Re: [mssms] understanding Software Metering Data

[Stuart Watret]

Cheers Garth, assumed as much - thanks.

> On 8 Jan 2018, at 20:31, Garth Jones <ga...@enhansoft.com> wrote:
> 
> Hi Stuart, It would be a whole hour of usage. 
> 
> 
> Garth Jones
> Chief Architect
> Configuration Manager/SCCM Reporting
> 
> -Original Message-
> From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] 
> On Behalf Of Stuart Watret
> Sent: Monday, January 8, 2018 9:28 AM
> To: mssms@lists.myitforum.com
> Subject: [mssms] understanding Software Metering Data
> 
> Google skills have let me down.
> 
> Anyone have a good link or explanation of the data in a software metering 
> report?
> 
> total usages = how many times it was opened and closed?
> 
> specifically, if someone opens something, leaves it minimised and closes it 
> after an hour is that whole hour classed as usage? (even though they 
> technically were not using it)
> 
> Ta
> 
> S.
> 
> 
> 
> 
> 
> 
> 

[mssms] understanding Software Metering Data

[Stuart Watret]

Google skills have let me down.

Anyone have a good link or explanation of the data in a software metering 
report?

total usages = how many times it was opened and closed?

specifically, if someone opens something, leaves it minimised and closes it 
after an hour is that whole hour classed as usage? (even though they 
technically were not using it)

Ta

S.

[mssms] understanding Software Metering Data

[Stuart Watret]

Google skills have let me down.

Anyone have a good link or explanation of the data in a software metering 
report?

total usages = how many times it was opened and closed?

specifically, if someone opens something, leaves it minimised and closes it 
after an hour is that whole hour classed as usage? (even though they 
technically were not using it)

Ta

S.

Re: [mssms] RE: OT Powershell & Laps

[Stuart Watret]

Thanks Jeff,
I’m grabbing the input from a vb box and assigning the variable to that.
Same thing I’ve done for various jobs yet this time that command doesn’t like 
it.

I’ll try your suggestion but found a workaround using the standard ad ps tool 
to bring back just the Laps password and that seems to work.

Thanks
Stuart

Sent from a dog and bone.
_
From: Jerousek, Jeff <jeff.jerou...@lrs.com>
Sent: Tuesday, December 19, 2017 21:26
Subject: [mssms] RE: OT Powershell & Laps
To: <mssms@lists.myitforum.com>


These questions are impossible to answer without knowing how you're assigning 
the $computer variable, but do a
$computer | get-member
And make sure it's the string you think it is.

Thanks,
Jeff Jerousek

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Stuart Watret
Sent: Tuesday, December 19, 2017 11:53 AM
To: mssms@lists.myitforum.com
Subject: [mssms] OT Powershell & Laps

Anyone know why this happens?

Laps has some commandlets

If I try
Get-AdmPwdPassword -Computername Sam1

its fine.

if i use a variable for the comp name like this,

Get-AdmPwdPassword -Computername $Computer

I get ‘URI formats are not supported’

The computer name has no spaces - it’s very odd and google isn’t helping.

Ta

Stuart

[mssms] OT Powershell & Laps

[Stuart Watret]

Anyone know why this happens?

Laps has some commandlets

If I try 
Get-AdmPwdPassword -Computername Sam1

its fine.

if i use a variable for the comp name like this,

Get-AdmPwdPassword -Computername $Computer

I get ‘URI formats are not supported’

The computer name has no spaces  - it’s very odd and google isn’t helping.

Ta

Stuart

Re: [mssms] Upgrading Config Mgr

[Stuart Watret]

You must be a patient man, I’d have left :)

Stuart

On 14 Dec 2017, at 16:34, Heaton, Joseph@Wildlife 
<joseph.hea...@wildlife.ca.gov<mailto:joseph.hea...@wildlife.ca.gov>> wrote:

My organization requires a more formal plan for any updates.  And it goes 
through a weekly approval board, so I still have to line everything up nicely.  
I got the go-ahead to upgrade ADK today, but the server updates haven’t gone to 
the approval board yet.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Stuart Watret
Sent: Wednesday, December 13, 2017 12:19 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: Re: [mssms] Upgrading Config Mgr

You must be using lots of new features if you need a plan :) :)
Run the pre-requ check that would tell you if 1702 to 1706 will work (it will)

With quarterly updates I wouldn’t spend to long planning !

Backup and press go…….


Stuart




On 12 Dec 2017, at 18:07, Heaton, Joseph@Wildlife 
<joseph.hea...@wildlife.ca.gov<mailto:joseph.hea...@wildlife.ca.gov>> wrote:

I am currently running 1702.  I’ve written up my plans and method for upgrading 
to 1706, but over the weekend 1710 showed up in my availables.  I have seen 
some really cool stuff coming with 1710, but is it still too soon for 
production?  Can I upgrade from 1702 directly to 1710?

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  916-323-1284

Re: [mssms] Upgrading Config Mgr

[Stuart Watret]

You must be using lots of new features if you need a plan :) :)
Run the pre-requ check that would tell you if 1702 to 1706 will work (it will)

With quarterly updates I wouldn’t spend to long planning !

Backup and press go…….


Stuart


On 12 Dec 2017, at 18:07, Heaton, Joseph@Wildlife 
> wrote:

I am currently running 1702.  I’ve written up my plans and method for upgrading 
to 1706, but over the weekend 1710 showed up in my availables.  I have seen 
some really cool stuff coming with 1710, but is it still too soon for 
production?  Can I upgrade from 1702 directly to 1710?

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  916-323-1284

Re: [mssms] Redirect VPN clients traffic to IBCM servers !

[Stuart Watret]

What would be nice in this scenario, is the azure hosted mp/dp taking over, 
rather than the old world internet facing MP shnizzle.

Just a thought.

Stuart

On 7 Dec 2017, at 05:54, Miriyala, Vasu 
> wrote:

Thanks John I will try this

Just want to reiterate to gain more clarity


  *   Even though client CAN connect to CORPNet, Domain, AD server are 
reachable, as long as it cannot make successful connection to assigned MP, 
client will talk to Internet MP as next avenue ?
  *   Once after establishing a connection with IBCM server for MP, SUP, DP 
services… hope it doesn’t have any chance of revisiting its decision 
intermittently to try for default/assigned MP, which may cause disruption of 
actively going services like policies, package download so on… ?


--Vasu

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of John Marcum
Sent: Wednesday, December 6, 2017 7:32 PM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Redirect VPN clients traffic to IBCM servers !

According to this if a client cannot connect to it’s assigned MP it assumes 
it’s on the Internet. Maybe you can someone block access to the MP from VPN 
subnet?


When this network change is detected, the client computer will first attempt to 
communicate with its assigned management point on the intranet. If this 
succeeds, the client computer behaves as a standard intranet client. However, 
if the client computer cannot connect to its assigned management point, it then 
attempts communication with its configured Internet management point, using the 
Internet fully qualified domain name that is configured on the management point 
and registered with Internet DNS servers. When the Internet management point 
responds, the client computer then uses as required, the distribution points 
and software updates point that are also configured for Internet-based client 
management.




Sensitivity: Confidential between partners

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Miriyala, Vasu
Sent: Tuesday, December 5, 2017 11:39 PM
To: mssms@lists.myitforum.com
Subject: [mssms] Redirect VPN clients traffic to IBCM servers !

Hi Champs,

Currently internet clients, after establishing VPN connection, starts to use 
on-premises MP, DP etc which is good and by design, however Network team wants 
to avoid this to redirect that traffic from VPN bandwidth to Internet IBCM 
servers as project uses these bandwidth and sometimes is choked due to SCCM 
usage

Is there a inbuilt or custom configuration (@ SCCM or Network front) that helps 
us to tell IBCM client not to use on-premises SCCM servers when on VPN, rather 
forcing them to go use IBCM servers only ?

Thanks, Vasu
This message contains information that may be privileged or confidential and is 
the property of the Capgemini Group. It is intended only for the person to whom 
it is addressed. If you are not the intended recipient, you are not authorized 
to read, print, retain, copy, disseminate, distribute, or use this message or 
any part thereof. If you receive this message in error, please notify the 
sender immediately and delete all copies of this message.


This message contains information that may be privileged or confidential and is 
the property of the Capgemini Group. It is intended only for the person to whom 
it is addressed. If you are not the intended recipient, you are not authorized 
to read, print, retain, copy, disseminate, distribute, or use this message or 
any part thereof. If you receive this message in error, please notify the 
sender immediately and delete all copies of this message.

Re: [mssms] Adding a list of users to a user collection

[Stuart Watret]

Now that makes no sense!

On 21 Nov 2017, at 15:25, Heaton, Joseph@Wildlife 
<joseph.hea...@wildlife.ca.gov<mailto:joseph.hea...@wildlife.ca.gov>> wrote:

Ok, so it worked…. To a point.  For some reason, the user collection does not 
have the same number of members that the AD security group has.  It’s over 100 
users short.  Any idea why that would happen?  User discovery is at the root of 
the domain, so should be getting all users, no matter where they are.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of John Marcum
Sent: Tuesday, November 21, 2017 6:36 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: RE: [mssms] Adding a list of users to a user collection

Agreed… this is by far my preferred method for populating collections. You get 
the added flexibility of being able to reuse the groups  for other purposes too 
such as GPO’s that are related to the software being deployed. At the law firm 
I left recently we used 1E shopping to populate the groups in a self-service 
manner which was super easy



Sensitivity: Confidential between partners

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: Monday, November 20, 2017 1:58 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: Re: [mssms] Adding a list of users to a user collection

Awesome, thanks.  I’ll try that out.
Sent from my iPhone

On Nov 20, 2017, at 3:08 AM, Stuart Watret 
<stu...@offshore-it.co.uk<mailto:stu...@offshore-it.co.uk>> wrote:
Have to agree, our deployments are based on collections based on ad group 
member ships.
It’s great.

Stuart

On 18 Nov 2017, at 03:51, Nemec, Dale 
<dale.ne...@tektronix.com<mailto:dale.ne...@tektronix.com>> wrote:

We use an Active Directory security group, and SCCM pulls the users from the 
security group.

This is the Collection query we use:

select 
SMS_R_USER.ResourceID,SMS_R_USER.ResourceType,SMS_R_USER.Name,SMS_R_USER.UniqueUserName,SMS_R_USER.WindowsNTDomain
 from SMS_R_User where SMS_R_User.UserGroupName = 
"\\<SECURITYGROUPNAME>"

Of course, you need to also discover the OU that the security group is in under 
your site Discovery settings.

Then use powershell to populate the AD security group.

This gives us the flexibility to allow our help desk technicians to add/remove 
users from the AD security group without having to grant access to the SCCM 
Admin Console.

We have different AD security groups for each user deployment.

Good luck!

Dale Nemec | Global Architecture & Technology Ops (ESS) | Tektronix

From: 
listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>[mailto:listsad...@lists.myitforum.com]
 On Behalf Of Heaton, Joseph@Wildlife
Sent: Friday, November 17, 2017 3:30 PM
To: 'mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>' 
<mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>>
Subject: [mssms] Adding a list of users to a user collection

I have the Now Micro right-click tools installed, so I thought it was going to 
be as easy as dropping the list of samaccountnames in the box, but that didn’t 
work.  So, I tried UPN, and that didn’t work.  Then I tried putting the domain 
name in there with sam, and that didn’t work.  How can I get a list of 1800 
users into a user collection without doing it manually? I was looking at the CM 
Powershell cmdlets, but the technet cmdlet reference doesn’t give very good 
examples.  Is that the way I should be looking, though?  And if so, what format 
does the user name need to be in to work?

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  916-323-1284


Please be advised that this email may contain confidential information. If you 
are not the intended recipient, please notify us by email by replying to the 
sender and delete this message. The sender disclaims that the content of this 
email constitutes an offer to enter into, or the acceptance of, any agreement; 
provided that the foregoing does not invalidate the binding effect of any 
digital or other electronic reproduction of a manual signature that is included 
in any attachment.

Re: [mssms] Adding a list of users to a user collection

[Stuart Watret]

Have to agree, our deployments are based on collections based on ad group 
member ships.
It’s great.

Stuart

On 18 Nov 2017, at 03:51, Nemec, Dale 
> wrote:

We use an Active Directory security group, and SCCM pulls the users from the 
security group.

This is the Collection query we use:

select 
SMS_R_USER.ResourceID,SMS_R_USER.ResourceType,SMS_R_USER.Name,SMS_R_USER.UniqueUserName,SMS_R_USER.WindowsNTDomain
 from SMS_R_User where SMS_R_User.UserGroupName = 
"\\"

Of course, you need to also discover the OU that the security group is in under 
your site Discovery settings.

Then use powershell to populate the AD security group.

This gives us the flexibility to allow our help desk technicians to add/remove 
users from the AD security group without having to grant access to the SCCM 
Admin Console.

We have different AD security groups for each user deployment.

Good luck!

Dale Nemec | Global Architecture & Technology Ops (ESS) | Tektronix

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: Friday, November 17, 2017 3:30 PM
To: 'mssms@lists.myitforum.com' 
>
Subject: [mssms] Adding a list of users to a user collection

I have the Now Micro right-click tools installed, so I thought it was going to 
be as easy as dropping the list of samaccountnames in the box, but that didn’t 
work.  So, I tried UPN, and that didn’t work.  Then I tried putting the domain 
name in there with sam, and that didn’t work.  How can I get a list of 1800 
users into a user collection without doing it manually? I was looking at the CM 
Powershell cmdlets, but the technet cmdlet reference doesn’t give very good 
examples.  Is that the way I should be looking, though?  And if so, what format 
does the user name need to be in to work?

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  916-323-1284



Please be advised that this email may contain confidential information. If you 
are not the intended recipient, please notify us by email by replying to the 
sender and delete this message. The sender disclaims that the content of this 
email constitutes an offer to enter into, or the acceptance of, any agreement; 
provided that the foregoing does not invalidate the binding effect of any 
digital or other electronic reproduction of a manual signature that is included 
in any attachment.

Re: [mssms] November Patches 2008r2 and VMWare Guest

[Stuart Watret]

resolved, looks like a particular 3rd party service common to both of our 
affected boxes.

> On 17 Nov 2017, at 11:04, Stuart Watret <stu...@offshore-it.co.uk> wrote:
> 
> [This sender failed our fraud detection checks and may not be who they appear 
> to be. Learn about spoofing at http://aka.ms/LearnAboutSpoofing]
> 
> Wondering if anyone else is seeing this?
> 
> KB4048957/8960/7260
> 
> Got two VMWare guests that are now rebooting every couple of minutes after 
> installing these patches and rebooting.
> 
> Have removed the patches, but the issue remains.
> 
> Eventlog has a graceful shutdown via LegacyAPI.
> 
> Remove the NIC’s stops the reboot.
> 
> Stuart

[mssms] November Patches 2008r2 and VMWare Guest

[Stuart Watret]

Wondering if anyone else is seeing this?

KB4048957/8960/7260

Got two VMWare guests that are now rebooting every couple of minutes after 
installing these patches and rebooting.

Have removed the patches, but the issue remains.

Eventlog has a graceful shutdown via LegacyAPI.

Remove the NIC’s stops the reboot.

Stuart

[mssms] pre-provision bitlocker

[Stuart Watret]

Morning, I’m late to the pre-provision party, but just got it working in Config 
Manager for Win7.

Obviously there isn’t a similar action available from the menu in MDT - so 
what’s the best way to do pre-provision of bit locker in MDT?

Thanks

Stuart

Re: [mssms] definition updates today

[Stuart Watret]

ive had at least 6 in a day before, normal service has resumed with 4 already 
for the 13th :)

On 12 Oct 2017, at 22:53, Wolf, Daniel 
<da.w...@neopost.com<mailto:da.w...@neopost.com>> wrote:

I believe that Microsoft only publishes definitions three times a day, not that 
you shouldn’t sync more often – though I may be wrong. Ideally you want as 
short a lag between publishing and distribution, so we sync every hour.


From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Adam Juelich
Sent: Thursday, October 12, 2017 3:49 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: Re: [mssms] definition updates today

The think best practices is not to sync more than 3 times a day..Leverage 
some of the other sources for updates in unique situations.

On Thu, Oct 12, 2017 at 10:41 AM, Stuart Watret 
<stu...@offshore-it.co.uk<mailto:stu...@offshore-it.co.uk>> wrote:
Defender has been fine, Endpoint has downloaded no definition updates today.

Anyone else seeing this?

My wsus is set to sync every hour.

Thanks

Stuart

Re: [mssms] definition updates today

[Stuart Watret]

never read that, been fine for years…….

Stuart
On 12 Oct 2017, at 21:48, Adam Juelich 
<acjuel...@gmail.com<mailto:acjuel...@gmail.com>> wrote:

The think best practices is not to sync more than 3 times a day..Leverage 
some of the other sources for updates in unique situations.

On Thu, Oct 12, 2017 at 10:41 AM, Stuart Watret 
<stu...@offshore-it.co.uk<mailto:stu...@offshore-it.co.uk>> wrote:
Defender has been fine, Endpoint has downloaded no definition updates today.

Anyone else seeing this?

My wsus is set to sync every hour.

Thanks

Stuart

[mssms] definition updates today

[Stuart Watret]

Defender has been fine, Endpoint has downloaded no definition updates today.

Anyone else seeing this?

My wsus is set to sync every hour.

Thanks

Stuart

[mssms] RE: VPN / Cloud Based MP

[Stuart Watret]

That's the kind of thing Im after, occasionally I work remotely and my VPN is 
on all the time, in short its not possible to do much without the VPN 
connection - in that scenario the Azure based role has no benefit; although I'm 
going to ask if my behaviour is typical :)

Would the Azure role support workgroup comps, the same way on premises does?

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Jason Sandys
Sent: 09 October 2017 20:00
To: mssms@lists.myitforum.com
Subject: [mssms] RE: VPN / Cloud Based MP

Also, how often are your mobile workers actually connected to VPN? We find that 
most users only sporadically connect and then not for long periods of time 
either so without a way to manage these Internet-connected devices, they are 
basically not managed at all.

Azure helps here because you don't need on-prem infrastructure to support the 
IBCM feature set in ConfigMgr and since the clients are on the Internet, it 
makes a ton of sense for multiple reasons include security and cost that they 
would connect to Azure instead of your network.

J

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of John Marcum
Sent: Monday, October 9, 2017 9:44 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] RE: VPN / Cloud Based MP

I'm not sure I understand what you are asking but I'm going to take a stab at 
it.. One thing that's nice is that when clients are marked as "Internet" 
clients they never download updates from your DP, instead they go directly to 
Microsoft to get them.



Sensitivity: Confidential between partners
From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Stuart Watret
Sent: Monday, October 9, 2017 4:52 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] VPN / Cloud Based MP

After a discussion on here i read some more about the Azure based roles for 
management and distort points.

They sound great but, what if your mobile workers are all using a VPN solution? 
Where does the Azure fit in with that?

I suppose what scenarios fit the Azure deployment of this roles?  I can only 
think of one, where I might have deployed the InTune client before to keep tabs 
on an 'Off net' machine.

I'm wondering what your experience is and the scenarios around it?

Thanks

Stuart Watret

RE: [mssms] Moving away from image installation?

[Stuart Watret]

Wipe and load, but we are moving from Bios to Uefi, from x86 to x64 and over 
80% of our apps are virtual.

Stuart

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Tim Amico
Sent: 05 October 2017 13:09
To: mssms@lists.myitforum.com
Subject: RE: [mssms] Moving away from image installation?

Using a mix of both here with an upgrade to Office 2016 during the in-place. 
Our end users and help desk love the in-place upgrade from 7 to 10, basically 
an hour or two later and it’s running Win 10 just the way they had it setup 
when it was Win 7.

If it applies, you might be shaving time with a wipe and load on the upgrade of 
Office, but what about user data and additional applications they may have 
installed after the wipe and load.

Can’t comment on the HP\Dell out of box, still wipe and load new systems.

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of 
janus...@gmx.net
Sent: Thursday, October 5, 2017 7:38 AM
To: mssms@lists.myitforum.com
Subject: [mssms] Moving away from image installation?

MS is promoting a lot to upgrade existing systems, like Win 7 to 10 or even 
using out of the box installations from vendors, instead of wipe and load.

e.g. us: We are on Win 7 with Office 2013 and a few language packs in the image.
Upgrading to Win 10, now with office 2016 and the same language packs would 
take much longer than just wiping it with the image having all that already 
(and patched).

But how many of you are actually using upgrade, like from win7, or even using 
HP/Dell out of the box systems and just integrate them?

-Roland

RE: [mssms] Slow Console performance for some users

[Stuart Watret]

So its resolved.
The tech played with some WMI resourse allocation settings; no change
Then we checked the DB with DBCC Showcontig – there was a lot of fragmentation.

Given the system had been used in anger for a week, I was surprised, but yea, 
reindexing seems to have fixed it.

S.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Stuart Watret
Sent: 28 September 2017 15:24
To: mssms@lists.myitforum.com
Subject: Re: [mssms] Slow Console performance for some users


This sender failed our fraud detection checks and may not be who they appear to 
be. Learn about spoofing<http://aka.ms/LearnAboutSpoofing>

Feedback<http://aka.ms/SafetyTipsFeedback>

Just had my colleague open the console with my reds, no issue.

