Jump to content




anyweb

Root Admin
  • Content Count

    7,770
  • Joined

  • Last visited

  • Days Won

    288

Everything posted by anyweb

  1. Update: please see this updated guide for SCCM 1802 CB, with SQL Server 2017. Introduction In a previous guide I showed you how to install System Center Configuration Manager version 1511 (Current Branch) on Windows Server 2012R2. Times are changing fast in this cloud-first mobile-first world, and as a result the System Center Configuration Manager (Current Branch) releases are being released rapidly. In addition to these releases are new Windows Server and SQL Server releases. Now that these new releases are all supported to run together, this guide will show you how to quickly install System Center Configuration Manager version 1606 (Current Branch) on Windows Server 2016 using SQL Server 2016, and then upgrade it to System Center Configuration Manager version 1610 (Current Branch). We use System Center Configuration Manager version 1606 (Current Branch) in this guide as it is the latest baseline version available on Microsoft's Volume License Service Center site (as of time of writing, December 2016). Some PowerShell knowledge is desired. I will show you how to do most actions manually as well as automated. Assumptions In this guide I assume you have already installed two workgroup joined servers running Windows Server 2016 (choose Windows Server 2016 Standard (Desktop Experience)) as listed below, and that you've configured the network settings. I also assume you have some knowledge of PowerShell, if you don't, start learning it now ! Server name: AD01 Server status: Workgroup joined IPv4 Address: 192.168.4.1 Subnet Mask: 255.255.255.0 Default Gateway: 192.168.4.199 DNS: 192.168.4.1 Server name: CM01 Server status: Domain joined IPv4 Address: 192.168.4.2 Subnet Mask: 255.255.255.0 Default Gateway: 192.168.4.199 DNS: 192.168.4.1 Server name: Smoothwall Server roles: A Linux firewall for sharing internet into these virtual machines, in hyperv you can add two legacy nics to achieve this. Scripts used in this guide The scripts used in this guide are available at the bottom of the guide in the Downloads section, download them before beginning and extract them to C:\scripts on your destination server(s). Step 1. Configure Active Directory Domain Services (ADDS) Note: Perform the following on the AD01 as Local Administrator on the workgroup joined server. To setup Active Directory Domain Services you could manually click your way through the appropriate wizard in Server Manager or automate it using PowerShell. For your benefit I'll show you both methods below, all you have to do is choose which one suits you. Method #1 - Do it manually 1. To manually setup ADDS, in the start screen search for Server Manager 2. Click on Add roles and features, for Installation Type choose Role-based or Feature-based installation 3. For Server Selection choose the local server (AD01) 4. For Server Roles select Active Directory Domain Services and DNS Server, answer yes to install any required components. 5. Continue the the wizard and click Install, then click Close to complete the wizard. 6. After it's finished, perform the Post Deployment Configuration by clicking on Promote this server to a domain controller select the Add a new forest option, give it a root domain name such as windowsnoob.lab.local and click through the wizard, when prompted for the password use P@ssw0rd. Method #2 - Automate it with PowerShell To configure ADDS automatically, use the ConfigureADDS.ps1 PowerShell script. 1. Copy the script to C:\scripts. 2. Edit the variables as desired before running. 3. Start Windows PowerShell ISE as Administrator and run the script by clicking on the green triangle. Step 2. Join CM01 to the domain Note: Perform the following on the CM01 as Local Administrator on the workgroup joined server. Method #1 - Do it manually To join the domain manually, bring up the computer properties. Click on Change settings beside the computer name, click Change and enter the appropriate domain join details, reboot when done. Method #2 - Automate it with PowerShell To join the domain automatically, use the joindomain.ps1 PowerShell script. 1. Copy the script to C:\scripts. 2. Edit the variables as desired before running. 3. Start Windows PowerShell ISE as Administrator and run the script by clicking on the green triangle. Step 3. Create users Note: Perform the following on the Active Directory Domain Controller server (AD01) as Local Administrator You can do this step manually or automated using the supplied PowerShell script. Method #1 - Do it manually To create users manually, add the following users in AD using Active Directory Users and Computers: * <your user name>, a domain user, this user will become a local administrator on CM01 * Testuser, a domain user * CM_BA, used for building ConfigMgr created images * CM_JD, used for joining computers to the domain * CM_SR used for reporting services. * CM_CP, a domain user used when installing the Configuration Manager Client for Client Push. * CM_NAA, a domain user, (Network Access Account) used during OSD Method #2 - Automate it with PowerShell To create users automatically, use the Create Users Usergroups and OUs in AD.ps1 PowerShell script. Tip: You need to edit the script and adjust the variables to your liking, for example if you want to change the default password. You may also want to rem out the MDT and MBAM user/groups that are created and change some of the user names within the script. To rem out a line place a # in front of it. 1. Copy the script to C:\scripts. 2. Edit the variables [lines 68-80] as desired before running. 3. Start Windows PowerShell ISE as Administrator and run the script by clicking on the green triangle. After running the PowerShell script in Windows PowerShell ISE you'll see something like the following. Step 4. Create the System Management Container Note: Perform the following on the Active Directory Domain Controller server (AD01) as Local Administrator For details of why you are doing this see https://technet.microsoft.com/en-us/library/gg712264.aspx. Method #1 - Do it manually Open ADSI Edit, click on Action, Connect To and click Ok, Double Click on Default Naming Context and the DC= that appears below it. Click on the + and scroll down to CN=System. Right Click on CN=System and choose New, Object, choose Container from the options, click Next and enter System Management as the value as shown below Method #2 - Automate it with PowerShell To create the System Management container automatically, use the Create System Management container.ps1 PowerShell script. Step 5. Delegate Permission Note: Perform the following on the Active Directory Domain Controller server (AD01) as Local Administrator Method #1 - Do it manually Open Active Directory Users and Computers. Click on view, select Advanced Features. Select the System Management Container, and right click it, choose All Tasks and Delegate Control. When the Welcome to Delegation of Control Wizard appears click next, then click Add. click on Object Types, select Computers. Type in your Configuration Manager server name (CM01) and click on Check Names, it should resolve. Click Ok, then Next. Choose Create a Custom Task to Delegate, click next, make sure This folder, existing objects in this folder and creation of new objects in this folder is selected. Click next, select the 3 permissions General, Property-Specific and Creation-deletion of specific child objects are selected then place a check mark in Full Control. Tip: Repeat the above process for each site server that you install in a Hierarchy. Method #2 - Automate it with PowerShell To delegate permissions to the System Management container automatically, use the Delegate Permissions.ps1 PowerShell script on CM01. That's right, on the ConfigMgr server. Step 6. Install Roles and Features on CM01 Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator To support various features in System Center Configuration Manager, the setup wizard requires some Server Roles and Features pre-installed. On CM01, login as the username you added to the Local Administrators group and navigate to C:\scripts. The XML files within the Scripts Used in This Guide.zip were created using the Export Configuration File option in Server Manager after manually installing roles and features and the accompanying PowerShell script simply installs it. Note: Make sure your Server 2016 media is in the drive specified in the script or edit the script to point to the location of the media. Method #2 - Automate it with PowerShell To install the roles and features needed, start Windows Powershell ISE as Administrator and run the install roles and features.ps1 script. Step 7. Download and install Windows ADK 10 version 1607 Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator The ConfigMgr prerequisite checker will check for various things, including ADK components such as USMT and Windows Preinstallation Environment (amongst others), therefore you need to install Windows ADK on your server. To do so, either download ADKsetup from here and manually install it or run the setup ADK and WDS.ps1 PowerShell script to download and install the correct components for you. This script not only downloads the components needed, it's also installs ADK 10 and then installs Windows Deployment Services. The setup ADK and WDS.ps1 PowerShell script is available in the Scripts Used in this Guide zip file. Method #2 - Automate it with PowerShell To download and then install Windows ADK 10 with the components needed, start Windows Powershell ISE as Administrator and run the setup ADK and WDS.ps1 script. Step 8. Install SQL Server 2016 Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator The following script will create a ConfigurationFile.ini used to automate the installation of SQL Server 2016, and after it's installed the script will download the SSMS exe (Management Studio) and install it. SQL Server no longer comes with the Management Studio and it's offered as a separate download, don't worry though, my PowerShell script takes care of that for you. Note: Make sure your SQL Server 2016 media is in the drive specified in the script or edit the script to point to the location of the media. Method #2 - Automate it with PowerShell To install SQL Server2016 use the Install SQL Server 2016.ps1 script. 