CCMEXEC.COM – System Center blog

CCMEXEC.COM – by Jörgen Nilsson

In Configuration Manager 1606 we got a new option to tweak our PXE boot times, TFTPWindowsSize which we can change in the registry on our PXE enabled DP’s.
PXE booting a machine can never be fast enough!

https://technet.microsoft.com/en-us/library/mt627944.aspx#BKMK_RamDiskTFTP

Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\DP
Name: RamDiskTFTPWindowSize
Type: REG_DWORD

The default value is 1 (1 data block fills the window)

We can also tweak the TFTPBlockSize which has been around for many versions of Configuration Manager.

Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\DP
Name: RamDiskTFTPBlockSize
Type: REG_DWORD
Value: <customized block size>

The default value is 4096 (4k).

So I did a lot of testing and when it comes down to it, you need to verify the settings that are best in your environment with your network configuration, your computermodels and so on.

What we know for example:

  • That HP Probook for instance doesn’t support a higher TFTPBlockSize value than 1456 otherwise it freezes.
  • Vmware 5.x doesn’t support a higher value for TFTPWindowsSize than 8.

I put together this list that could be a good starting point when testing out the different TFTP values, I used a Latitude E7450 and an Optiplex 7010 and Max, who helped me PXE boot otherwise I would have overdosed on Coffee by now!

TFTPSettings

Conclusion UEFI boot is slower! and the values used will be different for many customers as there are now optimal values that will be best in all environments.

Changing the TFTP settings was really boring so when I did the tests I wrote this little powershell tool as well to help in setting the values. I am planning to update it next week to be able to use it on Remote DPs and some more error handling. But you can use it as it is now to do you your testing. Run it as administrator so you have the permisisons necessary to change the registry values.

SCCMTFTPBootChangerIt can be downloaded here: SCCMTFTP

I hope this can be of use!

There seems to be a bug in the Windows 10 1607 ADK when trying to load the components needed to for instance deploy a machine when using 802.1x in your network. The service fails to load with System Error 126 as shown in the screenshot below.

winpeThere are some comments about it on forums and as comments on blog posts as well.

For now the workaround would be to use WinPE from the Windows 10 1511 ADK.

In Windows 10 1607 App-V and UE-V are built-in natively in the Operating System (Not in Pro) and no additional setup needs to be run anymore, this is awesome! Both App-V and UE-V can be enabled using a Group Policy or by using the following Powershell commands, Enable-Appv and Enable-UEV.

In some scenarios especially for App-V we need to enable it during OSD in our Task Sequence so that we can install App-V applications before the Group Policies are applied.

This is really simple we use just use the Powershell to activate it. If we want to enable both App-V and UE-V we use the following command

powershell.exe -NoProfile -Command “&{ Enable-Appv; Enable-Uev }”

activate App-V for instance using the following command:

powershell.exe -NoProfile -Command Enable-Appv

The Run Command Line Step must run after the Setup Windows and Configuration Manager step as shown below.

Task Sequence Step

If we then use the command prompt after that step to check the App-V status, it is now enabled.

App-v during OSD

In many scenarios and solutions, we use a single Task Sequence to deploy multiple Windows Versions in these scenario the following WMI query can be used to only run the command on Windows 10 1607, select * from Win32_OperatingSystem where BuildNumber = “14393″ as shown below.

Conditions using buildnumber

This really makes our life simpler!

It is time again! System Center User Group Sweden are planning an Enterprise Client day on the 29th of October at Microsoft in Akalla, Stockholm!
We have a preliminary agenda inplace and registrations are now open as well, hope to see you all there! The sessions will be held in Swedish.

Agenda (preliminary):

Description
Agenda is preliminary
0800 – Registration Opens
0815 – Welcome
0830-0915 – Third Party Patching with Shavlik
0930-1030 – Deploying Windows 10 Like A Boss
1045-1130 – Building Secure Mobility with Conditional Access
1130-1230 – Lunch
1230-1315 – ConfigMgr Tech Update
1330 – 1415 – The Flexera Offering around Client Management
1430 – 1515 – Customizing Windows 10 for the Enterprise
1530 -1615 – Device and Application Management in a Modern World
1630 – 1715 – Securing your Clients against Modern Threats

0800 – Registration Opens

0815 – Welcome

0830-0915 – Third Party Patching with Shavlik

0930-1030 – Deploying Windows 10 Like A Boss

1045-1130 - Building Secure Mobility with Conditional Access

1130-1230 – Lunch

1230-1315 – ConfigMgr Tech Update

1330 – 1415 - The Flexera Offering around Client Management

1430 – 1515 – Customizing Windows 10 for the Enterprise

1530 -1615 – Device and Application Management in a Modern World

1630 – 1715 – Securing your Clients against Modern Threats

Registration is now live here:

https://www.eventbrite.com/e/scug-se-enterprise-client-day-tickets-27391385371

There will also be a Datacenter day which is the day after the 28 of October more information can be found here:

https://www.eventbrite.com/e/scugse-cloud-and-datacenter-day-tickets-27391969117

Hope to see you all there!!

