ConfigMgr Technical Preview 1801 Released

The Microsoft System Center Configuration Manager (ConfigMgr) team has kicked off 2018 with a brand new release of the ConfigMgr Technical Preview branch with version 1801. As always, new features and improvements to the product derive from the feedback they receive from the community on the ConfigMgr UserVoice forum. Now, you can also provide feedback directly from within Windows 10 by using the Feedback Hub App. See additional documentation to provide ConfigMgr feedback.

This update has a number of new features (as listed in the Enterprise Mobility & Security blogpost) which include:

  • Run Scripts – You can now import and run signed scripts and monitor the script results.
  • Moving Distribution Points between sites – You can now move an eligible distribution point from one primary site to another primary site or from under a secondary site to a primary site . For information about requirements for moving a distribution point see “Reassign Distribution Point”.
  • Improvements to client settings for Software Center – Client settings for Software Center now has a customize button where you can preview your customizations before deploying them to machines. You can also hide unapproved applications in Software Center.
  • New settings for Windows Defender Application Guard – For Windows 10 version 1709 and later devices, there are two new host interaction settings for Windows Defender Application Guard. Websites can be given access to the host’s virtual graphics processor and files downloaded inside the container can be persisted on the host.
  • Co-management reporting – You can now view a dashboard with information about co-management in your environment.
  • Phased Deployments – You can use phased deployments to automate a coordinated, sequenced rollout of software without creating multiple deployments.
  • Support for hardware inventory strings greater than 255 characters in length – For newly added classes, you can specify string lengths greater than 255 characters for hardware inventory properties that are not keys.
  • Improvements to Automatic Deployment Rule evaluation schedule – You can now schedule Automatic Deployment Rule evaluation to be offset from a base day.

You can update to the 1801 Tech Preview release via the ConfigMgr console under the Updates & Servicing node. The baseline version of the Technical Preview branch is now at version 1711 and available on the TechNet Evaluation Center.

The following document provides further details on the capabilities in Technical Preview 1801 for System Center Configuration Manager.

Here’s my video tutorial which I did for version 1701. The steps are the same for 1801.

Here are the step-by-step upgrade guide (if you prefer not to watch the video) to get your current ConfigMgr Technical Preview site to version 1801:

You will find the 1801 update available in the ConfigMgr console under Administration > Updates and Servicing. If you don’t see it, click on Check for Updates in the menu ribbon.

Right-click on Configuration Manager Technical Preview 1801 and click on Install Update Pack. If you prefer, you can also use the Install Update Pack option from the ribbon menu. I recommend that you run the prerequisite check first to make sure there are no issues reported with your site server. Otherwise, you will need to address the issues before proceeding with the update.

Click Next and select the checkbox if you want to ignore the prerequisite check warning.

Select the features desired for install in the update pack. You can choose to do this later under the Updates and Servicing node.

Pick your option to validate or not to validate the upgrade against a collection. For my production Current Branch site, I generally select Validate in pre-production collection and choose one of my test collections for the first phase of the upgrade. However, since this is the Technical Preview site and only used in a test environment, you can continue with the option, Upgrade without validating.

Select the license terms and click Next.

Click Next to confirm the settings.

Click Close.

You can now monitor the status of the upgrade under Monitoring > Updates and Servicing Status. Then select the update package name and click on Show Status in the ribbon menu.

The window below will show the stages of the upgrade process where you can monitor it’s progress. If there are any issues, you will see it listed here with a warning and the details provided in the description box in the bottom of the window.

Upon successful completion of the hotfix installation, you will be presented with the pop-up window as seen below to indicate a console upgrade from version 5.0.0.8595.1000 to 5.1802.1050.1000 is available.

You can verify the console upgrade in the About System Center Configuration Manager drop down menu from the console.
Version 1801 for Technical Preview
Console version: 5.1802.1050.1000
Site version: 5.0.8611.1000

And you now have ConfigMgr Technical Preview 1801 running in your test environment.

