SCCM

Preventing initiation of available deployments on specific systems with ConfigMgr 2012

by

This week I want to devote a small post to a question that I read on windows-noob.com. The question came to the point whether, or not, it is possible to deploy applications via a task sequence, but only allow administrators to actually run it. This question triggered me to look a bit better into the different Client Settings and then specifically the setting of Install permissions. This setting gives us the possibility to prevent the initiation of available deployments via the Software Center and the Application Catalog on specific systems. So in this post I will show that setting by only allowing administrators to initiate available deployments. Configuration Now lets start with the configuration, which is actually very easy, but like always it’s all about …

Read more

Troubleshooting Windows app package deployment on Windows 8 with ConfigMgr 2012

by

This week I was planning on doing a post about deploying a Windows app package (.appx) on Windows 8, until I saw that Keith Mayer already just posted a Step-by-Step for that. As that post is, from a ConfigMgr perspective, already very complete, I changed, from my original plan, to troubleshooting the deployment of a Windows app package (.appx) on Windows 8. The deployment of a Windows app package (.appx) on Windows 8 requires two specific settings and in this post I will describe those settings and the errors that will appear when these settings are forgotten. Import the root certificate as a Trusted Root Certification Authority The first setting is that the app package has to be signed with a certificate chain that can …

Read more

Quickly catch Active Directory Group Membership changes in ConfigMgr 2012

by

This week my post will be about catching Active Directory Group Membership changes. I choose this subject, because I still see and get questions about how long does it take before a group membership change is active in a collection. The short answer would be, based on default settings, between 1 till 10 minutes. In the rest of this post I will show a longer answer on why it’s like that. The main reasons are that the Delta Discovery and the Incremental Updates are working now. Configuration The most important part to quickly catch Active Directory Group Membership changes, is a good configuration. For that two configurations are very important, the Active Directory Group Discovery and the collection settings. To show how, and how fast, …

Read more

Working with the restart behavior of Applications in ConfigMgr 2012

by

This week I will do a small post about working with the restart behavior of installations in combination with the Application Model in ConfigMgr 2012. In previous versions there was sometimes a need to use a batch file to catch some weird installation return codes. The nice thing about ConfigMgr 2012 is that it gives us a possibility to specify those return codes and to react on it. In the rest of this post I will show in three steps how to configure ConfigMgr 2012 to work with return (restart) codes. Step 1: Return codes The first thing I always do is running the installation of an application a few times and see which return codes it gives me. Based on those experiences I create, …

Read more

Using Client Push Installation on UNTRUSTED FOREST systems with ConfigMgr 2012

by

Last week my post was about using the Client Push Installation on WORKGROUP systems and this week my post will be a sort of follow-up on that. This week my post will be about using the Client Push Installation on UNTRUSTED FOREST systems. The method of last week will also work on UNTRUSTED FOREST systems, but the nice thing about ConfigMgr 2012 is that there are now better options for UNTRUSTED FOREST systems! The systems and domain(s) of the UNTRUSTED FOREST can be discovered AND to make it even better, it is even possible to write information to the Active Directory! Prerequisites Before it is possible to use the Client Push Installation on UNTRUSTED FOREST systems, there are a few things to keep in mind. …

Read more

Using Client Push Installation on WORKGROUP systems with ConfigMgr 2012

by

This week my post will be about using the Client Push Installation on WORKGROUP systems. We all know that a manual installation will work on WORKGROUP systems, but wouldn’t it be easier to just use the Client Push Installation? In my opinion the answer would be, YES! And as long as the WORKGROUP systems are configured the same, the configuration is actually quite easy. Prerequisites Before it is possible to use the Client Push Installation on WORKGROUP systems, there are a few things to keep in mind. The following points are a prerequisite and are not further explained in this post: The FQDN of the Management Point system can be resolved on the WORKGROUP system. The Network Discovery is enabled to find the WORKGROUP systems. …

Read more

Deploying Windows 8 and Customizing the Lock Screen with ConfigMgr 2012

by

This week my post will be about the deployment of Windows 8 and then with a customized lock screen. One of the main complaints about a customized deployment of Windows 8 was that it wasn’t possible to set a customized lock screen without using unsupported methods of “hacking” file permissions and replacing the pictures. This has changed since the cumulative update of November for Windows 8 (see also here). One of the nice adjustments with this cumulative update is that it enables enterprise customers to customize the default lock screen. This setting is introduced as a Group Policy –setting, named Force a specific default lock screen image. In this post I’m not going to use the Group Policy –setting, but only the corresponding registry value …

Read more

Deploying Windows 8 including Optional Windows Features with ConfigMgr 2012

by

This week my post will be about the deployment about the deployment of Windows 8 and then including optional Windows features. I already did a post like this about Windows Server 2012, and the methods are similar, but I’m still getting, and seeing, lots of questions about how it works for Windows 8. So what I really want to show in this post are the different options for deploying Windows 8 including some random Optional Windows Feature(s). The three most used options for this are DISM, Powershell and MDT. Well, actually, to be really correct, there is only one option to install Features in Windows 8 and that’s DISM. Both, Powershell and MDT are just different methods for calling DISM actions. In the rest of …

Read more

An overview of my posts about ConfigMgr 2012 SP1

by

Let’s start my first post, of this new year, with an overview of my latest post about ConfigMgr 2012 Service Pack (SP) 1. Normally I’m not really the kind of person that looks back, but in this case it’s with a reason, as most of my posts where with pre-release versions of SP1. I also tried to sort all my posts per subject, even though sometimes there is some overlap. The following posts are all tested, this week, with the RTM version of SP1 and I can confirm that they are still working: System Center Orchestrator Tweeting the deployment status of a system via Orchestrator and ConfigMgr 2012 Using a Status Filter Rule to delete a collection membership via Orchestrator and ConfigMgr 2012 New and …

Read more

Setting up the Windows Intune Connector with ConfigMgr 2012

by

I thought that my previous post would be my last for this year, but here I’ve got another one! I will still end this year in the cloud, but instead of in Windows Azure it will now be in Windows Intune! The new release. Wave “D”, of Windows Intune in combination with ConfigMgr 2012 SP1 will now allow us to create a connector between these two worlds and in this small post I will show the basic steps for this. Prerequisites Before it’s possible to setup the Windows Intune Connector there are a few prerequisites. Most of them are optional depending on which devices are going to be managed. To name them all: Create a Windows Intune subscription. (Optional) Create a APNs certificate for iOS. …

Read more