Jump to content


Search the Community

Showing results for tags 'SCCM'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Cloud
    • Azure
    • Microsoft Intune
    • Office 365
  • General Stuff
    • General Chat
    • Events
    • Site News
    • Windows News
    • Suggestion box
    • Jobs
  • MDT, SMS, SCCM, Current Branch &Technical Preview
    • How do I ?
    • Microsoft Deployment Toolkit (MDT)
    • Official Forum Supporters
    • SMS 2003
    • Configuration Manager 2007
    • Configuration Manager 2012
    • System Center Configuration Manager (Current Branch)
    • Packaging
    • scripting
    • Endpoint Protection
  • Windows Client
    • how do I ?
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows Vista
    • Windows XP
    • windows screenshots
  • Windows Server
    • Active Directory
    • Microsoft SQL Server
    • System Center Operations Manager
    • KMS
    • Windows Deployment Services
    • NAP
    • Failover Clustering
    • PKI
    • Windows Server 2008
    • Windows Server 2012
    • Windows Server 2016
    • Windows Server 2019
    • Hyper V
    • Exchange
    • IIS/apache/web server
    • System Center Data Protection Manager
    • System Center Service Manager
    • System Center App Controller
    • System Center Virtual Machine Manager
    • System Center Orchestrator
    • Lync
    • Application Virtualization
    • Sharepoint
    • WSUS

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests

Found 634 results

  1. I recently upgraded my SCCM environment to 1902, I then did a 1903 Feature update to a laptop which was successful. I made the Products and Classification change in SCCM to make Windows 10 1903 software updates available. I created a deployment packed that included 1903 updates and deploy it to a combination of Windows 7, 10 1803 and 1903 devices. The Windows 7 and 10 1803 devices applied the updates successfully but both of the 1903 devices are giving me a message in software Center that there are "Insufficient Permissions for Software Installation, Your IT department has set restrictions for this software that prevent it from installing on your computer." Has anyone else run into this?
  2. This multi-part guide will show you how to install the latest baseline version of Configuration Manager from Microsoft. The latest available baseline version is System Center Configuration Manager (Current Branch) version 1802 as of March 29th 2018. How can I install System Center Configuration Manager (Current Branch) version 1802 on Windows Server 2016 with SQL Server 2017 – Part 1 How can I install System Center Configuration Manager (Current Branch) version 1802 on Windows Server 2016 with SQL Server 2017 – Part 2 How can I install System Center Configuration Manager (Current Branch) version 1802 on Windows Server 2016 with SQL Server 2017 – Part 3 How can I install System Center Configuration Manager (Current Branch) version 1802 on Windows Server 2016 with SQL Server 2017 – Part 4 You can use this multi-part guide to get a hierarchy up and running on Windows Server 2016 using SQL Server 2017. The concept behind this is to guide you through all the steps necessary to get a working Configuration Manager Primary site installed using manual methods or automating it by using PowerShell. This gives you the power to automate the bits that you want to automate, while allowing you to manually do other tasks when needed. You decide which path to take. PowerShell knowledge is desired and dare I say required if you are in any way serious about Configuration Manager. I will show you how to do most steps via two methods shown below, it’s up to you to choose which method suits you best but I highly recommend automating everything that you can (if possible), using PowerShell. Method #1 – Do it manually Method #2 – Automate it with PowerShell In Part 1, you configured Active Directory Domain Services (ADDS) on AD01, then joined the Configuration Manager primary server (CM01) to the newly created domain. You then created users, usergroups and OU's in Active Directory and created the System Management Container. Finally you delegated permission to the Configuration Manager server to the System Management container. In Part 2, you configured Windows Server 2016 roles and features on the Configuration Manager primary server (CM01) and then you downloaded and installed Windows ADK 1709. Next you installed SQL Server 2017 CU5 with SQL Server Management Studio (SSMS) and Reporting Services before installing the WSUS role which uses SQL to store the SUSDB instead of the Windows Internal Database (WID). In Part 3, you downloaded and extracted the ConfigMgr content, you downloaded the ConfigMgr prerequisites and then you extended the Active Directory schema before installing System Center Configuration Manager (Current Branch) version 1802. In this part you'll create some device collections to prepare your lab for Servicing Windows 10, whether using WAAS or Upgrade Task Sequences built into ConfigMgr. The collections create include some based on the recently released Windows 10 version 1803. Step 1. Create some device collections Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator You can create collections using the ConfigMgr console and clicking your way through the wizard, you'll need to add membership queries to populate the collections, and include Include or Exclude rules as appropriate. Method #1 – Do it manually <to be added> Method #2 – Automate it with PowerShell To automate the creation of a bunch of device collections simply run the CreateDeviceCollectionsWindows10.ps1 Powershell script by starting PowerShell ISE as Administrator on the ConfigMgr server (CM01). Summary In this guide you created a whole bunch of collections to sort all your Windows 10 computers into easily identifiable groups based on Windows Version number, so that you can target them with policy or use Upgrade task sequences or Windows Servicing. Downloads The scripts used in this guide are available for download here. Unzip to C:\Scripts on both servers. The scripts are placed in the corresponding folder (Part 1, Part 2 etc) and sorted into which server you should run the script on (AD01 or CM01). Scripts.zip
  3. So l’m kind new to SCCM’s OSD and I’ve been assigned to do an upgrade for Windows 7 workstation to Windows 10 v1703. I read online that the maximum ADK supported by SCCM 1606 is v1607, lucky I also read some posts online saying that it worked fine with Windows 10 v1706 although Microsoft does not support it. Now, my questions is our environment has an older ADK version that I don’t wish to remove if that possible. Can I just install the new ADK + upload new images to console + use new USMT Package for user data migration? Or must I upgrade the whole winPE to the new ADK environment? And if so, is there is any easier way then using scripts to update image and adk level ? ( older SCCM versions don’t have the option of reloading boot images) *current environment has two ADKs !! win 8.1 /older version of win 10 adk . If anyone can guide me please, I’m supposed to start the upgrade as soon as possible as windows 7 is going to be out of support in 2020.
  4. I've spent the better part of a day trying to add Adobe reader to our Software Center for users to install. I extracted the MSI files from the executable. I used their Customization app to create the .MST. I've tried setting the install up multiple different ways with no luck. The majority of the time it results in the install in Software Center spinning until it times out. Or it will begin the install correctly, except it's not paying attention to the settings I made in the MST file, and when it finishes, Software Center gives an error that when Googled equates to Software Center being unable to detect that it was installed. Someone out there has to have this working and can throw me a bone.
  5. I have been tasked to make a change to a currnt SCCM Env', at present they have Primary site - Severs only are managed here and the server support team mange the whole environment we are looking to add secondary site - this will be used to manage the workstations, a team of EUC sepport will manage the devices, but will have no access to the primary site. The SCCM will soo move to Co-Management the comapny does not want to move to CAS will a primary site do what we want, i have heard that in Co-Management the secondary site cannot be managed from its MP but only from the primary site any advice guys?
  6. Hello. There is the following command @echo off setLocal Enabledelayedexpansion for %%d in (c d e f g h i j k l m n o p q r s t u v w x y z) do ( if exist %%d:\"STORE USER ARM"\ ( xcopy %%d:"\User State Migration Tool\*.*" /e /v /y C:\Windows\USMT\ If not exist %%d:\Store Mkdir %%d:\Store c: cd C:\Windows\USMT\Amd64 scanstate.exe %%d:\Store\%ComputerName% /c /o /ue:%OSDCOMPUTERNAME%\* /hardlink /nocompress /i:MigApp.xml /i:MigCustom.xml /i:MigUser.xml /i:MigProgFiles.xml /v:5 /l:%%d:\Store\%ComputerName%\logs\scanstate.log /progress:%%d:\Store\%ComputerName%\logs\scanstate_progress.log )) The idea is to run the task sequence from a flash drive and save user data on the same flash drive. The script works, but does not work through the sequence. How does one make this option or maybe there is an alternative?