Shut down, opened as him, back to the donut.

This is the section that hangs on Execute….

[cid:image001.png@01D33E27.E823BFE0]


On 28 Sep 2017, at 14:42, Stuart Watret 
<stu...@offshore-it.co.uk<mailto:stu...@offshore-it.co.uk>> wrote:

What I’m seeing in that log is sql execution delays, the same time his console 
is waiting.

I do the same thing, navigate to the same package it’s almost instant.

I click, I see a sql command and my console refreshes, he clicks, same command, 
no action.

I may raise it with MS.

I have the hot fix installed, so that doesn’t help.

It’s the working for some, not others bit thats got me puzzled.

S.




On 28 Sep 2017, at 14:18, Brucker, Chris 
<chris.bruc...@bankatfirst.com<mailto:chris.bruc...@bankatfirst.com>> wrote:

We have been seeing similar issues since our upgrade to 1706 wave 1. I haven't 
made time yet to upgrade to wave 2 and the hotfix to see if that fixes it.

Another theory I have wanted to test is how often are your hardware 
inventories, application evaluations, software update scans, etc occurring? I'm 
a bit of a spaz about that and have hardware inventories and software update 
scans every 12 hours. Application evaluations every 4 hours and Software 
inventories occur every 7 days.

SQL has 4 cores and 24gb of ram, SCCM has 2 cores and 12gb ram. 2700 clients.

Thanks,
Chris Brucker


On Sep 28, 2017, at 9:06 AM, Daniel Ratliff 
<dratl...@humana.com<mailto:dratl...@humana.com>> wrote:

CAUTION: The e-mail below is from an EXTERNAL source. Please do not open 
attachments or click links from an unknown or suspicious origin.



Anything in smsprov.log?

Daniel Ratliff

-Original Message-
From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Stuart Watret
Sent: Thursday, September 28, 2017 5:31 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] Slow Console performance for some users

So, finished our migration to new server running 1706.

OS 2016 / SQL 2016 Sp1 CU5 / Compatibility 130

Its absolutely fine for me, I have three colleagues who are also full admins, 
one of them is fine, the other two have appalling console performance.

We have removed the console and reinstalled, we have had them run the console 
on the server, the results are the same.

If they drill down to a package, then click the program tab, they have the 
donut of doom, for a long time before it enumerates.

This is repeatable.

Any thoughts?

Stuart Watret







**
The information contained in this message from First Financial Bancorp or its 
affiliates and any attachments are confidential.  It is not intended for 
transmission to, or receipt by, anyone other than the addressee(s), or a person 
authorized to deliver it to the named addressee(s).  If you have received this 
message in error, you are prohibited from copying, distributing or using the 
information.  Please contact the sender immediately by return email and delete 
the original message.

Re: [mssms] Slow Console performance for some users

[Stuart Watret]

Early days, and as these things go my troublesome test client started working 
fine a few mins into my demo :(

However we found another dodgy one and managed to show there was an issue.

Initial solution is some WMI tinkering, I’m waiting on specifics, but didn’t 
think it was sql compatibility because some worked ok.

Will update further when I get the wii changes in detail.

S.


On 29 Sep 2017, at 08:23, Stuart Watret 
<stu...@offshore-it.co.uk<mailto:stu...@offshore-it.co.uk>> wrote:


This sender failed our fraud detection checks and may not be who they appear to 
be. Learn about spoofing<http://aka.ms/LearnAboutSpoofing>
Feedback<http://aka.ms/SafetyTipsFeedback>
Awesome info everyone, and a reminder why I love this list so much. It’s a 
disappointing state of affairs if it turns out to be this. The call is in, 
hopefully they will reach the same conclusion or it’s something else.
I’ll update the thread when I get a resolution.

Stuart

Sent from a dog and bone.
_
From: Sherry Kissinger 
<sherrylkissin...@gmail.com<mailto:sherrylkissin...@gmail.com>>
Sent: Thursday, September 28, 2017 20:59r
Subject: Re: [mssms] RE: Slow Console performance for some users
To: <mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>>


oh, by the way... SQL 2016 SP1 CU5... we're still on CU5 just in the lab.  
We're on CU2 in production.  CU3 Microsoft said "don't do it".  CU4 we tried... 
and we got sql replication delays and issues with DRS.  uninstalled CU4 and 
everything was fine.  (but apparently we're the only ones that reported that 
issue).  We haven't put CU5 in production yet.  So... that said... "just in 
case" you think it MIGHT be the CU5; if you're going to try to downgrade to a 
different CU; downgrade to CU2.  CU5 might be fine, tho.

On Thu, Sep 28, 2017 at 2:49 PM, Sherry Kissinger 
<sherrylkissin...@gmail.com<mailto:sherrylkissin...@gmail.com>> wrote:
We've seen sporadic Console slowness issues, "usually" seen when we have 
Compatibility set to SQL 2016, and the person using the console is not a 'full 
admin'.  If we just for the cm_ database at the CAS (yes, we sadly need a cas, 
with over 300k clients, we have to have one.  :( ) , set it to sql 2012 (not 
sql 2014, fyi, but that's just because we've never tested that), and BAM! 
console slowness issues gone.

We've tried various things with various success rates.  One team member spent 
WEEKS running, re-running, tweaking, adjusting, etc. etc. the Ola Hallengren 
indexing scripts, and adjusting the timings, and trying more frequent update 
statistics.  sometimes it would help... and then a day or two would pass, and 
although nothing had changed and the reindexing/statistics had run just fine; 
console slowness again.  So again... back to sql 2012 compatibility.  We keep 
trying, though.

But honestly it's not like we spend every waking moment trying to get to sql 
2016 compatibility.  It would be nice to have it; but since we can work around 
the issue by bumping the CAS (and this is just the cas, we leave the primaries 
at sql 2016 compat), down to sql 2012, we just live with it until we get a 
spare moment to try again.

On Thu, Sep 28, 2017 at 2:13 PM, Jason Sandys 
<ja...@sandys.us<mailto:ja...@sandys.us>> wrote:
The slowdown is a result of RBA processing. The more complicated the RBA rules, 
the more noticeable the slowdown. No RBA = no slowdown.

I think that article may have a typo in it.

Changing the compatibility level is easy to do, easy to test, and easily 
reversed.

J

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>]On
 Behalf Of Stuart Watret
Sent: Thursday, September 28, 2017 11:42 AM

To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: Re: [mssms] RE: Slow Console performance for some users




for me it doesn’t explain the fact some people are fine, ill open a call 
tomorrow.

On 28 Sep 2017, at 17:26, Daniel Ratliff 
<dratl...@humana.com<mailto:dratl...@humana.com>> wrote:

Its recommended to be set to 130 per the article yes, but that doesn’t mean you 
don’t have the issue.

Find a culprit query, and run the instructions they gave to see if you are 
impacted.

Daniel Ratliff

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Daniel Ratliff
Sent: Thursday, September 28, 2017 12:03 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: RE: [mssms] RE: Slow Console performance for some users

Heres the details. 
https://support.microsoft.com/en-us/help/3196320/sql-query-times-out-or-console-slow-on-certain-configuration-manager-d

Daniel Ratliff

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitfo

Re: [mssms] RE: Slow Console performance for some users

[Stuart Watret]

Awesome info everyone, and a reminder why I love this list so much. It’s a 
disappointing state of affairs if it turns out to be this. The call is in, 
hopefully they will reach the same conclusion or it’s something else.
I’ll update the thread when I get a resolution.

Stuart

Sent from a dog and bone.
_
From: Sherry Kissinger 
<sherrylkissin...@gmail.com<mailto:sherrylkissin...@gmail.com>>
Sent: Thursday, September 28, 2017 20:59r
Subject: Re: [mssms] RE: Slow Console performance for some users
To: <mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>>


oh, by the way... SQL 2016 SP1 CU5... we're still on CU5 just in the lab.  
We're on CU2 in production.  CU3 Microsoft said "don't do it".  CU4 we tried... 
and we got sql replication delays and issues with DRS.  uninstalled CU4 and 
everything was fine.  (but apparently we're the only ones that reported that 
issue).  We haven't put CU5 in production yet.  So... that said... "just in 
case" you think it MIGHT be the CU5; if you're going to try to downgrade to a 
different CU; downgrade to CU2.  CU5 might be fine, tho.

On Thu, Sep 28, 2017 at 2:49 PM, Sherry Kissinger 
<sherrylkissin...@gmail.com<mailto:sherrylkissin...@gmail.com>> wrote:
We've seen sporadic Console slowness issues, "usually" seen when we have 
Compatibility set to SQL 2016, and the person using the console is not a 'full 
admin'.  If we just for the cm_ database at the CAS (yes, we sadly need a cas, 
with over 300k clients, we have to have one.  :( ) , set it to sql 2012 (not 
sql 2014, fyi, but that's just because we've never tested that), and BAM! 
console slowness issues gone.

We've tried various things with various success rates.  One team member spent 
WEEKS running, re-running, tweaking, adjusting, etc. etc. the Ola Hallengren 
indexing scripts, and adjusting the timings, and trying more frequent update 
statistics.  sometimes it would help... and then a day or two would pass, and 
although nothing had changed and the reindexing/statistics had run just fine; 
console slowness again.  So again... back to sql 2012 compatibility.  We keep 
trying, though.

But honestly it's not like we spend every waking moment trying to get to sql 
2016 compatibility.  It would be nice to have it; but since we can work around 
the issue by bumping the CAS (and this is just the cas, we leave the primaries 
at sql 2016 compat), down to sql 2012, we just live with it until we get a 
spare moment to try again.

On Thu, Sep 28, 2017 at 2:13 PM, Jason Sandys 
<ja...@sandys.us<mailto:ja...@sandys.us>> wrote:
The slowdown is a result of RBA processing. The more complicated the RBA rules, 
the more noticeable the slowdown. No RBA = no slowdown.

I think that article may have a typo in it.

Changing the compatibility level is easy to do, easy to test, and easily 
reversed.

J

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>]On
 Behalf Of Stuart Watret
Sent: Thursday, September 28, 2017 11:42 AM

To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: Re: [mssms] RE: Slow Console performance for some users

for me it doesn’t explain the fact some people are fine, ill open a call 
tomorrow.

On 28 Sep 2017, at 17:26, Daniel Ratliff 
<dratl...@humana.com<mailto:dratl...@humana.com>> wrote:

Its recommended to be set to 130 per the article yes, but that doesn’t mean you 
don’t have the issue.

Find a culprit query, and run the instructions they gave to see if you are 
impacted.

Daniel Ratliff

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Daniel Ratliff
Sent: Thursday, September 28, 2017 12:03 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: RE: [mssms] RE: Slow Console performance for some users

Heres the details. 
https://support.microsoft.com/en-us/help/3196320/sql-query-times-out-or-console-slow-on-certain-configuration-manager-d

Daniel Ratliff

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Kent, Mark
Sent: Thursday, September 28, 2017 11:38 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: RE: [mssms] RE: Slow Console performance for some users

We are running SQL2016 as well, the compatibility is set to 2016.  So you are 
recommending dropping this down to 2012?  Does this help address anything else? 
 Just curious, thank you!

Mark Kent
Manager, Client Systems Engineering
Technology Support Services
Resources for Information, Technology and Education (RITE)
http://rite.buffalostate.edu<http://rite.buffalostate.edu/>

From: listsad...@lists.myitforum.com<mailto:listsad...@

Re: [mssms] RE: Slow Console performance for some users

[Stuart Watret]

for me it doesn’t explain the fact some people are fine, ill open a call 
tomorrow.

On 28 Sep 2017, at 17:26, Daniel Ratliff 
<dratl...@humana.com<mailto:dratl...@humana.com>> wrote:

Its recommended to be set to 130 per the article yes, but that doesn’t mean you 
don’t have the issue.

Find a culprit query, and run the instructions they gave to see if you are 
impacted.

Daniel Ratliff

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Daniel Ratliff
Sent: Thursday, September 28, 2017 12:03 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: RE: [mssms] RE: Slow Console performance for some users

Heres the details. 
https://support.microsoft.com/en-us/help/3196320/sql-query-times-out-or-console-slow-on-certain-configuration-manager-d

Daniel Ratliff

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Kent, Mark
Sent: Thursday, September 28, 2017 11:38 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: RE: [mssms] RE: Slow Console performance for some users

We are running SQL2016 as well, the compatibility is set to 2016.  So you are 
recommending dropping this down to 2012?  Does this help address anything else? 
 Just curious, thank you!

Mark Kent
Manager, Client Systems Engineering
Technology Support Services
Resources for Information, Technology and Education (RITE)
http://rite.buffalostate.edu<http://rite.buffalostate.edu/>

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Jason Sandys
Sent: Thursday, September 28, 2017 10:41 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: RE: [mssms] RE: Slow Console performance for some users

Change the compatibility level for the ConfigMgr database in SQL Server to SQL 
Server 2012 (110). There is a known issue that stems from a change in SQL 
Server 2014 and 2016 that hasn’t been accounted for (yet to my knowledge) in 
ConfigMgr.

J

-Original Message-
From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Stuart Watret
Sent: Thursday, September 28, 2017 8:42 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: Re: [mssms] RE: Slow Console performance for some users

What I’m seeing in that log is sql execution delays, the same time his console 
is waiting.

I do the same thing, navigate to the same package it’s almost instant.

I click, I see a sql command and my console refreshes, he clicks, same command, 
no action.

I may raise it with MS.

I have the hot fix installed, so that doesn’t help.

It’s the working for some, not others bit thats got me puzzled.

S.



> On 28 Sep 2017, at 14:18, Brucker, Chris 
> <chris.bruc...@bankatfirst.com<mailto:chris.bruc...@bankatfirst.com>> wrote:
>
> We have been seeing similar issues since our upgrade to 1706 wave 1. I 
> haven't made time yet to upgrade to wave 2 and the hotfix to see if that 
> fixes it.
>
> Another theory I have wanted to test is how often are your hardware 
> inventories, application evaluations, software update scans, etc occurring? 
> I'm a bit of a spaz about that and have hardware inventories and software 
> update scans every 12 hours. Application evaluations every 4 hours and 
> Software inventories occur every 7 days.
>
> SQL has 4 cores and 24gb of ram, SCCM has 2 cores and 12gb ram. 2700 clients.
>
> Thanks,
> Chris Brucker
>
>> On Sep 28, 2017, at 9:06 AM, Daniel Ratliff 
>> <dratl...@humana.com<mailto:dratl...@humana.com>> wrote:
>>
>> CAUTION: The e-mail below is from an EXTERNAL source. Please do not open 
>> attachments or click links from an unknown or suspicious origin.
>>
>>
>>
>> Anything in smsprov.log?
>>
>> Daniel Ratliff
>>
>> -Original Message-
>> From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
>> [mailto:listsad...@lists.myitforum.com] On Behalf Of Stuart Watret
>> Sent: Thursday, September 28, 2017 5:31 AM
>> To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
>> Subject: [mssms] Slow Console performance for some users
>>
>> So, finished our migration to new server running 1706.
>>
>> OS 2016 / SQL 2016 Sp1 CU5 / Compatibility 130
>>
>> Its absolutely fine for me, I have three colleagues who are also full 
>> admins, one of them is fine, the other two have appalling console 
>> performance.
>>
>> We

Re: [mssms] RE: Slow Console performance for some users

[Stuart Watret]

doesn’t explain why some are good though; my reading of similar articles said 
130 was recommended.
https://support.microsoft.com/en-ph/help/3196320/sql-query-times-out-or-console-slow-on-certain-configuration-manager-d



On 28 Sep 2017, at 15:41, Jason Sandys 
<ja...@sandys.us<mailto:ja...@sandys.us>> wrote:

Change the compatibility level for the ConfigMgr database in SQL Server to SQL 
Server 2012 (110). There is a known issue that stems from a change in SQL 
Server 2014 and 2016 that hasn’t been accounted for (yet to my knowledge) in 
ConfigMgr.

J

-Original Message-
From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Stuart Watret
Sent: Thursday, September 28, 2017 8:42 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: Re: [mssms] RE: Slow Console performance for some users

What I’m seeing in that log is sql execution delays, the same time his console 
is waiting.

I do the same thing, navigate to the same package it’s almost instant.

I click, I see a sql command and my console refreshes, he clicks, same command, 
no action.

I may raise it with MS.

I have the hot fix installed, so that doesn’t help.

It’s the working for some, not others bit thats got me puzzled.

S.



> On 28 Sep 2017, at 14:18, Brucker, Chris 
> <chris.bruc...@bankatfirst.com<mailto:chris.bruc...@bankatfirst.com>> wrote:
>
> We have been seeing similar issues since our upgrade to 1706 wave 1. I 
> haven't made time yet to upgrade to wave 2 and the hotfix to see if that 
> fixes it.
>
> Another theory I have wanted to test is how often are your hardware 
> inventories, application evaluations, software update scans, etc occurring? 
> I'm a bit of a spaz about that and have hardware inventories and software 
> update scans every 12 hours. Application evaluations every 4 hours and 
> Software inventories occur every 7 days.
>
> SQL has 4 cores and 24gb of ram, SCCM has 2 cores and 12gb ram. 2700 clients.
>
> Thanks,
> Chris Brucker
>
>> On Sep 28, 2017, at 9:06 AM, Daniel Ratliff 
>> <dratl...@humana.com<mailto:dratl...@humana.com>> wrote:
>>
>> CAUTION: The e-mail below is from an EXTERNAL source. Please do not open 
>> attachments or click links from an unknown or suspicious origin.
>>
>>
>>
>> Anything in smsprov.log?
>>
>> Daniel Ratliff
>>
>> -Original Message-
>> From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
>> [mailto:listsad...@lists.myitforum.com] On Behalf Of Stuart Watret
>> Sent: Thursday, September 28, 2017 5:31 AM
>> To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
>> Subject: [mssms] Slow Console performance for some users
>>
>> So, finished our migration to new server running 1706.
>>
>> OS 2016 / SQL 2016 Sp1 CU5 / Compatibility 130
>>
>> Its absolutely fine for me, I have three colleagues who are also full 
>> admins, one of them is fine, the other two have appalling console 
>> performance.
>>
>> We have removed the console and reinstalled, we have had them run the 
>> console on the server, the results are the same.
>>
>> If they drill down to a package, then click the program tab, they have the 
>> donut of doom, for a long time before it enumerates.
>>
>> This is repeatable.
>>
>> Any thoughts?
>>
>> Stuart Watret
>>
>>
>>
>>
>>
>>
>>
>
> **
> The information contained in this message from First Financial Bancorp or its 
> affiliates and any attachments are confidential.  It is not intended for 
> transmission to, or receipt by, anyone other than the addressee(s), or a 
> person authorized to deliver it to the named addressee(s).  If you have 
> received this message in error, you are prohibited from copying, distributing 
> or using the information.  Please contact the sender immediately by return 
> email and delete the original message.
>
>
>
>

Re: [mssms] Slow Console performance for some users

[Stuart Watret]

Just had my colleague open the console with my reds, no issue.

Shut down, opened as him, back to the donut.

This is the section that hangs on Execute….

[cid:image001.png@01D3386D.3F1B70B0]


On 28 Sep 2017, at 14:42, Stuart Watret 
<stu...@offshore-it.co.uk<mailto:stu...@offshore-it.co.uk>> wrote:

What I’m seeing in that log is sql execution delays, the same time his console 
is waiting.

I do the same thing, navigate to the same package it’s almost instant.

I click, I see a sql command and my console refreshes, he clicks, same command, 
no action.

I may raise it with MS.

I have the hot fix installed, so that doesn’t help.

It’s the working for some, not others bit thats got me puzzled.

S.



On 28 Sep 2017, at 14:18, Brucker, Chris 
<chris.bruc...@bankatfirst.com<mailto:chris.bruc...@bankatfirst.com>> wrote:

We have been seeing similar issues since our upgrade to 1706 wave 1. I haven't 
made time yet to upgrade to wave 2 and the hotfix to see if that fixes it.

Another theory I have wanted to test is how often are your hardware 
inventories, application evaluations, software update scans, etc occurring? I'm 
a bit of a spaz about that and have hardware inventories and software update 
scans every 12 hours. Application evaluations every 4 hours and Software 
inventories occur every 7 days.

SQL has 4 cores and 24gb of ram, SCCM has 2 cores and 12gb ram. 2700 clients.

Thanks,
Chris Brucker

On Sep 28, 2017, at 9:06 AM, Daniel Ratliff 
<dratl...@humana.com<mailto:dratl...@humana.com>> wrote:

CAUTION: The e-mail below is from an EXTERNAL source. Please do not open 
attachments or click links from an unknown or suspicious origin.



Anything in smsprov.log?

Daniel Ratliff

-Original Message-
From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Stuart Watret
Sent: Thursday, September 28, 2017 5:31 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] Slow Console performance for some users

So, finished our migration to new server running 1706.

OS 2016 / SQL 2016 Sp1 CU5 / Compatibility 130

Its absolutely fine for me, I have three colleagues who are also full admins, 
one of them is fine, the other two have appalling console performance.

We have removed the console and reinstalled, we have had them run the console 
on the server, the results are the same.

