Tuesday, December 24, 2013

Merry Christmas and a Happy New Year

From Henk's blog (and sponsors) we wish you all Merry Christmas and a Happy New Year!! Hope you liked all information last year about Microsoft System Center and Windows Intune.



Expect more to come in 2014 again!

Wednesday, December 18, 2013

Multiple anti-malware policies visible in Endpoint Protection 2012 R2

In SCCM 2012 with Service Pack 1 (SP1) with Endpoint Protection (SCEP) it was needed to look in registry when multiple anti-malware policies were active. More about that here: Prepare ConfigMgr client for Sysprep or Master Image.
It mentions: The policy name in SCEP will be named "Antimalware policy" by default. All SCEP policies applied can be found in registry: "HKLM\Software\Microsoft\CCM\EPAgent\LastAppliedPolicy"

In SCCM 2012 Release 2 (R2) this isn't needed anymore. This because multiple anti-malware policies are displayed in the SCEP client now. Much better this way isn't it!?

Tuesday, December 17, 2013

Anti-malware platform update for Endpoint Protection clients

As you can see a new Endpoint Protection (SCEP) update is available for System Center (SCCM) 2012 R2 installations. This is the third update available for SCCM 2012 R2 till now. In this blogpost an overview of all R2 hotfixes.
1) An update is available for the "Operating System Deployment" feature of System Center 2012 R2 Configuration Manager
2) Per-computer variables for imported computers are not read in System Center 2012 R2 Configuration Manager
3) November 2013 anti-malware platform update for Endpoint Protection clients

This article describes an anti-malware platform update package for the following clients:
- SCCM 2012 R2 Endpoint Protection clients
- SCCM 2012 (SP1) Endpoint Protection clients
- Forefront Endpoint Protection (FEP) 2010 clients

These packages update Endpoint Protection client services, drivers, and UI components.

Microsoft regularly releases anti-malware platform updates to guarantee consistency in protection, performance, robustness, and usability in a malware landscape that is constantly changing. This update package is dated November 2013.

You can download the Hotfix here: Microsoft Support

Thursday, December 12, 2013

SCCM 2012 SP1 Offline Servicing - Failed to install update

Last week I did a deployment on a Windows 7 (with offline updates integrated), created in ConfigMgr 2012 SP1. Because of new installation, I want to deploy the image with ConfigMgr 2012 R2. During OS deployment (installing system components) the following error message was seen in mini-setup: Windows could not configure one or more system components. To install Windows, restart the computer and then restart the installation.
After reboot another error message was displayed: The computer restarted unexpectedly or encountered an unexpected error. Windows installation cannot proceed. To install Windows, click "OK" to restart the computer, and then restart the installation.

Lucky me I found the issue reading the following post:

SCCM 2012 SP1 Offline Servicing - Failed to install update
It mentions: I have seen this, best I can tell, whenever offline servicing fails, you end up with a corrupted image and get the errors above.  Only solution I found is, use the bak WIM file that the offline servicing process to rollback.  Then you can retry offline servicing until it finally works without errors.  Then your WIM should work again.

After creating a new image (copy of install.wim from installation media) and importing updates by offline servicing again, everything went fine. Still strange that offline servicing can (sometimes) break your deployment image! Anyone?

Wednesday, December 11, 2013

Reminder: Xian NM Webinar

Sponsor post

Just a  reminder to let you know that there's a Xian NM Webinar on Friday December 13th at 10 AM GMT-4/9 AM EST. All participants are eligible to enter our draw and win a FREE Xian Network Manager Bundle that includes 5 standard Network Device licenses plus 100 NetFlow IP address licenses!

Topics to be covered:

  • Architecture
  • SNMP monitoring
    • Discovering a device
    • Applying rules and policy templates
  • Netflow monitoring
    • Adding a source
    • Creating a filter
    • Creating a rule
  • OpsMgr
    • Events
    • Alerts
    • Performance graphs
    • Reports
    • UI integration

Monday, December 9, 2013

Download Driver packages for Dell, HP and Lenovo systems

Good news! When you are using MDT and/or SCCM/ConfigMgr and want to create driver packages, you can download them for Dell, HP and Lenovo systems. That saves a lot of time, because to need to download every single driver available. Let's have a look at the different methods for companies.

