news and information.

<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.

[mssms] RE: ConfigMgr Site Server on Azure Site Recovery

[Brian Illner]

Redoing the replication for this VM so that it will no longer take the 
snapshots.

BRIAN ILLNER | Canal Insurance Company
864.250.9227
864.679.2537 Fax

[cid:image001.jpg@01D35EE1.D54E3000]

Visit canalinsurance.com<http://canalinsurance.com> for news and information.

[cid:image002.jpg@01D35EE1.D54E3000]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: Brian Illner
Sent: Wednesday, November 15, 2017 8:35 PM
To: mssms@lists.myitforum.com
Subject: RE: ConfigMgr Site Server on Azure Site Recovery

Don't want to get off track from the initial point.

CM backup task is irrelevant to it, but I mentioned it only because the first 
thing ppl ask me to do is go back and look at the smsbkup.log, which is 
completely blank during these hourly site backups.

The issue is that for us, using ASR for our ConfigMgr site server is breaking 
the normal operation of ConfigMgr.

Surely we can't be the only MS customers attempting this?
BRIAN ILLNER | Canal Insurance Company
864.250.9227
864.679.2537 Fax

[cid:image001.jpg@01D35EE1.D54E3000]

Visit canalinsurance.com<http://canalinsurance.com> for news and information.

[cid:image002.jpg@01D35EE1.D54E3000]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of John Marcum
Sent: Wednesday, November 15, 2017 6:27 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] RE: ConfigMgr Site Server on Azure Site Recovery

I'm not doing that howeverif you are snapping the server do you even need 
that backup?



Sensitivity: Confidential between partners
From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Brian Illner
Sent: Wednesday, November 15, 2017 5:12 PM
To: mssms@lists.myITforum.com<mailto:mssms@lists.myITforum.com>
Subject: [mssms] ConfigMgr Site Server on Azure Site Recovery

Anyone running CM on a Hyper-V VM protected through ASR?

We're having an issue where the hourly Azure snapshot is causing the VM's VSS 
service to initiate a CM site backup. This process is completely happening 
outside the CM Maintenance Backup task and that backup log shows no data being 
written to it.

This is causing my scheduled ADRs and Software Update synchronizations to fail 
as all the CM components stop and restart when the VM snapshot hits.

BRIAN ILLNER | Senior Systems Administrator
864.250.9227
864.679.2537 Fax

Canal Insurance Company
400 East Stone Avenue
Greenville, SC 29601
[cid:image001.jpg@01D35E36.F9D72DB0]

Visit canalinsurance.com<http://canalinsurance.com> for news and information.

[cid:image002.jpg@01D35E36.F9D72DB0]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the tra

[mssms] RE: ConfigMgr Site Server on Azure Site Recovery

[Brian Illner]

Don't want to get off track from the initial point.

CM backup task is irrelevant to it, but I mentioned it only because the first 
thing ppl ask me to do is go back and look at the smsbkup.log, which is 
completely blank during these hourly site backups.

The issue is that for us, using ASR for our ConfigMgr site server is breaking 
the normal operation of ConfigMgr.

Surely we can't be the only MS customers attempting this?
BRIAN ILLNER | Canal Insurance Company
864.250.9227
864.679.2537 Fax

[cid:image001.jpg@01D35E51.386177B0]

Visit canalinsurance.com<http://canalinsurance.com> for news and information.

[cid:image002.jpg@01D35E51.386177B0]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of John Marcum
Sent: Wednesday, November 15, 2017 6:27 PM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: ConfigMgr Site Server on Azure Site Recovery

I'm not doing that howeverif you are snapping the server do you even need 
that backup?



Sensitivity: Confidential between partners
From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Brian Illner
Sent: Wednesday, November 15, 2017 5:12 PM
To: mssms@lists.myITforum.com<mailto:mssms@lists.myITforum.com>
Subject: [mssms] ConfigMgr Site Server on Azure Site Recovery

Anyone running CM on a Hyper-V VM protected through ASR?

We're having an issue where the hourly Azure snapshot is causing the VM's VSS 
service to initiate a CM site backup. This process is completely happening 
outside the CM Maintenance Backup task and that backup log shows no data being 
written to it.

This is causing my scheduled ADRs and Software Update synchronizations to fail 
as all the CM components stop and restart when the VM snapshot hits.

BRIAN ILLNER | Senior Systems Administrator
864.250.9227
864.679.2537 Fax

Canal Insurance Company
400 East Stone Avenue
Greenville, SC 29601
[cid:image001.jpg@01D35E36.F9D72DB0]

Visit canalinsurance.com<http://canalinsurance.com> for news and information.

[cid:image002.jpg@01D35E36.F9D72DB0]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.

[mssms] ConfigMgr Site Server on Azure Site Recovery

[Brian Illner]

Anyone running CM on a Hyper-V VM protected through ASR?