  7. Introduction This multi-part guide will show you how to install the latest baseline version of Configuration Manager from Microsoft. The latest available baseline version at the time of writing is System Center Configuration Manager (Current Branch) version 1902. SCCM 1902 is the latest baseline version and contains many bugfixes (and quality fixes) as detailed here. I blogged how to upgrade to 1902 here. Baseline media is used to install new ConfigMgr sites or to upgrade from supported versions. For more information about what baseline versions are and why you need them, I'd recommend you read my blog post here. This guide is aimed a new installations of SCCM. This lab is one of many hosted on my new hyper-v host, which is a very nice Lenovo P1 running Windows Server 2019 with data deduplication to make storage amazing. Note: The SCCM 1902 Current Branch media is not yet available on MSDN or VLSC. When the new baseline media is released I'll update this note. In the meantime you can download the baseline media ISO from the Microsoft evaluation site here. This will be the same media that will make it's way to MSDN and VLSC. Once downloaded, extract the media to C:\Source\SCCM1902. This series is broken down into the following parts:- Part 1 - Get the lab ready, configure ADDS (This part) Part 2 - Join CM01 to Domain, add users, create the Systems Management container, delegate permission Part 3 - Role and Feature installation, installation of WDS and ADK Part 4 - Configure and install SQL Server 2017 Part 5 - Configure and install SCCM 1902 Current Branch Part 6 - Post configuration You can use this multi-part guide to get a hierarchy up and running on Windows Server 2019 using SQL Server 2017. The concept behind this is to guide you through all the steps necessary to get a working Configuration Manager Primary site installed (for lab use) using manual methods or automated using PowerShell. This gives you the power to automate the bits that you want to automate, while allowing you to manually do other tasks when needed. You decide which path to take. PowerShell knowledge is desired and dare I say required if you are in any way serious about Configuration Manager. I will show you how to do most steps via two methods shown below, it's up to you to choose which method suits you best but I highly recommend automating everything that you can, using PowerShell. Method #1 - Do it manually Method #2 - Automate it with PowerShell Downloads The scripts used in this part of the guide are available for download here. Unzip to C:\Scripts. The scripts are placed in the corresponding folder (Part 1, Part 2 etc) and sorted into which server you should run the script on (DC01 or CM01). Scripts.zip Step 1. Get your lab ready In this guide I assume you have already installed two WorkGroup joined servers with Windows Server 2019 Standard (Desktop Experience) installed. You can install the operating system on those servers in whatever way you want. If you want a PowerShell script to help you create hyper-v virtual machines you can use this one. Please configure the servers used in this guide as listed below, the SmoothWall (Linux firewall) is optional. Server function: Domain Controller Server name: DC01 Server info: Workgroup joined IPv4 Address: 192.168.9.1 Subnet Mask: 255.255.255.0 Default Gateway: 192.168.9.199 DNS: 192.168.9.1 Server function: Configuration Manager Primary site Server Name: CM01 Server info: Workgroup joined IPv4 Address: 192.168.9.2 Subnet Mask: 255.255.255.0 Default Gateway: 192.168.9.199 DNS: 192.168.9.1 Server function: (optional) Linux firewall Server name: smoothwall Server info: Uses 2 legacy nics eth0: 192.168.9.199 eth1: x.x.x.x (internet facing ip) You will also need the following media. Windows Server 2019 Standard SQL Server 2017 System Center Configuration Manager 1902 Current Branch Step 2. Configure Active Directory Domain Services (ADDS) To setup Active Directory Domain Services you could manually click your way through the appropriate wizard in Server Manager or automate it using PowerShell. For your benefit I'll show you both methods below, all you have to do is choose which one suits you. Method #1 - Do it manually On the DC01, open Server Manager. Click on Add roles and features On the Before You Begin screen click Next. For Installation Type select Role-based or Feature-based installation For Server Selection select Select a server from the server pool and choose DC01 For Server Roles select Active Directory Domain Services, when prompted to add features that are required for Active Directory Domain Services select Add Features select DHCP Server,when prompted to add features that are required for DHCP Server, accept the changes by clicking on Add Features Select DNS Server, when prompted to add features that are required for DNS Server, accept the changes by clicking on Add Features Continue the the wizard by clicking Next On the Features screen click Next On the AD DS screen click Next On the DHCP server screen, click Next On the DNS Server screen click Next On the Confirmation screen click Install and then click on Close Configure Post Deployment Configuration After it's finished, perform the Post Deployment Configuration by clicking on Promote this server to a domain controller select the Add a new forest option, give it a root domain name such as windowsnoob.lab.local Next, depending on your requirements set the Forest functional level and Domain functional level, I've selected the default options below however you may want to configure it differently for your hierarchy, For the password field use P@ssw0rd, Click Next when ready, for DNS options, click Next, Next verify the NetBIOS name and click Next To specify the location of the AD DS database, log files and so forth, either accept the defaults, or change them to something that suits your hierarchy and click Next. Next you can review the options (clicking view script will save your actions to a PowerShell script for use later if you wish). Click Next when done. Next, click Install to begin Once it is complete making the changes it will automatically reboot the server After the reboot, open Server Manager again to do the Post-deployment Configuration for DHCP Server. Click on Complete DHCP Configuration use the defaults for DHCP Server Authorization Click on Commit, Click Close when done. That's how to configure ADDS and DHCP manually. Method #2 - Automate it with PowerShell To configure ADDS, DNS and DHCP automatically, use the ConfigureADDS.ps1 PowerShell script. Note: I'd recommend that you reboot the server before running the script in case any pending operations like Windows Update are in progress as it may effect the results of the script below - I have not (yet) added in any detection for pending operations. 1. Copy the script to C:\scripts on DC01 2. Edit the variables in lines 17-32 as desired before running. 3. Start Windows PowerShell ISE as Administrator and run the script by clicking on the green triangle. Once the script is run, it will automatically reboot the server, and after you logon, it will complete the DHCP server installation. Summary Using PowerShell to automate things is the proper way to do things as a server admin. Please join me in Part 2 of this multi-part guide where you will continue setting up your new Windows Server 2019 lab with SCCM 1902 Current Branch.
  8. Hi, I thought I would advertise my book here as I need all the shout-outs I can get! The book is entitled: ConfigMgr - An Administrator's Guide to Deploying Applications using PowerShell I think it's pretty good, but then again, I'm probably biased. You can get it here: https://leanpub.com/configmgr-DeployUsingPS Sorry about this advert - I hate adverts too. Sometimes, you just...gotta.
  9. Trying to enable Wake on LAN to a mass amount of already deployed workstations. I pulled down Dell's CCTK. Enabled the Wake on LAN feature for all models and dumped out an EXE from the software. Packaged it in SCCM, and it successfully gets pulled down. However, when SCCM is running the install execmgr.log keeps telling me: Script for Package:CU100103, Program: Dell BIOS Settings Wake On LAN failed with exit code 10 The advertisement status on the console tells me the same information. Has anyone had much experience deploying CCTKs this way? I have included images of the packages program settings; as it might be something in the manor I am telling it to run. Any help is appreciated. Also, Windows Noob is a job saver.
