deployment

Slow Software Center search results

Currently Software Center will use WMI to query all available software for the computer, then it will ask the management point for user assigned apps.

If your computer is a bit slow/old the wait time checking WMI can be painful. You can check this on the client log SCNotify_MONASH@%username%_1.log

Please vote for my Uservoice - https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/39082435-speed-up-software-centre-searches-by-returning-use

If your SQL is slow you have another problem.. You can check this on the MP UserService.log - Search for GetFilteredApplications.

SQL Fixes:
Set the right compatibility level - https://support.microsoft.com/en-au/help/3196320/sql-query-times-out-or-console-slow-on-certain-configuration-manager-d

Reindex right - https://www.scconfigmgr.com/2017/01/03/configuration-manager-sql-database-maintenance/

 

 

Task Sequence can't find a dependency that doesn't exit

When I see 'Failed to run Task Sequence - This task sequence cannot be run because the program files for XXXXXXX cannot be locataed on a distribution point'

I go to Monitoring \ Distribution Status \ Content Status. It's the quickest way to search all package objects. Today the search came up with no results.

I exported the task sequence to make sense of it, found the ID in a section about OSDSubTaskSequenceTsReferencePackages -

<variable name="OSDSubTasksequenceTsReferenceApplications" property="TsReferenceApplications"></variable>

<variable name="OSDSubTasksequenceTsReferencePackages" property="TsReferencePackages">ZZZ00019,ZZZ0001F,ZZZ00020,ZZZ00024</variable></defaultVarList></subtasksequence>

 

What happened was someone removed a driver package and deleted it. The main task sequence still referenced it. To fix I modified the main task sequence, so it kicked off new policies.

 

 

 

Deploying Office 2019 VL

Office 2019 now uses click-to-run technology instead of 'setup /admin' there are a few changes, probably for the best in the long run.

Create Config Files

First you need to download to Office Deployment tool

This is a self extracting file that spits out setup.exe and 2 sample config files - one for 32-bit and one for 64-bit.
Edit the edition you want to download. If you want the Volume License version change the Product ID to 'ProPlus2019Volume'

You don't need to add Visio or Project as they are also downloaded.

Save the file and run 'setup.exe /download configuration-Office365-x64.xml'.
This will run in the background and download into a subfolder - Office.

Now you have the files you can make configurations using these resources
https://config.office.com/ - Spits out config files for Office 365 - At time of writing it isn't made for 2019 yet but should work ok.
https://docs.microsoft.com/en-gb/DeployOffice/office2019/deploy - Documentation on customising the confiuration files.

If you want a head start I've made config files for Office, Project and Visio - Download 

Example - Office 32-Bit, exclude OneDrive and Skype, accept EULA, Silent install, some customisations from Config.office.com

Test

To test your config files run setup.exe with the configure switch

setup.exe /configure configuration-OfficeProPlus-x86.xml

 

Deploy

Create an application in SCCM - with your files.
Deployment type - Script Installer

For Detection Methods:

Office - 32-Bit: %ProgramFiles(x86)%\Microsoft Office\root\Office16\Winword.exe
Office - 64-Bit: %ProgramFiles%\Microsoft Office\root\Office16\WINWORD.EXE

Project - 32-Bit: %programfiles(x86)%\Microsoft Office\root\Office16\WINPROJ.EXE
Project - 64-Bit: %ProgramFiles%\Microsoft Office\root\Office16\WINPROJ.EXE

Visio -  - 32-Bit: %programfiles(x86)%\Microsoft Office\root\Office16\VISIO.EXE
Project - 64-Bit: %ProgramFiles%\Microsoft Office\root\Office16\VISIO.EXE

KMS

Download the Volume license app http://www.microsoft.com/downloads/details.aspx?FamilyID=878fef7e-3f4d-4d22-a423-f447c0f5bfdd
On the KMS server run the exe.

Follow the Wizard Prompts

Get your Office 2019 KMS Key from your Key Holder

Don't Click Commit! Click Cancel as you already have this configured

 

 

 

 

 

 

SCCM client = None after deploying an operating system

In an environment where you use certificates this can happen.

CLientIDManagerStartup.log will mention

Regtask: Failed to refresh MP. Error: 0x80004005

alot of times...

Below I have the 2 fixes!

Fix 1 is to take advantage of the TS Variable SMSTSPostAction to restart the computer once completed
with the value 'shutdown /r /t 0 /f'

This should ensure the cert is requested.

Fix 2:

From testing - after Fix 1 you may need to re-start the SCCM agent.
To do this create a scheduled task that runs on start-up

Program: Powershell

Arguments: -Command "& {start-sleep 120; restart-service ccmexec; Unregister-ScheduledTask -TaskName 'Restart SCCM Initial boot' -Confirm:$false;}"

Run whether or not user is logged on.