1. Copy the script to C:\scripts. 2. Edit the variables [lines 17-75] as desired before running. 3. Start Windows PowerShell ISE as Administrator and run the script by clicking on the green triangle. Step 9. SQL Memory Configuration Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator Depending on your memory configuration and server setup, you may also want to configure SQL memory limits as per the following guidance prior to installing ConfigMgr otherwise you'll get warnings in the Prerequisite checker when it runs the Server Readiness checks. Configuration Manager requires SQL Server to reserve a minimum of 8 gigabytes (GB) of memory for the central administration site and primary site and a minimum of 4 gigabytes (GB) for the secondary site. This memory is reserved by using the Minimum server memory setting under Server Memory Options and is configured by using SQL Server Management Studio. For more information about how to set a fixed amount of memory, see here. If your SQL Server is configured for unlimited memory usage, you should configure SQL Server memory to have a maximum limit. Method #1 - Do it manually Open Management Studio, select CM01, right click, choose Properties, select memory and configure the values as appropriate for your environment. Method #2 - Automate it with PowerShell Use the following PowerShell in ISE on the server that you installed SQL Server 2016 on, thanks go to SkatterBrainz for the code snippet, you might want to adjust the $SqlMemMin and $SqlMemMax variables to suit your environment. $SqlMemMin = 8192 $SqlMemMax = 8192 [System.Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic') | Out-Null [System.Reflection.Assembly]::LoadWithPartialName('Microsoft.SqlServer.SMO') | Out-Null $SQLMemory = New-Object ('Microsoft.SqlServer.Management.Smo.Server') ("(local)") $SQLMemory.Configuration.MinServerMemory.ConfigValue = $SQLMemMin $SQLMemory.Configuration.MaxServerMemory.ConfigValue = $SQLMemMax $SQLMemory.Configuration.Alter() Step 10. Restart the Server Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator Open an administrative command prompt and issue the following command: shutdown /r Step 11. Install the WSUS role Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator Now that SQL server is installed, we can utilize that for the WSUS database. To install WSUS and configure it to use the SQL servers database instead of the Windows Internal Database, do as follows: Method #1 - Do it manually <Coming soon> Method #2 - Automate it with PowerShell Browse to the location where you extracted the scripts, C:\scripts. Start Windows PowerShell ISE as administrator, open the Install roles and features_WSUS.ps1 script, edit the $servername variable and replace CM01 with the ServerName your are installing ConfigMgr on (SQL server). Make sure to have your Windows Server 2016 SXS media in the path referred to by $Sourcefiles. Step 12. Download and extract the ConfigMgr content Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator To install System Center Configuration Manager version 1606 you'll need to download the content. You can download it from Microsoft's Volume license site for use in production or from MSDN for use in a lab. The VLSC download can be found be searching for Config and then selecting System Center Config Mgr (current branch and LTSB 1606) as shown below. Method #1 - Do it manually For the purposes of this guide I used the 1606 release from VLSC. This iso is named SW_DVD5_Sys_Ctr_ConfigMgrClt_ML_1606_MultiLang_ConfMgr_SCEP_MLF_X21-16461.ISO and is 1.20GB in size. Once downloaded, I mounted the ISO in Windows File Explorer and copied the contents to C:\Source\SCCM 1606 on CM01. Step 13. Download the ConfigMgr Prerequisites Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator You can download the prerequisites during ConfigMgr setup or in advance. As you'll probably want to install more than one copy of ConfigMgr (one lab, one production) it's nice to have the prerequisites downloaded in advance. To do that, open a PowerShell prompt with administrative permissions and navigate to the following folder: C:\Source\SCCM 1606\smssetup\bin\X64 Run the following line .\SetupDL.exe C:\Source\Downloads Tip: Browse to C:\source\SCCM 1606\SMSSETUP\TOOLS and double click on CMTrace.exe, answer Yes to the default logging question. Then, using Windows File Explorer, browse to C:\ and double click on ConfigMgrSetup.log which will open the log file in CMTrace. This will allow you to view any errors or problems with the download of the prerequisites in real time. Step 14. Extend the Schema Note: Perform the following on the Domain controller server (AD01) as Administrator. You do not have to extend the Active Directory schema if it was already extended for Configuration Manager previously. 1. Using Windows File Explorer on the Active Directory Domain Controller, browse to \\<server>\c$\Source\SCCM 1606\SMSSETUP\BIN\X64 where <server> is your ConfigMgr server 2. locate extadsch.exe, right click and choose Run As Administrator. 3. A command prompt window will appear briefly as the schema is extended, check in C:\ for a log file called ExtADSch.log it should look similar to this Step 15. Install SCCM Current Branch (version 1606) Note: Perform the following on the ConfigMgr server (CM01) as Administrator. If you are NOT using eval (as in my example) then you need to add this section to the configuration.ini file [SABranchOptions] SAActive=1 CurrentBranch=1 Method #1 - Do it manually <Coming soon> Method #2 - Automate it with PowerShell You will need to edit the Install SCCM Current Branch version 1606.ps1 script and replace the variables inside with those that work in your environment. For example, to change the ProductId open the script in Windows ISE, locate the line that reads $ProductID= and either enter your ConfigMgr Product Key or use the evaluation version of ConfigMgr by entering the word EVAL. 1. Copy the script to C:\scripts. 2. Edit the variables [lines 16-17 & lines 32-57] as desired before running. 3. Start Windows PowerShell ISE as Administrator and run the script by clicking on the green triangle. Once the script completes successfully, System Center Configuration Manager Current Branch (version 1606) is installed. Note: Currently there is a bug when using System Center Configuration Manager 1606 (Current Branch) and Windows ADK 1607 when used with Windows Server 2016 and SQL Server 2016, in that the boot images will not be created. The error shown in ConfigMgrSetup.log will be "ERROR: Failed to call method ExportDefaultBootImage. Error 0x80041013". If you experience this issue add your voice to Microsoft Connect ID 3116118. The solution at this point is to continue onto the next step and use Upgrades and Servicing to upgrade to System Center Configuration Manager 1610 (Current Branch). After completing that upgrade, the ADK 1607 boot images will be correctly added to ConfigMgr. Step 16. Upgrade to SCCM Current Branch (version 1610) Note: Perform the following on the ConfigMgr server (CM01) as Administrator. Method #1 - Do it manually As the upgrade process is a whole blog post by itself, please follow my guide here. Summary In this guide you used a lot of PowerShell to automate most of Installing System Center Configuration Manager Current Branch (version 1606), including installing and configuring SQL Server 2016 on Windows Server 2016. You then upgraded to version 1610 using Updates and Servicing. Related Reading Configuration Manager and the Windows ADK for Windows 10, version 1607 here. Documentation for System Center Configuration Manager here. What's new in version 1610 of System Center Configuration Manager here. Recommended hardware for System Center Configuration Manager here. Supported operating systems for sites and clients for System Center Configuration Manager here. Support for SQL Server versions for System Center Configuration Manager here. Use a command line to install System Center Configuration Manager sites here. Supported operating systems for System Center Configuration Manager site system servers here. Install-WindowsFeature here. Downloads You can download a Microsoft Word copy of this guide here dated 2016/12/6 How can I install System Center Configuration Manager version 1606 (Current Branch) on Windows Server 2016 with SQL 2016.zip You can download the PowerShell scripts used above here Scripts Used In This Guide.zip
  2. why are you deploying a gpo for WSUS, don't you have a SUP on the SCCM server managing software updates ?
  3. hi Christoffer, do the windows 10 clients have the 1806 client installed on them also ?
