You are browsing the archive for SCCM v.Next.

MMS 2015 unplugged: Unable to publish application globally if targeted user-based within Configmgr workaround

2:55 pm in App-V, App-V 5.0, Application Model, applications, AppV, ConfigMgr 2012, configmgr 2012 R2, ConfigMgr 2012 R2 SP1, ConfigMgr 2012 SP1, ConfigMgr SP2, ConfigMgr V.next, sccm, sccm 2012 R2, SCCM 2012 R2, SCCM 2012 R2 SP1, SCCM 2012 SP1, SCCM v.Next by Kenny Buntinx [MVP]

 

If you have been to our session called App-V standalone compared to CM12 Integrated: The Good, The Bad and The Ugly at MMS 2015 , we have showed you that some things by default cannot be done in Configmgr .

We showed a strong business case around the Application model in CM12 SP1 and using App-V 5.0 to do user-based software targeting. As most people are doing App-V integration in Configuration Manager and exploring the possibilities , they ran into some challenges I believe are critical and needs to be solved in a certain way . What the correct way is , I leave that up to the smart engineering guy’s in Redmond .

One of the great promises of application virtualization is dynamic delivery of software to end-users; however delivering plug-ins or add-ons to installed (i.e. not virtualized) software has thus far been a stumbling block. Internet Explorer has been particularly challenging due to the inability to separate the browser from the OS in a supported manner. So using App-V to deploy plug-ins like Flash or Java has meant changing the user experience with virtualization or falling back to standard install methods. Since App-V 5.0 SP2 this is very good news though, with the ability to seamlessly run an installed application inside a specified virtual environment. This means that the Flash plug-in can be delivered as a virtual package and made available to Internet Explorer without resorting to hacks or changing the user experience by providing a special shortcut.

The only requirement for specific Virtual Extensions (like the flash add-in) is that the package needs to be published Globally… only it doesn’t work great when deploying all your virtualized apps to users with System Center Configuration Manager and App-V 5.x. The table below will explain in what cases you will have to use Global publishing.

imageimage

We can overcome that hurdle with a sort of workaround that we are not going to explain in absolute detail as every customer has specific needs. See the steps below as a guide to think outside the box.

Workaround :

1. We are going to create a scheduled task which triggers on a eventID action 1003 from the eventlog “Microsoft-AppV-Client/Operational”

The script to create the scheduled task :

param( [Parameter(ParameterSetName='Register')] [switch]$Register, [Parameter(ParameterSetName='UnRegister')] [switch]$UnRegister ) switch($PsCmdlet.ParameterSetName){ "Register"{ $Xml = Get-Content (Join-Path $PSScriptRoot "ScheduledTaskTemplate_Publish.xml") $hReplace = @{ _Date_=(Get-Date -Format s) _Author_="Publish_User2Global_1.0_EN" _WorkingDirectory_=$PSScriptRoot } foreach($key in $hReplace.Keys) { $Xml = $Xml -creplace $key, $hReplace.$key } Register-ScheduledTask -Xml ($Xml | Out-String) -TaskName "1_user_Publish_User2Global" -TaskPath "Microsoft\AppV\Publishing" -Force | Out-Null $Xml = Get-Content (Join-Path $PSScriptRoot "ScheduledTaskTemplate_UnPublish.xml") $hReplace = @{ _Date_=(Get-Date -Format s) _Author_="UnPublish_User2Global_1.0_EN" _WorkingDirectory_=$PSScriptRoot } foreach($key in $hReplace.Keys) { $Xml = $Xml -creplace $key, $hReplace.$key } #Register-ScheduledTask -Xml ($Xml | Out-String) -TaskName "1_user_UnPublish_User2Global" -TaskPath "Microsoft\AppV\Publishing" -Force | Out-Null } "UnRegister"{ Get-ScheduledTask -TaskPath "\Microsoft\AppV\Publishing\" -TaskName "1_user_Publish_User2Global" | Unregister-ScheduledTask -Confirm:$False | Out-Null #Get-ScheduledTask -TaskPath "\Microsoft\AppV\Publishing\" -TaskName "1_user_UnPublish_User2Global" | Unregister-ScheduledTask -Confirm:$False | Out-Null } }

The script is based on the following templates :

<?xml version="1.0" encoding="UTF-16"?> <Task version="1.4" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task"> <RegistrationInfo> <Date>_Date_</Date> <Author>_Author_</Author> <URI>\Microsoft\AppV\Publishing\1_user_Publish_User2Global</URI> </RegistrationInfo> <Triggers> <EventTrigger> <Enabled>true</Enabled> <Subscription>&lt;QueryList&gt;&lt;Query Id="0" Path="Microsoft-AppV-Client/Operational"&gt;&lt;Select Path="Microsoft-AppV-Client/Operational"&gt;*[System[Provider[@Name='Microsoft-AppV-Client'] and EventID=1003]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription> <ValueQueries> <Value name="ThePackageId">Event/EventData/Data[@Name='Package']</Value> <Value name="TheVersionId">Event/EventData/Data[@Name='Version']</Value> <Value name="UserSid">Event/System/Security/@UserID</Value> </ValueQueries> </EventTrigger> </Triggers> <Principals> <Principal id="Author"> <GroupId>S-1-5-18</GroupId> <RunLevel>LeastPrivilege</RunLevel> </Principal> </Principals> <Settings> <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy> <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries> <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries> <AllowHardTerminate>true</AllowHardTerminate> <StartWhenAvailable>false</StartWhenAvailable> <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable> <IdleSettings> <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartOnDemand>false</AllowStartOnDemand> <Enabled>true</Enabled> <Hidden>true</Hidden> <RunOnlyIfIdle>false</RunOnlyIfIdle> <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession> <UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine> <WakeToRun>false</WakeToRun> <ExecutionTimeLimit>P3D</ExecutionTimeLimit> <Priority>7</Priority> <RestartOnFailure> <Interval>PT1M</Interval> <Count>3</Count> </RestartOnFailure> </Settings> <Actions Context="Author"> <Exec> <Command>powershell.exe</Command> <Arguments>-NonInteractive -ExecutionPolicy RemoteSigned -WindowStyle Hidden -File User2Global.ps1 -Publish -PackageId $(ThePackageId) -VersionId $(TheVersionId) -UserSid $(UserSid)</Arguments> <WorkingDirectory>_WorkingDirectory_</WorkingDirectory> </Exec> </Actions> </Task>

