Here’s a step-by-step SCCM 2012 R2 CU5 Installation guide.

Installing SCCM cumulative updates is very important to your infrastructure. It fix lots of issues, which some of them are important.

As this is a cumulative update, you don’t have to install prior CU(1,2,3,4) before installing CU5. CU5 contains all the fixes included in previous CU.

Improvements/Fixes

There’s no new major functionality in CU5. It mostly applies the latest KB and fixes known bugs. Follow this Microsoft Support page to see a full list of issues that are fixed.

PowerShell changes are no longer included in CU as described in our previous post. You won’t find any changes in PowerShell following this CU.

Before you begin

Installing this update is very similar to CU4. I’ll guide you through the upgrade process step-by-step in a standalone primary scenario.

• Download the update on the Microsoft Support page

This update can be applied directly to the following Systems/Roles:

• The Central Administration Site (CAS)
• Primary Site
• Secondary Site
• SMS Provider
• Configuration Manager Console

In this guide, I’ll be updating a Primary Site Server, console and clients.

Update the Primary Site

To start the installation, rdp to your Primary Site Server, and run CM12-R2CU5-KB3054451-X64-ENU.exe

A log file will be created in C:\Windows\Temp\CM12-R2CU5-KB3054451-X64-ENU.log

• On the Welcome Screen, click Next

• Accept the license agreement, and click Next

• Ensure that everything is green, and click Next. On my screenshot, a restart is required before installing the CU.

• Check the box to update the console, click Next

• Select Yes, update the site database, click Next

• Check all 3 checkbox (Server, Console and Clients), click Next

• Edit the package name and program to your need, click Next

• Review the Summary page, click Install

• Installation is in progress

• You can follow the installation progress in the log file (C:\Windows\Temp\CM12-R2CU5-KB3054451-X64-ENU.log)

• When setup is complete, click Next and then Finish

Verification

Console

After setup is completed, launch the System Center 2012 Configuration Manager Console and verify the build number of the console. If the upgrade was successful, the console build number will be 5.00.7958.1604.

Server

Open registry editor and check the HKLM\Software\Microsoft\SMS\Setup\ key. If the installation succeeded CULevel key value will be 5.

You can also verify both client and console version using PowerShell :

• Server : Get-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\SMS\Setup -Name "CULevel"
• Console : (Get-Item ($env:SMS_ADMIN_UI_PATH.Substring(0,$env:SMS_ADMIN_UI_PATH.Length – 5) + '\Microsoft.ConfigurationManagement.exe')).VersionInfo.FileVersion

Clients

The client version will be updated to 5.00.7958.1604 (after updating, see section below)

This update also brings the anti-malware client version to 4.7.0209.0. You can find the version information by clicking About on the Help menu of the Endpoint Protection client UI.

Package distribution

Navigate to Software Library / Packages / Configuration Manager Updates

• You’ll see that your CU5 updates packages are created

• Go ahead and Distribute Content to your distribution points

Updating the Clients

We now need to update the clients. This update contains 2 update packages for client installations. One for 32-bit clients and one for 64-bit clients.

Create two collections for the client upgrade. (If not already done in previous CU)

All-x64-based Clients

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceId = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.SystemType = "X64-based PC"

All-x86-based Clients

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceId = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.SystemType = "X86-based PC"

Adjust the package options to fit your environments and deploy the update to your clients.

Once deployed I like to create a collection that targets clients without the latest CU. I use it to monitor which client haven’t been updated yet.

Here’s the query to achieve this: (You can also refer to our Set of Operational Collection Powershell Script)

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.ClientVersion != '5.00.7958.1604'

Happy updating !

Step-by-Step SCCM 2012 R2 CU5 Installation guide

The post Step-by-Step SCCM 2012 R2 CU5 Installation guide appeared first on System Center Dudes.

Download and own part 1 to 18 of the SCCM 2012 R2 Installation Guide in a single PDF file. Use our products page or use the download button below. This blog post won’t be updated, only the document will be.

In part 1 of this blog series, we planned our hierarchy, prepared our Server and Active Directory.

In part 2, we installed and configured SQL in order to install SCCM.

In part 3, we installed a stand-alone Primary site.

In the next 16 parts, we will describe how to install the numerous Site Systems roles available in SCCM. Role installation order is not important, you can install roles independently of others.

This part will describe how to install SCCM 2012 R2 Software Update Point (SUP).

Role Description

The SUP integrates with Windows Server Update Services (WSUS) to provide software updates to Configuration Manager clients.

This is not a mandatory Site System but your need  to install a SUP if you’re planning to use SCCM as your patch management platform.

SCCM 2012 SP1 (and thus R2) integrates new features to the Software Update Point that are well documented in this Technet Article.

Site System Role Placement in Hierarchy

This Site System is a site-wide option. It’s supported to install this role on a Central Administration Site, child Primary Site, stand-alone Primary Site and Secondary Site.

When your hierarchy contains a Central Administration Site, install a SUP and synchronizes with Windows Server Update Services (WSUS) before you install a SUP at any child Primary Site.

When you install a SUP at a child Primary Site, configure it to synchronize with the SUP at the Central Administration Site.

Consider installing a SUP in Seconday Site when data transfer across the network is slow.

WSUS Installation

Perform the following on the server that will host the SUP role.

• Open Server Manager / Add Roles and Features
• Select the Windows Server Update Services Role, click Next

• Select WSUS Services and Database, click Next

• Launch Windows Server Update Services from the Start Menu. You will be prompt with the following window :

• On the DB instance, enter your server name
• On Content directory path, use a drive with enough drive space. This is where your WSUS will store updates

• When the WSUS Configuration Wizard starts, click Cancel

• Open SQL Management Studio
• Under Databases, Right-click SUSDB, select Properties, and click Files
• Change Owner to SA
• Change the Autogrowth value to 512MB, click Ok and close SQL MS

SUP Installation

• Open the SCCM console
• Navigate to Administration / Site Configuration / Servers and Site System Roles
• Right click your Site System and click Add Site System Roles
• On the General tab, click Next

• On the Proxy tab, click Next

• On the Site System Role tab, select Software Update Point, click Next

• On the Software Update Point tab, select WSUS is configured to use ports 8530 and 8531, click Next

• On the Proxy and Account Settings tab, specify your credentials if necessary, click Next

• On the Synchronization Source tab, specify if you want to synchronize from Microsoft Update or an upstream source. Refer to the Site System Placement section if you’re unsure. For a stand-alone Primary Site, select Synchronize from Microsoft Update, click Next

• On the Synchronization Schedule tab, check the Enable synchronization on a schedule check box and select your desired schedule. 1 day is usually enough but it can be lowered if you’re synchronizing Endpoint Protection definition files, click Next

• On the Supersedence Rules tab, select Immediately expire a superseded software update, click Next

• On the Classifications tab, select your organisation needs, click Next
  • Full description on this Microsoft Support Article

• On the Products tabs, select the products that you want to manage using SCCM, click Next

• On the Languages tab, select the desired Language, click Next

• On the Summary tab, review your settings, click Next, wait for the setup to complete and click Close

Verification

• ConfigMgrSetup\Logs\SUPSetup.log -Provides information about the software update point installation. When the software update point installation completes, Installation was successful is written to this log file
• ConfigMgrSetup\Logs\WCM.log – Provides information about the software update point configuration and connecting to the WSUS server for subscribed update categories, classifications, and languages
• ConfigMgrSetup\Logs\WSUSCtrl.log – Provides information about the configuration, database connectivity, and health of the WSUS server for the site
• ConfigMgrSetup\Logs\Wsyncmgr.log – Provides information about the software updates synchronization process

Bonus link : I suggest that you read the excellent article written by Kent Agerlund on how to avoid what he calls the House of Cards

sccm 2012 software update point

The post How to install Software Update Point in SCCM 2012 R2 appeared first on System Center Dudes.

Download and own part 1 to 18 of the SCCM 2012 R2 Installation Guide in a single PDF file. Use our products page or use the download button below. This blog post won’t be updated, only the document will be.

In part 1 of this blog series, we planned our hierarchy, prepared our Server and Active Directory.

In part 2, we installed and configured SQL in order to install SCCM.

In part 3, we installed a stand-alone Primary site.

In the next 16 parts, we will describe how to install the numerous Site Systems roles available in SCCM. Role installation order is not important, you can install roles independently of others.

This part will describe how to install SCCM 2012 R2 Endpoint Protection Point (EPP).

Role Description

The Endpoint Protection Point provides the default settings for all antimalware policies and installs the Endpoint Protection client on the Site System server to provide a data source from which the SCCM database resolves malware IDs to names. When you install this Site System Role, you must accept the license terms for System Center 2012 R2 Endpoint Protection.

This is not a mandatory Site System but you need to install a EPP if you’re planning to use SCCM as your anti-virus management solution (using Endpoint Protection).

Site System Role Placement in Hierarchy

This Site System is a hierarchy-wide option. SCCM supports a single instance of this site system role in a hierarchy and only at the top-level site in the hierarchy. It’s supported to install this role on a Central Administration Site or stand-alone Primary Site.

Requirements

Before installing the EP role, you must have a Software Update Point installed and configured.

EPP Installation

• Open the SCCM console
• Navigate to Administration / Site Configuration / Servers and Site System Roles
• Right click your Site System and click Add Site System Roles
• On the General tab, click Next

• On the Proxy tab, click Next

• On the Site System Role tab, select Endpoint Protection Point, click Next

• Accept the License Terms and click Next

• Select Do not join MAPS, click NEXT

• On the Summary tab, review your settings and click Next

• Wait for the setup to complete and click Close

SUP Configuration

After the installation, you must add Endpoint Protection definition files in your Software Update Point.

• Open the SCCM console
• Navigate to Administration / Site Configuration / Servers and Site System Roles
• Click the Configure Site Components button and select Software Update Point

• On the Product tabs, check Forefront Endpoint Protection 2010 and click Ok

Verification

• ConfigMgrInstallationPath\Logs\EPSetup.log – Detailed EP Installation status

• ConfigMgrInstallationPath\Logs\Wsyncmgr.log – SUP Synchronization status

You are now ready to manage EndPoint Protection using SCCM. In a future post, we will describe on to manage your anti-malware policy and definition updates.

sccm 2012 endpoint protection point

The post How to install Endpoint Protection Point in SCCM 2012 R2 appeared first on System Center Dudes.

Microsoft has recently announced the release of SCCM 2012 SP2 and SCCM 2012 R2 SP1. Before performing an SCCM 2012 R2 SP1 upgrade, we recommend that you read carefully all the available resources and carefully plan the upgrade process throughout your SCCM 2012 R2 hierarchy. The good news is that our SCCM 2012 R2 SP1 Upgrade Guide will list everything you need to know before applying this major upgrade to your existing SCCM 2012 installation. We’ve got you covered !

What’s new

The main reason you’ll want to upgrade to SCCM 2012 R2 SP1 is probably for Windows 10 support. No plan for Windows 10 deployment in your organisation? There’s interesting new features and a lots of bug fixes (thousands, which are not fully documented) in this release that are worth it. Do I still need to perform the SCCM 2012 R2 SP1 upgrade? See the full list of features on this Technet Article to figure it out.

Naming Confusion

Following the announcement, the community was confused on how to apply this Service Pack because Microsoft decide to release it under one binary even if there’s 3 possible “version” of SCCM 2012. (SCCM 2012 RTM, SCCM 2012 SP1, SCCM 2012 R2)

• If you’re running SCCM 2012 SP1 (non-R2) the upgrade process will bring your site to SCCM 2012 SP2
• If you want to upgrade to SCCM 2012 R2 SP1 afterward, you’ll need to run another executable which will enable the R2 features
• If you’re already running SCCM 2012 R2, the upgrade process will bring your site to SCCM 2012 R2 SP1

Fellow MVP Jason Sandys explain all the upgrade options in an excellent post. The key is really to understand the upgrade process by identifying your actual version and the desired final version.

Prerequisites

Our post focus on what needs to be done to upgrade a stand-alone SCCM 2012 R2 Primary Site to SCCM R2 SP1. This post is not covering all the requirements and checklist steps needed if you’re running SCCM 2012 SP1 (non-R2).