  4. Introduction In an earlier post you installed System Center Configuration Manager (Current Branch), then you learned about configuring discovery methods. Next you configured boundaries to get an understanding of how automatic site assignment and content location works. In this guide you'll learn about a new method for updating ConfigMgr with new features and fixes using a new feature called Updates and Servicing. Note: This is an early release of this new technology so is quite likely to change/evolve in later versions. As a result I will amend this document to reflect those changes if and when they occur. Traditionally ConfigMgr would be updated via these 4 methods: Cumulative Updates Service Packs Hotfixes Extensions for Microsoft Intune What is Updates and Servicing ? Updates and Servicing is a new ability in the ConfigMgr Console which allows you to install updates that provide fixes and new capabilities to your Configuration Manager infrastructure and clients, it's Software as a Service (SAAS) in action. To see where Updates and Servicing is used in the ConfigMgr console open the Administration workspace, expand Overview, select Cloud Services, and then select Updates and Servicing. If no updates are available or you have not staged any updates manually using the service connection tool then it will appear empty as in the screenshot below. Note: This new ability is applicable to both the Technical Preview 4 and Current Branch releases of System Center Configuration Manager but not to any earlier versions of the product. However updates offered to Technical Preview will not be offered to Current Branch. At the time of writing this article (January 7th 2016) there are currently no updates available for the Current Branch release, however there are updates available for the Technical Preview 4 version of ConfigMgr. As a result of this all screenshots and logs are taken from the TP4 release of Configuration Manager. Updates and Servicing does not require a Microsoft Intune connection, and uses the Service Connection Point role when it is in online mode to check for new updates. If any updates are detected, it will download them before making them available to the ConfigMgr admin in the console for installation. The Service Connection Point role can be configured to run in two modes: Online (automatic process) Offline (manual process) How can I change the mode ? Please refer to Step 19 here to see how you can configure the Service Connection Point role from Online to Offline or vice-versa. How does online mode work ? I will cover this in detail in another guide however, when in online mode, ConfigMgr updates are checked for every 24 hours. Checking for available updates and then downloading them is in turn handled by the SMS_DMP_DOWNLOADER component. If an update is found, a check is made to see if it is applicable, and only if it is applicable does it get automatically downloaded to the following folder <installation path>\Microsoft Configuration Manager\EasySetupPayload, and then offered for installation in the Console. When in online mode, telemetry data is sent to Microsoft weekly. How does offline mode work ? Offline mode can be used provided that the Service Connection Point role is in Offline mode. Offline mode is a manual process carried out by using a tool called serviceconnectiontool.exe which is available on the Installation Media in a folder called SMSSETUP\TOOLS\ServiceConnectionTool. If you followed my previous guide on installing TP4 here then you'll find that tool in the following folder: C:\SC_Configmgr_SCEP_TechPreview\SMSSETUP\TOOLS\ServiceConnectionTool The offline process itself can be broken down into four separate phases of which three are required: Prepare Export (optional) Connect Import Each phase can be run by using specific switches for the service connection tool (ServiceConnectionTool.exe). The service connection tool produces a log file (ServiceConnectionTool.log) in the folder that it is executed in and that log file overwrites itself every time you run the tool. In addition, the log file does not contain date/time stamps as of January 2016. Step 1. Use the -prepare switch to create a cab file containing the telemetry data To use the -prepare switch, first create a folder on a drive that is on the ConfigMgr primary server hosting the Service Connection Point running in Offline Mode. In this example you will create a folder on D:\ called usb. mkdir d:\usb To create a CAB file containing telemetry data about your sites configuration using an administrative command prompt browse to the folder containing the ServiceConnectionTool.exe file, and enter the following command: serviceconnectiontool.exe -prepare -usagedatadest d:\usb\usagedata.cab Note: After issuing the command the tool will either go ahead and create the usagedata.cab file or complain that the Usage data is not yet available or it may inform you that you entered an invalid command. If you get an invalid command error, carefully verify what you enter and that the destination path exists and it matches the case sensitivity. Immediately after successfully running the command above I'd recommend you backup the usagedata.cab file to another folder. If you run the same command again the tool will overwrite the file and does not seem to create the Telemetry file within the cab as explained in this bug I raised on connect. Use CMTrace to review the ServiceConnectionTool.log file which should be present in the folder you ran the tool from. If usage data is not available yet you'll see the following in the ServiceConnectionTool.log file. To resolve this try stopping and then restarting the SMS_EXECUTIVE component using the Configuration Manager Service Manager tool available in the Monitoring, System Status, Component Status section of the ConfigMgr console. Once restarted, wait ten minutes and then try the -prepare command again, a successful attempt will log to the ServiceConnectionTool.log file like this. After succesfully creating the usagedata.cab file browse to it's location using Windows File Explorer. The file should be greater than 1kb in size, if it isn't you have a problem (see the note above). Note: Copies of the telemetry data (Data.csv and TelemetryData,cab) are stored in <ConfigMgr Installation Folder>\EasySetupPayload\offline\Telemetry. The cab file can be opened in Windows File Explorer by double clicking on it and should (if properly created) contain a file matching a long GUID with a .TEL extension such as in the example below Step 2. Review the telemetry data (optional step) This is an optional step, telemetry data is only sent when you run the manual command listed in Step 3 or when the Service Connection Point is in online mode and that requires an internet connection. If you want to review what data that will be sent to Microsoft in the Step 3, use either of the two methods listed here or indeed open the .TEL file created in Step 1 above using notepad. Export a CSV file Review the telemetry data in SQL Export a CSV file To export a CSV file containing the telemetry data enter the command below. Please enter the command below carefully because if there is any mistake the tool may not generate any error message and no CSV file will be created. serviceconnectiontool.exe -export -dest D:\USB\UsageData.csv When typed correctly, the tool creates the CSV file. After a successful -export the ServiceConnectionTool.log file will look like this. And the CSV file is located where you specified. You can open that file in Notepad or Microsoft Excel to browse the contents. Review the Telemetry data in SQL Server The following SQL command can be used to view the contents of this table, and shows the exact data that is sent SELECT Results FROM TelemetryResults To see this data on the ConfigMgr Primary server, start SQL Server Management Studio, and expand databases, right click on your ConfigMgr database (CM_xxx where xxx is the site code) and choose New Query. Paste in the command above and click on ! execute. Below is a sample readout of the telemetry data gathered. This data can be viewed using this method whether or not the Service Connection Point is in Offline or Online mode. Step 3. Use the -connect switch to submit the data to Microsoft and to receive available updates Note: Perform the following on a computer with Internet access. This can be another server or the ConfigMgr Primary server hosting the Service Connection Point role as long as it has access to the internet. Create a few folders in C:\ as follows: mkdir c:\temp\UpdatePacks && mkdir c:\temp\UsageData Then, using Windows File Explorer, copy the contents of <InstallationMedia>\SMSSETUP\TOOLS\ServiceConnectionTool to C:\Temp. The following directory structure should now be in place: Next, copy the usagedata.cab file from the D:\USB\UsageData folder created in Step 1 to the folder created above called C:\temp\UsageData. Next issue the following command via an Administrative command prompt to submit that telemetry data to Microsoft and to obtain any available updates that are applicable for your ConfigMgr infrastructure. Be careful that you type the UpdatePacks folder destination correctly otherwise the tool will crash with an I/O error. Also be warned that this command seems to be case sensitive in relation to the file/folder names. ServiceConnectionTool.exe -connect -usagedatasrc c:\temp\UsageData\usagedata.cab -updatepackdest C:\temp\UpdatePacks Note: When you run this command be patient and allow it time to complete, you might think it's doing nothing but it is more than likely downloading content. You can open Task Manager and look at the Ethernet performance to confirm that. You should also use CMTrace to review the ServiceConnectionTool.log file which will be present in the folder you ran the tool from. When the download is completed the CMD prompt should return. The size of the update that was pulled down in my Lab was was 1.2GB in size, but they may be larger or smaller