ConfigMgr Technical Preview 1801 Released

The Microsoft System Center Configuration Manager (ConfigMgr) team has kicked off 2018 with a brand new release of the ConfigMgr Technical Preview branch with version 1801. As always, new features and improvements to the product derive from the feedback they receive from the community on the ConfigMgr UserVoice forum. Now, you can also provide feedback directly from within Windows 10 by using the Feedback Hub App. See additional documentation to provide ConfigMgr feedback.

This update has a number of new features (as listed in the Enterprise Mobility & Security blogpost) which include:

  • Run Scripts – You can now import and run signed scripts and monitor the script results.
  • Moving Distribution Points between sites – You can now move an eligible distribution point from one primary site to another primary site or from under a secondary site to a primary site . For information about requirements for moving a distribution point see “Reassign Distribution Point”.
  • Improvements to client settings for Software Center – Client settings for Software Center now has a customize button where you can preview your customizations before deploying them to machines. You can also hide unapproved applications in Software Center.
  • New settings for Windows Defender Application Guard – For Windows 10 version 1709 and later devices, there are two new host interaction settings for Windows Defender Application Guard. Websites can be given access to the host’s virtual graphics processor and files downloaded inside the container can be persisted on the host.
  • Co-management reporting – You can now view a dashboard with information about co-management in your environment.
  • Phased Deployments – You can use phased deployments to automate a coordinated, sequenced rollout of software without creating multiple deployments.
  • Support for hardware inventory strings greater than 255 characters in length – For newly added classes, you can specify string lengths greater than 255 characters for hardware inventory properties that are not keys.
  • Improvements to Automatic Deployment Rule evaluation schedule – You can now schedule Automatic Deployment Rule evaluation to be offset from a base day.

You can update to the 1801 Tech Preview release via the ConfigMgr console under the Updates & Servicing node. The baseline version of the Technical Preview branch is now at version 1711 and available on the TechNet Evaluation Center.

The following document provides further details on the capabilities in Technical Preview 1801 for System Center Configuration Manager.

Here’s my video tutorial which I did for version 1701. The steps are the same for 1801.

Here are the step-by-step upgrade guide (if you prefer not to watch the video) to get your current ConfigMgr Technical Preview site to version 1801:

You will find the 1801 update available in the ConfigMgr console under Administration > Updates and Servicing. If you don’t see it, click on Check for Updates in the menu ribbon.

Right-click on Configuration Manager Technical Preview 1801 and click on Install Update Pack. If you prefer, you can also use the Install Update Pack option from the ribbon menu. I recommend that you run the prerequisite check first to make sure there are no issues reported with your site server. Otherwise, you will need to address the issues before proceeding with the update.

Click Next and select the checkbox if you want to ignore the prerequisite check warning.

Select the features desired for install in the update pack. You can choose to do this later under the Updates and Servicing node.

Pick your option to validate or not to validate the upgrade against a collection. For my production Current Branch site, I generally select Validate in pre-production collection and choose one of my test collections for the first phase of the upgrade. However, since this is the Technical Preview site and only used in a test environment, you can continue with the option, Upgrade without validating.

Select the license terms and click Next.

Click Next to confirm the settings.

Click Close.

You can now monitor the status of the upgrade under Monitoring > Updates and Servicing Status. Then select the update package name and click on Show Status in the ribbon menu.

The window below will show the stages of the upgrade process where you can monitor it’s progress. If there are any issues, you will see it listed here with a warning and the details provided in the description box in the bottom of the window.

Upon successful completion of the hotfix installation, you will be presented with the pop-up window as seen below to indicate a console upgrade from version 5.0.0.8595.1000 to 5.1802.1050.1000 is available.

You can verify the console upgrade in the About System Center Configuration Manager drop down menu from the console.
Version 1801 for Technical Preview
Console version: 5.1802.1050.1000
Site version: 5.0.8611.1000

And you now have ConfigMgr Technical Preview 1801 running in your test environment.

