Review – Microsoft Systems Center Endpoint Protection Cookbook

System endpoint security is a critical aspect of modern day computing and we all have had our fair share in dealing with malware infections, and in some cases ransomware and cryptolocker attacks in our organizations. Microsoft has made great efforts in mitigating these security risks by providing a superior product called System Center Endpoint Protection (SCEP) for enterprises and Windows Defender which by default is included with Windows 10.

A System Center Configuration Manager (ConfigMgr or SCCM) or a Microsoft Intune administrator is familiar with SCEP as it is the way to administer and manage SCEP in the enterprise. However, there are many aspects and intricacies of SCEP one is not aware of and has not fully utilized, and should. While I was dealing with some SCEP updates and anti-malware policies in my organization, I came across this awesome book written by Nicolai Henriksen, a Microsoft MVP in Enterprise Mobility. I decided to write a non-biased review of this book and credit the wonderful information contained within it.

Nicolai’s SCEP cookbook is well written and vetted by another well respected Microsoft MVP in Enterprise Mobility, Ronni Pedersen, who I often interact with on social media on all things ConfigMgr. This book is shy of 200 pages and is laid out in eight easily digestible chapters and covers everything you need to know about SCEP from soup to nuts. You’ll learn how to plan and get started with SCEP, configuration, operations and maintenance, updates, security and privacy, configure advance protection, troubleshooting, and malware handling to name a few. It’s an information filled book with great tips and how to’s, and I particularly enjoyed how Nicolai included little segments throughout the book with tidbits such as “Getting ready….”, “How it works….”, and “How to do it….” which was perfect for my learning and understanding of the various concepts presented.

The Table of Contents of this book:

As a ConfigMgr admin who has been working with the product for a number of years including working with System Center Endpoint Protection, I have learned things that I didn’t know, picked up some tips and tricks, have a better insight and understanding of SCEP, and I have gained a great reference for the product. I highly recommend this book to all ConfigMgr and Intune admins. This book is available for purchase in Kindle and Paperback format on Amazon. If you would like to connect with Nicolai and have some feedback or suggestions, you’ll find him on Twitter as @nicolaitwitt.

Follow me (@Hoorge) on Twitter and join Tech Konnect on Facebook and Twitter (@TechKonnect) to stay current on technology related matters.

ConfigMgr Tech Preview 1703 Released

March 30, 2017 brought us a brand new build of ConfigMgr Tech Preview (1703), which are now made available on a monthly basis. The Microsoft System Center Configuration Manager (ConfigMgr) team has been rapidly implementing new features and improving the product following the Software as a Service (SaaS) model and using feedback from the community on the Microsoft Connect site, as well as paying close attention to feature and enhancement requests on the ConfigMgr UserVoice forum.

This update has a number of new features (as listed in the Enterprise Mobility & Security blogpost) which include:

    • Windows Analytics Commercial ID and Windows telemetry levels – You can specify the Windows Analytics Commercial ID and configure telemetry, commercial data, and Internet Explorer data collection settings in Client Settings for use with Upgrade Analytics.
    • In-place UEFI conversion – You can customize a Windows 10 in-place upgrade task sequence to include the Windows 10 UEFI conversion tool.
    • Collapsible task sequence groups – Groups in the task sequence editor can be collapsed or expanded.
    • Azure Services wizard – The Azure Services wizard provides a common configuration for the cloud Azure services you use with ConfigMgr. This is done by using Azure web apps to provide the common subscription and configuration details that administrators would otherwise have to re-enter for each additional cloud Azure cloud service you use.
    • Direct links to applications in Software Center – You can now provide end users with a direct link to an application in Software Center. This means they no longer must open Software Center and search for an application before they can install it.
    • Import PFX certificate feature for ConfigMgr clients – Import PFX certificate profiles are now supported on ConfigMgr clients running on Windows 10 desktops. See How to create PFX certificate profiles in System Center Configuration Manager and this blog post.
    • Apple Volume Purchase Program (VPP) enhancements – Support has been added to tag education vs business volume purchase program tokens, device licensing, and adding multiple volume purchase program tokens.

You can update to the 1703 Tech Preview release via the ConfigMgr console under the Updates & Servicing node. The baseline version of the Technical Preview branch will be updated to 1703 and available on the TechNet Evaluation Center.

Here’s my video tutorial which I did for version 1701. The steps are the same for 1703.

Follow me (@Hoorge) on Twitter and join Tech Konnect on Facebook and Twitter (@TechKonnect) to stay current on technology related matters.

“Unofficial” MVP Perk From Special Friends

A couple of weeks after receiving my MVP Award from Microsoft, I asked my IT Pro peers for some feedback via a Facebook group (Tech Konnect) and MVP Yammer Community on what they use for computer systems to run test environments such as ConfigMgr, Windows builds, Server OS, etc. I realized as a MVP, I need to up my game and build a portable lab environment to conduct testing and create tutorials for the IT Pro community in order to share some technical knowledge. Also, I’m often asked to test various software and tools in return for reviews or product QA feedback, so a proper lab environment is a must.

