CIS sets the Network access: Remotely accessible registry paths group policy. Adjust to include SOFTWARE\Microsoft\SMS

ie;
System\CurrentControlSet\Control\ProductOptions, System\CurrentControlSet\Control\Server Applications, Software\Microsoft\Windows NT\CurrentVersion, SOFTWARE\Microsoft\SMS

My VMs flood the network when PXE boots. Not sure of why, but to keep security happy I have removed the network boot via powershell.

Currently Software Center will use WMI to query all available software for the computer, then it will ask the management point for user assigned apps.

If your computer is a bit slow/old the wait time checking WMI can be painful. You can check this on the client log SCNotify_MONASH@%username%_1.log

Please vote for my Uservoice - https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/39082435-speed-up-software-centre-searches-by-returning-use

If your SQL is slow you have another problem.. You can check this on the MP UserService.log - Search for GetFilteredApplications.

SQL Fixes:
Set the right compatibility level - https://support.microsoft.com/en-au/help/3196320/sql-query-times-out-or-console-slow-on-certain-configuration-manager-d

Reindex right - https://www.scconfigmgr.com/2017/01/03/configuration-manager-sql-database-maintenance/

If you get this error try adding this command line to your task sequence

cmd.exe /c Wpeutil disablefirewall

let me know if this workaround helps.

When I see 'Failed to run Task Sequence - This task sequence cannot be run because the program files for XXXXXXX cannot be locataed on a distribution point'

I go to Monitoring \ Distribution Status \ Content Status. It's the quickest way to search all package objects. Today the search came up with no results.

I exported the task sequence to make sense of it, found the ID in a section about OSDSubTaskSequenceTsReferencePackages -

<variable name="OSDSubTasksequenceTsReferenceApplications" property="TsReferenceApplications"></variable>

<variable name="OSDSubTasksequenceTsReferencePackages" property="TsReferencePackages">ZZZ00019,ZZZ0001F,ZZZ00020,ZZZ00024</variable></defaultVarList></subtasksequence>

What happened was someone removed a driver package and deleted it. The main task sequence still referenced it. To fix I modified the main task sequence, so it kicked off new policies.

Office 2019 now uses click-to-run technology instead of 'setup /admin' there are a few changes, probably for the best in the long run.

Create Config Files

First you need to download to Office Deployment tool

This is a self extracting file that spits out setup.exe and 2 sample config files - one for 32-bit and one for 64-bit.
Edit the edition you want to download. If you want the Volume License version change the Product ID to 'ProPlus2019Volume'

You don't need to add Visio or Project as they are also downloaded.

Save the file and run 'setup.exe /download configuration-Office365-x64.xml'.
This will run in the background and download into a subfolder - Office.

Now you have the files you can make configurations using these resources
https://config.office.com/ - Spits out config files for Office 365 - At time of writing it isn't made for 2019 yet but should work ok.
https://docs.microsoft.com/en-gb/DeployOffice/office2019/deploy - Documentation on customising the confiuration files.

If you want a head start I've made config files for Office, Project and Visio - Download 

Example - Office 32-Bit, exclude OneDrive and Skype, accept EULA, Silent install, some customisations from Config.office.com

Test

To test your config files run setup.exe with the configure switch

setup.exe /configure configuration-OfficeProPlus-x86.xml

Deploy

Create an application in SCCM - with your files.
Deployment type - Script Installer

For Detection Methods:

Office - 32-Bit: %ProgramFiles(x86)%\Microsoft Office\root\Office16\Winword.exe
Office - 64-Bit: %ProgramFiles%\Microsoft Office\root\Office16\WINWORD.EXE

Project - 32-Bit: %programfiles(x86)%\Microsoft Office\root\Office16\WINPROJ.EXE
Project - 64-Bit: %ProgramFiles%\Microsoft Office\root\Office16\WINPROJ.EXE

Visio -  - 32-Bit: %programfiles(x86)%\Microsoft Office\root\Office16\VISIO.EXE
Project - 64-Bit: %ProgramFiles%\Microsoft Office\root\Office16\VISIO.EXE

KMS

Download the Volume license app http://www.microsoft.com/downloads/details.aspx?FamilyID=878fef7e-3f4d-4d22-a423-f447c0f5bfdd
On the KMS server run the exe.

Follow the Wizard Prompts

Get your Office 2019 KMS Key from your Key Holder

Don't Click Commit! Click Cancel as you already have this configured

In an environment where you use certificates this can happen.

CLientIDManagerStartup.log will mention

Regtask: Failed to refresh MP. Error: 0x80004005

alot of times...

Below I have the 2 fixes!

Fix 1 is to take advantage of the TS Variable SMSTSPostAction to restart the computer once completed
with the value 'shutdown /r /t 0 /f'

This should ensure the cert is requested.

Fix 2:

From testing - after Fix 1 you may need to re-start the SCCM agent.
To do this create a scheduled task that runs on start-up

Program: Powershell

Arguments: -Command "& {start-sleep 120; restart-service ccmexec; Unregister-ScheduledTask -TaskName 'Restart SCCM Initial boot' -Confirm:$false;}"

Run whether or not user is logged on.

Export the scheduled task as 'RestartSCCM.xml' and create a package and command line to run at the end of OSD

SCHTASKS.exe /CREATE /RU system /XML "RestartSCCM.xml" /TN "Restart SCCM Initial boot"

Happy deploying!

SCCM will mark a computer inactive if none of the activity checks happen

• Client policy request
• Heartbeat discovery
• Hardware Inventory
• Software Inventory
• Status messages sent

See technet

The default settings are 7 days for each of these settings which can be fine for a lot of businesses. If there are many devices that don't often connect to the network if may look as if there is more client health issues than there really is. To get an idea of how many devices have been on the network within x amount of days you can run the following query in the SQL Management Studio:

This uses LastOnline (Connected to AD) to get a list of the last 7 days. Then all you need to do is modify the 7 in the query to higher values to get a number that represents a higher percentage of your fleet contacting the AD. It could be 14 days, 30 days.

This will change depending on VPN usage, Direct Access. Once you enable the Cloud Management Gateway this setting will need to be tweaked again not using this data as clients will request policy from the internet.

To configure these settings:

1. In the Monitoring workspace, click Client Status, then, in the Home tab, in the Client Status group, click Client Status Settings.

    

SCCM Component manager is a quick way to start/stop/pause SCCM components that you would normally control using the Service Manager.

The reason the Service manager is so slow is because it has to connect to every site system's registry and gather information. SCCM Component manager only connects to the server that you select so it is much quicker. It does however require WinRM to be enabled as it uses it to run powershell commands on remote servers.

You can run the tool on it's own or you can enable some right click tools action.

To do this extract to C:\ then copy the two guid folders to C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\XmlStorage\Extensions\Actions

I made the tool mainly to learn about powershell GUI creation,  if @nowmicro would like to add it to right click tools, feel free to re-brand, polish and do as you would like

Download

If you want to learn about powershell gui creation please visit  Foxdeploy.com