Rocket Man

Best thing to do is delete the account of the system in SCCM you are deploying to again and do an unknown OSD deployment(this should work in your scenario), you can name it the same NETBIOS name again. You have MAC addresses of network adapters excluded for inventory in the reg key so if you want to refresh known systems what MAC address is SCCM deploying to? The ones you have excluded thus the reason why you cant refresh, do the above and it should work for you?

Well testing with the above scenario did not go well at all. Ended up creating a bootable USB with the utility and downgrading to TPM 1.2 prior to deployment to these models. After this all worked seamlessly, Bitlocker was enabled, PIN set and TPM info written back to AD. Will try windows 10 on the next batch to see if they work with the pre-installed TPM2.0.

Can I ask why you are using DISM outside of SCCM to import the drivers into the boot files? Also your version of SCCM is same as the one I am working at currently bar the CU level but you have ADK 10.0.10586 which is 1511 version. Did you follow Niall's blog here to do this upgrade where all appropriate downloads are available to get it to SCCM 2012 R2 SP1 level. The ADK on this site I currently working at is ADK 10.0.26624 RTM version, this is the ADK available from the upgrade blog and it states to use this version of ADK as there are bugs in the 1511 version. Perhaps this is your problem?

I got the network driver from the Windows 10 driver pack for the model, not the WinPE 10.0 cab files on the website. Have you tried this? This is the pack you need to download, find the network driver from the network folder, best way to find this is load up a 7040 go into device manager and select network adapter, properties and driver details and take note of .sys file needed and search the downloaded network folder for this driver. Import all from the folder you source it in into adk 10 boot file BTW just asking, by any chance is the date and time not correct in BIOS, this will cause the same symptom also with the reboots.

Pressure is off for a couple of days After doing some research I think this may be possible. The Dell revert to 1.2 Utility can be run silently with the /S switch apparently. Have to create a package using batch file with no program. Add run command line task in winPE portion of sequence and command syntax will be name of batch file and select the package. (will have to test before pre-provision bitlocker and drivers get installed if not try after drivers get installed and before agent) Add a WMI query on the task to query the version of the TPM so it will only run if the version is less than 2.0, hopefully this query will work select * from Win32_Tpm where SpecVersion < %"2.0"% Or else simply deploy Windows 8.1 or higher which has no issues with communicating with TPM 2.0 (apparently) #Windows7 Will update this on Friday with the findings

Had similar issues with E5470's and E7270's. You need to get the Windows 10 NIC driver for these models if running ADK10 and inject these drivers into your ADK 10 boot files! It will more than likely present itself as a 1217-LM driver when imported, just make sure to update the boot files to the DPs afterwards. With the E series laptops as above there was only 64bit Windows 10 drivers available from the Dell Cab website so I have to use the 64bit boot file for deployment on these models. Below are the drivers that worked. These models once in the OS and device manager showed they were 1219-LM driver's needed but as mentioned once the W10 NIC was imported it presented itself as 1217-LM driver! So I guess Bottom line is depending on what version of ADK you are running depends on what OS flavour of drivers you need to inject into your Wim files!

Hi guys (under pressure!! ) Has anyone got a working Task that will revert the TPM version back to 1.2 from 2.0 using the Dell TPM Update Utility? Can this be even achieved in WinPE? I have got the TS working using the Windows TPM 2.0 windows update Hotfix but bitlocker will not configure the PIN when using this option and every-time the device reboots it looks for the Recovery key (Pain in the ***), this is when I add an SMSTSPostAction to enable Bitlocker after the system is logged into, as if this is not added Bitlocker is not enabled after OSD. If I remove the SMSTSPostAction step to enable bitlocker and enable it manually after the system is logged into it will apply the PIN code and does not look for recovery key at boot just the PIN which is correct but not ideal to have to this, so hoping there is an automated solution. Just to add ***I have reverted the TPM back to 1.2 manually on a number of E5740 and E7270s using the update utility before deployment and all works great so if this downgrade to TPM 1.2 could be automated would be excellent as this is proably the best solution to bitlockering Windows 7 systems as the TPM 2.0 hotfix is buggy from what I have tested!! Thanks in advance

You can try create a custom task sequence and add a run command line task to it with the above syntax as the command. Deploy out to collection with your systems in it. OR As you said create a bat file with the command in it, create a package and the program command line will be the name of the bat file, and you can run from distribution point or download first before executing whatever works best.

Is the client installed on the PCs? If not then install the client onto them Create a collection for them and deploy an OSD TS out to them. (Test 1st with maybe a few PCs 1st prior to mass deployment! ) They will keep same name this way.

Have you tried editing the schedule of the deployment and changing it to a date in the past, say 2-3 days previous to actual date?

