Leaderboard

Introduction This multi-part guide will show you how to install the latest baseline version of Configuration Manager from Microsoft. The latest available baseline version is System Center Configuration Manager (Current Branch) version 1902 as of April the 10th 2019. I blogged how to upgrade to 1902 here. This guide is aimed a new installations of SCCM. Baseline media is used to install new ConfigMgr sites or to upgrade from supported versions, for more information about baseline media please see my blog post here. Note: The SCCM 1902 Current Branch media is not yet available on MSDN or VLSC. When the new baseline media is released I'll update this note. This series is broken down into the following parts:- Part 1 - Get the lab ready, configure ADDS Part 2 - Join CM01 to Domain, add users, create the Systems Management container, delegate permission Part 3 - Role and Feature installation, installation of WDS and ADK Part 4 - Configure and install SQL Server 2017 (This part) Part 5 - Configure and install SCCM 1902 Current Branch Part 6 - Post configuration You can use this multi-part guide to get a hierarchy up and running on Windows Server 2019 using SQL Server 2017. The concept behind this is to guide you through all the steps necessary to get a working Configuration Manager Primary site installed (for lab use) using manual methods or automated using PowerShell. This gives you the power to automate the bits that you want to automate, while allowing you to manually do other tasks when needed. You decide which path to take. PowerShell knowledge is desired and dare I say required if you are in any way serious about Configuration Manager. I will show you how to do most steps via two methods shown below, it's up to you to choose which method suits you best but I highly recommend automating everything that you can, using PowerShell. Method #1 - Do it manually Method #2 - Automate it with PowerShell Downloads The scripts used in this part of the guide are available for download here. Unzip to C:\Scripts. The scripts are placed in the corresponding folder (Part 1, Part 2 etc) and sorted into which server you should run the script on (DC01 or CM01). Scripts.zip Step 1. Install SQL Server 2017 Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator, I'd suggest you logon as the username matching your name. Method #1 - Do it manually In this section you will install SQL Server 2017 CU14 which is the latest supported version of SQL Server that is compatible with SCCM 1902 Current Branch as of 2019/4/16. For details about which versions of SQL Server are supported with different site systems in ConfigMgr, please see this page. Before starting, please configure the firewall as described in https://go.microsoft.com/fwlink/?linkid=94001 to allow access to SQL Server through the firewall. You can do this by executing the following command as local administrator on the CM01 (ConfigMgr) server. netsh advfirewall firewall add rule name = SQLPort dir = in protocol = tcp action = allow localport = 1433 remoteip = localsubnet profile = DOMAIN After configuring the firewall, browse to the drive where the SQL Server 2017 media is, and run setup.exe. The SQL Server Installation Center wizard will appear. Click on Installation and then choose New SQL Server standalone installation or add features to an existing installation. Enter the Product Key or use the evaluation version if that's what you want to use. Note: The product key will be automatically filled in for licensed media downloaded from Microsoft Volume Licensing Service Center. Accept the EULA Make your Microsoft Update choices and review your Install rules, as long as you've opened the correct port for SQL you'll be ok and can safely ignore the Warning about the Firewall. select the SQL server instance features you need (at least Database Engine Services) and if necessary change the drive letter where you intend to install it And configure the Instance Configuration or just leave it as default Verify the Service Accounts settings and for Collation (click on the Collation tab in Server Configuration), make sure the collation is set to SQL_Latin1_General_CP1_CI_AS For Database Engine Configuration, click on Add Current User After configuring Data Directories, TempDB and Filestream settings you are ready to install Click on Install to start the installation of SQL Server 2017, and once it's completed, click Close. Next download and install the following: SQL Server 2017 Cumulative Update 14. SQL Server 2017 SSMS here. SQL Server 2017 Reporting Services. Method #2 - Automate it with PowerShell Note: Make sure your SQL Server 2017 media is in the drive specified in the script or edit the script to point to the new location of the media. The script set's the installation path pointing at D:\MSSQL if you want to install SQL somewhere else please change the variables as appropriate. To install SQL Server 2017 use the Install SQL Server 2017.ps1 script. The script will create a ConfigurationFile.ini used to automate the installation of SQL Server 2017, and after it's installed the script will download the SSMS executable (Management Studio) and install it. Then it will download Reporting Services and install it. If either of the EXE's are in the download folder, it will skip the download and just install. SQL Server no longer comes with the Management Studio or Reporting Services built in, and they are offered as separate downloads, don't worry though, my PowerShell script takes care of that for you. 1. Extract the scripts to C:\Scripts on CM01 and load the Install SQL Server 2017.ps1 script located in C:\Scripts\Part 4\CM01 2. Edit the variables [lines 17-81] as desired before running. 3. Logon as the user specified in line 20. 4. Start Windows PowerShell ISE as Administrator and run the script by clicking on the green triangle. Done ! That's it for this part, please join me in Part 5 where we Configure and Install System Center Configuration Manager 1902.

it's up now !

I resolved the issue by doing the following: 1.Under the Application properties select: Allow this application to be installed from the Install Application task sequence action instead of deploying it manually.2.Go to the User Experience tab and verify that the application will Install for system, whether or not a user is logged on.

first things first do you have any details of what files were over written/infected ? and do you have valid virus free backups of the database and all other software

Windows Server Update Services (WSUS) is needed for software updates synchronization and for the software updates applicability scan on clients. The WSUS server must be installed before you create the software update point role. The following versions of WSUS are supported for a software update point: source > https://docs.microsoft.com/en-us/sccm/sum/plan-design/prerequisites-for-software-updates

Awesome guide thanks, can't wait for the next part.