 

Please like & share:

ConfigMgr 1710 Hotfix Rollup (KB4057517)

ConfigMgr Current Branch version 1710 now has a hotfix (KB4057517) available which addresses some issues, which you can read up here. The following are the fixes resolved with this hotfix (there are 13 of them):

  • Clients who use Azure Active Directory (Azure AD) for authentication do not successfully communicate with a management point
  • The Configuration Manager console may terminate unexpectedly after you browse to a content location in the Office 365 Client Installation wizard
  • Download of express updates may fail on Windows 10 clients because of an issue that affects files in temporary and cache folders
  • Configuration Manager current branch, version 1710 clients are not upgraded on systems that are running Windows Server 2008 SP2. The client Setup program, Ccmsetup.exe, terminates unexpectedly
  • The Office 365 Application Installation Wizard may try to download content from an incorrect channel. This causes download failures
  • The fallback time that is configured for content is not honored if distribution points or their content are inaccessible
  • The Client Notification Restart request is processed incorrectly by remote management points. This causes a .bld notification file to be left in the \MP\Outboxes\bgb.box folder on the remote management point
  • Retrying a large single-file download, such as an Office 365 update file, may fail on a site server
  • The Persist content in the client cache setting on Package Properties is not honored by clients
  • Decommission-related State messages from co-managed client computers are processed incorrectly
  • State messages sent by Azure AD users may not be processed
  • If a Configuration Manager client restarts during the process of retrying a task sequence policy download, that task sequence does not run automatically after the restart
  • Conditional access policies may block access to Office 365 applications for domain-joined devices after migrating to Intune standalone

Here are the steps on how to install this hotfix. You will find it available in the ConfigMgr console under Administration > Updates and Servicing. If you don’t see it, click on Check for Updates in the menu ribbon.

Right-click on Configuration Manager 1710 Hotfix Rollup (KB4057517) and click on Install Update Pack. I recommend that you run the prerequisite check first to make sure there are not issues reported with your site server.

Click Next and select the checkbox if you want to ignore the prerequisite check warning.

Pick your option to validate or not to validate the upgrade against a collection. I generally tend to select Validate in pre-production collection and choose one of my test collections for the first phase of the upgrade.

Select the license terms and click Next.

Click Next to confirm the settings.

Click Close.

You can now monitor the status of the upgrade under Monitoring > Updates and Servicing Status. Then select the update package name and click on Show Status in the menu ribbon.

The window below will show the stages of the upgrade process where you can monitor it’s progress. If there are any issues, you will see it listed here with a warning and the details provided in the description box in the bottom of the window.

Upon successful completion of the hotfix installation, you will be presented with the pop-up window as seen below to indicate a console upgrade from version 5.0.0.8577.1100 to 5.0.0.8577.1108 is available.

You can verify the console upgrade in the About System Center Configuration Manager drop down menu from the console.
Version 1710
Console version: 5.0.0.8577.1108
Site version: 5.0.8577.1000

Once you are comfortable with the client upgrade on your test collection which you selected during the validate in pre-production collection phase, you can deploy the client upgrade to all clients in the hierarchy by selecting the Promote Pre-production Client option as seen below.

Your ConfigMgr site is now upgraded with the KB4057517 hotfix.

 

Please like & share:

SQL Query To Find The Collection Membership of a Specific Computer in ConfigMgr

Every now and then, you will encounter a situation when you need to find which ConfigMgr Collection(s) a specific computer is a member of for troubleshooting purposes. I came across this TechNet post which describes a SQL query to find the collection information.

Run the following query in SQL against the SMS Database:

select v_FullCollectionMembership.CollectionID As ‘Collection ID’, v_Collection.Name As ‘Collection Name’, v_R_System.Name0 As ‘Machine Name’ from v_FullCollectionMembership
JOIN v_R_System on v_FullCollectionMembership.ResourceID = v_R_System.ResourceID
JOIN v_Collection on v_FullCollectionMembership.CollectionID = v_Collection.CollectionID
Where v_R_System.Name0=’ClientMachineName’

Note: Replace ClientMachineName with the name of the Client Machine in question. Additionally, you can also make a Custom Report to get this information if you intend to use this frequently:

The SQL Statement For this Report would be as follows:

select v_FullCollectionMembership.CollectionID As ‘Collection ID’, v_Collection.Name As ‘Collection Name’, v_R_System.Name0 As ‘Machine Name’ from v_FullCollectionMembership
JOIN v_R_System on v_FullCollectionMembership.ResourceID = v_R_System.ResourceID
JOIN v_Collection on v_FullCollectionMembership.CollectionID = v_Collection.CollectionID
Where
v_R_System.Name0=@Comp

