Skip to main content

Written by Brian Mason.

MNSCUG June 2016 Meeting Notes

Fred took these notes

Notes from Kent's session:

  • The server needs access to specific internet sites in order to get the 1602 upgrade.
  • Make sure to preserve the account that was used to install 1511 / 1602.

 

Always enable cleanup in software updates.  No reason kent can think of to not enable this.

You can do multiple deployments for a software update group in 1606.  This is new and cool.

The ADR cannot create "available" deployments.

You cannot control the naming standards for the deployments.  Some community tools can do this.

Coretech Update Manager

Community Tools - Clean software update group.

Created by nikolaj from Sweden.

 

"clear server group deployment locks" - This is useful when defining server groups / cluster options (starts with 1606 and what you see in 1602 doesn't work yet).

There are new software updates dashboards that are better, but not perfect.  STILL CANT GO TO THE DEVICES THAT ARE NON COMPLIANT. 

 

Content Handling -

This only works in PE.

You need a client and host.  The host shares the content and is configured by a custom client settings.

"Client Cache Settings"

The smscache settings can be configured here.  (cool)

There is a new task sequence step called "download package content".  This does not work for applications currently.

FYI - driver packages are antiquated.  Stop using them.

DISM step, create a normal package with the drivers (unc to the location) and DISM.exe /Image:%OSDisk%\ /Add-Driver /Driver:.\ /Recurse

You can tell a collection to use the peer cache via collection variable.

SMSTSPeerDownload and SMSTSPreserveContent - these should be set on the client.  The host automatically broadcasts its availability.

 

Windows 10 Servicing -

Deploying an update and deploying an upgrade are the same thing.

Servicing plans - nice try, no dice.  "It kind of works"

Use the upgrade task sequence instead

i.e. download the latest win10 iso from your volume licensing site, import the entire thing as an upgrade image and deploy it via task sequence.

Use WOL to help mitigate the time required to deploy windows 10 servicing options.  (i.e. do it in the middle of the night)

 

Windows 10 Management -

Windows 10 ATP - this is for post breach issues.  It will phone home with status?

There is a windows defender ATP node in Cm1606.  It shows what devices are enrolled in ATP. 

You can create a window defender atp policy

You can on board or off board devices.

You need a configuration file for this.  This comes from the security guy.
This could be useful for things beyond security.  Lots of logging done here.

This will be built into windows 10 redstone and cannot be disabled.  Devices can be off boarded though.

You can have Application Management policies for desktop applications now.  (i.e. excel)

This requires Redstone currently. i.e. it doenst work yet.

This can tie into Azure Rights Management.  i.e. ARM can now be managed by ConfigMgr.

 

Hackathon -

The online \ offline status of clients in the console is a direct result of the hackathon.

Powershell inline as a task sequence step and task sequence revisions.

Where is the revision data stored?  GITHUB!?

User UserVoice.  It is the best channel available for getting your feedback to the product.

 

 

Jason Sandys -

Data Collection

ConfigMgrDB != CMDB

CMDB is meant for years of data.  ConfigMgr is meant for months of data.  (this is a huge difference)

More data doenst help you manage the system better.

If you are not going the use the data, why are you storing it?

Don’t add external data to your ConfigMgr database, make your reports pull from multiple databases.

If you cant manage it, don’t put it into COnfigMgr.  Also, don’t put performance metrics into the database.  There isnt much value gained from storing this information in ConfigMgr.

You can pull data from WMI, Registry, EventLog(be careful, you can bloat your DB quickly), and scripting.

Good God, use PowerShell. 

 

When storing custom things in WMI, use a custom name space.  This allows for flexibility if you have have to delete it, etc.

When you delete a class from being inventoried in hardware data, it will delete the data as well. (this is new in 2012)

Do you have a test environment?  If not, you actually do, its called production.

You can have select statements / filters defined in custom mof files.  This is useful for inventorying just a subset of data form a wmiclass.  i.e. only eventlogs with a specific ID.

i.e. you can create a WMI class that is a view of another WMI class.

Backup your configuratoin.mof you are you modifying it.  It could be replaced during upgrades.

You can create a WMI class to gather Registry data. (using regkey to mof)

Add archive_reports.sms to c:\windows\ccm\inventory\temp will maintain the XML files that are sent to the server.  You can view these to see what data was sent to the MP.  The XML files will reside in the c:\windows\ccm\inventory\temp as well and will have [guid].xml as the filename.

You should be using the Configuration Manager Service Center for troubleshooting client information.

Cant PXE boot to systems created with a custom DDR.  (this is a big deal)

  • Created on .