 

Please like & share:

ConfigMgr 1710 Hotfix Rollup (KB4057517)

ConfigMgr Current Branch version 1710 now has a hotfix (KB4057517) available which addresses some issues, which you can read up here. The following are the fixes resolved with this hotfix (there are 13 of them):

  • Clients who use Azure Active Directory (Azure AD) for authentication do not successfully communicate with a management point
  • The Configuration Manager console may terminate unexpectedly after you browse to a content location in the Office 365 Client Installation wizard
  • Download of express updates may fail on Windows 10 clients because of an issue that affects files in temporary and cache folders
  • Configuration Manager current branch, version 1710 clients are not upgraded on systems that are running Windows Server 2008 SP2. The client Setup program, Ccmsetup.exe, terminates unexpectedly
  • The Office 365 Application Installation Wizard may try to download content from an incorrect channel. This causes download failures
  • The fallback time that is configured for content is not honored if distribution points or their content are inaccessible
  • The Client Notification Restart request is processed incorrectly by remote management points. This causes a .bld notification file to be left in the \MP\Outboxes\bgb.box folder on the remote management point
  • Retrying a large single-file download, such as an Office 365 update file, may fail on a site server
  • The Persist content in the client cache setting on Package Properties is not honored by clients
  • Decommission-related State messages from co-managed client computers are processed incorrectly
  • State messages sent by Azure AD users may not be processed
  • If a Configuration Manager client restarts during the process of retrying a task sequence policy download, that task sequence does not run automatically after the restart
  • Conditional access policies may block access to Office 365 applications for domain-joined devices after migrating to Intune standalone

Here are the steps on how to install this hotfix. You will find it available in the ConfigMgr console under Administration > Updates and Servicing. If you don’t see it, click on Check for Updates in the menu ribbon.

Right-click on Configuration Manager 1710 Hotfix Rollup (KB4057517) and click on Install Update Pack. I recommend that you run the prerequisite check first to make sure there are not issues reported with your site server.

Click Next and select the checkbox if you want to ignore the prerequisite check warning.

Pick your option to validate or not to validate the upgrade against a collection. I generally tend to select Validate in pre-production collection and choose one of my test collections for the first phase of the upgrade.

Select the license terms and click Next.

Click Next to confirm the settings.

Click Close.

You can now monitor the status of the upgrade under Monitoring > Updates and Servicing Status. Then select the update package name and click on Show Status in the menu ribbon.

The window below will show the stages of the upgrade process where you can monitor it’s progress. If there are any issues, you will see it listed here with a warning and the details provided in the description box in the bottom of the window.

Upon successful completion of the hotfix installation, you will be presented with the pop-up window as seen below to indicate a console upgrade from version 5.0.0.8577.1100 to 5.0.0.8577.1108 is available.

You can verify the console upgrade in the About System Center Configuration Manager drop down menu from the console.
Version 1710
Console version: 5.0.0.8577.1108
Site version: 5.0.8577.1000

Once you are comfortable with the client upgrade on your test collection which you selected during the validate in pre-production collection phase, you can deploy the client upgrade to all clients in the hierarchy by selecting the Promote Pre-production Client option as seen below.

Your ConfigMgr site is now upgraded with the KB4057517 hotfix.

 

Please like & share:

SQL Query To Find The Collection Membership of a Specific Computer in ConfigMgr

Every now and then, you will encounter a situation when you need to find which ConfigMgr Collection(s) a specific computer is a member of for troubleshooting purposes. I came across this TechNet post which describes a SQL query to find the collection information.

Run the following query in SQL against the SMS Database:

select v_FullCollectionMembership.CollectionID As ‘Collection ID’, v_Collection.Name As ‘Collection Name’, v_R_System.Name0 As ‘Machine Name’ from v_FullCollectionMembership
JOIN v_R_System on v_FullCollectionMembership.ResourceID = v_R_System.ResourceID
JOIN v_Collection on v_FullCollectionMembership.CollectionID = v_Collection.CollectionID
Where v_R_System.Name0=’ClientMachineName’

Note: Replace ClientMachineName with the name of the Client Machine in question. Additionally, you can also make a Custom Report to get this information if you intend to use this frequently:

The SQL Statement For this Report would be as follows:

select v_FullCollectionMembership.CollectionID As ‘Collection ID’, v_Collection.Name As ‘Collection Name’, v_R_System.Name0 As ‘Machine Name’ from v_FullCollectionMembership
JOIN v_R_System on v_FullCollectionMembership.ResourceID = v_R_System.ResourceID
JOIN v_Collection on v_FullCollectionMembership.CollectionID = v_Collection.CollectionID
Where
v_R_System.Name0=@Comp

Click on Prompts while providing the SQL Statement, and Create a new prompt named ‘Comp’ without the quotes. Provide a SQL Statement for the prompt as follows:

select Name0 from v_R_System

Source: http://blogs.technet.com/b/configurationmgr/archive/2009/08/24/how-to-find-the-collection-membership-information-of-a-specific-client-machine.aspx

Please like & share:

Microsoft Deployment Toolkit (MDT 8450) Released

The Microsoft Deployment Toolkit (MDT) has been released and the most current build (8450) can be downloaded from the Microsoft Download Center. This update requires the Windows Assessment and Deployment Kit (ADK) for Windows 10 version 1709 (10.1.16299.15) which is available for download on the Microsoft Hardware Dev Center.

Some of the significant changes in this update include:

  • Supported configuration updates
    • Windows ADK for Windows 10, version 1709
    • Windows 10, version 1709
    • Configuration Manager, version 1710
  • Quality updates
    • Win10 Sideloaded App dependencies and license not installed
    • CaptureOnly task sequence doesn’t allow capturing an image
    • Error received when starting an MDT task sequence: Invalid DeploymentType value “” specified. The deployment will not proceed
    • ZTIMoveStateStore looks for the state store folder in the wrong location causing it to fail to move it
    • xml contains a simple typo that caused undesirable behavior
    • Install Roles & Features doesn’t work for Windows Server 2016 IIS Management Console feature
    • Browsing for OS images in the upgrade task sequence does not work when using folders
    • MDT tool improperly provisions the TPM into a Reduced Functionality State (see KB 4018657 for more information)
    • Updates to ZTIGather chassis type detection logic
    • Upgrade OS step leaves behind SetupComplete.cmd, breaking future deployments
    • Windows 10 ADK 1607 and later UEFI boot issue on some hardware
    • Includes updated Configuration Manager task sequence binaries

The following post provides some information on How to get help with MDT, in case you need it.

Please like & share:

UserVoice: Microsoft Product Feedback And Feature Request Resources

I recently came across a post by Jim Naroski on The Office 365 Guy TechNet blog site. He listed the links to the UserVoice portal for the various products or topics which Microsoft utilizes to gather feedback and feature requests. One important link is missing from the TechNet blog, which is for the System Center Configuration Manager (ConfigMgr) feedback site, and I have added that to the list below. Start using this valuable resource to help improve products and make your voice heard.

Products Links
Access https://access.uservoice.com
Bookings https://outlook.uservoice.com/forums/314907-microsoft-bookings
Business Center https://office365.uservoice.com/forums/600793-office-365-business-center
ConfigMgr https://configurationmanager.uservoice.com
Excel https://excel.uservoice.com
Flow https://powerusers.microsoft.com/t5/Flow-Feedback/ct-p/Feedback
Forms https://microsoftforms.uservoice.com
Connections https://office365.uservoice.com/forums/600610-microsoft-connections
Invoicing https://office365.uservoice.com/forums/600781-microsoft-invoicing
Listings https://office365.uservoice.com/forums/600778-microsoft-listings
Mix https://officemix.uservoice.com/
MyAnalytics https://myanalytics.uservoice.com/
Office 365 https://office365.uservoice.com
Office 365 Groups https://office365.uservoice.com/forums/286611-office-365-groups
OneDrive https://onedrive.uservoice.com
OneNote https://onenote.uservoice.com
Outlook https://outlook.uservoice.com
Planner https://planner.uservoice.com
Power BI https://ideas.powerbi.com/forums/265200-power-bi-ideas
PowerApps https://powerusers.microsoft.com/t5/Product-Feedback/ct-p/PA-feedback
PowerPoint https://powerpoint.uservoice.com
Project https://microsoftproject.uservoice.com
SharePoint https://sharepoint.uservoice.com
StaffHub https://staffhub.uservoice.com
Skype for Business https://www.skypefeedback.com
Stream https://techcommunity.microsoft.com/t5/Microsoft-Stream-Ideas/idb-p/StreamIdeas
Sway https://sway.uservoice.com
Teams https://microsoftteams.uservoice.com/forums/555103-public
To-Do https://todo.uservoice.com/
Visio https://visio.uservoice.com
Word https://word.uservoice.com
Yammer https://yammer.uservoice.com