We're having an issue where the hourly Azure snapshot is causing the VM's VSS 
service to initiate a CM site backup. This process is completely happening 
outside the CM Maintenance Backup task and that backup log shows no data being 
written to it.

This is causing my scheduled ADRs and Software Update synchronizations to fail 
as all the CM components stop and restart when the VM snapshot hits.

BRIAN ILLNER | Senior Systems Administrator
864.250.9227
864.679.2537 Fax

Canal Insurance Company
400 East Stone Avenue
Greenville, SC 29601
[cid:image001.jpg@01D35E3D.3CE59050]

Visit canalinsurance.com<http://canalinsurance.com> for news and information.

[cid:image002.jpg@01D35E3D.3CE59050]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.

[mssms] test2

[Brian Illner]

Test email 2

BRIAN ILLNER | Senior Systems Administrator
864.250.9227
864.679.2537 Fax

Canal Insurance Company
400 East Stone Avenue
Greenville, SC 29601
[cid:image001.jpg@01D35E04.3B4A1FB0]

Visit canalinsurance.com<http://canalinsurance.com> for news and information.

[cid:image002.jpg@01D35E04.3B4A1FB0]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.

[mssms] RE: [MDT-OSD] UDI not reading variables

[Brian Illner]

I remember running into the same thing in the new test environment MDT server, 
but haven't had a chance to circle back to that project yet.

BRIAN ILLNER | Canal Insurance Company
864.250.9227
864.679.2537 Fax

[cid:image001.jpg@01D26A56.88029CD0]

Visit canalinsurance.com<http://canalinsurance.com> for news and information.

[cid:image002.jpg@01D26A56.88029CD0]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Jeff Poling
Sent: Saturday, January 7, 2017 1:58 PM
To: Niall Brady <any...@gmail.com>; mdt...@lists.myitforum.com
Cc: mssms@lists.myitforum.com
Subject: [mssms] RE: [MDT-OSD] UDI not reading variables

None of the pre-defined variables are being populated in UDI.  For example, the 
domain join account is pre-populated in a locked field.  But it shows as a 
series of random characters, not the correct domain join account.  We also set 
the computer name with a variable, and UDI shows the MININT name, not the 
expected computer name derived from the asset tag.

I will check out the pausethanks

Jeff

Sent from my Windows 10 phone

From: Niall Brady<mailto:any...@gmail.com>
Sent: Saturday, January 7, 2017 11:25 AM
To: mdt...@lists.myitforum.com<mailto:mdt...@lists.myitforum.com>
Cc: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: Re: [MDT-OSD] UDI not reading variables

are you sure it's not reading the variables or if the variables are being 
'reset' or 'rewritten', when i have problems like this i place a pause before 
and after the step i need evaluated and use that as the basis for 
troubleshooting the problem, here's a pause 
step<https://www.windows-noob.com/forums/index.php?/topic/8846-how-can-i-pause-a-task-sequence-in-system-center-2012-configuration-manager/>
 fyi

On Sat, Jan 7, 2017 at 5:14 PM, Jeff Poling 
<jeffrey.d.pol...@outlook.com<mailto:jeffrey.d.pol...@outlook.com>> wrote:
I am using MDT 2013 update 2 integrated with ConfigMgr CB 1606.  With an MDT 
integrated TS for deploying Windows 10, UDI wizard is not reading any task 
sequence variables.  It occurs on the initial run of the wizard in WinPE.  I 
used PowerShell on my test machine to enumerate all the variables and they 
definitely contain values as expected.  The variables are being set using a 
combination of collection variables and customsettings.ini.

I am kind of at a loss for how to determine what is happening and how to 
correct it.  Has anyone seen this? Any thoughts for how to resolve it?

Thanks!

Jeff

Sent from my Windows 10 phone

RE: [mssms] OT: Password changes without VPN

[Brian Illner]

Or if you've got Windows 10 clients, you could investigate DirectAccess?

BRIAN ILLNER | Canal Insurance Company
864.250.9227
864.679.2537 Fax

[cid:image001.jpg@01D2578A.F2F21360]

Visit canalinsurance.com<http://canalinsurance.com> for news and information.

[cid:image002.jpg@01D2578A.F2F21360]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Gerry Hampson
Sent: Friday, December 16, 2016 8:38 AM
To: mssms@lists.myitforum.com
Subject: Re: [mssms] OT: Password changes without VPN

It's the latter John and yes, it's a poor experience.

Sent from my iPhone

On 16 Dec 2016, at 13:16, Marcum, John 
<jmar...@bradley.com<mailto:jmar...@bradley.com>> wrote:
Currently we are almost 100% desktops in my environment. We want to start 
transitioning over to laptops next year. We do not have VPN, it was eliminated 
a while back. One of my concerns about laptops without VPN is password 
expiration/changes. How do others handle this? I am aware they can change their 
password in OWA or using self-services password reset through AAD but how does 
the laptop "know" to accept the new password? Or does the user continue to 
login to the laptop with the expired password then have to type the new 
password when they open apps such as outlook? The latter would be a really poor 
user experience.


