Deploy Windows 11 using SCCM / MEMCM

Benoit LecoursSCCMLeave a Comment

Windows 11 has been released by Microsoft on October 5th, 2021. If you are planning to deploy and manage Windows 11 using SCCM or Configuration Manager, this post has you covered. Like any other Windows version, you need to do a couple of tasks before you can do an SCCM Windows 11 Deployment. In a previous blog post, we listed everything you need to know about SCCM and Windows 11. You can read the whole post but here’s the important part: SCCM is ready to support Windows 11 starting with SCCM version 2107. You need to run at least SCCM 2107 and your device needs specific requirements. Let’s get started to Deploy Windows 11 using SCCM / MEMCM ! Table of Content Prerequisites Check if you have an SCCM Supported version Upgrade your Windows ADK Download Windows 11 ISO Mount and extract the ISO file Import the Windows 11 WIM … Read More

How to use SCCM Cloud Management Gateway bulk registration token

Jonathan LefebvreSCCM1 Comment

One of the less-known benefits of the SCCM Cloud Management Gateway is the ability to install the Configuration Manager client to devices that are not connected locally and manage those devices without ever being on the internal network. For example DMZ servers. To do so, the client must be installed by a command line with an SCCM CMG Bulk Registration Token. In this post, we will show how to use the Bulk Registration Token to enroll DMZ servers to the Cloud Management Gateway. Requirements Configuration Manager version 2002 or higher Supported OS for Config Manager Cloud Management Gateway configured See our post, Setup SCCM Cloud Management Gateway The certificate used for the Cloud Management Gateway must be trusted by the client that will be installed If the certificate is a Public certificate, with a CNAME, then this will be trusted by default If the certificate is generated by a private … Read More

How to fix SCCM Bitlocker prompt for fixed drives

Eswar KonetiSCCMLeave a Comment

This blog post describes how to fix SCCM Bitlocker prompt for fixed drives when integrated the MBAM features with Configuration Manager. Introduction Starting with Configuration Manager 1910 onwards, Bitlocker features that were available in MBAM are now fully integrated into ConfigMgr and allows you to manage the Bitlocker drive encryption (BDE) for your windows clients without requiring any additional tools. From Configuration Manager 2002 onwards, the Bitlocker management feature is no more a pre-release feature. The Bitlocker functionalities that exist in Configuration Manager 1910 onwards, only supports the clients that are on-prem and joined to Active Directory ONLY. You will not be able to use the Bitlocker features for clients that are Azure Active Directory-joined, workgroup clients, or clients in untrusted domains. The clients that are not on-prem domain joined, will not be able to authenticate with the recovery service to escrow keys. For more information on how to set … Read More

How to use SCCM Delivery Optimization

Jonathan LefebvreSCCM5 Comments

SCCM Delivery Optimization

The amount of data that transfers daily on a corporate network is quite important. Once a month, Windows Update has quite an impact on that amount. SCCM along Delivery Optimization can help better manage that crazy amount of GB or even TB of content required to patch all computers. In an earlier post, we covered the topic to use with Intune and Windows Update for business In this post, we will detail how to use SCCM Delivery Optimization to deliver Windows Updates. Requirements Clients must be running Windows 10 ConfigMgr 1910 or higher to get all Network ports 7680 inbound to allow peers 80 to allow computer do download updates from Windows Update For more details, see Microsoft docs SCCM Delivery Optimization Using Delivery Optimization along ConfigMgr can be useful for the following reasons : Avoid hosting GBs of updates on-prem across many different distribution points/host/data center to support all … Read More

How to configure SCCM Software Update point in SSL

Jonathan LefebvreSCCM2 Comments

While the requirements of running SCCM/MEMCM in full SSL may be less required theses days with the Cloud Management Gateway being so effective with remote computers management, running the WSUS – Software Update point in SSL is likely to show up as a requirement whenever doing a security audit of your environment. In this post, we will detail the required steps, from the certificate template creation to the client validation on enabling SSL for WSUS and the SCCM Software Update Point. Requirements Any SCCM version Communication on port 8531 must be open on your Firewall Certificate template Creation The first step to enable SSL communication is to create a server certificate for your server. On the server that is running the Certification Authority, open the Certification Authority console (certsrv.mmc), right-click Certificate Templates and select Manage The Certificate Templates management console opens Right-click the Web Server template and then select Duplicate … Read More