depending on what updates are released. After a successful connection you'll see something similar to the following in the ServiceConnectionTool.log file. Next use Windows File Explorer to copy the contents that were downloaded in C:\temp\UpdatePacks to the ConfigMgr server hosting the Service Connection Point role in Offline Mode in the following folder D:\USB\UpdatePacks. The D:\USB\UpdatePacks folder should now contain a bunch of files similar to what you can see here: Step 4. Use the -import switch to import the downloaded updates Note: Perform the following on the ConfigMgr server that is running the Service Connection Point role in Offline mode. Now that you've created the Telemetry data, reviewed it and uploaded it to Microsoft in order to get the applicable updates, it's time to make those updates available to your ConfigMgr server by importing them. To do so, open an administrative command prompt and browse to the folder containing the serviceconnectiontool.exe file and then enter the following command: serviceconnectiontool.exe -import -updatepacksrc D:\USB\UpdatePacks You can now close the command prompt. The import process copies the data to <ConfigMgr installation path>\Microsoft Configuration Manager\EasySetupPayload\offline as you can see below. After a successful import review the ServiceConnectionTool.log file present in the folder you ran the service connection tool from. Step 5. Review Updates and Servicing in the console and run the prerequisite checker Open the Configuration Manager console and navigate to Administration, Cloud Services , Updates and Servicing. Updates that were imported (and are applicable) should now be listed as available to install. Note: After the import is complete you can restart the SMS_Executive component to 'kick start' the update appearing in the ConfigMgr console. To review any issues with making the update available, please refer to the hman.log available in <ConfigMgr installation path>\Microsoft Configuration Manager\Logs. When you right click on an Update listed, you'll get a number of options (some of which may be greyed out if not applicable). Before installing any update I'd recommend you click on the second option, Run Prerequisite check as shown below. Once this check is complete (fairly quick) you can click on Show Status (bottom right) which will take you to the Monitoring workplace of the ConfigMgr Console and to the Site Servicing Status section as shown below, this will list the status of the prerequisite check under the Status column. If you want more details you can right click on the Update Package Name and choose Show Status as shown in the Update Pack Installation Status. Step 6. Install the Update available in Updates and Servicing To Install the Update, right click on it and choose Install Update Pack. The Configuration Manager Updates Wizard appears. Click on Next to start the update, you'll see a window asking you about your Options for Client Update settings. If you want to test the client in pre-production, point to a collection otherwise leave the default settings of Upgrade without validating and click next. Accept the License terms and privacy statement to continue review the summary and at the completion screen click on Close. Note: You can check the CMUpdate.log file found in <ConfigMgr installation path>\Microsoft Configuration Manager\Logs for detailed info about the installation of the update. Here you can see the CMUpdate.log file showing that the installation was successful. and the site service status will list the update as installed in the Status column. If you then right-click on the update listed you'll see a popup appear informing you of an update available for the console. Click on OK and go through the installation of the new console. Once done setup will launch the updated console. Well that's it, I hope you enjoyed reading this guide, until next time adios! Summary Updating your ConfigMgr infrastructure has become even easier with the new Updates and Servicing feature in System Center Configuration Manager Current Branch, allowing you to keep your infrastructure up to date and packed full of features to manage all devices in a modern Enterprise. Related Reading Update 1601 now available in System Center Configuration Manager Technical Preview - https://www.niallbrady.com/2016/01/27/update-1601-now-available-in-system-center-configuration-manager-technical-preview/ Installation of Current Branch - How can I install System Center Configuration Manager (Current Branch) Configuring Discovery - How can I configure discovery for System Center Configuration Manager (Current Branch) Configuring Boundaries - How can I configure boundaries in System Center Configuration Manager (Current Branch) ? Install updates for System Center Configuration Manager - https://technet.microsoft.com/en-us/library/mt607046.aspx Diagnostics and usage data for System Center Configuration Manager - https://technet.microsoft.com/en-us/library/mt613113.aspx How to test client upgrades in a preproduction collection in System Center Configuration Manager - https://technet.microsoft.com/en-us/library/mt612863.aspx Installation of TP4 - How can I install System Center Configuration Manager and Endpoint Protection Technical Preview 4 Downloads You can download a Microsoft Word copy of this guide here dated 2016/01/07. What is Updates and Servicing and how does it work with System Center Configuration Manager.zip Next Post > Updates and Servicing Online mode
  5. Introduction Microsoft have been hard at work developing the next release of Configuration Manager, and you can test the 4th iteration of it now, called System Center Configuration Manager and Endpoint Protection Technical Preview 4. This post will guide you through installing it from scratch using some automation via scripts. New Features New features in this technical preview include: Mobile Device management (MDM): enhanced feature parity with Intune standalone – With this technical preview, many of the MDM features that are supported via Intune standalone (cloud only) are also enabled for Configuration Manager integrated with Intune (hybrid). We will publish additional information later this year about the specific capabilities which will be supported with a hybrid deployment. Integration with Windows Update for Business – With Technical Preview 4, you have the ability to view the list of devices that are controlled by Windows Update for Business. Certificate provisioning for Windows 10 devices managed via on-premises mobile device management Limitations Note that this evaluation is limited as described below: Each install remains active for 60 days before it becomes inactive. English is the only language supported. Only a stand-alone primary site is supported. There is no support for a central administration site, multiple primary sites, or secondary sites. Only the following versions of SQL Server are supported: SQL Server 2012 with cumulative update 2 or later SQL Server 2014 The site supports up to 10 clients, which must run one of the following: Windows 7 Windows 8 Windows 8.1 Windows 10 There is no support for upgrade to this preview build. There is no support for upgrade to a later build from this preview build. Only the following install flags (switches) are supported: /silent /testdbupgrade There is no support for migration to or from this preview build. Assumptions In this guide I assume you have already installed two servers running Server 2012 R2 as listed below, I also assume you have some knowledge of PowerShell, if you don't, start learning it now ! AD1 Active directory domain controller with DNS, DHCP. IPv4 Address: 192.168.5.1 Subnet Mask: 255.255.255.0 Default Gateway: 192.168.5.199 CM01 Configuration Manager server, joined to the domain. IPv4 Address: 192.168.5.2 Subnet Mask: 255.255.255.0 Default Gateway: 192.168.5.199 I've a Smoothwall Linux firewall running on 192.168.5.199 sharing internet into these vm's. Make sure you have a copy of SQL Server 2014 ready to install as that is the version used in this guide. Step 1. Define some GPO's Note: Perform the following on the Active Directory Domain Controller server (AD1) as Local Administrator To allow SQL to replicate data, open the following TCP ports in the Configuration Manager firewall, 1433, 4022. You can do this by targetting your ConfigMgr servers with a GPO. To create the GPO do as follows. Start the Group Policy Management tool (GPMC.MSC) and create a new GPO. Note: In the example screenshot below I link the GPO to the domain GPO however you should consider creating an OU specifically for your Configuration Manager servers and target this GPO only to that OU (your Configuration Manager servers require this GPO for SQL replication). Give the GPO a name such as SQL Ports for System Center Configuration Manager. When done, right click on the GPO and choose Edit. Select Computer Configuration, Policies, Windows Settings, Security Settings, Windows Firewall with Advanced Security and select Inbound Rules, choose New Rule and follow the wizard for opening up TCP port 1433 as per this guide on Technet. Once done, repeat the above for TCP Port 4022. Optional: Once the above is done, and if you intend on using the PowerShell script in Step 2 to create users and to make a user a local admin on the CM01 server, create another GPO called Allow Inbound File and Printer sharing exception which sets Windows Firewall: Allow inbound file and printer sharing exception to Enabled. This policy is located in Computer Configuration, Administrative Templates, Network, Network Connections, Windows Firewall, Domain Profile. Once done, apply the GPO's by running gpupdate /force on CM01. Step 2. Create users Note: Perform the following on the Active Directory Domain Controller server (AD1) as Local Administrator You can do this manually, or automated using the supplied PowerShell script. To create users manually, add the following users in AD using Active Directory Users