Jump to content


YPCC

Established Members
  • Posts

    156
  • Joined

  • Last visited

  • Days Won

    9

Everything posted by YPCC

  1. Sure are, 2 separate boundaries based on IP add ranges - no overlap. Am I right in saying that this is something handled by WDS? I mean, DHCP is doing what its supposed to which is issuing a IP address. It just so happens that the issuing DHCP server is also a PXE enabled DP (that should be serving its own office only)
  2. Hi All, I have a question if anyone can help. I have 2 different offices (Office1 and Office2). Both have a local DP and both are PXE enabled. Our current DHCP config is setup as: Office1 - 192.168.10.x There a Microsoft DHCP server (local DP) that issues 192.168.10.x addresses to all clients in Office1, If you perform a PXE boot form within this office, it will download the boot image from the local DP in this office. All good here Office2 - 192.168.20.x A IP helper on the router is forwarding all requests to the DHCP server located in Office1 192.168.10.x. The scope for this office is 192.168.20.x. Therefore all clients within this office have IP addresses starting 192.168.20.... Again so far so good. My issue is that when i perform a PXE boot from with Office2, it is downloading the boot image from Office1 and hence awfully slow. I understand that the IP Helper is directing all requests to the DHCP server in Office1, but what i want is to ensure that once the 'DHCP issued' IP address is received by the client in Office2, then that client should be downloading the boot image from the local DP in Office2, not downloading it from the DP in Office1. Once the task sequence starts, all the content needed for imaging (wim, apps etc) is downloaded from Office2 correctly, its just that initial download of the boot image that comes from the wrong office. Is there anyway i can configure PXE or DHCP to say if a client from the 192.168.20.x subnet sends a PXE request, then forward this to the local DP located in Office2? I am aware of DHCP option 66/67 but avoiding this route as this restricts us as its either UEFI or Legacy. Thank you all.
  3. Recently rolled this out, some brief notes: - On a Windows 10 machine, no additional agent is required. You simply set the SCCM policy to enable Endpoint Protection (Defender) to be managed. SCCM > Administration > Client Settings > Endpoint Protection > Manage Endpoint Protection...... - On a Windows 7 machine, SCCM will automatically deploy the SCEP agent if the above policy setting is enabled. We haven't deployed to server so cant assist there, but no reason why it wouldnt work. - You'll need to setup ADR's so new definitions are downloaded every X hour, you'll also need to change you SUP sync schedule to match this frequency - All settings/configuration/exclusions etc can be done via Anti-Malware policies. SCCM > Asset and Compliance > Endpoint Protection > Antimalware policies - I found we had to manually uninstall our previous AV solution (even though SCCM has an option to remove it) else SCEP would fail to install. I had to script the removal of the old AV Take some time to flick over all the anti-malware policies, everything will become much clearer. Key thing is to make sure your definitions are regularly updated (i do mine every 8 hours), and to make sure your SUP also sync at the same time else the ADR will run against a "outdated" SUP catalog.
  4. 2 months sounds about right. Although that assumes your clients are all patched to a level within 2 months release
  5. Well, may have answered my own question, https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Adding-Local-Experience-Packs-to-your-Windows-image/ba-p/254125 Same problem is I am having, this chap has installed a language, but cannot see it in the drop down. Im curious if anyone has a workaround to this?
  6. Hi All, this ones really bugging me, and I haven't done much OSD work since Windows 10 1511. I have a Windows 10 1809 image installed on a VM as English. For testing purposes, I would like to do a "online" installation of the Arabic language pack. I have already download the relevant LP.cab from VLSC and installed it using DISM. I know its installed as I've monitored the DISM log and can see a success, the message on screen also shows success. I have then run dism /online /get-intl and can see AR-SA is installed. However, when i go to Settings > Language < Windows Display Language, the only option in the dropdown is English United States. Cannot see a way to set Arabic as the language. Any ideas where I am going wrong. Whats makes it worse, is Microsoft is slowly doing away with the old Control Panel and moving everything to the Settings which is a pain as its a learning curve in itself. Eventually once ive got it all working ill be scripting it to run during OSD. I already have a MDT database with all the locales set as required. Thanks all
  7. I've sometimes wondered this too, as to whether any changes made to the TS apply to a existing machine being imaged already. I guess one way would be to insert the Driver install step, disable it, then you can add the driver pack and configure the step as neccessary. Finally when ready just enable the step.
  8. https://social.technet.microsoft.com/Forums/en-US/0b659d86-560e-4b08-834b-4f976d7792c8/failed-to-sysprep-and-capture-windows-10-fall-creators-1709?forum=mdt 1709 is a very buggy OS in my opinion. I;ve had a number of issues popup and had to use workarounds as a fix, really poor from Microsoft. Nonetheless, I found that sysprep was failing on something to do with the inbuilt apps. I believe my Windows 10 image had automatically connected to the internet and updated the apps, which in turn caused some sort of sysprep failure. Adding that reg key did the trick. Apply these immediately after the "Setup Windows and Configuration Manager" step then restart the machine. You can always re-enable these featues during deployment. Disable Consumer Features & Store Updates >>>> reg add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t REG_DWORD /d "1" /f reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsStore\WindowsUpdate" /v "AutoDownload" /t REG_DWORD /d "2" /f
