SCCM

Allowing access to Cloud Distribution Points for specific systems with ConfigMgr 2012

by

To end this year in the cloud, I would like to devote this weeks post to allowing systems access to cloud distribution points. A bit more then two months ago I already did a post about creating a cloud distribution point, but until now I’ve never posted anything about the client configuration. By default, a system is not allowed access to cloud distribution points. Prerequisites Before it’s even useful to allow a system access to a cloud distribution point, the system needs to be able to resolve the name of the cloud distribution point. There are two ways to achieve this: The proper way – Create a public CNAME –record to map the service name, provided with the certificate for the cloud service, to the …

Read more

Tweeting the deployment status of a system via Orchestrator and ConfigMgr 2012

by

Only a few days before Christmas I thought it would be fun to just create something extra cool for this weeks blog post. I thought about something that would be different, but also useful in some way. So I started thinking about how I would like to get my deployment status messages, as I like to start my deployments without checking them al the time, and I came to Twitter. I’ve got my tweets everywhere, on my phone, my tablet, my laptop, etc. So wouldn’t it be cool to get the deployment status messages on twitter? Prerequisites Now I decided that I want to show how to tweet the deployment status of a task sequence, there are two methods to do that and I will …

Read more

Preventing user-targeted applications and policies on specific systems with ConfigMgr 2012

by

This week I want to devote a small post to something very nice and, in some situations, very easy. Think about a situation where, in general, applications are user-targeted and only a few exceptions are system-targeted. Usually these targeted systems are then used specifically for that application. So these systems shouldn’t get all the applications (and settings) of every user that logs on, as it might screw-up the specific application. The nice thing is that ConfigMgr 2012, and especially SP1, has a solution for this! The solution is the new setting Enable user policy on clients. Configuration Now lets start with the configuration, which is actually very easy. Like always it’s all about knowing that the possibility exists. This is another new Client Setting in …

Read more

Using a Status Filter Rule to delete a collection membership via Orchestrator and ConfigMgr 2012

by

The last couple of weeks I’ve done some posts about using Orchestrator in combination with ConfigMgr 2012. This week I’ve got another one and it’s also another method to invoke a runbook. Until now I’ve used, either Runbook Commander to create right-click actions, or the Execute Runbook –step from MDT 2012 to start an action during a task sequence. This week I’m going to use SCOJobRunner – Command Line Utility, by Robert Hearn, to invoke a runbook as an action for a Status Filter Rule. SCOJobRunner can be used to, either invoke a runbook, or get the parameters of a runbook. For a good informational post about SCOJobRunner take a look at this post of Robert Hearn himself. Prerequisites In this post I want to …

Read more

New and Improved: Pre-provision user applications during OS deployment via Orchestrator and ConfigMgr 2012

by

Last week I did a post about pre-provisioning user applications, based on group membership, during OS deployment, which I already thought was pretty cool. I got some nice positive feedback on that post, including a comment of my very well respected colleague and ConfigMgr MVP Kim Oppalfens. He said, “Nice find, but what if you have twenty applications?”. Well, my idea of last week would mean two task sequence steps per applications, so that’s not really an option for a lot of applications… I had to come up with something better. The biggest challenge about this is that Orchestrator can only return static variables, it’s not possible to return dynamically named variables from a runbook. This meant that the only option left, to really achieve …

Read more

Pre-provision user applications, based on group membership, during OS deployment via Orchestrator and ConfigMgr 2012

by

This week it’s time for another, in my opinion, very cool post with the combination of Orchestrator and ConfigMgr 2012 (and MDT 2012 Update 1). In this post I want to use the user, set with User Device Affinity, to pre-provision applications, based on group membership, on a device during the initial deployment of the device. Out-of-the-box User Device Affinity can be used to pre-deploy user-targeted application to a device and it can be set during the deployment of a device. This way it will start receiving applications very quick after the deployment. Basically I’m going to show in this post how to set User Device Affinity via a task sequence and how to use that username to install only specific applications for that user …

Read more

Deploying Windows 8 with the UE-V 1.0 Agent via ConfigMgr 2012

by

This week I will do a post about deploying the recent released UE-V 1.0 Agent. Even though there is a great guide, named UE-V Deployment Guide, included with the installation files, I noticed that there is a small piece “missing” for a deployment, with Windows 8, via a task sequence. When I just added the agent to my task sequence, to deploy Windows 8, I noticed that the agent wasn’t installing during the deployment. After looking at the Installation log file and after running the installer on a clean system, I saw that the Offline Files Service (CscService) needs to be running before the installation will run (see screenshot). It seems that the Offline Files Service on Windows 8, by default, is set to Automatic …

Read more

How to change the language in Windows PE via ConfigMgr 2012

by

A few weeks ago I already did some post about new task sequence variables. This week my post will be about another new (task sequence) variable. This one will probably not be used often, but can be very useful in some specific situations. Think about situations where the company demands that the language of everything that a user can see is displayed in the users’ own language. In this post I will use the German language as an example. Prerequisites The only prerequisite for the configuration is that the task sequence resource file (tsres.dll) exists in, in this case, the German language folder (<ConfigMgrInstallFolder>\OSD\bin\x64\00000407\tsres.dll) before updating the boot image. In case the file doesn’t exist, it can be simply installed/ created by following the next …

Read more

Creating custom right-click tools with Orchestrator, Runbook Commander and ConfigMgr 2012

by

A few weeks ago I already wrote a post about the cool things that are possible by using Orchestrator in combination with ConfigMgr 2012 (and MDT 2012 Update 1). This week I ‘m going to show that there are even more cool things possible by using Orchestrator in combination with Runbook Commander and ConfigMgr 2012. Runbook Commander is a great free tool made by Neil Peterson and is actually a dynamic console extension for ConfigMgr that allows for console initiated execution of Orchestrator Runbooks. So actually this is a very cool tool to create custom right-click tools for ConfigMgr. Anything that is possible to run on a client via Orchestrator can be added as a right-click action in the console. The only limitation is a …

Read more

Merging Endpoint Protection Policies in ConfigMgr 2012

by

This week I want to devote a small post to merging Endpoint Protection policies in ConfigMgr 2012 SP1 (which is currently still in BETA). Since ConfigMgr 2012 SP1 there are two different ways/ types of merging Endpoint Protection policies. In short we can define two sides: Server-side merge – On the server-side there is now the console option to merge multiple policies into one policy. In this case, when two settings conflict, the most secure setting is applied. Also settings like exclusion lists are really merged together. Client-side merge – On the client-side there is now the automatic behavior to merge multiple polices into the client settings. In this case, when two settings conflict, the highest priority option is used. Also settings like exclusion lists …

Read more