System Center Configuration Manager Toolkit Package Download Very Slow

Recently I built a new ConfigMgr/SCCM environment for a customer. I installed the Microsoft Deployment Toolkit and created an MDT integrated task sequence in SCCM. The deployment task sequence that I created was very slow, it took at least a couple of hours to load. I noticed that the toolkit package was taking approximately 30 minutes to download. The site server was running Symantec antivirus and I had not yet configured any antivirus exclusions. This was a simple sign server environment therefore I add the exclusions listed in this article on the site server. In a more complex environment the [...]

A couple of nice little OSD tweaks in ConfigMgr 1702

ConfigMgr 1702 have a wealth of new features and client management improvements. This one might not be the reason you upgrade, but it’s still nice and worth a blog post. With 1702 you can customize your task sequence information and control what’s being displayed to the end-user. in this example you should notice a few changed in software center. Looking at my Upgrade task sequence, I now have information about download time/size and restart. when I start the task sequence, I have interesting information from my IT department telling me why the company is upgrading to Windows 10 All of [...]

Unlock BitLocker Encrypted Drive From WinPE the Secure Way!

I have seen several blog posts on how to unlock a BitLocker encrypted drive from Windows PE, using the recovery password stored in the Microsoft Bitlocker Administration and Monitoring (MBAM) SQL Server database. What's the problem with these solutions? All of these have one thing in common: they query the SQL database directly, requires changing SQL Server configuration and granting access to the database directly. Why is this a problem? Well, in my opinion this is a bad design approach, as the core purpose of implementing BitLocker volume encryption and MBAM is to secure our data from being compromised. By [...]

By | 2016-10-12T08:49:13+00:00 October 12th, 2016|Configuration Manager (SCCM), OS Deployment, Security|7 Comments

Notes from the field: Deploying Windows 7

I never thought that I would write a blog post about deploying Windows 7 x64 in UEFI mode and TPM 2.0 in 2016. However, I understand that bigger enterprises aren’t 100% ready to deploy Windows 10 but you should definitely have a plan for that. In this blog post I will point out some of the key things regarding Windows 7 SP1 x64, UEFI and TPM 2.0 and maybe this will be helpful for others as well. My experience is with HP models, like the EliteBook 820 G3 / 840 G3 and HP Probook 640 G3 / 650 G3.   [...]

By | 2017-08-22T10:29:05+00:00 August 15th, 2016|OS Deployment, Windows Client|3 Comments

Win PE Peer caching in ConfigMgr Current Branch

There are so many reasons for migrating your environment to ConfigMgr CB (current branch), one of them being the new content management feature – Win PE Peer caching. To me it’s important to understand what the feature is bringing to the table, and what it is not. Win PE Peer caching is introduced to save bandwidth by sharing content already present on your local network. Those who are familiar with the ConfigMgr ecosystem, know that solutions to support that has been around for years. Solutions like OneSite from Adaptiva, Nomad from 1E and custom BrancheCache from 2Pintsoftware. This blog post [...]

DHCP Guide

This document describes common scenarios for implementing DHCP in relation to PXE boot with particular focus on Configuration Manager. Assumptions and audience Audience must familiar with basic IP networking principles. The background In order for a client to perform a PXE boot, there must be a DHCP service available, this is not required to be a Microsoft DHCP service. Any DHCP server is good. The following diagram shows a typical network setup In this case the client and the server is on the same network, which is the simplest setup you will come across, normally the setup will be more [...]

How to create Mac OS X OSD resources with Parallels for ConfigMgr

For those already using Parallels Mac Management for SCCM here’s a little guide for creating the boot image and netrestore image. Boot Image Build and start a clean Mac with latest OS X version. Login with the admin user and create the following folders in Documents: Boot SSHKeys Open the Terminal application. Navigate to the SSHKeys folder. Example: “cd /Users/%accountname%/Documents/SSHKeys/” Run the following command: [crayon-59c5283b6bb1c706607212/] When asked about filename just enter id_rsa. When asked about a passphrase just press enter for default selection which is blank. In the SSHKeys folder there should now be two files located: id_rsa In [...]