If they drill down to a package, then click the program tab, they have the 
donut of doom, for a long time before it enumerates.

This is repeatable.

Any thoughts?

Stuart Watret








**
The information contained in this message from First Financial Bancorp or its 
affiliates and any attachments are confidential.  It is not intended for 
transmission to, or receipt by, anyone other than the addressee(s), or a person 
authorized to deliver it to the named addressee(s).  If you have received this 
message in error, you are prohibited from copying, distributing or using the 
information.  Please contact the sender immediately by return email and delete 
the original message.

Re: [mssms] RE: Slow Console performance for some users

[Stuart Watret]

What I’m seeing in that log is sql execution delays, the same time his console 
is waiting.

I do the same thing, navigate to the same package it’s almost instant.

I click, I see a sql command and my console refreshes, he clicks, same command, 
no action.

I may raise it with MS.

I have the hot fix installed, so that doesn’t help.

It’s the working for some, not others bit thats got me puzzled.

S.



> On 28 Sep 2017, at 14:18, Brucker, Chris <chris.bruc...@bankatfirst.com> 
> wrote:
> 
> We have been seeing similar issues since our upgrade to 1706 wave 1. I 
> haven't made time yet to upgrade to wave 2 and the hotfix to see if that 
> fixes it.
> 
> Another theory I have wanted to test is how often are your hardware 
> inventories, application evaluations, software update scans, etc occurring? 
> I'm a bit of a spaz about that and have hardware inventories and software 
> update scans every 12 hours. Application evaluations every 4 hours and 
> Software inventories occur every 7 days.
> 
> SQL has 4 cores and 24gb of ram, SCCM has 2 cores and 12gb ram. 2700 clients.
> 
> Thanks,
> Chris Brucker
> 
>> On Sep 28, 2017, at 9:06 AM, Daniel Ratliff <dratl...@humana.com> wrote:
>> 
>> CAUTION: The e-mail below is from an EXTERNAL source. Please do not open 
>> attachments or click links from an unknown or suspicious origin.
>> 
>> 
>> 
>> Anything in smsprov.log?
>> 
>> Daniel Ratliff
>> 
>> -Original Message-
>> From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] 
>> On Behalf Of Stuart Watret
>> Sent: Thursday, September 28, 2017 5:31 AM
>> To: mssms@lists.myitforum.com
>> Subject: [mssms] Slow Console performance for some users
>> 
>> So, finished our migration to new server running 1706.
>> 
>> OS 2016 / SQL 2016 Sp1 CU5 / Compatibility 130
>> 
>> Its absolutely fine for me, I have three colleagues who are also full 
>> admins, one of them is fine, the other two have appalling console 
>> performance.
>> 
>> We have removed the console and reinstalled, we have had them run the 
>> console on the server, the results are the same.
>> 
>> If they drill down to a package, then click the program tab, they have the 
>> donut of doom, for a long time before it enumerates.
>> 
>> This is repeatable.
>> 
>> Any thoughts?
>> 
>> Stuart Watret
>> 
>> 
>> 
>> 
>> 
>> 
>> 
> 
> **
> The information contained in this message from First Financial Bancorp or its 
> affiliates and any attachments are confidential.  It is not intended for 
> transmission to, or receipt by, anyone other than the addressee(s), or a 
> person authorized to deliver it to the named addressee(s).  If you have 
> received this message in error, you are prohibited from copying, distributing 
> or using the information.  Please contact the sender immediately by return 
> email and delete the original message.
> 
> 
> 
> 

[mssms] Slow Console performance for some users

[Stuart Watret]

So, finished our migration to new server running 1706.

OS 2016 / SQL 2016 Sp1 CU5 / Compatibility 130

Its absolutely fine for me, I have three colleagues who are also full admins, 
one of them is fine, the other two have appalling console performance.

We have removed the console and reinstalled, we have had them run the console 
on the server, the results are the same.

If they drill down to a package, then click the program tab, they have the 
donut of doom, for a long time before it enumerates.

This is repeatable.

Any thoughts?

Stuart Watret

Re: [mssms] client upgrade reboots

[Stuart Watret]

I’ll run with that Joseph, thanks.

Stuart Watret

On 14 Sep 2017, at 14:33, Heaton, Joseph@Wildlife 
<joseph.hea...@wildlife.ca.gov<mailto:joseph.hea...@wildlife.ca.gov>> wrote:

Only thing I've seen recently is that upgrading from 1702 to 1702 hotfix 
cleared out the ccmcache, and caused machines to re-download, and reapply 
packages from ages ago.  Pain in the behind.

-Original Message-
From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Daniel Ratliff
Sent: Wednesday, September 13, 2017 8:12 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] RE: client upgrade reboots

We did, and it was always .NET.

Daniel Ratliff

-Original Message-
From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Stuart Watret
Sent: Wednesday, September 13, 2017 6:23 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] client upgrade reboots

Upgraded some clients from 1610 to 1706, a few have rebooted - its not a .Net 
install, and I’m struggling to find the reason why.

Anyone else seen a similar thing?

Stuart

The information transmitted is intended only for the person or entity to which 
it is addressed and may contain CONFIDENTIAL material.  If you receive this 
material/information in error, please contact the sender and delete or destroy 
the material/information.

Humana Inc. and its subsidiaries comply with applicable Federal civil rights 
laws and do not discriminate on the basis of race, color, national origin, age, 
disability or sex. Humana Inc. and its subsidiaries do not exclude people or 
treat them differently because of race, color, national origin, age, disability 
or sex.

English: ATTENTION: If you do not speak English, language assistance services, 
free of charge, are available to you. Call 1‐877‐320‐1235 (TTY: 711).

Español (Spanish): ATENCIÓN: Si habla español, tiene a su disposición servicios 
gratuitos de asistencia lingüística. Llame al 1‐877‐320‐1235 (TTY: 711).

繁體中文(Chinese)：注意：如果您使用繁體中文，您可以免費獲得語言援助
服務。請致電 1‐877‐320‐1235 (TTY: 711)。

Kreyòl Ayisyen (Haitian Creole): ATANSION: Si w pale Kreyòl Ayisyen, gen sèvis 
èd pou lang ki disponib gratis pou ou. Rele 1‐877‐320‐1235 (TTY: 711).

Polski (Polish): UWAGA: Jeżeli mówisz po polsku, możesz skorzystać z bezpłatnej 
pomocy językowej. Zadzwoń pod numer 1‐877‐320‐1235 (TTY: 711).

한국어 (Korean): 주의: 한국어를 사용하시는 경우, 언어 지원 서비스를 무료로 이용하실 수 있습니다. 1‐877‐320‐1235 
(TTY: 711)번으로 전화해 주십시오.

[mssms] client upgrade reboots

[Stuart Watret]

Upgraded some clients from 1610 to 1706, a few have rebooted - its not a .Net 
install, and I’m struggling to find the reason why.

Anyone else seen a similar thing?

Stuart

[mssms] boot files / pxe /adk version

[Stuart Watret]

Hit an interesting issue, I’ve worked round it - but want a better 
understanding of it.

CM box running 1610
Had an issue with drivers in the boot image, so updated idk and imported NIC 
drivers back into it.

Assigned the new boot image to a few Task Sequences - got wind of an pxe issue 
when techs wanted a F12 build.
So, pxe traffic was reaching the server, everything was in place, but (no 
advert found) message was in the logs.

Checked and re-checked everything, nothing stupid was found; boot image was on 
three DP’s.

At this point I switched the TS back to the older Boot image and everything 
worked.

Below is a screen shot of the Boot Images available and their versions.
I’ve no idea if you can have more than two? Or even how I ended up with 3 - but 
there we go.

What I have noticed is that resorting the WDS service only sees two images 
referenced, CMP3 / CMP4, no mention of the new x86 file (the one that 
didn’t work); on that note I assigned the x64 image to the Task Sequence and 
got the same issue.

I’m migrating to a new 1706 server next week (can’t test pxe on it yet) - so 
its not a biggy, but I’d like to try and understand what is happening.

Thanks

Stuart

[cid:8778B4C5-6798-43FB-9F04-4DB5D825F6A6@fritz.box]

Re: [mssms] Computer management for different vendors

[Stuart Watret]

Currently sick of HP, but not sure if other vendors are any better.
Escalation here in the UK is hit and miss.

Mainly driver issues, HP will say it supports this OS, drivers from HP don’t 
support that OS, so you run around getting vendor drivers.
And I’m sure this isn’t just HP, but I’m really tired of drivers that need 
installing later in a TS, I mean c’mon……

There you go.

Stuart Watret

On 31 Aug 2017, at 20:44, 
ben.sm...@everestre.com<mailto:ben.sm...@everestre.com> wrote:

My company is looking at possibly changing computer vendors so I am just wonder 
what peoples experiences have been when managing computers with SCCM from 
different vendors, Dell/HP/Lenovo.  Have you had any pain points with any of 
the OEMs?  Any experiences that were particularly good or bad with the support 
staff, management tools, drivers, endpoint software, etc…?

Right now we are using SCCM CB 1702 with MDT integration.

Thanks in advance,

Ben



This e-mail is intended only for the person or entity to whom it is addressed 
and may contain information that is privileged, confidential, or otherwise 
protected from disclosure. If you are not the intended recipient, or an 
employee or agent responsible for delivering this message to the intended 
recipient, you are notified that any disclosure, copying, distribution, or the 
taking of any action in reliance on the contents of this message is prohibited. 
If you have received this e-mail in error, please contact the sender 
immediately and delete the original message and all copies from your system. 
Statements and representations made in this message are not necessarily that of 
the Company.

Re: [mssms] Updating BIOS during imaging.

[Stuart Watret]

Doing in winpe with HP - works ok.


On 22 Aug 2017, at 00:05, Art Flores 
> wrote:

We run this script during our task sequence, it has been working fine for us, 
maybe someone could update the script to run in PoSH.

http://www.dell.com/support/article/us/en/19/sln285178/using-visual-basic-script-to-run-uninterrupted-bios-updates-in-sccm?lang=en

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Wolf, Daniel
Sent: Monday, August 21, 2017 4:34 PM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Updating BIOS during imaging.

We script the installation of Dell Command Update and run dcu-cli.exe in a task 
sequence inside the operating system. Been doing it for years, very happy with 
results.


From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Ortega, Clint
Sent: Monday, August 21, 2017 4:05 PM
To: mssms@lists.myitforum.com
Subject: [mssms] Updating BIOS during imaging.

Hello all,
I’m trying to figure out how to upgrade my BIOS during imaging.  Information 
online does suggest that it can be done from a task sequence, however I don’t 
know if this requires it to be from within the Operating System, or if I can do 
it from a PXE Boot.  I’m trying to accomplish this from a PXE Boot, without 
much success.  Has anyone tried this successfully?




Thanks,
Clint Ortega
Client Device Engineer I
CHRISTUS Health
Information Management
469-282-0295
clint.ort...@christushealth.org

Nothing makes an Engineer more productive, than the “Last Minute”


CONFIDENTIALITY NOTICE:  Confidential information, such as identifiable patient 
health information or business information, is subject to protection under 
state and federal law.  If you are not the intended recipient of this message, 
you may not disclose, print, copy or disseminate this information.  If you have 
received this in error, please reply and notify the sender (only) and delete 
the message.  Unauthorized interception of this e-mail is a violation of 
federal criminal law.

Re: [mssms] Migration Question / Software Centre Branding

[Stuart Watret]

I think my observation is right.
There is nothing in res to say it picked up the customisation colour, it lists 
the app cat site and that is the correct custom colour - sc centre remains the 
default colour from the original install however.

Hey ho, now we know, no metrosexual pink without a client reinstall :)

On 3 Aug 2017, at 18:17, Adam Juelich 
<acjuel...@gmail.com<mailto:acjuel...@gmail.com>> wrote:

Yes, it should ;-)

Does Resultant Client Settings show that the setting applies correctly?

On Thu, Aug 3, 2017 at 10:31 AM, Stuart Watret 
<stu...@offshore-it.co.uk<mailto:stu...@offshore-it.co.uk>> wrote:
1610 to 1702.

yes the clients are updated, it’s like sc doesn’t pickup colour changes post 
install - no biggy, just checking if it should.

Stuart Watret

On 3 Aug 2017, at 15:21, Adam Juelich 
<acjuel...@gmail.com<mailto:acjuel...@gmail.com>> wrote:

What version of ConfigMgr?  The clients are updated?

On Thu, Aug 3, 2017 at 5:12 AM, Stuart Watret 
<stu...@offshore-it.co.uk<mailto:stu...@offshore-it.co.uk>> wrote:
Morning,

Moving CM to our new 2016 host.
Was going to change the Software Centre colour (Via Application Catalog 
customisation)

What I’m noticing is that unless you reinstall the client as part of the 
migration the old Software Centre colour is retained.
i.e if you just swap the site code, (my original plan) everything works, but no 
colour change in SC.

I appreciate this isn’t the most important thing in the world, I’m just 
checking my observations are correct and normal.

Ta

Stuart Watret

Re: [mssms] Migration Question / Software Centre Branding

[Stuart Watret]

1610 to 1702.

yes the clients are updated, it’s like sc doesn’t pickup colour changes post 
install - no biggy, just checking if it should.

Stuart Watret

On 3 Aug 2017, at 15:21, Adam Juelich 
<acjuel...@gmail.com<mailto:acjuel...@gmail.com>> wrote:

What version of ConfigMgr?  The clients are updated?

On Thu, Aug 3, 2017 at 5:12 AM, Stuart Watret 
<stu...@offshore-it.co.uk<mailto:stu...@offshore-it.co.uk>> wrote:
Morning,

Moving CM to our new 2016 host.
Was going to change the Software Centre colour (Via Application Catalog 
customisation)

What I’m noticing is that unless you reinstall the client as part of the 
migration the old Software Centre colour is retained.
i.e if you just swap the site code, (my original plan) everything works, but no 
colour change in SC.

I appreciate this isn’t the most important thing in the world, I’m just 
checking my observations are correct and normal.

Ta

Stuart Watret

[mssms] Migration Question / Software Centre Branding

[Stuart Watret]

Morning,

Moving CM to our new 2016 host.
Was going to change the Software Centre colour (Via Application Catalog 
customisation)

What I’m noticing is that unless you reinstall the client as part of the 
migration the old Software Centre colour is retained.
i.e if you just swap the site code, (my original plan) everything works, but no 
colour change in SC.

I appreciate this isn’t the most important thing in the world, I’m just 
checking my observations are correct and normal.

Ta

Stuart Watret

[mssms] scep definitions failing since yesterday

[Stuart Watret]

Anyone else seeing this, I just got an alert that the threshold was crossed on 
my "definitions older than three days" collection.

Ours are from WSUS, a quick check sees things go south yesterday with 
1.245.1173.0, the latest (today) is 1.247.25.0 has the highest reported failure 
rate.

The error is "failed to install" 80070643.

I'm still digging.

Stuart Watret

Re: [mssms] Anyone familar with this Health Script?

[Stuart Watret]

Anders, I’m correct that the only logging of results is via sql yes?

Thanks
Stuart


On 15 Jun 2017, at 06:13, Anders Rødland 
> wrote:

Hi, I’m the author of this client health script, and I’m always happy to answer 
questions about it.

I created it after we took in a new customer who had horrible patch compliance, 
less than 50% of their computers received patches. So we did an extensive 
investigation and came up with several root causes, and I implemented all of 
them into this script. The client health script checks if the computer is 
affected by any of those issues, and attempts to fix them if detected.

Running this script on another customer significantly increased their patch 
compliance as well, so I thought this was worth sharing with the community. And 
that helped us back, because the community contributed with more fixes that I 
didn’t know about.

To answer the questions asked:
Logging to SQL database is optional and not required. You enable or disable it 
in config.xml as Damien explained.

When it comes to the difference from this and Jason Sandy’s startup script, I 
may not be the right person to answer as I’m the author of one of them. But the 
way I see it, they are two different scripts trying to solve two different 
problems. His script focus on ensuring the health of the ConfigMgr agent, while 
mine focus on ensuring the health of the computer to ensure it can be patched. 
The health of the ConfigMgr agent obviously falls under this scope so you will 
find several of the same agent checks in both scripts.

Now I have a lot of respect for Jason, and his script is brilliant and have 
been around a lot longer than mine. You really need to think through what your 
goal is before you consider replacing his script.


Anders Rødland

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Steve Whitcher
Sent: Wednesday, June 14, 2017 7:02 PM
To: mssms@lists.myitforum.com
Subject: Re: [mssms] RE: Anyone familar with this Health Script?

I've seen a lot of chatter about it, but haven't tried it yet.  I'm wondering 
how it compares to Jason Sandys Configmgr startup script.  It looks like it 
does quite a bit more, but is it a full replacement?

On Wed, Jun 14, 2017 at 11:26 AM, Damien Solodow 
> wrote:
We just started playing with it after hearing good things about it. ☺
My thought is that if in the config.xml you find the line with Log Name=”SQL” 
and set Enable=”False” it shouldn’t try looking for a db.

DAMIEN SOLODOW
IT Engineering Lead
317.447.6033 (office)
HARRISON COLLEGE

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] 
On Behalf Of Burke, John
Sent: Wednesday, June 14, 2017 12:08 PM
To: mssms@lists.myitforum.com
Subject: [mssms] Anyone familar with this Health Script?

Hi



https://www.andersrodland.com/configmgr-client-health/


I’ve been semi running it without the SQL changes.  It seems to work pretty 
good but our team doesn’t want create a SQL DB and so on.  I’m wondering if 
it’s safe to run if that part of it isn’t run.

Re: [mssms] RE: Windows 7 x86 failing to join domain

[Stuart Watret]

+ 1 on that, also had it where the easiest fix was a new ts.


On 12 Jun 2017, at 17:09, Thelen, Chris 
> wrote:

I seen this a few years ago.  It was due to specifying a specific OU in the 
apply network settings/domain join step.  I took out the OU and we’ve never had 
another problem with it.

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Ortega, Clint
Sent: Monday, June 12, 2017 12:00 PM
To: mssms@lists.myitforum.com
Subject: [mssms] Windows 7 x86 failing to join domain

Good morning all,

I’m seeing an odd error in our environment.  I have Dell 7040 devices that I’m 
imaging to Windows 7 xx86.  However, it’s failing to join the domain.  It fails 
out after the Setup Configmgr client step and loads the Ctrl Alt Delete screen. 
 When I log in with local admin credentials, all drivers are in place, and I 
can remote into it from other computers on the domain.  No other models are 
experiencing issues on this x86 task sequence.  The SMSTS log is not showing 
any errors regarding, “network adapter.”  We are using BIOS in this particular 
model.  Has anyone seen or resolved this before?

CONFIDENTIALITY NOTICE:  Confidential information, such as identifiable patient 
health information or business information, is subject to protection under 
state and federal law.  If you are not the intended recipient of this message, 
you may not disclose, print, copy or disseminate this information.  If you have 
received this in error, please reply and notify the sender (only) and delete 
the message.  Unauthorized interception of this e-mail is a violation of 
federal criminal law.

Re: [mssms] Static DPs

[Stuart Watret]

host entry should work, like any workgroup pc in sccm.

S.

On 16 May 2017, at 23:29, Richard Poole 
> wrote:

That’s where it gets more fuzzy. These are workgroup PCs, so using AD to 
specify the secondary site is a no-go.

Thank you,
Richard Poole

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Eric Groff
Sent: Tuesday, May 16, 2017 10:55 AM
To: mssms@lists.myitforum.com
Subject: Re: [mssms] Static DPs

If that are in separate domains then AD should tell them where to go.

On May 16, 2017 10:52 AM, Richard Poole 
> wrote:

Hey everyone,



I’ve got a situation where a couple of companies have merged together and have 
overlapping IP subnets and workgroup systems so a secondary site isn’t really 
working. They don’t plan to change their networks for a while but still want a 
single hierarchy instead of setting up multiple sites. Setting up boundaries 
for the second company is going to cause confusion on both sides so I’m hoping 
there’s a simple solution, that I just can’t find with my Google-Fu, to 
statically set the MP and DP for systems? Or would this just be as easy as 
adding entries into the LMHOST?



Thanks in advance,

Richard Poole



NOTICE: This message contains confidential information and is intended only for 
the individual named. If you are not the named addressee, you should not 
disseminate, distribute or copy this email. Please notify the sender 
immediately by email if you have received this email by mistake and delete this 
email from your system. Email transmission cannot be guaranteed to be secure or 
error-free, as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses. The sender, therefore, does not 
accept liability for any errors or omissions in the contents of this message. 
This email neither constitutes an agreement to conduct transactions by 
electronic means nor creates any legally binding contract or enforceable 
obligation in the absence of a fully signed written contract.

Re: [mssms] new server / easy setup payload

[Stuart Watret]

either way its bust; opened a call with MS, it’s downloading the same files 
over and over, the release notes mention the problem and a solution, but no 
dice.

how something so easy can be made so complicated I’ll never know.

Stuart

On 13 Apr 2017, at 12:10, Niall Brady 
<any...@gmail.com<mailto:any...@gmail.com>> wrote:

you didn't explicitly state the sms_executive component, and yes, i did read 
the post. Restarting it shouldn't force you to wait 24 hours, it should check 
immediately once restarted.

