Configmgr 2012 RTM/SP1 Part 1: Not so basic Applications and there Detection Methods

December 28, 2012 at 2:44 pm in Application Model, applications, ConfigMgr, ConfigMgr 2012, ConfigMgr 2012 SP1, Deployment, deployment types, detection methods, sccm, SCCM 2012, SCCM 2012 SP1, vbscript by Kenny Buntinx [MVP]


Hi Guys ,

I will start a series of blog posts that will list all common applications with requirements and dependencies you need to build your general OSD Task Sequence.

Today I will start with 2 great examples such as :

  1. Installing a or multiple certificate(s) for SCUP 2011 which is using a registry key as detection method
  2. Internet explorer 9 Post install hotfix which is using a script as detection method

Scenario 1 :

So let’s start with the first example , being certificate deployment as an application in a  task sequence :

Let’s ask ourselves first this question : Why would we use an application to deploy certificates during an OSD deployment if we have Group Policy Object to do it for us ? Well , the answer is :  This Microsoft document at: states that "The Setup Windows and ConfigMgr” task sequence action is responsible for running Group Policy on the newly installed computer. At which point during the task sequence action that Group Policy is applied depends on the operating system being deployed. On Windows XP and Windows Server 2003, Group Policy runs after the task sequence is finished, the task sequence GINA has been unloaded and then replaced with the GINA on Windows. On Windows Vista and Windows Server 2008, Group Policy runs after the Setup Windows and ConfigMgr task sequence action completes. "

Let’s build our Application now :

1. Export your self signed certificate , and place it in a source folder . For Windows 7 , you don’t need any additional tooling , for XP you do. You need “certutilxp.exe and certadm.dll”


2. Create 2 batch files :

Install.cmd –> For Win7


Install_XP.cmd –> For XP


3. Create your application . In this example “ WSUS Self Signed Certificate”


4. Create 2 deployment types . One for XP and one for Win7 .


5. On the “Detection Method” tab , specify a registry key

In my case : HKLM\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\6BFF5439A57586FEF61B8D8E2194A96DD459B511 and HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6BFF5439A57586FEF61B8D8E2194A96DD459B511


Where does the “6BFF5439A57586FEF61B8D8E2194A96DD459B511” value comes from ? It will come from the properties of your exported certificate.

Take the properties of your certificate and take a look at the value “ Thumbprint” as shown below :


6. Define your requirement here directly or with a global condition :


7. Your done !

Scenario 2 : Internet explorer 9 Post install hotfix

So let’s start with the second example , being an Internet explorer 9 fix  deployment as an application in a  task sequence :

Why ? I was looking at several Windows 7 machines in an environment that whenever a new domain user who had never logged onto a machine before got the following error message:

The User Profile Service service failed the logon.

User profile cannot be loaded.


Now in this case there was an existing Microsoft KB article for this located here

Let’s build our Application now :

1. Create a VBS with the following lines :



2.  Create your application . In this example “ Internet Explorer 9 Post Install Fix”


3. Create a deployment type.


4. Specify your Program to run . In this case “IE9….vbs”


5. Now we will use a script as detection method . If the exit code is a non-zero value, then the script has failed and the application detection status is unknown. If the exit code is zero and STDOUT contains data then the application detection state is installed. –> see

From my experience, if you use a vbscript method of detection; any returned value from wscript.echo, anything at all, means that the detection passed.  Even if you wscript.echo "FALSE", it doesn’t matter; something was returned, the script passed.

If you don’t want it to pass detection, simply don’t echo anything.


6. We specify VBScript as language and past a script to detect if the file is there or not .



Hope it Helps ,

Kenny Buntinx

Tweet about this on TwitterShare on FacebookShare on Google+Share on LinkedInPin on Pinterest