Configure Client remediation in ConfigMgr. 2012 to monitor only
When you install the ConfigMgr. 2012 client, you also get a scheduled Windows task that run daily health checks on the client, and if needed remediates the client. That is a great feature for most our clients, but maybe not a feature you want to implement on all clients. On some servers you might not allow uncontrolled software installations, even if it is an attempt to reinstall the client. To prevent the client from being remediated configure the NotifyOnly registry key from FALSE to TRUE in HKLM\Software\Microsoft\CCM\Ccmeval\NotifyOnly
When knowing the registry key and value, it’s easy to configure a CI (Configuration Item) and deploy that using the new Settings Management feature.
1. Navigate to the Assets and Compliance workspace and select Compliance Settings.
2. Select Configuration Items and click Create Configuration Item on the ribbon.
3. On the General page type a descriptive name like Disable automatic client remediation for the CI and click Next.
4. On the Supported Platforms page, click Next.
5. On the Settings page, click New.
6. You now have to choices: 1, specify all the registry values manually or 2 use a reference computer that has the settings you are looking for. To use option 2, click Browse.
7. In Computer name, type the name of the reference machine and click Connect.
8. Browse to HKLM\Software\Microsoft\CCM\Ccmeval and select the key NotifyOnly.
9. Select The registry value must exist on the client device and The registry value must satisfy the following rule if present: Equals TRUE
10. Click OK.
11. Select the Compliance Rules tab.
12. Select NotifyOnly Equals TRUE and click Edit.
13. Enable Remediate noncompliant Rules when supported and click OK.
14. Finish the wizard using the default settings.
15. Back in the Configuration Manager console, select Configuration Baselines and click Create Configuration Baseline on the Ribbon.
16. Type a name for the baseline like Disable automatic client remediation and click Add Configuration Items.
17. Select the Disable automatic client remediation CI and click OK.
18. Back in the console, select the Baseline and click Deploy in the Ribbon. In this example I’ll deploy the baseline to a collection called SRV Domain Controllers.
19. Enable Remediate noncompliant rules when supported.
20. Click Browse and select the SRV Domain Controllers collection.
21. Click OK to finish the deployment.
Hapy turkey holiday
MDT 2012 Beta2 - Configuring User Driven Installation (UDI) with ConfigMgr 2007/2012
By Johan Arwidmark
Microsoft MVP – Setup and Deployment
User Driven Installation (UDI) is a solution, based on ConfigMgr 2007/2012, to allow technicians and/or end-users select various deployment settings during an installation: Settings like language settings, Bitlocker settings or what applications to deploy. Shorthand story, it’s a deployment Frontend. But it’s not only that – UDI also comes with a designer that allows you as an administrator to design the frontend.
UDI version 2
In MDT 2012 Beta 2 you will find a completely rewritten version of UDI, a version where extensibility has been the major driver. The UDI Designer is all new, built from the ground up that supports all the features of version but a lot easier to manage.
Another big thing is that UDI is written for all major ConfigMgr 2007/2012 deployment scenarios – New Computer, Refresh and Replace. It is also the first UDI to support the Pre-staged Media feature that shipped with ConfigMgr 2007 R3.
The default sample Install Programs pane for the New Computer scenario
Using UDI in ConfigMgr 2007/2012
To use UDI you obviously need to install MDT 2012 Beta 2, and make sure to run the integration script (Configure ConfigMgr Integration) that extends the ConfigMgr 2007/2012 console with the additional MDT menus and task sequence templates. You also need to create at least one Task Sequence using any of the MDT templates so that the MDT 2012 Files package is created.
After doing that you can open the UDI Designer which you want on the start menu, in the Microsoft Deployment Toolkit node.
UDI Wizard Designer in the start menu
Configuring the UDI Designer
After starting the UDI designer, in order to add packages and applications to it, you need to configure the Site Settings with your Site Server Name and Site Code.
Site Settings in the UDI Designer
Please go to Johan's blog to continue read this article. MDT 2012 Beta 2 - Configuring User Driven Installation (UDI) with ConfigMgr 2007/2012
OS Deployment Pre-Planning tools you should consider to use. (Part 1 of 2)
Back in 1628
The disaster was a fact; the Kings' new ship sank on the maiden voyage, the reason? Basically it was bad planning, bad construction, and bad decisions. The ship was too high, had one cannon deck too many, too much cannons (like 500 or so). It was just one of those bad days, it sailed for about 1300 meters and then came out of lee, the sails was filled with wind and it heeled over to port, then once more and then the water started to rush in to the open gun ports and then it sank. Around 30 of the 150 in the crew died.
It was not a glorious day for the Swedish Navy.
You can avoid this disaster when it comes OS Deployment by using tools that are available from Microsoft for free and let us start with the most important tool:
Microsoft Assessment and Planning Toolkit
A starting point, MAP gives you the “what do I have and what options do I have”. I use this tool to create reports (it seems that business people have an easier understanding for pie charts and MAP can create those very nicely), get inventories, and get ideas. I call it an “illuminate-or”, since it illuminates the environment so that you then know what your options are. Below are some screenshots of the tool. There is new version of this toolkit soon to be released, it has some nice new/improved features, most of them related to the “cloud”.
There is very useful training kit, it contains a sample database so you can see how reports and pie charts would like in your or your customers environment. You can download it here
- Does not install any agent
- very light weight
- Works in almost any kind of environment
- A variety of different reports and inventory's
A Windows 7 readiness overview:
A Web application discovery:
A Web Browser discover (Normally it does not look as “clean” as this):
An Office 365 Discovery:
Infrastructure Planning and Design Guide’s
Hey, this is one really nice thing. This is not really White Papers, not really TechNet stuff, this. “Blue Prints”. That means that in these documents Microsoft have explain what technology works in what scenarios, for example, using Direct Access a solution for Contract Workers does not really work, there are other technology that works better. There are MANY documents and here is my list that I think you should read:
Windows Optimized Desktop Scenarios
So, this document helps to understand basically what features and functions that works in different environment and it helps to get a better understanding why most networks are a subject for improvement, you should read this.