740810_10151223710004296_1783026840_o

Yesterday the Configuration Manager 1608 technical preview was released and just love the fact that we get a better end user experience in Software Center, I just had to write this.
One of the new features in Software Center is that we can both see if there are new items and which item is new.

1608 Whats New

And also we have Application request in Software Center and not in the Application Catalog.
Application Request

Application Request 2

Awesome new feature for the end users!

More new features are, from the blog post: https://blogs.technet.microsoft.com/enterprisemobility/2016/08/22/update-1608-for-configuration-manager-technical-preview-available-now/

  • Improvements to Asset Intelligence: We have added a field to the properties for inventoried software that lets you set a parent and child relationship with other software. In the Inventoried Software list, you can view the parent of any software and also hide all child software.
  • Improvements to the Prepare ConfigMgr Client for Capture task sequence step: The Prepare ConfigMgr Client step will now completely remove the Configuration Manager client, instead of only removing key information. When the task sequence deploys the captured operating system image, it will install a new Configuration Manager client each time.
  • Keyboard Translation for Remote Control: By default in a remote control session, characters typed on the viewer’s keyboard are sent to the controlled device instead of the keys – whether or not their keyboard layouts match. This behavior may be turned off in the Remote Control viewer Action menu.
Let’s focus on Remote Control, it is great that Remote Control gets some developer love, one thing I would like to see is the possibility to control the startup of the Remote Control Service on all clients from Automatic(Delayed) to Automatic using a Client Setting.
I created a user voice item for it so if you feel the same way, please vote for it here: https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/15756271-remote-tools-client-setting-to-change-client-ser

The documentation of what is new in Configuration Manager 1608 Technical preview can be found here: https://technet.microsoft.com/en-us/library/mt761995.aspx

Another post of mine on how to make Windows 10 1607 handle the way I like in an Enterprise is now live on the 4Sysops website.

Many enterprises would like to control and remove such notifications because they can confuse users and trigger unnecessary help desk calls. At the time of this writing, no Edge setting or Group Policy exists that allows admins to remove the Edge welcome page. Thus, I decided to dig in to how we can stop the page from showing.
Edge Welcome Page

It ended up being an Active Setup as the registry keys are not present when the user logons the first time, a user would hit the welcome page if they launch Microsoft Edge without login in/out once. I tried creating the whole structure but that didn’t feel right and could probably be something that bites back as that is for all modern apps and Microsoft Edge seemed to hang for me afterwards.

I hope it is useful!

Read the full post here:

https://4sysops.com/archives/disable-welcome-to-microsoft-edge-page-and-default-browser-prompt-in-windows-10-1607/

I had to write a post on the new options we have in Windows 10 1607 and managing the items in the Taskbar, it is now live at 4Syops.com where I am one of the authors. It covers how to deploy a custom taskbar during OS deployment, Group Policy, Powershell script and some lessons I learned so far when using it.

“The feature we used to deploy a customized Start menu in Windows 10 has been extended with the ability to manage pinned items on the Taskbar. There are some unsupported solutions for importing a Taskbar layout during OS deployment, including the one I wrote :-) However, now we can do it in a supported manner, and we can even add items using Group Policy after we create the user profile.

Windows 10 Taskbar

Note that this feature requires Windows 10 Enterprise/Education and it only works in Windows 10 1607.  (Editor’s note: There is some evidence that this feature works in Windows 10 Pro. Please share your experiences in a comment.) We cannot use this feature to remove items the user pinned to the Taskbar; we can only remove items from the Taskbar that we added with the new feature.

The Taskbar layout is configured in an .xml file either together with the Start menu layout or in a separate file. The .xml file can then be deployed using different tools according to which suits your organization best.”

Check out the whole post here:

https://4sysops.com/archives/pin-apps-to-the-taskbar-in-windows-10-1607-with-group-policy/

I have written posts both about how to uninstall builtin apps in Windows 10 using Powershell and how to block them with Applocker before so this is just a note that you will need to use Applocker once more.
Now that Windows 10 1607 is here we have a new app called “Connect” which we cannot uninstall much like the Contact Support app.

Connect2

The connect app turns your PC into a Miracast Receiver , which can be useful but not really in an enterprise.
Connect1

If we try to uninstall it, we get the following message, that it is part of the Operating System and cannot be removed.

Remove Connect

We can block it using Group Policy as I have described before with the Contact Support app and Microsoft Feedback app. http://ccmexec.com/2015/08/blocking-built-in-apps-in-windows-10-using-applocker/

If you are doing that already we only need to edit the Group Policy and add the following app as well. In the Group Policy add a new Package app rule for the Connect app
Connect3

So we end up with the following rules together with the Contact Support app and Feedback app as I have in my Group Policy since Windows 10 1507 and 1511.
Connect4