Click on Prompts while providing the SQL Statement, and Create a new prompt named ‘Comp’ without the quotes. Provide a SQL Statement for the prompt as follows:

select Name0 from v_R_System

Source: http://blogs.technet.com/b/configurationmgr/archive/2009/08/24/how-to-find-the-collection-membership-information-of-a-specific-client-machine.aspx

Please like & share:

UserVoice: Microsoft Product Feedback And Feature Request Resources

I recently came across a post by Jim Naroski on The Office 365 Guy TechNet blog site. He listed the links to the UserVoice portal for the various products or topics which Microsoft utilizes to gather feedback and feature requests. One important link is missing from the TechNet blog, which is for the System Center Configuration Manager (ConfigMgr) feedback site, and I have added that to the list below. Start using this valuable resource to help improve products and make your voice heard.

Products Links
Access https://access.uservoice.com
Bookings https://outlook.uservoice.com/forums/314907-microsoft-bookings
Business Center https://office365.uservoice.com/forums/600793-office-365-business-center
ConfigMgr https://configurationmanager.uservoice.com
Excel https://excel.uservoice.com
Flow https://powerusers.microsoft.com/t5/Flow-Feedback/ct-p/Feedback
Forms https://microsoftforms.uservoice.com
Connections https://office365.uservoice.com/forums/600610-microsoft-connections
Invoicing https://office365.uservoice.com/forums/600781-microsoft-invoicing
Listings https://office365.uservoice.com/forums/600778-microsoft-listings
Mix https://officemix.uservoice.com/
MyAnalytics https://myanalytics.uservoice.com/
Office 365 https://office365.uservoice.com
Office 365 Groups https://office365.uservoice.com/forums/286611-office-365-groups
OneDrive https://onedrive.uservoice.com
OneNote https://onenote.uservoice.com
Outlook https://outlook.uservoice.com
Planner https://planner.uservoice.com
Power BI https://ideas.powerbi.com/forums/265200-power-bi-ideas
PowerApps https://powerusers.microsoft.com/t5/Product-Feedback/ct-p/PA-feedback
PowerPoint https://powerpoint.uservoice.com
Project https://microsoftproject.uservoice.com
SharePoint https://sharepoint.uservoice.com
StaffHub https://staffhub.uservoice.com
Skype for Business https://www.skypefeedback.com
Stream https://techcommunity.microsoft.com/t5/Microsoft-Stream-Ideas/idb-p/StreamIdeas
Sway https://sway.uservoice.com
Teams https://microsoftteams.uservoice.com/forums/555103-public
To-Do https://todo.uservoice.com/
Visio https://visio.uservoice.com
Word https://word.uservoice.com
Yammer https://yammer.uservoice.com

Uservoice provides an opportunity for customers or end users of products to provide feedback, request features and interact with others as well as with the product teams. If you discover a request or feedback that you agree with and would like to support, you can add a vote to that post. Each UserVoice member receives a limited number of votes to use and these votes are returned once the the particular feedback has been acknowledged and completed. See above screen capture.

Another useful feature of UserVoice is the ability to see the status of the posts such as Noted, Planned, Under Review, Started, and Completed. See examples below:

Source: https://blogs.technet.microsoft.com/o365guy/2018/01/02/submit-product-feedback-or-feature-requests-to-microsofts-virtual-suggestion-boxes/

Please like & share:

Fix For Error: Failed To Process Configuration Manager Update 0x87d20b15

With the release of version 1710 for System Center Configuration Manager Current Branch on November 20, 2017, I pursued to update my ConfigMgr 1706 site to take advantage of some of the exciting new features, which you can read more here! Use this PowerShell script to enable the early update ring for ConfigMgr 1710.

I tested the update in my test lab and the upgrade to v1710 worked just fine. As usual with my production environment, I always run the prerequisite checker to make sure nothing is flagged as an issue, which in my case all was fine with green checkmarks. However, the actual installation of the update failed on the Installation step for “Upgrade ConfigMgr database” as seen in the screen capture above. The description for the error indicates: [Failed]: Upgrading ConfigMgr database. Check cmupdate.log for details.