On Thu, Apr 13, 2017 at 11:12 AM, Stuart Watret 
<stu...@offshore-it.co.uk<mailto:stu...@offshore-it.co.uk>> wrote:
did you read the post?

done that to death, its the only way to get anything done, but the timeout is 
24hrs.

On 12 Apr 2017, at 17:53, Niall Brady 
<any...@gmail.com<mailto:any...@gmail.com>> wrote:

restart the sms_executive component in Configuration Manager Service Manager in 
Monitoring

On Wed, Apr 12, 2017 at 5:30 PM, Stuart Watret 
<stu...@offshore-it.co.uk<mailto:stu...@offshore-it.co.uk>> wrote:
Building a new server to migrate our CM site to.

Built from 1606 media, 1606 hot fix arrived via servicing, 1610 sat downloading 
for days.

Didn’t mind was migrating lots of jobs and doing other things.

Looked back to find 1702 also downloading, finally the one I want, so restarted 
the service and left it, still downloading.

Spent a bit more time on it today, if I restart the service I do get some 
action and files are downloaded and extracted; but it pauses, probably by 
design, all I see in the log at that point is lines and lines of “Intune blah 
blah”

 The exact wording has gone as the log has recycled, but it sat there all day 
today doing that, only when I cycled the service did it actually start 
downloading again.

So, am I alone?

Is it contention?  If so can you all stop downloading so I can get on with it?

Stuart

p.s. just realised the cycle time is 24hrs

Re: [mssms] new server / easy setup payload

[Stuart Watret]

did you read the post?

done that to death, its the only way to get anything done, but the timeout is 
24hrs.

On 12 Apr 2017, at 17:53, Niall Brady 
<any...@gmail.com<mailto:any...@gmail.com>> wrote:

restart the sms_executive component in Configuration Manager Service Manager in 
Monitoring

On Wed, Apr 12, 2017 at 5:30 PM, Stuart Watret 
<stu...@offshore-it.co.uk<mailto:stu...@offshore-it.co.uk>> wrote:
Building a new server to migrate our CM site to.

Built from 1606 media, 1606 hot fix arrived via servicing, 1610 sat downloading 
for days.

Didn’t mind was migrating lots of jobs and doing other things.

Looked back to find 1702 also downloading, finally the one I want, so restarted 
the service and left it, still downloading.

Spent a bit more time on it today, if I restart the service I do get some 
action and files are downloaded and extracted; but it pauses, probably by 
design, all I see in the log at that point is lines and lines of “Intune blah 
blah”

 The exact wording has gone as the log has recycled, but it sat there all day 
today doing that, only when I cycled the service did it actually start 
downloading again.

So, am I alone?

Is it contention?  If so can you all stop downloading so I can get on with it?

Stuart

p.s. just realised the cycle time is 24hrs

[mssms] new server / easy setup payload

[Stuart Watret]

Building a new server to migrate our CM site to.

Built from 1606 media, 1606 hot fix arrived via servicing, 1610 sat downloading 
for days.

Didn’t mind was migrating lots of jobs and doing other things.

Looked back to find 1702 also downloading, finally the one I want, so restarted 
the service and left it, still downloading.

Spent a bit more time on it today, if I restart the service I do get some 
action and files are downloaded and extracted; but it pauses, probably by 
design, all I see in the log at that point is lines and lines of “Intune blah 
blah”

 The exact wording has gone as the log has recycled, but it sat there all day 
today doing that, only when I cycled the service did it actually start 
downloading again.

So, am I alone?

Is it contention?  If so can you all stop downloading so I can get on with it?

Stuart

p.s. just realised the cycle time is 24hrs

Re: [mssms] 2012 to 2016 upgrade with step issues

[Stuart Watret]

STEP is what happens if you don’t check scep on Mac’s auto correct :)

Its preforming normally, sccm client arrives sees defender and adopts it.

However we were getting he scep install landing back and making a mess.

Anyway, wiped and rebuilt - woo yea, solution provider!

On 24 Mar 2017, at 16:46, Adam Juelich 
<acjuel...@gmail.com<mailto:acjuel...@gmail.com>> wrote:

What is STEP?

Is your SCEP Client Policy set to install to those Windows Defender machines, 
or did you deploy 'SCEP_Install.exe' to them separately?

They still need the 'Install' to be managed.  I found this out a month ago as 
well.

On Fri, Mar 24, 2017 at 10:40 AM, Stuart Watret 
<stu...@offshore-it.co.uk<mailto:stu...@offshore-it.co.uk>> wrote:
Someone on site did an in place upgrade of server 2012 r2 to 2016 server.

Now defender and step are in a twist.

I removed sccm, step and reinstalled sccm, this got defender back to being 
managed.

He just came back to me to say step is back, sure enough defender is back to 
unmanaged.

Anyone seen this, have any thoughts?

Thanks

Stuart

[mssms] 2012 to 2016 upgrade with step issues

[Stuart Watret]

Someone on site did an in place upgrade of server 2012 r2 to 2016 server.

Now defender and step are in a twist.

I removed sccm, step and reinstalled sccm, this got defender back to being 
managed.

He just came back to me to say step is back, sure enough defender is back to 
unmanaged.

Anyone seen this, have any thoughts?

Thanks

Stuart

Re: [mssms] Adding Customized Branding /Tattoo to Image

[Stuart Watret]

Jason would missing the ID part make it fail?

I just tried with just -wmi and -registry as the parameters and it just hung, I 
checked the reg after and no sign of anything.

I gave up trying to run it in ps ise as i couldn’t work out how to pass a 
parameter and life is too short :)

Ta

Stuart

On 13 Mar 2017, at 14:03, Kevin Ray 
> wrote:

Thanks Jason,

I have tested with default class names to check. Below are the things 
identified. I'm wonder can i fix below things...But most of the things I got it 
what i'm looking for 


In Registry ITLOCAL key is not created.. but i can able to see "OSD_Info" and 
inside parameters of Tasksequence anything wrong my side ?

Also In Registry I would like to add some version of the Build like 10.1 inside 
of "OSD_info" Build version field (as of now its showing blank)

Next time if i change the build I will change the script and it should capture 
the build like 10.2.. I'm trying to keep some buildversions to 
differentiate .. so in future it might be useful for me.




ITLocal not showing in Regedit




But in WMI I can able to see the  ITLocal Class. inside the class i checked the 
task sequence parameters










On Sat, Mar 11, 2017 at 2:02 PM, Jason Sandys 
> wrote:
The examples are (kind of) listed in the comments at the top of the script. You 
specify either -Registry or -WMI (or both) depending upon where you want info 
written (WMI is preferred because it is trivial to configure ConfigMgr to pick 
it). You also should specify an identifier using the -ID parameter. I usually 
use Build or Deploy or something similar to describe the type of TS; the actual 
TS name and image used (among other things) is saved automatically so no need 
to specify this with the ID.

J


From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] 
On Behalf Of Kevin Ray
Sent: Saturday, March 11, 2017 9:58 AM
To: mssms >
Subject: Re: [mssms] Adding Customized Branding /Tattoo to Image

Hi Jason,

I gone through your script. .In Task sequence after SCCM client Package added 
as Powershell Command line script..testing in LAB with default class names.. 
but getting stuck at deployment.. Do i need to pass any parameters with script 
any example please...



On Wed, Mar 8, 2017 at 3:13 PM, Jason Sandys 
> wrote:
This will do it for you: 
http://home.configmgrftw.com/configmgr-osd-information-script/.

J

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] 
On Behalf Of Marable, Mike
Sent: Wednesday, March 8, 2017 1:34 PM
To: mssms >
Subject: RE: [mssms] Adding Customized Branding /Tattoo to Image

Okay, that’s easy to do.

First, of course you need to decide what specific information you want to store 
in the Registry and where you want to store it.  I would store it under 
HKLM\System so you don’t have to deal with Registry redirection between 32bit 
and 64bit builds.

Second, once you know what you want to track you can start to look at how you 
can collect that data.  For example, if you want the name of the build task 
sequence you can look to the task sequence variables “_SMSTSPackageName” and 
the sequence ID “_SMSTSPackageID”.  SCCM already collects that and does the 
work for you.  Other things you will need to collect yourself with a script, 
such as the start date/time and finish date/time, username of the tech 
building, and assign them to your own task sequence variables.

Finally, at the end of the build you would write the task sequence variables to 
the Registry and you’re done.

That is how we do it.

Mike




From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Kevin Ray
Sent: Wednesday, March 8, 2017 2:11 PM
To: mssms >
Subject: Re: [mssms] Adding Customized Branding /Tattoo to Image

Yes Mike

On Wed, Mar 8, 2017 at 1:56 PM, Marable, Mike 
> wrote:
Hi Kevin,

Are you looking to write keys into the Registry to track things like when the 
machine was built, the task sequence name and ID?

Something like this:





From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] 
On Behalf Of Kevin Ray
Sent: Wednesday, March 8, 2017 1:25 PM
To: mssms >
Subject: Re: [mssms] Adding Customized Branding /Tattoo to Image

any help

On Tue, Mar 7, 2017 at 11:08 AM, Kevin 

Re: [mssms] *.bin files not being copied to ccmcache

[Stuart Watret]

New morning, new app, two bin files included for good measure.

Deployed and ran, both bin files in the cache, job failed anyway, the bin files 
are not compatible between different bios update exe’s (who knew).
Made a new compatible bin file copied it into the ccmcache ran the command 
manually with out the silent switch and it worked (well it would have if 
bitllocker was suspended - no worries) BUT, now there are no BIN files in the 
cache, bear in mind I’ve just run manual command trying all of them, so what, 
running it deletes the bin, and this was the behaviour I was seeing all along?

Yes it was !

A snoop round google for hpqflash.exe and its treatment of bin files didn’t 
provide a definitive answer, but that is the observed behaviour it seems.

Thanks all

On 28 Feb 2017, at 23:58, Stuart Watret 
<stu...@offshore-it.co.uk<mailto:stu...@offshore-it.co.uk>> wrote:

This sender failed our fraud detection checks and may not be who they 
appear to be. Learn about spoofing<http://aka.ms/LearnAboutSpoofing>  
Feedback<http://aka.ms/SafetyTipsFeedback>
I checked out the request filtering as suggested and found the following, I've 
removed the bin line for now and will test in the am with new packages/apps.

Also had a chance to test on a separate setup, similar behaviour, bin file 
stripped out, it appeared again once we did an 'update content'



-Original Message-
From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Stuart Watret
Sent: 28 February 2017 23:07
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] RE: *.bin files not being copied to ccmcache

Thissenderfailedourfrauddetectionchecksandmaynotbewhotheyappeartobe.Learnabouthttp://aka.ms/LearnAboutSpoofing;>spoofing

I'll check those out, bit more info from testing this afternoon..

Did a bit more on it this afternoon but it's very strange. I'm sending hp bios 
updates out. If I run these as packages with unc command lines to network 
locations as programs everything is fine. I wanted to use the app model instead 
and supply a nice icon etc.

However the files that go to the dp and eventually the ccmcache are missing the 
bin file which is hp's file for storing the bios password.

I thought maybe the file was corrupt so deleted everything, dropped a second 
bin file in the source then re- created the App. This time the original bin 
file was present but the new one was not!!!

Pretty strange eh?

I've deleted everything and will leave it overnight before trying again. I'd 
have to conclude it's not bin files exactly but some other content syncing 
weirdness.

Stuart
Sent from a dog and bone.

-Original Message-
From: 
listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>[mailto:listsad...@lists.myitforum.com]
 On Behalf Of Schultz, Michael A
Sent: 28 February 2017 17:38
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: [mssms] RE: *.bin files not being copied to ccmcache

IIS is most likely blocking the file extension

https://sccm2oo7.blogspot.com/2015/04/how-to-configure-request-filtering-for.html


Michael Schultz
Client Systems Engineering, SCCM Engineer Information Systems Providence Health 
& Services michael.schu...@providence.org<mailto:michael.schu...@providence.org>


-Original Message-
From: 
listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>[mailto:listsad...@lists.myitforum.com]
 On Behalf Of Stuart Watret
Sent: Tuesday, February 28, 2017 5:45 AM
To: <mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>> 
<mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>>
Subject: [mssms] *.bin files not being copied to ccmcache

is this a thing?

I have an app in sccm 1607 / it has a *.bin file as part of the content, when 
clients download to the ccmcache, it isn’t part of the download.

Install fails…….

Never come across it before, anyone else?

Ta

Stuart



This message is intended for the sole use of the addressee, and may contain 
information that is privileged, confidential and exempt from disclosure under 
applicable law. If you are not the addressee you are hereby notified that you 
may not use, copy, disclose, or distribute to anyone the message or any 
information contained in the message. If you have received this message in 
error, please immediately advise the sender by reply email and delete this 
message.

[mssms] RE: *.bin files not being copied to ccmcache

[Stuart Watret]

I checked out the request filtering as suggested and found the following, I've 
removed the bin line for now and will test in the am with new packages/apps.



Also had a chance to test on a separate setup, similar behaviour, bin file 
stripped out, it appeared again once we did an 'update content'



[cid:image001.png@01D2921E.A3DA90D0]



-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Stuart Watret
Sent: 28 February 2017 23:07
To: mssms@lists.myitforum.com
Subject: [mssms] RE: *.bin files not being copied to ccmcache



Thissenderfailedourfrauddetectionchecksandmaynotbewhotheyappeartobe.Learnabouthttp://aka.ms/LearnAboutSpoofing;>spoofing



I'll check those out, bit more info from testing this afternoon..



Did a bit more on it this afternoon but it's very strange. I'm sending hp bios 
updates out. If I run these as packages with unc command lines to network 
locations as programs everything is fine. I wanted to use the app model instead 
and supply a nice icon etc.



However the files that go to the dp and eventually the ccmcache are missing the 
bin file which is hp's file for storing the bios password.



I thought maybe the file was corrupt so deleted everything, dropped a second 
bin file in the source then re- created the App. This time the original bin 
file was present but the new one was not!!!



Pretty strange eh?



I've deleted everything and will leave it overnight before trying again. I'd 
have to conclude it's not bin files exactly but some other content syncing 
weirdness.



Stuart

Sent from a dog and bone.



-Original Message-

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Schultz, Michael A

Sent: 28 February 2017 17:38

To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>

Subject: [mssms] RE: *.bin files not being copied to ccmcache



IIS is most likely blocking the file extension



https://sccm2oo7.blogspot.com/2015/04/how-to-configure-request-filtering-for.html





Michael Schultz

Client Systems Engineering, SCCM Engineer Information Systems Providence Health 
& Services michael.schu...@providence.org<mailto:michael.schu...@providence.org>





-Original Message-

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Stuart Watret

Sent: Tuesday, February 28, 2017 5:45 AM

To: <mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>> 
<mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>>

Subject: [mssms] *.bin files not being copied to ccmcache



is this a thing?



I have an app in sccm 1607 / it has a *.bin file as part of the content, when 
clients download to the ccmcache, it isn’t part of the download.



Install fails…….



Never come across it before, anyone else?



Ta



Stuart







This message is intended for the sole use of the addressee, and may contain 
information that is privileged, confidential and exempt from disclosure under 
applicable law. If you are not the addressee you are hereby notified that you 
may not use, copy, disclose, or distribute to anyone the message or any 
information contained in the message. If you have received this message in 
error, please immediately advise the sender by reply email and delete this 
message.

[mssms] RE: *.bin files not being copied to ccmcache

[Stuart Watret]

I'll check those out, bit more info from testing this afternoon..

Did a bit more on it this afternoon but it's very strange. I'm sending hp bios 
updates out. If I run these as packages with unc command lines to network 
locations as programs everything is fine. I wanted to use the app model instead 
and supply a nice icon etc. 

However the files that go to the dp and eventually the ccmcache are missing the 
bin file which is hp's file for storing the bios password. 

I thought maybe the file was corrupt so deleted everything, dropped a second 
bin file in the source then re- created the App. This time the original bin 
file was present but the new one was not!!! 

Pretty strange eh?

I've deleted everything and will leave it overnight before trying again. I'd 
have to conclude it's not bin files exactly but some other content syncing 
weirdness. 

Stuart
Sent from a dog and bone.

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Schultz, Michael A
Sent: 28 February 2017 17:38
To: mssms@lists.myitforum.com
Subject: [mssms] RE: *.bin files not being copied to ccmcache

IIS is most likely blocking the file extension

https://sccm2oo7.blogspot.com/2015/04/how-to-configure-request-filtering-for.html


Michael Schultz
Client Systems Engineering, SCCM Engineer Information Systems Providence Health 
& Services michael.schu...@providence.org


-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Stuart Watret
Sent: Tuesday, February 28, 2017 5:45 AM
To: <mssms@lists.myitforum.com> <mssms@lists.myitforum.com>
Subject: [mssms] *.bin files not being copied to ccmcache

is this a thing?

I have an app in sccm 1607 / it has a *.bin file as part of the content, when 
clients download to the ccmcache, it isn’t part of the download.

Install fails…….

Never come across it before, anyone else?

Ta

Stuart



This message is intended for the sole use of the addressee, and may contain 
information that is privileged, confidential and exempt from disclosure under 
applicable law. If you are not the addressee you are hereby notified that you 
may not use, copy, disclose, or distribute to anyone the message or any 
information contained in the message. If you have received this message in 
error, please immediately advise the sender by reply email and delete this 
message.

[mssms] *.bin files not being copied to ccmcache

[Stuart Watret]

is this a thing?

I have an app in sccm 1607 / it has a *.bin file as part of the content, when 
clients download to the ccmcache, it isn’t part of the download.

Install fails…….

Never come across it before, anyone else?

Ta

Stuart

RE: [mssms] clients offline

[Stuart Watret]

To be fair the way it is doesn’t prove anything, how many times have we tried 
this:

Icon says it’s available, right click tools say no…….

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Jason Sandys
Sent: 07 February 2017 19:18
To: mssms@lists.myitforum.com
Subject: RE: [mssms] clients offline

Not if it doesn’t work and/or doesn’t prove anything. The how is *always* 
important otherwise you’re just a glorified button pusher.

[Image result for Jetson Work Pushing Button]

J

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Stuart Watret
Sent: Tuesday, February 7, 2017 4:42 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: Re: [mssms] clients offline

fine words, the truth for me is i only care if its online; not proving a 
channel and components….blah blah are available.  so a ping would have been 
peachy for me.
when were you born? :)

On 5 Feb 2017, at 15:30, Jason Sandys <ja...@sandys.us<mailto:ja...@sandys.us>> 
wrote:

Pings are useless in most modern environments. Also, pings don’t prove that the 
actual channel and components being used by the client agent are available. 
Finally, a ping is not something the server side can track in any way so would 
be useless for online/offline tracking anyway.

The mechanism used piggy backs off of the client notification feature. If you 
are having issues with this, then you need to check the BGB component on your 
MPs as well as the availability of port 10123 from the client to the MP 
although it will fall back to 80 if 10123 is not available.

J

From: <listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>> 
on behalf of Stuart Watret 
<stu...@offshore-it.co.uk<mailto:stu...@offshore-it.co.uk>>
Reply-To: "mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>" 
<mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>>
Date: Saturday, February 4, 2017 at 5:21 AM
To: "mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>" 
<mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>>
Subject: [mssms] RE: clients offline

More here:
http://www.sparkhound.com/learn/blog/troubleshooting-client-online-status-in-sccm-1602

Suspect the idea was dreamt up by a millennial for whom ping is just too 
straight forward.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: 03 February 2017 22:31
To: 'mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>'
Subject: [mssms] clients offline

What exactly is SCCM using to determine that it needs to give a client the 
Offline icon?  All of my secondary servers, except one, are showing Offline.  I 
have tons of client PCs showing Offline.  Some of these are legitimately turned 
off, or at least, off the network.  But not my secondary servers.  And not a 
lot of the client PCs.  I can ping them, I can remote control them.  Anyone 
know?

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284

Every Californian should conserve water.  Find out how at:
<http://saveourwater.com/>
SaveOurWater.com<http://saveourwater.com/> · 
Drought.CA.gov<http://drought.ca.gov/>

Re: [mssms] clients offline

[Stuart Watret]

fine words, the truth for me is i only care if its online; not proving a 
channel and components….blah blah are available.  so a ping would have been 
peachy for me.
when were you born? :)

On 5 Feb 2017, at 15:30, Jason Sandys <ja...@sandys.us<mailto:ja...@sandys.us>> 
wrote:

Pings are useless in most modern environments. Also, pings don’t prove that the 
actual channel and components being used by the client agent are available. 
Finally, a ping is not something the server side can track in any way so would 
be useless for online/offline tracking anyway.

The mechanism used piggy backs off of the client notification feature. If you 
are having issues with this, then you need to check the BGB component on your 
MPs as well as the availability of port 10123 from the client to the MP 
although it will fall back to 80 if 10123 is not available.