If you have a hierarchy with a Central Administration Site and multiple Primary Site, start with the top of the hierarchy (CAS) and go down, upgrading all Primary Sites and Secondary Sites.

If you’re already running SCCM 2012 R2, the upgrade process won’t do a site reset :

From Technet: When you run this upgrade, it enables additional capabilities throughout your hierarchy. Because this upgrade enables additional functionality and does not upgrade features and components, there are no considerations or changes to settings or site system roles as there is when you install a new service pack.

Database Replication

If you have a database replica for management point, disable Database replication. If you don’t use this function, skip this step and go to the Backup and Testupgrade section

• Open the SCCM Console, browse to Administration / Site Configuration /Servers and Site System Roles
• Select the Site System that hosts the management point that uses the database replica
• Right click Management point and select Properties

• On the Management Point Database tab, select Use the site database and click Ok

• Connect to the SQL server hosting the replica databases
• Open SQL Management Studio
• Go to  Replication / Local subscription
• Right click the replica and select Delete. Select Yes to the warning prompt

• Right click the publisher database and select Delete. Select Close existing connections and click OK

• Connect to the SQL server hosting the site database
• Open SQL Management Studio
• Go to Replication and select Disable Publishing and Distribution

• On the next screen, click Next
• Select Yes, disable publishing on this server and click Next, Next, Next
• Click Finish

Backup and TestUpgrade

• Before upgrading, perform a backup of your SCCM database.
• It is recommended to test your CM database before the upgrade.  Detailed procedure is available on Technet, here’s the resumed version :
  • Backup your site databse
  • Restore it on a SQL server running the same version as your SCCM SQL instance
  • On the SQL server, run the SCCM setup command line using the Testdbupgrade switch
  • Open the log file on C:\ConfigMgrSetup.log
  • If the process is successful, you can delete the database copy
  • If you have errors, resolve them on your SCCM server, do a new backup and restart this procedure

After you successfully upgrade a copy of the site database, proceed with the “real” upgrade.

Running Console

Close all running console on the server. Check also if remotely logged users are running the console in their sessions. The setup won’t check that and you’ll endup having an error in the installation log at the end of the process.

ERROR: Configuration Manager console uninstallation failed. Check log file ConfigMgrAdminUISetup.log.

Installation

The installation process is not like a CU installation. The user experience is like a new SCCM installation.

• Download the necessary files. You can download the file from the Technet Evaluation Center. The non-eval files will be available on the Microsoft Volume Licensing Site on May 27th. You can install the evalutation version on a non-eval site without problem, it won’t “convert” your site to an evaluation version.
• You’ll notice that there’s 2 available SP2 executables.
  • Refer to the table in Jason Sandys post to understand which one to run. (Depending of your actual site version and the desired final version)

• In our case, the site is already R2 so we extract the SC2012_SP2_Configmgr_SCEP.exe to a folder and execute Splash.hta
• On the main menu, select Install

• On the Before You Begin screen, click Next

• On the Getting Started screen, select Upgrade this Configuration Manager site

• On the Microsoft Software License Terms, check I accept these license terms and click Next

• On the Prerequisite Licenses, check all 3 boxes and click Next

• On the Prerequisite Downloads screen, specify a location to download the prerequisite files. This folder can be deleted after the upgrade process

• The prerequisite files are downloading

• On the Server Language Selection screen, select the language you want to display in the SCCM Console and Reports

• On the Settings Summary screen, you will see that you are performing an Upgrade

• The Prerequisite Check is running

• You should have no errors since your site is already installed and running
• Wait for Prerequisite checking has completed and click on Begin Install

• The installation is in progress. The installation will run for about 30 to 45 minutes depending of your server specifications
• You can follow the progress by clicking the View Log button or open the ConfigMgrSetup.log file on the C:\ drive

• Wait for Core setup has completed and close the wizard

Verification

Once the setup has completed, there’s a couple of check that you can make to be sure the upgrade process was successful.

• C:\ConfigMgrSetup.log  – Display detailed installation steps

Console

• Open the SCCM Console and click on the upper left corner on the blue arrow and select About Configuration Manager
• The Console has been upgraded to SP1
  • A new addition is the Site version which was not available on this screen before

Site

• Go to Administration / Site Configuration / Sites
• Right-click your site and select Properties
• The Site Version and Build Numbers has been upgraded to 5.00.8239.1000

Clients

The site server client version will be upgraded to 5.00.8239.1000. A full list of client version is available on this post.

Boot Image

• Go to Software Library / Operating Systems / Boot Images
• You’ll notice that the Boot Images has been automatically upgraded on your distribution points

Packages

• Go to Software Library / Application Management / Packages
• The Configuration Manager Client Package has been automatically upgraded on your distribution points

Database Replication

Enable the database replicas for Management Points,  if it was configured before the upgrade.

Updating the Clients and Consoles

Once your site is upgraded, you need to upgrade the clients and console to SP1.

Console

You can manually upgrade by browsing to .\ConfigMgrInstallationFolder\tools\ConsoleSetup and execute ConsoleSetup.exe on each computer running the console.

We suggest to create a package or application pointing on the same directory and deploy it using a collection.

All clients with the SCCM console installed

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName = 'System Center 2012 R2 Configuration Manager Console'

Clients

To upgrade the clients, you have various options.

Automatic Client Upgrade

Using the Automatic Client Upgrade option, your client will be upgraded automatically within x days using the value specified

• Go to Administration / Site Configuration / Sites
• Click on the Hierarchy Settings button on the top ribbon
• Check the Upgrade client automatically when new client updates are available
• Select the desired number of days you want your upgrade to be run
• A schedule task will be created on the clients and run within the specified number of days

Client Push

Create manual collection and use the client push function to deploy your clients. This method gives you more control on the group of computer you are upgrading.

I like to create a collection that targets clients without the latest SCCM 2012 R2 SP1 version. I use it to monitor which client haven’t been upgraded yet.

Here’s the query to achieve this: (You can also refer to our Set of Operational Collection Powershell Script which contain this query)

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.ClientVersion != '5.00.8239.1000'

Report

You can run our Client Health Check custom report to track your client versions.

Additional reference

Microsoft SCCM 2012 R2 SP1 FAQ

Happy updating !

sccm 2012 r2 sp1 upgrade

The post Step-by-Step SCCM 2012 R2 SP1 Upgrade Guide appeared first on System Center Dudes.

Download and own part 1 to 18 of the SCCM 2012 R2 Installation Guide in a single PDF file. Use our products page or use the download button below. This blog post won’t be updated, only the document will be.

In part 1 of this SCCM 2012 R2 Installation Guide blog series, we planned our hierarchy, prepared our SCCM 2012 R2 Server and Active Directory.

In part 2, we installed and configured SQL in order to install SCCM 2012 R2.

In part 3, we installed a stand-alone SCCM 2012 R2 Primary site.

In the next 16 parts, we will describe how to install the numerous Site Systems roles available in SCCM 2012 R2. Role installation order is not important, you can install roles independently of others.

This part will describe how to install SCCM 2012 R2 State Migration Point (SMP).

Role Description

The State Migration Point stores user state data when a computer is migrated to a new operating system.

This is not a mandatory Site System but you need a State Migration Point if you plan to use the User State steps in your Task Sequence. These steps integrates with User State Migration Tools (USMT) to backup your user data before applying a new operating system to a computer.

Site System Role Placement in Hierarchy

The State Migration Point is a site-wide option. It’s supported to install this role on a child Primary Site, stand-alone Primary Site or Seconday Site. It’s not supported to install it on a Central Administration site.

Beginning with SCCM 2012 R2, the State Migration Point can be installed on the site server computer or on a remote computer. It can be co-located on a server that have the distribution point role.

SCCM 2012 State Migration Point Installation

• Open the SCCM console
• Navigate to Administration / Site Configuration / Servers and Site System Roles
• Right click your Site System and click Add Site System Roles
• On the General tab, click Next

• On the Proxy tab, click Next

• On the Site System Role tab, select State Migration Point, click Next

• On the State Migration Point tab
  • Click the star icon, specify the folder where you want the data to be stored and how much space must be reserved on the drive
  • Specify the Deletion Policy. This is the delay to keep the data after a successful restore.
  • Enable Restore-Only mode if needed. Use this setting if you want your SMP to be in read-only mode. This is useful if you replace or decommission an existing SMP

• On the Boundary Groups tab, add the boundary group that can access the State migration Point. If you add the role on a site system that already has the Distribution Point role, the boundary group of this DP will already be listed

• On the Summary tab, review your settings, click Next and complete the wizard

Verification and Logs files

You can verify the installation in the following logs:

• ConfigMgrInstallationPath\Logs\Smssmpsetup.log – Detailed State Migration Point Installation status
• ConfigMgrInstallationPath\Logs\Smpmsi.log – Provides information about the State Migration Point

Create the USMT Package

To store the user state data on a State Migration Point, you must create a package that contains the USMT source files. This package is specified when you add the Capture User State step to your task sequence.

• On your SCCM Server where you installed Windows Deployment Toolkit, browse to : C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\User State Migration Tool
  • If you don’t have this folder, it’s because you haven’t installed the USMT (included in Windows ADK) during your SCCM Installation
• Copy the folder content in your Content Library (In my example D:\Sources\OSD\USMT)

• Open the SCCM Console
• Go to Software Library / Application Management / Packages
• Right-click Packages and select Create a new package
• Enter the Name, Manufacturer, Language
• Check the This package contains source files check-box and specify your source folder (D:\Sources\OSD\USMT)
• Click Next

• On the Program Type tab, select Do not create a program and click Next

• Complete the Create Package wizard

The State Migration Point and the USMT package are now ready for use in an OSD Task Sequence using the Capture User State and Restore User State steps.

The post How to install SCCM 2012 State Migration Point appeared first on System Center Dudes.

Download and own part 1 to 18 of the SCCM 2012 R2 Installation Guide in a single PDF file. Use our products page or use the download button below. This blog post won’t be updated, only the document will be.

In part 1 of this SCCM 2012 R2 Installation Guide blog series, we planned our hierarchy, prepared our SCCM 2012 R2 Server and Active Directory.

In part 2, we installed and configured SQL in order to install SCCM 2012 R2.

In part 3, we installed a stand-alone SCCM 2012 R2 Primary site.

In the next 16 parts, we will describe how to install the numerous Site Systems roles available in SCCM 2012 R2. Role installation order is not important, you can install roles independently of others.

This part will describe how to install SCCM 2012 System Health Validator Point (SHVP).

Role Description

The System Health Validator Point validates Configuration Manager Network Access Protection (NAP) policies.

This is not a mandatory site system but you need a System Health Validator Point if you plan to use NAP evaluation in your software update deployments. This site system integrates with an existing NAP server in your infrastructure.

Site System Role Placement in Hierarchy

The System Health Validator Point is a hierarchy-wide option. It’s supported to install this role on a Central Administration site, stand-alone Primary site, child Primary site. It’s not supported to install it on a Seconday site. The System Health Validator Point must be installed on a NAP health policy server.

SCCM 2012 System Health Validator Point Installation

• Open the SCCM console
• Navigate to Administration / Site Configuration / Servers and Site System Roles
• Right click your Site System and click Add Site System Roles
• On the General tab, click Next

• On the Proxy tab, click Next

• On the Site System Role tab, select System Health Validator Point, click Next

• On the System Health Validator tab, click Next
  • There are no properties to configure for this site system role

• On the Summary tab, review your settings, click Next and complete the wizard

Verification and Logs files

You can verify the installation in the following logs:

• ConfigMgrInstallationPath\Logs\SMSSHVSetup.log – Detailed System Health Validator Point installation status

Configure Client Settings

In order to enable Network Access Protection on your clients, you must configure your client settings :

• Open the SCCM console
• Browse to Administration / Client Settings
• Create a new client settings, select Network Access Protection on the left and choose Yes under Enable Network Access Protection on clients
• Select the desired NAP re-evaluation schedule and click Ok

In case you’re used to NAP in SCCM 2007 and looking for a Network Access Protection node in the console, the 2012 version of NAP is slightly different.

