You are browsing the archive for embedded.

ConfigMgr 2007/2012 , WEDM 2011 & HP Thin clients with WES 7 : Part 1

7:40 pm in CM12, ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr 2012, ConfigMgr SP2, ConfigMgr2007 R3, embedded, HP, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, SCCM 2012, System Center, Task Sequence, ThinClient, WES, Wyse by Kenny Buntinx [MVP]


Hi there ,

Your company has decided to invest in thin clients with Windows Embedded standard 7 ? You are already working with ConfigMgr 2007 or Configmgr 2012 ? Then you probably heard about WEDM 2011 ( WIndows Embedded Deivice Manager 2011) , which is a plugin on Configmgr .

Embedded devices such as HP’s thin clients utilize a Microsoft feature called enhanced write filtering. It’s a way of using local memory as a cache for storing the  changes that software makes when running on the client and it may try to write to the disk  but write filtering lets the disk’s original contents be instantly restored by simply rebooting and "forgetting" the changes.

That’s nice, until you want to make permanent changes to the operating system like security patches or install applications like flash player. You might have had to write a script that turned filtering off, applied the patch, then turned filtering on again. And someplace in that scenario, you worked in some time for praying it all worked right before re-engaging the filter. One of the benefits of using WEDM 2011 is that it knows how to programmatically disengage enhanced write filters prior to deploying updates or software.

Like any other vendor , HP , Dell or Wyse have their own way of Managing and deploying OS images. Usually the pre-installation of software on a system is not up-to-date or enough to serve the companies need . Embedded systems have historically been more difficult to manage and maintain than PCs. Until recently!

Hewlett-Packard announced that for the first time, it will offer thin client PCs – systems that run Windows Embedded Standard 7 already – that have Windows Embedded Device Manager 2011 (WEDM 2011) pre-installed. This way, out of the box, customers that run Windows Embedded 7 (based on the Windows 7 kernel) don’t have to install a separate server with their native HP tooling  (even if it’s just a virtual or cloud-based one) to monitor and maintain devices.Now that EDM comes pre-installed on a thin client like a t5570e (right) or t5740e (above) costing somewhere in the mid-three-digit range, depending on configuration, admins can use a thin client to capture and redeploy fully configured system images to a collection of clients.

Microsoft announced System Center 2012 Configuration Manager during MMS , though it will take time for ConfigMgr 2012 WEDM 2012  to make its way into the field. For now, HP’s solution supports SCCM 2007 and EDM 2011.

For managing those devices in ConfigMgr 2007 , you will need a few prerequisites :

Also have these hotfixes and articles by hand , you might need them :

Device Manager 2011 extends the capabilities of Configuration Manager to let you deploy a new or updated operating system image to thin client (a process referred to as device imaging). You can perform device imaging on one device or on a collection of devices using the Configuration Manager console. To do this, you must integrate the following components into your Configuration Manager installation:

That’s it for part 1 , check later for Part 2 when we explain how to implement all the above components for doing the actual work itself Smile

Hope it Helps ,

Kenny Buntinx

Forefront Endpoint Protection 2010 : Update Rollup 1 available for download

7:29 pm in ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr 2012, ConfigMgr SP2, configmgr2007, ConfigMgr2007 R3, embedded, FEP, FEP2010, Installation, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, SCCM 2012, WES2009 by Kenny Buntinx [MVP]

Update Rollup 1 for Microsoft Forefront Endpoint Protection 2010 introduces new features and updates. These new features and updates are summarized below.

The following list is a summary of the updates in FEP Update Rollup 1 for server functionality.

Finally the Forefront team came up with a solution that since the release of the product they really missed .The following Microsoft website explains how to auto deploy forefront client security definition in a step-by-step guide. aka

In this step-by-step guide, they essentially go into the WSUS Console to create an Auto-Acceptance rule. First of all this should make any ConfigMgr admin shiver, as it should have been drilled into your head that you are supposed to do software updates management from the ConfigMgr administrator console. Now, I and many other SCCM admins have never understood why they didn’t solve that in a more elegant manner. The solution works, however has a couple of major drawbacks.

Additionally in a multi distribution point environment, the actual definition updates will always come from the Software update point, whereas normal software updates come from the distribution points. In other words, this impacts scale quite a bit, and forefront definitions come out at a very frequent pace meaning they are hitting you software update point harder than anything else.

The main problem, is that in SCCM 2007 we have no "easy" way to create an Auto-Approval rule. This will be solved in CM12 , until then , for the CM07 they will fix that mistake by update rollup 1. Soon I will launch a blog post to see if this is a real workable solution. So now you will have with Update Rollup 1 a tool that facilitates the use of the Configuration Manager software updates functionality to download FEP definition updates and make them available to client computers running the FEP client software.

In order to use the software updates feature for definition updates, you must perform the following high-level steps:

    • Download and install the Update Rollup 1 package.
    • Configure software updates to download definitions for FEP.
    • Configure the package by which the definition updates will be distributed, and configure the distribution settings for it.
    • Install and configure the FEP Software Update Automation tool.


  1. Addition of support for the FEP client software for Windows Embedded 7 and Windows Server 2008 Server Core. For more information on the added client support, see Prerequisites for Deploying Forefront Endpoint Protection on a Client
  2. The following list is a summary of the updates to FEP policies included with Update Rollup 1.
  • Update Rollup 1 for FEP 2010 adds a new FEP policy option to configure definition updates for FEP client computers. After installing Update Rollup 1 for FEP, you can configure FEP policies to update definitions from a Configuration Manager software update point.

    To configure FEP policies to update definitions from a Configuration Manager software update point

    • When you create a new FEP policy or edit an existing FEP policy, the new definition update options appears as follows:

      • When creating a new FEP policy, in the New Policy Wizard, on the Updates page, select the check box for Enable updates from Configuration Manager.
      • When editing an existing FEP policy in a Configuration Manager console that on which you installed the Update Rollup 1 for FEP, in the properties for a FEP policy, on the Updates tab, select the check box for Use Configuration Manager as primary source for definition updates.
  • Addition of two new preconfigured policy templates for the following server workloads:

    • Microsoft Forefront Threat Management Gateway
    • Microsoft Lync 2010


You will find the Forefront Endpoint Protection 2010  Update Rollup 1to download at the following location :


Hope it Helps ,


Kenny Buntinx

Windows Embedded Standard 2009 support statement for SCCM 2007 updated

6:50 am in embedded, OSD, sccm, SCCM 2007 by Kenny Buntinx [MVP]

Hi All,


If any of you happen to be playing around with WES 2009 and System Center Configuration Manager 2007, you might want to have a look at the new blogpost at the ConfigMgr’s product team blog:


The updated support statement is mentioned there, as are the 2 most important things impacted by this new statement:

  • Write filters are now supported
  • Sysprepped operating systems are now supported, which in turn means that OS deployment for WES 2009 is supported (not for any of the other supported embedded os’s).


The article does mention some requirements for all of the above to work though.

Some registry keys need to be excluded from the write filter, and some additional components are needed for OSD and some other SCCM features.

More details in the post mentioned above.



"Everyone is an expert at something"
Kim Oppalfens – Sms Expert for lack of any other expertise
Windows Server System MVP – SMS