CCMEXEC.COM – System Center blog

CCMEXEC.COM – by Jörgen Nilsson

Not the MMS that many of us attended before but the original thought and what MMS was from the beginning is back!

This time hosted by the The Minnesota System Center User Group and Do Good Events. The attendee number is capped at 500 so it will be a very intimate event where you will have time to speak to other attendees and speakers as well.

The speaker lineup looks great as well and the content is promised to be very technical so don’t miss this event it looks to be a one of a kind world class event!

Be sure to check it it out here: http://mms.mnscug.org/

mms2014

This is something I thought I posted a long time ago, but here we go.

I logged in to my WSUS Server that I only use when building images and nothing else and found that more than 100 clients had tried to contact it and got the reminder.
I have about 15 test clients perhaps but have only built two images using this WSUS, I have done a lot of testing with Intune management though.

The ZTIWindowsUpdate.wsf script used in MDT and which can be used standalone as well in Configuration Manager to deploy updates either from Windows Update or a WSUS writes the policy registry key for the policy to use a WSUS server and it doesn’t clean it up.

WSUS_2

So that was why all my machines tried to contact my WSUS server.
Normally this would be an issue but it depends on how you will deploy your image and the use of it. A simple vbscript will cleanup the registry keys created by the ZTIWindowsUpdate.Wsf that can be run in the task sequence.

On Error Resume Next
Const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
strKeyPath = "Software\Policies\Microsoft\Windows\WindowsUpdate"
Set objRegistry = GetObject("winmgmts:\\" & _
strComputer & "\root\default:StdRegProv")
DeleteSubkeys HKEY_LOCAL_MACHINE, strKeypath
Sub DeleteSubkeys(HKEY_LOCAL_MACHINE, strKeyPath)
objRegistry.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubkeys
If IsArray(arrSubkeys) Then
For Each strSubkey In arrSubkeys
DeleteSubkeys HKEY_LOCAL_MACHINE, strKeyPath & "\" & strSubkey
Next
End If
objRegistry.DeleteKey HKEY_LOCAL_MACHINE, strKeyPath
End Sub

On Error Resume Next

Const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
strKeyPath = "Software\Policies\Microsoft\Windows\WindowsUpdate"
Set objRegistry = GetObject("winmgmts:\\" & _
strComputer & "\root\default:StdRegProv")
DeleteSubkeys HKEY_LOCAL_MACHINE, strKeypath
Sub DeleteSubkeys(HKEY_LOCAL_MACHINE, strKeyPath)
objRegistry.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubkeys
If IsArray(arrSubkeys) Then
For Each strSubkey In arrSubkeys
DeleteSubkeys HKEY_LOCAL_MACHINE, strKeyPath & "\" & strSubkey
Next
End If
objRegistry.DeleteKey HKEY_LOCAL_MACHINE, strKeyPath
End Sub

In some scenarios that I have written about before I end up building my master image using the ZTIWindowsUpdate.wsf script from MDT to install the updates needed during the build from Microsoft Update, http://ccmexec.com/2013/09/tips-when-building-images-with-configmgr-2012-part-2/ and Internet Explorer 11 http://ccmexec.com/2013/12/exclude-ie-11-when-building-images-using-wsus/

Microsoft .NET Framework 4.5.1 för Windows 7 (KB2858725) was released a while ago and it too needs to be excluded in some scenarios depending on which applications you use, .Net Framework 4.5.2 is also released but not yet published in Windows update.

Exclude .net framework 4.5.1

In our session on TechED 2014, Configuration Manager 2012 Community Jewels in Houston we did a demo of Application Importer by Mattias Benninge.
The tool saves a lot of time and makes it really easy to import an .MSI application as it will do everything for you, create Collection, create AD group, Create query for the AD group, distribute the content, deploy the application, basically everything you need to do to deploy and application.

Basically you can import the .MSI and then add a computer or user depending on how you deploy your applications to the AD group and it will deploy to the client.

During our session there was a little bug in the tool but that has now been sorted out in version 0.3.
I recommend that you download it and try it out:  https://sccmappimp.codeplex.com/

AppImport1

Great work Mattias!

The recording from the session that I did with Stefan Schörling(http://cmtrace.com) and Dave Randall at TechED 2014 in Houston, “System Center Configuration Manager Community Jewels” is now available online at Channel 9.

http://channel9.msdn.com/Events/TechEd/NorthAmerica/2014/PCIT-B320#fbid=

Thanks once more to everyone how contribute to the community.

Community_Jewels

TechED 2014 is closing in fast! Only a couple of days left! Haven’t found your favorite session yet?
Here is a list of System Center 2012 Configuration Manager / Windows Intune related sessions. Be sure to check them out!