From Technet:

The New Policies Wizard is no longer available to create a NAP policy for software updates: The Network Access Protection node in the Configuration Manager console and the New Policies Wizard are no longer available in System Center 2012 Configuration Manager. To create a NAP policy for software updates, you must select Enable NAP evaluation on the NAP Evaluation tab in software update properties.

The post How to install SCCM 2012 System Health Validator Point appeared first on System Center Dudes.

Download and own part 1 to 18 of the SCCM 2012 R2 Installation Guide in a single PDF file. Use our products page or use the download button below. This blog post won’t be updated, only the document will be.

In part 1 of this SCCM 2012 R2 Installation Guide blog series, we planned our hierarchy, prepared our SCCM 2012 R2 Server and Active Directory.

In part 2, we installed and configured SQL in order to install SCCM 2012 R2.

In part 3, we installed a stand-alone SCCM 2012 R2 Primary site.

In the next 16 parts, we will describe how to install the numerous site systems roles available in SCCM 2012 R2. Role installation order is not important, you can install roles independently of others.

This part will describe how to install a SCCM 2012 R2 Management Point (MP).

Role Description

Every SCCM hierarchy must have a Management Point to enable client communication. The Management Point is the primary point of contact between Configuration Manager clients and the site server. Management Points can provide clients with installation prerequisites, configuration details, advertisements and software distribution package source file locations. Additionally, Management Points receive inventory data, software metering information and state messages from clients.

Multiple Management Points are used for load-balancing traffic and for clients to continue receiving their policy after Management Point failure. Read about SCCM High-Availability options in this Technet article.

Prior to SCCM 2012 R2 SP1, it was not possible to assign client directly to a specific Management Point. It’s now possible using the new Preferred Management Point feature. If you don’t have SCCM 2012 R2 SP1 yet, be advise that adding a new Management Point in a remote office won’t automatically make your clients communicate to this particular MP. Read about how clients choose their Management Point in this Technet article.

Site System Role Placement in Hierarchy

The Management Point is a site-wide option. It’s supported to install this role on a stand-alone Primary site, child Primary site or Seconday site. It’s not supported to install a Management Point on a Central Administration site.

Each primary site can support up to 10 Management Points.

By default, when you install a Secondary site, a Management Point is installed on the Secondary site server. Secondary sites do not support more than one Management Point and this Management Point cannot support mobile devices that are enrolled by Configuration Manager.

See the full Supported Configuration in the following Technet article.

Prerequisites

On Windows 2012, the following features must be installed before the Management Point Installation:

Features:

• .NET Framework 4.5
• BITS Server Extensions  or Background Intelligent Transfer Services (BITS)

IIS Configuration:

• Application Development
  • ISAPI Extensions
• Security
  • Windows Authentication
• IIS 6 Management Compatibility
  • IIS 6 Metabase Compatibility
  • IIS 6 WMI Compatibility

SCCM 2012 R2 Management Point Installation

• Open the SCCM console
• Navigate to Administration / Site Configuration / Servers and Site System Roles
• Right click your Site System and click Add Site System Roles
• On the General tab, click Next

• On the Proxy tab, click Next

• On the Site System Role tab, select Management Point, click Next

• On the Management Point tab
• Select the desired client connections methods. HTTPS required to have a valid PKI certificate for client authentication
• Click Next

• On the Management Point Database tab, specify if you want to use the site database or a database replica. Read about database replica here
• Specify if you want to use the computer account of the Management Point to connect to the database or a specified account

• On the Summary tab, review your settings, click Next and complete the wizard

Verification and Logs files

You can verify the installation in the following logs:

• ConfigMgrInstallationPath\Logs\mpMSI.log – Records details of about the management point installation
• ConfigMgrInstallationPath\Logs\MPSetup.log.log – Records the management point installation wrapper process

The post SCCM 2012 R2 Management Point Installation appeared first on System Center Dudes.

Download and own part 1 to 18 of the SCCM 2012 R2 Installation Guide in a single PDF file. Use our products page or use the download button below. This blog post won’t be updated, only the document will be.

In part 1 of this SCCM 2012 R2 Installation Guide blog series, we planned our hierarchy, prepared our SCCM 2012 R2 Server and Active Directory.

In part 2, we installed and configured SQL in order to install SCCM 2012 R2.

In part 3, we installed a stand-alone SCCM 2012 R2 Primary site.

In the next 16 parts, we will describe how to install the numerous site systems roles available in SCCM 2012 R2. Role installation order is not important, you can install roles independently of others.

This part will describe how to install SCCM 2012 Application Catalog web service point and the Application Catalog website point.

Role Description

The Application Catalog web service point provides software information to the Application Catalog website from the Software Library.

The Application Catalog website point provides users with a list of available software.

This is not a mandatory site system but you need both the Application Catalog website point and the Application Catalog web service point if you want to provide your user with a Self-Service application catalog (web portal).

Site System Role Placement in Hierarchy

The Application Catalog web service point and the Application Catalog website point are hierarchy-wide options. It’s supported to install those roles on a stand-alone Primary site or child Primary site. It’s not supported to install it on a Central Administration site or Seconday site.  The Application Catalog web service point must reside in the same forest as the site database.

If you’re having less than 10,000 users in your company, co-locating the Application Catalog web service and Application Catalog website roles on the same server should be ok. The web service role connects directly to the SCCM SQL database so ensure that the network connectivity between the SQL server and the Application Catalog web service servers is robust.

If you have more geographically distributed users, consider deploying additional application catalogs to keep responsiveness high and user satisfaction up. Use client settings to configure collections of computers to use different Application Catalog servers.

Read more on how to provide a great application catalog experience to your user in this Technet blog article.

If your client needs HTTPS connections, you must first deploy a web server certificate to the site system. If you need to allow Internet clients to access the application catalog, you also need to deploy a web server certificate to the Management Point configured to support Internet clients. When supporting Internet clients, Microsoft recommends that you install the Application Catalog website point in a perimeter network, and the Application Catalog web service point on the intranet.  For more information about certificates see the following Technet article.

Prerequisites

Using Windows Server 2012, the following features must be installed before the role installation:

Application Catalog web service point

Features:

• .NET Framework 3.5 SP1 and 4.0

WCF activation:

• HTTP Activation
• Non-HTTP Activation

IIS Configuration:

• ASP.NET (and automatically selected options)
• IIS 6 Management Compatibility
  • IIS 6 Metabase Compatibility

Application Catalog website point

Features:

• .NET Framework 4.0

IIS Configuration:

• Common HTTP Features
  • Static Content
  • Default Document
• Application Development
  • ASP.NET (and automatically selected options)
• Security
  • Windows Authentication
• IIS 6 Management Compatibility
  • IIS 6 Metabase Compatibility

SCCM 2012 Application Catalog Installation

For this post we will be installing both role on our stand-alone Primary site using HTTP connections. If you split the roles between different machine, do the installation section twice, once for the first site system (selecting Application Catalog web service point during role selection) and a second time on the other site system (selecting Application Catalog website point during role selection).

• Open the SCCM console
• Navigate to Administration / Site Configuration / Servers and Site System Roles
• Right click your Site System and click Add Site System Roles
• On the General tab, click Next

• On the Proxy tab, click Next

• On the Site System Role tab, select Application Catalog web service point and Application Catalog website point, click Next

• On the Application Catalog Web Service Point
  • In the IIS Website and Web application name fields, leave both to the default values
  • This is just the name that you’ll see in IIS after the installation (see next screenshot). It has nothing to do with your user facing portal
  • Enter the port and protocol that you want to use

• On the Application Catalog WebSite Point
  • In the IIS Website keep the default value
  • In Web application name, enter the name that you want for your Application Catalog. This is the URL that will be published to your users
  • Enter the port and protocol that you want to use

• On the Application Catalog Customizations tab, enter your organisation name and the desired color for your website

• On the Summary tab, review your settings, click Next and complete the wizard

Verification and Logs files

Logs

You can verify the role installation in the following logs:

• ConfigMgrInstallationPath\Logs\SMSAWEBSVCSetup.log and awebsvcMSI.log  – Records details of about the Application Catalog Web Service Point installation
• ConfigMgrInstallationPath\Logs\SMSPORTALWEBSetup.log and portlwebMSI.log – Records details of about the Application Catalog Website Point installation

Status messages

• Open the SCCM Console
• Go to Monitoring / System Status / Component Status
• See status of the components SMS_PORTALWEB_CONTROL_MANAGER and SMS_AWEBSVC_CONTROL_MANAGER

Internet Explorer

Verify that the Application Catalog is accessible :

• Open Internet Explorer
• Browse to http://YourServerName/CMApplicationCatalog
  • Replace YourServerName with the server name on which you installed the Application Catalog Website Point
  • Replace CMApplicationCatalog with the name that you give your Application Catalog. (Default is CMApplicationCatalog)

If everything is setup correctly, you’ll see a web page like this :

URL Redirection

The default URL to access the Application Catalog is not really intuitive for your users.

It’s possible to create a DNS entry to redirect it to something easier (ex: http://ApplicationCatalog)

Client Settings

Ensure that the client settings for your clients are set correctly to access the Application Catalog

• Open the SCCM Console
• Go to Administration / Client Settings
• Right-click your client settings and select Properties
• On the left pane, select Computer Agent
• Click the Set Website button and select your Application Catalog (the name will be automatically populated if your Application Catalog is installed)
• Select Yes on both Add Default Application Catalog website to Internet Explorer trusted site zone and Allow Silverlight application to run in elevated trust mode
• Enter your organisation name in Organisation name displayed in Software Center

That’s it, you’ve installed your SCCM 2012 Application Catalog, publish the link to your user and start publishing your applications.

The post How to install SCCM 2012 Application Catalog appeared first on System Center Dudes.

Download and own part 1 to 18 of the SCCM 2012 R2 Installation Guide in a single PDF file. Use our products page or use the download button below. This blog post won’t be updated, only the document will be.

In part 1 of this SCCM 2012 R2 Installation Guide blog series, we planned our hierarchy, prepared our SCCM 2012 R2 Server and Active Directory.

In part 2, we installed and configured SQL in order to install SCCM 2012 R2.

In part 3, we installed a stand-alone SCCM 2012 R2 Primary site.

In the next 16 parts, we will describe how to install the numerous site systems roles available in SCCM 2012 R2. Role installation order is not important, you can install roles independently of others.

This part will describe how to install SCCM 2012 Enrollment Point and Enrollment Proxy Point site system roles.

Role Description

The Enrollment Point uses PKI certificates for Configuration Manager to enroll mobile devices, Mac computers and to provision Intel AMT-based computers.

The Enrollment Proxy Point manages Configuration Manager enrollment requests from mobile devices and Mac computers.

This is not a mandatory site system but you need both Enrollment Point and Enrollment Proxy Point if you want to enroll legacy mobile devices, Mac computers and to provision Intel AMT-based computers. Since modern mobile devices are mostly managed using Windows Intune, this post will focus mainly on Mac computers enrollment.

Site System Role Placement in Hierarchy

The SCCM 2012 Enrollment Point and Enrollment Proxy Point are site-wide options. It’s supported to install those roles on a stand-alone or child Primary site. It’s not supported to install it on a Central Administration site or Secondary site.

You must install an SCCM 2012 Enrollment Point in the user’s forest so that the user can be authenticated if a user enrolls mobile devices by using SCCM and their Active Directory account is in a forest that is untrusted by the site server’s forest.

When you support mobile devices on the Internet, as a security best practice, install the Enrollment Proxy Point in a perimeter network and the Enrollment Point on the intranet.

Prerequisites

Beginning with System Center 2012 Configuration Manager SP2, the computer that hosts the SCCM 2012 Enrollment Point or Enrollment Proxy Point site system role must have a minimum of 5% of the computers available memory free to enable the site system role to process requests. When those site system role are co-located with another site system role that has this same requirement, this memory requirement for the computer does not increase, but remains at a minimum of 5%.