The following is an error was seen in the cmupdate.log: Failed to apply update changes 0x87d20b15

I located a blog post by my friend Anoop dated from October 2016 referencing a similar error code where he points to providing the NT Authority/System account in SQL with the sysadmin security role, however that was not the cause of my upgrade failure and the security roles were already defined correctly. The following TechNet thread was a dead end as well.


My post on Twitter as seen above caught the attention of another friend of mine, David James, Director of Engineering for ConfigMgr at Microsoft, who with his team were able to pinpoint the problem in no time at all and quickly provided a solution which resolved my ConfigMgr 1710 upgrade installation hang up. Thanks David and to the ConfigMgr team! The gist of the problem is that my environment had an old compatibility level 100 set for the SQL Server database for the CM_XXX database, and you can find this referenced in the cmupdate.log file. Changing it to 110 fixed the compatibility level needed for ConfigMgr 1710.

Run the following query in SQL Management Studio (please change XXX to your ConfigMgr Site Code) and retry the installation via the Update and Servicing node in the ConfigMgr Admin Console. This also addresses the issue where TRY_CONVERT is not recognized as a built-in SQL function:

ALTER DATABASE CM_XXX SET COMPATIBILITY_LEVEL = 110

SUCCESS!!

** Additional Mention **

Check out this blog post, “In Telemetry We Trust?” written by a friend and fellow ConfigMgr admin, Peter Egerton, who shares a similar experience and the positive nature of telemetry data especially in the ConfigMgr space.

Please like & share:

ConfigMgr Technical Preview 1706 Released

Friday, June 23rd, 2017 brought us a brand new build of ConfigMgr Technical Preview (1706), which has some stunning new features. The Microsoft System Center Configuration Manager (ConfigMgr) team has been rapidly implementing new features and improving the product following the Software as a Service (SaaS) model and using feedback from the community on the Microsoft Connect site, as well as paying close attention to feature and enhancement requests on the ConfigMgr UserVoice forum.

This update has a number of new features (as listed in the Enterprise Mobility & Security blogpost) which include:

    • Improved boundary groups for software update points
    • Site server role high availability
    • Include trust for specific files and folders in a Device Guard policy
    • Hide task sequence progress
    • Accessibility improvements
    • Upgrade Readiness support with Azure Services Wizard
    • New client settings for cloud services
    • Create and run PowerShell scripts from the ConfigMgr console
    • PXE network boot support for IPv6
    • Microsoft Surface driver update management
    • Configure Windows Update for Business deferral policies
    • Support for Entrust certification authorities
    • Cisco (IPsec) support for macOS VPN profiles
    • New Windows configuration item settings
    • Device compliance policy improvements
    • New mobile application management (MAM) policy settings
    • Android and iOS enrollment restrictions
    • Android for Work application management policy for copy-paste
    • Device Health Attestation assessment for compliance policies for conditional access

The above features are listed in detail in the Capabilities in Technical Preview 1706 doc.

You can update to the 1706 Tech Preview release via the ConfigMgr console under the Updates & Servicing node.

Here’s my video tutorial which I did for version 1701. The steps are the same for 1706.

Follow me (@Hoorge) on Twitter and join Tech Konnect on Facebook and Twitter (@TechKonnect) to stay current on technology related matters.

Please like & share:

Review – Microsoft Systems Center Endpoint Protection Cookbook

System endpoint security is a critical aspect of modern day computing and we all have had our fair share in dealing with malware infections, and in some cases ransomware and cryptolocker attacks in our organizations. Microsoft has made great efforts in mitigating these security risks by providing a superior product called System Center Endpoint Protection (SCEP) for enterprises and Windows Defender which by default is included with Windows 10.

A System Center Configuration Manager (ConfigMgr or SCCM) or a Microsoft Intune administrator is familiar with SCEP as it is the way to administer and manage SCEP in the enterprise. However, there are many aspects and intricacies of SCEP one is not aware of and has not fully utilized, and should. While I was dealing with some SCEP updates and anti-malware policies in my organization, I came across this awesome book written by Nicolai Henriksen, a Microsoft MVP in Enterprise Mobility. I decided to write a non-biased review of this book and credit the wonderful information contained within it.

