Peter van der Woude

I’m Peter van der Woude, born In 1983 and I’m living together with my wife and two sons in the Netherlands. Currently I work for KPN ICT Consulting. At this moment my main focus is Enterprise Client Management via Microsoft Intune and/ or System Center Configuration Manager (ConfigMgr 2007/ 2012/ CB) and I love it! Since July 2015 I’m awarded with the Microsoft MVP award for Enterprise Mobility. Really proud and honored to have this award.

Verify SSL Configurations of Site Roles via Compliance Settings in ConfigMgr 2012

by

This will be a short blog post about the locations in the registry where the SSL configurations are stored for the different site roles. This can be very useful in larger environments, with many sites, site systems and multiple administrators. These registry keys can be used as Configuration Items in a Configuration Baseline. This makes it easier to keep track of the SSL configuration of the environment. Registry Before providing the different locations, I think it’s good to note that the most site roles simply use 0 or 1 as values for a SSL configuration. Exceptions on this are the management point and the distribution point. These site roles can have different values based on the connection configuration (intranet and Internet, intranet-only, Internet-only) and CRL …

Read more

Unexpected results: Use role based administration to provide different access to specific applications in ConfigMgr 2012

by

This time I want to address a specific scenario around role based administration. This scenario will be focused on providing different levels of access, for a user, on different applications. I’ve seen this question on different forums over the last year(s) and also had this same question with a customer recently. Scenario This scenario is about a enterprise customer that uses ConfigMgr for managing their laptops. Nothing special, so far, not even the fact that they have around 100k laptops spread over the globe. What makes this customer special is the fact that they have a global IT department and a local IT department per country. The global IT department is responsible for making the generic applications available and the local IT department is responsible …

Read more

Quickly get an overview of the client agent times in ConfigMgr 2012

by

This time it will be a really short blog post, about showing the client agents and their times. Normally, to see the times of the different client agents it’s necessary to look at the properties of a device, but that’s really time consuming for multiple devices. Also, these agents and their times are shown in two different rows as two different arrays. The only one that can be shown in the console is the Heartbeat Discovery. This should be possible in an easier way and also providing a better overview. Script Actually, this is pretty easy to do in PowerShell. The following PowerShell function gets a list of all devices within ConfigMgr, After that it will loop through all the devices and per device loop …

Read more

How to install clients on Linux computers, when the Site Roles require HTTPS communication in ConfigMgr 2012

by

About four years ago I did a post about installing the ConfigMgr client on a WORKGROUP computer, when the ConfigMgr Site is in Native Mode. On the certificate side of it, this post will have a lot of similarities with that post. Installing a ConfigMgr client on a Linux computer is a nice challenge, when the ConfigMgr site is configured to require HTTPS. I think I am not the only one working with ConfigMgr and only uses a little tiny bit of Linux. So to make this process for everyone a bit easier I wrote down these four steps for implementing the correct certificates and installing the ConfigMgr client on a Linux computer. Of course these same certificate configuration steps can also be used for …

Read more

Change device ownership – The journey through log files, WMI and PowerShell of ConfigMgr 2012

by

Last week I’ve got the question about how to quickly change the device owner of all mobile devices. This question was based on the fact that by default the device owner is set to Personal and that default value cannot be changed. The Configuration Manager console answer is easy, select the devices, right-click and select Change Ownership.  But now the real question(s), how does this work and is this scriptable? This blog post will contain my small journey through the SMSProv.log, WMI, PowerShell and TechNet for an answer. PowerShell part I – Change Ownership After a quick browse through the cmdlet referent on TechNet, I noticed that this should be very easy to achieve via PowerShell. There is a cmdlet available Set-CMDeviceOwnership that does exactly …

Read more

Add Update Content to a Deployment Package via PowerShell in ConfigMgr 2012

by

Last week I read a forum question about downloading updates in a software update group. I thought that I could create an easy example, but it wasn’t all as easy as I thought it would. As there is no cmdlet available that performs this specific action, I went back to WMI. In WMI there is a method AddUpdateContent in the SMS_SoftwareUpdatesPackage that should do the trick. After playing around with it for a while I noticed that this method is not as straight-forward as it looks. The method The main problem I had with this method, was the documentation, or better, the lack of documentation. The SDK only contains a very old example that also doesn’t seem to use the right order for the parameters. …

Read more

Verify local administrators via PowerShell and Compliance Settings in ConfigMgr 2012

by

Everybody probably knows the inventory posts for local administrators by Sherry Kissinger, but what if you want to know the compliance of your devices. What if you “just” want to know if a device is compliant to company defaults for the local administrators. This blog post will provide an answer to that question. It will provide a script, including explanation, that can be used for compliance checks. This blog post won’t go into details about creating the Configuration Item and the additional Configuration Baseline. Script The script that will be the core of this Configuration Item consists of three key parts. Basically, it first finds the members of the local administrators group on the device, then verifies these members and in the end it returns …

Read more

What is smsdpusage.exe?

by

This time I’ve got another short post, which could be seen as a sort of follow-up on last weeks post. As this post is also about an executable that is used within a scheduled task. Since ConfigMgr 2012 R2 there is a new built-in report named Distribution point usage summary. This report can be used to view details about how individual distribution points are utilized, including how many unique clients access the distribution point, how many request are processed by the distribution point and how much data is send from the distribution point. To generate content for these reports there is a new executable named smsdpusage.exe. This executable starts the distribution point usage process. When this process starts, it evaluates the IIS logs, of the …

Read more

What is smsdpmon.exe?

by

A short post this time with an even short title. As I was working on documenting the content library and its content validation, one of the things I ran into was smsdpmon.exe. As I was not familiar with this executable, I thought it would be a good idea to write about my findings on it. This executable is used to start the content validation process. The validated content can be anything that is distributed to the distribution point and available in the content library. When the content validation process starts, ConfigMgr verifies the hash of the content files on the specific distribution point with the hash in the database and if the hash is unexpected for the content files on the distribution point, it creates …

Read more

Five key configuration steps for implementing Internet-based clients in ConfigMgr 2012

by

This blog post is about the key configuration steps for implementing Internet-based clients in ConfigMgr 2012. By key configuration steps, I’m talking about the configuration of the web server certificate, IIS, site systems, site system roles and client installations. To understand these steps, knowledge of certificates, IIS and ConfigMgr is required, because it’s not a step-by-step configuration guide. Prerequisites Before going through these steps, there are a few important prerequisites that should be in place: Site systems for Internet-based client management must have connectivity to the Internet and must be in an Active Directory domain. A supporting public key infrastructure (PKI) has to be in place, that can deploy and manage the certificates that the clients require and that are managed on the Internet and …

Read more