  10. Good morning, I am experiencing an issue with my wireless clients. I'm able to get some information. However, I am unable to get any software deployed to them. For example: - I get the green check, I am getting policy requests, heartbeat DDR, hardware scan, etc. I have the following applications deployed to a collection, I've kicked off "Machine Policy Retrieval & Evaluation Cycle" on the client, and wait. After a bit, I check the ccmcache folder, and all I see is this: " Upon investigating CAS.log, I see the following messages. Location update from CTM for content Content_9fca0c3a-abb4-45cf-8607-9002e09ff55d.1 and request {5BE028BD-31EF-40D7-ACCC-B68B5EAB238A} ContentAccess 3/29/2019 12:29:12 AM 8724 (0x2214) Download request only, ignoring location update ContentAccess 3/29/2019 12:29:12 AM 8724 (0x2214) Location update from CTM for content Content_f71ec7c6-8d83-4cff-baed-d042bee249db.1 and request {D933FF2F-430E-4AA3-9B2C-061131DA6764} ContentAccess 3/29/2019 12:29:13 AM 3416 (0x0D58) Download request only, ignoring location update ContentAccess 3/29/2019 12:29:13 AM 3416 (0x0D58) Location update from CTM for content Content_79793beb-8d31-491e-b97d-6e83188fa407.1 and request {3E6E2FEA-A93F-4642-9B18-B8006B334F95} ContentAccess 3/29/2019 12:29:13 AM 3416 (0x0D58) Download request only, ignoring location update ContentAccess 3/29/2019 12:29:13 AM 3416 (0x0D58) Location update from CTM for content Content_5354c64f-945a-4b08-a003-064130a4566a.1 and request {AEF8926C-5624-4BC0-B24F-1B7D4758212D} ContentAccess 3/29/2019 12:29:13 AM 4256 (0x10A0) Download request only, ignoring location update ContentAccess 3/29/2019 12:29:13 AM 4256 (0x10A0) Location update from CTM for content Content_3bea231e-1c77-4cda-8026-85eebee83451.1 and request {FA24E938-E4C0-4B3D-B0B8-ABD927785070} ContentAccess 3/29/2019 12:29:13 AM 4256 (0x10A0) Download request only, ignoring location update ContentAccess 3/29/2019 12:29:13 AM 4256 (0x10A0) Location update from CTM for content Content_637b724f-2a10-4111-9ca0-b0583587edaa.1 and request {F1AD0338-79E5-43B8-A996-D0E573C57A97} ContentAccess 3/29/2019 12:29:13 AM 7972 (0x1F24) Download request only, ignoring location update ContentAccess 3/29/2019 12:29:13 AM 7972 (0x1F24) Location update from CTM for content LIB00003.15 and request {9E0C4E3D-1981-4E35-8872-22BDDEED324F} ContentAccess 3/29/2019 12:29:13 AM 7972 (0x1F24) Download request only, ignoring location update ContentAccess 3/29/2019 12:29:13 AM 7972 (0x1F24) Location update from CTM for content Content_6a919932-b12f-46e1-be00-73c7d9c33269.1 and request {FF212273-2733-494F-87EE-33D06D76368A} ContentAccess 3/29/2019 12:29:13 AM 3416 (0x0D58) Download request only, ignoring location update ContentAccess 3/29/2019 12:29:13 AM 3416 (0x0D58) Location update from CTM for content Content_f7c36f23-6552-4ba8-b79c-2fb0d0a6463f.1 and request {CAEC8A21-7228-465F-80BC-BE1833D7321C} ContentAccess 3/29/2019 12:29:13 AM 7972 (0x1F24) Download request only, ignoring location update ContentAccess 3/29/2019 12:29:13 AM 7972 (0x1F24) Location update from CTM for content Content_9fca0c3a-abb4-45cf-8607-9002e09ff55d.1 and request {5BE028BD-31EF-40D7-ACCC-B68B5EAB238A} ContentAccess 3/29/2019 1:29:12 AM 3416 (0x0D58) Download request only, ignoring location update ContentAccess 3/29/2019 1:29:12 AM 3416 (0x0D58) Location update from CTM for content Content_f71ec7c6-8d83-4cff-baed-d042bee249db.1 and request {D933FF2F-430E-4AA3-9B2C-061131DA6764} ContentAccess 3/29/2019 1:29:13 AM 3416 (0x0D58) Download request only, ignoring location update ContentAccess 3/29/2019 1:29:13 AM 3416 (0x0D58) Location update from CTM for content Content_79793beb-8d31-491e-b97d-6e83188fa407.1 and request {3E6E2FEA-A93F-4642-9B18-B8006B334F95} ContentAccess 3/29/2019 1:29:13 AM 3416 (0x0D58) Download request only, ignoring location update ContentAccess 3/29/2019 1:29:13 AM 3416 (0x0D58) Location update from CTM for content Content_5354c64f-945a-4b08-a003-064130a4566a.1 and request {AEF8926C-5624-4BC0-B24F-1B7D4758212D} ContentAccess 3/29/2019 1:29:13 AM 2532 (0x09E4) Download request only, ignoring location update ContentAccess 3/29/2019 1:29:13 AM 2532 (0x09E4) Location update from CTM for content Content_3bea231e-1c77-4cda-8026-85eebee83451.1 and request {FA24E938-E4C0-4B3D-B0B8-ABD927785070} ContentAccess 3/29/2019 1:29:13 AM 4372 (0x1114) Download request only, ignoring location update ContentAccess 3/29/2019 1:29:13 AM 4372 (0x1114) Location update from CTM for content Content_637b724f-2a10-4111-9ca0-b0583587edaa.1 and request {F1AD0338-79E5-43B8-A996-D0E573C57A97} ContentAccess 3/29/2019 1:29:13 AM 4372 (0x1114) Download request only, ignoring location update ContentAccess 3/29/2019 1:29:13 AM 4372 (0x1114) Location update from CTM for content LIB00003.15 and request {9E0C4E3D-1981-4E35-8872-22BDDEED324F} ContentAccess 3/29/2019 1:29:13 AM 2532 (0x09E4) Download request only, ignoring location update ContentAccess 3/29/2019 1:29:13 AM 2532 (0x09E4) Location update from CTM for content Content_6a919932-b12f-46e1-be00-73c7d9c33269.1 and request {FF212273-2733-494F-87EE-33D06D76368A} ContentAccess 3/29/2019 1:29:13 AM 3856 (0x0F10) Download request only, ignoring location update ContentAccess 3/29/2019 1:29:13 AM 3856 (0x0F10) Location update from CTM for content Content_f7c36f23-6552-4ba8-b79c-2fb0d0a6463f.1 and request {CAEC8A21-7228-465F-80BC-BE1833D7321C} ContentAccess 3/29/2019 1:29:13 AM 7276 (0x1C6C) Download request only, ignoring location update ContentAccess 3/29/2019 1:29:13 AM 7276 (0x1C6C) Location update from CTM for content Content_9fca0c3a-abb4-45cf-8607-9002e09ff55d.1 and request {5BE028BD-31EF-40D7-ACCC-B68B5EAB238A} ContentAccess 3/29/2019 2:29:13 AM 4620 (0x120C) Download request only, ignoring location update ContentAccess 3/29/2019 2:29:13 AM 4620 (0x120C) Location update from CTM for content Content_f71ec7c6-8d83-4cff-baed-d042bee249db.1 and request {D933FF2F-430E-4AA3-9B2C-061131DA6764} ContentAccess 3/29/2019 2:29:13 AM 4984 (0x1378) Download request only, ignoring location update ContentAccess 3/29/2019 2:29:13 AM 4984 (0x1378) Location update from CTM for content Content_79793beb-8d31-491e-b97d-6e83188fa407.1 and request {3E6E2FEA-A93F-4642-9B18-B8006B334F95} ContentAccess 3/29/2019 2:29:13 AM 6088 (0x17C8) Download request only, ignoring location update ContentAccess 3/29/2019 2:29:13 AM 6088 (0x17C8) Location update from CTM for content Content_5354c64f-945a-4b08-a003-064130a4566a.1 and request {AEF8926C-5624-4BC0-B24F-1B7D4758212D} ContentAccess 3/29/2019 2:29:13 AM 7584 (0x1DA0) Download request only, ignoring location update ContentAccess 3/29/2019 2:29:13 AM 7584 (0x1DA0) Location update from CTM for content Content_3bea231e-1c77-4cda-8026-85eebee83451.1 and request {FA24E938-E4C0-4B3D-B0B8-ABD927785070} ContentAccess 3/29/2019 2:29:13 AM 7276 (0x1C6C) Download request only, ignoring location update ContentAccess 3/29/2019 2:29:13 AM 7276 (0x1C6C) Location update from CTM for content Content_637b724f-2a10-4111-9ca0-b0583587edaa.1 and request {F1AD0338-79E5-43B8-A996-D0E573C57A97} ContentAccess 3/29/2019 2:29:13 AM 7276 (0x1C6C) Download request only, ignoring location update ContentAccess 3/29/2019 2:29:13 AM 7276 (0x1C6C) Location update from CTM for content LIB00003.15 and request {9E0C4E3D-1981-4E35-8872-22BDDEED324F} ContentAccess 3/29/2019 2:29:13 AM 5576 (0x15C8) Download request only, ignoring location update ContentAccess 3/29/2019 2:29:13 AM 5576 (0x15C8) Location update from CTM for content Content_6a919932-b12f-46e1-be00-73c7d9c33269.1 and request {FF212273-2733-494F-87EE-33D06D76368A} ContentAccess 3/29/2019 2:29:14 AM 7584 (0x1DA0) Download request only, ignoring location update ContentAccess 3/29/2019 2:29:14 AM 7584 (0x1DA0) Location update from CTM for content Content_f7c36f23-6552-4ba8-b79c-2fb0d0a6463f.1 and request {CAEC8A21-7228-465F-80BC-BE1833D7321C} ContentAccess 3/29/2019 2:29:14 AM 5576 (0x15C8) Download request only, ignoring location update ContentAccess 3/29/2019 2:29:14 AM 5576 (0x15C8) Location update from CTM for content Content_9fca0c3a-abb4-45cf-8607-9002e09ff55d.1 and request {5BE028BD-31EF-40D7-ACCC-B68B5EAB238A} ContentAccess 3/29/2019 3:29:13 AM 2124 (0x084C) Download request only, ignoring location update ContentAccess 3/29/2019 3:29:13 AM 2124 (0x084C) Location update from CTM for content Content_f71ec7c6-8d83-4cff-baed-d042bee249db.1 and request {D933FF2F-430E-4AA3-9B2C-061131DA6764} ContentAccess 3/29/2019 3:29:13 AM 3856 (0x0F10) Download request only, ignoring location update ContentAccess 3/29/2019 3:29:13 AM 3856 (0x0F10) Location update from CTM for content Content_79793beb-8d31-491e-b97d-6e83188fa407.1 and request {3E6E2FEA-A93F-4642-9B18-B8006B334F95} ContentAccess 3/29/2019 3:29:14 AM 4028 (0x0FBC) Download request only, ignoring location update ContentAccess 3/29/2019 3:29:14 AM 4028 (0x0FBC) Location update from CTM for content Content_5354c64f-945a-4b08-a003-064130a4566a.1 and request {AEF8926C-5624-4BC0-B24F-1B7D4758212D} ContentAccess 3/29/2019 3:29:14 AM 3856 (0x0F10) Download request only, ignoring location update ContentAccess 3/29/2019 3:29:14 AM 3856 (0x0F10) Location update from CTM for content Content_3bea231e-1c77-4cda-8026-85eebee83451.1 and request {FA24E938-E4C0-4B3D-B0B8-ABD927785070} ContentAccess 3/29/2019 3:29:14 AM 7276 (0x1C6C) Download request only, ignoring location update ContentAccess 3/29/2019 3:29:14 AM 7276 (0x1C6C) Location update from CTM for content Content_637b724f-2a10-4111-9ca0-b0583587edaa.1 and request {F1AD0338-79E5-43B8-A996-D0E573C57A97} ContentAccess 3/29/2019 3:29:14 AM 4028 (0x0FBC) Download request only, ignoring location update ContentAccess 3/29/2019 3:29:14 AM 4028 (0x0FBC) Location update from CTM for content LIB00003.15 and request {9E0C4E3D-1981-4E35-8872-22BDDEED324F} ContentAccess 3/29/2019 3:29:14 AM 7276 (0x1C6C) Download request only, ignoring location update ContentAccess 3/29/2019 3:29:14 AM 7276 (0x1C6C) Location update from CTM for content Content_6a919932-b12f-46e1-be00-73c7d9c33269.1 and request {FF212273-2733-494F-87EE-33D06D76368A} ContentAccess 3/29/2019 3:29:14 AM 3856 (0x0F10) Download request only, ignoring location update ContentAccess 3/29/2019 3:29:14 AM 3856 (0x0F10) Location update from CTM for content Content_f7c36f23-6552-4ba8-b79c-2fb0d0a6463f.1 and request {CAEC8A21-7228-465F-80BC-BE1833D7321C} ContentAccess 3/29/2019 3:29:14 AM 4028 (0x0FBC) Download request only, ignoring location update ContentAccess 3/29/2019 3:29:14 AM 4028 (0x0FBC) Location update from CTM for content Content_9fca0c3a-abb4-45cf-8607-9002e09ff55d.1 and request {5BE028BD-31EF-40D7-ACCC-B68B5EAB238A} ContentAccess 3/29/2019 4:29:13 AM 8668 (0x21DC) Download request only, ignoring location update ContentAccess 3/29/2019 4:29:13 AM 8668 (0x21DC) Location update from CTM for content Content_f71ec7c6-8d83-4cff-baed-d042bee249db.1 and request {D933FF2F-430E-4AA3-9B2C-061131DA6764} ContentAccess 3/29/2019 4:29:13 AM 8668 (0x21DC) Download request only, ignoring location update ContentAccess 3/29/2019 4:29:13 AM 8668 (0x21DC) Location update from CTM for content Content_79793beb-8d31-491e-b97d-6e83188fa407.1 and request {3E6E2FEA-A93F-4642-9B18-B8006B334F95} ContentAccess 3/29/2019 4:29:13 AM 9084 (0x237C) Download request only, ignoring location update ContentAccess 3/29/2019 4:29:13 AM 9084 (0x237C) Location update from CTM for content Content_5354c64f-945a-4b08-a003-064130a4566a.1 and request {AEF8926C-5624-4BC0-B24F-1B7D4758212D} ContentAccess 3/29/2019 4:29:13 AM 7276 (0x1C6C) Download request only, ignoring location update ContentAccess 3/29/2019 4:29:13 AM 7276 (0x1C6C) Location update from CTM for content Content_3bea231e-1c77-4cda-8026-85eebee83451.1 and request {FA24E938-E4C0-4B3D-B0B8-ABD927785070} ContentAccess 3/29/2019 4:29:13 AM 4904 (0x1328) Download request only, ignoring location update ContentAccess 3/29/2019 4:29:13 AM 4904 (0x1328) Location update from CTM for content Content_637b724f-2a10-4111-9ca0-b0583587edaa.1 and request {F1AD0338-79E5-43B8-A996-D0E573C57A97} ContentAccess 3/29/2019 4:29:13 AM 8668 (0x21DC) Download request only, ignoring location update ContentAccess 3/29/2019 4:29:13 AM 8668 (0x21DC) Location update from CTM for content LIB00003.15 and request {9E0C4E3D-1981-4E35-8872-22BDDEED324F} ContentAccess 3/29/2019 4:29:13 AM 4904 (0x1328) Download request only, ignoring location update ContentAccess 3/29/2019 4:29:13 AM 4904 (0x1328) Location update from CTM for content Content_6a919932-b12f-46e1-be00-73c7d9c33269.1 and request {FF212273-2733-494F-87EE-33D06D76368A} ContentAccess 3/29/2019 4:29:14 AM 4904 (0x1328) Download request only, ignoring location update ContentAccess 3/29/2019 4:29:14 AM 4904 (0x1328) Location update from CTM for content Content_f7c36f23-6552-4ba8-b79c-2fb0d0a6463f.1 and request {CAEC8A21-7228-465F-80BC-BE1833D7321C} ContentAccess 3/29/2019 4:29:14 AM 7596 (0x1DAC) Download request only, ignoring location update ContentAccess 3/29/2019 4:29:14 AM 7596 (0x1DAC) Location update from CTM for content Content_9fca0c3a-abb4-45cf-8607-9002e09ff55d.1 and request {5BE028BD-31EF-40D7-ACCC-B68B5EAB238A} ContentAccess 3/29/2019 5:29:13 AM 7708 (0x1E1C) Download request only, ignoring location update ContentAccess 3/29/2019 5:29:13 AM 7708 (0x1E1C) Location update from CTM for content Content_f71ec7c6-8d83-4cff-baed-d042bee249db.1 and request {D933FF2F-430E-4AA3-9B2C-061131DA6764} ContentAccess 3/29/2019 5:29:13 AM 7708 (0x1E1C) Download request only, ignoring location update ContentAccess 3/29/2019 5:29:13 AM 7708 (0x1E1C) Location update from CTM for content Content_79793beb-8d31-491e-b97d-6e83188fa407.1 and request {3E6E2FEA-A93F-4642-9B18-B8006B334F95} ContentAccess 3/29/2019 5:29:13 AM 5440 (0x1540) Download request only, ignoring location update ContentAccess 3/29/2019 5:29:13 AM 5440 (0x1540) Location update from CTM for content Content_5354c64f-945a-4b08-a003-064130a4566a.1 and request {AEF8926C-5624-4BC0-B24F-1B7D4758212D} ContentAccess 3/29/2019 5:29:13 AM 5440 (0x1540) Download request only, ignoring location update ContentAccess 3/29/2019 5:29:13 AM 5440 (0x1540) Location update from CTM for content Content_3bea231e-1c77-4cda-8026-85eebee83451.1 and request {FA24E938-E4C0-4B3D-B0B8-ABD927785070} ContentAccess 3/29/2019 5:29:14 AM 5440 (0x1540) Download request only, ignoring location update ContentAccess 3/29/2019 5:29:14 AM 5440 (0x1540) Location update from CTM for content Content_637b724f-2a10-4111-9ca0-b0583587edaa.1 and request {F1AD0338-79E5-43B8-A996-D0E573C57A97} ContentAccess 3/29/2019 5:29:14 AM 5440 (0x1540) Download request only, ignoring location update ContentAccess 3/29/2019 5:29:14 AM 5440 (0x1540) Location update from CTM for content LIB00003.15 and request {9E0C4E3D-1981-4E35-8872-22BDDEED324F} ContentAccess 3/29/2019 5:29:14 AM 7708 (0x1E1C) Download request only, ignoring location update ContentAccess 3/29/2019 5:29:14 AM 7708 (0x1E1C) Location update from CTM for content Content_6a919932-b12f-46e1-be00-73c7d9c33269.1 and request {FF212273-2733-494F-87EE-33D06D76368A} ContentAccess 3/29/2019 5:29:14 AM 8668 (0x21DC) Download request only, ignoring location update ContentAccess 3/29/2019 5:29:14 AM 8668 (0x21DC) Location update from CTM for content Content_f7c36f23-6552-4ba8-b79c-2fb0d0a6463f.1 and request {CAEC8A21-7228-465F-80BC-BE1833D7321C} ContentAccess 3/29/2019 5:29:14 AM 7708 (0x1E1C) Download request only, ignoring location update ContentAccess 3/29/2019 5:29:14 AM 7708 (0x1E1C) Location update from CTM for content Content_9fca0c3a-abb4-45cf-8607-9002e09ff55d.1 and request {5BE028BD-31EF-40D7-ACCC-B68B5EAB238A} ContentAccess 3/29/2019 6:29:13 AM 6536 (0x1988) Download request only, ignoring location update ContentAccess 3/29/2019 6:29:13 AM 6536 (0x1988) Location update from CTM for content Content_f71ec7c6-8d83-4cff-baed-d042bee249db.1 and request {D933FF2F-430E-4AA3-9B2C-061131DA6764} ContentAccess 3/29/2019 6:29:13 AM 7728 (0x1E30) Download request only, ignoring location update ContentAccess 3/29/2019 6:29:13 AM 7728 (0x1E30) Location update from CTM for content Content_79793beb-8d31-491e-b97d-6e83188fa407.1 and request {3E6E2FEA-A93F-4642-9B18-B8006B334F95} ContentAccess 3/29/2019 6:29:13 AM 7728 (0x1E30) Download request only, ignoring location update ContentAccess 3/29/2019 6:29:13 AM 7728 (0x1E30) Location update from CTM for content Content_5354c64f-945a-4b08-a003-064130a4566a.1 and request {AEF8926C-5624-4BC0-B24F-1B7D4758212D} ContentAccess 3/29/2019 6:29:14 AM 7728 (0x1E30) Download request only, ignoring location update ContentAccess 3/29/2019 6:29:14 AM 77 I've also checked the boundaries and boundary groups to ensure that the correct network is in there. Other stuff: DP is HTTPS enabled, "allow intranet-only connections", using a PKI certificate, MP is HTTPS enabled "allow intranet-only connections" as well. Wireless clients are domain joined, and all of these application deployments work fine on wired clients. Any help where to look is appreciated!
  11. Hello, I've deployed a group of Windows updates to a collection which has no maintenance window and it's works correcty and all devices are comliant excep one who do not getting the updates and showing "Client check passed/Active" state. I've tried to stop wuauserv service and delete "SoftwareDistribution" floder but it isn't works for me. below details about my environment. Client Device : windows Server 2012 R2 whitch hosts the McAfee antivirus solution. FYI: I've tried to stop McAfee services but it restart automaticaly when the process of updates begin. SCCM Management Server: SCCM 2012 R2 SP1, WSUS 4.0 (6.3.9600.18694) Logs : - WUAHandler.log : Successfully completed scan - UpdatesDeployment.log : EnumerateUpdates for action (UpdateActionInstall) - Total actionable updates = 0 - LocationServices.log : ALL its correct - WindowsUpdate.log : 4 Warning WARNING: IsSessionRemote: WinStationQueryInformationW(WTSIsRemoteSession) failed for session 9, GetLastError=2250 WARNING: Failed to get Wu Exemption info from NLM, assuming not exempt, error = 0x80240037 WARNING: Failed to initialize event uploader for new server {9482F4B4-E343-43B6-B170-9A65BC822C77} with hr = 8024043d. WARNING: Network Cost is assumed to be not supported as something failed with trying to get handles to wcmapi.dll Thank you in advance for your help. cordially. Hadjer YAHIAOUI Infra Admin
  12. Quick question, is it necessary when updating an application with two separate deployment types to update content on each deployment type? I assume I should do both?