Using Windows Server 2012, the following features must be installed before the role installation:

Enrollment Point

Features:

• .NET Framework 3.5
• .NET Framework 4.5
  • HTTP Activation (and automatically selected options)
  • ASP.NET 4.5
• Common HTTP Features
• • Default Document
• Application Development
  • ASP.NET 3.5 (and automatically selected options)
  • .NET Extensibility 3.5
  • ASP.NET 4.5 (and automatically selected options)
  • .NET Extensibility 4.5
• IIS 6 Management Compatibility
  • IIS 6 Metabase Compatibility

Enrollment Proxy Point

Features:

• .NET Framework 3.5
• .NET Framework 4.5
  • HTTP Activation (and automatically selected options)
  • ASP.NET 4.5

IIS Configuration:

• Common HTTP Features
  • Default Document
  • Static Content
• Application Development
  • ASP.NET 3.5 (and automatically selected options)
  • ASP.NET 4.5 (and automatically selected options)
  • .NET Extensibility 3.5
  • .NET Extensibility 4.5
• Security
  • Windows Authentication
• IIS 6 Management Compatibility
  • IIS 6 Metabase Compatibility

SCCM 2012 Enrollment Point Installation

For this post we will be installing both roles on a stand-alone Primary site using HTTPS connections. If you split the roles between different machine, do the installation section twice, once for the first site system (selecting Enrollment Point during role selection) and a second time on the other site system (selecting Enrollment Proxy Point during role selection).

• Open the SCCM console
• Navigate to Administration / Site Configuration / Servers and Site System Roles
• Right click your Site System and click Add Site System Roles
• On the General tab, click Next

• On the Proxy tab, click Next

• On the Site System Role tab, select Enrollment Point and Enrollment Proxy Point, click Next

• On the Enrollment Point tab
  • In the IIS Website and Virtual application name fields, leave both to the default values
    • This is the names that you’ll see in IIS after the installation
  • Enter the port number you want to use. The HTTPS setting is automatically selected and requires a PKI certificate on the server for server authentication to the Enrollment Proxy Point and for encryption of data over SSL. For more information about the certificate requirements, see PKI Certificate Requirements for Configuration Manager.

• On the Enrollment Proxy Point tab,
  • The Enrollment point will be populated by default and can’t be changed
  • Keep the Website name to it’s default value
  • Enter the port and protocol that you want to use
  • The Virtual application name can’t be changed. This will be used for client installation (https://servername/EnrollmentServer)

• On the Summary tab, review your settings, click Next and complete the wizard

Verification and Logs files

Logs

You can verify the role installation in the following logs:

• ConfigMgrInstallationPath\Logs\enrollsrvMSI.log and enrollmentservice.log  – Records details of about the Enrollment Point installation
• ConfigMgrInstallationPath\Logs\enrollwebMSI.log – Records details of about the Enrollment Proxy Point installation
• ConfigMgrInstallationPath\Logs\enrollmentweb.log – Records communication between mobile devices and the Enrollment Proxy Point

That’s it, you’ve installed your SCCM 2012 Enrollment Point, follow this Technet Guide if you want to proceed to next steps for Mac computers enrollment

The post How to install an SCCM 2012 Enrollment Point appeared first on System Center Dudes.

Cumulative Update 1 (CU1) for SCCM 2012 R2 SP1 and SCCM 2012 SP2 is now available. This post is a complete step-by-step SCCM 2012 R2 SP1 CU1 Installation guide. If you’re looking for a complete SCCM 2012 installation guide, see our blog series which covers it all.

Installing SCCM cumulative updates is very important to your infrastructure. It fix lots of issues, which some of them are important.

As this is the first post-R2 SP1 cumulative update, the important requirement for the installation is that SCCM 2012 R2 SP1 is installed. The latest non-R2 SP1 cumulative update is CU5. Don’t get confused, this CU could have been named CU6 (chronologically wise) but Microsoft has decided to reset the numbering due to the Service Pack release. See our SCCM 2012 versions post to have a clear view of all build numbers.

Improvements/Fixes

The major new functionality of CU1 is the Automatic Client Upgrade feature during CU setup wizard. This will facilitate client upgrade when applying further CU.

Latest KB are included and many bugs are fixed in this cumulative update. Follow this Microsoft Support page to see a detailed list.

Before you begin

Installing this update is very similar to prior CU. I’ll guide you through the upgrade process step-by-step in a standalone primary scenario.

• Download the update on the Microsoft Support page

This update can be applied directly to the following Systems/Roles:

• The Central Administration Site (CAS)
• Primary Site
• Secondary Site
• SMS Provider
• Configuration Manager Console

In this guide, we’ll be updating a Primary Site Server, console and clients.

SCCM 2012 R2 SP1 CU1 Installation guide

To start the installation, lauch a remote desktop session on your Primary Site Server, and run CM12_SP2R2SP1CU1-KB3074857-X64-ENU.exe

A log file will be created in C:\Windows\Temp\CM12_SP2R2SP1CU1-KB3074857-X64-ENU.log

• On the Welcome Screen, click Next

• Accept the license agreement, and click Next

• Ensure that everything is green, and click Next. On the screenshot, a restart is required before installing the CU

• Check the box to update the console, click Next

• Select Yes, update the site database, click Next

• This is the new Automatic Client Update addition. Select the behavior that you want
• Choosing the Automatically apply option results in following steps:
  • Places the most recent client patch file on the site server
  • Updates content on the distribution points for this site and any child sites. Note this only occurs when the cumulative update runs on the Central Administration Site (CAS)
  • Updates the client package on the Management Point of the local site; this source is used in the event there are no distribution points available for client installation
  • Future client installations using the Client Push method will apply the new patch automatically
  • The time frame for updating the client depends on your Automatic Client Upgrade settings
• If you chose the Manually Apply option, you will need to update your client manually as in prior CU (See our Updating the clients section)

• Check all 3 checkbox (Server, Console and Clients), click Next

• Edit the package name and program to your need, click Next

• Review the Summary page, click Install

• Installation is in progress

• You can follow the installation progress in the log file (C:\Windows\Temp\CM12_SP2R2SP1CU1-KB3074857-X64-ENU.log)

• When setup is complete, click Next and then Finish

Verification

Consoles

After setup is completed, launch the System Center 2012 Configuration Manager Console and verify the build number of the console. If the upgrade was successful, the console build number will be 5.0.8239.1203.

Servers

Open registry editor and check the HKLM\Software\Microsoft\SMS\Setup\ key. If the installation succeeded CULevel key value will be 1.

You can also verify both client and console version using PowerShell :

• Server : Get-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\SMS\Setup -Name “CULevel”
• Console : (Get-Item ($env:SMS_ADMIN_UI_PATH.Substring(0,$env:SMS_ADMIN_UI_PATH.Length – 5) + ‘\Microsoft.ConfigurationManagement.exe’)).VersionInfo.FileVersion

Clients

The client version will be updated to 5.0.8239.1203 (after updating, see section below)

This update also brings the anti-malware client version to 4.7.0209.0. You can find the version information by clicking About on the Help menu of the Endpoint Protection client UI.

Package distribution

Navigate to Software Library / Packages / Configuration Manager Updates

• You’ll see that your CU1 updates packages are created

• Go ahead and Distribute Content to your distribution points

Updating the Clients

If you select the Automatically Apply option in the installation wizard, your client will update using your time frame settings.

• Open the SCCM Console
• Go to Administration / Site Configuration / Sites
• Click the Hierarchy Settings in the top ribbon
• Select Automatic Client Upgrade tab
• The Upgrade client automatically when the new client update are available checkbox has been enabled
• Review your time frame and adjust it to your needs

If you select the Manually Apply option in the wizard, you will need to update your client manually.

This update contains 2 update packages for client installations. One for 32-bit clients and one for 64-bit clients.

Create two collections for the client upgrade. (If not already done in previous CU)

All-x64-based Clients

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceId = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.SystemType = "X64-based PC"

All-x86-based Clients

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceId = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.SystemType = "X86-based PC"

Adjust the package options to fit your environments and deploy the update to your clients.

Once deployed I like to create a collection that targets clients without the latest CU. I use it to monitor which client haven’t been updated yet.

Here’s the query to achieve this: (You can also refer to our Set of Operational Collection Powershell Script)

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.ClientVersion != '5.0.8239.1203'

Happy updating !

The post Step-by-Step SCCM 2012 R2 SP1 CU1 Installation guide appeared first on System Center Dudes.

Cumulative Update 2 (CU2) for SCCM 2012 R2 SP1 and SCCM 2012 SP2 is now available. This post is a complete step-by-step SCCM 2012 R2 SP1 CU2 Installation guide. If you’re looking for a complete SCCM 2012 installation guide, see our blog series which covers it all.

Installing SCCM cumulative updates is very important to your infrastructure. It fix lots of issues, which some of them are important. Microsoft recommends installing Cumulative Updates if you are affected by a resolved issues. If you are not on SCCM 2012 R2 SP1 or SCCM 2012 SP2, the latest CU is Cumulative Update 5.

As this is a cumulative update, you don’t have to install prior CU(1) before installing CU2. CU2 contains all the fixes included in previous CU.

Improvements/Fixes

There’s no new major functionality in CU2. This update contains fixes for issues in various areas including software distribution and content management; operating system deployment; site systems and mobile device management. In addition, it applies the latest KB and fixes known bugs. Follow this Microsoft Support page to see a full list of issues that are fixed.

PowerShell changes are no longer included in CU as described in our previous post. You won’t find any changes in PowerShell following this CU.

Before you begin

Installing this update is very similar to prior CU. I’ll guide you through the upgrade process step-by-step in a standalone primary scenario.

• Download the update on the Microsoft Support page

This update can be applied directly to the following Systems/Roles:

• The Central Administration Site (CAS)
• Primary Site
• Secondary Site
• SMS Provider
• Configuration Manager Console

In this guide, we’ll be updating a Primary Site Server, console and clients.

SCCM 2012 R2 SP1 CU2 Installation guide

To start the installation, lauch a remote desktop session on your Primary Site Server, and run CM12_SP2R2SP1CU2-KB3100144-X64-ENU.exe

A log file will be created in C:\Windows\Temp\CM12_SP2R2SP1CU2-KB3100144-X64-ENU.log

• On the Welcome Screen, click Next

• Accept the license agreement, and click Next

• Ensure that everything is green, and click Next. On the screenshot, a restart is required before installing the CU

• Check the box to update the console, click Next

• Select Yes, update the site database, click Next

• If the Automatic Client Upgrade feature is enabled on a Site Server, the wizard will present the Automatic Client Update screen :
• Choosing the Automatically apply option results in following steps:
  • Places the most recent client patch file on the site server
  • Updates content on the distribution points for this site and any child sites. Note this only occurs when the cumulative update runs on the Central Administration Site (CAS)
  • Updates the client package on the Management Point of the local site; this source is used in the event there are no distribution points available for client installation
  • Future client installations using the Client Push method will apply the new patch automatically
  • The time frame for updating the client depends on your Automatic Client Upgrade settings
• If you chose the Manually Apply option, you will need to update your client manually as in prior CU (See our Updating the clients section)

• Check all 3 checkbox (Server, Console and Clients), click Next

• Edit the package name and program to your need, click Next

• Review the Summary page, click Install

• Installation is in progress

• You can follow the installation progress in the log file (C:\Windows\Temp\CM12_SP2R2SP1CU2-KB3100144-X64-ENU.log)

• When setup is complete, click Next and then Finish

Verification

Consoles

After setup is completed, launch the System Center 2012 Configuration Manager Console and verify the build number of the console. If the upgrade was successful, the console build number will be 5.0.8239.1301.

Servers

Open registry editor and check the HKLM\Software\Microsoft\SMS\Setup\ key. If the installation succeeded CULevel key value will be 2.

You can also verify both client and console version using PowerShell :

• Server : Get-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\SMS\Setup -Name “CULevel”
• Console : (Get-Item ($env:SMS_ADMIN_UI_PATH.Substring(0,$env:SMS_ADMIN_UI_PATH.Length – 5) + ‘\Microsoft.ConfigurationManagement.exe’)).VersionInfo.FileVersion

Clients

The client version will be updated to 5.0.8239.1301 (after updating, see section below)

This update also brings the anti-malware client version to 4.7.0209.0. You can find the version information by clicking About on the Help menu of the Endpoint Protection client UI.