Dell has a website available for Driver CAB files for Enterprise Client OS Deployment. This can be used for WinPE (5.0 also!), XPS systems, Venue systems, Latitude systems, Optiplex systems and Precision systems. There are also combo packs available. They can be found here: http://en.community.dell.com/techcenter/enterprise-client/w/wiki/2065.dell-driver-cab-files-for-enterprise-client-os-deployment.aspx
Just use "Dell Client Integration Pack" to import Driver CAB files in a easy way: http://en.community.dell.com/techcenter/os-applications/w/wiki/2565.dell-client-integration-pack.aspx

HP takes the next step and provides ready-made driver packages for MDT and SCCM for the business models of notebooks, desktops and workstations. The packages can be obtained via SoftPaq Download Manager (SDM) or from the HP support website. It appears they are primarily for the current generation of products. To get the download manager, navigate to the HP manageability website: www.hp.com/go/easydeploy or directly to www.hp.com/go/sdm

Lenovo has a website available for "Microsoft SCCM and MDT Package Index". This can be used for ThinkCentre systems, ThinkStation systems and ThinkPad systems. Packages provide the device drivers in .inf form for, in order to allow you to deploy Windows images with SCCM by importing the device drivers. These driver packs are also supported with MDT. They can be found here: http://support.lenovo.com/en_US/downloads/detail.page?DocID=HT074984

Really great to see that known vendors has support for MDT and/or SCCM/ConfigMgr now!

Update: HP Client Integration Kit for ConfigMgr 2012 R2

Thursday, December 5, 2013

Manage Windows (RT) 8.1 devices in Windows Intune

Yesterday I want to enroll Windows Intune (integrated in System Center 2012 R2 Configuration Manager) on a Surface 2 Pro (Windows 8.1 Pro) and Surface 2 RT (Windows RT 8.1). Unfortunately you must have certificates for both devices available for doing an enrollment to deploy any custom apps. This must be done in ConfigMgr (because this is my Mobile Device Management Authority) from now on.

For Windows Phone there is a Support Tool for Windows Intune Trial Management of Window Phone 8 available. More about that one in this blogpost. Let's have a look in ConfigMgr now. Within Software Library "Windows RT Sideloading Keys" can be created. These are not available for trial purposes as far as I know?
This is needed for both Windows RT, Windows RT 8.1 and Windows 8.1 which are not domain-joined. When devices are domain-joined (when possible and/or supported) a certificate is not needed. Within Windows Intune Subscription properties an Code-signing certificate (CER or CRT file) is needed to get the job done.

Why Microsoft has choosen for this, while Apple and Google has better (and cheaper) ways? To do this you must supply an Enterprise Agreement (EA) Sideloading key, which can be obtained from your Microsoft Volume Licensing Service Center provider. Pity I can't manage my new Surfaces now! Anyone?

Update 15-1-2014: When looking for a workaround on Windows RT sideloading keys have a look at this blogpost.

Monday, December 2, 2013

Exclude software updates from Automatic Deployment Rule

Hi, today I get a request if it's possible to exclude a specific software update from an Automatic Deployment Rule. This because functionality was broken between Skydrive Pro and our SharePoint 2010 server. The following update must be excluded which is malefactor on this. Let's do a query on Software Updates first. With Criteria you can search (for example) on Title. My search is on KB2837652. You can see that the update is downloaded and deployed.
Software Update is active

You can choose to use "Edit Membership" and remove the update, but because of Automatic Deployment Rule, the software update will be deployed again after next run. A better way is to change the Automatic Deployment Rule query. Let's have a look on that one. Normally I use values on Product, Required and Superseded here. 
Automatic Deployment Rule query

This time I added a new value, named Title. When you add a random name with a "-" before it, it will be excluded from software updates. When you don't use the "-" it will be added to the already chosen updates query. When you start "Run now" on the Automatic Deployment Rule the above configuration will be active.
Software Update is non-active

Great to see that the chosen update is non-active now! I added a title on "Update for Microsoft SkyDrive Pro" and "KB2837652". This time no need to use "Edit Membership" anymore. The update will be ignored from now on! Happy customer :)