Uservoice provides an opportunity for customers or end users of products to provide feedback, request features and interact with others as well as with the product teams. If you discover a request or feedback that you agree with and would like to support, you can add a vote to that post. Each UserVoice member receives a limited number of votes to use and these votes are returned once the the particular feedback has been acknowledged and completed. See above screen capture.

Another useful feature of UserVoice is the ability to see the status of the posts such as Noted, Planned, Under Review, Started, and Completed. See examples below:

Source: https://blogs.technet.microsoft.com/o365guy/2018/01/02/submit-product-feedback-or-feature-requests-to-microsofts-virtual-suggestion-boxes/

Please like & share:

Fix For Error: Failed To Process Configuration Manager Update 0x87d20b15

With the release of version 1710 for System Center Configuration Manager Current Branch on November 20, 2017, I pursued to update my ConfigMgr 1706 site to take advantage of some of the exciting new features, which you can read more here! Use this PowerShell script to enable the early update ring for ConfigMgr 1710.

I tested the update in my test lab and the upgrade to v1710 worked just fine. As usual with my production environment, I always run the prerequisite checker to make sure nothing is flagged as an issue, which in my case all was fine with green checkmarks. However, the actual installation of the update failed on the Installation step for “Upgrade ConfigMgr database” as seen in the screen capture above. The description for the error indicates: [Failed]: Upgrading ConfigMgr database. Check cmupdate.log for details.

The following is an error was seen in the cmupdate.log: Failed to apply update changes 0x87d20b15

I located a blog post by my friend Anoop dated from October 2016 referencing a similar error code where he points to providing the NT Authority/System account in SQL with the sysadmin security role, however that was not the cause of my upgrade failure and the security roles were already defined correctly. The following TechNet thread was a dead end as well.


My post on Twitter as seen above caught the attention of another friend of mine, David James, Director of Engineering for ConfigMgr at Microsoft, who with his team were able to pinpoint the problem in no time at all and quickly provided a solution which resolved my ConfigMgr 1710 upgrade installation hang up. Thanks David and to the ConfigMgr team! The gist of the problem is that my environment had an old compatibility level 100 set for the SQL Server database for the CM_XXX database, and you can find this referenced in the cmupdate.log file. Changing it to 110 fixed the compatibility level needed for ConfigMgr 1710.

Run the following query in SQL Management Studio (please change XXX to your ConfigMgr Site Code) and retry the installation via the Update and Servicing node in the ConfigMgr Admin Console. This also addresses the issue where TRY_CONVERT is not recognized as a built-in SQL function:

ALTER DATABASE CM_XXX SET COMPATIBILITY_LEVEL = 110

SUCCESS!!

** Additional Mention **

Check out this blog post, “In Telemetry We Trust?” written by a friend and fellow ConfigMgr admin, Peter Egerton, who shares a similar experience and the positive nature of telemetry data especially in the ConfigMgr space.

Please like & share:

ConfigMgr Technical Preview 1706 Released

Friday, June 23rd, 2017 brought us a brand new build of ConfigMgr Technical Preview (1706), which has some stunning new features. The Microsoft System Center Configuration Manager (ConfigMgr) team has been rapidly implementing new features and improving the product following the Software as a Service (SaaS) model and using feedback from the community on the Microsoft Connect site, as well as paying close attention to feature and enhancement requests on the ConfigMgr UserVoice forum.