Package distribution

Navigate to Software Library / Packages / Configuration Manager Updates

• You’ll see that your CU2 updates packages are created

• Go ahead and Distribute Content to your distribution points

Boot Images

• Open the SCCM Console
• Go to Software Library / Operating Systems / Boot Images
• Select your boot image, right-click and select Update Distribution Points
• Repeat the steps for all your boot images

Updating the Clients

If you select the Automatically Apply option in the installation wizard, your client will update using your time frame settings.

• Open the SCCM Console
• Go to Administration / Site Configuration / Sites
• Click the Hierarchy Settings in the top ribbon
• Select Automatic Client Upgrade tab
• The Upgrade client automatically when the new client update are available checkbox has been enabled
• Review your time frame and adjust it to your needs

If you select the Manually Apply option in the wizard, you will need to update your client manually.

This update contains 2 update packages for client installations. One for 32-bit clients and one for 64-bit clients.

Create two collections for the client upgrade. (If not already done in previous CU)

All-x64-based Clients

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceId = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.SystemType = "X64-based PC"

All-x86-based Clients

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceId = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.SystemType = "X86-based PC"

Adjust the package options to fit your environments and deploy the update to your clients.

Once deployed I like to create a collection that targets clients without the latest CU. I use it to monitor which client haven’t been updated yet.

Here’s the query to achieve this: (You can also refer to our Set of Operational Collection Powershell Script)

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.ClientVersion != '5.0.8239.1301'

Happy updating !

The post Step-by-Step SCCM 2012 R2 SP1 CU2 Installation guide appeared first on System Center Dudes.

Microsoft has just announced the release of SCCM 1511. Before performing your SCCM 1511 upgrade, we recommend that you read all the available resources and carefully plan the upgrade process throughout your SCCM 2012 R2 SP1 hierarchy. The good news is that our SCCM 1511 Upgrade Guide will list everything you need to know before applying this major upgrade to your existing SCCM 2012 installation. We’ve got you covered !

In this blog post, we will guide you through the whole upgrade process to bring your existing SCCM 2012 R2 SP1 to SCCM 1511. See our complete installation guide if your starting from scratch.

New Features

SCCM 1511 brings a whole new set of features. Don’t get surprised, the gap isn’t as big as 2003 to 2007 or 2007 to 2012. The console has the same look and concepts are the same. If you’re upgrading from 2012, the upgrade process is similar as applying a Service Pack. No need to do a side-by-side migration which is a pretty good news !

We suggest to read our blog post to know everything about the new features before upgrading.

Naming Convention

You may wonder why Microsoft has decided to name the next version of SCCM that way. You may heard the name SCCM Vnext or SCCM 2016 but the final name is simply SCCM. This is due to the fact that SCCM is now part of the new SaaS platform which means that its update cycle will be much quicker than before. Each new version will be named as SCCM YYMM (Year Month). The first release is 1511 (for November 2015). Microsoft needed a way to keep the same upgrade pace than Windows 10 and decided to opt for the same naming convention which makes sense. Here’s chances that a new build of Windows will simultaneously bring a new SCCM build.

Upgrade Path

Depending your actual SCCM version you have different options :

• You can upgrade directly to SCCM 1511 if you’re running the following versions.  Keep reading, this guide is for you ! (Cumulative Update are not mandatory)
  • SCCM 2012 SP1
  • SCCM 2012 SP2
  • SCCM 2012 R2
  • SCCM 2012 R2 SP1
• If you’re running SCCM 2012 (non-SP), you need to apply first  Service Pack 1 or Service Pack 2 before upgrading. Use our blog post to apply it and come back to this guide afterward
• If you’re running a Technical Preview on your lab server. Completely uninstall it before doing a fresh install. An upgrade is not supported from a Technical Preview version
• If you’re running SCCM 2007 a side-by-side migration is still possible but you must first start by a fresh install on a separate server. Supported SCCM 2007 is SP2+
• If you’re running SMS 2003, you seriously need to upgrade your remaining XP computers !
• If you’re not running any version of SCCM in your environment, refer to our full installation guide

Prerequisites

• Our post focus on what needs to be done to upgrade a stand-alone SCCM 2012 R2 SP1 Primary Site to SCCM 1511
• If you have a hierarchy with a Central Administration Site and multiple Primary Site, start with the top of the hierarchy (CAS) and go down, upgrading all Primary Sites and Secondary Sites.
• You need to upgrade your ADK version to version 10 before the upgrade process. See section Windows Automated Deployment Kit (ADK) of our Windows 10 blog post to know how to upgrade. Also consult this blog post from the product group to use the right version of ADK 10, there’s a bug in the latest release
• If you’re planning to use Windows 10 Servicing, you need to consider applying this important WSUS update to your Windows Server. This hotfix is only available for Windows 2012, if you’re running your Software Update Point on Windows 2008, consider moving your SUP to a Windows 2012 server
• Review the upgrade checklist from Technet

Database Replication

If you have a database replica for management point, disable Database replication. If you don’t use this function, skip this step and go to the Backup and TestDBupgrade section

• Open the SCCM Console, browse to Administration / Site Configuration / Servers and Site System Roles
• Select the Site System that hosts the management point that uses the database replica
• Right click Management point and select Properties

• On the Management Point Database tab, select Use the site database and click Ok

• Connect to the SQL server hosting the replica databases
• Open SQL Management Studio
• Go to  Replication / Local subscription
• Right click the replica and select Delete. Select Yes to the warning prompt

• Right click the publisher database and select Delete. Select Close existing connections and click OK
• Connect to the SQL server hosting the site database
• Open SQL Management Studio
• Go to Replication and select Disable Publishing and Distribution

• On the next screen, click Next
• Select Yes, disable publishing on this server and click Next, Next, Next
• Click Finish

Backup and TestDBUpgrade

• Before upgrading, perform a backup of your SCCM database.
• It is recommended to test your Configuration Manager database before the upgrade.  Detailed procedure is available on Technet, here’s the resumed version :
  • Backup your site databse
  • Restore it on a SQL server running the same version as your SCCM SQL instance
  • On the SQL server, run the SCCM setup command line using the Testdbupgrade switch
  • Open the log file on C:\ConfigMgrSetup.log
  • If the process is successful, you can delete the database copy
  • If you have errors, resolve them on your SCCM server, do a new backup and restart this procedure

After you successfully upgrade a copy of the site database, proceed with the “real” upgrade.

Running Console

Close all running consoles on the server. Check also if remotely logged users are running the console in their sessions. The setup won’t check that and you’ll endup having an error in the installation log at the end of the process.

ERROR: Configuration Manager console uninstallation failed. Check log file ConfigMgrAdminUISetup.log.

SCCM 1511 Upgrade Installation

If you just upgraded to SCCM 2012 R2 SP1, you’ll recognize the process. The user experience is similar to a new SCCM installation or Service Pack.

• Download the necessary files from Microsoft Volume Licensing Site

• Mount the ISO File and run Splash.hta

• On the main menu, select Install

• On the Before You Begin screen, click Next

• On the Getting Started screen, select Upgrade this Configuration Manager site

• On the Microsoft Software License Terms, check I accept these license terms and click Next

• On the Prerequisite Licenses, check all 3 boxes and click Next

• On the Prerequisite Downloads screen, specify a location to download the prerequisite files. This folder can be deleted after the upgrade process

• The files are downloading

• On the Server Language Selection screen, select the language you want to display in the SCCM Console and Reports

• On the Client Language Selection screen, specify the display language for your clients

• On the Usage Data screen, click Next. This new screen basically tells that you accept that you will send some telemetry data to Microsoft

• If you have an Windows Intune Connector enabled, you won’t have the Service Connection Point screen during the upgrade process. The Windows Intune Connector will be automatically replaced by a Service Connection Point
• On the Service Connection Point screen, click Next. Connecting to the service enables your hierarchy to stays updated

• On the Settings Summary screen, you will see that you are performing an Upgrade, click Next

• The Prerequisite Check is running
• You should have no errors since your site is already installed and running
• Wait for Prerequisite checking has completed and click on Begin Install

• The installation is in progress. The installation will run for about 30 to 45 minutes depending of your server specifications
• You can follow the progress by clicking the View Log button or open the ConfigMgrSetup.log file on the C:\ drive

• Wait for Core setup has completed and close the wizard

Verification

Once the setup has completed, there’s a couple of check that you can make to be sure the upgrade process was successful.

• C:\ConfigMgrSetup.log  – Display detailed installation steps. Funny easter egg here, still written Configuration Manager 2012.

Console

• Open the SCCM Console and click on the upper left corner on the blue arrow and select About Configuration Manager
• The Console has been upgraded to SCCM 1511 – 5.00.8325.100

Site

• Go to Administration / Site Configuration / Sites
• Right-click your site and select Properties
• The Site Version and Build Numbers has been upgraded to 5.00.8325.1000

Clients

The site server client version will be upgraded to 5.00.8325.1000. A full list of client version is available on this post.

Boot Image

• Go to Software Library / Operating Systems / Boot Images
• Validate that the Boot Images has been automatically upgraded to WinPE 10 on your distribution points

Packages

• Go to Software Library / Application Management / Packages
• Validate that the Configuration Manager Client Package has been automatically distributed on your distribution points

Post Upgrade

Upgrading your Secondary Sites

If you have any Secondary Sites, you need to manually upgrade them after the migration.

• Go to Administration / Site Configuration / Sites
• Select your Secondary Site and click Upgrade on the top ribbon

• Click Yes to confirm
• You can follow the process by selecting the Show Install Status option on the top ribbon

Intune

If you use Intune with SCCM, at the top-level site upgrades, install a service connection point. This site system role must also be reconfigured with your Intune subscription.

Database Replication

Enable the database replicas for Management Points,  if it was configured before the upgrade.

Maintenance Tasks

Reconfigure any database maintenance tasks you disabled prior to the upgrade. If you disabled database Maintenance tasks for SCCM at a site prior to the upgrade, reconfigure those tasks at the site using the same settings that were in place prior to the upgrade

Updating the Clients and Consoles

Once your site is successfully upgraded, you need to upgrade the clients and console to SCCM 1511. A lower version of the console won’t be able to connect to a newer site. A outdated client will still be able to communicate with your Management Point but we recommend to update them.

Console

You can manually upgrade by browsing to .\ConfigMgrInstallationFolder\tools\ConsoleSetup and execute ConsoleSetup.exe on each computer running the console.

We suggest to create a package or application pointing on the same directory and deploy it using a collection.

All clients with the SCCM console installed

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName = 'System Center 2012 R2 Configuration Manager Console'

Clients

To upgrade the clients, you have various options :

Automatic Client Upgrade

Using the Client Upgrade option, your client will be upgraded automatically within x days using the value specified

• Go to Administration / Site Configuration / Sites
• Click on the Hierarchy Settings button on the top ribbon
• On the Client Upgrade tab
• Check the Upgrade client automatically when new client updates are available
• Select the desired number of days you want your upgrade to be run
• A schedule task will be created on the clients and run within the specified number of days

Client Push

Create manual collection and use the client push function to deploy your clients. This method gives you more control on the group of computer you are upgrading.

I like to create a collection that targets clients without the latest SCCM 1511 version. I use it to monitor which client haven’t been upgraded yet.

Here’s the query to achieve this: (You can also refer to our Set of Operational Collection Powershell Script which contain this query and 47 others that you see in the previous screenshot)

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.ClientVersion != '5.00.8325.1000'

Report

You can run our Client Health Check custom report to track your client versions.

Additional reference

Planning to Upgrade System Center 2012 Configuration Manager

Official Configuration Manager documentation

If you need further help to understand and configure various SCCM site component, consult our Step-by-Step SCCM 1511 Installation Guide blog series. It covers all you need to know.

Happy updating !

sccm 2012 r2 sp1 upgrade

The post Step-by-Step SCCM 1511 Upgrade Guide appeared first on System Center Dudes.

This blog post will describe how to perform an SCCM Service Connection Point Installation. The Service Connection Point is a new site system role that serves several important functions for the SCCM hierarchy.

