New Product – SCCM Migration to new operating system Guide

Jonathan LefebvreSCCM3 Comments

With the release rhythm of SCCM and latest requirements on the OS and SQL side, sometimes, it’s inevitable to migrate to a newer operating system to remain under support and also gain new features as part of the latest SCCM Current Branch release. Over the years, we’ve done many migrations of all kinds, depending on the environment and needs. We created this complete SCCM Migration to new operating system guide based on our knowledge and experience. This guide is a refreshed version of our previous post about Side-by-Side Migration to new Hardware. It also includes answers and how-to to the … Read More

Powershell Script to Create Collections with Folder Structure

Jonathan LefebvrePowershell, SCCM2 Comments

Following the excellent PowerShell script that Benoit wrote to create operationals collection, I decided to rethink it a bit to help classify collections and ease Role-based administration control implementation when a different group of users accesses SCCM. On top of that, the way folders for collections are designed, it helps implement a naming convention to keep things clear all across the SCCM console. The overall idea is to keep collections on a per needs basis. Having a collection that receives client settings, 1-2 applications, OSD and Windows Updates can lead to unplanned/accidental deployment or misconfiguration. With one collection per need, … Read More

How to install SCCM Client on Workgroup Computers

Jonathan LefebvreSCCM5 Comments

Recently, at a client site, I was asked to install the SCCM client to manage workgroup servers in the DMZ with SCCM. Following our a recent post on how to install a DP/MP/SUP in untrusted domain, I thought that documenting the process could be helpful. In this post, we will detail how to install the SCCM client on workgroup computers. Prerequisites The client must be able to resolve the FQDN of the management point. Depending on network security, it might not actually ping. The important is that it can associate the FQDN to the IP of the management point. Adding … Read More

Uninstall Windows Update using SCCM

Jonathan LefebvreSCCM, WINDOWS 1017 Comments

SCCM Uninstall Windows Update

With the recent problems caused by monthly Windows Update, knowing how to massively uninstall Windows Update with SCCM is a must! This action is not available by default in SCCM. There are 2 ways to uninstall a Windows Update. Both solutions require the command line utility WUSA.exe, that as been around since Windows Vista/Windows Server 2008 era. In this post, we will detail both solutions to uninstall a Windows Update with SCCM. If you are looking for how to manage Windows update with SCCM, see our SCCM Software Update Management Guide for complete instructions. Prerequisites SCCM any version Windows 7 … Read More

List of SCCM Endpoint Protection Agent Versions

Jonathan LefebvreSCCM, SCEP4 Comments

We have compiled a list of SCCM Endpoint Protection agent versions, build numbers and cumulative updates. Anti-Malware platform updates are cumulative, meaning that the latest one includes the previous one. If you are new to System Center Endpoint Protection, see our complete guide which covers it all. We documented a few years back… since the SCCM 2012 RTM release. If we missed some versions, please let us know and we will update this post. This post will be updated as new releases are made available. **Updated 2017/04/10** How to get your SCCM Endpoint Protection Agent Version Numbers An easy and … Read More

Create SCCM Report Administrator Role

Benoit LecoursSCCM2 Comments

Role based administration is used to secure the access that is needed to administer SCCM. You also secure access to the objects that you manage, like collections, deployments, and sites but lacks a couple of roles to be complete. For example, there’s no built-in role for report administration or report viewer. We already covered the report viewer role in a previous post. This role give access to your users to consult and run SCCM Reports on the SSRS website. But what if you want to give access to an administrator to create, modify and upload reports without giving them access … Read More

How to install Local Administrator Password Solution (LAPS)

Jonathan LefebvreActive Directory, SCCM, WINDOWS 104 Comments

One of the challenges faced by workstation administrators, is to manage the local administrator account in large environment. One of the options was to use Group Policy Preferences, but that was before KB2962486 removed the possibility to set password using Group Policy Preferences. Since then, Microsoft as come up with a solution : Local Administrator Password Solution (LAPS). Here’s the benefits of using LAPS : Unique password for local administrator per computer Password available from Active Directory, if needed to use local administrator account Remotly change the local administrator password Ability to use a custom administrator account Limitation : Only … Read More

Refreshing a Windows 7 Computer to Windows 10 using USMT and SCCM

Benoit LecoursSCCM, WINDOWS 1038 Comments

Since SCCM 1511, you can use the new upgrade task sequence to easily upgrade a Windows 7 computer to Windows 10. But what if you want to upgrade a computer from a 32-bits operating system to Windows 10 64-bits ? You can’t use the upgrade task sequence for this specific scenario. Another reason would be that your company decided to use the wipe and reload option in your Windows 10 migration project. In those cases you will need to use USMT to capture data and settings from the users profiles before applying the new operating system. This post will describe how to upgrade a … Read More

SCCM Windows 10 Customization using Task Sequences

Benoit LecoursSCCM59 Comments

In this post we will describe how to customize your windows 10 image to personalize it to your company. There’s an infinite amount of customization that can be made but i’ll try to cover the more frequent one, those that are asked 95% of every Windows 10 projects I was involved in. You could also do all those modifications through group policies if you want to enforce those settings. SCCM Windows 10 Customization Package Before we begin any customization, we will create a Windows 10 Customization package that we will use in our task sequence. It will be empty to start but we … Read More

Inject Software Updates in your WIM using SCCM Offline Servicing

Stephane FaubertOSD, SCCM11 Comments

Offline Servicing in SCCM is the process through which you can inject software updates in your operating system WIM files. This process can alleviate your build and capture yearly/bi-yearly WIM updates that you most likely run in your enterprise. However, as much as this process is great to shorten your gold image updates, it’s still not perfect. Why? The answer is quite simple. Even if your gold image contains products such as Microsoft Office, offline servicing will not apply Office patches even though these are downloaded to your Software Update Point. Only core Windows applications can get patched through this process. … Read More