From Henk's blog (and sponsors) we wish you all Merry Christmas and a Happy New Year!! Hope you liked all information last year about Microsoft System Center and Windows Intune.
In SCCM 2012 with Service Pack 1 (SP1) with Endpoint Protection (SCEP) it was needed to look in registry when multiple anti-malware policies were active. More about that here: Prepare ConfigMgr client for Sysprep or Master Image. It mentions: The policy name in SCEP will be named "Antimalware policy" by default. All SCEP policies applied can be found in registry: "HKLM\Software\Microsoft\CCM\EPAgent\LastAppliedPolicy"
In SCCM 2012 Release 2 (R2) this isn't needed anymore. This because multiple anti-malware policies are displayed in the SCEP client now. Much better this way isn't it!?
This article describes an anti-malware platform update package for the following clients: - SCCM 2012 R2 Endpoint Protection clients - SCCM 2012 (SP1) Endpoint Protection clients - Forefront Endpoint Protection (FEP) 2010 clients
These packages update Endpoint Protection client services, drivers, and UI components.
Microsoft regularly releases anti-malware platform updates to guarantee consistency in protection, performance, robustness, and usability in a malware landscape that is constantly changing. This update package is dated November 2013.
Last week I did a deployment on a Windows 7 (with offline updates integrated), created in ConfigMgr 2012 SP1. Because of new installation, I want to deploy the image with ConfigMgr 2012 R2. During OS deployment (installing system components) the following error message was seen in mini-setup: Windows could not configure one or more system components. To install Windows, restart the computer and then restart the installation.
After reboot another error message was displayed: The computer restarted unexpectedly or encountered an unexpected error. Windows installation cannot proceed. To install Windows, click "OK" to restart the computer, and then restart the installation.
Lucky me I found the issue reading the following post:
After creating a new image (copy of install.wim from installation media) and importing updates by offline servicing again, everything went fine. Still strange that offline servicing can (sometimes) break your deployment image! Anyone?
Just a reminder to let you know that there's a Xian NM Webinar on Friday December 13th at 10 AM GMT-4/9 AM EST. All participants are eligible to enter our draw and win a FREE Xian Network Manager Bundle that includes 5 standard Network Device licenses plus 100 NetFlow IP address licenses!
Good news! When you are using MDT and/or SCCM/ConfigMgr and want to create driver packages, you can download them for Dell, HP and Lenovo systems. That saves a lot of time, because to need to download every single driver available. Let's have a look at the different methods for companies.
HP takes the next step and provides ready-made driver packages for MDT and SCCM for the business models of notebooks, desktops and workstations. The packages can be obtained via SoftPaq Download Manager (SDM) or from the HP support website. It appears they are primarily for the current generation of products. To get the download manager, navigate to the HP manageability website: www.hp.com/go/easydeploy or directly to www.hp.com/go/sdm
Lenovo has a website available for "Microsoft SCCM and MDT Package Index". This can be used for ThinkCentre systems, ThinkStation systems and ThinkPad systems. Packages provide the device drivers in .inf form for, in order to allow you to deploy Windows images with SCCM by importing the device drivers. These driver packs are also supported with MDT. They can be found here: http://support.lenovo.com/en_US/downloads/detail.page?DocID=HT074984
Really great to see that known vendors has support for MDT and/or SCCM/ConfigMgr now!
Yesterday I want to enroll Windows Intune (integrated in System Center 2012 R2 Configuration Manager) on a Surface 2 Pro (Windows 8.1 Pro) and Surface 2 RT (Windows RT 8.1). Unfortunately you must have certificates for both devices available for doing an enrollment to deploy any custom apps. This must be done in ConfigMgr (because this is my Mobile Device Management Authority) from now on.
For Windows Phone there is a Support Tool for Windows Intune Trial Management of Window Phone 8 available. More about that one in this blogpost. Let's have a look in ConfigMgr now. Within Software Library "Windows RT Sideloading Keys" can be created. These are not available for trial purposes as far as I know?
This is needed for both Windows RT, Windows RT 8.1 and Windows 8.1 which are not domain-joined. When devices are domain-joined (when possible and/or supported) a certificate is not needed. Within Windows Intune Subscription properties an Code-signing certificate (CER or CRT file) is needed to get the job done.
Why Microsoft has choosen for this, while Apple and Google has better (and cheaper) ways? To do this you must supply an Enterprise Agreement (EA) Sideloading key, which can be obtained from your Microsoft Volume Licensing Service Center provider. Pity I can't manage my new Surfaces now! Anyone?
Update 15-1-2014: When looking for a workaround on Windows RT sideloading keys have a look at this blogpost.
Hi, today I get a request if it's possible to exclude a specific software update from an Automatic Deployment Rule. This because functionality was broken between Skydrive Pro and our SharePoint 2010 server. The following update must be excluded which is malefactor on this. Let's do a query on Software Updates first. With Criteria you can search (for example) on Title. My search is on KB2837652. You can see that the update is downloaded and deployed.
Software Update is active
You can choose to use "Edit Membership" and remove the update, but because of Automatic Deployment Rule, the software update will be deployed again after next run. A better way is to change the Automatic Deployment Rule query. Let's have a look on that one. Normally I use values on Product, Required and Superseded here.
Automatic Deployment Rule query
This time I added a new value, named Title. When you add a random name with a "-" before it, it will be excluded from software updates. When you don't use the "-" it will be added to the already chosen updates query. When you start "Run now" on the Automatic Deployment Rule the above configuration will be active.
Software Update is non-active
Great to see that the chosen update is non-active now! I added a title on "Update for Microsoft SkyDrive Pro" and "KB2837652". This time no need to use "Edit Membership" anymore. The update will be ignored from now on! Happy customer :)