You are browsing the archive for 2015 February.

Avatar of timdk

by timdk

UDM with ConfigMgr and Intune – why CU’s Matter

6:35 pm in Configuration Manager, Microsoft Intune by timdk

When delivering sessions on Unified Device Management (UDM) with Configuration Manager and Intune we have always stressed the fact that running on the latest CU level is really important. If you attended our most recent session in Zurich you may recall the following slide header:



A post that was published on the Configuration Manager Team Blog yesterday now gives a perfect overview on why those CU’s matter: as of CU2 there were a lot of fixes and improvements included related specifically to Mobile Device Management.

First there was CU2 which included fixes and improvements related to policies. CU3 included Simple Certificate Enrollment Protocol (SCEP) related fixes and the latest CU4 added the following:

  • Attempts to enroll a device in a user collection containing security groups will fail with an access denied error.
  • Inventory data collected from mobile devices and the Windows Intune connector may be for the wrong device if two devices synchronize simultaneously.
  • Hotfix extends client notification in System Center 2012 R2 Configuration Manager to MDM devices
  • Mobile Device Management settings are not applied to cloud-managed users in System Center 2012 R2 Configuration Manager

For a full history and overview of what was included in which CU have a look at the original post. Remember that these updates are cumulative so installing CU4 is sufficient as it includes everything from previous releases.

So our recommendation remains: apply the latest available Cumulative Update to your Configuration Manager environment as soon as possible!

Until next time!


Avatar of timdk

by timdk

Microsoft Intune: February update introduces more new features

5:23 pm in Microsoft Intune by timdk

MicrosoftIntune_LogoThe February update for Microsoft Intune just got announced on the Microsoft Intune blog. It will be released between February 6th (today!) and February 11th. You can check the status page for more specific timeframes here.

This update will include the following new features for Intune standalone:

  • Management of Office mobile apps (Word, Excel, and PowerPoint) for Android devices, including ability to restrict actions such as copy, cut, and paste outside of the managed app ecosystem.
  • Management of the OneNote app for iOS devices.
  • Ability to browse and install apps on Windows Phone 8.1 devices using Intune Company Portal website.
  • Deployment of WiFi profiles for Windows devices using XML import and Windows Phone devices using OMA-URI.
  • Support for Cisco AnyConnect per-app VPN configurations for iOS devices.
  • Ability to require encryption on Windows 8.1 (x86) devices.
  • Ability to set minimum classification of platform updates to be installed automatically on Windows 8.1 (x86) devices.

As part of the announcement Microsoft is also mentioning a more frequent release cadence: in the future they will be releasing new features to Intune on a monthly basis.

Have a nice weekend!


Avatar of timdk

by timdk

Implementing Configuration Manager 2012 R2 Cumulative Update 4

3:27 pm in Configuration Manager by timdk

Earlier on I have installed the newly released Cumulative Update 4 for Configuration Manager 2012 R2 in my lab. This blog post outlines the steps done during this implementation and can be used as a step by step guide.

First step is to get the sources for the CU here. The KB article also gives a full overview of the fixes and improvements in this update. As the name indicates, this update also contains all elements fixed or added in one of the previously released CU’s.

Note that this update is only applicable to Configuration Manager 2012 R2 – if you are currently still running Configuration Manager 2012 SP1 the latest available cumulative update is CU5.

The CU is applicable directly to the following components:

    • CAS
    • Primary Sites (standalone or in a hierarchy)
    • Secondary Sites
    • SMS Provider(s)
    • Console(s)

    Additionally it contains updates for the following components:

    • CAS
    • Primary Sites
    • Secondary Sites
    • SMS Provider(s)
    • Consoles
    • Clients

    The lab we are upgrading does not contain all the components listed above, a CAS and Secondary Site(s) are not present.

    Primary site

    Cumulative Updates for Configuration Manager are implemented top-down so we start with the site server of the standalone primary site. Before running the installer with elevated privileges ensure there are no more console connections.



The installation wizard kicks off.


On the welcome screen, click next.


Accept the License Agreement and click Next.


Verify the prerequisite checks and click Next.


Leave the option to update the locally installed console.


Leave the option to update the site database and click Next.


During the setup process we can opt to create packages to support updating other components in the infrastructure. Leave the options to have these packages created and click Next.


Leave the default settings for the servers package and click Next.


Leave the default settings for the console package and click Next.


Leave the default settings for both the x86 and x64 client package and click Next.


Review the setup summary and click Install when ready.


Progress is shown for each action.


Install completed! Click Finish to close the wizard.

Notice the mention that a reboot is required.


If you are interested in the more technical details about the installation and would like to see what is happening behind the scenes, have a look at the log file cm12-r2cu4-kb3026739-x64-enu.log  located in the %windir%\temp folder.

After the installation you can do a few verification checks to see if the CU got implemented.

First one is to look for the following entries in Programs & Features > View Installed Updates.


Second one would be to look in the registry in HKLM\Software\Microsoft\SMS\Setup


And lastly you can also check the version in the console (see About Configuration Manager):



As we opted to have some packages created to support implementing the CU in our environment these should now also be visible in the console. Go to the software library and select packages. Select the Configuration Manager Updates folder and then type CU4 in the search box to quickly locate those packages.


Important: Do not forget to distribute the content of these packages to your Distribution Points!

Important (2): Do not forget to update your boot images. This can be done by selecting a boot image, right-clicking it and then selecting the action to Update Distribution Points.

Secondary Sites

If there are any Secondary Sites in your environment the next step is to implement the CU on those sites. The server update package can be used to automate this. To target the site servers a collection can be built which is populated based on the following query:

    • select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name, SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,
      SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS_64 on SMS_G_System_ADD_REMOVE_PROGRAMS_64.ResourceId = SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS_64.DisplayName = "System Center 2012 R2 Configuration Manager Secondary Site Setup"


    As part of the implementation process on the site server the locally installed console was updated. Any remaining remote consoles in the environment can be updated using the console upgrade package.

    To build a collection containing the machines with the console installed the following query could be used:

  • select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name, SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM. ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceId = SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName = "System Center 2012 R2 Configuration Manager Console"


    Last but not least we also need to get the CU installed on our clients. There are multiple approaches to accomplish this; one method could be to deploy the client update packages created automatically during the implementation process.

As there is a package per processor architecture we will also create matching collections to target our deployments. This is an example query for a collection containing all 64-bit clients with a client version not equal to CU4:

  • select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name, SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,
    SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_SYSTEM on SMS_G_System_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_R_System.ClientVersion != "5.00.7958.1501" and SMS_G_System_SYSTEM.SystemType = "X64-based PC"
    The query for the collection with 32-bit clients is identical; just replace “x64-based PC” with “x86-based PC”.

A client with CU4 installed will display the following version in its properties:


Version numbers for some of the components are also updated:



As you can see the experience for implementing this CU is pretty straightforward and identical to the previously released CU’s.

Until next time!


Avatar of timdk

by timdk

Cumulative Update 4 for System Center 2012 R2 Configuration Manager released!

3:00 pm in Configuration Manager by timdk

metrofixMicrosoft has released Cumulative Update 4 for System Center 2012 R2 Configuration Manager.

This CU includes a large list of fixes for various issues. Details on those fixes and information on added functionality can be found in KB3026739.

PowerShell changes are documented in a separate KB article KB3031717. Additionally the update includes performance optimizations for data replication, an Endpoint Protection platform update (KB2998627) and OS Support for Max OSx 10.10 and Suse Linux Enterprise Server 12.

A few interesting reads about this CU which were published earlier today:

Until next time!