2. When the scheduled task is triggered by event-ID action 1003 from the eventlog “Microsoft-AppV-Client/Operational” , we kick-off the following Powershell script (see below). It will unpublished the  package from the user and will publish the package globally instead.

param( [Parameter(ParameterSetName='Publish')] [switch]$Publish, [Parameter(ParameterSetName='UnPublish')] [switch]$UnPublish, [guid]$PackageId, [guid]$VersionId, [string]$UserSid ) Function New-BurntToastNotification{ <# This function will show a BurnToastNotification #> [CmdletBinding(SupportsShouldProcess = $True)] Param ( [Parameter(Mandatory=$True)] $Text, [Parameter(Mandatory=$True)] $Title ) # create toast template TO xml [Windows.UI.Notifications.ToastNotificationManager, Windows.UI.Notifications, ContentType = WindowsRuntime] > $null $toastXml = ([Windows.UI.Notifications.ToastNotificationManager]::GetTemplateContent([Windows.UI.Notifications.ToastTemplateType]::ToastImageAndText02)).GetXml() # message to show on toast $stringElements = $toastXml.GetElementsByTagName("text") | select -First 1 $stringElements.AppendChild($toastXml.CreateTextNode($Title)) > $null $stringElements = $toastXml.GetElementsByTagName("text") | select -Last 1 $stringElements.AppendChild($toastXml.CreateTextNode($Text)) > $null # image $imageElements = $toastXml.GetElementsByTagName("image") $imageElements[0].src = "file:///" + "$PSScriptRoot\appv.png" # convert from System.Xml.XmlDocument to Windows.Data.Xml.Dom.XmlDocument $windowsXml = New-Object Windows.Data.Xml.Dom.XmlDocument $windowsXml.LoadXml($toastXml.OuterXml) # send toast notification $toast = New-Object Windows.UI.Notifications.ToastNotification ($windowsXml) [Windows.UI.Notifications.ToastNotificationManager]::CreateToastNotifier("App-V").Show($toast) } Import-Module "$env:ProgramFiles\Microsoft Application Virtualization\Client\AppvClient\AppvClient.psd1" $package = Get-AppVClientPackage -PackageId $PackageId -VersionId $VersionId -All switch($PsCmdlet.ParameterSetName) { "Publish" { try { Unpublish-AppvClientPackage $package -UserSID $UserSid if (! $package.IsPublishedGlobally) { Publish-AppVClientPackage $package -Global New-BurntToastNotification -Text "$($package.name)`nSuccesfully Published Globally." -Title "App-V User2Global" } } catch { New-BurntToastNotification -Text "Something went wrong while Publishing: `n$($package.name)." -Title "App-V User2Global" } } "UnPublish" { try { if (($package = Get-AppVClientPackage -PackageId $PackageId -VersionId $VersionId -All).IsPublishedGlobally) { $package | stop-AppVClientPackage -Global -ErrorAction SilentlyContinue | Unpublish-AppvClientPackage -Global New-BurntToastNotification -Text "$($package.name)`nSuccesfully UnPublished Globally." -Title "App-V User2Global" } } catch { New-BurntToastNotification -Text "Something went wrong while unpublishing: `n$($package.name)." -Title "App-V User2Global" } } }

You can choose how to deploy the script. You can create an App-V bubble or simply deploy this with Configmgr or GPO ….

Disclaimer : The script are delivered AS-IS and are not the complete solution to this story. It is an example on how to think outside the box and make a potential solution that will fit your specific company issue.

Hope it Helps ,

Kenny Buntinx & Roy Essers .

Detect, Inventory and report about the encryption method used by Bitlocker thru ConfigMgr

6:54 pm in bitlocker, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr 2012, configmgr 2012 R2, ConfigMgr 2012 R2 SP1, ConfigMgr 2012 SP1, ConfigMgr Dashboards, ConfigMgr SP2, Encryption, Inventory, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, SCCM 2012, sccm 2012 R2, SCCM 2012 R2, SCCM 2012 R2 SP1, SCCM 2012 SP1, SCCM Dashboards, sccm RTM, SCCM v.Next, sccm2007 by Kenny Buntinx [MVP]

 

Recently at a client, we needed to provide a report that was listing what Bitlocker Encryption strength method was used. That information had to be fed into the CMDB to make sure we had ‘256AES with Diffuser’ enabled.

Unfortunately, Configmgr 2012 does deliver out-of-the-box a way to determine what Bitlocker Encryption strength method, and that means the information is not in the registry or WMI.

Dependencies :

Well I tried to find an easy way , and the customer required a solution that was :

– Flexible and dynamic as they where constantly migrating from Mcafee Disk Encryption to Bitlocker and the CMDB had to be dynamically updated.

– Centrally managed code , meaning that if we needed to change anything to the code , it had to be intelligent enough to update it auto magically to all clients.

– Had to be reliable .

The solution :

– was to use a kind of detection powershell script for the Bitlocker Encryption strength using the standard powershell commandlet ‘Manage-bde’ .

– The script was to be used with a “compliance Item” and deployed thru a “Baseline” as one of my colleagues Henrik Hoe explains here :  http://blog.coretech.dk/heh/configuration-items-and-baselines-using-scripts-powershell-example/ . By using a CI , you will meet the centrally managed code part , but also the automatically way of updating the detection logic to all clients.

Forget about the old package/program way and then a way to execute the script on regular basis ( That can all be done thru the Baseline deployment)

– The script will be executed and will write a registry value BitlockerEncryptionStrenght = “TheActualValue”  and the baseline will report complaint when it has the ‘256AES with Diffuser’ detected. When the machine is not bitlockered at all , we will write a value  BitlockerEncryptionStrenght = “None”

$ErrorActionPreference="silentlycontinue" $StrBEncryption = "" $objBEncryption = "" $objBEncryption=manage-bde.exe -status |Where-Object{$_ -like "*encryption method*"} $arrBEncryption=$objBEncryption.Split(":") $StrBEncryption=$arrBEncryption[1].Trim() If ($StrBEncryption.Contains("AES")) { New-ItemProperty -Path HKLM:\SYSTEM\ABPosdInstall -Name BitlockerEncryptionStrenght -Value $StrBEncryption -Property String -Force -ErrorAction SilentlyContinue | Out-Null if ($StrBEncryption -eq "AES 256 with Diffuser") { return 1 } } Else { New-ItemProperty -Path HKLM:\SYSTEM\ABPosdInstall -Name BitlockerEncryptionStrenght -Value "None" -Property String -Force -ErrorAction SilentlyContinue | Out-Null Return 0 }