J

From: <listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>> 
on behalf of Stuart Watret 
<stu...@offshore-it.co.uk<mailto:stu...@offshore-it.co.uk>>
Reply-To: "mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>" 
<mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>>
Date: Saturday, February 4, 2017 at 5:21 AM
To: "mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>" 
<mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>>
Subject: [mssms] RE: clients offline

More here:
http://www.sparkhound.com/learn/blog/troubleshooting-client-online-status-in-sccm-1602

Suspect the idea was dreamt up by a millennial for whom ping is just too 
straight forward.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: 03 February 2017 22:31
To: 'mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>'
Subject: [mssms] clients offline

What exactly is SCCM using to determine that it needs to give a client the 
Offline icon?  All of my secondary servers, except one, are showing Offline.  I 
have tons of client PCs showing Offline.  Some of these are legitimately turned 
off, or at least, off the network.  But not my secondary servers.  And not a 
lot of the client PCs.  I can ping them, I can remote control them.  Anyone 
know?

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284

Every Californian should conserve water.  Find out how at:
<http://saveourwater.com/>
SaveOurWater.com<http://saveourwater.com/> · 
Drought.CA.gov<http://drought.ca.gov/>

[mssms] RE: clients offline

[Stuart Watret]

More here:
http://www.sparkhound.com/learn/blog/troubleshooting-client-online-status-in-sccm-1602

Suspect the idea was dreamt up by a millennial for whom ping is just too 
straight forward.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Heaton, Joseph@Wildlife
Sent: 03 February 2017 22:31
To: 'mssms@lists.myitforum.com'
Subject: [mssms] clients offline

What exactly is SCCM using to determine that it needs to give a client the 
Offline icon?  All of my secondary servers, except one, are showing Offline.  I 
have tons of client PCs showing Offline.  Some of these are legitimately turned 
off, or at least, off the network.  But not my secondary servers.  And not a 
lot of the client PCs.  I can ping them, I can remote control them.  Anyone 
know?

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284

Every Californian should conserve water.  Find out how at:
[SaveOurWater_Logo]
SaveOurWater.com * 
Drought.CA.gov

[mssms] RE: clients offline

[Stuart Watret]

Client online status - Beginning in version 1602 of Configuration Manager, this 
status indicates if the computer is online or not. A computer is considered 
online if it is connected to it's assigned management point. To indicate that 
the client is online, it sends ping-like messages to the management point. If 
the management point doesn't receive a message in 5 minutes or so, the client 
is considered offline.

It's the "ping-like" phrase that worries me :)

From
https://docs.microsoft.com/en-us/sccm/core/clients/manage/monitor-clients


From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Heaton, Joseph@Wildlife
Sent: 03 February 2017 22:31
To: 'mssms@lists.myitforum.com'
Subject: [mssms] clients offline

What exactly is SCCM using to determine that it needs to give a client the 
Offline icon?  All of my secondary servers, except one, are showing Offline.  I 
have tons of client PCs showing Offline.  Some of these are legitimately turned 
off, or at least, off the network.  But not my secondary servers.  And not a 
lot of the client PCs.  I can ping them, I can remote control them.  Anyone 
know?

Joe Heaton
Information Technology Operations Branch
Data and Technology Division
CA Department of Fish and Wildlife
1700 9th Street, 3rd Floor
Sacramento, CA  95811
Desk:  (916) 323-1284

Every Californian should conserve water.  Find out how at:
[SaveOurWater_Logo]
SaveOurWater.com * 
Drought.CA.gov

Re: [mssms] RE: Bios to Uefi / hp

[Stuart Watret]

Ok got there in the end.

Win7 x86 running Bios to Win10x64 running Uefi in one TS - issues at every step 
:)

Thanks.

On 2 Feb 2017, at 11:32, Olsson Mats (4004) 
<mats.ols...@forsakringskassan.se<mailto:mats.ols...@forsakringskassan.se>> 
wrote:

Yes.

I made a package of the files needed and then I just do a run command line step 
in the ts with the package selected.

Combined with the UEFI improvements in 1609 or better it’s working for me

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com]On Behalf Of Stuart Watret
Sent: den 2 februari 2017 11:23
To: <mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>> 
<mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>>
Subject: Re: [mssms] RE: Bios to Uefi / hp

Excellent thanks Mats, and this is running in winpe yes?

On 2 Feb 2017, at 07:14, Olsson Mats (4004) 
<mats.ols...@forsakringskassan.se<mailto:mats.ols...@forsakringskassan.se>> 
wrote:

Yes.
I have been testing bare metal install from W7/bios to W10/UEFI+bitlocker
We do use a vbscript for it but the commandline in vb is 
BiosConfigCMD=Chr(34) & scriptdir & "\" & Biosconfigexe & Chr(34) & " /Set:" & 
chr(34) & scriptdir & "\" & UEFIConfigFile  & chr(34) & " /Nspwdfile:"  & 
chr(34) & scriptdir & "\" & PWDFile & chr(34) & " /cspwdfile:" & chr(34) & 
scriptdir & "\" & PWDFile & chr(34)

/Mats

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com]On Behalf Of Stuart Watret
Sent: den 1 februari 2017 16:36
To: <mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>> 
<mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>>
Subject: [mssms] Bios to Uefi / hp

Anyone successfully done this using HP’s biosconfigutility.exe?

I’m following this doc,
https://docs.microsoft.com/en-us/sccm/osd/deploy-use/task-sequence-steps-to-manage-bios-to-uefi-conversion

Specifically I’m interested in your command line for HP kit :)

Stuart

Re: [mssms] RE: Bios to Uefi / hp

[Stuart Watret]

Excellent thanks Mats, and this is running in winpe yes?

On 2 Feb 2017, at 07:14, Olsson Mats (4004) 
<mats.ols...@forsakringskassan.se<mailto:mats.ols...@forsakringskassan.se>> 
wrote:

Yes.
I have been testing bare metal install from W7/bios to W10/UEFI+bitlocker
We do use a vbscript for it but the commandline in vb is 
BiosConfigCMD=Chr(34) & scriptdir & "\" & Biosconfigexe & Chr(34) & " /Set:" & 
chr(34) & scriptdir & "\" & UEFIConfigFile  & chr(34) & " /Nspwdfile:"  & 
chr(34) & scriptdir & "\" & PWDFile & chr(34) & " /cspwdfile:" & chr(34) & 
scriptdir & "\" & PWDFile & chr(34)

/Mats

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com]On Behalf Of Stuart Watret
Sent: den 1 februari 2017 16:36
To: <mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>> 
<mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>>
Subject: [mssms] Bios to Uefi / hp

Anyone successfully done this using HP’s biosconfigutility.exe?

I’m following this doc,
https://docs.microsoft.com/en-us/sccm/osd/deploy-use/task-sequence-steps-to-manage-bios-to-uefi-conversion

Specifically I’m interested in your command line for HP kit :)

Stuart

[mssms] Bios to Uefi / hp

[Stuart Watret]

Anyone successfully done this using HP’s biosconfigutility.exe?

I’m following this doc,
https://docs.microsoft.com/en-us/sccm/osd/deploy-use/task-sequence-steps-to-manage-bios-to-uefi-conversion

Specifically I’m interested in your command line for HP kit :)

Stuart

Re: [mssms] Patches (New Pardigm)

[Stuart Watret]

Still not straight forward, the updated bit says…



As of December 2016, a Security Only update will not be offered on a PC where a 
Monthly Rollup (from the same or later month) is already installed. This is 
accomplished through an applicability definition on the Security Only update, 
which checks for the installation of a Monthly Rollup (from the same or later 
month) to determine if it applicable on the PC. For example, if a PC attempts 
to install the February 2017 Security Only update, and the February 2017 (or 
later) Monthly Rollup is already installed, the Windows Update client will now 
report the Security Only update as not applicable. In addition to simplifying 
the installation scenario, tools that leverage such applicability for 
deployment reporting would see the Security Only update as not needed on the PC.

Additionally, as of December 2016, Security Only updates from earlier months 
(October and November 2016) were revised to leverage this applicability check, 
so it now applies to all Security Only updates released in the new servicing 
model. Finally, this applicability definition also checks for the installation 
of a Preview Rollup from the same or later month, which also includes the 
security fixes for that month.

WSUS had the November Security Only patch marked as superseded, i guess the 
patch check isn’t smart enough to pick the latest one first - ho hum.


On 16 Jan 2017, at 08:02, Shane Alexander 
<shane_alexan...@hotmail.com<mailto:shane_alexan...@hotmail.com>> wrote:

Cumulative  <OutlookEmoji-.png>

Updated blog too ... 
https://blogs.technet.microsoft.com/windowsitpro/2017/01/13/simplified-servicing-for-windows-7-and-windows-8-1-the-latest-improvements/

Simplified servicing for Windows 7 and Windows 8.1: the latest 
improvements<https://blogs.technet.microsoft.com/windowsitpro/2017/01/13/simplified-servicing-for-windows-7-and-windows-8-1-the-latest-improvements/>
blogs.technet.microsoft.com<http://blogs.technet.microsoft.com/>
Today, we are providing insight into two recent and upcoming modifications to 
the servicing model for Windows 7 SP1, Windows 8.1, Windows Server 2008 R2, 
Windows Server 2012, and Windows Server 2012 R2. Customers using Windows Update 
and connected directly to Microsoft for updates (such as consumer PCs) will not 
be impacted by these changes,...




From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
<listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>> on 
behalf of Shane Alexander 
<shane_alexan...@hotmail.com<mailto:shane_alexan...@hotmail.com>>
Sent: Monday, 16 January 2017 4:10 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: Re: [mssms] Patches (New Pardigm)

The update in the original screenshot is the "Security Only" update.
"Security Only" are not cumulatative, and new ones do not superseded old ones.
It is only the "Security Monthly Quality Rollup" updates that are cumulatative, 
and supersede old ones.
You need to sort out what you are selecting each month.
Maybe you are looking at the wrong update thinking it is superseded.

While below screenshot is from ConfigMgr, shows at a glance what is needed to 
understand each updates state.







From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
<listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>> on 
behalf of Stuart Watret 
<stu...@offshore-it.co.uk<mailto:stu...@offshore-it.co.uk>>
Sent: Saturday, 14 January 2017 4:01 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: Re: [mssms] Patches (New Pardigm)

Hi Sherry, this is pure WSUS - what I’m expecting is intelligence in the scan 
to say, hey I know, I only need January’s, cause it’s cumulative and has all I 
need.

HNY btw :)

On 13 Jan 2017, at 13:52, Sherry Kissinger 
<sherrylkissin...@gmail.com<mailto:sherrylkissin...@gmail.com>> wrote:

My Guess; and it's just a guess...
Superseded <> Expired
If you have those superseded updates in your deployment update group, depending 
upon where in the install chain that particular client chose to install an 
update, it *might* install November, December, than January.  Instead of 
"January", then "oh, I have November and December already, moving on"  Which is 
what you want to happen.

If you want to avoid that, remove the superseded updates from your update 
group, so only the latest is available.

On Fri, Jan 13, 2017 at 5:04 AM, Stuart Watret 
<stu...@offshore-it.co.uk<mailto:stu...@offshore-it.co.uk>> wrote:
I try not to think about patching too much, I’ve been fairly successful.

I thought the new patch paradigm was cumulative?

I was refreshing a reference image in MDT yesterday, a couple of days after 
Ja

Re: [mssms] Endpoint Protection (SCEP) for servers

[Stuart Watret]

Make judicious use of role based collections and make sure your av exceptions 
are advertised correctly to these collections; otherwise the “Urrrg, av on 
servers gang” will be on your back like a limpet.

Oh and plan your scans carefully.

> On 13 Jan 2017, at 14:08, Adam Juelich  wrote:
> 
> Hello Everyone,
> 
> I've used SCEP in the past on client machines and it worked great - no 
> complaints.  This is after moving them off of Sophos.  At that time we didn't 
> move it to Servers as our Network Admin wasn't confident in it.
> 
> Just curious if others are using SCEP for servers?  Thoughts, concerns?  Any 
> gotchas?
> 
> Thanks!
> 

[mssms] Patches (New Pardigm)

[Stuart Watret]

I try not to think about patching too much, I’ve been fairly successful.

I thought the new patch paradigm was cumulative?

I was refreshing a reference image in MDT yesterday, a couple of days after 
January’s patches were out.

The screen cap below shows my client picking up Novembers patches, clearly 
marked as superseded in the wsus console.

Have I got it wrong?

Cheers

Stuart

[unknown.png]

Re: [mssms] Count physical disks

[Stuart Watret]

Thanks David, am I missing it, i don’t see anything relating to a count of 
physical disks per machine?

Stuart Watret

On 1 Dec 2016, at 14:46, David Jones 
<dkjones9...@gmail.com<mailto:dkjones9...@gmail.com>> wrote:

sorry that wasn't very helpful without this.

On Thu, Dec 1, 2016 at 9:35 AM, David Jones 
<dkjones9...@gmail.com<mailto:dkjones9...@gmail.com>> wrote:
This is the SQL from a report I made this week.

SELECT DISTINCT
  SYS.Netbios_Name0
 ,SYS.Is_Virtual_Machine0
 ,Processor.Name0
 ,COUNT(SYS.ResourceID)
 ,Processor.NumberOfCores0
 ,Processor.NumberOfLogicalProcessors0
FROM fn_rbac_R_System(@UserSIDs)  SYS
JOIN fn_rbac_GS_PROCESSOR(@UserSIDs)  Processor on 
SYS.ResourceID=Processor.ResourceID
JOIN v_FullCollectionMembership FCM on FCM.ResourceID=SYS.ResourceID
WHERE FCM.CollectionID = @variable
Group By 
SYS.Netbios_Name0,Processor.Name0,Processor.NumberOfCores0,Processor.NumberOfLogicalProcessors0,SYS.Is_Virtual_Machine0
ORDER BY SYS.Netbios_Name0

On Thu, Dec 1, 2016 at 6:55 AM, Stuart Watret 
<stu...@offshore-it.co.uk<mailto:stu...@offshore-it.co.uk>> wrote:
Anyone share a bit of query magic I can utilise to count disks in machines, 
that’s all I need.

Cheers

Stuart Watret

[mssms] Count physical disks

[Stuart Watret]

Anyone share a bit of query magic I can utilise to count disks in machines, 
that’s all I need.

Cheers

Stuart Watret

Re: [mssms] removing scep help

[Stuart Watret]

bump

Stuart Watret

On 24 Nov 2016, at 11:58, Stuart Watret 
<stu...@offshore-it.co.uk<mailto:stu...@offshore-it.co.uk>> wrote:

This sender failed our fraud detection checks and may not be who they 
appear to be. Learn about spoofing<http://aka.ms/LearnAboutSpoofing>  
Feedback<http://aka.ms/SafetyTipsFeedback>
Got a w2k8 r server.

SCEP will neither installed nor uninstall.

Most of the files have gone, but we can’t delete the service, either using sc 
delete, or wiping it from the reg and rebooting.

Really don’t want to rebuild the box, next step is to open an MS call; but I 
thought I’d try the list for inspiration first.

Install results in 8004ff81 error.


Stuart Watret

[mssms] removing scep help

[Stuart Watret]

Got a w2k8 r server.

SCEP will neither installed nor uninstall.

Most of the files have gone, but we can’t delete the service, either using sc 
delete, or wiping it from the reg and rebooting.

Really don’t want to rebuild the box, next step is to open an MS call; but I 
thought I’d try the list for inspiration first.

Install results in 8004ff81 error.


Stuart Watret

Re: [mssms] Auto Client Upgrade

[Stuart Watret]

Until you complete the restart, the appropriate files are not in use, i.e. the 
client will not be fully functional.


Stuart Watret (Director)
Offshore IT Ltd
stu...@offshore-it.co.uk<mailto:stu...@offshore-it.co.uk>

On 21 Nov 2016, at 03:58, Magnus Tveten 
<magnus.tve...@iag.com.au<mailto:magnus.tve...@iag.com.au>> wrote:

Hi All,
Quick question…. About client upgrade.
I have noticed that sometimes when a Client gets upgraded (at least when its 
going from SCCM2012 client to 1606)  the client installation ends with a 
‘Reboot needed’
On Client OS that is enforced with the Computer settings countdown times so 
that is not a problem, however for servers it creates a “reboot Pending” as its 
not forcing it
How quickly do I have to ensure that the server is actually rebooted after the 
client is installed ?
Or I guess what are the implications of not forcing the reboot to happen ?



MAGNUS TVETEN

_

The information transmitted in this message and its attachments (if any) is 
intended
only for the person or entity to which it is addressed.
The message may contain confidential and/or privileged material. Any review,
retransmission, dissemination or other use of, or taking of any action in 
reliance
upon this information, by persons or entities other than the intended recipient 
is
prohibited.

If you have received this in error, please contact the sender and delete this 
e-mail
and associated material from any computer.

The intended recipient of this e-mail may only use, reproduce, disclose or 
distribute
the information contained in this e-mail and any attached files, with the 
permission
of the sender.

This message has been scanned for viruses.
_

Re: [mssms] Supersedence of Security Only Quality Updates

[Stuart Watret]

Nothing is normal in the new patch world, i still use wsus, this month i 
noticed the same behaviour; who knows what’s occurring.
I’m just going to go with what it says and hope it’s right.  No .Net updates 
this month either.

S.

On 8 Nov 2016, at 22:52, Hatem Mohamed 
> wrote:

I noticed today’s security only quality update for Windows 7 x64 was 
immediately marked as superseded, and is superseded by todays security monthly 
quality rollup for windows 7 x64. However, looking at October’s security only 
update and security monthly rollup, it doesn’t seem like the rollup supersedes 
the security only update that came out on the same day.

My question is, is this normal for November 2016’s Security Only quality update 
for Win 7 x64 to be superseded by today’s security monthly quality rollup for 
Win 7 x64 or was it superseded on the same day it came out for some other 
reason? I was expecting a future month’s update to supersede a previous month’s 
update per the blog posts on the new servicing model.

[mssms] scep def version displayed in the sccm console

[Stuart Watret]

Hi,
Where is the above getting updated from?

H/W Inventory?

Ta

SW

Re: [mssms] scep updates not working

[Stuart Watret]

doh !!

Ok, got it thanks.

Stuart Watret

On 28 Oct 2016, at 19:40, Jimmy Martin 
<jimmy.mar...@bmhcc.org<mailto:jimmy.mar...@bmhcc.org>> wrote:

I was just saying use the script to DL the defs so you can create a package for 
them and deliver the defs via regular sccm package delivery

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Murray, Mike
Sent: Friday, October 28, 2016 11:25 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: RE: [mssms] scep updates not working

Maybe try this? It’s worked for us. Admin command prompt.

"C:\Program Files\Windows Defender\MpCmdRun.exe" -removedefinitions -all

"C:\Program Files\Windows Defender\MpCmdRun.exe" -SignatureUpdate

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Stuart Watret
Sent: Friday, October 28, 2016 7:44 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: Re: [mssms] scep updates not working

Thanks Jimmy, no access to ms.com<http://ms.com/> on the clients.

I’ve progressed with the remove and reinstall - this seems to work although 
worryingly, I’m not seeing the “Installed” number climbing in WSUS for the 
definitions.

May just have bought some more time before a WSUS rebuild :)

On 28 Oct 2016, at 12:39, Jimmy Martin 
<jimmy.mar...@bmhcc.org<mailto:jimmy.mar...@bmhcc.org>> wrote:

Try sending the full def update via regular sccm package to the devices with 
old defs

If you don’t already have it, this can be run as a powershell script to 
download the defs

$x64S1 = "http://go.microsoft.com/fwlink/?LinkID=121721=0x409=x64;
$x64D1 = 
"\\server\share\x64\mpam-fe.exe"
$x64S2 = "http://go.microsoft.com/fwlink/?LinkId=211054;
$x64D2 = "\\server\share\x64\mpam-d.exe"
$x64S3 = "http://go.microsoft.com/fwlink/?LinkId=197094;
$x64D3 = 
"\\server\share\x64\nis_full.exe"
$x86S1 = "http://go.microsoft.com/fwlink/?LinkID=121721=0x409=x86;
$x86D1 = 
"\\server\share\x86\mpam-fe.exe"
$x86S2 = "http://go.microsoft.com/fwlink/?LinkId=211053;
$x86D2 = "\\server\share\x86\mpam-d.exe"
$x86S3 = "http://go.microsoft.com/fwlink/?LinkId=197095;
$x86D3 = 
"\\server\share\x86\nis_full.exe"
$wc = New-Object System.Net<http://system.net/>.WebClient



$wc= new-object System.Net<http://system.net/>.WebClient
#If you have a proxy configured for your environment, you need to enable and 
confiure
#   the next three lines
$proxy = new-object System.Net<http://system.net/>.WebProxy "your proxy:port"
$proxy.UseDefaultCredentials = $true
$wc.proxy=$proxy

$wc.DownloadFile($x86S1, $x86D1)
$wc.DownloadFile($x86S2, $x86D2)
$wc.DownloadFile($x86S3, $x86D3)
$wc.DownloadFile($x64S1, $x64D1)
$wc.DownloadFile($x64S2, $x64D2)
$wc.DownloadFile($x64S3, $x64D3)



Jimmy Martin
(901) 227-8209


-Original Message-
From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Stuart Watret
Sent: Friday, October 28, 2016 5:17 AM
To: <mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>> 
<mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>>
Subject: [mssms] scep updates not working

Since last Friday my clients haven’t ben picking up scep updates from WSUS.

A manual update results in a 8004002e error.

Only solution I’ve found is to remove scep and reinstall.

I’ll do this, but thought I’d run it all past you in case of any bright ideas.

