anyweb

your original question was to which I replied no, that said I would recommend you DO extend the schema as it will make everything you do easier and you won't have to supply workarounds like dns entries and so on here are the requirements for Endpoint Protection: http://technet.micro...y/hh508780.aspx and here's some info about why you should extend the schema Determine Whether to Extend the Active Directory Schema for Configuration Manager http://technet.microsoft.com/en-us/library/gg712272.aspx Applies To: System Center 2012 Configuration Manager, System Center 2012 Configuration Manager SP1 When you extend the Active Directory schema for System Center 2012 Configuration Manager, you can publish site information to Active Directory Domain Services. Extending the Active Directory schema is optional for Configuration Manager. However, by extending the schema you can use all Configuration Manager features and functionality with the least amount of administrative overhead. If you decide to extend the Active Directory schema, you can do so before or after you run Configuration Manager Setup. Considerations for Extending the Active Directory Schema for Configuration Manager The Active Directory schema extensions for System Center 2012 Configuration Manager and System Center 2012 Configuration Manager SP1 are unchanged from those used by Configuration Manager 2007. If you extended the schema for Configuration Manager 2007, you do not have to extend the schema again for System Center 2012 Configuration Manager or System Center 2012 Configuration Manager SP1. Similarly, if you extended the schema for System Center 2012 Configuration Manager with no service pack, you do not have to extend the schema again for System Center 2012 Configuration Manager SP1. Extending the Active Directory schema is a forest-wide action and can only be done one time per forest. Extending the schema is an irreversible action and must be done by a user who is a member of the Schema Admins Group or who has been delegated sufficient permissions to modify the schema. If you decide to extend the Active Directory schema, you can extend it before or after setup. Four actions are required to successfully enable Configuration Manager clients to query Active Directory Domain Services to locate site resources: Extend the Active Directory schema. Create the System Management container. Set security permissions on the System Management container. Enable Active Directory publishing for the Configuration Manager site. For information about how to extend the schema, create the System Management container, and configure setting security permissions on the container, see Prepare Active Directory for Configuration Manager in the Prepare the Windows Environment for Configuration Manager topic. For information about how to enable publishing for Configuration Manager sites, see Planning for Publishing of Site Data to Active Directory Domain Services. The following clients and mobile devices that are managed by the Exchange Sever connector do not use Active Directory schema extensions for Configuration Manager: The client for Mac computers The client for Linux and UNIX servers Mobile devices that are enrolled by Configuration Manager Mobile device legacy clients Windows clients that are configured for Internet-only client management Windows clients that are detected by Configuration Manager to be on the Internet The following table identifies Configuration Manager functions that use an Active Directory schema that is extended for Configuration Manager, and if there are workarounds that you can use if you cannot extend the schema. Functionality Active Directory Details Client computer installation and site assignment Optional When a new Configuration Manager Windows client installs, the client can search Active Directory Domain Services for installation properties. If you do not extend the schema, you must use one of the following workarounds to provide configuration details that computers require to install: Use client push installation. Before you use client installation method, make sure that all prerequisites are met. For more information, see the section “Installation Method Dependencies” in Prerequisites for Computer Clients. Install clients manually and provide client installation properties by using CCMSetup installation command-line properties. This must include the following: Specify a management point or source path from which the computer can download the installation files by using the CCMSetup property /mp:=<management point name computer name> or /source:<path to client source files> on the CCMSetup command line during client installation. Specify a list of initial management points for the client to use so that it can assign to the site and then download client policy and site settings. Use the CCMSetup Client.msi property SMSMP to do this. [*]Publish the management point in DNS or WINS and configure clients to use this service location method. Port configuration for client-to-server communication Optional When a client installs, it is configured with port information. If you later change the client-to-server communication port for a site, a client can obtain this new port setting from Active Directory Domain Services. If you do not extend the schema, you must use one of the following workarounds to provide this new port configuration to existing clients: Reinstall clients and configure them to use the new port information. Deploy a script to clients to update the port information. If clients cannot communicate with a site because of the port change, you must deploy this script externally to Configuration Manager. For example, you could use Group Policy. Network Access Protection Required Configuration Manager publishes health state references to Active Directory Domain Services so that the System Health Validator point can validate a client’s statement of health. Content deployment scenarios Optional When you create content at one site and then deploy that content to another site in the hierarchy, the receiving site must be able to verify the signature of the signed content data. This requires access to the public key of the source site where you create this data. When you extend the Active Directory schema for Configuration Manager, a site’s public key is made available to all sites in the hierarchy. If you do not extend the Active Directory schema, you can use the hierarchy maintenance tool, preinst.exe, to exchange the secure key information between sites. For example, if you plan to create content at a primary site and deploy that content to a secondary site below a different primary site, you must either extend the Active Directory schema to enable the secondary site to obtain the source primary sites public key, or use preinst.exe to share keys between the two sites directly. Attributes and Classes Added by the Configuration Manager Schema Extensions Planning for Configuration Manager Sites and Hierarchy