and Computers * <your user name>, a domain user, this user will become a local administrator on CM01 * Testuser, a domain user * CM_BA, used for building ConfigMgr created images * CM_JD, used for joining computers to the domain * CM_SR used for reporting services. * CM_CP, a domain user used when installing the Configuration Manager Client for Client Push. * CM_NAA, a domain user, (Network Access Account) used during OSD or use the supplied PowerShell script Create Users Usergroups and OU in AD.zip Download and the unzip the script, run it by opening Windows PowerShell ISE as Administrator on AD1. You may need to edit the script and adjust the variables to your liking for example if you want to change the default password, you may also want to rem out the MDT and MBAM user/groups that are created and change some of the user names within. After running the PowerShell script in Windows PowerShell ISE you'll see something like the following. and in Active Directory Users and Groups you can see the OU and structure it created Step 3. Create the System Management Container Note: Perform the following on the Active Directory Domain Controller server (AD1) as Local Administrator Open ADSI Edit, click on Action, Connect To and click Ok, Double Click on Default Naming Context and the DC= that appears below it. Click on the + and scroll down to CN=System. Right Click on CN=System and choose New, Object, choose Container from the options, click Next and enter System Management as the value as shown below Step 4. Delegate Permission Note: Perform the following on the Active Directory Domain Controller server (AD1) as Local Administrator Open Active Directory Users and Computers. Click on view, select Advanced Features. Select the System Management Container, and right click it, choose All Tasks and Delegate Control. When the Welcome to Delegation of Control Wizard appears click next, then click Add. click on Object Types, select Computers. Type in your Configuration Manager server name (CM01) and click on Check Names, it should resolve. Click Ok, then Next. Choose Create a Custom Task to Delegate, click next, make sure This folder, existing objects in this folder and creation of new objects in this folder is selected. Click next, select the 3 permissions General, Property-Specific and Creation-deletion of specific child objects are selected then place a check mark in Full Control. Tip: Repeat the above for each site server that you install in a Hierarchy. Step 5. Install Roles and Features on CM01 Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator To support the various features in System Center Configuration Manager, requires some Roles and Features pre-installed on CM01, so let's go ahead and install them. On CM01, login as the username you added to the Local Administrators group and create a folder on C: called temp. Download the following zip file into C:\Temp, the XML file was created using the Export Configuration File option in Server Manager after manually installing roles and features and the accompanying PowerShell script simply installs it. Make sure your Server 2012R2 media is in the drive specified in the script. roles and features and setup ADK.zip Run the script in Windows PowerShell ISE Step 6. Download and install ADK 10 Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator The Technical Preview prerequisite checker will check for various things, including ADK components such as USMT, Windows Preinstallation Environment, so install it on your server. To do so, either download ADKsetup from here. Or run the following PowerShell script to download and install it for you (including installing Windows Deployment Services). Note: due to issues with Windows ADK 10 for build 1511, i'm using the original Windows 10 ADK in the download script. Step 7. Install SQL on CM01 Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator Before you install the Configuration Manager you need SQL installed, both SQL Server 2012 and SQL Server 2014 are supported however you will use the latest release, SQL 2014. This line below will install SQL Server with the correct collation needed for ConfigMgr to C:\Program Files\Microsoft SQL Server. If you don't want to use that location you can change it by changing the /INSTANCEDIR in the line listed below in addition, make sure to place your SQL Server 2014 media in D:\ before running the script, if it's on a different drive letter, modify D:\setup.exe accordingly. To start the install, open an administrative cmd prompt on CM01 and change "windowsnoob\niall" to match your domain\username, after you've made the edit, press enter to install SQL Server 2014. D:\setup.exe /q /ACTION=Install /ERRORREPORTING="False" /FEATURES=SQLENGINE,RS,IS,SSMS,TOOLS,ADV_SSMS,CONN /INSTANCENAME=MSSQLSERVER /INSTANCEDIR="C:\Program Files\Microsoft SQL Server" /SQLSVCACCOUNT="NT AUTHORITY\System" /SQLSYSADMINACCOUNTS="BUILTIN\ADMINISTRATORS" "windowsnoob\niall" /SQLSVCSTARTUPTYPE=Automatic /AGTSVCACCOUNT="NT AUTHORITY\SYSTEM" /AGTSVCSTARTUPTYPE=Automatic /RSSVCACCOUNT="NT AUTHORITY\System" /RSSVCSTARTUPTYPE=Automatic /ISSVCACCOUNT="NT AUTHORITY\System" /ISSVCSTARTUPTYPE=Disabled /ASCOLLATION="Latin1_General_CI_AS" /SQLCOLLATION="SQL_Latin1_General_CP1_CI_AS" /TCPENABLED="1" /NPENABLED="1" /IAcceptSQLServerLicenseTerms For a list of options for installing SQL Server 2014, see this page on Technet: https://technet.microsoft.com/en-US/library/dd239405%28v=sql.120%29.aspx Once installed, you should see success messages like below, if not, troubleshoot the error and/or review your command line for typos. Step 8. SQL Memory Configuration. Depending on your memory configuration and server setup, you may also want to configure SQL memory limits as per the following guidance prior to installing ConfigMgr otherwise you'll get warnings when you run the Server Readiness checks. Configuration Manager requires SQL Server to reserve a minimum of 8 gigabytes (GB) of memory for the central administration site and primary site and a minimum of 4 gigabytes (GB) for the secondary site. This memory is reserved by using the Minimum server memory setting under Server Memory Options and is configured by using SQL Server Management Studio. For more information about how to set a fixed amount of memory, see here. If your SQL Server is configured for unlimited memory usage, you should configure SQL Server memory to have a maximum limit. Based on the above recommendations i've configured the SQL Server memory for this standalone primary in my lab as follows: Step 9. Restart the Server open an administrative command prompt and issue the following shutdown /r Step 10. Install the WSUS role Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator Now that SQL server is installed, we can utilise that for the WSUS database. To install WSUS and configure it to use the database created above, do as follows: browse to the location where you extracted the scripts, C:\Temp Start Windows PowerShell ISE as administrator, then run the install roles and features_WSUS.ps1 script. Step 11. Download and extract the content Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator You'll need the Technical Preview content in order to install ConfigMgr, and to get it you have to click this link and register (registration is required). Once you have registered you'll be able to download the self extracting exe called SC_Configmgr_SCEP_TechPreview.exe which is 802MB in size. Double click the EXE and let it extract to the default folder C:\SC_Configmgr_SCEP_TechPreview. Step 12. Download the ConfigMgr Prerequisites Open a command prompt with administrative permissions and Navigate to C:\SC_Configmgr_SCEP_TechPreview\smssetup\bin\X64 Run the following line SetupDL.exe C:\Downloads Note: Do not continue until the pre-requisites are downloaded. Step 13. Extend the Schema Note: Perform the following on the Domain controller server (AD1) as Administrator Using Windows File Explorer on the Domain Controller, browse to \\cm01\c$\SC_Configmgr_SCEP_TechPreview\SMSSETUP\BIN\X64 locate extadsch.exe, right click and choose Run As Administrator. A command prompt window will appear briefly as the schema is extended, check in C:\ for a log file called ExtADSch.log it should look similar to this Step 14. Install Configuration Manager Technical Preview 4 Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator Browse to C:\SC_Configmgr_SCEP_TechPreview and click on Splash.HTA click on Install and then click on Next place a checkmark in Use typical installation options for a stand-alone primary site and click next accept the two pages of EULAs select Use Previously downloaded files and specify C:\Downloads fill in your desired site code and name/path. review your CEIP options and select your Service Connection Point settings (hard coded for now), this is the setting which allows you to decide to keep up to date with Configmgr releases, by being notified about them, or not. You can change the choice later in the console. review the Settings Summary and enjoy the fact that you are following a windows-noob.com guide, so no errors or warnings are reported. Click on Begin Install to install. off it goes... click on View Log to see what's being logged about the install and after a certain period, you are done ! Step 15. Restart the Server open an administrative command prompt and issue the following shutdown /r Step 16. Open the Console Now that everything is installed, open the Configuration Manager console, click on Help, About, here's the version. Download a copy of this guide If you'd like a Microsoft Word copy of this guide download the following (last updated 20, November 2015): Installation of System Center Configuration Manager TP4.zip cheers ! niall