It might affect how you configure this site system role:

• Manage mobile devices with Microsoft Intune– This role replaces the Windows Intune connector used by previous versions of SCCM, and can be configured with your Intune subscription details
• Manage mobile devices with on-premises MDM– This role provides support for on-premises devices you manage that do not connect to the Internet
• Upload usage data from your Configuration Manager infrastructure– You can control the level or amount of detail you upload
• Download updates that apply to your Configuration Manager infrastructure – Only relevant updates for your infrastructure are made available, based on usage data you upload

Site System Role Placement in Hierarchy

Each hierarchy supports a single instance of this role. The site system role can only be installed at the top-tier site of your hierarchy (On a Central Administration Site or a stand-alone Primary Site).

SCCM Service Connection Point Installation

The SCCM 1511  installation or upgrade wizard will ask to install the Service Connection Point. If you select to skip the role installation, you can manually add it to SCCM using the following steps.

• Go to Administration / Site Configuration / Servers and Site System Roles
• Right click the Site System you wish to add the role
• Click Add Site System Role in the Ribbon

• On the General tab, click Next

• On the Proxy tab, click Next

• On the Site System Role tab, select Service Connection Point and click Next

• On the Service Connection Mode, select the desired option :
  • In Online mode, the Service Connection Point automatically downloads updates that are available for your current infrastructure and product version, making them available in the SCCM console
  • In Offline mode, the Service Connection Point does not connect to the Microsoft cloud service and you must manually use the service connection tool when your Service Connection Point is in Offline mode to import available updates

• On the Summary screen, wait for the setup to complete and close the wizard

Verification and Logs files

• ConnectorSetup.log –Information about role installation and that the Service Connection Point was created successfully

The post SCCM Service Connection Point Installation appeared first on System Center Dudes.

After you completed your SCCM installation, you certainly want to start managing some systems. The effective way to add them in SCCM is to configure SCCM discovery methods. This blog article will explain the various discovery methods and will describe how to configure it.

This blog post applies to both SCCM 2012 R2 and SCCM 1511.

In the first parts of these SCCM 2012 and SCCM 1511 blog series, we covered the complete SCCM 2012 R2 and SCCM 1511 installation. In the final parts, we will cover the basic SCCM configurations.

What is SCCM Discovery Methods

Here’s the official discovery methods definition from Technet :

SCCM discovery methods identifies computer and user resources that you can manage by using Configuration Manager. It can also discover the network infrastructure in your environment. Discovery creates a discovery data record (DDR) for each discovered object and stores this information in the Configuration Manager database. 

When discovery of a resource is successful, discovery puts information about the resource in a file that is referred to as a discovery data record (DDR). DDRs are in turn processed by site servers and entered into the Configuration Manager database where they are then replicated by database-replication with all sites. The replication makes discovery data available at each site in the hierarchy, regardless of where it was discovered or processed. You can use discovery information to create custom queries and collections that logically group resources for management tasks such as the assignment of custom client settings and software deployments. Computers must be discovered before you can use client push installation to install the Configuration Manager client on devices.

In simple words, it means that SCCM need to discover device before it can manage them. It’s not mandatory to discover computers, if you manually install the client, it will appear in the console and it can be managed. The problem is that if you have thousand computers, it can be a fastidious process. By using Active Directory System Discovery, all your computers will be shown in the console, from there you can choose to install the client using various SCCM methods. Of course if you need information about your user and groups, you need to configure User and Group discovery, it’s the only way to bring this information in SCCM.

There are 5 Types of Discovery Methods that can be configured. Each one targets a specific object type (Computers, Users, Groups, Active Directory) :

Active Directory System Discovery

Discovers computers in your organization from specified locations in Active Directory. In order to push the SCCM client to the computers, the resources must be discovered first. You can specify to discover only computers that have logged on to the domain in a given period of time. This option is useful to exclude obsolete computer accounts from Active Directory.You also have the option to fetch custom Active Directory Attributes. This is useful if your organization store custom information in AD. You can read our blog post concerning this topic.

• Open the SCCM Console
• Go to Administration / Hierarchy Configuration / Discovery Methods
• Right-Click Active Directory System Discovery and select Properties

• On the General tab, you can enable the method by checking Enable Active Directory System Discovery
• Click on the Star icon and select the Active Directory container that you want to include in the discovery process

• On the Poling Schedule tab, select the frequency on which you want the discovery to happen
  • A 7 day cycle with a 5 minutes delta interval is usually fine in most environment

• On the Active Directory Attribute tab, you can select custom attributes to include during discovery
  • This is useful if you have custom data in Active Directory that you want to use in SCCM

• On the Options tab, you can select to discover only accounts that have logged or updated their passwords since a specific number of days
  • This is useful if your Active Directory isn’t clean. Use this to discover only good records

Active Directory Group Discovery

Discovers groups from specified locations in Active Directory. The discovery process discovers local, global or universal security groups. When you configure the Group discovery you have the option to discover the membership of distribution groups. With the Active Directory Group Discovery you can also discover the computers that have logged in to the domain in a given period of time. Once discovered, you can use group information for exemple to create deployment based on Active Directory groups.

Be careful when configuring this method : If you discover a group that contain a computer object that is NOT discovered in Active Directory System Discovery, the computer will be discovered. If automatic client push is enabled, this could lead to unwanted clients computers.

To discover resources using this methods :

• Open the SCCM Console
• Go to Administration / Hierarchy Configuration / Discovery Methods
• Right-Click Active Directory Group Discovery and select Properties

• On the General tab, you can enable the method by checking Enable Active Directory Group Discovery
• Click on the Add button on the bottom to add a certain location or a specific group.
  • Remember : If you discover a group that contain a computer object that is NOT discovered in Active Directory System Discovery, the computer will be discovered.

• On the Poling Schedule tab, select the frequency on which you want the discovery to happen
  • A 7 day cycle with a 5 minutes delta interval is usually fine in most environment

• On the Options tab, you can select to discover only accounts that have logged or updated their passwords since a specific number of days
  • This is useful if your Active Directory isn’t clean. Use this to discover only good records

Active Directory User Discovery

Discovery process discovers user accounts from specified locations in Active Directory. You also have the option to fetch custom Active Directory Attributes. This is useful if your organization store custom information in AD about your users. Once discovered, you can use group information for example to create user based deployment.

To discover resources using this methods :

• Open the SCCM Console
• Go to Administration / Hierarchy Configuration / Discovery Methods
• Right-Click Active Directory User Discovery and select Properties

• On the General tab, you can enable the method by checking Enable Active Directory User Discovery
• Click on the Star icon and select the Active Directory container that you want to include in the discovery process

• On the Poling Schedule tab, select the frequency on which you want the discovery to happen
  • A 7 day cycle with a 5 minutes delta interval is usually fine in most environment.

• On the Active Directory Attribute tab, you can select custom attributes to include during discovery
  • This is useful if you have custom data in Active Directory that you want to use in SCCM

Active Directory Forest Discovery

Discovers Active Directory sites and subnets, and creates Configuration Manager boundaries for each site and subnet from the forests which have been configured for discovery. Using this discovery method you can automatically create the Active Directory or IP subnet boundaries that are within the discovered Active Directory Forests. This is very useful if you have multiple AD Site and Subnet, instead of creating them manualy, use this method to do the job for you.

To discover resources using this methods :

• Open the SCCM Console
• Go to Administration / Hierarchy Configuration / Discovery Methods
• Right-Click Active Directory Forest Discovery and select Properties

• On the General tab, you can enable the method by checking Enable Active Directory Forest Discovery
• Select the desired options

HeartBeat Discovery

HeartBeat Discovery runs on every client and to update their discovery records in the database. The records (Discovery Data Records) are sent to the Management Point in specified duration of time. Heartbeat Discovery can force discovery of a computer as a new resource record, or can repopulate the database record of a computer that was deleted from the database.

HeartBeat Discovery is enabled by default and is scheduled to run every 7 days.

To discover resources using this methods :

• Open the SCCM Console
• Go to Administration / Hierarchy Configuration / Discovery Methods
• Right-Click Heartbeat Discovery and select Properties

• On the General tab, you can enable the method by checking Enable Heartbeat Discovery
  • Make sure that this setting is enabled and that the schedule run less frequently than the Clear Install Flag maintenance task.

Network Discovery

The Network Discovery searches your network infrastructure for network devices that have an IP address. It can search the domains, SNMP devices and DHCP servers to find the resources. It also discovers devices that might not be found by other discovery methods. This includes printers, routers, and bridges.

We won’t go into detail of this discovery methods as it’s old and depreciated methods. We never saw any customers using this method in production.

The post How to configure and enable SCCM Discovery Methods appeared first on System Center Dudes.

SCCM 1511 contains many new features, one of them is the improved Software Center. After installing or upgrading to SCCM 1511, on an updated client you’ll see that the Software Center hasn’t changed.

This is because the new Software Center is not enabled by default. This blog post will describe how to enable the new SCCM 1511 Software Center.

Some of the main improvements :

• Possibility to view Users and Device deployments
• New visual design
• Device Compliance is now part of Software Center. Don’t get confused, this is not for Compliance Settings (DCM) it’s for Conditional Access scenarios
• Silverlight is no longer a requirement

Enable the new SCCM 1511 Software Center

The new Software Center is enabled through SCCM Client Settings. To enable the function and deploy it to your machines :

• Open the SCCM Console
• Go to Administration / Client Settings
• Create a new Client Settings or modify the one your using. For this post i’ll create a new one
• In the right pane, select Computer Agent

• On the left, under Computer Agent, you’ll see Use new software Center, select Yes, click OK

• Right-click the Client Settings you just created and select Deploy
• Select the collection that contains the systems you want to enable

• Initiate a Machine Policy Retrieval & Evaluation Cycle on your client

• After a couple seconds, the SCCM 1511 Software Center will be displayed

The installation directory of the new SCCM 1511 Software Center is C:\Windows\CCM\ClientUX

The post How to enable the new SCCM 1511 Software Center appeared first on System Center Dudes.

Before upgrading to SCCM 1511, it’s recommended to perform a test upgrade on a copy of your production database. We briefly cover the topic on our SCCM 1511 Upgrade post but we wanted to provide a step-by-step procedure. This procedure is not mandatory but gives you a head-ups on installation error you may encounter before your upgrade.

Step 1 | Prepare your environment for SCCM Installation Testdbupgrade

To test the database for an upgrade, you must copy the site database to a SQL instance that does not host SCCM. The SQL version must run the same edition and version of your production SQL.

• Start by creating a new VM or connect to an existing SQL server that can host your SCCM database.
• Install the right SQL version. Follow our post on how to install SQL Server if needed.

Step 2 | Backup your database

Once your SQL server is ready to receive the database copy, browse to your latest SCCM Backup.

We will use the SCCM Backup Maintenance task for this post but it’s also supported to use the SQL Database backup.

To see where SCCM backups are stored go to :

• Open the SCCM Console
• Go to Administration / Site Configuration / Sites
• Click on Site Maintenance on the top ribbon
• Select Backup Site Server, click on Edit

• Take note of the path where your backup are done and browse to that location

• Copy the .MDF and .LDF file to the SQL Server that will be performing the test upgrade

If you don’t have a backup, enable the task and schedule it. You can also initiate a manual backup if you want the files now.

• Go to Monitoring / System Status / Site Status
• Click on Start / Configuration Manager Service Manager

• Browse to SMS_SITE_BACKUP, right-click it select Query then Start

Step 3 | Attach the database copy

We are now ready to perform the test upgrade.

