Jump to content


YPCC

Established Members
  • Posts

    159
  • Joined

  • Last visited

  • Days Won

    9

Everything posted by YPCC

  1. Hi All, Anyone successfully managed to remove a CAS server from their infrastructure? Any gotchas or things to look out for that aren't on the Microsoft page. (https://learn.microsoft.com/en-us/mem/configmgr/core/servers/deploy/install/remove-central-administration-site) We have a CAS and a PRI, with under 10,000 clients. We want to remove the CAS and simplify the infrastructure. There's not much info on that page about whether packages with a CASXXXX code are unaffected or if they need to be re-created/moved to the PRI site. I imagine they dont as they're replicated. Same for collections with a ID starting with CASxxxxx. Thanks
  2. Hang on a sec, i might have solved it. Turns out, you need to restart the ccmexec service after making any classification/product changes. I can see from the updatestore.log that these additional updates are showing as Missing which means sccm should now see that the server needs the update.
  3. Hi All This ones always nagged me for years but never got to the bottom of it. Very simple, we manage and patch our servers using SCCM. We typically push out the monthly Windows security updates via sccm. The business are now taking patch management of server a lot more seriously meaning every product installed on the server needs to be patched where possible. Now, when you log onto the server > Windows updates there is an option called "check online for updates from microsoft update" which forces the server to go out to Microsofts catalog and get all the latest patches. I've noticed a lot more updates get installed via this method than sccm. Now i am very much aware of product classifications and products and have enabled the respective products via sccm. I've run a couple of SUP sync's but for some reason, my servers just wont detect certain updates as required even though i know that server needs those updates and i know that if i click on "check online for update....." then the very same patch will get installed. A typical example is this update: Security Update for Microsoft ASP.NET MVC 2 (KB2993939) This update appears in my sccm console as "unknown" for all of our devices. I know this update is needed on one of our servers so how can i get sccm to detect this? I have run multiple update scan cycles, i've looked through the logs, i've queried the SQL DB but just not had much luck. Thank you
  4. Sure are, 2 separate boundaries based on IP add ranges - no overlap. Am I right in saying that this is something handled by WDS? I mean, DHCP is doing what its supposed to which is issuing a IP address. It just so happens that the issuing DHCP server is also a PXE enabled DP (that should be serving its own office only)
  5. Hi All, I have a question if anyone can help. I have 2 different offices (Office1 and Office2). Both have a local DP and both are PXE enabled. Our current DHCP config is setup as: Office1 - 192.168.10.x There a Microsoft DHCP server (local DP) that issues 192.168.10.x addresses to all clients in Office1, If you perform a PXE boot form within this office, it will download the boot image from the local DP in this office. All good here Office2 - 192.168.20.x A IP helper on the router is forwarding all requests to the DHCP server located in Office1 192.168.10.x. The scope for this office is 192.168.20.x. Therefore all clients within this office have IP addresses starting 192.168.20.... Again so far so good. My issue is that when i perform a PXE boot from with Office2, it is downloading the boot image from Office1 and hence awfully slow. I understand that the IP Helper is directing all requests to the DHCP server in Office1, but what i want is to ensure that once the 'DHCP issued' IP address is received by the client in Office2, then that client should be downloading the boot image from the local DP in Office2, not downloading it from the DP in Office1. Once the task sequence starts, all the content needed for imaging (wim, apps etc) is downloaded from Office2 correctly, its just that initial download of the boot image that comes from the wrong office. Is there anyway i can configure PXE or DHCP to say if a client from the 192.168.20.x subnet sends a PXE request, then forward this to the local DP located in Office2? I am aware of DHCP option 66/67 but avoiding this route as this restricts us as its either UEFI or Legacy. Thank you all.
  6. Recently rolled this out, some brief notes: - On a Windows 10 machine, no additional agent is required. You simply set the SCCM policy to enable Endpoint Protection (Defender) to be managed. SCCM > Administration > Client Settings > Endpoint Protection > Manage Endpoint Protection...... - On a Windows 7 machine, SCCM will automatically deploy the SCEP agent if the above policy setting is enabled. We haven't deployed to server so cant assist there, but no reason why it wouldnt work. - You'll need to setup ADR's so new definitions are downloaded every X hour, you'll also need to change you SUP sync schedule to match this frequency - All settings/configuration/exclusions etc can be done via Anti-Malware policies. SCCM > Asset and Compliance > Endpoint Protection > Antimalware policies - I found we had to manually uninstall our previous AV solution (even though SCCM has an option to remove it) else SCEP would fail to install. I had to script the removal of the old AV Take some time to flick over all the anti-malware policies, everything will become much clearer. Key thing is to make sure your definitions are regularly updated (i do mine every 8 hours), and to make sure your SUP also sync at the same time else the ADR will run against a "outdated" SUP catalog.
  7. 2 months sounds about right. Although that assumes your clients are all patched to a level within 2 months release
  8. Well, may have answered my own question, https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Adding-Local-Experience-Packs-to-your-Windows-image/ba-p/254125 Same problem is I am having, this chap has installed a language, but cannot see it in the drop down. Im curious if anyone has a workaround to this?
  9. Hi All, this ones really bugging me, and I haven't done much OSD work since Windows 10 1511. I have a Windows 10 1809 image installed on a VM as English. For testing purposes, I would like to do a "online" installation of the Arabic language pack. I have already download the relevant LP.cab from VLSC and installed it using DISM. I know its installed as I've monitored the DISM log and can see a success, the message on screen also shows success. I have then run dism /online /get-intl and can see AR-SA is installed. However, when i go to Settings > Language < Windows Display Language, the only option in the dropdown is English United States. Cannot see a way to set Arabic as the language. Any ideas where I am going wrong. Whats makes it worse, is Microsoft is slowly doing away with the old Control Panel and moving everything to the Settings which is a pain as its a learning curve in itself. Eventually once ive got it all working ill be scripting it to run during OSD. I already have a MDT database with all the locales set as required. Thanks all
  10. I've sometimes wondered this too, as to whether any changes made to the TS apply to a existing machine being imaged already. I guess one way would be to insert the Driver install step, disable it, then you can add the driver pack and configure the step as neccessary. Finally when ready just enable the step.
  11. https://social.technet.microsoft.com/Forums/en-US/0b659d86-560e-4b08-834b-4f976d7792c8/failed-to-sysprep-and-capture-windows-10-fall-creators-1709?forum=mdt 1709 is a very buggy OS in my opinion. I;ve had a number of issues popup and had to use workarounds as a fix, really poor from Microsoft. Nonetheless, I found that sysprep was failing on something to do with the inbuilt apps. I believe my Windows 10 image had automatically connected to the internet and updated the apps, which in turn caused some sort of sysprep failure. Adding that reg key did the trick. Apply these immediately after the "Setup Windows and Configuration Manager" step then restart the machine. You can always re-enable these featues during deployment. Disable Consumer Features & Store Updates >>>> reg add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t REG_DWORD /d "1" /f reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsStore\WindowsUpdate" /v "AutoDownload" /t REG_DWORD /d "2" /f
  12. Hi All, been a while since I posted here but something I jsut cannot get my head around. My client use Office 2016 click to run, and we have customised the installation to ensure Groove, Lync, Access and Publisher are NOT installed on the users machine as not all users require this. We deploy via SCCM and Office 2016 C2R is installed in our base WIM file. Now as you can imagine, there are always a handful of users who for example require Access or Lync (Skype For Business) perhaps, and we need the ability to be give them these via SCCM. The problem starts is how can we deliver Access to a user (who already has our base Office installation) without having to make them download the full 2GB+ package again. With previous MSI versions of Office, you could simply reconfigure the existing installation on the machine and voila, the user would have Access. It seems Click To Run does not have the ability to reconfigure an existing installation. A simple example of this, yesterday a user of ours who has Office C2R installed (Word, Excel, Outlook, Powerpoint), requested Skype For Business. Now unless i am doing something wrong, the source files for Skype For Business are basically the same files used to install the whole Office suite, thus making the file size of the package about 2GB. This meant I had to push out a 2GB+ package to the user, just so I could give them Skype For Business. I can see this presenting many issues in a low bandwidth environment. Sometimes I am left in disbelief as to how Microsoft can overcomplicate things
