narcoticmind

I'd go with the Application method (I'm assuming you're using SCCM2012) and do two different Deployment Types instead.

Couple of ways.. one is the VBS/CMD way you already mentioned... I'd go with this: First, patch the MSI with MSP before the deployment, this way you don't have to deploy the MSP separately. This can be done as follows: 1. Create folders 1_MSI, 2_MSP, 3_FINAL 2. Copy the .msi to 1_MSI and .msp to 2_MSP 3. Create Administrative installation point of .MSI to folder 3_FINAL: msiexec /a "C:\temp\1_MSI\package.msi" TARGETDIR="C:\temp\3_FINAL" /qb 4. Apply the .msp to .msi: msiexec /a "C:\temp\3_FINAL\package.msi" /p "C:\temp\2_MSP\patch.msp" /qb 5. Copy the 3_FINAL as the Application source files for your application, it should now contain the .msp also After this I'd check if I could do the registry modifications with ORCA to your existing .mst file.

By default, the remote control access is granted to those who part of "Administrators" group on the target computer. Try running the remote control as Administrator (start the SCCM console as Administrator).

MAK/KMS product keys don't have anything to do with MSI packages GUIDs... The easiest way for me to find the MSI GUID to be used in the application properties, is to introduce the actual .MSI for the GUI as shown above this thread (just click browse). Another way is to install the application and check for HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall and try to find the Key pointing to the installed application, there should be msiexec.exe /x {guid} command shown...

Check this link: http://configmgrblog.com/2013/01/11/my-top-10-new-features-of-configmgr-2012-sp1-part-3/

As already noted on myitforum postlist, the diffuser part doesn't come out and play when you do the registry modification, it only show normal AES-256... Any thoughts on this anyweb?

I figured it out... You need to add one additional step before Pre-Provision Bitlocker step during WinPE session: Run Commandline: reg.exe add "HKLM\Software\Policies\Microsoft\FVE" /v "EncryptionMethod" /t REG_DWORD /d 2 /f After this, the drive is encrypted using AES-256

How can you configure different encryption method? I'd like to use this with AES-256 w/ DiffUser....

Check your rights to the share...

Any guides how to deploy Lync 2013 to one AD Domain/Forest with multiple sites? HA is in mind... What servers need to be deployed to sites and how to do the configuration?

Product team has been informed about the problem: http://social.technet.microsoft.com/Forums/en-US/configmanagerdeployment/thread/a73233ab-0f9e-4304-ae2f-1a8aa92619b6 I would imagine that they'll release a fix pretty fast, 'cause this is a major issue.

Really pain in the ass actually.. I'm trying to do a build which worked fine yesterday, today it just stops and the reason is the same as yours... Any idea how Microsoft is going to fix this?

You could give a shot with this: http://www.windows-noob.com/forums/index.php?/topic/892-deploy-software-through-ad-groups-linked-to-collections-in-sccm/page__st__40#entry24739 Basicly you create two collections, one for the removal and one for the install and everything is handled through computer account's AD group membership. Depending on your environment (big, medium, small) you should see if there are any performance hits with this approach.

Actually, you don't have to leave everything else to your deployment image, you can do modifications for the default profile on your build also. It really depends what kind of customizations are needed.. for example, if you install applications in your build and need do clear those app's shortcuts from the desktop, you can do during the build.... Same goes for Windows Explorer settings for default user, and I'd think that'll go with the screensaver also.

How about creating a custom global condition: Get-WmiObject Win32_QuickFixEngineering -filter 'HotFixID="KBxxxx"' ?