Nicolai’s SCEP cookbook is well written and vetted by another well respected Microsoft MVP in Enterprise Mobility, Ronni Pedersen, who I often interact with on social media on all things ConfigMgr. This book is shy of 200 pages and is laid out in eight easily digestible chapters and covers everything you need to know about SCEP from soup to nuts. You’ll learn how to plan and get started with SCEP, configuration, operations and maintenance, updates, security and privacy, configure advance protection, troubleshooting, and malware handling to name a few. It’s an information filled book with great tips and how to’s, and I particularly enjoyed how Nicolai included little segments throughout the book with tidbits such as “Getting ready….”, “How it works….”, and “How to do it….” which was perfect for my learning and understanding of the various concepts presented.

The Table of Contents of this book:

As a ConfigMgr admin who has been working with the product for a number of years including working with System Center Endpoint Protection, I have learned things that I didn’t know, picked up some tips and tricks, have a better insight and understanding of SCEP, and I have gained a great reference for the product. I highly recommend this book to all ConfigMgr and Intune admins. This book is available for purchase in Kindle and Paperback format on Amazon. If you would like to connect with Nicolai and have some feedback or suggestions, you’ll find him on Twitter as @nicolaitwitt.

Follow me (@Hoorge) on Twitter and join Tech Konnect on Facebook and Twitter (@TechKonnect) to stay current on technology related matters.

Please like & share:

ConfigMgr Tech Preview 1703 Released

March 30, 2017 brought us a brand new build of ConfigMgr Tech Preview (1703), which are now made available on a monthly basis. The Microsoft System Center Configuration Manager (ConfigMgr) team has been rapidly implementing new features and improving the product following the Software as a Service (SaaS) model and using feedback from the community on the Microsoft Connect site, as well as paying close attention to feature and enhancement requests on the ConfigMgr UserVoice forum.

This update has a number of new features (as listed in the Enterprise Mobility & Security blogpost) which include:

    • Windows Analytics Commercial ID and Windows telemetry levels – You can specify the Windows Analytics Commercial ID and configure telemetry, commercial data, and Internet Explorer data collection settings in Client Settings for use with Upgrade Analytics.
    • In-place UEFI conversion – You can customize a Windows 10 in-place upgrade task sequence to include the Windows 10 UEFI conversion tool.
    • Collapsible task sequence groups – Groups in the task sequence editor can be collapsed or expanded.
    • Azure Services wizard – The Azure Services wizard provides a common configuration for the cloud Azure services you use with ConfigMgr. This is done by using Azure web apps to provide the common subscription and configuration details that administrators would otherwise have to re-enter for each additional cloud Azure cloud service you use.
    • Direct links to applications in Software Center – You can now provide end users with a direct link to an application in Software Center. This means they no longer must open Software Center and search for an application before they can install it.
    • Import PFX certificate feature for ConfigMgr clients – Import PFX certificate profiles are now supported on ConfigMgr clients running on Windows 10 desktops. See How to create PFX certificate profiles in System Center Configuration Manager and this blog post.
    • Apple Volume Purchase Program (VPP) enhancements – Support has been added to tag education vs business volume purchase program tokens, device licensing, and adding multiple volume purchase program tokens.

You can update to the 1703 Tech Preview release via the ConfigMgr console under the Updates & Servicing node. The baseline version of the Technical Preview branch will be updated to 1703 and available on the TechNet Evaluation Center.

Here’s my video tutorial which I did for version 1701. The steps are the same for 1703.

Follow me (@Hoorge) on Twitter and join Tech Konnect on Facebook and Twitter (@TechKonnect) to stay current on technology related matters.

Please like & share:

“Unofficial” MVP Perk From Special Friends

A couple of weeks after receiving my MVP Award from Microsoft, I asked my IT Pro peers for some feedback via a Facebook group (Tech Konnect) and MVP Yammer Community on what they use for computer systems to run test environments such as ConfigMgr, Windows builds, Server OS, etc. I realized as a MVP, I need to up my game and build a portable lab environment to conduct testing and create tutorials for the IT Pro community in order to share some technical knowledge. Also, I’m often asked to test various software and tools in return for reviews or product QA feedback, so a proper lab environment is a must.