• Connect to your SQL Server
• Open SQL Management Studio
• In the Object Explorer pane, right-click Database and select Attach

• In the Attach Databases screen, click on Add

• Select the MDF file that you copied from the SCCM backup, click Ok

• On the bottom pane, resolve any issues displayed in the Message column. In my example the M: and N: drive are Not Found since they don’t exist on this machine. Click on the … button and point correctly at the Data and Log file
• Click Ok

• The Message box will remove errors

• The database will be attached

We will now check that we have the proper rights on the database

• Click on Security / Logins
• Right click your user and select Properties (or create a New Login if your Login is not existing)

• In the User Mapping tab, select the database you just attached and select the db_owner role membership

Step 4 | Test the upgrade

We will now launch the SCCM Setup using the switch to test the database migration

• On the same machine that you attach the database
• Mount the SCCM ISO
• Go to \SMSSETUP\BIN\X64
• Run the following command: (change the database name to refect your name)

• The Installation Prerequisite Check windows will open
• Click on Begin TestDBUpgrade button

• On the warning window, click Yes

• The Installation Prerequisite Check windows will close
• You need to monitor the progress in the log file located on C:\ConfigMgrSetup.log

• The process took about 20 minutes for a 6.7gb database
• When completed you’ll have the following line in the log : Configuration Manager Setup has successfully upgraded the database
• Close the log

If you had no error, you can delete the file you imported from your backup and proceed to your real SCCM Upgrade on your production server.

The post How to perform a Testdbupgrade before SCCM Installation appeared first on System Center Dudes.

Cumulative Update 3 (CU3) for SCCM 2012 R2 SP1 and SCCM 2012 SP2 is now available. This post is a complete step-by-step SCCM 2012 R2 SP1 CU3 Installation guide. If you’re looking for a complete SCCM 2012 installation guide, see our blog series which covers it all.

Installing SCCM cumulative updates is very important to your infrastructure. It fix lots of issues, which some of them are important. Microsoft recommends installing Cumulative Updates if you are affected by a resolved issues. If you are not on SCCM 2012 R2 SP1 or SCCM 2012 SP2, the latest CU is Cumulative Update 5.

If you are running SCCM 1511, this Cumulative Update is not applicable to your setup.

As this is a cumulative update, you don’t have to install prior CU(1-2) before installing CU3. CU3 contains all the fixes included in previous CU.

Improvements/Fixes

There’s no new major functionality in CU3. This update contains fixes for issues in various areas including software distribution and content management, operating system deployment, site systems and mobile device management. In addition, it applies the latest KB and fixes known bugs.

The most interesting updates is a new optional task sequence variable, SMSTSWaitForSecondReboot, to better control client behavior when a software update installation requires two restarts.

Follow this Microsoft Support page to see a full list of issues that are fixed.

PowerShell changes are no longer included in CU as described in our previous post. You won’t find any changes in PowerShell following this CU.

Before you begin

Installing this update is very similar to prior CU. I’ll guide you through the upgrade process step-by-step in a standalone primary scenario.

• Download the update on the Microsoft Support page

This update can be applied directly to the following Systems/Roles:

• The Central Administration Site (CAS)
• Primary Site
• Secondary Site
• SMS Provider
• Configuration Manager Console

In this guide, we’ll be updating a Primary Site Server, console and clients.

SCCM 2012 R2 SP1 CU3 Installation guide

To start the installation, lauch a remote desktop session on your Primary Site Server, and run CM12_SP2R2SP1CU3-KB3135680-X64-ENU.exe

A log file will be created in C:\Windows\Temp\CM12_SP2R2SP1CU3-KB3135680-X64-ENU.log

• On the Welcome Screen, click Next

• Accept the license agreement, and click Next

• Ensure that everything is green, and click Next. On the screenshot, a reboot is required before installing the CU

• Check the box to update the console, click Next

• Select Yes, update the site database, click Next

• If the Automatic Client Upgrade feature is enabled on a Site Server, the wizard will present the Automatic Client Update screen :
• Choosing the Automatically apply option results in following steps:
  • Places the most recent client patch file on the site server
  • Updates content on the distribution points for this site and any child sites. Note this only occurs when the cumulative update runs on the Central Administration Site (CAS)
  • Updates the client package on the Management Point of the local site; this source is used in the event there are no distribution points available for client installation
  • Future client installations using the Client Push method will apply the new patch automatically
  • The time frame for updating the client depends on your Automatic Client Upgrade settings
• If you chose the Manually Apply option, you will need to update your client manually as in prior CU (See our Updating the clients section)

• Check all 3 checkbox (Server, Console and Clients), click Next

• Edit the package name and program to your need, click Next

• Review the Summary page, click Install

• Installation is in progress

• You can follow the installation progress in the log file (C:\Windows\Temp\CM12_SP2R2SP1CU3-KB3135680-X64-ENU.log)

• When setup is complete, click Next and then Finish

Verification

Consoles

After setup is completed, launch the System Center 2012 Configuration Manager Console and verify the build number of the console. If the upgrade was successful, the console build number will be 5.0.8239.1403.

Servers

Open registry editor and check the HKLM\Software\Microsoft\SMS\Setup\ key. If the installation succeeded CULevel key value will be 3.

You can also verify both client and console version using PowerShell :

• Server : Get-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\SMS\Setup -Name “CULevel”
• Console : (Get-Item ($env:SMS_ADMIN_UI_PATH.Substring(0,$env:SMS_ADMIN_UI_PATH.Length – 5) + ‘\Microsoft.ConfigurationManagement.exe’)).VersionInfo.FileVersion

Clients

The client version will be updated to 5.0.8239.1403 (after updating, see section below)

This update also brings the anti-malware client version to 4.7.0209.0. You can find the version information by clicking About on the Help menu of the Endpoint Protection client UI.

Package distribution

Navigate to Software Library / Packages / Configuration Manager Updates

• You’ll see that your CU3 updates packages are created

• Go ahead and Distribute Content to your distribution points

Boot Images

After this cumulative update is installed on site servers, any operating system boot image should be updated

• Open the SCCM Console
• Go to Software Library / Operating Systems / Boot Images
• Select your boot image, right-click and select Update Distribution Points
• Repeat the steps for all your boot images

Updating the Clients

If you select the Automatically Apply option in the installation wizard, your client will update using your time frame settings.

• Open the SCCM Console
• Go to Administration / Site Configuration / Sites
• Click the Hierarchy Settings in the top ribbon
• Select Automatic Client Upgrade tab
• The Upgrade client automatically when the new client update are available checkbox has been enabled
• Review your time frame and adjust it to your needs

If you select the Manually Apply option in the wizard, you will need to update your client manually.

This update contains 2 update packages for client installations. One for 32-bit clients and one for 64-bit clients.

Create two collections for the client upgrade. (If not already done in previous CU)

All-x64-based Clients

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceId = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.SystemType = "X64-based PC"

All-x86-based Clients

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceId = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.SystemType = "X86-based PC"

Adjust the package options to fit your environments and deploy the update to your clients.

Once deployed I like to create a collection that targets clients without the latest CU. I use it to monitor which client haven’t been updated yet.

Here’s the query to achieve this: (You can also refer to our Set of Operational Collection Powershell Script)

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.ClientVersion != '5.00.8239.1403'

Happy updating !

The post Step-by-Step SCCM 2012 R2 SP1 CU3 Installation guide appeared first on System Center Dudes.

In the first part of this blog series on how to deploy Windows 10 with SCCM, we will prepare our environment for Windows 10. If you’re already deploying other operating systems with SCCM 1511, adding Windows 10 is just a matter of adding a new WIM (which our post covers in part 4). If you’re new to deploying operating system with SCCM, follow this post which will covers all steps needed before you can deploy your first systems.

Overview SCCM Windows 10 Deployment

1. Upgrade to SCCM 1511
2. Enable PXE Support
3. Prepare your boot image
4. Prepare your Operating Systems
5. Create your SUG
6. USMT Packages

Upgrade to SCCM 1511

It’s possible to manage Windows 10 with SCCM 2012 but when it comes to deploying Windows 10, if you want to use the full features, you need SCCM 1511 and further. Follow our guide to upgrade your SCCM server and make sure that you are upgrading your Windows ADK version which is included in the upgrade process.

Enable PXE Support

Follow these steps if you want to deploy your images using PXE boot (recommended)

• Open the SCCM Console
• Go to Administration / Site Configuration / Servers and Site System Roles
• Select your distribution point and right-click on the Distribution point role on the bottom, select Properties

• Select the PXE tab
• Enable the Enable PXE support for Clients check-box and answer Yes when prompted about firewall ports (UDP ports 67, 68, 69 and 4011 )

• Check the Allow this distribution point to respond to incoming PXE requests check box
• Check the Enable unknown computer support check box
• Ensure that the Respond to PXE request on all network interfaces is selected
• Click Ok

Your distribution point will now install Windows Deployment Services (if not already installed) and will copy the necessary files on the distribution point.

You can monitor this process in the SCCM Console :

• Go to Monitoring / Distribution Status / Distribution Point Configuration Status
• Click your distribution point on the top and select the Details tab on the bottom
• You will see that the distribution point PXE settings has changed

Prepare your boot image

Drivers

Before launching your first boot image you must include your Windows 10 drivers into the boot image. Our rule of thumb about drivers is to try to boot a certain model and if it fails, add the drivers. Do not add all your NIC drivers to your boot image, it’s overkill and unnecessary increase the size of the boot image.

To add drivers to the boot image :

• Open the SCCM Console
• Go to Software Library / Operating Systems / Boot Images
• Right-click your Boot Image, select Properties
• Select the Drivers tab

• Click the Star icon
• Select the desired drivers and click OK

• The selected drivers are added to the boot image, once you click OK, SCCM will inject the driver in your boot image

Customization

We will now make a couple customization to the boot image to enable command support (F8) and add a custom background image to the deployment

• Open the SCCM Console
• Go to Software Library / Operating Systems / Boot Images
• Right-click your Boot Image
• Select the Customization tab
• Check the Enable command support checkbox. This allows to have the F8 command line support during deployment
• Specify a custom background if needed by checking Specify the custom background image file checkbox

• If you’re using a PXE-enable distribution point, select the Data Source tab and check the Deploy this boot image from the PXE-Enabled distributon point checkbox

• Click Apply and Yes to the warning, close the window

Distribute your boot image

Since you’ve upgraded your ADK to version 10 and made modifications to your boot image, you need to redistribute it to your distribution points.

• Right click your boot image and select Update Distribution Points

Prepare your Operating Systems

We will now import the Windows 10 WIM file for Windows 10 deployment.

We will start by importing the default Install.Wim from the Windows 10 media for a “vanilla” Windows 10 deployment. You could also import a WIM file that you’ve created through a build and capture process.

• Open the SCCM Console
• Go to Software Library / Operating Systems / Operating System Images
• Right click Operating System Images and select Add Operating System Image

• On the Data Source tab, browse to your WIM file. The path must be in UNC format

• In the General tab, enter the Name, Version and Comment, click Next

• On the Summary tab, review your information and click Next

• Complete the wizard and close this window

Distribute your Operating System Image

We now need to send the Operating System Image (WIM file) to our distribution points.

• Right click your Operating System Image, select Distribute Content and complete the Distribute Content wizard

We will now import the complete Windows 10 media in Operating System Upgrade Packages. This package will be used to upgrade a Windows 7 (or 8.1) device to Windows 10 using an Upgrade Task Sequence.

• Open the SCCM Console
• Go to Software Library / Operating Systems / Operating System Upgrade Packages
• Right click Operating System Upgrade Packages and select Add Operating System Upgrade Packages

• In the Data Source tab, browse to the path of your full Windows 10 media. The path must point on an extracted source of a ISO file. You need to point at the top folder where Setup.exe reside

• In the General tab, enter the Name, Version and Comment, click Next

• On the Summary tab, review your information and click Next

• Complete the wizard and close this window

Distribute your Operating System Upgrade Packages

We now need to send the Operating System Upgrade Package to your distribution points.

• Right click your Operating System Upgrade Package, select Distribute Content and complete the Distribute Content wizard

Create Software Update Group

One important thing in any OSD project, is to make sure that every machines deployments are up to date. Before deploying Windows 10, make sure that your Software Update Point is configured to include Windows 10 patches.

Once Windows 10 is added to your Software Update Point, we will create a Software Update Group that will be deployed to our Windows 10 deployment collection. This way, all patches released after the Windows 10 media creation (or your Capture date) will be deployed during the deployment process.