Thanks,
John





Confidentiality Notice: This e-mail is from a law firm and may be protected by 
the attorney-client or work product privileges. If you have received this 
message in error, please notify the sender by replying to this e-mail and then 
delete it from your computer.

[mssms] Global Condition for Virtual Machine?

[Brian Illner]

Does someone have a simple walkthrough on how to create global conditions for 
if something is a virtual machine or if it is not a virtual machine?

I'd like to prevent some applications from deploying to VMs needlessly.

BRIAN ILLNER | Senior Systems Administrator
864.250.9227
864.679.2537 Fax

Canal Insurance Company
400 East Stone Avenue
Greenville, SC 29601
[cid:image001.jpg@01D25532.EFCB0070]

Visit canalinsurance.com<http://canalinsurance.com> for news and information.

[cid:image002.jpg@01D25532.EFCB0070]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.

[mssms] UUP Implementation for Windows 10

[Brian Illner]

So how will this affect ConfigMgr/WSUS?



[https://pbs.twimg.com/profile_images/789154104392032258/vhHkDvON_normal.jpg]

Richard Hay (@WinObs)

12/5/16, 6:02 
PM
Microsoft Pauses Redstone 2 PC Builds to Prepare for Unifed Update Platform 
(UUP) Implementation clkon.us/2gJuQNd

[mssms] RE: CM pushing old revisions

[Brian Illner]

So any time a chance is made to an Application, on the clients, I need to run 
the "Machine Policy Retrieval & Eval Cycle" before the "Application Deployment 
Eval Cycle" is run?
BRIAN ILLNER | Canal Insurance Company
864.250.9227
864.679.2537 Fax

[cid:image001.jpg@01D24A53.51CD3670]

Visit canalinsurance.com<http://canalinsurance.com> for news and information.

[cid:image002.jpg@01D24A53.51CD3670]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Daniel Ratliff
Sent: Tuesday, November 29, 2016 2:52 PM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: CM pushing old revisions

Did the clients update policy after you made Rev2?

Daniel Ratliff

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Brian Illner
Sent: Tuesday, November 29, 2016 2:40 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] CM pushing old revisions

Why is it so difficult to get CM agents to pull down new revisions of 
applications?

I make one small change to a Deployment Type which creates Rev2 of my 
application.

But no matter how many times I try to rerun Application detection from the 
clients, it only sees and attempts to install Rev1.

Using the "Update Content" option on the Deployment Type just forces yet 
another revision number increment, but does nothing to the actual content in 
the DP?



BRIAN ILLNER | Senior Systems Administrator
864.250.9227
864.679.2537 Fax

Canal Insurance Company
400 East Stone Avenue
Greenville, SC 29601
[cid:image001.jpg@01D24A53.51CD3670]

Visit canalinsurance.com<http://canalinsurance.com> for news and information.

[cid:image002.jpg@01D24A53.51CD3670]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.


The information transmitted is intended only for the person or entity to which 
it is addressed
and may contain CONFIDENTIAL material. If you receive this material/information 
in error,
please contact the sender and delete or destroy the material/information.

[mssms] CM pushing old revisions

[Brian Illner]

Why is it so difficult to get CM agents to pull down new revisions of 
applications?

I make one small change to a Deployment Type which creates Rev2 of my 
application.

But no matter how many times I try to rerun Application detection from the 
clients, it only sees and attempts to install Rev1.

Using the "Update Content" option on the Deployment Type just forces yet 
another revision number increment, but does nothing to the actual content in 
the DP?



BRIAN ILLNER | Senior Systems Administrator
864.250.9227
864.679.2537 Fax

Canal Insurance Company
400 East Stone Avenue
Greenville, SC 29601
[cid:image001.jpg@01D24A4E.731BC530]

Visit canalinsurance.com<http://canalinsurance.com> for news and information.

[cid:image002.jpg@01D24A4E.731BC530]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.

RE: [mssms] Global Condition to determine Office Bitness

[Brian Illner]

Were these all installs onto fresh systems? Or did some have previous versions 
of Office?

We have something similar, but ran into some logic issues as some of the 
upgraded systems still had the old registry key.



BRIAN ILLNER | Canal Insurance Company
864.250.9227
864.679.2537 Fax

[cid:image001.jpg@01D22F60.CAA43250]

Visit canalinsurance.com<http://canalinsurance.com> for news and information.

[cid:image002.jpg@01D22F60.CAA43250]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Beardsley, James
Sent: Friday, October 21, 2016 8:46 AM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] Global Condition to determine Office Bitness

Nice! Thanks for the tip!

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Ryan
Sent: Thursday, October 20, 2016 2:25 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: Re: [mssms] Global Condition to determine Office Bitness

Fun fact, you don't need the if statement at the end. You could simply have:

($Office15 -eq 'x64') -or ($Office16 -eq 'x64')

That will return $true or $false without needing the If statement.

