CCMEXEC.COM – System Center blog

This is actually an update that has been around for a while it was actually released in March, but as it is a great update which contains many interesting hotfixes for Windows 7 sp1 and Windows 2008 R2 Sp1. Many still haven’t deployed it so I thought I would write this post. The more I have used it in customer cases, has made me include it in all my master images and deploy it everywhere . The updates that are included a big difference which actually is visible for the end-users as well when it comes to startup times and logon times on their computers.
We should not expect another service pack at least not according to all the rumors, this hotfix rollup could just as well be considered a service pack.

Some of the most important updates that are included are:

• Group Policy preference item-level targeting does not work for 64-bit versions of Windows 7
• An update that improves the startup performance of Windows 7 and of Windows Server 2008 R2 is available
• You may encounter file corruption issues when you use the Offline Files feature to synchronize data in Windows 7
• Offline files synchronization may not finish on a computer that is running Windows 7 or Windows Server 2008 R2
• Internet Explorer Group Policy Preferences do not apply to Internet Explorer 9 in a Windows Server 2008 R2 domain environment
• You experience a long domain logon time in Windows Vista; Windows 7; Windows Server 2008 or Windows Server 2008 R2 after you deploy Group Policy preferences to the computer
• Unexpectedly slow startup or logon process in Windows Server 2008 R2 or in Windows 7
• Logon scripts take a long time to run in Windows Vista; in Windows Server 2008; in Windows 7 or in Windows Server 2008 R2
• Long startup or logon time on a Windows 7-based or Windows Server 2008 R2-based client computer when you apply a Group Policy preference that has OU filtering
• Long startup or logon time when no domain controllers are available on a Windows 7-based or Windows Server 2008 R2-based domain member computer

If you haven’t deployed it already I strongly recommend it!

The Knowledge Base 2775511 describing the update can be found here: http://support.microsoft.com/kb/2775511

The update can be downloaded from the update catalog http://catalog.update.microsoft.com/v7/site/Home.aspx
Type the KB number in the upper right corner:

This is a topic that is discussed in many forums and almost with every customer I meet, how can we do PXE boot on out UEFI devices. This is new technology to many of us and driven by the new Windows 8 tablet’s like the HP Elitepad 900 and the Dell Latitude 10.
Configuration Manager 2012 SP1 supports UEFI and PXE boot of these devices, however there are some dependencies to which version of Windows Deployment Services (WDS) that is used on the PXE-enabled Distribution Point as well.
To support PXE boot of 32-bit UEFI devices Configuration Manager 2012 Cumulative Update 1 needs to be installed as well, KB2817245

A Windows Server 2008 R2 WDS supports PXE boot of 64-bit EFI devices:

From Technet: “Provides support for network booting x64-based computers with EFI, including support for the Auto-Add policy and the ability to deploy boot images using multicasting.” Reference: http://technet.microsoft.com/sv-se/library/dd348502(v=ws.10).aspx

A Windows Server 2012 WDS supports the PXE Boot of both 32 and 64 bit EFI Devices:

From Technet: “Support x86 clients (32-bit processors) with Unified Extensible Firmware Interface (UEFI) to network boot and complete an end-to-end deployment by using WDS.” Reference: http://technet.microsoft.com/en-us/library/hh974416.aspx

This means that yes you can use Configuration Manager 2012 to deploy Windows 8 to your Windows 8 tablet using Windows 8, as long as you are using Server 2012 as the operating System for the PXE-enabled DP and if the Firmware from the vendor supports it as well.

If we look at the file structure in the RemoteInstall directory on a Windows 2008 R2 server running Configuration Manager 2012 sp1 DP it looks like this, where the .efi file doesn’t exist in the x86 folder:

On a Server 2012 DP we can see that the x86 folder includes the files needed to boot .UEFI based devices.

Conclusion, yes, you can PXE boot your UEFI devices depending on which version of  Windows Server the DP is running and which architecture the UEFI device you are trying to boot uses and as long as you are using Configuration Manager 2012 SP1

In Configuration Manager 2012 you can have multiple SMS Providers to achieve a higher availability and load balancing. This is a really great new feature!
I ran into this little challenge yesterday, when we moved the SQL database to a SQL Cluster and installed a second SMS Provider in the site to achieve high availability. We installed the ADK as it is a documented pre-req on Technet for the SMS Provider role.

When the Admin console connected using the newly installed SMS Provider we got this error as soon as you try to edit a Task Sequence which uses the MDT integration:

We resolved this by installing the same version of MDT as we use on the Primary Site server on the server  with the newly added SMS Provider role installed on it and ran the “Configure MDT Integration” utility on that server as well.

After that all the errors are gone and the newly installed SMS Provides works just fine even when editing Task Sequences with the MDT integration installed.

On Monday 8 of April 2013 the keynote of MMS 2013 was held in the Mandalay Bay Event Center. It’s main focus was the cloud as the name “Cloud Optimize Your Business with Microsoft Management Solutions”. The keynote was divided into to parts basically, first part about private/public cloud and a lot of comparison with “The other guys in the industry” who that could be  It included customer references and live demos of many interesting components.

From a Client Management perspective Configuration Manager was only visible when using the Windows Intune connector to manage devices, Brad’s Windows 8 phone for instance. There are a really interesting case study on how Toyota manage car-diagnostics pc’s using Windows Intune, really interesting you can read it here: http://www.microsoft.com/casestudies/Case_Study_Detail.aspx?casestudyid=710000001830

Overall it was good keynote!