This update has a number of new features (as listed in the Enterprise Mobility & Security blogpost) which include:

    • Improved boundary groups for software update points
    • Site server role high availability
    • Include trust for specific files and folders in a Device Guard policy
    • Hide task sequence progress
    • Accessibility improvements
    • Upgrade Readiness support with Azure Services Wizard
    • New client settings for cloud services
    • Create and run PowerShell scripts from the ConfigMgr console
    • PXE network boot support for IPv6
    • Microsoft Surface driver update management
    • Configure Windows Update for Business deferral policies
    • Support for Entrust certification authorities
    • Cisco (IPsec) support for macOS VPN profiles
    • New Windows configuration item settings
    • Device compliance policy improvements
    • New mobile application management (MAM) policy settings
    • Android and iOS enrollment restrictions
    • Android for Work application management policy for copy-paste
    • Device Health Attestation assessment for compliance policies for conditional access

The above features are listed in detail in the Capabilities in Technical Preview 1706 doc.

You can update to the 1706 Tech Preview release via the ConfigMgr console under the Updates & Servicing node.

Here’s my video tutorial which I did for version 1701. The steps are the same for 1706.

Follow me (@Hoorge) on Twitter and join Tech Konnect on Facebook and Twitter (@TechKonnect) to stay current on technology related matters.

Please like & share:

Five Routine’s That Sums Up Desktop Management

IT departments play a major role in systems maintenance and it takes some effort for a system administrator to keep servers and end user workstations up and running for stability and productivity reasons. Lets take a look at system administrator’s daily routine and the importance of it.

1. Downloading and Deploying patches to user computers

System administrator has to identify required patches (3rd party) on systems, download them from the vendor websites and deploy them to end user computers. Managing these patches on a one of basis seems straightforward but it becomes cumbersome on a routine basis and especially when there are many systems to patch. Using a Patch Management solution, these routine tasks can be automated and scheduled to lessen the cumbersome workload on system administrators.

2. Installing software to user computers

Manually installing software on remote computers can be a daunting task and is challenging. A Software Management solution can resolve this complication by allowing a system administrator to deploy software from any location, handle tickets with ease and assist users demands in software installation with simplicity.

3.Troubleshooting remote computers

Troubleshooting servers and workstations for Operating System issues, software installations, security patches, system crashes can be remedied much easily with software management solutions, especially with remote capabilities and centralized management interface.

4. Managing IT assets in your network

Asset tracking for hardware and software in your organization is highly important and can be done with ease with the use of an asset management software. Apart from tracking the hardware and software in the organization, software license management, hardware warranty management, and identifying the usage of software particularly for licensing, restricting unwanted software in your network is important as well. An asset management solution provides a systems administrator the tools needed to effectively gather and manage this data.

5. Deploying configurations and managing mobile devices

Managing and configuring devices such as computers, tablets, phones, and peripherals in a growing organization with rapid demands for technology can be a challenging task for system administrators. MDM and desktop management solutions provide much flexibility and the tools needed to handle these technology challenges in the enterprise.

ManageEngine Desktop Central is one such ideal solution for desktop management, with its bundle of features and pricing compared to some known industry solutions. Desktop Central offers Patch management, Software management, Asset management, Remote support, Mobile device management, Failover Service, and Auditing capabilities. Desktop Central supports heterogeneous platform in 16 different languages. Finally, Desktop Central offers a fully functioning edition to manage 50 endpoints completely free with no hidden cost.

Download Desktop Central now and experience simplified IT management.

Follow @Hoorge on Twitter and join Tech Konnect on Facebook and Twitter to stay current on technology related matters.

Please like & share:

Review – Microsoft Systems Center Endpoint Protection Cookbook

System endpoint security is a critical aspect of modern day computing and we all have had our fair share in dealing with malware infections, and in some cases ransomware and cryptolocker attacks in our organizations. Microsoft has made great efforts in mitigating these security risks by providing a superior product called System Center Endpoint Protection (SCEP) for enterprises and Windows Defender which by default is included with Windows 10.

