Deploy Cloud Disitribution Point in ConfigMgr 1805 TP

Starting with ConfigMgr 1805 tech preview it is possible to use the Azure Resource Manager platform when creating an instance of the cloud distribution point. ARM eliminates the need for management certificates by utilizing Azure Active Directory for authentication. The other major improvement in this iteration of the CDP is that it eliminates the need for a management certificate. This process should be the same for ConfigMgr 1806, if not I will update this blog when 1806 is released. 1.  Pre-requisites a.       You must have Azure AD. b.       Create a public facing CNAME record that maps your service name (ex [...]

By | 2018-06-04T01:27:41+00:00 June 2nd, 2018|Configuration Manager (SCCM)|2 Comments

DeviceMap and Device Inventory Failures in Win7 to Win10 1709 In-Place Upgrades

**UPDATE**  to the  **UPDATE**  **UPDATE** There has been "multiple TONS" of amazing and diligent work done by some extremely talented individuals to not only uncover some extreme deficiencies in the MS update process but more importantly, to help the community to cope, resolve and move forward!  If this blog post is along the lines of anything you are experiencing, please immediately take a moment to read through this blog post by my friend @AdamGrossTX which should answer all your questions and also provide a solution for "what ails you".  Please also take a moment to follow another friend, @SeguraOSD who has developed [...]

Win7 to Win10 In-Place Upgrade Failures w/ DownLevel 0xC1900208 Error Codes

This will be short and sweet as I am not fond of typing nor do I wish to waste your time with wordy explanations. If you require more details, simply reply to this blog and I will do my best to assist. ENVIRONMENT/SCENARIO: The environment is ConfigMgr (CM) 1710 with a slew of Win7 Lenovo models in dire need of Win10 1709 in-place upgrades. Delivery of Win10 1709 is by way of a CM Task Sequence (TS) with no out of ythe ordinary configurations that would be noteworthy. CHALLENGE: I recently ran into a frustrating challenge where my Win7 to [...]

Taking advantage of Run Script in ConfigMgr 1710

As most of you already know, Microsoft has released a new function in ConfigMgr to run scripts directly on computers and/or servers in your environment. With this new function, scripts can be run in real time on a single computer or an entire collection. How cool is that? This was initially released in the 1706 Tech Preview, but since then Microsoft has put a lot of effort into the functionality of the latest builds and have really made it shine! If you’re like me, you might get stuck in the “this is awesome but how do I move forward with [...]

By | 2017-12-20T09:12:22+00:00 December 20th, 2017|Powershell|1 Comment

How to use SCCM SDK in C# with a WQL Query that contains joins

Sometimes you just stop and wonder: how DO you make a WQL query with joins and use it with the SCCM SDK in C#? It's that gnawing thought we all have right? So after spending an hour reading through people saying: "It's NOT supported!" and some people who said it was (without any examples whatsoever), I managed to get a small sample working. So if any of you should come across this challenge (which is of course the most of the world), then here is a code-example on how to do it: It's a small console application that output all [...]

ConfigMgr and Flexera Software CSI (3. Party Patch Management): Install the CSI Plugin

This is a quick and dirty how-to guide as I have a couple of customer who have asked for the same – how to Install the CSI Plugin in order to Connect the Flexera CSI to your ConfigMgr/WSUS/SUP infrastructure where you get the ability to monitor 3rd party vulnerabilities and remediate any threats by patching or removing software. This is a great management tool addon to your WSUS/ConfigMgr infrastructure and is a must for a complete patch management solution. If you are new to Flexera Software CSI I suggest you go to the following links where you can read up [...]

By | 2017-05-14T18:56:16+00:00 May 14th, 2017|Configuration Manager (SCCM)|0 Comments

Default Site-Boundary-Group and boundaries

The purpose of the Default Site-Boundary-Group is to service clients that are not served by any other boundary group (that being local boundary group or neighbor boundary group). However in ConfigMgr 1610 there has been some confusement around the fact that you can add boundaries to the Default Site-Boundary-Group . I’ve been asked a couple of times if we should add all boundaries to the Default Site-Boundary-Group since the group is automatically configured for Site assignment. My take on that is NO, don’t use the Default Site-Boundary-Group as you don’t really control it. You will also notice that you can’t [...]

By | 2017-01-23T13:34:33+00:00 January 23rd, 2017|Configuration Manager (SCCM), General info|3 Comments

The Impact of introducing the Microsoft Enterprise Mobility + Security in the organization

The Impact of introducing the Microsoft Enterprise Mobility + Security in the organization In my work as an advisor and consultant I see organizations adapting to the emerging IT landscape, where user behavior is changing and security risks are increasing. In the midst of this change, I encounter frustrated IT professionals trying to keep up with everything and not having enough time to do so. I encourage my customers to be on top of changes and make sure they stay on top. That message goes beyond IT pros and extends to business owners and managers who can no longer afford [...]