Introduction This multi-part guide will show you how to install the latest baseline version of Configuration Manager from Microsoft. The latest available baseline version is System Center Configuration Manager (Current Branch) version 1902 as of April the 10th 2019. I blogged how to upgrade to 1902 here. This guide is aimed a new installations of SCCM. Baseline media is used to install new ConfigMgr sites or to upgrade from supported versions, for more information about baseline media please see my blog post here. This series is broken down into the following parts:- Part 1 - Get the lab ready, configure ADDS Part 2 - Join CM01 to Domain, add users, create the Systems Management container, delegate permission Part 3 - Role and Feature installation, installation of WDS and ADK Part 4 - Configure and install SQL Server 2017 Part 5 - Configure and install SCCM 1902 Current Branch Part 6 - Create device collections (This part) Part 7 - Configuring discovery Part 8 - Configuring boundaries You can use this multi-part guide to get a hierarchy up and running on Windows Server 2019 using SQL Server 2017. The concept behind this is to guide you through all the steps necessary to get a working Configuration Manager Primary site installed (for lab use) using manual methods or automated using PowerShell. This gives you the power to automate the bits that you want to automate, while allowing you to manually do other tasks when needed. You decide which path to take. PowerShell knowledge is desired and dare I say required if you are in any way serious about Configuration Manager. I will show you how to do most steps via two methods shown below, it's up to you to choose which method suits you best but I highly recommend automating everything that you can, using PowerShell. Method #1 - Do it manually Method #2 - Automate it with PowerShell Downloads The scripts used in this part of the guide are available for download here. Unzip to C:\Scripts. The scripts are placed in the corresponding folder (Part 1, Part 2 etc) and sorted into which server you should run the script on (DC01 or CM01). Scripts.zip Step 1. Create device collections Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator In this part you'll create some device collections to prepare your lab for Servicing Windows 10, whether using WAAS (Windows As A Service) or using the Inplace Upgrade (IPU) Task Sequences built into ConfigMgr. The collections created include some based on the recently released Windows 10 version 1903. Method #1 – Do it manually You can create collections using the ConfigMgr console and clicking your way through the wizard, you'll need to add membership queries to populate the collections, and include Include or Exclude rules as appropriate. To create collections manually open the Assets and Compliance node and select Device Collections. Right click on Device Collections and choose Create Device Collection. In the wizard that appears give the collection a name, eg: All Windows 10 and limit it to another existing collection by clicking on Browse and selecting an existing collection to limit to for example All Systems. A limiting collection decides what collection members of this collection must be in first in order to appear within this collection. Next you decide how you want the collection to populate with members, the most common method of populating a collection is to use a query, so click on the Add Rule drop down box and selct Query Rule. Doing so brings up the Query Rule properties screen, give the query a suitable name such as All Windows 10. Next click on Edit Query Statement and then select Show Query Language Note: In a production environment be very careful about editing query statements on 'live' collections that have Task Sequences, Packages or Applications deployed to them, otherwise you can have unintended results by making a mistake with the query. In the Query statement properties screen, remove the current query (which basically selects EVERYTHING in your environment) and in its place, paste in a working (known good) query, for example for All Windows 10 use the following query. select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceID = SMS_R_System.ResourceId where (SMS_R_System.OperatingSystemNameandVersion = 'Microsoft Windows NT Workstation 10.0' or SMS_R_System.OperatingSystemNameandVersion = 'Microsoft Windows NT Workstation 10.0 (Tablet Edition)') Click OK to close the Query Rule Properties screen. Next you can optionally adjust the membership schedule by clicking on Schedule. Click your way through the rest of the wizard, once done, the All Windows 10 collection will appear. Repeat the above process to add all your other desired collections for Windows 10 and WAAS. Method #2 – Automate it with PowerShell To automate the creation of a bunch of device collections simply run the CreateDeviceCollectionsWindows10.ps1 Powershell script by starting PowerShell ISE as an Administrator on the ConfigMgr server (CM01). awesome ! Below you can see the script has run And after refreshing the console, all the new collections (with queries added) appear. Please join me in Part 7 where we'll configure discovery.

UPDATE: Success1809-AnswerFile.txtAddLanguage_zh-cn.txt What I ended up doing is below because other options simply didn’t work right, and there is limited documentation on versions 1809 and 1903. Maybe I can save you some headache. MDT "Add Language Packs Offline" referenced in original comment, does not appear to work with newer versions of Windows(1903)/SCCM(1902 and later). Other options such as adding Language Packs(and other features) using dism /online after OS installation results in the Windows UI remaining the default EN-US language. resetting this setting via Powershell and rundll/xml proved unsuccessful. Download the required language packs for my environment. Inject them directly into the offline install.wim via DISM NOTE: in MS Volume Licensing site, DO NOT select 64-bit or 32-bit when trying to download the Language Packs. You must first select MULTILANGUAGE from the language dropdown, or you will only have 1511 language packs available to download. Create an answer file, My answer file is attached for reference. (EDIT)Add Language Collection variable to "All Unknown Computers" device collection, and leave value blank, and uncheck "do not display this value". Screen shot below This will add the Language variable field when your start the image process Set Language Variables using the Set Dynamic Variables after Apply OS but before Setup Windows and Config mgr (screenshot below) I added a step to use English by default if none of the rules proved true I created a package containing all the new language features for each language, Each package with a bat file that runs the series of dism commands (example attached). NOTE, some of the languages do not contain the speech capability. Added Timezone support using tzutil /s “Timezone name” and keyed it on NTDomain.ClientSiteName attribute (screen below) EDIT: I forgot to include the Language Collection variable on Unknown Computers collection

all of it

you need to paste in YOUR OID which you created in step 4 into the file, so that it looks pretty much like what I've shown you, other than it will have YOUR OID and not MINE. you might want to change the pki cps url also to point to your url cheers niall