Cheers

Stuart



This message and any files transmitted with it may contain legally privileged, 
confidential, or proprietary information. If you are not the intended recipient 
of this message, you are not permitted to use, copy, or forward it, in whole or 
in part without the express consent of the sender. Please notify the sender of 
the error by reply email, disregard the foregoing messages, and delete it 
immediately.

P Please consider the environment before printing this email...




This message and any files transmitted with it may contain legally privileged, 
confidential, or proprietary information. If you are not the intended recipient 
of this message, you are not permitted to use, copy, or forward it, in whole or 
in part without the express consent of the sender. Please notify the sender of 
the error by reply email, disregard the foregoing messages, and delete it 
immediately.



P Please consider the environment before printing this email...

Re: [mssms] scep updates not working

[Stuart Watret]

Great idea, thanks Mike :)

Stuart Watret

On 28 Oct 2016, at 17:25, Murray, Mike 
<mmur...@csuchico.edu<mailto:mmur...@csuchico.edu>> wrote:

Maybe try this? It’s worked for us. Admin command prompt.

"C:\Program Files\Windows Defender\MpCmdRun.exe" -removedefinitions -all

"C:\Program Files\Windows Defender\MpCmdRun.exe" -SignatureUpdate

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Stuart Watret
Sent: Friday, October 28, 2016 7:44 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: Re: [mssms] scep updates not working

Thanks Jimmy, no access to ms.com<http://ms.com/> on the clients.

I’ve progressed with the remove and reinstall - this seems to work although 
worryingly, I’m not seeing the “Installed” number climbing in WSUS for the 
definitions.

May just have bought some more time before a WSUS rebuild :)

On 28 Oct 2016, at 12:39, Jimmy Martin 
<jimmy.mar...@bmhcc.org<mailto:jimmy.mar...@bmhcc.org>> wrote:

Try sending the full def update via regular sccm package to the devices with 
old defs

If you don’t already have it, this can be run as a powershell script to 
download the defs

$x64S1 = "http://go.microsoft.com/fwlink/?LinkID=121721=0x409=x64;
$x64D1 = "\\server\share\x64\mpam-fe.exe"
$x64S2 = "http://go.microsoft.com/fwlink/?LinkId=211054;
$x64D2 = "\\server\share\x64\mpam-d.exe"
$x64S3 = "http://go.microsoft.com/fwlink/?LinkId=197094;
$x64D3 = "\\server\share\x64\nis_full.exe"
$x86S1 = "http://go.microsoft.com/fwlink/?LinkID=121721=0x409=x86;
$x86D1 = "\\server\share\x86\mpam-fe.exe"
$x86S2 = "http://go.microsoft.com/fwlink/?LinkId=211053;
$x86D2 = "\\server\share\x86\mpam-d.exe"
$x86S3 = "http://go.microsoft.com/fwlink/?LinkId=197095;
$x86D3 = "\\server\share\x86\nis_full.exe"
$wc = New-Object System.Net<http://system.net/>.WebClient



$wc= new-object System.Net<http://system.net/>.WebClient
#If you have a proxy configured for your environment, you need to enable and 
confiure
#   the next three lines
$proxy = new-object System.Net<http://system.net/>.WebProxy "your proxy:port"
$proxy.UseDefaultCredentials = $true
$wc.proxy=$proxy

$wc.DownloadFile($x86S1, $x86D1)
$wc.DownloadFile($x86S2, $x86D2)
$wc.DownloadFile($x86S3, $x86D3)
$wc.DownloadFile($x64S1, $x64D1)
$wc.DownloadFile($x64S2, $x64D2)
$wc.DownloadFile($x64S3, $x64D3)



Jimmy Martin
(901) 227-8209


-Original Message-
From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Stuart Watret
Sent: Friday, October 28, 2016 5:17 AM
To: <mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>> 
<mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>>
Subject: [mssms] scep updates not working

Since last Friday my clients haven’t ben picking up scep updates from WSUS.

A manual update results in a 8004002e error.

Only solution I’ve found is to remove scep and reinstall.

I’ll do this, but thought I’d run it all past you in case of any bright ideas.

Cheers

Stuart



This message and any files transmitted with it may contain legally privileged, 
confidential, or proprietary information. If you are not the intended recipient 
of this message, you are not permitted to use, copy, or forward it, in whole or 
in part without the express consent of the sender. Please notify the sender of 
the error by reply email, disregard the foregoing messages, and delete it 
immediately.

P Please consider the environment before printing this email...

Re: [mssms] scep updates not working

[Stuart Watret]

Thanks Jimmy, no access to ms.com<http://ms.com> on the clients.

I’ve progressed with the remove and reinstall - this seems to work although 
worryingly, I’m not seeing the “Installed” number climbing in WSUS for the 
definitions.

May just have bought some more time before a WSUS rebuild :)

On 28 Oct 2016, at 12:39, Jimmy Martin 
<jimmy.mar...@bmhcc.org<mailto:jimmy.mar...@bmhcc.org>> wrote:

Try sending the full def update via regular sccm package to the devices with 
old defs

If you don’t already have it, this can be run as a powershell script to 
download the defs

$x64S1 = "http://go.microsoft.com/fwlink/?LinkID=121721=0x409=x64;
$x64D1 = "\\server\share\x64\mpam-fe.exe"
$x64S2 = "http://go.microsoft.com/fwlink/?LinkId=211054;
$x64D2 = "\\server\share\x64\mpam-d.exe"
$x64S3 = "http://go.microsoft.com/fwlink/?LinkId=197094;
$x64D3 = "\\server\share\x64\nis_full.exe"
$x86S1 = "http://go.microsoft.com/fwlink/?LinkID=121721=0x409=x86;
$x86D1 = "\\server\share\x86\mpam-fe.exe"
$x86S2 = "http://go.microsoft.com/fwlink/?LinkId=211053;
$x86D2 = "\\server\share\x86\mpam-d.exe"
$x86S3 = "http://go.microsoft.com/fwlink/?LinkId=197095;
$x86D3 = "\\server\share\x86\nis_full.exe"
$wc = New-Object System.Net<http://System.Net>.WebClient



$wc= new-object System.Net<http://System.Net>.WebClient
#If you have a proxy configured for your environment, you need to enable and 
confiure
#   the next three lines
$proxy = new-object System.Net<http://System.Net>.WebProxy "your proxy:port"
$proxy.UseDefaultCredentials = $true
$wc.proxy=$proxy

$wc.DownloadFile($x86S1, $x86D1)
$wc.DownloadFile($x86S2, $x86D2)
$wc.DownloadFile($x86S3, $x86D3)
$wc.DownloadFile($x64S1, $x64D1)
$wc.DownloadFile($x64S2, $x64D2)
$wc.DownloadFile($x64S3, $x64D3)



Jimmy Martin
(901) 227-8209


-Original Message-
From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Stuart Watret
Sent: Friday, October 28, 2016 5:17 AM
To: <mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>> 
<mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>>
Subject: [mssms] scep updates not working

Since last Friday my clients haven’t ben picking up scep updates from WSUS.

A manual update results in a 8004002e error.

Only solution I’ve found is to remove scep and reinstall.

I’ll do this, but thought I’d run it all past you in case of any bright ideas.

Cheers

Stuart



This message and any files transmitted with it may contain legally privileged, 
confidential, or proprietary information. If you are not the intended recipient 
of this message, you are not permitted to use, copy, or forward it, in whole or 
in part without the express consent of the sender. Please notify the sender of 
the error by reply email, disregard the foregoing messages, and delete it 
immediately.

P Please consider the environment before printing this email...

[mssms] scep updates not working

[Stuart Watret]

Since last Friday my clients haven’t ben picking up scep updates from WSUS.

A manual update results in a 8004002e error.

Only solution I’ve found is to remove scep and reinstall.

I’ll do this, but thought I’d run it all past you in case of any bright ideas.

Cheers

Stuart 

RE: [mssms] Rollup Patches naming.......

[Stuart Watret]

Great link, thanks; it will simplify my monthly work.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of tmerin...@gmail.com
Sent: 21 October 2016 13:26
To: Stuart Watret; mssms@lists.myitforum.com
Subject: AW: [mssms] Rollup Patches naming...

This is a good article about all that stuff: 
https://blogs.technet.microsoft.com/windowsitpro/2016/10/07/more-on-windows-7-and-windows-8-1-servicing-changes/



Von: Stuart Watret<mailto:stu...@offshore-it.co.uk>
Gesendet: Freitag, 21. Oktober 2016 12:53
An: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Betreff: [mssms] Rollup Patches naming...

First month, I had to re-read the blogs about what we could expect.

That said, the naming of them still leaves me baffled.  Does anyone else have a 
high initial failure rate on the “Security Monthly Quality Rollup”?

And really, what is the difference between all these?

[cid:8CD344D9-50AC-44AB-92C3-326758664788@fritz.box]

Stuart Watret

RE: [mssms] Rollup Patches naming.......

[Stuart Watret]

Lovely stuff, thanks; I’m going to make some tea and make some notes ☺

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of the codepoets
Sent: 21 October 2016 18:07
To: mssms@lists.myitforum.com
Subject: Re: [mssms] Rollup Patches naming...

My understanding is that each month will have 2 rollups on patch Tuesday. 
Security only and Security + Quality. The Security only are non-cumulative, the 
Security Monthly are cumulative. Each third Tuesday will see a "preview" rollup 
with the non-security updates in them that will be included in the next month's 
Security + Quality rollup. So, in your example, "October, 2016 Security Only" 
is just security updates for October for Windows 7. This will be available 
every month, but is non-cumulative. So every month is separate. The "October, 
2016 Security Monthly" contains the security updates from the "Security Only" 
of the same month as well as the non-security updates from the previous month's 
"Preview" rollup. October is a little different as this is the first month of 
this. The "October, 2016 Preview" is the non-security updates preview. This 
rollup will be included with next month's "November, 2016 Security Monthly" 
update. Confusing, I know, especially with the naming. But once you get the 
hang of the concept, it works.
Agreed on the naming conventions. Add into the mix the "Reliability Rollup" for 
.Net, and it's even more confusing.
We have not had a higher than normal failure rate this month, outside of the 
fact that we had to do some quick drive cleanup because of space. We are also 
only deploying the full rollups (Security Monthly).
If your initial failures are because of space and you are using straight WSUS, 
check into Express Installation Files. That should help your clients only 
request the bits they need. If you are using SCCM (like us) then you are out of 
luck on the EIFs, for now. Though I have seem it come up as a feature request 
to the product team. Other third party patching solutions, I don't know what 
their support of EIFs would be. Case by case basis, I assume.

-Erik

On Fri, Oct 21, 2016 at 3:46 AM, Stuart Watret 
<stu...@offshore-it.co.uk<mailto:stu...@offshore-it.co.uk>> wrote:
First month, I had to re-read the blogs about what we could expect.

That said, the naming of them still leaves me baffled.  Does anyone else have a 
high initial failure rate on the “Security Monthly Quality Rollup”?

And really, what is the difference between all these?

[cid:image001.png@01D22EE6.A523D370]

Stuart Watret

[mssms] Rollup Patches naming.......

[Stuart Watret]

First month, I had to re-read the blogs about what we could expect.

That said, the naming of them still leaves me baffled.  Does anyone else have a 
high initial failure rate on the “Security Monthly Quality Rollup”?

And really, what is the difference between all these?

[cid:8CD344D9-50AC-44AB-92C3-326758664788@fritz.box]

Stuart Watret

Re: [mssms] ccmexec calling http://crl.microsoft.com/pki blah blah

[Stuart Watret]

Thanks all, yes that covers it; the question was why, now we know.

Great job, thanks.


> On 14 Sep 2016, at 20:42, Aaron Czechowski <aaron.czechow...@microsoft.com> 
> wrote:
> 
> http://social.technet.microsoft.com/wiki/contents/articles/2303.understanding-access-to-microsoft-certificate-revocation-list.aspx
> 
> 
> -Original Message-
> From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] 
> On Behalf Of Jason Wallace
> Sent: Wednesday, 14 September, 2016 11:47
> To: mssms@lists.myitforum.com
> Subject: Re: [mssms] RE: ccmexec calling http://crl.microsoft.com/pki blah 
> blah
> 
> I had read his question more as to why an internal service would need to go 
> to The Internet.
> 
> Sent from my iPhone
> 
>> On 14 Sep 2016, at 19:34, Nash Pherson <na...@nowmicro.com> wrote:
>> 
>> That's a Certificate Revocation List. Your security folks should know what 
>> that is any why it is important.
>> 
>> -Original Message-
>> From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] 
>> On Behalf Of Stuart Watret
>> Sent: Wednesday, September 14, 2016 10:30 AM
>> To: <mssms@lists.myitforum.com> <mssms@lists.myitforum.com>
>> Subject: [mssms] ccmexec calling 
>> https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fcrl.microsoft.com%2fpki=02%7c01%7caaron.czechowski%40microsoft.com%7c5db55a7e7d654471231f08d3dcd0647e%7c72f988bf86f141af91ab2d7cd011db47%7c1%7c0%7c636094760010992837=QJMrMvn2YH4VfEWrZB4RF3zTJqOC7mEHz5kBCDrsLwY%3d
>>  blah blah
>> 
>> In a sensitive area, I’m being asked why this is happening.
>> 
>> Thoughts? Some kind of code/script signing check?
>> 
>> 
>> Stuart
>> 
> 
> 

Re: [mssms] Configuration Manager Local SQL Best Practice Documentation

[Stuart Watret]

a fascinating account, first time I’ve seen a pro account for separating them; 
thanks.


On 8 Sep 2016, at 16:12, Lindenfeld, Ivan 
> wrote:

Adding a couple of things I haven’t read in this thread…

We have 25,000 clients.  SCCM is virtualized, as I imagine most sites are.  
Clients are spread across 1,200 locations in the US.  When the SQL team asked 
us to put the SQL database in their cluster I was allergic.  Not just hesitant. 
 Loss of ownership gave me hives.

Yes, I had to worry about firewalls.  Yes, there is a bit more complexity in 
service accounts.  Here are some pros that we have seen using a separate, 
clustered SQL database (2012, then CB)
1.   Experts tuned performance, indexing and backups.  It works great.  We 
had full participation in the process.
2.   The database(s) are monitored as production and therefore for lots 
more than up/down.  Performance changes are responded to and addressed.  Disk 
space issue for tempDB? Proactively handled.

Architecture-wise, the SCCM Primary and multiple role servers and the SQL 
databases are either on the same switch in the same datacenter or are in the 
same datacenter.  I might get those hives back if someone wanted me to put the 
SQL data remote to SCCM.

As an aside, we’re going to try that anyway.  We’re piloting SCCM in Azure, but 
while we’re going to try it, we think SCCM database on SQL in Azure is going to 
be cost preventative.  Too expensive for the performance we need.  So we may 
end up with SQL over the Express Route on Prem.

Fun times.

Hope this helps.

Ivan Lindenfeld



From: 
listsad...@lists.myitforum.com[mailto:listsad...@lists.myitforum.com]
 On Behalf Of Olsson Mats (4004)
Sent: Thursday, September 8, 2016 9:55 AM
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Configuration Manager Local SQL Best Practice Documentation

I had the same discussion with “my” database admins who wanted to have the 
database in their cluster to keep the number of DB servers down.

After we installed a SP or CU to SCCM that restarted the database instance 
without prior warning (it probably was in the documentation) the DB admins 
rather quickly changed their minds about having SCCM together with line of 
business apps in the same DB instance…

Another thing to be aware of is that SCCM has it’s own list of supported SQL 
versions and SP:s. It might be an issue if the DB admins wants to upgrade and 
SCCM doesn’t support that version

We installed a dedicated SQL on the primary site system instead and it has been 
working well for 4-5 years now.
From: 
listsad...@lists.myitforum.com[mailto:listsad...@lists.myitforum.com]
 On Behalf Of Garth Jones
Sent: den 8 september 2016 14:19
To: mssms@lists.myitforum.com
Subject: [mssms] RE: Configuration Manager Local SQL Best Practice Documentation

Let put it this way, for 400,000 computer Microsoft will NOT say if SQL should 
be local or remote. Which BTW, SQL is hosted locally on a site with 400,000 
computers too. The Admins of that site are on this list too. ☺

Like John said no MVP will say that you should put SQL remote, Heck if I’m 
doing the install and SQL is remote, I add 15 days to the project due to all 
the headache that arise from remote SQL.






Garth Jones
Chief Architect

www.Enhansoft.com

Enhancing Your Business


Subscribe to Enhansoft’s Newsletter!

From: 
listsad...@lists.myitforum.com[mailto:listsad...@lists.myitforum.com]
 On Behalf Of Johns, Damon (DoJ)
Sent: Wednesday, September 7, 2016 11:27 PM
To: mssms@lists.myitforum.com
Subject: [mssms] Configuration Manager Local SQL Best Practice Documentation

Hi Everyone,

Can anyone point me to the Microsoft TechNet documentation where they recommend 
that SQL be installed locally where a Primary Site has 50,000 clients or less? 
I’ve found a couple of blogs where people mentioned this but nothing specific 
from Microsoft.

I’ve also found a number of blogs where MVP’s strongly recommend this, but 
again nothing from Microsoft directly or the Configuration Manager team.

There must be something out there!?

Cheers
Damon



CONFIDENTIALITY NOTICE AND DISCLAIMER
The information in this transmission may be confidential and/or protected by 
legal professional privilege, and is intended only for the person or persons to 
whom it is addressed. If you are not such a person, you are warned that any 
disclosure, copying or dissemination of 

Re: [mssms] Bitlocker recovery keys - MBAM console vs. AD

[Stuart Watret]

I’ve seen the following happen.

Recovery key missing in AD = swap DC in ADUC and find it that time.

One user can’t find recovery key, other user can = rights or gpo on an OU.

We love it, always keeps people guessing.



On 7 Sep 2016, at 16:54, Murray, Mike 
> wrote:

Hey folks,

Yesterday I ran a few recovery keys through the MBAM console with no results. I 
tried the same ones in AD, they showed up. Later I tried another one via AD, no 
result. It showed in the console, though. Weird? Anyone know why this would be?


Best Regards,

Mike Murray
Desktop Engineer/IT Consultant - IT Support Services
California State University, Chico
530.898.4357
mmur...@csuchico.edu

Remember, Chico State will NEVER ask you for your password via email!
For more information about recognizing phishing scam emails go 
to:http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

[mssms] MDT Error - Unhandled Error ZTIDrivers

[Stuart Watret]

So, trying to understand why adding custom Format and Partition Disk steps is 
causing the unhandled ztidriver error.

I had the first one use disk 0 / primary partition 100% and set OSDisk variable.
It had a wmi query to skip if the model was a book 17 (so it runs for everyone 
else).

Next one, wim query to run if it was a zbook 17, use disk 1, primary, 100% set 
OS Disk variable

Next one wmi query to run if zbook 17, use disk 0, primary, 100%, no variable 
set.

Doing this results in the correct disk config, but breaks the TS for any 
machine at the point driver disco takes place.

So my question is why?


Stuart

Re: [mssms] MDT Driver oddness "Path not found"

[Stuart Watret]

but still has the error :)

mac fell over mid email !!

Stuart Watret (Director)
Offshore IT Ltd
stu...@offshore-it.co.uk<mailto:stu...@offshore-it.co.uk>

On 19 Aug 2016, at 16:37, Stuart Watret 
<stu...@offshore-it.co.uk<mailto:stu...@offshore-it.co.uk>> wrote:

Alas no, found this on an old forum post, got excited for a few minutes as the 
zbook had custom steps for the disks.

"I guess you can't use the remaining % option at all. Either that or I'm not

using it correctly, but it looks pretty straight forward to me.  I used your
task sequence steps and then added an additional partition that would use 100%
of the remaining space and it resulted in the "ZTIDRIVERS: Path not found (76)"
error again.”


So there is still a customisation (the ssd boot drive is ‘1’) its back to drive 
1 single partition


Stuart Watret (Director)
Offshore IT Ltd
stu...@offshore-it.co.uk<mailto:stu...@offshore-it.co.uk>

On 19 Aug 2016, at 15:01, Daniel Ratliff 
<dratl...@humana.com<mailto:dratl...@humana.com>> wrote:

McAfee?

Daniel Ratliff

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Stuart Watret
Sent: Friday, August 19, 2016 9:33 AM
To: <mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>> 
<mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>>
Subject: [mssms] MDT Driver oddness "Path not found"

Doing a book 17 g3 in MDT.

Was going ok, the usual usb driver issues and a missing ssd driver in the hp 
driver pack…….:) All the usual quality you’d expect.

Anyway, then just as the driver discovery kicks in, (we are using 
manufacturer/model variables) we get an error “Unhandled error returned by 
ZTIDrivers: Path not found (76)” it’s for Intel display driver.

I checked the path and the inf was in the right spot.

Tried:

  *   Removing that driver
  *   Removing all drivers
  *   Re-installing all drivers
  *   Re-installed all drivers except display drivers.
  *   New task sequence


At the moment I have no display drivers under that model, it’s now come to the 
first one the is there, accelerometer.inf and the same error has occurred.

Anyone seen this?