Conditional access with ConfigMgr+Intune and On-Premises Exchange

Conditional Access in either a Cloud-only or Hybrid scenario is a great way to control data by saying we do not allow you to access Corporate Email without enrolling the device to a Corporate MDM solution where Data Protection Policies will be applied. This is in my opinion the best compromise where we let the user be productive where they get the ability to access corporate data on any device, anywhere, where we at the same time have control over the device, forcing security and compliance policies, encrypting data, deploy (LoB) apps and las but not least have the ability [...]

Android OS version not on the requirement list

Managing mobile devices can be different compared to managing traditional computers for many reasons. One of them being the lack of control with operating system versions on the devices. We simply don’t control when Android and iOS devices are being upgraded and as such we don’t control what version users are using. That can be a challenge when you are using requirement rules on your web applications (and other deployment types). In the illustrations below it’s easy to see that we have a bunch of Android 6+ versions and looking at the requirement rules for the web apps you’ll see [...]

Community Web page to help corporate users enroll their devices!

Guidence on how you can enroll your device and gain access to your corporate data and applications: This web page is created by the community for the community to help corporate users to efficiently enroll their devices into an Microsoft Enterprise Mobility Solution. Businesses can use this webpage as an How-To for their users and link it to their existing documentation. The site covers: Microsoft Windows 10 Devices Apple iOS Devices Google Android Devices Visit the page by going clickin here: www.enrollyourdevice.com Also check out the Microsoft EMS Resources App https://www.microsoft.com/store/apps/9nblggh6j3fq and YouTube page https://www.youtube.com/channel/UCbf6dOWcNhRgLHDEXJWqiNw for more information about Microsoft [...]

Upgrade SCCM 1511 to 1602 when Service Connection Point is set to Offline, on-demand

Last week Microsoft announced 1602 for SCCM Current Branch Production Environments: https://blogs.technet.microsoft.com/configmgrteam/2016/03/11/now-available-update-1602-for-system-center-configuration-manager/ Receiving updates to your System Center Configuration Manager Server(s) is today more important than ever in order to have your SCCM environment keep track with Windows 10 and the ever fast paste with Cloud development where new features are added constantly. To make the updates experience of your SCCM solution as smooth as possible Microsoft has introduced dynamic updates for SCCM. This basically means that you will get a notice in your SCCM Administration console that a new update is available for installation. But there is a but, [...]

By | 2016-03-19T22:25:02+00:00 March 19th, 2016|Configuration Manager (SCCM)|7 Comments

OMS/EMS Seminar March 2016: Enterprise Mobility Suite Session Notes and slides

Hi First and foremost, thanks to all attendees for a great day on Wednesday. Lots of great questions and discussions and to all of you who is wondering what happened to my girlfriend’s phone – well I had to un-enroll it the morning after!  For those of you who are waiting for the EMS-book that Kent is writing together with Peter Daalmans, it is not to long until it is published so stay tuned! I will update this blog post with link to the book when it is out.. Download the slide deck: EMS Microsoft EMS Resources app is free and [...]

Silent install Java 8 Update 71 and 72 with SCCM

In my last post about silent / unattended installation of Java 8 Update 66, we followed the new guidelines for how to install Java 8 silently by Oracle. The problem with that method is that it works when you try to run your script locally with administrator privileges it will work fine, but when you run the same script through SCCM / Configuration Manager, it will fail. And just to confuse you even more, it will only fail for the 32-bit version of java, not the 64-bit, even though you use the exact same method. This problem have been reported [...]

December 11: Microsoft Enterprise Mobility Suite (EMS) Resources at your fingertips

I know it's a pompous title, but that still the idea behind what I want to show next. As an IT-Pro I am used to staying up to date on the latest technology that I am working with. And with On-premises solutions like traditional ConfigMgr implementations, staying up to date is not too hard with a little bit of effort since new features and updates are not added daily as opposed to what is going on in the Cloud. Now for some time now I have been working with Cloud services like Microsoft Intune and eventually EMS after the suite [...]

System Center Configuration Manager 1511 – Dynamic updates

Looking at the life of an IT Pro today, people like you and me are being challenged like never before. Long gone are the days where we only focused on traditional desktop management, today we are also challenged with managing mobile devices, like iOS, Android, Windows Phones and tablets. MAC OS 10, traditional desktops, road worriers, cloud services, SLA and visualization demands from from management and the list just goes on and on. In the middle of everything, right there in the eye of the Tornado is You....often trying to put out fires instead of spending time on being more [...]

By | 2015-12-09T13:59:19+00:00 December 9th, 2015|Configuration Manager (SCCM)|9 Comments

When Power BI met the SCCM Community

SCCM Community meet Power BI – Power BI meet the SCCM Community… This blog post is the part 1 of 2 blog posts – and as you can see it’s all about introductions. Power BI is not a “new” thing, it’s been around for some time but is really just now starting to take off. (https://powerbi.microsoft.com/en-us/) So what is Power BI? It’s a new online service for us to get insight of our SCCM data, and for us to further display data internally or to others. Previous versions was a coop between Power BI and Office 365, but now we [...]