As to your original question, I have nothing. Just wanted to point this out!


On Thu, Oct 20, 2016 at 1:10 PM Beardsley, James 
<james.beards...@dhgllp.com<mailto:james.beards...@dhgllp.com>> wrote:
Anyone have suggestion or already have a global condition in place that can 
detect if Office 201x is 32-bit or 64-bit? We have a mixed environment of the 
following Office installs and more and more 64-bit installs coming down the 
road, so I’m trying to figure out the best way to detect it programmatically.

Office 2013 ProPlus x86
Office 2013 ProPlus x64
Office 365 (2013) x86
Office 365 (2013) x64
Office 365 (2016) x86
Office 365 (2016) x64

This is what I came up with. I’m trying to determine if this would be accurate 
enough… or is there a better way?

$Office15 = (Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Office\15.0\Outlook" 
-EA SilentlyContinue).Bitness
$Office16 = (Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Office\16.0\Outlook" 
-EA SilentlyContinue).Bitness

If (($Office15 -eq 'x64') -or ($Office16 -eq 'x64')) { Return $true } Else { 
Return $false }

Thanks,

James Beardsley | Digital Technology Services Group
Dixon Hughes Goodman LLP

[cid:8644FC49-D5C9-45AE-B387-04FAFC0CC7A5]<http://www.dhgllp.com/>



Confidentiality Notice: This e-mail is intended only for the addressee named 
above. It contains information that is privileged, confidential or otherwise 
protected from use and disclosure. If you are not the intended recipient, you 
are hereby notified that any review, disclosure, copying, or dissemination of 
this transmission, or taking of any action in reliance on its contents, or 
other use is strictly prohibited. If you have received this transmission in 
error, please reply to the sender listed above immediately and permanently 
delete this message from your inbox. Thank you for your cooperation.




Confidentiality Notice: This e-mail is intended only for the addressee named 
above. It contains information that is privileged, confidential or otherwise 
protected from use and disclosure. If you are not the intended recipient, you 
are hereby notified that any review, disclosure, copying, or dissemination of 
this transmission, or taking of any action in reliance on its contents, or 
other use is strictly prohibited. If you have received this transmission in 
error, please reply to the sender listed above immediately and permanently 
delete this message from your inbox. Thank you for your cooperation.

[mssms] ConfigMgr integrated with MDT - CustomSettings.ini

[Brian Illner]

For some reason, my Config Mgr task sequence appears to be cherry picking items 
from the CustomSettings.ini file and ignoring everything dealing with joining 
the domain.

Any ideas where to start looking?

BRIAN ILLNER | Senior Systems Administrator
864.250.9227
864.679.2537 Fax

Canal Insurance Company
400 East Stone Avenue
Greenville, SC 29601
[cid:image001.jpg@01D22EA1.BB1C92B0]

Visit canalinsurance.com<http://canalinsurance.com> for news and information.

[cid:image002.jpg@01D22EA1.BB1C92B0]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.

RE: [mssms] SCCM SUP updates groups

[Brian Illner]

Don’t forget about the 1000 item limit on the distribution packages. If you 
lump all Office into a single ADR/SUG/Package you may hit that limit before too 
long.

(unless that limitation has gone away with Current Branch??)

BRIAN ILLNER | Canal Insurance Company
864.250.9227
864.679.2537 Fax

[cid:image001.jpg@01D22958.6E9735B0]

Visit canalinsurance.com<http://canalinsurance.com> for news and information.

[cid:image002.jpg@01D22958.6E9735B0]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Adam Juelich
Sent: Tuesday, October 18, 2016 3:42 PM
To: mssms@lists.myitforum.com
Subject: Re: [mssms] SCCM SUP updates groups

Are you going to utilize ADR's?  If so, it is up to you to design.  You can 
combine all clients with all versions of Office, for example, into a single 
collection and ensure your updates for those products targeted appropriately.  
Otherwise, you can do a collection for each product and target that way.  I'm 
sure others may have better reasons and best-practices.

That being said, 4 versions of Office?  Are you cray-cray?

On Tue, Oct 18, 2016 at 1:58 PM, Fast, David D. 
<david.f...@sedgwickcms.com<mailto:david.f...@sedgwickcms.com>> wrote:
Okay, I’m trying to get serious about implementing SUP in SCCM.  In our 
environment, we have W7x86, W7x64, W8.1x64, W10x64 (RTM, 1511 and 1607).  We 
also have Office 2007 (x86), Office 2010 (x86), Office 2013 (x86 and x64) and 
Office 2016 (x86).
Does each product/architecture combination get its own baseline SUG and monthly 
update SUG?  Seems like all of the guides for setting up SUP assume the 
environment is standardized on single platform/product configurations.  Can 
someone point me to a guide that addresses multiple platform/product 
environments with initial setup + ongoing month-to-month configuration?