– We will pick the value up later with a custom registry key hardware inventory extension and use that in our reporting later on. For more details on how to do it : https://technet.microsoft.com/en-us/library/gg712290.aspx

Hope it Helps ,

Kenny Buntinx

Enterprise Client Management MVP

Detect if machine has an SSD and report on it thru custom HW inventory

7:18 am in ConfigMgr 2012, configmgr 2012 R2, ConfigMgr 2012 R2 SP1, ConfigMgr 2012 SP1, HW inventory, OSD, sccm, SCCM 2012, sccm 2012 R2, SCCM 2012 R2, SCCM 2012 R2 SP1, SCCM 2012 SP1, SCCM v.Next, SSD, windows 10, Windows 7, Windows 7 SP1, windows 8, windows 8.1 by Kenny Buntinx [MVP]

 

Recently at a client, we needed to provide a report that was listing whether a workstation or laptop had an SSD or a spinning disk. That information had to be fed into the CMDB

Unfortunately, Windows or Configmgr 2012 does deliver out-of-the-box a way to determine a disk is spinning or solid state, and that means the information is not in the registry or WMI.

Dependencies :

Well I tried to find an easy way , and the customer required a solution that was :

– Flexible and dynamic as they where constantly upgrading physical disks to SSD and there CMDB had to be dynamically updated.

– Centrally managed code , meaning that if we needed to change anything to the code , it had to be intelligent enough to update it auto magically to all clients.

– Had to be reliable .

The solution :

– was to use a kind of detection powershell script for the SSD that we grabbed initially from here : “https://gist.github.com/grantcarthew/c74bbfd3eba167cd3a7a#file-test-ssd” but slightly altered it to fit our needs.

– The script was altered to be used with a “compliance Item” and deployed thru a “Baseline” as one of my colleagues Henrik Hoe explains here :  http://blog.coretech.dk/heh/configuration-items-and-baselines-using-scripts-powershell-example/ . By using a CI , you will meet the centrally managed code part , but also the automatically way of updating the detection logic to all clients.

Forget about the old package/program way and then a way to execute the script on regular basis ( That can all be done thru the Baseline deployment)

– The script will be executed and will write a registry value SSD_Detected = 1 or 0 and the baseline will report complaint when it has an SSD detected.

 