first of all this set of guides is actually for the Release Candidate version, the RTM guides (latest) are the most up to date and most applicable you can find them all here. as regards your current issue, if you followed the guides step by step then you'd have installed Configuration Manager as a user (SMSadmin) and that user will automatically have the permissions needed, did you use that user or did you install the console (and everything else) as domain admin ?

does the primary server computer account have local administrative permissions on the secondary site server ?

no it does not require it, if you are using client push to install the Configuration Manager client then have you verified that you are using an account with local admin priveledges on that computer to install the client ? has the firewall got the appropriate ports open ? what does the ccm.log file on the site server reveal ?

if you look at the 4 reasons listed are any of them true ? have you ruled out all 4 ? secondly what does the ConfigMgrSoftwareCatalog.log listed in the Troubleshooting section of this post tell you about the problem and lastly, if you select the Monitoring workspace in the ConfigMgr Console and select Deployments, select your application deployment listed and choose View Status does it reveal the reason why the application deployment failed on this computer ?

you need to point it to whatever OU's are applicable in your environment so either create those OU's or adapt (change) the string to match your environment

from your screenshot it looks like Synchronize software updates is greyed out, is the SUP role installed on this server and is it a child site of a CAS site ? if you want to trigger a sync then do it at the CAS site and all child sites will sync from that SUP. on a side note, you really need to provide more details about problems when posting questions in future, you shouldn't leave it to others to 'guess' what your problem is.

did you read the readme supplied by Johan and did you configure the VBS file with the requirements it needs ? ' Sample script that displays all objects in the users contatiner Set openDS = GetObject("LDAP:") <- it's failing here for you did you configure these lines ? "LDAP://dc01/cn=users,dc=corp,dc=viamonstra,dc=com", _ "administrator@corp.viamonstra.com", _ "Password01", _

open the HTA using notepad plus plus then you can see what line 71 actually is

well it tells you what is your UILanguage variable set to ? what the error above is telling you is that the group didn't start because Something was not equal to the value you specified.... I don't know how you set yours up so it's hard to tell..

please post that HTA and question in a separate post, this thread is about the windows-noob.com Frontend HTA

did you check to see if the configuration manager client was installed on this computer like it says ?

I'll do a migration tomorrow if i have time and migrate the TS over, once done i'll post it here...

if you have 300 servers to setup then why are you not using MDT 2012 or System Center 2012 Configuration Manager ? there may be some tftpd registry settings that you can configure have you checked..

if you mean to upgrade the os from Windows 7 to Windows 8 then no upgrade is not supported, but you can migrate from Windows 7 to Windows 8 using Configuration Manager 2012 Service Pack 1 with User State Migration Tool for Windows 8 which is included in the Windows ADK

sounds like the systems are processing other policies (windows updates perhaps ?) before getting the fep policy.. does that sound right ?

here you go... http://www.windows-noob.com/forums/index.php?/topic/6451-how-can-i-pre-provision-bitlocker-in-winpe-for-windows-8-deployments-using-configuration-manager-2012-sp1/

good point it's not for every client, it's just for the Configuration Manager servers to replicate data between each other - I've edited the post to clear that up and suggested that you target the GPO to an OU where you've placed your Configuration Manager servers.

are you referring to Wake Up on Lan ? if so are you using any OOB features ?

as it's a build and capture collection it can be empty (no membership rules) you can add computers to that collection using a direct membership rule later or by using computer association. the limiting collection can be All systems or all windows 7 computers, it's up to you.

As I've noted in this blog several times over the past couple years, I have become a devoted Google Chrome user because Internet Explorer 9 on my Windows 7 PC is not up to snuff. Yes, I have tried just about everything imaginable to fix this. I've disabled all add-ons. I've reinstalled the browser. I've called in the big guns from Microsoft, ZDNet and other shops to try to provide help. Nothing made IE9 running on Windows 7 on my UL30A laptop from ASUS run acceptably. In spite of all of Microsoft's benchmarks and claims to the contrary, Chrome starts up, opens sites faster and hangs less than IE9 on my current PC. I am willing to see if IE10 will work any better on my current Windows 7 laptop. So I am downloading the new preview build -- the first Microsoft has released for IE10 for Windows 7 in over a year. Here's the download link for the latest IE10 for Windows 7 test build. There's no word from the IE team as to why they went months and months with no new preview builds for this. (My guess would be the team was busy finalizing IE10 for Windows 8 and Windows RT and there are only so many resources to go around.) In mid-October this year, the team broke its silence and said another test build was on its way. Unlike the other test builds, the new IE10 on Windows 7 preview build is meant for consumers, and not just developers, meaning it includes the new IE10 user interface. It also is optimized for touch first and includes improved security, performance and HTML5/CSS3 standards compliance, according to the Softies. Microsoft is not providing a date as to when it expects to release the final version of IE10 for Windows 7. It's also not known if there will be additional preview builds before the final is out. Company officials say all of this will be determined by customer feedback. Microsoft's IE marketshare on Windows has been either holding roughly steady or dropping, depending on which analysts you believe. Will IE10 on Windows 7 help Redmond grab a few more points? Time will tell.... via Zdnet > http://www.zdnet.com/microsofts-ie10-for-windows-7-worth-another-try-7000007338/

the only role you can install on an X86 server is the Distribution Point role - see http://technet.microsoft.com/en-us/library/gg682077.aspx#BKMK_SiteAndRoleScale

which version of MDT are you testing with ?

Who is Julie Larson-Green? Meet the new head of Windows I don't know the back story here, but here's what I do know: Microsoft President Steven Sinofsky is leaving Microsoft, effective immediately -- just days after launching his babies, Windows 8 and the Microsoft Surface. And the new head of Windows is Julie Larson-Green. As my CNET colleague Jay Greene reported, Microsoft is saying Sinofsky's departure was mutually agreed upon. Sinofsky is leaving to pursue other unspecified interests. In the shake-up, announced on November 12, Microsoft announced that Larson-Green will be promoted to lead all Windows software and hardware engineering. Tami Reller will continue on as chief financial officer and chief marketing officer and will assume responsibility for the business of Windows. Both executives will report directly to Microsoft CEO Steve Ballmer, according to Microsoft's press release. Julie Larson-Green has been Corporate Vice President, Program Management, Windows Client. Larson-Green is no stranger to Windows: She has had between 1,200 and 1,400 program managers, researchers, content managers and other members of the Windows team reporting to her. Last time I got to interview her (March 2010), Larson-Green was in charge of Windows planning. Her colleagues Jon DeVaan and Grant George led Windows development and test, respectively. This core team of three reported directly to Sinofsky. This was a new structure for the Windows team since Windows 7 shipped. Rather than organizing Windows Client around smaller product units, the team operates more like the Microsoft Office team does -- not too surprising, given the leaders of the Windows team all came from Office. Larson-Green applied to Microsoft right after she got her business management degree from Western Washington University, only to be told no. But she did land a job at desktop-publishing-software maker Aldus working on the product support call lines. Microsoft "discovered" Larson-Green after a few Softies attended a talk she gave comparing Microsoft compilers to Borland compilers and asked her to run a Visual C++ focus group for the company. In 1993, she ended up landing a job on the Visual C++ team, where focused on the integrated development environment. She moved to the Internet Explorer team (where she worked on the user experience for IE 3.0 and 4.0) and then, in 1997, to the Office team to work on FrontPage, where she got her first group program manager job. She also did a stint on the SharePoint Team Services team, back when SharePoint was known as "Office.Net." Larson-Green subsequently led user interface design for Office XP, Office 2003 and Office 2007. I cannot pretend I am sad about the passing of the torch. I have been persona non grata with the Windows division for the entire time that Sinofsky ran it. Many long-time Microsoft employees, managers and testers have expressed similar sentiments, mostly in private. Here's hoping to better days, in terms of how the Windows client team interacts with all of its constituents: Its customers, partners and us Microsoft watchers. via ZDnet > http://www.zdnet.com...ows-7000007292/

