Weird but true: Permissions required to use Edit Primary Users / Devices in ConfigMgr 2012

by

The idea of this blog post is identical to my blog post about the permissions required to use Resultant Client Settings that I did a couple of weeks ago. I’m also thinking about making this something recurring, as I noticed that the role based administration model sometimes reacts a bit different then, at least, I would expect. For those following me on Twitter, this blog post will be an extended version of a tweet I posted last week. This blog post will explain a bit more about the situation, as that was a  bit hard in a tweet of 140 characters. Also, this blog is a lot easier to find for future references. Introduction In this blog post I’ll explain what permissions are required to …

Read more

Set the allowed Management Points via a Configuration Item in ConfigMgr 2012

by

This blog post will be about a new functionality that got introduced in Cumulative Update 3. This is the ability to configure a Management Point (MP) affinity on a client. Justin Chalfant wrote a nice post about this functionality. That post describes the functionality in detail and also shows how it can be configured. The only thing left open is an automated method to configure the MP affinity. This post will fill that small gap by providing a Configuration Item (CI) that contains the scripts to configure the MP affinity. Configuration Item Now let’s start with the details about the CI. Personally I really like this CI, as it’s created in such a way that it doesn’t need any script modifications any more. The discovery …

Read more

What is CMHttpsReadiness.exe?

by

This time I’ve got a short post about another executable that I’ve found very useful. It’s CMHttpsReadiness.exe, which belongs to the Configuration Manager HTTPS Readiness Assessment Tool. This tool can be used to check the ConfigMgr clients if they are ready for a switch to HTTPS communication. Basically, it simply checks the certificate requirements on a ConfigMgr client device. To be honest this tool even already existed in ConfigMgr 2007, but in those times the executable was named SCCMNativeModeReadiness.exe. As this tool hasn’t been mentioned a lot, I thought it would be worth a short blog post. Usage This tool is installed during the ConfigMgr client installation and can also be found in the ConfigMgr client installation directory. It can simply be started via the …

Read more

Local Group Policies for WSUS and the Software Update Agent of ConfigMgr 2012

by

This blog post will describe a scenario that I ran into this week. Also, to be honest, I wasn’t aware of this exact behavior and, until this moment, I haven’t been able to find any documentation that describes this behavior. Scenario The scenario is that the customer wants to have the ConfigMgr client deployed on their server environment. This server environment is currently patched by using different methods and one of them is WSUS. So far, nothing weird, but the servers patched by WSUS are configured via local group policies. Behavior I think that by now everybody knows that the ConfigMgr client uses the local group policy Specify intranet Microsoft update service location to point to the WSUS server of the ConfigMgr environment, if, of …

Read more

Different methods to set the User Device Affinity for usage during and after a task sequence in ConfigMgr 2012

by

Last week I’ve got a question about setting the User Device Affinity (UDA) during the task sequence. Well, actually the question was more about the easiest way to do this. I didn’t have a direct answer, as it’s of course also a relative question. The easiest way can be different depending on the current configuration. In this post I will go through three methods that can be used to set the UDA, so it can be used during and after the task sequence. For usage during the task sequence, think about something like installing user-targeted applications during the task sequence and for usage after the task sequence, think about the pre-deploy software to the user’s primary device option. Before using the first, or the second …

Read more

Weird but true: Permissions required to use Resultant Client Settings in ConfigMgr 2012

by

For those following me on Twitter, this blog post will be an extended version of a tweet I posted last week. This blog post will explain a bit more about the situation, as that was a  bit hard in a tweet of 140 characters. Also, this blog is a lot easier to find for future references. Introduction In this blog post I’ll explain what permissions are required to use the Resultant Client Settings feature that’s new since ConfigMgr 2012 R2. This feature can be used to view the calculated resultant client settings. This can be really useful when multiple client settings have been deployed to the same device, user, or user group, as the prioritization and combination of settings can be complex. Keep in mind …

Read more

Who deleted that deployment?

by

This blog post will be a short follow-up post on my previous blog post about Who created that deployment?. This post will answer the, in most cases, less important question about who deleted that deployment. Just like the information about the creation of a deployment, the information about the deletion of a deployment is also stored in the database. Use the same buildin report named All messages for a specific message ID to track the deleted deployment. Again, the only missing detail is that it’s not clear which Message ID belongs to which action. The following table provides an overview with exactly that information. It will show per object type which Message ID belongs to the deletion of a(n) deployment/ assignment. Object Status Message Message …

Read more

Who created that deployment?

by

This blog post will be a short post about a question I often get when there was an accidental deployment and nobody dares to admit that he (or she) was responsible. The nice thing, at least for the colleagues and the manager, is that all this information is stored in the database and that it’s actually pretty simple to check. There is a buildin report named All messages for a specific message ID that can be used to track the created deployment. The only missing detail is that it’s not clear which Message ID belongs to which action. The following table provides an overview with exactly that information. It will show per object type which Message ID belongs to the creation of a(n) deployment/ assignment. …

Read more

Get the folder location of an object in ConfigMgr 2012 via PowerShell

by

This blog post will be about a question that I recently got with a big enterprise customer. They use many folders throughout the console to store their different objects and are able to find these objects by using the search option in the console. One thing the console doesn’t show, with the search results, is the folder location of the specific object. That folder location would make life a lot easier when adding packages to a task sequence. Luckily, I already created once a small PowerShell function that does exactly that. It outputs the folder location of an object. This blog post will explain that PowerShell function and shows the required input per object type. >> The complete function is available via download here on …

Read more

Divide a collection into multiple smaller collections in ConfigMgr 2012 via PowerShell

by

This blog post will be about a question that I recently read on a forum and also already got a couple of times with different customers. That question is if it’s possible to simply create multiple smaller collections of one specific collection. This can be useful when a specific deployment has to be deployed in smaller groups then normally. Also, there are already a couple solution available in the community, like the SCCM Collection Splitter by Mickael Ponsot and the Planning an upgrade of an application  by Jörgen Nilsson, but as always, not every solution fits every customer. In my case(s) these solution didn’t fit, as it shouldn’t have to much options and it shouldn’t rely on static properties. That’s why I created a simple …

Read more