<# .SYNOPSIS Detects if the passed Physical Disk Id is a Solid State Disk (SSD) or a spindle disk. Returns true for an SSD and false for anything else. .DESCRIPTION The methods used for detecting are by reading the Nominal Media Rotation Rate and Seek Penalty. These values are measured through method calls into the Kernel32.dll. If either of the Win32 DLL calls return true then the script will return false. If an exception occurs in either of the Win32 DLL calls, the return value will be dependant on the remaining call. .PARAMETER PhysicalDiskId The LUN based physical disk id. #> $Code = @" using Microsoft.Win32.SafeHandles; using System; using System.Runtime.InteropServices; using System.Text; namespace Util { public class DetectSSD { // For CreateFile to get handle to drive private const uint GENERIC_READ = 0x80000000; private const uint GENERIC_WRITE = 0x40000000; private const uint FILE_SHARE_READ = 0x00000001; private const uint FILE_SHARE_WRITE = 0x00000002; private const uint OPEN_EXISTING = 3; private const uint FILE_ATTRIBUTE_NORMAL = 0x00000080; // CreateFile to get handle to drive [DllImport("kernel32.dll", SetLastError = true)] private static extern SafeFileHandle CreateFileW( [MarshalAs(UnmanagedType.LPWStr)] string lpFileName, uint dwDesiredAccess, uint dwShareMode, IntPtr lpSecurityAttributes, uint dwCreationDisposition, uint dwFlagsAndAttributes, IntPtr hTemplateFile); // For control codes private const uint FILE_DEVICE_MASS_STORAGE = 0x0000002d; private const uint IOCTL_STORAGE_BASE = FILE_DEVICE_MASS_STORAGE; private const uint FILE_DEVICE_CONTROLLER = 0x00000004; private const uint IOCTL_SCSI_BASE = FILE_DEVICE_CONTROLLER; private const uint METHOD_BUFFERED = 0; private const uint FILE_ANY_ACCESS = 0; private const uint FILE_READ_ACCESS = 0x00000001; private const uint FILE_WRITE_ACCESS = 0x00000002; private static uint CTL_CODE(uint DeviceType, uint Function, uint Method, uint Access) { return ((DeviceType << 16) | (Access << 14) | (Function << 2) | Method); } // For DeviceIoControl to check no seek penalty private const uint StorageDeviceSeekPenaltyProperty = 7; private const uint PropertyStandardQuery = 0; [StructLayout(LayoutKind.Sequential)] private struct STORAGE_PROPERTY_QUERY { public uint PropertyId; public uint QueryType; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public byte[] AdditionalParameters; } [StructLayout(LayoutKind.Sequential)] private struct DEVICE_SEEK_PENALTY_DESCRIPTOR { public uint Version; public uint Size; [MarshalAs(UnmanagedType.U1)] public bool IncursSeekPenalty; } // DeviceIoControl to check no seek penalty [DllImport("kernel32.dll", EntryPoint = "DeviceIoControl", SetLastError = true)] [return: MarshalAs(UnmanagedType.Bool)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, uint dwIoControlCode, ref STORAGE_PROPERTY_QUERY lpInBuffer, uint nInBufferSize, ref DEVICE_SEEK_PENALTY_DESCRIPTOR lpOutBuffer, uint nOutBufferSize, out uint lpBytesReturned, IntPtr lpOverlapped); // For DeviceIoControl to check nominal media rotation rate private const uint ATA_FLAGS_DATA_IN = 0x02; [StructLayout(LayoutKind.Sequential)] private struct ATA_PASS_THROUGH_EX { public ushort Length; public ushort AtaFlags; public byte PathId; public byte TargetId; public byte Lun; public byte ReservedAsUchar; public uint DataTransferLength; public uint TimeOutValue; public uint ReservedAsUlong; public IntPtr DataBufferOffset; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 8)] public byte[] PreviousTaskFile; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 8)] public byte[] CurrentTaskFile; } [StructLayout(LayoutKind.Sequential)] private struct ATAIdentifyDeviceQuery { public ATA_PASS_THROUGH_EX header; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 256)] public ushort[] data; } // DeviceIoControl to check nominal media rotation rate [DllImport("kernel32.dll", EntryPoint = "DeviceIoControl", SetLastError = true)] [return: MarshalAs(UnmanagedType.Bool)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, uint dwIoControlCode, ref ATAIdentifyDeviceQuery lpInBuffer, uint nInBufferSize, ref ATAIdentifyDeviceQuery lpOutBuffer, uint nOutBufferSize, out uint lpBytesReturned, IntPtr lpOverlapped); // For error message private const uint FORMAT_MESSAGE_FROM_SYSTEM = 0x00001000; [DllImport("kernel32.dll", SetLastError = true)] static extern uint FormatMessage( uint dwFlags, IntPtr lpSource, uint dwMessageId, uint dwLanguageId, StringBuilder lpBuffer, uint nSize, IntPtr Arguments); // Method for no seek penalty public static bool HasSeekPenalty(string sDrive) { SafeFileHandle hDrive = CreateFileW( sDrive, 0, // No access to drive FILE_SHARE_READ | FILE_SHARE_WRITE, IntPtr.Zero, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, IntPtr.Zero); if (hDrive == null || hDrive.IsInvalid) { string message = GetErrorMessage(Marshal.GetLastWin32Error()); throw new System.Exception(message); } uint IOCTL_STORAGE_QUERY_PROPERTY = CTL_CODE( IOCTL_STORAGE_BASE, 0x500, METHOD_BUFFERED, FILE_ANY_ACCESS); // From winioctl.h STORAGE_PROPERTY_QUERY query_seek_penalty = new STORAGE_PROPERTY_QUERY(); query_seek_penalty.PropertyId = StorageDeviceSeekPenaltyProperty; query_seek_penalty.QueryType = PropertyStandardQuery; DEVICE_SEEK_PENALTY_DESCRIPTOR query_seek_penalty_desc = new DEVICE_SEEK_PENALTY_DESCRIPTOR(); uint returned_query_seek_penalty_size; bool query_seek_penalty_result = DeviceIoControl( hDrive, IOCTL_STORAGE_QUERY_PROPERTY, ref query_seek_penalty, (uint)Marshal.SizeOf(query_seek_penalty), ref query_seek_penalty_desc, (uint)Marshal.SizeOf(query_seek_penalty_desc), out returned_query_seek_penalty_size, IntPtr.Zero); hDrive.Close(); if (query_seek_penalty_result == false) { string message = GetErrorMessage(Marshal.GetLastWin32Error()); throw new System.Exception(message); } else { return query_seek_penalty_desc.IncursSeekPenalty; } } // Method for nominal media rotation rate // (Administrative privilege is required) public static bool HasNominalMediaRotationRate(string sDrive) { SafeFileHandle hDrive = CreateFileW( sDrive, GENERIC_READ | GENERIC_WRITE, // Administrative privilege is required FILE_SHARE_READ | FILE_SHARE_WRITE, IntPtr.Zero, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, IntPtr.Zero); if (hDrive == null || hDrive.IsInvalid) { string message = GetErrorMessage(Marshal.GetLastWin32Error()); throw new System.Exception(message); } uint IOCTL_ATA_PASS_THROUGH = CTL_CODE( IOCTL_SCSI_BASE, 0x040b, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS); // From ntddscsi.h ATAIdentifyDeviceQuery id_query = new ATAIdentifyDeviceQuery(); id_query.data = new ushort[256]; id_query.header.Length = (ushort)Marshal.SizeOf(id_query.header); id_query.header.AtaFlags = (ushort)ATA_FLAGS_DATA_IN; id_query.header.DataTransferLength = (uint)(id_query.data.Length * 2); // Size of "data" in bytes id_query.header.TimeOutValue = 3; // Sec id_query.header.DataBufferOffset = (IntPtr)Marshal.OffsetOf( typeof(ATAIdentifyDeviceQuery), "data"); id_query.header.PreviousTaskFile = new byte[8]; id_query.header.CurrentTaskFile = new byte[8]; id_query.header.CurrentTaskFile[6] = 0xec; // ATA IDENTIFY DEVICE uint retval_size; bool result = DeviceIoControl( hDrive, IOCTL_ATA_PASS_THROUGH, ref id_query, (uint)Marshal.SizeOf(id_query), ref id_query, (uint)Marshal.SizeOf(id_query), out retval_size, IntPtr.Zero); hDrive.Close(); if (result == false) { string message = GetErrorMessage(Marshal.GetLastWin32Error()); throw new System.Exception(message); } else { // Word index of nominal media rotation rate // (1 means non-rotate device) const int kNominalMediaRotRateWordIndex = 217; if (id_query.data[kNominalMediaRotRateWordIndex] == 1) { return false; } else { return true; } } } // Method for error message private static string GetErrorMessage(int code) { StringBuilder message = new StringBuilder(255); FormatMessage( FORMAT_MESSAGE_FROM_SYSTEM, IntPtr.Zero, (uint)code, 0, message, (uint)message.Capacity, IntPtr.Zero); return message.ToString(); } } } "@ # Function CheckSSD($PhysicalDiskId) { #initialize Add-Type -TypeDefinition $Code $hasRotationRate = $true $hasSeekPenalty = $true $driveString = "\\.\PhysicalDrive" + $PhysicalDiskId #Check RotationRate try { $hasRotationRate = [Util.DetectSSD]::HasNominalMediaRotationRate([string]$driveString) } catch { #"HasNominalMediaRotationRate detection failed with the following error;" # $Error[0].Exception.Message $hasRotationRate = $true } #Check SeekPenalty try { $hasSeekPenalty = [Util.DetectSSD]::HasSeekPenalty([string]$driveString) } catch { #"HasSeekPenalty detection failed with the following error;" #$Error[0].Exception.Message $hasSeekPenalty = $true } # Only return true if the disk has no rotation rate or no seek penalty. If ($hasRotationRate -eq 0 -and $hasSeekPenalty -eq 0) { #SSD detected New-ItemProperty -Path HKLM:\SYSTEM\ABPosdInstall -Name SSD_Detected -Value 1 -PropertyType DWORD -Force -ErrorAction SilentlyContinue | Out-Null Return 1 } Else { #No SSD detected New-ItemProperty -Path HKLM:\SYSTEM\ABPosdInstall -Name SSD_Detected -Value 0 -PropertyType DWORD -Force -ErrorAction SilentlyContinue | Out-Null Return 0 } } #initialize #Default No SSD detected $ResultCheckSSD=0 #check disk 0 Try { $ResultCheckSSD=CheckSSD(0) return $ResultCheckSSD } Catch { #error then no SSD detected $ResultCheckSSD=0 }

