CCMEXEC.COM – System Center blog

CCMEXEC.COM – by Jörgen Nilsson

Browsing Posts in System Center Configuration Manager

At TechED in Houston North America 2014 I had time to look at the Advanced Installer in the Expo Hall, I was impressed of the demo. I have always recommended Flexera AdminStudio as the tool to use for repackaging in the projects that I am involved with as this is a very powerful tool for repackaging software to Windows Installer packages/App-v packages.

Advanced Installer in the latest version looks like it could be an alternative to AdminStudio as there are many new features, App-V support, Snapshot support and so on.

I also have a feeling that many Flexera AdminStudio users, admins that do repackaging doesn’t really use all the features in AdminStudio and that Advanced Installer could be a less expensive option AdminStudio and provide enough features.

From a licensing perspective Advanced Installer is interesting as well if you are a consultant or an organization that repackages applications for customers, there is no additional license cost in the these scenarios for Advanced Installer. You can package applications using your license and selll them or give them to your customers.

If you haven’t had a look at it before more information on Advanced Installer can be found here: http://www.advancedinstaller.com/

Here is a short video on how to repackage 7-zip using Advanced Installer:

Here are some other free options, some with limited functionality, but all available out there for repackaging your applications/script or whatever teaks you are doing to .MSI:

InstEd: http://www.instedit.com/

Adminstudio Configuration Manager Edition: http://www.flexerasoftware.com/landing/adminstudio-configuration-manager-download.html

Orca (the true hardcore tool): http://www.technipages.com/download-orca-msi-editor

AdvancedInstaller free: http://www.advancedinstaller.com/download.html

Wow! I have the great honor to be presenting at TechED Europe 2014 in Barcelona!

I will be delivering the session called “EM-B211 Microsoft System Center Configuration Manager Community Jewels” together with fellow ECM MVP Stefan Schörling(http://www.cmtrace.com/).

During this session we will demo and present community solutions and tools that can make life easier for us as ConfigMgr admins and do things that we normally can’t do or need to script in ConfigMgr. There are so many fantastic tools/solutions out there so one of the hardest things will be choosing which ones to demo. We have done some sessions on community tools before, this time we will do even more demos and show some new tools and tips.

Join us and be inspired!!

Hope we will see you all there!

Blog_Bling-SeeYouThere

The Enterprise Mobility Suite is the new Black(EMS) is the new black!

In the new world with modern devices being used more and more in daily work, managing them or actually what it all is about managing the information that is on them and providing secure access to the information they are to be able to consume. EMS is a bundling of three cloud services that together represents the bundle Enterprise Mobility Suite. The three services are:

  • Microsoft Azure Active Directory Premium
  • Windows Intune
  • Microsoft Azure Rights Management

Here is an introduction EMS that is a great place to start.

Some of us has been using or at least have evaluated Windows Intune for a while now to manage our clients or modern devices with i, Azure AD is new has a lot of cool features. In this post I would like to focus on the Coolest if you ask me and probably least adopted technology as it has been around for a long time Microsoft Azure Rights Management.

OK, so Azure Rights Management has not been around for a long time but the technology it build upon has been around for more that ten years. The reason why it is not implemented that frequently is of course that it requires a lot of work to classify data and now what data to protect. But in our Mobile first and cloud first world I would really like to stress that this is the most important feature for me at least. What is most important, it is of course the data itself.

Many times when I have demoed, or made presentations on Windows Intune as a mobile device management solution, I have been asked “how do I protect my data?” The answer has been ADRMS, now that these are bundled together I truly believe this will take customers view on Device Management solutions to a new level.

If you haven’t looked at ADRMS before I really suggest that you do. It is a really cool feature that extends the protection of you sensitive information beyond your own managed devices.

Here is a session from a colleague of mine from TechX in Sweden which is pretty cool (in Swedish though):

More information on EMS can be found here: http://www.microsoft.com/en-us/server-cloud/products/enterprise-mobility-suite/

Not the MMS that many of us attended before but the original thought and what MMS was from the beginning is back!

This time hosted by the The Minnesota System Center User Group and Do Good Events. The attendee number is capped at 500 so it will be a very intimate event where you will have time to speak to other attendees and speakers as well.