  13. Hi, I am working on a Company that have two Enterprises each one has a domain, both have two-ways domain trust. In the Enterprise A: we have SCCM 1810 Current Branch Primary site, the Enterprise B wants to have SCCM, but the Enterprise A need to have control on the Enterprise B, we are wondering which is the best option we need to take: Scenario 1: install secondary site on the Enterprise B with DP, MP and SUP (download updates directly from internet and not getting updates from the primary site on the Enterprise A) and PXE may be in the future. Scenario 2: Install distribution point on the Enterprise B, but in this option we are wondering if it is will use a lot traffic with enterprise A and if it is possible to install WSUS(independent WSUS) with DP. Notes: Enterprise A has SCCM 1810 primary site with MP, DP, SUP, etc... Enterprise B has a central office and many branches, the idea is, the enterprise B use the minimum network traffic with the Enterprise A, this latter wants to have full control and can gather all inventory information from Enterprise B, also the each IT should manage their site. Please could some someone advise? Regards
  14. This multi-part guide will show you how to install the latest baseline version of Configuration Manager from Microsoft. The latest available baseline version is System Center Configuration Manager (Current Branch) version 1802 as of March 29th 2018. How can I install System Center Configuration Manager (Current Branch) version 1802 on Windows Server 2016 with SQL Server 2017 – Part 1 How can I install System Center Configuration Manager (Current Branch) version 1802 on Windows Server 2016 with SQL Server 2017 – Part 2 How can I install System Center Configuration Manager (Current Branch) version 1802 on Windows Server 2016 with SQL Server 2017 – Part 3 How can I install System Center Configuration Manager (Current Branch) version 1802 on Windows Server 2016 with SQL Server 2017 – Part 4 You can use this multi-part guide to get a hierarchy up and running on Windows Server 2016 using SQL Server 2017. The concept behind this is to guide you through all the steps necessary to get a working Configuration Manager Primary site installed using manual methods or automating it by using PowerShell. This gives you the power to automate the bits that you want to automate, while allowing you to manually do other tasks when needed. You decide which path to take. PowerShell knowledge is desired and dare I say required if you are in any way serious about Configuration Manager. I will show you how to do most steps via two methods shown below, it’s up to you to choose which method suits you best but I highly recommend automating everything that you can (if possible), using PowerShell. Method #1 – Do it manually Method #2 – Automate it with PowerShell In Part 1, you configured Active Directory Domain Services (ADDS) on AD01, then joined the Configuration Manager primary server (CM01) to the newly created domain. You then created users, usergroups and OU's in Active Directory and created the System Management Container. Finally you delegated permission to the Configuration Manager server to the System Management container. In Part 2, you configured Windows Server 2016 roles and features on the Configuration Manager primary server (CM01) and then you downloaded and installed Windows ADK 1709. Next you installed SQL Server 2017 CU5 with SQL Server Management Studio (SSMS) and Reporting Services before installing the WSUS role which uses SQL to store the SUSDB instead of the Windows Internal Database (WID). In this Part, you will download and extract the ConfigMgr content, you'll download the ConfigMgr prerequisites and then you'll extend the Active Directory schema before installing System Center Configuration Manager (Current Branch) version 1802. Step 1. Download and extract the ConfigMgr content Before installing System Center Configuration Manager version 1802 you'll need to download the content as it is a baseline version. You can download baseline versions of the ConfigMgr media from Microsoft's Volume licensing Service Center (VLSC) site for use in production or from MSDN (or the Microsoft Evaluation site) for use in a lab. The VLSC download can be found be searching for Config and then selecting System Center Config Mgr (current branch and LTSB) as shown below. Once you've downloaded the ISO, mount it using Windows File Explorer and copy the contents to somewhere useful like C:\Source\SCCM1802 on the Configuration Manager server. Step 2. Download the ConfigMgr Prerequisites Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator You can download the prerequisites during ConfigMgr setup or in advance. As you'll probably want to install more than one copy of ConfigMgr (one lab, one production) it's nice to have the prerequisites downloaded in advance. Method #1 – Do it manually To do that, open an administrative PowerShell command prompt and navigate to the following folder: C:\Source\SCCM1802\smssetup\bin\X64 Run the following line .\SetupDL.exe C:\Source\SCCM_Prerequisites Once the process is complete you can open C:\ConfigMgrSetup.log with CMTrace (or notepad) to verify the status of the download. Note: You can find the CMTrace executable in the SMSSetup Tools folder in the location that you extracted the ConfigMgr media, eg: C:\Source\SCCM1802\SMSSETUP\TOOLS. Method #2 – Automate it with PowerShell To automate the download of the prerequisites simply follow the instructions and run the Install SCCM Current Branch version 1802.ps1 Powershell script in Step 4 or use the Download SCCM prerequisite files.ps1. Step 3. Extend the Schema Note: Perform the following on the Domain controller server (AD01) as Administrator. You do not have to extend the Active Directory schema if it was already extended for Configuration Manager previously. Method #1 – Do it manually To do that, on the Active Directory domain controller (AD01), open Windows File Explorer and browse to the network path of the ConfigMgr server where you've copied the SCCM source, eg: \\cm01\c$\Source\SCCM1802\SMSSETUP\BIN\X64 In that folder, locate extadsch.exe and right click, choose Run as Administrator. After the schema has been extended for SCCM, you can open C:\ExtAdsch.log on the root of C:\ on the server you are performing this on, and review the success or failure of that action. Method #2 – Automate it with PowerShell To automate extending the schema, use the Extend the Schema in AD.ps1 PowerShell script. Run the script on the CM01 server using credentials that have the ability to extend the schema. Step 4. Install SCCM Current Branch (version 1802) Note: Perform the following on the ConfigMgr server (CM01) as Administrator. Method #1 – Do it manually To do that, on the Configuration Manager server (CM01), open Windows File Explorer and browse to the network path of the ConfigMgr server where you've copied the SCCM source, eg: C:\Source\SCCM1802\ In that folder, double click on splash.hta. The Installer appears, click on Install. At the Before You Begin screen click Next. In the Available Setup Options screen, place a checkbox in "Use typical Installation options for a stand alone primary site" When prompted if you want to continue click Yes. On the Product Key screen enter your Key (or choose the eval option), and set the Software Assurance Date (optional) On the Product License Terms screen, select the 3 available options and click Next. On the Prerequisite Downloads screen, select the first option and specify C:\Source\SCCM_Prerequisites as the folder to download the prerequisite files. Click Next to start the download. On the Site and Installation Settings screen, enter your chosen site code (eg: P01), your site name and the path where you want to install ConfigMgr. On the Diagnostics and Usage data screen, click Next. On the Service Connection Point Setup screen, enter your choices and click Next. On the Settings Summary, review your choices and when happy with them click Next. On the Prerequisite Check screen click Begin Install when ready. During the installation, click on View Log (opens C:\ConfigmgrSetup.log) to review the installation progress using CMTrace and when the installation is done, click Close. Method #2 – Automate it with PowerShell To automate the installation of ConfigMgr 1802 (including all the previous steps above), simply run the Install SCCM Current Branch version 1802.ps1 PowerShell script. Run the script on the CM01 server and when prompted to extend the schema, enter your choice (yes or no) and if you choose to extend the schema, provide suitable credentials when prompted. Once done with the schema extension, the installation will continue (as shown below). and once installed you can launch the console. Success ! Summary In this 3 part guide you used quite a bit of PowerShell to automate pretty much most of Installing System Center Configuration Manager Current Branch (version 1802), including installing and configuring SQL Server 2017 on Windows Server 2016. Doing it with PowerShell means you can safely say that you've got a handle on Automation using PowerShell. I hope you learned a lot from doing it this way, and until next time, adios ! Downloads The scripts used in this guide are available for download here. Unzip to C:\Scripts on both servers. The scripts are placed in the corresponding folder (Part 1, Part 2 etc) and sorted into which server you should run the script on (AD01 or CM01). Scripts.zip
  15. This multi-part guide will show you how to install the latest baseline version of Configuration Manager from Microsoft. The latest available baseline version is System Center Configuration Manager (Current Branch) version 1802 as of March 29th 2018. How can I install System Center Configuration Manager (Current Branch) version 1802 on Windows Server 2016 with SQL Server 2017 – Part 1 How can I install System Center Configuration Manager (Current Branch) version 1802 on Windows Server 2016 with SQL Server 2017 – Part 2 How can I install System Center Configuration Manager (Current Branch) version 1802 on Windows Server 2016 with SQL Server 2017 – Part 3 How can I install System Center Configuration Manager (Current Branch) version 1802 on Windows Server 2016 with SQL Server 2017 – Part 4 You can use this multi-part guide to get a hierarchy up and running on Windows Server 2016 using SQL Server 2017. The concept behind this is to guide you through all the steps necessary to get a working Configuration Manager Primary site installed (for lab use) using manual methods or automated using PowerShell. This gives you the power to automate the bits that you want to automate, while allowing you to manually do other tasks when needed. You decide which path to take. PowerShell knowledge is desired and dare I say required if you are in any way serious about Configuration Manager. I will show you how to do most steps via two methods shown below, it’s up to you to choose which method suits you best but I highly recommend automating everything that you can, using PowerShell. Method #1 – Do it manually Method #2 – Automate it with PowerShell In Part 1, you configured Active Directory Domain Services (ADDS) on AD01, then joined the Configuration Manager server (CM01) to the newly created domain. You then created users, usergroups and OU's in Active Directory and created the System Management Container. Finally you delegated permission to the Configuration Manager server to the System Management container. Step 1. Install Roles and Features on CM01 Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator To support various features in System Center Configuration Manager, the setup wizard requires some server roles and features preinstalled. On CM01, login as the username you added to the Local Administrators group and start Server Manager. Method #1 - Do it manually The role and feature requirements for ConfigMgr are listed here https://docs.microsoft.com/en-us/sccm/core/plan-design/configs/site-and-site-system-prerequisites. On CM01, login as a user with administrative permissions on the server. Start Server Manager. Click on Add roles and features, on the Before you begin page click Next Choose Role-based or feature-based installation In the Server Selection screen verify CM01.windowsnoob.lab.local is selected and click Next On the Server Roles screen select Web Service (IIS) and when prompted to add features for Web Server (IIS) click on Add Features Click Next and on the Features screen select the .NET Framework 3.5 (includes .NET 2.0 and 3.0) feature Expand the .NET Framework 4.6 Features and select HTTP Activation under WCF Services, answer Add Features when prompted. Select Message Queuing (MSMQ) Activation and when prompted select Add Features Select Named Pipe Activation and TCP Activation and under Background Intelligent Transfer Service (BITS) select IIS Server Extension when prompted to add features click on Add Features Scroll down and select Remote Differential Compression Click Next and on the Web Server Role (IIS) screen click Next on the Select Role Services verify that the following are selected Click Next and point to the Installation Source by clicking on Specify an alternate source path Enter the path to the media eg: E:\Sources\SxS Click Install when ready, at this point you could export configuration settings for later automation Click on Close when the feature installation has succeeded. Method #2 - Automate it with PowerShell Note: Make sure your Server 2016 media is in the drive specified in the script or edit the script to point to the new location of the media. To install the roles and features needed, start Windows Powershell ISE as a user with administrative permissions on the server, edit the variables as appropriate and run the install roles and features.ps1 script. The script will automatically stop and prompt you to correct things, if it cannot find the XML file or the Windows Server 2016 installation media. 