Thanks,

David



The information transmitted is intended only for the person or entity to which 
it is addressed and may contain confidential and/or privileged material. Any 
review, retransmission, dissemination or other use of, or taking of any action 
in reliance upon this information by persons or entities other than the 
intended recipient is prohibited. If you received this in error, please contact 
the sender and delete the material from any computer.

[mssms] Microsoft Ignite

[Brian Illner]

Who's headed to Ignite next week and what are the ConfigMgr sessions not to 
miss?

BRIAN ILLNER | Senior Systems Administrator
864.250.9227
864.679.2537 Fax

Canal Insurance Company
400 East Stone Avenue
Greenville, SC 29601
Visit canalinsurance.com<http://canalinsurance.com> for news and information.
[cid:image001.jpg@01D215AC.0EBECFF0]
[cid:image002.jpg@01D215AC.0EBECFF0]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.

[mssms] RE: UEFI Windows 10 via SCCM/MDT OSD

[Brian Illner]

Thanks! It was misconfigured. Had a x86 image configured for that combobox, but 
not a x64 image.

BRIAN ILLNER | Canal Insurance Company
864.250.9227
864.679.2537 Fax
Visit canalinsurance.com<http://canalinsurance.com> for news and information.
[cid:image001.jpg@01D20DB0.CB017040]
[cid:image002.jpg@01D20DB0.CB017040]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Jason Sandys
Sent: Tuesday, September 13, 2016 9:55 AM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: UEFI Windows 10 via SCCM/MDT OSD

That's UDI and it must be configured to properly display items like the 
available OSes. If it's not showing anything, it's because it's either not been 
configured at all or is misconfigured. UDI configuration is done using an XML 
file created using the UDI Designer.

J

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Brian Illner
Sent: Tuesday, September 13, 2016 8:19 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] RE: UEFI Windows 10 via SCCM/MDT OSD

OSD wizard that appears from the MDT Task Sequence


[cid:image004.png@01D20DB0.CAFEFF40]
BRIAN ILLNER | Canal Insurance Company
864.250.9227
864.679.2537 Fax
Visit canalinsurance.com<http://canalinsurance.com> for news and information.


WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Marable, Mike
Sent: Tuesday, September 13, 2016 8:48 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] RE: UEFI Windows 10 via SCCM/MDT OSD

I'm a little confused, you say it starts the task sequence but the OSD wizard 
does not show the image.

What OSD wizard?


From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Brian Illner
Sent: Tuesday, September 13, 2016 8:27 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] UEFI Windows 10 via SCCM/MDT OSD

We're attempting to set up a Windows 10 OSD for UEFI with Secure Boot.

My (gen2) test VM boots to PXE and can start the task sequence just fine, but 
the OSD wizard does not allow us to select an image. That window is completely 
empty.

The correct OS image is distributed, its assigned in the correct task sequence 
and appears in its references tab.

I've already got a boot up script that synchs the VM time, so it's not that 
either.

Any other ideas on whats going on?

ConfigMgr 1607
ADK Win10 1607

BRIAN ILLNER | Senior Systems Administrator
864.250.9227
864.679.2537 Fax

Canal Insurance Company
400 East Stone Avenue
Greenville, SC 29601
Visit canalinsurance.com<http://canalinsurance.com> for news and information.
[cid:image001.jpg@01D20D9B.75C0B060]
[cid:image002.jpg@01D20D9B.75C0B060]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distributi

RE: [mssms] UEFI Windows 10 via SCCM/MDT OSD

[Brian Illner]

TS has been available for about a month now, so don’t think that is it.

BRIAN ILLNER | Canal Insurance Company
864.250.9227
864.679.2537 Fax
Visit canalinsurance.com<http://canalinsurance.com> for news and information.
[cid:image001.jpg@01D20DA5.2AD8EC70]
[cid:image002.jpg@01D20DA5.2AD8EC70]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Adam Juelich
Sent: Tuesday, September 13, 2016 8:39 AM
To: mssms@lists.myitforum.com
Subject: Re: [mssms] UEFI Windows 10 via SCCM/MDT OSD

Not sure this bug is still there.  Try scheduling the TS for the past, about a 
week and try again.

On Tue, Sep 13, 2016 at 7:27 AM, Brian Illner 
<brian.ill...@canal-ins.com<mailto:brian.ill...@canal-ins.com>> wrote:
We’re attempting to set up a Windows 10 OSD for UEFI with Secure Boot.

My (gen2) test VM boots to PXE and can start the task sequence just fine, but 
the OSD wizard does not allow us to select an image. That window is completely 
empty.

The correct OS image is distributed, its assigned in the correct task sequence 
and appears in its references tab.

I’ve already got a boot up script that synchs the VM time, so it’s not that 
either.

Any other ideas on whats going on?

ConfigMgr 1607
ADK Win10 1607

BRIAN ILLNER | Senior Systems Administrator
864.250.9227
864.679.2537 Fax

Canal Insurance Company
400 East Stone Avenue
Greenville, SC 29601
Visit canalinsurance.com<http://canalinsurance.com> for news and information.
[cid:image001.jpg@01D20DA5.2AD8EC70]
[cid:image002.jpg@01D20DA5.2AD8EC70]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.