A System Center Configuration Manager (ConfigMgr or SCCM) or a Microsoft Intune administrator is familiar with SCEP as it is the way to administer and manage SCEP in the enterprise. However, there are many aspects and intricacies of SCEP one is not aware of and has not fully utilized, and should. While I was dealing with some SCEP updates and anti-malware policies in my organization, I came across this awesome book written by Nicolai Henriksen, a Microsoft MVP in Enterprise Mobility. I decided to write a non-biased review of this book and credit the wonderful information contained within it.

Nicolai’s SCEP cookbook is well written and vetted by another well respected Microsoft MVP in Enterprise Mobility, Ronni Pedersen, who I often interact with on social media on all things ConfigMgr. This book is shy of 200 pages and is laid out in eight easily digestible chapters and covers everything you need to know about SCEP from soup to nuts. You’ll learn how to plan and get started with SCEP, configuration, operations and maintenance, updates, security and privacy, configure advance protection, troubleshooting, and malware handling to name a few. It’s an information filled book with great tips and how to’s, and I particularly enjoyed how Nicolai included little segments throughout the book with tidbits such as “Getting ready….”, “How it works….”, and “How to do it….” which was perfect for my learning and understanding of the various concepts presented.

The Table of Contents of this book:

As a ConfigMgr admin who has been working with the product for a number of years including working with System Center Endpoint Protection, I have learned things that I didn’t know, picked up some tips and tricks, have a better insight and understanding of SCEP, and I have gained a great reference for the product. I highly recommend this book to all ConfigMgr and Intune admins. This book is available for purchase in Kindle and Paperback format on Amazon. If you would like to connect with Nicolai and have some feedback or suggestions, you’ll find him on Twitter as @nicolaitwitt.

Follow me (@Hoorge) on Twitter and join Tech Konnect on Facebook and Twitter (@TechKonnect) to stay current on technology related matters.

Please like & share:

ConfigMgr Tech Preview 1703 Released

March 30, 2017 brought us a brand new build of ConfigMgr Tech Preview (1703), which are now made available on a monthly basis. The Microsoft System Center Configuration Manager (ConfigMgr) team has been rapidly implementing new features and improving the product following the Software as a Service (SaaS) model and using feedback from the community on the Microsoft Connect site, as well as paying close attention to feature and enhancement requests on the ConfigMgr UserVoice forum.

This update has a number of new features (as listed in the Enterprise Mobility & Security blogpost) which include:

    • Windows Analytics Commercial ID and Windows telemetry levels – You can specify the Windows Analytics Commercial ID and configure telemetry, commercial data, and Internet Explorer data collection settings in Client Settings for use with Upgrade Analytics.
    • In-place UEFI conversion – You can customize a Windows 10 in-place upgrade task sequence to include the Windows 10 UEFI conversion tool.
    • Collapsible task sequence groups – Groups in the task sequence editor can be collapsed or expanded.
    • Azure Services wizard – The Azure Services wizard provides a common configuration for the cloud Azure services you use with ConfigMgr. This is done by using Azure web apps to provide the common subscription and configuration details that administrators would otherwise have to re-enter for each additional cloud Azure cloud service you use.
    • Direct links to applications in Software Center – You can now provide end users with a direct link to an application in Software Center. This means they no longer must open Software Center and search for an application before they can install it.
    • Import PFX certificate feature for ConfigMgr clients – Import PFX certificate profiles are now supported on ConfigMgr clients running on Windows 10 desktops. See How to create PFX certificate profiles in System Center Configuration Manager and this blog post.
    • Apple Volume Purchase Program (VPP) enhancements – Support has been added to tag education vs business volume purchase program tokens, device licensing, and adding multiple volume purchase program tokens.

You can update to the 1703 Tech Preview release via the ConfigMgr console under the Updates & Servicing node. The baseline version of the Technical Preview branch will be updated to 1703 and available on the TechNet Evaluation Center.

Here’s my video tutorial which I did for version 1701. The steps are the same for 1703.

Follow me (@Hoorge) on Twitter and join Tech Konnect on Facebook and Twitter (@TechKonnect) to stay current on technology related matters.

Please like & share: