Jump to content


Established Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by YPCC

  1. Recently rolled this out, some brief notes: - On a Windows 10 machine, no additional agent is required. You simply set the SCCM policy to enable Endpoint Protection (Defender) to be managed. SCCM > Administration > Client Settings > Endpoint Protection > Manage Endpoint Protection...... - On a Windows 7 machine, SCCM will automatically deploy the SCEP agent if the above policy setting is enabled. We haven't deployed to server so cant assist there, but no reason why it wouldnt work. - You'll need to setup ADR's so new definitions are downloaded every X hour, you'll also need to change you SUP sync schedule to match this frequency - All settings/configuration/exclusions etc can be done via Anti-Malware policies. SCCM > Asset and Compliance > Endpoint Protection > Antimalware policies - I found we had to manually uninstall our previous AV solution (even though SCCM has an option to remove it) else SCEP would fail to install. I had to script the removal of the old AV Take some time to flick over all the anti-malware policies, everything will become much clearer. Key thing is to make sure your definitions are regularly updated (i do mine every 8 hours), and to make sure your SUP also sync at the same time else the ADR will run against a "outdated" SUP catalog.
  2. 2 months sounds about right. Although that assumes your clients are all patched to a level within 2 months release
  3. Well, may have answered my own question, https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Adding-Local-Experience-Packs-to-your-Windows-image/ba-p/254125 Same problem is I am having, this chap has installed a language, but cannot see it in the drop down. Im curious if anyone has a workaround to this?
  4. Hi All, this ones really bugging me, and I haven't done much OSD work since Windows 10 1511. I have a Windows 10 1809 image installed on a VM as English. For testing purposes, I would like to do a "online" installation of the Arabic language pack. I have already download the relevant LP.cab from VLSC and installed it using DISM. I know its installed as I've monitored the DISM log and can see a success, the message on screen also shows success. I have then run dism /online /get-intl and can see AR-SA is installed. However, when i go to Settings > Language < Windows Display Language, the only option in the dropdown is English United States. Cannot see a way to set Arabic as the language. Any ideas where I am going wrong. Whats makes it worse, is Microsoft is slowly doing away with the old Control Panel and moving everything to the Settings which is a pain as its a learning curve in itself. Eventually once ive got it all working ill be scripting it to run during OSD. I already have a MDT database with all the locales set as required. Thanks all
  5. I've sometimes wondered this too, as to whether any changes made to the TS apply to a existing machine being imaged already. I guess one way would be to insert the Driver install step, disable it, then you can add the driver pack and configure the step as neccessary. Finally when ready just enable the step.
  6. https://social.technet.microsoft.com/Forums/en-US/0b659d86-560e-4b08-834b-4f976d7792c8/failed-to-sysprep-and-capture-windows-10-fall-creators-1709?forum=mdt 1709 is a very buggy OS in my opinion. I;ve had a number of issues popup and had to use workarounds as a fix, really poor from Microsoft. Nonetheless, I found that sysprep was failing on something to do with the inbuilt apps. I believe my Windows 10 image had automatically connected to the internet and updated the apps, which in turn caused some sort of sysprep failure. Adding that reg key did the trick. Apply these immediately after the "Setup Windows and Configuration Manager" step then restart the machine. You can always re-enable these featues during deployment. Disable Consumer Features & Store Updates >>>> reg add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t REG_DWORD /d "1" /f reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsStore\WindowsUpdate" /v "AutoDownload" /t REG_DWORD /d "2" /f
  7. Hi All, been a while since I posted here but something I jsut cannot get my head around. My client use Office 2016 click to run, and we have customised the installation to ensure Groove, Lync, Access and Publisher are NOT installed on the users machine as not all users require this. We deploy via SCCM and Office 2016 C2R is installed in our base WIM file. Now as you can imagine, there are always a handful of users who for example require Access or Lync (Skype For Business) perhaps, and we need the ability to be give them these via SCCM. The problem starts is how can we deliver Access to a user (who already has our base Office installation) without having to make them download the full 2GB+ package again. With previous MSI versions of Office, you could simply reconfigure the existing installation on the machine and voila, the user would have Access. It seems Click To Run does not have the ability to reconfigure an existing installation. A simple example of this, yesterday a user of ours who has Office C2R installed (Word, Excel, Outlook, Powerpoint), requested Skype For Business. Now unless i am doing something wrong, the source files for Skype For Business are basically the same files used to install the whole Office suite, thus making the file size of the package about 2GB. This meant I had to push out a 2GB+ package to the user, just so I could give them Skype For Business. I can see this presenting many issues in a low bandwidth environment. Sometimes I am left in disbelief as to how Microsoft can overcomplicate things
  8. Why not allow a machine to build normally (join domain etc) and then put in a step at the end to unjoin it? And why do you want to see software center? Are you saying that you currently build a machine, log in and then use software center to install additional applications? If so, you could manually unjoin from the domain.