I am using this for our upgrade from 1703 to 1809 and it is amazing, exactly what I was looking for. Thank you Niall for all the work you have put into this, much appreciated!

thanks the important bit is... " Once done, paste in the OID created in Step 4 and then save the file as C:\Windows\CAPolicy.inf. "

there you go ! now you know why i use TreeFreeSize, the problem you have is as i guessed, the sql server transaction logs, look at my link above and you'll see how to compress them down to almost nothing

can not download the script. it is unavailable fixed... I should sin-in

Introduction You are most likely familiar with the Microsoft Surface Pro 6 and the recently released version of Windows 10 version 1903 (May 2019 Update). Now you can automate the installation of Surface Pro 6 using PowerShell and MDT. This script has been written to allow you to automate the deployment Windows 10 version 1903 (May 2019 Update) using the latest available software including: Windows 10 x64 (version 1903) Microsoft Deployment Toolkit (MDT) build 8456 Latest available 2019 drivers for the Surface Pro 6 for Windows 10 version 1903 Windows 10 ADK (version 1903) Windows Server 2019 Note: This is fully automated, and as this does install a Windows Deployment Services server role hosting a boot image, you should modify the script accordingly and test it thoroughly in a lab first. This script is tailored for one thing only, deploying Windows 10 x64 version 1903 to the Microsoft Surface Pro 6 with all drivers loaded and MDT pre-configured. Download it and customize it to suit your needs for other hardware if you wish because what it does is pretty cool. This script performs the following actions:- Downloads and then Installs Windows ADK 10 (version 1903) if you have not done so already Downloads and then Installs MDT, if you have not done so already Downloads all required drivers for Microsoft Surface Pro6 if you have not done so already Imports the Windows 10 x64 (version 1903) operating system into MDT Imports the Microsoft Surface Pro drivers into MDT Creates Selection Profiles for Surface Pro 6 and WinPE x64 Creates a Deploy Windows 10 X64 version 1903 task sequence Edits the Deploy Windows 10 X64 version 1903 task sequence and adds an inject drivers step for Microsoft Surface Pro 6 Sets a WMI query for hardware detection for the Surface Pro 6 on the corresponding driver step Injects the Microsoft Surface Pro 6 network drivers into the LiteTouchPE_x64.wim Creates custom CustomSettings.ini and BootStrap.ini files Disables the X86 boot wim (as it is not needed for Surface Pro 6) Changes the Selection Profile for the X64 boot wim to use the WinPE x64 selection profile Installs the Windows Deployment Service role Configures the WDS role and adds the previously created LiteTouchPE_x64.wim Starts the WDS service so that you can PXE boot (UEFI network boot). All you have to do is provide a domain joined server (MDT01), then download the script below, modify some variables, then place certain files in the right place such as the Windows 10 x64 Enterprise (version 1903) media. Please ensure you have a working DHCP scope on your Active Directory domain controller, then PXE boot a Microsoft Surface Pro and sit back and enjoy the show. Step 1. Download the script The PowerShell script will do all the hard work for you, download it, unzip it and place it on the server that is designated to be the MDT server. Scripts.zip Step 2. Configure the variables in the script Once you have downloaded and extracted the script, you need to configure certain variables interspersed throughout the script. I'll highlight the ones you need to edit. The most important of them is the $SourcePath variable (line 57) as this decides where to get the content from and where to store it. This variable should point to a valid drive letter, the folder name will be created if it does not exist. The $FolderPath variable (line 271) specifies the MDT Deployment share root folder for example C:\MDTDeploy. There are other variables to configure, for joining the Domain (lines 349-351) and then you need to configure how you actually connect to the MDT server from WinPE (lines 426-430) Step 3. Copy the Windows 10 x64 (version 1903) operating system files Mount a Microsoft Windows 10 x64 Enterprise (version 1903) ISO and copy the contents to $SourcePath\Operating Systems\Windows 10 x64\1903 as shown below. Step 4. Optionally copy MDT, ADK 10, Surface Pro drivers This is an optional step. If you've already downloaded the above files then place them in the source folder, otherwise the script will automatically download them for you. Note: You do not have to do this as the script will download the content for you if it's not found. Step 5. Optionally copy your Applications to the respective folders This is an optional step. If you have apps like Office 365, copy them to their respective folders under Applications. If you do add any applications, you'll need to edit the corresponding section within the script for the CustomSettings.ini and replace the GUID for the App, these applications are remmed out with a #, as shown here (line 392-393) and in line 328 Step 6. Run the script On the server that will become your MDT server, start PowerShell ISE as Administrator. Click on the green triangle to run the script. This is how it looks while running... Below you can see the script has completed. Step 7. Deploy a Surface Pro 6 After the script is complete, you are ready to test deploying Windows 10 version 1903 (May 2019 Update) to a Microsoft Surface Pro 6. You can see that Windows Deployment Services is installed and that the ADK 1903 version of the MDT LiteTouch_X64 boot wim is already imported. This boot image also has the Surface Pro 6 network drivers added. After the Surface Pro 6 has PXE booted, you'll see the MDT computer Name screen, you can change that behavior in the UI itself (CustomSettings.ini on the Properties/Rules of the DeploymentShare) or automate it via the many methods available such as those that Mikael describes here. After clicking next the OS will get deployed. and after a while it's all complete. Step 8. Review the MDT Deployment Workbench After opening the Deployment Workbench, you can see the Deploy Windows 10 x64 version 1903 task sequence is created and in the task sequence you can see the inject drivers step that is customized with a wmi query for Surface Pro 6 drivers specific to the Surface Pro 6 are imported into MDT Surface Pro 6 specific selection profiles created drivers (network) are also added to the x64 boot image Troubleshooting If the script has issues starting WDS (and you see the error below) then restart the server, as you were asked to do at the end of the script ;-). If you cannot PXE boot, because WDS is not accepting connections (revealed by the PXE Response tab in WDS properties), then look for the following error in the scripts output: An error occurred while trying to execute the command. Error Code: 0x5 Error Description: Access is denied. If you see that error, then the user you are logged in as does not have sufficient permissions to configure WDS. To grant permissions to the Windows Deployment Server (MDT01) do as follows Open Active Directory Users and Computers. Right-click the OU where you are creating prestaged computer accounts, and then select Delegate Control. On the first screen of the wizard, click Next. Change the object type to include computers. Add the computer object of the Windows Deployment Services server, and then click Next. Select Create a Custom task to delegate. Select Only the following objects in the folder. Then select the Computer Objects check box, select Create selected objects in this folder, and click Next. In the Permissions box, select the Write all Properties check box, and click Finish. Next, open ADSIEdit.msc Browse to the Computer Account of the WDS Server. It will have a Child Object named something like "CN=MDT01-Remote-Installation-Services". The user that runs the the PowerShell script or the WDS Console needs Full Access permissions to this Child Object. Right click and choose Properties. Select the Security/Permissions tab and add the user/group in. Set them to have Full Permissions. Log out of the MDT Server and log back in again. AD replication may delay the result of this, but you should now no longer have Access Denied. Summary Automating the deployment of Windows 10 version 1903 (May 2019 Update) to the Microsoft Surface Pro 6 using PowerShell and MDT is easy when you know how.