For those of you who run test environments on your laptops using Hyper-V or VMware Workstation, what make and model laptop are you using and what are the specs (Hard Drive(s), memory, CPU, etc)?

I received an overwhelming response with many different hardware specifications including suggestions of various makes and models of laptops and much more. One thing that stood out was the amount of memory (RAM) one should consider in order to have a decent lab environment, at least to sustain for example, a Domain Controller, ConfigMgr server, SQL, MDT, and some Windows clients to name a few. “You need at least 32GB of memory”, the crowd roared!

I knew my Microsoft Surface Pro 4 with 8GB of memory was not going to cut it and I was stuck since I can’t upgrade the memory and hard disk on the Surface Pro 4. Unbeknownst to me, two of my IT Pro friends who are well respected by me and by the global IT Pro community stepped up to the plate and very generously decided to provide me with a special gift to help me with my MVP and IT Pro endeavours, so I could further expand my technical skills and to give back to the community via my learning and knowledge. For confidentiality purposes, these two special friends of mine will remain anonymous. I have been shocked and speechless from the day I was told that I was to look out for a package (shipped) and even to this day as I use this laptop daily to setup my test lab. I’m so grateful and blessed to receive this generous gift and …………well….., I’m speechless! My friend said “Now that you are MVP, you need the right equipment for testing!”

So, here’s what I received:
1. HP Zbook 14 G2 laptop (Intel Core i7-5500U CPU 2.4GHz, 32GB memory, 256GB Hard Disk, 1TB SSD Hard Disk)
2. Power adapters (two)
3. HP UltraSlim docking station
4. Stickers

  

  

I love my “new” HP laptop, it’s shiny, it’s awesome, it’s perfect! Stay tuned for my future blog post on how I setup my test lab, what I used to build it, and some obstacles I ran into which I ended up resolving. To my two special friends, Thank you, Thank you, Thank you! 🙂

Follow me (@Hoorge) on Twitter and join Tech Konnect on Facebook and Twitter (@TechKonnect) to stay current on technology related matters.

ConfigMgr Tech Preview 1701 Released

The Microsoft System Center Configuration Manager (ConfigMgr) team has been doing a great job with implementing new features and improving the product on a regular basis following the Software as a Service (SaaS) model and using feedback from the community on the Microsoft Connect site, as well as paying close attention to feature and enhancement requests on the ConfigMgr UserVoice forum.

The 45th President of the United States of America was inaugurated on Friday, January 20th and on this day the ConfigMgr team released SCCM Tech Preview build 1701 which is the first new release of 2017. This update has a number of new features (as listed in the Enterprise Mobility & Security blogpost) which include:

  • UEFI inventory data – Hardware inventory can now determine whether the device is UEFI-enabled.
  • Express files support for Windows 10 Cumulative Update – Configuration Manager can support Windows 10 Cumulative Update using Express files. This functionality is only supported in Windows 10 version 1607 with a Windows Update Agent update included with the updates released on January 10, 2017 (Patch Tuesday). For more information see https://docs.microsoft.com/sccm/core/get-started/capabilities-in-technical-preview-1612#express-installation-files-support-for-windows-10-updates.
  • Validate Device Health Attestation Data via Management Point – You can now configure management points to validate health attestation reporting data for cloud or on-premises health attestation service.
  • Updated Content Library Cleanup Tool – The command line tool (ContentLibraryCleanup.exe) used to remove content that is no longer associated with any package or application from a distribution point (orphaned content) has been updated with fixes for known issues.
  • Host software updates on cloud-based distribution points – Beginning with this preview version, you can use a cloud-based distribution point to host a software update package.
  • Support for Microsoft Azure Government cloud added to Operations Management Suite (OMS) Connector feature – You can now configure an OMS connector for the OMS workspace on Microsoft Azure Government cloud.
  • Additional boundary groups improvements – Clients now find software update points using Boundary Group associations.

You can update to the 1701 Tech Preview release via the ConfigMgr console under the Updates & Servicing node. You will need the baseline version of Tech Preview 1610 if you are installing it brand new.

Follow me (@Hoorge) on Twitter and join Tech Konnect on Facebook and Twitter (@TechKonnect) to stay current on technology related matters.

ConfigMgr Version Numbers

about_configmgr_version

Release/Update Version Build
ConfigMgr 2012 RTM 5.00.7711.0000 7711
ConfigMgr 2012 SP1 5.00.7804.1000 7804
ConfigMgr 2012 SP1 CU1 5.00.7804.1202 7804
ConfigMgr 2012 SP1 CU2 5.00.7804.1300 7804
ConfigMgr 2012 SP1 CU3 5.00.7804.1400 7804
ConfigMgr 2012 SP1 CU4 5.00.7804.1500 7804
ConfigMgr 2012 SP1 CU5 5.00.7804.1600 7804
ConfigMgr 2012 SP2 5.00.8239.1000 8239
ConfigMgr 2012 SP2 CU1 5.00.8239.1203 8239
ConfigMgr 2012 SP2 CU2 5.00.8239.1301 8239
ConfigMgr 2012 R2 5.00.7958.1000 7958
ConfigMgr 2012 R2 CU1 5.00.7958.1203 7958
ConfigMgr 2012 R2 CU2 5.00.7958.1303 7958
ConfigMgr 2012 R2 CU3 5.00.7958.1401 7958
ConfigMgr 2012 R2 CU4 5.00.7958.1501 7958
ConfigMgr 2012 R2 CU5 5.00.7958.1604 7958
ConfigMgr 2012 R2 SP1 5.00.8239.1000 8239
ConfigMgr 2012 R2 SP1 CU1 5.00.8239.1203 8239
ConfigMgr 2012 R2 SP1 CU2 5.00.8239.1301 8239
ConfigMgr 2012 R2 SP1 CU3 5.00.8239.1403 8239
ConfigMgr Version 1511 5.00.8325.1000 8325
ConfigMgr Version 1602 5.00.8355.1000 8355
ConfigMgr Version 1602 (Update Rollup 1) 5.00.8355.1306 8355
ConfigMgr Version 1606 5.00.8412.1000 8412