  6. the only issue with technical preview is you can only manage 10 clients with it and it expires quickly, plus as it's changing quickly you'll need to update monthly. Unless you really want to experiment with new features that are only available in Technical Preview iId recommend you try the current branch releases (even in your lab). Here are a few guides to get you started with 1802 (the current baseline release). How can I install System Center Configuration Manager (Current Branch) version 1802 on Windows Server 2016 with SQL Server 2017 – Part 1 How can I install System Center Configuration Manager (Current Branch) version 1802 on Windows Server 2016 with SQL Server 2017 – Part 2 How can I install System Center Configuration Manager (Current Branch) version 1802 on Windows Server 2016 with SQL Server 2017 – Part 3 How can I install System Center Configuration Manager (Current Branch) version 1802 on Windows Server 2016 with SQL Server 2017 – Part 4 as regards your boundary, set it to whatever your ip address range(s) are within the lab, as I describe here
  7. so you installed a CAS and a Primary in your lab using the Technical Preview ? why ? I would just install a single primary and that would be more than enough for a lab unless you specifically need to understand how CAS/PRI works... can you tell me what your aim is exactly (in your lab) and why you want to use Technical Preview over Current Branch cheers niall
  8. Introduction At Microsoft Ignite this week in Florida, there were many new announcements of new capabilities in products such as Microsoft Intune. With so many new announcements it’s hard to keep up, but if you want to find out more, read on or select the part that interests you below. Part 1 – Introduction and news Part 2 – iOS – what’s new Part 3 – Android – what’s new Part 4 – macOS – what’s new Part 5 – Windows – highlights This content is based on an excellent session entitled “BRK3036 – Managing devices with Microsoft Intune: What’s new and what’s next” and you can review it yourself here. The session was presented by: Terrell Cox Paul Mayfield In this post we’ll look at some of the highlights for Windows 10 management with Intune. Win32 App Management feature Now when you try out this feature in Intune, you’d think you can just point to a recently downloaded EXE, or MSI file, but no, you cannot. You can only use files that have been converted into the .intunewin extension. How do you get that extension ? using this tool. Download the required tool Once downloaded, run the EXE and point it to the source folder that you have the MSI or EXE downloaded to that you want to convert, and then, spell out the file name, and finally select the output folder, it will then convert it to the *.intunewin extension as you see below. which will allow you to upload it into Intune. This new feature supports multi file installation, exe, msi, cab files.\ and you can even configure cmd line switches just like you do in Configuration Manager You can configure the requirements And you can even configure detection rules and return codes, so that you know if the app installed successfully or failed. Once added, you can assign this to groups of users, as required (mandatory) or optional (via the company portal), and keep in mind that for Office ProPlus with Intune all you need to know is that you can utilize what’s available within Intune to deploy that, I blogged it earlier here. What about Configuration Management ? A few of the concerns from customers to Microsoft was that using the MDM stack in Windows for configuring Windows was that it had a lot of important settings, but not enough for what was needed to be configured in the environment. So now within (for example) Endpoint Protection in Intune, you can configure dozens of settings, that were previously available via Group Policy, things like firewall rules or Bitlocker. But if you select, Windows 10 or later, then select the new feature Administrative Templates you have thousands of settings to choose from (searchable too), that can configure things for applications like Office Desktop. This takes the ADMX infrastructure from Group Policy and makes it possible to deploy via MDM. MDM Security baselines But wait, there’s more, you can now also configure MDM security baselines. And the idea behind these baselines is Microsoft has recommendations for what those settings should be. And with these options, you can select what should be good to select for your enterprise to have a secure compliant deployment of Windows. The recommendations are available dynamically in the console on an ongoing basis. What about Devices ? If we go to the device enrollment, windows enrollment tab you can select windows enrollment and look at the new Windows Autopilot options, as shown below. Note: The below info was taken from another related session, see my notes on that here Windows Autopilot Announced at Microsoft Ignite last year (2017), helps customers moving to modern management. Windows AutoPilot Scenarios. Hyrbid azure ad join, starting in 1809, can be hybrid azure ad joined (enrolled into Intune and device joined to on premise AD). Also announced Windows Autopilot for existing devices… Use Intune to create dynamic groups for those autopilot devices. Can pre-assign users to devices, in the Intune console you find the device (in Windows Enrollment, Windows AutoPilot devices), click assign user, When they go through autopilot they wont be prompted for the email address, instead they’ll get a custom welcome and a more personalized login. Windows Autopilot and ConfigMgr Autopilot task sequence, supported starting with windows 10 1809 Create a package with the JSON file which was created using the Powershell cmdlets Then create the autopilot task sequence, add the package, provisioning the device using the task sequence that’s it for this series, I hope you enjoyed it, cheers niall (at Microsoft Ignite in Orlando, Florida).
  9. well can you tell me if you've satisfied the other requirement, " has VC++ Redistributable " when you run it now are you getting the same error or a new one, ? are you running it on the site server or are you running it remotely on another computer ? more details about what you are doing/have tried will help with the troubleshooting
  10. "The machine where the tool runs must be a x64 bit system and has VC++ Redistributable. Please refer to the tool's documentation for more details on prerequisites." is it?
  11. Those of you that were interested in Microsoft Ignite in Florida recently, would have probably noticed me tweeting ecstatically that I was delighted about receiving a Lenovo P1 from @Joe Parker (Principal Engineer, Manager at Lenovo). This was the culmination of conversations held via twitter and email between myself and Joe, which basically started out from a need to replace my Hyper-v Lab. A month has come and gone and I’ve been busy working, and when I have time, getting my data migrated over from the old lab to the new, and now it’s pretty much done. A quick look at my previous lab But first, a bit of a background, my previous Hyper-v lab was an aging Intel i7 with 16GB of ram but with a whopping 5 TB of SSD storage (1 x 1TB and 1 x 4TB). That computer was my home lab machine for many years and it’s safe to say that pretty much the last 5 years of guides on windows-noob and niallbrady were done via virtual machines hosted on that computer. It did a great job but it lacked the power, speed and expand-ability that I needed for now and the future. It’s age was showing daily. Even exporting or importing virtual machines to external discs was slow, very slow, not to mention how little 16GB of ram feels in today’s lab environments. Not enough memory When starting labs such as my 8 part PKI lab mini series, I’d frequently get errors like this and that was after configuring those virtual machines to run on the bare minimum of ram:- Clearly, I had to do something as the computer was old and I needed something fast, and better able to handle newer operating systems and memory demands that those virtual machines in Hyper-v demanded. I knew I needed a Workstation, and as I often demo labs to others, I wanted it to be mobile. Joe @ Lenovo I reached out to Joe as I knew he was a friend of the community and Lenovo was producing some amazing new products of which they were rightly proud. I was no stranger to Lenovo having used them for years at home and in work so I knew they were reliable and good quality. Joe offered to help and I was more than happy to accept his help. Unboxing I received the new mobile workstation @ Microsoft Ignite and was straight away impressed with the package, it was delivered in a lovely ThinkPad box. Inside the box was dare I say it, a beautiful Lenovo P1 (brief specs below), for the full specs see this page. Intel® Xeon® E-2176M 6 Core Processor with vPro™ NVIDIA® Quadro® P2000 4 GB 32 GB DDR4 2666 MHz ECC (Xeon only) 2 TB PCIe SSD (Raid 0) 15.6″ 4K UHD (3840 x 2160) IPS multi-touch, anti-reflective, anti-smudge, 400 nits, 100% Adobe color gamut, 10-bit color depth 2 x Intel® Thunderbolt 3 (Type-C) 2 x USB 3.1 Gen 1 (Type A) Windows 10 Pro for Workstations One thing to note is it has 32GB of RAM, but it’s ECC ram (error correction) and this is the only option currently with the Xeon processor, if you want 64GB of ram, go for the i7 bundle instead. I think you can even put 64GB of non-ECC ram in the Xeon box but I havn’t tested it. I unboxed the P1 and was straight away impressed, it feels smooth to the touch and exudes great build quality and attention to detail. And it looks gorgeous. I mean, look at it ! Using the P1 When you start the P1, it’s hard to believe how fast it boots up, those NVMe discs are just so fast in a Raid 0 configuration (2 x 1TB in Raid 0) that Windows hello logs you in jiffy and you can start working right away. The first thing you’ll notice (apart from the speed) is the brilliantly bright and vibrant color screen, it’s 4K capable and touch enabled. The colors just jump out at you. The screen is really crystal clear and I can’t fault it other than you might see some hints of light on very dark screen’s around the edges when the brightness is turned up full, but