Windows User State Virtualization.
Here is the document that describes how to deal with Offline Files, Roaming Profiles and Folder Redirection, you should know all this. But if you don’t know, download and read.
Application Compatibility Toolkit
Since applications tend to be one of the issues we need to take care of, ACT is one of the tools that could help you. It contains multiple applications. The one you normally start with is Microsoft Application Compatibility Manager. In this tool you can create an Inventory packet as an MSI file, distribute that and get data from all the machines back in a short while so you can see what apps you really have. You then use the tools as part of testing apps, planning what apps to test, create reports of applications. You can use a connector between SCCM and ACT to make it even better and here is how it looks:
The one and only (that I know of) that could call himself “King of ACT” is Chris Jackson. If you in any way are responsible for the application to work in the new OS, you should listen to him, very carefully. Check out his blog
Note: If you install ACT 5.6, Chris has done a really horrible application for you to “fix”, it is called Stock viewer. To make it work in Windows 7, just follow the instructions in the self-paced training material that is included in ACT.
And hey, don’t start testing applications BEFORE you have read this very carefully, ok?
Chris Jackson’s Formula (for When to Test For Application Compatibility)
Security Compliance Manager
I have no clue on how many times people have asked me “-How do you secure a Windows 7 client", is there any Whitepaper?”
With SCM you can create security policy's based on different templates that is provided by Microsoft (for now), you can then tweak them using the built help that explain all the settings and then you “lock” it, export it as a GPO, import that in to AD (or apply it locally) and then import the DCM file into SCCM to verify those settings, a neat little toolkit that just have been upgraded to version 2
Internet Explorer Administration Kit (IEAK)
This tool is new for IE9, but has been around for other versions of IE. If possible you should use this tool. It will give you the capability to customize IE pretty much exactly the way you would like it to be. It is easy to use and gives you so much flexibility in IE. The wizard will download the files for IE needed and then you run the Wizard, make all selections and when you are done you have one .EXE file and one .MSI file for the version you just configured, you need one for x86 and x64 for you just run it twice to create two folders, one for x86 and one for x64
There are “some” features to configure. J
Some of the settings you might never seen
This customer wanted me to change the default search provider to another vendor…
Next time I’ll cover the other tools.
Technorati Tags: OS Deployment,Windows 7,MAP,ACT,SCM
Office Integration Module
Microsoft has finally released the long awaited add-in to integrate Office 365 with Small Business Server Essentials for beta testing. The add-in is called Office Integration Module and is available for download from Microsoft Connect.
This is how you can start testing:
Verify that your SBS 2011 Essentials server is updated with Update Rollup 1
Download Office integration Module from Microsoft Connect.
To install Office integration module, run the downloaded file and restart the server.
Start the SBS Console and click the link Set up Microsoft Office 365 Integration
Check the “I already have a subscription for Office 365” checkbox if you have already bought Office 365. If you do not check it the guide will give you the possibility to eighter buy a subscription or create a trial account.
Enter your Office 365 login credentials and you are up and running.
We will start by looking at the section Office 365 in the console
Here we can see information about our Office 365 subscription. We can see which licenses we have bought, how many we are using. We can also see which domains we have registered.
The idea behind the Office Integration Module is to be able to manage our SBS 2011 Essentials users and their Office 365 properties from one place. So we start by creating a new user.
In the Users tab we click on Add User Account. We enter what we are used to and continue the guide until we get to the page Assign an Office 365 Account
Here we are able to create an Office 365 account for the new user. If we already have an Office 365 account, we can assign it to the new user. When we have created the account we can continue through the guide as usual.
The Office Integration Module has now helped us create a mailbox in Office 365 for our SBS 2011 Essentials user.
We can also use the console to assign or create an Office 365 account for an existing user. If we open the properties page for a user there is now an extra tab where we can handle the users Office 365 properties. Office Integration Module will also add links to Remote Web Access, making it easier for your users to find their way to Office 365.
As I wrote in the beginning, this is a very awaited add-in for Small Business Server 2011 Essentials which makes the administration of Office 365 much easier for SMB customers.
Make your Microsoft TechNet signature look real nice!
By Michael Petersen: http://blog.coretech.dk/mip
Microsoft MCC – Deployment
For everyone posting and answering questions on the Microsoft TechNet forums, you might know that you can add a signature to you profile which will then be added to your Question/reply/answer.
This is a nice feature, as you are then able to tell “the world” about yourself, every time you poste something.
Now if we look at my dear Boss, Kent Agerlund’s signature, you will see that it’s actually quite nice. Simple yet informative!
One thing you might notice though is the lack of hyperlinks to Blogs, Twitter and Linkedin. It also does not stand out from the text in the answer.
Now if you look at mine, you will notice that all links are highlighted, meaning they are hyperlinks, and all text is in bold character, making it stand out from the answer text.
So how is this achieved?
Quiet simple actually. Just open you Settings and type in the HTML syntax to support this in your signature field.
<b>Your Name | My blogs: <a href=http://blog1.com>Blog1 display name</a> and
<a href=http://blog2>Blog2 display name</a> | Twitter: <a href=https://twitter.com>
@Twitter</a> | Linkedin: <a href=http://www.linkedin.com>Your Name</a></b>
The text in BLUE should be replaced with links to the actual places, and the text in BOLD should be replaced with what you want to show in the hyperlink.
You could add other stuff like font size, line breaks, color etc. That’s all up to you!
Happy signature makeover!!