– We will pick the value up later with a custom registry key hardware inventory extension and use that in our reporting later on. For more details on how to do it : https://technet.microsoft.com/en-us/library/gg712290.aspx

 

Hope it Helps,

Kenny Buntinx

MVP Enterprise Client Management

Ignite keynote summary from an ECM perspective

7:27 pm in ConfigMgr, ConfigMgr 2012, configmgr 2012 R2, ConfigMgr V.next, EMS, Enterprise Mobility Suite, hybrid, Ignite, intune, Intune Standalone, SCCM 2012, sccm 2012 R2, SCCM v.Next, System Center, System Center 2016 by Kenny Buntinx [MVP]

 

For me this was the best keynote ever for all Microsoft’s events I’ve been at, virtually or physically. Wrapped up after three hours, I want to give you guys a heads up for what is happening in my area of expertise, Enterprise Client Management.

The conference is being held in Chicago and has over 20K people in the house. If you want you can watch a replay of this morning’s keynote on demand at http://news.microsoft.com/ignite2015/

Most Important Ignite Keynote Announcements from an enterprise Client Management perspective

Windows Update for Business – This is an advanced version of what you already know today and it’s called WSUS. Together with Windows 10 it will allow you to control which machines get Windows Updates or even feature updates. Integration with your existing tools like System Center and the Enterprise Mobility Suite – so that these tools can continue to be that ‘single pane of glass’ for all of your systems management.

Office 2016 Public Preview – Available for Office 365 subscribers and those who want to run the full standalone install.  This version will really kick down the #EMS offering on IOS , Android or Windows. Office will be the key in the whole mobility story.

Windows Server 2016 – A second technical preview is now available for download and testing and will allow you to unlock some additional Hybrid functionallity , such as updates for Hyper-V ,ADFS , Workfolders , etc .

System Center 2016 – Has new provisioning, monitoring and automation abilities for your data center. A new preview will be available soon online

· New technical preview for ConfigMgr 2016 for Windows10 available for a trial at http://www.microsoft.com/en-us/evalcenter/evaluate-system-center-configuration-manager-and-endpoint-protection-technical-preview

New features in today’s Technical Preview includes:

          • Support for Windows 10 upgrade with OS deployment task sequence
          • Support for installing Configuration Manager on Azure Virtual Machines
          • Ability to manage Windows 10 mobile devices via MDM with on-premises Configuration Manager infrastructure

· New service packs for Configuration Manager 2012 and 2012 R2 (They will be released somewhere next week)

These will deliver full compatibility with existing features for Windows 10 deployment and management as well as several other features, including:

          • App-V publishing performance
          • Scalability improvements
          • Content distribution improvements
          • Native support for SQL Server 2014
          • Hybrid Parity (Intune) and new features

Microsoft Advanced Threat Analytics – Brings on premise Azure AD level security monitoring and threat detection.  This software/service is the result of Microsoft’s acquisition last November of Aorato and it’s a great add-on for EMS and AD premium. The preview is available now from here.

 

During Brad Anderson’s piece of the keynote, his team showed 11 different technologies on stage and here are links to all of those services and programs:

I hope that you are as thrilled and exited as myself and that we can show you all these cool things in our own lab and we hope that we can see you at one of our SCUG.be events.

Hope it helps,

Kenny Buntinx

MVP Enterprise Client Management MVP

Deploying a Windows 7 MUI machine based on a "Hybrid MUI image" within Configmgr 2012

7:48 am in ConfigMgr, ConfigMgr 2012, ConfigMgr 2012 SP1, ConfigMgr V.next, Deployment, deployment types, detection methods, MUI, OSD, sccm, SCCM 2012, SCCM 2012 SP1, SCCM v.Next, Windows 7, Windows 7 SP1, Windows7 by Kenny Buntinx [MVP]

 
This post and subsequent posts will be a step by step on how to build a Hybrid base Windows 7 ( yes , I know that everyone should rollout the new fancy Win 8 Winking smile ) image in Configmgr 2012 and use that image as a base to deploy it in your company. I will be outlining not necessarily pointing out every click. Hopefully others will find this helpful. This assumes an understanding of Configmgr 2012 and uses what is referred to as a “Hybrid Image Strategy”.

 

In this post I’m going to outline how to handle multiple languages in a Windows 7 Enterprise deployment. Windows 7 Enterprise comes natively as a MultiLanguage User Interface type OS to which you can add on Language Packs. A language pack allows user to change the interface display language of Windows’ dialog boxes, menus and other text to the selected language. You can download/install them in a few different ways.

They take a long time to install and in our scenario it’s better to integrate them into your hybrid base .WIM image.

For this example, we’re going to configure and capture an OS image with the Dutch language pack installed. The reason why we use the Windows 7 base OS in English is :

  • Scripting in native English language. This means creating one script for all workstations in the enterprise .
  • One Worldwide image per platform (x64 or x86) , otherwise we would deploy a windows 7 professional English , Dutch and French as a native OS , meaning 1 image per language
  • Windows security updates Patching could be limited to English , which will reduce time and effort to test/build everything .

    The first step is build the hybrid image and to get a copy of the Language pack you need; these are a little hard to get a hold of but it’s because of the licensing requirement. You can get  a copy of the language pack :

  • Through your Microsoft support via MVLS
  • The Windows 7 language packs are available via Windows Update as optional update.
  • Windows 7 SP1 MUI language packs are released as KB2483139. All language packs (MUI) of Windows 7 SP1 in DVD ISO format from MSDN and TechNet Subscriber Downloads.
  • For people who wants to download the MUI language packs for Windows 7 SP1 only from official source, here’s the direct download links for most of both 32-bit (x86) and 64-bit (x64) Windows 7 SP1 MUI language packs from Microsoft’s Windows Update server.