Great guide, Thank you.

Congrats, well deserved

this should help you

Thank you. Really great guide!

woo hoo

Excellent guide and a very reliable, thanks.

I've seen errors configuring the SQL Server memory when you are logged on as the wrong user, make sure you are logged on as the domain\user specified in the script, look at line 20... I think the user must be a SA to do the sql server memory change, but can't remember, please verify what user you are running this as... and i don't think domain\administrator is a SA....

That is because CM's SQL requires 8 GB of RAM for itself as a bare min. You will never get CM up with just 4 GB of ram, you will need at least 10GB

ah my bad, thanks for the heads up. I mixed up some old/new scripts... i've re-uploded them for parts 4-6, should be fine now, please check.

I'm going to run through this guide again. There's a few inconsistencies. Each step has a different scripts.zip attached. I figured I would just download the part 5 which would include everything (6 wasn't out at the time). And I noticed when you run powershell to install WSUS calls for a XML file in part 2\cm01 folder that does not exist. The XML file is in part 4 folder. Small little things like this. Also install roles and features power shell is in part 4 and 5 folders.

sorry, me too, I will get it done and hopefully add a part 7 also, I'll try and resume it this weekend, just other things have taken priority.

Amazing documentation as always!

I have found a workaround. I tried installing the update using the sccm manager on my windows 10 client and it worked !! I'm now on 1902. Thanks for your attention.

great to hear it, thanks for the feedback

Unfortunately, the log file was clear, so I went ahead and uninstalled and reinstalled my MP, and all is working well. If it happens again though, that'll be the first file I check. Thanks @anyweb!

hi there, please use the below guide for the SCCM 1902 installation, you can find it and many other guides I've done here cheers niall