By | 2015-12-03T23:06:28+00:00 December 3rd, 2015|Configuration Manager (SCCM), Office 365|1 Comment

December 2nd: Part 2: Uninstall Java (or any other software) with ConfigMgr Compliance Baselines

It's December 2nd and Christmas is just around the corner! Yesterday Jakob kicked off the Coretech December Calendar with a great post about "Triggering a webhook from a SharePoint workflow using Out-of-the-box Activities" (Check out his blog post here: http://bit.ly/1N16fte).  That was the  first, this is the second post in the Coretech blog series that will continue until December 24th - Christmas Eve! :) In Part 1 (http://bit.ly/1PlnDPr) I explained how you can utilize ConfigMgr Compliance Baselines for uninstalling software like Java, Adobe etc. with the help of PowerShell and WMI. Well in Part 1 we used the Win32_Product class which is not recommended [...]

Part 1: Uninstall Java (or any other software) with ConfigMgr Compliance Baselines

Compliance Items and Compliance Baselines in ConfigMgr is so powerful! And with some PowerShell magic you can almost use it to do anything you like on a Windows based computer – Only your imagination that will be the showstopper! Here I will show how you can uninstall software using WMI and Compliance Items in SCCM. However, it is important that you read the following articles as the uninstallation process uses win32_product WMI class which is known for its evilness. Thanks to Kaido, Jürg and Torsten for pointing this one out. A updated post as been created using a better and more [...]

Microsoft EMS News App for Windows 10 and Windows Phone 10

Update: The app has now changed name and is published to the Microsoft store under the name Microsoft EMS Resources An updated blog post is published here: https://blog.ctglobalservices.com/mas/december-11-microsoft-enterprise-mobility-suite-ems-resources-at-your-fingertips/ As an IT-Pro I am used to staying up to date on the latest technology that I am working with. And with On-premises solutions like traditional ConfigMgr implementations, staying up to to date is not too hard with a little bit of effort since new features and updates are not added daily as opposed to what is going on in the Cloud. The cloud is evolving so fast with new features and services added daily [...]

By | 2015-11-11T20:20:28+00:00 November 11th, 2015|Azure, Enterprise Mobility Suite (EMS), Office 365|6 Comments

Troubleshooting: An error occurred when creating the WSUS Signing Certificate (Secunia)

Lately I have been doing some Secunia integrations with System Center 2012 R2: Configuration Manager (SCCM/ConfigMgr 2012). When you are setting up the connector between Secunia CSI and WSUS one of the first things the wizard is asking you to do is to Configure a WSUS Self-Signed Certificate, the WSUS signing certificate is required to create and install local packages. Without it, only packages from Microsoft Update will be installed. How-ever this time I got this error when trying to 'Automatically create and install certificate'  during the Connector Wizard: An error occurred when creating the WSUS Signing Certificate Now this [...]

By | 2015-10-20T20:14:46+00:00 October 20th, 2015|Configuration Manager (SCCM), Security|1 Comment

How to: Create custom SQL- based Reports in System Center 2012 R2: Configuration Manager

A customer asked me  for a “how-to” on how to Create reports in SCCM 2012, so why not share with everyone. This post is not intended to show how to write or design queries, but show you have to create  a report based on a SQL query you might already have. Even-though we are skipping how to write SQL Queries for know, this post is still going to be a bit long. Time for that cup of coffee! First some requirements: You need to have an SQL Server instance for SCCM with SQL Reporting Services running You need to have [...]

Deploying Office 2016 with SCCM 2012

Follow this simple guide to get your Office 2016 deployment up and running with SCCM 2012 R2 First we need to download the Office 2016 Deployment Tool from Microsoft You can find it here Run the tool and install it to a location of your liking, I choose e:\temp\Office 2016 When you look in that folder you'll find a setup.exe and a sample configuration file. Download the content In order to download the Office 2016 installation files, we first need to create a download file So fire up your favorite text editor and enter the following [crayon-5ba2acaf0be8d142172712/] Save it with [...]

By | 2015-09-29T23:52:47+00:00 September 29th, 2015|Configuration Manager (SCCM)|21 Comments

Wsyncmgr.log: The request failed with HTTP status 503

Kent have blogged about WSUS maintenance before – its important so that we don’t hit problems like the one I’m about to share with you, so make sure you do something about it – Link. “The request failed with HTTP status 503: Status Unavailable” in this case the source is a stored procedure running (Microsoft.UpdateServices.Internal.ApiRemoting.ExecuteSPGetUpdatesThatSupersedeUpdate). The wsyncmgr.log snippet above is an example of the WSUS sync failing because the IIS Application Pool had stopped. The reason for it stopping is that the amount of private memory allowed to the application pool had hit the roof, and when that happens the [...]

By | 2015-03-31T07:57:21+00:00 March 31st, 2015|Configuration Manager (SCCM)|0 Comments