 

Export the scheduled task as 'RestartSCCM.xml' and create a package and command line to run at the end of OSD

SCHTASKS.exe /CREATE /RU system /XML "RestartSCCM.xml" /TN "Restart SCCM Initial boot"

 

Happy deploying!

Disabling Windows File Explorer banner advertising

Microsoft has soo much advertising power with Windows 10, they can now put banners up in Windows Explorer via updates. You may see one such as this:
'Save your documents and photos to OneDrive' or 'Get the best deal on your cloud storage with OneDrive'

The setting is called Show Sync Provider Notifications however it has been used for other purposes such as when you do a feature update

 

 

 

To prevent this from happening push out a group policy User preference
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

Value: ShowSyncProviderNotifications
Value Type: REG_DWORD
Value Data: 00000000
Base: Hex

Error message when no Asset Tag Detected

Set the computer name using the BIOS Asset Tag

If you are setting the Asset Tag the same name that the computer is, it makes sense to only have to input it once. I created a powershell script that will do the following:

If VM or Mac: Exit 0

If  computer exists in SCCM: Exit 0

If AssetTag Exists/Not empty: Set OSDComputerName to AssetTag, Exit 0

If AssetTag doesn't exist: Bring up an error message, Exit 1

 

Tested with HP and Dell machines.

Download Script https://github.com/happysccm/Files/tree/master/Check%20for%20Asset%20Tag%20-%20OSD%20AssetTag%20Check%20-%20Most%20code%20by%20Nickolaj%20and%20Dave%20Green

Update: Added optional script that uses the HP Ownership Tag

How to use:
Create a package for the script

Copy serviceUI.exe (From MDT Toolkit) to the same folder.

In the Task Sequence after initial format of the drive create a Run Command Line step using the package that you created

with the command: ServiceUI.exe -process:TSProgressUI.exe %SYSTEMROOT%\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass -File AssetTag.ps1

 

Thanks Nickolaj and Dave Green for the initial form

 

MDT Toolkit files fail to download - could not resolve source

IMG_6554

If this happens during OSD, it is likely due to 2 settings in the BIOS.

 

I recommend

WIN7 -

Boot mode: Legacy
Sata mode: AHCI

Win10-

Boot mode: UEFI
Sata mode: AHCI

 

 

From the log:
The task sequence execution engine failed executing the action (Use Toolkit Package) in the group (Initialization) with the error code 2147942561
Action output: ... ursiveCreatePath(sPath.substr(0, nPos), psa), HRESULT=800700a1 (e:\nts_sccm_release\sms\framework\core\ccmcore\path.cpp,104)
RecursiveCreatePath(sPath.substr(0, nPos), psa), HRESULT=800700a1 (e:\nts_sccm_release\sms\framework\core\ccmcore\path.cpp,104)
RecursiveCreatePath( sNormalizedPath, psa ), HRESULT=800700a1 (e:\nts_sccm_release\sms\framework\core\ccmcore\path.cpp,159)
DownloadContentLocally (pszSource, sSourceDirectory, dwFlags, hUserToken, mapNetworkAccess), HRESULT=800700a1 (e:\nts_sccm_release\sms\framework\tscore\resolvesource.cpp,3582)
TS::Utility::ResolveSource (pszPkgID, sPath, 0, hUserToken, mapNetworkAccess), HRESULT=800700a1 (e:\nts_sccm_release\sms\client\osdeployment\installsoftware\runcommandline.cpp,399)
cmd.Execute(pszPkgID,sProgramName, dwCmdLineExitCode), HRESULT=800700a1 (e:\nts_sccm_release\sms\client\osdeployment\installsoftware\main.cpp,372)
Failed to resolve the source for SMS PKGID=PS10098B, hr=0x800700a1
Install Software failed to run command line, hr=0x800700a1. The operating system reported error 2147942561: The specified path is invalid.

 

Build and Capture fails if KB3160005 IE sec cumulative update is installed


Update: Adding more scratch space to the boot wim seems to have resolved the problem on Windows 10, Windows 7 seems to still have issues.

Update: This update is also in Windows 10 CU 3163018, causing the same error. No workaround yet 

If your build and capture is failing at the capture step make sure you don't have the cumulative Security Update for IE11 KB3160005. It's somehow stopping the registry load part of the step.