    Download Official 32-bit (x86) Windows 7 SP1 MUI Language Packs

    Arabic: windows6.1-kb2483139-x86-ar-sa_5add6e4a36127029d431ba98d99708c44ef9b53f.exe
    Bulgarian: windows6.1-kb2483139-x86-bg-bg_a8a5013e477366119cfdc5fbda43b904755db450.exe
    Chinese (Simplified): windows6.1-kb2483139-x86-zh-cn_ae61ea226215f96fc95be33201ffc96755ac7eb5.exe
    Chinese (Traditional): windows6.1-kb2483139-x86-zh-hk_411a6bb68728f12f5ced712d9a33fee9ebe0b0b3.exe
    Danish: windows6.1-kb2483139-x86-da-dk_67fecaab0a940e2e537bc8dcd8a9ebb8ab4ed102.exe
    Dutch: windows6.1-kb2483139-x86-nl-nl_b7e1c3046b218fb45a665ab5f5ed8a5ea8125760.exe
    English: windows6.1-kb2483139-x86-en-us_783d6dd59e2ec8fb0995a059c9c121795bde46c8.exe
    Finnish: windows6.1-kb2483139-x86-fi-fi_5259ca6a22a981dbdee352dde5b8e65c2fddd407.exe
    French: windows6.1-kb2483139-x86-fr-fr_f57427487dfc2f49da67cac22480ab1f48983d22.exe
    German: windows6.1-kb2483139-x86-de-de_acb9b88b96d432749ab63bd93423af054d23bf81.exe
    Italian: windows6.1-kb2483139-x86-it-it_1d54a8d0047674fc1b5b6f41292a0074d9fe3cc5.exe
    Japanese: windows6.1-kb2483139-x86-ja-jp_bc46078938ae9129c7ce86a9c176fa517e4c0a3d.exe
    Korean: windows6.1-kb2483139-x86-ko-kr_18f213428cc6fde96d8c76c6dd91446348e86ce6.exe
    Norwegian: windows6.1-kb2483139-x86-nb-no_5bd6fc76ad54b7a232d4ceb4a5f5c7c366bf90b6.exe
    Polish: windows6.1-kb2483139-x86-pl-pl_c460a8c1392d7f3d35d1c0b37e56017d3552d245.exe
    Portuguese (Brazil): windows6.1-kb2483139-x86-pt-br_6e1d337b2fd56669d461e82601aa51004fecbd24.exe
    Portuguese (Portugal): windows6.1-kb2483139-x86-pt-pt_5cc92ef98ed177b2f6bbae3a0420ee2f12764fab.exe
    Russian: windows6.1-kb2483139-x86-ru-ru_6532a8f36ad7d15277d5d60da92555f0fbee4daa.exe
    Spanish: windows6.1-kb2483139-x86-es-es_6aef75f7d83edaabc2a921a6b157cc7005628286.exe
    Swedish: windows6.1-kb2483139-x86-sv-se_bd65af75e8995bd865d93c8d8c8a35091499083f.exe

    Download Official 64-bit (x64) Windows 7 SP1 MUI Language Packs

    Arabic: windows6.1-kb2483139-x64-ar-sa_f07f2cc7b55b17076eebceea2c2c2826b08b8f63.exe
    Chinese (Simplified): windows6.1-kb2483139-x64-zh-cn_2c1884b4fdf6c8e91986369d88bbcaae01c6f187.exe
    Chinese (Traditional): windows6.1-kb2483139-x64-zh-hk_285282b1e2f750eeed91466918443b657968d977.exe
    Danish: windows6.1-kb2483139-x64-da-dk_d753d19cc1a0fe95aef21548193393c04a6a8024.exe
    Dutch: windows6.1-kb2483139-x64-nl-nl_12c90c70d408b08f51f500d6e974878a5d662398.exe
    English: windows6.1-kb2483139-x64-en-us_9b9c8a867baff2920507fbf1e1b4a158572b9b87.exe
    Finnish: windows6.1-kb2483139-x64-fi-fi_223465e1b382484d1d82f8f2ccfcd9ed2f902c76.exe
    French: windows6.1-kb2483139-x64-fr-fr_0f18e2a244dd9ff04664112a82776d2bd2177798.exe
    German: windows6.1-kb2483139-x64-de-de_4f4ce6bd38530b4a02199172863b21a0cba13773.exe
    Italian: windows6.1-kb2483139-x64-it-it_6d8223c065d6974d833d0eaa162f3ceb7680850f.exe
    Japanese: windows6.1-kb2483139-x64-ja-jp_aeaf7e9b0b6c2173bf757330017a7f655f1f8715.exe
    Korean: windows6.1-kb2483139-x64-ko-kr_0ea76f748e3d5309d568147ad1337b2664090944.exe
    Norwegian: windows6.1-kb2483139-x64-nb-no_78df68604970041a6337b4058a3e5339f79e50b4.exe
    Polish: windows6.1-kb2483139-x64-pl-pl_24d00a966a7a75132c3af5627634483d3e2d01e7.exe
    Portuguese (Brazil): windows6.1-kb2483139-x64-pt-br_f8035731c55d774c95c7c673aedfd42d52479294.exe
    Portuguese (Portugal): windows6.1-kb2483139-x64-pt-pt_78485491088298110a3e78b7a5f95e55ff7808df.exe
    Russian: windows6.1-kb2483139-x64-ru-ru_0587eb296a2f04e0d3699650d39b53ee18b97a79.exe
    Spanish: windows6.1-kb2483139-x64-es-es_fdbdf4061b960324efb9eedf7106df543ed8ce33.exe
    Swedish: windows6.1-kb2483139-x64-sv-se_81051fe3083afdb4f2d1d23752c587de9bb35025.exe

    With those language packs downloaded , we going to create a “Hybrid Base OS” task sequence which will build and capture a VM (Vmware, Xen or Hyper-V –> HAL independent) from a setup.exe Windows 7 SP1 enterprise setup files, and add the following components:

  • Create a great unattended xml file to automate . –> See also http://scug.be/sccm/2010/02/02/sccm-windows-7-deployments-amp-unattended-xml/
  • Create a few Task sequence variables to identify the machine and do some branding.
  • My MUI packs I want to integrate. I add my Dutch Language pack install. That will produce a hybrid .WIM with the language pack integrated.
  • Latest .NET Framework 3.5 SP1 and 4.0 . If you really want , .NET 4.5 should work as well
  • Windows Management Framework 3.0  = KB2506146 or KB2506143 ( Attention : There are few code defects but a toxic issue with using ConfigMgr 2012 RTM  – It is FIXED with ConfigMgr 2012 SP1 –> Only install if you have SP1 !! )
  • All the various Visual C++ Runtime Libraries (2005 SP1 , 2008 SP1, 2010 SP1 )
  • All the various Visual C++ Report Viewers (2005 SP1 , 2008 SP1, 2010 SP1 )
  • Internet explorer 9 ( or 10 when it releases for Windows 7 )
  • All current Patches
  • Optional : Office 2007 / 2010 / 2013 MUI . My advise is only to incorporate Office x if you only have one version of Office thru your Enterprise . Meaning Office ProPlus for everyone and no mix !