Source: ConfigMgr 2012 Version Numbers

Follow (@Hoorge) on Twitter and join Tech Konnect on Facebook and Twitter (@TechKonnect) to stay current on technology related matters.

Review – System Center Configuration Manager Reporting Unleashed

SCCM_Reporting_Unleashed

System Center Configuration Manager (SCCM / ConfigMgr) is a robust and complex tool used by SysAdmins to manage systems in their organizations. Similarly, working with reports, creating reports, and generating reports with ConfigMgr can become a complex task and challenging.

We all know that the built-in reports are not the best and often don’t yield the results we want to achieve. To get around some of the limitations, you either need to create your own reports or use third party solutions such as the wonderful reports from Enhansoft which are easy to install, configure, and to use. Well, Garth Jones, the owner of Enhansoft has released an awesome book to help clear the mystery of reports and make it super simple for anyone to follow the step-by-step instructions with the intelligently laid out chapters. The high level contents of the book is provided below but it doesn’t come close to listing the in-depth wealth of information this book provides.

SCCM_Reporting_Unleashed2

Whether you’re a beginner and want to learn how to create and work with ConfigMgr reports, or an expert who want to improve your reporting skills and rock it to the next level, this book is for you – I highly recommend it. The book is available on Amazon and comes in various formats. If you have any questions, feel free to contact Garth, who contributes tremendously to the ConfigMgr community via Twitter, Facebook, and various forums, to name a few.

Garth Jones – @GarthMJ
Enhansoft – @Enhansoft

Follow (@Hoorge) on Twitter and join Tech Konnect on Facebook to stay current on technology related matters.

MDT 2013 Update 2 Released

mdt2013update2

The Microsoft Deployment Toolkit (MDT) 2013 Update 2 has been released and the most current version (6.3.8330) can be downloaded from the Microsoft Download Center.

According to the MDT blog post by Aaron Czechowski (Senior Program Manager), MDT 2013 Update 2 is basically a quality release which does not contain any new features. Some of the significant changes in this update include:

  • Security- and cryptographic-related improvements:
    • Relaxed permissions on newly created deployment shares (still secure by default, but now also functional by default)
    • Creating deployment shares via Windows PowerShell adds same default permissions
    • Updated hash algorithm usage from SHA1 to SHA256
  • Includes the latest Configuration Manager task sequence binaries
  • Enhanced user experience for Windows 10 in-place upgrade task sequence
  • Enhanced split WIM functionality
  • Fixed OSDJoinAccount account usage in UDI scenario
  • Fixed issues with installation of Windows 10 language packs
  • Various accessibility improvements
  • Monitoring correctly displays progress for all scenarios including upgrade
  • Improvements to smsts.log verbosity

There are no significant known issues in this release, however the previous post for MDT 2013 Update 1 has some information that may still be applicable, other than the fixes list above. The following post provides some information on How to get help with MDT, in case you need it.

Follow (@Hoorge) on Twitter and join Tech Konnect on Facebook to stay current on technology related matters.

PowerShell & ConfigMgr Blogs

SCCM_Love_PS

My good friend Deepak Dhami (aka Dexter), who is an expert in PowerShell and System Center Configuration Manager (SCCM / ConfigMgr) is a frequent contributor for great information and resource in these fields. He conducts various user groups and workshops in India to help ConfigMgr admins improve their skills. Dexter has provided the links below on his blog and has generously allowed me to share them on mine in order to further share the goodness.

Feel free to follow and reach out to him. He is always happy to help.
PowerShell MVP profile
Blog
Twitter

Links:

Cmdlet ReferenceDavid O Brien’s Blog
PowerShell Script Repo by ConfigMgr MVP Kaido
Kaido’s personal blog
Coretech Blog by MVP kaido
Ronnie Jakobsen’s blog
Kent Agerlund’s blog
Johan Arwidmark’s blog
Henrik Hoe’s blog
PFE Heath’s Blog
Adam Meltzer’s Blog
Steve Rachui’s Blog
Nickolaj Andersen’s blog
Rob Looman’s Blog
Sean Lillis (Author of PS App deployment Toolkit)
Alex Verboon’s Blog
Laurie Rhodes’s Blog
Adam Bertram’s Blog
Stephane’s Blog