  9. Hi All, been a while since I posted here but something I jsut cannot get my head around. My client use Office 2016 click to run, and we have customised the installation to ensure Groove, Lync, Access and Publisher are NOT installed on the users machine as not all users require this. We deploy via SCCM and Office 2016 C2R is installed in our base WIM file. Now as you can imagine, there are always a handful of users who for example require Access or Lync (Skype For Business) perhaps, and we need the ability to be give them these via SCCM. The problem starts is how can we deliver Access to a user (who already has our base Office installation) without having to make them download the full 2GB+ package again. With previous MSI versions of Office, you could simply reconfigure the existing installation on the machine and voila, the user would have Access. It seems Click To Run does not have the ability to reconfigure an existing installation. A simple example of this, yesterday a user of ours who has Office C2R installed (Word, Excel, Outlook, Powerpoint), requested Skype For Business. Now unless i am doing something wrong, the source files for Skype For Business are basically the same files used to install the whole Office suite, thus making the file size of the package about 2GB. This meant I had to push out a 2GB+ package to the user, just so I could give them Skype For Business. I can see this presenting many issues in a low bandwidth environment. Sometimes I am left in disbelief as to how Microsoft can overcomplicate things
  10. Why not allow a machine to build normally (join domain etc) and then put in a step at the end to unjoin it? And why do you want to see software center? Are you saying that you currently build a machine, log in and then use software center to install additional applications? If so, you could manually unjoin from the domain.
  11. Yes. you can do a side by side migration and make use of the migration features in sccm 2012 to pull all (or some) of your old stuff over. High level steps: Build CM 2012 Configure and fine tune as required Migrate over required content using built in feature Client push to a small batch of client as UAT Company wide client push (or whatever method you use to install clients) Information about "Packages" is retained on the client so even if you redploy the same "Package" to a machine again, it will realise it has already run previously and therefore wont run it.
  12. why not ask him to re-install via SC and then uninstall via SC Alternatively, you can deployed the software as "Display in software center, hide notifications". This will still list the software in SC but no popups will appear
  13. As above, too many file means sccm has to verify each and every file. Better of zipping them all up and doing a extract to a temp directory.
  14. ^^ Agreed, less impact to a live environment and plenty of time to tweak the new site. Migration is really simple and carries over most of the configs too.
  15. What do the logs say? That will be your best shot at finding the cause. Image a machine, wait for it to fail then power it off. Turn the machine on in WinPE and use F8 to bring up the CMD Window. Open CMTrace and browse the various logs folders: C:\windows\ccm\logs C:\_SMSTS\ C:\Windows\Logs\DISM C:\Windows\Panther
  16. https://docs.microsoft.com/en-us/sccm/core/understand/configuration-manager-on-azure Not supported. You could however have some sort of hybrid setup although you could run into many issues. A better option would be to simply stay on prem for your primary and DB. From my last experience with Azure Distribution points, you cannot assign them to boundary groups and they only act as a fallback. You cannot start a Task Sequence of a could DP for example. I can see this changing soon though, just not ready yet.
  17. If the machine has never existed in AD before, then you can simply add multiple "Apply Network Settings" steps. Put a condition on each step so if computer name is GS111 the OU will be GS. If computer name is ES222 the OU will be ES etc etc. Thats the easier method depending on how many OU's we are talking. The "scalable" way would using a vbscript to determine machine name and set the OSDDomainOUName variable which the task sequence can then action.
  18. Not possible. Even if you added uninstall strings to your applications and all of its dependencies, the uninstall button will remain greyed out. This is by design. Workarounds to perform a uninstall (if needed): 1 - Create a new application with a script that uninstall both dependencies and the software 2 - Deploy the dependencies and applications as a "UNINSTALL" deployment
  19. Not sure if possible using unknown computers. As a collection is a collection irrespective of country its being launched from. Slightly off topic but are the images similar? Why not use a single task sequence with languages installed based on conditions? We have a single task sequence thats used globally. If the image is installed in UK, the machine is built to uk spec, if the same image is installed in Japan, its built to japanese spec with the languages etc. This is based on the subnet its being built at
  20. Wouldnt it be easier to determine the DP that the machine is downloading from and then checking if all packages in the task sequence are on that DP?
  21. We use sccm with mdt integration inconjunction with a script named "machinenameexit.vbs". Google it for full instructions on how it works. You could also just add a variable for computername (i think its OSDComputerName or something) and the value would be "FGD-%serialnumber%". I remember doing something along those lines in my test lab.
  22. Got fed up with this issue. About 20% of our machines running 32bit windows 7 had this issue and wouldn't complete a update scan which meant they hadn't been patched since 2015. They were showing as compliant in SCCM, HUGHE FLAW!!! In the I downloaded the windows 7 convenience rollup and deployed it as a package. This brought the OS relatively up to date, from there on the machines would scan for updates successfully.
  23. How did you test it? It has to be run with the Task sequence environment (New-Object -ComObject Microsoft.SMS.TSEnvironment), so if all you did was run the VBS in windows that it wouldn't work.
  24. Your using a unc path. Sccm packages cannot access these unless you add a line before mapping the location. Try this in your script.... ..... Net use \\Domain.net\sccm$\Source\Desktop_R3 xcopy /s \\Domain.net\sccm$\Source\Desktop_R3\*.* "C:\Program Files (x86)\Desktop\" /Y ......
×
×
  • Create New...