deployment
Slow Software Center search results
Currently Software Center will use WMI to query all available software for the computer, then it will ask the management point for user assigned apps.
If your computer is a bit slow/old the wait time checking WMI can be painful. You can check this on the client log SCNotify_MONASH@%username%_1.log
Please vote for my Uservoice - https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/39082435-speed-up-software-centre-searches-by-returning-use
If your SQL is slow you have another problem.. You can check this on the MP UserService.log - Search for GetFilteredApplications.
SQL Fixes:
Set the right compatibility level - https://support.microsoft.com/en-au/help/3196320/sql-query-times-out-or-console-slow-on-certain-configuration-manager-d
Reindex right - https://www.scconfigmgr.com/2017/01/03/configuration-manager-sql-database-maintenance/
Task Sequence can't find a dependency that doesn't exit
When I see 'Failed to run Task Sequence - This task sequence cannot be run because the program files for XXXXXXX cannot be locataed on a distribution point'
I go to Monitoring \ Distribution Status \ Content Status. It's the quickest way to search all package objects. Today the search came up with no results.
I exported the task sequence to make sense of it, found the ID in a section about OSDSubTaskSequenceTsReferencePackages -
<variable name="OSDSubTasksequenceTsReferenceApplications" property="TsReferenceApplications"></variable>
<variable name="OSDSubTasksequenceTsReferencePackages" property="TsReferencePackages">ZZZ00019,ZZZ0001F,ZZZ00020,ZZZ00024</variable></defaultVarList></subtasksequence>
What happened was someone removed a driver package and deleted it. The main task sequence still referenced it. To fix I modified the main task sequence, so it kicked off new policies.
Deploying Office 2019 VL
Office 2019 now uses click-to-run technology instead of 'setup /admin' there are a few changes, probably for the best in the long run.
Create Config Files
First you need to download to Office Deployment tool
This is a self extracting file that spits out setup.exe and 2 sample config files - one for 32-bit and one for 64-bit.
Edit the edition you want to download. If you want the Volume License version change the Product ID to 'ProPlus2019Volume'
You don't need to add Visio or Project as they are also downloaded.
Save the file and run 'setup.exe /download configuration-Office365-x64.xml'.
This will run in the background and download into a subfolder - Office.
Now you have the files you can make configurations using these resources
https://config.office.com/ - Spits out config files for Office 365 - At time of writing it isn't made for 2019 yet but should work ok.
https://docs.microsoft.com/en-gb/DeployOffice/office2019/deploy - Documentation on customising the confiuration files.
If you want a head start I've made config files for Office, Project and Visio - Download
Example - Office 32-Bit, exclude OneDrive and Skype, accept EULA, Silent install, some customisations from Config.office.com
Test
To test your config files run setup.exe with the configure switch
setup.exe /configure configuration-OfficeProPlus-x86.xml
Deploy
Create an application in SCCM - with your files.
Deployment type - Script Installer
For Detection Methods:
Office - 32-Bit: %ProgramFiles(x86)%\Microsoft Office\root\Office16\Winword.exe
Office - 64-Bit: %ProgramFiles%\Microsoft Office\root\Office16\WINWORD.EXE
Project - 32-Bit: %programfiles(x86)%\Microsoft Office\root\Office16\WINPROJ.EXE
Project - 64-Bit: %ProgramFiles%\Microsoft Office\root\Office16\WINPROJ.EXE
Visio - - 32-Bit: %programfiles(x86)%\Microsoft Office\root\Office16\VISIO.EXE
Project - 64-Bit: %ProgramFiles%\Microsoft Office\root\Office16\VISIO.EXE
KMS
Download the Volume license app http://www.microsoft.com/downloads/details.aspx?FamilyID=878fef7e-3f4d-4d22-a423-f447c0f5bfdd
On the KMS server run the exe.
Get your Office 2019 KMS Key from your Key Holder
Don't Click Commit! Click Cancel as you already have this configured
SCCM client = None after deploying an operating system
In an environment where you use certificates this can happen.
CLientIDManagerStartup.log will mention
Regtask: Failed to refresh MP. Error: 0x80004005
alot of times...
Below I have the 2 fixes!
Fix 1 is to take advantage of the TS Variable SMSTSPostAction to restart the computer once completed
with the value 'shutdown /r /t 0 /f'
This should ensure the cert is requested.
Fix 2:
From testing - after Fix 1 you may need to re-start the SCCM agent.
To do this create a scheduled task that runs on start-up
Program: Powershell
Arguments: -Command "& {start-sleep 120; restart-service ccmexec; Unregister-ScheduledTask -TaskName 'Restart SCCM Initial boot' -Confirm:$false;}"
Run whether or not user is logged on.
Export the scheduled task as 'RestartSCCM.xml' and create a package and command line to run at the end of OSD
SCHTASKS.exe /CREATE /RU system /XML "RestartSCCM.xml" /TN "Restart SCCM Initial boot"
Happy deploying!