Fix for bootloops when a TS is initiated from Software Center and the script is detecting failures during the checks. Change Sub Reboot Set WshShell = WScript.CreateObject("WScript.Shell") WshShell.Run "wpeutil reboot" End Sub To Sub Reboot Set objFSO2 = CreateObject("Scripting.FileSystemObject") Set colDrives = objFSO2.Drives For Each objDrive in colDrives if objDrive.DriveType=2 then SMSTSDrive=objFSO2.FolderExists(objDrive.DriveLetter + ":\_SMSTaskSequence") if SMSTSDrive then BootDrive=objDrive.DriveLetter&":\" end if end if Next Set WshShell = WScript.CreateObject("WScript.Shell") PEFirmware="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\PEFirmwareType" PeBoot = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\PEBootType" FirmwareType=WshShell.RegRead(PEFirmware) BootType=WshShell.RegRead(PeBoot) If lcase(BootType)="ramdisk:sourceidentified" then If FirmwareType=2 then BCD=BootDrive&"_SMSTaskSequence\BCD-EFI\BCD" else BCD=BootDrive&"_SMSTaskSequence\backup\boot\BCD" end if WshShell.Run("bcdedit /import " & BCD & " /clean"),1,true wscript.sleep(2000) end if WshShell.Run "wpeutil reboot" End Sub This will also cause the TS to continue in the full OS. If you want to prevent that add something like this after the first reboot. (Since checkfornetwork.vbs shouldn't fail if it succeeded the first time) Side note. The start cmd part is good but it's a LPE-exploit waiting to happen. All you have to do is start a TS from SC and then pull the cable and you're 'local system'. Don't bind it to cancel since the x in the corner returns the same thing. Detect if "command support" is enabled on the boot image and only give the choice to start a cmd.exe if so. Add the last 2 lines accordingly. ' updated 2015/4/26 logging folder creation fix ' On Error Resume Next DIM objShell, WshNetwork, sPingTarget, iNumberofFails, iFailureLimit, LogFileName, logfile, objFSO, objFile, outFile, CheckPartitions Set WshNetwork = WScript.CreateObject("WScript.Network") Set objShell = WScript.CreateObject( "WScript.Shell" ) sysDrv=objShell.ExpandEnvironmentStrings( "%SYSTEMDRIVE%" ) Buttons=vbOKOnly And this. function isDebug() FoundINI=objFSO.FileExists(sysdrv+"\Windows\System32\winpeshl.ini") If (FoundINI=vbTrue) then 'wscript.echo Cstr(bExists) & " " & bExists Set file = objFSO.OpenTextFile (sysdrv+"\Windows\System32\winpeshl.ini", 1, vbFalse, -1) row = 0 Do Until file.AtEndOfStream line = file.Readline 'WScript.Echo lcase(line) If (instr(lcase(line),"tsbootshell.exe")<>0) then TsBootShell=replace(lcase(line),"tsbootshell.exe","tsbootshell.ini") 'Wscript.echo TsBootShell TsINI=objFSO.FileExists(objShell.ExpandEnvironmentStrings(TsBootShell)) If (TsINI=vbTrue) then Set ReadTsINI = objFSO.OpenTextFile (objShell.ExpandEnvironmentStrings(TsBootShell), 1, vbFalse, -1) strTSINItext=ReadTsINI.readall If (instr(lcase(strTSINItext),lcase("EnableDebugShell=true"))<>0) then 'WScript.Echo "DebugMode" Buttons=vbYESNO end if ReadTsINI.Close end if end if row = row + 1 Loop file.Close end if end function Add a 'If' on the buttons shown and that's been taken care of as well. E.g. if (Buttons=vbOKOnly) then Message="Kunde inte hitta en hårddisk att installera Windows på." & vbCrLf & vbCrLf & " Meddela IT att detta kan vara orsaken:" & vbCrLf & vbCrLf & "* Saknar drivrutiner för hårddisken . " & vbCrLf & "* Hårddisken kan vara trasig. " & vbCrLf & vbCrLf & "Hårdvara: " & vbCrLf & vbCrLf & SataResult &"Dator: "& MakeModel & vbCrLf & vbCrLf & "Tryck [OK] när du är klar." Else Message="Kunde inte hitta en hårddisk att installera Windows på." & vbCrLf & vbCrLf & " Meddela IT att detta kan vara orsaken:" & vbCrLf & vbCrLf & "* Saknar drivrutiner för hårddisken . " & vbCrLf & "* Hårddisken kan vara trasig. " & vbCrLf & vbCrLf & "Hårdvara: " & vbCrLf & vbCrLf & SataResult &"Dator: "& MakeModel & vbCrLf & vbCrLf & "Tryck [YES] för att få installationen att misslyckas eller [NO] för att starta en CMD-prompt." end if result=MsgBox (Message, Buttons, "Warning: Unable to continue") 'result = MsgBox ("Unable to find a valid internal storage device." & vbCrLf & vbCrLf & "Possible causes can be: " & vbCrLf & vbCrLf & "* Missing Storage drivers. " & vbCrLf & "* Missing HDD/SSD. " & vbCrLf & vbCrLf & "Please inform the person supporting you that the following hardware was detected: " & vbCrLf & vbCrLf & SataResult &"Computer: "& MakeModel & vbCrLf & vbCrLf & "Press [OK] to exit and reboot or press [Cancel] to open a CMD prompt to troubleshoot further."_ ', vbOKCancel, "Warning: Unable to continue") Select Case result Case vbOK Set objShell = Nothing 'objShell.Run("x:\windows\system32\winpeshl.exe"),1,true Reboot Case vbNo Set objShell = WScript.CreateObject( "WScript.Shell" ) objShell.Run("cmd.exe /s") msgbox "When you are finished, press [OK]" Reboot End Select Edit: And of course calling the function early in the script.

If anyone gets an access denied error at the last step (certutil -crl), then please reboot your Issuing CA server once and then issue the command again. I had this issue and apparently several other users had this too per various forums.

just make sure your Apply Driver Package step references that, as shown here.

you only need the one step, that's how it works, it's a variable !

Yes. While each deployment type has its own content ID, you must update content for each deployment type if both deployment types use the same content source.