[mssms] RE: UEFI Windows 10 via SCCM/MDT OSD

[Brian Illner]

OSD wizard that appears from the MDT Task Sequence


[cid:image003.png@01D20D9F.EB0D1530]
BRIAN ILLNER | Canal Insurance Company
864.250.9227
864.679.2537 Fax
Visit canalinsurance.com<http://canalinsurance.com> for news and information.


WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Marable, Mike
Sent: Tuesday, September 13, 2016 8:48 AM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: UEFI Windows 10 via SCCM/MDT OSD

I'm a little confused, you say it starts the task sequence but the OSD wizard 
does not show the image.

What OSD wizard?


From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Brian Illner
Sent: Tuesday, September 13, 2016 8:27 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] UEFI Windows 10 via SCCM/MDT OSD

We're attempting to set up a Windows 10 OSD for UEFI with Secure Boot.

My (gen2) test VM boots to PXE and can start the task sequence just fine, but 
the OSD wizard does not allow us to select an image. That window is completely 
empty.

The correct OS image is distributed, its assigned in the correct task sequence 
and appears in its references tab.

I've already got a boot up script that synchs the VM time, so it's not that 
either.

Any other ideas on whats going on?

ConfigMgr 1607
ADK Win10 1607

BRIAN ILLNER | Senior Systems Administrator
864.250.9227
864.679.2537 Fax

Canal Insurance Company
400 East Stone Avenue
Greenville, SC 29601
Visit canalinsurance.com<http://canalinsurance.com> for news and information.
[cid:image001.jpg@01D20D9B.75C0B060]
[cid:image002.jpg@01D20D9B.75C0B060]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.


**
Electronic Mail is not secure, may not be read every day, and should not be 
used for urgent or sensitive issues

[mssms] UEFI Windows 10 via SCCM/MDT OSD

[Brian Illner]

We're attempting to set up a Windows 10 OSD for UEFI with Secure Boot.

My (gen2) test VM boots to PXE and can start the task sequence just fine, but 
the OSD wizard does not allow us to select an image. That window is completely 
empty.

The correct OS image is distributed, its assigned in the correct task sequence 
and appears in its references tab.

I've already got a boot up script that synchs the VM time, so it's not that 
either.

Any other ideas on whats going on?

ConfigMgr 1607
ADK Win10 1607

BRIAN ILLNER | Senior Systems Administrator
864.250.9227
864.679.2537 Fax

Canal Insurance Company
400 East Stone Avenue
Greenville, SC 29601
Visit canalinsurance.com<http://canalinsurance.com> for news and information.
[cid:image001.jpg@01D20D98.A140E320]
[cid:image002.jpg@01D20D98.A140E320]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.

[mssms] ConfigMgr 1606 - Subfolders in "All Windows 10 Updates"?

[Brian Illner]

I got finished upgrading our ConfigMgr server to 1606 this morning and noticed 
something odd.

In the Software Updates section, I am seeing my "All Software Updates" 
subfolders also appear in my "All Windows 10 Updates" folder in the new Windows 
10 Servicing.

Anyone else see the same thing? I guess it proves that the Win10 Updates folder 
is really just a hardcoded view of the other?

BRIAN ILLNER | Senior Systems Administrator
864.250.9227
864.679.2537 Fax

Canal Insurance Company
400 East Stone Avenue
Greenville, SC 29601
Visit canalinsurance.com<http://canalinsurance.com> for news and information.

WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.

RE: [External] [mssms] ConfigMgr 1606 current branch available now

[Brian Illner]

We’re going to be upgrading our SCCM environment before too long.

Does anyone know if MS plans to make a new downloadable ISO for this build?

Or will we still have to upgrade to 1511 and then apply the updated builds?

BRIAN ILLNER | Canal Insurance Company
864.250.9227
864.679.2537 Fax
Visit canalinsurance.com<http://canalinsurance.com> for news and information.
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Linkey, Mike
Sent: Tuesday, July 26, 2016 8:18 AM
To: mssms@lists.myitforum.com
Subject: RE: [External] [mssms] ConfigMgr 1606 current branch available now

I let it sit for a few hours then tried it all again and then it worked.  Must 
have been having a moment…Thanks for the input.

Mike L.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jason Sandys
Sent: Monday, July 25, 2016 1:52 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: RE: [External] [mssms] ConfigMgr 1606 current branch available now

Are you sure it’s not installed already?

Re-running the script btw won’t change anything – all that the script does is 
flip a value in the site control file.

J

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Linkey, Mike
Sent: Monday, July 25, 2016 11:31 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: RE: [External] [mssms] ConfigMgr 1606 current branch available now

Yep several times in fact.  It was there Friday, but gone today.  I see this in 
the hman.log file

Configuration Manager Update (PackageGuid=705820EF-6982-4417-8E54-307454C9A17A) 
is not applicable and should be filtered.