Disabling Windows File Explorer banner advertising
Microsoft has soo much advertising power with Windows 10, they can now put banners up in Windows Explorer via updates. You may see one such as this:
'Save your documents and photos to OneDrive' or 'Get the best deal on your cloud storage with OneDrive'
The setting is called Show Sync Provider Notifications however it has been used for other purposes such as when you do a feature update
To prevent this from happening push out a group policy User preference
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Value: ShowSyncProviderNotifications
Value Type: REG_DWORD
Value Data: 00000000
Base: Hex
Set the computer name using the BIOS Asset Tag
If you are setting the Asset Tag the same name that the computer is, it makes sense to only have to input it once. I created a powershell script that will do the following:
If VM or Mac: Exit 0
If computer exists in SCCM: Exit 0
If AssetTag Exists/Not empty: Set OSDComputerName to AssetTag, Exit 0
If AssetTag doesn't exist: Bring up an error message, Exit 1
Tested with HP and Dell machines.
Update: Added optional script that uses the HP Ownership Tag
How to use:
Create a package for the script
Copy serviceUI.exe (From MDT Toolkit) to the same folder.
In the Task Sequence after initial format of the drive create a Run Command Line step using the package that you created
with the command: ServiceUI.exe -process:TSProgressUI.exe %SYSTEMROOT%\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass -File AssetTag.ps1
Thanks Nickolaj and Dave Green for the initial form
MDT Toolkit files fail to download - could not resolve source
If this happens during OSD, it is likely due to 2 settings in the BIOS.
I recommend
WIN7 -
Boot mode: Legacy
Sata mode: AHCI
Win10-
Boot mode: UEFI
Sata mode: AHCI
From the log:
The task sequence execution engine failed executing the action (Use Toolkit Package) in the group (Initialization) with the error code 2147942561
Action output: ... ursiveCreatePath(sPath.substr(0, nPos), psa), HRESULT=800700a1 (e:\nts_sccm_release\sms\framework\core\ccmcore\path.cpp,104)
RecursiveCreatePath(sPath.substr(0, nPos), psa), HRESULT=800700a1 (e:\nts_sccm_release\sms\framework\core\ccmcore\path.cpp,104)
RecursiveCreatePath( sNormalizedPath, psa ), HRESULT=800700a1 (e:\nts_sccm_release\sms\framework\core\ccmcore\path.cpp,159)
DownloadContentLocally (pszSource, sSourceDirectory, dwFlags, hUserToken, mapNetworkAccess), HRESULT=800700a1 (e:\nts_sccm_release\sms\framework\tscore\resolvesource.cpp,3582)
TS::Utility::ResolveSource (pszPkgID, sPath, 0, hUserToken, mapNetworkAccess), HRESULT=800700a1 (e:\nts_sccm_release\sms\client\osdeployment\installsoftware\runcommandline.cpp,399)
cmd.Execute(pszPkgID,sProgramName, dwCmdLineExitCode), HRESULT=800700a1 (e:\nts_sccm_release\sms\client\osdeployment\installsoftware\main.cpp,372)
Failed to resolve the source for SMS PKGID=PS10098B, hr=0x800700a1
Install Software failed to run command line, hr=0x800700a1. The operating system reported error 2147942561: The specified path is invalid.
Build and Capture fails if KB3160005 IE sec cumulative update is installed
Update: Adding more scratch space to the boot wim seems to have resolved the problem on Windows 10, Windows 7 seems to still have issues.
Update: This update is also in Windows 10 CU 3163018, causing the same error. No workaround yet
If your build and capture is failing at the capture step make sure you don't have the cumulative Security Update for IE11 KB3160005. It's somehow stopping the registry load part of the step.
1 2 3 4 5 6 7 8 9 10 11 12 |
The task sequence execution engine failed executing the action (Capture the Reference Machine) in the group (Capture the Reference Machine) with the error code 2147943850 Action output: ... software" into HKLM\OfflineRegistry1 RegLoadKey( oRegKeyHKLM, sRegKey, sRegHivPath), HRESULT=800705aa (e:\qfe\nts\sms\framework\osdcore\offlineregistry.cpp,68) LoadHive( szPathBuffer, m_sRegKeySoftware, m_oRegKeySoftware ), HRESULT=800705aa (e:\qfe\nts\sms\framework\osdcore\offlineregistry.cpp,190) m_oOfflineRegistry.Init(pszSystemRoot), HRESULT=800705aa (e:\qfe\nts\sms\framework\osdcore\offlineos.cpp,737) rDefaultOs.initialize(sTargetSystemRoot), HRESULT=800705aa (e:\nts_sccm_release\sms\client\osdeployment\capturesystemimage\capturesystemimage.cpp,613) VerifySystemForCapture(DefaultOs), HRESULT=800705aa (e:\nts_sccm_release\sms\client\osdeployment\capturesystemimage\capturesystemimage.cpp,859) Finished with error code 0x800705AA Failed to load "C:\WINDOWS\system32\config\software" (0x800705aa). Failed to load the offline SOFTWARE registry (0x800705aa). Failed to validate for capture. nsufficient system resources exist to complete the requested service. (Error: 800705AA; Source: Windows). The operating system reported error 2147943850: Insufficient system resources exist to complete the requested service. |
Adding Admin Elevated websites to trusted sites/intranet/etc
It's very easy to customize the trusted sites for users by using group policy preferences without locking the settings down however what about websites that need to be ran as a different user?