For those of you who run test environments on your laptops using Hyper-V or VMware Workstation, what make and model laptop are you using and what are the specs (Hard Drive(s), memory, CPU, etc)?

I received an overwhelming response with many different hardware specifications including suggestions of various makes and models of laptops and much more. One thing that stood out was the amount of memory (RAM) one should consider in order to have a decent lab environment, at least to sustain for example, a Domain Controller, ConfigMgr server, SQL, MDT, and some Windows clients to name a few. “You need at least 32GB of memory”, the crowd roared!

I knew my Microsoft Surface Pro 4 with 8GB of memory was not going to cut it and I was stuck since I can’t upgrade the memory and hard disk on the Surface Pro 4. Unbeknownst to me, two of my IT Pro friends who are well respected by me and by the global IT Pro community stepped up to the plate and very generously decided to provide me with a special gift to help me with my MVP and IT Pro endeavours, so I could further expand my technical skills and to give back to the community via my learning and knowledge. For confidentiality purposes, these two special friends of mine will remain anonymous. I have been shocked and speechless from the day I was told that I was to look out for a package (shipped) and even to this day as I use this laptop daily to setup my test lab. I’m so grateful and blessed to receive this generous gift and …………well….., I’m speechless! My friend said “Now that you are MVP, you need the right equipment for testing!”

So, here’s what I received:
1. HP Zbook 14 G2 laptop (Intel Core i7-5500U CPU 2.4GHz, 32GB memory, 256GB Hard Disk, 1TB SSD Hard Disk)
2. Power adapters (two)
3. HP UltraSlim docking station
4. Stickers

  

  

I love my “new” HP laptop, it’s shiny, it’s awesome, it’s perfect! Stay tuned for my future blog post on how I setup my test lab, what I used to build it, and some obstacles I ran into which I ended up resolving. To my two special friends, Thank you, Thank you, Thank you! 🙂

Follow me (@Hoorge) on Twitter and join Tech Konnect on Facebook and Twitter (@TechKonnect) to stay current on technology related matters.

Please like & share:

ConfigMgr Tech Preview 1701 Released

The Microsoft System Center Configuration Manager (ConfigMgr) team has been doing a great job with implementing new features and improving the product on a regular basis following the Software as a Service (SaaS) model and using feedback from the community on the Microsoft Connect site, as well as paying close attention to feature and enhancement requests on the ConfigMgr UserVoice forum.

The 45th President of the United States of America was inaugurated on Friday, January 20th and on this day the ConfigMgr team released SCCM Tech Preview build 1701 which is the first new release of 2017. This update has a number of new features (as listed in the Enterprise Mobility & Security blogpost) which include:

  • UEFI inventory data – Hardware inventory can now determine whether the device is UEFI-enabled.
  • Express files support for Windows 10 Cumulative Update – Configuration Manager can support Windows 10 Cumulative Update using Express files. This functionality is only supported in Windows 10 version 1607 with a Windows Update Agent update included with the updates released on January 10, 2017 (Patch Tuesday). For more information see https://docs.microsoft.com/sccm/core/get-started/capabilities-in-technical-preview-1612#express-installation-files-support-for-windows-10-updates.
  • Validate Device Health Attestation Data via Management Point – You can now configure management points to validate health attestation reporting data for cloud or on-premises health attestation service.
  • Updated Content Library Cleanup Tool – The command line tool (ContentLibraryCleanup.exe) used to remove content that is no longer associated with any package or application from a distribution point (orphaned content) has been updated with fixes for known issues.
  • Host software updates on cloud-based distribution points – Beginning with this preview version, you can use a cloud-based distribution point to host a software update package.
  • Support for Microsoft Azure Government cloud added to Operations Management Suite (OMS) Connector feature – You can now configure an OMS connector for the OMS workspace on Microsoft Azure Government cloud.
  • Additional boundary groups improvements – Clients now find software update points using Boundary Group associations.

You can update to the 1701 Tech Preview release via the ConfigMgr console under the Updates & Servicing node. You will need the baseline version of Tech Preview 1610 if you are installing it brand new.

Follow me (@Hoorge) on Twitter and join Tech Konnect on Facebook and Twitter (@TechKonnect) to stay current on technology related matters.

Please like & share: