anyweb

what does the MSI log file of the application you are installing, tell you about that (very common) error ?

SP1 offers so many new features that it's what i'd recommend, however be aware that the new ADK requirements means you have WinPE4 and that means that hardware older than 3 years may have problems PXE booting... until Johan Arwidmark posts his workaround

just edit the XML files and include (or remove) the os's you want/don't want.

and for those that don't know, the reason your users never saw the HTA popup originally is because task sequences run in System Context, whereas running a package can run in User context.

The Diffuser option is no longer available to be added to the Advanced Encryption Standard (AES) encryption algorithm for Windows 8 so are you trying to select the diffuser option ? the command you've posted above should work ok, have you verified that the reg key exists after deployment ?

is this a build and capture task sequence or a deploy task sequence ? can you post the SMSTS.log and the ccmsetup.log and client.msi.log files please

Introduction One of the user definable sources for updates for Endpoint Protection definition updates is an UNC file share, but how you populate that share can mean success or failure when it comes to deploying definition updates from a UNC file share for System Center 2012 Endpoint Protection using System Center 2012 Configuration Manager SP1. In addition to populating the share correctly, you also need to define your AntiMalware Policy UNC path source correctly otherwise the definition updates will never be found. In this post I’ll explain how you can set this up and how to verify it’s working. Step 1. Create a Share and populate with folders First of all on your chosen server create a folder called SCEP_UNC_DEFS and share it to Domain Users and Domain Computers. Beneath this folder create another folder called Updates with two sub folders for both architectures like so Step 2. Populate the share with definition updates Now that we’ve created our template folder structure we need to populate it with the actual definition updates for the prospective architecture. For x64, download the following files and place them in the X64 folder. Antimalware full definitions (http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0×409&arch=x64) Antimalware delta definitions (http://go.microsoft.com/fwlink/?LinkId=211054) Network-based exploit definitions (http://go.microsoft.com/fwlink/?LinkId=197094) For x86, download the following files and place them in the X86 folder. Antimalware full definitions (http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0×409&arch=x86) Antimalware delta definitions (http://go.microsoft.com/fwlink/?LinkId=211053) Network-based exploit definitions (http://go.microsoft.com/fwlink/?LinkId=197095) Step 3. Create a new Antimalware Policy In the Assets and Compliance workspace, expand Endpoint Protection, select Antimalware Policies, right click and choose Create AntiMalware Policy, give it a name like Custom SCEP UNC DEF policy and select Definition Updates from the available choices (you may of course add more sections but for the purpose of this post this is sufficient). Click on Set Paths and enter the path to the Updates folder which is a sub directory of the SCEP_UNC_DEFS file share, click on Add when done. eg: \\server\scep_unc_defs\updates Next click on Set Source, make sure to select Updates from UNC Shares and use the UP button to bring this to the top choice (if you want it as the first option checked when more than one source is selected). Step 4. Create a collection to target the Antimalware Policy Right click on Devices Collections, and choose create device collection, give it a suitable name like Endpoint Protection UNC_DEFS you can populate it however you want (queries or direct membership) and then move it to somewhere suitable if required. Step 5. Change the Antimalware Policy priority right click on your new antimalware policy and choose Increase Priority, make this the highest priorty you can as SP1 uses Client side merge of AntiMalware policies and we want this source for definition updates to take priority on any computers in this collection. Step 6. Deploy the Antimalware Policy Right click on the AntiMalware Policy and choose Deploy point it to the collection we created above Step 7. Verify the UNC file share is being used Now everything is in place to deploy definition updates via an UNC file share, but we need to prove that don’t we. On a Windows client computer that you’ve added to our collection we created above, run the following Configuration Manager client action, Machine Policy Retrieval & Evaluation Cycle. This will ensure that our client has the latest Antimalware Policies targeted to it including the one we created above, to verify that our policy is indeed targeted to this computer please see this post, you should see something similar to the following in the registry, depending on what Antimalware Policies are applied to this client however we are only interested in our Custom SCEP UNC Def policy and it is indeed listed below. Do not proceed with the verification until your Windows client has our Custom SCEP_UNC_Def policy applied. Once done, open an Administrative command prompt and browse to the following folder C:\Program Files\Microsoft Security Client\ and execute the following command MpcmdRun.exe -SignatureUpdate as per below screenshot. If all went well then you’ll see Signature Update Finished. Open the following log file for final verification C:\Users\Administrator\AppData\Local\Temp\MpCmdRun.Log and you should see search started (UNC Share) along with the following text, Update Completed Successfully. (hr: 0×00000000) You can open the SCEP client, click on the updates tab and review the Definition Update versions for further verification. And there you have it, your SCEP client has updated it’s definition updates from your UNC file share as specified in your Custom Antimalware Policy, and you’ve proven the fact !. Troubleshooting Tip: If you fail to get this to work and see the following error instead, Error: Signature Update failed with hr=80070002 then verify you are pointing at the correct UNC File share directory as listed in my guide above then try again. Summary System Center 2012 Configuration Manager SP1 is a powerful management solution and you can use custom antimalware policies to update Endpoint Protection via multiple or single sources, including using UNC file shares, this ability gives great flexibility and control over how you want those definition updates deployed. If you’d like to automate the download of those definition updates please review the following post. until next time, from Seattle, cheers niall

ok can you clarify the below as the new option comes with SP1.,

do your component logs reveal any problems ?

a. the patch tuesday scenario is already covered in this part b. use SCUP to deploy 3rd party updates

to use this ability both your site server and clients need to be upgraded to Service Pack 1, please see the comment at the bottom of this post here for details

Configuration Manager 2007 does not support the deployment of Windows 8, to do that use MDT 2012 update 1 standalone, or use Configuration Manager 2012 Sp1

<p>totally agree with Peter, while it may work it's not supported and that could also mean that things you don't expect happen..</p>

are you using a hierarchy of CAS plus Primary ? or just a standalone

you can do it whatever way works best for you, i'm only showing you the way I do it, if your method works, then use it (and blog it !), i'm happy to link to it here.

The Microsoft Surface Pro is not for everyone. But after snagging the elusive 128GB Pro and using it daily for over a week -- at home, at the office, and during my two hour daily train commute -- I find that so far it is perfect for me. I wrote why the Surface RT couldn't cut it for me while I was on the road, which drove me to the Surface Pro. While I could have purchased another Windows 8 computer or a MacBook Air (running Windows for my engineering apps), the attraction of the Surface Pro was the extreme portability with the two pound weight and ultra-slim form factor. I used to carry my 4.5 pound work laptop during my daily commute; having the Surface Pro at less than half the weight is great. Engineering applications and use for work In my previous article, people wanted to know what types of applications I needed to run on a Windows computer. Some of the apps I use include GHS (General Hydrostatics), Deadweight, Deltek Vision, Microsoft Project, Rhino, and AutoCAD. I also need full access to the drives on my company's servers and the VPN connectivity of the Surface Pro works perfectly. I was concerned that the screen size of the Surface Pro would limit the usability of these kinds of applications. While the smaller screen is not optimal for design work, it works just fine for when I am out and about. Previously with the Surface RT or iPad, I couldn't even use these applications so the ability to get most of the same experience on the Surface Pro meets my needs. I also have the ability to output to a second larger screen and am setting up an external display to test this out this weekend. read the entire story @ ZDnet > http://www.zdnet.com/surface-pro-my-week-as-engineer-and-train-commuter-7000011369/

If you’re surprised by the revelation that the retail editions of Office 2013 will cost more than their predecessors and come with more severe license restrictions, you haven’t been paying attention. The retail editions of Office 2013 contain fundamental changes that go well beyond simple changes in the license agreement. They fundamentally alter the way we think of desktop software. Microsoft is in the process of a dramatic transition in its core business, one that I first noted last summer. “Services are the cornerstone of Microsoft’s strategy,” I noted at the time. The biggest change of all? You can no longer buy Office, Microsoft’s flagship product, on removable media. You can’t even download offline installer files for the three retail editions of Office: Home and Student, Home and Business, and Professional. If you purchase a single-user copy of Office 2013 from an online reseller (including the Microsoft Store) you get a product key code. If you buy a boxed copy of Office 2013 from a retailer, you get a product key on a card. In either case, you have to go to office.com/setup, where you’ll see this prompt: read the rest at ZDnet > http://www.zdnet.com/big-changes-in-office-2013-and-office-365-test-microsoft-customers-loyalty-7000011389/

and the most likely candidate for the package is the configmgr client upgrade package, simply create another one (package from definition) and all will be good

thanks, it means a lot to read words like these

check your task sequence deployment, and the distribution point options what is it set to (download or access) ?

thanks, always appreciated to hear that, the new one will run by itself on a schedule, you can run now if you want it to run immediately however, and yes you leave it enabled

you posted your question on another topic which wasn't anything to do with RIS, so i've moved your post - this is the RIS section, so browse it and you'll find your answer.

yes, if you want to target one computer with specific settings for that computer only then simply create a collection for that one computer, place the computer in that collection and target that collection with a custom antimalware policy it seems a bit overkill though, why the need ?

use the one from the RC version it should work fine, i will be covering deploying operating systems in Configuration Manager 2012 Service Pack 1 soon however.

are you really using SCCM 2012 rc ? configuration manager 2012 is already released to RTM and to SP1 level