  13. Why not allow a machine to build normally (join domain etc) and then put in a step at the end to unjoin it? And why do you want to see software center? Are you saying that you currently build a machine, log in and then use software center to install additional applications? If so, you could manually unjoin from the domain.
  14. Yes. you can do a side by side migration and make use of the migration features in sccm 2012 to pull all (or some) of your old stuff over. High level steps: Build CM 2012 Configure and fine tune as required Migrate over required content using built in feature Client push to a small batch of client as UAT Company wide client push (or whatever method you use to install clients) Information about "Packages" is retained on the client so even if you redploy the same "Package" to a machine again, it will realise it has already run previously and therefore wont run it.
  15. why not ask him to re-install via SC and then uninstall via SC Alternatively, you can deployed the software as "Display in software center, hide notifications". This will still list the software in SC but no popups will appear
  16. As above, too many file means sccm has to verify each and every file. Better of zipping them all up and doing a extract to a temp directory.
  17. ^^ Agreed, less impact to a live environment and plenty of time to tweak the new site. Migration is really simple and carries over most of the configs too.
  18. What do the logs say? That will be your best shot at finding the cause. Image a machine, wait for it to fail then power it off. Turn the machine on in WinPE and use F8 to bring up the CMD Window. Open CMTrace and browse the various logs folders: C:\windows\ccm\logs C:\_SMSTS\ C:\Windows\Logs\DISM C:\Windows\Panther
  19. https://docs.microsoft.com/en-us/sccm/core/understand/configuration-manager-on-azure Not supported. You could however have some sort of hybrid setup although you could run into many issues. A better option would be to simply stay on prem for your primary and DB. From my last experience with Azure Distribution points, you cannot assign them to boundary groups and they only act as a fallback. You cannot start a Task Sequence of a could DP for example. I can see this changing soon though, just not ready yet.
  20. If the machine has never existed in AD before, then you can simply add multiple "Apply Network Settings" steps. Put a condition on each step so if computer name is GS111 the OU will be GS. If computer name is ES222 the OU will be ES etc etc. Thats the easier method depending on how many OU's we are talking. The "scalable" way would using a vbscript to determine machine name and set the OSDDomainOUName variable which the task sequence can then action.
  21. Not possible. Even if you added uninstall strings to your applications and all of its dependencies, the uninstall button will remain greyed out. This is by design. Workarounds to perform a uninstall (if needed): 1 - Create a new application with a script that uninstall both dependencies and the software 2 - Deploy the dependencies and applications as a "UNINSTALL" deployment
  22. Not sure if possible using unknown computers. As a collection is a collection irrespective of country its being launched from. Slightly off topic but are the images similar? Why not use a single task sequence with languages installed based on conditions? We have a single task sequence thats used globally. If the image is installed in UK, the machine is built to uk spec, if the same image is installed in Japan, its built to japanese spec with the languages etc. This is based on the subnet its being built at
  23. Wouldnt it be easier to determine the DP that the machine is downloading from and then checking if all packages in the task sequence are on that DP?
  24. We use sccm with mdt integration inconjunction with a script named "machinenameexit.vbs". Google it for full instructions on how it works. You could also just add a variable for computername (i think its OSDComputerName or something) and the value would be "FGD-%serialnumber%". I remember doing something along those lines in my test lab.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.