To create a Windows 10 Software Update Group :

• Open the SCCM Console
• Go to Software Library / Software Updates / All Software Updates
• On the right side, click Add Criteria, select Product, Expired and Superseded
  • Product : Windows 10
  • Expired  : No
  • Superseded : No

• Select all patches and select Create Software Update Group

• Once created, go to Software Library / Software Updates / Software Update Groups
• Right-click your Windows 10 SUG and deploy it to your OSD deployment collection

USMT Package

If you are planning to use USMT to capture and restore user settings and files, you need to make sure that the USMT package is created and distributed.

• Open the SCCM Console
• Go to Software Library / Application Management / Packages
• Right-click the User State Migration Tool for Windows 10 package and select Properties
• On the Data Source tab, ensure that the package is using the ADK 10 – Which is per default C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\User State Migration Tool
• Right-click the User State Migration Tool for Windows 10 package and select Distribute Content

That’s it ! You have everything that’s needed to create your first Windows 10 deployment. Read the next parts of this blog series to successfully deploy Windows 10.

The post SCCM Windows 10 Deployment | Prepare your environment appeared first on System Center Dudes.

The first upgrade for SCCM Current Branch (1511) is now available. This post is a complete step-by-step SCCM 1602 upgrade guide. If you’re looking for a complete SCCM 1511 installation guide, see our blog series which covers it all.

Installing SCCM upgrades is very important to your infrastructure. It adds new feature and fixes lots of issues, which some of them are important.

New Update and Servicing

Since SCCM 1511, Microsoft now release update pack differently than services packs and cumulative updates. Downloading and updating is made directly from the console. If you need to make a new SCCM installation, you can’t install SCCM 1602 directly. You need to install SCCM 1511 first and then apply SCCM 1602 from the console. SCCM 1511 is still the baseline version if you’re starting from scratch.

The update process seem quite easy but don’t get confused. Yes, it’s easy to apply, but these updates needs to be planned as much as you planned cumulative updates and service pack in the past. (During the installation process all SCCM services including SMS_Executive service are stopped)

As stated on the Configuration Manager Team blog,  the new servicing methods is designed to support the much faster pace of updates for Windows 10 and Microsoft Intune. (You can expect 3 or 4 of these updates per year). They also mentioned that they plan to support each version/update for 12 months before they require that customers upgrade to the latest one to continue support. This basically means that you can skip SCCM 1602 if you want and apply SCCM 1606 (fictional name) at release. The important thing to remember is to update before the 12 month end-of-support period.

New features and fixes

This update contains new features and applies the latest KB/fixes to fix known bugs.

• Client Online Status
  • You can now view the online status of devices in Assets and Compliance. New icons indicate the status of a device as online or offline
• Support for SQL Server AlwaysOn Availability Groups
  • Configuration Manager now supports using SQL Server AlwaysOn Availability Groups to host the site database
• Windows 10 Device Health Attestation Reporting
  • You can now view the status of Windows 10 Device Health Attestation in the Configuration Manager console to ensure that the client computers have a trustworthy BIOS, TPM, and boot software
• Office 365 Update Management
  • You can now natively manage Office 365 desktop client updates using the Configuration Manager Software Update Management (SUM) workflow. You can manage Office 365 desktop client updates just like you manage any other Microsoft Update
• New Antimalware Policy Settings
  • New antimalware settings that can now be configured include protection against potentially unwanted applications, user control of automatic sample submission, and scanning of network drives during a full scan

Our favorite feature is Client Online Status which will greatly help operational tasks. A computer is considered online if it is connected to its assigned management point. To indicate that the computer is online, the client sends ping-like messages to the management point. If the management point doesn’t receive a message after 5 minutes, the client is considered offline.

Before you begin

Downloading and installing this update is done entirely from the console. There’s no download link, the update will appear in your console.

If you’re running a multi-tier hierarchy, start at the top-level site in the hierarchy. After the top-level site upgrades, you can begin the upgrade of each child site. Complete the upgrade of each site before you begin to upgrade the next site. Until all sites in your hierarchy are upgraded, your hierarchy operates in a mixed version mode.

Before applying this update, We strongly recommend that you go through the upgrade check list provided on Technet.

In this post, we’ll be updating a standalone Primary Site Server, console and clients.

Before installing, check if your site is ready for the update :

• Open the SCCM console
• Go to Administration \ Cloud Services \ Updates and Servicing
• In the State column, ensure that the update is Available

If you’re not seeing the update, Microsoft has provided a PowerShell script to force the download. If you’re not in a hurry, just wait and it should appear in the next following days.

Refer to Dmpdownloader.log to see download progress :

The update files gets saved in the EasySetupPayload folder in the Configuration Manger setup folder

SCCM 1602 upgrade guide

Step 1 | SCCM 1602 Prerequisite check

Before launching the update, we recommend to launch the prerequisite check :

• Open the SCCM console
• Go to Administration \ Cloud Services \ Updates and Servicing
• Right-click the Configuration Manager 1602 update and select Run prerequisite check

• Nothing will happen, the prerequisite check runs in the background. All menu options will be grayed out during the check
• The only way to see progress is by viewing C:\ConfigMgrPrereq.log

• When completed the State column will show Prerequisite check passed

Step 2 | Launching the SCCM 1602 update

We are now ready to launch the SCCM 1602 update

• Right click the Configuration Manager 1602 update and select Install Update Pack

• On the General tab, click Next

• On the Features tab, select the features you want to update

• If you don’t select one of the feature now and want to enable it later, you’ll be able to so by using the console in Administration \ Cloud Services \ Updates and Servicing \ Features

• In the Client Update Options, select the desired option for your client update
  • This new feature allows to update only clients member of a specific collection. Refer to the Technet article for more details

• On the License Terms tab, accept the licence terms and click Next

• On the Summary tab, review your choices and click Next

• On the Completion tab, close the wizard. The whole process took a minute but the installation is not over, it has been initiated. For now on, no more GUI, you need to use log files to monitor the installation

• During installation, the State column changes to Installing

• You can follow installation progress in SCCM Installation Directory\Logs\CMUpdate.log

• Services are stopped

• When completed, you’ll notice the message There are no pending update package to be processed

• Refresh the Updates and Servicing node, the State column will be Installed

Updating the consoles

The console now has an auto-update feature. At console opening, if you are not running the latest version, you will receive a warning and the update will start automatically.

• Since all updates operations were initiated from the console, we didn’t close it during the process. We received a warning message when clicking certain objects. You will have the same message when opening a new console

• Click OK,  console update will starts automatically

• Wait for the process to complete. You can follow the progress in C:\ConfigMgrAdminUISetup.log and C:\ConfigMgrAdminUISetupVerbose.log. Once completed, the console will open and you’ll be running the latest version.

Verification

Consoles

After setup is completed, verify the build number of the console. If the console upgrade was successful, the build number will be 5.0.8355.1000. You can also notice that Version 1602 is stated.

Servers

• Go to Administration \ Site Configuration \ Sites
• Right-click your site and select Properties
• Verify the Version and Build number

Clients

The client version will be updated to 5.0.8355.1000 (after updating, see section below)

SCCM 1602 client Package distribution

You’ll see that 2 client update packages are created :

• Navigate to Software Library \ Application Management \ Packages

• Select both package and initiate a Distribute Content to your distribution points

Boot Images

Boot images are automatically updated during setup. See our post on upgrade consideration in large environment to avoid this if you have multiple distribution points.

• Go to Software Library / Operating Systems / Boot Images
• Select your boot image and check the last Content Status date. It should match your setup date

Updating the Clients

Our preferred way to update our clients is by using the Client Upgrade feature.

• Open the SCCM Console
• Go to Administration / Site Configuration / Sites
• Click the Hierarchy Settings in the top ribbon
• Select Client Upgrade tab
• The Upgrade client automatically when the new client update are available checkbox has been enabled
• Review your time frame and adjust it to your needs

Once enabled we like to create a collection that targets clients without the latest client version. I use it to monitor which client haven’t been updated yet.

Here’s the query to achieve this: (You can also refer to our Set of Operational Collection Powershell Script which contains this collection)

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.ClientVersion != '5.00.8355.1000'

Happy updating !

The post Step-by-Step SCCM 1602 Upgrade Guide appeared first on System Center Dudes.

In the second post of this blog series about Windows 10 Deployment using SCCM, we will show you how to create a SCCM Windows 10 Task Sequence and deploy it. Complete the preparation of your environment before reading this post.

This task sequence will help you deploy what we call a “vanilla” Windows 10 using the default Install.wim from the Windows 10 media. This means that you’ll end up with a basic Windows 10 with the SCCM client and nothing else.

You will be able to edit this task sequence later to customize it to your environment.

Create SCCM Windows 10 Task Sequence

• Open the SCCM Console
• Go to Software Library \ Operating Systems \ Task Sequences
• Right-click Task Sequences and select Create Task Sequence

• On the Task Sequence wizard, select Install an existing image package

• On the Task Sequence Information pane, enter the desired Name, Description and Boot Image

• On the Install Windows pane, select the Image package and Image index you imported in part 1
• Leave the check box beside Partition and Format the target computer before installing the operating system
• For this example we will remove the Configure task sequence for use with Bitlocker
• Leave the Product key blank, if you are using MAK keys, read this post on how to handle that in your Task Sequence. (TL;DR: Even with MAK key, you need to leave the Product key blank)
• Enter an Administrator password

• In the Configure Network pane, you can select to Join a workgroup or domain. If you select Join a domain, enter your domain information, OU and credentials

• On the Install Configuration Manager Client pane, select your Configuration Manager Client Package and enter your installation properties

• On the State Migration pane, we will remove all checkbox as we don’t want to use User State Migration at this time

• On the Include Updates pane, select the desired Software Update task
  • All Software Updates will install the updates regardless of whether there is a deadline set on the deployment (on your OSD collection)
  • Mandatory Software Updates will only install updates from deployments that have a scheduled deadline (on your OSD collection)
  • Do not install any software updates will not install any software update during the Task Sequence

• On the Install Applications tab, click on the Star Icon to add any application that you want to be installed during your deployment. Only applications will be listed. If you need to add packages, you can add it by editing the task sequence later. Theses applications will be deployed each time the task sequence is executed.

• On the Summary tab, review your settings and click Next

• On the Completion tab, click Close

Deploy Windows 10 Task Sequence

Now that your Task Sequence is created, we will deploy it to a collection and start a Windows 10 deployment.

• Open the SCCM Console
• Go to Software Library \ Operating Systems \ Task Sequences
• Right-click your Windows 10 Task Sequence and select Deploy

• On the General pane, select your collection. This is the collection that will receive the Windows 10 installation. For testing purposes, we recommend putting only 1 computer to start

• Select the Purpose of the deployment
  • Available will prompt the user to install at the desired time
  • Required will force the deployment at the deadline (see Scheduling)
• In the Make available to the following drop down, select the Only media and PXE. This will ensure that you do not send the deployment on clients. This is also useful to avoid errors, using this options you *could* send the deployment to All Systems and no clients would be able to run the deployment from Windows

• On the Scheduling tab, enter the desired available date and time. On the screenshot, we can’t create an Assignment schedule because we select Available in the previous screen

• In the User Experience pane, select the desired options

• In the Alerts tab, check Create a deployment alert when the threshold is higher than the following checkbox if you want to create an alert on the failures

• On the Distribution Point pane, select the desired Deployment options. We will leave the default options

• Review the selected options and complete the wizard

PXE Boot

Now that we’ve created our task sequence and that it’s deployed. We can start the deployment on the machine. Make sure that your system is a member of your deployment collection and start the device. For this example, we will be using a virtual machine running on Hyper-V.

• The machine is booting and waiting for the PXE to respond

• Our SCCM Distribution point is sending the boot image to our VM

• The Welcome to the Task Sequence Wizard pops-up. This is because of the Available purpose in the Deployment Settings. If we had a Required deployment, the task sequence would start right away. Click Next

• All the available task sequence are listed. In our example we have only 1 deployment on our collection so only 1 task sequence is available. Select the task sequence and click Next

• The Task Sequence starts

Monitoring

See our blog post on this topic which covers the various ways to monitor your Task Sequence progress.

The post SCCM Windows 10 Deployment | Create SCCM Windows 10 Task Sequence appeared first on System Center Dudes.