Microsoft 365 Enterprise Tech Series – Enterprise Deployment & Management Technical Workshop L300

Microsoft 365 Enterprise Tech Series – Enterprise Deployment & Management Technical Workshop L300

November 30-December 1, 2017 | Auckland, New Zealand

A 2-day Training on the Complete, Intelligent, Secure Solution that Empowers Employees

What is Microsoft 365 Enterprise Tech Series?

Microsoft 365 is a complete, intelligent solution, including Office 365, Windows 10, and Enterprise Mobility + Security, that empowers everyone to be creative and work together, securely. The Enterprise Tech Series will help empower your team, safeguard your business, and simplify IT management with a single solution, purpose-built for your business

What to Expect from Training:

Understand the Microsoft 365 Vision
Dive into Modern IT Deployment
Learn about Traditional IT Transformation
Feel equipped to fully manage Microsoft 365 environments

Advertisements

Windows 10 – Switch from BIOS-to-UEFI Webinar

If you’re planning your Windows 10 migration, the switch from BIOS-to-UEFI is a hugely important piece of the puzzle.

Unless all your Windows machines are configured to UEFI, your organization cannot take advantage of the special Windows 10 security features. Microsoft’s ‘MBR2GPT’ tool still only gets you part of the way there.

This webinar was hosted live from Redmond by Microsoft MVP Jörgen Nilsson and Jim Bezdan, will ensure you know how to complete the BIOS-to-UEFI process fully, securely and automatically.

The full webinar recording can be viewed here: https://www.1e.com/on-demand-webinar/automate-bios-to-uefi-2018-edition/

Windows 7 Pre-Provision Bitlocker Not Working

After updating Configuration Manager 2012 R2 and adding the Windows 10 ADK, task sequences will no longer pre-provision BitLocker

Reason:

With WinPE 10 it uses the AES-CBC 128-bit encryption method.

Solution:

Add the following Run Command Line steps after Format and Partition and before Pre-provision BitLocker.

  1.  Set EncryptionMethodWithXtsFdv – reg add HKLM\SOFTWARE\Policies\Microsoft\FVE /t REG_DWORD /v EncryptionMethodWithXtsFdv /d 3 /f
  2. Set EncryptionMethodWithXtsOs – reg add HKLM\SOFTWARE\Policies\Microsoft\FVE /t REG_DWORD /v EncryptionMethodWithXtsOs /d 3 /f
  3. Set EncryptionMethodWithXtsRdv – reg add HKLM\SOFTWARE\Policies\Microsoft\FVE /t REG_DWORD /v EncryptionMethodWithXtsRdv /d 3 /f

Available Encryption Methods in WinPE 10

  1. Value Data: 3 (Description: AES-CBC 128-bit)
  2. Value Data: 4 (Description: AES-CBC 256-bit)
  3. Value Data: 6 (Description: XTS-AES 128 bit)
  4. Value Data: 7 (Description: XTS-AES 256-bit)

CScript Error: Can’t find script engine “VBScript” for script

During a OSD task sequence in Configuration Manager, we ran into an error with a VBS script that has worked previously.

The error in the SMSTS.LOG file was: CScript Error: Can’t find script engine “VBScript” for script

The problem appears to be caused by a changed registry value: HKEY_LOCAL_MACHINE\Software\Microsoft\COM3\REGDBVersion

After some searching on the internet the solution was to add the modify the REGDBVersion to a value of hex:01,00,00

Add to task sequence via a Command Line: REG ADD HKLM\Software\Microsoft\COM3 /v REGDBVersion /t REG_BINARY /d 010000 /f

Profit!

best practices

Some light reading for the bus ride home:

Download Whitepaper on Top 10 Best Practices on Windows 10 OSD with SCCM ConfigMgr

Configuration Manager 2012 adding Custom Security Role – Importing Computers

Great post by John Vintzel (ExEDS GM Account) on adding a cust Security Role into Configuration Manager. By default there is no built-in security role (apart from Full Administrator) to import devices into CM.

Here are the steps required:

  1. Create XML file with the code at the bottom of the page
  2. Navigate to Administration > Security > Security Roles in the CM Console
  3. Select Import Security Role from the ribbon
  4. Browse to the XML, click OK
  5. You will now see a new custom security role ‘Computer Import Manager’

XML Code:

<SMS_Roles>
<SMS_Role CopiedFromID=”SMS00001″ RoleName=”Import Computer Role” RoleDescription=”Add this role to an administrative user. Associate this security role specifically with All Systems.”>
<Operations>
<Operation GrantedOperations=”129″ ObjectTypeID=”1″ />
<Operation GrantedOperations=”524289″ ObjectTypeID=”6″ />
</Operations>
</SMS_Role>
</SMS_Roles>

https://blogs.technet.microsoft.com/inside_osd/2012/04/30/custom-role-based-administration-for-importing-computers/

Configuration Manager 2012 Version and Build Numbers

Configuration Manager 2012 version numbers, build numbers and cumulative updates since the SCCM 2012 RTM release.