Stuart Watret


The information transmitted is intended only for the person or entity to which 
it is addressed
and may contain CONFIDENTIAL material. If you receive this material/information 
in error,
please contact the sender and delete or destroy the material/information.

[mssms] MDT Driver oddness "Path not found"

[Stuart Watret]

Doing a book 17 g3 in MDT.

Was going ok, the usual usb driver issues and a missing ssd driver in the hp 
driver pack…….:) All the usual quality you’d expect.

Anyway, then just as the driver discovery kicks in, (we are using 
manufacturer/model variables) we get an error “Unhandled error returned by 
ZTIDrivers: Path not found (76)” it’s for Intel display driver.

I checked the path and the inf was in the right spot.

Tried:

  *   Removing that driver
  *   Removing all drivers
  *   Re-installing all drivers
  *   Re-installed all drivers except display drivers.
  *   New task sequence

At the moment I have no display drivers under that model, it’s now come to the 
first one the is there, accelerometer.inf and the same error has occurred.

Anyone seen this?


[cid:EC0528F8-4AAF-43A0-9568-21284D83DF8D@fritz.box]

Stuart Watret

Re: [mssms] Microsoft set to change Windows patching in a disasterous way

[Stuart Watret]

Fair point

On 17 Aug 2016, at 12:52, Steve Whitcher 
<st...@whitcher.org<mailto:st...@whitcher.org>> wrote:

To be fair, the new model is still offering security updates separate from the 
update rollups, with non-cumulative security updates each month.  If you only 
want security patches, you can install the security updates each month.  If you 
absolutely have to skip a specific security update for some reason, you could 
skip a single month's security update and still install the next month's.  It 
brings back the partially patched issue displayed so well by the graphics 
earlier in this thread, but it is an option. It potentially leaves other 
vulnerabilities unpatched, which were addressed in the skipped bundle.  Still, 
it's not as bad as some here seem to think.

Steve

On Wed, Aug 17, 2016 at 6:15 AM, Stuart Watret 
<stu...@offshore-it.co.uk<mailto:stu...@offshore-it.co.uk>> wrote:
i think you are right, more unprotected systems will be the reality.

It’s a terrible idea given the appalling qa testing done on patches; it seems 
every month we have an issue.

On 16 Aug 2016, at 18:22, Erno, Cynthia M (ITS) 
<cynthia.e...@its.ny.gov<mailto:cynthia.e...@its.ny.gov>> wrote:

Oh I get it.  So, when we fail to apply a patch until we can manage our domains 
so it doesn’t screw up our group policies or print servers or etc…,
and we only truly find those facts out because of the people on this list that 
belong to businesses that need to maintain certain certifications for their
business so they actually are the testers that Microsoft obviously does not 
employ.. somehow Microsoft sets back and tries to judge us on that behavior
by putting together a little graphic?
Want a graphic for what the new reality will be?  Put together the graphic that 
shows how much more unprotected our systems will be when we have
to roll back the cumulative security patches for that month because, yet again, 
Microsoft pushed something out without thinking of the impact it
would have on business servers.
Out of touch and arrogant does not even begin to cover where Microsoft is with 
businesses that have to be up and running 24/7.

Cynthia Erno

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com]On Behalf Of Michael Niehaus
Sent: Tuesday, August 16, 2016 12:41 PM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: RE: [mssms] Microsoft set to change Windows patching in a disasterous 
way


ATTENTION: This email came from an external source. Do not open attachments or 
click on links from unknown senders or unexpected emails.


Each update (MSU/CAB) has to be installed in its entirety.

If you encounter any issues with an update, contact Microsoft Support right 
away.  They are serious about resolving issues as quickly as possible.

Certainly the reasoning for making this change is simple:



Thanks,
-Michael

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com]On Behalf Of Andreas Hammarskjöld
Sent: Tuesday, August 16, 2016 5:38 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: RE: [mssms] Microsoft set to change Windows patching in a disasterous 
way

I thought this was possible? Like WUSA /u /kb:blabla?

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com]On Behalf Of Mawdsley R.
Sent: den 16 augusti 2016 14:16
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: RE: [mssms] Microsoft set to change Windows patching in a disasterous 
way

Agree.  It can only be a good thing if it enables us to have a more consistent 
environment out there.

However, It would be excellent if they could implement some way we could 
install the Rollup, whilst excluding one of its subsidiaries, even temporarily.

Rich Mawdsley

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com]On Behalf Of John Aubrey
Sent: 16 August 2016 12:55
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: RE: [mssms] Microsoft set to change Windows patching in a disasterous 
way

I was little uneasy about Windows 10 CU/UR whatever they call it. It’s been 
going well so far.  I think this is a good thing.  From my perspective, it will 
save me a tone of time, and make our PC’s way more secure.  Bring it on.
From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com]On Behalf Of Marable, Mike
Sent: Tuesday, August 16, 2016 7:31 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: RE: [mssms] Microsoft set to change Windows patching in a disasterous 
way

I totally agree.  In fact yesterday we had to pull off a security update 
because it “broke” an app.  So i

Re: [mssms] Microsoft set to change Windows patching in a disasterous way

[Stuart Watret]

i think you are right, more unprotected systems will be the reality.

It’s a terrible idea given the appalling qa testing done on patches; it seems 
every month we have an issue.

On 16 Aug 2016, at 18:22, Erno, Cynthia M (ITS) 
> wrote:

Oh I get it.  So, when we fail to apply a patch until we can manage our domains 
so it doesn’t screw up our group policies or print servers or etc…,
and we only truly find those facts out because of the people on this list that 
belong to businesses that need to maintain certain certifications for their
business so they actually are the testers that Microsoft obviously does not 
employ.. somehow Microsoft sets back and tries to judge us on that behavior
by putting together a little graphic?
Want a graphic for what the new reality will be?  Put together the graphic that 
shows how much more unprotected our systems will be when we have
to roll back the cumulative security patches for that month because, yet again, 
Microsoft pushed something out without thinking of the impact it
would have on business servers.
Out of touch and arrogant does not even begin to cover where Microsoft is with 
businesses that have to be up and running 24/7.

Cynthia Erno

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com]On Behalf Of Michael Niehaus
Sent: Tuesday, August 16, 2016 12:41 PM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] Microsoft set to change Windows patching in a disasterous 
way


ATTENTION: This email came from an external source. Do not open attachments or 
click on links from unknown senders or unexpected emails.


Each update (MSU/CAB) has to be installed in its entirety.

If you encounter any issues with an update, contact Microsoft Support right 
away.  They are serious about resolving issues as quickly as possible.

Certainly the reasoning for making this change is simple:



Thanks,
-Michael

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com]On Behalf Of Andreas Hammarskjöld
Sent: Tuesday, August 16, 2016 5:38 AM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] Microsoft set to change Windows patching in a disasterous 
way

I thought this was possible? Like WUSA /u /kb:blabla?

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com]On Behalf Of Mawdsley R.
Sent: den 16 augusti 2016 14:16
To: mssms@lists.myitforum.com
Subject: RE: [mssms] Microsoft set to change Windows patching in a disasterous 
way

Agree.  It can only be a good thing if it enables us to have a more consistent 
environment out there.

However, It would be excellent if they could implement some way we could 
install the Rollup, whilst excluding one of its subsidiaries, even temporarily.

Rich Mawdsley

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com]On Behalf Of John Aubrey
Sent: 16 August 2016 12:55
To: mssms@lists.myitforum.com
Subject: RE: [mssms] Microsoft set to change Windows patching in a disasterous 
way

I was little uneasy about Windows 10 CU/UR whatever they call it. It’s been 
going well so far.  I think this is a good thing.  From my perspective, it will 
save me a tone of time, and make our PC’s way more secure.  Bring it on.
From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com]On Behalf Of Marable, Mike
Sent: Tuesday, August 16, 2016 7:31 AM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] Microsoft set to change Windows patching in a disasterous 
way

I totally agree.  In fact yesterday we had to pull off a security update 
because it “broke” an app.  So instead of the vendor fixing their app, we’re 
going to allow a potential security threat?

In my opinion I think this is a good thing.  Give me just a single patch each 
month so I don’t have to worry about 5 this month, 2 the month before, 7 the 
prior month…

Aaron Czechowski talked about this at MMS this last Spring.


Like Andreas said, “Just my 2 cents.”

Mike



From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com]On Behalf Of Andreas Hammarskjöld
Sent: Tuesday, August 16, 2016 2:54 AM
To: mssms@lists.myitforum.com
Subject: RE: [mssms] Microsoft set to change Windows patching in a disasterous 
way

This is very understandable and typicaly the way of “as-a-service” solutions 
work, regardless of vendor. Doing it any other way would be too costly & time 
consuming. I think we should be happy that MS is even considering non security 
fixes for these operating systems!

I think part of it is 

RE: [mssms] NAP & Windows 10

[Stuart Watret]

Thanks Steve.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Steve Whitcher
Sent: 11 August 2016 14:23
To: mssms@lists.myitforum.com
Subject: Re: [mssms] NAP & Windows 10

NAP was officially deprecated in Server 2012R2, and has been removed completely 
from Server 2016.  It looks like support for it has been removed in SCCM 
CB<https://technet.microsoft.com/en-us/library/mt628077.aspx> as well.  MS 
offers some suggestions under the Deprecated Functionality heading 
here<https://technet.microsoft.com/library/hh831683.aspx>, but of course those 
may or may not be sufficient for your needs.

Steve

On Thu, Aug 11, 2016 at 6:49 AM, Stuart Watret 
<stu...@offshore-it.co.uk<mailto:stu...@offshore-it.co.uk>> wrote:
So Windows 10 has no NAP client and it looks like NAP in general is on a slow 
walk out the door.

We use NAP to control access to our Corp Wifi, so we are looking for options.

I’m going to assume, NAP in SCCM still needs a NAP client?

If that is so, are any of you thinking of another method?

Thanks

Stuart

Re: [mssms] RE: Slowness on the list

[Stuart Watret]

happens to me also, I post and yesterday it took hours, this morning 30mins.

space time?

On 11 Aug 2016, at 15:35, Ed Aldrich 
> wrote:

…but only happens if you are posting from Sweden.

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Andreas Hammarskjöld
Sent: Wednesday, August 10, 2016 3:35 PM
To: mssms@lists.myitforum.com
Subject: [mssms] Slowness on the list

Rod,

Don’t think it’s the servers as we are on O365 and it’s a lag from 20mins to 
4-5 hours typically. Makes it impossible to reply in time, hence Phil’s and my 
duplicate answers.

//A

Regards,
Andreas Hammarskjöld

Co-Founder & Dev Guy
Skunkworks Division
2Pint Software

Mobile: +46 727 253995
andr...@2pintsoftware.com
https://twitter.com/AndHammarskjold








Legal Notice: This email is intended only for the person(s) to whom it is 
addressed. If you are not an intended recipient and have received this message 
in error, please notify the sender immediately by replying to this email or 
calling +44(0) 2083269015 (UK) or +1 866 592 4214 (USA). This email and any 
attachments may be privileged and/or confidential. The unauthorized use, 
disclosure, copying or printing of any information it contains is strictly 
prohibited. The opinions expressed in this email are those of the author and do 
not necessarily represent the views of 1E Ltd. Nothing in this email will 
operate to bind 1E to any order or other contract.

[mssms] NAP & Windows 10

[Stuart Watret]

So Windows 10 has no NAP client and it looks like NAP in general is on a slow 
walk out the door.

We use NAP to control access to our Corp Wifi, so we are looking for options.

I’m going to assume, NAP in SCCM still needs a NAP client?

If that is so, are any of you thinking of another method?

Thanks

Stuart

Re: [mssms] RE: MDT win10 1607 Cumulative Update - hanging like a fruit basket

[Stuart Watret]

J the package injection made no difference in my case, I’ll wait and see what 
Michael says.

Thanks.

> On 10 Aug 2016, at 21:18, Jason Sandys <ja...@sandys.us> wrote:
> 
> See 
> http://deploymentresearch.com/Research/Post/540/Building-a-Windows-10-v1607-reference-image-using-MDT-2013-Update-2.
> 
> You need to use DISM to inject 3176929 into the image before suing it in the 
> TS.
> 
> J
> 
> -Original Message-
> From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] 
> On Behalf Of Stuart Watret
> Sent: Wednesday, August 10, 2016 10:06 AM
> To: <mssms@lists.myitforum.com> <mssms@lists.myitforum.com>
> Subject: [mssms] MDT win10 1607 Cumulative Update - hanging like a fruit 
> basket
> 
> Hi,
> Am I alone in this?
> 
> New 1607 image, building in MDT, hangs on the Cumulative update for 1607.
> 
> Tried adding it as a page in MDT and using the Apply Patches step - but still 
> hanging on the wsus bit.
> 
> Stuart
> 
> 
> 
> 
> 
> 
> 

Re: [mssms] RE: MDT win10 1607 Cumulative Update - hanging like a fruit basket

[Stuart Watret]

coolio hoolio, my injection into mdt packages didn’t make a difference Michael; 
for now we just disabled the patching step.

cheers

> On 10 Aug 2016, at 21:20, Michael Niehaus <michael.nieh...@microsoft.com> 
> wrote:
> 
> Johan ran into that as well, 
> http://deploymentresearch.com/Research/Post/540/Building-a-Windows-10-v1607-reference-image-using-MDT-2013-Update-2.
>   His workaround was to import KB3176929 into MDT so that it's injected 
> offline.  We're investigating what's going on there.
> 
> Thanks,
> -Michael 
> 
> -Original Message-
> From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] 
> On Behalf Of Stuart Watret
> Sent: Wednesday, August 10, 2016 8:06 AM
> To: <mssms@lists.myitforum.com> <mssms@lists.myitforum.com>
> Subject: [mssms] MDT win10 1607 Cumulative Update - hanging like a fruit 
> basket
> 
> Hi,
> Am I alone in this?
> 
> New 1607 image, building in MDT, hangs on the Cumulative update for 1607.
> 
> Tried adding it as a page in MDT and using the Apply Patches step - but still 
> hanging on the wsus bit.
> 
> Stuart
> 
> 
> 
> 
> 
> 
> 

[mssms] MDT win10 1607 Cumulative Update - hanging like a fruit basket

[Stuart Watret]

Hi,
Am I alone in this?

New 1607 image, building in MDT, hangs on the Cumulative update for 1607.

Tried adding it as a page in MDT and using the Apply Patches step - but still 
hanging on the wsus bit.

Stuart

RE: [mssms] applications / packages

[Stuart Watret]

Sherry,
No it was the following morning 9:15 !

Anyway / right click collection force app whatever / wait 20 mins, force 
summarization, it looked a little better.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Sherry Kissinger
Sent: 22 July 2016 17:23
To: mssms@lists.myitforum.com
Subject: Re: [mssms] applications / packages

When was the last summarization for that?  (upper right, not in your 
screenshot).  Was it perhaps, oh... around 13:25?

Console stuff for deployments rely on summarization tasks.

On Fri, Jul 22, 2016 at 8:02 AM, J v D 
<hupe...@outlook.com<mailto:hupe...@outlook.com>> wrote:
Provide details on the deployment settings

> Op 22 jul. 2016 om 13:13 heeft Stuart Watret 
> <stu...@offshore-it.co.uk<mailto:stu...@offshore-it.co.uk>> het volgende 
> geschreven:
>
> Maybe I’m expecting too much.
> We are transitioning from Packages to Applications, I’ve just pushed our 
> standard flash update out as an Application.
>
> Previously our Packages, didn’t use DP’s; it was quick and successful.
>
> I could normally crash through Flash/Air/Shockwave in an hour to between 4k 
> and 5k with very few errors.
>
> Yesterday I tried Flash as the Application - disappointing reporting.
>
> I attach the screen shot from this morning, I’m not buying that everyone left 
> early just after lunch.
>
> Is this the new norm? We don’t even have maintenance windows :)
>
> 
>



--
Thank you,

Sherry Kissinger

My Parameters:  Standardize. Simplify. Automate
Blogs: http://www.mofmaster.com, http://mnscug.org/blogs/sherry-kissinger, 
http://www.smguru.org

[mssms] applications / packages

[Stuart Watret]

Maybe I’m expecting too much.
We are transitioning from Packages to Applications, I’ve just pushed our 
standard flash update out as an Application.

Previously our Packages, didn’t use DP’s; it was quick and successful.

I could normally crash through Flash/Air/Shockwave in an hour to between 4k and 
5k with very few errors.

Yesterday I tried Flash as the Application - disappointing reporting.

I attach the screen shot from this morning, I’m not buying that everyone left 
early just after lunch.

Is this the new norm? We don’t even have maintenance windows :)

[unknown.png]

RE: [mssms] Apps to user groups

[Stuart Watret]

Thanks Adam, I’ll try that also.

Created a fresh app, did the deployment to the dp, prior to the deployment of 
the app (prior to this I’d done the DP’s from the deployment wizard) and only 
chose one dp – app showed up as soon as policy was refreshed.

I’ll try some more permutations.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Adam Juelich
Sent: 12 July 2016 17:36
To: mssms@lists.myitforum.com
Subject: Re: [mssms] Apps to user groups

Are you using the option 'pre-deploy to users primary device?'  I found that if 
you don't select that, the Deployment will only show up when the client checks 
policy while that user is logged into the machine.  In order to get UDA 
deployments to process quicker I had to select that option.  I'm not sure if 
that is the reason for that option or not but it is what worked for me.

On Tue, Jul 12, 2016 at 11:17 AM, Stuart Watret 
<stu...@offshore-it.co.uk<mailto:stu...@offshore-it.co.uk>> wrote:
Did a new app last night, new deployment to user collection with one account as 
a direct member.

Sure enough nothing.

Came in his morning it was there.

Just removed the deployment, refreshed policy and it disappeared.

Immediately re-created a new deployment to the same user collection, refreshed 
policy and it appeared instantly.

That to me suggests the delay is in the app creation/dp check somewhere.

I’m going to do another deployment to a new user collection for the same app 
and see what happens.


On 12 Jul 2016, at 13:04, Marcum, John 
<jmar...@bradley.com<mailto:jmar...@bradley.com>> wrote:

Send me the client logs offline.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Stuart Watret
Sent: Monday, July 11, 2016 9:22 AM

To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: Re: [mssms] RE: Apps to user groups


Hi John,
I’ve simplified it today, targeting a user collection with direct members.

Forced App Discovery on the client, no mention of the app in the log.

App is deployed to one dp and has been for days.

On 11 Jul 2016, at 15:07, Marcum, John 
<jmar...@bradley.com<mailto:jmar...@bradley.com>> wrote:

Are you adding the user accounts to the AD group or directly to the collection? 
I do AD group and use the query below for my collections. Everything installs 
the next time policy refreshes which for me is 30 min. I have incremental 
updates enabled for all the collections too.




select 
SMS_R_USER.ResourceID,SMS_R_USER.ResourceType,SMS_R_USER.Name,SMS_R_USER.UniqueUserName,SMS_R_USER.WindowsNTDomain
 from SMS_R_User where SMS_R_User.UserGroupName = "bradleyarant\\7-Zip"

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Stuart Watret
Sent: Monday, July 11, 2016 8:58 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: Re: [mssms] RE: Apps to user groups

Ok, new day.
Arrived to find everything had arrived over the weekend.

No server or client restarts, no evidence of a digital enema anywhere.

Removed all the deployments, and watched them all go from the new client centre.

Had a nice lunch to celebrate.

Just deployed a new app again and 15mins later, nothing.

I’ll leave it overnight - but why the delay deploying to users/groups when 
deploying to system is almost instant?

Stuart

On 8 Jul 2016, at 21:42, Stuart Watret 
<stu...@offshore-it.co.uk<mailto:stu...@offshore-it.co.uk>> wrote:

Thanks Adam,
Our users are fairly static and less than 15% of our apps these days are 
locally installed via CM, the rest are Appv so it’s not a worry here.

Yes checked and double checked; tried it all sorts of combinations.
Deleted everything, reset, different app, new user collections.

Very odd, seems fundamental to me.

Parked it till Monday and I can look with a fresh head !

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Juelich, Adam
Sent: 08 July 2016 19:09
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: Re: [mssms] RE: Apps to user groups

If you deploy to Users without UDA specified and set as a requirement, aren't 
you opening yourself up to that Application potentially installing on any 
machine they are logged into that does a policy pull?

Also, be sure you aren't adding the AD Group to a User Collection via a Direct 
Rule.  You will need to do a query for users that are members of that AD group 
to get it to pull in the correct users.

---
Adam Juelich
Pulaski Community School District<http://www.pulaskischools.org/>
Client Management Specialist
920-822-6075

On Fri, Jul 8, 2016 at 9:27 AM, Stuart Watret 
<stu...@offshore-it.co.uk<mailto:stu...@of

Re: [mssms] Apps to user groups

[Stuart Watret]

Did a new app last night, new deployment to user collection with one account as 
a direct member.

Sure enough nothing.

Came in his morning it was there.

Just removed the deployment, refreshed policy and it disappeared.

Immediately re-created a new deployment to the same user collection, refreshed 
policy and it appeared instantly.

That to me suggests the delay is in the app creation/dp check somewhere.

I’m going to do another deployment to a new user collection for the same app 
and see what happens.