    The Task Sequence itself will look like this :

    1 (2)

  • 1) Import Windows 7 SP1 x64 enterprise as an Operating System Install Package and add it to a Distribution point.
  • 2) Create a Windows 7 SP1 x64 Unattend.xml package in Configmgr ( yes a package as there is no way to handle it as an application ) and add it to a Distribution point. An example of a good unattend.xml file could be found here : http://scug.be/sccm/2010/02/02/sccm-windows-7-deployments-amp-unattended-xml/

    Make sure you have the following lines adapted as shown below . It will help you later to build a great machine that will meet your language criteria .

  • 3) Create a package and Program for your Windows 7 SP1 MUI language packs. Create one for X64 and one for X86 (if you need to support 2 HW platforms). An example of a how to build the Windows 7 SP1 MUI language packs package could be found here :

     

  • 4) Create four (4) OSD collections and set your collection variables accordingly :

    200

    Define the following variables accordingly :

  • OSDInputLocale = EN-US
  • OSDSystemLocale = EN-US
  • OSDUILanguage = EN-US
  • OSDUILanguageFallback = EN-US
  • OSDUserLocale = EN-US
  • Capture = YES
  • OfficePreinstall = YES
  •  

    201image

     image image

     

  • 4) Create a “Build and capture” task sequence :

     

        • Name the task sequence something appropriate like “Build & Capture Windows 7 SP1 X64 Hybrid Image”
        • Select the x64 boot image
        • Create a “Disk Format and Partition” step and choose properties on the Default (Primary) partition and check the “Quick Format” option
        • Select the Operating System Package you created in step 1 and specify your unattend.xml file you created in step 2
        • Set the local admin password to blank ( needed for sysprep to work )
        • Join a Domain and use a domain join account for security reasons. An example of a how to create a domain join account could be found here : http://scug.be/sccm/2008/10/20/configmanager-osd-joining-machines-to-a-domain-and-its-security/
        • Select the ConfigMgr 2012 client that is already available in Configmgr 2012
        • Create a few Task sequence variables to identify the machine and do some branding. We will use that later to create our automatic  naming when we are capturing the image.
          • Set “OSDModel for VMware" when the following query is true “select * from Win32_ComputerSystem WHERE model like ‘%VMware%’ “

          300

          • Set OSDARCHITECTURE=”X64"

          302

          • Set OSDVERSION=”Windows 7"
          • Set OSDREVISION=”SP1

     

    2 (2)

     

        • Windows Management Framework 3.0  = KB2506146 or KB2506143 ( Attention : There are few code defects but a toxic issue with using ConfigMgr 2012 RTM  – It is FIXED with ConfigMgr 2012 SP1 –> Only install if you have SP1 !! )
        • All the various Visual C++ Runtime Libraries (2005 SP1 , 2008 SP1, 2010 SP1 )

    4

    3 (2)

     

        • Optional : Office 2007 / 2010 / 2013 MUI (Remember the task sequence variable we have set at collection level !)

    303

        • All current Patches –> setup SU
        • Set your image properties and Capture settings
        • Select a location to save the image and make sure you include the full path including the .wim extension

    Capture Without Office : (Remember the task sequence variable we have set at collection level !)

    304

    image

    Capture With Office : (Remember the task sequence variable we have set at collection level !)

    306

    image

        • Enter an account with rights to write to the share
        • Finish up

    5) Deploy your “Build and capture” task sequence to a VMware , XEN or Hyper-V VM : Look here how to do it for VMware : http://scug.be/sccm/2010/02/03/sccm-deploying-windows-7-on-a-vmware-esx-environment-howto/

    Create your deployments (advertisements) accordingly :

    402

     

    Stay tuned for Part 2 , where we will deploy the Hybrid image ( that we just created)  for full deployment..

    Hope it Helps

    Kenny Buntinx

    Configmgr Client Migration from 2007 to 2012 and App-V client version

    7:44 am in App-V, AppV, ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr 2012, ConfigMgr2007 R3, Deployment, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, SCCM 2012, SCCM v.Next, System Center by Kenny Buntinx [MVP]

    If you are in the process of migrating your CM07 environment to CM12 and you are using already an App-V integrated solution , be sure that you have upgrade your App-V client to the correct version ! The correct supported version is App-V 4.6 SP1 cu5 .

    If the Existing CM07 client has the App-V client 4.6 or 4.6 SP1 installed , client migration will FAIL as shown below in the log file !! The only correct supported version is App-V 4.6 SP1 cu5 !

    image

    Hope it Helps ,

    Kenny Buntinx

    Configuration Manager 2012: Select a Preferred Deployment when deploying via unknown computer support

    1:16 pm in CM12, ConfigMgr 2012, ConfigMgr V.next, OSD, PXE, sccm, SCCM 2012, SCCM v.Next, System Center, Task Sequence, V.next, Windows 7 by Kenny Buntinx [MVP]

    Hi there ,

    Today a customer requested an interesting scenario about selecting a preferred deployment when deploying multiple TS to a single collection:

    Scenario:

    You have made a few task sequences available thru PXE boot and enabled unknown computer support . You set all your deployments to available , not required.
    When you start your OSD deployment , you will see the few task sequences sitting there and waiting . This is a correct behavior.

    The customer likes to see the following behavior:

    – one of the task sequences made available will be started automatically after 30 seconds  if none of the other TS are selected.

    This will help them to avoid the import computer information part as they stage thousands of machines over one weekend and there process is that the computer name is generated from their CMDB tool after the mac address and serial number is scanned. Then we extract that information and push it into TS variables.