FDN02 Enabling Enterprise Mobility with Windows Intune, Microsoft Azure, and Windows Server - Monday, May 12 11:00 AM – 12:00 PM
Speaker(s): Adam Hall, Andrew Conway, Demi Albuz, Jason Leznek

PCIT-B311 What’s New in Enterprise Management with Microsoft System Center Configuration Manager and Windows Intune – Monday, May 12 1:15 PM – 2:30
Speaker(s): Craig Morris, Dave Randall

PCIT-B215 What’s New in Microsoft System Center 2012 R2 Configuration Manager Infrastructure - Monday, May 12 3:00 PM – 4:15 PM
Speaker(s): Jim Dempsey, Martin Booth

PCIT-B410 Microsoft System Center 2012 Configuration Manager: MVP Experts Panel – Monday, May 12 4:45 PM – 6:00 PM
Speaker(s): Greg Ramsey, Jason Sandys, Johan Arwidmark, Kent Agerlund, Steve Thompson

PCIT-B216 Infrastructure Deployment for Mobile Device Management with Microsoft System Center Configuration Manager and Windows Intune - May 13 8:30 AM – 9:45 AM
Speaker(s): Jim Dempsey

PCIT-B317 Enrollment and Management of Mobile Devices with Microsoft System Center Configuration Manager and Windows Intune - Tuesday, May 13 1:30 PM – 2:45 PM
Speaker(s): Chris Green, Joey Glocke

PCIT-B320 Microsoft System Center Configuration Manager Community Jewels – Tuesday, May 13 5:00 PM – 6:15 PM
Speaker(s): Dave Randall, Jörgen Nilsson, Stefan Schörling

PCIT-B323 Application Management with Microsoft System Center Configuration Manager and Windows Intune – Wednesday, May 14 8:30 AM – 9:45 AM
Speaker(s): Craig Morris, Heidi Cheng

PCIT-B219 Microsoft Configuration Manager Community Resources – Wednesday, May 14 8:30 AM – 9:45 AM
Speaker(s): Rod Trent

PCIT-B325 Protecting Your Corporate Data with Microsoft System Center Configuration Manager and Windows Intune – Wednesday, May 14 10:15 AM – 11:30 AM
Speaker(s): Aseem Kohli, Dilip Radhakrishnan, Martin Booth

PCIT-B340 What’s New with OS Deployment in Configuration Manager and the Microsoft Deployment Toolkit – Wednesday, May 14 5:00 PM – 6:15 PM
Speaker(s): Aaron Czechowski

PCIT-B336 Managing Mac OS X Clients and Linux Servers Using Microsoft System Center Configuration Manager – Thursday, May 15 8:30 AM – 9:45 AM
Speaker(s): Karan Daftary, Preeti Rastogi

PCIT-B339 How Microsoft IT Manages Their Microsoft System Center Configuration Manager Application Lifecycle with Zero Touch - Thursday, May 15 10:15 AM – 11:30 AM
Speaker(s): Dharmendra Thotakura, Marc Hurley

PCIT-B333 How Microsoft IT Solves BYOD Using Microsoft System Center 2012 R2 Configuration Manager and Windows Intune – Thursday, May 15 1:00 PM – 2:15 PM
Speaker(s): Karthikeyan Jayavel, Marc Hurley

See you in Houston!

Cool. I am there!

There was a request a couple of days ago for a script to change the Power Management setting in Software Center so that the “Do not apply power settings from my IT department to this computer” is selected by default instead of letting the power settings automatically apply to the computer.

Powersettings2

I wrote a script a while back on how to change the setting for “Automatically install or uninstall required software and restart the computer only outside of the specified business hours”. http://social.technet.microsoft.com/Forums/en-US/configmanagerapps/thread/08d2f8e9-feaf-4143-af56-7e97ef20267c/

Torsten Meringer, ECM MVP wrote a blog post and a script a while back on how to modify the Business Hours using a vbscript, it can be found here: http://www.mssccmfaq.de/2012/03/26/software-center-business-hours-auslesen-setzen/

This is basically based on the same script as the two above, it was very easy to modify it to change the setting above, here it is:

Set objUX = GetObject("winmgmts:\\.\root\ccm\ClientSDK:CCM_PowerManagementSettings")

Set inParam = objUX.Methods_.Item("SetPowerManagementSettings").inParameters.SpawnInstance_()
inParam.IsOptOutFromPowerPlan = "True"
Set result = objUX.ExecMethod_("SetPowerManagementSettings", inParam)

Set objUX = GetObject("winmgmts:\\.\root\ccm\ClientSDK:CCM_PowerManagementSettings")

Set inParam = objUX.Methods_.Item("SetPowerManagementSettings").inParameters.SpawnInstance_()

inParam.IsOptOutFromPowerPlan = "True"

Set result = objUX.ExecMethod_("SetPowerManagementSettings", inParam)

Note that to be allowed to change the setting you need to edit the client settings which is applied to the client as well.

Powersettings1

Another note, if you are testing this Power Settings in ConfigMgr 2012 does not apply to virtual clients, you will get an “access denied error” if you try run it.

This topic is not new but it has been asked a lot lately on the forums so a post is in order.

To use the “Install Software updates” step in a Task Sequence to install Software updates requires that the computer that is being deployed/reimaged is a member of one or more collections with the updates that should be installed deployed to it.

There are two options for the “Install Software Updates Step”:

Mandatory Software Updates = This naming is perhaps not really clear as in Configuration Manager 2012 Software Updates are deployed as “Required”. This option will install all updates deployed to the computer as required.

All Software Updates = this option will install all Software Updates that are deployed to the computer as “Available”

What if I am using Unknown Computer support to install my clients? In that scenario you have two options:

  • Deploy all the “Software Update Groups” to the “Unknown Computers” collection. This option will require you to deploy all updates multiple times which is not fun.
  • Include the two “Unknown Computer”(one for x86 and one for x64) objects in your normal Collection that you use to deploy Software Updates.
    Capture1This is a much better option which doesn’t require multiple deployments of all Software Update Groups

Also check out this KB article, http://support.microsoft.com/kb/2894518 for an issue with deploying Software Updates during a Task Sequence that requires multiple reboots.