SCCM Remove Computer from Collection after OSD

Benoit LecoursPowershell, SCCM1 Comment

This post is a step-by-step guide on how to remove computers from the collection after OSD. If you’re using specific collections for your OSD deployments you certainly know that the collections are not emptied automatically. After a couple of weeks, you’ll end up with a collection full of systems. The bad news is that there’s nothing built-in in the product, the good news is that our friend PowerShell can do this dirty job. To run the script : The imported module needs to be trusted The script must run in x86 mode The computer account must have proper permission (SCCM and DCOM) SCCM Remove Collection OSD – Permission You need to add your primary site computer account as a “Full Administrator” in SCCM You need to add the “System” account “Remote Access” right in DCOM permission Launch “dcomcnfg.exe” Navigate to Component Services / Computer / My Computers (Right-Click) / Properties … Read More

Using SCCM Collection variables in Task Sequence

Benoit LecoursOSD, SCCM28 Comments

For this post, I’ve built a little scenario to explain how to use SCCM Collection variables in Task Sequence. I get often asked how to reduce the number of SCCM task sequences and how to make them dynamic. I’m always surprised when I hear from an SCCM administrator that they don’t use variables in their task sequence. Let’s say you are working in an international company and use SCCM to deploy operating systems. Each office has its own configuration and specific software to install. You decide to create 1 task sequence per office. Wrong! You’ll end up in a management nightmare. One task sequence is often enough and this is where you need variables to the rescue. The magic that you need to understand is collection variables. You have 2 choices, let the user enter the variable value at the beginning of the deployment (explain later) or pre-load these values using collection … Read More

Monitor SCCM Task Sequence Progress

Benoit LecoursSCCM, WINDOWS 106 Comments

When deploying Windows 10 operating system using SCCM (OSD), you will need to monitor SCCM task sequence progress. This allows us to track task sequence start, end time and most importantly errors (if any). Our post will show 4 different ways to monitor SCCM task sequences. Each of them has its own benefits and drawbacks. Monitor SCCM Task Sequence Using the Console You can view the progress of a task sequence using the SCCM console. This method is simple and easy but permit to see the status of only one machine at the time. If your deployment staff don’t have access to the console or view deployment status, this option is not for you. Open the SCCM Console Go to Monitoring / Deployments Search and right-click the deployment linked to your Windows 10 task sequence On the menu, select View Status In the Deployment Status screen, select the In Progress tab for a running … Read More

How to update HP BIOS using latest HPFirmwareUpdRec with SCCM

Jonathan LefebvreSCCM22 Comments

At a client site, they received newest HP models to be tested. Downloading drivers and BIOS updates were the usual. Looking at details about the BIOS update, we noticed that the HPBIOSUPDREC.exe that was used was no longer available.  HP released a new version called HPFirmwareUpdRec to replace it. Even if the help stated the command line to be the same, it turned out it didn’t work at all. Unfortunately, it doesn’t seem HP documented the new tool and how to use it. we were able to figure it out by digging into HP forums… In this post, we will show hot to update HP BIOS using the latest HPFirmwareUpdRec tool within a task sequence. Prerequisites When downloading the bits from HP, looking at the BIOS files you need to see HPFirmwareUpdRec.exe. If the file is not there, the update should be done using the old tool HPBIOSUPDREC.exe like before. Update … Read More

How to Configure SCCM Delivery Optimization Task Sequence

Jonathan LefebvreOSD, WINDOWS 101 Comment

Windows 10 brings a new feature to optimize network performance when it comes to Windows Update. This feature is called Delivery Optimization. Delivery Optimization is a cloud-based service that allows computers on the same network to share updates files to prevent reaching out to Windows Update directly or to a remote WSUS.  Windows 10 clients must have access to the internet to be able to leverage Delivery Optimization to establish a peer-to-peer connection to another Windows 10 computer. This blog post will describe how to configure SCCM Delivery Optimization Task sequence. With that said, Delivery Optimization as the potential of doing the opposite of what it was designed for. By default, the Download mode is configured in LAN Mode. This means that every computer going on the internet through a single IP address like many businesses do will be considered in the same LAN network. This means a remote office could be considered local, then … Read More

How to add Latest Windows 7 Convenience Update in a SCCM Image

Benoit LecoursSCCM5 Comments

For this post, we will be talking about how to do a SCCM Windows 7 convenience rollup image creation. A lot of companies still use Windows 7 and have not yet migrated to Windows 10. So, in the spirit of still having Windows 7, I thought I would write up a post to help fellow administrators. You may have seen that a few weeks ago, Microsoft released a new convenience rollup for Windows 7 SP1. This convenience rollup is meant to make our lives easier when deploying fresh instances of Windows 7. As stated on the Technet article, it contains all the security and non-security fixes released since Service Pack 1, up to April 2016. Officially, the convenience update is released to help us administrators catch up our deployments of Windows 7 faster, have us have a Windows 7 release that’s consistent with the latest code levels, support benefits and so … Read More

Deploy Windows 2016 using SCCM Task Sequence

Benoit LecoursOSD, SCCM3 Comments

In this post, we will deploy the newly released Windows 2016 with SCCM 1606. We will describe how to create a SCCM Windows 2016 deployment task sequence and deploy it to your servers. If you’re new to operating system deployment, read the preparation of your environment post before reading this one. This task sequence will help you deploy a “vanilla” Windows 2016 using the default Install.wim from the Windows 2016 media. This means that you’ll end up with a basic Windows 2016 with the SCCM client and nothing else. You will be able to edit this task sequence later to customize it to your environment. [su_box title=”Important” style=”glass” box_color=”#000000″ title_color=”#F0F0F0″]For this post, we used SCCM 1606 with ADK 1607 on an HyperV platform[/su_box] Prepare your Operating Systems We will now import the Windows 2016 WIM file before deployment. [su_box title=”Important” style=”glass” box_color=”#000000″ title_color=”#F0F0F0″]You’ll see both Operating System Images and Operating System Upgrade Packages. One is to import .WIM files and the … Read More

SCCM Windows 10 Customization using Task Sequences

Benoit LecoursSCCM63 Comments

In this post we will describe how to customize your windows 10 image to personalize it to your company. There’s an infinite amount of customization that can be made but i’ll try to cover the more frequent one, those that are asked 95% of every Windows 10 projects I was involved in. You could also do all those modifications through group policies if you want to enforce those settings. SCCM Windows 10 Customization Package Before we begin any customization, we will create a Windows 10 Customization package that we will use in our task sequence. It will be empty to start but we will create the folders and scripts during this blog post. Open the SCCM Console Go to Software Library / Application Management / Packages Create a new package On the Package tab, enter a Name, Description, Manufacturer and Source folder (this is where all scripts will be stored) On the Program Type … Read More

Inject Software Updates in your WIM using SCCM Offline Servicing

Stephane FaubertOSD, SCCM14 Comments

Offline Servicing in SCCM is the process through which you can inject software updates in your operating system WIM files. This process can alleviate your build and capture yearly/bi-yearly WIM updates that you most likely run in your enterprise. However, as much as this process is great to shorten your gold image updates, it’s still not perfect. Why? The answer is quite simple. Even if your gold image contains products such as Microsoft Office, offline servicing will not apply Office patches even though these are downloaded to your Software Update Point. Only core Windows applications can get patched through this process. What are the type of core applications that you can apply patches to? Obviously, Windows, Internet Explorer, .Net Framework and so on and so forth. (also called CBS, for Component Based Servicing) SCCM Offline Servicing Overview Here’s what happens in the background when you start the SCCM Offline servicing process : SMS_Executive … Read More

How to Start Securing ConfigMgr in the Enterprise

Nicolas PilonAdaptiva, SCCMLeave a Comment

  As an IT professional, you already know that a security breach can be devastating. It can also be expensive, $4 million on average according to a 2015 survey sponsored by IBM. Microsoft System Center Configuration Manager (ConfigMgr) can play a huge part in preventing attacks and implementing an enterprise-wide security solution. ConfigMgr helps companies make sure all endpoints are current with the latest security fixes, configured correctly, behaving normally, and only running authorized applications. However, like almost everything else in IT these days, ConfigMgr itself is a target for hackers who can use it to distribute malware, take control of computers with access to private data, and engage in all manner of nefarious activity. According to a recent Adaptiva survey of more than 150 IT professionals, 70 percent expressed concern about potential security vulnerabilities in their Microsoft ConfigMgr environments. Securing the perimeter of your company’s network is usually the … Read More