Don’t get why it says it is not applicable especially since I have ran that 
script at least 6 times again today.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jason Sandys
Sent: Monday, July 25, 2016 9:48 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: RE: [External] [mssms] ConfigMgr 1606 current branch available now

No. Did you run the PowerShell script to opt in to the fast ring?

J

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Linkey, Mike
Sent: Monday, July 25, 2016 8:04 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: RE: [External] [mssms] ConfigMgr 1606 current branch available now

I saw this was available on Friday before I left.  Today, it is no longer an 
option for Updating.  Did it get pulled?

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Brian Illner
Sent: Friday, July 22, 2016 11:40 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [External] [mssms] ConfigMgr 1606 current branch available now


[https://abs.twimg.com/sticky/default_profile_images/default_profile_6_normal.png]

david james (@djammmer<https://twitter.com/djammmer?refsrc=email=11>)

7/22/16, 12:01 
PM<https://twitter.com/djammmer/status/756519487457734656?refsrc=email=11>
#ConfigMgr<https://twitter.com/search?q=%23ConfigMgr=hash> 1606 current 
branch available now, for everyone. Opt into fast ring to get it immediately. 
blogs.technet.microsoft.com/enterprisemobi…<https://t.co/7UMaFuZVva>



CONFIDENTIALITY NOTICE: The e-mail transmission (and/or the documents 
accompanying such) may contain confidential information. Such information is 
intended only for the use of the individual or entity named above. If you are 
not the named or intended recipient, you are hereby notified that any 
disclosure, copying, distribution, or the taking of any action in reliance on 
the contents of such information is strictly prohibited. If you have received 
this email in error, please notify the sender and then delete the email. Thank 
you for your cooperation.


CONFIDENTIALITY NOTICE: 

[mssms] ConfigMgr 1606 current branch available now

[Brian Illner]

[https://abs.twimg.com/sticky/default_profile_images/default_profile_6_normal.png]

david james (@djammmer)

7/22/16, 12:01 
PM
#ConfigMgr 1606 current 
branch available now, for everyone. Opt into fast ring to get it immediately. 
blogs.technet.microsoft.com/enterprisemobi…

[mssms] RE: sccm 2012 r2 sp1-->1602 questions

[Brian Illner]

Could you elaborate more on the issues that occur from the in place upgrades? 
We're looking at upgrading ConfigMgr from 2012R2SP1 in the near future.

BRIAN ILLNER | Canal Insurance Company
864.250.9227
864.679.2537 Fax
Visit canalinsurance.com<http://canalinsurance.com> for news and information.
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Denzik, Josh
Sent: Monday, June 27, 2016 3:35 PM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: sccm 2012 r2 sp1-->1602 questions

I choose building a new environment. We needed to update server os and sql 
version. I've also heard through the MS grapevine there have been issues doing 
in place upgrades to 1511/1602.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of HELMS, DAVID C
Sent: Monday, June 27, 2016 3:21 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] RE: sccm 2012 r2 sp1-->1602 questions

Maybe it's me, but wouldn't it just be simpler to build a whole new server with 
the latest OS, SQL, and ConfigMgr and then just migrate over the clients and 
everything else?

Granted my environment is less complicated and fewer clients than most.  I've 
never been in fan of in-place upgrades.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jimmy Martin
Sent: Thursday, June 23, 2016 4:10 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] sccm 2012 r2 sp1-->1602 questions

***This is an EXTERNAL email. Please do not click on a link or open any 
attachments unless you are confident it is from a trusted source.


I have a VERY stable single primary Hyperv guest with OS = 2008 r2, 8 procs, 
32Gb ram, sql 2012 installed local, wsus 3.2 installed local with sql DB local, 
reporting services point also local with many custom reports.

I think I have sufficiently laid out the mine field...

So, I'm starting to make my task list for getting to 1602

Is there anything GLARINGLY wrong with this below? Or are the suggestions you 
would make to ease the update process?


· Reboot server

· Full sccm application backup

· Full backup of reporting db

· Full sccm server backup

· <-- deinstall current windows ADK

· --> install newer 1511 ADK

· --> install ADK patch and do manual process documented in kb3143760

· --> update mdt

· --> sccm 2012 current branch 1511

· --> current branch 1602

· <-- deinstall software update point

· <-- deinstall wsus role

· Delete old wsus db

· --> in place primary server OS upgrade to 2012 r2 sp1

· --> install wsus role and windows 10 hotfix

· --> install software update point

· --> in place upgrade of SQL to 2014

· --> upgrade SCCM clients




Jimmy Martin | Engineer | Information Technology | BMHCC - CORPORATE
Phone: (901) 227-8209 | jimmy.mar...@bmhcc.org<mailto:jimmy.mar...@bmhcc.org>
Opinions expressed above are not necessarily those of Baptist.