1. Extract the scripts to C:\Scripts on CM01 and load the install roles and features.ps1script located in C:\Scripts\Part 2\CM01 2. Edit the variables (lines 18-19) as desired before running. 3. Start Windows PowerShell ISE as Administrator and run the script by clicking on the green triangle. Step 2. Download and install Windows ADK and install WDS Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator When you deploy operating systems with Configuration Manager, the Windows ADK is an external dependency that is required. The ConfigMgr prerequisite checker will check for various things, including ADK components such as USMT and Windows Preinstallation Environment (among others), therefore you need to install Windows ADK on your server. System Center Configuration Manager version 1802 supports Windows ADK 1709 as I've explained here. Method #1 - Do it manually Go to this link and download ADK 1709. You'll be prompted to save or run ADKSETUP.EXE, select Run. When prompted for the path, accept the defaults...(or change it to something else if you wish) Select your privacy settings Accept the ADK EULA Make sure to have selected at least the following ADK features Deployment Tools Windows Preinstallation Environment (Windows PE) Imaging and Configuration Designer (ICD) Configuration Designer User State Migration tool (USMT) and click Install to start the download and Installation of the Windows ADK, version 1709. Once the ADK installation is complete, click Close. To install WDS, open Server Manager, select Add roles and features and select the Windows Deployment Services role. When prompted click on Add Features to include management tools. and click through the wizard until completion, close the wizard when done. Method #2 - Automate it with PowerShell To download and then install Windows ADK 10 version 1709 with the components needed for ConfigMgr, start Windows Powershell ISE as Administrator and run the setup ADK and WDS.ps1 script. This script not only downloads and installs ADK 1709, but it installs the Windows Deployment Services role. Tip: If you've already downloaded ADK 1709 and want to save yourself some time, copy the Windows Kits folder and all files/folders within to the source folder (eg: C:\Source\Windows Kits) and the script will skip the download. 1. Extract the scripts to C:\Scripts on CM01 and load the setup ADK and WDS.ps1 script located in C:\Scripts\Part 2\CM01 2. Edit the variable (line 17) as desired before running. 3. Start Windows PowerShell ISE as Administrator and run the script by clicking on the green triangle. Step 3. Install SQL Server 2017 Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator Method #1 - Do it manually Configure the firewall as described in https://go.microsoft.com/fwlink/?linkid=94001. After configuring the firewall, browse to the drive where the SQL Server 2017 media is, and run setup.exe. The SQL Server Installation Center wizard will appear. Click on Installation and then choose New SQL Server standalone installation or add features to an existing installation. Enter the Product Key or use the evaluation version if that's what you want to use. The product key will be automatically filled in for licensed media downloaded from Microsoft Volume Licensing Service Center. Accept the EULA Make your Microsoft Update choices and review your Install rules, select the SQL server instance features you need and if necessary change the drive letter where you intend to install it And configure the Instance Configuration or just leave it as default Verify the Service Accounts settings and for Collation, make sure the collation is set to SQL_Latin1_General_CP1_CI_AS For Server Configuration, click on Add Current User After configuring Data Directories, TempDB and Filestream settings you are Ready to Install Click on Install to start the installation of SQL Server 2017, and once it's completed, click Close. After installing SQL Server 2017, download SQL Server 2017 SSMS from here and install it. Method #2 - Automate it with PowerShell Note: Make sure your SQL Server 2017 media is in the drive specified in the script or edit the script to point to the new location of the media. The script and accompanying INI file have the path pointing at D:\Program Files, please change the variables as appropriate. To install SQL Server 2017 use the Install SQL Server 2017.ps1 script. The script will create a ConfigurationFile.ini used to automate the installation of SQL Server 2017, and after it's installed the script will download the SSMS executable (Management Studio) and install it. Then it will download Reporting Services and install it. If either of the EXE's are in the download folder, it will skip the download and just install. SQL Server no longer comes with the Management Studio or Reporting Services built in, and they are offered as separate downloads, don't worry though, my PowerShell script takes care of that for you. 1. Extract the scripts to C:\Scripts on CM01 and load the Install SQL Server 2017.ps1 script located in C:\Scripts\Part 2\CM01 2. Edit the variables [lines 17-76] as desired before running. 3. Start Windows PowerShell ISE as Administrator and run the script by clicking on the green triangle. Step 4. Restart the Configuration Manager Primary Server Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator Open an administrative command prompt and issue the following command: shutdown /r Step 5. Install the WSUS role Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator Now that SQL server is installed, we can utilize SQL Server for the WSUS database. To install WSUS and configure it to use the SQL server database instead of the Windows Internal Database, do as follows: Method #1 - Do it manually Using Roles and Features in Server Manager, add the Windows Server Update Services role. When prompted to add features for the WSUS role, click on Add features. When prompted for the Role Services, uncheck WID Connectivity and add SQL Server Connectivity instead. When prompted for Content location, enter a valid path When prompted for Database Instance Selection, enter the server name and click on Check Connection On the Confirm Installation Selections screen, click on Install. and finally click close. After installing the WSUS role, in Server Manager, click on the yellow exclamation mark and choose Launch Post Installation Tasks. When the tasks are completed Optional: The WSUS database (SUSDB) can be observed using SQL Server SSMS. Method #2 - Automate it with PowerShell Browse to the location where you extracted the scripts, C:\scripts. Start Windows PowerShell ISE as administrator, open the Install roles and features_WSUS.ps1 script, edit the $servername variable and replace CM01 with the ServerName your are installing ConfigMgr on (SQL server). Note: Make sure to have your Windows Server 2016 media in the path referred to by $Sourcefiles. 1. Extract the scripts to C:\Scripts on CM01 and load the Install roles and features_WSUS.ps1 script located in C:\Scripts\Part 2\CM01 2. Edit the variables [lines 22-25] as desired before running. 3. Start Windows PowerShell ISE as Administrator and run the script by clicking on the green triangle. Downloads The scripts used in this guide are available for download here. Unzip to C:\Scripts on both servers. The scripts are placed in the corresponding folder (Part 1, Part 2 etc) and sorted into which server you should run the script on (AD01 or CM01). Scripts.zip Summary Using PowerShell to automate things leaves more time for yourself and it's fun. Please join me in Part 3 of this multi-part guide when you will install System Center Configuration Manager version 1802 (Current Branch).
  16. In this Guide we will Go Step by Step for installation SCCM 1606 on Remote SQL Server, let’s Go with the below plan for our Deployment: 1. Create Two Domain Accounts as Service Account, one as a domain admin for SCCM and the other for SQL Services (Domain user) 2. Create System Management Container and Give the Computer Account for site server the needed permissions 3. Extend AD Schema 4. Install ADK 5. Install the Required Roles and Features For SCCM 6. Install SQL Server on Remote virtual machine 7. Configure Static Port for SQL and Add SCCM Site Server As local Admin on SQL Server 8. Install SCCM primary server Stand-alone You can find the guide in the attachment : ) Install SCCM On Remote SQL Step By Step.pdf
  17. I am facing a very weird issue with SCCM CoManagement where Windows 10 machines registered to AzureAD in Hybrid Azure AD Join, are shown as Azure AD Joined. I will be focusing on one machine so we see the issue in depth. Configuration details SCCM Current Branch 1802 with all three hotfixes installed Windows 10 Enterprise 1803 with latest updates Co-Management Enabled for All Devices (no pilot group) No workloads have yet been migrated to Intune Group Policies for Automatic Enrollment to MDM and Automatic Registration with AzureAD enabled SCCM Client Cloud option for Automatic Registration enabled Intune set as Standalone Intune Enrollment set as MDM only (MAM disabled) ADFS Federated Domain 3.0 (2012R2) with AAD Connect Federation Facts SSO et. all are working as expected on the client Client detects client as Hybrid Azure AD Joined Intune detects client as Hybrid Azure AD Joined Issue SCCM detects client as Azure AD Joined I will now provide all relevant screenshots from Intune, SCCM and Client. SCCM As seen below, SCCM thinks the device is Azure AD Join and not Hybrid Azure AD Join. I also used the following SCCM query: select SMS_R_System.NetbiosName, SMS_Client_ComanagementState.Authority, SMS_Client_ComanagementState.AADDeviceID, SMS_Client_ComanagementState.ComgmtPolicyPresent, SMS_Client_ComanagementState.EnrollmentErrorDetail, SMS_Client_ComanagementState.EnrollmentFailed, SMS_Client_ComanagementState.EnrollmentStatusCode, SMS_Client_ComanagementState.HybridAADJoined, SMS_Client_ComanagementState.MDMEnrolled, SMS_Client_ComanagementState.MDMWorkloads, SMS_Client_ComanagementState.AADJoined from SMS_R_System inner join SMS_Client_ComanagementState on SMS_Client_ComanagementState.ResourceID = SMS_R_System.ResourceId where SMS_Client_ComanagementState.ComgmtPolicyPresent = 1 and SMS_Client_ComanagementState.MDMEnrolled = 1 And had the following results, same probem. Azure AD Joined = Yes, Hybrid Azure AD Joined = No AzureAD As seen on the Devices > Azure AD Devices, the machine is properly detected as Hybrid Azure AD Joined As seen below, DeviceTrustType = Domain Joined and DeviceTrustLevel = Managed should be correct (see here). Get-MsolDevice -Name hp-eb-g3 Enabled : True ObjectId : cxxxxxxxxxxxxxxxxxxxxxxxx0 DeviceId : 2xxxxxxxxxxxxxxxxxxxxxxxxxxxxx2 DisplayName : HP-EB-G3 DeviceObjectVersion : 2 DeviceOsType : Windows 10 Enterprise DeviceOsVersion : 10.0 (17134) DeviceTrustType : Domain Joined DeviceTrustLevel : Managed DevicePhysicalIds : {[USER-GID]:2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx2, [GID]:g:6xxxxxxxxxxxxxxxx2, [USER-HWID]:2xxxxxxxxxxxxxxxxxxxxxxxxxxxxx2, [HWID]:h:6xxxxxxxxxxxxxxxxxx2} ApproximateLastLogonTimestamp : 27/07/2018 15:00:56 AlternativeSecurityIds : {X509:<SHA1-TP-PUBKEY>0xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx} DirSyncEnabled : True LastDirSyncTime : 03/08/2018 02:31:16 RegisteredOwners : {} GraphDeviceObject : Microsoft.Azure.ActiveDirectory.GraphClient.Device Intune This is how the device shows up in Intune Client DeviceManagement Log event 75 properly happened Client properly seeing management from Intune dsregcmd properly recognizes machine as AAD and MDM enrolled and AD Domain Joined dsregcmd /status +----------------------------------------------------------------------+ | Device State | +----------------------------------------------------------------------+ AzureAdJoined : YES EnterpriseJoined : NO DeviceId : 2xxxxxxxxxxxxxxxxxxxxxxxxx2 Thumbprint : 0xxxxxxxxxxxxxxxxxxxxxxA KeyContainerId : cxxxxxxxxxxxxxxxxxxxxxx7 KeyProvider : Microsoft Platform Crypto Provider TpmProtected : YES KeySignTest: : PASSED Idp : login.windows.net TenantId : 9xxxxxxxxxxxxxxxxxxx2 TenantName : Axxxxxxxxxxxxxs AuthCodeUrl : https://login.microsoftonline.com/9xxxxxxxxxxxxxxxxxxxx2/oauth2/authorize AccessTokenUrl : https://login.microsoftonline.com/9xxxxxxxxxxxxxxxxxxxxxxxxx2/oauth2/token MdmUrl : https://enrollment.manage.microsoft.com/enrollmentserver/discovery.svc MdmTouUrl : https://portal.manage.microsoft.com/TermsofUse.aspx MdmComplianceUrl : https://portal.manage.microsoft.com/?portalAction=Compliance SettingsUrl : JoinSrvVersion : 1.0 JoinSrvUrl : https://enterpriseregistration.windows.net/EnrollmentServer/device/ JoinSrvId : urn:ms-drs:enterpriseregistration.windows.net KeySrvVersion : 1.0 KeySrvUrl : https://enterpriseregistration.windows.net/EnrollmentServer/key/ KeySrvId : urn:ms-drs:enterpriseregistration.windows.net WebAuthNSrvVersion : 1.0 WebAuthNSrvUrl : https://enterpriseregistration.windows.net/webauthn/9xxxxxxxxxxxxxxxxxxxxxxxxxxxx2/ WebAuthNSrvId : urn:ms-drs:enterpriseregistration.windows.net DeviceManagementSrvVersion : 1.0 DeviceManagementSrvUrl : https://enterpriseregistration.windows.net/manage/9xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx2/ DeviceManagementSrvId : urn:ms-drs:enterpriseregistration.windows.net DomainJoined : YES DomainName : XXXXXXXXXX +----------------------------------------------------------------------+ | User State | +----------------------------------------------------------------------+ NgcSet : NO WorkplaceJoined : NO WamDefaultSet : YES WamDefaultAuthority : organizations WamDefaultId : https://login.microsoft.com WamDefaultGUID : {Bxxxxxxxxxxxxxxxxxxxxxxxxxxxxx0} (AzureAd) AzureAdPrt : YES AzureAdPrtAuthority : https://login.microsoftonline.com/9xxxxxxxxxxxxxxxxxxxxxxxxxx2 EnterprisePrt : NO EnterprisePrtAuthority : +----------------------------------------------------------------------+ | Ngc Prerequisite Check | +----------------------------------------------------------------------+ IsUserAzureAD : YES PolicyEnabled : NO PostLogonEnabled : YES DeviceEligible : YES SessionIsNotRemote : NO CertEnrollment : none AadRecoveryNeeded : NO PreReqResult : WillNotProvision Can anyone having a similar configuration crosscheck and let me know what difference there is? References: https://www.imab.dk/flipping-the-switch-how-to-enable-co-management-in-configuration-manager-current-branch/ https://allthingscloud.blog/automatically-mdm-enroll-windows-10-device-using-group-policy/ -- Alex
  18. Been checking out the new email approval feature for application requests in CB1810, however, I am running into an issue and can't seem to figure it out. To start, I can successfully request an application and SCCM triggers the alert and I successfully receive an email. However, when I attempt to approve or deny the request, I get a website security error and can't proceed. I am not using Azure integration and I am attempting this on my local intranet. Any ideas? (Sensitive information removed) Thanks! Mark
  19. We have SCCM setup for 10k or more PC's that are all domain joined and all that works fine. I'm trying to add workgroup ones (one right now for testing) All the sites I've found say its possible with some limitations. I have the client on the PC, It sees the server and the applications but anything we try to install from SCCM just sits there at 0% downloading. I have the test pc plugged into the LAN on the same subnet the BG is set for my PC so its in a boundary group. The only log I've found that I understand (attached) says "Error logging on as a network access account" We have a Network access account setup, I have it on the SCCM server and distribution point with rights to access via network. Does anyone know what I'm missing to make this work?
  20. Hey Guys / Niall - I'm wrapping up the build of a brand new environment on a new domain we are migrating to and installing the last Secondary Site of 7. The destination servers of all the Secondary sites are all new 2012 R2 installations where I manually installed all pre-reqs, deployed the Secondary site from the console, and once complete added SUP & SMP. All 6 installed prior to this one went great with no issues. However, this last one is a pain even though I installed it the exact same way. It shows it completed successfully, but that's not the case. Below is a list of characteristics of the issue , what I've tried so far, and finally log info. I'm referring to the Secondary with issues as "TEX" and primary site as "ABC" Characteristics of Secondary Site Issues (As it appears 24 hours after installation / deployment) Installation completes successfully and under Sites its listed as "Active." All results within Installation Results pass except for 2 pre-req warnings BITS & IIS6 WMI compatibility component for IIS7 are not installed or cannot be verified Setup unable to establish a remote connection to WMI on secondary site Site Status & Component Status lists do not contain and entries from "TEX" yet lists ones from the 6 other Secondaries AD Forests / Publishing Status lists all 6 Secondaries + 1 Primary including TEX - however - the "Last Publishing Time" & "Last Publishing Status" are empty only for TEX There are no entries for "TEX" within System Management container In Monitoring / Database Replication, it states "Link is being configured" & "Initializing data between the parent site and child site". Replication Analyzer Inconsistent public keys - asks me to initiate public key transfer for target site TEX on source site ABC File replication route is required for site-to-site communication and file replication route is missing for site ABC on site TEX Replication initialization is aborted in site ABC for the replication groups: Secondary_Site_Replication_Configuration. RLA recommends reinitializing the above mentioned groups on site TEX. This may take several hours A boundary group with ~200 IP Ranges is associated with the Secondary Site Groups for local admins on TEX are the same as all other secondaries Distribution is not working / processing anything to TEX although should be What I've Tried to Resolve Issue Uninstall Secondary Site then reinstall Delete Secondary Site from console then manually uninstall all SCCM & SQL components, delete related files, registry entries, and even uninstalled roles / features; rebooted; then reinstalled all from scratch - same issue persists Manually added server's hostname to System Management container delegating full access to it Chosen to run all suggested actions in Replication Link Analyzer. After doing each, same issue appeared so had to skip rule to get it to continue Used the commands "preinst.exe /keyforchild" and "preinst.exe /keyforparent" then copied the resulting files into the hman.inbox where they belonged. They were processed and disappeared but nothing changed Considering uninstall / reinstall again but using a different site code. Only thing is that if that worked I feel I'd have some crap left over in database from old site code and don't want to jeopardize stability or performance Log FIles Below are individual log files as well as ZIPs of multiple ones taken from when I worked on it this afternoon. TEX_to_ABC Diagnostics.csv ReplicationAnalysis.htm rcmctrl_(Primary ABC).log rcmctrl_(Secondary_TEX).log AllReplicationLogs.zip SecondaryLogFiles.zip SecondaryInstallLogs.zip replmgr_(Primary ABC).log replmgr_(Secondary_TEX).log The site is 2012 R2 SP1 CU4 with all site servers running 2012 R2 OS. Any help or suggestions you could provide would be fantastic - Thank You!!
  21. I am trying to create an email notification that will report all the systems that completed their hardware inventory (which occurs daily) and those that haven't, and send an email notification with the status. Is this possible? Thanks
  22. Introduction This multi-part guide will show you how to install the latest baseline version of Configuration Manager from Microsoft. The latest available baseline version is System Center Configuration Manager (Current Branch) version 1802 as of March 29th 2018. How can I install System Center Configuration Manager (Current Branch) version 1802 on Windows Server 2016 with SQL Server 2017 – Part 1 How can I install System Center Configuration Manager (Current Branch) version 1802 on Windows Server 2016 with SQL Server 2017 – Part 2 How can I install System Center Configuration Manager (Current Branch) version 1802 on Windows Server 2016 with SQL Server 2017 – Part 3 How can I install System Center Configuration Manager (Current Branch) version 1802 on Windows Server 2016 with SQL Server 2017 – Part 4 You can use this multi-part guide to get a hierarchy up and running on Windows Server 2016 using SQL Server 2017. The concept behind this is to guide you through all the steps necessary to get a working Configuration Manager Primary site installed (for lab use) using manual methods or automated using PowerShell. This gives you the power to automate the bits that you want to automate, while allowing you to manually do other tasks when needed. You decide which path to take. PowerShell knowledge is desired and dare I say required if you are in any way serious about Configuration Manager. I will show you how to do most steps via two methods shown below, it's up to you to choose which method suits you best but I highly recommend automating everything that you can, using PowerShell. Method #1 - Do it manually Method #2 - Automate it with PowerShell Get your lab ready In this guide I assume you have already installed two WorkGroup joined servers with Windows Server 2016 installed, how you install the operating system is up to you. When installing the servers please choose Windows Server 2016 Standard (Desktop Experience). The servers used in this guide are configured as listed below, the SmoothWall (NAT) is optional. Server name: AD01 Server function: Domain Controller Server status: Workgroup joined IPv4 Address: 192.168.9.1 Subnet Mask: 255.255.255.0 Default Gateway: 192.168.9.199 DNS: 192.168.9.1 Server name: CM01 Server function: Configuration Manager Primary site Server status: Workgroup joined IPv4 Address: 192.168.9.2 Subnet Mask: 255.255.255.0 Default Gateway: 192.168.9.199 DNS: 192.168.9.1 Server name: Smoothwall Server function:Linux firewall Server status: 2 legacy nics eth0: 192.168.9.199 eth1: x.x.x.x (internet facing ip) Step 1. Configure Active Directory Domain Services (ADDS) Note: Perform the following steps on the AD01 server as a Local Administrator. To setup Active Directory Domain Services you could manually click your way through the appropriate wizard in Server Manager or automate it using PowerShell. For your benefit I'll show you both methods below, all you have to do is choose which one suits you. Method #1 - Do it manually Open Server Manager. Click on Add roles and features On the Before You Begin screen click Next For Installation Type select Role-based or Feature-based installation For Server Selection select Select a server from the server pool and choose AD01 For Server Roles select Active Directory Domain Services, when prompted to add features that are required for Active Directory Domain Services select Add Features Select DNS Server, when prompted to add features that are required for DNS Server, accept the changes by clicking on Add Features Continue the the wizard by clicking Next On the Features screen click Next On the AD DS screen click Next On the DNS Server screen click Next On the Confirmation screen click Install and then click on Close After it's finished, perform the Post Deployment Configuration by clicking on Promote this server to a domain controller select the Add a new forest option, give it a root domain name such as windowsnoob.lab.local Next, depending on your requirements set the Forest functional level and Domain functional level, I've selected the default options below however you may want to configure it differently for your hierarchy, For the password field use P@ssw0rd, Click Next when ready, for DNS options, click Next, Next verify the NetBIOS name and click Next To specify the location of the AD DS database, log files and so forth, either accept the defaults, or change them to something that suits your hierarchy and click Next. Next you can review the options (clicking view script will save your actions to a PowerShell script for use later if you wish). Click Next when done. Next, click Install to begin Once it is complete making the changes it will automatically reboot the server Method #2 - Automate it with PowerShell To configure ADDS and DNS automatically, use the ConfigureADDS.ps1 PowerShell script. 