Managing Approval Requests in ConfigMgr 2012

by

This week I want to devote a post to managing Approval Requests in ConfigMgr 2012. I’m not going to discuss whether the current model works, or not, I’m just going to say that in general it won’t work. The reason for that is simple, because it’s just one big list for everyone and every single Approval Request. To fill a small gap here, there is the Application Approval Workflow (solution accelerator), but for that also System Center 2012 – Service Manager and – Orchestrator are required. This just doesn’t fill the gap for everyone and/ or every company. So where does this leave us? Approval Manager Instead of complaining about all this, something that’s in a humans’ nature to do, we can also look at …

Read more

Deployment of Configuration Baseline failed with error ‘Script is not signed’ in ConfigMgr 2012

by

This week my post will still be a small one, as my time is still limited during the move to our new home. In between I was still doing some work and trying to find a subject for a presentation/ demo. During that I was working with the Configuration Baseline of UE-V. That baseline is completely based on one Configuration Item, which consists of eight script setting types and those scripts are all written in PowerShell. The deployment of the baseline resulted in error 0x87D00327, which translates to ‘Script is not signed’ (see picture). Solution In most cases it’s not possible, or allowed, to change the execution policy for PowerShell on the system. So just let the ConfigMgr client “manage it” and then the solution …

Read more

Preventing initiation of available deployments on specific systems with ConfigMgr 2012

by

This week I want to devote a small post to a question that I read on windows-noob.com. The question came to the point whether, or not, it is possible to deploy applications via a task sequence, but only allow administrators to actually run it. This question triggered me to look a bit better into the different Client Settings and then specifically the setting of Install permissions. This setting gives us the possibility to prevent the initiation of available deployments via the Software Center and the Application Catalog on specific systems. So in this post I will show that setting by only allowing administrators to initiate available deployments. Configuration Now lets start with the configuration, which is actually very easy, but like always it’s all about …

Read more

Troubleshooting Windows app package deployment on Windows 8 with ConfigMgr 2012

by

This week I was planning on doing a post about deploying a Windows app package (.appx) on Windows 8, until I saw that Keith Mayer already just posted a Step-by-Step for that. As that post is, from a ConfigMgr perspective, already very complete, I changed, from my original plan, to troubleshooting the deployment of a Windows app package (.appx) on Windows 8. The deployment of a Windows app package (.appx) on Windows 8 requires two specific settings and in this post I will describe those settings and the errors that will appear when these settings are forgotten. Import the root certificate as a Trusted Root Certification Authority The first setting is that the app package has to be signed with a certificate chain that can …

Read more

Quickly catch Active Directory Group Membership changes in ConfigMgr 2012

by

This week my post will be about catching Active Directory Group Membership changes. I choose this subject, because I still see and get questions about how long does it take before a group membership change is active in a collection. The short answer would be, based on default settings, between 1 till 10 minutes. In the rest of this post I will show a longer answer on why it’s like that. The main reasons are that the Delta Discovery and the Incremental Updates are working now. Configuration The most important part to quickly catch Active Directory Group Membership changes, is a good configuration. For that two configurations are very important, the Active Directory Group Discovery and the collection settings. To show how, and how fast, …

Read more

Working with the restart behavior of Applications in ConfigMgr 2012

by

This week I will do a small post about working with the restart behavior of installations in combination with the Application Model in ConfigMgr 2012. In previous versions there was sometimes a need to use a batch file to catch some weird installation return codes. The nice thing about ConfigMgr 2012 is that it gives us a possibility to specify those return codes and to react on it. In the rest of this post I will show in three steps how to configure ConfigMgr 2012 to work with return (restart) codes. Step 1: Return codes The first thing I always do is running the installation of an application a few times and see which return codes it gives me. Based on those experiences I create, …

Read more

Using Client Push Installation on UNTRUSTED FOREST systems with ConfigMgr 2012

by

Last week my post was about using the Client Push Installation on WORKGROUP systems and this week my post will be a sort of follow-up on that. This week my post will be about using the Client Push Installation on UNTRUSTED FOREST systems. The method of last week will also work on UNTRUSTED FOREST systems, but the nice thing about ConfigMgr 2012 is that there are now better options for UNTRUSTED FOREST systems! The systems and domain(s) of the UNTRUSTED FOREST can be discovered AND to make it even better, it is even possible to write information to the Active Directory! Prerequisites Before it is possible to use the Client Push Installation on UNTRUSTED FOREST systems, there are a few things to keep in mind. …

Read more

Using Client Push Installation on WORKGROUP systems with ConfigMgr 2012

by

This week my post will be about using the Client Push Installation on WORKGROUP systems. We all know that a manual installation will work on WORKGROUP systems, but wouldn’t it be easier to just use the Client Push Installation? In my opinion the answer would be, YES! And as long as the WORKGROUP systems are configured the same, the configuration is actually quite easy. Prerequisites Before it is possible to use the Client Push Installation on WORKGROUP systems, there are a few things to keep in mind. The following points are a prerequisite and are not further explained in this post: The FQDN of the Management Point system can be resolved on the WORKGROUP system. The Network Discovery is enabled to find the WORKGROUP systems. …

Read more

Deploying Windows 8 and Customizing the Lock Screen with ConfigMgr 2012

by

This week my post will be about the deployment of Windows 8 and then with a customized lock screen. One of the main complaints about a customized deployment of Windows 8 was that it wasn’t possible to set a customized lock screen without using unsupported methods of “hacking” file permissions and replacing the pictures. This has changed since the cumulative update of November for Windows 8 (see also here). One of the nice adjustments with this cumulative update is that it enables enterprise customers to customize the default lock screen. This setting is introduced as a Group Policy –setting, named Force a specific default lock screen image. In this post I’m not going to use the Group Policy –setting, but only the corresponding registry value …

Read more

Deploying Windows 8 including Optional Windows Features with ConfigMgr 2012

by

This week my post will be about the deployment about the deployment of Windows 8 and then including optional Windows features. I already did a post like this about Windows Server 2012, and the methods are similar, but I’m still getting, and seeing, lots of questions about how it works for Windows 8. So what I really want to show in this post are the different options for deploying Windows 8 including some random Optional Windows Feature(s). The three most used options for this are DISM, Powershell and MDT. Well, actually, to be really correct, there is only one option to install Features in Windows 8 and that’s DISM. Both, Powershell and MDT are just different methods for calling DISM actions. In the rest of …

Read more