The Keynote is available here for downloading and streaming: http://channel9.msdn.com/Events/MMS/2013/KEY1

Here is a script which can be used to download all the session recordings from the channel9 website: http://www.msfaq.se/2013/04/mms-2013-session-downloader/

There was a question asked on the forums a couple of days ago about how to verify during the OS Deployment Task Sequence, if the computer failed to join the Active Directory domain or not. I wrote together this little script which will check what domain the computer belongs to and if it isn’t the correct domain name the script will return exit code 1 and the task sequence will fail.

The script must be run after the Setup Windows and Configuration Manager step in the task sequence as the computer will restart after that step and configure the Operating System and join the domain.

To implement it:

1. Save the script below in a folder and create a package containing the script.
2. Change the domain name in the script to match your environment
3. Add a “Run Command Line” step in the Task Sequence after the “Setup Windows and Configuration Manager” step.
4. Add the following command in the “Run Command Line” step cscript.exe checkdomain.vbs
   
   
5. Select the newly created package as then package that the command line should be executed from.

Then you are good to go!

Vbscript Checkdomain.vbs:

Next


On the 16th o May Best of MMS 2013 will take place in Stockholm,Sweden(in swedish). 16 sessions and three different tracks will be available!!

It is being arranged by Truesec, Microsoft and Lumagate, you can find all the details and registration information here: http://events.truesec.se/Event/Best_of_MMS_2013

I have the great pleasure of delivering two sessions:

Managing IOS, WP8, WIN RT using CM and Intune, together with Björn Axell

and

Why User Centric Management Rocks!, together with Stefan Schörling

I am really looking forward to it!
Don’t miss it!

As I wrote in the previous blog post the AdminConsole on the Primary site server and CAS if that is used, is not updated automatically during the installation of CU1 for SP1. It is also noted in the CU1 KB: http://support.microsoft.com/kb/2817245

“The PowerShell changes that are referenced in this article are contained in the Administrator Console update (Adminconsole.msi). The Administrator Console update is not automatically installed on a site server when the cumulative update setup wrapper (Updatesetup.exe) runs. The wrapper creates an additional installation package and program that must be run to update the Administrator Console.”

Before the upgrade of the Admin Console the version number is: 5.0.07804.1000, this can be found under About in the upper left corner in the Admin Console.

During the installation of the CU1 update on the Primary site server, packages and programs are created to upgrade the different components,Clients, Admin Console and server updates, as shown below.

If you have the Configuration Manager 2012 client installed on the Configuration Manager 2012 Primary site server, then simply create a collection and deploy the “SP1 Cumulative update 1 – console update -xxx” package/program to the Pirmary Site Server and all clients with the Admin Console installed.

If you don’t manage your Primary Site server with Configuration Manager you can use the command line from the program to install the Admin Console Update.
“Msiexec.exe  /p configmgr2012adminui-sp1-kb2817245-i386.msp /L*v %temp%\configmgr2012adminui-sp1-kb2817245-i386.msp.log /q REINSTALL=ALL REINSTALLMODE=mous”

The update can be found in the \\siteservername\SMS_xxx\hotfix\kb2817245\adminconsole\i386

After the upgrade the version number in the Admin Console has been updated to: 5.0.7804.1202 as shown below.

Cumulative Update 1 for System Center 2012 Configuration Manager Service Pack 1 is now available for download!!
http://support.microsoft.com/kb/2817245

Don’t forget to the Admin Console even on the SCCM Primary site server as well after installation as well. Amongst the really interesting updates are many new Powershell cmdlets, they are included in the adminconsole.msi file:

• Add-CMDistributionPoint
• Import-CMAntiMalwarePolicy
• Import-CMDriver
• New-CMAppVVirtualEnvironment
• New-CMMigrationJob
• New-CMPackage
• New-CMSoftwareUpdateAutoDeploymentRule
• New-CMTaskSequence
• New-CMTaskSequenceInstallUpdateAction
• New-CMTaskSequenceMedia
• New-CMUserDataAndProfileConfigurationItem
• Remove-CMTaskSequenceInstallUpdateAction
• Set-CMTaskSequenceGroup
• New-CMTaskSequenceGroup
• Remove-CMTaskSequenceGroup
• Set-CMApplicationCatalogWebsitePoint
• Set-CMAppVVirtualEnvironment
• Set-CMClientPushInstallation
• Set-CMClientSetting
• Set-CMDistributionPoint
• Set-CMDriver
• Set-CMEndpointProtectionPoint
• Set-CMEnrollmentPoint
• Set-CMEnrollmentProxyPoint
• Set-CMHierarchySetting
• Set-CMManagementPointComponent
• Set-CMOperatingSystemImageUpdateSchedule
• Set-CMOutOfBandManagementComponent
• Set-CMReportingServicePoint
• Set-CMSite
• Set-CMSoftwareUpdateAutoDeploymentRule
• Set-CMSoftwareUpdatePointComponent
• Set-CMStateMigrationPoint
• Set-CMStatusSummarizer
• Set-CMSystemHealthValidatorPointComponent
• Set-CMTaskSequence
• Set-CMTaskSequenceInstallUpdateAction
• Set-CMUserDataAndProfileConfigurationItem
• Start-CMDistributionPointUpgrade

The complete list of updates can be found in the download link above.