The speaker lineup looks great as well and the content is promised to be very technical so don’t miss this event it looks to be a one of a kind world class event!

Be sure to check it it out here: http://mms.mnscug.org/

mms2014

This is something I thought I posted a long time ago, but here we go.

I logged in to my WSUS Server that I only use when building images and nothing else and found that more than 100 clients had tried to contact it and got the reminder.
I have about 15 test clients perhaps but have only built two images using this WSUS, I have done a lot of testing with Intune management though.

The ZTIWindowsUpdate.wsf script used in MDT and which can be used standalone as well in Configuration Manager to deploy updates either from Windows Update or a WSUS writes the policy registry key for the policy to use a WSUS server and it doesn’t clean it up.

WSUS_2

So that was why all my machines tried to contact my WSUS server.
Normally this would be an issue but it depends on how you will deploy your image and the use of it. A simple vbscript will cleanup the registry keys created by the ZTIWindowsUpdate.Wsf that can be run in the task sequence.

On Error Resume Next
Const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
strKeyPath = "Software\Policies\Microsoft\Windows\WindowsUpdate"
Set objRegistry = GetObject("winmgmts:\\" & _
strComputer & "\root\default:StdRegProv")
DeleteSubkeys HKEY_LOCAL_MACHINE, strKeypath
Sub DeleteSubkeys(HKEY_LOCAL_MACHINE, strKeyPath)
objRegistry.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubkeys
If IsArray(arrSubkeys) Then
For Each strSubkey In arrSubkeys
DeleteSubkeys HKEY_LOCAL_MACHINE, strKeyPath & "\" & strSubkey
Next
End If
objRegistry.DeleteKey HKEY_LOCAL_MACHINE, strKeyPath
End Sub

On Error Resume Next

Const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
strKeyPath = "Software\Policies\Microsoft\Windows\WindowsUpdate"
Set objRegistry = GetObject("winmgmts:\\" & _
strComputer & "\root\default:StdRegProv")
DeleteSubkeys HKEY_LOCAL_MACHINE, strKeypath
Sub DeleteSubkeys(HKEY_LOCAL_MACHINE, strKeyPath)
objRegistry.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubkeys
If IsArray(arrSubkeys) Then
For Each strSubkey In arrSubkeys
DeleteSubkeys HKEY_LOCAL_MACHINE, strKeyPath & "\" & strSubkey
Next
End If
objRegistry.DeleteKey HKEY_LOCAL_MACHINE, strKeyPath
End Sub

In some scenarios that I have written about before I end up building my master image using the ZTIWindowsUpdate.wsf script from MDT to install the updates needed during the build from Microsoft Update, http://ccmexec.com/2013/09/tips-when-building-images-with-configmgr-2012-part-2/ and Internet Explorer 11 http://ccmexec.com/2013/12/exclude-ie-11-when-building-images-using-wsus/

Microsoft .NET Framework 4.5.1 för Windows 7 (KB2858725) was released a while ago and it too needs to be excluded in some scenarios depending on which applications you use, .Net Framework 4.5.2 is also released but not yet published in Windows update.

Exclude .net framework 4.5.1

In our session on TechED 2014, Configuration Manager 2012 Community Jewels in Houston we did a demo of Application Importer by Mattias Benninge.
The tool saves a lot of time and makes it really easy to import an .MSI application as it will do everything for you, create Collection, create AD group, Create query for the AD group, distribute the content, deploy the application, basically everything you need to do to deploy and application.

Basically you can import the .MSI and then add a computer or user depending on how you deploy your applications to the AD group and it will deploy to the client.

During our session there was a little bug in the tool but that has now been sorted out in version 0.3.
I recommend that you download it and try it out:  https://sccmappimp.codeplex.com/

AppImport1

Great work Mattias!

The recording from the session that I did with Stefan Schörling(http://cmtrace.com) and Dave Randall at TechED 2014 in Houston, “System Center Configuration Manager Community Jewels” is now available online at Channel 9.

http://channel9.msdn.com/Events/TechEd/NorthAmerica/2014/PCIT-B320#fbid=

Thanks once more to everyone how contribute to the community.

Community_Jewels