By | 2015-12-22T13:29:08+00:00 December 22nd, 2015|Configuration Manager (SCCM), OS Deployment|0 Comments

Managing Mac OS X devices with ConfigMgr and Parallels

Xmas is not far away now, but before we hit that one special holiday during the year I want to throw one more blog out into cyberspace. Managing those Mac OS X devices once and for all! ConfigMgr 2012 started out with a proposed solution to how we could start managing those silver things from the Apple company, it just wasnt quite as easy as we would like it to be. We needed all kinds of special little configs and tweaks to be made and on top of it we needed to bring in the PKI infrastructure with a transition [...]

By | 2015-12-22T13:03:39+00:00 December 22nd, 2015|Configuration Manager (SCCM), OS Deployment|0 Comments

Add the “Trigger Setup Rollback” Step in Windows vNext (Windows 10) Upgrade Task Sequence for proper status monitoring

With the announcement of Windows 10 Microsoft released a pre-created Task Sequence for an in-place-upgrade scenario with all the necessary steps it takes to upgrade from Windows 7, 8 or 8.1. For more information and the task sequence itself go to the System Center Team blog here: The task sequence after imported into SCCM: Now, the task sequence comes 100 % out-of-the-box, but if you want to monitor Roll Back Scenarios then you have to add a simple step at the end of the sequence named Trigger Rollback. To do this simply create create the step under the Rollback [...]

Links and tools from our Ignite Instructor lab – Upgrading to Windows 10 using ConfigMgr 2012 R2

Thanks all for attending the Instructor led lab @Ignite – All three Vikings had a great time on stage – thanks for turning the ILL into a very interactive breakout session :-)   Download the labfiles, scripts and instructions from the lab - Download ConfigMgr Technical preview - Driver Import script -

Windows 10 Preview Start Menu not working in build 9926

A quick fix to the StartMenu issue in Windows 10 Technical Preview Build 9926 During deployment of your Windows 10 image, you can fix this issue by prepping the default user profile, so that all users logging on to the device will benefit from the fix. In the registry key HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced Create a REG_DWORD with the name EnableXamlStartMenu Set the value to 0 (zero) Or simply use this command to do it during a Task Sequence reg.exe add hku\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v EnableXamlStartMenu /t REG_DWORD /d 0 /f

SMSTS.log Size and History is Reset During Refresh Scenarios

If you have changed the default values for LogMaxSize and LogMaxHistory in your SMSTS.ini in your boot media, some of you might have experienced that these values gets reset to their default values (1000000 and 1) during a refresh scenario. This causes us to loose build history and makes troubleshooting quite difficult as logs are incomplete. Well, our friends over at E1 have created a nifty little tool that you can use to overcome this issue. The tool will change the following variables that controls the log behavior, these are normally read-only and can not be changed the way we [...]

Activate local Admin account – or why you need BitLocker!

While this is not a newly discovered hack, I feel that we can not stress the importance of using Bitlocker to encrypt our hard drives. If you like me encounter customers that still runs their computers unencrypted, and don’t see the need for encryption. just use the following guide to show them how easy it is to activate the local administrator account and reset its password. Step 1 Show the customer that the local administrator account is disabled. (or that you don’t know the password). Step 2 Boot from any bootable media, such as the original installation media, Ultimate Boot [...]

By | 2014-09-26T14:32:36+00:00 September 26th, 2014|Operating Systems, OS Deployment, Security|8 Comments

Deploying Windows 8 with MBAM Used-Space-Only Encryption

Windows 8 comes with the option to pre-provision the disk for use with BitLocker, allowing only the used-space to be encrypted, thus reducing the encryption time a lot. Problem occur when enterprises want to use the Microsoft Bitlocker Administration and Monitoring (MBAM) toolkit from the Microsoft Desktop Optimization Pack (MDOP) to store BitLocker recovery keys, and track compliance. MBAM 2.0 sp1 does not support used-space encryption as per the release notes, forcing enterprises to either drop MBAM or perform full encryption of the disk, which can be a time consuming task depending on disk size and CPU performance. After spending [...]