Hi, OUR SETUP We have a SCCM 2012 server which we recently took over. Our setup consist of 13 remote sites with DP's in 6 and 32 subnets between them all. Our sites and services setup in AD has been configured correctly and very carefully due to the complication of all the subnets of various sizes (/24 /25 /26 /27 etc..) We are'nt SCCM experts by any stretch of the imagination but know infrastructure and networking well and are confident that sites and services has been setup 100% correctly. OUR FINDINGS We recently had a closer look at the SCCM server to try and improve the general performance - Takes very long to come back with anything whenever you do anything in it.(assume the SQL queries are the issue) Starting at the basics we had a look at boundaries first and found that the discovery methods are setup for site and IP address ranges. Since our sites and services are setup correctly we thought we could get rid of the IP ranges as I have read multiple articles stating that this is a very "Expensive Query" - and therefore just use sites. OUR PROBLEM The minute we remove the IP range the "remote" workstations (sites with DP's)will not run the task Sequence after PXE booting Tail end of the smsts.log file <![LOG[ Flags: 01000000]LOG]!><time="11:56:30.378-600" date="11-24-2017" component="TSPxe" context="" type="1" thread="1824" file="resolvesource.cpp:2291"> <![LOG[ URLs : 1]LOG]!><time="11:56:30.378-600" date="11-24-2017" component="TSPxe" context="" type="1" thread="1824" file="resolvesource.cpp:2292"> <![LOG[ SMB : ]LOG]!><time="11:56:30.378-600" date="11-24-2017" component="TSPxe" context="" type="1" thread="1824" file="resolvesource.cpp:2293"> <![LOG[ MCS : ]LOG]!><time="11:56:30.378-600" date="11-24-2017" component="TSPxe" context="" type="1" thread="1824" file="resolvesource.cpp:2294"> <![LOG[No static content server.]LOG]!><time="11:56:30.378-600" date="11-24-2017" component="TSPxe" context="" type="1" thread="1824" file="resolvesource.cpp:2371"> <![LOG[(LocationsList.size() + slistHttpPaths.size() + slistSMBPaths.size()) > 0, HRESULT=80040102 (e:\nts_sccm_release\sms\framework\tscore\resolvesource.cpp,2427)]LOG]!><time="11:56:30.378-600" date="11-24-2017" component="TSPxe" context="" type="0" thread="1824" file="resolvesource.cpp:2427"> <![LOG[FALSE, HRESULT=80040102 (e:\nts_sccm_release\sms\framework\tscore\tspolicy.cpp,2000)]LOG]!><time="11:56:30.378-600" date="11-24-2017" component="TSPxe" context="" type="0" thread="1824" file="tspolicy.cpp:2000"> <![LOG[Content location request for QAT00002:3 failed. (Code 0x80040102)]LOG]!><time="11:56:30.378-600" date="11-24-2017" component="TSPxe" context="" type="3" thread="1824" file="tspolicy.cpp:2000"> <![LOG[hr, HRESULT=80040102 (e:\nts_sccm_release\sms\framework\tscore\tspolicy.cpp,2845)]LOG]!><time="11:56:30.378-600" date="11-24-2017" component="TSPxe" context="" type="0" thread="1824" file="tspolicy.cpp:2845"> <![LOG[Failed to resolve PackageID=QAT00002]LOG]!><time="11:56:30.378-600" date="11-24-2017" component="TSPxe" context="" type="3" thread="1824" file="tspolicy.cpp:2845"> <![LOG[(*iTSReference)->Resolve( pTSPolicyManager, dwResolveFlags ), HRESULT=80040102 (e:\nts_sccm_release\sms\framework\tscore\tspolicy.cpp,3693)]LOG]!><time="11:56:30.378-600" date="11-24-2017" component="TSPxe" context="" type="0" thread="1824" file="tspolicy.cpp:3693"> <![LOG[m_pSelectedTaskSequence->Resolve( m_pPolicyManager, TS::Policy::TaskSequence::ResolvePolicy | TS::Policy::TaskSequence::ResolveSource, fpCallbackProc, pv, hCancelEvent), HRESULT=80040102 (e:\nts_sccm_release\sms\client\tasksequence\tsmbootstrap\tsmediawizardcontrol.cpp,1439)]LOG]!><time="11:56:30.378-600" date="11-24-2017" component="TSPxe" context="" type="0" thread="1824" file="tsmediawizardcontrol.cpp:1439"> <![LOG[Failed to resolve selected task sequence dependencies. Code(0x80040102)]LOG]!><time="11:56:30.378-600" date="11-24-2017" component="TSPxe" context="" type="3" thread="1824" file="tsmediawizardcontrol.cpp:1439"> <![LOG[hrReturn, HRESULT=80040102 (e:\nts_sccm_release\sms\client\tasksequence\tsmbootstrap\tsmediaresolveprogresspage.cpp,445)]LOG]!><time="11:56:30.378-600" date="11-24-2017" component="TSPxe" context="" type="0" thread="1824" file="tsmediaresolveprogresspage.cpp:445"> <![LOG[ThreadToResolveAndExecuteTaskSequence failed. Code(0x80040102)]LOG]!><time="11:56:30.378-600" date="11-24-2017" component="TSPxe" context="" type="3" thread="1824" file="tsmediaresolveprogresspage.cpp:445"> <![LOG[ThreadToResolveAndExecuteTaskSequence returned code 0x80040102]LOG]!><time="11:56:30.378-600" date="11-24-2017" component="TSPxe" context="" type="1" thread="516" file="tsmediaresolveprogresspage.cpp:221"> <![LOG[Setting wizard error: This task sequence cannot be run because the program files for QAT00002 cannot be located on a distribution point. For more information, contact your system administrator or helpdesk operator.]LOG]!><time="11:56:30.378-600" date="11-24-2017" component="TSPxe" context="" type="0" thread="516" file="tsmediawizardcontrol.cpp:1463"> <![LOG[ResolveProgressPage::OnWizardNext()]LOG]!><time="11:56:30.378-600" date="11-24-2017" component="TSPxe" context="" type="0" thread="516" file="tsmediaresolveprogresspage.cpp:113"> <![LOG[Activating Finish Page.]LOG]!><time="11:56:30.378-600" date="11-24-2017" component="TSPxe" context="" type="0" thread="516" file="tsmediafinishpage.cpp:107"> <![LOG[Loading bitmap]LOG]!><time="11:56:30.394-600" date="11-24-2017" component="TSPxe" context="" type="1" thread="516" file="tsmbootstrap.cpp:1303"> If we add the IP Ranges back it works. I can see the problem (highlighted) and know how to get around it but don't understand why we cannot get it to use Sites and Services correctly. We have ensured that the DP servers Boundaries and Boundary Groups are all connected Boundary Discovered and Defined correctly. Boundary Group has correct Boundary in it. Boundary Group Reference has DP server defined as Site System Server We have made sure that the packages have sync'd/copied correctly with the DP's and the sizes all match. Obviously we are missing something - Can anyone provide any further advice? And I will just say again, we have just spent two weeks documenting and going over our Sites / Subnet / AD setup to ensure we have no overlapping networks and to ensure all our subnets are defined correctly in sites and services - We really don't think the issue lies there but are open to any advice. Thank You in advance.

Thanks for the suggestion. FML - Microsoft! The "Architecture" under filters has no purpose in this scenario. I just couldn't figure this out, build updates always failed me, I'm going to test something else today. I'm using a full "Title" description on the filters now: Feature update to Windows 10 (business editions), version 1809, en-us x64 It only displays the 64bit version which I want.

Recently rolled this out, some brief notes: - On a Windows 10 machine, no additional agent is required. You simply set the SCCM policy to enable Endpoint Protection (Defender) to be managed. SCCM > Administration > Client Settings > Endpoint Protection > Manage Endpoint Protection...... - On a Windows 7 machine, SCCM will automatically deploy the SCEP agent if the above policy setting is enabled. We haven't deployed to server so cant assist there, but no reason why it wouldnt work. - You'll need to setup ADR's so new definitions are downloaded every X hour, you'll also need to change you SUP sync schedule to match this frequency - All settings/configuration/exclusions etc can be done via Anti-Malware policies. SCCM > Asset and Compliance > Endpoint Protection > Antimalware policies - I found we had to manually uninstall our previous AV solution (even though SCCM has an option to remove it) else SCEP would fail to install. I had to script the removal of the old AV Take some time to flick over all the anti-malware policies, everything will become much clearer. Key thing is to make sure your definitions are regularly updated (i do mine every 8 hours), and to make sure your SUP also sync at the same time else the ADR will run against a "outdated" SUP catalog.

We followed this guide as we wanted to use PKI

nice effort but any reason why you went with an out of support version of SCCM ? 1802 is the current baseline...

Ok, I found some interesting reading at https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-plan 🙂

After the huge popularity of the windows-noob.com Configuration Manager 2012 Guides (609,165 views as of July 2nd, 2014), which were subsequently made available for download, (and downloaded 63521 times as of July 2nd, 2014) I've now made the following guides available in Microsoft Word format (zipped). These are the windows-noob Mobile Device Management guides which help you integrate Microsoft Intune with Configuration Manager 2012 R2, and then go on to add support for the following mobile devices" iOS Android Windows RT Windows 8.1 Windows Phone Mobile Device Management with Microsoft Intune integration (UDM) CM12 in a Lab – Part 1, integrating Microsoft Intune CM12 in a Lab – Part 2, adding Support for iOS devices CM12 in a Lab – Part 3, deploying apps to iOS devices CM12 in a Lab – Part 4, configuring compliance on iOS devices CM12 in a Lab – Part 5, enabling support for Windows 8.1 devices CM12 in a Lab – Part 6, deploying Windows 8.1 apps (appx) CM12 in a Lab – Part 7, deploying Windows Store apps CM12 in a Lab – Part 8, adding Android devices CM12 in a Lab – Part 9, deploying Apps to Android devices CM12 in a Lab – Part 10, adding Windows Phone 8 devices CM12 in a Lab – Part 11, using Intune Extensions Note: To download this zip file you need to register your account on windows-noob.com You can download the windows noob Mobile Device management guides in one ZIP from here: System Center 2012 R2 Configuration Manager Mobile Device Management - The windows-noob.com Guides.zip Once extracted you'll have the guide in Word format like below Please do spread the word ! cheers niall