The company says the decision was mutual. But reported disputes between Sinofsky and Microsoft Chief Executive Steve Ballmer may have strained the relationship. Former Windows President Steven Sinofsky (Credit: Microsoft) Steven Sinofsky, the Microsoft executive who turned its Windows franchise around and just led the effort to release Windows 8, is leaving the company, effective immediately. Sinofsky, a controversial figure at the company, was the subject of a recent CNET profile that explored his polarizing ways. Insiders said he was warring with Microsoft Chief Executive Steve Ballmer. The company said the decision behind Sinofsky's departure was mutual, thought the abruptness of the announcement might suggest otherwise. "I am grateful for the many years of work that Steven has contributed to the company," Ballmer said. Steven Sinofsky talks up Microsoft's Surface tablet at the company's unveiling event in New York. (Credit: Seth Rosenblatt/CNET) Sinofsky was equally gracious in his comments. "It is impossible to count the blessings I have received over my years at Microsoft. I am humbled by the professionalism and generosity of everyone I have had the good fortune to work with at this awesome company," Sinofsky said in a statement. Microsoft promoted Sinofsky's longtime lieutenant, Julie Larson-Green, to lead all Windows software and hardware engineering. Tami Reller, the chief financial officer and chief marketing officer in the Windows group, will take over responsibility for the business of Windows. Both executives will report directly to Ballmer. Some Microsoft watchers had pegged Sinofsky as a CEO-in-waiting, but he developed a reputation for being divisive and not working well with executives in other divisions. "Steven is a rare talent," a Microsoft executive told CNET in last month's profile of him. But "as you think about future leadership, collaboration will be critical in a way it has never has before." Sinofsky joined Microsoft in July 1989 as a software design engineer, fresh from earning a master's degree in computer science from the University of Massachusetts, Amherst. Within three years, he was elevated to technical assistant for Microsoft co-founder Bill Gates, a top job for an aspiring young Microsoftie. In 1999, he became senior vice president of Office, responsible for leading the effort to release productivity software suite. His success with shipping a quality version of Office regularly and on time, led Microsoft's brass to tap him to run the Windows division. In 2006, Sinofsky became senior vice president of the Windows and Windows Live group. Three years later, Sinofsky was promoted to president of the Windows division. He helped restore Windows from the debacle that was Windows Vista, a widely panned and dramatically late version of the company's flagship product. Windows 7 was his first effort, a solid product that cleaned up much of the mess that Vista left behind. Windows 8 debuted last month. While it's too early to tell how well it's doing, the product has won kudos and raised some concern for its bold user interface design, a striking departure from previous versions. With Sinofsky out the door, the list of possible successors to Ballmer shrinks by one. Internally, some have speculated that Kevin Turner, the voluble chief operating officer, might be next in line. But Turner, who joined Microsoft from Wal-Mart Stores, doesn't have the technical chops that might be a requirement for the post. Potential outside candidates could include Netflix Chief Executive Reed Hastings, who said last month that he wouldn't stand for re-election to Microsoft's board in order to focus on Netflix. But some have speculated that Microsoft might be interested in buying the video service, which could put him in position to succeed Ballmer. via Cnet > http://news.cnet.com/8301-10805_3-57548751-75/controversial-windows-boss-steven-sinofsky-leaves-microsoft/