By | 2014-03-11T15:35:38+00:00 March 11th, 2014|OS Deployment, Security, Windows Client|14 Comments

Coretech HTA

The main idea with this HTA is to assist small and medium sized organizations with an easy way to implement a custom OSD solution without having any developer or HTML skills. The HTA solutions can be used when booting directly into WinPE and to prestage computers. Why; You might ask, Why, do Coretech create this tool instead of using the built-in tools in Configuration Manager or using the UDI wizard in Microsoft Deployment Toolkit?  The answer is straight forward. We often run into customers who do not have the knowledge it takes to build custom solutions or use the UDI [...]

Auto activate Trusted Platform Module on Fujitsu computers using DeskView and MDT/SCCM

Recently I have been working on a way to auto activate the TPM chip on Fujitsu computers during the Operating System Deployment. Until recently, this has been limited to customers that have purchased DeskView advanced client from Fujitsu. Now, it is possible to work around this issue, and the way I have done it before is to use manage-bde.exe to activate TPM and BiosSet.exe to set a BIOS-password. However, using the manufacture own software to do everything is always considered best practice and with a script it is now possible. First the challenge: When using DeskView to activate TPM you [...]

By | 2017-08-22T10:35:41+00:00 January 27th, 2014|Configuration Manager (SCCM), OS Deployment|2 Comments

Automate importing and creating driver packages in SCCM 2012 R2

  I take that you are familiar with drivers and manually creating driver categories and driver packages in Configuration Manager. Here I will show you how you can optimize the process by running a very need little PowerShell script called ImportDrivers.ps1 (main developer is Claus Codam). There are a few prerequisites that needs to be in place before the script will work. Driver source has to be 3 levels deep like this example (Make\Model\OS). The driver source is where you store the original driver packages from the vendor. You need to create a Driver packages folder (where ConfigMgr will import [...]

Deploy Windows 8 Enterprise x86 on a UEFI x86 device using SCCM 2012 SP1

New Toys For The Boys Don’t we all love new toys, especially the ones that require an occasional recharge. The latest thing I got my hands on is the Lenovo Tablet 2, a very nice 10” tablet thing, with a couple of nice add-ons, like a docking  station, Bluetooth keyboard and a pen like stylus. But what I really like about it is that it runs a full version of Windows 8 x86, which means that I can deploy its OS over and over again   So I fired up my SCCM Console to do exactly that … The Drivers [...]

Post SCCM 2012 SP1 – failure to update boot images

*** UPDATE *** This also works if you are unable to rebuild your boot images after upgrading to Windows 10 ADK (the final version) I did a customer SP1 upgrade during the weekend, the process ran successfully according to the Setup UI, but when I later tried to update the boot images I received the following error: Failed to insert OSD binaries into the WIM file Another symptom of this problem is that when you open the properties for the boot images, the pane Optional components will show no items in either of the lists. And finally you may also [...]

By | 2013-01-14T22:16:07+00:00 January 14th, 2013|Configuration Manager (SCCM), OS Deployment|6 Comments

Eject CD script, quarantined by FEP! PowerShell to the rescue!

I guess everyone knows that you can’t enable BitLocker on a machine from a Task Sequence if there is a CD in the CD drive… The workaround is quit simple, just run a script to eject the cd drive before running the “enable BitLocker” step. Well the other day this script, a vbs, I use, was removed by Forefront.. I guess the heuristic scan evaluated the content of the script to be unsafe, and quarantined it.. This is obviously not good, as it’s needed by the task sequence… So I thought, maybe there is a way to eject the CD [...]

By | 2012-03-22T12:25:53+00:00 March 22nd, 2012|General info, OS Deployment, Powershell, Security|3 Comments