Introduction Traditionally you deploy one operating system per task sequence but there are times when you might want to deploy more than operating system in the same task sequence. There are a variety of ways of doing this, for example you could use a MDT based User Driven Installation (UDI) task sequence which in turn requires you to use the UDI Wizard Designer to edit the Volume page and add, remove or re-order Operating System wim images which can then be displayed to the end user (shown below). This works well as long as you are willing to use UDI based task sequences and the associated UDI Designer Wizard and don't mind updating the MDT Toolkit Files package after doing so. Alternatively you could use a dynamic task sequence which uses a HTA FrontEnd (hypertext application or web page..) that is based on variables set in the task sequence itself. The HTA method is more dynamic as you do not need to update the MDT Toolkit files package every time you make a change to one of the operating systems included in the task sequence and you don't need to use a User Driven Installation based task sequence either. Here is what the FrontEnd looks like you can click on the drop down menus to select from the Operating Systems that you make available In addition you can use tooltips (by hovering over a drop down menu) in this task sequence to display helpful info to the end user about what each operating system is for. So how is it done ? I'll show you. Step 1. Get the Task Sequence Download the Multiple Operating Systems in a Task Sequence below. Multi-Image task sequence.zip You need to import it into your Configuration Manager server. To Import it, in the Configuration Manager console navigate to the Software Library and find the Operating Systems section, right click on Task Sequences and choose Import Task Sequence as shown below. browse to the UNC path where you downloaded the ZIP file above click next, you will get an import failure for the boot wim, select Ignore Dependency as shown below The task sequence is imported successfully. Step 2. Get the HTA Download the Multi Image HTA below Multi-Image.zip Unzip these files and copy them to a folder on your Configuration Manager server. Next, create a package by doing as follows, select Application Management in software Library, and choose Packages, right click and choose Create Package fill in some info about the package, call it Multi-Image Select do not create a program continue through the wizard until done Step 3. Distribute the package Right click on the Multi-Image package and choose Distribute Content, distribute it to all your distribution points as shown below continue until the wizard is complete. Step 4. Edit the Task sequence Right click on the Multiple Operating Systems in a Task Sequence task sequence and choose edit, you'll probably see the error below, it's ok we are going to add that package next... On the Display HTA step, click on the Browse button beside Package, and select the Multi-Image so it looks like below Once done, take a look at the three OSName variables, they are what is shown to the end user in the Multi-Image HTA. You can set these variables to match whatever three (or two or more) operating systems you are deploying in this task seqence. in addition you can define the two tooltips used in the HTA If you want the HTA to display make/model and serial number info then add a MDT Toolkit Files step, immediately followed by a MDT Gather step as shown below (this is optional, and requires MDT Integration with Configuration Manager 2012.) Now you need to add your operating system images, under the New Computer Group,click add,choose images and then apply operating system image as shown below click on browse and browse to your selected operating system image Next, select the Options tab, and add a condition (Task Sequence Variable) and enter the following info, ImageValue = OSValue1 as shown below repeat the above for each Operating System Image you want to deploy, however set the options value for the variable ImageValue to OSValue2 or OSValue3 as appropriate. You don't need to make all three available, you can simply disable one or two in the task sequence if you want and they won't appear in the HTA. Dynamic ! for the purpose of this task sequence, you can go ahead and add a boot wim and then deploy it for testing, obviously you'll want to customize the task sequence to do all the actions you normally do, below you can see that the second Operating System image was selected (OSValue2) and is being deployed as logged in SMSTS.log That's it, job done ! Summary Deploying multiple operating systems with Configuration Manager 2012 R2 is easy enough and there are many ways of doing it, this method is dynamic and I hope you try it out !. Related Reading CM12 in a lab - Part 16. Integrating MDT 2012 with Configuration Manager 2012 CM12 in a lab - Part 17. Using MDT 2012 with Configuration Manager 2012 CM12 in a lab - Part 18. Deploying a UDI Client Task Sequence Downloads You can download a Microsoft Word copy of this guide here. Multiple Wim Images in One Task Sequence.zip

there are TWO branches of SCCM, current branch (which is what you are using) and Technical Preview (which is what is in this video) Current Branch is for production environments, and Technical Preview is for labs, you cannot get TP updates in a Current Branch release

One thing i can't stand about forums is no one responding back to how they fixed their issue. I hope this helps someone down the road. I just got off the phone with support and this was their fix as well. They said it's a client side issue with certificates being corrupt. ERROR: Error. Status code 500 returned OSDSMPClient 7/25/2016 4:25:28 PM 5656 (0x1618) Received 1231 byte response. OSDSMPClient 7/25/2016 4:25:28 PM 5656 (0x1618) pReply != NULL, HRESULT=80004005 (e:\qfe\nts\sms\client\osdeployment\osdsmpclient\smpclient.cpp,2391) OSDSMPClient 7/25/2016 4:25:28 PM 5656 (0x1618) SMP Root share info response is empty OSDSMPClient 7/25/2016 4:25:28 PM 5656 (0x1618) ClientRequestToSMP::ClientRootShareRequestToSMP failed. error = (0x80004005). OSDSMPClient 7/25/2016 4:25:28 PM 5656 (0x1618) ExecuteRootShareInfoRequest(sRootShareList), HRESULT=80004005 (e:\qfe\nts\sms\client\osdeployment\osdsmpclient\smpclient.cpp,1717) OSDSMPClient 7/25/2016 4:25:28 PM 5656 (0x1618) ClientRequestToSMP::DoRequest failed. error = (0x80004005). OSDSMPClient 7/25/2016 4:25:28 PM 5656 (0x1618) Request to SMP 'http://myservername.domain.com'failed with error (Code 0x80004005). Trying next SMP. OSDSMPClient 7/25/2016 4:25:28 PM 5656 (0x1618) Sleeping for 60 seconds before next attempt to locate an SMP. OSDSMPClient 7/25/2016 4:25:28 PM 5656 (0x1618) Retry number 2 OSDSMPClient 7/25/2016 4:26:28 PM 5656 (0x1618) Microsoft's response ++ It looks like there is certificate issues while performing the restoration task. ++ Please run following command under PowerShell (As Admin ) · Remove-Item -Path ‘HKLM:\SOFTWARE\Microsoft\SystemCertificates\SMS\Certificates\*’ -force; · restart-service ccmexec Sunshine

I appreciate the help. I was able to find a work around by deleting the keys located under ‘HKLM:\SOFTWARE\Microsoft\SystemCertificates\SMS\Certificates*’ on the client side and reboot the machine. Then the restores/captures work as expected. You have any ideas why this could be happening? Thanks Sunshine

I just reused a previous serviceUI.exe step so yes if you want to call it overly complex, you can, and yes it can be simplified, however, it does work and that's the point :-) I'll take a look at the IE shortcut suggestions, cheers

Came across this thread and I think I have a quick answer to the original question. Run the exe that you dumped out of CCTK with the /nolog switch. I believe the exe is trying to create a log.txt file in a read only location. I was having the exact problem, and this worked for me.

Since the upgrade to SP1 for SCCM 2012, I am unable to use the "Devices" in the Assets and Compliance workspace. It sits stuck at "Returning List Items..." I have tried leaving it there for at least 24 hours with no change. I have even tried a fresh install using SQL 2012 /w CU2 and SCCM 2012 /w SP1. This problem doesn't show up anywhere else. Device collections return items, including the All Systems collection. Any thoughts on a solution? Thank you, Mike Peterson