Using Powershell you can do many things in SCCM. Over the years, in many SCCM consulting projects we got involved in, we get the same question: “Can you create SCCM collections for Servers, Laptops, Workstations, Windows 10…”. Back in 2015, I started to build an SCCM collection PowerShell script to create SCCM operational collections which we create just after an SCCM installation. With time, I added more and more collections to the script. Fast forward to today, the script now contains 148 collections and has been downloaded more than 75 000 times making this PowerShell script my most downloaded contribution to the community. This set of collections usually covers 95% of the initial client needs. All you need to do is to run the SCCM collection PowerShell script on your SCCM server and wait. In about 5 minutes, you’ll end up having 148 collections in an Operational folder. The collections are set to … Read More
SCCM Remove Computer from Collection after OSD
This post is a step-by-step guide on how to remove computers from the collection after OSD. If you’re using specific collections for your OSD deployments you certainly know that the collections are not emptied automatically. After a couple of weeks, you’ll end up with a collection full of systems. The bad news is that there’s nothing built-in in the product, the good news is that our friend PowerShell can do this dirty job. To run the script : The imported module needs to be trusted The script must run in x86 mode The computer account must have proper permission (SCCM and DCOM) SCCM Remove Collection OSD – Permission You need to add your primary site computer account as a “Full Administrator” in SCCM You need to add the “System” account “Remote Access” right in DCOM permission Launch “dcomcnfg.exe” Navigate to Component Services / Computer / My Computers (Right-Click) / Properties … Read More
Deploy SCCM Wifi Profiles with Password to Windows 10 Devices
Introduced since SCCM 2012 R2, SCCM Wifi profiles are used to send Wifi configurations to clients. It can be useful if your company is not using certificates or any automated authentication methods. A smaller organization that uses a simple WPA2 setup can use SCCM Wifi profiles to send Wifi SSID and password so that the computers connect automatically to that network. You can also use Wifi profile to manage mobile devices with Intune but we won’t cover this scenario in this post. The major drawback of the SCCM Wifi Profile is that it’s impossible to enter the Wifi password using the console UI. (Even in the newest versions). We will show you how to deploy Wifi profiles on a Windows 10 or Windows 8.1 computer, including the Wifi password using an XML file. How to deploy SCCM Wifi Profiles with password to Windows 10 devices Since it’s not possible to enter a password in … Read More
SCCM Report Builder Error – The Certificate Chain was issued by an Authority that is not Trusted
If you’re like us and love to create and build awesome reports, you may get an error when running report builder on a remote computer. When editing an SCCM report in Report Builder you may receive the following error: A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 – The certificate chain was issued by an authority that is not trusted.) SCCM Report Builder error – Cause This error occurs because you don’t have the required SCCM SQL certificate on the computer running Report Builder. Follow the following steps in order to resolve the issue. Export the certificate from your SQL server On the SQL Server Click the Start menu, click Run, and then type mmc. Click Enter. This starts the Microsoft Management Console (MMC) In the console, click the File menu and then click Add/Remove Snap-in On the … Read More
Extend your inventory with SCCM Active Directory Attributes
SCCM Active Directory System Discovery is a discovery method to bring discovered devices into your SCCM server. It’s one of the most used discovery methods for its simplicity. Many organization extends their Active directory to include custom attributes to their records. By default, SCCM brings a couple of default Active Directory attributes but it’s also possible to bring any custom attribute that you may have. The good news is that it’s quite simple to add these custom Active Directory Attributes to your SCCM Discovery methods. What is more complicated is how to fetch this data once it’s discovered. Over the years, we’ve seen much different information stored in AD Attributes. For this post, we’ll add the Description attribute from a computer account to SCCM and describe how to query this information to create collections or reports. SCCM Custom Active Directory attributes Configuration The first step is to find the name of … Read More
SCCM report subscription ssrs does not list Email in Drop Down Menu
When configuring your Reporting Service on an SCCM server, one of the popular options is to configure reports to be delivered as an automatic email to recipients in your organization. Unfortunately, this option is not always available in the report Subscription wizard. What can you do when your SCCM report subscription SSRS does not list email in the drop-down menu? But first, let’s define what is exactly a Reporting Services subscription : Microsoft definition : A Reporting Services subscription is a configuration that delivers a report at a specific time or in response to an event, and in a file format that you specify. For example, every Wednesday, save the MonthlySales.rdl report as a Microsoft Word document to a file share. Subscriptions can be used to schedule and automate the delivery of a report with a specific set of report parameter values. You can create multiple subscriptions for a single … Read More
Using SCCM Collection variables in Task Sequence
For this post, I’ve built a little scenario to explain how to use SCCM Collection variables in Task Sequence. I get often asked how to reduce the number of SCCM task sequences and how to make them dynamic. I’m always surprised when I hear from an SCCM administrator that they don’t use variables in their task sequence. Let’s say you are working in an international company and use SCCM to deploy operating systems. Each office has its own configuration and specific software to install. You decide to create 1 task sequence per office. Wrong! You’ll end up in a management nightmare. One task sequence is often enough and this is where you need variables to the rescue. The magic that you need to understand is collection variables. You have 2 choices, let the user enter the variable value at the beginning of the deployment (explain later) or pre-load these values using collection … Read More
Getting started with SCCM Powershell cmdlet
You can run SCCM Powershell cmdlet and scripts from the SCCM console or from a Windows PowerShell session. This is very useful to do stuff in SCCM without using the console. You can do pretty much anything using Powershell. When you get used to it, you can write more complex scripts to automate and save lots of time. Supported versions of SCCM’s current branch support Windows PowerShell version 5.1. Starting in version 2010, the Configuration Manager PowerShell cmdlet library supports PowerShell 7. If you’re not familiar with PowerShell and SCCM, the easiest way to connect to your site is to use the shortcut in the console : In the SCCM console Select the upper-left white arrow choose Connect via Windows PowerShell A Windows PowerShell loads, you’ll see a prompt that contains your site code. For example, if the site code is “SCD”, the prompt will show: PS SCD:\> SCCM Powershell Cmdlet Syntax … Read More
SCCM Client Version and Cumulative Update List
This blog post compiles a list of SCCM client versions, build numbers and cumulative updates since the 2012 RTM release. SCCM Upgrades are released 2 times a year. After an SCCM Upgrade, it’s important to upgrade your SCCM Client version to the latest version. SCCM updates are cumulative, meaning that the latest one includes the previous one. (Ex: You don’t need to apply SCCM 2203 if you plan to install 2303). We recommend that you upgrade all your clients when you are applying the latest SCCM version. We release a step-by-step guide on how to update your SCCM server each time a version comes out. Just use the link next to the client version in the table to be redirected to the upgrade post. Why your SCCM Client version is important Knowing which SCCM client version you are running in your environment lets you benefit from the SCCM (MECM) latest … Read More
Creating an SCCM report viewer role
In many SCCM environments, we see administrators that want to give access to the SCCM reporting node only. Unfortunately, there’s no SCCM Report Viewer role when you browse to the Security role of the console. So … What if you want to give a user the right to only run reports? This blog post will show how to create an SCCM report viewer role in the console. A simple way to do this is to grant access to the Read-only Analyst role which will be enough to run a report but maybe you don’t want them to see all nodes and get lost in the console. If you’re unfamiliar with role-based administration, we suggest you first read the Microsoft docs which explains the basics. It combines security roles, security scopes, and assigned collections to define the administrative scope for each administrative user. We’ll use this concept to create a new … Read More