1. Copy the script to C:\scripts on AD01 2. Edit the variables in lines 17-24 as desired before running. 3. Start Windows PowerShell ISE as Administrator and run the script by clicking on the green triangle. Once the script is run, it will automatically reboot. Step 2. Join CM01 to the domain Note: Perform the following on the ConfigMgr server (CM01) as Local Administrator Method #1 - Do it manually To join the domain manually, login to CM01. Start Windows File Explorer. Right-click on This-PC and choose Properties. The System screen will appear. Click on Change settings to the right of Computer name. For the option To rename this computer or change its domain or workgroup, click Change, click Change and for Member of select Domain, enter the Domain details used in Step 1 and click OK when prompted for credentials, enter them and click OK You'll be welcomed to the Domain. Click OK. And prompted to reboot the computer, Click OK. In the Computer Name/Domain changes screen, click Close then click Restart now when prompted. Method #2 - Automate it with PowerShell To join the domain automatically, use the joindomain.ps1 PowerShell script. 1. Copy the script to C:\Scripts on CM01 2. Edit the variables (lines 16-18) as desired before running. 3. Start Windows PowerShell ISE as Administrator and run the script by clicking on the green triangle. Note: If DNS is not set correctly on the CM01 Network Properties, then the Domain Join process will fail. The script checks for success and reports an error if one occurs. If successful it will automatically restart the computer after the Domain Join process is complete. Step 3. Create users (optional) Note: Perform the following on the Active Directory Domain Controller server (AD01) as Administrator Method #1 - Do it manually To create users manually, click on Start and choose Windows Administrative Tools and then select Active Directory Users and Computers. In Active Directory Users and Computers, add new users by expanding <domain name>, select Users and right click, choose New then select User. In the wizard that appears fill in the New Object user details enter the Password details using password P@ssw0rd and click Finish when done Repeat the above process to add remaining users as appropriate for your environment Testuser, used for testing stuff CM_BA, used for building ConfigMgr created images CM_JD, used for joining computers to the domain CM_RS, used for reporting services. CM_CP, used when installing the Configuration Manager Client for Client Push. CM_NAA, (Network Access Account) used during OSD Note: The PowerShell script creates users and makes a user a local admin on the CM01 server. To facilitate the local administrator creation, you'll need to (optionally) manually create a GPO on AD01 called Allow Inbound File and Printer sharing exception which sets Windows Firewall: Allow inbound file and printer sharing exception to Enabled. To Create the GPO on AD01, click the Start menu and choose Windows Administrative Tools, then select Group Policy Management. Expand Group Policy Objects and Right click, choose New and give it a Name: Allow Inbound File and Printer Sharing Exception. In the GPO settings, expand Computer Configuration, Policies, Administrative Templates, then select Network, Network Connections, Windows Firewall and select the Domain Profile. Locate the Windows Firewall: Allow inbound file and printer sharing exception and set it to Enabled. Apply the changes. Here you can see the path to the GPO setting. After creating the GPO, you'll want to limit it to only apply to your ConfigMgr server (or servers). To do that select the Delegation tab of the GPO, and click on Advanced button. Select the Authenticated Users security group and then scroll down to the Apply Group Policy permission and un-tick the Allow security setting. This denies authenticated users from applying this GPO setting Next, click on the Add button, for Select this object type make sure to select Computers from the Object Types and select the group or Computer object that you want to have this policy apply to. Then select the group (e.g. ConfigMgr Servers) and scroll the permission list until you see the Apply group policy option and then tick the Allow permission as shown here. Finally, you need to Link the GPO, to do that, right click on your Domain (in this example it's windowsnoob.lab.local) and select Link an existing GPO and then select the newly created GPO Note: Once the above is completed, please update Group Policy on CM01 using Gpupdate /force prior to running the PowerShell script below. Method #2 - Automate it with PowerShell To create users automatically, use the Create Users Usergroups and OUs in AD.ps1 PowerShell script. Tip: You should edit the script and adjust the variables to your liking, for example if you want to change the default password. You may also want to rem out the MDT and MBAM user/groups that are created and change some of the user names within the script. To rem out a line place a # in front of it. 1. Copy the script to C:\scripts on AD01 2. Edit the variables [lines 79-100] as desired before running. 3. Start Windows PowerShell ISE as Administrator and run the script by clicking on the green triangle. Once the script is complete you can browse Active Directory Users and Groups to see the Users and Groups it created. Step 4. Create the System Management Container Note: Perform the following on the Active Directory Domain Controller server (AD01) as Local Administrator For details of why you are doing this see https://docs.microsoft.com/en-us/sccm/core/plan-design/network/extend-the-active-directory-schema Method #1 - Do it manually Open ADSI Edit, click on Action, then Connect To and click Ok, Double Click on Default Naming Context and the DC= that appears below it. Click on the > and scroll down to CN=System. Right Click on CN=System and choose New, Object choose Container from the options, click Next enter System Management as the value. Click Next and then click Finish. Method #2 - Automate it with PowerShell Note: Perform the following on the Active Directory Domain Controller server (AD01) as Local Administrator To create the System Management container automatically, use the Create System Management container.ps1 PowerShell script. Step 5. Delegate Permission Note: Perform the following on the Active Directory Domain Controller server (AD01) as Local Administrator Method #1 - Do it manually Open Active Directory Users and Computers. Click on view, select Advanced Features. Select the System Management Container under System Right click the System Management container, choose All Tasks and Delegate Control. When the Welcome to Delegation of Control Wizard appears click next, then click Add. click on Object Types, select Computers. Type in your Configuration Manager server name (CM01) and click on Check Names, it should resolve. Click Ok Click Next then select Create a Custom Task to Delegate, click Next, make sure This folder, existing objects in this folder and creation of new objects in this folder is selected. Click next, select the 3 permissions General, Property-Specific and Creation-deletion of specific child objects are selected then place a check mark in Full Control. Tip: Repeat the above process for each site server that you install in a Hierarchy. Method #2 - Automate it with PowerShell To delegate permissions to the System Management container automatically, use the Delegate Permissions.ps1 PowerShell script on AD01. Edit line 24 to point to the ConfigMgr server if you are using a different computer name than CM01. Note: You need to start Windows PowerShell ISE as a user that has Administrative Permissions in AD on the AD01 server. Downloads The scripts used in this guide are available for download here. Unzip to C:\Scripts on both servers. The scripts are placed in the corresponding folder (Part 1, Part 2 etc) and sorted into which server you should run the script on (AD01 or CM01). Scripts.zip Summary Using PowerShell to automate things leaves more time for yourself and it's fun. Please join me in Part 2 of this multi-part guide where you will configure Windows Server 2016 roles and features and then install SQL Server 2017. Continue to Part 2 of this guide > https://www.windows-noob.com/forums/topic/16116-how-can-i-install-system-center-configuration-manager-current-branch-version-1802-on-windows-server-2016-with-sql-server-2017-part-2/
  23. We have been using the guides on this site for over 2 years without issues, but for some reason I can't find a guide that helps me through this issue. We have been deploying Win 10 Enterprise 2016 without issues (Add PC and MAC to SCCM, add new computer to group, boot PC to PXE and done....) We want to deploy Win 10 v1803. Here is what I did; Added the OS to SCCM - Distributed Content Copied the OS Task Sequence for 2016, named it 2019 Edited 2019. The only change the OS to Apply to the 2019 Deployed 2019 to the same groups (Unknown Computers and Deploy Windows 10) PC booted into PXE as expected, but is ONLY presented with the 2019 Task. Task 2016 is gone. If I disable the 2019 Task, the computer is rejected and doesn't boot. Is these something that I"m missing? Why if I copy a Task does it no longer show? Is there a "special" guide to have multiple OS task Sequences presented to the PC?
  24. Hi, I'm in the process of deploying Windows 10 (x64 Enterprise Build 1809) at a customer site using Configuration Manager Current Branch (1806 + Hotfix). Office 365 Click-to-Run is a Tier 1 application that I am installing during deployment of the OS to the endpoint machine. In order to ensure the O365 C2R content is the latest "Semi-Annual Channel" version (client is bound by regulation to patch applications, so testing this with Office) I've setup the following: "Content" for the Application in CM is JUST setup.exe plus XML files for the install. Two XML files for install for two different locations (one of which is on at a low-speed WAN site). Each XML refers to source content in an open share on the Distribution Point servers - one of which is at the low-speed WAN site. Two deployment types in the Application - one for each XML. Setup a Scheduled Task on the Distribution Point servers to update the share (not the Application content) on a regular basis So my plan was then to use a "Requirement" on the application using a custom Global Condition that determines the Active Directory site (created using PowerShell). The idea then being that during deployment, the application installs using the latest available SAC version and administrators don't need to worry about the Application content being updated. And of course, the XML file then tells it to grab the content from the local site, which is highly connected. Works wonderfully well in Software Center in my testing. BUT, doesn't seem to work in OSD Task Sequence ☹️. If I am reading error logs right, it seems as though the PowerShell in the Global Condition is not being allowed to run (even when I set Execution Policy to "Bypass" earlier in the Task Sequence. So, perhaps I am making things more complex than they should be. Simplest thing to do would be to create two separate applications using the same method (i.e. not just two deployment types) and use a Dynamic Variable in the Task Sequence that installs one or the other dependent upon gateway IP. However, throwing it out there for some thoughts on how I could do this using the multiple deployment methods on the single app. Thanks, Matt
×
×
  • Create New...