  9. Yes. you can do a side by side migration and make use of the migration features in sccm 2012 to pull all (or some) of your old stuff over. High level steps: Build CM 2012 Configure and fine tune as required Migrate over required content using built in feature Client push to a small batch of client as UAT Company wide client push (or whatever method you use to install clients) Information about "Packages" is retained on the client so even if you redploy the same "Package" to a machine again, it will realise it has already run previously and therefore wont run it.
  10. why not ask him to re-install via SC and then uninstall via SC Alternatively, you can deployed the software as "Display in software center, hide notifications". This will still list the software in SC but no popups will appear
  11. As above, too many file means sccm has to verify each and every file. Better of zipping them all up and doing a extract to a temp directory.
  12. ^^ Agreed, less impact to a live environment and plenty of time to tweak the new site. Migration is really simple and carries over most of the configs too.
  13. What do the logs say? That will be your best shot at finding the cause. Image a machine, wait for it to fail then power it off. Turn the machine on in WinPE and use F8 to bring up the CMD Window. Open CMTrace and browse the various logs folders: C:\windows\ccm\logs C:\_SMSTS\ C:\Windows\Logs\DISM C:\Windows\Panther
  14. https://docs.microsoft.com/en-us/sccm/core/understand/configuration-manager-on-azure Not supported. You could however have some sort of hybrid setup although you could run into many issues. A better option would be to simply stay on prem for your primary and DB. From my last experience with Azure Distribution points, you cannot assign them to boundary groups and they only act as a fallback. You cannot start a Task Sequence of a could DP for example. I can see this changing soon though, just not ready yet.
  15. If the machine has never existed in AD before, then you can simply add multiple "Apply Network Settings" steps. Put a condition on each step so if computer name is GS111 the OU will be GS. If computer name is ES222 the OU will be ES etc etc. Thats the easier method depending on how many OU's we are talking. The "scalable" way would using a vbscript to determine machine name and set the OSDDomainOUName variable which the task sequence can then action.
  16. Not possible. Even if you added uninstall strings to your applications and all of its dependencies, the uninstall button will remain greyed out. This is by design. Workarounds to perform a uninstall (if needed): 1 - Create a new application with a script that uninstall both dependencies and the software 2 - Deploy the dependencies and applications as a "UNINSTALL" deployment
  17. Not sure if possible using unknown computers. As a collection is a collection irrespective of country its being launched from. Slightly off topic but are the images similar? Why not use a single task sequence with languages installed based on conditions? We have a single task sequence thats used globally. If the image is installed in UK, the machine is built to uk spec, if the same image is installed in Japan, its built to japanese spec with the languages etc. This is based on the subnet its being built at
  18. Wouldnt it be easier to determine the DP that the machine is downloading from and then checking if all packages in the task sequence are on that DP?
  19. We use sccm with mdt integration inconjunction with a script named "machinenameexit.vbs". Google it for full instructions on how it works. You could also just add a variable for computername (i think its OSDComputerName or something) and the value would be "FGD-%serialnumber%". I remember doing something along those lines in my test lab.
  20. Got fed up with this issue. About 20% of our machines running 32bit windows 7 had this issue and wouldn't complete a update scan which meant they hadn't been patched since 2015. They were showing as compliant in SCCM, HUGHE FLAW!!! In the I downloaded the windows 7 convenience rollup and deployed it as a package. This brought the OS relatively up to date, from there on the machines would scan for updates successfully.
  21. How did you test it? It has to be run with the Task sequence environment (New-Object -ComObject Microsoft.SMS.TSEnvironment), so if all you did was run the VBS in windows that it wouldn't work.
  22. Your using a unc path. Sccm packages cannot access these unless you add a line before mapping the location. Try this in your script.... ..... Net use \\Domain.net\sccm$\Source\Desktop_R3 xcopy /s \\Domain.net\sccm$\Source\Desktop_R3\*.* "C:\Program Files (x86)\Desktop\" /Y ......
  23. Yes, override that by creating a GPO which has windows updates enabled from MS. Also check client settings, create a new setting for desktops and turn off the software update settings.
  24. Have seen the collections issue and frankly a reboot has always sorted it for me. Ive since upgraded to sccm 1602 and issue doesnt occur. Regarding PXE, the new boot image you have assigned, have you set the option of "enable this image to run from pxe dp" in the boot image properties? Also what happen if you remove the boot image from the DP. Does sccm try use a alternative or fail to load pxe completely.
  25. Id imagine not much changes in the way of deployment. Instead of multiple patches, youll get 1 patch. If you need to roll back, the whole patch has to come off. Not sure how a ADR will react though.
  • Create New...