nylentone

I too use only 2012R2, no issues, and PXE works fine.

We have ADRs set up to find updates monthly then create deployments (not enabled) for our servers. We would like a nice report of what updates were found by the ADRs emailed to Web and Dev teams so they can review them. How can this be done? I haven't found any built-in reports that seem to do the job. Figured someone here has probably needed the same thing. Many thanks!

We've probably all run msconfig.exe before, and then on the Services tab checked "Hide all Microsoft services" so as to look at more "suspicious" services. But, what criteria does that checkbox use? Is there some certificate or other kind of trusted identity that makes the "Microsoft services" trustworthy? Or does it just look at the metadata for the file, which can be easily forged?

First of all, thanks for taking a look at my post. I may have to retract my statement that some get EPP anyway. My coworkers have complained of this happening, but no one seems to have any proof. One of the things that concerns me is that after a newly imaged Windows Embedded device is joined to the domain, the Endpoint Protection Deployment State shows "To be installed". It never seems to actually install, though (which is good). The logical question would be, what does it say after a few days? But that brings me to the other issue, which is that the WES devices drop out of SCCM a few hours after they're set up. Sometimes, a few days later, they'll randomly show up again. This doesn't happen to any of the thousands of PCs on our network.

We have a large number of Windows Embedded devices which we do want to have the SCCM client, but do not want to have Endpoint Protection. To prevent the installation of EPP on these devices, I have created alternate Client Settings with settings as so: Manage Endpoint Protection client on client computers: Yes Install Endpoint Protection client on client computers: No I created a collection based on a query: ... SMS_R_System.OperatingSystemNameandVersion like "%Embedded%" I checked the "Use incremental updates for this collection" box so that, theoretically, devices would get added immediately. Is there a better way to accomplish this? What concerns me is that, even after showing up in my Embedded collection, Endpoint Protection Deployment Information for a client will still say "To be installed". And it seems that, on rare occasions, EPP will get installed on an Embedded device anyway.

We are using SCCM 2012 in an environment that includes many Windows Embedded Standard 7 (WES7) clients. Sometimes we have problems with them getting stuck in Servicing Mode (screen says "This computer is being serviced" and prevents users from logging in). There is nothing deployed to them, but I believe the SCCM client (which is in the master image) is installing the WindowsFirewallConfigurationProvider.msi package. I have two questions: #1 How can we tell WHAT the WES7 client is doing or WHY it went into servicing mode? I found this great article about WEDM 2011 that says there is a log at \ProgramData\Microsoft\EDM\emdstate.txt but that is not the case for SCCM 2012. #2 How can we get a client out of servicing mode if it enters it at an inopportune time? Again, the article for WEDM says to use the commands "Edmwfcmd.exe /unlock" and "Edmwfcmd.exe /wfEnable" but these do not work with SCCM 2012. Your help is much appreciated!!!

I also would like to know the rationale behind this.