Get the version number:

  1. Open the Configuration Manager console
  2. Browse to Administration, Site Configuration then Sites
  3. Right-click on the site and select Properties
  4. The site version and build number are shown
Release Version Build Download Link
SCCM 2012 RTM 5.00.7711.0000 7711 N/A
SCCM 2012 RTM – CU1 5.00.7711.0200 7711 KB2717295
SCCM 2012 RTM – CU2 5.00.7711.0301 7711 KB2780664
SCCM 2012 SP1 5.00.7804.1000 7804 N/A
SCCM 2012 SP1 – CU1 5.00.7804.1202 7804 KB2817245
SCCM 2012 SP1 – CU2 5.00.7804.1300 7804 KB2854009
SCCM 2012 SP1 – CU3 5.00.7804.1400 7804 KB2882125
SCCM 2012 SP1 – CU4 5.00.7804.1500 7804 KB2922875
SCCM 2012 SP1 – CU5 5.00.7804.1600 7804 KB2978017
SCCM 2012 R2 5.00.7958.1000 7958 N/A
SCCM 2012 R2 – CU1 5.00.7958.1203 7958 KB2938441
SCCM 2012 R2 – CU2 5.00.7958.1303 7958 KB2970177
SCCM 2012 R2 – CU3 5.00.7958.1401 7958 KB2994331
SCCM 2012 R2 – CU4 5.00.7958.1501 7958 KB3026739
SCCM 2012 R2 – CU5 5.00.7958.1604 7958 KB3054451
SCCM 2012 R2 SP1 5.00.8239.1000 8239 N/A
SCCM 2012 R2 SP1 – CU1 5.00.8239.1203 8239 KB3074857
SCCM 2012 R2 SP1 – CU2 5.00.8239.1301 8239 KB3100144
SCCM 2012 R2 SP1 – CU3 5.00.8239.1403 8239 KB3135680
SCCM 1511 5.00.8325.1000 8325 N/A
SCCM 1602 5.00.8355.1000 8355 N/A

 

Windows Preinstallation Environment Version and Associated OS Version

WinPE Windows Windows Version Notes
1.0 Windows XP 5.1.2600.x First version of WinPE.
1.1 Windows XP SP1 5.1.2600.x
1.2 Windows Server 2003 5.2.3790.x
1.5 Windows XP SP2 5.1.2600.x Windows PE 2004.
1.6 Windows Server 2003 SP1 5.2.3790.x Windows PE 2005.
2.0 Windows Vista 6.0.6000.x
2.1 Windows Server 2008 6.0.6001.x
2.2 Windows Server 2008 SP2 6.0.6002.x
3.0 Windows 7 6.1.7600.x Windows AIK 2.0.
3.1 Windows 7 SP1 6.1.7601.x Windows AIK Supplement for Windows 7 SP1.
4.0 Windows 8 6.2.9200.x Windows ADK (Windows Kits 8.0).
5.0 Windows 8.1 6.3.9300.x Windows ADK (Windows Kits 8.1).
5.1 Windows 8.1 Update 1 6.3.9600.x Windows ADK (Windows Kits 8.1 Update).
10.0 Windows 10 10.0.10240.16384 Windows ADK (Windows Kits 10.0)

Re: Install Application Step fails in Task Sequence

Great blog post about a similar issue we were having in production.

Instances where application will not install after a reboot. Even when the logs say they installed correctly. We found this was more likely to happen on devices with SSD compared to SATA drives.

Looks like a know bug, but nothing a sleep command can solve: http://www.bctechnet.com/install-application-step-fails-in-task-sequence/

Windows Tech Series – Windows 10 Deployment & Management

Just completed the three day course on Windows 10 Deployment and Management @ Auldhouse.

Windows 10 Deployment & Management

Perform an in-place upgrade from Windows 7

Go through configuring System Center 2012 R2 Configuration Manager SP1 to perform in-place upgrade and deploy the task sequence to a Windows 7 machine. At the end of this activity, the Windows 7 machine will be upgrade to Windows 10.

Windows 10 Provisioning

Use the Imaging and Configuration Designer to create and install provisioning packages.

Build and Capture a Reference System Image

Go through the process of configuring and creating a Windows 10 image using Microsoft Deployment Toolkit (MDT).

Prepare a Windows 10 Lite Touch Deployment

This activity will import the reference Windows 10 image created from the previous section and configure a task sequence for Lite Touch deployment with MDT. At the end of this activity, you would have completed configuring the image deployment task sequence.

Windows 10 Zero Touch Deployment

This activity describes how to configure Configuration Manager for operating system deployment.

Managing Windows 10 with Configuration Manager

Device Package Deployment – Create a device collection, add a device to the collection, add an application package to System Center 2012 R2 Configuration Manager SP1 and deploy the application to a device.

User Application Deployment – Create a user in Active Directory, add an application to System Center 2012 R2 Configuration Manager SP1 and deploy the application to that user.

Windows 10 Browsers

Show some common compatibility issues found while migrating existing web applications from IE8 to IE11. It demonstrates the tools and techniques to remediate these common issues. This lab is designed for developers and discusses ways to resolve the compatibility issues by updating the application code as it is the best long term solution to make you applications standards compliant and ensure compatibility with modern browsers.

Example: User Agent String Detection Issue, Box Model, Popup Blocker, className Attribute, GetElementByID, Z Index Default Value, Content Centering, ActiveX Controls.

Device Guard

Learn how to configure and deploy Code Integrity policies, sign and deploy application catalogue files and enable Device Guard in an enterprise.