John Not sure that you add this record in your internal DNS zone but instead add it in your public DNS zone as DKIM records are public zone records?

CM 2012 does not need a Server Locator Point property, that functionality is now integrated in the MP Seems like client communication issue with your management point for site TUR. Any errors in site components in console? From the site server/MP check if you can wbemtest to affected client in question. Also check UNC to admin$ and C$ from site server/MP to client. Also how is your site configured to approve clients in trusted domains, automatically or manual?

You can use the update scheduling model built into SCCM. Basically it injects the windows updates into your custom imported image. For you applications either create an application or package for them and attach to Task sequence at OSD time.

Firstly I wouldn't capture a physical PC, capture a VM, this way you can deploy the captured wim out to multiple models of systems without having to worry about driver contamination, create model specific driver packages and attach to the sequence with WMI queries for the different models. Do not activate the custom build prior to capture, use a run command line to execute the activation. If you can build and capture then yes this is the best solution for creating your custom wim for mass deployment.

Yes you will need to capture it to get your custom wim file for deployment.

Hi Robert Is the device your trying to image in UEFI mode? Have you tried changing it to Legacy mode so that your desired partitions will be able to work in Legacy mode ? You state that you captured your WIM file so why are you using an answer file?...did you not make the desired system changes before you captured the image initially?

Seen this occur before (after some time) on a VLAN'd network and when the PXE options 60&67 were specified on the DHCP server. Best option is to set IP helpers on the core switches so that clients will be routed to the PXE server during the initial PXE process eliminating them relying on the DHCP options. IP helpers is the recommended config only of course if you have managed switches.

You have to create a capture media iso, attach it to the VM, fill in the required details and it will look after the rest for you and capture your custom build system to wim format then you import the wim as an OS image into Configmgr for deployment. **You may have issues with the sysprep process failing but if you disect the sysprep logs it will give you the reason why, some out of the box Windows 10 apps can cause the sysprep process to fail so you will have to remove them to have a successful capture. Good Luck!

Lol... your obviously around a lot longer than I am Please do provide how you would do this as this is a learning curve for a lot of users on this forum, including myself. The above is a quick and simple way to solve the issue that truongtr had. I am sure there are numerous ways to achieve this and that is just one of them. BTW as you can see scripting is not my forte but I do try and do achieve! Not sure what you mean by The best SCCM has to offer but there is no denying it, it's a pretty powerful application, the rolls Royce in my own opinion!

You could create a package with all the contents of the portable app in it. Also manually pre-create a shortcut from the portable app and place it in the same package source and create a batch file named copy.bat for example and place it in the package also. The syntax of the batch file will be something along the lines of this, you can tidy this it up I am sure @Echo xcopy ".\*.*" "C:\PortableApp" /D /E /C /I /Q /H /R /Y /S xcopy "%~dp0portableApp.lnk" "C:\Users\Public\Desktop" /y DEL /F /S /Q /A c:\PortableApp\copy.bat DEL /F /S /Q /A c:\PortableApp\PortableApp.lnk @exit Content: Initially make sure that you create the package contents and place them in a location where you'd like them to be deployed to and then send a shortcut from the application out to the desktop and copy back into the sources folder, make sure that the location you are copying the source files is accessible to all users i:e C:\portableApp for example... create your SCCM package and the command line will be copy.bat You can test the above manually before deploying it in mass

Hi Windz I actually did this process with one model last week and it does work to my surprise. Straight off from your snippets that you provided I see an issue: If file exists should be if folder exists?? EDIT: The only issue I see with this method is that there is no real driver management, for e:g you can not edit a single driver and add it to another package!! But however it sill works and in the long run maybe a space saver on the server!

Hi Andy Is it possible for you to test this on a virtual machine to rule out the problem just been drivers? How have you deployed the TS, available, required, if required has a task been edited/updated and not updated on DP? This will give same symptoms as a missing driver (only if TS is deployed as required, if available then it will alert you with a splash screen i:e package xxxxxx not available) Also the time-date on the BIOS of the system is correct? Not having it correct will cause this symptom also.

Not sure how you can prevent this if it all but if your network users are that IT savvy and would know what to do with xxx.wim images well I'd be sure they'd know how to brow$e to hidden shares if that's how you'd want to hide your resources on the network. Either way READ access is needed.

You could set the replication time and cost to a lesser time on your links to avoid having to do this manual replication. Set it to time lesser than it takes to image a system! Of course this depends on your WAN links bandwidth etc... but AD/SysVol replication is not that taxing on WAN links anyway.

Authenticated users: READ System: Full Control Administrators: Full Control Why not just block users from UNC via GPO!