that could be because my unit is an Evaluation Unit (pre production). I enabled the hyper-v feature on the P1 and started copying over some of my labs. Starting my labs is now both quick and easy, and I can start more than before, easily double with the 32GB of ram. But my goal is to utilize more ram per virtual machine as previously they were struggling with bare minimum amounts of ram. I did a non-scientific test, starting the very same 6 vm’s on my old versus new hyper-v host machine, here are the average results, where hyperv-7 is my old lab and hyperv-8 is the new lab. hyperv-7 19.70 seconds hyperv-8 9.50 seconds That’s quite an improvement ! When you think of a mobile workstation, most of you (including me) are all too familiar with big, chunky, heavy lumps of things that might have the power, but are so heavy and ugly that giving them a mobile description, is a stretch. Not so with the P1, you can pick it up with one hand easily, it’s very slim and light so it’s easy to carry around from one meeting to the next. Plus, this laptop looks great, so you won’t be embarrassed with it either, on the contrary it will be the opposite ! Trust me, this is probably the nicest, lightest mobile workstation you’ll ever pick up. It’s also well specked with Thunderbolt 3 (type C, 2 ports) so my plan is to buy an adaptor for my 4 TB SSD and connect it directly via Thunderbolt 3, that’ll give me 6TB of storage for my new lab. BenchMarks The NVIDIA Quadro P4000 Max-Q video card is ISV certified, meaning it’s designed for professional work and you can utilize the Nvidia control panel to select and customize your individual preferences. “The Quadro GPUs offer certified drivers, which are optimized for stability and performance in professional applications (CAD, DCC, medical, prospection, and visualizing applications). The performance in these areas is therefore much better compared to corresponding consumer GPUs.” To get detailed benchmarks for this video card please see the following site. I’ll come back in a few months to report on how my lab is working out on the Lenovo P1, but until then, thank you for reading and many many thanks to Joe and all the other great people @ Lenovo for making my dream come true ! Recommended reading https://www.lenovo.com/us/en/laptops/thinkpad/thinkpad-p/ThinkPad-P1/p/22WS2WPP101 https://www.notebookcheck.net/NVIDIA-Quadro-P4000-Max-Q-GPU-Benchmarks-and-Specs.239406.0.html https://ssd.userbenchmark.com/SpeedTest/413203/PM981-NVMe-Samsung-1024GB https://en.wikipedia.org/wiki/Standard_RAID_levels#RAID_0
  12. anyweb

    Imaging over USB issue

    <![LOG[The action (Partition Disk 0 - UEFI) has been skipped because the condition is evaluated to be false]LOG]!><time="14:50:41.848+480" date="11-02-2018" component="TSManager" context="" type="1" thread="1420" file="instruction.cxx:688"> so check your options on that step. specifically this,.., Expand a string: _SMSTSMediaType]LOG]!><time="14:50:41.848+480" date="11-02-2018" component="TSManager" context="" type="0" thread="1420" file="utility.cpp:805"> <![LOG[Expand a string: OEMMedia]
  13. first question, why use Windows 7 it's EOL 2020, i'd recommend Windows 10 instead for a client based distribution point, secondly, you can enable branchcache but you will be limited to the number of concurrent connections per box as it's a client os and not a server os
  14. Introduction More and more touch enabled Windows 8 hardware is becoming available, which is great news for us but it also poses some technical challenges. I recently had to image some Lenovo ThinkPad 10's with Windows 8.1 using UEFI network boot via System Center 2012 R2 Configuration Manager. Problem Imaging the Lenovo ThinkPad 10 using USB Bootable media posed no issue even though the same boot wim was used for UEFI Network boot. When booting this device using UEFI network boot all was fine until just after the nbp (network boot protocol) part of the process started, this was even before the PXE password was presented. The problem was that the video resolution was set to something like 800x600 which means displaying any sort of Frontend HTA or UDI wizard to end users will look terrible. A colleague of mine (thanks Magnus) started testing with unattend.xml, wpeinit and drvload and got some good results so I set about putting a working solution together in a task sequence. Solution We will use drvload to load the video driver while still in WinPE as one of the first steps in the task sequence, normally you do not need to do this however in this case it's required as the video resolution is unusable. Step 1. Download and extract the driver Download the Chipset driver for the Lenovo ThinkPad 10 from Lenovo's website here. Once done, extract it somewhere by double clicking on the EXE file. By default it wants to extract the drivers to C:\Drivers. Browse to the path of the extracted drivers and locate the GFX folder as shown below Copy the GFX folder and all files and folders within in to your Configuration Manager package sources share, for example \\sccm\sources\os\drivers\Lenovo\ThinkPad10\Video\GFX as shown below Step 2. Create a Package containing the driver In the Configuration Manager console, create a new Package in Software Library, Fill in the Package details and browse to the GFX folder copied above as shown below with no Program as shown below continue through that wizard until completion Step 3. Distribute the package to your distribution points Right click on the package and choose Distribute Content as shown below after selecting at least one distribution point continue through that wizard until completion Step 4. Edit your task sequence and create a new Group Open up your deployment task sequence (I used the CM12 BitLocker Frontend HTA available here) and create a new group called Lenovo ThinkPad 10 UEFI Video fix. Next, on the options tab create a new If statement, where ALL the conditions are true. The conditions to check for are: check if it's a PXE boot check if it's in UEFI mode check for the Lenovo MTM You can do this by adding the PXE boot check using the _SMSTSLaunchMode variable as shown below and add an UEFI bios check by using the _SMSTSBootUEFI variable as shown below add a new wmi query as the one shown below Select * FROM Win32_ComputerSystem WHERE model like "20C3%" so that the finished options tab look exactly like below Step 5. Add a Run Command Line to xcopy the video driver Next within the new group, create a Run Command Line step, make sure that the step occurs somewhere at the start of the task sequence before any HTA, Frontend or UDI wizard is displayed such as in the example below. This step will work fine whether or not you have an MDT Integrated task sequence as it uses the _SMSTSMDataPath variable. the command line of the xcopy is xcopy ".\*.*" "%_SMSTSMDataPath%\ThinkPad10" /D /E /C /I /Q /H /R /Y /S make sure that you point to the package created in Step 2 above. Step 6. Add a Run Command Line to xcopy the video driver Next, create another new Run Command Line, and use the following command line drvload %_SMSTSMDataPath%\ThinkPad10\kit59677.inf so that it looks like below Step 7. Otpional - Set the resolution with Unattend.xml Create a text file called unattend.xml and copy it to your Video driver package created in step 2 above, redistributed that package to your distribution points, the contents of the file should be as below <?xml version="1.0" encoding="utf-8"?> <unattend xmlns="urn:schemas-microsoft-com:unattend"> <settings pass="windowsPE"> <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> <Display> <ColorDepth>32</ColorDepth> <HorizontalResolution>1024</HorizontalResolution> <RefreshRate>60</RefreshRate> <VerticalResolution>768</VerticalResolution> </Display> </component> </settings> </unattend> Create another run command line step to set the resolution using wpeinit /unattend:%_SMSTSMDataPath%\ThinkPad10\unattend.xml as shown in the screenshot below Note that the unattend.xml file will not work unless the video driver above is loaded first. Step 8. PXE boot and verify Make sure the unit is shutdown first. Then initiate a UEFI network boot (PXE boot) by holding the volume down key (right side) and Power button (top side). I used a USB 3 ethernet dongle attached to a USB hub and a USB keyboard. Select the LAN connection using your external keyboard or use the up/down volume control then the UEFI network boot process starts, press enter or it won't boot it boot's to the PXE password screen, notice the resolution is extremely low After entering the password you select a task sequence, again at this point the resolution is low (you could fix this by including the driver in the boot wim but that would increase your boot image size considerably for only one model.) it's starts the task sequence, and get's to our newly added group, which then copies down the video driver files then installs them using Drvload followed by setting the resolution to 1024x768 via the unattend.xml file (this was optional, if you choose not to do this it will default to the native 1920x1080 with tiny text etc...) Job done ! cheers niall. Related Reading Task Sequence Built-in Variables in Configuration Manager - http://technet.microsoft.com/en-us/library/hh273375.aspx Drivers for Lenovo ThinkPad 10 - http://support.lenovo.com/us/en/products/tablets/thinkpad-tablet-series/thinkpad-10
  15. anyweb

    Imaging over USB issue

    did you confirm that the partition step is actually taking place and succeeding, can you attach your smsts.log ?
  16. This week Cireson is launching 14 new Remote Management apps for the Cireson Analyst Portal for Microsoft Service Manager. They’re live on our website here: https://cireson.com/service-management/#remote_management They are offering a two-part webinar (in 3 regions) in November about these apps including deep dive demos. Registration is here: http://go2.cireson.com/af2?LinkID=CH00096971eR00000253AD Here’s a brochure with more information. sign up !