To work around this I created a simple C Sharp program that sets the registry before launching the site in IE
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
using System; using System.Diagnostics; using System.ComponentModel; using Microsoft.Win32; namespace ConsoleApplication1 { class Program { static void Main(string[] args) { Registry.SetValue(@"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\", "", ""); //Tree Registry.SetValue(@"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap", "", ""); //Branch Registry.SetValue(@"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains", "", ""); //Branch Registry.SetValue(@"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\happysccm.com", "", ""); //Branch Registry.SetValue(@"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\happysccm.com", "*", "1", RegistryValueKind.DWord); //Branch's value Process.Start("IExplore.exe", "http://portal.happysccm.com"); } } } |
Zones:
Value Setting
------------------------------
0 My Computer
1 Local Intranet Zone
2 Trusted sites Zone
3 Internet Zone
4 Restricted Sites Zone
Create the Installer:
Compile the package and copy it to where you want it on the clients system. Then create a shortcut to the exe.
Copy the exe and shortcut to your network share.
Create an Install.bat:
1 2 |
xcopy.exe "Admin Portal.lnk" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\" /Y xcopy.exe IDMAdmin.exe C:\ProgramData\IDMAdmin\ /Y |
Deploy!
Hey Cortana! How do I add additional speeches during OSD so you work?
For Cortana to work with your language you need to install the appropriate speech pack however if you are connected to an enterprise WSUS you won't be able to see additional downloads for your language.
To work around this you can get the language cab files from the 'Windows 10 Features on Demand' iso available via volume license and MSDN downloads, then use dism commands to apply the desired language packages. Currently the available ones are
- German - Germany (Microsoft-Windows-LanguageFeatures-Speech-de-de-Package.cab)
- English - Australia (Microsoft-Windows-LanguageFeatures-Speech-en-au-Package.cab)
- English - Canada (Microsoft-Windows-LanguageFeatures-Speech-en-ca-Package.cab)
- English - United Kigndom (Microsoft-Windows-LanguageFeatures-Speech-en-gb-Package.cab)
- English - India (Microsoft-Windows-LanguageFeatures-Speech-en-in-Package.cab)
- English - United States (Microsoft-Windows-LanguageFeatures-Speech-en-us-Package.cab)
- Spanish - Spain (Microsoft-Windows-LanguageFeatures-Speech-es-es-Package.cab)
- French - France (Microsoft-Windows-LanguageFeatures-Speech-fr-fr-Package.cab)
- Italian - Italy (Microsoft-Windows-LanguageFeatures-Speech-it-it-Package.cab)
- Japanese - Japan (Microsoft-Windows-LanguageFeatures-Speech-ja-jp-Package.cab)
- Chinese - China (Microsoft-Windows-LanguageFeatures-Speech-zh-cn-Package.cab)
- Chinese - Hong Kong (Microsoft-Windows-LanguageFeatures-Speech-zh-hk-Package.cab)
- Chinese - Taiwan (Microsoft-Windows-LanguageFeatures-Speech-zh-tw-Package.cab)
Note: Cortana is currently only available in United States, Japan, Australia, and Canada and India (in English) however having the speech packs installed will help your deployment if other markets open up.
You can also install the Text to speech pack along side. For example
Microsoft-Windows-LanguageFeatures-TextToSpeech-en-au-Package.cab adds Aussie Catherine and British James however Cortana doesn't use them.
To deploy during OSD create a package with the desired speech packs and an Install.bat file. The following example of install.bat sets up English-Australia and also adds text to speech voices, you can add additional packages by changing the PackagePath:
DISM /Online /Add-Package /PackagePath:Microsoft-Windows-LanguageFeatures-TextToSpeech-en-au-Package.cab
DISM /Online /Add-Package /PackagePath:Microsoft-Windows-LanguageFeatures-Speech-en-au-Package.cab
And then create a Run Command Line step in the task sequence referencing the package with Disable 64-bit file system redirection
install.bat
To set the default Speech Language you need to modify the default user reg. This can be achieved in 3 commands during the task sequence
Load Default User Registry
reg load HKU\DefaultTemp "C:\Users\Default\NTUSER.DAT"
Set Default SpeechRecognizer
reg add "HKU\DefaultTemp\Software\Microsoft\Speech_OneCore\Settings\SpeechRecognizer" /v RecognizedLanguage /t REG_SZ /d en-AU /F
Unload Default User Registry
reg unload HKU\DefaultTemp