This message and any files transmitted with it may contain legally privileged, 
confidential, or proprietary information. If you are not the intended recipient 
of this message, you are not permitted to use, copy, or forward it, in whole or 
in part without the express consent of the sender. Please notify the sender of 
the error by reply email, disregard the foregoing messages, and delete it 
immediately.


P Please consider the environment before printing this email...

RE: [mssms] SCCM Current Branch

[Brian Illner]

The MS recommendation was within the Config Mgr program in Microsoft Connect. I 
cannot find the specific feedback/bug post at the moment.

BRIAN ILLNER | Canal Insurance Company
864.250.9227
864.679.2537 Fax
Visit canalinsurance.com<http://canalinsurance.com> for news and information.
[cid:image001.jpg@01D1D765.CEE7EDF0]
[cid:image002.jpg@01D1D765.CEE7EDF0]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Marable, Mike
Sent: Tuesday, July 5, 2016 11:30 AM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] SCCM Current Branch

+1

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jason Sandys
Sent: Tuesday, July 5, 2016 9:39 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: RE: [mssms] SCCM Current Branch

It’s never truly been broken. There are just a lot of caveats due to how the 
upgrades are/were published in WSUS along with things that the in-place upgrade 
scenario from a Windows perspective simply doesn’t handle gracefully (or at 
all). If you any actual control over the process, then an upgrade task sequence 
that enables you to do additional things is the way to go; examples include 
(but are not limited to) removing built-in store apps, dealing with third-party 
disk encryption or AV, injecting drivers, adding languages.

Thus, it is completely possible to use the built-in servicing successfully but 
in most corporate environments, due to the variety and complexity involved, the 
simplistic fire and forget upgrade is just not sufficient to handle all of 
these caveats.

I don’t think Microsoft has any explicit recommendation here at all. They’ve 
provided multiple technically viable paths and it’s up to you to choose which 
is best for your organization.

J

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Brian Illner
Sent: Tuesday, July 5, 2016 8:26 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: RE: [mssms] SCCM Current Branch

Is the Windows 10 Servicing feature still broken within SCCM?

Last instruction I had read from MS was to deploy the Win10 upgrades via the 
standard Software Updates, and not attempt the Servicing Plans yet.

BRIAN ILLNER | Canal Insurance Company
864.250.9227
864.679.2537 Fax
Visit canalinsurance.com<http://canalinsurance.com> for news and information.
[cid:image001.jpg@01D1D765.CEE7EDF0]
[cid:image002.jpg@01D1D765.CEE7EDF0]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Juelich, Adam
Sent: Tuesday, July 5, 2016 8:54 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: Re: [mssms] SCCM Current Branch

CB is 1602, and the TP release is 1606 I believe.


---

Adam Juelich

Pulaski Community School District<http://www.pulaskischools.org>

Client Management Specialist

920-822-6075

On Tue, Jul 5, 2016 at 7:12 AM, David Jones 
<dkjones9...@gmail.com<mailto:dkjones9...@gmail.com>> wrote:
Right now, what i

RE: [mssms] SCCM Current Branch

[Brian Illner]

Is the Windows 10 Servicing feature still broken within SCCM?

Last instruction I had read from MS was to deploy the Win10 upgrades via the 
standard Software Updates, and not attempt the Servicing Plans yet.

BRIAN ILLNER | Canal Insurance Company
864.250.9227
864.679.2537 Fax
Visit canalinsurance.com<http://canalinsurance.com> for news and information.
[cid:image001.jpg@01D1D69F.47732E50]
[cid:image002.jpg@01D1D69F.47732E50]<https://www.linkedin.com/company/canal-insurance-company>
WARNING:  As the information in this transmittal (including attachments, if 
any) may contain confidential, proprietary, or business trade secret 
information, it should only be reviewed by those who are the intended 
recipients.  Unless you are an intended recipient, any review, use, disclosure, 
distribution or copying of this transmittal (or any attachments) is strictly 
prohibited.   If you have received this transmittal in error, please notify me 
immediately by reply email and destroy all copies of the transmittal.  While 
Canal believes this transmittal to be free of virus or other defect, it is the 
responsibility of the recipient to ensure that it is virus free and no 
responsibility is accepted by Canal (or its subsidiaries and affiliates) for 
any loss or damage arising therefrom.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Juelich, Adam
Sent: Tuesday, July 5, 2016 8:54 AM
To: mssms@lists.myitforum.com
Subject: Re: [mssms] SCCM Current Branch

CB is 1602, and the TP release is 1606 I believe.


---

Adam Juelich

Pulaski Community School District<http://www.pulaskischools.org>

Client Management Specialist

920-822-6075

On Tue, Jul 5, 2016 at 7:12 AM, David Jones 
<dkjones9...@gmail.com<mailto:dkjones9...@gmail.com>> wrote:
Right now, what is the Current Branch and what is the latest 'in between for 
the bleeding edge folks' release?






The Pulaski Community School District does not discriminate on the basis of any 
characteristic protected under State or Federal law.