  17. well that's why, once you've upgraded to one of the latest releases you'll see the easysetupfolder reduce to about 1.3GB or so
  18. this is more than likely because you are using an earlier release of SCCM Current Branch, once you've upgraded to 1702 or later I believe that problem will be resolved. What version are you using ?
  19. So you’ve heard all about Windows Server 2019 - now you can see it in action in a live demo webinar on November 8th! The last WS2019 webinar by Altaro was hugely popular with over 4,500 IT pros registering for the event. Feedback gathered from that webinar and the most popular features will now be discussed and tested live by Microsoft MVP Andy Syrewicze. And you’re invited! This deep-dive webinar will focus on: Windows Admin Center Containers on Windows Server Storage Migration Service Windows Subsystem for Linux And more! Demo webinars are a really great way to see a product in action before you decide to take the plunge yourself. It enables you to see the strengths and weaknesses first-hand and also ask questions that might relate specifically to your own environment. With the demand so high, the webinar is presented live twice on November 8th to help as many people benefit as possible. The first session is at 2pm CET/8am EST/5am PST and the second is at 7pm CET/1pm EST/10am PST. With the record number of attendees for the last webinar, some people were unable to attend the sessions which were maxed out. It is advised you save your seat early for this webinar to keep informed and ensure you don’t miss the live event. Save your seat: https://goo.gl/CgCSso
  20. are you getting errors in dmpdownloader.log or cmupdate.log, can you attach the log file with the errors please....
  21. Introduction At the start of this series of step by step guides you installed System Center Configuration Manager (Current Branch), then you configured discovery methods. Next you configured boundaries to get an understanding of how automatic site assignment and content location works. After that you learned how to update ConfigMgr with new features and fixes using a new ability called Updates and Servicing and you learned how to configure ConfigMgr to use Updates and Servicing in one of these two modes: Online mode Offline mode To prepare your environment for Windows 10 servicing (this guide) you learned how to setup Software Updates using an automated method (via a PowerShell script) or manually using the ConfigMgr console. Next you used a PowerShell script to prepare some device collections, then you configured client settings for your enterprise and finally you'll deployed the ConfigMgr client agent using the software updates method which is the least intensive method of deploying the Configuration Manager client agent. As System Center Configuration Manager (current branch) is being delivered as a service now, version 1602 was made available (March 11th, 2016) and you used Updates and Servicing to do an in-place upgrade to that version as explained here. Next you learned about how to use the Upgrade task sequence to upgrade your Windows 7, Windows 8 (and 8.1) and even your Windows 10 devices to a later build of Windows 10. You then learned about the new Windows 10 servicing features which use Servicing Plans in ConfigMgr (Current Branch). Next you integrated MDT 2013 update 2. MDT integration with ConfigMgr is useful as it provides additional functionality for operating system deployment scenarios such as Offline Language Package installation or User Driven Integration (UDI). Next you learned how to deploy Language Packs offline for Windows 10. To assist with Windows 10 servicing and for applying appropriate software updates to your Windows 10 devices, you used PowerShell to add queries to the various Windows 10 collections. Next you took a deeper look at the Windows 10 Upgrade task sequence, and learned one way of dealing with potential upgrade issues. While that method will flag a problem, such as determining the system UI language doesn't match the provided media, it won't allow you to continue with the upgrade. Next you learned how to upgrade the operating system when a language pack was installed, provided that the system UI language is from a 'list' of approved languages that you intend to support. This guide will show you how to display customized messages to a user during a task sequence, and how to set an exit code which could allow you to deliberately fail an action if necessary. All that's required is a few steps to set variables, a PowerShell script, and the serviceUI.exe executable from MDT 2013 Update 2. Step 1. Create a package On your ConfigMgr server, in the sources share, create a folder called Display Custom Message and place the DisplayCustomMessage.ps1 PowerShell script available in the downloads section of this guide, in the folder. Even though you might be deploying an X64 operating system, locate, select and copy the x86 architecture version of ServiceUI.exe from the Sources\OSD\MDT\MDT2013u2\Toolkit\Tools\x86 folder into the Display Custom Message folder as shown below. In the ConfigMgr console, Software Library, select Packages and right click, choose Create Package. Fill in the following details, Choose Do not create a program and then continue through the wizard until completion. Once the package is created, right click the package and choose Distribute Content. Distribute the package to your distribution points. Step 2. Create a custom task sequence In the ConfigMgr console, in Software Library, select Operating Systems and right click on Task Sequences, choose Create Task Sequence. select Create a new custom task sequence give the task sequence a suitable name such as Display Custom Messages with exit codes continue through that wizard until completion. Step 3. Edit the task sequence Right click on the newly created task sequence and choose edit It will appear blank, click on the Add Drop down and add a New Group called Display Custom Message Create a new Set Task Sequence Variable step called Set Title with a Task Sequence Variable called Title, with a suitable value as follows: Create a new Set Task Sequence Variable step called Set Message with a Task Sequence Variable called Message, with a suitable value as follows: Create a new Set Task Sequence Variable step called Set ReturnCode with a Task Sequence Variable called ReturnCode, with a suitable positive value as follows: Click Add and choose Run Command Line, name the step Display Custom Message and paste in the following: ServiceUI.exe -process:TSProgressUI.exe %windir%\sysnative\WindowsPowerShell\v1.0\powershell.exe -WindowStyle Hidden -NoProfile -ExecutionPolicy bypass -nologo -file DisplayCustomMessage.ps1 For Package, select the Display Custom Message package created above. Copy the entire group and paste it below the first group Edit the Set Message step as below Edit the Set ReturnCode step, and choose a value that the Options tab on the Display Custom Message step is not going to expect such as 1, this will cause the next step to fail when it returns the return code. Apply your changes and exit the Task Sequence wizard. Step 4. Deploy the task sequence Right Click on the task sequence and choose Deploy Choose a suitable collection and use a purpose of Available. Step 5. Review the capabilities On a client computer that is in the collection that the task sequence was deployed to, open Software Center and select the Display Custom Message with exit codes task sequence. choose Install and after a few moments the first popup message appears ! As the ReturnCode for the first message was set to a value we expected (0 or 3010) it did not fail the task sequence. Click OK to continue... the next message appears, note the different text, and it's hinting towards what will happen Clicking OK will produce the failure Which is OK because we were expecting it, in fact, the ReturnCode we set (1) is listed in the failure message. In a real Production task sequence however, you'd take care of failures and deal with them in a professional way, I just want you to see that we can actually set the ReturnCode via the custom message. To get more proof of that refer to the SMSTS.log file, and you can see that it's setting the ReturnCode to the value we chose result ! Summary Popping up messages to users during a task sequence is sometimes necessary, and when things go wrong, you sometimes need to fail the task sequence or set a ReturnCode to do a planned action. This guide helps you do both of those things dynamically. Related Reading Task sequence steps in System Center Configuration Manager - https://technet.micr...y/mt629396.aspx If you'd like to send a notification message to users in Intune in Azure, try the following guide. Downloads You can download a Microsoft Word copy of this guide here dated 2016/05/26 How can I display custom messages to users during a task sequence in SCCM Current Branch.zip You can download the PowerShell script used above here: DisplayCustomMessage.zip\
  22. anyweb

    Sccm Error 1606

    enable cmd support in the boot image, then pxe boot and press f8 in the boot image before it reboots, open x:\windows\temp\smstslog\smsts.log what does it tell you ?
  23. did you modify my powershell script in any way ? if not, can you show the set * variable steps ?
  24. Introduction Update: This script was updated 2017/11/10 with several new abilities to customize most of what you can define in the Virtual Machine settings. This is an extremely quick post to help you create Hyper-V virtual machines using PowerShell. The script assumes you've already installed the Hyper-V feature in Windows. You can define a bunch of variables *highlighted in red below* such as type of Checkpoint, or Memory or CPU settings, to define how your Virtual Machines are created, The script prompts you for three inputs: Virtual Machine name Virtual Switch Name Generation type (Gen1=legacy, Gen 2=UEFI) Here's a screenshot of the script in action: And after running you can see the Virtual Machine properties match what you specified (Gen 2, switch name, cpu settings and so on...) and the New Virtual Switch is created (if it didn't already exist) that's it, have fun. Downloads You can download a copy of the script here. Create HyperV VM2.ps1
×