On 12 Jul 2016, at 13:04, Marcum, John 
<jmar...@bradley.com<mailto:jmar...@bradley.com>> wrote:

Send me the client logs offline.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Stuart Watret
Sent: Monday, July 11, 2016 9:22 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: Re: [mssms] RE: Apps to user groups


Hi John,
I’ve simplified it today, targeting a user collection with direct members.

Forced App Discovery on the client, no mention of the app in the log.

App is deployed to one dp and has been for days.

On 11 Jul 2016, at 15:07, Marcum, John 
<jmar...@bradley.com<mailto:jmar...@bradley.com>> wrote:

Are you adding the user accounts to the AD group or directly to the collection? 
I do AD group and use the query below for my collections. Everything installs 
the next time policy refreshes which for me is 30 min. I have incremental 
updates enabled for all the collections too.




select 
SMS_R_USER.ResourceID,SMS_R_USER.ResourceType,SMS_R_USER.Name,SMS_R_USER.UniqueUserName,SMS_R_USER.WindowsNTDomain
 from SMS_R_User where SMS_R_User.UserGroupName = "bradleyarant\\7-Zip"

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Stuart Watret
Sent: Monday, July 11, 2016 8:58 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: Re: [mssms] RE: Apps to user groups

Ok, new day.
Arrived to find everything had arrived over the weekend.

No server or client restarts, no evidence of a digital enema anywhere.

Removed all the deployments, and watched them all go from the new client centre.

Had a nice lunch to celebrate.

Just deployed a new app again and 15mins later, nothing.

I’ll leave it overnight - but why the delay deploying to users/groups when 
deploying to system is almost instant?

Stuart

On 8 Jul 2016, at 21:42, Stuart Watret 
<stu...@offshore-it.co.uk<mailto:stu...@offshore-it.co.uk>> wrote:

Thanks Adam,
Our users are fairly static and less than 15% of our apps these days are 
locally installed via CM, the rest are Appv so it’s not a worry here.

Yes checked and double checked; tried it all sorts of combinations.
Deleted everything, reset, different app, new user collections.

Very odd, seems fundamental to me.

Parked it till Monday and I can look with a fresh head !

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Juelich, Adam
Sent: 08 July 2016 19:09
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: Re: [mssms] RE: Apps to user groups

If you deploy to Users without UDA specified and set as a requirement, aren't 
you opening yourself up to that Application potentially installing on any 
machine they are logged into that does a policy pull?

Also, be sure you aren't adding the AD Group to a User Collection via a Direct 
Rule.  You will need to do a query for users that are members of that AD group 
to get it to pull in the correct users.

---
Adam Juelich
Pulaski Community School District<http://www.pulaskischools.org/>
Client Management Specialist
920-822-6075

On Fri, Jul 8, 2016 at 9:27 AM, Stuart Watret 
<stu...@offshore-it.co.uk<mailto:stu...@offshore-it.co.uk>> wrote:
yep trying that now.

> On 8 Jul 2016, at 14:49, Jason Sandys 
> <ja...@sandys.us<mailto:ja...@sandys.us>> wrote:
>
> Also, user targeted apps always show up in App Catalog -- if you are using 
> the new software center, they will also show up there as well.
>
> What happens if you target a user directly and not a user group?
>
> J
>
> -Original Message-
> From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
> [mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>]
>  On Behalf Of Marcum, John
> Sent: Friday, July 8, 2016 7:44 AM
> To: <mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>> 
> <mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>>
> Subject: [mssms] RE: Apps to user groups
>
> What are your requirement rules? Have you configured UDA?
>
>
>
>
> -Original Me

Re: [mssms] RE: Apps to user groups

[Stuart Watret]

Hi John,
I’ve simplified it today, targeting a user collection with direct members.

Forced App Discovery on the client, no mention of the app in the log.

App is deployed to one dp and has been for days.

On 11 Jul 2016, at 15:07, Marcum, John 
<jmar...@bradley.com<mailto:jmar...@bradley.com>> wrote:

Are you adding the user accounts to the AD group or directly to the collection? 
I do AD group and use the query below for my collections. Everything installs 
the next time policy refreshes which for me is 30 min. I have incremental 
updates enabled for all the collections too.




select 
SMS_R_USER.ResourceID,SMS_R_USER.ResourceType,SMS_R_USER.Name,SMS_R_USER.UniqueUserName,SMS_R_USER.WindowsNTDomain
 from SMS_R_User where SMS_R_User.UserGroupName = "bradleyarant\\7-Zip"

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Stuart Watret
Sent: Monday, July 11, 2016 8:58 AM
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: Re: [mssms] RE: Apps to user groups

Ok, new day.
Arrived to find everything had arrived over the weekend.

No server or client restarts, no evidence of a digital enema anywhere.

Removed all the deployments, and watched them all go from the new client centre.

Had a nice lunch to celebrate.

Just deployed a new app again and 15mins later, nothing.

I’ll leave it overnight - but why the delay deploying to users/groups when 
deploying to system is almost instant?

Stuart

On 8 Jul 2016, at 21:42, Stuart Watret 
<stu...@offshore-it.co.uk<mailto:stu...@offshore-it.co.uk>> wrote:

Thanks Adam,
Our users are fairly static and less than 15% of our apps these days are 
locally installed via CM, the rest are Appv so it’s not a worry here.

Yes checked and double checked; tried it all sorts of combinations.
Deleted everything, reset, different app, new user collections.

Very odd, seems fundamental to me.

Parked it till Monday and I can look with a fresh head !

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Juelich, Adam
Sent: 08 July 2016 19:09
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: Re: [mssms] RE: Apps to user groups

If you deploy to Users without UDA specified and set as a requirement, aren't 
you opening yourself up to that Application potentially installing on any 
machine they are logged into that does a policy pull?

Also, be sure you aren't adding the AD Group to a User Collection via a Direct 
Rule.  You will need to do a query for users that are members of that AD group 
to get it to pull in the correct users.

---
Adam Juelich
Pulaski Community School District<http://www.pulaskischools.org/>
Client Management Specialist
920-822-6075

On Fri, Jul 8, 2016 at 9:27 AM, Stuart Watret 
<stu...@offshore-it.co.uk<mailto:stu...@offshore-it.co.uk>> wrote:
yep trying that now.

> On 8 Jul 2016, at 14:49, Jason Sandys 
> <ja...@sandys.us<mailto:ja...@sandys.us>> wrote:
>
> Also, user targeted apps always show up in App Catalog -- if you are using 
> the new software center, they will also show up there as well.
>
> What happens if you target a user directly and not a user group?
>
> J
>
> -Original Message-
> From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
> [mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>]
>  On Behalf Of Marcum, John
> Sent: Friday, July 8, 2016 7:44 AM
> To: <mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>> 
> <mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>>
> Subject: [mssms] RE: Apps to user groups
>
> What are your requirement rules? Have you configured UDA?
>
>
>
>
> -Original Message-
> From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
> [mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>]
>  On Behalf Of Stuart Watret
> Sent: Friday, July 8, 2016 6:45 AM
> To: <mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>> 
> <mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>>
> Subject: [mssms] Apps to user groups
>
> I appreciate this is 101 for most of you, and I assumed the same !
>
> On 1602, and just moving from Packages to Applications (no laughing).
>
> Been through about 10 of our core pieces of software now running as 
> “Applications" - all of them advertised to computer collections - all good.
>
> Done another two this morning advertised to collections based on AD groups - 
> nothing new here, been doing it for years with packages, but today - n

Re: [mssms] RE: Apps to user groups

[Stuart Watret]

Ok, new day.
Arrived to find everything had arrived over the weekend.

No server or client restarts, no evidence of a digital enema anywhere.

Removed all the deployments, and watched them all go from the new client centre.

Had a nice lunch to celebrate.

Just deployed a new app again and 15mins later, nothing.

I’ll leave it overnight - but why the delay deploying to users/groups when 
deploying to system is almost instant?

Stuart

On 8 Jul 2016, at 21:42, Stuart Watret 
<stu...@offshore-it.co.uk<mailto:stu...@offshore-it.co.uk>> wrote:

Thanks Adam,
Our users are fairly static and less than 15% of our apps these days are 
locally installed via CM, the rest are Appv so it’s not a worry here.

Yes checked and double checked; tried it all sorts of combinations.
Deleted everything, reset, different app, new user collections.

Very odd, seems fundamental to me.

Parked it till Monday and I can look with a fresh head !

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Juelich, Adam
Sent: 08 July 2016 19:09
To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>
Subject: Re: [mssms] RE: Apps to user groups

If you deploy to Users without UDA specified and set as a requirement, aren't 
you opening yourself up to that Application potentially installing on any 
machine they are logged into that does a policy pull?

Also, be sure you aren't adding the AD Group to a User Collection via a Direct 
Rule.  You will need to do a query for users that are members of that AD group 
to get it to pull in the correct users.


---

Adam Juelich

Pulaski Community School District<http://www.pulaskischools.org/>

Client Management Specialist

920-822-6075


On Fri, Jul 8, 2016 at 9:27 AM, Stuart Watret 
<stu...@offshore-it.co.uk<mailto:stu...@offshore-it.co.uk>> wrote:
yep trying that now.

> On 8 Jul 2016, at 14:49, Jason Sandys 
> <ja...@sandys.us<mailto:ja...@sandys.us>> wrote:
>
> Also, user targeted apps always show up in App Catalog -- if you are using 
> the new software center, they will also show up there as well.
>
> What happens if you target a user directly and not a user group?
>
> J
>
> -Original Message-
> From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
> [mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>]
>  On Behalf Of Marcum, John
> Sent: Friday, July 8, 2016 7:44 AM
> To: <mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>> 
> <mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>>
> Subject: [mssms] RE: Apps to user groups
>
> What are your requirement rules? Have you configured UDA?
>
>
>
>
> -Original Message-
> From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
> [mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>]
>  On Behalf Of Stuart Watret
> Sent: Friday, July 8, 2016 6:45 AM
> To: <mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>> 
> <mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>>
> Subject: [mssms] Apps to user groups
>
> I appreciate this is 101 for most of you, and I assumed the same !
>
> On 1602, and just moving from Packages to Applications (no laughing).
>
> Been through about 10 of our core pieces of software now running as 
> “Applications" - all of them advertised to computer collections - all good.
>
> Done another two this morning advertised to collections based on AD groups - 
> nothing new here, been doing it for years with packages, but today - nothing.
>
> None of the apps advertised to user groups as available are showing up in 
> either App Cat or the new Software Centre.
>
> Have I missed a fundamental here?
>
> Ta
>
> Stuart
>
> 
>
> Confidentiality Notice: This e-mail is from a law firm and may be protected 
> by the attorney-client or work product privileges. If you have received this 
> message in error, please notify the sender by replying to this e-mail and 
> then delete it from your computer.
>
>




The Pulaski Community School District does not discriminate on the basis of any 
characteristic protected under State or Federal law.

RE: [mssms] RE: Apps to user groups

[Stuart Watret]

Thanks Adam,
Our users are fairly static and less than 15% of our apps these days are 
locally installed via CM, the rest are Appv so it’s not a worry here.

Yes checked and double checked; tried it all sorts of combinations.
Deleted everything, reset, different app, new user collections.

Very odd, seems fundamental to me.

Parked it till Monday and I can look with a fresh head !

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Juelich, Adam
Sent: 08 July 2016 19:09
To: mssms@lists.myitforum.com
Subject: Re: [mssms] RE: Apps to user groups

If you deploy to Users without UDA specified and set as a requirement, aren't 
you opening yourself up to that Application potentially installing on any 
machine they are logged into that does a policy pull?

Also, be sure you aren't adding the AD Group to a User Collection via a Direct 
Rule.  You will need to do a query for users that are members of that AD group 
to get it to pull in the correct users.


---

Adam Juelich

Pulaski Community School District<http://www.pulaskischools.org>

Client Management Specialist

920-822-6075

On Fri, Jul 8, 2016 at 9:27 AM, Stuart Watret 
<stu...@offshore-it.co.uk<mailto:stu...@offshore-it.co.uk>> wrote:
yep trying that now.

> On 8 Jul 2016, at 14:49, Jason Sandys 
> <ja...@sandys.us<mailto:ja...@sandys.us>> wrote:
>
> Also, user targeted apps always show up in App Catalog -- if you are using 
> the new software center, they will also show up there as well.
>
> What happens if you target a user directly and not a user group?
>
> J
>
> -Original Message-
> From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
> [mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>]
>  On Behalf Of Marcum, John
> Sent: Friday, July 8, 2016 7:44 AM
> To: <mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>> 
> <mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>>
> Subject: [mssms] RE: Apps to user groups
>
> What are your requirement rules? Have you configured UDA?
>
>
>
>
> -Original Message-
> From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
> [mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>]
>  On Behalf Of Stuart Watret
> Sent: Friday, July 8, 2016 6:45 AM
> To: <mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>> 
> <mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com>>
> Subject: [mssms] Apps to user groups
>
> I appreciate this is 101 for most of you, and I assumed the same !
>
> On 1602, and just moving from Packages to Applications (no laughing).
>
> Been through about 10 of our core pieces of software now running as 
> “Applications" - all of them advertised to computer collections - all good.
>
> Done another two this morning advertised to collections based on AD groups - 
> nothing new here, been doing it for years with packages, but today - nothing.
>
> None of the apps advertised to user groups as available are showing up in 
> either App Cat or the new Software Centre.
>
> Have I missed a fundamental here?
>
> Ta
>
> Stuart
>
> 
>
> Confidentiality Notice: This e-mail is from a law firm and may be protected 
> by the attorney-client or work product privileges. If you have received this 
> message in error, please notify the sender by replying to this e-mail and 
> then delete it from your computer.
>
>




The Pulaski Community School District does not discriminate on the basis of any 
characteristic protected under State or Federal law.

Re: [mssms] Apps to user groups

[Stuart Watret]

* New Software Centre with merged apps for user and system
* Nicer look with Icons
* Better/Easier detection rules
* I could go on…….


Tried just with a user, no joy.


> On 8 Jul 2016, at 16:04, Marcum, John <jmar...@bradley.com> wrote:
> 
> Why would you do user based apps with no requirement rules? May as well be 
> doing packages then.
> 
> 
> 
> 
> 
> 
> -Original Message-
> From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] 
> On Behalf Of Stuart Watret
> Sent: Friday, July 8, 2016 8:50 AM
> To: mssms@lists.myitforum.com
> Subject: Re: [mssms] Apps to user groups
> 
> no requirement rules, UDA, don’t have it configured.
> 
>> On 8 Jul 2016, at 13:44, Marcum, John <jmar...@bradley.com> wrote:
>> 
>> What are your requirement rules? Have you configured UDA?
>> 
>> 
>> 
>> 
>> -Original Message-
>> From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] 
>> On Behalf Of Stuart Watret
>> Sent: Friday, July 8, 2016 6:45 AM
>> To: <mssms@lists.myitforum.com> <mssms@lists.myitforum.com>
>> Subject: [mssms] Apps to user groups
>> 
>> I appreciate this is 101 for most of you, and I assumed the same !
>> 
>> On 1602, and just moving from Packages to Applications (no laughing).
>> 
>> Been through about 10 of our core pieces of software now running as 
>> “Applications" - all of them advertised to computer collections - all good.
>> 
>> Done another two this morning advertised to collections based on AD groups - 
>> nothing new here, been doing it for years with packages, but today - nothing.
>> 
>> None of the apps advertised to user groups as available are showing up in 
>> either App Cat or the new Software Centre.
>> 
>> Have I missed a fundamental here?
>> 
>> Ta
>> 
>> Stuart
>> 
>> 
>> 
>> Confidentiality Notice: This e-mail is from a law firm and may be protected 
>> by the attorney-client or work product privileges. If you have received this 
>> message in error, please notify the sender by replying to this e-mail and 
>> then delete it from your computer.
>> 
> 
> 
> 

Re: [mssms] RE: Apps to user groups

[Stuart Watret]

yep trying that now.

> On 8 Jul 2016, at 14:49, Jason Sandys <ja...@sandys.us> wrote:
> 
> Also, user targeted apps always show up in App Catalog -- if you are using 
> the new software center, they will also show up there as well.
> 
> What happens if you target a user directly and not a user group?
> 
> J
> 
> -Original Message-
> From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] 
> On Behalf Of Marcum, John
> Sent: Friday, July 8, 2016 7:44 AM
> To: <mssms@lists.myitforum.com> <mssms@lists.myitforum.com>
> Subject: [mssms] RE: Apps to user groups
> 
> What are your requirement rules? Have you configured UDA?
> 
> 
> 
> 
> -Original Message-
> From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] 
> On Behalf Of Stuart Watret
> Sent: Friday, July 8, 2016 6:45 AM
> To: <mssms@lists.myitforum.com> <mssms@lists.myitforum.com>
> Subject: [mssms] Apps to user groups
> 
> I appreciate this is 101 for most of you, and I assumed the same !
> 
> On 1602, and just moving from Packages to Applications (no laughing).
> 
> Been through about 10 of our core pieces of software now running as 
> “Applications" - all of them advertised to computer collections - all good.
> 
> Done another two this morning advertised to collections based on AD groups - 
> nothing new here, been doing it for years with packages, but today - nothing.
> 
> None of the apps advertised to user groups as available are showing up in 
> either App Cat or the new Software Centre.
> 
> Have I missed a fundamental here?
> 
> Ta
> 
> Stuart
> 
> 
> 
> Confidentiality Notice: This e-mail is from a law firm and may be protected 
> by the attorney-client or work product privileges. If you have received this 
> message in error, please notify the sender by replying to this e-mail and 
> then delete it from your computer.
> 
> 

Re: [mssms] Apps to user groups

[Stuart Watret]

no requirement rules, UDA, don’t have it configured.

> On 8 Jul 2016, at 13:44, Marcum, John <jmar...@bradley.com> wrote:
> 
> What are your requirement rules? Have you configured UDA?
> 
> 
> 
> 
> -Original Message-
> From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] 
> On Behalf Of Stuart Watret
> Sent: Friday, July 8, 2016 6:45 AM
> To: <mssms@lists.myitforum.com> <mssms@lists.myitforum.com>
> Subject: [mssms] Apps to user groups
> 
> I appreciate this is 101 for most of you, and I assumed the same !
> 
> On 1602, and just moving from Packages to Applications (no laughing).
> 
> Been through about 10 of our core pieces of software now running as 
> “Applications" - all of them advertised to computer collections - all good.
> 
> Done another two this morning advertised to collections based on AD groups - 
> nothing new here, been doing it for years with packages, but today - nothing.
> 
> None of the apps advertised to user groups as available are showing up in 
> either App Cat or the new Software Centre.
> 
> Have I missed a fundamental here?
> 
> Ta
> 
> Stuart
> 
> 
> 
> Confidentiality Notice: This e-mail is from a law firm and may be protected 
> by the attorney-client or work product privileges. If you have received this 
> message in error, please notify the sender by replying to this e-mail and 
> then delete it from your computer.
> 

[mssms] Apps to user groups

[Stuart Watret]

I appreciate this is 101 for most of you, and I assumed the same !

On 1602, and just moving from Packages to Applications (no laughing).

Been through about 10 of our core pieces of software now running as 
“Applications" - all of them advertised to computer collections - all good.

Done another two this morning advertised to collections based on AD groups - 
nothing new here, been doing it for years with packages, but today - nothing.

None of the apps advertised to user groups as available are showing up in 
either App Cat or the new Software Centre.

Have I missed a fundamental here?

Ta

Stuart

Re: [mssms] Guidance on provisioning drivers in Windows 10 upgrade task sequence?

[Stuart Watret]

maybe this
http://deploymentresearch.com/Research/Post/533/Improving-the-ConfigMgr-Inplace-Upgrade-Task-Sequence



On 14 Jun 2016, at 03:02, RJ Subscriber 
> wrote:

Hi, I believe there was some guidance posted recently about provisioning 
drivers in the upgrade step for Win10 upgrading using SCCM but I can't find the 
link.  Can the author please post that assistance again?  It was very helpful 
in advising how to use the compatibility scan and the related TS variable 
SMSTSOSUpgradeActionReturnCode, etc.

Thank you!
Russell

[mssms] met in multi disk systems

[Stuart Watret]

Morning,
Most of the machines I deal with have a single disk.

A new HP z240 appeared for a test build and after leaving it building on Friday 
I’ve come back to the original OS in place.
After checking it was actually a new day, diskpart reveals the disk I want is 
listed as disk 2.


I’ve modified my TS to target disk 2 just to prove the point, but how are you 
all managing targeting the correct disk in multitask machines.

Can I add some logic around the format step to id this model, or just a new TS 
for multitask machines?

Or quite possibly I’m over thinking it.

Thanks

SW

[mssms] driver package mayhem

[Stuart Watret]

?TS was failing, tracked down to 7 driver packages with 0 bytes in size.


Seen this before, thought you just updated dp's and off you go, no dice.


So I have deleted all the driver packages, and the package folders (they were 
blank too)


Re-creating a new driver pack for the hp 6005, wizard, says yes, package folder 
is empty.


DriverCat log says, this driver has already been imported for each inf it finds.


Stuck - what now, I'd delete the drivers (under drivers) but some are shared 
with other models that work.


Is there a route forward, or ditch them all and start again...


Stuart Watret

Offshore - IT Ltd