The task sequence execution engine failed executing the action (Capture the Reference Machine) in the group (Capture the Reference Machine) with the error code 2147943850
Action output: ... software" into HKLM\OfflineRegistry1
RegLoadKey( oRegKeyHKLM, sRegKey, sRegHivPath), HRESULT=800705aa (e:\qfe\nts\sms\framework\osdcore\offlineregistry.cpp,68)
LoadHive( szPathBuffer, m_sRegKeySoftware, m_oRegKeySoftware ), HRESULT=800705aa (e:\qfe\nts\sms\framework\osdcore\offlineregistry.cpp,190)
m_oOfflineRegistry.Init(pszSystemRoot), HRESULT=800705aa (e:\qfe\nts\sms\framework\osdcore\offlineos.cpp,737)
rDefaultOs.initialize(sTargetSystemRoot), HRESULT=800705aa (e:\nts_sccm_release\sms\client\osdeployment\capturesystemimage\capturesystemimage.cpp,613)
VerifySystemForCapture(DefaultOs), HRESULT=800705aa (e:\nts_sccm_release\sms\client\osdeployment\capturesystemimage\capturesystemimage.cpp,859)
Finished with error code 0x800705AA
Failed to load "C:\WINDOWS\system32\config\software" (0x800705aa).
Failed to load the offline SOFTWARE registry (0x800705aa).
Failed to validate for capture. 
nsufficient system resources exist to complete the requested service. (Error: 800705AA; Source: Windows). The operating system reported error 2147943850: Insufficient system resources exist to complete the requested service.

 

Adding Admin Elevated websites to trusted sites/intranet/etc

admin portal shortcut

It's very easy to customize the trusted sites for users by using group policy preferences without locking the settings down however what about websites that need to be ran as a different user?

To work around this I created a simple C Sharp program that sets the registry before launching the site in IE

 

using System;
using System.Diagnostics;
using System.ComponentModel;
using Microsoft.Win32;


namespace ConsoleApplication1
{
    class Program
    {
        static void Main(string[] args)
        {
            Registry.SetValue(@"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\", "", ""); //Tree
            Registry.SetValue(@"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap", "", ""); //Branch
            Registry.SetValue(@"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains", "", ""); //Branch
            Registry.SetValue(@"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\happysccm.com", "", ""); //Branch
            Registry.SetValue(@"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\happysccm.com", "*", "1", RegistryValueKind.DWord); //Branch's value
            Process.Start("IExplore.exe", "http://portal.happysccm.com");
        }
    }
}

Zones:
Value Setting
------------------------------
0 My Computer
1 Local Intranet Zone
2 Trusted sites Zone
3 Internet Zone
4 Restricted Sites Zone

Create the Installer:

Compile the package and copy it to where you want it on the clients system. Then create a shortcut to the exe.

Copy the exe and shortcut to your network share.
Create an Install.bat:

xcopy.exe "Admin Portal.lnk" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\" /Y
xcopy.exe IDMAdmin.exe C:\ProgramData\IDMAdmin\ /Y

Deploy!

 

Microsoft Edge and Enterprise Mode

Microsoft really wants everyone to use it's shiny new browser, and I think everyone should. It is a completely new browser built for the modern web however there are limitations to building a browser just for the modern web mainly being legacy support of activex controls and Java so it's understandable that companies don't want Edge as the default browser however there is another way. The new Enterprise mode group policy lets companies decide what web pages will open in Internet Explorer instead. Ideally it would have been nice to have these sandboxed in an Internet Explorer tab however Microsoft wants the end user to know that this is what the organization has decided.

Setting up Edge Enterprise Mode

The first thing you need to do is download and install the Enterprise Mode Site List manager

https://www.microsoft.com/en-us/download/confirmation.aspx?id=42501

This is a simple tool that creates and versions a xml file that the client computer reads when launching the Edge Browser.

You can add and edit sites in this tool and then save as an XML File

Example adding ebay.com

enterprise mode for Edge

You can later turn off Open in IE once the business website is compatible with Edge.

Once you have made your list Click File > Save to XML

Now have a look at the xml file, it should look something like

 

<rules version="7">
<docMode />
<emie>
<domain exclude="true">ebay.com</domain>
<domain doNotTransition="true" exclude="false">cnet.com</domain>
</emie>
</rules>

This example sets eBay to load up in Internet Explorer and we have set cnet.com to now open in Edge from now on.

Once you are happy with your config it's time to test it as a group policy

The policy is Computer Configuration > Windows Components > Microsoft Edge > Configure the Enterprise Mode List

enterprise mode group policy

The value here can be

  • Drive Letter C:\EnterpriseMode.xml
  • Web URL http://localhost:8080/EnterpriseMode.xml
  • Network Share \\NetworkShare\EnterpriseMode.xml (I recommend placing this inside the group policy folder on Sysvol)

Alternatively you can also send all intranet sites to Internet Explorer using the group policy setting 'Send all intranet sites to Internet Explorer 11'

Testing

Using Edge browser enterprise mode