    Solution:

    You can define a deployment in a prestart command that overrides existing deployments to the destination computer. Use the SMSTSPreferredAdvertID task sequence variable to configure the task sequence to use the specific Offer ID that defines the conditions for the deployment.

    More interesting info on John Vintzels blog at http://blogs.technet.com/b/inside_osd/archive/2010/06/07/v-next-beta-1-feature-select-preferred-deployment-from-pre-execution-hook.aspx

    Hope it Helps ,

    Kenny Buntinx

    Configmgr 2012 and App-V dependencies

    7:14 pm in App-V, AppV, ConfigMgr 2012, ConfigMgr V.next, SCCM 2012, SCCM v.Next, System Center by Kenny Buntinx [MVP]

    When using App-V Applications in Configmgr 2012 , make sure you have App-V client 4.6 SP1 CU5 deployed as this is the minimum supported version in CM12 .

    Just a reminder when you are in a migration phase … First upgrade your App-V client software to version 4.6 SP1 CU5

    This will also be a requirement is you want to add the App-V client as a dependency of your Application’s deployment type (app-V)

    Hope it Helps ,

    Kenny buntinx

    CM12 : Issue with ASP.Net when installing the Application Catalog Website Point Role

    7:24 am in CM12, ConfigMgr 2012, ConfigMgr V.next, dotnet, IIS, SCCM 2012, SCCM v.Next, System Center by Kenny Buntinx [MVP]

    Yesterday I faced an issue at one of my customers when installing CM12 in a lab environment. I wanted to install the Application Catalog Website Point Role .

    Scenario :

    • My CM12 site is installed and running
    • I am adding the necessary roles such as Fallback status point , Application Catalog website point and the Application Web Service Point.

    To do that I added in IIS the ASP.net component as stated in the prerequisites here :

    http://technet.microsoft.com/en-us/library/gg682077.aspx

    SCCMprim018

    Then I added the necessary roles and after looking in the appropriate log file , I discovered an error : “ Error: IIS Asp.net is NOT registered . Setup failed – Error 126. “

    SCCMprim020

    To solve this , you will need to navigate to "%systemroot%\Microsoft.NET\Framework\v.4.0\” and run “aspnet_regiis.exe –i “

    Make sure that you register the latest version of Dot.net framework . In this case it is would be version 4 of dot net framework.

    SCCMprim021

    After restarting the CM12 services , the role reinstalled correctly without any issues .

    Hope it Helps ,

    Kenny Buntinx

    Windows 7 OSD deployment (SCCM or MDT ) and starting with a patched media = More secure & Saves time !

    9:03 am in ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr 2012, ConfigMgr SP2, ConfigMgr V.next, configmgr2007, ConfigMgr2007 R3, Deployment, DISM, OSD, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, SCCM 2012, SCCM v.Next, sccm2007, WAIK, Windows 7, Windows 7 SP1, Windows7 by Kenny Buntinx [MVP]

    1. Download your patches to a folder

    You could always download the patches from the following link http://catalog.update.microsoft.com/v7/site/Install.aspx?referringpage=Home.aspx and save them to a local folder or automate it by the following process :

    • First step will be to install a clean Windows 7 machine without any application . After that process we will run wuauclt /detectnow and install all available updates . You will need to reboot a few times and rerun the wuauclt /detectnow to allow all patches to be installed properly

    • Then run the procedure below for WSUS patch extraction :

    Go to C:\windows and open windowsupdate.log in excel. Delimit the file by Tab and space

    Run the auto-filter and filter on “Downloading” in column “G”

    Select all rows in column “I” and copy the table. Go to new sheet and paste in this in column “B”

    We select column “B” and select Data -> text to column en delimit by ‘/’. Now we remove column “B,C,D and E”

    Go back to sheet where you imported the “Windowsupdate.log” and select all rows in column “K” and copy the column. Go to the new sheet and paste in column “D”

    We select column “K” and select Data -> text to column en delimit by ‘\’. Now we remove column “D,E,F,G and H”

    Paste the following formula in column “A” “="Copy H:\" & B2 & "\" & C2 & " c:\Patches\" & D2”

    Drag the formula to below , select column A , select all and copy it

    Open notepad , paste the text and save as “getpatch.cmd”

    Map your drive H: to \\yourwsusserver\WsusContent and run “getpatch.cmd”

    Copy your downloaded patches to the location you need them

     

    2. Applying the offline patches to the windows 7 media

     

    Open up a WINPE command prompt via the WAIK.

    Run the following commands in the following sequence .

    Dism /Mount-Wim /Wimfile:"F:\DISM\Windows 7 Enterprise SP1 Eng X64 Source\sources\install.wim" /index:1 /Mountdir:F:\DISM\temp

    clip_image002

    Dism /image:F:\DISM\temp /add-package /packagepath:F:\DISM\Patches (where the patches folder contains your downloaded CBS windows patches)

    clip_image004

    dism /commit-WIM /Mountdir:F:\DISM\temp

    clip_image006

    dism /unmount-WIM /commit /Mountdir:F:\DISM\temp

    clip_image008

     

    3. What if you get an error applying the offline patches?

     

    It can happen that there are patches that cannot be applied offline. When that happens, you will get the following error as shown below in the screenshot. In this case KB2533552. Do not worry, the process does not need to run again.

    However, please note all patches that couldn’t be applied, so you could keep track of them for later deployment .

    clip_image010

    To see what is really going on and to verify this is a patch that cannot be applied offline , you should open the DISM.log file and search for the specific update as shown below in the screenshot.

    clip_image012

    When you look closer at the screenshot, you will see the message “Cannot perform offline servicing with an online-only package “, meaning this patch is not a CBS update and needs to be applied online.

    You could always check the update on the following link http://catalog.update.microsoft.com/v7/site/Install.aspx?referringpage=Home.aspx

     

    4. Import the image in SCCM or MDT

     

    After this process you need to import the source content in SCCM. When done start adding it to the distribution points and wait until it is replicated, preferably with a good naming convention.

    After importing the image in SCCM, add it to the DP’s and check if the image is replicated correctly on all selected DP’s.

    When it’s done, change the media in the task sequence to use the new patched media. This will allow you to minimize staging downtime.

     

    Now you are running from the start with a patched offline media , meaning less deployment time and being more secure when deploying your machines !

     

    Hope it Helps ,

     

    Kenny Buntinx